Spaces:
Sleeping
Sleeping
| title: Nutrition Analysis API | |
| emoji: π₯ | |
| colorFrom: green | |
| colorTo: blue | |
| sdk: docker | |
| sdk_version: "4.44.0" | |
| app_file: main.py | |
| pinned: false | |
| # Nutrition Analysis API | |
| ## Overview | |
| A Python FastAPI backend system that provides comprehensive nutritional analysis and health recommendations. The system manages user authentication with role-based access (admin and normal users), product database management, health issue tracking, and AI-powered nutritional analysis using OCR and Google's Gemini API. | |
| ## Features | |
| ### Authentication & User Management | |
| - **Role-Based Access Control**: Admin and normal user roles | |
| - **JWT Token Authentication**: Secure authentication using JSON Web Tokens | |
| - **User Registration & Login**: Email and username-based registration | |
| - **Password Security**: Bcrypt password hashing | |
| ### Admin Capabilities | |
| - Add products with complete nutrition facts to the database | |
| - List all products in the system | |
| - Delete products from the database | |
| ### User Features | |
| - Manage personal health profile | |
| - Add/track health issues (diabetes, hypertension, cholesterol, etc.) | |
| - View and manage health issue records | |
| - Upload nutrition label images for analysis | |
| ### AI-Powered Nutrition Analysis | |
| - **OCR Processing**: Extract nutrition facts from images using Tesseract OCR | |
| - **Gemini AI Integration**: Analyze nutrition data with Google's Gemini API | |
| - **Health Rating**: Products rated on a 1-10 scale based on nutritional value | |
| - **Personalized Recommendations**: Health-specific advice based on user's tracked health issues | |
| - **Alternative Suggestions**: Healthier product alternatives from the admin database | |
| ## Project Structure | |
| ``` | |
| . | |
| βββ app/ | |
| β βββ __init__.py | |
| β βββ database.py # SQLite database configuration | |
| β βββ models.py # SQLAlchemy ORM models | |
| β βββ schemas.py # Pydantic validation schemas | |
| β βββ auth.py # JWT authentication utilities | |
| β βββ routes/ | |
| β βββ __init__.py | |
| β βββ admin.py # Admin endpoints | |
| β βββ user.py # User auth and health management | |
| β βββ nutrition.py # OCR and AI analysis endpoints | |
| βββ main.py # FastAPI application entry point | |
| βββ nutrition_app.db # SQLite database (auto-generated) | |
| βββ pyproject.toml # Python dependencies | |
| ``` | |
| ## Database Schema | |
| ### Users Table | |
| - id, username, email, hashed_password, role (admin/user) | |
| ### Products Table | |
| - id, name, brand, calories, protein, fat, carbohydrates, sodium, sugar, fiber, cholesterol, serving_size | |
| ### Health Issues Table | |
| - id, user_id (FK), issue_type, severity, notes | |
| ## API Endpoints | |
| ### Authentication | |
| - `POST /auth/register` - Register new user | |
| - `POST /auth/login` - Login and get JWT token | |
| - `GET /user/me` - Get current user info | |
| ### User Health Management | |
| - `POST /user/health-issues` - Add health issue | |
| - `GET /user/health-issues` - List user's health issues | |
| - `DELETE /user/health-issues/{id}` - Delete health issue | |
| ### Admin Product Management | |
| - `POST /admin/products` - Add new product (admin only) | |
| - `GET /admin/products` - List all products (admin only) | |
| - `DELETE /admin/products/{id}` - Delete product (admin only) | |
| - `POST /admin/users/{user_id}/promote` - Promote user to admin role (admin only) | |
| ### Nutrition Analysis | |
| - `POST /nutrition/analyze` - Upload image for nutrition analysis | |
| ## Environment Variables | |
| - `SESSION_SECRET` - JWT secret key (auto-configured by) | |
| - `GEMINI_API_KEY` - Google Gemini API key (required for AI analysis) | |
| ## Security Notes | |
| ### Creating Admin Users | |
| For security, all new user registrations default to normal user role. To create admin users: | |
| 1. Register a regular user account via `POST /auth/register` | |
| 2. Manually promote the user to admin using one of these methods: | |
| - Use an existing admin account to call `POST /admin/users/{user_id}/promote` | |
| - Directly modify the database to set the first admin (SQLite: `UPDATE users SET role='admin' WHERE id=1;`) | |
| 3. Once you have at least one admin, use the promotion endpoint for additional admins | |
| ### Production Deployment | |
| - Ensure `SESSION_SECRET` is set to a strong, random value in production | |
| - Keep `GEMINI_API_KEY` secure and never expose it in client-side code | |
| - Consider adding rate limiting for authentication endpoints | |
| - Regularly audit admin user accounts | |
| ## Recent Changes | |
| - **2025-11-17**: Initial project setup with complete FastAPI backend implementation | |
| - Configured SQLite database with SQLAlchemy ORM | |
| - Implemented secure JWT-based authentication system with role-based access control | |
| - Created admin and user role-based endpoints | |
| - Integrated Tesseract OCR for nutrition label extraction | |
| - Added Gemini API integration for AI-powered analysis | |
| - Set up comprehensive error handling and validation | |
| - Fixed critical security vulnerability: removed self-service admin role assignment | |
| - Added admin-only user promotion endpoint | |
| ## Technology Stack | |
| - **Framework**: FastAPI | |
| - **Database**: SQLite with SQLAlchemy ORM | |
| - **Authentication**: JWT (python-jose) + bcrypt | |
| - **OCR**: Tesseract + pytesseract | |
| - **AI**: Google Gemini API | |
| - **Image Processing**: Pillow | |
| - **Server**: Uvicorn ASGI server | |
| ## User Preferences | |
| None specified yet. | |