From fdacbee52fee002db6a2d3ae7f868fcd90e55693 Mon Sep 17 00:00:00 2001 From: Urtzi Alfaro Date: Sat, 2 Aug 2025 21:56:25 +0200 Subject: [PATCH] Fix user delete flow 6 --- gateway/app/main.py | 18 ++++++++++++------ gateway/app/middleware/auth.py | 5 ++++- shared/auth/tenant_access.py | 26 +++++++++----------------- 3 files changed, 25 insertions(+), 24 deletions(-) diff --git a/gateway/app/main.py b/gateway/app/main.py index 0dffc29a..5a86120a 100644 --- a/gateway/app/main.py +++ b/gateway/app/main.py @@ -66,20 +66,26 @@ async def startup_event(): """Application startup""" logger.info("Starting API Gateway") - # Start metrics server + metrics_collector.register_counter( "gateway_auth_requests_total", - "Total authentication requests through gateway" + "Total authentication requests" ) metrics_collector.register_counter( "gateway_auth_responses_total", - "Total authentication responses through gateway" + "Total authentication responses" ) - metrics_collector.register_histogram( - "gateway_request_duration_seconds", - "Gateway request duration" + metrics_collector.register_counter( + "gateway_auth_errors_total", + "Total authentication errors" ) + metrics_collector.register_histogram( + "gateway_request_duration_seconds", + "Request duration in seconds" + ) + + logger.info("Metrics registered successfully") metrics_collector.start_metrics_server(8080) diff --git a/gateway/app/middleware/auth.py b/gateway/app/middleware/auth.py index 7c297b96..d67f7319 100644 --- a/gateway/app/middleware/auth.py +++ b/gateway/app/middleware/auth.py @@ -203,9 +203,12 @@ class AuthMiddleware(BaseHTTPMiddleware): } if payload.get("service"): - base_context["service"] = payload["service"] + service_name = payload["service"] + base_context["service"] = service_name base_context["type"] = "service" base_context["role"] = "service" + base_context["user_id"] = f"{service_name}-service" + base_context["email"] = f"{service_name}-service@internal" logger.debug(f"Service authentication: {payload['service']}") return base_context diff --git a/shared/auth/tenant_access.py b/shared/auth/tenant_access.py index 972d40db..3ee973de 100644 --- a/shared/auth/tenant_access.py +++ b/shared/auth/tenant_access.py @@ -6,6 +6,7 @@ Tenant access control utilities for microservices Provides both gateway-level and service-level tenant access verification """ +import re from typing import Dict, Any, Optional import httpx import structlog @@ -306,24 +307,15 @@ async def verify_tenant_permission_dep( def extract_tenant_id_from_path(path: str) -> Optional[str]: """ - Extract tenant_id from URL path like /api/v1/tenants/{tenant_id}/... - BUT NOT from tenant management endpoints like /api/v1/tenants/register + More robust tenant ID extraction using regex pattern matching + Only matches actual tenant-scoped paths with UUID format """ - path_parts = path.split("/") - if "tenants" in path_parts: - try: - tenant_index = path_parts.index("tenants") - if tenant_index + 1 < len(path_parts): - potential_tenant_id = path_parts[tenant_index + 1] - - # ✅ EXCLUDE tenant management endpoints - if potential_tenant_id in ["register", "list"]: - return None - - return potential_tenant_id - except (ValueError, IndexError): - pass - return None + # Pattern for tenant-scoped paths: /api/v1/tenants/{uuid}/... + tenant_pattern = r'/api/v1/tenants/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/.*' + + match = re.match(tenant_pattern, path, re.IGNORECASE) + if match: + return match.group(1) def is_tenant_scoped_path(path: str) -> bool: """