Spaces:

AP314159
/

dialexus-chat

Sleeping

App Files Files Community

dialexus-chat / app /api /v1 /endpoints /admin.py

AP314159

initial commit

9b87a98 6 months ago

raw

history blame contribute delete

17 kB

	import json
	from fastapi import APIRouter, Depends, HTTPException, status, Query
	from motor.motor_asyncio import AsyncIOMotorClient
	from sqlalchemy.orm import Session, joinedload
	from typing import List, Union, Optional
	import datetime

	from app.db.session import get_db, get_mongo_db
	from app.security.dependencies import get_current_user_from_cookie
	from app.security.hashing import Hasher
	from app.models import Admin, User, Group, GroupMember
	from app.schemas.user import UserOut, UserCreate, UserPasswordReset
	from app.schemas.group import GroupCreateWithMembers, GroupWithMembers, GroupOut
	from app.schemas.admin import ConversationSummary
	from app.schemas.message import MessageHistory
	from app.websocket.connection_manager import manager
	from app.cache.group_members import remove_group_from_cache, add_member_to_cache, remove_member_from_cache

	router = APIRouter()

	def get_admin_from_dependency(current_entity: Union[User, Admin] = Depends(get_current_user_from_cookie)) -> Admin:
	"""
	A helper dependency to ensure the user is an Admin.
	This replaces the old get_current_active_admin.
	"""
	if not isinstance(current_entity, Admin):
	raise HTTPException(status_code=403, detail="Operation not permitted. Requires admin privileges.")
	if not current_entity.is_active:
	raise HTTPException(status_code=400, detail="Inactive admin.")
	return current_entity

	# --- User Management by Admin ---

	@router.post("/users", response_model=UserOut, status_code=status.HTTP_201_CREATED)
	def create_user_for_admin(
	user_in: UserCreate,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	# ... (logic remains the same)
	full_username = f"{user_in.username}{current_admin.admin_key}"
	db_user = db.query(User).filter(User.username == full_username).first()
	if db_user:
	raise HTTPException(status_code=400, detail=f"Username '{user_in.username}' already exists in your tenant.")
	hashed_password = Hasher.get_password_hash(user_in.password)
	new_user = User(username=full_username, password_hash=hashed_password, admin_id=current_admin.id)
	db.add(new_user)
	db.commit()
	db.refresh(new_user)
	return new_user

	@router.get("/users/all", response_model=List[UserOut])
	def list_users_for_admin(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	return db.query(User).filter(User.admin_id == current_admin.id).all()

	@router.get("/users/active", response_model=List[UserOut])
	def list_active_users_for_admin(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""Lists all active users in the admin's tenant."""
	return db.query(User).filter(User.admin_id == current_admin.id, User.is_active == True).all()

	@router.get("/users/deactivated", response_model=List[UserOut])
	def list_deactivated_users_for_admin(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""Lists all deactivated users in the admin's tenant."""
	return db.query(User).filter(User.admin_id == current_admin.id, User.is_active == False).all()

	@router.get("/users/online", response_model=List[UserOut])
	def get_online_users(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""Gets a list of all online users within the current admin's tenant."""
	online_connection_ids = manager.get_all_connection_ids()
	online_user_ids = [int(cid.split('-')[1]) for cid in online_connection_ids if cid.startswith('user-')]

	# Fetch details only for online users that belong to this admin's tenant
	online_users_in_tenant = db.query(User).filter(
	User.id.in_(online_user_ids),
	User.admin_id == current_admin.id
	).all()
	return online_users_in_tenant

	@router.patch("/users/{user_id}/deactivate", status_code=status.HTTP_204_NO_CONTENT)
	async def deactivate_user(
	user_id: int,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	# ... (logic remains the same)
	user = db.query(User).filter(User.id == user_id, User.admin_id == current_admin.id).first()
	if not user:
	raise HTTPException(status_code=404, detail="User not found in your tenant.")
	user.is_active = False
	db.commit()
	user_connection_id = f"user-{user.id}"
	if user_connection_id in manager.active_connections:
	logout_command = json.dumps({"event": "force_logout", "reason": "Your account has been deactivated by the administrator."})
	await manager.send_personal_message(logout_command, user_connection_id)
	manager.disconnect(user_connection_id)
	return

	@router.patch("/users/{user_id}/reactivate", status_code=status.HTTP_204_NO_CONTENT)
	def reactivate_user(
	user_id: int,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	# ... (logic remains the same)
	user = db.query(User).filter(User.id == user_id, User.admin_id == current_admin.id).first()
	if not user:
	raise HTTPException(status_code=404, detail="User not found in your tenant.")
	user.is_active = True
	db.commit()
	return

	@router.patch("/users/{user_id}/reset-password", status_code=status.HTTP_204_NO_CONTENT)
	async def reset_user_password(
	user_id: int,
	password_data: UserPasswordReset,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""
	Resets the password for a specific user within the admin's tenant.
	"""
	# Find the user and verify they belong to the admin's tenant
	user = db.query(User).filter(User.id == user_id, User.admin_id == current_admin.id).first()
	if not user:
	raise HTTPException(status_code=404, detail="User not found in your tenant.")

	# Hash the new password and update the user's record
	hashed_password = Hasher.get_password_hash(password_data.new_password)
	user.password_hash = hashed_password

	db.commit()
	user_connection_id = f"user-{user.id}"
	if user_connection_id in manager.active_connections:
	logout_command = json.dumps({"event": "force_logout", "reason": "Please re-authenticate yourself as admin has reset your password."})
	await manager.send_personal_message(logout_command, user_connection_id)
	manager.disconnect(user_connection_id)
	return

	# --- Group Management by Admin ---

	@router.post("/groups", response_model=GroupOut, status_code=status.HTTP_201_CREATED)
	def create_group_for_admin(
	group_in: GroupCreateWithMembers,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	# ... (logic remains the same)
	db_group = db.query(Group).filter(Group.name == group_in.name, Group.admin_id == current_admin.id).first()
	if db_group:
	raise HTTPException(status_code=400, detail=f"Group name '{group_in.name}' already exists in your tenant.")
	new_group = Group(name=group_in.name, admin_id=current_admin.id)
	db.add(new_group)
	db.flush()
	if group_in.members:
	for user_id in group_in.members:
	user = db.query(User).filter(User.id == user_id, User.admin_id == current_admin.id).first()
	if user:
	new_member = GroupMember(group_id=new_group.id, user_id=user.id)
	db.add(new_member)
	add_member_to_cache(new_group.id, f"user-{user.id}")
	db.commit()
	db.refresh(new_group)
	return new_group

	@router.get("/groups/all", response_model=List[GroupWithMembers])
	def list_groups_with_members_for_admin(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""Lists all groups in the admin's tenant, including their members."""
	groups = (
	db.query(Group)
	.options(joinedload(Group.members).joinedload(GroupMember.user))
	.filter(Group.admin_id == current_admin.id)
	.all()
	)

	result = []
	for group in groups:
	members_info = [
	{"user_id": member.user.id, "username": member.user.username}
	for member in group.members
	]
	result.append({
	"id": group.id,
	"name": group.name,
	"admin_id": group.admin_id,
	"is_active": group.is_active,
	"members": members_info
	})
	return result

	@router.get("/groups/active", response_model=List[GroupWithMembers])
	def list_active_groups_with_members(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""Lists all active groups in the admin's tenant, including their members."""
	groups = (
	db.query(Group)
	.options(joinedload(Group.members).joinedload(GroupMember.user))
	.filter(Group.admin_id == current_admin.id, Group.is_active == True)
	.all()
	)
	# ... (response formatting logic remains the same)
	result = []
	for group in groups:
	members_info = [{"user_id": member.user.id, "username": member.user.username} for member in group.members]
	result.append({"id": group.id, "name": group.name, "admin_id": group.admin_id, "is_active": group.is_active, "members": members_info})
	return result

	@router.get("/groups/deactivated", response_model=List[GroupWithMembers])
	def list_deactivated_groups_with_members(
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""Lists all deactivated groups in the admin's tenant, including their members."""
	groups = (
	db.query(Group)
	.options(joinedload(Group.members).joinedload(GroupMember.user))
	.filter(Group.admin_id == current_admin.id, Group.is_active == False)
	.all()
	)
	# ... (response formatting logic remains the same)
	result = []
	for group in groups:
	members_info = [{"user_id": member.user.id, "username": member.user.username} for member in group.members]
	result.append({"id": group.id, "name": group.name, "admin_id": group.admin_id, "is_active": group.is_active, "members": members_info})
	return result

	@router.delete("/groups/{group_id}", status_code=status.HTTP_204_NO_CONTENT)
	def deactivate_group(
	group_id: int,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	group = db.query(Group).filter(Group.id == group_id, Group.admin_id == current_admin.id).first()
	if not group:
	raise HTTPException(status_code=404, detail="Group not found in your tenant.")
	group.is_active = False
	db.commit()
	remove_group_from_cache(group_id)
	return

	@router.post("/groups/{group_id}/members/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
	def add_user_to_group(
	group_id: int,
	user_id: int,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_current_user_from_cookie)
	):
	"""
	Add a user from the admin's tenant to a group in the same tenant.
	"""
	# Verify the group belongs to the admin
	group = db.query(Group).filter(Group.id == group_id, Group.admin_id == current_admin.id).first()
	if not group:
	raise HTTPException(status_code=404, detail="Group not found in your tenant.")

	# Verify the user belongs to the admin
	user = db.query(User).filter(User.id == user_id, User.admin_id == current_admin.id).first()
	if not user:
	raise HTTPException(status_code=404, detail="User not found in your tenant.")

	# Check if the user is already a member
	membership = db.query(GroupMember).filter(GroupMember.group_id == group_id, GroupMember.user_id == user_id).first()
	if membership:
	raise HTTPException(status_code=400, detail="User is already a member of this group.")

	new_member = GroupMember(group_id=group_id, user_id=user_id)
	db.add(new_member)
	db.commit()
	add_member_to_cache(group_id, f"user-{user_id}")
	return

	@router.delete("/groups/{group_id}/members/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
	def remove_user_from_group(
	group_id: int,
	user_id: int,
	db: Session = Depends(get_db),
	current_admin: Admin = Depends(get_current_user_from_cookie)
	):
	"""
	Remove a user from a group.
	"""
	# Verify the group belongs to the admin to allow this operation
	group = db.query(Group).filter(Group.id == group_id, Group.admin_id == current_admin.id).first()
	if not group:
	raise HTTPException(status_code=404, detail="Group not found in your tenant.")

	membership = db.query(GroupMember).filter(GroupMember.group_id == group_id, GroupMember.user_id == user_id).first()
	if not membership:
	raise HTTPException(status_code=404, detail="User is not a member of this group.")

	db.delete(membership)
	db.commit()
	remove_member_from_cache(group_id, f"user-{user_id}")
	return

	@router.get("/conversations/users", response_model=List[ConversationSummary])
	async def list_user_to_user_conversations(
	db: Session = Depends(get_db),
	mongo_db: AsyncIOMotorClient = Depends(get_mongo_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""
	Lists all private user-to-user conversations within the admin's tenant,
	sorted by the most recent message.
	"""
	# 1. Get all user IDs for the current admin's tenant
	tenant_user_ids = [user.id for user in db.query(User.id).filter(User.admin_id == current_admin.id).all()]
	if not tenant_user_ids:
	return []

	messages_collection = mongo_db["messages"]

	# 2. Run the aggregation pipeline in MongoDB
	pipeline = [
	# Match only private messages between users in this tenant
	{"$match": {
	"type": "private",
	"sender.role": "user",
	"receiver.role": "user",
	"sender.id": {"$in": tenant_user_ids},
	"receiver.id": {"$in": tenant_user_ids}
	}},
	# Group by a canonical key (sorted participants)
	{"$group": {
	"_id": {
	"participants": {
	"$sortArray": {"input": ["$sender", "$receiver"], "sortBy": {"id": 1}}
	}
	},
	"last_message_timestamp": {"$max": "$timestamp"},
	"message_count": {"$sum": 1}
	}},
	# Sort conversations by the most recent activity
	{"$sort": {"last_message_timestamp": -1}}
	]

	aggregation_result = await messages_collection.aggregate(pipeline).to_list(length=None)

	# 3. Format the response
	response = []
	for item in aggregation_result:
	participants = item["_id"]["participants"]
	response.append({
	"user_one": {"id": participants[0]["id"], "username": participants[0]["username"]},
	"user_two": {"id": participants[1]["id"], "username": participants[1]["username"]},
	"last_message_timestamp": item["last_message_timestamp"],
	"message_count": item["message_count"]
	})

	return response

	@router.get("/messages/users/{user1_id}/{user2_id}", response_model=MessageHistory)
	async def get_user_to_user_message_history(
	user1_id: int,
	user2_id: int,
	before: Optional[str] = Query(None, description="ISO timestamp cursor for pagination"),
	limit: int = Query(50, gt=0, le=100),
	db: Session = Depends(get_db),
	mongo_db: AsyncIOMotorClient = Depends(get_mongo_db),
	current_admin: Admin = Depends(get_admin_from_dependency)
	):
	"""
	Fetches the detailed message history for a specific user-to-user conversation.
	"""
	# 1. Security Check: Verify both users belong to the admin's tenant
	users = db.query(User).filter(User.id.in_([user1_id, user2_id]), User.admin_id == current_admin.id).all()
	if len(users) != 2:
	raise HTTPException(status_code=404, detail="One or both users not found in your tenant.")

	# 2. Build the MongoDB query
	messages_collection = mongo_db["messages"]
	query = {
	"$or": [
	{"sender.id": user1_id, "receiver.id": user2_id},
	{"sender.id": user2_id, "receiver.id": user1_id}
	],
	"type": "private"
	}

	if before:
	try:
	cursor_time = datetime.datetime.fromisoformat(before.replace("Z", "+00:00"))
	query["timestamp"] = {"$lt": cursor_time}
	except ValueError:
	raise HTTPException(status_code=400, detail="Invalid 'before' timestamp format.")

	# 3. Fetch messages
	messages_cursor = messages_collection.find(query).sort("timestamp", -1).limit(limit)
	messages = await messages_cursor.to_list(length=limit)

	for msg in messages:
	msg["_id"] = str(msg["_id"])

	next_cursor = None
	if len(messages) == limit:
	next_cursor = messages[-1]['timestamp'].isoformat() + "Z"

	return {"messages": messages, "next_cursor": next_cursor}