rar-autopass

romfast/rar-autopass

Fork 0

Commit Graph

Author	SHA1	Message	Date
Claude Agent	c17c1aa4f4	feat(securitate-CORE): redactare creds + auth API-key per cont Redactare: - handler RequestValidationError dropeaza input/ctx din 422 (vectorul de scurgere a rar_credentials.password pe /v1/prezentari); pastreaza type/loc/msg - app/security.py: scrub/scrub_text + CredentialRedactingFilter pe root+uvicorn - models.py: password cu repr=False Auth API-key: - app/auth.py: hash SHA-256 in api_keys (cheia in clar emisa o singura data), header X-API-Key / Authorization: Bearer, dependency resolve_account_id - enforcement pe flag AUTOPASS_require_api_key (prod on->401, dev off->cont default id=1; cheie prezenta invalida->401 mereu) - account_id real curge din cheie in ingestie + mapare - tools/apikey.py: CLI create/rotate/revoke/list (fara endpoint HTTP admin) 16 teste noi (tests/test_security.py). 85 pass total. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 20:02:07 +00:00
Claude Agent	77088daf29	feat(T2): reconciliere anti-duplicat + retry/backoff + recuperare orfane Inchide bucla de trimitere (plan.md sect. 4 worker, failure registry). - app/reconcile.py: match_finalizata pe vin+dataPrestatie+odometruFinal (int), alege id maxim la duplicate (RAR accepta duplicate, confirmat live) - app/rar_client.get_finalizate: parseaza data.content (descoperit live ca ruta = GET /prezentari/getAllPrezentariFinalizate; filtrele nu merg pe test) - app/worker rescris: - recuperare orfane (rand 'sending' peste lease = worker mort mid-POST) - pe eroare tranzitorie/timeout: reconciliere INAINTE de re-send (anti-duplicat); daca recordul exista la RAR -> sent fara re-POST - retry/backoff exponential; peste worker_max_retries -> error + banner - re-login la token expirat (JWT 30h) - schema: coloana next_attempt_at (backoff) + migrare aditiva in init_db - config: worker_sending_lease_s, worker_retry_base_s/max_s, worker_max_retries - contract: documentata ruta+forma getAllPrezentariFinalizate (verificat live) Verify: pytest 54 passed (15 noi T2) + validare live (reconciliere record 68514). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 18:20:32 +00:00
Claude Agent	f1b5f1f80f	feat: schelet gateway FastAPI (API v1 + worker + dashboard + SQLite WAL) Structura repo conform plan.md sect. 4, booteaza cu /healthz verde: - app/main.py: FastAPI (lifespan init_db), /healthz (worker viu + last login + queue), /metrics - app/api/v1: POST /v1/prezentari (enqueue + dedup idempotency UNIQUE), GET prezentari/{id}, nomenclator, mapari - app/rar_client.py: client RAR real (login/JWT, nomenclator, postPrezentare, getFinalizate) cu User-Agent obligatoriu (fix WAF 403) - app/worker: proces separat, claim atomic BEGIN IMMEDIATE, heartbeat, login+send (send dezactivat by default) - app/web: dashboard Jinja2+HTMX (coada, banner alerta blocate, worker viu/mort, stari empty) - app/db.py + schema.sql: SQLite WAL, tabele accounts/api_keys/operations_mapping/nomenclator_rar/submissions/worker_heartbeat - app/idempotency.py + payload.py: hash continut canonic + builder payload (status FINALIZATA, fara tipPrestatie) - Dockerfile + docker-compose.yml (api+worker, volum SQLite persistent, restart:always) - tools/import_dbf.py: stub T5 Verificat live: login prin rar_client OK (token 259), nomenclator 18 coduri, worker heartbeat -> /healthz worker_alive=True. Ramas: T3 validare Pydantic, T4 snapshot payload, T2 reconciliere/retry worker, T5 import DBF, auth API-key, middleware redactare creds, criptare PII. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 12:04:11 +00:00

Author

SHA1

Message

Date

Claude Agent

c17c1aa4f4

feat(securitate-CORE): redactare creds + auth API-key per cont

Redactare:
- handler RequestValidationError dropeaza input/ctx din 422 (vectorul de
  scurgere a rar_credentials.password pe /v1/prezentari); pastreaza type/loc/msg
- app/security.py: scrub/scrub_text + CredentialRedactingFilter pe root+uvicorn
- models.py: password cu repr=False

Auth API-key:
- app/auth.py: hash SHA-256 in api_keys (cheia in clar emisa o singura data),
  header X-API-Key / Authorization: Bearer, dependency resolve_account_id
- enforcement pe flag AUTOPASS_require_api_key (prod on->401, dev off->cont
  default id=1; cheie prezenta invalida->401 mereu)
- account_id real curge din cheie in ingestie + mapare
- tools/apikey.py: CLI create/rotate/revoke/list (fara endpoint HTTP admin)

16 teste noi (tests/test_security.py). 85 pass total.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-15 20:02:07 +00:00

Claude Agent

77088daf29

feat(T2): reconciliere anti-duplicat + retry/backoff + recuperare orfane

Inchide bucla de trimitere (plan.md sect. 4 worker, failure registry).

- app/reconcile.py: match_finalizata pe vin+dataPrestatie+odometruFinal (int),
  alege id maxim la duplicate (RAR accepta duplicate, confirmat live)
- app/rar_client.get_finalizate: parseaza data.content (descoperit live ca
  ruta = GET /prezentari/getAllPrezentariFinalizate; filtrele nu merg pe test)
- app/worker rescris:
  - recuperare orfane (rand 'sending' peste lease = worker mort mid-POST)
  - pe eroare tranzitorie/timeout: reconciliere INAINTE de re-send (anti-duplicat);
    daca recordul exista la RAR -> sent fara re-POST
  - retry/backoff exponential; peste worker_max_retries -> error + banner
  - re-login la token expirat (JWT 30h)
- schema: coloana next_attempt_at (backoff) + migrare aditiva in init_db
- config: worker_sending_lease_s, worker_retry_base_s/max_s, worker_max_retries
- contract: documentata ruta+forma getAllPrezentariFinalizate (verificat live)

Verify: pytest 54 passed (15 noi T2) + validare live (reconciliere record 68514).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-15 18:20:32 +00:00

Claude Agent

f1b5f1f80f

feat: schelet gateway FastAPI (API v1 + worker + dashboard + SQLite WAL)

Structura repo conform plan.md sect. 4, booteaza cu /healthz verde:
- app/main.py: FastAPI (lifespan init_db), /healthz (worker viu + last login + queue), /metrics
- app/api/v1: POST /v1/prezentari (enqueue + dedup idempotency UNIQUE), GET prezentari/{id}, nomenclator, mapari
- app/rar_client.py: client RAR real (login/JWT, nomenclator, postPrezentare, getFinalizate) cu User-Agent obligatoriu (fix WAF 403)
- app/worker: proces separat, claim atomic BEGIN IMMEDIATE, heartbeat, login+send (send dezactivat by default)
- app/web: dashboard Jinja2+HTMX (coada, banner alerta blocate, worker viu/mort, stari empty)
- app/db.py + schema.sql: SQLite WAL, tabele accounts/api_keys/operations_mapping/nomenclator_rar/submissions/worker_heartbeat
- app/idempotency.py + payload.py: hash continut canonic + builder payload (status FINALIZATA, fara tipPrestatie)
- Dockerfile + docker-compose.yml (api+worker, volum SQLite persistent, restart:always)
- tools/import_dbf.py: stub T5

Verificat live: login prin rar_client OK (token 259), nomenclator 18 coduri, worker heartbeat -> /healthz worker_alive=True.
Ramas: T3 validare Pydantic, T4 snapshot payload, T2 reconciliere/retry worker, T5 import DBF, auth API-key, middleware redactare creds, criptare PII.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-15 12:04:11 +00:00

3 Commits