egg/OCR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: complete external auth V2 migration with advanced features

Browse Source 
This commit implements comprehensive external Azure AD authentication
with complete task management, file download, and admin monitoring systems.

## Core Features Implemented (80% Complete)

### 1. Token Auto-Refresh Mechanism 
- Backend: POST /api/v2/auth/refresh endpoint
- Frontend: Auto-refresh 5 minutes before expiration
- Auto-retry on 401 errors with seamless token refresh

### 2. File Download System 
- Three format support: JSON / Markdown / PDF
- Endpoints: GET /api/v2/tasks/{id}/download/{format}
- File access control with ownership validation
- Frontend download buttons in TaskHistoryPage

### 3. Complete Task Management 
Backend Endpoints:
- POST /api/v2/tasks/{id}/start - Start task
- POST /api/v2/tasks/{id}/cancel - Cancel task
- POST /api/v2/tasks/{id}/retry - Retry failed task
- GET /api/v2/tasks - List with filters (status, filename, date range)
- GET /api/v2/tasks/stats - User statistics

Frontend Features:
- Status-based action buttons (Start/Cancel/Retry)
- Advanced search and filtering (status, filename, date range)
- Pagination and sorting
- Task statistics dashboard (5 stat cards)

### 4. Admin Monitoring System  (Backend)
Admin APIs:
- GET /api/v2/admin/stats - System statistics
- GET /api/v2/admin/users - User list with stats
- GET /api/v2/admin/users/top - User leaderboard
- GET /api/v2/admin/audit-logs - Audit log query system
- GET /api/v2/admin/audit-logs/user/{id}/summary

Admin Features:
- Email-based admin check (ymirliu@panjit.com.tw)
- Comprehensive system metrics (users, tasks, sessions, activity)
- Audit logging service for security tracking

### 5. User Isolation & Security 
- Row-level security on all task queries
- File access control with ownership validation
- Strict user_id filtering on all operations
- Session validation and expiry checking
- Admin privilege verification

## New Files Created

Backend:
- backend/app/models/user_v2.py - User model for external auth
- backend/app/models/task.py - Task model with user isolation
- backend/app/models/session.py - Session management
- backend/app/models/audit_log.py - Audit log model
- backend/app/services/external_auth_service.py - External API client
- backend/app/services/task_service.py - Task CRUD with isolation
- backend/app/services/file_access_service.py - File access control
- backend/app/services/admin_service.py - Admin operations
- backend/app/services/audit_service.py - Audit logging
- backend/app/routers/auth_v2.py - V2 auth endpoints
- backend/app/routers/tasks.py - Task management endpoints
- backend/app/routers/admin.py - Admin endpoints
- backend/alembic/versions/5e75a59fb763_*.py - DB migration

Frontend:
- frontend/src/services/apiV2.ts - Complete V2 API client
- frontend/src/types/apiV2.ts - V2 type definitions
- frontend/src/pages/TaskHistoryPage.tsx - Task history UI

Modified Files:
- backend/app/core/deps.py - Added get_current_admin_user_v2
- backend/app/main.py - Registered admin router
- frontend/src/pages/LoginPage.tsx - V2 login integration
- frontend/src/components/Layout.tsx - User display and logout
- frontend/src/App.tsx - Added /tasks route

## Documentation
- openspec/changes/.../PROGRESS_UPDATE.md - Detailed progress report

## Pending Items (20%)
1. Database migration execution for audit_logs table
2. Frontend admin dashboard page
3. Frontend audit log viewer

## Testing Status
- Manual testing:  Authentication flow verified
- Unit tests:  Pending
- Integration tests:  Pending

## Security Enhancements
-  User isolation (row-level security)
-  File access control
-  Token expiry validation
-  Admin privilege verification
-  Audit logging infrastructure
-  Token encryption (noted, low priority)
-  Rate limiting (noted, low priority)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
egg
2025-11-14 17:19:43 +08:00
parent 470fa96428
commit ad2b832fb6
32 changed files with 6450 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

211
backend/app/services/admin_service.py Normal file
View File

@@ -0,0 +1,211 @@
"""
Tool_OCR - Admin Service
Administrative functions and statistics
"""
import logging
from typing import List, Dict
from sqlalchemy.orm import Session
from sqlalchemy import func, and_
from datetime import datetime, timedelta
from app.models.user_v2 import User
from app.models.task import Task, TaskStatus
from app.models.session import Session as UserSession
from app.models.audit_log import AuditLog
from app.core.config import settings
logger = logging.getLogger(__name__)
class AdminService:
"""Service for administrative operations"""
# Admin email addresses
ADMIN_EMAILS = ["ymirliu@panjit.com.tw"]
def is_admin(self, email: str) -> bool:
"""
Check if user is an administrator
Args:
email: User email address
Returns:
True if user is admin
"""
return email.lower() in [e.lower() for e in self.ADMIN_EMAILS]
def get_system_statistics(self, db: Session) -> dict:
"""
Get overall system statistics
Args:
db: Database session
Returns:
Dictionary with system stats
"""
# User statistics
total_users = db.query(User).count()
active_users = db.query(User).filter(User.is_active == True).count()
# Count users with logins in last 30 days
date_30_days_ago = datetime.utcnow() - timedelta(days=30)
active_users_30d = db.query(User).filter(
and_(
User.last_login >= date_30_days_ago,
User.is_active == True
)
).count()
# Task statistics
total_tasks = db.query(Task).count()
tasks_by_status = {}
for status in TaskStatus:
count = db.query(Task).filter(Task.status == status).count()
tasks_by_status[status.value] = count
# Session statistics
active_sessions = db.query(UserSession).filter(
UserSession.expires_at > datetime.utcnow()
).count()
# Recent activity (last 7 days)
date_7_days_ago = datetime.utcnow() - timedelta(days=7)
recent_tasks = db.query(Task).filter(
Task.created_at >= date_7_days_ago
).count()
recent_logins = db.query(AuditLog).filter(
and_(
AuditLog.event_type == "auth_login",
AuditLog.created_at >= date_7_days_ago,
AuditLog.success == 1
)
).count()
return {
"users": {
"total": total_users,
"active": active_users,
"active_30d": active_users_30d
},
"tasks": {
"total": total_tasks,
"by_status": tasks_by_status,
"recent_7d": recent_tasks
},
"sessions": {
"active": active_sessions
},
"activity": {
"logins_7d": recent_logins,
"tasks_7d": recent_tasks
}
}
def get_user_list(
self,
db: Session,
skip: int = 0,
limit: int = 50
) -> tuple[List[Dict], int]:
"""
Get list of all users with statistics
Args:
db: Database session
skip: Pagination offset
limit: Pagination limit
Returns:
Tuple of (user list, total count)
"""
# Get total count
total = db.query(User).count()
# Get users
users = db.query(User).order_by(User.created_at.desc()).offset(skip).limit(limit).all()
# Enhance with statistics
user_list = []
for user in users:
# Count user's tasks
task_count = db.query(Task).filter(Task.user_id == user.id).count()
# Count completed tasks
completed_tasks = db.query(Task).filter(
and_(
Task.user_id == user.id,
Task.status == TaskStatus.COMPLETED
)
).count()
# Count active sessions
active_sessions = db.query(UserSession).filter(
and_(
UserSession.user_id == user.id,
UserSession.expires_at > datetime.utcnow()
)
).count()
user_list.append({
**user.to_dict(),
"total_tasks": task_count,
"completed_tasks": completed_tasks,
"active_sessions": active_sessions,
"is_admin": self.is_admin(user.email)
})
return user_list, total
def get_top_users(
self,
db: Session,
metric: str = "tasks",
limit: int = 10
) -> List[Dict]:
"""
Get top users by metric
Args:
db: Database session
metric: Metric to rank by (tasks, completed_tasks)
limit: Number of users to return
Returns:
List of top users with counts
"""
if metric == "completed_tasks":
# Top users by completed tasks
results = db.query(
User,
func.count(Task.id).label("task_count")
).join(Task).filter(
Task.status == TaskStatus.COMPLETED
).group_by(User.id).order_by(
func.count(Task.id).desc()
).limit(limit).all()
else:
# Top users by total tasks (default)
results = db.query(
User,
func.count(Task.id).label("task_count")
).join(Task).group_by(User.id).order_by(
func.count(Task.id).desc()
).limit(limit).all()
return [
{
"user_id": user.id,
"email": user.email,
"display_name": user.display_name,
"count": count
}
for user, count in results
]
# Singleton instance
admin_service = AdminService()

197
backend/app/services/audit_service.py Normal file
View File

@@ -0,0 +1,197 @@
"""
Tool_OCR - Audit Log Service
Handles security audit logging
"""
import logging
from typing import Optional, List, Tuple
from sqlalchemy.orm import Session
from sqlalchemy import desc, and_
from datetime import datetime, timedelta
import json
from app.models.audit_log import AuditLog
logger = logging.getLogger(__name__)
class AuditService:
"""Service for security audit logging"""
def log_event(
self,
db: Session,
event_type: str,
event_category: str,
description: str,
user_id: Optional[int] = None,
ip_address: Optional[str] = None,
user_agent: Optional[str] = None,
resource_type: Optional[str] = None,
resource_id: Optional[str] = None,
success: bool = True,
error_message: Optional[str] = None,
metadata: Optional[dict] = None
) -> AuditLog:
"""
Log a security audit event
Args:
db: Database session
event_type: Type of event (auth_login, task_create, etc.)
event_category: Category (authentication, task, admin, system)
description: Human-readable description
user_id: User who performed action (optional)
ip_address: Client IP address (optional)
user_agent: Client user agent (optional)
resource_type: Type of affected resource (optional)
resource_id: ID of affected resource (optional)
success: Whether the action succeeded
error_message: Error details if failed (optional)
metadata: Additional JSON metadata (optional)
Returns:
Created AuditLog object
"""
# Convert metadata to JSON string
metadata_str = json.dumps(metadata) if metadata else None
# Create audit log entry
audit_log = AuditLog(
user_id=user_id,
event_type=event_type,
event_category=event_category,
description=description,
ip_address=ip_address,
user_agent=user_agent,
resource_type=resource_type,
resource_id=resource_id,
success=1 if success else 0,
error_message=error_message,
metadata=metadata_str
)
db.add(audit_log)
db.commit()
db.refresh(audit_log)
# Log to application logger
log_level = logging.INFO if success else logging.WARNING
logger.log(
log_level,
f"Audit: [{event_category}] {event_type} - {description} "
f"(user_id={user_id}, success={success})"
)
return audit_log
def get_logs(
self,
db: Session,
user_id: Optional[int] = None,
event_category: Optional[str] = None,
event_type: Optional[str] = None,
date_from: Optional[datetime] = None,
date_to: Optional[datetime] = None,
success_only: Optional[bool] = None,
skip: int = 0,
limit: int = 100
) -> Tuple[List[AuditLog], int]:
"""
Get audit logs with filtering
Args:
db: Database session
user_id: Filter by user ID (optional)
event_category: Filter by category (optional)
event_type: Filter by event type (optional)
date_from: Filter from date (optional)
date_to: Filter to date (optional)
success_only: Filter by success status (optional)
skip: Pagination offset
limit: Pagination limit
Returns:
Tuple of (logs list, total count)
"""
# Base query
query = db.query(AuditLog)
# Apply filters
if user_id is not None:
query = query.filter(AuditLog.user_id == user_id)
if event_category:
query = query.filter(AuditLog.event_category == event_category)
if event_type:
query = query.filter(AuditLog.event_type == event_type)
if date_from:
query = query.filter(AuditLog.created_at >= date_from)
if date_to:
date_to_end = date_to + timedelta(days=1)
query = query.filter(AuditLog.created_at < date_to_end)
if success_only is not None:
query = query.filter(AuditLog.success == (1 if success_only else 0))
# Get total count
total = query.count()
# Apply sorting and pagination
logs = query.order_by(desc(AuditLog.created_at)).offset(skip).limit(limit).all()
return logs, total
def get_user_activity_summary(
self,
db: Session,
user_id: int,
days: int = 30
) -> dict:
"""
Get user activity summary for the last N days
Args:
db: Database session
user_id: User ID
days: Number of days to look back
Returns:
Dictionary with activity counts
"""
date_from = datetime.utcnow() - timedelta(days=days)
# Get all user events in period
logs = db.query(AuditLog).filter(
and_(
AuditLog.user_id == user_id,
AuditLog.created_at >= date_from
)
).all()
# Count by category
summary = {
"total_events": len(logs),
"by_category": {},
"failed_attempts": 0,
"last_login": None
}
for log in logs:
# Count by category
if log.event_category not in summary["by_category"]:
summary["by_category"][log.event_category] = 0
summary["by_category"][log.event_category] += 1
# Count failures
if not log.success:
summary["failed_attempts"] += 1
# Track last login
if log.event_type == "auth_login" and log.success:
if not summary["last_login"] or log.created_at > summary["last_login"]:
summary["last_login"] = log.created_at.isoformat()
return summary
# Singleton instance
audit_service = AuditService()

197
backend/app/services/external_auth_service.py Normal file
View File

@@ -0,0 +1,197 @@
"""
Tool_OCR - External Authentication Service
Handles authentication via external API (Microsoft Azure AD)
"""
import httpx
from typing import Optional, Dict, Any
from datetime import datetime, timedelta
from pydantic import BaseModel, Field
import logging
from app.core.config import settings
logger = logging.getLogger(__name__)
class UserInfo(BaseModel):
"""User information from external API"""
id: str
name: str
email: str
job_title: Optional[str] = Field(alias="jobTitle", default=None)
office_location: Optional[str] = Field(alias="officeLocation", default=None)
business_phones: Optional[list[str]] = Field(alias="businessPhones", default=None)
class Config:
populate_by_name = True
class AuthResponse(BaseModel):
"""Authentication response from external API"""
access_token: str
id_token: str
expires_in: int
token_type: str
user_info: UserInfo = Field(alias="userInfo")
issued_at: str = Field(alias="issuedAt")
expires_at: str = Field(alias="expiresAt")
class Config:
populate_by_name = True
class ExternalAuthService:
"""Service for external API authentication"""
def __init__(self):
self.api_url = settings.external_auth_full_url
self.timeout = settings.external_auth_timeout
self.max_retries = 3
self.retry_delay = 1 # seconds
async def authenticate_user(
self, username: str, password: str
) -> tuple[bool, Optional[AuthResponse], Optional[str]]:
"""
Authenticate user via external API
Args:
username: User's username (email)
password: User's password
Returns:
Tuple of (success, auth_response, error_message)
"""
try:
# Prepare request payload
payload = {"username": username, "password": password}
# Make HTTP request with timeout and retries
async with httpx.AsyncClient(timeout=self.timeout) as client:
for attempt in range(self.max_retries):
try:
response = await client.post(
self.api_url, json=payload, headers={"Content-Type": "application/json"}
)
# Success response (200)
if response.status_code == 200:
data = response.json()
if data.get("success"):
auth_data = AuthResponse(**data["data"])
logger.info(
f"Authentication successful for user: {username}"
)
return True, auth_data, None
else:
error_msg = data.get("error", "Unknown error")
logger.warning(
f"Authentication failed for user {username}: {error_msg}"
)
return False, None, error_msg
# Unauthorized (401)
elif response.status_code == 401:
data = response.json()
error_msg = data.get("error", "Invalid credentials")
logger.warning(
f"Authentication failed for user {username}: {error_msg}"
)
return False, None, error_msg
# Other error codes
else:
error_msg = f"API returned status {response.status_code}"
logger.error(
f"Authentication API error for user {username}: {error_msg}"
)
# Retry on 5xx errors
if response.status_code >= 500 and attempt < self.max_retries - 1:
await asyncio.sleep(self.retry_delay * (attempt + 1))
continue
return False, None, error_msg
except httpx.TimeoutException:
logger.error(
f"Authentication API timeout for user {username} (attempt {attempt + 1}/{self.max_retries})"
)
if attempt < self.max_retries - 1:
await asyncio.sleep(self.retry_delay * (attempt + 1))
continue
return False, None, "Authentication API timeout"
except httpx.RequestError as e:
logger.error(
f"Authentication API request error for user {username}: {str(e)}"
)
if attempt < self.max_retries - 1:
await asyncio.sleep(self.retry_delay * (attempt + 1))
continue
return False, None, f"Network error: {str(e)}"
# All retries exhausted
return False, None, "Authentication API unavailable after retries"
except Exception as e:
logger.exception(f"Unexpected error during authentication for user {username}")
return False, None, f"Internal error: {str(e)}"
async def validate_token(self, access_token: str) -> tuple[bool, Optional[Dict[str, Any]]]:
"""
Validate access token (basic check, full validation would require token introspection endpoint)
Args:
access_token: JWT access token
Returns:
Tuple of (is_valid, token_payload)
"""
# Note: For full validation, you would need to:
# 1. Verify JWT signature using Azure AD public keys
# 2. Check token expiration
# 3. Validate issuer, audience, etc.
# For now, we rely on database session expiration tracking
# TODO: Implement full JWT validation when needed
# This is a placeholder that returns True for non-empty tokens
if not access_token or not access_token.strip():
return False, None
return True, {"valid": True}
async def get_user_info(self, user_id: str) -> Optional[UserInfo]:
"""
Fetch user information from external API (if endpoint available)
Args:
user_id: User's ID from Azure AD
Returns:
UserInfo object or None if unavailable
"""
# TODO: Implement if external API provides user info endpoint
# For now, we rely on user info stored in database from login
logger.warning("get_user_info not implemented - use cached user info from database")
return None
def is_token_expiring_soon(self, expires_at: datetime) -> bool:
"""
Check if token is expiring soon (within TOKEN_REFRESH_BUFFER)
Args:
expires_at: Token expiration timestamp
Returns:
True if token expires within buffer time
"""
buffer_seconds = settings.token_refresh_buffer
threshold = datetime.utcnow() + timedelta(seconds=buffer_seconds)
return expires_at <= threshold
# Import asyncio after class definition to avoid circular imports
import asyncio
# Global service instance
external_auth_service = ExternalAuthService()

77
backend/app/services/file_access_service.py Normal file
View File

@@ -0,0 +1,77 @@
"""
Tool_OCR - File Access Control Service
Validates user permissions for file access
"""
import os
import logging
from typing import Optional
from sqlalchemy.orm import Session
from app.models.task import Task
logger = logging.getLogger(__name__)
class FileAccessService:
"""Service for validating file access permissions"""
def validate_file_access(
self,
db: Session,
user_id: int,
task_id: str,
file_path: Optional[str]
) -> tuple[bool, Optional[str]]:
"""
Validate that user has access to the file
Args:
db: Database session
user_id: User ID requesting access
task_id: Task ID associated with the file
file_path: Path to the file
Returns:
Tuple of (is_valid, error_message)
"""
# Check if file path is provided
if not file_path:
return False, "File not available"
# Get task and verify ownership
task = db.query(Task).filter(
Task.task_id == task_id,
Task.user_id == user_id
).first()
if not task:
logger.warning(
f"Unauthorized file access attempt: "
f"user {user_id} tried to access task {task_id}"
)
return False, "Task not found or access denied"
# Check if task is completed
if task.status.value != "completed":
return False, "Task not completed yet"
# Check if file exists
if not os.path.exists(file_path):
logger.error(f"File not found: {file_path}")
return False, "File not found on server"
# Verify file is readable
if not os.access(file_path, os.R_OK):
logger.error(f"File not readable: {file_path}")
return False, "File not accessible"
logger.info(
f"File access granted: user {user_id} accessing {file_path} "
f"for task {task_id}"
)
return True, None
# Singleton instance
file_access_service = FileAccessService()

394
backend/app/services/task_service.py Normal file
View File

@@ -0,0 +1,394 @@
"""
Tool_OCR - Task Management Service
Handles OCR task CRUD operations with user isolation
"""
from typing import List, Optional, Tuple
from sqlalchemy.orm import Session
from sqlalchemy import and_, or_, desc
from datetime import datetime, timedelta
import uuid
import logging
from app.models.task import Task, TaskFile, TaskStatus
from app.core.config import settings
logger = logging.getLogger(__name__)
class TaskService:
"""Service for task management with user isolation"""
def create_task(
self,
db: Session,
user_id: int,
filename: Optional[str] = None,
file_type: Optional[str] = None,
) -> Task:
"""
Create a new task for a user
Args:
db: Database session
user_id: User ID (for isolation)
filename: Original filename
file_type: File MIME type
Returns:
Created Task object
"""
# Generate unique task ID
task_id = str(uuid.uuid4())
# Check user's task limit
if settings.max_tasks_per_user > 0:
user_task_count = db.query(Task).filter(Task.user_id == user_id).count()
if user_task_count >= settings.max_tasks_per_user:
# Auto-delete oldest completed tasks to make room
self._cleanup_old_tasks(db, user_id, limit=10)
# Create task
task = Task(
user_id=user_id,
task_id=task_id,
filename=filename,
file_type=file_type,
status=TaskStatus.PENDING,
)
db.add(task)
db.commit()
db.refresh(task)
logger.info(f"Created task {task_id} for user {user_id}")
return task
def get_task_by_id(
self, db: Session, task_id: str, user_id: int
) -> Optional[Task]:
"""
Get task by ID with user isolation
Args:
db: Database session
task_id: Task ID (UUID)
user_id: User ID (for isolation)
Returns:
Task object or None if not found/unauthorized
"""
task = (
db.query(Task)
.filter(and_(Task.task_id == task_id, Task.user_id == user_id))
.first()
)
return task
def get_user_tasks(
self,
db: Session,
user_id: int,
status: Optional[TaskStatus] = None,
filename_search: Optional[str] = None,
date_from: Optional[datetime] = None,
date_to: Optional[datetime] = None,
skip: int = 0,
limit: int = 50,
order_by: str = "created_at",
order_desc: bool = True,
) -> Tuple[List[Task], int]:
"""
Get user's tasks with pagination and filtering
Args:
db: Database session
user_id: User ID (for isolation)
status: Filter by status (optional)
filename_search: Search by filename (partial match, optional)
date_from: Filter tasks created from this date (optional)
date_to: Filter tasks created until this date (optional)
skip: Pagination offset
limit: Pagination limit
order_by: Sort field (created_at, updated_at, completed_at)
order_desc: Sort descending
Returns:
Tuple of (tasks list, total count)
"""
# Base query with user isolation
query = db.query(Task).filter(Task.user_id == user_id)
# Apply status filter
if status:
query = query.filter(Task.status == status)
# Apply filename search (case-insensitive partial match)
if filename_search:
query = query.filter(Task.filename.ilike(f"%{filename_search}%"))
# Apply date range filter
if date_from:
query = query.filter(Task.created_at >= date_from)
if date_to:
# Add one day to include the entire end date
date_to_end = date_to + timedelta(days=1)
query = query.filter(Task.created_at < date_to_end)
# Get total count
total = query.count()
# Apply sorting
sort_column = getattr(Task, order_by, Task.created_at)
if order_desc:
query = query.order_by(desc(sort_column))
else:
query = query.order_by(sort_column)
# Apply pagination
tasks = query.offset(skip).limit(limit).all()
return tasks, total
def update_task_status(
self,
db: Session,
task_id: str,
user_id: int,
status: TaskStatus,
error_message: Optional[str] = None,
processing_time_ms: Optional[int] = None,
) -> Optional[Task]:
"""
Update task status with user isolation
Args:
db: Database session
task_id: Task ID (UUID)
user_id: User ID (for isolation)
status: New status
error_message: Error message if failed
processing_time_ms: Processing time in milliseconds
Returns:
Updated Task object or None if not found/unauthorized
"""
task = self.get_task_by_id(db, task_id, user_id)
if not task:
logger.warning(
f"Task {task_id} not found for user {user_id} during status update"
)
return None
task.status = status
task.updated_at = datetime.utcnow()
if status == TaskStatus.COMPLETED:
task.completed_at = datetime.utcnow()
if error_message:
task.error_message = error_message
if processing_time_ms is not None:
task.processing_time_ms = processing_time_ms
db.commit()
db.refresh(task)
logger.info(f"Updated task {task_id} status to {status.value}")
return task
def update_task_results(
self,
db: Session,
task_id: str,
user_id: int,
result_json_path: Optional[str] = None,
result_markdown_path: Optional[str] = None,
result_pdf_path: Optional[str] = None,
) -> Optional[Task]:
"""
Update task result file paths
Args:
db: Database session
task_id: Task ID (UUID)
user_id: User ID (for isolation)
result_json_path: Path to JSON result
result_markdown_path: Path to Markdown result
result_pdf_path: Path to searchable PDF
Returns:
Updated Task object or None if not found/unauthorized
"""
task = self.get_task_by_id(db, task_id, user_id)
if not task:
return None
if result_json_path:
task.result_json_path = result_json_path
if result_markdown_path:
task.result_markdown_path = result_markdown_path
if result_pdf_path:
task.result_pdf_path = result_pdf_path
task.updated_at = datetime.utcnow()
db.commit()
db.refresh(task)
logger.info(f"Updated task {task_id} result paths")
return task
def delete_task(
self, db: Session, task_id: str, user_id: int
) -> bool:
"""
Delete task with user isolation
Args:
db: Database session
task_id: Task ID (UUID)
user_id: User ID (for isolation)
Returns:
True if deleted, False if not found/unauthorized
"""
task = self.get_task_by_id(db, task_id, user_id)
if not task:
return False
# Cascade delete will handle task_files
db.delete(task)
db.commit()
logger.info(f"Deleted task {task_id} for user {user_id}")
return True
def _cleanup_old_tasks(
self, db: Session, user_id: int, limit: int = 10
) -> int:
"""
Clean up old completed tasks for a user
Args:
db: Database session
user_id: User ID
limit: Number of tasks to delete
Returns:
Number of tasks deleted
"""
# Find oldest completed tasks
old_tasks = (
db.query(Task)
.filter(
and_(
Task.user_id == user_id,
Task.status == TaskStatus.COMPLETED,
)
)
.order_by(Task.completed_at)
.limit(limit)
.all()
)
count = 0
for task in old_tasks:
db.delete(task)
count += 1
if count > 0:
db.commit()
logger.info(f"Cleaned up {count} old tasks for user {user_id}")
return count
def auto_cleanup_expired_tasks(self, db: Session) -> int:
"""
Auto-cleanup tasks older than TASK_RETENTION_DAYS
Args:
db: Database session
Returns:
Number of tasks deleted
"""
if settings.task_retention_days <= 0:
return 0
cutoff_date = datetime.utcnow() - timedelta(days=settings.task_retention_days)
# Find expired tasks
expired_tasks = (
db.query(Task)
.filter(
and_(
Task.status == TaskStatus.COMPLETED,
Task.completed_at < cutoff_date,
)
)
.all()
)
count = 0
for task in expired_tasks:
task.file_deleted = True
# TODO: Delete actual files from disk
db.delete(task)
count += 1
if count > 0:
db.commit()
logger.info(f"Auto-cleaned up {count} expired tasks")
return count
def get_user_stats(self, db: Session, user_id: int) -> dict:
"""
Get statistics for a user's tasks
Args:
db: Database session
user_id: User ID
Returns:
Dictionary with task statistics
"""
total = db.query(Task).filter(Task.user_id == user_id).count()
pending = (
db.query(Task)
.filter(and_(Task.user_id == user_id, Task.status == TaskStatus.PENDING))
.count()
)
processing = (
db.query(Task)
.filter(and_(Task.user_id == user_id, Task.status == TaskStatus.PROCESSING))
.count()
)
completed = (
db.query(Task)
.filter(and_(Task.user_id == user_id, Task.status == TaskStatus.COMPLETED))
.count()
)
failed = (
db.query(Task)
.filter(and_(Task.user_id == user_id, Task.status == TaskStatus.FAILED))
.count()
)
return {
"total": total,
"pending": pending,
"processing": processing,
"completed": completed,
"failed": failed,
}
# Global service instance
task_service = TaskService()