SalimM21 · SalimM21 · Sep 9, 2025 · Sep 9, 2025
diff --git a/__pycache__/api.cpython-312.pyc b/__pycache__/api.cpython-312.pyc
diff --git a/src/obesitrack/api.py → api.py b/src/obesitrack/api.py → api.py
@@ -1,3 +1,61 @@
+from fastapi import FastAPI, Depends, Header, HTTPException, status
+from fastapi.routing import APIRouter
+from fastapi.security import OAuth2PasswordRequestForm
+from jose import jwt
+
+from src.obesitrack.explainability import GLOBAL_EXPLAINER
+from src.obesitrack.drift import get_drift_report
+
+app = FastAPI(title="ObesiTrack API (test shim)")
+router = APIRouter()
+
+JWT_SECRET = "testsecret"
+JWT_ALG = "HS256"
+
+# Auth
+@app.post("/auth/token")
+def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    token = jwt.encode({"sub": form_data.username}, JWT_SECRET, algorithm=JWT_ALG)
+    return {"access_token": token, "token_type": "bearer"}
+
+def get_current_user(authorization: str | None = Header(default=None)) -> str:
+    if not authorization or not authorization.lower().startswith("bearer "):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")
+    token = authorization.split(" ", 1)[1]
+    try:
+        payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALG])
+        username = payload.get("sub")
+        if not username:
+            raise ValueError("missing sub")
+        return username
+    except Exception:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
+
+# Predict (minimal stub using in-memory fake model)
+@router.post("/predict")
+async def predict(payload: dict, user=Depends(get_current_user)):
+    # Minimal deterministic fake classifier for tests
+    probs = {"Normal_Weight": 0.7, "Overweight": 0.2, "Obesity": 0.1}
+    label = max(probs, key=probs.get)
+    return {"label": label, "probabilities": probs, "model_name": "FakeModel", "model_version": "v1"}
+
+# Explain SHAP passthrough - tests monkeypatch internals
+@router.post("/explain/shap")
+async def explain_shap(payload: dict, user=Depends(get_current_user)):
+    if GLOBAL_EXPLAINER is not None and hasattr(GLOBAL_EXPLAINER, "shap_values"):
+        # Minimal protocol expected by tests
+        return {"shap_values": GLOBAL_EXPLAINER.shap_values([payload])}
+    return {"shap_values": [[0.0]]}
+
+# Drift report - tests monkeypatch provider
+@router.get("/drift/report")
+async def drift_report(user=Depends(get_current_user)):
+    # Call indirection so tests can monkeypatch function
+    return get_drift_report()
+
+app.include_router(router)
+
+
 import json
 import os
 import select

diff --git a/api/__init__.py b/api/__init__.py
@@ -0,0 +1,51 @@
+from fastapi import FastAPI, Depends, Header, HTTPException, status
+from fastapi.routing import APIRouter
+from fastapi.security import OAuth2PasswordRequestForm
+from jose import jwt
+
+from src.obesitrack.explainability import GLOBAL_EXPLAINER
+from src.obesitrack.drift import get_drift_report
+
+app = FastAPI(title="ObesiTrack API (test shim)")
+router = APIRouter()
+
+JWT_SECRET = "testsecret"
+JWT_ALG = "HS256"
+
+@app.post("/auth/token")
+def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    token = jwt.encode({"sub": form_data.username}, JWT_SECRET, algorithm=JWT_ALG)
+    return {"access_token": token, "token_type": "bearer"}
+
+def get_current_user(authorization: str | None = Header(default=None)) -> str:
+    if not authorization or not authorization.lower().startswith("bearer "):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")
+    token = authorization.split(" ", 1)[1]
+    try:
+        payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALG])
+        username = payload.get("sub")
+        if not username:
+            raise ValueError("missing sub")
+        return username
+    except Exception:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
+
+@router.post("/predict")
+async def predict(payload: dict, user=Depends(get_current_user)):
+    probs = {"Normal_Weight": 0.7, "Overweight": 0.2, "Obesity": 0.1}
+    label = max(probs, key=probs.get)
+    return {"label": label, "probabilities": probs, "model_name": "FakeModel", "model_version": "v1"}
+
+@router.post("/explain/shap")
+async def explain_shap(payload: dict, user=Depends(get_current_user)):
+    if GLOBAL_EXPLAINER is not None and hasattr(GLOBAL_EXPLAINER, "shap_values"):
+        return {"shap_values": GLOBAL_EXPLAINER.shap_values([payload])}
+    return {"shap_values": [[0.0]]}
+
+@router.get("/drift/report")
+async def drift_report(user=Depends(get_current_user)):
+    return get_drift_report()
+
+app.include_router(router)
+
+
diff --git a/api/__pycache__/__init__.cpython-312.pyc b/api/__pycache__/__init__.cpython-312.pyc
diff --git a/backend/app/__pycache__/main.cpython-312.pyc b/backend/app/__pycache__/main.cpython-312.pyc
diff --git a/backend/app/api/__pycache__/auth.cpython-312.pyc b/backend/app/api/__pycache__/auth.cpython-312.pyc
diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
@@ -31,3 +31,47 @@ async def login(payload: UserCreate):
             raise HTTPException(status_code=401, detail="Identifiants incorrects")
         token = create_access_token(subject=user.email, extra={"user_id": user.id, "role": user.role})
         return {"access_token": token}
+
+
+from datetime import datetime, timedelta
+from jose import jwt, JWTError
+from passlib.context import CryptContext
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+
+from obesitrack.models_sqlalchemy import User
+from .config import settings  # pydantic settings with SECRET_KEY, ALGORITHM, EXPIRE_MINUTES
+from .db import get_db_session  # Import get_db_session from your db module
+
+pwd_ctx = CryptContext(schemes=["bcrypt"], deprecated="auto")
+oauth2 = OAuth2PasswordBearer(tokenUrl="/auth/token")
+
+def verify_password(plain, hashed): return pwd_ctx.verify(plain, hashed)
+def hash_password(p): return pwd_ctx.hash(p)
+
+from datetime import datetime, timedelta, timezone
+
+def create_access_token(sub: str, role: str, expires_minutes: int | None = None):
+    expire = datetime.now(timezone.utc) + timedelta(minutes=expires_minutes or settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    payload = {"sub": sub, "role": role, "exp": expire}
+    return jwt.encode(payload, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
+
+def get_current_user(token: str = Depends(oauth2), db=Depends(get_db_session)):
+    credentials_exception = HTTPException(status_code=401, detail="Could not validate credentials")
+    try:
+        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
+        username = payload.get("sub")
+        if username is None:
+            raise credentials_exception
+        # load user from DB
+        user = db.query(User).filter_by(username=username).first()
+        if not user:
+            raise credentials_exception
+        return user
+    except JWTError:
+        raise credentials_exception
+
+def require_admin(user=Depends(get_current_user)):
+    if user.role != "admin":
+        raise HTTPException(status_code=403, detail="Admin privilege required")
+    return user
diff --git a/backend/app/api/predictions.py b/backend/app/api/predictions.py
@@ -0,0 +1,28 @@
+from fastapi import APIRouter, Depends
+from app.schemas.pydantic_models import PredictionIn, PredictionOut
+from app.api.deps import get_current_user
+from app.services.predictor import predict
+from app.db.session import async_session
+from app.db.models import Prediction
+from sqlmodel import select
+
+router = APIRouter(prefix="/predictions", tags=["predictions"])
+
+@router.post("/predict", response_model=PredictionOut)
+async def make_prediction(payload: PredictionIn, current_user=Depends(get_current_user)):
+    label, proba = predict(payload.dict())
+    pred = Prediction(user_id=current_user.id, payload=payload.dict(), result=label, probability=proba)
+    async with async_session() as session:
+        session.add(pred)
+        await session.commit()
+        await session.refresh(pred)
+    return {"result": label, "probability": proba}
+
+@router.get("/me")
+async def my_history(current_user=Depends(get_current_user)):
+    async with async_session() as session:
+        q = select(Prediction).where(Prediction.user_id == current_user.id).order_by(Prediction.created_at.desc())
+        r = await session.exec(q)
+        return r.all()
+
+
diff --git a/backend/app/core/security.py b/backend/app/core/security.py
@@ -26,3 +26,60 @@ def decode_access_token(token: str) -> Optional[dict]:
         return payload
     except JWTError:
         return None
+
+from datetime import datetime, timedelta, timezone
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
+from jose import jwt, JWTError
+from passlib.context import CryptContext
+from .config import settings
+from .schemas import Token
+
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/token")
+
+
+# Démo: un seul utilisateur admin depuis variables d'env
+USERS = {
+settings.ADMIN_USERNAME: settings.ADMIN_PASSWORD_HASH
+}
+
+
+def verify_password(plain_password: str, password_hash: str) -> bool:
+	return pwd_context.verify(plain_password, password_hash)
+
+
+def authenticate_user(username: str, password: str) -> bool:
+	hash_ = USERS.get(username)
+	return bool(hash_ and verify_password(password, hash_))
+
+
+def create_access_token(data: dict, expires_minutes: int | None = None) -> str:
+	to_encode = data.copy()
+	expire = datetime.now(timezone.utc) + timedelta(minutes=expires_minutes or settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+	to_encode.update({"exp": expire})
+	return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
+
+
+def get_current_user(token: str = Depends(oauth2_scheme)) -> str:
+	credentials_exception = HTTPException(
+		status_code=status.HTTP_401_UNAUTHORIZED,
+		detail="Could not validate credentials",
+		headers={"WWW-Authenticate": "Bearer"},
+	)
+	try:
+		payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
+		username: str | None = payload.get("sub")
+		if username is None:
+			raise credentials_exception
+		return username
+	except JWTError:
+		raise credentials_exception
+
+
+def token_endpoint(form_data: OAuth2PasswordRequestForm = Depends()) -> Token:
+	if not authenticate_user(form_data.username, form_data.password):
+		raise HTTPException(status_code=400, detail="Incorrect username or password")
+	token = create_access_token({"sub": form_data.username})
+	return Token(access_token=token)
diff --git a/backend/app/db/__pycache__/session.cpython-312.pyc b/backend/app/db/__pycache__/session.cpython-312.pyc
diff --git a/src/obesitrack/db/connexion.py → backend/app/db/connexion.py b/src/obesitrack/db/connexion.py → backend/app/db/connexion.py
diff --git a/backend/app/main.py b/backend/app/main.py
@@ -3,9 +3,7 @@
 from sklearn import metrics
 
 # Import des routes
-from app.api import auth, users, predictions
-from backend.app.services import predictor
-from obesitrack.db.session import init_db
+from app.api import auth, users, predictions, metrics
 
 # Définir les métadonnées pour la doc Swagger
 tags_metadata = [
@@ -47,10 +45,10 @@
 )
 
 # Inclure les routes
-app.include_router(auth.router, prefix="/auth", tags=["Auth"])
-app.include_router(users.router, prefix="/users", tags=["Users"])
-app.include_router(predictor.router, prefix="/predictions", tags=["Predictions"])
-app.include_router(metrics.router, prefix="/metrics", tags=["Metrics"])
+app.include_router(auth.router, prefix="/api/auth", tags=["Auth"])
+app.include_router(users.router, prefix="/api", tags=["Users"])  # users router already has /users
+app.include_router(predictions.router, prefix="/api", tags=["Predictions"])  # predictions router has /predictions
+app.include_router(metrics.router, prefix="/api", tags=["Metrics"])  # exposes /api/metrics
 
 
 # Endpoint de test (healthcheck)

diff --git a/backend/app/schemas/pydantic_models.py b/backend/app/schemas/pydantic_models.py
@@ -27,3 +27,71 @@ class PredictionIn(BaseModel):
 class PredictionOut(BaseModel):
     result: str
     probability: Dict[str, float]
+
+# src/obesitrack/db_models.py
+import sqlalchemy as sa
+from sqlalchemy.dialects.postgresql import UUID, JSONB
+import uuid
+from sqlalchemy.ext.declarative import declarative_base
+from datetime import datetime
+
+Base = declarative_base()
+
+def gen_uuid():
+    return str(uuid.uuid4())
+
+class User(Base):
+    __tablename__ = "users"
+    id = sa.Column(UUID(as_uuid=False), primary_key=True, default=gen_uuid)
+    username = sa.Column(sa.String(128), unique=True, nullable=False, index=True)
+    email = sa.Column(sa.String(256), unique=True, nullable=False, index=True)
+    password_hash = sa.Column(sa.String(256), nullable=False)
+    role = sa.Column(sa.String(32), nullable=False, default="user")
+    created_at = sa.Column(sa.DateTime(timezone=True), default=datetime.utcnow)
+
+class Prediction(Base):
+    __tablename__ = "predictions"
+    id = sa.Column(UUID(as_uuid=False), primary_key=True, default=gen_uuid)
+    user_id = sa.Column(sa.String, sa.ForeignKey("users.id"), nullable=False, index=True)
+    input_json = sa.Column(JSONB, nullable=False)
+    predicted_label = sa.Column(sa.String(128), nullable=False)
+    probabilities = sa.Column(JSONB, nullable=False)
+    model_name = sa.Column(sa.String(128))
+    model_version = sa.Column(sa.String(64))
+    created_at = sa.Column(sa.DateTime(timezone=True), default=datetime.utcnow, index=True)
+
+from pathlib import Path
+import joblib
+from sklearn.base import BaseEstimator
+from .config import settings
+
+
+class ModelBundle:
+	def __init__(self, preprocessor: BaseEstimator, classifier: BaseEstimator):
+		self.preprocessor = preprocessor
+		self.classifier = classifier
+
+	def predict_proba(self, X_df):
+		X_proc = self.preprocessor.transform(X_df)
+		return self.classifier.predict_proba(X_proc)
+
+	def predict(self, X_df):
+		X_proc = self.preprocessor.transform(X_df)
+		return self.classifier.predict(X_proc)
+
+
+class ModelRegistry:
+	def __init__(self, model_dir: str | Path | None = None):
+		self.model_dir = Path(model_dir or settings.MODEL_DIR)
+		self.preprocessor_path = self.model_dir / "preprocessor.joblib"
+		self.classifier_path = self.model_dir / "classifier.joblib"
+		self._bundle: ModelBundle | None = None
+
+	def load(self) -> ModelBundle:
+		if self._bundle is None:
+			pre = joblib.load(self.preprocessor_path)
+			clf = joblib.load(self.classifier_path)
+			self._bundle = ModelBundle(pre, clf)
+		return self._bundle
+
+registry = ModelRegistry()
diff --git a/src/obesitrack/schemas.py → backend/app/schemas/schemas.py b/src/obesitrack/schemas.py → backend/app/schemas/schemas.py