from datetime import datetime
from fastapi import APIRouter, HTTPException, Depends, Header, Query, Request, UploadFile, File
from fastapi.responses import RedirectResponse as redirect
from sqlalchemy.orm import Session
from app.config import settings
from app.db import models
from typing import Optional, Annotated
import logging
import os
import httpx
import jwt
import urllib.parse
# Correctly import from your application's schemas and dependencies
from app.api.dependencies import ServiceContainer, get_db
from app.api import schemas
from app.core.services.user import login_required, verify_password, hash_password
from app.core.grpc.utils.crypto import encrypt_value, decrypt_value
# Setup logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
# --- Derived OIDC Configuration Helpers ---
def get_oidc_urls():
server_url = settings.OIDC_SERVER_URL.rstrip("/")
return {
"auth": f"{server_url}/auth",
"token": f"{server_url}/token",
"userinfo": f"{server_url}/userinfo"
}
# A dependency to simulate getting the current user ID from a request header
def get_current_user_id(x_user_id: Annotated[Optional[str], Header()] = None) -> Optional[str]:
"""
Retrieves the user ID from the X-User-ID header.
This simulates an authentication system and is used by the login_required decorator.
"""
return x_user_id or "anonymous"
def create_users_router(services: ServiceContainer) -> APIRouter:
router = APIRouter(prefix="/users", tags=["Users"])
@router.get("/login", summary="Initiate OIDC Login Flow")
async def login_redirect(
request: Request,
frontend_callback_uri: Optional[str] = Query(None, description="The frontend URI to redirect back to after OIDC provider.")
):
"""
Initiates the OIDC authentication flow.
"""
auth_url = await services.auth_service.generate_login_url(frontend_callback_uri)
return redirect(url=auth_url)
@router.get("/login/callback", summary="Handle OIDC Login Callback")
async def login_callback(
request: Request,
code: str = Query(..., description="Authorization code from OIDC provider"),
state: str = Query(..., description="The original frontend redirect URI"),
db: Session = Depends(get_db)
):
"""
Handles the callback from the OIDC provider.
"""
result = await services.auth_service.handle_callback(code, db)
user_id = result["user_id"]
linked = result.get("linked", False)
# SECURITY: Prevent Open Redirect - Validate 'state' is a safe URL
# Ideally this matches settings.FRONTEND_URL or a whitelist.
safe_url = state
parsed_url = urllib.parse.urlparse(state)
if parsed_url.netloc:
# Absolute URL, verify domain
allowed_domains = ["ai.jerxie.com", "localhost", "127.0.0.1"]
api_domain = urllib.parse.urlparse(str(request.base_url)).netloc
allowed_domains.append(api_domain)
if parsed_url.netloc not in allowed_domains:
logger.warning(f"Prevented potentially malicious open redirect to: {state}")
safe_url = "/dashboard"
frontend_redirect_url = f"{safe_url}?user_id={user_id}"
if linked:
frontend_redirect_url += "&linked=true"
return redirect(url=frontend_redirect_url)
@router.get("/me", response_model=schemas.UserStatus, summary="Get Current User Status")
async def get_current_status(
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""
Checks the login status of the current user.
Requires a valid user_id to be present in the request header.
"""
try:
user : Optional[models.User] = services.user_service.get_user_by_id(db=db, user_id=user_id)
if user and not user.password_hash and not settings.OIDC_ENABLED:
raise HTTPException(status_code=403, detail="Account disabled: OIDC is inactive and no password is set.")
email = user.email if user else None
is_anonymous = user is None
is_logged_in = user is not None
return schemas.UserStatus(
id=user_id,
email=email,
is_logged_in=is_logged_in,
is_anonymous=is_anonymous,
oidc_configured=settings.OIDC_ENABLED,
allow_password_login=settings.ALLOW_PASSWORD_LOGIN
)
except HTTPException as he:
raise he
except Exception as e:
raise HTTPException(status_code=500, detail=f"An error occurred: {e}")
@router.post("/login/local", summary="Local Authentication Fallback")
async def login_local(
request: schemas.LocalLoginRequest,
db: Session = Depends(get_db)
):
"""Day 1: Local Username/Password Login."""
if not settings.ALLOW_PASSWORD_LOGIN:
raise HTTPException(status_code=403, detail="Password-based login is disabled. Please use OIDC/SSO.")
user = db.query(models.User).filter(models.User.email == request.email).first()
if not user or not user.password_hash:
raise HTTPException(status_code=401, detail="Invalid email or password")
if not verify_password(request.password, user.password_hash):
raise HTTPException(status_code=401, detail="Invalid email or password")
user.last_login_at = datetime.utcnow()
db.commit()
# In a real environment we would return a JWT here, but existing frontend
# relies on user_id extraction. Returns payload matching callback spec.
return {"user_id": user.id, "email": user.email, "role": user.role}
@router.put("/password", summary="Update User Password")
async def update_password(
request: schemas.PasswordUpdateRequest,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user:
raise HTTPException(status_code=404, detail="User not found")
if user.password_hash and not verify_password(request.current_password, user.password_hash):
raise HTTPException(status_code=400, detail="Invalid current password")
user.password_hash = hash_password(request.new_password)
db.commit()
return {"status": "success", "message": "Password updated successfully"}
@router.get("/me/profile", response_model=schemas.UserProfile, summary="Get Current User Profile")
async def get_user_profile(
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Retrieves profile information for the current user."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user:
raise HTTPException(status_code=404, detail="User not found")
response = schemas.UserProfile.model_validate(user)
if user.group:
response.group_name = user.group.name
return response
@router.put("/me/profile", response_model=schemas.UserProfile, summary="Update User Profile")
async def update_user_profile(
profile_data: schemas.UserProfileUpdate,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Updates profile details for the current user."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user:
raise HTTPException(status_code=404, detail="User not found")
if profile_data.username: user.username = profile_data.username
if profile_data.full_name: user.full_name = profile_data.full_name
if profile_data.avatar_url: user.avatar_url = profile_data.avatar_url
db.add(user)
db.commit()
db.refresh(user)
response = schemas.UserProfile.model_validate(user)
if user.group:
response.group_name = user.group.name
return response
@router.get("/me/config", response_model=schemas.ConfigResponse, summary="Get Current User Preferences")
async def get_user_config(
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Gets user specific preferences (LLM, TTS, STT config overrides)."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user:
raise HTTPException(status_code=404, detail="User not found")
return services.preference_service.merge_user_config(user, db)
@router.put("/me/config", response_model=schemas.UserPreferences, summary="Update Current User Preferences")
async def update_user_config(
prefs: schemas.UserPreferences,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Updates user specific preferences."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user:
raise HTTPException(status_code=404, detail="User not found")
return services.preference_service.update_user_config(user, prefs, db)
@router.get("/me/config/models", response_model=list[schemas.ModelInfoResponse], summary="Get Models for Provider")
async def get_provider_models(provider_name: str, section: str = "llm"):
return await services.preference_service.get_provider_models(provider_name, section)
@router.get("/me/config/providers", response_model=list[str], summary="Get All Valid Providers per Section")
async def get_all_providers(
section: str = "llm",
configured_only: bool = Query(False, description="If true, only returns providers currently configured in preferences or system defaults"),
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
return services.preference_service.get_all_providers(db, user, section, configured_only)
@router.post("/me/config/verify_llm", response_model=schemas.VerifyProviderResponse)
async def verify_llm(
req: schemas.VerifyProviderRequest,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user: raise HTTPException(status_code=404, detail="User not found")
return await services.preference_service.verify_provider(db, user, req, "llm")
@router.post("/me/config/verify_tts", response_model=schemas.VerifyProviderResponse)
async def verify_tts(
req: schemas.VerifyProviderRequest,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user: raise HTTPException(status_code=404, detail="User not found")
return await services.preference_service.verify_provider(db, user, req, "tts")
@router.post("/me/config/verify_stt", response_model=schemas.VerifyProviderResponse)
async def verify_stt(
req: schemas.VerifyProviderRequest,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user: raise HTTPException(status_code=404, detail="User not found")
return await services.preference_service.verify_provider(db, user, req, "stt")
@router.post("/logout", summary="Log Out the Current User")
async def logout():
"""
Simulates a user logout. In a real application, this would clear the session token or cookie.
"""
return {"message": "Logged out successfully"}
@router.get("/me/config/export", summary="Export Configurations to YAML")
async def export_user_config_yaml(
reveal_secrets: bool = Query(False, description="Reveal secrets in export"),
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Exports the effective user configuration as a YAML file (Admin only)."""
from fastapi.responses import PlainTextResponse
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
yaml_str = services.preference_service.export_config_yaml(user, reveal_secrets)
return PlainTextResponse(content=yaml_str, media_type="application/x-yaml",
headers={"Content-Disposition": "attachment; filename=\"cortex_config.yaml\""})
@router.post("/me/config/import", response_model=schemas.UserPreferences, summary="Import Configurations from YAML")
async def import_user_config_yaml(
file: UploadFile = File(...),
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Imports user configuration from a YAML file."""
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user: raise HTTPException(status_code=404, detail="User not found")
content = await file.read()
return await services.preference_service.import_config_yaml(db, user, content)
# --- NEW ADMIN ROUTES ---
@router.get("/admin/users", response_model=list[schemas.UserProfile], summary="List All Users (Admin Only)")
async def admin_list_users(
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Returns a list of all registered users in the system."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
users = services.user_service.get_all_users(db)
response = []
for u in users:
p = schemas.UserProfile.model_validate(u)
if u.group:
p.group_name = u.group.name
response.append(p)
return response
@router.put("/admin/users/{uid}/role", response_model=schemas.UserProfile, summary="Update User Role (Admin Only)")
async def admin_update_role(
uid: str,
role_req: schemas.UserRoleUpdate,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Updates a user's role. Prevents demoting the last administrator."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
success = services.user_service.update_user_role(db, uid, role_req.role)
if not success:
raise HTTPException(status_code=400, detail="Failed to update role. Maybe this is the last admin?")
return services.user_service.get_user_by_id(db, uid)
@router.put("/admin/users/{uid}/group", response_model=schemas.UserProfile, summary="Update User Group (Admin Only)")
async def admin_update_user_group(
uid: str,
group_req: schemas.UserGroupUpdate,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Assigns a user to a group."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
success = services.user_service.assign_user_to_group(db, uid, group_req.group_id)
if not success:
raise HTTPException(status_code=404, detail="User or group not found")
return services.user_service.get_user_by_id(db, uid)
@router.get("/admin/groups", response_model=list[schemas.GroupInfo], summary="List All Groups (Admin Only)")
async def admin_list_groups(
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Returns all existing groups."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
# Explicitly convert to Pydantic models within the session scope
# to prevent SQLAlchemy lazy-loading issues in async context.
groups = services.user_service.get_all_groups(db)
return [schemas.GroupInfo.model_validate(g) for g in groups]
@router.post("/admin/groups", response_model=schemas.GroupInfo, summary="Create Group (Admin Only)")
async def admin_create_group(
group_req: schemas.GroupCreate,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Creates a new group."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
group = services.user_service.create_group(db, group_req.name, group_req.description, group_req.policy)
if group is None:
raise HTTPException(status_code=409, detail=f"A group named '{group_req.name}' already exists. Please choose a unique name.")
return schemas.GroupInfo.model_validate(group)
@router.put("/admin/groups/{gid}", response_model=schemas.GroupInfo, summary="Update Group (Admin Only)")
async def admin_update_group(
gid: str,
group_req: schemas.GroupUpdate,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Updates a group's metadata or policy."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
# The 'ungrouped' group cannot be renamed — only its policy can be updated
if gid == "ungrouped" and group_req.name and group_req.name.strip().lower() != "ungrouped":
raise HTTPException(status_code=403, detail="The default 'Ungrouped' group cannot be renamed.")
group = services.user_service.update_group(db, gid, group_req.name, group_req.description, group_req.policy)
if group is None:
raise HTTPException(status_code=404, detail="Group not found")
if group is False:
raise HTTPException(status_code=409, detail=f"A group named '{group_req.name}' already exists. Please choose a unique name.")
return schemas.GroupInfo.model_validate(group)
@router.delete("/admin/groups/{gid}", summary="Delete Group (Admin Only)")
async def admin_delete_group(
gid: str,
db: Session = Depends(get_db),
user_id: str = Depends(get_current_user_id)
):
"""Deletes a group. Users are moved back to 'ungrouped'."""
if not user_id:
raise HTTPException(status_code=401, detail="Unauthorized")
user = services.user_service.get_user_by_id(db=db, user_id=user_id)
if not user or user.role != "admin":
raise HTTPException(status_code=403, detail="Forbidden: Admin only")
# Cannot delete the system default group
if gid == "ungrouped":
raise HTTPException(status_code=403, detail="The default 'Ungrouped' group cannot be deleted.")
success = services.user_service.delete_group(db, gid)
if not success:
raise HTTPException(status_code=400, detail="Failed to delete group.")
return {"message": "Group deleted successfully"}
return router
