deploy: security hardening, multi-model support, S3 storage, analytics, CI improvements (70 commits) #4
+5
-1
@@ -21,11 +21,13 @@ from SPARC.auth import (
|
|||||||
TokenResponse,
|
TokenResponse,
|
||||||
UserResponse,
|
UserResponse,
|
||||||
check_jwt_secret,
|
check_jwt_secret,
|
||||||
|
close_db_client,
|
||||||
create_tokens,
|
create_tokens,
|
||||||
decode_token,
|
decode_token,
|
||||||
get_current_admin,
|
get_current_admin,
|
||||||
get_current_user,
|
get_current_user,
|
||||||
get_db_client,
|
get_db_client,
|
||||||
|
init_db_client,
|
||||||
)
|
)
|
||||||
from SPARC.types import BatchAnalysisResult, CompanyAnalysisResult
|
from SPARC.types import BatchAnalysisResult, CompanyAnalysisResult
|
||||||
|
|
||||||
@@ -155,6 +157,7 @@ async def lifespan(app: FastAPI):
|
|||||||
"""Initialize resources on startup, clean up on shutdown."""
|
"""Initialize resources on startup, clean up on shutdown."""
|
||||||
global _analyzer
|
global _analyzer
|
||||||
check_jwt_secret()
|
check_jwt_secret()
|
||||||
|
init_db_client()
|
||||||
_analyzer = CompanyAnalyzer()
|
_analyzer = CompanyAnalyzer()
|
||||||
# Mark any jobs that were running/pending before the restart as failed
|
# Mark any jobs that were running/pending before the restart as failed
|
||||||
from SPARC.database import DatabaseClient
|
from SPARC.database import DatabaseClient
|
||||||
@@ -167,8 +170,9 @@ async def lifespan(app: FastAPI):
|
|||||||
logging.getLogger(__name__).warning("Marked %d stale jobs as failed on startup", stale)
|
logging.getLogger(__name__).warning("Marked %d stale jobs as failed on startup", stale)
|
||||||
_db.close()
|
_db.close()
|
||||||
yield
|
yield
|
||||||
# Cleanup if needed
|
# Cleanup
|
||||||
_analyzer = None
|
_analyzer = None
|
||||||
|
close_db_client()
|
||||||
|
|
||||||
|
|
||||||
app = FastAPI(
|
app = FastAPI(
|
||||||
|
|||||||
+29
-4
@@ -146,11 +146,36 @@ def decode_token(token: str) -> Optional[TokenPayload]:
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
# Shared database client singleton, initialized at startup via init_db_client()
|
||||||
|
_db_client: DatabaseClient | None = None
|
||||||
|
|
||||||
|
|
||||||
|
def init_db_client() -> None:
|
||||||
|
"""Initialize the shared database client. Call once at app startup."""
|
||||||
|
global _db_client
|
||||||
|
_db_client = DatabaseClient(config.database_url)
|
||||||
|
_db_client.connect()
|
||||||
|
|
||||||
|
|
||||||
|
def close_db_client() -> None:
|
||||||
|
"""Close the shared database client. Call at app shutdown."""
|
||||||
|
global _db_client
|
||||||
|
if _db_client:
|
||||||
|
_db_client.close()
|
||||||
|
_db_client = None
|
||||||
|
|
||||||
|
|
||||||
def get_db_client() -> DatabaseClient:
|
def get_db_client() -> DatabaseClient:
|
||||||
"""Get database client for auth operations."""
|
"""Get the shared pooled database client for auth operations.
|
||||||
client = DatabaseClient(config.database_url)
|
|
||||||
client.connect()
|
Returns the module-level singleton DatabaseClient. If not yet initialized
|
||||||
return client
|
(e.g., during tests), creates a new instance as a fallback.
|
||||||
|
"""
|
||||||
|
global _db_client
|
||||||
|
if _db_client is None:
|
||||||
|
_db_client = DatabaseClient(config.database_url)
|
||||||
|
_db_client.connect()
|
||||||
|
return _db_client
|
||||||
|
|
||||||
|
|
||||||
async def get_current_user(
|
async def get_current_user(
|
||||||
|
|||||||
+28
-41
@@ -221,8 +221,6 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
Cached message dict if found, None otherwise
|
Cached message dict if found, None otherwise
|
||||||
"""
|
"""
|
||||||
self.connect()
|
|
||||||
|
|
||||||
prompt_hash = self.hash_prompt(prompt)
|
prompt_hash = self.hash_prompt(prompt)
|
||||||
|
|
||||||
query = """
|
query = """
|
||||||
@@ -245,7 +243,8 @@ class DatabaseClient:
|
|||||||
|
|
||||||
query += " ORDER BY timestamp DESC LIMIT 1"
|
query += " ORDER BY timestamp DESC LIMIT 1"
|
||||||
|
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
cursor.execute(query, params)
|
cursor.execute(query, params)
|
||||||
result = cursor.fetchone()
|
result = cursor.fetchone()
|
||||||
return dict(result) if result else None
|
return dict(result) if result else None
|
||||||
@@ -276,11 +275,10 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
The ID of the inserted record
|
The ID of the inserted record
|
||||||
"""
|
"""
|
||||||
self.connect()
|
|
||||||
|
|
||||||
prompt_hash = self.hash_prompt(prompt)
|
prompt_hash = self.hash_prompt(prompt)
|
||||||
|
|
||||||
with self.conn.cursor() as cursor:
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor() as cursor:
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"""
|
"""
|
||||||
INSERT INTO llm_messages
|
INSERT INTO llm_messages
|
||||||
@@ -302,7 +300,7 @@ class DatabaseClient:
|
|||||||
)
|
)
|
||||||
|
|
||||||
message_id = cursor.fetchone()[0]
|
message_id = cursor.fetchone()[0]
|
||||||
self.conn.commit()
|
conn.commit()
|
||||||
|
|
||||||
return message_id
|
return message_id
|
||||||
|
|
||||||
@@ -324,8 +322,6 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
List of message dictionaries
|
List of message dictionaries
|
||||||
"""
|
"""
|
||||||
self.connect()
|
|
||||||
|
|
||||||
query = "SELECT * FROM llm_messages WHERE 1=1"
|
query = "SELECT * FROM llm_messages WHERE 1=1"
|
||||||
params = []
|
params = []
|
||||||
|
|
||||||
@@ -340,7 +336,8 @@ class DatabaseClient:
|
|||||||
query += " ORDER BY timestamp DESC LIMIT %s OFFSET %s"
|
query += " ORDER BY timestamp DESC LIMIT %s OFFSET %s"
|
||||||
params.extend([limit, offset])
|
params.extend([limit, offset])
|
||||||
|
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
cursor.execute(query, params)
|
cursor.execute(query, params)
|
||||||
return [dict(row) for row in cursor.fetchall()]
|
return [dict(row) for row in cursor.fetchall()]
|
||||||
|
|
||||||
@@ -353,9 +350,8 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
Dictionary with analytics data
|
Dictionary with analytics data
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
|
||||||
# Total messages
|
# Total messages
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"""
|
"""
|
||||||
@@ -650,12 +646,11 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
Created user dict or None if email exists
|
Created user dict or None if email exists
|
||||||
"""
|
"""
|
||||||
self.connect()
|
|
||||||
|
|
||||||
password_hash = self.hash_password(password)
|
password_hash = self.hash_password(password)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"""
|
"""
|
||||||
INSERT INTO users (email, password_hash, role)
|
INSERT INTO users (email, password_hash, role)
|
||||||
@@ -665,10 +660,9 @@ class DatabaseClient:
|
|||||||
(email, password_hash, role),
|
(email, password_hash, role),
|
||||||
)
|
)
|
||||||
user = cursor.fetchone()
|
user = cursor.fetchone()
|
||||||
self.conn.commit()
|
conn.commit()
|
||||||
return dict(user) if user else None
|
return dict(user) if user else None
|
||||||
except psycopg2.errors.UniqueViolation:
|
except psycopg2.errors.UniqueViolation:
|
||||||
self.conn.rollback()
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def authenticate_user(self, email: str, password: str) -> Optional[Dict]:
|
def authenticate_user(self, email: str, password: str) -> Optional[Dict]:
|
||||||
@@ -681,9 +675,8 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
User dict if authenticated, None otherwise
|
User dict if authenticated, None otherwise
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"SELECT * FROM users WHERE email = %s",
|
"SELECT * FROM users WHERE email = %s",
|
||||||
(email,),
|
(email,),
|
||||||
@@ -708,9 +701,8 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
User dict or None
|
User dict or None
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"SELECT id, email, role, created_at FROM users WHERE id = %s",
|
"SELECT id, email, role, created_at FROM users WHERE id = %s",
|
||||||
(user_id,),
|
(user_id,),
|
||||||
@@ -727,9 +719,8 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
User dict or None
|
User dict or None
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"SELECT id, email, role, created_at FROM users WHERE email = %s",
|
"SELECT id, email, role, created_at FROM users WHERE email = %s",
|
||||||
(email,),
|
(email,),
|
||||||
@@ -747,9 +738,8 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
List of user dicts
|
List of user dicts
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"""
|
"""
|
||||||
SELECT id, email, role, created_at
|
SELECT id, email, role, created_at
|
||||||
@@ -771,9 +761,8 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
Updated user dict or None
|
Updated user dict or None
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
||||||
with self.conn.cursor(cursor_factory=RealDictCursor) as cursor:
|
|
||||||
cursor.execute(
|
cursor.execute(
|
||||||
"""
|
"""
|
||||||
UPDATE users
|
UPDATE users
|
||||||
@@ -784,7 +773,7 @@ class DatabaseClient:
|
|||||||
(role, user_id),
|
(role, user_id),
|
||||||
)
|
)
|
||||||
user = cursor.fetchone()
|
user = cursor.fetchone()
|
||||||
self.conn.commit()
|
conn.commit()
|
||||||
return dict(user) if user else None
|
return dict(user) if user else None
|
||||||
|
|
||||||
def delete_user(self, user_id: int) -> bool:
|
def delete_user(self, user_id: int) -> bool:
|
||||||
@@ -796,12 +785,11 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
True if deleted
|
True if deleted
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor() as cursor:
|
||||||
with self.conn.cursor() as cursor:
|
|
||||||
cursor.execute("DELETE FROM users WHERE id = %s", (user_id,))
|
cursor.execute("DELETE FROM users WHERE id = %s", (user_id,))
|
||||||
deleted = cursor.rowcount > 0
|
deleted = cursor.rowcount > 0
|
||||||
self.conn.commit()
|
conn.commit()
|
||||||
return deleted
|
return deleted
|
||||||
|
|
||||||
def get_user_count(self) -> int:
|
def get_user_count(self) -> int:
|
||||||
@@ -810,8 +798,7 @@ class DatabaseClient:
|
|||||||
Returns:
|
Returns:
|
||||||
Number of users
|
Number of users
|
||||||
"""
|
"""
|
||||||
self.connect()
|
with self.get_conn() as conn:
|
||||||
|
with conn.cursor() as cursor:
|
||||||
with self.conn.cursor() as cursor:
|
|
||||||
cursor.execute("SELECT COUNT(*) FROM users")
|
cursor.execute("SELECT COUNT(*) FROM users")
|
||||||
return cursor.fetchone()[0]
|
return cursor.fetchone()[0]
|
||||||
|
|||||||
Reference in New Issue
Block a user