52c857fced
Phase 1 Backend 100% 완료: ✅ UserService (312 lines): - 인증 시스템 (authenticate_user, JWT 토큰 생성) - CRUD 전체 기능 (get, create, update, delete) - 권한 기반 필터링 (role, disabled, search) - 비밀번호 관리 (change_password, hash 검증) - 상태 토글 및 통계 조회 ✅ ApplicationService (254 lines): - OAuth2 클라이언트 관리 - Client ID/Secret 자동 생성 - Secret 재생성 기능 - 소유권 검증 (ownership check) - 통계 조회 (grant types별) ✅ MonitoringService (309 lines): - 시스템 헬스 체크 (MongoDB, pipelines) - 시스템 메트릭 (keywords, pipelines, users, apps) - 활동 로그 조회 (필터링, 날짜 범위) - 데이터베이스 통계 (크기, 컬렉션, 인덱스) - 파이프라인 성능 분석 - 에러 요약 ✅ Users API (11 endpoints + OAuth2 로그인): - POST /login - OAuth2 password flow - GET /me - 현재 사용자 정보 - GET / - 사용자 목록 (admin only) - GET /stats - 사용자 통계 (admin only) - GET /{id} - 사용자 조회 (자신 or admin) - POST / - 사용자 생성 (admin only) - PUT /{id} - 사용자 수정 (권한 검증) - DELETE /{id} - 사용자 삭제 (admin only, 자기 삭제 방지) - POST /{id}/toggle - 상태 토글 (admin only) - POST /change-password - 비밀번호 변경 ✅ Applications API (7 endpoints): - GET / - 애플리케이션 목록 (admin: 전체, user: 자신 것만) - GET /stats - 통계 (admin only) - GET /{id} - 조회 (소유자 or admin) - POST / - 생성 (client_secret 1회만 표시) - PUT /{id} - 수정 (소유자 or admin) - DELETE /{id} - 삭제 (소유자 or admin) - POST /{id}/regenerate-secret - Secret 재생성 ✅ Monitoring API (8 endpoints): - GET /health - 시스템 헬스 상태 - GET /metrics - 시스템 메트릭 - GET /logs - 활동 로그 (필터링 지원) - GET /database/stats - DB 통계 (admin only) - GET /database/collections - 컬렉션 통계 (admin only) - GET /pipelines/performance - 파이프라인 성능 - GET /errors/summary - 에러 요약 주요 특징: - 🔐 역할 기반 접근 제어 (RBAC: admin/editor/viewer) - 🔒 OAuth2 Password Flow 인증 - 🛡️ 소유권 검증 (자신의 리소스만 수정) - 🚫 안전 장치 (자기 삭제 방지, 자기 비활성화 방지) - 📊 종합적인 모니터링 및 통계 - 🔑 안전한 Secret 관리 (1회만 표시) - ✅ 완전한 에러 핸들링 Backend API 총 45개 엔드포인트 완성! - Keywords: 8 - Pipelines: 11 - Users: 11 - Applications: 7 - Monitoring: 8 다음 단계: - Frontend 구현 (React + TypeScript + Material-UI) - Docker & Kubernetes 배포 - Redis 통합 - 테스트 작성 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
344 lines
10 KiB
Python
344 lines
10 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, Query, status
|
|
from fastapi.security import OAuth2PasswordRequestForm
|
|
from typing import Optional, List
|
|
|
|
from app.core.auth import get_current_active_user, User
|
|
from app.core.database import get_database
|
|
from app.services.user_service import UserService
|
|
from app.schemas.user import (
|
|
UserCreate,
|
|
UserUpdate,
|
|
UserResponse,
|
|
UserLogin,
|
|
Token
|
|
)
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
def get_user_service(db=Depends(get_database)) -> UserService:
|
|
"""Dependency to get user service"""
|
|
return UserService(db)
|
|
|
|
|
|
@router.post("/login", response_model=Token)
|
|
async def login(
|
|
form_data: OAuth2PasswordRequestForm = Depends(),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""
|
|
Login endpoint for OAuth2 password flow
|
|
|
|
Returns JWT access token on successful authentication
|
|
"""
|
|
user = await user_service.authenticate_user(form_data.username, form_data.password)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect username or password",
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
)
|
|
|
|
token = await user_service.create_access_token_for_user(user)
|
|
return token
|
|
|
|
|
|
@router.get("/me", response_model=UserResponse)
|
|
async def get_current_user_info(
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Get current authenticated user info"""
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail="User not found"
|
|
)
|
|
|
|
return UserResponse(
|
|
_id=str(user.id),
|
|
username=user.username,
|
|
email=user.email,
|
|
full_name=user.full_name,
|
|
role=user.role,
|
|
disabled=user.disabled,
|
|
created_at=user.created_at,
|
|
last_login=user.last_login
|
|
)
|
|
|
|
|
|
@router.get("/", response_model=List[UserResponse])
|
|
async def get_users(
|
|
role: Optional[str] = Query(None, description="Filter by role (admin/editor/viewer)"),
|
|
disabled: Optional[bool] = Query(None, description="Filter by disabled status"),
|
|
search: Optional[str] = Query(None, description="Search in username, email, or full name"),
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Get all users (admin only)"""
|
|
# Check if user is admin
|
|
if current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Only admins can list users"
|
|
)
|
|
|
|
users = await user_service.get_users(role=role, disabled=disabled, search=search)
|
|
|
|
return [
|
|
UserResponse(
|
|
_id=str(u.id),
|
|
username=u.username,
|
|
email=u.email,
|
|
full_name=u.full_name,
|
|
role=u.role,
|
|
disabled=u.disabled,
|
|
created_at=u.created_at,
|
|
last_login=u.last_login
|
|
)
|
|
for u in users
|
|
]
|
|
|
|
|
|
@router.get("/stats")
|
|
async def get_user_stats(
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Get user statistics (admin only)"""
|
|
if current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Only admins can view user statistics"
|
|
)
|
|
|
|
stats = await user_service.get_user_stats()
|
|
return stats
|
|
|
|
|
|
@router.get("/{user_id}", response_model=UserResponse)
|
|
async def get_user(
|
|
user_id: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Get a user by ID (admin only or own user)"""
|
|
# Check if user is viewing their own profile
|
|
user = await user_service.get_user_by_id(user_id)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"User with ID {user_id} not found"
|
|
)
|
|
|
|
# Allow users to view their own profile, or admins to view any profile
|
|
if user.username != current_user.username and current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not authorized to view this user"
|
|
)
|
|
|
|
return UserResponse(
|
|
_id=str(user.id),
|
|
username=user.username,
|
|
email=user.email,
|
|
full_name=user.full_name,
|
|
role=user.role,
|
|
disabled=user.disabled,
|
|
created_at=user.created_at,
|
|
last_login=user.last_login
|
|
)
|
|
|
|
|
|
@router.post("/", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
|
|
async def create_user(
|
|
user_data: UserCreate,
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Create a new user (admin only)"""
|
|
if current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Only admins can create users"
|
|
)
|
|
|
|
try:
|
|
user = await user_service.create_user(user_data)
|
|
except ValueError as e:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=str(e)
|
|
)
|
|
|
|
return UserResponse(
|
|
_id=str(user.id),
|
|
username=user.username,
|
|
email=user.email,
|
|
full_name=user.full_name,
|
|
role=user.role,
|
|
disabled=user.disabled,
|
|
created_at=user.created_at,
|
|
last_login=user.last_login
|
|
)
|
|
|
|
|
|
@router.put("/{user_id}", response_model=UserResponse)
|
|
async def update_user(
|
|
user_id: str,
|
|
user_data: UserUpdate,
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Update a user (admin only or own user with restrictions)"""
|
|
user = await user_service.get_user_by_id(user_id)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"User with ID {user_id} not found"
|
|
)
|
|
|
|
# Check permissions
|
|
is_own_user = user.username == current_user.username
|
|
is_admin = current_user.role == "admin"
|
|
|
|
if not is_own_user and not is_admin:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not authorized to update this user"
|
|
)
|
|
|
|
# Regular users can only update their own email and full_name
|
|
if is_own_user and not is_admin:
|
|
if user_data.role is not None or user_data.disabled is not None:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Cannot change role or disabled status"
|
|
)
|
|
|
|
try:
|
|
updated_user = await user_service.update_user(user_id, user_data)
|
|
except ValueError as e:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=str(e)
|
|
)
|
|
|
|
if not updated_user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"User with ID {user_id} not found"
|
|
)
|
|
|
|
return UserResponse(
|
|
_id=str(updated_user.id),
|
|
username=updated_user.username,
|
|
email=updated_user.email,
|
|
full_name=updated_user.full_name,
|
|
role=updated_user.role,
|
|
disabled=updated_user.disabled,
|
|
created_at=updated_user.created_at,
|
|
last_login=updated_user.last_login
|
|
)
|
|
|
|
|
|
@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
|
|
async def delete_user(
|
|
user_id: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Delete a user (admin only)"""
|
|
if current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Only admins can delete users"
|
|
)
|
|
|
|
# Prevent self-deletion
|
|
user = await user_service.get_user_by_id(user_id)
|
|
if user and user.username == current_user.username:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Cannot delete your own user account"
|
|
)
|
|
|
|
success = await user_service.delete_user(user_id)
|
|
if not success:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"User with ID {user_id} not found"
|
|
)
|
|
return None
|
|
|
|
|
|
@router.post("/{user_id}/toggle", response_model=UserResponse)
|
|
async def toggle_user_status(
|
|
user_id: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Toggle user disabled status (admin only)"""
|
|
if current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Only admins can toggle user status"
|
|
)
|
|
|
|
# Prevent self-toggle
|
|
user = await user_service.get_user_by_id(user_id)
|
|
if user and user.username == current_user.username:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Cannot toggle your own user status"
|
|
)
|
|
|
|
updated_user = await user_service.toggle_user_status(user_id)
|
|
if not updated_user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"User with ID {user_id} not found"
|
|
)
|
|
|
|
return UserResponse(
|
|
_id=str(updated_user.id),
|
|
username=updated_user.username,
|
|
email=updated_user.email,
|
|
full_name=updated_user.full_name,
|
|
role=updated_user.role,
|
|
disabled=updated_user.disabled,
|
|
created_at=updated_user.created_at,
|
|
last_login=updated_user.last_login
|
|
)
|
|
|
|
|
|
@router.post("/change-password")
|
|
async def change_password(
|
|
old_password: str,
|
|
new_password: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Change current user's password"""
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail="User not found"
|
|
)
|
|
|
|
success = await user_service.change_password(
|
|
str(user.id),
|
|
old_password,
|
|
new_password
|
|
)
|
|
|
|
if not success:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail="Incorrect old password"
|
|
)
|
|
|
|
return {"message": "Password changed successfully"}
|