diff --git a/profile_pictures/olivia.kibele@onyva.de.jpeg b/profile_pictures/olivia.kibele@onyva.de.jpeg new file mode 100644 index 0000000..b4130e7 Binary files /dev/null and b/profile_pictures/olivia.kibele@onyva.de.jpeg differ diff --git a/profile_pictures/timo.uttenweiler@onyva.de.jpeg b/profile_pictures/timo.uttenweiler@onyva.de.jpeg new file mode 100644 index 0000000..8323f5e Binary files /dev/null and b/profile_pictures/timo.uttenweiler@onyva.de.jpeg differ diff --git a/scripts/update_profile_pictures.py b/scripts/update_profile_pictures.py new file mode 100644 index 0000000..51a25e7 --- /dev/null +++ b/scripts/update_profile_pictures.py @@ -0,0 +1,116 @@ +#!/usr/bin/env python3 +""" +Upload local profile pictures to Supabase and update user/profile records. + +Usage: + python scripts/update_profile_pictures.py --dir profile_pictures --apply + python scripts/update_profile_pictures.py --dir profile_pictures # dry run +""" + +import argparse +import asyncio +import mimetypes +import sys +from pathlib import Path + +ROOT = Path(__file__).resolve().parents[1] +if str(ROOT) not in sys.path: + sys.path.insert(0, str(ROOT)) + +from loguru import logger + +from src.database import db +from src.services.storage_service import storage + + +def guess_content_type(path: Path) -> str: + content_type, _ = mimetypes.guess_type(str(path)) + return content_type or "image/jpeg" + + +async def process_directory(directory: Path, apply: bool) -> None: + if not directory.exists() or not directory.is_dir(): + raise ValueError(f"Directory not found: {directory}") + + files = sorted([p for p in directory.iterdir() if p.is_file()]) + if not files: + print("No files found.") + return + + updated = 0 + skipped = 0 + + for path in files: + email = path.stem.strip() + if "@" not in email: + print(f"Skip (no email in filename): {path.name}") + skipped += 1 + continue + + user = await db.get_user_by_email(email) + if not user: + print(f"User not found for email: {email}") + skipped += 1 + continue + + content_type = guess_content_type(path) + file_bytes = path.read_bytes() + + print(f"\n{path.name} -> {email} ({content_type}, {len(file_bytes)} bytes)") + + if not apply: + print("DRY RUN: would upload and update profile.") + continue + + try: + uploaded_url = await storage.upload_media( + file_content=file_bytes, + content_type=content_type, + user_id=str(user.id), + ) + + await db.update_profile(user.id, {"profile_picture": uploaded_url}) + linkedin_account = await db.get_linkedin_account(user.id) + if linkedin_account: + await db.update_linkedin_account( + linkedin_account.id, + {"linkedin_picture": uploaded_url} + ) + + if db.admin_client: + try: + await asyncio.to_thread( + lambda: db.admin_client.auth.admin.update_user_by_id( + str(user.id), + { + "user_metadata": { + "picture": uploaded_url, + "linkedin_picture": uploaded_url + } + } + ) + ) + except Exception as exc: + logger.warning(f"Failed to update auth user metadata: {exc}") + else: + logger.warning("No service role key available; cannot update auth.users metadata.") + + updated += 1 + print(f"Updated profile picture: {uploaded_url}") + except Exception as exc: + logger.error(f"Failed to update {email}: {exc}") + skipped += 1 + + print(f"\nDone. Updated: {updated}, Skipped: {skipped}") + + +def parse_args() -> argparse.Namespace: + parser = argparse.ArgumentParser(description="Upload profile pictures to Supabase and update users.") + parser.add_argument("--dir", default="profile_pictures", help="Directory with profile pictures") + parser.add_argument("--apply", action="store_true", help="Apply changes (otherwise dry run)") + return parser.parse_args() + + +if __name__ == "__main__": + args = parse_args() + asyncio.run(process_directory(Path(args.dir), apply=args.apply)) diff --git a/src/orchestrator.py b/src/orchestrator.py index 92ea072..f44d622 100644 --- a/src/orchestrator.py +++ b/src/orchestrator.py @@ -21,6 +21,7 @@ from src.agents.style_validator import StyleValidator from src.agents.readability_checker import ReadabilityChecker from src.agents.quality_refiner import QualityRefinerAgent from src.database.models import PostType +from src.utils.post_cleanup import sanitize_post_content class WorkflowOrchestrator: @@ -658,6 +659,7 @@ class WorkflowOrchestrator: company_strategy=company_strategy, # Pass company strategy strategy_weight=strategy_weight # NEW: Pass strategy weight ) + current_post = sanitize_post_content(current_post) else: # Revision based on feedback - pass full critic result for structured changes report_progress("Writer überarbeitet Post...", iteration, None, writer_versions, critic_feedback_list) @@ -677,8 +679,9 @@ class WorkflowOrchestrator: company_strategy=company_strategy, # Pass company strategy strategy_weight=strategy_weight # NEW: Pass strategy weight ) + current_post = sanitize_post_content(current_post) - writer_versions.append(current_post) + writer_versions.append(sanitize_post_content(current_post)) logger.info(f"Writer produced version {iteration}") # Report progress with new version @@ -750,7 +753,7 @@ class WorkflowOrchestrator: profile_analysis=profile_analysis.full_analysis, example_posts=example_post_texts ) - current_post = polished_post + current_post = sanitize_post_content(polished_post) logger.info("✅ Post polished (Formatierung erhalten)") else: logger.info("✅ No quality issues, skipping polish") @@ -772,7 +775,7 @@ class WorkflowOrchestrator: generated_post = GeneratedPost( user_id=user_id, topic_title=topic.get("title", "Unknown"), - post_content=current_post, + post_content=sanitize_post_content(current_post), iterations=iteration, writer_versions=writer_versions, critic_feedback=critic_feedback_list, diff --git a/src/utils/post_cleanup.py b/src/utils/post_cleanup.py new file mode 100644 index 0000000..6cac707 --- /dev/null +++ b/src/utils/post_cleanup.py @@ -0,0 +1,22 @@ +"""Utilities to sanitize generated post content.""" +import re + + +def sanitize_post_content(text: str) -> str: + """Remove markdown bold and leading 'Post' labels from generated content.""" + if not text: + return text + + cleaned = text.strip() + + # Remove leading "Post" or "**Post**" labels + cleaned = re.sub(r'^\s*(\*\*post\*\*|post)\s*[:\-–—]*\s*', '', cleaned, flags=re.IGNORECASE) + + # Remove markdown bold markers, keep inner text + cleaned = re.sub(r'\*\*(.+?)\*\*', r'\1', cleaned) + cleaned = re.sub(r'__(.+?)__', r'\1', cleaned) + + # Remove any leftover bold markers + cleaned = cleaned.replace('**', '').replace('__', '') + + return cleaned.strip() diff --git a/src/web/app.py b/src/web/app.py index 6f477ae..ea6c0b2 100644 --- a/src/web/app.py +++ b/src/web/app.py @@ -70,8 +70,8 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware): "default-src 'self'; " "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; " "style-src 'self' 'unsafe-inline'; " - "img-src 'self' data: blob: https://*.supabase.co https://*.linkedin.com https://media.licdn.com; " - "connect-src 'self' https://*.supabase.co; " + "img-src 'self' data: blob: https://*.supabase.co https://supabase.onyva.dev https://*.linkedin.com https://media.licdn.com; " + "connect-src 'self' https://*.supabase.co https://supabase.onyva.dev; " "font-src 'self' data:; " "frame-ancestors 'none'; " "base-uri 'self'; " diff --git a/src/web/templates/user/company_accounts.html b/src/web/templates/user/company_accounts.html index 63c3eb6..d8c4e28 100644 --- a/src/web/templates/user/company_accounts.html +++ b/src/web/templates/user/company_accounts.html @@ -78,8 +78,8 @@
- {% if employee.linkedin_picture %} - + {% if employee.profile_picture or employee.linkedin_picture %} + {% else %} {{ (employee.display_name or employee.linkedin_name or employee.email)[0] | upper }} {% endif %} diff --git a/src/web/templates/user/company_manage.html b/src/web/templates/user/company_manage.html index fbc890c..afb0278 100644 --- a/src/web/templates/user/company_manage.html +++ b/src/web/templates/user/company_manage.html @@ -15,8 +15,8 @@
- {% if emp.linkedin_picture %} - + {% if emp.profile_picture or emp.linkedin_picture %} + {% else %} {{ (emp.display_name or emp.email)[0] | upper }} {% endif %} @@ -44,8 +44,8 @@
- {% if selected_employee.linkedin_picture %} - + {% if selected_employee.profile_picture or selected_employee.linkedin_picture %} + {% else %} {{ (selected_employee.display_name or selected_employee.email)[0] | upper }} {% endif %} diff --git a/src/web/user/routes.py b/src/web/user/routes.py index 558a636..7c14f03 100644 --- a/src/web/user/routes.py +++ b/src/web/user/routes.py @@ -47,6 +47,7 @@ from src.agents.link_topic_builder import LinkTopicBuilderAgent from src.agents.strategy_importer import StrategyImporterAgent from src.services.post_insights_service import compute_post_insights, refresh_post_insights_for_account from src.services.insights_summary_service import generate_insights_summary +from src.utils.post_cleanup import sanitize_post_content # Router for user frontend user_router = APIRouter(tags=["user"]) @@ -68,16 +69,16 @@ async def get_user_profile_picture(user_id: UUID) -> Optional[str]: Note: session.linkedin_picture (OAuth login) should be checked by caller first. """ - # Check for connected LinkedIn account first - linkedin_account = await db.get_linkedin_account(user_id) - if linkedin_account and linkedin_account.is_active and linkedin_account.linkedin_picture: - return linkedin_account.linkedin_picture - - # Fall back to profile picture from setup process + # Prefer cached profile picture (Supabase) to avoid LinkedIn hotlink blocking profile = await db.get_profile(user_id) if profile and profile.profile_picture: return profile.profile_picture + # Fall back to connected LinkedIn account + linkedin_account = await db.get_linkedin_account(user_id) + if linkedin_account and linkedin_account.is_active and linkedin_account.linkedin_picture: + return linkedin_account.linkedin_picture + return None @@ -103,6 +104,48 @@ async def get_user_avatar(session: UserSession, user_id: UUID) -> Optional[str]: return None +async def cache_linkedin_picture( + picture_url: Optional[str], + user_id: UUID, + http_client: Optional["httpx.AsyncClient"] = None +) -> Optional[str]: + """Download LinkedIn profile picture once and store in Supabase.""" + if not picture_url: + return None + + try: + import httpx + close_client = False + client = http_client + if client is None: + client = httpx.AsyncClient(timeout=30.0) + close_client = True + + headers = { + "User-Agent": "Mozilla/5.0", + "Referer": "https://www.linkedin.com/", + "Accept": "image/avif,image/webp,image/apng,image/*,*/*;q=0.8", + } + response = await client.get(picture_url, headers=headers) + if response.status_code != 200 or not response.content: + return picture_url + + content_type = response.headers.get("content-type", "image/jpeg") + uploaded_url = await storage.upload_media( + file_content=response.content, + content_type=content_type, + user_id=user_id + ) + + if close_client: + await client.aclose() + + return uploaded_url or picture_url + except Exception as e: + logger.warning(f"Failed to cache LinkedIn picture: {e}") + return picture_url + + async def get_employee_permissions_or_default(user_id: UUID, company_id: UUID) -> dict: """Get employee permissions for a company, returning all-true defaults if no row exists.""" @@ -2926,6 +2969,7 @@ async def linkedin_callback( linkedin_user_id = userinfo.get("sub") linkedin_name = userinfo.get("name", "") linkedin_picture = userinfo.get("picture") + cached_picture = await cache_linkedin_picture(linkedin_picture, UUID(session.user_id), http_client=client) # Get vanity name if available (from profile API - optional) linkedin_vanity_name = None @@ -2955,7 +2999,7 @@ async def linkedin_callback( "linkedin_user_id": linkedin_user_id, "linkedin_vanity_name": linkedin_vanity_name, "linkedin_name": linkedin_name, - "linkedin_picture": linkedin_picture, + "linkedin_picture": cached_picture or linkedin_picture, "access_token": encrypted_access, "refresh_token": encrypted_refresh, "token_expires_at": datetime.now(timezone.utc) + timedelta(seconds=expires_in), @@ -2973,7 +3017,7 @@ async def linkedin_callback( linkedin_user_id=linkedin_user_id, linkedin_vanity_name=linkedin_vanity_name, linkedin_name=linkedin_name, - linkedin_picture=linkedin_picture, + linkedin_picture=cached_picture or linkedin_picture, access_token=encrypted_access, refresh_token=encrypted_refresh, token_expires_at=datetime.now(timezone.utc) + timedelta(seconds=expires_in), @@ -2982,6 +3026,12 @@ async def linkedin_callback( await db.create_linkedin_account(new_account) logger.info(f"Created LinkedIn account for user {session.user_id}") + if cached_picture: + try: + await db.update_profile(UUID(session.user_id), {"profile_picture": cached_picture}) + except Exception as e: + logger.warning(f"Failed to update profile picture: {e}") + # Clear state cookie and redirect to settings response = RedirectResponse(url="/settings?success=linkedin_connected", status_code=302) response.delete_cookie("linkedin_oauth_state") @@ -4333,6 +4383,7 @@ async def chat_generate_post(request: Request): company_strategy=company_strategy, strategy_weight=post_type.strategy_weight ) + post_content = sanitize_post_content(post_content) # Generate conversation ID import uuid @@ -4446,6 +4497,7 @@ async def chat_refine_post(request: Request): company_strategy=company_strategy, strategy_weight=getattr(post_type, 'strategy_weight', 0.5) ) + refined_post = sanitize_post_content(refined_post) return JSONResponse({ "success": True, @@ -4470,7 +4522,7 @@ async def chat_save_post(request: Request): try: data = await request.json() - post_content = data.get("post_content", "").strip() + post_content = sanitize_post_content(data.get("post_content", "").strip()) post_type_id = data.get("post_type_id") chat_history = data.get("chat_history", []) @@ -4501,7 +4553,7 @@ async def chat_save_post(request: Request): for item in chat_history: if 'ai' in item and item['ai']: - writer_versions.append(item['ai']) + writer_versions.append(sanitize_post_content(item['ai'])) # Store user feedback as "critic feedback" if 'user' in item and item['user']: critic_feedback_list.append({ @@ -4620,7 +4672,7 @@ async def update_chat_post(request: Request, post_id: str): post_uuid = UUID(post_id) data = await request.json() - post_content = data.get("post_content", "").strip() + post_content = sanitize_post_content(data.get("post_content", "").strip()) chat_history = data.get("chat_history", []) if not post_content: @@ -4641,7 +4693,7 @@ async def update_chat_post(request: Request, post_id: str): for item in chat_history: if 'ai' in item and item['ai']: - writer_versions.append(item['ai']) + writer_versions.append(sanitize_post_content(item['ai'])) # Store user feedback as "critic feedback" if 'user' in item and item['user']: critic_feedback_list.append({ @@ -4751,6 +4803,7 @@ async def company_chat_generate_post(request: Request): company_strategy=company_strategy, strategy_weight=post_type.strategy_weight ) + post_content = sanitize_post_content(post_content) return JSONResponse({ "success": True, @@ -4777,7 +4830,7 @@ async def company_chat_save_post(request: Request): try: data = await request.json() employee_id = data.get("employee_id") - post_content = data.get("post_content", "").strip() + post_content = sanitize_post_content(data.get("post_content", "").strip()) post_type_id = data.get("post_type_id") chat_history = data.get("chat_history", []) topic_title = data.get("topic_title", post_content[:80] if post_content else "Chat Post") @@ -4794,7 +4847,7 @@ async def company_chat_save_post(request: Request): if not perms.get("can_create_posts", True): return JSONResponse({"success": False, "error": "Keine Berechtigung"}, status_code=403) - writer_versions = [item['ai'] for item in chat_history if 'ai' in item and item['ai']] + writer_versions = [sanitize_post_content(item['ai']) for item in chat_history if 'ai' in item and item['ai']] critic_feedback_list = [] for item in chat_history: if 'user' in item and item['user']: