API server improvements: /counts endpoint, bulk_write sync, debug flag fix

[salmon-21]

Summary

Several improvements to the API server (api/), implemented in salmon-21/HCGateway@api-improvements.

Changes

1. GET /api/v2/counts endpoint

Returns record counts per collection for the authenticated user. Useful for displaying sync status in the app.

2. POST /api/v2/sync/<method> — bulk_write optimization

Replaced the per-record insert_one/update_one loop with pymongo.bulk_write(ordered=False) using UpdateOne with upsert=True. Resolves socket timeouts when syncing large batches (3000+ records, e.g. Steps, TotalCaloriesBurned).

3. Fix APP_DEBUG parsing bug

bool(os.environ.get('APP_DEBUG', False)) evaluates bool("False") → True, meaning debug mode was always on regardless of the env var value. Fixed to os.environ.get('APP_DEBUG', '0') == '1'.

4. Fix redundant password double-hashing

New user creation used insert → re-insert → delete workaround that called ph.hash() twice unnecessarily. Simplified to generate a string ObjectId directly with a single insert.

5. Use UTC for token expiry timestamps

Replaced datetime.now() with datetime.now(timezone.utc) to avoid timezone-dependent behavior if the server TZ changes.

6. Remove debug print() statements

Cleaned up leftover debug prints from sync and delFromDb endpoints.

Related: #61

🤖 Generated with Claude Code

[LeaJana]

I just set up a test setup with your changes. Wow this is way faster! Thank you a lot!