Upload 20 files

app_auth.py

@@ -0,0 +1,1074 @@
+from fastapi import FastAPI, File, UploadFile, Form, Request, BackgroundTasks, Depends, HTTPException
+from fastapi.responses import HTMLResponse, FileResponse, JSONResponse, RedirectResponse
+from fastapi.templating import Jinja2Templates
+from fastapi.staticfiles import StaticFiles
+from fastapi.middleware.cors import CORSMiddleware
+import uvicorn
+import os
+from augment_dataset import augment_session, get_session_stats, AVAILABLE_VARIANTS
+from PIL import Image, ImageDraw
+import numpy as np
+import random
+import io
+import base64
+import json
+import zipfile
+from datetime import datetime
+import shutil
+from sqlalchemy.orm import Session
+
+# Importar módulos de autenticación
+from auth.database import create_tables, get_db
+from auth.models import User, UserSession
+from auth.routes import router as auth_router
+from auth.classes_routes import router as classes_router
+from auth.session_routes import router as hash_sessions_router
+from auth.dependencies import get_current_user, get_optional_user, verify_session_access
+
+# Crear aplicación FastAPI
+app = FastAPI(
+    title="YOLO Multi-Class Annotator & Visualizer (JWT Auth)",
+    description="Sistema de anotación YOLO con autenticación JWT",
+    version="2.0.0"
+)
+
+# Configurar CORS
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],  # En producción, especificar dominios específicos
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Configurar templates y archivos estáticos
+templates = Jinja2Templates(directory="templates")
+app.mount("/static", StaticFiles(directory="static"), name="static")
+
+# Incluir router de autenticación
+app.include_router(auth_router)
+app.include_router(classes_router)
+app.include_router(hash_sessions_router)
+
+# Crear carpetas necesarias
+os.makedirs("static", exist_ok=True)
+os.makedirs("templates", exist_ok=True)
+os.makedirs("annotations", exist_ok=True)
+os.makedirs("temp", exist_ok=True)
+
+# Crear tablas de base de datos
+create_tables()
+
+# Funciones auxiliares (copiadas del original)
+def create_session_structure(session_name, user_id=None, db=None):
+    """Crear estructura de sesión y asociarla con usuario"""
+    session_path = f"annotations/{session_name}"
+    os.makedirs(f"{session_path}/images", exist_ok=True)
+    os.makedirs(f"{session_path}/labels", exist_ok=True)
+    
+    # Si se proporciona user_id, crear relación en base de datos
+    if user_id and db:
+        existing_session = db.query(UserSession).filter(
+            UserSession.user_id == user_id,
+            UserSession.session_name == session_name
+        ).first()
+        
+        if not existing_session:
+            user_session = UserSession(
+                session_name=session_name,
+                user_id=user_id
+            )
+            db.add(user_session)
+            db.commit()
+    
+    return session_path
+
+def random_color():
+    return tuple(random.randint(0, 255) for _ in range(3))
+
+def create_canvas_with_image(image_bytes, size, x, y, change_bg=True, max_size=800):
+    """Crear canvas con imagen redimensionada automáticamente"""
+    bg_color = random_color() if change_bg else (200, 200, 200)
+    canvas = Image.new('RGB', size, bg_color)
+    
+    # Cargar imagen subida (soporta múltiples formatos incluyendo WebP)
+    img = Image.open(io.BytesIO(image_bytes))
+    
+    # Convertir a RGB si es necesario (para WebP con transparencia, etc.)
+    if img.mode in ('RGBA', 'LA', 'P'):
+        # Crear fondo blanco para transparencias
+        background = Image.new('RGB', img.size, (255, 255, 255))
+        if img.mode == 'P':
+            img = img.convert('RGBA')
+        background.paste(img, mask=img.split()[-1] if img.mode in ('RGBA', 'LA') else None)
+        img = background
+    elif img.mode != 'RGB':
+        img = img.convert('RGB')
+    
+    # Redimensionar imagen si es muy grande manteniendo aspecto
+    original_width, original_height = img.size
+    
+    # Calcular nuevo tamaño manteniendo proporción
+    if original_width > max_size or original_height > max_size:
+        ratio = min(max_size / original_width, max_size / original_height)
+        new_width = int(original_width * ratio)
+        new_height = int(original_height * ratio)
+        img = img.resize((new_width, new_height), Image.Resampling.LANCZOS)
+    
+    # Centrar imagen si es menor que el canvas
+    canvas_width, canvas_height = size
+    img_width, img_height = img.size
+    
+    # Calcular posición centrada o usar coordenadas proporcionadas
+    if x == 0 and y == 0:  # Auto-centrar
+        paste_x = (canvas_width - img_width) // 2
+        paste_y = (canvas_height - img_height) // 2
+    else:
+        # Usar coordenadas proporcionadas pero asegurar que la imagen esté dentro
+        paste_x = min(x, canvas_width - img_width)
+        paste_y = min(y, canvas_height - img_height)
+    
+    paste_x = max(0, paste_x)
+    paste_y = max(0, paste_y)
+    
+    # Pegar imagen en canvas
+    canvas.paste(img, (paste_x, paste_y))
+    
+    return canvas
+
+def image_to_base64(pil_image):
+    buffer = io.BytesIO()
+    pil_image.save(buffer, format='JPEG', quality=90)
+    img_data = base64.b64encode(buffer.getvalue()).decode()
+    return f"data:image/jpeg;base64,{img_data}"
+
+def get_user_sessions_list(user: User, db: Session):
+    """Obtener lista de nombres de sesiones del usuario (para compatibilidad)"""
+    if user and user.is_admin:
+        # Los admins pueden ver todas las sesiones
+        sessions_dir = "annotations"
+        all_sessions = []
+        if os.path.exists(sessions_dir):
+            for session_name in os.listdir(sessions_dir):
+                session_path = os.path.join(sessions_dir, session_name)
+                if os.path.isdir(session_path):
+                    all_sessions.append(session_name)
+        return all_sessions
+    elif user:
+        # Usuarios normales solo ven sus sesiones
+        user_sessions = db.query(UserSession).filter(
+            UserSession.user_id == user.id,
+            UserSession.is_active == True
+        ).all()
+        return [session.session_name for session in user_sessions]
+    else:
+        # Usuario no autenticado: mostrar todas las sesiones disponibles (modo invitado)
+        sessions_dir = "annotations"
+        all_sessions = []
+        if os.path.exists(sessions_dir):
+            for session_name in os.listdir(sessions_dir):
+                session_path = os.path.join(sessions_dir, session_name)
+                if os.path.isdir(session_path):
+                    all_sessions.append(session_name)
+        return all_sessions
+
+
+def get_user_sessions_with_info(user: User, db: Session):
+    """Obtener lista de sesiones del usuario con información completa (para API)"""
+    if user and user.is_admin:
+        # Los admins pueden ver todas las sesiones activas de la base de datos
+        user_sessions = db.query(UserSession).filter(
+            UserSession.is_active == True
+        ).all()
+        
+        sessions_list = []
+        for session in user_sessions:
+            session_info = {
+                'name': session.session_name,
+                'session_hash': session.session_hash,
+                'is_private': bool(session.session_hash)
+            }
+            sessions_list.append(session_info)
+        
+        return sessions_list
+    elif user:
+        # Usuarios normales solo ven sus sesiones
+        user_sessions = db.query(UserSession).filter(
+            UserSession.user_id == user.id,
+            UserSession.is_active == True
+        ).all()
+        
+        sessions_list = []
+        for session in user_sessions:
+            session_info = {
+                'name': session.session_name,
+                'session_hash': session.session_hash,
+                'is_private': bool(session.session_hash)
+            }
+            sessions_list.append(session_info)
+        
+        return sessions_list
+    else:
+        # Usuario no autenticado: mostrar sesiones disponibles con directorios físicos
+        sessions_dir = "annotations"
+        all_sessions = []
+        if os.path.exists(sessions_dir):
+            for session_name in os.listdir(sessions_dir):
+                session_path = os.path.join(sessions_dir, session_name)
+                if os.path.isdir(session_path):
+                    # Para usuarios no autenticados, no mostrar información de hash
+                    session_info = {
+                        'name': session_name,
+                        'session_hash': None,
+                        'is_private': False
+                    }
+                    all_sessions.append(session_info)
+        return all_sessions
+
+# ============================================================================
+# MIDDLEWARE DE AUTENTICACIÓN
+# ============================================================================
+@app.middleware("http")
+async def auth_middleware(request: Request, call_next):
+    """Middleware para manejar autenticación en rutas protegidas"""
+    
+    # Rutas públicas que no requieren autenticación
+    public_paths = [
+        "/",
+        "/login", 
+        "/register", 
+        "/auth/", 
+        "/static/", 
+        "/docs", 
+        "/redoc", 
+        "/openapi.json"
+    ]
+    
+    # Verificar si la ruta es pública
+    is_public = any(request.url.path.startswith(path) for path in public_paths)
+    
+    if is_public:
+        response = await call_next(request)
+        return response
+    
+    # Para rutas protegidas, verificar autenticación en el navegador
+    # (Las rutas API manejan su propia autenticación con dependencies)
+    if not request.url.path.startswith("/api/"):
+        # Verificar si hay token en headers (para navegador)
+        auth_header = request.headers.get("authorization")
+        if not auth_header:
+            # Redireccionar a login si no está autenticado
+            return RedirectResponse(url="/login", status_code=302)
+    
+    response = await call_next(request)
+    return response
+
+# ============================================================================
+# ENDPOINTS PRINCIPALES
+# ============================================================================
+@app.get("/", response_class=HTMLResponse)
+async def main(request: Request):
+    """Página principal - pública"""
+    return templates.TemplateResponse("index.html", {"request": request})
+
+@app.get("/login", response_class=HTMLResponse)
+async def login_page(request: Request):
+    """Página de login"""
+    return templates.TemplateResponse("login.html", {"request": request})
+
+@app.get("/register", response_class=HTMLResponse)
+async def register_page(request: Request):
+    """Página de registro"""
+    return templates.TemplateResponse("register.html", {"request": request})
+
+@app.get("/dashboard", response_class=HTMLResponse)
+async def dashboard(
+    request: Request, 
+    current_user: User = Depends(get_optional_user),
+    db: Session = Depends(get_db)
+):
+    """Dashboard principal - verificación de autenticación en frontend"""
+    if current_user:
+        user_sessions = get_user_sessions_list(current_user, db)
+    else:
+        user_sessions = []
+    
+    return templates.TemplateResponse("dashboard.html", {
+        "request": request,
+        "user": current_user,
+        "sessions": user_sessions
+    })
+
+@app.get("/sessions", response_class=HTMLResponse) 
+async def sessions_page(
+    request: Request, 
+    current_user: User = Depends(get_optional_user),
+    db: Session = Depends(get_db)
+):
+    """Página de gestión de sesiones - autenticación opcional"""
+    try:
+        sessions_dir = "annotations"
+        sessions = []
+        
+        # Obtener sesiones del usuario
+        user_sessions = get_user_sessions_list(current_user, db)
+        
+        for session_name in user_sessions:
+            session_path = os.path.join(sessions_dir, session_name)
+            if os.path.isdir(session_path):
+                images_path = os.path.join(session_path, "images")
+                labels_path = os.path.join(session_path, "labels")
+                
+                image_count = 0
+                label_count = 0
+                
+                if os.path.exists(images_path):
+                    image_count = len([f for f in os.listdir(images_path) 
+                                     if f.lower().endswith(('.jpg', '.jpeg', '.png'))])
+                
+                if os.path.exists(labels_path):
+                    label_count = len([f for f in os.listdir(labels_path) 
+                                     if f.lower().endswith('.txt')])
+                
+                sessions.append({
+                    'name': session_name,
+                    'images': image_count,
+                    'labels': label_count,
+                    'path': session_path
+                })
+        
+        return templates.TemplateResponse("sessions.html", {
+            "request": request,
+            "sessions": sessions,
+            "current_user": current_user
+        })
+        
+    except Exception as e:
+        return HTMLResponse(content=f"<h1>Error</h1><p>Error: {str(e)}</p><a href='/dashboard'>← Volver</a>")
+
+@app.get("/annotator", response_class=HTMLResponse)
+async def annotator_page(
+    request: Request, 
+    current_user: User = Depends(get_optional_user)
+):
+    """Anotador clásico para crear datasets - verificación de autenticación en frontend"""
+    return templates.TemplateResponse("annotator.html", {
+        "request": request,
+        "user": current_user
+    })
+
+@app.get("/visualizer", response_class=HTMLResponse)
+async def visualizer_page(
+    request: Request, 
+    session: str = None,
+    current_user: User = Depends(get_optional_user),
+    db: Session = Depends(get_db)
+):
+    """Visualizador de datasets con anotaciones - verificación de autenticación en frontend"""
+    try:
+        # Obtener sesiones del usuario si está autenticado
+        if current_user:
+            user_sessions = get_user_sessions_list(current_user, db)
+            
+            # Verificar acceso a sesión específica si se proporciona
+            if session and not verify_session_access(current_user, session, db):
+                raise HTTPException(status_code=403, detail="No access to this session")
+        else:
+            user_sessions = []
+        
+        return templates.TemplateResponse("visualizer.html", {
+            "request": request,
+            "sessions": user_sessions,
+            "current_session": session,
+            "user": current_user
+        })
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        return HTMLResponse(content=f"<h1>Error</h1><p>Error en visualizador: {str(e)}</p><a href='/dashboard'>← Volver</a>")
+
+# ============================================================================
+# API ENDPOINTS CON AUTENTICACIÓN
+# ============================================================================
+
+# ============================================================================
+# NUEVOS ENDPOINTS PARA ACCESO POR HASH
+# ============================================================================
+
+@app.get("/session/{session_hash}", response_class=HTMLResponse)
+async def session_by_hash_page(
+    request: Request,
+    session_hash: str,
+    db: Session = Depends(get_db)
+):
+    """
+    Página de acceso a una sesión específica por hash.
+    NO requiere autenticación - acceso público con hash.
+    """
+    from auth.session_utils import get_session_by_hash
+    
+    # Verificar que la sesión existe
+    session = get_session_by_hash(db, session_hash)
+    if not session:
+        return HTMLResponse(
+            content=f"""
+            <h1>🔍 Sesión no encontrada</h1>
+            <p>La sesión con hash <code>{session_hash}</code> no existe o está inactiva.</p>
+            <a href="/">← Ir al inicio</a>
+            """,
+            status_code=404
+        )
+    
+    return templates.TemplateResponse("session_access.html", {
+        "request": request,
+        "session": session,
+        "session_hash": session_hash,
+        "annotator_url": f"/session/{session_hash}/annotator",
+        "visualizer_url": f"/session/{session_hash}/visualizer"
+    })
+
+@app.get("/session/{session_hash}/annotator", response_class=HTMLResponse)
+async def session_annotator_by_hash(
+    request: Request,
+    session_hash: str,
+    db: Session = Depends(get_db)
+):
+    """
+    Anotador para una sesión específica accesible por hash.
+    NO requiere autenticación.
+    """
+    from auth.session_utils import get_session_by_hash
+    
+    session = get_session_by_hash(db, session_hash)
+    if not session:
+        return HTMLResponse(content="Sesión no encontrada", status_code=404)
+    
+    return templates.TemplateResponse("annotator.html", {
+        "request": request,
+        "session_hash": session_hash,
+        "session_name": session.session_name,
+        "public_access": True,
+        "user": None  # Sin usuario autenticado
+    })
+
+@app.get("/session/{session_hash}/visualizer", response_class=HTMLResponse)
+async def session_visualizer_by_hash(
+    request: Request,
+    session_hash: str,
+    db: Session = Depends(get_db)
+):
+    """
+    Visualizador para una sesión específica accesible por hash.
+    NO requiere autenticación.
+    """
+    from auth.session_utils import get_session_by_hash
+    
+    session = get_session_by_hash(db, session_hash)
+    if not session:
+        return HTMLResponse(content="Sesión no encontrada", status_code=404)
+    
+    return templates.TemplateResponse("visualizer.html", {
+        "request": request,
+        "session_hash": session_hash,
+        "session_name": session.session_name,
+        "current_session": session.session_name,
+        "public_access": True,
+        "sessions": [session],  # Solo esta sesión
+        "user": None  # Sin usuario autenticado
+    })
+@app.get("/api/sessions")
+async def list_sessions_api(
+    request: Request,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Listar sesiones del usuario actual"""
+    try:
+        sessions_dir = "annotations"
+        sessions = []
+        
+        # Obtener sesiones del usuario con información de hash
+        user_sessions = get_user_sessions_list(current_user, db)
+        
+        for session_info in user_sessions:
+            # Manejar tanto el formato nuevo (dict) como el viejo (string)
+            if isinstance(session_info, dict):
+                session_name = session_info['name']
+                session_hash = session_info.get('session_hash')
+                is_private = session_info.get('is_private', False)
+            else:
+                session_name = session_info
+                session_hash = None
+                is_private = False
+                
+            session_path = os.path.join(sessions_dir, session_name)
+            
+            # Contar archivos si el directorio existe
+            images_count = 0
+            labels_count = 0
+            
+            if os.path.isdir(session_path):
+                images_path = os.path.join(session_path, "images")
+                labels_path = os.path.join(session_path, "labels")
+                
+                if os.path.exists(images_path):
+                    images_count = len([f for f in os.listdir(images_path) 
+                                      if f.lower().endswith(('.jpg', '.jpeg', '.png', '.bmp', '.gif', '.webp'))])
+                
+                if os.path.exists(labels_path):
+                    labels_count = len([f for f in os.listdir(labels_path) 
+                                      if f.lower().endswith('.txt')])
+            
+            session_data = {
+                'name': session_name,
+                'images_count': images_count,
+                'labels_count': labels_count,
+                'is_private': is_private
+            }
+            
+            # Agregar información de hash solo si existe
+            if session_hash:
+                session_data['session_hash'] = session_hash
+                session_data['share_url'] = f"{request.base_url}session/{session_hash}"
+            
+            sessions.append(session_data)
+        
+        # Ordenar sesiones por nombre
+        sessions.sort(key=lambda x: x['name'])
+        
+        return {
+            "success": True,
+            "sessions": sessions,
+            "user": {
+                "username": current_user.username,
+                "is_admin": current_user.is_admin
+            }
+        }
+    except Exception as e:
+        return {"success": False, "message": f"Error al listar sesiones: {str(e)}"}
+
+@app.get("/api/session/{session_name}/visualize")
+async def get_session_visualize_data(
+    session_name: str, 
+    limit: int = None, 
+    offset: int = 0,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """API endpoint para obtener datos de visualización de una sesión"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session_name, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        session_path = os.path.join("annotations", session_name)
+        images_path = os.path.join(session_path, "images")
+        labels_path = os.path.join(session_path, "labels")
+        
+        if not os.path.exists(session_path):
+            return {"success": False, "message": f"Sesión '{session_name}' no encontrada"}
+        
+        images_data = []
+        total_labels = 0
+        
+        if os.path.exists(images_path):
+            for filename in os.listdir(images_path):
+                if filename.lower().endswith(('.jpg', '.jpeg', '.png')):
+                    # Obtener dimensiones de la imagen
+                    from PIL import Image as PILImage
+                    image_path = os.path.join(images_path, filename)
+                    
+                    try:
+                        with PILImage.open(image_path) as img:
+                            width, height = img.size
+                    except:
+                        width, height = 640, 640  # Default si hay error
+                    
+                    # Leer etiquetas para esta imagen
+                    label_filename = os.path.splitext(filename)[0] + '.txt'
+                    label_path = os.path.join(labels_path, label_filename)
+                    
+                    annotations = []
+                    if os.path.exists(label_path):
+                        with open(label_path, 'r') as f:
+                            for line_num, line in enumerate(f):
+                                line = line.strip()
+                                if line:
+                                    try:
+                                        parts = line.split()
+                                        if len(parts) >= 5:
+                                            class_id = int(parts[0])
+                                            x_center = float(parts[1])
+                                            y_center = float(parts[2])
+                                            bbox_width = float(parts[3])
+                                            bbox_height = float(parts[4])
+                                            
+                                            # Convertir de formato YOLO normalizado a píxeles
+                                            x1 = int((x_center - bbox_width/2) * width)
+                                            y1 = int((y_center - bbox_height/2) * height)
+                                            x2 = int((x_center + bbox_width/2) * width)
+                                            y2 = int((y_center + bbox_height/2) * height)
+                                            
+                                            annotations.append({
+                                                'class_id': class_id,
+                                                'x1': x1, 'y1': y1, 'x2': x2, 'y2': y2,
+                                                'x_center': x_center, 'y_center': y_center,
+                                                'width': bbox_width, 'height': bbox_height
+                                            })
+                                    except (ValueError, IndexError) as e:
+                                        print(f"Error procesando línea {line_num} en {label_filename}: {e}")
+                                        continue
+                    
+                    total_labels += len(annotations)
+                    
+                    images_data.append({
+                        'name': filename,
+                        'labels': len(annotations),
+                        'annotations': annotations,
+                        'width': width,
+                        'height': height
+                    })
+        
+        # Aplicar paginación si se especifica
+        images_to_return = images_data
+        if limit is not None and limit > 0:
+            end_index = offset + limit
+            images_to_return = images_data[offset:end_index]
+        
+        return {
+            "success": True,
+            "session_name": session_name,
+            "total_images": len(images_data),
+            "total_labels": total_labels,
+            "returned_images": len(images_to_return),
+            "offset": offset,
+            "has_more": limit is not None and limit > 0 and offset + limit < len(images_data),
+            "images": images_to_return
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error: {str(e)}"}
+
+@app.post("/api/session/{session_name}/create")
+async def create_session_api(
+    session_name: str,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Crear nueva sesión para el usuario"""
+    try:
+        # Verificar que el nombre de sesión sea válido
+        if not session_name or session_name.strip() == '':
+            return {"success": False, "message": "Nombre de sesión inválido"}
+        
+        # Limpiar nombre de sesión
+        safe_session_name = "".join(c for c in session_name if c.isalnum() or c in ('_', '-')).strip()
+        if not safe_session_name:
+            return {"success": False, "message": "Nombre de sesión contiene caracteres inválidos"}
+        
+        # Verificar si la sesión ya existe para este usuario
+        existing_session = db.query(UserSession).filter(
+            UserSession.user_id == current_user.id,
+            UserSession.session_name == safe_session_name
+        ).first()
+        
+        if existing_session:
+            return {"success": False, "message": "Ya tienes una sesión con este nombre"}
+        
+        # Crear estructura de sesión
+        session_path = create_session_structure(safe_session_name, current_user.id, db)
+        
+        return {
+            "success": True, 
+            "message": f"Sesión '{safe_session_name}' creada exitosamente",
+            "session_name": safe_session_name
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al crear sesión: {str(e)}"}
+
+@app.post("/api/upload")
+async def upload_image(
+    session: str = Form(...),
+    canvas_width: int = Form(640),
+    canvas_height: int = Form(640),
+    x: int = Form(0),
+    y: int = Form(0),
+    change_bg: bool = Form(True),
+    file: UploadFile = File(...),
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Subir imagen a sesión del usuario"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        # Leer archivo
+        image_bytes = await file.read()
+        
+        # Crear imagen con canvas
+        canvas_image = create_canvas_with_image(
+            image_bytes, (canvas_width, canvas_height), x, y, change_bg
+        )
+        
+        # Generar nombre único de archivo
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        image_filename = f"{session}_{timestamp}_{file.filename}"
+        
+        # Guardar imagen
+        session_path = os.path.join("annotations", session)
+        image_path = os.path.join(session_path, "images", image_filename)
+        
+        # Crear directorio si no existe
+        os.makedirs(os.path.dirname(image_path), exist_ok=True)
+        
+        canvas_image.save(image_path)
+        
+        # Convertir a base64 para vista previa
+        preview_b64 = image_to_base64(canvas_image)
+        
+        return {
+            "success": True,
+            "filename": image_filename,
+            "preview": preview_b64,
+            "message": f"Imagen subida a sesión '{session}'"
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al subir imagen: {str(e)}"}
+
+@app.post("/api/save_annotations")
+async def save_annotations(
+    session: str = Form(...),
+    filename: str = Form(...),
+    annotations: str = Form(...),
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Guardar anotaciones de una imagen"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        # Procesar anotaciones JSON
+        try:
+            annotations_data = json.loads(annotations)
+        except json.JSONDecodeError:
+            return {"success": False, "message": "Formato de anotaciones inválido"}
+        
+        # Preparar contenido del archivo de etiquetas
+        label_content = []
+        for ann in annotations_data:
+            if all(key in ann for key in ['class_id', 'x_center', 'y_center', 'width', 'height']):
+                label_line = f"{ann['class_id']} {ann['x_center']} {ann['y_center']} {ann['width']} {ann['height']}"
+                label_content.append(label_line)
+        
+        # Guardar archivo de etiquetas
+        session_path = os.path.join("annotations", session)
+        label_filename = os.path.splitext(filename)[0] + '.txt'
+        label_path = os.path.join(session_path, "labels", label_filename)
+        
+        # Crear directorio si no existe
+        os.makedirs(os.path.dirname(label_path), exist_ok=True)
+        
+        with open(label_path, 'w') as f:
+            f.write('\n'.join(label_content))
+        
+        return {
+            "success": True,
+            "message": f"Anotaciones guardadas para {filename}",
+            "annotations_count": len(label_content)
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al guardar anotaciones: {str(e)}"}
+
+@app.post("/api/augment")
+async def augment_dataset_api(
+    background_tasks: BackgroundTasks,
+    session: str = Form(...),
+    variants: list = Form(None),
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Aumentar dataset en background - requiere autenticación"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        session_path = os.path.join("annotations", session)
+        
+        if not os.path.exists(session_path):
+            return {"success": False, "message": f"Sesión '{session}' no encontrada"}
+        
+        # Verificar que la sesión tenga imágenes
+        images_path = os.path.join(session_path, "images")
+        if not os.path.exists(images_path) or not os.listdir(images_path):
+            return {"success": False, "message": f"No hay imágenes en la sesión '{session}'"}
+        
+        # Usar variantes especificadas o todas si no se especifican
+        selected_variants = variants if variants else list(AVAILABLE_VARIANTS.keys())
+        
+        # Verificar que las variantes sean válidas
+        invalid_variants = [v for v in selected_variants if v not in AVAILABLE_VARIANTS]
+        if invalid_variants:
+            return {"success": False, "message": f"Variantes inválidas: {invalid_variants}"}
+        
+        # Ejecutar augmentación en background con variantes seleccionadas
+        background_tasks.add_task(augment_session, session, selected_variants)
+        
+        return {
+            "success": True,
+            "message": f"Aumentación iniciada para sesión '{session}' con {len(selected_variants)} variantes",
+            "session": session,
+            "selected_variants": selected_variants,
+            "available_variants": AVAILABLE_VARIANTS
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al iniciar augmentación: {str(e)}"}
+
+@app.get("/api/augment/progress/{session}")
+async def get_augment_progress(
+    session: str,
+    current_user: User = Depends(get_optional_user),
+    db: Session = Depends(get_db)
+):
+    """Obtener progreso de augmentación"""
+    try:
+        # Verificar acceso a la sesión solo si hay usuario autenticado
+        if current_user and not verify_session_access(current_user, session, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        progress_file = f"temp/progress_{session}.json"
+        
+        if not os.path.exists(progress_file):
+            return {
+                "success": False,
+                "message": "No hay proceso de augmentación activo"
+            }
+        
+        with open(progress_file, 'r') as f:
+            progress_data = json.load(f)
+        
+        return {
+            "success": True,
+            **progress_data  # Expandir las propiedades directamente
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al obtener progreso: {str(e)}"}
+
+@app.get("/api/stats/{session}")
+async def get_session_stats_api(
+    session: str,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Obtener estadísticas de una sesión"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        stats = get_session_stats(session)
+        return {
+            "success": True,
+            "session": session,
+            "stats": stats
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al obtener estadísticas: {str(e)}"}
+
+@app.get("/api/download/{session}")
+async def download_session(
+    session: str,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Descargar sesión como archivo ZIP"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session, db):
+            raise HTTPException(status_code=403, detail="No tienes acceso a esta sesión")
+        
+        session_path = os.path.join("annotations", session)
+        
+        if not os.path.exists(session_path):
+            raise HTTPException(status_code=404, detail=f"Sesión '{session}' no encontrada")
+        
+        # Crear archivo ZIP temporal
+        zip_filename = f"{session}_dataset.zip"
+        zip_path = os.path.join("temp", zip_filename)
+        
+        os.makedirs("temp", exist_ok=True)
+        
+        with zipfile.ZipFile(zip_path, 'w') as zipf:
+            for root, dirs, files in os.walk(session_path):
+                for file in files:
+                    file_path = os.path.join(root, file)
+                    arcname = os.path.relpath(file_path, session_path)
+                    zipf.write(file_path, arcname)
+        
+        return FileResponse(
+            path=zip_path,
+            media_type='application/zip',
+            filename=zip_filename
+        )
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error al descargar: {str(e)}")
+
+@app.delete("/api/session/{session_name}")
+async def delete_session_api(
+    session_name: str,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Eliminar sesión del usuario"""
+    try:
+        # Verificar acceso a la sesión
+        if not verify_session_access(current_user, session_name, db):
+            return {"success": False, "message": "No tienes acceso a esta sesión"}
+        
+        # Eliminar entrada de base de datos
+        user_session = db.query(UserSession).filter(
+            UserSession.user_id == current_user.id,
+            UserSession.session_name == session_name
+        ).first()
+        
+        if user_session:
+            db.delete(user_session)
+            db.commit()
+        
+        # Eliminar archivos físicos
+        session_path = os.path.join("annotations", session_name)
+        if os.path.exists(session_path):
+            shutil.rmtree(session_path)
+        
+        return {
+            "success": True,
+            "message": f"Sesión '{session_name}' eliminada exitosamente"
+        }
+        
+    except Exception as e:
+        return {"success": False, "message": f"Error al eliminar sesión: {str(e)}"}
+
+# ============================================================================
+# ADMIN ENDPOINTS
+# ============================================================================
+@app.get("/api/admin/users")
+async def list_all_users(
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Listar todos los usuarios (solo admins)"""
+    if not current_user.is_admin:
+        raise HTTPException(status_code=403, detail="Acceso denegado")
+    
+    users = db.query(User).all()
+    return {
+        "success": True,
+        "users": [
+            {
+                "id": user.id,
+                "username": user.username,
+                "email": user.email,
+                "is_admin": user.is_admin,
+                "created_at": user.created_at.isoformat() if user.created_at else None
+            }
+            for user in users
+        ]
+    }
+
+@app.get("/api/admin/sessions")
+async def list_all_sessions(
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Listar todas las sesiones del sistema (solo admins)"""
+    if not current_user.is_admin:
+        raise HTTPException(status_code=403, detail="Acceso denegado")
+    
+    sessions = db.query(UserSession).all()
+    return {
+        "success": True,
+        "sessions": [
+            {
+                "session_name": session.session_name,
+                "user_id": session.user_id,
+                "created_at": session.created_at.isoformat() if session.created_at else None,
+                "is_active": session.is_active
+            }
+            for session in sessions
+        ]
+    }
+
+# ============================================================================
+# ENDPOINT PARA SERVIR IMÁGENES DE SESIONES
+# ============================================================================
+@app.get("/image/{session_name}/{image_name}")
+async def serve_session_image(
+    session_name: str, 
+    image_name: str,
+    current_user: User = Depends(get_optional_user),
+    db: Session = Depends(get_db)
+):
+    """Servir imágenes de las sesiones con control de acceso"""
+    try:
+        # Por ahora, permitir acceso a todas las imágenes para debugging
+        # TODO: Restaurar control de acceso después de resolver el problema
+        # if current_user and not verify_session_access(current_user, session_name, db):
+        #     raise HTTPException(status_code=403, detail="No access to this session")
+        
+        image_path = os.path.join("annotations", session_name, "images", image_name)
+        print(f"🔍 Buscando imagen en: {image_path}")  # Debug
+        print(f"🔍 Existe archivo: {os.path.exists(image_path)}")  # Debug
+        
+        if os.path.exists(image_path):
+            print(f"✅ Sirviendo imagen: {image_path}")  # Debug
+            return FileResponse(image_path)
+        else:
+            # Crear imagen placeholder SVG si no existe
+            svg_content = f"""
+            <svg width="300" height="200" xmlns="http://www.w3.org/2000/svg">
+                <rect width="300" height="200" fill="#f8f9fa" stroke="#dee2e6"/>
+                <text x="150" y="90" text-anchor="middle" fill="#6c757d" font-family="Arial" font-size="14">
+                    📷 Imagen no encontrada
+                </text>
+                <text x="150" y="110" text-anchor="middle" fill="#adb5bd" font-family="Arial" font-size="12">
+                    {image_name}
+                </text>
+                <text x="150" y="130" text-anchor="middle" fill="#adb5bd" font-family="Arial" font-size="10">
+                    Sesión: {session_name}
+                </text>
+            </svg>
+            """
+            return HTMLResponse(content=svg_content, media_type="image/svg+xml")
+    except HTTPException:
+        raise
+    except Exception as e:
+        # SVG de error
+        svg_error = f"""
+        <svg width="300" height="200" xmlns="http://www.w3.org/2000/svg">
+            <rect width="300" height="200" fill="#f8d7da" stroke="#f5c6cb"/>
+            <text x="150" y="100" text-anchor="middle" fill="#721c24" font-family="Arial" font-size="12">
+                ❌ Error: {str(e)[:30]}
+            </text>
+        </svg>
+        """
+        return HTMLResponse(content=svg_error, media_type="image/svg+xml")
+
+if __name__ == "__main__":
+    print("🚀 Iniciando YOLO Image Annotator con JWT Auth")
+    print("📍 Abre tu navegador en: http://localhost:8002")
+    print("🔐 Primera cuenta registrada será ADMIN")
+    uvicorn.run("app_auth:app", host="127.0.0.1", port=8002, reload=False)

augment_dataset.py

@@ -0,0 +1,293 @@
+import os
+import cv2
+from PIL import Image, ImageEnhance, ImageFilter
+import shutil
+import numpy as np
+import json
+from datetime import datetime
+
+# Configuración de variantes disponibles
+AVAILABLE_VARIANTS = {
+    'negativo': {
+        'name': 'Negativo',
+        'description': 'Invierte los colores de la imagen',
+        'icon': '🎭',
+        'transform': lambda img: cv2.bitwise_not(img),
+        'modify_label': False
+    },
+    'brillo': {
+        'name': 'Brillo aumentado',
+        'description': 'Aumenta el brillo de la imagen en 50%',
+        'icon': '☀️',
+        'transform': lambda img: cv2.cvtColor(np.array(ImageEnhance.Brightness(Image.fromarray(cv2.cvtColor(img, cv2.COLOR_BGR2RGB))).enhance(1.5)), cv2.COLOR_RGB2BGR),
+        'modify_label': False
+    },
+    'espejo': {
+        'name': 'Espejo horizontal',
+        'description': 'Crea una imagen espejo (volteo horizontal)',
+        'icon': '🪞',
+        'transform': lambda img: cv2.flip(img, 1),
+        'modify_label': True  # Requiere ajustar coordenadas x
+    },
+    'rotacion': {
+        'name': 'Rotación ligera',
+        'description': 'Rota la imagen 15 grados',
+        'icon': '🔄',
+        'transform': lambda img: rotate_image(img, 15),
+        'modify_label': False  # Por simplicidad, mantenemos las etiquetas originales
+    },
+    'desenfoque': {
+        'name': 'Desenfoque gaussiano',
+        'description': 'Aplica desenfoque gaussiano suave',
+        'icon': '🌀',
+        'transform': lambda img: cv2.GaussianBlur(img, (5, 5), 0),
+        'modify_label': False
+    },
+    'contraste': {
+        'name': 'Contraste aumentado',
+        'description': 'Aumenta el contraste de la imagen',
+        'icon': '🌈',
+        'transform': lambda img: cv2.cvtColor(np.array(ImageEnhance.Contrast(Image.fromarray(cv2.cvtColor(img, cv2.COLOR_BGR2RGB))).enhance(1.3)), cv2.COLOR_RGB2BGR),
+        'modify_label': False
+    }
+}
+
+def rotate_image(img, angle):
+    """Rota una imagen por un ángulo específico"""
+    height, width = img.shape[:2]
+    center = (width // 2, height // 2)
+    rotation_matrix = cv2.getRotationMatrix2D(center, angle, 1.0)
+    return cv2.warpAffine(img, rotation_matrix, (width, height))
+
+def adjust_label_for_mirror(label_path, aug_label_path):
+    """
+    Ajusta la coordenada x_center para el efecto espejo en formato YOLO.
+    """
+    with open(label_path, 'r') as f_in, open(aug_label_path, 'w') as f_out:
+        for line in f_in:
+            parts = line.strip().split()
+            if len(parts) == 5:
+                # clase, x_center, y_center, ancho, alto
+                parts[1] = str(1 - float(parts[1]))
+            f_out.write(' '.join(parts) + '\n')
+
+def augment_session(session_name, selected_variants=None, progress_callback=None):
+    """
+    Aumenta el dataset de una sesión específica aplicando las variantes seleccionadas
+    """
+    if selected_variants is None:
+        selected_variants = list(AVAILABLE_VARIANTS.keys())
+    
+    session_path = f"annotations/{session_name}"
+    images_path = os.path.join(session_path, "images")
+    labels_path = os.path.join(session_path, "labels")
+    
+    if not os.path.exists(images_path):
+        raise Exception(f"No se encontró la carpeta de imágenes: {images_path}")
+    
+    # Crear carpeta de labels si no existe
+    os.makedirs(labels_path, exist_ok=True)
+    
+    # Crear carpeta temp si no existe
+    os.makedirs("temp", exist_ok=True)
+    
+    # Archivo de progreso temporal
+    progress_file = f"temp/progress_{session_name}.json"
+    
+    # Obtener lista de imágenes
+    image_files = [f for f in os.listdir(images_path) 
+                   if f.lower().endswith(('.jpg', '.jpeg', '.png', '.webp', '.bmp'))]
+    
+    total_operations = len(image_files) * len(selected_variants)
+    current_operation = 0
+    results = {
+        'processed_images': 0,
+        'created_variants': 0,
+        'errors': [],
+        'variants_applied': selected_variants
+    }
+    
+    # Función para actualizar progreso
+    def update_progress():
+        progress_data = {
+            'current': current_operation,
+            'total': total_operations,
+            'completed': False,
+            'message': f'Procesando imagen {results["processed_images"] + 1} de {len(image_files)}'
+        }
+        with open(progress_file, 'w') as f:
+            json.dump(progress_data, f)
+    
+    # Inicializar progreso
+    update_progress()
+    
+    for img_name in image_files:
+        img_path = os.path.join(images_path, img_name)
+        label_name = os.path.splitext(img_name)[0] + '.txt'
+        label_path = os.path.join(labels_path, label_name)
+        
+        # Leer imagen original
+        img = cv2.imread(img_path)
+        if img is None:
+            results['errors'].append(f'No se pudo leer {img_path}')
+            continue
+        
+        # Aplicar cada variante seleccionada
+        for variant_key in selected_variants:
+            current_operation += 1
+            
+            # Actualizar progreso
+            update_progress()
+            
+            if progress_callback:
+                progress = (current_operation / total_operations) * 100
+                progress_callback(progress, f"Procesando {img_name} - {AVAILABLE_VARIANTS[variant_key]['name']}")
+            
+            try:
+                variant_config = AVAILABLE_VARIANTS[variant_key]
+                
+                # Aplicar transformación
+                aug_img = variant_config['transform'](img)
+                
+                # Generar nombre del archivo aumentado
+                base_name = os.path.splitext(img_name)[0]
+                extension = os.path.splitext(img_name)[1]
+                aug_name = f"{base_name}_{variant_key}{extension}"
+                aug_path = os.path.join(images_path, aug_name)
+                
+                # Guardar imagen aumentada
+                cv2.imwrite(aug_path, aug_img)
+                
+                # Manejar etiquetas
+                aug_label_name = f"{base_name}_{variant_key}.txt"
+                aug_label_path = os.path.join(labels_path, aug_label_name)
+                
+                if os.path.exists(label_path):
+                    if variant_config['modify_label']:
+                        adjust_label_for_mirror(label_path, aug_label_path)
+                    else:
+                        shutil.copy(label_path, aug_label_path)
+                
+                results['created_variants'] += 1
+                
+            except Exception as e:
+                results['errors'].append(f'Error procesando {img_name} con variante {variant_key}: {str(e)}')
+        
+        results['processed_images'] += 1
+    
+    # Marcar como completado
+    final_progress = {
+        'current': total_operations,
+        'total': total_operations,
+        'completed': True,
+        'message': f'¡Completado! {results["created_variants"]} variantes creadas'
+    }
+    with open(progress_file, 'w') as f:
+        json.dump(final_progress, f)
+    
+    # Guardar log de augmentación
+    log_path = os.path.join(session_path, 'augmentation_log.json')
+    log_data = {
+        'timestamp': datetime.now().isoformat(),
+        'session_name': session_name,
+        'variants_applied': selected_variants,
+        'results': results
+    }
+    
+    with open(log_path, 'w') as f:
+        json.dump(log_data, f, indent=2)
+    
+    return results
+
+def get_session_stats(session_name):
+    """
+    Obtiene estadísticas de una sesión (antes de augmentación)
+    """
+    session_path = f"annotations/{session_name}"
+    images_path = os.path.join(session_path, "images")
+    labels_path = os.path.join(session_path, "labels")
+    
+    if not os.path.exists(images_path):
+        return None
+    
+    image_files = [f for f in os.listdir(images_path) 
+                   if f.lower().endswith(('.jpg', '.jpeg', '.png', '.webp', '.bmp'))]
+    
+    label_files = []
+    if os.path.exists(labels_path):
+        label_files = [f for f in os.listdir(labels_path) if f.endswith('.txt')]
+    
+    # Detectar si ya hay variantes (archivos con sufijos)
+    original_images = []
+    variant_images = []
+    
+    for img_file in image_files:
+        base_name = os.path.splitext(img_file)[0]
+        is_variant = any(base_name.endswith(f'_{variant}') for variant in AVAILABLE_VARIANTS.keys())
+        
+        if is_variant:
+            variant_images.append(img_file)
+        else:
+            original_images.append(img_file)
+    
+    return {
+        'total_images': len(image_files),
+        'original_images': len(original_images),
+        'variant_images': len(variant_images),
+        'label_files': len(label_files),
+        'available_variants': AVAILABLE_VARIANTS
+    }
+
+# Función legacy para compatibilidad
+def augment_images():
+    """Función original para augmentar en estructura by_class (mantenida para compatibilidad)"""
+    BASE_DIR = 'by_class'
+    IMAGE_SUBDIR = 'images'
+    LABEL_SUBDIR = 'labels'
+    
+    # Variantes legacy
+    VARIANTS = [
+        ('negativo', lambda img: cv2.bitwise_not(img), False),
+        ('brillo', lambda img: cv2.cvtColor(np.array(ImageEnhance.Brightness(Image.fromarray(cv2.cvtColor(img, cv2.COLOR_BGR2RGB))).enhance(1.5)), cv2.COLOR_RGB2BGR), False),
+        ('espejo', lambda img: cv2.flip(img, 1), True),
+    ]
+    for class_name in os.listdir(BASE_DIR):
+        class_path = os.path.join(BASE_DIR, class_name)
+        images_path = os.path.join(class_path, IMAGE_SUBDIR)
+        labels_path = os.path.join(class_path, LABEL_SUBDIR)
+        if not os.path.isdir(images_path):
+            continue
+        for img_name in os.listdir(images_path):
+            if not img_name.lower().endswith(('.jpg', '.jpeg', '.png')):
+                continue
+            img_path = os.path.join(images_path, img_name)
+            label_name = os.path.splitext(img_name)[0] + '.txt'
+            label_path = os.path.join(labels_path, label_name)
+            # Leer imagen
+            img = cv2.imread(img_path)
+            if img is None:
+                print(f'No se pudo leer {img_path}')
+                continue
+            # Generar variantes
+            for sufijo, transform, mirror_label in VARIANTS:
+                if sufijo == 'negativo' or sufijo == 'espejo':
+                    aug_img = transform(img)
+                else:
+                    aug_img = transform(img)
+                aug_name = f"{os.path.splitext(img_name)[0]}_{sufijo}{os.path.splitext(img_name)[1]}"
+                aug_path = os.path.join(images_path, aug_name)
+                cv2.imwrite(aug_path, aug_img)
+                # Copiar o modificar label
+                aug_label_name = f"{os.path.splitext(img_name)[0]}_{sufijo}.txt"
+                aug_label_path = os.path.join(labels_path, aug_label_name)
+                if os.path.exists(label_path):
+                    if mirror_label:
+                        adjust_label_for_mirror(label_path, aug_label_path)
+                    else:
+                        shutil.copy(label_path, aug_label_path)
+                else:
+                    print(f'Label no encontrado: {label_path}')
+
+if __name__ == "__main__":
+    augment_images()
+    print("Aumento de datos completado.")

auth/__init__.py

@@ -0,0 +1 @@
+# auth/__init__.py

auth/auth_utils.py

@@ -0,0 +1,71 @@
+from datetime import datetime, timedelta
+from typing import Optional
+from jose import JWTError, jwt
+from passlib.context import CryptContext
+from fastapi import HTTPException, status
+import os
+
+# Configuración JWT con valores por defecto
+SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-in-production-123456789")
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 1440  # 24 horas
+
+# Configuración para hashing de passwords
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """Verificar password contra hash"""
+    return pwd_context.verify(plain_password, hashed_password)
+
+def get_password_hash(password: str) -> str:
+    """Hashear password con bcrypt"""
+    return pwd_context.hash(password)
+
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
+    """Crear JWT token con expiración"""
+    to_encode = data.copy()
+    
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    
+    to_encode.update({"exp": expire, "iat": datetime.utcnow()})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+def verify_token(token: str) -> Optional[str]:
+    """Verificar JWT token y devolver username"""
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        username: str = payload.get("sub")
+        if username is None:
+            return None
+        return username
+    except JWTError:
+        return None
+
+def decode_token(token: str) -> dict:
+    """Decodificar token completo para debugging"""
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return payload
+    except JWTError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=f"Token invalid: {str(e)}",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+def get_token_from_header(authorization: str) -> Optional[str]:
+    """Extraer token del header Authorization"""
+    if not authorization or not authorization.startswith("Bearer "):
+        return None
+    return authorization.split(" ")[1]
+
+def validate_password_strength(password: str) -> bool:
+    """Validar fortaleza de password (mínimo 6 caracteres para testing)"""
+    if len(password) < 6:
+        return False
+    # Aquí se pueden agregar más validaciones (mayúsculas, números, etc.)
+    return True

auth/classes_routes.py

@@ -0,0 +1,355 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+from typing import List, Optional
+from .database import get_db
+from .models import AnnotationClass, AnnotationClassCreate, AnnotationClassUpdate, AnnotationClassResponse, User
+from .dependencies import get_current_user
+
+router = APIRouter(prefix="/api/classes", tags=["annotation_classes"])
+
+# Clases por defecto para usuarios nuevos
+DEFAULT_CLASSES = [
+    {"name": "Persona", "color": "#ff0000"},
+    {"name": "Vehículo", "color": "#00ff00"},
+    {"name": "Animal", "color": "#0000ff"},
+    {"name": "Edificio", "color": "#ffff00"},
+    {"name": "Objeto", "color": "#ff00ff"},
+    {"name": "Naturaleza", "color": "#00ffff"}
+]
+
+@router.get("/", response_model=List[AnnotationClassResponse])
+async def get_user_classes(
+    session_name: Optional[str] = None,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Obtener todas las clases del usuario para una sesión específica o globales"""
+    
+    query = db.query(AnnotationClass).filter(
+        AnnotationClass.is_active == True
+    )
+    
+    # Filtrar por usuario y incluir clases globales
+    query = query.filter(
+        (AnnotationClass.user_id == current_user.id) | 
+        (AnnotationClass.is_global == True)
+    )
+    
+    # Si se especifica una sesión, incluir clases específicas de esa sesión
+    if session_name:
+        query = query.filter(
+            (AnnotationClass.session_name == session_name) |
+            (AnnotationClass.session_name.is_(None))
+        )
+    else:
+        # Solo clases globales/generales (sin sesión específica)
+        query = query.filter(AnnotationClass.session_name.is_(None))
+    
+    classes = query.order_by(AnnotationClass.created_at).all()
+    
+    # Si no tiene clases, crear las por defecto
+    if not classes and not session_name:
+        classes = await create_default_classes(current_user.id, db)
+    
+    return classes
+
+@router.post("/", response_model=AnnotationClassResponse)
+async def create_annotation_class(
+    class_data: AnnotationClassCreate,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Crear una nueva clase de anotación"""
+    
+    # Validar que el nombre no esté duplicado para este usuario/sesión
+    existing = db.query(AnnotationClass).filter(
+        AnnotationClass.user_id == current_user.id,
+        AnnotationClass.name == class_data.name,
+        AnnotationClass.session_name == class_data.session_name,
+        AnnotationClass.is_active == True
+    ).first()
+    
+    if existing:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Ya existe una clase con el nombre '{class_data.name}'"
+        )
+    
+    # Solo admin puede crear clases globales
+    if class_data.is_global and not current_user.is_admin:
+        class_data.is_global = False
+    
+    # Validar formato de color
+    if not class_data.color.startswith('#') or len(class_data.color) != 7:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Color debe estar en formato hexadecimal #RRGGBB"
+        )
+    
+    new_class = AnnotationClass(
+        name=class_data.name,
+        color=class_data.color,
+        user_id=current_user.id,
+        session_name=class_data.session_name,
+        is_global=class_data.is_global
+    )
+    
+    db.add(new_class)
+    db.commit()
+    db.refresh(new_class)
+    
+    return new_class
+
+@router.put("/{class_id}", response_model=AnnotationClassResponse)
+async def update_annotation_class(
+    class_id: int,
+    class_data: AnnotationClassUpdate,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Actualizar una clase de anotación"""
+    
+    annotation_class = db.query(AnnotationClass).filter(
+        AnnotationClass.id == class_id
+    ).first()
+    
+    if not annotation_class:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Clase no encontrada"
+        )
+    
+    # Verificar permisos
+    if annotation_class.user_id != current_user.id and not current_user.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="No tienes permisos para editar esta clase"
+        )
+    
+    # Actualizar campos
+    if class_data.name is not None:
+        # Verificar duplicados
+        existing = db.query(AnnotationClass).filter(
+            AnnotationClass.user_id == annotation_class.user_id,
+            AnnotationClass.name == class_data.name,
+            AnnotationClass.session_name == annotation_class.session_name,
+            AnnotationClass.id != class_id,
+            AnnotationClass.is_active == True
+        ).first()
+        
+        if existing:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Ya existe una clase con el nombre '{class_data.name}'"
+            )
+        
+        annotation_class.name = class_data.name
+    
+    if class_data.color is not None:
+        if not class_data.color.startswith('#') or len(class_data.color) != 7:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Color debe estar en formato hexadecimal #RRGGBB"
+            )
+        annotation_class.color = class_data.color
+    
+    if class_data.is_active is not None:
+        annotation_class.is_active = class_data.is_active
+    
+    db.commit()
+    db.refresh(annotation_class)
+    
+    return annotation_class
+
+@router.delete("/{class_id}")
+async def delete_annotation_class(
+    class_id: int,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Eliminar (desactivar) una clase de anotación"""
+    
+    annotation_class = db.query(AnnotationClass).filter(
+        AnnotationClass.id == class_id
+    ).first()
+    
+    if not annotation_class:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Clase no encontrada"
+        )
+    
+    # Verificar permisos
+    if annotation_class.user_id != current_user.id and not current_user.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="No tienes permisos para eliminar esta clase"
+        )
+    
+    # Soft delete
+    annotation_class.is_active = False
+    db.commit()
+    
+    return {"detail": "Clase eliminada correctamente"}
+
+@router.post("/reset-to-default")
+async def reset_to_default_classes(
+    session_name: Optional[str] = None,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Restablecer a clases por defecto"""
+    
+    # Desactivar clases existentes
+    existing_classes = db.query(AnnotationClass).filter(
+        AnnotationClass.user_id == current_user.id,
+        AnnotationClass.session_name == session_name,
+        AnnotationClass.is_active == True
+    ).all()
+    
+    for cls in existing_classes:
+        cls.is_active = False
+    
+    # Crear clases por defecto
+    new_classes = []
+    for default_class in DEFAULT_CLASSES:
+        new_class = AnnotationClass(
+            name=default_class["name"],
+            color=default_class["color"],
+            user_id=current_user.id,
+            session_name=session_name,
+            is_global=False
+        )
+        db.add(new_class)
+        new_classes.append(new_class)
+    
+    db.commit()
+    
+    # Refrescar objetos
+    for cls in new_classes:
+        db.refresh(cls)
+    
+    return {"detail": f"Se han creado {len(new_classes)} clases por defecto", "classes": new_classes}
+
+@router.get("/available-colors")
+async def get_available_colors():
+    """Obtener colores predefinidos para clases"""
+    
+    colors = [
+        {"name": "Rojo", "value": "#ff0000"},
+        {"name": "Verde", "value": "#00ff00"},
+        {"name": "Azul", "value": "#0000ff"},
+        {"name": "Amarillo", "value": "#ffff00"},
+        {"name": "Magenta", "value": "#ff00ff"},
+        {"name": "Cian", "value": "#00ffff"},
+        {"name": "Naranja", "value": "#ff8800"},
+        {"name": "Rosa", "value": "#ff0088"},
+        {"name": "Púrpura", "value": "#8800ff"},
+        {"name": "Verde Lima", "value": "#88ff00"},
+        {"name": "Azul Cielo", "value": "#0088ff"},
+        {"name": "Turquesa", "value": "#00ff88"},
+        {"name": "Rojo Oscuro", "value": "#800000"},
+        {"name": "Verde Oscuro", "value": "#008000"},
+        {"name": "Azul Oscuro", "value": "#000080"},
+        {"name": "Marrón", "value": "#8B4513"},
+        {"name": "Gris", "value": "#808080"},
+        {"name": "Negro", "value": "#000000"}
+    ]
+    
+    return colors
+
+async def create_default_classes(user_id: int, db: Session) -> List[AnnotationClass]:
+    """Crear clases por defecto para un usuario nuevo"""
+    
+    classes = []
+    for default_class in DEFAULT_CLASSES:
+        new_class = AnnotationClass(
+            name=default_class["name"],
+            color=default_class["color"],
+            user_id=user_id,
+            session_name=None,  # Clases globales del usuario
+            is_global=False
+        )
+        db.add(new_class)
+        classes.append(new_class)
+    
+    db.commit()
+    
+    # Refrescar objetos
+    for cls in classes:
+        db.refresh(cls)
+    
+    return classes
+
+@router.post("/import")
+async def import_classes_from_annotations(
+    session_name: str,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Importar clases automáticamente desde anotaciones existentes"""
+    
+    # Leer archivos de anotaciones de la sesión
+    import os
+    
+    session_path = os.path.join("annotations", session_name, "labels")
+    if not os.path.exists(session_path):
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Sesión no encontrada"
+        )
+    
+    # Encontrar todas las clases usadas
+    used_class_ids = set()
+    
+    for filename in os.listdir(session_path):
+        if filename.endswith('.txt'):
+            filepath = os.path.join(session_path, filename)
+            try:
+                with open(filepath, 'r') as f:
+                    for line in f:
+                        line = line.strip()
+                        if line:
+                            parts = line.split()
+                            if len(parts) >= 5:
+                                class_id = int(parts[0])
+                                used_class_ids.add(class_id)
+            except:
+                continue
+    
+    # Crear clases automáticamente
+    created_classes = []
+    existing_classes = db.query(AnnotationClass).filter(
+        AnnotationClass.user_id == current_user.id,
+        AnnotationClass.session_name == session_name,
+        AnnotationClass.is_active == True
+    ).all()
+    
+    existing_ids = {cls.id - 1 for cls in existing_classes}  # Ajustar para índice 0
+    
+    colors = ["#ff0000", "#00ff00", "#0000ff", "#ffff00", "#ff00ff", "#00ffff", 
+              "#ff8800", "#ff0088", "#8800ff", "#88ff00", "#0088ff", "#00ff88"]
+    
+    for class_id in sorted(used_class_ids):
+        if class_id not in existing_ids:
+            color = colors[class_id % len(colors)]
+            new_class = AnnotationClass(
+                name=f"Clase {class_id}",
+                color=color,
+                user_id=current_user.id,
+                session_name=session_name,
+                is_global=False
+            )
+            db.add(new_class)
+            created_classes.append(new_class)
+    
+    if created_classes:
+        db.commit()
+        for cls in created_classes:
+            db.refresh(cls)
+    
+    return {
+        "detail": f"Se importaron {len(created_classes)} clases nuevas",
+        "created_classes": created_classes,
+        "found_class_ids": list(used_class_ids)
+    }

auth/database.py

@@ -0,0 +1,69 @@
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker
+from .models import Base
+import os
+from dotenv import load_dotenv
+
+# Cargar variables de entorno
+load_dotenv()
+
+# Configuración de base de datos MySQL
+DB_HOST = os.getenv("DB_HOST", "localhost")
+DB_PORT = os.getenv("DB_PORT", "3306")
+DB_USER = os.getenv("DB_USER", "root")
+DB_PASSWORD = os.getenv("DB_PASSWORD", "")
+DB_NAME = os.getenv("DB_NAME", "yolo_annotator")
+
+# URL de la base de datos MySQL (única opción)
+DATABASE_URL = f"mysql+pymysql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/{DB_NAME}"
+
+# Crear motor de base de datos MySQL
+try:
+    engine = create_engine(DATABASE_URL, echo=False)
+    # Test de conexión
+    connection = engine.connect()
+    connection.close()
+    print(f"✅ Conectado a MySQL: {DB_HOST}:{DB_PORT}/{DB_NAME}")
+except Exception as e:
+    print(f"❌ Error conectando a MySQL: {e}")
+    print("� Verifica que MySQL esté ejecutándose y las credenciales sean correctas.")
+    raise e
+
+# Crear SessionLocal
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+# Dependency para obtener sesión de DB
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()
+
+# Crear todas las tablas
+def create_tables():
+    try:
+        from sqlalchemy import inspect
+        inspector = inspect(engine)
+        existing_tables = inspector.get_table_names()
+        
+        if not existing_tables:
+            # Si no hay tablas, crear todas
+            Base.metadata.create_all(bind=engine)
+            print("🆕 Tablas MySQL creadas por SQLAlchemy")
+        else:
+            print(f"✅ Usando tablas MySQL existentes: {len(existing_tables)} encontradas")
+            # Verificar que las tablas necesarias existen
+            required_tables = ['users', 'user_sessions', 'annotation_classes']
+            missing_tables = [table for table in required_tables if table not in existing_tables]
+            
+            if missing_tables:
+                print(f"⚠️ Tablas faltantes: {missing_tables}")
+                # Crear solo las tablas faltantes
+                Base.metadata.create_all(bind=engine, tables=[
+                    Base.metadata.tables[table] for table in missing_tables 
+                    if table in Base.metadata.tables
+                ])
+    except Exception as e:
+        print(f"⚠️ Error al verificar/crear tablas MySQL: {e}")
+        raise e

auth/dependencies.py

@@ -0,0 +1,171 @@
+from fastapi import Depends, HTTPException, status, Request, Path
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from sqlalchemy.orm import Session
+from .database import get_db
+from .models import User, TokenBlacklist, UserSession
+from .auth_utils import verify_token
+from .session_utils import verify_session_access as verify_hash_access, get_session_by_hash
+from typing import Optional
+
+# Security scheme
+security = HTTPBearer(auto_error=False)
+
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db)
+) -> User:
+    """Dependency para obtener usuario actual autenticado"""
+    
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+    
+    if not credentials:
+        raise credentials_exception
+    
+    token = credentials.credentials
+    
+    # Verificar si el token está en blacklist
+    blacklisted = db.query(TokenBlacklist).filter(
+        TokenBlacklist.token == token
+    ).first()
+    if blacklisted:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Token has been revoked",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    # Verificar token JWT
+    username = verify_token(token)
+    if username is None:
+        raise credentials_exception
+    
+    # Buscar usuario en base de datos
+    user = db.query(User).filter(User.username == username).first()
+    if user is None:
+        raise credentials_exception
+        
+    if not user.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Inactive user"
+        )
+    
+    return user
+
+async def get_optional_user(
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db)
+) -> Optional[User]:
+    """Dependency opcional - devuelve usuario si está autenticado, None si no"""
+    try:
+        return await get_current_user(credentials, db)
+    except HTTPException:
+        return None
+
+async def get_current_admin_user(
+    current_user: User = Depends(get_current_user)
+) -> User:
+    """Dependency para verificar que el usuario actual es admin"""
+    if not current_user.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Not enough permissions"
+        )
+    return current_user
+
+def verify_session_access(user: User, session_name: str, db: Session) -> bool:
+    """Verificar si el usuario tiene acceso a una sesión específica"""
+    from .models import UserSession
+    
+    # Los admins tienen acceso a todo
+    if user.is_admin:
+        return True
+    
+    # Verificar si el usuario tiene una sesión con ese nombre
+    user_session = db.query(UserSession).filter(
+        UserSession.user_id == user.id,
+        UserSession.session_name == session_name,
+        UserSession.is_active == True
+    ).first()
+    
+    return user_session is not None
+
+async def require_session_access(
+    session_name: str,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+) -> User:
+    """Dependency que requiere acceso específico a una sesión"""
+    if not verify_session_access(current_user, session_name, db):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=f"No access to session '{session_name}'"
+        )
+    return current_user
+
+# =====================================
+# NUEVAS DEPENDENCIAS PARA HASH SESSIONS
+# =====================================
+
+async def get_session_by_hash_dep(
+    session_hash: str = Path(..., description="Hash único de la sesión"),
+    db: Session = Depends(get_db)
+) -> UserSession:
+    """
+    Dependency para obtener una sesión por su hash.
+    No requiere autenticación - cualquiera con el hash puede acceder.
+    """
+    session = get_session_by_hash(db, session_hash)
+    if not session:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or inactive"
+        )
+    return session
+
+async def verify_session_owner(
+    session_hash: str = Path(..., description="Hash único de la sesión"),
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+) -> UserSession:
+    """
+    Dependency para verificar que el usuario actual es propietario de la sesión.
+    Solo el propietario puede modificar/eliminar la sesión.
+    """
+    session = get_session_by_hash(db, session_hash)
+    if not session:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or inactive"
+        )
+    
+    # Verificar propiedad (los admins también pueden acceder)
+    if session.user_id != current_user.id and not current_user.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Not authorized to access this session"
+        )
+    
+    return session
+
+async def get_session_with_optional_auth(
+    session_hash: str = Path(..., description="Hash único de la sesión"),
+    current_user: Optional[User] = Depends(get_optional_user),
+    db: Session = Depends(get_db)
+) -> tuple[UserSession, Optional[User]]:
+    """
+    Dependency que obtiene la sesión y el usuario (si está autenticado).
+    Útil para endpoints que pueden funcionar con o sin autenticación.
+    """
+    session = get_session_by_hash(db, session_hash)
+    if not session:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or inactive"
+        )
+    
+    return session, current_user

auth/models.py

@@ -0,0 +1,130 @@
+from sqlalchemy import Column, Integer, String, DateTime, ForeignKey, Boolean
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import relationship
+from datetime import datetime
+
+Base = declarative_base()
+
+class User(Base):
+    __tablename__ = "users"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    username = Column(String(50), unique=True, index=True, nullable=False)
+    email = Column(String(100), unique=True, index=True, nullable=False)
+    hashed_password = Column(String(255), nullable=False)
+    is_active = Column(Boolean, default=True)
+    is_admin = Column(Boolean, default=False)
+    created_at = Column(DateTime, default=datetime.utcnow)
+    
+    # Relación con sesiones
+    sessions = relationship("UserSession", back_populates="user")
+
+class UserSession(Base):
+    __tablename__ = "user_sessions"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    session_name = Column(String(100), nullable=False)
+    session_hash = Column(String(64), unique=True, nullable=False, index=True)  # Hash único para acceso privado
+    user_id = Column(Integer, ForeignKey("users.id"))
+    created_at = Column(DateTime, default=datetime.utcnow)
+    is_active = Column(Boolean, default=True)
+    
+    user = relationship("User", back_populates="sessions")
+
+class TokenBlacklist(Base):
+    __tablename__ = "token_blacklist"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    token = Column(String(500), unique=True, index=True)
+    blacklisted_at = Column(DateTime, default=datetime.utcnow)
+
+class AnnotationClass(Base):
+    __tablename__ = "annotation_classes"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(50), nullable=False)
+    color = Column(String(7), nullable=False, default="#ff0000")  # Color hex
+    user_id = Column(Integer, ForeignKey("users.id"))
+    session_name = Column(String(100), nullable=True)  # Si es específica para una sesión
+    session_hash = Column(String(64), nullable=True, index=True)  # Hash de sesión para acceso privado
+    is_global = Column(Boolean, default=False)  # Si es global (para admin)
+    is_active = Column(Boolean, default=True)
+    created_at = Column(DateTime, default=datetime.utcnow)
+    
+    user = relationship("User")
+
+# Schemas Pydantic para validación
+from pydantic import BaseModel, EmailStr
+from typing import Optional, List
+
+class UserCreate(BaseModel):
+    username: str
+    email: EmailStr
+    password: str
+
+class UserLogin(BaseModel):
+    username: str
+    password: str
+
+class UserResponse(BaseModel):
+    id: int
+    username: str
+    email: str
+    is_active: bool
+    is_admin: bool
+    created_at: datetime
+    
+    class Config:
+        from_attributes = True
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+    user: UserResponse
+
+class TokenData(BaseModel):
+    username: Optional[str] = None
+
+class AnnotationClassCreate(BaseModel):
+    name: str
+    color: str = "#ff0000"
+    session_name: Optional[str] = None
+    session_hash: Optional[str] = None  # Hash de sesión para acceso privado
+    is_global: bool = False
+
+class AnnotationClassUpdate(BaseModel):
+    name: Optional[str] = None
+    color: Optional[str] = None
+    is_active: Optional[bool] = None
+
+class AnnotationClassResponse(BaseModel):
+    id: int
+    name: str
+    color: str
+    user_id: int
+    session_name: Optional[str]
+    session_hash: Optional[str]  # Incluir hash en respuesta
+    is_global: bool
+    is_active: bool
+    created_at: datetime
+    
+    class Config:
+        from_attributes = True
+
+# Esquemas para manejo de sesiones con hash
+class SessionCreate(BaseModel):
+    session_name: str
+
+class SessionResponse(BaseModel):
+    id: int
+    session_name: str
+    session_hash: str  # Hash único para acceso
+    user_id: int
+    created_at: datetime
+    is_active: bool
+    
+    class Config:
+        from_attributes = True
+
+class SessionAccess(BaseModel):
+    session_hash: str

auth/routes.py

@@ -0,0 +1,224 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Form, Request
+from fastapi.responses import JSONResponse
+from sqlalchemy.orm import Session
+from .database import get_db
+from .models import User, TokenBlacklist, UserSession, UserCreate, UserResponse, Token
+from .auth_utils import verify_password, get_password_hash, create_access_token, validate_password_strength
+from .dependencies import get_current_user
+from datetime import timedelta
+import re
+
+router = APIRouter(prefix="/auth", tags=["authentication"])
+
+def is_valid_email(email: str) -> bool:
+    """Validar formato de email"""
+    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
+    return re.match(pattern, email) is not None
+
+def is_valid_username(username: str) -> bool:
+    """Validar formato de username (alfanumérico, guiones y guiones bajos)"""
+    pattern = r'^[a-zA-Z0-9_-]{3,20}$'
+    return re.match(pattern, username) is not None
+
+@router.post("/register", response_model=dict)
+async def register_user(
+    username: str = Form(...),
+    email: str = Form(...),
+    password: str = Form(...),
+    confirm_password: str = Form(...),
+    db: Session = Depends(get_db)
+):
+    """Registrar nuevo usuario"""
+    
+    # Validaciones básicas
+    if password != confirm_password:
+        raise HTTPException(
+            status_code=400,
+            detail="Passwords do not match"
+        )
+    
+    if not validate_password_strength(password):
+        raise HTTPException(
+            status_code=400,
+            detail="Password must be at least 6 characters long"
+        )
+    
+    if not is_valid_email(email):
+        raise HTTPException(
+            status_code=400,
+            detail="Invalid email format"
+        )
+    
+    if not is_valid_username(username):
+        raise HTTPException(
+            status_code=400,
+            detail="Username must be 3-20 characters, only letters, numbers, _ and -"
+        )
+    
+    # Verificar si el usuario ya existe
+    if db.query(User).filter(User.username == username).first():
+        raise HTTPException(
+            status_code=400,
+            detail="Username already registered"
+        )
+    
+    if db.query(User).filter(User.email == email).first():
+        raise HTTPException(
+            status_code=400,
+            detail="Email already registered"
+        )
+    
+    # Crear usuario
+    hashed_password = get_password_hash(password)
+    
+    # Primer usuario registrado es admin
+    is_first_user = db.query(User).count() == 0
+    
+    user = User(
+        username=username,
+        email=email,
+        hashed_password=hashed_password,
+        is_admin=is_first_user
+    )
+    db.add(user)
+    db.commit()
+    db.refresh(user)
+    
+    return {
+        "success": True,
+        "message": "User created successfully" + (" (Admin privileges granted)" if is_first_user else ""),
+        "user": {
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            "is_admin": user.is_admin
+        }
+    }
+
+@router.post("/login")
+async def login_user(
+    username: str = Form(...),
+    password: str = Form(...),
+    db: Session = Depends(get_db)
+):
+    """Login de usuario y generar token JWT"""
+    
+    # Buscar usuario por username o email
+    user = db.query(User).filter(
+        (User.username == username) | (User.email == username)
+    ).first()
+    
+    if not user or not verify_password(password, user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username/email or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    if not user.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Inactive user"
+        )
+    
+    # Crear token JWT
+    access_token_expires = timedelta(minutes=1440)  # 24 horas
+    access_token = create_access_token(
+        data={"sub": user.username}, 
+        expires_delta=access_token_expires
+    )
+    
+    return {
+        "success": True,
+        "access_token": access_token,
+        "token_type": "bearer",
+        "message": "Login successful",
+        "user": {
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            "is_admin": user.is_admin
+        }
+    }
+
+@router.post("/logout")
+async def logout_user(
+    request: Request,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Logout - agregar token a blacklist"""
+    
+    # Obtener token del header
+    auth_header = request.headers.get("authorization")
+    if auth_header and auth_header.startswith("Bearer "):
+        token = auth_header.split(" ")[1]
+        
+        # Agregar a blacklist
+        blacklist_entry = TokenBlacklist(token=token)
+        db.add(blacklist_entry)
+        db.commit()
+    
+    return {"success": True, "message": "Logged out successfully"}
+
+@router.get("/me", response_model=UserResponse)
+async def get_current_user_info(
+    current_user: User = Depends(get_current_user)
+):
+    """Obtener información del usuario actual"""
+    return UserResponse.from_orm(current_user)
+
+@router.get("/profile")
+async def get_user_profile(
+    current_user: User = Depends(get_current_user)
+):
+    """Obtener perfil del usuario (endpoint alternativo para compatibilidad)"""
+    return {
+        "success": True,
+        "user": {
+            "id": current_user.id,
+            "username": current_user.username,
+            "email": current_user.email,
+            "is_admin": current_user.is_admin,
+            "is_active": current_user.is_active,
+            "created_at": current_user.created_at.isoformat() if current_user.created_at else None
+        }
+    }
+
+@router.get("/validate")
+async def validate_token_endpoint(
+    current_user: User = Depends(get_current_user)
+):
+    """Endpoint para validar si un token es válido"""
+    return {
+        "valid": True,
+        "user": {
+            "id": current_user.id,
+            "username": current_user.username,
+            "email": current_user.email,
+            "is_admin": current_user.is_admin
+        }
+    }
+
+@router.get("/sessions")
+async def get_user_sessions(
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Obtener sesiones del usuario actual"""
+    sessions = db.query(UserSession).filter(
+        UserSession.user_id == current_user.id,
+        UserSession.is_active == True
+    ).all()
+    
+    return {
+        "success": True,
+        "sessions": [
+            {
+                "id": session.id,
+                "name": session.session_name,
+                "created_at": session.created_at
+            }
+            for session in sessions
+        ]
+    }

auth/session_routes.py

@@ -0,0 +1,191 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+from typing import List, Optional
+from .database import get_db
+from .models import (
+    UserSession, AnnotationClass, User,
+    SessionCreate, SessionResponse, SessionAccess,
+    AnnotationClassResponse
+)
+from .dependencies import (
+    get_current_user, get_session_by_hash_dep, 
+    verify_session_owner, get_session_with_optional_auth
+)
+from .session_utils import (
+    create_private_session, get_user_sessions, 
+    deactivate_session, generate_session_url
+)
+
+router = APIRouter(prefix="/api/sessions", tags=["Private Sessions"])
+
+@router.post("/create", response_model=SessionResponse)
+async def create_session(
+    session_data: SessionCreate,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Crear una nueva sesión privada con hash único.
+    Solo el creador tendrá acceso inicial.
+    """
+    # Verificar que no exista ya una sesión con el mismo nombre para este usuario
+    existing = db.query(UserSession).filter(
+        UserSession.user_id == current_user.id,
+        UserSession.session_name == session_data.session_name,
+        UserSession.is_active == True
+    ).first()
+    
+    if existing:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Session '{session_data.session_name}' already exists"
+        )
+    
+    # Crear la sesión privada
+    new_session = create_private_session(
+        db=db,
+        user_id=current_user.id,
+        session_name=session_data.session_name
+    )
+    
+    return new_session
+
+@router.get("/my-sessions", response_model=List[SessionResponse])
+async def get_my_sessions(
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Obtener todas las sesiones del usuario actual con información completa
+    """
+    from app_auth import get_user_sessions_with_info
+    sessions = get_user_sessions_with_info(current_user, db)
+    
+    # Convertir a formato SessionResponse
+    session_responses = []
+    for session_info in sessions:
+        # Buscar la sesión en la base de datos para obtener todos los datos
+        session_obj = db.query(UserSession).filter(
+            UserSession.session_name == session_info['name'],
+            UserSession.is_active == True
+        ).first()
+        
+        if session_obj:
+            session_responses.append(session_obj)
+    
+    return session_responses
+
+@router.get("/{session_hash}", response_model=SessionResponse)
+async def get_session_info(
+    session: UserSession = Depends(get_session_by_hash_dep)
+):
+    """
+    Obtener información de una sesión por su hash.
+    Acceso público - cualquiera con el hash puede ver la info básica.
+    """
+    return session
+
+@router.get("/{session_hash}/url")
+async def get_session_url(
+    session: UserSession = Depends(get_session_by_hash_dep)
+):
+    """
+    Obtener la URL de acceso a una sesión
+    """
+    url = generate_session_url(session.session_hash)
+    return {
+        "session_hash": session.session_hash,
+        "session_name": session.session_name,
+        "access_url": url,
+        "created_by": session.user.username
+    }
+
+@router.delete("/{session_hash}")
+async def deactivate_session_endpoint(
+    session: UserSession = Depends(verify_session_owner),
+    db: Session = Depends(get_db)
+):
+    """
+    Desactivar una sesión (solo el propietario)
+    """
+    success = deactivate_session(db, session.session_hash, session.user_id)
+    if success:
+        return {"message": f"Session '{session.session_name}' deactivated successfully"}
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to deactivate session"
+        )
+
+@router.get("/{session_hash}/annotations", response_model=List[AnnotationClassResponse])
+async def get_session_annotations(
+    session_and_user: tuple = Depends(get_session_with_optional_auth),
+    db: Session = Depends(get_db)
+):
+    """
+    Obtener todas las clases de anotación de una sesión específica.
+    Acceso por hash - no requiere autenticación.
+    """
+    session, current_user = session_and_user
+    
+    # Obtener anotaciones de esta sesión específica
+    annotations = db.query(AnnotationClass).filter(
+        AnnotationClass.session_hash == session.session_hash,
+        AnnotationClass.is_active == True
+    ).all()
+    
+    return annotations
+
+@router.post("/{session_hash}/annotations", response_model=AnnotationClassResponse)
+async def create_session_annotation(
+    annotation_data: dict,
+    session_and_user: tuple = Depends(get_session_with_optional_auth),
+    db: Session = Depends(get_db)
+):
+    """
+    Crear una nueva clase de anotación en una sesión específica.
+    Cualquiera con el hash puede agregar anotaciones.
+    """
+    session, current_user = session_and_user
+    
+    # Si el usuario está autenticado, usar su ID, sino usar el ID del propietario de la sesión
+    user_id = current_user.id if current_user else session.user_id
+    
+    new_annotation = AnnotationClass(
+        name=annotation_data.get("name"),
+        color=annotation_data.get("color", "#ff0000"),
+        user_id=user_id,
+        session_name=session.session_name,
+        session_hash=session.session_hash,
+        is_global=False,
+        is_active=True
+    )
+    
+    db.add(new_annotation)
+    db.commit()
+    db.refresh(new_annotation)
+    
+    return new_annotation
+
+@router.get("/{session_hash}/stats")
+async def get_session_stats(
+    session: UserSession = Depends(get_session_by_hash_dep),
+    db: Session = Depends(get_db)
+):
+    """
+    Obtener estadísticas de una sesión
+    """
+    # Contar anotaciones
+    annotation_count = db.query(AnnotationClass).filter(
+        AnnotationClass.session_hash == session.session_hash,
+        AnnotationClass.is_active == True
+    ).count()
+    
+    return {
+        "session_name": session.session_name,
+        "session_hash": session.session_hash,
+        "created_by": session.user.username,
+        "created_at": session.created_at,
+        "annotation_classes_count": annotation_count,
+        "is_active": session.is_active
+    }

auth/session_utils.py

@@ -0,0 +1,134 @@
+import hashlib
+import secrets
+import time
+from typing import Optional
+from sqlalchemy.orm import Session
+from .models import UserSession, User
+
+def generate_session_hash(user_id: int, session_name: str) -> str:
+    """
+    Genera un hash único para una sesión basado en:
+    - ID del usuario
+    - Nombre de la sesión
+    - Timestamp actual
+    - Salt aleatorio
+    """
+    # Crear un salt aleatorio
+    salt = secrets.token_hex(16)
+    
+    # Crear string único combinando datos
+    unique_string = f"{user_id}:{session_name}:{time.time()}:{salt}"
+    
+    # Generar hash SHA-256
+    session_hash = hashlib.sha256(unique_string.encode()).hexdigest()
+    
+    return session_hash
+
+def create_private_session(
+    db: Session, 
+    user_id: int, 
+    session_name: str
+) -> UserSession:
+    """
+    Crea una nueva sesión privada con hash único
+    """
+    # Generar hash único
+    session_hash = generate_session_hash(user_id, session_name)
+    
+    # Verificar que el hash sea único (muy improbable que se repita, pero por seguridad)
+    while db.query(UserSession).filter(UserSession.session_hash == session_hash).first():
+        session_hash = generate_session_hash(user_id, session_name)
+    
+    # Crear la sesión
+    new_session = UserSession(
+        session_name=session_name,
+        session_hash=session_hash,
+        user_id=user_id,
+        is_active=True
+    )
+    
+    db.add(new_session)
+    db.commit()
+    db.refresh(new_session)
+    
+    return new_session
+
+def verify_session_access(
+    db: Session, 
+    session_hash: str, 
+    user_id: Optional[int] = None
+) -> Optional[UserSession]:
+    """
+    Verifica el acceso a una sesión mediante hash.
+    
+    Args:
+        db: Sesión de base de datos
+        session_hash: Hash de la sesión
+        user_id: ID del usuario (opcional, para verificación adicional)
+    
+    Returns:
+        UserSession si el acceso es válido, None si no
+    """
+    query = db.query(UserSession).filter(
+        UserSession.session_hash == session_hash,
+        UserSession.is_active == True
+    )
+    
+    # Si se proporciona user_id, verificar que coincida
+    if user_id is not None:
+        query = query.filter(UserSession.user_id == user_id)
+    
+    return query.first()
+
+def get_session_by_hash(db: Session, session_hash: str) -> Optional[UserSession]:
+    """
+    Obtiene una sesión por su hash
+    """
+    return db.query(UserSession).filter(
+        UserSession.session_hash == session_hash,
+        UserSession.is_active == True
+    ).first()
+
+def get_user_sessions(db: Session, user_id: int) -> list[UserSession]:
+    """
+    Obtiene todas las sesiones activas de un usuario
+    """
+    return db.query(UserSession).filter(
+        UserSession.user_id == user_id,
+        UserSession.is_active == True
+    ).all()
+
+def deactivate_session(db: Session, session_hash: str, user_id: int) -> bool:
+    """
+    Desactiva una sesión (solo el propietario puede hacerlo)
+    """
+    session = db.query(UserSession).filter(
+        UserSession.session_hash == session_hash,
+        UserSession.user_id == user_id,
+        UserSession.is_active == True
+    ).first()
+    
+    if session:
+        session.is_active = False
+        db.commit()
+        return True
+    
+    return False
+
+def is_session_owner(db: Session, session_hash: str, user_id: int) -> bool:
+    """
+    Verifica si un usuario es propietario de una sesión
+    """
+    session = db.query(UserSession).filter(
+        UserSession.session_hash == session_hash,
+        UserSession.user_id == user_id,
+        UserSession.is_active == True
+    ).first()
+    
+    return session is not None
+
+def generate_session_url(session_hash: str, base_url: str = "http://localhost:8002") -> str:
+    """
+    Genera una URL para acceder a una sesión específica
+    """
+    return f"{base_url}/session/{session_hash}"