feat: implemente auto updater

Author: Leoglme

.github/workflows/desktop-release.yml

@@ -64,6 +64,45 @@ jobs:
       - name: Install frontend dependencies
         run: npm ci
 
+      # Version unique par run CI (semver patch = run_number) pour futur updater / traçabilité des builds.
+      - name: Set desktop version for this release
+        shell: bash
+        working-directory: web
+        env:
+          RELEASE_VERSION: 0.1.${{ github.run_number }}
+        run: |
+          python3 << 'PY'
+          import json, os, re
+          version = os.environ["RELEASE_VERSION"]
+          os.chdir("src-tauri")
+          with open("Cargo.toml", encoding="utf-8") as f:
+              lines = f.read().splitlines(keepends=True)
+          in_package = False
+          out = []
+          for line in lines:
+              s = line.strip()
+              if s == "[package]":
+                  in_package = True
+              elif s.startswith("[") and s != "[package]":
+                  in_package = False
+              if in_package and re.match(r"^version\s*=\s*", line):
+                  line = f'version = "{version}"\n'
+              out.append(line)
+          with open("Cargo.toml", "w", encoding="utf-8") as f:
+              f.writelines(out)
+          with open("tauri.conf.json", encoding="utf-8") as f:
+              conf = json.load(f)
+          conf["version"] = version
+          with open("tauri.conf.json", "w", encoding="utf-8") as f:
+              json.dump(conf, f, indent=2, ensure_ascii=False)
+              f.write("\n")
+          print(f"Desktop version set to {version}")
+          PY
+
+      - name: Sync Cargo.lock for new desktop version
+        working-directory: web/src-tauri
+        run: cargo update -p goupixdex-desktop
+
       - name: Build and publish desktop artifacts
         uses: tauri-apps/tauri-action@v0
         env:
@@ -78,6 +117,8 @@ jobs:
             Build **production** Windows / macOS (Rust `--release`, pas de console cmd au lancement sur Windows).
 
             Installeurs : voir les assets ci-dessous (.exe, .msi, .dmg).
+
+            **Version appli :** `0.1.${{ github.run_number }}` (semver patch = numéro de run GitHub Actions, unique à chaque build sur `main`).
           releaseDraft: false
           prerelease: false
           args: ${{ matrix.args }}

api/desktop_vinted_server.py

@@ -0,0 +1,206 @@
+"""
+Worker HTTP local (127.0.0.1) : publication Vinted / nodriver sur le PC utilisateur.
+
+Les métadonnées et le JWT sont lus sur l’API distante ; Chrome et nodriver tournent ici.
+
+Lancer depuis le dossier ``api/`` (venv activé) ::
+
+    python desktop_vinted_server.py
+
+Variables utiles : ``GOUPIX_VINTED_LOCAL_PORT`` (défaut 18766), ``GOUPIX_REMOTE_API`` (URL API si
+le client n’envoie pas ``X-Goupix-Remote-Api``).
+"""
+
+from __future__ import annotations
+
+import asyncio
+import json
+import logging
+import os
+import sys
+import uuid
+from typing import Annotated
+
+import httpx
+import uvicorn
+from fastapi import APIRouter, Depends, FastAPI, Header, HTTPException, Query, status
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import StreamingResponse
+
+from core.deps import get_bearer_or_query_token
+from core.win32_asyncio import ensure_proactor_event_loop
+from schemas.articles import VintedBatchStartBody
+from services import vinted_batch_progress as vinted_batch_hub
+from services import vinted_progress as vinted_progress_hub
+from services.desktop_vinted_runner import run_desktop_vinted_batch_job, run_desktop_vinted_publish_job
+
+ensure_proactor_event_loop()
+
+logging.basicConfig(level=logging.INFO, format="%(levelname)s %(name)s %(message)s")
+logger = logging.getLogger("goupixdex.vinted_local")
+
+try:
+    from dotenv import load_dotenv
+
+    load_dotenv()
+except ImportError:
+    pass
+
+
+def get_remote_base_flexible(
+    x_goupix_remote_api: Annotated[str | None, Header(alias="X-Goupix-Remote-Api")] = None,
+    remote_api: Annotated[str | None, Query(description="URL API (SSE / EventSource)")] = None,
+) -> str:
+    for cand in (x_goupix_remote_api, remote_api, os.environ.get("GOUPIX_REMOTE_API", "")):
+        if cand and str(cand).strip():
+            return str(cand).strip().rstrip("/")
+    raise HTTPException(
+        status_code=status.HTTP_400_BAD_REQUEST,
+        detail=(
+            "URL API distante requise (header X-Goupix-Remote-Api, query remote_api ou GOUPIX_REMOTE_API)."
+        ),
+    )
+
+
+async def get_user_id_introspected(
+    raw_token: Annotated[str, Depends(get_bearer_or_query_token)],
+    remote: Annotated[str, Depends(get_remote_base_flexible)],
+) -> int:
+    """Valide le JWT via l’API distante (pas besoin du secret JWT en local)."""
+    async with httpx.AsyncClient(timeout=30.0) as client:
+        r = await client.get(
+            f"{remote}/users/me",
+            headers={"Authorization": f"Bearer {raw_token}", "Accept": "application/json"},
+        )
+    if r.status_code == status.HTTP_401_UNAUTHORIZED:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")
+    if not r.is_success:
+        raise HTTPException(
+            status_code=status.HTTP_502_BAD_GATEWAY,
+            detail="Impossible de joindre l’API distante pour valider la session.",
+        )
+    return int(r.json()["id"])
+
+
+router = APIRouter(prefix="/articles", tags=["articles-vinted-local"])
+
+
+@router.post("/{article_id}/publish-vinted")
+async def publish_vinted_for_article(
+    article_id: int,
+    user_id: Annotated[int, Depends(get_user_id_introspected)],
+    raw_token: Annotated[str, Depends(get_bearer_or_query_token)],
+    remote: Annotated[str, Depends(get_remote_base_flexible)],
+) -> dict[str, object]:
+    vinted_progress_hub.register(article_id)
+    asyncio.create_task(run_desktop_vinted_publish_job(article_id, user_id, raw_token, remote))
+    return {
+        "vinted": {
+            "status": "running",
+            "stream_path": f"/articles/{article_id}/vinted-progress",
+        },
+    }
+
+
+@router.get("/{article_id}/vinted-progress")
+async def vinted_progress_stream(
+    article_id: int,
+    _: Annotated[int, Depends(get_user_id_introspected)],
+) -> StreamingResponse:
+    async def generate():
+        async for ev in vinted_progress_hub.event_stream(article_id):
+            yield f"data: {json.dumps(ev, default=str)}\n\n"
+
+    return StreamingResponse(
+        generate(),
+        media_type="text/event-stream",
+        headers={
+            "Cache-Control": "no-cache",
+            "Connection": "keep-alive",
+            "X-Accel-Buffering": "no",
+        },
+    )
+
+
+@router.get("/vinted-batch/active")
+async def vinted_batch_active(
+    user_id: Annotated[int, Depends(get_user_id_introspected)],
+) -> dict[str, object]:
+    jid = vinted_batch_hub.get_active_job_id(user_id)
+    return {
+        "job_id": jid,
+        "stream_path": f"/articles/vinted-batch/{jid}/stream" if jid else None,
+    }
+
+
+@router.get("/vinted-batch/{job_id}/stream")
+async def vinted_batch_stream(
+    job_id: str,
+    user_id: Annotated[int, Depends(get_user_id_introspected)],
+) -> StreamingResponse:
+    owner = vinted_batch_hub.get_job_user_id(job_id)
+    if owner is None:
+        raise HTTPException(status_code=404, detail="Job introuvable ou expiré.")
+    if owner != user_id:
+        raise HTTPException(status_code=403, detail="Accès refusé à ce job.")
+
+    async def generate():
+        async for ev in vinted_batch_hub.event_stream(job_id):
+            yield f"data: {json.dumps(ev, default=str)}\n\n"
+
+    return StreamingResponse(
+        generate(),
+        media_type="text/event-stream",
+        headers={
+            "Cache-Control": "no-cache",
+            "Connection": "keep-alive",
+            "X-Accel-Buffering": "no",
+        },
+    )
+
+
+@router.post("/vinted-batch", status_code=status.HTTP_202_ACCEPTED)
+async def start_vinted_batch(
+    body: VintedBatchStartBody,
+    user_id: Annotated[int, Depends(get_user_id_introspected)],
+    raw_token: Annotated[str, Depends(get_bearer_or_query_token)],
+    remote: Annotated[str, Depends(get_remote_base_flexible)],
+) -> dict[str, object]:
+    unique_ids = list(dict.fromkeys(body.article_ids))
+    job_id = str(uuid.uuid4())
+    if not vinted_batch_hub.try_register_job(job_id, user_id):
+        raise HTTPException(
+            status_code=409,
+            detail="Une publication Vinted groupée est déjà en cours pour ce compte.",
+        )
+    asyncio.create_task(
+        run_desktop_vinted_batch_job(job_id, user_id, unique_ids, raw_token, remote),
+    )
+    return {
+        "job_id": job_id,
+        "stream_path": f"/articles/vinted-batch/{job_id}/stream",
+    }
+
+
+app = FastAPI(title="GoupixDex Vinted local", version="1.0.0")
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+app.include_router(router)
+
+
+@app.get("/health")
+def health() -> dict[str, str]:
+    return {"status": "ok", "service": "goupixdex-vinted-local"}
+
+
+if __name__ == "__main__":
+    from core.nodriver_uvicorn_loop import UVICORN_WINDOWS_NODRIVER_LOOP
+
+    port = int(os.environ.get("GOUPIX_VINTED_LOCAL_PORT", "18766"))
+    loop = UVICORN_WINDOWS_NODRIVER_LOOP if sys.platform == "win32" else "auto"
+    uvicorn.run(app, host="127.0.0.1", port=port, loop=loop, log_level="info")

api/routes/articles.py

@@ -8,7 +8,7 @@
 from decimal import Decimal
 from typing import Annotated, Any
 
-from fastapi import APIRouter, BackgroundTasks, Depends, File, Form, HTTPException, UploadFile, status
+from fastapi import APIRouter, BackgroundTasks, Depends, File, Form, HTTPException, Request, UploadFile, status
 from fastapi.responses import StreamingResponse
 from sqlalchemy.orm import Session
 
@@ -227,8 +227,25 @@ def publish_vinted_for_article(
     }
 
 
+@router.post("/{article_id}/confirm-vinted-publish", status_code=status.HTTP_200_OK)
+def confirm_vinted_publish(
+    article_id: int,
+    db: Annotated[Session, Depends(get_db)],
+    user: Annotated[User, Depends(get_current_user)],
+) -> dict[str, bool]:
+    """
+    Marque l'article comme publié sur Vinted après succès du worker desktop local.
+    """
+    article = article_service.get_article(db, article_id, user.id)
+    if article is None:
+        raise HTTPException(status_code=404, detail="Article not found")
+    article_service.mark_article_published_on_vinted(article_id, user.id)
+    return {"ok": True}
+
+
 @router.post("", status_code=status.HTTP_201_CREATED)
 async def create_article(
+    request: Request,
     background_tasks: BackgroundTasks,
     db: Annotated[Session, Depends(get_db)],
     user: Annotated[User, Depends(get_current_user)],
@@ -283,15 +300,23 @@ async def create_article(
     db.commit()
     db.refresh(article)
 
-    if _form_bool(publish_to_vinted):
+    vinted_local_desktop = request.headers.get("x-goupix-vinted-target", "").strip().lower() == "local"
+
+    if _form_bool(publish_to_vinted) and vinted_local_desktop:
+        vinted_result = {
+            "status": "pending",
+            "stream_path": f"/articles/{article.id}/vinted-progress",
+            "desktop_local": True,
+        }
+    elif _form_bool(publish_to_vinted):
         vinted_progress_hub.register(article.id)
         background_tasks.add_task(
             run_vinted_publish_job,
             article.id,
             user.id,
             stored_sources,
         )
-        vinted_result: dict[str, Any] = {
+        vinted_result = {
             "status": "running",
             "stream_path": f"/articles/{article.id}/vinted-progress",
         }

api/routes/users.py

@@ -10,7 +10,8 @@
 from core.database import get_db
 from core.deps import get_current_user
 from models.user import User
-from schemas.users import UserCreate, UserResponse, UserUpdate
+from core.security import decrypt_vinted_credential
+from schemas.users import UserCreate, UserResponse, UserUpdate, VintedDecryptedResponse
 from services import auth_service
 
 router = APIRouter(prefix="/users", tags=["users"])
@@ -58,6 +59,16 @@ def me(current: Annotated[User, Depends(get_current_user)]) -> UserResponse:
     return _serialize(current)
 
 
+@router.get("/me/vinted-decrypted", response_model=VintedDecryptedResponse)
+def me_vinted_decrypted(current: Annotated[User, Depends(get_current_user)]) -> VintedDecryptedResponse:
+    """Expose les identifiants Vinted en clair pour le worker Python local (app desktop)."""
+    plain = decrypt_vinted_credential(current.vinted_password)
+    return VintedDecryptedResponse(
+        vinted_email=current.vinted_email,
+        vinted_password=plain,
+    )
+
+
 @router.put("/{user_id}", response_model=UserResponse)
 def update_user(
     user_id: int,

api/schemas/users.py

@@ -22,3 +22,12 @@ class UserResponse(BaseModel):
     created_at: str
 
     model_config = {"from_attributes": False}
+
+
+class VintedDecryptedResponse(BaseModel):
+    """
+    Mot de passe Vinted en clair — réservé au worker desktop local (HTTPS + JWT).
+    """
+
+    vinted_email: str | None
+    vinted_password: str | None

api/services/desktop_stubs.py

@@ -0,0 +1,35 @@
+"""Objets Article / User non persistés pour réutiliser la logique Vinted sans DB locale."""
+
+from __future__ import annotations
+
+from decimal import Decimal
+from typing import Any
+
+from models.article import Article
+from models.user import User
+
+
+def article_from_api_dict(d: dict[str, Any]) -> Article:
+    a = Article()
+    a.id = d["id"]
+    a.user_id = d["user_id"]
+    a.title = d["title"]
+    a.description = d["description"]
+    a.pokemon_name = d.get("pokemon_name")
+    a.set_code = d.get("set_code")
+    a.card_number = d.get("card_number")
+    a.condition = d.get("condition") or "Near Mint"
+    a.purchase_price = Decimal(str(d["purchase_price"]))
+    sp = d.get("sell_price")
+    a.sell_price = Decimal(str(sp)) if sp is not None else None
+    a.is_sold = bool(d.get("is_sold", False))
+    return a
+
+
+def user_stub(user_id: int, email: str, vinted_email: str | None) -> User:
+    u = User()
+    u.id = user_id
+    u.email = email
+    u.vinted_email = vinted_email
+    u.vinted_password = None
+    return u