feat(5.20): US-001/002/003 schema medii per cont + disponibilitate + idempotenta env-aware

US-001: coloane accounts (rar_test/prod_enabled, rar_creds_test/prod_enc,
rar_env_default) + submissions.rar_env; migrare cu backfill din ancora globala
AUTOPASS_RAR_ENV (creds->slot, enabled doar pe mediul cu creds) + recompute
idempotency_key env-aware (AUTO-FIX G + E4/3).
US-002: app/rar_env.py — medii_disponibile + rar_env_efectiv (REQ-DISP/DEFAULT).
US-003: build_key(account_id, canon, rar_env) — test vs prod = trimiteri distincte.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-06-29 19:42:28 +00:00
parent b4818349be
commit deb6afff3e
7 changed files with 448 additions and 6 deletions

110
app/db.py
View File

@@ -71,11 +71,26 @@ def _migrate(conn: sqlite3.Connection) -> None:
conn.execute("ALTER TABLE submissions ADD COLUMN batch_id INTEGER")
if "row_index" not in sub_cols:
conn.execute("ALTER TABLE submissions ADD COLUMN row_index INTEGER")
if "rar_env" not in sub_cols:
# PRD 5.20 US-001. Mediul RAR tinta pe submission. Pe DB existent NU lasam
# randurile pe DEFAULT 'test': un rand prod pre-migrare etichetat 'test' ar fi
# reconciliat de worker (US-006) contra endpoint TEST -> no-match -> re-send prod
# = DUPLICAT REAL IREVERSIBIL. Backfill din AUTOPASS_RAR_ENV global (ancora de
# migrare) + recompute idempotency_key env-aware. Ruleaza O SINGURA DATA (in
# blocul de adaugare a coloanei); pe DB fresh coloana vine din schema.sql (fara rows).
conn.execute(
"ALTER TABLE submissions ADD COLUMN rar_env TEXT NOT NULL DEFAULT 'test' "
"CHECK (rar_env IN ('test', 'prod'))"
)
_backfill_submissions_rar_env(conn)
# Coloane accounts
acc_cols = {r["name"] for r in conn.execute("PRAGMA table_info(accounts)").fetchall()}
if "rar_creds_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_enc TEXT")
acc_cols.add("rar_creds_enc")
# Medii RAR per cont (PRD 5.20 US-001): activare + slot creds + default, per mediu.
_migrate_accounts_medii(conn, acc_cols)
if "active" not in acc_cols:
# Conturi existente raman active (default 1).
conn.execute("ALTER TABLE accounts ADD COLUMN active INTEGER NOT NULL DEFAULT 1")
@@ -164,6 +179,101 @@ def _migrate(conn: sqlite3.Connection) -> None:
)
def _migrate_accounts_medii(conn: sqlite3.Connection, acc_cols: set[str]) -> None:
"""PRD 5.20 US-001: coloane medii RAR per cont + backfill din ancora globala.
Adauga (idempotent): rar_test_enabled/rar_prod_enabled (bife activare),
rar_creds_test_enc/rar_creds_prod_enc (sloturi creds), rar_env_default.
Backfill (O SINGURA DATA, cand coloanele tocmai au fost adaugate pe DB existent):
creds-ul legacy `rar_creds_enc` apartine mediului `AUTOPASS_RAR_ENV` global de la
momentul migrarii (ancora) — il copiem in slotul acelui mediu, activam DOAR acel
mediu (celalalt dezactivat) si fixam default-ul pe el. Conturile fara creds raman
pe default-urile coloanei (prod on / test off). Migrarea NU presupune env-ul; se
bazeaza pe ancora globala, exact cum opera contul inainte de 5.20.
"""
newly_added = "rar_env_default" not in acc_cols
if "rar_test_enabled" not in acc_cols:
conn.execute(
"ALTER TABLE accounts ADD COLUMN rar_test_enabled INTEGER NOT NULL DEFAULT 0 "
"CHECK (rar_test_enabled IN (0, 1))"
)
if "rar_prod_enabled" not in acc_cols:
conn.execute(
"ALTER TABLE accounts ADD COLUMN rar_prod_enabled INTEGER NOT NULL DEFAULT 1 "
"CHECK (rar_prod_enabled IN (0, 1))"
)
if "rar_creds_test_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_test_enc TEXT")
if "rar_creds_prod_enc" not in acc_cols:
conn.execute("ALTER TABLE accounts ADD COLUMN rar_creds_prod_enc TEXT")
if "rar_env_default" not in acc_cols:
# ALTER nu poate adauga CHECK pe coloana noua in SQLite -> validarea ('test'/'prod')
# se face in cod (rar_env.py / rutele de cont). DEFAULT 'prod' (cont client nou).
conn.execute("ALTER TABLE accounts ADD COLUMN rar_env_default TEXT NOT NULL DEFAULT 'prod'")
if not newly_added:
return # coloanele existau deja -> backfill-ul a rulat la o pornire anterioara
# Are coloana legacy rar_creds_enc randuri de migrat? (Pe DB foarte nou, e absenta.)
if "rar_creds_enc" not in acc_cols:
return
env = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
other = "prod" if env == "test" else "test"
slot = f"rar_creds_{env}_enc"
conn.execute(
f"UPDATE accounts SET {slot} = rar_creds_enc, "
f"rar_{env}_enabled = 1, rar_{other}_enabled = 0, rar_env_default = ? "
f"WHERE rar_creds_enc IS NOT NULL AND TRIM(rar_creds_enc) <> '' AND {slot} IS NULL",
(env,),
)
def _backfill_submissions_rar_env(conn: sqlite3.Connection) -> None:
"""PRD 5.20 US-001 (AUTO-FIX G + E4/3): backfill rar_env + recompute idempotency_key.
Ruleaza O SINGURA DATA, imediat dupa ce coloana `submissions.rar_env` a fost adaugata
pe un DB existent. Toate randurile pre-migrare au fost trimise (sau urmeaza) catre
mediul `AUTOPASS_RAR_ENV` global — le etichetam cu acel env (NU DEFAULT 'test'), altfel
reconcilierea worker-ului ar lovi endpoint-ul gresit -> duplicat ireversibil.
Recompute `idempotency_key` la forma env-aware (`build_key(account_id, canon, rar_env)`):
altfel un re-POST al unui rand legacy (cheie env-less) ar rata randul existent ->
duplicat. Recompute-ul e consistent (acelasi env pe toate randurile pre-migrare) deci
nu poate crea coliziuni intre randuri care erau deja distincte.
"""
import json as _json
from .idempotency import build_key, canonicalize_row
env = get_settings().rar_env if get_settings().rar_env in ("test", "prod") else "test"
conn.execute("UPDATE submissions SET rar_env = ?", (env,))
rows = conn.execute(
"SELECT id, account_id, idempotency_key, payload_json FROM submissions"
).fetchall()
for r in rows:
try:
content = _json.loads(r["payload_json"])
except (ValueError, TypeError):
continue
canon = canonicalize_row(content)
# Pastreaza prestatiile rezolvate (cod_prestatie/cod_op_service) pentru _op_identity.
canon["prestatii"] = content.get("prestatii") or []
new_key = build_key(r["account_id"], canon, env)
if new_key == r["idempotency_key"]:
continue
try:
conn.execute(
"UPDATE submissions SET idempotency_key = ? WHERE id = ?",
(new_key, r["id"]),
)
except sqlite3.IntegrityError:
# Coliziune improbabila pe UNIQUE(idempotency_key): lasa cheia veche (no-op),
# randul ramane gasibil prin dual-lookup legacy.
continue
def _now_iso() -> str:
return datetime.now(timezone.utc).isoformat(timespec="seconds")

View File

@@ -70,17 +70,23 @@ def canonicalize_row(raw: dict[str, Any]) -> dict[str, Any]:
}
def build_key(account_id: int | None, canon: dict[str, Any]) -> str:
"""SHA-256 partajat canal-API + canal-import.
def build_key(account_id: int | None, canon: dict[str, Any], rar_env: str = "test") -> str:
"""SHA-256 partajat canal-API + canal-import, env-aware (PRD 5.20 US-003).
Aplica account_or_default inainte de hash: None si 1 colapseaza la aceeasi
cheie => acelasi rand logic din canale diferite nu se trimite de doua ori.
`rar_env` ('test'|'prod') intra in cheie: aceeasi prezentare la test si apoi la
prod sunt DOUA trimiteri reale distincte (sisteme RAR separate), nu un duplicat.
Default 'test' = back-compat cu apelantii care nu paseaza inca env-ul; toate
rutele de ingestie paseaza env-ul rezolvat explicit.
"""
# Import local ca sa evitam import circular (mapping importa din idempotency via validator)
from .mapping import account_or_default
acct = account_or_default(account_id)
canonic = {
"account_id": acct,
"rar_env": rar_env,
"vin": canon.get("vin", ""),
"nr_inmatriculare": canon.get("nr_inmatriculare", ""),
"data_prestatie": canon.get("data_prestatie"),
@@ -91,8 +97,8 @@ def build_key(account_id: int | None, canon: dict[str, Any]) -> str:
return hashlib.sha256(blob.encode("utf-8")).hexdigest()
def idempotency_key(account_id: int | None, prezentare: dict[str, Any]) -> str:
"""SHA-256 peste (account_id + campurile semnificative ale prezentarii).
def idempotency_key(account_id: int | None, prezentare: dict[str, Any], rar_env: str = "test") -> str:
"""SHA-256 peste (account_id + rar_env + campurile semnificative ale prezentarii).
Wrapper backward-compat peste canonicalize_row + build_key.
Exclude obs si b64Image (cosmetice, nu definesc unicitatea declaratiei).
@@ -102,7 +108,7 @@ def idempotency_key(account_id: int | None, prezentare: dict[str, Any]) -> str:
acoperite automat — dual-lookup sau recompute-keys la migrare productie.
"""
canon = canonicalize_row(prezentare)
return build_key(account_id, canon)
return build_key(account_id, canon, rar_env)
def build_key_legacy(account_id: int | None, prezentare: dict[str, Any]) -> str:

91
app/rar_env.py Normal file
View File

@@ -0,0 +1,91 @@
"""Medii RAR per cont (PRD 5.20): disponibilitate + default efectiv.
Sursa UNICA de adevar pentru REQ-DISP / REQ-DEFAULT: vizibilitatea selector/toggle
in UI, validarea tintei in API si decizia worker-ului citesc TOATE de aici, ca sa
decida identic.
Un mediu ('test'|'prod') e *disponibil* pentru un cont daca e activat (bifa) SI are
credentiale (slot per-mediu non-gol). Din disponibilitate decurge tot UX-ul:
- 0 medii -> nicio tinta; trimiterea web e blocata, API cade pe ancora globala.
- 1 mediu -> tinta implicita (acel mediu), fara selector.
- 2 medii -> selector la import + toggle in statusbar + alegere in API.
Functii PURE (fara DB) peste un rand de cont (sqlite3.Row sau dict). Helperele cu
`conn` incarca randul si deleaga.
"""
from __future__ import annotations
import sqlite3
from typing import Any
VALID_ENVS: tuple[str, str] = ("test", "prod")
def _field(account: Any, key: str, default: Any = None) -> Any:
"""Citire toleranta a unui camp de cont (dict sau sqlite3.Row, camp posibil absent)."""
if account is None:
return default
if isinstance(account, dict):
return account.get(key, default)
try:
return account[key] # sqlite3.Row
except (IndexError, KeyError):
return default
def _are_creds(account: Any, env: str) -> bool:
creds = _field(account, f"rar_creds_{env}_enc", None)
return bool(creds and str(creds).strip())
def _enabled(account: Any, env: str) -> bool:
return int(_field(account, f"rar_{env}_enabled", 0) or 0) == 1
def medii_disponibile(account: Any) -> list[str]:
"""Subset din ('test','prod') = activat AND creds prezente. Ordine stabila test<prod."""
return [env for env in VALID_ENVS if _enabled(account, env) and _are_creds(account, env)]
def rar_env_efectiv(account: Any) -> str | None:
"""Mediul tinta implicit al contului (REQ-DEFAULT).
Mereu unul din mediile disponibile: default-ul contului daca inca e disponibil,
altfel singurul disponibil; daca 0 disponibile -> None (nicio tinta).
"""
disp = medii_disponibile(account)
if not disp:
return None
default = _field(account, "rar_env_default", "prod")
if default in disp:
return default
return disp[0]
# --------------------------------------------------------------------------- #
# Helpere cu conexiune #
# --------------------------------------------------------------------------- #
_ACCOUNT_ENV_COLS = (
"id, rar_test_enabled, rar_prod_enabled, "
"rar_creds_test_enc, rar_creds_prod_enc, rar_env_default"
)
def load_account_env(conn: sqlite3.Connection, account_id: int) -> sqlite3.Row | None:
"""Randul de cont cu exact coloanele de mediu (pentru medii_disponibile/rar_env_efectiv)."""
from .mapping import account_or_default
return conn.execute(
f"SELECT {_ACCOUNT_ENV_COLS} FROM accounts WHERE id=?",
(account_or_default(account_id),),
).fetchone()
def medii_disponibile_cont(conn: sqlite3.Connection, account_id: int) -> list[str]:
return medii_disponibile(load_account_env(conn, account_id))
def rar_env_efectiv_cont(conn: sqlite3.Connection, account_id: int) -> str | None:
return rar_env_efectiv(load_account_env(conn, account_id))

View File

@@ -19,7 +19,15 @@ CREATE TABLE IF NOT EXISTS accounts (
-- vezi accounts.delete_account — randul ramane doar pentru audit).
status TEXT NOT NULL DEFAULT 'active'
CHECK (status IN ('pending','active','blocked','archived','deleted')),
rar_creds_enc TEXT, -- creds RAR criptate (Fernet) durabile per-cont (D4/Eng#1)
rar_creds_enc TEXT, -- LEGACY (PRD 5.20 US-013 dropeaza coloana): creds RAR durabile env-less
-- Medii RAR per cont (PRD 5.20 US-001). Fiecare mediu = bifa de activare + slot creds.
-- medii_disponibile = enabled AND creds prezente (app/rar_env.py). Cont client nou =
-- Productie on / Testare off (clientii declara real); contul operator se pune manual pe Testare.
rar_test_enabled INTEGER NOT NULL DEFAULT 0 CHECK (rar_test_enabled IN (0, 1)),
rar_prod_enabled INTEGER NOT NULL DEFAULT 1 CHECK (rar_prod_enabled IN (0, 1)),
rar_creds_test_enc TEXT, -- creds RAR criptate (Fernet) pentru mediul Testare
rar_creds_prod_enc TEXT, -- creds RAR criptate (Fernet) pentru mediul Productie
rar_env_default TEXT NOT NULL DEFAULT 'prod' CHECK (rar_env_default IN ('test', 'prod')),
-- Comportament implicit la cod prestatie necunoscut/nemapat pe canalul API:
-- 0 (default, non-distructiv: submission 'needs_mapping', intra in editorul de mapare) sau
-- 1 (respinge cererea fara enqueue). Override per-cerere via PrezentareRequest.on_unmapped_error.
@@ -88,6 +96,10 @@ CREATE TABLE IF NOT EXISTS submissions (
status TEXT NOT NULL DEFAULT 'queued'
CHECK (status IN ('queued','sending','sent','needs_mapping','needs_data','error')),
payload_json TEXT NOT NULL,
-- Mediul RAR tinta al acestei trimiteri (PRD 5.20 US-001). DEFAULT 'test' e doar plasa
-- pentru randuri net-noi care nu seteaza explicit; fiecare INSERT (API/import/web) seteaza
-- rar_env explicit. Backfill din AUTOPASS_RAR_ENV global la migrare (NU lasa pe DEFAULT).
rar_env TEXT NOT NULL DEFAULT 'test' CHECK (rar_env IN ('test', 'prod')),
rar_creds_enc TEXT, -- creds RAR criptate (Fernet), sterse dupa primul login reusit
rar_status_code INTEGER,
rar_error TEXT,