Hugging Face's logo

Spaces:
VeuReu
/
compliance
Sleeping

App Files Community
compliance / app.py
VeuReu's picture
VeuReu
Upload 17 files
cd025b1 verified
raw
history blame contribute delete
40 kB
 #!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Veureu Compliance Service
Microservicio dedicado a cumplimiento normativo con resiliencia:
- Google OAuth authentication
- AWS QLDB consent recording
- Polygon blockchain publishing
- Email notifications
- Digest verification
- Compliance dashboard API
- Resilience & Recovery management
Este servicio maneja desconexiones de Hugging Face gracefully,
asegurando persistencia de datos en AWS QLDB y continuidad del servicio.
"""
import os
import json
import hashlib
import time
from datetime import datetime, timezone
from typing import Dict, Any, Optional, List
from dataclasses import dataclass
import logging
import streamlit as st
import requests
from fastapi import FastAPI, HTTPException
from fastapi.middleware.cors import CORSMiddleware
from pydantic import BaseModel
import uvicorn
# Importaciones del sistema de resiliencia
from config import config, get_service_status
from phone_verification import router as phone_verification_router
from resilience_manager import resilience_manager
from recovery_manager import recovery_manager
# Configuración logging
logging.basicConfig(
level=getattr(logging, config.LOG_LEVEL),
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
)
logger = logging.getLogger(__name__)
# --- CONFIGURACIÓN FASTAPI ---
app = FastAPI(
title="Veureu Compliance Service",
version="1.0.0",
description="Microservicio de cumplimiento normativo con resiliencia"
)
# CORS per permetre crides des del Space demo (i altres orígens web)
app.add_middleware(
CORSMiddleware,
allow_origins=["*"], # En producció pots restringir-ho al domini del Space demo
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# Router de verificació per telèfon / WhatsApp
app.include_router(phone_verification_router)
# --- INICIALIZACIÓN CON RECUPERACIÓN ---
def initialize_service():
"""Inicializa el servicio con recuperación de estado (no bloqueante)"""
logger.info("=== INICIANDO VEUREU COMPLIANCE SERVICE ===")
logger.info(f"Environment: {config.ENVIRONMENT}")
logger.info(f"Log Level: {config.LOG_LEVEL}")
# Verificación simple sin ejecutar recuperación automática
service_health = resilience_manager.get_service_health()
logger.info(f"Estado del servicio: {service_health['status']}")
logger.info(f"Uptime: {service_health['uptime_human']}")
logger.info("Recuperación automática desactivada (usar API /api/recovery/status para detalles)")
return {"status": "initialized", "service_health": service_health}
# Ejecutar inicialización simple
startup_recovery = initialize_service()
# --- MODELOS DE DATOS ---
class UserValidation(BaseModel):
token: str
class LoginURLRequest(BaseModel):
callback_url: str
class ConsentRecord(BaseModel):
user_info: Dict[str, Any]
video_info: Dict[str, Any]
consent_data: Dict[str, Any]
class ValidationRequest(BaseModel):
document_id: str
user_email: str
user_name: str
video_title: str
video_hash: str
timestamp: str
video_url: str
consent_data: Dict[str, Any]
class ValidatorDecision(BaseModel):
document_id: str
validator_email: str
decision: str # "approved" o "rejected"
comments: str = ""
class DigestPublish(BaseModel):
period: str # YYYY-MM
digest_hash: str | None = None
class DigestVerify(BaseModel):
period: str
expected_hash: str
class EventsDigestPublish(BaseModel):
session_id: str
digest_hash: str
class ActionsQLDBPayload(BaseModel):
session_id: str
actions: List[Dict[str, Any]]
class LogoutRequest(BaseModel):
token: str
class VideoUploadNotification(BaseModel):
video_name: str
sha1sum: str
class LoginSMSRequest(BaseModel):
phone: str
code: str
# --- AUTENTICACIÓN (SIMULADA) ---
def validate_google_token(token: str) -> Optional[Dict[str, Any]]:
"""
Valida token de Google OAuth (simulado hasta integración real)
Args:
token: JWT token de Google
Returns:
Dict con info del usuario o None
"""
# Temporal: simulación de validación
if token.startswith("sim_token_"):
email = token.replace("sim_token_", "").replace("_sim", "@example.com")
return {
"email": email,
"name": email.split("@")[0],
"picture": "https://via.placeholder.com/150",
"verified": True
}
# En producción: usar google-auth-library
"""
try:
from google.oauth2 import id_token
from google.auth.transport import requests as google_requests
idinfo = id_token.verify_oauth2_token(
token,
google_requests.Request(),
GOOGLE_CLIENT_ID
)
return {
"email": idinfo["email"],
"name": idinfo["name"],
"picture": idinfo["picture"],
"verified": idinfo.get("email_verified", False)
}
except Exception as e:
logger.error(f"Error validando token Google: {e}")
return None
"""
return None
def generate_oauth_login_url(callback_url: str) -> str:
"""
Genera URL de login OAuth de Google
Args:
callback_url: URL de retorno
Returns:
URL completa para redirección OAuth
"""
# Temporal: URL simulada que devuelve token
callback_encoded = requests.utils.quote(callback_url)
simulated_token = "sim_token_user123_sim"
return f"{callback_encoded}?auth_token={simulated_token}"
# En producción: configurar OAuth real
"""
client_id = GOOGLE_CLIENT_ID
redirect_uri = requests.utils.quote(callback_url)
scope = "email profile"
return f"https://accounts.google.com/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope={scope}"
"""
# --- AWS QLDB INTEGRATION (SIMULADA) ---
def record_consent_qldb(user_info: Dict[str, Any],
video_info: Dict[str, Any],
consent_data: Dict[str, Any]) -> Optional[str]:
"""
Registra consentimiento en AWS QLDB
Args:
user_info: Información del usuario
video_info: Información del vídeo
consent_data: Datos de consentimiento
Returns:
Document ID o None si error
"""
# Temporal: simulación
timestamp = int(time.time())
content_hash = hashlib.md5(json.dumps({
'user': user_info,
'video': video_info,
'timestamp': timestamp
}).encode()).hexdigest()[:8]
document_id = f"doc_{timestamp}_{content_hash}"
logger.info(f"[QLDB - SIMULATED] Consentimiento registrado: {document_id}")
logger.info(f"[QLDB - SIMULATED] Usuario: {user_info.get('email', 'unknown')}")
logger.info(f"[QLDB - SIMULATED] Vídeo: {video_info.get('name', 'unknown')}")
return document_id
# En producción: integración real con QLDB
"""
try:
import boto3
from amazon.ion.simpleion import dumps, loads
client = boto3.client('qldb-session')
# Crear documento en QLDB
document = {
'user_email': user_info['email'],
'user_name': user_info['name'],
'video_name': video_info['name'],
'video_size': video_info['size'],
'consent_data': consent_data,
'timestamp': datetime.now(timezone.utc).isoformat(),
'status': 'pending_validation'
}
# Ejecutar transacción QLDB
result = client.execute_statement(
LedgerName=QLDB_LEDGER_NAME,
Statement=f"INSERT INTO compliance_records VALUE ?",
Parameters=[dumps(document)]
)
document_id = result['Documents'][0]['Id']
logger.info(f"Consentimiento registrado en QLDB: {document_id}")
return document_id
except Exception as e:
logger.error(f"Error registrando consentimiento en QLDB: {e}")
return None
"""
# --- POLYGON BLOCKCHAIN INTEGRATION (SIMULADA) ---
def publish_digest_polygon(period: str, authorizations: List[Dict[str, Any]]) -> Optional[str]:
"""
Publica digest mensual en Polygon blockchain
Args:
period: Período YYYY-MM
authorizations: Lista de autorizaciones del período
Returns:
Transaction hash o None si error
"""
try:
# Calcular digest hash
sorted_auths = sorted(authorizations, key=lambda x: x.get('timestamp', ''))
digest_data = ""
for auth in sorted_auths:
auth_json = json.dumps({
'user_email': auth.get('user_email', ''),
'video_hash': auth.get('video_hash', ''),
'timestamp': auth.get('timestamp', ''),
'consent_accepted': auth.get('consent_accepted', False),
'validation_status': auth.get('validation_status', ''),
'document_id': auth.get('document_id', '')
}, sort_keys=True, separators=(',', ':'))
digest_data += auth_json + "|"
digest_hash = hashlib.sha256(digest_data.encode('utf-8')).hexdigest()
# Temporal: simulación de publicación
block_number = 12345000 + int(time.time()) % 1000
tx_hash = f"0x{digest_hash[:32]}"
logger.info(f"[POLYGON - SIMULATED] Digest publicado: {period}")
logger.info(f"[POLYGON - SIMULATED] Autorizaciones: {len(authorizations)}")
logger.info(f"[POLYGON - SIMULATED] Hash: {digest_hash[:16]}...")
logger.info(f"[POLYGON - SIMULATED] TX: {tx_hash}")
logger.info(f"[POLYGON - SIMULATED] Block: {block_number}")
return tx_hash
# En producción: integración real con Web3
"""
from web3 import Web3
w3 = Web3(Web3.HTTPProvider(POLYGON_RPC_URL))
account = w3.eth.account.from_key(POLYGON_PRIVATE_KEY)
contract = w3.eth.contract(
address=Web3.to_checksum_address(DIGEST_CONTRACT_ADDR),
abi=DIGEST_CONTRACT_ABI
)
nonce = w3.eth.get_transaction_count(account.address)
tx = contract.functions.publish(
Web3.to_bytes(hexstr=digest_hash),
period
).build_transaction({
"from": account.address,
"nonce": nonce,
"gas": 120000,
"maxFeePerGas": w3.to_wei('60', 'gwei'),
"maxPriorityFeePerGas": w3.to_wei('2', 'gwei'),
"chainId": POLYGON_CHAIN_ID
})
signed = w3.eth.account.sign_transaction(tx, POLYGON_PRIVATE_KEY)
tx_hash = w3.eth.send_raw_transaction(signed.rawTransaction)
receipt = w3.eth.wait_for_transaction_receipt(tx_hash)
logger.info(f"Digest publicado en Polygon: {receipt.transactionHash.hex()}")
return receipt.transactionHash.hex()
"""
except Exception as e:
logger.error(f"Error publicando digest en Polygon: {e}")
return None
# --- EMAIL NOTIFICATIONS (SIMULADAS) ---
def send_validation_email(validation_request: ValidationRequest) -> bool:
"""
Envía email de validación a validadores
Args:
validation_request: Datos para email de validación
Returns:
True si éxito, False si error
"""
try:
# Temporal: simulación de email
logger.info(f"[EMAIL - SIMULATED] =======================================")
logger.info(f"[EMAIL - SIMULATED] ENVIANDO VALIDACIÓN")
logger.info(f"[EMAIL - SIMULATED] =======================================")
logger.info(f"[EMAIL - SIMULATED] Document ID: {validation_request.document_id}")
logger.info(f"[EMAIL - SIMULATED] Usuario: {validation_request.user_email}")
logger.info(f"[EMAIL - SIMULATED] Nombre: {validation_request.user_name}")
logger.info(f"[EMAIL - SIMULATED] Vídeo: {validation_request.video_title}")
logger.info(f"[EMAIL - SIMULATED] Hash: {validation_request.video_hash}")
logger.info(f"[EMAIL - SIMULATED] Timestamp: {validation_request.timestamp}")
logger.info(f"[EMAIL - SIMULATED] URL: {validation_request.video_url}")
logger.info(f"[EMAIL - SIMULATED] Consentimientos:")
for key, value in validation_request.consent_data.items():
logger.info(f"[EMAIL - SIMULATED] - {key}: {value}")
logger.info(f"[EMAIL - SIMULATED] =======================================")
return True
# En producción: integración SMTP real
"""
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
# Crear HTML del email
html_content = f'''<html>
<body>
<h2>Solicitud de Validacion - Veureu</h2>
<p>Se ha subido un nuevo video que requiere validacion:</p>
<ul>
<li><strong>Usuario:</strong> {validation_request.user_email}</li>
<li><strong>Video:</strong> {validation_request.video_title}</li>
<li><strong>Fecha:</strong> {validation_request.timestamp}</li>
<li><strong>ID:</strong> {validation_request.document_id}</li>
</ul>
<h3>Acciones</h3>
<p>
<a href="{validation_request.video_url}/approve?doc_id={validation_request.document_id}"
style="background-color: #28a745; color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;">
Aprobar
</a>
&nbsp;&nbsp;
<a href="{validation_request.video_url}/reject?doc_id={validation_request.document_id}"
style="background-color: #dc3545; color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;">
Rechazar
</a>
</p>
<h3>Consentimientos</h3>
<pre>{json.dumps(validation_request.consent_data, indent=2)}</pre>
</body>
</html>'''
msg = MIMEMultipart('alternative')
msg['Subject'] = f"Validación requerida - {validation_request.document_id}"
msg['From'] = SMTP_USERNAME
msg['To'] = "validators@veureu.cat"
msg.attach(MIMEText(html_content, 'html'))
# Enviar email
with smtplib.SMTP(SMTP_SERVER, SMTP_PORT) as server:
server.starttls()
server.login(SMTP_USERNAME, SMTP_PASSWORD)
server.send_message(msg)
logger.info(f"Email de validación enviado para: {validation_request.document_id}")
return True
"""
except Exception as e:
logger.error(f"Error enviando email de validación: {e}")
return False
# --- API ENDPOINTS ---
@app.get("/")
def root():
"""Health check endpoint con información de resiliencia"""
service_health = resilience_manager.get_service_health()
service_status = get_service_status()
return {
"service": "Veureu Compliance Service",
"status": service_health["status"],
"version": "1.0.0",
"timestamp": datetime.now().isoformat(),
"environment": config.ENVIRONMENT,
"uptime": service_health["uptime_human"],
"total_processed": service_health["total_processed"],
"error_count": service_health["error_count"],
"pending_validations": service_health["pending_validations"],
"last_digest_publish": service_health["last_digest_publish"],
"services": service_status
}
@app.get("/api/recovery/status")
def get_recovery_status():
"""Obtiene estado detallado de recuperación y resiliencia"""
recovery_report = recovery_manager.perform_recovery_check()
service_health = resilience_manager.get_service_health()
return {
"timestamp": datetime.now().isoformat(),
"service_health": service_health,
"recovery_report": recovery_report,
"resilience_config": {
"state_file": resilience_manager.state_file,
"auto_recovery": True,
"persistence_enabled": True
}
}
@app.post("/api/recovery/force")
def force_recovery():
"""Fuerza una recuperación completa del servicio"""
try:
recovery_report = recovery_manager.force_full_recovery()
return {
"success": True,
"timestamp": datetime.now().isoformat(),
"recovery_report": recovery_report
}
except Exception as e:
logger.error(f"Error forzando recuperación: {e}")
raise HTTPException(status_code=500, detail=f"Error en recuperación: {str(e)}")
@app.get("/api/health/detailed")
def detailed_health_check():
"""Health check detallado con todos los componentes"""
service_health = resilience_manager.get_service_health()
connectivity = recovery_manager._check_external_connectivity()
data_integrity = recovery_manager._check_data_integrity()
return {
"timestamp": datetime.now().isoformat(),
"overall_status": "healthy" if (
service_health["status"] == "healthy" and
connectivity["overall"]["status"] == "healthy" and
data_integrity["status"] == "healthy"
) else "degraded",
"service": service_health,
"connectivity": connectivity,
"data_integrity": data_integrity,
"environment": config.ENVIRONMENT,
"features": {
"blockchain": config.has_blockchain_config(),
"qldb": config.has_qldb_config(),
"oauth": config.has_oauth_config(),
"email": config.has_email_config()
}
}
# === AUTENTICACIÓN ===
@app.post("/api/auth/validate")
def validate_user(user_data: UserValidation):
"""Valida token de usuario"""
user_info = validate_google_token(user_data.token)
if user_info:
return user_info
else:
raise HTTPException(status_code=401, detail="Token inválido")
@app.post("/api/auth/login-url")
def get_login_url(request: LoginURLRequest):
"""Obtiene URL de login OAuth"""
login_url = generate_oauth_login_url(request.callback_url)
if login_url:
return {"login_url": login_url}
else:
raise HTTPException(status_code=500, detail="Error generando URL de login")
@app.post("/api/auth/logout")
def logout_user(request: LogoutRequest):
"""Invalida sesión de usuario"""
logger.info(f"Logout request for token: {request.token[:20]}...")
return {"success": True}
# === CUMPLIMIENTO (QLDB) ===
@app.post("/api/compliance/record-consent")
def record_consent(consent: ConsentRecord):
"""Registra consentimiento de usuario"""
document_id = record_consent_qldb(
consent.user_info,
consent.video_info,
consent.consent_data
)
if document_id:
return {"document_id": document_id}
else:
raise HTTPException(status_code=500, detail="Error registrando consentimiento")
@app.post("/api/compliance/send-validation")
def send_validation(request: ValidationRequest):
"""Envía solicitud de validación"""
validation_request = ValidationRequest(**request.dict())
success = send_validation_email(validation_request)
if success:
return {"success": True}
else:
raise HTTPException(status_code=500, detail="Error enviando validación")
@app.post("/api/notifications/video-upload-sms")
def send_video_upload_sms(notification: VideoUploadNotification):
"""Envia un SMS al validor de vídeos quan es puja un nou vídeo.
Utilitza el webhook de Zapier definit a ZAPIER_WEBHOOK_CATCH i el telèfon
configurat a VIDEO_VALIDATOR_PHONE.
"""
zapier_url = os.getenv("ZAPIER_WEBHOOK_CATCH")
validator_phone = os.getenv("VIDEO_VALIDATOR_PHONE")
if not zapier_url or not validator_phone:
logger.error("[VIDEO SMS] Falta ZAPIER_WEBHOOK_CATCH o VIDEO_VALIDATOR_PHONE")
raise HTTPException(status_code=500, detail="SMS validator config missing")
message = f"Revise el vídeo {notification.video_name}"
try:
resp = requests.post(
zapier_url,
json={
"phone": validator_phone,
"message": message,
"sha1sum": notification.sha1sum,
"video_name": notification.video_name,
},
timeout=10,
)
if not resp.ok:
logger.error(
f"[VIDEO SMS] Error HTTP enviant SMS al validor: {resp.status_code} {resp.text}"
)
raise HTTPException(status_code=500, detail="Error enviant SMS al validor")
logger.info(
f"[VIDEO SMS] SMS de validació enviat a {validator_phone} per al vídeo {notification.video_name}"
)
return {"success": True}
except HTTPException:
raise
except Exception as e:
logger.error(f"[VIDEO SMS] Error inesperat enviant SMS al validor: {e}")
raise HTTPException(status_code=500, detail="Error inesperat enviant SMS al validor")
@app.post("/api/notifications/login-sms")
def send_login_sms(req: LoginSMSRequest):
"""Envia un SMS de verificació de mòbil per al login des de demo.
Utilitza el webhook de Zapier (ZAPIER_WEBHOOK_CATCH) definit en aquest space.
El missatge no inclou el codi en pantalla; el codi s'envia només per SMS.
"""
logger.info(f"[LOGIN SMS] Petició rebuda per telèfon: {req.phone}")
# Normalitzar telèfon a format internacional E.164
normalized_phone = req.phone.strip().replace(" ", "")
if not normalized_phone.startswith("+"):
normalized_phone = "+34" + normalized_phone
# Missatge incloent el codi en clar perquè l'usuari el pugui introduir a demo
message = f"El teu codi secret de validació és: {req.code}"
use_zapier = os.getenv("AUTOMATION_ZAPIER_ENABLED", "false").lower() == "true"
use_twilio = os.getenv("AUTOMATION_TWILIO_ENABLED", "true").lower() == "true"
try:
# 1) Si Zapier està habilitat, prioritzar el flux actual
if use_zapier:
zapier_url = os.getenv("ZAPIER_WEBHOOK_CATCH")
if not zapier_url:
logger.error("[LOGIN SMS] ZAPIER_WEBHOOK_CATCH no definit")
raise HTTPException(status_code=500, detail="ZAPIER webhook not configured")
payload = {
"phone": normalized_phone,
"message": message,
"code": req.code,
}
logger.info(f"[LOGIN SMS] Enviant petició a Zapier per a {normalized_phone}...")
resp = requests.post(zapier_url, json=payload, timeout=10)
logger.info(f"[LOGIN SMS] Resposta Zapier status={resp.status_code}")
if not resp.ok:
logger.error(
f"[LOGIN SMS] Error HTTP enviant SMS de login via Zapier: {resp.status_code} {resp.text}"
)
raise HTTPException(status_code=500, detail="Error enviant SMS de login")
logger.info(f"[LOGIN SMS] SMS de verificació enviat a {normalized_phone} via Zapier")
return {"success": True}
# 2) Si Zapier no està habilitat però Twilio sí, enviar directament via Twilio
if use_twilio:
account_sid = os.getenv("TWILIO_ACCOUNT_SID")
auth_token = os.getenv("TWILIO_AUTH_TOKEN")
from_number = os.getenv("TWILIO_FROM")
if not all([account_sid, auth_token, from_number]):
logger.error("[LOGIN SMS] Configuració Twilio incompleta (TWILIO_ACCOUNT_SID/TWILIO_AUTH_TOKEN/TWILIO_FROM)")
raise HTTPException(status_code=500, detail="Twilio config missing")
twilio_url = f"https://api.twilio.com/2010-04-01/Accounts/{account_sid}/Messages.json"
data = {
"To": normalized_phone,
"From": from_number,
"Body": message,
}
logger.info(f"[LOGIN SMS] Enviant SMS via Twilio a {normalized_phone}...")
resp = requests.post(twilio_url, data=data, auth=(account_sid, auth_token), timeout=10)
logger.info(f"[LOGIN SMS] Resposta Twilio status={resp.status_code}")
if resp.status_code not in (200, 201):
logger.error(f"[LOGIN SMS] Error HTTP enviant SMS de login via Twilio: {resp.status_code} {resp.text}")
raise HTTPException(status_code=500, detail="Error enviant SMS de login")
logger.info(f"[LOGIN SMS] SMS de verificació enviat a {normalized_phone} via Twilio")
return {"success": True}
# 3) Si cap mecanisme està habilitat, retornar error de configuració
logger.error("[LOGIN SMS] Cap mecanisme d'enviament SMS habilitat (ni Zapier ni Twilio)")
raise HTTPException(status_code=500, detail="Cap mecanisme SMS habilitat")
except HTTPException:
raise
except Exception as e:
logger.error(f"[LOGIN SMS] Error inesperat enviant SMS de login: {e}")
raise HTTPException(status_code=500, detail="Error inesperat enviant SMS de login")
@app.post("/api/compliance/record-decision")
def record_decision(decision: ValidatorDecision):
"""Registra decisión de validador"""
logger.info(f"[DECISION] Documento: {decision.document_id}")
logger.info(f"[DECISION] Validador: {decision.validator_email}")
logger.info(f"[DECISION] Decisión: {decision.decision}")
logger.info(f"[DECISION] Comentarios: {decision.comments}")
return {"success": True}
@app.get("/api/compliance/stats")
def get_compliance_stats():
"""Obtiene estadísticas de cumplimiento"""
# Temporal: datos simulados
return {
"total_documents": 1247,
"pending_validation": 23,
"approved": 1180,
"rejected": 44,
"monthly_digests": 12,
"last_digest": "2025-11",
"gas_used_total": "0.42 MATIC",
"last_updated": datetime.now().isoformat()
}
# === BLOCKCHAIN (POLYGON) ===
@app.post("/api/blockchain/publish-digest")
def publish_digest(request: DigestPublish):
"""Publica digest mensual en blockchain.
Si es proporciona digest_hash, s'utilitza directament com a arrel del
digest mensual. En cas contrari, es fan servir dades simulades.
"""
try:
if request.digest_hash:
# Ús directe del hash rebut (mode simplificat, semblant a events)
digest_hash = request.digest_hash
tx_hash = f"0x{digest_hash[:64]}"
logger.info(
f"[POLYGON MONTHLY DIGEST] period={request.period} hash={digest_hash} tx={tx_hash}"
)
else:
# Temporal: dades simulades per a demos sense digest pre-calculat
authorizations = [
{
"user_email": "user1@example.com",
"video_hash": "abc123...",
"timestamp": f"{request.period}-15T10:00:00Z",
"consent_accepted": True,
"validation_status": "approved",
"document_id": f"doc_{request.period}_001",
},
{
"user_email": "user2@example.com",
"video_hash": "def456...",
"timestamp": f"{request.period}-20T14:30:00Z",
"consent_accepted": True,
"validation_status": "approved",
"document_id": f"doc_{request.period}_002",
},
]
tx_hash = publish_digest_polygon(request.period, authorizations)
if not tx_hash:
raise HTTPException(status_code=500, detail="Error publicando digest simulado")
return {"transaction_hash": tx_hash}
except HTTPException:
raise
except Exception as e:
logger.error(f"Error publicant digest mensual: {e}")
raise HTTPException(status_code=500, detail="Error publicant digest mensual")
@app.post("/api/blockchain/publish-events-digest")
def publish_events_digest(request: EventsDigestPublish):
"""Publica el digest d'esdeveniments de sessió a Polygon.
Rep un hash ja calculat (digest_hash) i un identificador de sessió, i retorna
el hash de transacció i la URL de Polygonscan associada.
"""
try:
digest_hash = request.digest_hash
if not digest_hash:
raise HTTPException(status_code=400, detail="digest_hash buit")
# Simulació de publicació: derivar un tx_hash a partir del digest
tx_hash = f"0x{digest_hash[:64]}"
logger.info(
f"[POLYGON EVENTS] session={request.session_id} hash={digest_hash} tx={tx_hash}"
)
polygonscan_base = os.getenv("POLYGONSCAN_URL", "https://polygonscan.com/tx/")
tx_url = polygonscan_base.rstrip("/") + "/" + tx_hash
return {
"transaction_hash": tx_hash,
"transaction_url": tx_url,
}
# En producció, aquí s'utilitzaria Web3 per signar i enviar la
# transacció al contracte HashLogger o equivalent.
except HTTPException:
raise
except Exception as e:
logger.error(f"Error publicant digest d'esdeveniments a Polygon: {e}")
raise HTTPException(status_code=500, detail="Error publicant digest d'esdeveniments")
@app.post("/api/blockchain/publish-actions-qldb")
def publish_actions_qldb(request: ActionsQLDBPayload):
"""Rep el conjunt de canvis d'actions.db per ser persistits a QLDB.
Aquesta ruta és el punt d'entrada perquè una integració desplegada
escrigui el contingut a una taula d'AWS QLDB.
"""
try:
actions_count = len(request.actions or [])
logger.info(
f"[QLDB ACTIONS] session={request.session_id} actions={actions_count}"
)
return {
"stored": True,
"actions_count": actions_count,
}
except Exception as e:
logger.error(f"Error gestionant publicació d'actions a QLDB: {e}")
raise HTTPException(
status_code=500,
detail="Error publicant canvis d'actions a QLDB",
)
@app.get("/api/blockchain/digests")
def get_digests():
"""Obtiene lista de digest publicados"""
# Temporal: datos simulados
return {
"digests": [
{
"period": "2025-11",
"transaction_hash": "0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
"block_number": 12345678,
"timestamp": "2025-11-03T14:30:00Z",
"authorization_count": 189
},
{
"period": "2025-10",
"transaction_hash": "0xfedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210",
"block_number": 12345670,
"timestamp": "2025-10-31T16:45:00Z",
"authorization_count": 156
},
{
"period": "2025-09",
"transaction_hash": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890",
"block_number": 12345660,
"timestamp": "2025-09-30T12:15:00Z",
"authorization_count": 134
}
]
}
@app.post("/api/blockchain/verify-digest")
def verify_digest(request: DigestVerify):
"""Verifica integridad de digest en blockchain"""
# Temporal: siempre válido para períodos conocidos
known_periods = ["2025-11", "2025-10", "2025-09", "2025-08"]
logger.info(f"[VERIFY] Período solicitado: {request.period}")
logger.info(f"[VERIFY] Hash esperado: {request.expected_hash[:16]}...")
if request.period in known_periods:
logger.info(f"[VERIFY] VALIDO - Período conocido")
return {"valid": True}
else:
logger.info(f"[VERIFY] INVALIDO - Período desconocido")
return {"valid": False}
# --- STREAMLIT DASHBOARD (OPCIONAL) ---
def st_dashboard():
"""Dashboard interno para monitoreo con resiliencia"""
st.set_page_config(
page_title="Veureu Compliance",
layout="wide",
page_icon="🔐"
)
st.title("Veureu Compliance Service")
st.markdown("Microservicio de cumplimiento normativo con **resiliencia integrada**")
# Obtener estado actual
service_health = resilience_manager.get_service_health()
service_status = get_service_status()
# Métricas principales
col1, col2, col3, col4 = st.columns(4)
with col1:
status_indicator = "OK" if service_health["status"] == "healthy" else "WARN"
st.metric("Estado", f"{status_indicator} {service_health['status'].title()}")
with col2:
env_indicator = "SIM" if config.is_simulation() else "PROD"
st.metric("Modo", f"{env_indicator} {config.ENVIRONMENT.title()}")
with col3:
st.metric("Uptime", service_health["uptime_human"])
with col4:
error_rate = (
service_health["error_count"] / max(service_health["total_processed"], 1) * 100
)
st.metric("Error Rate", f"{error_rate:.1f}%")
# Tabs con información de resiliencia
tab1, tab2, tab3, tab4, tab5 = st.tabs([
"Estado General",
"Resiliencia",
"Blockchain",
"Logs",
"Configuración"
])
with tab1:
st.subheader("Estado General del Servicio")
# Métricas detalladas
col1, col2, col3 = st.columns(3)
with col1:
st.success("Autenticacion: Activa")
st.info("QLDB: Simulado")
st.info("Email: Simulado")
with col2:
st.info("Polygon: Simulado")
st.success("API: Funcionando")
st.success("Dashboard: Activo")
with col3:
st.metric("Total Endpoints", "15")
st.metric("Procesados", service_health["total_processed"])
st.metric("Errores", service_health["error_count"])
# Estado de validaciones
st.markdown("### Estado de Validaciones")
col1, col2, col3 = st.columns(3)
with col1:
st.metric("Validaciones Pendientes", service_health["pending_validations"])
with col2:
last_digest = service_health["last_digest_publish"] or "Nunca"
st.metric("Ultimo Digest", last_digest)
with col3:
st.metric("Ultima Sinc QLDB", service_health["last_qldb_sync"][:10])
with tab2:
st.subheader("Sistema de Resiliencia")
# Información de resiliencia
st.markdown("### Estado de Recuperacion")
recovery_report = recovery_manager.perform_recovery_check()
if recovery_report["recovery_needed"]:
st.warning(f"Se necesitan {recovery_report['total_actions']} acciones de recuperacion")
for action in recovery_report["recovery_actions"]:
priority_text = "ALTA" if action["priority"] == "high" else "MEDIA" if action["priority"] == "medium" else "BAJA"
st.markdown(f"[{priority_text}] **{action['action']}** (Prioridad: {action['priority']})")
else:
st.success("No se requieren acciones de recuperacion")
# Controles de recuperacion
st.markdown("### Controles de Recuperacion")
col1, col2 = st.columns(2)
with col1:
if st.button("Verificar Estado", type="secondary"):
with st.spinner("Verificando estado de recuperacion..."):
recovery_report = recovery_manager.perform_recovery_check()
st.json(recovery_report)
with col2:
if st.button("Forzar Recuperacion", type="secondary"):
with st.spinner("Forzando recuperacion completa..."):
recovery_report = recovery_manager.force_full_recovery()
st.success("Recuperacion forzada completada")
st.json(recovery_report)
# Información de persistencia
st.markdown("### Persistencia de Estado")
col1, col2 = st.columns(2)
with col1:
st.code(f"Archivo de estado: {resilience_manager.state_file}")
st.metric("Inicio Servicio", service_health["service_start"][:19])
with col2:
st.info("**Caracteristicas de Resiliencia**")
st.markdown("• Persistencia de estado en disco")
st.markdown("• Recuperacion automatica al inicio")
st.markdown("• Manejo de desconexiones HF")
st.markdown("• Datos seguros en AWS QLDB")
st.markdown("• Blockchain inmutable")
with tab3:
st.subheader("Configuracion Blockchain")
col1, col2 = st.columns(2)
with col1:
st.markdown("**Configuracion Red**")
st.code(f"RPC URL: {POLYGON_RPC_URL}")
st.code(f"Chain ID: {POLYGON_CHAIN_ID}")
st.code(f"Contract: {DIGEST_CONTRACT_ADDR or 'No configurado'}")
with col2:
st.markdown("**Estado Wallet**")
if POLYGON_PRIVATE_KEY:
st.success("Private Key configurada")
else:
st.warning("Private Key no configurada")
st.markdown("**Contrato**")
if DIGEST_CONTRACT_ABI:
st.success("ABI configurado")
else:
st.warning("ABI no configurado")
with tab4:
st.subheader("Logs Recientes")
log_area = st.empty()
# Mostrar logs simulados
logs = [
"[INFO] Servicio iniciado correctamente",
"[INFO] Modo simulacion activado",
"[INFO] Endpoints registrados: 15",
"[INFO] Health check funcionando",
"[POLYGON] Listo para publicacion de digest",
"[QLDB] Listo para registro de consentimientos",
"[EMAIL] Listo para notificaciones",
"[INFO] Esperando solicitudes del space demo..."
]
for log in logs:
st.code(log)
with tab5:
st.subheader("Configuracion del Sistema")
st.markdown("**Variables de Entorno**")
env_vars = {
"POLYGON_RPC_URL": POLYGON_RPC_URL,
"POLYGON_CHAIN_ID": POLYGON_CHAIN_ID,
"DIGEST_CONTRACT_ADDR": DIGEST_CONTRACT_ADDR or "No configurado",
"POLYGON_PRIVATE_KEY": "Configurada" if POLYGON_PRIVATE_KEY else "No configurada",
"DIGEST_CONTRACT_ABI": "Configurado" if DIGEST_CONTRACT_ABI else "No configurado"
}
for key, value in env_vars.items():
st.code(f"{key}: {value}")
st.markdown("---")
st.markdown("**Para activar producción:**")
st.markdown("1. Configurar variables de entorno reales")
st.markdown("2. Descomentar código de integración")
st.markdown("3. Instalar dependencias adicionales")
st.markdown("4. Reiniciar servicio")
if st.button("Reiniciar Servicio", type="secondary"):
st.rerun()
if __name__ == "__main__":
# Ejecutar como Streamlit app para dashboard interno
st_dashboard()
else:
# Ejecutar como FastAPI para producción
logger.info("Iniciando Veureu Compliance Service como API")
# uvicorn.run(app, host="0.0.0.0", port=7860)