89 lines
3.9 KiB
Python
89 lines
3.9 KiB
Python
"""Data service routes for API Gateway - Authentication handled by gateway middleware"""
|
|
|
|
from fastapi import APIRouter, Request, Response, HTTPException
|
|
from fastapi.responses import StreamingResponse
|
|
import httpx
|
|
import logging
|
|
|
|
from app.core.config import settings
|
|
|
|
logger = logging.getLogger(__name__)
|
|
router = APIRouter()
|
|
|
|
@router.api_route("/sales/{path:path}", methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"])
|
|
async def proxy_sales(request: Request, path: str):
|
|
"""Proxy sales data requests to data service"""
|
|
return await _proxy_request(request, f"/api/v1/sales/{path}")
|
|
|
|
@router.api_route("/weather/{path:path}", methods=["GET", "POST", "OPTIONS"])
|
|
async def proxy_weather(request: Request, path: str):
|
|
"""Proxy weather requests to data service"""
|
|
return await _proxy_request(request, f"/api/v1/weather/{path}")
|
|
|
|
@router.api_route("/traffic/{path:path}", methods=["GET", "POST", "OPTIONS"])
|
|
async def proxy_traffic(request: Request, path: str):
|
|
"""Proxy traffic requests to data service"""
|
|
return await _proxy_request(request, f"/api/v1/traffic/{path}")
|
|
|
|
async def _proxy_request(request: Request, target_path: str):
|
|
"""Proxy request to data service with user context"""
|
|
|
|
# Handle OPTIONS requests directly for CORS
|
|
if request.method == "OPTIONS":
|
|
return Response(
|
|
status_code=200,
|
|
headers={
|
|
"Access-Control-Allow-Origin": settings.CORS_ORIGINS_LIST,
|
|
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
|
|
"Access-Control-Allow-Headers": "Content-Type, Authorization, X-Tenant-ID",
|
|
"Access-Control-Allow-Credentials": "true",
|
|
"Access-Control-Max-Age": "86400" # Cache preflight for 24 hours
|
|
}
|
|
)
|
|
|
|
try:
|
|
url = f"{settings.DATA_SERVICE_URL}{target_path}"
|
|
|
|
# Forward headers BUT add user context from gateway auth
|
|
headers = dict(request.headers)
|
|
headers.pop("host", None) # Remove host header
|
|
|
|
# ✅ ADD USER CONTEXT FROM GATEWAY AUTHENTICATION
|
|
# Gateway middleware already verified the token and added user to request.state
|
|
if hasattr(request.state, 'user'):
|
|
headers["X-User-ID"] = str(request.state.user.get("user_id"))
|
|
headers["X-User-Email"] = request.state.user.get("email", "")
|
|
headers["X-Tenant-ID"] = str(request.state.user.get("tenant_id"))
|
|
headers["X-User-Roles"] = ",".join(request.state.user.get("roles", []))
|
|
|
|
# Get request body if present
|
|
body = None
|
|
if request.method in ["POST", "PUT", "PATCH"]:
|
|
body = await request.body()
|
|
|
|
async with httpx.AsyncClient(timeout=30.0) as client:
|
|
response = await client.request(
|
|
method=request.method,
|
|
url=url,
|
|
params=request.query_params,
|
|
headers=headers,
|
|
content=body
|
|
)
|
|
|
|
# Return streaming response for large payloads
|
|
if int(response.headers.get("content-length", 0)) > 1024:
|
|
return StreamingResponse(
|
|
iter([response.content]),
|
|
status_code=response.status_code,
|
|
headers=dict(response.headers),
|
|
media_type=response.headers.get("content-type")
|
|
)
|
|
else:
|
|
return response.json() if response.headers.get("content-type", "").startswith("application/json") else response.content
|
|
|
|
except httpx.RequestError as e:
|
|
logger.error("Data service request failed", error=str(e))
|
|
raise HTTPException(status_code=503, detail="Data service unavailable")
|
|
except Exception as e:
|
|
logger.error("Unexpected error in data proxy", error=str(e))
|
|
raise HTTPException(status_code=500, detail="Internal server error") |