Plan sect.5: parola RAR vine per-cerere, stocata CRIPTATA in submission pana la
primul login reusit pe cont, apoi stearsa; JWT 30h acopera restul.
- app/crypto.py: Fernet, cheie din AUTOPASS_creds_key (nesetata -> efemera la
runtime, creds nu supravietuiesc restartului). encrypt/decrypt_creds.
- schema + migrare: submissions.rar_creds_enc (creds criptate).
- ingestie: cripteaza rar_credentials, le lipeste de fiecare submission nou.
Niciodata in clar in DB.
- worker: AccountSessions (login per-cont cu creds decriptate, cache JWT in
memorie, sterge creds-urile contului dupa primul login + refresh nomenclator).
401 creds gresite -> error fara retry; token expirat -> invalidare + requeue;
fara creds (restart) -> requeue "indisponibile" (ROAAUTO re-trimite).
claim_one intoarce account_id + creds_enc; recover_orphans filtrabil pe cont.
- requirements: cryptography==46.0.5.
Nota: refresh nomenclator e acum lazy la primul login per-cont (nu la pornire);
seed-ul fallback acopera editorul offline.
10 teste noi (tests/test_creds_delivery.py). 95 pass total.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Redactare:
- handler RequestValidationError dropeaza input/ctx din 422 (vectorul de
scurgere a rar_credentials.password pe /v1/prezentari); pastreaza type/loc/msg
- app/security.py: scrub/scrub_text + CredentialRedactingFilter pe root+uvicorn
- models.py: password cu repr=False
Auth API-key:
- app/auth.py: hash SHA-256 in api_keys (cheia in clar emisa o singura data),
header X-API-Key / Authorization: Bearer, dependency resolve_account_id
- enforcement pe flag AUTOPASS_require_api_key (prod on->401, dev off->cont
default id=1; cheie prezenta invalida->401 mereu)
- account_id real curge din cheie in ingestie + mapare
- tools/apikey.py: CLI create/rotate/revoke/list (fara endpoint HTTP admin)
16 teste noi (tests/test_security.py). 85 pass total.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Verificat contractul RAR AUTOPASS pe endpoint-ul de test si compilat sursa
de adevar `docs/api-rar-contract.md`. Corectii majore fata de planurile vechi:
- JWT TTL = 30h (nu scurt); worker se re-logheaza, retry neplafonat
- b64Image optional; tipPrestatie generat de server (nu se trimite)
- anulare/corectie prin API inexistente pentru FINALIZATA
- needs_data determinist pe R-ODO/I-ODO; reguli validare exacte (VIN/data/nrInm)
Rulat plan-eng-review + plan-design-review, apoi consolidat ambele intr-un
singur plan executabil `docs/plans/plan.md` (design ca anexa). Outside voice
a prins lost-ack double-submit (P1) -> reconciliere inainte de re-send.
Re-push din ROAAUTO scos din v1 (durabilitate = SQLite persistent + restart).
- mutat fisierele spec oficiale RAR in docs/
- adaugat raspunsul oficial al programatorilor RAR (api-rar-documentatie-oficiala.md)
- sterse plan-eng-review.md + plan-design-review.md (consolidate in plan.md)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>