Merge pull request #6 from velocitatem/claude/fix-document-loading-backend-PVFi6

Fix document loading: circular FK, patch validation 500, and token expiry redirect

.gitignore

@@ -9,3 +9,4 @@ logs/
 FLAT.xml
 **/package-lock.json
 .nx/
+**/*.db

apps/backend/fastapi/app/api/routes/versions.py

@@ -7,6 +7,7 @@ from app.api.deps import get_current_user, get_db
 from app.schemas import BranchCreateRequest, VersionResponse
 from app.services.versions import create_branch, delete_version
 from dlib.auth import AuthenticatedUser
+from dlib.cv.ats_guard import PatchValidationError
 
 
 router = APIRouter(prefix="/versions", tags=["versions"])
@@ -18,14 +19,17 @@ async def create_version_branch(
     session: AsyncSession = Depends(get_db),
     user: AuthenticatedUser = Depends(get_current_user),
 ):
-    version = await create_branch(
+    try:
-        session,
+        version = await create_branch(
-        owner_id=user.sub,
+            session,
-        parent_version_id=payload.parent_version_id,
+            owner_id=user.sub,
-        branch_name=payload.branch_name,
+            parent_version_id=payload.parent_version_id,
-        version_label=payload.version_label,
+            branch_name=payload.branch_name,
-        patches=payload.patches,
+            version_label=payload.version_label,
-    )
+            patches=payload.patches,
+        )
+    except PatchValidationError as exc:
+        raise HTTPException(status_code=422, detail=str(exc)) from exc
     if not version:
         raise HTTPException(status_code=404, detail="Parent version not found")
     return VersionResponse.model_validate(version)

apps/backend/fastapi/app/core/config.py

@@ -57,6 +57,13 @@ class Settings(BaseSettings):
             return [origin.strip() for origin in value.split(",") if origin.strip()]
         return value
 
+    @field_validator("storage_endpoint_url", mode="before")
+    @classmethod
+    def _empty_endpoint_to_none(cls, value):
+        if isinstance(value, str) and not value.strip():
+            return None
+        return value
+
 
 @lru_cache(maxsize=1)
 def get_settings() -> Settings:

apps/backend/fastapi/app/services/documents.py

@@ -23,20 +23,22 @@ async def create_document(
     structured = parse_docx_bytes(file_bytes, version_label="root")
 
     doc = CvDocument(owner_id=owner_id, title=title, description=description)
+    session.add(doc)
+    await session.flush()  # persist doc so version FK is satisfied
+
     version = CvVersion(
-        document=doc,
+        document_id=doc.id,
         branch_name="root",
         version_label="root",
         artifact_docx_key=artifact_key,
         structured_blocks=[block.model_dump() for block in structured.blocks],
         metadata_json={"ingested": True},
     )
-    doc.versions.append(version)
+    session.add(version)
-    doc.root_version_id = version.id
+    await session.flush()  # persist version so root_version_id FK is satisfied
 
-    session.add(doc)
+    doc.root_version_id = version.id
     await session.commit()
-    await session.refresh(doc)
 
     stmt = (
         select(CvDocument)

apps/webapp/src/libs/api.ts

@@ -92,6 +92,11 @@ async function req<T>(path: string, init?: RequestInit): Promise<T> {
         headers: { accept: 'application/json', ...getAuthHeader(), ...init?.headers },
     });
     if (!res.ok) {
+        if (res.status === 401 && typeof window !== 'undefined') {
+            document.cookie = 'oidc_token_pub=; max-age=0; path=/';
+            document.cookie = 'oidc_token=; max-age=0; path=/';
+            window.location.href = '/login';
+        }
         const detail = await res.text().catch(() => res.statusText);
         throw new Error(detail || `HTTP ${res.status}`);
     }