Improve teh securty of teh DB
This commit is contained in:
Urtzi Alfaro
@@ -181,11 +181,30 @@ async def events_stream(request: Request, tenant_id: str):
|
||||
pubsub = redis_client.pubsub()
|
||||
channel_name = f"alerts:{tenant_id}"
|
||||
await pubsub.subscribe(channel_name)
|
||||
|
||||
|
||||
# Send initial connection event
|
||||
yield f"event: connection\n"
|
||||
yield f"data: {json.dumps({'type': 'connected', 'message': 'SSE connection established', 'timestamp': time.time()})}\n\n"
|
||||
|
||||
|
||||
# Fetch and send initial active alerts from Redis cache
|
||||
try:
|
||||
cache_key = f"active_alerts:{tenant_id}"
|
||||
cached_alerts = await redis_client.get(cache_key)
|
||||
if cached_alerts:
|
||||
active_items = json.loads(cached_alerts)
|
||||
logger.info(f"Sending initial_items to tenant {tenant_id}, count: {len(active_items)}")
|
||||
yield f"event: initial_items\n"
|
||||
yield f"data: {json.dumps(active_items)}\n\n"
|
||||
else:
|
||||
logger.info(f"No cached alerts found for tenant {tenant_id}")
|
||||
yield f"event: initial_items\n"
|
||||
yield f"data: {json.dumps([])}\n\n"
|
||||
except Exception as e:
|
||||
logger.error(f"Error fetching initial items for tenant {tenant_id}: {e}")
|
||||
# Still send empty initial_items event
|
||||
yield f"event: initial_items\n"
|
||||
yield f"data: {json.dumps([])}\n\n"
|
||||
|
||||
heartbeat_counter = 0
|
||||
|
||||
while True:
|
||||
|
||||
@@ -59,9 +59,46 @@ class AuthMiddleware(BaseHTTPMiddleware):
|
||||
if self._is_public_route(request.url.path):
|
||||
return await call_next(request)
|
||||
|
||||
# ✅ Check if demo middleware already set user context
|
||||
# ✅ Check if demo middleware already set user context OR check query param for SSE
|
||||
demo_session_header = request.headers.get("X-Demo-Session-Id")
|
||||
logger.info(f"Auth check - path: {request.url.path}, demo_header: {demo_session_header}, has_demo_state: {hasattr(request.state, 'is_demo_session')}")
|
||||
demo_session_query = request.query_params.get("demo_session_id") # For SSE endpoint
|
||||
logger.info(f"Auth check - path: {request.url.path}, demo_header: {demo_session_header}, demo_query: {demo_session_query}, has_demo_state: {hasattr(request.state, 'is_demo_session')}")
|
||||
|
||||
# For SSE endpoint with demo_session_id in query params, validate it here
|
||||
if request.url.path == "/api/events" and demo_session_query and not hasattr(request.state, "is_demo_session"):
|
||||
logger.info(f"SSE endpoint with demo_session_id query param: {demo_session_query}")
|
||||
# Validate demo session via demo-session service
|
||||
import httpx
|
||||
try:
|
||||
async with httpx.AsyncClient() as client:
|
||||
response = await client.get(
|
||||
f"http://demo-session-service:8000/api/v1/demo/sessions/{demo_session_query}",
|
||||
headers={"X-Internal-API-Key": "dev-internal-key-change-in-production"}
|
||||
)
|
||||
if response.status_code == 200:
|
||||
session_data = response.json()
|
||||
# Set demo session context
|
||||
request.state.is_demo_session = True
|
||||
request.state.user = {
|
||||
"user_id": f"demo-user-{demo_session_query}",
|
||||
"email": f"demo-{demo_session_query}@demo.local",
|
||||
"tenant_id": session_data.get("virtual_tenant_id"),
|
||||
"demo_session_id": demo_session_query,
|
||||
}
|
||||
request.state.tenant_id = session_data.get("virtual_tenant_id")
|
||||
logger.info(f"✅ Demo session validated for SSE: {demo_session_query}")
|
||||
else:
|
||||
logger.warning(f"Invalid demo session for SSE: {demo_session_query}")
|
||||
return JSONResponse(
|
||||
status_code=401,
|
||||
content={"detail": "Invalid demo session"}
|
||||
)
|
||||
except Exception as e:
|
||||
logger.error(f"Failed to validate demo session for SSE: {e}")
|
||||
return JSONResponse(
|
||||
status_code=503,
|
||||
content={"detail": "Demo session service unavailable"}
|
||||
)
|
||||
|
||||
if hasattr(request.state, "is_demo_session") and request.state.is_demo_session:
|
||||
if hasattr(request.state, "user") and request.state.user:
|
||||
|
||||
Reference in New Issue
Block a user