Add role-based filtering and imporve code

2025-10-15 16:12:49 +02:00
parent 96ad5c6692
commit 8f9e9a7edc
158 changed files with 11033 additions and 1544 deletions
--- a/services/auth/app/api/users.py
+++ b/services/auth/app/api/users.py
@@ -25,11 +25,15 @@ from shared.auth.decorators import (
    require_admin_role_dep
 )
 from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction

 logger = structlog.get_logger()
 router = APIRouter(tags=["users"])
 route_builder = RouteBuilder('auth')

+# Initialize audit logger
+audit_logger = create_audit_logger("auth-service")
+

@router.get(route_builder.build_base_route("me", include_tenant_prefix=False), response_model=UserResponse)
 async def get_current_user_info(
@@ -184,14 +188,32 @@ async def delete_admin_user(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"Admin user {user_id} not found"
        )
-    
+
+    # Log audit event for user deletion
+    try:
+        # Get tenant_id from current_user or use a placeholder for system-level operations
+        tenant_id_str = current_user.get("tenant_id", "00000000-0000-0000-0000-000000000000")
+        await audit_logger.log_deletion(
+            db_session=db,
+            tenant_id=tenant_id_str,
+            user_id=current_user["user_id"],
+            resource_type="user",
+            resource_id=user_id,
+            resource_data=user_info,
+            description=f"Admin {current_user.get('email', current_user['user_id'])} initiated deletion of user {user_info.get('email', user_id)}",
+            endpoint="/delete/{user_id}",
+            method="DELETE"
+        )
+    except Exception as audit_error:
+        logger.warning("Failed to log audit event", error=str(audit_error))
+
    # Start deletion as background task for better performance
    background_tasks.add_task(
        execute_admin_user_deletion,
        user_id=user_id,
        requesting_user_id=current_user["user_id"]
    )
-    
+
    return {
        "success": True,
        "message": f"Admin user deletion for {user_id} has been initiated",
--- a/services/auth/app/core/security.py
+++ b/services/auth/app/core/security.py
@@ -8,7 +8,7 @@ import re
 import hashlib
 from datetime import datetime, timedelta, timezone
 from typing import Optional, Dict, Any, List
-import redis.asyncio as redis
+from shared.redis_utils import get_redis_client
 from fastapi import HTTPException, status
 import structlog
 from passlib.context import CryptContext
@@ -24,8 +24,7 @@ pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 # Initialize JWT handler with SAME configuration as gateway
 jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)

-# Redis client for session management
-redis_client = redis.from_url(settings.REDIS_URL)
+# Note: Redis client is now accessed via get_redis_client() from shared.redis_utils

 class SecurityManager:
    """Security utilities for authentication - FIXED VERSION"""
--- a/services/auth/app/models/init.py
+++ b/services/auth/app/models/init.py
@@ -3,6 +3,13 @@
 Models export for auth service
 """

+# Import AuditLog model for this service
+from shared.security import create_audit_log_model
+from shared.database.base import Base
+
+# Create audit log model for this service
+AuditLog = create_audit_log_model(Base)
+
 from .users import User
 from .tokens import RefreshToken, LoginAttempt
 from .onboarding import UserOnboardingProgress, UserOnboardingSummary
@@ -13,4 +20,5 @@ __all__ = [
    'LoginAttempt',
    'UserOnboardingProgress',
    'UserOnboardingSummary',
+    "AuditLog",
 ]