feat: implement Instagram clone SocialPhoto API

- FastAPI backend with SQLite database - JWT authentication (register, login) - User profiles with follow/unfollow - Posts with image upload and likes/dislikes - Comments with likes - Global and personalized feed - Comprehensive pytest test suite (37 tests) TASK-ID: 758f4029-702
2026-04-16 03:20:48 +00:00
parent 8cbc4000ac
commit a3eca3b7da
95 changed files with 2767 additions and 1 deletions
--- a/app/routes/comments.py
+++ b/app/routes/comments.py
@@ -0,0 +1,79 @@
+"""Comment routes for SocialPhoto - comment-specific operations."""
+import sqlite3
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from app.auth import get_current_user_id
+from app.database import get_db, row_to_dict
+
+router = APIRouter(prefix="/comments", tags=["Comments"])
+security = HTTPBearer()
+
+
+@router.delete("/{comment_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_comment(
+    comment_id: int,
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    conn: sqlite3.Connection = Depends(get_db),
+) -> None:
+    """Delete a comment (only by owner)."""
+    user_id = await get_current_user_id(credentials)
+    cursor = conn.cursor()
+
+    # Check comment exists and belongs to user
+    cursor.execute(
+        "SELECT user_id FROM comments WHERE id = ?",
+        (comment_id,),
+    )
+    row = cursor.fetchone()
+    if not row:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Comment not found",
+        )
+
+    comment = row_to_dict(row)
+    if comment["user_id"] != user_id:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="You can only delete your own comments",
+        )
+
+    # Delete comment
+    cursor.execute("DELETE FROM comments WHERE id = ?", (comment_id,))
+    conn.commit()
+
+
+@router.post("/{comment_id}/like", status_code=status.HTTP_201_CREATED)
+async def like_comment(
+    comment_id: int,
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    conn: sqlite3.Connection = Depends(get_db),
+) -> dict:
+    """Like a comment."""
+    user_id = await get_current_user_id(credentials)
+    cursor = conn.cursor()
+
+    # Check comment exists
+    cursor.execute("SELECT id FROM comments WHERE id = ?", (comment_id,))
+    if not cursor.fetchone():
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Comment not found",
+        )
+
+    # Add like
+    try:
+        cursor.execute(
+            "INSERT INTO comment_likes (comment_id, user_id) VALUES (?, ?)",
+            (comment_id, user_id),
+        )
+        conn.commit()
+    except sqlite3.IntegrityError:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="You already liked this comment",
+        )
+
+    return {"message": "Comment liked"}