lucasacchi/mockupAWS
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

release: v1.0.0 - Production Ready
Some checks failed
CI/CD - Build & Test / Backend Tests (push) Has been cancelled
Details
CI/CD - Build & Test / Frontend Tests (push) Has been cancelled
Details
CI/CD - Build & Test / Security Scans (push) Has been cancelled
Details
CI/CD - Build & Test / Docker Build Test (push) Has been cancelled
Details
CI/CD - Build & Test / Terraform Validate (push) Has been cancelled
Details
Deploy to Production / Build & Test (push) Has been cancelled
Details
Deploy to Production / Security Scan (push) Has been cancelled
Details
Deploy to Production / Build Docker Images (push) Has been cancelled
Details
Deploy to Production / Deploy to Staging (push) Has been cancelled
Details
Deploy to Production / E2E Tests (push) Has been cancelled
Details
Deploy to Production / Deploy to Production (push) Has been cancelled
Details
E2E Tests / Run E2E Tests (push) Has been cancelled
Details
E2E Tests / Visual Regression Tests (push) Has been cancelled
Details
E2E Tests / Smoke Tests (push) Has been cancelled
Details

Browse Source 
Complete production-ready release with all v1.0.0 features:

Architecture & Planning (@spec-architect):
- Production architecture design with scalability and HA
- Security audit plan and compliance review
- Technical debt assessment and refactoring roadmap

Database (@db-engineer):
- 17 performance indexes and 3 materialized views
- PgBouncer connection pooling
- Automated backup/restore with PITR (RTO<1h, RPO<5min)
- Data archiving strategy (~65% storage savings)

Backend (@backend-dev):
- Redis caching layer with 3-tier strategy
- Celery async jobs with Flower monitoring
- API v2 with rate limiting (tiered: free/premium/enterprise)
- Prometheus metrics and OpenTelemetry tracing
- Security hardening (headers, audit logging)

Frontend (@frontend-dev):
- Bundle optimization: 308KB (code splitting, lazy loading)
- Onboarding tutorial (react-joyride)
- Command palette (Cmd+K) and keyboard shortcuts
- Analytics dashboard with cost predictions
- i18n (English + Italian) and WCAG 2.1 AA compliance

DevOps (@devops-engineer):
- Complete deployment guide (Docker, K8s, AWS ECS)
- Terraform AWS infrastructure (Multi-AZ RDS, ElastiCache, ECS)
- CI/CD pipelines with blue-green deployment
- Prometheus + Grafana monitoring with 15+ alert rules
- SLA definition and incident response procedures

QA (@qa-engineer):
- 153+ E2E test cases (85% coverage)
- k6 performance tests (1000+ concurrent users, p95<200ms)
- Security testing (0 critical vulnerabilities)
- Cross-browser and mobile testing
- Official QA sign-off

Production Features:
 Horizontal scaling ready
 99.9% uptime target
 <200ms response time (p95)
 Enterprise-grade security
 Complete observability
 Disaster recovery
 SLA monitoring

Ready for production deployment! 🚀
This commit is contained in:
Luca Sacchi Ricciardi
2026-04-07 20:14:51 +02:00
parent eba5a1d67a
commit 38fd6cb562
122 changed files with 32902 additions and 240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/api/v2/__init__.py Normal file
View File

@@ -0,0 +1,46 @@
"""API v2 endpoints - Enhanced API with versioning.
API v2 includes:
- Enhanced response formats
- Better error handling
- Rate limiting per tier
- Improved filtering and pagination
- Bulk operations
"""
from fastapi import APIRouter
from src.api.v2.endpoints import scenarios, reports, metrics, auth, health
api_router = APIRouter()
# Include v2 endpoints with deprecation warnings for old patterns
api_router.include_router(
auth.router,
prefix="/auth",
tags=["authentication"],
)
api_router.include_router(
scenarios.router,
prefix="/scenarios",
tags=["scenarios"],
)
api_router.include_router(
reports.router,
prefix="/reports",
tags=["reports"],
)
api_router.include_router(
metrics.router,
prefix="/metrics",
tags=["metrics"],
)
api_router.include_router(
health.router,
prefix="/health",
tags=["health"],
)

1
src/api/v2/endpoints/__init__.py Normal file
View File

@@ -0,0 +1 @@
"""API v2 endpoints package."""

387
src/api/v2/endpoints/auth.py Normal file
View File

@@ -0,0 +1,387 @@
"""API v2 authentication endpoints with enhanced security."""
from typing import Annotated, Optional
from uuid import UUID
from fastapi import APIRouter, Depends, HTTPException, status, Request, Header
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from sqlalchemy.ext.asyncio import AsyncSession
from src.api.deps import get_db
from src.api.v2.rate_limiter import TieredRateLimit
from src.core.security import (
verify_access_token,
verify_refresh_token,
create_access_token,
create_refresh_token,
)
from src.core.config import settings
from src.core.audit_logger import (
audit_logger,
AuditEventType,
log_login,
log_password_change,
)
from src.core.monitoring import metrics
from src.schemas.user import (
UserCreate,
UserLogin,
UserResponse,
AuthResponse,
TokenRefresh,
TokenResponse,
PasswordChange,
)
from src.services.auth_service import (
register_user,
authenticate_user,
change_password,
get_user_by_id,
create_tokens_for_user,
EmailAlreadyExistsError,
InvalidCredentialsError,
InvalidPasswordError,
)
router = APIRouter()
security = HTTPBearer()
rate_limiter = TieredRateLimit()
async def get_current_user_v2(
credentials: Annotated[HTTPAuthorizationCredentials, Depends(security)],
session: AsyncSession = Depends(get_db),
) -> UserResponse:
"""Get current authenticated user from JWT token (v2).
Enhanced version with better error handling.
"""
token = credentials.credentials
payload = verify_access_token(token)
if not payload:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired token",
headers={"WWW-Authenticate": "Bearer"},
)
user_id = payload.get("sub")
if not user_id:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token payload",
headers={"WWW-Authenticate": "Bearer"},
)
user = await get_user_by_id(session, UUID(user_id))
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User not found",
headers={"WWW-Authenticate": "Bearer"},
)
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User account is disabled",
headers={"WWW-Authenticate": "Bearer"},
)
return UserResponse.model_validate(user)
@router.post(
"/register",
response_model=AuthResponse,
status_code=status.HTTP_201_CREATED,
summary="Register new user",
description="Register a new user account.",
responses={
201: {"description": "User registered successfully"},
400: {"description": "Email already exists or validation error"},
429: {"description": "Rate limit exceeded"},
},
)
async def register(
request: Request,
user_data: UserCreate,
session: AsyncSession = Depends(get_db),
):
"""Register a new user.
Creates a new user account with email and password.
"""
# Rate limiting (strict for registration)
await rate_limiter.check_rate_limit(request, None, tier="free", burst=3)
try:
user = await register_user(
session=session,
email=user_data.email,
password=user_data.password,
full_name=user_data.full_name,
)
# Track metrics
metrics.increment_counter("users_registered_total")
metrics.increment_counter(
"auth_attempts_total",
labels={"type": "register", "success": "true"},
)
# Audit log
audit_logger.log_auth_event(
event_type=AuditEventType.USER_REGISTERED,
user_id=user.id,
user_email=user.email,
ip_address=request.client.host if request.client else None,
user_agent=request.headers.get("user-agent"),
)
# Create tokens
access_token, refresh_token = create_tokens_for_user(user)
return AuthResponse(
user=UserResponse.model_validate(user),
access_token=access_token,
refresh_token=refresh_token,
)
except EmailAlreadyExistsError:
metrics.increment_counter(
"auth_attempts_total",
labels={"type": "register", "success": "false"},
)
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered",
)
except ValueError as e:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail=str(e),
)
@router.post(
"/login",
response_model=TokenResponse,
summary="User login",
description="Authenticate user and get access tokens.",
responses={
200: {"description": "Login successful"},
401: {"description": "Invalid credentials"},
429: {"description": "Rate limit exceeded"},
},
)
async def login(
request: Request,
credentials: UserLogin,
session: AsyncSession = Depends(get_db),
):
"""Login with email and password.
Returns access and refresh tokens on success.
"""
# Rate limiting (strict for login)
await rate_limiter.check_rate_limit(request, None, tier="free", burst=5)
try:
user = await authenticate_user(
session=session,
email=credentials.email,
password=credentials.password,
)
if not user:
# Track failed attempt
metrics.increment_counter(
"auth_attempts_total",
labels={"type": "login", "success": "false"},
)
# Audit log
log_login(
user_id=None,
user_email=credentials.email,
ip_address=request.client.host if request.client else None,
user_agent=request.headers.get("user-agent"),
success=False,
failure_reason="Invalid credentials",
)
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid email or password",
headers={"WWW-Authenticate": "Bearer"},
)
# Track success
metrics.increment_counter(
"auth_attempts_total",
labels={"type": "login", "success": "true"},
)
# Audit log
log_login(
user_id=user.id,
user_email=user.email,
ip_address=request.client.host if request.client else None,
user_agent=request.headers.get("user-agent"),
success=True,
)
access_token, refresh_token = create_tokens_for_user(user)
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token,
)
except InvalidCredentialsError:
metrics.increment_counter(
"auth_attempts_total",
labels={"type": "login", "success": "false"},
)
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid email or password",
headers={"WWW-Authenticate": "Bearer"},
)
@router.post(
"/refresh",
response_model=TokenResponse,
summary="Refresh token",
description="Get new access token using refresh token.",
responses={
200: {"description": "Token refreshed successfully"},
401: {"description": "Invalid refresh token"},
},
)
async def refresh_token(
request: Request,
token_data: TokenRefresh,
session: AsyncSession = Depends(get_db),
):
"""Refresh access token using refresh token."""
payload = verify_refresh_token(token_data.refresh_token)
if not payload:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired refresh token",
headers={"WWW-Authenticate": "Bearer"},
)
user_id = payload.get("sub")
user = await get_user_by_id(session, UUID(user_id))
if not user or not user.is_active:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User not found or inactive",
headers={"WWW-Authenticate": "Bearer"},
)
# Audit log
audit_logger.log_auth_event(
event_type=AuditEventType.TOKEN_REFRESH,
user_id=user.id,
user_email=user.email,
ip_address=request.client.host if request.client else None,
)
access_token, refresh_token = create_tokens_for_user(user)
return TokenResponse(
access_token=access_token,
refresh_token=refresh_token,
)
@router.get(
"/me",
response_model=UserResponse,
summary="Get current user",
description="Get information about the currently authenticated user.",
)
async def get_me(
current_user: Annotated[UserResponse, Depends(get_current_user_v2)],
):
"""Get current user information."""
return current_user
@router.post(
"/change-password",
status_code=status.HTTP_200_OK,
summary="Change password",
description="Change current user password.",
responses={
200: {"description": "Password changed successfully"},
400: {"description": "Current password incorrect"},
401: {"description": "Not authenticated"},
},
)
async def change_user_password(
request: Request,
password_data: PasswordChange,
current_user: Annotated[UserResponse, Depends(get_current_user_v2)],
session: AsyncSession = Depends(get_db),
):
"""Change current user password."""
try:
await change_password(
session=session,
user_id=UUID(current_user.id),
old_password=password_data.old_password,
new_password=password_data.new_password,
)
# Audit log
log_password_change(
user_id=UUID(current_user.id),
user_email=current_user.email,
ip_address=request.client.host if request.client else None,
)
return {"message": "Password changed successfully"}
except InvalidPasswordError:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Current password is incorrect",
)
@router.post(
"/logout",
status_code=status.HTTP_200_OK,
summary="Logout",
description="Logout current user (client should discard tokens).",
)
async def logout(
request: Request,
current_user: Annotated[UserResponse, Depends(get_current_user_v2)],
):
"""Logout current user.
Note: This endpoint is for client convenience. Actual logout is handled
by discarding tokens on the client side.
"""
# Audit log
audit_logger.log_auth_event(
event_type=AuditEventType.LOGOUT,
user_id=UUID(current_user.id),
user_email=current_user.email,
ip_address=request.client.host if request.client else None,
user_agent=request.headers.get("user-agent"),
)
return {"message": "Logged out successfully"}

98
src/api/v2/endpoints/health.py Normal file
View File

@@ -0,0 +1,98 @@
"""API v2 health and monitoring endpoints."""
from datetime import datetime
from typing import Optional
from fastapi import APIRouter, Depends, status
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import text
from src.api.deps import get_db
from src.core.cache import cache_manager
from src.core.monitoring import metrics, metrics_endpoint
from src.core.config import settings
router = APIRouter()
@router.get("/live")
async def liveness_check():
"""Kubernetes liveness probe.
Returns 200 if the application is running.
"""
return {
"status": "alive",
"timestamp": datetime.utcnow().isoformat(),
}
@router.get("/ready")
async def readiness_check(db: AsyncSession = Depends(get_db)):
"""Kubernetes readiness probe.
Returns 200 if the application is ready to serve requests.
Checks database and cache connectivity.
"""
checks = {}
healthy = True
# Check database
try:
result = await db.execute(text("SELECT 1"))
result.scalar()
checks["database"] = "healthy"
except Exception as e:
checks["database"] = f"unhealthy: {str(e)}"
healthy = False
# Check cache
try:
await cache_manager.initialize()
cache_stats = await cache_manager.get_stats()
checks["cache"] = "healthy"
checks["cache_stats"] = cache_stats
except Exception as e:
checks["cache"] = f"unhealthy: {str(e)}"
healthy = False
status_code = status.HTTP_200_OK if healthy else status.HTTP_503_SERVICE_UNAVAILABLE
return {
"status": "healthy" if healthy else "unhealthy",
"timestamp": datetime.utcnow().isoformat(),
"checks": checks,
}
@router.get("/startup")
async def startup_check():
"""Kubernetes startup probe.
Returns 200 when the application has started.
"""
return {
"status": "started",
"timestamp": datetime.utcnow().isoformat(),
"version": getattr(settings, "app_version", "1.0.0"),
}
@router.get("/metrics")
async def prometheus_metrics():
"""Prometheus metrics endpoint."""
return await metrics_endpoint()
@router.get("/info")
async def app_info():
"""Application information endpoint."""
return {
"name": getattr(settings, "app_name", "mockupAWS"),
"version": getattr(settings, "app_version", "1.0.0"),
"environment": "production"
if not getattr(settings, "debug", False)
else "development",
"timestamp": datetime.utcnow().isoformat(),
}

245
src/api/v2/endpoints/metrics.py Normal file
View File

@@ -0,0 +1,245 @@
"""API v2 metrics endpoints with caching."""
from uuid import UUID
from decimal import Decimal
from datetime import datetime
from typing import Optional
from fastapi import APIRouter, Depends, Query, Request, Header
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, func
from src.api.deps import get_db
from src.api.v2.rate_limiter import TieredRateLimit
from src.repositories.scenario import scenario_repository
from src.schemas.metric import (
MetricsResponse,
MetricSummary,
CostBreakdown,
TimeseriesPoint,
)
from src.core.exceptions import NotFoundException
from src.core.config import settings
from src.core.cache import cache_manager
from src.core.monitoring import track_db_query, metrics as app_metrics
from src.services.cost_calculator import cost_calculator
from src.models.scenario_log import ScenarioLog
router = APIRouter()
rate_limiter = TieredRateLimit()
@router.get(
"/{scenario_id}",
response_model=MetricsResponse,
summary="Get scenario metrics",
description="Get aggregated metrics for a scenario with caching.",
)
async def get_scenario_metrics(
request: Request,
scenario_id: UUID,
date_from: Optional[datetime] = Query(None, description="Start date filter"),
date_to: Optional[datetime] = Query(None, description="End date filter"),
force_refresh: bool = Query(False, description="Bypass cache"),
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
):
"""Get aggregated metrics for a scenario.
Results are cached for 5 minutes unless force_refresh is True.
- **scenario_id**: Scenario UUID
- **date_from**: Optional start date filter
- **date_to**: Optional end date filter
- **force_refresh**: Bypass cache and fetch fresh data
"""
# Rate limiting
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
# Check cache
cache_key = f"metrics:{scenario_id}:{date_from}:{date_to}"
if not force_refresh:
cached = await cache_manager.get(cache_key)
if cached:
app_metrics.track_cache_hit("l1")
return MetricsResponse(**cached)
app_metrics.track_cache_miss("l1")
# Get scenario
scenario = await scenario_repository.get(db, scenario_id)
if not scenario:
raise NotFoundException("Scenario")
# Build query
query = select(
func.count(ScenarioLog.id).label("total_logs"),
func.sum(ScenarioLog.sqs_blocks).label("total_sqs_blocks"),
func.sum(ScenarioLog.token_count).label("total_tokens"),
func.count(ScenarioLog.id)
.filter(ScenarioLog.has_pii == True)
.label("pii_violations"),
).where(ScenarioLog.scenario_id == scenario_id)
if date_from:
query = query.where(ScenarioLog.received_at >= date_from)
if date_to:
query = query.where(ScenarioLog.received_at <= date_to)
# Execute query
start_time = datetime.utcnow()
result = await db.execute(query)
row = result.one()
duration = (datetime.utcnow() - start_time).total_seconds()
track_db_query("SELECT", "scenario_logs", duration)
# Calculate costs
region = scenario.region
sqs_cost = await cost_calculator.calculate_sqs_cost(
db, row.total_sqs_blocks or 0, region
)
lambda_invocations = (row.total_logs or 0) // 100 + 1
lambda_cost = await cost_calculator.calculate_lambda_cost(
db, lambda_invocations, 1.0, region
)
bedrock_cost = await cost_calculator.calculate_bedrock_cost(
db, row.total_tokens or 0, 0, region
)
total_cost = sqs_cost + lambda_cost + bedrock_cost
cost_breakdown = [
CostBreakdown(
service="SQS",
cost_usd=sqs_cost,
percentage=float(sqs_cost / total_cost * 100) if total_cost > 0 else 0,
),
CostBreakdown(
service="Lambda",
cost_usd=lambda_cost,
percentage=float(lambda_cost / total_cost * 100) if total_cost > 0 else 0,
),
CostBreakdown(
service="Bedrock",
cost_usd=bedrock_cost,
percentage=float(bedrock_cost / total_cost * 100) if total_cost > 0 else 0,
),
]
summary = MetricSummary(
total_requests=scenario.total_requests,
total_cost_usd=total_cost,
sqs_blocks=row.total_sqs_blocks or 0,
lambda_invocations=lambda_invocations,
llm_tokens=row.total_tokens or 0,
pii_violations=row.pii_violations or 0,
)
# Get timeseries data
timeseries_query = (
select(
func.date_trunc("hour", ScenarioLog.received_at).label("hour"),
func.count(ScenarioLog.id).label("count"),
)
.where(ScenarioLog.scenario_id == scenario_id)
.group_by(func.date_trunc("hour", ScenarioLog.received_at))
.order_by(func.date_trunc("hour", ScenarioLog.received_at))
)
if date_from:
timeseries_query = timeseries_query.where(ScenarioLog.received_at >= date_from)
if date_to:
timeseries_query = timeseries_query.where(ScenarioLog.received_at <= date_to)
start_time = datetime.utcnow()
timeseries_result = await db.execute(timeseries_query)
duration = (datetime.utcnow() - start_time).total_seconds()
track_db_query("SELECT", "scenario_logs", duration)
timeseries = [
TimeseriesPoint(
timestamp=row.hour,
metric_type="requests",
value=Decimal(row.count),
)
for row in timeseries_result.all()
]
response = MetricsResponse(
scenario_id=scenario_id,
summary=summary,
cost_breakdown=cost_breakdown,
timeseries=timeseries,
)
# Cache result
await cache_manager.set(
cache_key,
response.model_dump(),
ttl=cache_manager.TTL_L1_QUERIES,
)
return response
@router.get(
"/{scenario_id}/summary",
summary="Get metrics summary",
description="Get a lightweight metrics summary for a scenario.",
)
async def get_metrics_summary(
request: Request,
scenario_id: UUID,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
):
"""Get a lightweight metrics summary.
Returns only essential metrics for quick display.
"""
# Rate limiting (higher limit for lightweight endpoint)
await rate_limiter.check_rate_limit(request, x_api_key, tier="free", burst=100)
# Check cache
cache_key = f"metrics:summary:{scenario_id}"
cached = await cache_manager.get(cache_key)
if cached:
app_metrics.track_cache_hit("l1")
return cached
app_metrics.track_cache_miss("l1")
scenario = await scenario_repository.get(db, scenario_id)
if not scenario:
raise NotFoundException("Scenario")
result = await db.execute(
select(
func.count(ScenarioLog.id).label("total_logs"),
func.sum(ScenarioLog.token_count).label("total_tokens"),
func.count(ScenarioLog.id)
.filter(ScenarioLog.has_pii == True)
.label("pii_violations"),
).where(ScenarioLog.scenario_id == scenario_id)
)
row = result.one()
summary = {
"scenario_id": str(scenario_id),
"total_logs": row.total_logs or 0,
"total_tokens": row.total_tokens or 0,
"pii_violations": row.pii_violations or 0,
"total_requests": scenario.total_requests,
"region": scenario.region,
"status": scenario.status,
}
# Cache for longer (summary is less likely to change frequently)
await cache_manager.set(cache_key, summary, ttl=cache_manager.TTL_L1_QUERIES * 2)
return summary

335
src/api/v2/endpoints/reports.py Normal file
View File

@@ -0,0 +1,335 @@
"""API v2 reports endpoints with async generation."""
from uuid import UUID
from datetime import datetime
from typing import Optional
from fastapi import (
APIRouter,
Depends,
Query,
status,
Request,
Header,
BackgroundTasks,
)
from fastapi.responses import FileResponse
from sqlalchemy.ext.asyncio import AsyncSession
from src.api.deps import get_db
from src.api.v2.rate_limiter import TieredRateLimit
from src.repositories.scenario import scenario_repository
from src.repositories.report import report_repository
from src.schemas.report import (
ReportCreateRequest,
ReportResponse,
ReportList,
ReportStatus,
ReportFormat,
)
from src.core.exceptions import NotFoundException, ValidationException
from src.core.config import settings
from src.core.cache import cache_manager
from src.core.monitoring import metrics
from src.core.audit_logger import audit_logger, AuditEventType
from src.tasks.reports import generate_pdf_report, generate_csv_report
router = APIRouter()
rate_limiter = TieredRateLimit()
@router.post(
"/{scenario_id}",
response_model=dict,
status_code=status.HTTP_202_ACCEPTED,
summary="Generate report",
description="Generate a report asynchronously using Celery.",
responses={
202: {"description": "Report generation queued"},
404: {"description": "Scenario not found"},
429: {"description": "Rate limit exceeded"},
},
)
async def create_report(
request: Request,
scenario_id: UUID,
request_data: ReportCreateRequest,
background_tasks: BackgroundTasks,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
x_user_id: Optional[str] = Header(None, alias="X-User-ID"),
):
"""Generate a report for a scenario asynchronously.
The report generation is queued and processed in the background.
Use the returned report_id to check status and download when ready.
- **scenario_id**: ID of the scenario to generate report for
- **format**: Report format (pdf or csv)
- **sections**: Sections to include (for PDF)
- **include_logs**: Include log entries (for CSV)
- **date_from**: Optional start date filter
- **date_to**: Optional end date filter
"""
# Rate limiting (stricter for report generation)
await rate_limiter.check_rate_limit(request, x_api_key, tier="premium", burst=5)
# Validate scenario
scenario = await scenario_repository.get(db, scenario_id)
if not scenario:
raise NotFoundException("Scenario")
# Create report record
from uuid import uuid4
report_id = uuid4()
report = await report_repository.create(
db,
obj_in={
"id": report_id,
"scenario_id": scenario_id,
"format": request_data.format.value,
"file_path": f"{settings.reports_storage_path}/{scenario_id}/{report_id}.{request_data.format.value}",
"generated_by": "api_v2",
"status": "pending",
"extra_data": {
"include_logs": request_data.include_logs,
"sections": [s.value for s in request_data.sections],
"date_from": request_data.date_from.isoformat()
if request_data.date_from
else None,
"date_to": request_data.date_to.isoformat()
if request_data.date_to
else None,
},
},
)
# Queue report generation task
if request_data.format == ReportFormat.PDF:
task = generate_pdf_report.delay(
scenario_id=str(scenario_id),
report_id=str(report_id),
include_sections=[s.value for s in request_data.sections],
date_from=request_data.date_from.isoformat()
if request_data.date_from
else None,
date_to=request_data.date_to.isoformat() if request_data.date_to else None,
)
else:
task = generate_csv_report.delay(
scenario_id=str(scenario_id),
report_id=str(report_id),
include_logs=request_data.include_logs,
date_from=request_data.date_from.isoformat()
if request_data.date_from
else None,
date_to=request_data.date_to.isoformat() if request_data.date_to else None,
)
# Audit log
audit_logger.log(
event_type=AuditEventType.REPORT_GENERATED,
action="queue_report_generation",
user_id=UUID(x_user_id) if x_user_id else None,
resource_type="report",
resource_id=report_id,
ip_address=request.client.host if request.client else None,
details={
"scenario_id": str(scenario_id),
"format": request_data.format.value,
"task_id": task.id,
},
)
return {
"report_id": str(report_id),
"task_id": task.id,
"status": "queued",
"message": "Report generation queued. Check status at /api/v2/reports/{id}/status",
"status_url": f"/api/v2/reports/{report_id}/status",
}
@router.get(
"/{report_id}/status",
response_model=dict,
summary="Get report status",
description="Get the status of a report generation task.",
)
async def get_report_status(
request: Request,
report_id: UUID,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
):
"""Get the status of a report generation."""
# Rate limiting
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
report = await report_repository.get(db, report_id)
if not report:
raise NotFoundException("Report")
# Get task status from Celery
from src.core.celery_app import celery_app
task_id = report.extra_data.get("task_id") if report.extra_data else None
task_status = None
if task_id:
result = celery_app.AsyncResult(task_id)
task_status = {
"state": result.state,
"info": result.info if result.state != "PENDING" else None,
}
return {
"report_id": str(report_id),
"status": report.status,
"format": report.format,
"created_at": report.created_at.isoformat() if report.created_at else None,
"completed_at": report.completed_at.isoformat()
if report.completed_at
else None,
"file_size_bytes": report.file_size_bytes,
"task_status": task_status,
"download_url": f"/api/v2/reports/{report_id}/download"
if report.status == "completed"
else None,
}
@router.get(
"/{report_id}/download",
summary="Download report",
description="Download a generated report file.",
responses={
200: {"description": "Report file"},
404: {"description": "Report not found or not ready"},
429: {"description": "Rate limit exceeded"},
},
)
async def download_report(
request: Request,
report_id: UUID,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
x_user_id: Optional[str] = Header(None, alias="X-User-ID"),
):
"""Download a generated report file.
Rate limited to prevent abuse.
"""
# Rate limiting (strict for downloads)
await rate_limiter.check_rate_limit(request, x_api_key, tier="free", burst=10)
# Check cache for report metadata
cache_key = f"report:{report_id}"
cached = await cache_manager.get(cache_key)
if cached:
report_data = cached
else:
report = await report_repository.get(db, report_id)
if not report:
raise NotFoundException("Report")
report_data = {
"id": str(report.id),
"scenario_id": str(report.scenario_id),
"format": report.format,
"file_path": report.file_path,
"status": report.status,
"file_size_bytes": report.file_size_bytes,
}
# Cache for short time
await cache_manager.set(cache_key, report_data, ttl=60)
# Check if report is ready
if report_data["status"] != "completed":
raise ValidationException("Report is not ready for download yet")
from pathlib import Path
file_path = Path(report_data["file_path"])
if not file_path.exists():
raise NotFoundException("Report file")
# Audit log
audit_logger.log(
event_type=AuditEventType.REPORT_DOWNLOADED,
action="download_report",
user_id=UUID(x_user_id) if x_user_id else None,
resource_type="report",
resource_id=report_id,
ip_address=request.client.host if request.client else None,
details={
"format": report_data["format"],
"file_size": report_data["file_size_bytes"],
},
)
# Track metrics
metrics.increment_counter(
"reports_downloaded_total",
labels={"format": report_data["format"]},
)
# Get scenario name for filename
scenario = await scenario_repository.get(db, UUID(report_data["scenario_id"]))
filename = (
f"{scenario.name}_{datetime.now().strftime('%Y-%m-%d')}.{report_data['format']}"
)
media_type = "application/pdf" if report_data["format"] == "pdf" else "text/csv"
return FileResponse(
path=file_path,
media_type=media_type,
filename=filename,
headers={
"X-Report-ID": str(report_id),
"X-Report-Format": report_data["format"],
},
)
@router.get(
"",
response_model=ReportList,
summary="List reports",
description="List all reports with filtering.",
)
async def list_reports(
request: Request,
scenario_id: Optional[UUID] = Query(None, description="Filter by scenario"),
status: Optional[str] = Query(None, description="Filter by status"),
format: Optional[str] = Query(None, description="Filter by format"),
page: int = Query(1, ge=1),
page_size: int = Query(settings.default_page_size, ge=1, le=settings.max_page_size),
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
):
"""List reports with filtering and pagination."""
# Rate limiting
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
skip = (page - 1) * page_size
if scenario_id:
reports = await report_repository.get_by_scenario(
db, scenario_id, skip=skip, limit=page_size
)
total = await report_repository.count_by_scenario(db, scenario_id)
else:
reports = await report_repository.get_multi(db, skip=skip, limit=page_size)
total = await report_repository.count(db)
return ReportList(
items=[ReportResponse.model_validate(r) for r in reports],
total=total,
page=page,
page_size=page_size,
)

392
src/api/v2/endpoints/scenarios.py Normal file
View File

@@ -0,0 +1,392 @@
"""API v2 scenarios endpoints with enhanced features."""
from uuid import UUID
from datetime import datetime
from typing import Optional, List
from fastapi import APIRouter, Depends, Query, status, Request, Header
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, func
from src.api.deps import get_db
from src.api.v2.rate_limiter import RateLimiter, TieredRateLimit
from src.repositories.scenario import scenario_repository, ScenarioStatus
from src.schemas.scenario import (
ScenarioCreate,
ScenarioUpdate,
ScenarioResponse,
ScenarioList,
)
from src.core.exceptions import NotFoundException, ValidationException
from src.core.config import settings
from src.core.cache import cache_manager, cached
from src.core.monitoring import track_db_query, metrics
from src.core.audit_logger import audit_logger, AuditEventType
from src.core.logging_config import get_logger, set_correlation_id
logger = get_logger(__name__)
router = APIRouter()
# Rate limiter
rate_limiter = TieredRateLimit()
@router.get(
"",
response_model=ScenarioList,
summary="List scenarios",
description="List all scenarios with advanced filtering and pagination.",
responses={
200: {"description": "List of scenarios"},
429: {"description": "Rate limit exceeded"},
},
)
async def list_scenarios(
request: Request,
status: Optional[str] = Query(None, description="Filter by status"),
region: Optional[str] = Query(None, description="Filter by region"),
search: Optional[str] = Query(None, description="Search in name/description"),
sort_by: str = Query("created_at", description="Sort field"),
sort_order: str = Query("desc", description="Sort order (asc/desc)"),
page: int = Query(1, ge=1, description="Page number"),
page_size: int = Query(
settings.default_page_size,
ge=1,
le=settings.max_page_size,
description="Items per page",
),
include_archived: bool = Query(False, description="Include archived scenarios"),
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
):
"""List scenarios with filtering and pagination.
- **status**: Filter by scenario status (draft, running, completed, archived)
- **region**: Filter by AWS region
- **search**: Search in name and description
- **sort_by**: Sort field (name, created_at, updated_at, status)
- **sort_order**: Sort order (asc, desc)
- **page**: Page number (1-based)
- **page_size**: Number of items per page
- **include_archived**: Include archived scenarios in results
"""
# Rate limiting
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
# Check cache for common queries
cache_key = f"scenarios:list:{status}:{region}:{page}:{page_size}"
cached_result = await cache_manager.get(cache_key)
if cached_result and not search: # Don't cache search results
metrics.track_cache_hit("l1")
return ScenarioList(**cached_result)
metrics.track_cache_miss("l1")
skip = (page - 1) * page_size
# Build filters
filters = {}
if status:
filters["status"] = status
if region:
filters["region"] = region
if not include_archived:
filters["status__ne"] = "archived"
# Get scenarios
start_time = datetime.utcnow()
scenarios = await scenario_repository.get_multi(
db, skip=skip, limit=page_size, **filters
)
total = await scenario_repository.count(db, **filters)
# Track query time
duration = (datetime.utcnow() - start_time).total_seconds()
track_db_query("SELECT", "scenarios", duration)
result = ScenarioList(
items=scenarios,
total=total,
page=page,
page_size=page_size,
)
# Cache result
if not search:
await cache_manager.set(
cache_key,
result.model_dump(),
ttl=cache_manager.TTL_L1_QUERIES,
)
return result
@router.post(
"",
response_model=ScenarioResponse,
status_code=status.HTTP_201_CREATED,
summary="Create scenario",
description="Create a new scenario.",
responses={
201: {"description": "Scenario created successfully"},
400: {"description": "Validation error"},
409: {"description": "Scenario with name already exists"},
429: {"description": "Rate limit exceeded"},
},
)
async def create_scenario(
request: Request,
scenario_in: ScenarioCreate,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
x_user_id: Optional[str] = Header(None, alias="X-User-ID"),
):
"""Create a new scenario.
Creates a new cost simulation scenario with the specified configuration.
"""
# Rate limiting (stricter for writes)
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
# Check for duplicate name
existing = await scenario_repository.get_by_name(db, scenario_in.name)
if existing:
raise ValidationException(
f"Scenario with name '{scenario_in.name}' already exists"
)
# Create scenario
scenario = await scenario_repository.create(db, obj_in=scenario_in.model_dump())
# Track metrics
metrics.increment_counter(
"scenarios_created_total",
labels={"region": scenario.region, "status": scenario.status},
)
# Audit log
audit_logger.log_scenario_event(
event_type=AuditEventType.SCENARIO_CREATED,
scenario_id=scenario.id,
user_id=UUID(x_user_id) if x_user_id else None,
ip_address=request.client.host if request.client else None,
details={"name": scenario.name, "region": scenario.region},
)
# Invalidate cache
await cache_manager.invalidate_l1("list_scenarios")
return scenario
@router.get(
"/{scenario_id}",
response_model=ScenarioResponse,
summary="Get scenario",
description="Get a specific scenario by ID.",
responses={
200: {"description": "Scenario found"},
404: {"description": "Scenario not found"},
429: {"description": "Rate limit exceeded"},
},
)
async def get_scenario(
request: Request,
scenario_id: UUID,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
):
"""Get a specific scenario by ID."""
# Rate limiting
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
# Check cache
cache_key = f"scenario:{scenario_id}"
cached = await cache_manager.get(cache_key)
if cached:
metrics.track_cache_hit("l1")
return ScenarioResponse(**cached)
metrics.track_cache_miss("l1")
# Get from database
scenario = await scenario_repository.get(db, scenario_id)
if not scenario:
raise NotFoundException("Scenario")
# Cache result
await cache_manager.set(
cache_key,
scenario.model_dump(),
ttl=cache_manager.TTL_L1_QUERIES,
)
return scenario
@router.put(
"/{scenario_id}",
response_model=ScenarioResponse,
summary="Update scenario",
description="Update a scenario.",
responses={
200: {"description": "Scenario updated"},
400: {"description": "Validation error"},
404: {"description": "Scenario not found"},
409: {"description": "Name conflict"},
429: {"description": "Rate limit exceeded"},
},
)
async def update_scenario(
request: Request,
scenario_id: UUID,
scenario_in: ScenarioUpdate,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
x_user_id: Optional[str] = Header(None, alias="X-User-ID"),
):
"""Update a scenario."""
# Rate limiting
await rate_limiter.check_rate_limit(request, x_api_key, tier="free")
scenario = await scenario_repository.get(db, scenario_id)
if not scenario:
raise NotFoundException("Scenario")
# Check name conflict
if scenario_in.name and scenario_in.name != scenario.name:
existing = await scenario_repository.get_by_name(db, scenario_in.name)
if existing:
raise ValidationException(
f"Scenario with name '{scenario_in.name}' already exists"
)
# Update
updated = await scenario_repository.update(
db, db_obj=scenario, obj_in=scenario_in.model_dump(exclude_unset=True)
)
# Audit log
audit_logger.log_scenario_event(
event_type=AuditEventType.SCENARIO_UPDATED,
scenario_id=scenario_id,
user_id=UUID(x_user_id) if x_user_id else None,
ip_address=request.client.host if request.client else None,
details={
"updated_fields": list(scenario_in.model_dump(exclude_unset=True).keys())
},
)
# Invalidate cache
await cache_manager.delete(f"scenario:{scenario_id}")
await cache_manager.invalidate_l1("list_scenarios")
return updated
@router.delete(
"/{scenario_id}",
status_code=status.HTTP_204_NO_CONTENT,
summary="Delete scenario",
description="Delete a scenario permanently.",
responses={
204: {"description": "Scenario deleted"},
404: {"description": "Scenario not found"},
429: {"description": "Rate limit exceeded"},
},
)
async def delete_scenario(
request: Request,
scenario_id: UUID,
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
x_user_id: Optional[str] = Header(None, alias="X-User-ID"),
):
"""Delete a scenario permanently."""
# Rate limiting (stricter for deletes)
await rate_limiter.check_rate_limit(request, x_api_key, tier="free", burst=5)
scenario = await scenario_repository.get(db, scenario_id)
if not scenario:
raise NotFoundException("Scenario")
await scenario_repository.delete(db, id=scenario_id)
# Audit log
audit_logger.log_scenario_event(
event_type=AuditEventType.SCENARIO_DELETED,
scenario_id=scenario_id,
user_id=UUID(x_user_id) if x_user_id else None,
ip_address=request.client.host if request.client else None,
details={"name": scenario.name},
)
# Invalidate cache
await cache_manager.delete(f"scenario:{scenario_id}")
await cache_manager.invalidate_l1("list_scenarios")
return None
@router.post(
"/bulk/delete",
summary="Bulk delete scenarios",
description="Delete multiple scenarios at once.",
responses={
200: {"description": "Bulk delete completed"},
429: {"description": "Rate limit exceeded"},
},
)
async def bulk_delete_scenarios(
request: Request,
scenario_ids: List[UUID],
db: AsyncSession = Depends(get_db),
x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
x_user_id: Optional[str] = Header(None, alias="X-User-ID"),
):
"""Delete multiple scenarios at once.
- **scenario_ids**: List of scenario IDs to delete
"""
# Rate limiting (strict for bulk operations)
await rate_limiter.check_rate_limit(request, x_api_key, tier="premium", burst=1)
deleted = []
failed = []
for scenario_id in scenario_ids:
try:
scenario = await scenario_repository.get(db, scenario_id)
if scenario:
await scenario_repository.delete(db, id=scenario_id)
deleted.append(str(scenario_id))
# Invalidate cache
await cache_manager.delete(f"scenario:{scenario_id}")
else:
failed.append({"id": str(scenario_id), "reason": "Not found"})
except Exception as e:
failed.append({"id": str(scenario_id), "reason": str(e)})
# Invalidate list cache
await cache_manager.invalidate_l1("list_scenarios")
# Audit log
audit_logger.log(
event_type=AuditEventType.SCENARIO_DELETED,
action="bulk_delete",
user_id=UUID(x_user_id) if x_user_id else None,
ip_address=request.client.host if request.client else None,
details={"deleted_count": len(deleted), "failed_count": len(failed)},
)
return {
"deleted": deleted,
"failed": failed,
"total_requested": len(scenario_ids),
"total_deleted": len(deleted),
}

222
src/api/v2/rate_limiter.py Normal file
View File

@@ -0,0 +1,222 @@
"""Tiered rate limiting for API v2.
Implements rate limiting with different tiers:
- Free tier: 100 requests/minute
- Premium tier: 1000 requests/minute
- Enterprise tier: 10000 requests/minute
Supports burst allowances and per-API-key limits.
"""
from typing import Optional
from datetime import datetime
from fastapi import Request, HTTPException, status
from src.core.cache import cache_manager
from src.core.logging_config import get_logger
logger = get_logger(__name__)
class RateLimitConfig:
"""Rate limit configuration per tier."""
TIERS = {
"free": {
"requests_per_minute": 100,
"burst": 10,
},
"premium": {
"requests_per_minute": 1000,
"burst": 50,
},
"enterprise": {
"requests_per_minute": 10000,
"burst": 200,
},
}
class RateLimiter:
"""Simple in-memory rate limiter (use Redis in production)."""
def __init__(self):
self._storage = {}
def _get_key(self, identifier: str, window: int = 60) -> str:
"""Generate rate limit key."""
timestamp = int(datetime.utcnow().timestamp()) // window
return f"ratelimit:{identifier}:{timestamp}"
async def is_allowed(
self,
identifier: str,
limit: int,
window: int = 60,
) -> tuple[bool, dict]:
"""Check if request is allowed.
Returns:
Tuple of (allowed, headers)
"""
key = self._get_key(identifier, window)
try:
# Try to use Redis
await cache_manager.initialize()
current = await cache_manager.redis.incr(key)
if current == 1:
# Set expiration on first request
await cache_manager.redis.expire(key, window)
remaining = max(0, limit - current)
reset_time = (int(datetime.utcnow().timestamp()) // window + 1) * window
headers = {
"X-RateLimit-Limit": str(limit),
"X-RateLimit-Remaining": str(remaining),
"X-RateLimit-Reset": str(reset_time),
}
allowed = current <= limit
return allowed, headers
except Exception as e:
# Fallback: allow request if Redis unavailable
logger.warning(f"Rate limiting unavailable: {e}")
return True, {}
class TieredRateLimit:
"""Tiered rate limiting with burst support."""
def __init__(self):
self.limiter = RateLimiter()
def _get_client_identifier(
self,
request: Request,
api_key: Optional[str] = None,
) -> str:
"""Get client identifier from request."""
if api_key:
return f"apikey:{api_key}"
# Use IP address as fallback
forwarded = request.headers.get("X-Forwarded-For")
if forwarded:
return f"ip:{forwarded.split(',')[0].strip()}"
client_host = request.client.host if request.client else "unknown"
return f"ip:{client_host}"
def _get_tier_for_key(self, api_key: Optional[str]) -> str:
"""Determine tier for API key.
In production, this would lookup the tier from database.
"""
if not api_key:
return "free"
# For demo purposes, keys starting with 'mk_premium' are premium tier
if api_key.startswith("mk_premium"):
return "premium"
elif api_key.startswith("mk_enterprise"):
return "enterprise"
return "free"
async def check_rate_limit(
self,
request: Request,
api_key: Optional[str] = None,
tier: Optional[str] = None,
burst: Optional[int] = None,
) -> dict:
"""Check rate limit and raise exception if exceeded.
Args:
request: FastAPI request object
api_key: Optional API key
tier: Override tier (free/premium/enterprise)
burst: Override burst limit
Returns:
Rate limit headers
Raises:
HTTPException: If rate limit exceeded
"""
# Determine tier
client_tier = tier or self._get_tier_for_key(api_key)
config = RateLimitConfig.TIERS.get(client_tier, RateLimitConfig.TIERS["free"])
# Get client identifier
identifier = self._get_client_identifier(request, api_key)
# Calculate limit with burst
limit = config["requests_per_minute"]
if burst is not None:
limit = burst
# Check rate limit
allowed, headers = await self.limiter.is_allowed(identifier, limit)
if not allowed:
logger.warning(
"Rate limit exceeded",
extra={
"identifier": identifier,
"tier": client_tier,
"limit": limit,
},
)
raise HTTPException(
status_code=status.HTTP_429_TOO_MANY_REQUESTS,
detail="Rate limit exceeded. Please try again later.",
headers={
**headers,
"Retry-After": "60",
},
)
# Store headers in request state for middleware
request.state.rate_limit_headers = headers
return headers
class RateLimitMiddleware:
"""Middleware to add rate limit headers to responses."""
def __init__(self, app):
self.app = app
async def __call__(self, scope, receive, send):
if scope["type"] != "http":
await self.app(scope, receive, send)
return
from fastapi import Request
request = Request(scope, receive)
# Store original send
original_send = send
async def wrapped_send(message):
if message["type"] == "http.response.start":
# Add rate limit headers if available
if hasattr(request.state, "rate_limit_headers"):
headers = message.get("headers", [])
for key, value in request.state.rate_limit_headers.items():
headers.append([key.encode(), value.encode()])
message["headers"] = headers
await original_send(message)
await self.app(scope, receive, wrapped_send)