Add user submission management API endpoints

Mark Saroufim · Mark Saroufim · commit d6ec7e109ee7 · 2026-02-01T13:31:49.000-08:00
- Add get_user_submissions() DB method to query user's submissions
- Add GET /user/submissions endpoint to list user's submissions
- Add GET /user/submissions/{id} endpoint to view submission with code
- Add DELETE /user/submissions/{id} endpoint to delete own submissions
- All endpoints verify ownership before allowing access
diff --git a/src/kernelbot/api/main.py b/src/kernelbot/api/main.py
@@ -711,3 +711,123 @@ async def get_submission_count(
             return {"count": count}
     except Exception as e:
         raise HTTPException(status_code=500, detail=f"Error fetching submission count: {e}") from e
+
+
+@app.get("/user/submissions")
+async def get_user_submissions(
+    user_info: Annotated[dict, Depends(validate_user_header)],
+    leaderboard: Optional[str] = None,
+    limit: int = 50,
+    offset: int = 0,
+    db_context=Depends(get_db),
+) -> list[dict]:
+    """Get the authenticated user's submissions.
+
+    Args:
+        leaderboard: Optional filter by leaderboard name
+        limit: Maximum number of submissions to return (default 50)
+        offset: Offset for pagination
+
+    Returns:
+        List of user's submissions with summary info
+    """
+    await simple_rate_limit()
+    try:
+        with db_context as db:
+            return db.get_user_submissions(
+                user_id=user_info["user_id"],
+                leaderboard_name=leaderboard,
+                limit=limit,
+                offset=offset,
+            )
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error fetching user submissions: {e}") from e
+
+
+@app.get("/user/submissions/{submission_id}")
+async def get_user_submission(
+    submission_id: int,
+    user_info: Annotated[dict, Depends(validate_user_header)],
+    db_context=Depends(get_db),
+) -> dict:
+    """Get a specific submission by ID. Only the owner can view their submission.
+
+    Args:
+        submission_id: The submission ID to retrieve
+
+    Returns:
+        Full submission details including code
+    """
+    await simple_rate_limit()
+    try:
+        with db_context as db:
+            submission = db.get_submission_by_id(submission_id)
+
+            if submission is None:
+                raise HTTPException(status_code=404, detail="Submission not found")
+
+            # Verify ownership
+            if str(submission.user_id) != str(user_info["user_id"]):
+                raise HTTPException(status_code=403, detail="Not authorized to view this submission")
+
+            return {
+                "id": submission.submission_id,
+                "leaderboard_id": submission.leaderboard_id,
+                "leaderboard_name": submission.leaderboard_name,
+                "file_name": submission.file_name,
+                "user_id": submission.user_id,
+                "submission_time": submission.submission_time,
+                "done": submission.done,
+                "code": submission.code,
+                "runs": [
+                    {
+                        "start_time": r.start_time,
+                        "end_time": r.end_time,
+                        "mode": r.mode,
+                        "secret": r.secret,
+                        "runner": r.runner,
+                        "score": r.score,
+                        "passed": r.passed,
+                    }
+                    for r in submission.runs
+                ],
+            }
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error fetching submission: {e}") from e
+
+
+@app.delete("/user/submissions/{submission_id}")
+async def delete_user_submission(
+    submission_id: int,
+    user_info: Annotated[dict, Depends(validate_user_header)],
+    db_context=Depends(get_db),
+) -> dict:
+    """Delete a submission by ID. Only the owner can delete their submission.
+
+    Args:
+        submission_id: The submission ID to delete
+
+    Returns:
+        Success message
+    """
+    await simple_rate_limit()
+    try:
+        with db_context as db:
+            submission = db.get_submission_by_id(submission_id)
+
+            if submission is None:
+                raise HTTPException(status_code=404, detail="Submission not found")
+
+            # Verify ownership
+            if str(submission.user_id) != str(user_info["user_id"]):
+                raise HTTPException(status_code=403, detail="Not authorized to delete this submission")
+
+            db.delete_submission(submission_id)
+
+            return {"message": f"Submission {submission_id} deleted successfully"}
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error deleting submission: {e}") from e
diff --git a/src/libkernelbot/leaderboard_db.py b/src/libkernelbot/leaderboard_db.py
@@ -848,6 +848,82 @@ def delete_submission(self, submission_id: int):
             logger.exception("Could not delete submission %s.", submission_id, exc_info=e)
             raise KernelBotError(f"Could not delete submission {submission_id}!") from e
 
+    def get_user_submissions(
+        self,
+        user_id: str,
+        leaderboard_name: Optional[str] = None,
+        limit: int = 50,
+        offset: int = 0,
+    ) -> list[dict]:
+        """
+        Get submissions for a specific user.
+
+        Args:
+            user_id: The user's ID
+            leaderboard_name: Optional filter by leaderboard name
+            limit: Maximum number of submissions to return
+            offset: Offset for pagination
+
+        Returns:
+            List of submission dictionaries with summary info
+        """
+        try:
+            if leaderboard_name:
+                query = """
+                    SELECT
+                        s.id,
+                        lb.name as leaderboard_name,
+                        s.file_name,
+                        s.submission_time,
+                        s.done,
+                        r.runner as gpu_type,
+                        r.score
+                    FROM leaderboard.submission s
+                    JOIN leaderboard.leaderboard lb ON s.leaderboard_id = lb.id
+                    LEFT JOIN leaderboard.runs r ON r.submission_id = s.id
+                        AND NOT r.secret AND r.passed
+                    WHERE s.user_id = %s AND lb.name = %s
+                    ORDER BY s.submission_time DESC
+                    LIMIT %s OFFSET %s
+                """
+                self.cursor.execute(query, (user_id, leaderboard_name, limit, offset))
+            else:
+                query = """
+                    SELECT
+                        s.id,
+                        lb.name as leaderboard_name,
+                        s.file_name,
+                        s.submission_time,
+                        s.done,
+                        r.runner as gpu_type,
+                        r.score
+                    FROM leaderboard.submission s
+                    JOIN leaderboard.leaderboard lb ON s.leaderboard_id = lb.id
+                    LEFT JOIN leaderboard.runs r ON r.submission_id = s.id
+                        AND NOT r.secret AND r.passed
+                    WHERE s.user_id = %s
+                    ORDER BY s.submission_time DESC
+                    LIMIT %s OFFSET %s
+                """
+                self.cursor.execute(query, (user_id, limit, offset))
+
+            results = []
+            for row in self.cursor.fetchall():
+                results.append({
+                    "id": row[0],
+                    "leaderboard_name": row[1],
+                    "file_name": row[2],
+                    "submission_time": row[3],
+                    "done": row[4],
+                    "gpu_type": row[5],
+                    "score": row[6],
+                })
+            return results
+        except psycopg2.Error as e:
+            self.connection.rollback()
+            logger.exception("Error fetching user submissions for user %s", user_id, exc_info=e)
+            raise KernelBotError("Error fetching user submissions") from e
+
     def get_submission_by_id(self, submission_id: int) -> Optional["SubmissionItem"]:
         query = """
                 SELECT s.leaderboard_id, lb.name, s.file_name, s.user_id,
