Fix My QR dashboard auth fallback and sizing

analytics_supabase_schema.sql

@@ -5,6 +5,7 @@ create table if not exists public.analytics_generation_events (
   generation_id text not null,
   timestamp timestamptz not null default now(),
   product text not null,
+  caller_app text,
   source text not null check (source in ('ui', 'mcp')),
   pipeline text not null check (pipeline in ('standard', 'artistic')),
   tool_name text not null,
@@ -35,6 +36,9 @@ create index if not exists analytics_generation_events_generation_id_idx
 create index if not exists analytics_generation_events_source_pipeline_idx
   on public.analytics_generation_events (source, pipeline, timestamp desc);
 
+create index if not exists analytics_generation_events_caller_app_idx
+  on public.analytics_generation_events (caller_app, timestamp desc);
+
 alter table public.analytics_generation_events enable row level security;
 
 revoke all on table public.analytics_generation_events from anon, authenticated;
@@ -44,6 +48,7 @@ create table if not exists public.analytics_download_events (
   generation_id text,
   timestamp timestamptz not null default now(),
   product text not null,
+  caller_app text,
   source text not null check (source in ('ui', 'mcp')),
   pipeline text not null,
   tool_name text not null,
@@ -61,6 +66,9 @@ create index if not exists analytics_download_events_generation_id_idx
 create index if not exists analytics_download_events_source_pipeline_idx
   on public.analytics_download_events (source, pipeline, timestamp desc);
 
+create index if not exists analytics_download_events_caller_app_idx
+  on public.analytics_download_events (caller_app, timestamp desc);
+
 alter table public.analytics_download_events enable row level security;
 
 revoke all on table public.analytics_download_events from anon, authenticated;
@@ -70,6 +78,7 @@ create table if not exists public.analytics_validation_events (
   generation_id text not null,
   timestamp timestamptz not null default now(),
   product text not null,
+  caller_app text,
   source text not null check (source in ('ui', 'mcp')),
   pipeline text not null check (pipeline in ('standard', 'artistic')),
   tool_name text not null,
@@ -96,11 +105,15 @@ create table if not exists public.analytics_validation_events (
 create index if not exists analytics_validation_events_source_pipeline_idx
   on public.analytics_validation_events (source, pipeline, timestamp desc);
 
+create index if not exists analytics_validation_events_caller_app_idx
+  on public.analytics_validation_events (caller_app, timestamp desc);
+
 alter table public.analytics_validation_events enable row level security;
 
 revoke all on table public.analytics_validation_events from anon, authenticated;
 
 alter table public.analytics_generation_events
+  add column if not exists caller_app text,
   add column if not exists original_qr_payload_length integer,
   add column if not exists effective_qr_payload_length integer,
   add column if not exists scheme_stripped_for_qr boolean not null default false,
@@ -111,7 +124,11 @@ alter table public.analytics_generation_events
   add column if not exists shortener_chars_saved integer not null default 0,
   add column if not exists url_chars_saved integer not null default 0;
 
+alter table public.analytics_download_events
+  add column if not exists caller_app text;
+
 alter table public.analytics_validation_events
+  add column if not exists caller_app text,
   add column if not exists original_qr_payload_length integer,
   add column if not exists effective_qr_payload_length integer,
   add column if not exists scheme_stripped_for_qr boolean not null default false,
@@ -126,6 +143,7 @@ select
   g.generation_id,
   g.timestamp as generation_timestamp,
   g.source,
+  g.caller_app,
   g.pipeline,
   g.analytics_opt_in,
   g.status,
@@ -143,6 +161,7 @@ select
   d.generation_id,
   d.timestamp,
   d.product,
+  d.caller_app,
   d.source,
   d.pipeline,
   d.tool_name,
@@ -168,6 +187,7 @@ with ordered_generations as (
     g.generation_id,
     g.timestamp,
     g.product,
+    g.caller_app,
     g.source,
     g.pipeline,
     g.tool_name,
@@ -180,7 +200,7 @@ with ordered_generations as (
     g.settings_full,
     g.created_at,
     lead(g.timestamp) over (
-      partition by g.source, g.anonymous_id, g.pipeline
+      partition by g.source, g.anonymous_id, g.pipeline, coalesce(g.caller_app, '')
       order by g.timestamp
     ) as next_generation_timestamp
   from public.analytics_generation_events g
@@ -189,6 +209,7 @@ with ordered_generations as (
     g.generation_id,
     g.timestamp,
     g.product,
+    g.caller_app,
     g.source,
     g.pipeline,
     g.analytics_opt_in,
@@ -203,6 +224,7 @@ with ordered_generations as (
       select 1
       from public.analytics_download_events d
       where d.source = g.source
+        and coalesce(d.caller_app, '') = coalesce(g.caller_app, '')
         and d.anonymous_id = g.anonymous_id
         and d.timestamp >= g.timestamp
         and d.timestamp <= g.timestamp + interval '10 minutes'
@@ -213,6 +235,7 @@ select
   generation_id,
   timestamp,
   product,
+  caller_app,
   source,
   pipeline,
   analytics_opt_in,

app.py

@@ -5,6 +5,7 @@ import threading
 import time
 import traceback
 import hashlib
+import html
 import uuid
 from datetime import datetime, timezone
 from urllib import error as urllib_error
@@ -351,9 +352,23 @@ def _dashboard_empty_payload(message: str):
     )
 
 
-def _load_my_qr_dashboard(request: Union[gr.Request, None] = None):
+def _render_dashboard_image_html(image_url: str | None) -> str:
+    if not image_url:
+        return ""
+    safe_url = html.escape(str(image_url), quote=True)
+    return (
+        '<div class="my-qr-detail">'
+        f'<img src="{safe_url}" alt="Selected QR" />'
+        "</div>"
+    )
+
+
+def _load_my_qr_dashboard(
+    username_hint: str = "",
+    request: Union[gr.Request, None] = None,
+):
     try:
-        payload = list_my_generations(request)
+        payload = list_my_generations(request, username_hint=username_hint)
     except DashboardError as exc:
         return _dashboard_empty_payload(f"My QR Codes unavailable: {exc}")
     except Exception as exc:
@@ -373,7 +388,7 @@ def _load_my_qr_dashboard(request: Union[gr.Request, None] = None):
             gr.update(value=[]),
             records,
             "No saved QR codes yet. Generate one while signed in, then come back here.",
-            gr.update(value=None, visible=False),
+            "",
             [],
             [],
             "{}",
@@ -386,7 +401,7 @@ def _load_my_qr_dashboard(request: Union[gr.Request, None] = None):
         gr.update(value=gallery),
         records,
         "Select a saved QR to inspect analytics and reload settings.",
-        gr.update(value=None, visible=False),
+        "",
         [],
         [],
         "{}",
@@ -397,13 +412,14 @@ def _load_my_qr_dashboard(request: Union[gr.Request, None] = None):
 
 def _select_my_qr_generation(
     records: list[dict[str, Any]],
+    username_hint: str,
     evt: gr.SelectData,
     request: Union[gr.Request, None] = None,
 ):
     if not records:
         return (
             "No saved QR codes are loaded yet.",
-            gr.update(value=None, visible=False),
+            "",
             [],
             [],
             "{}",
@@ -411,11 +427,11 @@ def _select_my_qr_generation(
             gr.update(visible=False),
         )
     try:
-        detail = get_generation_detail(request, records, int(evt.index))
+        detail = get_generation_detail(request, records, int(evt.index), username_hint=username_hint)
     except DashboardError as exc:
         return (
             f"Could not load QR details: {exc}",
-            gr.update(value=None, visible=False),
+            "",
             [],
             [],
             "{}",
@@ -426,7 +442,7 @@ def _select_my_qr_generation(
         print("[dashboard-select]", traceback.format_exc())
         return (
             f"Could not load QR details: {_format_exception_message(exc)}",
-            gr.update(value=None, visible=False),
+            "",
             [],
             [],
             "{}",
@@ -436,7 +452,7 @@ def _select_my_qr_generation(
 
     return (
         detail["detail_markdown"],
-        gr.update(value=detail["image"], visible=bool(detail["image"])),
+        _render_dashboard_image_html(detail["image"]),
         detail["top_countries_rows"],
         detail["scans_by_day_rows"],
         detail["settings_json"],
@@ -518,7 +534,7 @@ def _maybe_shorten_url_for_qr(
             "error": "shortener is not configured on the server",
         }
 
-    request_body = json.dumps({"url": str(original_input or "")}).encode("utf-8")
+    request_body = json.dumps({"url": str(original_input or ""), "reuse_existing": False}).encode("utf-8")
     request_headers = {
         "Content-Type": "application/json",
         "X-API-Key": URL_SHORTENER_API_KEY,
@@ -4903,9 +4919,35 @@ STANDARD_EXAMPLES = [
     ],
 ]
 
+DASHBOARD_CSS = """
+.dashboard-hidden-username {
+  display: none !important;
+}
+.my-qr-gallery {
+  min-height: 120px !important;
+}
+.my-qr-gallery img {
+  max-height: 96px !important;
+  object-fit: contain !important;
+}
+.my-qr-detail {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  min-height: 220px;
+}
+.my-qr-detail img {
+  width: 220px;
+  max-width: 220px;
+  max-height: 220px;
+  object-fit: contain;
+  border-radius: 12px;
+}
+"""
+
 # Start your Gradio app with automatic cache cleanup (at module level for hot reload)
 # delete_cache=(3600, 3600) means: check every hour and delete files older than 1 hour
-with gr.Blocks(delete_cache=(3600, 3600)) as demo:
+with gr.Blocks(delete_cache=(3600, 3600), css=DASHBOARD_CSS) as demo:
     # Add a title and description
     gr.Markdown("# QR Code Art Generator")
     gr.Markdown("""
@@ -6613,6 +6655,42 @@ with gr.Blocks(delete_cache=(3600, 3600)) as demo:
             with gr.Row():
                 dashboard_login_btn = gr.LoginButton("Sign in with Hugging Face")
                 dashboard_refresh_btn = gr.Button("Refresh My QR Codes", variant="primary")
+            dashboard_username_hint = gr.Textbox(
+                value="",
+                visible=True,
+                elem_id="dashboard-username-hint",
+                elem_classes=["dashboard-hidden-username"],
+                label="dashboard_username_hint",
+            )
+            gr.HTML(
+                """
+                <script>
+                (() => {
+                  const syncDashboardUsernameHint = () => {
+                    const input = document.querySelector('#dashboard-username-hint textarea, #dashboard-username-hint input');
+                    if (!input) return;
+                    const buttons = Array.from(document.querySelectorAll('button, [role="button"]'));
+                    let username = '';
+                    for (const button of buttons) {
+                      const text = (button.innerText || button.textContent || '').trim();
+                      const match = text.match(/Logout\s*\(([^)]+)\)/i);
+                      if (match) {
+                        username = match[1].trim();
+                        break;
+                      }
+                    }
+                    if ((input.value || '') !== username) {
+                      input.value = username;
+                      input.dispatchEvent(new Event('input', { bubbles: true }));
+                      input.dispatchEvent(new Event('change', { bubbles: true }));
+                    }
+                  };
+                  syncDashboardUsernameHint();
+                  window.setInterval(syncDashboardUsernameHint, 1500);
+                })();
+                </script>
+                """
+            )
             dashboard_status = gr.Markdown(
                 "Refresh My QR Codes to load items from your account or this browser session."
             )
@@ -6626,16 +6704,13 @@ with gr.Blocks(delete_cache=(3600, 3600)) as demo:
                 allow_preview=False,
                 object_fit="contain",
                 show_download_button=False,
+                elem_classes=["my-qr-gallery"],
             )
             with gr.Row():
                 with gr.Column(scale=1):
-                    my_qr_detail_image = gr.Image(
+                    my_qr_detail_image = gr.HTML(
                         label="Selected QR",
-                        visible=False,
-                        interactive=False,
-                        height=220,
-                        width=220,
-                        show_download_button=False,
+                        value="",
                     )
                 with gr.Column(scale=1):
                     my_qr_detail_markdown = gr.Markdown(
@@ -6681,7 +6756,7 @@ with gr.Blocks(delete_cache=(3600, 3600)) as demo:
 
             dashboard_refresh_btn.click(
                 fn=_load_my_qr_dashboard,
-                inputs=[],
+                inputs=[dashboard_username_hint],
                 outputs=[
                     dashboard_status,
                     my_qr_gallery,
@@ -6698,7 +6773,7 @@ with gr.Blocks(delete_cache=(3600, 3600)) as demo:
 
             demo.load(
                 fn=_load_my_qr_dashboard,
-                inputs=[],
+                inputs=[dashboard_username_hint],
                 outputs=[
                     dashboard_status,
                     my_qr_gallery,
@@ -6715,7 +6790,7 @@ with gr.Blocks(delete_cache=(3600, 3600)) as demo:
 
             my_qr_gallery.select(
                 fn=_select_my_qr_generation,
-                inputs=[my_qr_records_state],
+                inputs=[my_qr_records_state, dashboard_username_hint],
                 outputs=[
                     my_qr_detail_markdown,
                     my_qr_detail_image,

hf_dashboard.py

@@ -272,11 +272,12 @@ def _build_browser_fingerprint(request: Any | None, source: str = "ui") -> str |
     return hashlib.sha256(raw.encode("utf-8")).hexdigest()[:24]
 
 
-def get_current_user_context(request: Any | None) -> dict[str, Any] | None:
+def get_current_user_context(request: Any | None, username_hint: str | None = None) -> dict[str, Any] | None:
     oauth_info = _session_oauth_info(request)
     raw_userinfo = oauth_info.get("userinfo")
     userinfo: Mapping[str, Any] = raw_userinfo if isinstance(raw_userinfo, Mapping) else {}
-    username = str(userinfo.get("preferred_username") or getattr(request, "username", "") or "").strip()
+    hinted_username = str(username_hint or "").strip()
+    username = str(userinfo.get("preferred_username") or getattr(request, "username", "") or hinted_username or "").strip()
     if not username:
         return None
 
@@ -301,8 +302,8 @@ def get_current_user_context(request: Any | None) -> dict[str, Any] | None:
     }
 
 
-def ensure_app_user_for_request(request: Any | None) -> dict[str, Any] | None:
-    user = get_current_user_context(request)
+def ensure_app_user_for_request(request: Any | None, username_hint: str | None = None) -> dict[str, Any] | None:
+    user = get_current_user_context(request, username_hint=username_hint)
     if user is None:
         return None
 
@@ -553,8 +554,14 @@ def persist_generation(
     return "Saved this QR in the current browser session. Open My QR Codes while signed in to claim it."
 
 
-def list_my_generations(request: Any | None) -> dict[str, Any]:
-    user = ensure_app_user_for_request(request)
+def _ensure_user_for_request_compat(request: Any | None, username_hint: str | None = None) -> dict[str, Any] | None:
+    if username_hint:
+        return ensure_app_user_for_request(request, username_hint=username_hint)
+    return ensure_app_user_for_request(request)
+
+
+def list_my_generations(request: Any | None, username_hint: str | None = None) -> dict[str, Any]:
+    user = _ensure_user_for_request_compat(request, username_hint=username_hint)
     if user is None:
         session_hash = str(getattr(request, "session_hash", "") or "").strip() if request is not None else ""
         browser_fingerprint = _build_browser_fingerprint(request)
@@ -702,12 +709,17 @@ def _request_matches_record_session(request: Any | None, record: Mapping[str, An
     return False
 
 
-def get_generation_detail(request: Any | None, records: list[dict[str, Any]], index: int) -> dict[str, Any]:
+def get_generation_detail(
+    request: Any | None,
+    records: list[dict[str, Any]],
+    index: int,
+    username_hint: str | None = None,
+) -> dict[str, Any]:
     if index < 0 or index >= len(records):
         raise DashboardError("Selected QR code is out of range.")
 
     record = records[index]
-    user = ensure_app_user_for_request(request)
+    user = _ensure_user_for_request_compat(request, username_hint=username_hint)
     if user is None:
         if not _request_matches_record_session(request, record):
             raise DashboardError("Please sign in first.")

modal_service.py

@@ -56,6 +56,7 @@ except ModuleNotFoundError:
 
 
 APP_NAME = os.environ.get("MODAL_APP_NAME", "ai-qr-code-generator-api")
+LEGACY_WEB_LABEL = os.environ.get("MODAL_WEB_LABEL", APP_NAME)
 GPU = os.environ.get("MODAL_GPU", "A100-40GB")
 TIMEOUT_SECONDS = int(os.environ.get("MODAL_TIMEOUT_SECONDS", "1800"))
 SCALEDOWN_WINDOW = int(os.environ.get("MODAL_SCALEDOWN_WINDOW", "300"))
@@ -96,7 +97,7 @@ image = (
     volumes={"/root/app/models": volume},
     secrets=[modal.Secret.from_name("huggingface-token"), runtime_secret],
 )
-@modal.asgi_app()
+@modal.asgi_app(label=LEGACY_WEB_LABEL)
 def api():
     from fastapi import FastAPI, HTTPException, Request
     from fastapi.concurrency import run_in_threadpool

tests-unit/hf_dashboard_test.py

@@ -39,6 +39,17 @@ def test_get_current_user_context_reads_hf_oauth_session() -> None:
     assert "access_token" not in user["raw_profile"]["oauth_info"]
 
 
+def test_get_current_user_context_uses_username_hint_without_request_username() -> None:
+    request = FakeRequest(username="", oauth_info={})
+
+    user = hf_dashboard.get_current_user_context(request, username_hint="Oysiyl")
+
+    assert user is not None
+    assert user["provider"] == "huggingface"
+    assert user["provider_subject"] == "hf-username:oysiyl"
+    assert user["username"] == "Oysiyl"
+
+
 def test_list_my_generations_requires_sign_in(monkeypatch) -> None:
     monkeypatch.setattr(hf_dashboard, "ensure_app_user_for_request", lambda request: None)
 

tests-unit/requirements.txt

@@ -1,3 +1,4 @@
 pytest>=7.8.0
 pytest-aiohttp
 pytest-asyncio
+Pillow