[Updated Feature] > Updated every file_route, user_route, so that guest users can login and only upload 5 videos, 1 image per IP

backend/app/ai/video/aggregator.py

@@ -5,7 +5,7 @@ logger = logging.getLogger(__name__)
 
 WEIGHTS = {
     "frames": 0.40,
-     "motion": 0.20,
+    "motion": 0.20,
     "noise": 0.15,
     "diffusion": 0.15,
     "metadata": 0.10

backend/app/api/file_routes.py

@@ -1,15 +1,17 @@
-from fastapi import APIRouter, Depends, UploadFile, File as FastAPIFile, Request, Header
+from fastapi import APIRouter, Depends, UploadFile, File as FastAPIFile, Request, Header, HTTPException
 from sqlalchemy.orm import Session
 from app.db.session import get_db
-from app.core.auth_dependancy import get_current_user
+from app.core.auth_dependancy import get_current_user, get_optional_user
 from app.services.file_service import upload_file_service
 from app.services.file_query_service import get_user_files
 from app.services.file_detail_service import get_file_detail
 from app.services.file_delete_service import delete_file_service
 from app.models.user_model import User
-from app.worker.tasks import process_file_task
+from app.worker.tasks import process_file_task, delete_guest_file_task
 from app.core.limiter import limiter
 from app.security.turnstile import verify_turnstile_token
+from datetime import datetime, UTC
+from app.models.file_model import File
 
 router = APIRouter(prefix="/files", tags=["files"])
 
@@ -51,11 +53,20 @@ def list_user_files(
 @router.get("/{file_id}")
 def get_file(
     file_id: int,
+    request: Request,
     db: Session = Depends(get_db),
-    current_user: User = Depends(get_current_user)
+    current_user: User = Depends(get_optional_user)
 ):
-    file = get_file_detail(db, file_id, current_user.id)
-    
+    file = db.query(File).filter(File.id == file_id).first()
+    if not file:
+        raise HTTPException(status_code=404, detail="File not found")
+
+    if file.owner_id is not None:
+        if not current_user or current_user.id != file.owner_id:
+            raise HTTPException(status_code=403, detail="Not authorized")
+    else:
+        if request.client.host != file.ip_address:
+            raise HTTPException(status_code=403, detail="Not authorized for this guest file")    
     return format_file_response(file)
 
 @router.post("/upload")
@@ -65,18 +76,43 @@ async def upload_file(
     file: UploadFile = FastAPIFile(...),
     cf_turnstile_response: str = Header(None, alias="cf-turnstile-response"),
     db: Session = Depends(get_db),
-    current_user: User = Depends(get_current_user)
+    current_user: User = Depends(get_optional_user)
 ):
     client_ip = request.client.host
     await verify_turnstile_token(cf_turnstile_response, client_ip)
 
+    if not current_user:
+        today = datetime.now(UTC).date()
+        today_start = datetime(today.year, today.month, today.day, tzinfo=UTC)
+
+        guest_files = db.query(File).filter(
+            File.ip_address == client_ip,
+            File.owner_id == None,
+            File.created_at >= today_start
+        ).all()
+
+        videos_count = sum(1 for f in guest_files if f.filetype.startswith("video/"))
+        images_count = sum(1 for f in guest_files if f.filetype.startswith("image/"))
+        is_video = file.content_type.startswith("video/")
+
+        if is_video and videos_count >= 1:
+            raise HTTPException(status_code=429, detail="Guest limit reached: 1 Video per day. Please login.")
+        elif not is_video and images_count >= 5:
+            raise HTTPException(status_code=429, detail="Guest limit reached: 5 Images per day. Please login.")
+
+    user_id = current_user.id if current_user else None    
+
     saved_file = upload_file_service(
         db=db,
         file=file,
-        user_id=current_user.id
+        user_id=user_id,
+        ip_address=client_ip
     )
     
     process_file_task.delay(saved_file.id)
+
+    if not current_user:
+        delete_guest_file_task.apply_async((saved_file.id,), countdown=900)
     
     return {
         "message": "File uploaded. Processing started",

backend/app/core/auth_dependancy.py

@@ -5,8 +5,10 @@ from app.core.config import settings
 from sqlalchemy.orm import Session
 from app.db.session import get_db
 from app.models.user_model import User
+from typing import Optional
 
 security = HTTPBearer()
+optional_security = HTTPBearer(auto_error=False)
 
 def get_current_user(
     credentials: HTTPAuthorizationCredentials = Depends(security),
@@ -29,4 +31,22 @@ def get_current_user(
     if user is None:
         raise HTTPException(status_code=401, detail="User not found")
 
-    return user
+    return user
+
+def get_optional_user(
+    credentials:
+        Optional[HTTPAuthorizationCredentials] = Depends(optional_security),
+    db: Session = Depends(get_db)
+):
+    if not credentials:
+        return None
+    
+    token = credentials.credentials
+    try:
+        payload = jwt.decode(token, settings.JWT_SECRET, algorithms=["HS256"])
+        user_id = payload.get("user_id")
+        if not user_id:
+            return None
+        return db.query(User).filter(User.id == user_id).first()
+    except JWTError:
+        return None

backend/app/models/file_model.py

@@ -12,6 +12,7 @@ class File(Base):
     filesize = Column(Integer, nullable=False)
     heatmap_path = Column(String, nullable=True)
     timeline_data = Column(String, nullable=True)
+    ip_address = Column(String, nullable=True)
     
     owner_id = Column(Integer, ForeignKey("users.id"))
     created_at = Column(DateTime, default=datetime.now(UTC))

backend/app/services/file_service.py

@@ -3,7 +3,7 @@ from fastapi import UploadFile
 from app.models.file_model import File
 from app.utils.file_handler import ( validate_file, generate_unique_filename, save_file )
 
-def upload_file_service(db: Session, file: UploadFile, user_id: int):
+def upload_file_service(db: Session, file: UploadFile, user_id: int = None, ip_address: str = None):
     size = validate_file(file)  
     safe_name = generate_unique_filename(file.filename)
     path = save_file(file, safe_name)
@@ -13,7 +13,8 @@ def upload_file_service(db: Session, file: UploadFile, user_id: int):
         filepath=path,
         filetype=file.content_type,
         filesize=size,
-        owner_id=user_id
+        owner_id=user_id,
+        ip_address=ip_address
     )
     
     db.add(file_record)

backend/app/worker/tasks.py

@@ -1,5 +1,6 @@
 import logging
 import socket
+import os
 from datetime import datetime, UTC
 from celery.exceptions import SoftTimeLimitExceeded
 from app.worker.celery_app import celery_app
@@ -20,6 +21,7 @@ logger = logging.getLogger(__name__)
     acks_late=True,
     reject_on_worker_lost=True
 )
+
 def process_file_task(self, file_id: int):
     worker_id = socket.gethostname()
     logger.info(f"Starting Celery worker process for file_id: {file_id}")
@@ -81,3 +83,24 @@ def process_file_task(self, file_id: int):
         
     finally:
         db.close()
+
+@celery_app.task
+def delete_guest_file_task(file_id: int):
+    db = SessionLocal()
+    try:
+        from app.models.file_model import File
+        db_file = db.query(File).filter(File.id == file_id).first()
+        if db_file:
+            if os.path.exists(db_file.filepath):
+                os.remove(db_file.filepath)
+            if db_file.heatmap_path and os.path.exists(db_file.heatmap_path):
+                os.remove(db_file.heatmap_path)
+
+            db.delete(db_file)
+            db.commit()
+            logger.info(f"Guest file {file_id} wiped from servers after 15 minutes.")
+        
+    except Exception as e:
+        logger.error(f"Failed to auto-delete guest file {file_id}: {e}")
+    finally:
+        db.close()