fix: route ordering customer/{id}/health before /{id}; CustomerHealthService for health-overview; keywords/competitor Header decorator; onboarding product_info dict; marketing template fallback; frontend style-switching tabs

backend/app/api/v1/auth.py

@@ -26,6 +26,12 @@ class LoginResponse(BaseModel):
     user: dict
 
 
+class LoginRequest(BaseModel):
+    username: str = ""
+    phone: str = ""
+    password: str
+
+
 class RefreshRequest(BaseModel):
     refresh_token: str
 
@@ -56,17 +62,16 @@ async def register(data: RegisterRequest, db: AsyncSession = Depends(get_db)):
 
 @router.post("/login", response_model=LoginResponse)
 async def login(
-    data: dict,
+    data: LoginRequest,
     db: AsyncSession = Depends(get_db),
 ):
-    phone = data.get("username") or data.get("phone")
-    password = data.get("password")
-    if not phone or not password:
-        raise HTTPException(status_code=422, detail="phone and password required")
+    phone = data.username or data.phone
+    if not phone:
+        raise HTTPException(status_code=422, detail="phone required")
     result = await db.execute(select(User).where(User.phone == phone))
     user = result.scalar_one_or_none()
 
-    if not user or not verify_password(password, user.password_hash):
+    if not user or not verify_password(data.password, user.password_hash):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Invalid credentials",

backend/app/api/v1/customer.py

@@ -57,6 +57,28 @@ async def get_all_health_scores(
     return {"items": await service.get_all_health_scores(user_id)}
 
 
+@router.get("/{customer_id}/health")
+async def get_customer_health(
+    customer_id: str,
+    user_id: str = Depends(get_current_user_id),
+    db: AsyncSession = Depends(get_db),
+):
+    service = CustomerHealthService(db)
+    return await service.get_customer_health(user_id, customer_id)
+
+
+@router.get("/{customer_id}/conversation")
+async def get_conversation(
+    customer_id: str,
+    page: int = 1,
+    size: int = 20,
+    user_id: str = Depends(get_current_user_id),
+    db: AsyncSession = Depends(get_db),
+):
+    service = CustomerService(db)
+    return await service.get_conversation(user_id, customer_id, page, size)
+
+
 @router.get("/{customer_id}")
 async def get_customer(
     customer_id: str,
@@ -165,27 +187,3 @@ async def export_customers(
         headers={"Content-Disposition": "attachment; filename=customers.csv"},
     )
 
-
-@router.get("/{customer_id}/health")
-async def get_customer_health(
-    customer_id: str,
-    user_id: str = Depends(get_current_user_id),
-    db: AsyncSession = Depends(get_db),
-):
-    service = CustomerHealthService(db)
-    health = await service.get_customer_health(user_id, customer_id)
-    if not health:
-        raise HTTPException(status_code=404, detail="Customer not found")
-    return health
-
-
-@router.get("/{customer_id}/conversation")
-async def get_conversation(
-    customer_id: str,
-    page: int = Query(1, ge=1),
-    size: int = Query(50, ge=1, le=200),
-    user_id: str = Depends(get_current_user_id),
-    db: AsyncSession = Depends(get_db),
-):
-    service = CustomerService(db)
-    return await service.get_conversation(user_id, customer_id, page, size)

backend/app/api/v1/marketing.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter, HTTPException, Depends
+from fastapi import APIRouter, HTTPException, Depends, Header
 from typing import Optional
 from pydantic import BaseModel
 from sqlalchemy.ext.asyncio import AsyncSession
@@ -67,7 +67,7 @@ async def generate_marketing(
 
 
 @router.post("/keywords")
-async def generate_keywords(data: KeywordsRequest, authorization: str = None):
+async def generate_keywords(data: KeywordsRequest, authorization: str = Header(None)):
     if not authorization:
         raise HTTPException(status_code=401, detail="Missing token")
 
@@ -83,7 +83,7 @@ async def generate_keywords(data: KeywordsRequest, authorization: str = None):
 
 
 @router.post("/competitor-analysis")
-async def competitor_analysis(data: CompetitorRequest, authorization: str = None):
+async def competitor_analysis(data: CompetitorRequest, authorization: str = Header(None)):
     if not authorization:
         raise HTTPException(status_code=401, detail="Missing token")