zioinfo-mail/projects/testcase-py-api/app/main.py

"""
GUARDiA HR 포털 API (Python/FastAPI) — 코드 리뷰 testcase
의도적 문제점:
  - 패스워드 평문 저장
  - SQL 인젝션 취약점 (raw query)
  - 인증 미흡
  - 에러 핸들링 없음
"""
from fastapi import FastAPI, Depends, HTTPException
from sqlalchemy.orm import Session
from app.database import SessionLocal, engine
from app.models import base, employee
from app.routers import employees, auth

base.Base.metadata.create_all(bind=engine)

app = FastAPI(title="HR Portal API", version="1.0.0")

def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()

app.include_router(employees.router, prefix="/api/employees", tags=["employees"])
app.include_router(auth.router, prefix="/api/auth", tags=["auth"])

@app.get("/health")
def health_check():
    return {"status": "ok", "service": "hr-portal-api"}