Plan sect.5: parola RAR vine per-cerere, stocata CRIPTATA in submission pana la primul login reusit pe cont, apoi stearsa; JWT 30h acopera restul. - app/crypto.py: Fernet, cheie din AUTOPASS_creds_key (nesetata -> efemera la runtime, creds nu supravietuiesc restartului). encrypt/decrypt_creds. - schema + migrare: submissions.rar_creds_enc (creds criptate). - ingestie: cripteaza rar_credentials, le lipeste de fiecare submission nou. Niciodata in clar in DB. - worker: AccountSessions (login per-cont cu creds decriptate, cache JWT in memorie, sterge creds-urile contului dupa primul login + refresh nomenclator). 401 creds gresite -> error fara retry; token expirat -> invalidare + requeue; fara creds (restart) -> requeue "indisponibile" (ROAAUTO re-trimite). claim_one intoarce account_id + creds_enc; recover_orphans filtrabil pe cont. - requirements: cryptography==46.0.5. Nota: refresh nomenclator e acum lazy la primul login per-cont (nu la pornire); seed-ul fallback acopera editorul offline. 10 teste noi (tests/test_creds_delivery.py). 95 pass total. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
215 lines
8.2 KiB
Python
215 lines
8.2 KiB
Python
"""API v1 — suprafata gateway (schelet).
|
|
|
|
Endpointuri din plan.md sect. 4. In schelet:
|
|
- POST /v1/prezentari: enqueue cu idempotenta (dedup pe idempotency_key UNIQUE).
|
|
- GET /v1/prezentari, /v1/prezentari/{id}: monitorizare coada.
|
|
- GET /v1/nomenclator: cache local.
|
|
- GET /v1/mapari: listare mapari cont.
|
|
Validarea completa (T3), maparea op->cod, auth API-key, redactarea creds in
|
|
middleware (CORE) si exportul CSV vin ulterior — marcate TODO unde lipsesc.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException
|
|
from pydantic import BaseModel, Field
|
|
|
|
from ...auth import resolve_account_id
|
|
from ...crypto import encrypt_creds
|
|
from ...db import get_connection
|
|
from ...idempotency import idempotency_key
|
|
from ...mapping import (
|
|
account_or_default,
|
|
load_mapping,
|
|
pending_unmapped,
|
|
reresolve_account,
|
|
resolve_prestatii,
|
|
save_mapping,
|
|
)
|
|
from ...models import PrezentareRequest, PrezentariResponse, SubmissionResult
|
|
from ...validation import validate_prezentare
|
|
|
|
router = APIRouter(prefix="/v1", tags=["v1"])
|
|
|
|
|
|
@router.post("/prezentari", response_model=PrezentariResponse)
|
|
def create_prezentari(
|
|
req: PrezentareRequest,
|
|
account_id: int = Depends(resolve_account_id),
|
|
) -> PrezentariResponse:
|
|
"""Enqueue una/mai multe prezentari. Idempotent: continut identic -> acelasi submission.
|
|
|
|
Validarea de continut (T3, app.validation) ruleaza inainte de enqueue:
|
|
esecurile NU resping cererea, ci enqueue-aza cu status `needs_data` + motiv
|
|
(plan.md sect. 3). JSON malformat -> 422 din Pydantic (validare de shape).
|
|
account_id vine din cheia API (resolve_account_id): cont real cu cheie,
|
|
implicit id=1 in dev fara cheie, 401 fara cheie valida in prod.
|
|
Nota: rar_credentials NU se persista (zero-storage) — worker-ul le va primi
|
|
pe alt canal (T2); in schelet enqueue-ul doar stocheaza prezentarea.
|
|
"""
|
|
acct = account_or_default(account_id)
|
|
# Creds RAR efemere: criptate si lipite de fiecare submission nou pana la
|
|
# primul login reusit pentru cont (worker le sterge atunci). Zero-storage at
|
|
# rest — niciodata in clar in DB/loguri (plan sect. 5).
|
|
creds_enc = encrypt_creds(req.rar_credentials.model_dump())
|
|
conn = get_connection()
|
|
results: list[SubmissionResult] = []
|
|
try:
|
|
mapping = load_mapping(conn, acct)
|
|
for prez in req.prezentari:
|
|
content = prez.model_dump()
|
|
key = idempotency_key(account_id, content)
|
|
existing = conn.execute(
|
|
"SELECT id, status, id_prezentare FROM submissions WHERE idempotency_key=?",
|
|
(key,),
|
|
).fetchone()
|
|
if existing:
|
|
results.append(
|
|
SubmissionResult(
|
|
submission_id=existing["id"],
|
|
status=existing["status"],
|
|
id_prezentare=existing["id_prezentare"],
|
|
deduped=True,
|
|
)
|
|
)
|
|
continue
|
|
|
|
# Mapare op->cod RAR (hibrid): codul RAR direct trece neatins; codul
|
|
# intern ROAAUTO se traduce. Op nemapata -> needs_mapping (nu se trimite),
|
|
# apare in editorul web. Codul rezolvat se scrie inapoi in payload, deci
|
|
# validarea T3 + payload builder + worker raman code-driven.
|
|
resolved, unmapped = resolve_prestatii(content.get("prestatii"), mapping)
|
|
content["prestatii"] = resolved
|
|
|
|
if unmapped:
|
|
status = "needs_mapping"
|
|
rar_error = json.dumps({"unmapped": unmapped}, ensure_ascii=False)
|
|
else:
|
|
# T3: validare de continut -> queued daca e curat, altfel needs_data + motiv.
|
|
errors = validate_prezentare(content)
|
|
if errors:
|
|
status, rar_error = "needs_data", json.dumps(errors, ensure_ascii=False)
|
|
else:
|
|
status, rar_error = "queued", None
|
|
|
|
cur = conn.execute(
|
|
"INSERT INTO submissions (idempotency_key, account_id, status, payload_json, rar_error, rar_creds_enc) "
|
|
"VALUES (?, ?, ?, ?, ?, ?)",
|
|
(key, acct, status, json.dumps(content, ensure_ascii=False), rar_error, creds_enc),
|
|
)
|
|
results.append(SubmissionResult(submission_id=int(cur.lastrowid), status=status))
|
|
finally:
|
|
conn.close()
|
|
return PrezentariResponse(results=results)
|
|
|
|
|
|
@router.get("/prezentari")
|
|
def list_prezentari(status: str | None = None, limit: int = 100) -> dict:
|
|
conn = get_connection()
|
|
try:
|
|
if status:
|
|
rows = conn.execute(
|
|
"SELECT id, status, id_prezentare, rar_status_code, retry_count, created_at, updated_at "
|
|
"FROM submissions WHERE status=? ORDER BY id DESC LIMIT ?",
|
|
(status, limit),
|
|
).fetchall()
|
|
else:
|
|
rows = conn.execute(
|
|
"SELECT id, status, id_prezentare, rar_status_code, retry_count, created_at, updated_at "
|
|
"FROM submissions ORDER BY id DESC LIMIT ?",
|
|
(limit,),
|
|
).fetchall()
|
|
return {"submissions": [dict(r) for r in rows]}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
@router.get("/prezentari/{submission_id}")
|
|
def get_prezentare(submission_id: int) -> dict:
|
|
conn = get_connection()
|
|
try:
|
|
row = conn.execute("SELECT * FROM submissions WHERE id=?", (submission_id,)).fetchone()
|
|
if not row:
|
|
raise HTTPException(status_code=404, detail="submission inexistent")
|
|
out = dict(row)
|
|
out.pop("payload_json", None) # nu expunem payload-ul brut (PII) in listare
|
|
return out
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
@router.get("/nomenclator")
|
|
def get_nomenclator() -> dict:
|
|
conn = get_connection()
|
|
try:
|
|
rows = conn.execute(
|
|
"SELECT cod_prestatie, nume_prestatie, updated_at FROM nomenclator_rar ORDER BY cod_prestatie"
|
|
).fetchall()
|
|
return {"nomenclator": [dict(r) for r in rows]}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
@router.get("/mapari")
|
|
def get_mapari(account_id: int | None = None) -> dict:
|
|
conn = get_connection()
|
|
try:
|
|
if account_id is not None:
|
|
rows = conn.execute(
|
|
"SELECT * FROM operations_mapping WHERE account_id=? ORDER BY cod_op_service",
|
|
(account_id,),
|
|
).fetchall()
|
|
else:
|
|
rows = conn.execute("SELECT * FROM operations_mapping ORDER BY account_id, cod_op_service").fetchall()
|
|
return {"mapari": [dict(r) for r in rows]}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
@router.get("/mapari/pending")
|
|
def get_mapari_pending() -> dict:
|
|
"""Operatii ROAAUTO nemapate (din submission-uri needs_mapping) + sugestii fuzzy.
|
|
|
|
Alimenteaza editorul web. Fiecare intrare: {account_id, cod_op_service, denumire,
|
|
blocked, suggestions:[{cod_prestatie, nume_prestatie, score}]}.
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
return {"pending": pending_unmapped(conn)}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
class MapareIn(BaseModel):
|
|
cod_op_service: str = Field(..., min_length=1)
|
|
cod_prestatie: str = Field(..., min_length=1)
|
|
auto_send: bool = True
|
|
|
|
|
|
@router.post("/mapari")
|
|
def create_mapare(
|
|
req: MapareIn,
|
|
account_id: int = Depends(resolve_account_id),
|
|
) -> dict:
|
|
"""Salveaza/actualizeaza o mapare op->cod si re-rezolva submission-urile blocate.
|
|
|
|
Contul vine din cheia API (NU din body) — un cont nu poate edita maparile
|
|
altuia. Verifica intai ca `cod_prestatie` exista in nomenclator (nu lasam
|
|
mapari catre coduri inexistente). Apoi upsert + re-rezolvare `needs_mapping`.
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
cod = req.cod_prestatie.strip().upper()
|
|
exists = conn.execute(
|
|
"SELECT 1 FROM nomenclator_rar WHERE cod_prestatie=?", (cod,)
|
|
).fetchone()
|
|
if not exists:
|
|
raise HTTPException(status_code=422, detail=f"cod_prestatie '{cod}' nu exista in nomenclator")
|
|
save_mapping(conn, account_id, req.cod_op_service, cod, req.auto_send)
|
|
stats = reresolve_account(conn, account_id)
|
|
return {"saved": {"cod_op_service": req.cod_op_service.strip(), "cod_prestatie": cod}, "reresolve": stats}
|
|
finally:
|
|
conn.close()
|