Add improvements 2

2026-01-12 22:15:11 +01:00
parent 230bbe6a19
commit b931a5c45e
40 changed files with 1820 additions and 887 deletions
--- a/services/procurement/app/api/internal_delivery_tracking.py
+++ b/services/procurement/app/api/internal_delivery_tracking.py
@@ -29,7 +29,7 @@ async def trigger_delivery_tracking(
    This endpoint is called by the demo session cloning process after POs are seeded
    to generate realistic delivery alerts (arriving soon, overdue, etc.).

-    Security: Protected by X-Internal-Service header check.
+    Security: Protected by x-internal-service header check.

    Args:
        tenant_id: Tenant UUID to check deliveries for
@@ -49,7 +49,7 @@ async def trigger_delivery_tracking(
    """
    try:
        # Verify internal service header
-        if not request or request.headers.get("X-Internal-Service") not in ["demo-session", "internal"]:
+        if not request or request.headers.get("x-internal-service") not in ["demo-session", "internal"]:
            logger.warning("Unauthorized internal API call", tenant_id=str(tenant_id))
            raise HTTPException(
                status_code=403,
--- a/services/procurement/app/api/ml_insights.py
+++ b/services/procurement/app/api/ml_insights.py
@@ -566,7 +566,7 @@ async def generate_price_insights_internal(
    This endpoint is called by the demo-session service after cloning data.
    It uses the same ML logic as the public endpoint but with optimized defaults.

-    Security: Protected by X-Internal-Service header check.
+    Security: Protected by x-internal-service header check.

    Args:
        tenant_id: The tenant UUID
@@ -581,7 +581,7 @@ async def generate_price_insights_internal(
        }
    """
    # Verify internal service header
-    if not request or request.headers.get("X-Internal-Service") not in ["demo-session", "internal"]:
+    if not request or request.headers.get("x-internal-service") not in ["demo-session", "internal"]:
        logger.warning("Unauthorized internal API call", tenant_id=tenant_id)
        raise HTTPException(
            status_code=403,
--- a/services/procurement/app/core/dependencies.py
+++ b/services/procurement/app/core/dependencies.py
@@ -1,42 +1,45 @@
 """
 FastAPI Dependencies for Procurement Service
+Uses shared authentication infrastructure with UUID validation
 """

-from fastapi import Header, HTTPException, status
+from fastapi import Depends, HTTPException, status
 from uuid import UUID
 from typing import Optional
 from sqlalchemy.ext.asyncio import AsyncSession

 from .database import get_db
+from shared.auth.decorators import get_current_tenant_id_dep


 async def get_current_tenant_id(
-    x_tenant_id: Optional[str] = Header(None, alias="X-Tenant-ID")
+    tenant_id: Optional[str] = Depends(get_current_tenant_id_dep)
 ) -> UUID:
    """
-    Extract and validate tenant ID from request header.
+    Extract and validate tenant ID from request using shared infrastructure.
+    Adds UUID validation to ensure tenant ID format is correct.

    Args:
-        x_tenant_id: Tenant ID from X-Tenant-ID header
+        tenant_id: Tenant ID from shared dependency

    Returns:
        UUID: Validated tenant ID

    Raises:
-        HTTPException: If tenant ID is missing or invalid
+        HTTPException: If tenant ID is missing or invalid UUID format
    """
-    if not x_tenant_id:
+    if not tenant_id:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="X-Tenant-ID header is required"
+            detail="x-tenant-id header is required"
        )

    try:
-        return UUID(x_tenant_id)
+        return UUID(tenant_id)
    except (ValueError, AttributeError):
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
-            detail=f"Invalid tenant ID format: {x_tenant_id}"
+            detail=f"Invalid tenant ID format: {tenant_id}"
        )