bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add improvements

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-12 14:24:14 +01:00
parent 6037faaf8c
commit 230bbe6a19
61 changed files with 1668 additions and 894 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
services/demo_session/app/api/internal.py
View File

@@ -15,21 +15,13 @@ logger = structlog.get_logger()
router = APIRouter()
async def verify_internal_api_key(x_internal_api_key: str = Header(None)):
"""Verify internal API key for service-to-service communication"""
required_key = settings.INTERNAL_API_KEY
if x_internal_api_key != required_key:
logger.warning("Unauthorized internal API access attempted")
raise HTTPException(status_code=403, detail="Invalid internal API key")
return True
# ✅ Security: Internal API key system removed
# All authentication now handled via JWT service tokens at gateway level
@router.post("/internal/demo/cleanup")
async def cleanup_demo_session_internal(
cleanup_request: dict,
db: AsyncSession = Depends(get_db),
redis: DemoRedisWrapper = Depends(get_redis),
_: bool = Depends(verify_internal_api_key)
redis: DemoRedisWrapper = Depends(get_redis)
):
"""
Internal endpoint to cleanup demo session data for a specific tenant

29
services/demo_session/app/services/cleanup_service.py
View File

@@ -14,6 +14,7 @@ import os
from app.models import DemoSession, DemoSessionStatus
from datetime import datetime, timezone, timedelta
from app.core.redis_wrapper import DemoRedisWrapper
from shared.auth.jwt_handler import JWTHandler
logger = structlog.get_logger()
@@ -25,7 +26,11 @@ class DemoCleanupService:
self.db = db
self.redis = redis
from app.core.config import settings
self.internal_api_key = settings.INTERNAL_API_KEY
# ✅ Security: JWT service tokens used for all internal communication
# No longer using internal API keys
# JWT handler for creating service tokens
self.jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)
# Service URLs for cleanup
self.services = [
@@ -155,10 +160,19 @@ class DemoCleanupService:
) -> dict:
"""Delete all data from a single service"""
try:
# Create JWT service token with tenant context
service_token = self.jwt_handler.create_service_token(
service_name="demo-session",
tenant_id=virtual_tenant_id
)
async with httpx.AsyncClient(timeout=30.0) as client:
response = await client.delete(
f"{service_url}/internal/demo/tenant/{virtual_tenant_id}",
headers={"X-Internal-API-Key": self.internal_api_key}
headers={
"Authorization": f"Bearer {service_token}",
"X-Service": "demo-session-service"
}
)
if response.status_code == 200:
@@ -210,10 +224,19 @@ class DemoCleanupService:
async def delete_from_service(service_name: str, service_url: str):
try:
# Create JWT service token with tenant context
service_token = self.jwt_handler.create_service_token(
service_name="demo-session",
tenant_id=tenant_id
)
async with httpx.AsyncClient(timeout=30.0) as client:
response = await client.delete(
f"{service_url}/internal/demo/tenant/{tenant_id}",
headers={"X-Internal-API-Key": self.internal_api_key}
headers={
"Authorization": f"Bearer {service_token}",
"X-Service": "demo-session-service"
}
)
if response.status_code == 200:

30
services/demo_session/app/services/clone_orchestrator.py
View File

@@ -15,6 +15,7 @@ from shared.clients.inventory_client import InventoryServiceClient
from shared.clients.production_client import ProductionServiceClient
from shared.clients.procurement_client import ProcurementServiceClient
from shared.config.base import BaseServiceSettings
from shared.auth.jwt_handler import JWTHandler
logger = structlog.get_logger()
@@ -34,9 +35,13 @@ class CloneOrchestrator:
def __init__(self, redis_manager=None):
from app.core.config import settings
self.internal_api_key = settings.INTERNAL_API_KEY
# ✅ Security: JWT service tokens used for all internal communication
# No longer using internal API keys
self.redis_manager = redis_manager # For real-time progress updates
# JWT handler for creating service tokens
self.jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)
# Shared HTTP client with connection pooling
self._http_client: Optional[httpx.AsyncClient] = None
@@ -501,6 +506,12 @@ class CloneOrchestrator:
demo_account_type=demo_account_type
)
# Create JWT service token with tenant context
service_token = self.jwt_handler.create_service_token(
service_name="demo-session",
tenant_id=virtual_tenant_id
)
response = await client.post(
f"{service.url}/internal/demo/clone",
params={
@@ -510,7 +521,10 @@ class CloneOrchestrator:
"session_id": session_id,
"session_created_at": session_created_at.isoformat()
},
headers={"X-Internal-API-Key": self.internal_api_key},
headers={
"Authorization": f"Bearer {service_token}",
"X-Service": "demo-session-service"
},
timeout=service.timeout
)
@@ -689,6 +703,13 @@ class CloneOrchestrator:
# First, create child tenant via tenant service
tenant_url = os.getenv("TENANT_SERVICE_URL", "http://tenant-service:8000")
client = await self._get_http_client()
# Create JWT service token with parent tenant context
service_token = self.jwt_handler.create_service_token(
service_name="demo-session",
tenant_id=virtual_parent_id
)
response = await client.post(
f"{tenant_url}/internal/demo/create-child",
json={
@@ -699,7 +720,10 @@ class CloneOrchestrator:
"location": location,
"session_id": session_id
},
headers={"X-Internal-API-Key": self.internal_api_key},
headers={
"Authorization": f"Bearer {service_token}",
"X-Service": "demo-session-service"
},
timeout=30.0
)