Add exercise numbers, image uploads, version display, session resume, and training sparklines

- Exercise number (UF#): optional field on exercises, displayed in cards, training, and sets - Import training plan numbers via migration 005 (UPDATE by name) - Exercise images: JPG upload with multi-image support per exercise (migration 006) - Version endpoint (GET /api/v1/version) with ldflags injection in Makefile and Dockerfile - Version displayed on settings page - Session resume: GET /api/v1/sessions/active endpoint, auto-resume on training page load - Block new session while one is active (409 Conflict) - e1RM sparkline chart per exercise during training (Epley formula) - Fix CORS: add X-User-ID to allowed headers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-27 08:37:29 +01:00
parent 833ad04a6f
commit 063aa67615
32 changed files with 1457 additions and 32 deletions
--- a/backend/internal/handler/handler.go
+++ b/backend/internal/handler/handler.go
@@ -38,6 +38,7 @@ func (h *Handler) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("DELETE /api/v1/sets/{id}", h.handleDeleteSet)

 	// Sessions
+	mux.HandleFunc("GET /api/v1/sessions/active", h.handleGetActiveSession)
 	mux.HandleFunc("POST /api/v1/sessions", h.handleCreateSession)
 	mux.HandleFunc("GET /api/v1/sessions", h.handleListSessions)
 	mux.HandleFunc("GET /api/v1/sessions/{id}", h.handleGetSession)
--- a/backend/internal/handler/image_handler.go
+++ b/backend/internal/handler/image_handler.go
@@ -0,0 +1,135 @@
+package handler
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"github.com/google/uuid"
+)
+
+const (
+	maxImageSize = 5 << 20 // 5 MB
+	uploadDir    = "uploads"
+)
+
+func (h *Handler) handleListImages(w http.ResponseWriter, r *http.Request) {
+	exerciseID, err := pathID(r, "id")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "Ungültige ID")
+		return
+	}
+
+	images, err := h.store.ListExerciseImages(exerciseID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "Fehler beim Laden der Bilder")
+		return
+	}
+	writeJSON(w, http.StatusOK, images)
+}
+
+func (h *Handler) handleUploadImage(w http.ResponseWriter, r *http.Request) {
+	exerciseID, err := pathID(r, "id")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "Ungültige ID")
+		return
+	}
+
+	// Übung muss existieren
+	exercise, err := h.store.GetExercise(exerciseID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "Fehler beim Prüfen der Übung")
+		return
+	}
+	if exercise == nil {
+		writeError(w, http.StatusNotFound, "Übung nicht gefunden")
+		return
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, maxImageSize)
+	if err := r.ParseMultipartForm(maxImageSize); err != nil {
+		writeError(w, http.StatusBadRequest, "Datei zu groß (max 5 MB)")
+		return
+	}
+
+	file, header, err := r.FormFile("image")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "Kein Bild im Request")
+		return
+	}
+	defer file.Close()
+
+	// Content-Type prüfen
+	ct := header.Header.Get("Content-Type")
+	if ct != "image/jpeg" {
+		writeError(w, http.StatusBadRequest, "Nur JPG-Bilder erlaubt")
+		return
+	}
+
+	// Datei speichern
+	filename := uuid.New().String() + ".jpg"
+	destPath := filepath.Join(uploadDir, filename)
+
+	if err := os.MkdirAll(uploadDir, 0755); err != nil {
+		writeError(w, http.StatusInternalServerError, "Fehler beim Erstellen des Upload-Verzeichnisses")
+		return
+	}
+
+	dst, err := os.Create(destPath)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "Fehler beim Speichern der Datei")
+		return
+	}
+	defer dst.Close()
+
+	if _, err := io.Copy(dst, file); err != nil {
+		os.Remove(destPath)
+		writeError(w, http.StatusInternalServerError, "Fehler beim Schreiben der Datei")
+		return
+	}
+
+	img, err := h.store.CreateExerciseImage(exerciseID, filename)
+	if err != nil {
+		os.Remove(destPath)
+		writeError(w, http.StatusInternalServerError, "Fehler beim Speichern des Bildes")
+		return
+	}
+	writeJSON(w, http.StatusCreated, img)
+}
+
+func (h *Handler) handleDeleteImage(w http.ResponseWriter, r *http.Request) {
+	imageID, err := pathID(r, "imageId")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "Ungültige Bild-ID")
+		return
+	}
+
+	filename, err := h.store.DeleteExerciseImage(imageID)
+	if err != nil {
+		writeError(w, http.StatusNotFound, "Bild nicht gefunden")
+		return
+	}
+
+	// Datei vom Dateisystem löschen
+	os.Remove(filepath.Join(uploadDir, filename))
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// RegisterImageRoutes registriert die Bild-spezifischen Routen und den statischen File-Server.
+func (h *Handler) RegisterImageRoutes(mux *http.ServeMux) {
+	mux.HandleFunc("GET /api/v1/exercises/{id}/images", h.handleListImages)
+	mux.HandleFunc("POST /api/v1/exercises/{id}/images", h.handleUploadImage)
+	mux.HandleFunc("DELETE /api/v1/exercises/{id}/images/{imageId}", h.handleDeleteImage)
+
+	// Bilder statisch servieren
+	mux.Handle("GET /uploads/", http.StripPrefix("/uploads/",
+		http.FileServer(http.Dir(uploadDir))))
+
+	// uploads-Verzeichnis sicherstellen
+	os.MkdirAll(uploadDir, 0755)
+
+	fmt.Println("Bild-Upload konfiguriert:", uploadDir)
+}
--- a/backend/internal/handler/middleware.go
+++ b/backend/internal/handler/middleware.go
@@ -19,7 +19,7 @@ func CORS(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "http://*")
 		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-		w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-User-ID")

 		if r.Method == http.MethodOptions {
 			w.WriteHeader(http.StatusNoContent)
--- a/backend/internal/handler/session.go
+++ b/backend/internal/handler/session.go
@@ -7,6 +7,36 @@ import (
 	"strings"
 )

+func (h *Handler) handleGetActiveSession(w http.ResponseWriter, r *http.Request) {
+	uid, err := userID(r)
+	if err != nil {
+		writeError(w, http.StatusBadRequest, err.Error())
+		return
+	}
+
+	session, err := h.store.GetActiveSession(uid)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "Fehler beim Suchen der aktiven Session")
+		return
+	}
+	if session == nil {
+		writeJSON(w, http.StatusOK, nil)
+		return
+	}
+
+	// Exercises des Sets mitliefern
+	exercises, err := h.store.GetSetExercises(session.SetID)
+	if err != nil {
+		writeError(w, http.StatusInternalServerError, "Fehler beim Laden der Übungen")
+		return
+	}
+
+	writeJSON(w, http.StatusOK, map[string]any{
+		"session":   session,
+		"exercises": exercises,
+	})
+}
+
 func (h *Handler) handleCreateSession(w http.ResponseWriter, r *http.Request) {
 	uid, err := userID(r)
 	if err != nil {
@@ -26,6 +56,10 @@ func (h *Handler) handleCreateSession(w http.ResponseWriter, r *http.Request) {

 	session, err := h.store.CreateSession(uid, req.SetID)
 	if err != nil {
+		if strings.Contains(err.Error(), "SESSION_OPEN") {
+			writeError(w, http.StatusConflict, "Es läuft bereits ein Training. Bitte zuerst beenden.")
+			return
+		}
 		if strings.Contains(err.Error(), "existiert nicht") {
 			writeError(w, http.StatusBadRequest, err.Error())
 			return
--- a/backend/internal/handler/session_resume_test.go
+++ b/backend/internal/handler/session_resume_test.go
@@ -0,0 +1,262 @@
+package handler_test
+
+import (
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"strings"
+	"testing"
+
+	_ "github.com/mattn/go-sqlite3"
+	migrate "krafttrainer/internal/migrate"
+	"krafttrainer/internal/handler"
+	"krafttrainer/internal/store"
+	"krafttrainer/migrations"
+)
+
+// ---------------------------------------------------------------------------
+// Test infrastructure
+// ---------------------------------------------------------------------------
+
+func newHandlerWithStore(t *testing.T) (*handler.Handler, *store.Store) {
+	t.Helper()
+
+	f, err := os.CreateTemp("", "krafttrainer-handler-test-*.db")
+	if err != nil {
+		t.Fatalf("create temp db file: %v", err)
+	}
+	f.Close()
+	dbPath := f.Name()
+
+	s, err := store.New(dbPath)
+	if err != nil {
+		os.Remove(dbPath)
+		t.Fatalf("store.New: %v", err)
+	}
+	t.Cleanup(func() {
+		s.Close()
+		os.Remove(dbPath)
+	})
+
+	if err := migrate.Run(s.DB(), migrations.FS); err != nil {
+		t.Fatalf("migrate.Run: %v", err)
+	}
+	return handler.New(s), s
+}
+
+func seedUserH(t *testing.T, db *sql.DB, name string) int64 {
+	t.Helper()
+	res, err := db.Exec(`INSERT INTO users (name) VALUES (?)`, name)
+	if err != nil {
+		t.Fatalf("seedUser %q: %v", name, err)
+	}
+	id, _ := res.LastInsertId()
+	return id
+}
+
+func seedTrainingSetH(t *testing.T, db *sql.DB, name string, userID int64) int64 {
+	t.Helper()
+	res, err := db.Exec(`INSERT INTO training_sets (name, user_id) VALUES (?, ?)`, name, userID)
+	if err != nil {
+		t.Fatalf("seedTrainingSet %q: %v", name, err)
+	}
+	id, _ := res.LastInsertId()
+	return id
+}
+
+func seedExerciseH(t *testing.T, db *sql.DB, name string, userID int64) int64 {
+	t.Helper()
+	res, err := db.Exec(
+		`INSERT INTO exercises (name, muscle_group, weight_step_kg, user_id) VALUES (?, 'brust', 2.5, ?)`,
+		name, userID,
+	)
+	if err != nil {
+		t.Fatalf("seedExercise %q: %v", name, err)
+	}
+	id, _ := res.LastInsertId()
+	return id
+}
+
+func openSessionH(t *testing.T, db *sql.DB, setID, userID int64) int64 {
+	t.Helper()
+	res, err := db.Exec(`INSERT INTO sessions (set_id, user_id) VALUES (?, ?)`, setID, userID)
+	if err != nil {
+		t.Fatalf("openSession: %v", err)
+	}
+	id, _ := res.LastInsertId()
+	return id
+}
+
+// requestWithUserID builds a request for path with an optional X-User-ID header.
+func requestWithUserID(method, path string, userIDHeader string) *http.Request {
+	r := httptest.NewRequest(method, path, nil)
+	if userIDHeader != "" {
+		r.Header.Set("X-User-ID", userIDHeader)
+	}
+	return r
+}
+
+// decodeBody parses the JSON response body into dst.
+func decodeBody(t *testing.T, rec *httptest.ResponseRecorder, dst any) {
+	t.Helper()
+	if err := json.NewDecoder(rec.Body).Decode(dst); err != nil {
+		t.Fatalf("decode response body: %v", err)
+	}
+}
+
+// newMux registers all handler routes on a fresh ServeMux so that Go 1.22+
+// pattern matching (including the /active literal segment) is active.
+func newMux(h *handler.Handler) *http.ServeMux {
+	mux := http.NewServeMux()
+	h.RegisterRoutes(mux)
+	return mux
+}
+
+// ---------------------------------------------------------------------------
+// handleGetActiveSession tests
+// ---------------------------------------------------------------------------
+
+func TestHandleGetActiveSession_MissingUserIDHeader(t *testing.T) {
+	h, _ := newHandlerWithStore(t)
+	mux := newMux(h)
+
+	rec := httptest.NewRecorder()
+	mux.ServeHTTP(rec, requestWithUserID("GET", "/api/v1/sessions/active", ""))
+
+	if rec.Code != http.StatusBadRequest {
+		t.Errorf("status: want 400, got %d", rec.Code)
+	}
+}
+
+func TestHandleGetActiveSession_InvalidUserIDHeader(t *testing.T) {
+	h, _ := newHandlerWithStore(t)
+	mux := newMux(h)
+
+	for _, bad := range []string{"not-a-number", "0", "-1"} {
+		t.Run(bad, func(t *testing.T) {
+			rec := httptest.NewRecorder()
+			mux.ServeHTTP(rec, requestWithUserID("GET", "/api/v1/sessions/active", bad))
+			if rec.Code != http.StatusBadRequest {
+				t.Errorf("header %q: status want 400, got %d", bad, rec.Code)
+			}
+		})
+	}
+}
+
+func TestHandleGetActiveSession_ReturnsNullWhenNoActiveSession(t *testing.T) {
+	h, s := newHandlerWithStore(t)
+	mux := newMux(h)
+	userID := seedUserH(t, s.DB(), "NoSession")
+
+	rec := httptest.NewRecorder()
+	mux.ServeHTTP(rec, requestWithUserID("GET", "/api/v1/sessions/active", fmt.Sprintf("%d", userID)))
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status: want 200, got %d", rec.Code)
+	}
+
+	// writeJSON(w, 200, nil) encodes the Go nil interface value as JSON "null".
+	body := strings.TrimSpace(rec.Body.String())
+	if body != "null" {
+		t.Errorf("body: want %q, got %q", "null", body)
+	}
+}
+
+func TestHandleGetActiveSession_ReturnsSessionAndExercises(t *testing.T) {
+	h, s := newHandlerWithStore(t)
+	mux := newMux(h)
+
+	uid := seedUserH(t, s.DB(), "ActiveUser")
+	setID := seedTrainingSetH(t, s.DB(), "Push Tag", uid)
+	exID := seedExerciseH(t, s.DB(), "Bankdrücken", uid)
+
+	if _, err := s.DB().Exec(
+		`INSERT INTO set_exercises (set_id, exercise_id, position) VALUES (?, ?, 0)`,
+		setID, exID,
+	); err != nil {
+		t.Fatalf("link exercise to set: %v", err)
+	}
+
+	sessionID := openSessionH(t, s.DB(), setID, uid)
+
+	rec := httptest.NewRecorder()
+	mux.ServeHTTP(rec, requestWithUserID("GET", "/api/v1/sessions/active", fmt.Sprintf("%d", uid)))
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status: want 200, got %d; body: %s", rec.Code, rec.Body)
+	}
+
+	var resp struct {
+		Session struct {
+			ID      int64  `json:"id"`
+			SetID   int64  `json:"set_id"`
+			SetName string `json:"set_name"`
+		} `json:"session"`
+		Exercises []struct {
+			ID   int64  `json:"id"`
+			Name string `json:"name"`
+		} `json:"exercises"`
+	}
+	decodeBody(t, rec, &resp)
+
+	if resp.Session.ID != sessionID {
+		t.Errorf("session.id: want %d, got %d", sessionID, resp.Session.ID)
+	}
+	if resp.Session.SetID != setID {
+		t.Errorf("session.set_id: want %d, got %d", setID, resp.Session.SetID)
+	}
+	if resp.Session.SetName != "Push Tag" {
+		t.Errorf("session.set_name: want %q, got %q", "Push Tag", resp.Session.SetName)
+	}
+	if len(resp.Exercises) != 1 {
+		t.Fatalf("exercises: want 1, got %d", len(resp.Exercises))
+	}
+	if resp.Exercises[0].ID != exID {
+		t.Errorf("exercise.id: want %d, got %d", exID, resp.Exercises[0].ID)
+	}
+	if resp.Exercises[0].Name != "Bankdrücken" {
+		t.Errorf("exercise.name: want %q, got %q", "Bankdrücken", resp.Exercises[0].Name)
+	}
+}
+
+func TestHandleGetActiveSession_ExercisesEmptyWhenSetHasNone(t *testing.T) {
+	h, s := newHandlerWithStore(t)
+	mux := newMux(h)
+
+	uid := seedUserH(t, s.DB(), "NoExUser")
+	setID := seedTrainingSetH(t, s.DB(), "Leeres Set", uid)
+	openSessionH(t, s.DB(), setID, uid)
+
+	rec := httptest.NewRecorder()
+	mux.ServeHTTP(rec, requestWithUserID("GET", "/api/v1/sessions/active", fmt.Sprintf("%d", uid)))
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status: want 200, got %d; body: %s", rec.Code, rec.Body)
+	}
+
+	var resp struct {
+		Exercises []json.RawMessage `json:"exercises"`
+	}
+	decodeBody(t, rec, &resp)
+
+	if len(resp.Exercises) != 0 {
+		t.Errorf("exercises: want empty slice, got %d items", len(resp.Exercises))
+	}
+}
+
+func TestHandleGetActiveSession_ContentTypeIsJSON(t *testing.T) {
+	h, s := newHandlerWithStore(t)
+	mux := newMux(h)
+
+	uid := seedUserH(t, s.DB(), "CTUser")
+	rec := httptest.NewRecorder()
+	mux.ServeHTTP(rec, requestWithUserID("GET", "/api/v1/sessions/active", fmt.Sprintf("%d", uid)))
+
+	ct := rec.Header().Get("Content-Type")
+	if !strings.HasPrefix(ct, "application/json") {
+		t.Errorf("Content-Type: want application/json, got %q", ct)
+	}
+}