egg/OCR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ad2b832fb67c02fea7815508fa63b7a2f1614348
OCR/.claude/settings.local.json
egg ad2b832fb6 feat: complete external auth V2 migration with advanced features 
This commit implements comprehensive external Azure AD authentication
with complete task management, file download, and admin monitoring systems.

## Core Features Implemented (80% Complete)

### 1. Token Auto-Refresh Mechanism 
- Backend: POST /api/v2/auth/refresh endpoint
- Frontend: Auto-refresh 5 minutes before expiration
- Auto-retry on 401 errors with seamless token refresh

### 2. File Download System 
- Three format support: JSON / Markdown / PDF
- Endpoints: GET /api/v2/tasks/{id}/download/{format}
- File access control with ownership validation
- Frontend download buttons in TaskHistoryPage

### 3. Complete Task Management 
Backend Endpoints:
- POST /api/v2/tasks/{id}/start - Start task
- POST /api/v2/tasks/{id}/cancel - Cancel task
- POST /api/v2/tasks/{id}/retry - Retry failed task
- GET /api/v2/tasks - List with filters (status, filename, date range)
- GET /api/v2/tasks/stats - User statistics

Frontend Features:
- Status-based action buttons (Start/Cancel/Retry)
- Advanced search and filtering (status, filename, date range)
- Pagination and sorting
- Task statistics dashboard (5 stat cards)

### 4. Admin Monitoring System  (Backend)
Admin APIs:
- GET /api/v2/admin/stats - System statistics
- GET /api/v2/admin/users - User list with stats
- GET /api/v2/admin/users/top - User leaderboard
- GET /api/v2/admin/audit-logs - Audit log query system
- GET /api/v2/admin/audit-logs/user/{id}/summary

Admin Features:
- Email-based admin check (ymirliu@panjit.com.tw)
- Comprehensive system metrics (users, tasks, sessions, activity)
- Audit logging service for security tracking

### 5. User Isolation & Security 
- Row-level security on all task queries
- File access control with ownership validation
- Strict user_id filtering on all operations
- Session validation and expiry checking
- Admin privilege verification

## New Files Created

Backend:
- backend/app/models/user_v2.py - User model for external auth
- backend/app/models/task.py - Task model with user isolation
- backend/app/models/session.py - Session management
- backend/app/models/audit_log.py - Audit log model
- backend/app/services/external_auth_service.py - External API client
- backend/app/services/task_service.py - Task CRUD with isolation
- backend/app/services/file_access_service.py - File access control
- backend/app/services/admin_service.py - Admin operations
- backend/app/services/audit_service.py - Audit logging
- backend/app/routers/auth_v2.py - V2 auth endpoints
- backend/app/routers/tasks.py - Task management endpoints
- backend/app/routers/admin.py - Admin endpoints
- backend/alembic/versions/5e75a59fb763_*.py - DB migration

Frontend:
- frontend/src/services/apiV2.ts - Complete V2 API client
- frontend/src/types/apiV2.ts - V2 type definitions
- frontend/src/pages/TaskHistoryPage.tsx - Task history UI

Modified Files:
- backend/app/core/deps.py - Added get_current_admin_user_v2
- backend/app/main.py - Registered admin router
- frontend/src/pages/LoginPage.tsx - V2 login integration
- frontend/src/components/Layout.tsx - User display and logout
- frontend/src/App.tsx - Added /tasks route

## Documentation
- openspec/changes/.../PROGRESS_UPDATE.md - Detailed progress report

## Pending Items (20%)
1. Database migration execution for audit_logs table
2. Frontend admin dashboard page
3. Frontend audit log viewer

## Testing Status
- Manual testing:  Authentication flow verified
- Unit tests:  Pending
- Integration tests:  Pending

## Security Enhancements
-  User isolation (row-level security)
-  File access control
-  Token expiry validation
-  Admin privilege verification
-  Audit logging infrastructure
-  Token encryption (noted, low priority)
-  Rate limiting (noted, low priority)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-14 17:19:43 +08:00

77 lines
3.6 KiB
JSON
Raw Blame History

{
"permissions": {
"allow": [
"Bash(openspec validate:*)",
"Bash(openspec list:*)",
"Bash(openspec show:*)",
"Bash(conda env:*)",
"Bash(alembic init:*)",
"Bash(alembic revision:*)",
"Bash(python -m alembic revision:*)",
"Bash(python test_services.py:*)",
"Bash(source ~/.zshrc)",
"Bash(conda activate:*)",
"Bash(brew install:*)",
"Bash(/opt/homebrew/bin/brew install libmagic)",
"Bash(python:*)",
"Bash(/opt/homebrew/bin/brew install pango gdk-pixbuf libffi)",
"Bash(export DYLD_LIBRARY_PATH:*)",
"Bash(pip install:*)",
"Bash(timeout 5 python:*)",
"Bash(curl:*)",
"Bash(pkill:*)",
"Bash(bash -c \"source ~/.zshrc && conda activate tool_ocr && export DYLD_LIBRARY_PATH=/opt/homebrew/lib:$DYLD_LIBRARY_PATH && python -m app.main > /tmp/tool_ocr_startup.log 2>&1 &\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjMsInVzZXJuYW1lIjoiYWRtaW4iLCJleHAiOjE3NjI4ODM1NDF9.sm7zPq7ShErFg3UfBSrzGWxC5m5MgC_L0owKJb7Q4J4\":*)",
"Bash(/tmp/login_response.json)",
"Bash(cat:*)",
"Bash(conda run:*)",
"Bash(alembic upgrade:*)",
"Bash(lsof:*)",
"Bash(xargs kill:*)",
"Bash(brew list:*)",
"Bash(echo:*)",
"Bash(bash -c \"source ~/.zshrc && conda activate tool_ocr && cd /Users/egg/Projects/Tool_OCR/backend && pip list | grep pytest\")",
"Bash(bash -c:*)",
"Bash(find:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjMsInVzZXJuYW1lIjoiYWRtaW4iLCJleHAiOjE3NjI5MTczMzl9.x5FYcKYpF8rp1M7M7pQsDGwJS1EeQ6RdgRxtNbA2W5E\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjMsInVzZXJuYW1lIjoiYWRtaW4iLCJleHAiOjE3NjI5MTczOTN9.oNPbj-SvIl_becIlulXb4DOJ6uHF70hnwlqI-Zfqs1g\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzIiwidXNlcm5hbWUiOiJhZG1pbiIsImV4cCI6MTc2MjkxNzQ1NH0.wtLv3n8bR_whzkuYILehy87IBDI_ph8FWEFd7laASEU\")",
"Bash(python3:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzIiwidXNlcm5hbWUiOiJhZG1pbiIsImV4cCI6MTc2MjkyMDUzMn0.e_uG5pRTHsnsCEO3yVZDCR4vXXne81Evkw99VDGVZQU\")",
"Bash(unzip:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzIiwidXNlcm5hbWUiOiJhZG1pbiIsImV4cCI6MTc2MjkyMDc0OH0.zOpB_2lTi-nVf5B7VMMB9GPeanuo0i-m6iauzjyhCno\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzIiwidXNlcm5hbWUiOiJhZG1pbiIsImV4cCI6MTc2MjkyMTExM30.q81VbDDIvQkL3VLl5sCvDEJlha3Rm4hkWMDQmWJyurs\")",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzIiwidXNlcm5hbWUiOiJhZG1pbiIsImV4cCI6MTc2MjkyMTI3OH0.7CQ9NMj5yekdtaRg4v0jHYQmfsbajTZ8aK8kKOo7ixQ\")",
"Bash(/Applications/LibreOffice.app/Contents/MacOS/soffice --headless --convert-to docx test_document.html --outdir .)",
"Bash(env)",
"Bash(node --version:*)",
"Bash(npm:*)",
"Bash(npx tailwindcss init -p)",
"Bash(sqlite3:*)",
"Bash(TOKEN=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzIiwidXNlcm5hbWUiOiJhZG1pbiIsImV4cCI6MTc2Mjk1ODUzOX0.S1JjFxVVmifdkN5F_dORt5jTRdTFN9MKJ8UJKuYacA8\")",
"Bash(tree:*)",
"Bash(done)",
"Bash(git add:*)",
"Bash(git commit:*)",
"Bash(git push)",
"Bash(docker --version:*)",
"Bash(dpkg:*)",
"Bash(pip3:*)",
"Bash(chmod:*)",
"Bash(sudo apt install:*)",
"Bash(/usr/bin/soffice:*)",
"Bash(git config:*)",
"Bash(source:*)",
"Bash(pip uninstall:*)",
"Bash(nvidia-smi:*)",
"Bash(journalctl:*)",
"Bash(ss:*)",
"Bash(pip index:*)",
"Bash(timeout 10 python:*)",
"Bash(alembic current:*)"
],
"deny": [],
"ask": []
}
}
Reference in New Issue View Git Blame Copy Permalink