Improve teh securty of teh DB

2025-10-19 19:22:37 +02:00
parent 62971c07d7
commit 05da20357d
87 changed files with 7998 additions and 932 deletions
--- a/services/production/app/api/equipment.py
+++ b/services/production/app/api/equipment.py
@@ -0,0 +1,229 @@
+# services/production/app/api/equipment.py
+"""
+Equipment API - CRUD operations on Equipment model
+"""
+
+from fastapi import APIRouter, Depends, HTTPException, Path, Query
+from typing import Optional
+from uuid import UUID
+import structlog
+
+from shared.auth.decorators import get_current_user_dep
+from shared.auth.access_control import require_user_role
+from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction
+from app.core.database import get_db
+from app.services.production_service import ProductionService
+from app.schemas.equipment import (
+    EquipmentCreate,
+    EquipmentUpdate,
+    EquipmentResponse,
+    EquipmentListResponse
+)
+from app.models.production import EquipmentStatus, EquipmentType
+from app.core.config import settings
+
+logger = structlog.get_logger()
+route_builder = RouteBuilder('production')
+router = APIRouter(tags=["production-equipment"])
+
+# Initialize audit logger
+audit_logger = create_audit_logger("production-service")
+
+
+def get_production_service() -> ProductionService:
+    """Dependency injection for production service"""
+    from app.core.database import database_manager
+    return ProductionService(database_manager, settings)
+
+
+@router.get(
+    route_builder.build_base_route("equipment"),
+    response_model=EquipmentListResponse
+)
+async def list_equipment(
+    tenant_id: UUID = Path(...),
+    status: Optional[EquipmentStatus] = Query(None, description="Filter by status"),
+    type: Optional[EquipmentType] = Query(None, description="Filter by equipment type"),
+    is_active: Optional[bool] = Query(None, description="Filter by active status"),
+    page: int = Query(1, ge=1, description="Page number"),
+    page_size: int = Query(50, ge=1, le=100, description="Page size"),
+    current_user: dict = Depends(get_current_user_dep),
+    production_service: ProductionService = Depends(get_production_service)
+):
+    """List equipment with filters: status, type, active status"""
+    try:
+        filters = {
+            "status": status,
+            "type": type,
+            "is_active": is_active
+        }
+
+        equipment_list = await production_service.get_equipment_list(tenant_id, filters, page, page_size)
+
+        logger.info("Retrieved equipment list",
+                   tenant_id=str(tenant_id), filters=filters)
+
+        return equipment_list
+
+    except Exception as e:
+        logger.error("Error listing equipment",
+                    error=str(e), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=500, detail="Failed to list equipment")
+
+
+@router.post(
+    route_builder.build_base_route("equipment"),
+    response_model=EquipmentResponse
+)
+async def create_equipment(
+    equipment_data: EquipmentCreate,
+    tenant_id: UUID = Path(...),
+    current_user: dict = Depends(get_current_user_dep),
+    production_service: ProductionService = Depends(get_production_service)
+):
+    """Create a new equipment item"""
+    try:
+        equipment = await production_service.create_equipment(tenant_id, equipment_data)
+
+        logger.info("Created equipment",
+                   equipment_id=str(equipment.id), tenant_id=str(tenant_id))
+
+        # Audit log
+        await audit_logger.log(
+            action=AuditAction.CREATE,
+            resource_type="equipment",
+            resource_id=str(equipment.id),
+            user_id=current_user.get('user_id'),
+            tenant_id=str(tenant_id),
+            severity=AuditSeverity.INFO,
+            details={"equipment_name": equipment.name, "equipment_type": equipment.type.value}
+        )
+
+        return EquipmentResponse.model_validate(equipment)
+
+    except ValueError as e:
+        logger.warning("Validation error creating equipment",
+                      error=str(e), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=400, detail=str(e))
+
+    except Exception as e:
+        logger.error("Error creating equipment",
+                    error=str(e), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=500, detail="Failed to create equipment")
+
+
+@router.get(
+    route_builder.build_base_route("equipment/{equipment_id}"),
+    response_model=EquipmentResponse
+)
+async def get_equipment(
+    tenant_id: UUID = Path(...),
+    equipment_id: UUID = Path(...),
+    current_user: dict = Depends(get_current_user_dep),
+    production_service: ProductionService = Depends(get_production_service)
+):
+    """Get a specific equipment item"""
+    try:
+        equipment = await production_service.get_equipment(tenant_id, equipment_id)
+
+        if not equipment:
+            raise HTTPException(status_code=404, detail="Equipment not found")
+
+        logger.info("Retrieved equipment",
+                   equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+
+        return EquipmentResponse.model_validate(equipment)
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error retrieving equipment",
+                    error=str(e), equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=500, detail="Failed to retrieve equipment")
+
+
+@router.put(
+    route_builder.build_base_route("equipment/{equipment_id}"),
+    response_model=EquipmentResponse
+)
+async def update_equipment(
+    equipment_data: EquipmentUpdate,
+    tenant_id: UUID = Path(...),
+    equipment_id: UUID = Path(...),
+    current_user: dict = Depends(get_current_user_dep),
+    production_service: ProductionService = Depends(get_production_service)
+):
+    """Update an equipment item"""
+    try:
+        equipment = await production_service.update_equipment(tenant_id, equipment_id, equipment_data)
+
+        if not equipment:
+            raise HTTPException(status_code=404, detail="Equipment not found")
+
+        logger.info("Updated equipment",
+                   equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+
+        # Audit log
+        await audit_logger.log(
+            action=AuditAction.UPDATE,
+            resource_type="equipment",
+            resource_id=str(equipment_id),
+            user_id=current_user.get('user_id'),
+            tenant_id=str(tenant_id),
+            severity=AuditSeverity.INFO,
+            details={"updates": equipment_data.model_dump(exclude_unset=True)}
+        )
+
+        return EquipmentResponse.model_validate(equipment)
+
+    except HTTPException:
+        raise
+    except ValueError as e:
+        logger.warning("Validation error updating equipment",
+                      error=str(e), equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error updating equipment",
+                    error=str(e), equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=500, detail="Failed to update equipment")
+
+
+@router.delete(
+    route_builder.build_base_route("equipment/{equipment_id}")
+)
+async def delete_equipment(
+    tenant_id: UUID = Path(...),
+    equipment_id: UUID = Path(...),
+    current_user: dict = Depends(get_current_user_dep),
+    production_service: ProductionService = Depends(get_production_service)
+):
+    """Delete (soft delete) an equipment item"""
+    try:
+        success = await production_service.delete_equipment(tenant_id, equipment_id)
+
+        if not success:
+            raise HTTPException(status_code=404, detail="Equipment not found")
+
+        logger.info("Deleted equipment",
+                   equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+
+        # Audit log
+        await audit_logger.log(
+            action=AuditAction.DELETE,
+            resource_type="equipment",
+            resource_id=str(equipment_id),
+            user_id=current_user.get('user_id'),
+            tenant_id=str(tenant_id),
+            severity=AuditSeverity.WARNING,
+            details={"action": "soft_delete"}
+        )
+
+        return {"message": "Equipment deleted successfully"}
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error deleting equipment",
+                    error=str(e), equipment_id=str(equipment_id), tenant_id=str(tenant_id))
+        raise HTTPException(status_code=500, detail="Failed to delete equipment")
--- a/services/production/app/api/internal_demo.py
+++ b/services/production/app/api/internal_demo.py
@@ -21,6 +21,7 @@ from app.models.production import (
 )
 from shared.utils.demo_dates import adjust_date_for_demo, BASE_REFERENCE_DATE
 from shared.utils.alert_generator import generate_equipment_alerts
+from shared.messaging.rabbitmq import RabbitMQClient

 logger = structlog.get_logger()
 router = APIRouter(prefix="/internal/demo", tags=["internal"])
@@ -432,14 +433,39 @@ async def clone_demo_data(
        # Commit cloned data first
        await db.commit()

-        # Generate equipment maintenance and status alerts
+        # Generate equipment maintenance and status alerts with RabbitMQ publishing
+        rabbitmq_client = None
        try:
-            alerts_count = await generate_equipment_alerts(db, virtual_uuid, session_time)
+            # Initialize RabbitMQ client for alert publishing
+            rabbitmq_host = os.getenv("RABBITMQ_HOST", "rabbitmq-service")
+            rabbitmq_user = os.getenv("RABBITMQ_USER", "bakery")
+            rabbitmq_password = os.getenv("RABBITMQ_PASSWORD", "forecast123")
+            rabbitmq_port = os.getenv("RABBITMQ_PORT", "5672")
+            rabbitmq_vhost = os.getenv("RABBITMQ_VHOST", "/")
+            rabbitmq_url = f"amqp://{rabbitmq_user}:{rabbitmq_password}@{rabbitmq_host}:{rabbitmq_port}{rabbitmq_vhost}"
+
+            rabbitmq_client = RabbitMQClient(rabbitmq_url, service_name="production")
+            await rabbitmq_client.connect()
+
+            # Generate alerts and publish to RabbitMQ
+            alerts_count = await generate_equipment_alerts(
+                db,
+                virtual_uuid,
+                session_time,
+                rabbitmq_client=rabbitmq_client
+            )
            stats["alerts_generated"] += alerts_count
            await db.commit()
            logger.info(f"Generated {alerts_count} equipment alerts")
        except Exception as alert_error:
            logger.warning(f"Alert generation failed: {alert_error}", exc_info=True)
+        finally:
+            # Clean up RabbitMQ connection
+            if rabbitmq_client:
+                try:
+                    await rabbitmq_client.disconnect()
+                except Exception as cleanup_error:
+                    logger.warning(f"Error disconnecting RabbitMQ: {cleanup_error}")

        total_records = sum(stats.values())
        duration_ms = int((datetime.now(timezone.utc) - start_time).total_seconds() * 1000)