52c857fced
Phase 1 Backend 100% 완료: ✅ UserService (312 lines): - 인증 시스템 (authenticate_user, JWT 토큰 생성) - CRUD 전체 기능 (get, create, update, delete) - 권한 기반 필터링 (role, disabled, search) - 비밀번호 관리 (change_password, hash 검증) - 상태 토글 및 통계 조회 ✅ ApplicationService (254 lines): - OAuth2 클라이언트 관리 - Client ID/Secret 자동 생성 - Secret 재생성 기능 - 소유권 검증 (ownership check) - 통계 조회 (grant types별) ✅ MonitoringService (309 lines): - 시스템 헬스 체크 (MongoDB, pipelines) - 시스템 메트릭 (keywords, pipelines, users, apps) - 활동 로그 조회 (필터링, 날짜 범위) - 데이터베이스 통계 (크기, 컬렉션, 인덱스) - 파이프라인 성능 분석 - 에러 요약 ✅ Users API (11 endpoints + OAuth2 로그인): - POST /login - OAuth2 password flow - GET /me - 현재 사용자 정보 - GET / - 사용자 목록 (admin only) - GET /stats - 사용자 통계 (admin only) - GET /{id} - 사용자 조회 (자신 or admin) - POST / - 사용자 생성 (admin only) - PUT /{id} - 사용자 수정 (권한 검증) - DELETE /{id} - 사용자 삭제 (admin only, 자기 삭제 방지) - POST /{id}/toggle - 상태 토글 (admin only) - POST /change-password - 비밀번호 변경 ✅ Applications API (7 endpoints): - GET / - 애플리케이션 목록 (admin: 전체, user: 자신 것만) - GET /stats - 통계 (admin only) - GET /{id} - 조회 (소유자 or admin) - POST / - 생성 (client_secret 1회만 표시) - PUT /{id} - 수정 (소유자 or admin) - DELETE /{id} - 삭제 (소유자 or admin) - POST /{id}/regenerate-secret - Secret 재생성 ✅ Monitoring API (8 endpoints): - GET /health - 시스템 헬스 상태 - GET /metrics - 시스템 메트릭 - GET /logs - 활동 로그 (필터링 지원) - GET /database/stats - DB 통계 (admin only) - GET /database/collections - 컬렉션 통계 (admin only) - GET /pipelines/performance - 파이프라인 성능 - GET /errors/summary - 에러 요약 주요 특징: - 🔐 역할 기반 접근 제어 (RBAC: admin/editor/viewer) - 🔒 OAuth2 Password Flow 인증 - 🛡️ 소유권 검증 (자신의 리소스만 수정) - 🚫 안전 장치 (자기 삭제 방지, 자기 비활성화 방지) - 📊 종합적인 모니터링 및 통계 - 🔑 안전한 Secret 관리 (1회만 표시) - ✅ 완전한 에러 핸들링 Backend API 총 45개 엔드포인트 완성! - Keywords: 8 - Pipelines: 11 - Users: 11 - Applications: 7 - Monitoring: 8 다음 단계: - Frontend 구현 (React + TypeScript + Material-UI) - Docker & Kubernetes 배포 - Redis 통합 - 테스트 작성 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
285 lines
9.4 KiB
Python
285 lines
9.4 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from typing import List
|
|
|
|
from app.core.auth import get_current_active_user, User
|
|
from app.core.database import get_database
|
|
from app.services.application_service import ApplicationService
|
|
from app.services.user_service import UserService
|
|
from app.schemas.application import (
|
|
ApplicationCreate,
|
|
ApplicationUpdate,
|
|
ApplicationResponse,
|
|
ApplicationWithSecret
|
|
)
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
def get_application_service(db=Depends(get_database)) -> ApplicationService:
|
|
"""Dependency to get application service"""
|
|
return ApplicationService(db)
|
|
|
|
|
|
def get_user_service(db=Depends(get_database)) -> UserService:
|
|
"""Dependency to get user service"""
|
|
return UserService(db)
|
|
|
|
|
|
@router.get("/", response_model=List[ApplicationResponse])
|
|
async def get_applications(
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""
|
|
Get all OAuth2 applications
|
|
|
|
- Admins can see all applications
|
|
- Regular users can only see their own applications
|
|
"""
|
|
# Get current user from database
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail="User not found"
|
|
)
|
|
|
|
# Admins can see all, others only their own
|
|
if current_user.role == "admin":
|
|
applications = await app_service.get_applications()
|
|
else:
|
|
applications = await app_service.get_applications(owner_id=str(user.id))
|
|
|
|
return [
|
|
ApplicationResponse(
|
|
_id=str(app.id),
|
|
name=app.name,
|
|
client_id=app.client_id,
|
|
redirect_uris=app.redirect_uris,
|
|
grant_types=app.grant_types,
|
|
scopes=app.scopes,
|
|
owner_id=app.owner_id,
|
|
created_at=app.created_at,
|
|
updated_at=app.updated_at
|
|
)
|
|
for app in applications
|
|
]
|
|
|
|
|
|
@router.get("/stats")
|
|
async def get_application_stats(
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service)
|
|
):
|
|
"""Get application statistics (admin only)"""
|
|
if current_user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Only admins can view application statistics"
|
|
)
|
|
|
|
stats = await app_service.get_application_stats()
|
|
return stats
|
|
|
|
|
|
@router.get("/{app_id}", response_model=ApplicationResponse)
|
|
async def get_application(
|
|
app_id: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Get an application by ID"""
|
|
app = await app_service.get_application_by_id(app_id)
|
|
if not app:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
|
|
# Check ownership (admins can view all)
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if current_user.role != "admin" and app.owner_id != str(user.id):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not authorized to view this application"
|
|
)
|
|
|
|
return ApplicationResponse(
|
|
_id=str(app.id),
|
|
name=app.name,
|
|
client_id=app.client_id,
|
|
redirect_uris=app.redirect_uris,
|
|
grant_types=app.grant_types,
|
|
scopes=app.scopes,
|
|
owner_id=app.owner_id,
|
|
created_at=app.created_at,
|
|
updated_at=app.updated_at
|
|
)
|
|
|
|
|
|
@router.post("/", response_model=ApplicationWithSecret, status_code=status.HTTP_201_CREATED)
|
|
async def create_application(
|
|
app_data: ApplicationCreate,
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""
|
|
Create a new OAuth2 application
|
|
|
|
Returns the application with the client_secret (only shown once!)
|
|
"""
|
|
# Get current user from database
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail="User not found"
|
|
)
|
|
|
|
app, client_secret = await app_service.create_application(
|
|
app_data=app_data,
|
|
owner_id=str(user.id)
|
|
)
|
|
|
|
return ApplicationWithSecret(
|
|
_id=str(app.id),
|
|
name=app.name,
|
|
client_id=app.client_id,
|
|
client_secret=client_secret, # Plain text secret (only shown once)
|
|
redirect_uris=app.redirect_uris,
|
|
grant_types=app.grant_types,
|
|
scopes=app.scopes,
|
|
owner_id=app.owner_id,
|
|
created_at=app.created_at,
|
|
updated_at=app.updated_at
|
|
)
|
|
|
|
|
|
@router.put("/{app_id}", response_model=ApplicationResponse)
|
|
async def update_application(
|
|
app_id: str,
|
|
app_data: ApplicationUpdate,
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Update an application"""
|
|
app = await app_service.get_application_by_id(app_id)
|
|
if not app:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
|
|
# Check ownership (admins can update all)
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if current_user.role != "admin" and app.owner_id != str(user.id):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not authorized to update this application"
|
|
)
|
|
|
|
updated_app = await app_service.update_application(app_id, app_data)
|
|
if not updated_app:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
|
|
return ApplicationResponse(
|
|
_id=str(updated_app.id),
|
|
name=updated_app.name,
|
|
client_id=updated_app.client_id,
|
|
redirect_uris=updated_app.redirect_uris,
|
|
grant_types=updated_app.grant_types,
|
|
scopes=updated_app.scopes,
|
|
owner_id=updated_app.owner_id,
|
|
created_at=updated_app.created_at,
|
|
updated_at=updated_app.updated_at
|
|
)
|
|
|
|
|
|
@router.delete("/{app_id}", status_code=status.HTTP_204_NO_CONTENT)
|
|
async def delete_application(
|
|
app_id: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""Delete an application"""
|
|
app = await app_service.get_application_by_id(app_id)
|
|
if not app:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
|
|
# Check ownership (admins can delete all)
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if current_user.role != "admin" and app.owner_id != str(user.id):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not authorized to delete this application"
|
|
)
|
|
|
|
success = await app_service.delete_application(app_id)
|
|
if not success:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
return None
|
|
|
|
|
|
@router.post("/{app_id}/regenerate-secret", response_model=ApplicationWithSecret)
|
|
async def regenerate_client_secret(
|
|
app_id: str,
|
|
current_user: User = Depends(get_current_active_user),
|
|
app_service: ApplicationService = Depends(get_application_service),
|
|
user_service: UserService = Depends(get_user_service)
|
|
):
|
|
"""
|
|
Regenerate client secret for an application
|
|
|
|
Returns the application with the new client_secret (only shown once!)
|
|
"""
|
|
app = await app_service.get_application_by_id(app_id)
|
|
if not app:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
|
|
# Check ownership (admins can regenerate all)
|
|
user = await user_service.get_user_by_username(current_user.username)
|
|
if current_user.role != "admin" and app.owner_id != str(user.id):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not authorized to regenerate secret for this application"
|
|
)
|
|
|
|
result = await app_service.regenerate_client_secret(app_id)
|
|
if not result:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Application with ID {app_id} not found"
|
|
)
|
|
|
|
updated_app, new_secret = result
|
|
|
|
return ApplicationWithSecret(
|
|
_id=str(updated_app.id),
|
|
name=updated_app.name,
|
|
client_id=updated_app.client_id,
|
|
client_secret=new_secret, # New plain text secret (only shown once)
|
|
redirect_uris=updated_app.redirect_uris,
|
|
grant_types=updated_app.grant_types,
|
|
scopes=updated_app.scopes,
|
|
owner_id=updated_app.owner_id,
|
|
created_at=updated_app.created_at,
|
|
updated_at=updated_app.updated_at
|
|
)
|