Upload Docker app

Dockerfile

@@ -0,0 +1,23 @@
+# Use an official Python runtime as a parent image
+FROM python:3.11-slim
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Install system dependencies (needed for psycopg2)
+RUN apt-get update && apt-get install -y libpq-dev gcc && rm -rf /var/lib/apt/lists/*
+
+# Copy the requirements file into the container at /app
+COPY requirements.txt .
+
+# Install any needed packages specified in requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the rest of the application code
+COPY . .
+
+# Make port 8000 available to the world outside this container
+EXPOSE 8000
+
+# Run app.main:app when the container launches
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

README.md

@@ -1,10 +1,95 @@
----
-title: Test
-emoji: ⚡
-colorFrom: green
-colorTo: gray
-sdk: docker
-pinned: false
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# TalAIt Translation Backend
+
+A secure, private translation backend for TalAIt using FastAPI, PostgreSQL, and Hugging Face Inference API.
+
+## Features
+
+- **Authentication**: JWT stored in HTTP-only cookies.
+- **Translation**: English <-> French translation using Helsinki-NLP models.
+- **Security**: Password hashing with Bcrypt, secure cookie handling.
+- **Database**: PostgreSQL for user storage.
+- **Dockerized**: Easy deployment with Docker Compose.
+
+## Architecture
+
+1.  **FastAPI**: Handles HTTP requests and routing.
+2.  **PostgreSQL**: Stores user credentials (hashed).
+3.  **Hugging Face API**: Performs the actual translation.
+4.  **JWT**: Manages session state via secure cookies.
+
+### Authentication Flow
+
+1.  **Register**: User sends username/password -> Backend hashes password -> Stores in DB.
+2.  **Login**: User sends credentials -> Backend verifies -> Generates JWT -> Sets `access_token` HTTP-only cookie.
+3.  **Protected Routes**: Browser automatically sends cookie -> Backend validates JWT -> Grants access.
+4.  **Logout**: Backend clears the cookie.
+
+## Setup & Running
+
+### Prerequisites
+
+- Docker & Docker Compose
+- Hugging Face API Token
+
+### Environment Variables
+
+Create a `.env` file in the `backend` directory (or set them in `docker-compose.yml`):
+
+```env
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=password
+POSTGRES_DB=talait
+HF_TOKEN=your_hf_token_here
+JWT_SECRET=your_jwt_secret
+```
+
+### Running Locally
+
+1.  Navigate to the `backend` directory:
+    ```bash
+    cd backend
+    ```
+
+2.  Install dependencies:
+    ```bash
+    pip install -r requirements.txt
+    ```
+
+3.  Start the server using the provided script (Windows):
+    ```bash
+    .\start_backend.bat
+    ```
+    Or manually:
+    ```bash
+    uvicorn app.main:app --reload
+    ```
+    **Note:** Make sure to run `uvicorn` from the `backend` directory, not `backend/app`.
+
+The API will be available at `http://localhost:8000`.
+Docs will be at `http://localhost:8000/docs`.
+
+### Running with Docker
+
+1.  Navigate to the `backend` directory:
+    ```bash
+    cd backend
+    ```
+
+2.  Build and start the services:
+    ```bash
+    docker-compose up --build
+    ```
+
+The API will be available at `http://localhost:8000`.
+Adminer (DB GUI) will be at `http://localhost:8080`.
+
+## API Endpoints
+
+- `POST /register`: Create a new user.
+- `POST /login`: Authenticate and receive cookie.
+- `POST /logout`: Clear authentication cookie.
+- `POST /translate`: Translate text (Requires Auth).
+
+## Hugging Face Limits
+
+The free Hugging Face Inference API has rate limits. If you encounter 503 errors, it means the model is loading. If you hit rate limits, consider upgrading to a paid plan or hosting the models yourself.

app/__init__.py

@@ -0,0 +1 @@
+# init

app/auth.py

@@ -0,0 +1,25 @@
+from fastapi import Request, HTTPException, status, Depends
+from sqlalchemy.orm import Session
+from .utils import jwt_handler
+from .database import get_db
+from . import models
+
+def get_current_user(request: Request, db: Session = Depends(get_db)):
+    token = request.cookies.get("access_token")
+    if not token:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")
+    
+    # Remove "Bearer " prefix if present
+    if token.startswith("Bearer "):
+        token = token.split(" ")[1]
+        
+    payload = jwt_handler.verify_token(token)
+    if not payload:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or expired token")
+    
+    username = payload.get("sub")
+    user = db.query(models.User).filter(models.User.username == username).first()
+    if not user:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found")
+        
+    return user

app/database.py

@@ -0,0 +1,33 @@
+from sqlalchemy import create_engine
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker
+import os
+import urllib.parse
+from dotenv import load_dotenv
+
+load_dotenv()
+
+POSTGRES_USER = os.getenv("POSTGRES_USER", "postgres")
+POSTGRES_PASSWORD = os.getenv("POSTGRES_PASSWORD", "password")
+POSTGRES_SERVER = os.getenv("POSTGRES_SERVER", "localhost")
+POSTGRES_DB = os.getenv("POSTGRES_DB", "talait")
+
+encoded_user = urllib.parse.quote_plus(POSTGRES_USER)
+encoded_password = urllib.parse.quote_plus(POSTGRES_PASSWORD)
+
+DATABASE_URL = os.getenv("DATABASE_URL", f"postgresql://{encoded_user}:{encoded_password}@{POSTGRES_SERVER}/{POSTGRES_DB}")
+
+engine = create_engine(
+    DATABASE_URL,
+    connect_args={"client_encoding": "utf8"}
+)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+Base = declarative_base()
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

app/main.py

@@ -0,0 +1,41 @@
+from dotenv import load_dotenv
+load_dotenv()
+
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import JSONResponse
+from contextlib import asynccontextmanager
+from .database import engine, Base
+from .routers import auth_router, translate_router
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    # Create tables
+    Base.metadata.create_all(bind=engine)
+    yield
+
+app = FastAPI(title="TalAIt Backend", lifespan=lifespan)
+
+
+
+# CORS Configuration
+origins = [
+    "http://localhost",
+    "http://localhost:3000",
+    "http://localhost:8080",
+]
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(auth_router.router)
+app.include_router(translate_router.router)
+
+@app.get("/")
+def root():
+    return {"message": "Welcome to TalAIt Translation API"}

app/models.py

@@ -0,0 +1,9 @@
+from sqlalchemy import Column, Integer, String
+from .database import Base
+
+class User(Base):
+    __tablename__ = "users"
+
+    id = Column(Integer, primary_key=True, index=True)
+    username = Column(String, unique=True, index=True, nullable=False)
+    password_hash = Column(String, nullable=False)

app/routers/__init__.py

@@ -0,0 +1 @@
+# init

app/routers/auth_router.py

@@ -0,0 +1,49 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Response
+from sqlalchemy.orm import Session
+from .. import schemas, models, database, auth
+from ..utils import hashing, jwt_handler
+
+router = APIRouter(tags=["Authentication"])
+
+@router.post("/register", response_model=schemas.UserResponse)
+def register(user: schemas.UserCreate, db: Session = Depends(database.get_db)):
+    user_exists = db.query(models.User).filter(models.User.username == user.username).first()
+    if user_exists:
+        raise HTTPException(status_code=400, detail="Username already registered")
+    
+    new_user = models.User(username=user.username, password_hash=hashing.Hash.bcrypt(user.password))
+    db.add(new_user)
+    db.commit()
+    db.refresh(new_user)
+    return new_user
+
+@router.post("/login")
+def login(response: Response, user: schemas.UserCreate, db: Session = Depends(database.get_db)):
+    db_user = db.query(models.User).filter(models.User.username == user.username).first()
+    if not db_user:
+        raise HTTPException(status_code=404, detail="Invalid Credentials")
+    
+    if not hashing.Hash.verify(user.password, db_user.password_hash):
+        raise HTTPException(status_code=404, detail="Invalid Credentials")
+    
+    access_token = jwt_handler.create_access_token(data={"sub": db_user.username})
+    
+    # Set HTTP-only cookie
+    response.set_cookie(
+        key="access_token",
+        value=f"Bearer {access_token}",
+        httponly=True,
+        secure=False, # Set to False for localhost (HTTP)
+        samesite="lax"
+    )
+    
+    return {"message": "logged in"}
+
+@router.post("/logout")
+def logout(response: Response):
+    response.delete_cookie("access_token")
+    return {"message": "logged out"}
+
+@router.get("/me", response_model=schemas.UserResponse)
+def read_users_me(current_user: models.User = Depends(auth.get_current_user)):
+    return current_user

app/routers/translate_router.py

@@ -0,0 +1,23 @@
+from fastapi import APIRouter, Depends, HTTPException, Request, status
+from .. import schemas, auth, models
+from ..utils import hf_client
+
+router = APIRouter(tags=["Translation"])
+
+@router.post("/translate", response_model=schemas.TranslationResponse)
+def translate(request: schemas.TranslationRequest, user: models.User = Depends(auth.get_current_user)):
+    if not request.text:
+        raise HTTPException(status_code=400, detail="Text cannot be empty")
+        
+    try:
+        translation = hf_client.translate_text(request.text, request.direction)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+        
+    if isinstance(translation, dict) and translation.get("status") == 503:
+         raise HTTPException(status_code=503, detail=translation.get("error"))
+
+    if translation is None:
+        raise HTTPException(status_code=502, detail="Translation service unavailable")
+        
+    return {"translation": translation}

app/schemas.py

@@ -0,0 +1,23 @@
+from pydantic import BaseModel
+
+class UserCreate(BaseModel):
+    username: str
+    password: str
+
+class UserResponse(BaseModel):
+    id: int
+    username: str
+
+    class Config:
+        from_attributes = True
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+class TranslationRequest(BaseModel):
+    text: str
+    direction: str  # "fr-en" or "en-fr"
+
+class TranslationResponse(BaseModel):
+    translation: str

app/utils/__init__.py

@@ -0,0 +1 @@
+# init

app/utils/hashing.py

@@ -0,0 +1,12 @@
+from passlib.context import CryptContext
+
+pwd_context = CryptContext(schemes=["argon2"], deprecated="auto")
+
+class Hash:
+    @staticmethod
+    def bcrypt(password: str):
+        return pwd_context.hash(password)
+
+    @staticmethod
+    def verify(plain_password, hashed_password):
+        return pwd_context.verify(plain_password, hashed_password)

app/utils/hf_client.py

@@ -0,0 +1,37 @@
+import requests
+import os
+
+HF_TOKEN = os.getenv("HF_TOKEN")
+API_URL_TEMPLATE = "https://router.huggingface.co/hf-inference/models/{model}"
+
+MODELS = {
+    "fr-en": "Helsinki-NLP/opus-mt-fr-en",
+    "en-fr": "Helsinki-NLP/opus-mt-en-fr"
+}
+
+def translate_text(text: str, direction: str):
+    if direction not in MODELS:
+        raise ValueError("Invalid direction")
+    
+    model = MODELS[direction]
+    api_url = API_URL_TEMPLATE.format(model=model)
+    headers = {"Authorization": f"Bearer {HF_TOKEN}"}
+    payload = {"inputs": text}
+
+    try:
+        response = requests.post(api_url, headers=headers, json=payload, timeout=10)
+        
+        if response.status_code == 503:
+             # Model loading
+             return {"error": "Model is loading, please try again shortly", "status": 503}
+
+        response.raise_for_status()
+        result = response.json()
+        
+        if isinstance(result, list) and len(result) > 0 and 'translation_text' in result[0]:
+            return result[0]['translation_text']
+        else:
+            return None
+    except requests.exceptions.RequestException as e:
+        print(f"HF API Error: {e}")
+        return None

app/utils/jwt_handler.py

@@ -0,0 +1,21 @@
+from datetime import datetime, timedelta
+from jose import jwt, JWTError
+import os
+
+SECRET_KEY = os.getenv("JWT_SECRET", "secret")
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 30
+
+def create_access_token(data: dict):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+def verify_token(token: str):
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return payload
+    except JWTError:
+        return None

requirements.txt

@@ -0,0 +1,12 @@
+fastapi
+uvicorn
+sqlalchemy
+psycopg2-binary
+python-jose[cryptography]
+passlib[argon2]
+argon2-cffi
+python-multipart
+requests
+python-dotenv
+httpx
+pytest

tests/__init__.py

@@ -0,0 +1 @@
+# init

tests/test_main.py

@@ -0,0 +1,106 @@
+    import os
+# Set env vars before importing app modules to ensure they use the test DB
+os.environ["DATABASE_URL"] = "sqlite:///./test.db"
+os.environ["POSTGRES_USER"] = "user"
+os.environ["POSTGRES_PASSWORD"] = "password"
+os.environ["POSTGRES_DB"] = "dbname"
+os.environ["JWT_SECRET"] = "testsecret"
+os.environ["HF_TOKEN"] = "testtoken"
+
+from fastapi.testclient import TestClient
+from sqlalchemy import create_engine, StaticPool
+from sqlalchemy.orm import sessionmaker
+from app.main import app
+from app.database import Base, get_db
+from app.utils import hf_client
+from unittest.mock import MagicMock
+
+# Use SQLite for testing
+SQLALCHEMY_DATABASE_URL = "sqlite:///./test.db"
+
+engine = create_engine(
+    SQLALCHEMY_DATABASE_URL, 
+    connect_args={"check_same_thread": False},
+    poolclass=StaticPool,
+)
+TestingSessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+# Patch the app's engine to use our test engine
+from app import database
+database.engine = engine
+
+Base.metadata.create_all(bind=engine)
+
+def override_get_db():
+    try:
+        db = TestingSessionLocal()
+        yield db
+    finally:
+        db.close()
+
+app.dependency_overrides[get_db] = override_get_db
+
+client = TestClient(app)
+
+def test_register():
+    response = client.post(
+        "/register",
+        json={"username": "testuser", "password": "testpassword"},
+    )
+    assert response.status_code == 200
+    assert response.json()["username"] == "testuser"
+
+def test_login():
+    client.post(
+        "/register",
+        json={"username": "testuser2", "password": "testpassword"},
+    )
+    response = client.post(
+        "/login",
+        json={"username": "testuser2", "password": "testpassword"},
+    )
+    assert response.status_code == 200
+    assert "access_token" in response.cookies
+
+def test_login_wrong_password():
+    client.post(
+        "/register",
+        json={"username": "testuser3", "password": "testpassword"},
+    )
+    response = client.post(
+        "/login",
+        json={"username": "testuser3", "password": "wrongpassword"},
+    )
+    assert response.status_code == 404
+
+def test_translate_no_cookie():
+    response = client.post(
+        "/translate",
+        json={"text": "Hello", "direction": "en-fr"},
+    )
+    assert response.status_code == 401
+
+def test_translate_success(monkeypatch):
+    # Mock HF API
+    def mock_translate(*args, **kwargs):
+        return "Bonjour"
+    
+    monkeypatch.setattr(hf_client, "translate_text", mock_translate)
+
+    # Login first
+    client.post(
+        "/register",
+        json={"username": "testuser4", "password": "testpassword"},
+    )
+    login_response = client.post(
+        "/login",
+        json={"username": "testuser4", "password": "testpassword"},
+    )
+    
+    response = client.post(
+        "/translate",
+        json={"text": "Hello", "direction": "en-fr"},
+        cookies=login_response.cookies
+    )
+    assert response.status_code == 200
+    assert response.json()["translation"] == "Bonjour"