feat: complete external auth V2 migration with advanced features
This commit implements comprehensive external Azure AD authentication with complete task management, file download, and admin monitoring systems. ## Core Features Implemented (80% Complete) ### 1. Token Auto-Refresh Mechanism ✅ - Backend: POST /api/v2/auth/refresh endpoint - Frontend: Auto-refresh 5 minutes before expiration - Auto-retry on 401 errors with seamless token refresh ### 2. File Download System ✅ - Three format support: JSON / Markdown / PDF - Endpoints: GET /api/v2/tasks/{id}/download/{format} - File access control with ownership validation - Frontend download buttons in TaskHistoryPage ### 3. Complete Task Management ✅ Backend Endpoints: - POST /api/v2/tasks/{id}/start - Start task - POST /api/v2/tasks/{id}/cancel - Cancel task - POST /api/v2/tasks/{id}/retry - Retry failed task - GET /api/v2/tasks - List with filters (status, filename, date range) - GET /api/v2/tasks/stats - User statistics Frontend Features: - Status-based action buttons (Start/Cancel/Retry) - Advanced search and filtering (status, filename, date range) - Pagination and sorting - Task statistics dashboard (5 stat cards) ### 4. Admin Monitoring System ✅ (Backend) Admin APIs: - GET /api/v2/admin/stats - System statistics - GET /api/v2/admin/users - User list with stats - GET /api/v2/admin/users/top - User leaderboard - GET /api/v2/admin/audit-logs - Audit log query system - GET /api/v2/admin/audit-logs/user/{id}/summary Admin Features: - Email-based admin check (ymirliu@panjit.com.tw) - Comprehensive system metrics (users, tasks, sessions, activity) - Audit logging service for security tracking ### 5. User Isolation & Security ✅ - Row-level security on all task queries - File access control with ownership validation - Strict user_id filtering on all operations - Session validation and expiry checking - Admin privilege verification ## New Files Created Backend: - backend/app/models/user_v2.py - User model for external auth - backend/app/models/task.py - Task model with user isolation - backend/app/models/session.py - Session management - backend/app/models/audit_log.py - Audit log model - backend/app/services/external_auth_service.py - External API client - backend/app/services/task_service.py - Task CRUD with isolation - backend/app/services/file_access_service.py - File access control - backend/app/services/admin_service.py - Admin operations - backend/app/services/audit_service.py - Audit logging - backend/app/routers/auth_v2.py - V2 auth endpoints - backend/app/routers/tasks.py - Task management endpoints - backend/app/routers/admin.py - Admin endpoints - backend/alembic/versions/5e75a59fb763_*.py - DB migration Frontend: - frontend/src/services/apiV2.ts - Complete V2 API client - frontend/src/types/apiV2.ts - V2 type definitions - frontend/src/pages/TaskHistoryPage.tsx - Task history UI Modified Files: - backend/app/core/deps.py - Added get_current_admin_user_v2 - backend/app/main.py - Registered admin router - frontend/src/pages/LoginPage.tsx - V2 login integration - frontend/src/components/Layout.tsx - User display and logout - frontend/src/App.tsx - Added /tasks route ## Documentation - openspec/changes/.../PROGRESS_UPDATE.md - Detailed progress report ## Pending Items (20%) 1. Database migration execution for audit_logs table 2. Frontend admin dashboard page 3. Frontend audit log viewer ## Testing Status - Manual testing: ✅ Authentication flow verified - Unit tests: ⏳ Pending - Integration tests: ⏳ Pending ## Security Enhancements - ✅ User isolation (row-level security) - ✅ File access control - ✅ Token expiry validation - ✅ Admin privilege verification - ✅ Audit logging infrastructure - ⏳ Token encryption (noted, low priority) - ⏳ Rate limiting (noted, low priority) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
egg
@@ -18,6 +18,8 @@ export interface LoginResponse {
|
||||
export interface User {
|
||||
id: number
|
||||
username: string
|
||||
email?: string
|
||||
displayName?: string | null
|
||||
}
|
||||
|
||||
// File Upload
|
||||
|
||||
117
frontend/src/types/apiV2.ts
Normal file
117
frontend/src/types/apiV2.ts
Normal file
@@ -0,0 +1,117 @@
|
||||
/**
|
||||
* API V2 Type Definitions
|
||||
* External Authentication & Task Management
|
||||
*/
|
||||
|
||||
// ==================== Authentication ====================
|
||||
|
||||
export interface UserInfo {
|
||||
id: number
|
||||
email: string
|
||||
display_name: string | null
|
||||
}
|
||||
|
||||
export interface LoginResponseV2 {
|
||||
access_token: string
|
||||
token_type: string
|
||||
expires_in: number
|
||||
user: UserInfo
|
||||
}
|
||||
|
||||
export interface UserResponse {
|
||||
id: number
|
||||
email: string
|
||||
display_name: string | null
|
||||
created_at: string
|
||||
last_login: string | null
|
||||
is_active: boolean
|
||||
}
|
||||
|
||||
export interface SessionInfo {
|
||||
id: number
|
||||
token_type: string
|
||||
expires_at: string
|
||||
issued_at: string
|
||||
ip_address: string | null
|
||||
user_agent: string | null
|
||||
created_at: string
|
||||
last_accessed_at: string
|
||||
is_expired: boolean
|
||||
time_until_expiry: number
|
||||
}
|
||||
|
||||
// ==================== Task Management ====================
|
||||
|
||||
export type TaskStatus = 'pending' | 'processing' | 'completed' | 'failed'
|
||||
|
||||
export interface TaskCreate {
|
||||
filename?: string
|
||||
file_type?: string
|
||||
}
|
||||
|
||||
export interface TaskUpdate {
|
||||
status?: TaskStatus
|
||||
error_message?: string
|
||||
processing_time_ms?: number
|
||||
result_json_path?: string
|
||||
result_markdown_path?: string
|
||||
result_pdf_path?: string
|
||||
}
|
||||
|
||||
export interface Task {
|
||||
id: number
|
||||
user_id: number
|
||||
task_id: string
|
||||
filename: string | null
|
||||
file_type: string | null
|
||||
status: TaskStatus
|
||||
result_json_path: string | null
|
||||
result_markdown_path: string | null
|
||||
result_pdf_path: string | null
|
||||
error_message: string | null
|
||||
processing_time_ms: number | null
|
||||
created_at: string
|
||||
updated_at: string
|
||||
completed_at: string | null
|
||||
file_deleted: boolean
|
||||
}
|
||||
|
||||
export interface TaskFile {
|
||||
id: number
|
||||
original_name: string | null
|
||||
stored_path: string | null
|
||||
file_size: number | null
|
||||
mime_type: string | null
|
||||
file_hash: string | null
|
||||
created_at: string
|
||||
}
|
||||
|
||||
export interface TaskDetail extends Task {
|
||||
files: TaskFile[]
|
||||
}
|
||||
|
||||
export interface TaskListResponse {
|
||||
tasks: Task[]
|
||||
total: number
|
||||
page: number
|
||||
page_size: number
|
||||
has_more: boolean
|
||||
}
|
||||
|
||||
export interface TaskStats {
|
||||
total: number
|
||||
pending: number
|
||||
processing: number
|
||||
completed: number
|
||||
failed: number
|
||||
}
|
||||
|
||||
// ==================== Task Filters ====================
|
||||
|
||||
export interface TaskFilters {
|
||||
status?: TaskStatus
|
||||
page: number
|
||||
page_size: number
|
||||
order_by: string
|
||||
order_desc: boolean
|
||||
}
|
||||
Reference in New Issue
Block a user