---
title: Nutrition Analysis API
emoji: 🥗
colorFrom: green
colorTo: blue
sdk: docker
sdk_version: "4.44.0"
app_file: main.py
pinned: false
---

# Nutrition Analysis API

## Overview
A Python FastAPI backend system that provides comprehensive nutritional analysis and health recommendations. The system manages user authentication with role-based access (admin and normal users), product database management, health issue tracking, and AI-powered nutritional analysis using OCR and Google's Gemini API.

## Features

### Authentication & User Management
- **Role-Based Access Control**: Admin and normal user roles
- **JWT Token Authentication**: Secure authentication using JSON Web Tokens
- **User Registration & Login**: Email and username-based registration
- **Password Security**: Bcrypt password hashing

### Admin Capabilities
- Add products with complete nutrition facts to the database
- List all products in the system
- Delete products from the database

### User Features
- Manage personal health profile
- Add/track health issues (diabetes, hypertension, cholesterol, etc.)
- View and manage health issue records
- Upload nutrition label images for analysis

### AI-Powered Nutrition Analysis
- **OCR Processing**: Extract nutrition facts from images using Tesseract OCR
- **Gemini AI Integration**: Analyze nutrition data with Google's Gemini API
- **Health Rating**: Products rated on a 1-10 scale based on nutritional value
- **Personalized Recommendations**: Health-specific advice based on user's tracked health issues
- **Alternative Suggestions**: Healthier product alternatives from the admin database

## Project Structure

```
.
├── app/
│   ├── __init__.py
│   ├── database.py          # SQLite database configuration
│   ├── models.py             # SQLAlchemy ORM models
│   ├── schemas.py            # Pydantic validation schemas
│   ├── auth.py               # JWT authentication utilities
│   └── routes/
│       ├── __init__.py
│       ├── admin.py          # Admin endpoints
│       ├── user.py           # User auth and health management
│       └── nutrition.py      # OCR and AI analysis endpoints
├── main.py                   # FastAPI application entry point
├── nutrition_app.db          # SQLite database (auto-generated)
└── pyproject.toml            # Python dependencies

```

## Database Schema

### Users Table
- id, username, email, hashed_password, role (admin/user)

### Products Table
- id, name, brand, calories, protein, fat, carbohydrates, sodium, sugar, fiber, cholesterol, serving_size

### Health Issues Table
- id, user_id (FK), issue_type, severity, notes

## API Endpoints

### Authentication
- `POST /auth/register` - Register new user
- `POST /auth/login` - Login and get JWT token
- `GET /user/me` - Get current user info

### User Health Management
- `POST /user/health-issues` - Add health issue
- `GET /user/health-issues` - List user's health issues
- `DELETE /user/health-issues/{id}` - Delete health issue

### Admin Product Management
- `POST /admin/products` - Add new product (admin only)
- `GET /admin/products` - List all products (admin only)
- `DELETE /admin/products/{id}` - Delete product (admin only)
- `POST /admin/users/{user_id}/promote` - Promote user to admin role (admin only)

### Nutrition Analysis
- `POST /nutrition/analyze` - Upload image for nutrition analysis

## Environment Variables

- `SESSION_SECRET` - JWT secret key (auto-configured by)
- `GEMINI_API_KEY` - Google Gemini API key (required for AI analysis)

## Security Notes

### Creating Admin Users
For security, all new user registrations default to normal user role. To create admin users:
1. Register a regular user account via `POST /auth/register`
2. Manually promote the user to admin using one of these methods:
   - Use an existing admin account to call `POST /admin/users/{user_id}/promote`
   - Directly modify the database to set the first admin (SQLite: `UPDATE users SET role='admin' WHERE id=1;`)
3. Once you have at least one admin, use the promotion endpoint for additional admins

### Production Deployment
- Ensure `SESSION_SECRET` is set to a strong, random value in production
- Keep `GEMINI_API_KEY` secure and never expose it in client-side code
- Consider adding rate limiting for authentication endpoints
- Regularly audit admin user accounts

## Recent Changes

- **2025-11-17**: Initial project setup with complete FastAPI backend implementation
  - Configured SQLite database with SQLAlchemy ORM
  - Implemented secure JWT-based authentication system with role-based access control
  - Created admin and user role-based endpoints
  - Integrated Tesseract OCR for nutrition label extraction
  - Added Gemini API integration for AI-powered analysis
  - Set up comprehensive error handling and validation
  - Fixed critical security vulnerability: removed self-service admin role assignment
  - Added admin-only user promotion endpoint

## Technology Stack

- **Framework**: FastAPI
- **Database**: SQLite with SQLAlchemy ORM
- **Authentication**: JWT (python-jose) + bcrypt
- **OCR**: Tesseract + pytesseract
- **AI**: Google Gemini API
- **Image Processing**: Pillow
- **Server**: Uvicorn ASGI server

## User Preferences

None specified yet.