bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add improvements

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-12 14:24:14 +01:00
parent 6037faaf8c
commit 230bbe6a19
61 changed files with 1668 additions and 894 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
services/auth/app/services/auth_service.py
View File

@@ -517,6 +517,22 @@ class EnhancedAuthService:
detail="Invalid token"
)
# Handle service tokens (used for inter-service communication)
if payload.get("type") == "service":
logger.debug("Service token verified successfully",
service=payload.get("service"),
tenant_id=payload.get("tenant_id"))
return {
"valid": True,
"user_id": payload.get("user_id", f"{payload.get('service')}-service"),
"email": payload.get("email", f"{payload.get('service')}-service@internal"),
"role": payload.get("role", "admin"),
"exp": payload.get("exp"),
"service": payload.get("service"),
"tenant_id": payload.get("tenant_id")
}
# Handle regular user tokens
return payload
except Exception as e:
@@ -689,16 +705,22 @@ class EnhancedAuthService:
error=str(e))
return False
async def _get_service_token(self) -> str:
async def _get_service_token(self, tenant_id: Optional[str] = None) -> str:
"""
Get service token for inter-service communication.
This is used to fetch subscription data from tenant service.
Args:
tenant_id: Optional tenant ID for tenant-scoped service operations
Returns:
JWT service token
"""
try:
# Create a proper service token with JWT using SecurityManager
service_token = SecurityManager.create_service_token("auth-service")
service_token = SecurityManager.create_service_token("auth-service", tenant_id)
logger.debug("Generated service token for tenant service communication")
logger.debug("Generated service token for tenant service communication", tenant_id=tenant_id)
return service_token
except Exception as e:
logger.error(f"Failed to get service token: {e}")

21
services/auth/app/services/deletion_orchestrator.py
View File

@@ -14,6 +14,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
from app.models.deletion_job import DeletionJob as DeletionJobModel
from app.repositories.deletion_job_repository import DeletionJobRepository
from shared.auth.jwt_handler import JWTHandler
logger = structlog.get_logger()
@@ -145,13 +146,17 @@ class DeletionOrchestrator:
Initialize orchestrator
Args:
auth_token: JWT token for service-to-service authentication
auth_token: JWT token for service-to-service authentication (deprecated - will be auto-generated)
db: Database session for persistence (optional for backward compatibility)
"""
self.auth_token = auth_token
self.auth_token = auth_token # Deprecated: kept for backward compatibility
self.db = db
self.jobs: Dict[str, DeletionJob] = {} # In-memory cache for active jobs
# Initialize JWT handler for creating service tokens
from app.core.config import settings
self.jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)
async def _save_job_to_db(self, job: DeletionJob) -> None:
"""Save or update job to database"""
if not self.db:
@@ -406,14 +411,18 @@ class DeletionOrchestrator:
tenant_id=tenant_id)
try:
# Always create a service token with tenant context for secure service-to-service communication
service_token = self.jwt_handler.create_service_token(
service_name="auth",
tenant_id=tenant_id
)
headers = {
"X-Internal-Service": "auth-service",
"Authorization": f"Bearer {service_token}",
"X-Service": "auth-service",
"Content-Type": "application/json"
}
if self.auth_token:
headers["Authorization"] = f"Bearer {self.auth_token}"
async with httpx.AsyncClient(timeout=60.0) as client:
response = await client.delete(endpoint, headers=headers)