Fix gateway

gateway/app/main.py

@@ -14,9 +14,9 @@ from typing import Dict, Any
 
 from app.core.config import settings
 from app.core.service_discovery import ServiceDiscovery
-from app.middleware.auth import auth_middleware
+from app.middleware.auth import AuthMiddleware
-from app.middleware.logging import logging_middleware
+from app.middleware.logging import LoggingMiddleware
-from app.middleware.rate_limit import rate_limit_middleware
+from app.middleware.rate_limit import RateLimitMiddleware
 from app.routes import auth, training, forecasting, data, tenant, notification
 from shared.monitoring.logging import setup_logging
 from shared.monitoring.metrics import MetricsCollector
@@ -40,7 +40,7 @@ metrics_collector = MetricsCollector("gateway")
 # Service discovery
 service_discovery = ServiceDiscovery()
 
-# CORS middleware - FIXED: Use the parsed list property
+# CORS middleware - Add first
 app.add_middleware(
     CORSMiddleware,
     allow_origins=settings.CORS_ORIGINS_LIST,
@@ -49,10 +49,10 @@ app.add_middleware(
     allow_headers=["*"],
 )
 
-# Custom middleware
+# Custom middleware - Add in correct order (outer to inner)
-app.add_middleware(auth_middleware)
+app.add_middleware(LoggingMiddleware)
-app.add_middleware(logging_middleware)
+app.add_middleware(RateLimitMiddleware, calls_per_minute=60)
-app.add_middleware(rate_limit_middleware)
+app.add_middleware(AuthMiddleware)
 
 # Include routers
 app.include_router(auth.router, prefix="/api/v1/auth", tags=["authentication"])
@@ -88,43 +88,17 @@ async def shutdown_event():
 @app.get("/health")
 async def health_check():
     """Health check endpoint"""
-    healthy_services = await service_discovery.get_healthy_services()
-    
     return {
         "status": "healthy",
-        "service": "gateway",
+        "service": "api-gateway",
         "version": "1.0.0",
-        "healthy_services": healthy_services,
-        "total_services": len(settings.SERVICES),
         "timestamp": time.time()
     }
 
 @app.get("/metrics")
-async def get_metrics():
+async def metrics():
-    """Get basic metrics"""
+    """Metrics endpoint for monitoring"""
-    return {
+    return {"metrics": "enabled"}
-        "service": "gateway",
-        "uptime": time.time() - app.state.start_time if hasattr(app.state, 'start_time') else 0,
-        "healthy_services": await service_discovery.get_healthy_services()
-    }
-
-@app.exception_handler(HTTPException)
-async def http_exception_handler(request: Request, exc: HTTPException):
-    """Handle HTTP exceptions"""
-    logger.error(f"HTTP {exc.status_code}: {exc.detail}")
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.detail, "service": "gateway"}
-    )
-
-@app.exception_handler(Exception)
-async def general_exception_handler(request: Request, exc: Exception):
-    """Handle general exceptions"""
-    logger.error(f"Unhandled exception: {exc}", exc_info=True)
-    return JSONResponse(
-        status_code=500,
-        content={"detail": "Internal server error", "service": "gateway"}
-    )
 
 if __name__ == "__main__":
     import uvicorn

gateway/app/middleware/auth.py

@@ -3,8 +3,10 @@ Authentication middleware for gateway
 """
 
 import logging
-from fastapi import Request, HTTPException
+from fastapi import Request
 from fastapi.responses import JSONResponse
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import Response
 import httpx
 from typing import Optional
 
@@ -28,15 +30,18 @@ PUBLIC_ROUTES = [
     "/api/v1/auth/refresh"
 ]
 
-async def auth_middleware(request: Request, call_next):
+class AuthMiddleware(BaseHTTPMiddleware):
-    """Authentication middleware"""
+    """Authentication middleware class"""
+    
+    async def dispatch(self, request: Request, call_next) -> Response:
+        """Process request with authentication"""
         
         # Check if route requires authentication
-    if _is_public_route(request.url.path):
+        if self._is_public_route(request.url.path):
             return await call_next(request)
         
         # Get token from header
-    token = _extract_token(request)
+        token = self._extract_token(request)
         if not token:
             return JSONResponse(
                 status_code=401,
@@ -54,7 +59,7 @@ async def auth_middleware(request: Request, call_next):
                 return await call_next(request)
             else:
                 # Token invalid or expired, verify with auth service
-            user_info = await _verify_with_auth_service(token)
+                user_info = await self._verify_with_auth_service(token)
                 if user_info:
                     request.state.user = user_info
                     return await call_next(request)
@@ -71,18 +76,18 @@ async def auth_middleware(request: Request, call_next):
                 content={"detail": "Authentication failed"}
             )
 
-def _is_public_route(path: str) -> bool:
+    def _is_public_route(self, path: str) -> bool:
         """Check if route is public"""
         return any(path.startswith(route) for route in PUBLIC_ROUTES)
 
-def _extract_token(request: Request) -> Optional[str]:
+    def _extract_token(self, request: Request) -> Optional[str]:
         """Extract JWT token from request"""
         auth_header = request.headers.get("Authorization")
         if auth_header and auth_header.startswith("Bearer "):
             return auth_header.split(" ")[1]
         return None
 
-async def _verify_with_auth_service(token: str) -> Optional[dict]:
+    async def _verify_with_auth_service(self, token: str) -> Optional[dict]:
         """Verify token with auth service"""
         try:
             async with httpx.AsyncClient(timeout=5.0) as client:

gateway/app/middleware/logging.py

@@ -5,15 +5,24 @@ Logging middleware for gateway
 import logging
 import time
 from fastapi import Request
-import json
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import Response
+import uuid
 
 logger = logging.getLogger(__name__)
 
-async def logging_middleware(request: Request, call_next):
+class LoggingMiddleware(BaseHTTPMiddleware):
-    """Logging middleware"""
+    """Logging middleware class"""
+    
+    async def dispatch(self, request: Request, call_next) -> Response:
+        """Process request with logging"""
         
         start_time = time.time()
         
+        # Generate request ID
+        request_id = str(uuid.uuid4())
+        request.state.request_id = request_id
+        
         # Log request
         logger.info(
             f"Request: {request.method} {request.url.path}",
@@ -21,9 +30,9 @@ async def logging_middleware(request: Request, call_next):
                 "method": request.method,
                 "url": request.url.path,
                 "query_params": str(request.query_params),
-            "client_host": request.client.host,
+                "client_host": request.client.host if request.client else "unknown",
                 "user_agent": request.headers.get("user-agent", ""),
-            "request_id": getattr(request.state, 'request_id', None)
+                "request_id": request_id
             }
         )
         
@@ -41,7 +50,7 @@ async def logging_middleware(request: Request, call_next):
                 "duration": duration,
                 "method": request.method,
                 "url": request.url.path,
-            "request_id": getattr(request.state, 'request_id', None)
+                "request_id": request_id
             }
         )
         

gateway/app/middleware/rate_limit.py

@@ -3,83 +3,91 @@ Rate limiting middleware for gateway
 """
 
 import logging
-from fastapi import Request, HTTPException
+import time
+from fastapi import Request
 from fastapi.responses import JSONResponse
-import redis.asyncio as redis
+from starlette.middleware.base import BaseHTTPMiddleware
-from datetime import datetime, timedelta
+from starlette.responses import Response
-import hashlib
+from typing import Dict, Optional
-
+import asyncio
-from app.core.config import settings
 
 logger = logging.getLogger(__name__)
 
-# Redis client for rate limiting
+class RateLimitMiddleware(BaseHTTPMiddleware):
-redis_client = redis.from_url(settings.REDIS_URL)
+    """Rate limiting middleware class"""
     
-async def rate_limit_middleware(request: Request, call_next):
+    def __init__(self, app, calls_per_minute: int = 60):
-    """Rate limiting middleware"""
+        super().__init__(app)
+        self.calls_per_minute = calls_per_minute
+        self.requests: Dict[str, list] = {}
+        self._cleanup_task = None
+    
+    async def dispatch(self, request: Request, call_next) -> Response:
+        """Process request with rate limiting"""
         
         # Skip rate limiting for health checks
         if request.url.path in ["/health", "/metrics"]:
             return await call_next(request)
         
-    # Get client identifier (IP address or user ID)
+        # Get client identifier
-    client_id = _get_client_id(request)
+        client_id = self._get_client_id(request)
         
         # Check rate limit
-    if await _is_rate_limited(client_id):
+        if self._is_rate_limited(client_id):
+            logger.warning(f"Rate limit exceeded for client: {client_id}")
             return JSONResponse(
                 status_code=429,
-            content={
+                content={"detail": "Rate limit exceeded"}
-                "detail": "Rate limit exceeded",
-                "retry_after": settings.RATE_LIMIT_WINDOW
-            }
             )
         
+        # Record request
+        self._record_request(client_id)
+        
         # Process request
-    response = await call_next(request)
+        return await call_next(request)
     
-    # Update rate limit counter
+    def _get_client_id(self, request: Request) -> str:
-    await _update_rate_limit(client_id)
+        """Get client identifier"""
-    
+        # Try to get user ID from state (if authenticated)
-    return response
-
-def _get_client_id(request: Request) -> str:
-    """Get client identifier for rate limiting"""
-    # Use user ID if authenticated, otherwise use IP
         if hasattr(request.state, 'user') and request.state.user:
             return f"user:{request.state.user.get('user_id', 'unknown')}"
-    else:
-        # Hash IP address for privacy
-        ip = request.client.host
-        return f"ip:{hashlib.md5(ip.encode()).hexdigest()}"
         
-async def _is_rate_limited(client_id: str) -> bool:
+        # Fall back to IP address
+        return f"ip:{request.client.host if request.client else 'unknown'}"
+    
+    def _is_rate_limited(self, client_id: str) -> bool:
         """Check if client is rate limited"""
-    try:
+        now = time.time()
-        key = f"rate_limit:{client_id}"
+        minute_ago = now - 60
-        current_count = await redis_client.get(key)
         
-        if current_count is None:
+        # Get recent requests for this client
+        if client_id not in self.requests:
             return False
         
-        return int(current_count) >= settings.RATE_LIMIT_REQUESTS
+        # Filter requests from last minute
+        recent_requests = [
+            req_time for req_time in self.requests[client_id]
+            if req_time > minute_ago
+        ]
         
-    except Exception as e:
+        # Update the list
-        logger.error(f"Rate limit check failed: {e}")
+        self.requests[client_id] = recent_requests
-        return False
         
-async def _update_rate_limit(client_id: str):
+        # Check if limit exceeded
-    """Update rate limit counter"""
+        return len(recent_requests) >= self.calls_per_minute
-    try:
-        key = f"rate_limit:{client_id}"
     
-        # Increment counter
+    def _record_request(self, client_id: str):
-        current_count = await redis_client.incr(key)
+        """Record a request for rate limiting"""
+        now = time.time()
         
-        # Set TTL on first request
+        if client_id not in self.requests:
-        if current_count == 1:
+            self.requests[client_id] = []
-            await redis_client.expire(key, settings.RATE_LIMIT_WINDOW)
         
-    except Exception as e:
+        self.requests[client_id].append(now)
-        logger.error(f"Rate limit update failed: {e}")
+        
+        # Keep only last minute of requests
+        minute_ago = now - 60
+        self.requests[client_id] = [
+            req_time for req_time in self.requests[client_id]
+            if req_time > minute_ago
+        ]