bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix user delete flow 6

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-08-02 21:56:25 +02:00
parent 63151c9bd4
commit fdacbee52f
3 changed files with 25 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
gateway/app/main.py
View File

@@ -66,20 +66,26 @@ async def startup_event():
"""Application startup""" """Application startup"""
logger.info("Starting API Gateway") logger.info("Starting API Gateway")
# Start metrics server
metrics_collector.register_counter( metrics_collector.register_counter(
"gateway_auth_requests_total", "gateway_auth_requests_total",
"Total authentication requests through gateway" "Total authentication requests"
) )
metrics_collector.register_counter( metrics_collector.register_counter(
"gateway_auth_responses_total", "gateway_auth_responses_total",
"Total authentication responses through gateway" "Total authentication responses"
) )
metrics_collector.register_histogram( metrics_collector.register_counter(
"gateway_request_duration_seconds", "gateway_auth_errors_total",
"Gateway request duration" "Total authentication errors"
) )
metrics_collector.register_histogram(
"gateway_request_duration_seconds",
"Request duration in seconds"
)
logger.info("Metrics registered successfully")
metrics_collector.start_metrics_server(8080) metrics_collector.start_metrics_server(8080)

5
gateway/app/middleware/auth.py
View File

@@ -203,9 +203,12 @@ class AuthMiddleware(BaseHTTPMiddleware):
} }
if payload.get("service"): if payload.get("service"):
base_context["service"] = payload["service"] service_name = payload["service"]
base_context["service"] = service_name
base_context["type"] = "service" base_context["type"] = "service"
base_context["role"] = "service" base_context["role"] = "service"
base_context["user_id"] = f"{service_name}-service"
base_context["email"] = f"{service_name}-service@internal"
logger.debug(f"Service authentication: {payload['service']}") logger.debug(f"Service authentication: {payload['service']}")
return base_context return base_context

24
shared/auth/tenant_access.py
View File

@@ -6,6 +6,7 @@ Tenant access control utilities for microservices
Provides both gateway-level and service-level tenant access verification Provides both gateway-level and service-level tenant access verification
""" """
import re
from typing import Dict, Any, Optional from typing import Dict, Any, Optional
import httpx import httpx
import structlog import structlog
@@ -306,24 +307,15 @@ async def verify_tenant_permission_dep(
def extract_tenant_id_from_path(path: str) -> Optional[str]: def extract_tenant_id_from_path(path: str) -> Optional[str]:
""" """
Extract tenant_id from URL path like /api/v1/tenants/{tenant_id}/... More robust tenant ID extraction using regex pattern matching
BUT NOT from tenant management endpoints like /api/v1/tenants/register Only matches actual tenant-scoped paths with UUID format
""" """
path_parts = path.split("/") # Pattern for tenant-scoped paths: /api/v1/tenants/{uuid}/...
if "tenants" in path_parts: tenant_pattern = r'/api/v1/tenants/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/.*'
try:
tenant_index = path_parts.index("tenants")
if tenant_index + 1 < len(path_parts):
potential_tenant_id = path_parts[tenant_index + 1]
# ✅ EXCLUDE tenant management endpoints match = re.match(tenant_pattern, path, re.IGNORECASE)
if potential_tenant_id in ["register", "list"]: if match:
return None return match.group(1)
return potential_tenant_id
except (ValueError, IndexError):
pass
return None
def is_tenant_scoped_path(path: str) -> bool: def is_tenant_scoped_path(path: str) -> bool:
""" """