# Execute Python Code Endpoint

## 1. Overview

The `/v1/code/execute/python` endpoint allows users to execute Python code on the server. This endpoint is part of the version 1.0 API structure defined in `app.py`. It is designed to provide a secure and controlled environment for executing Python code, with features like input validation, output capturing, and timeout handling.

## 2. Endpoint

**URL Path:** `/v1/code/execute/python`
**HTTP Method:** `POST`

## 3. Request

### Headers

- `x-api-key` (required): The API key for authentication.

### Body Parameters

The request body must be a JSON object with the following properties:

- `code` (string, required): The Python code to be executed.
- `timeout` (integer, optional): The maximum execution time in seconds, between 1 and 300. Default is 30 seconds.
- `webhook_url` (string, optional): The URL to receive the execution result via a webhook.
- `id` (string, optional): A unique identifier for the request.

The `validate_payload` directive in the routes file enforces the following JSON schema for the request body:

```json
{
    "type": "object",
    "properties": {
        "code": {"type": "string"},
        "timeout": {"type": "integer", "minimum": 1, "maximum": 300},
        "webhook_url": {"type": "string", "format": "uri"},
        "id": {"type": "string"}
    },
    "required": ["code"],
    "additionalProperties": False
}
```

### Example Request

**Request Payload:**

```json
{
    "code": "print('Hello, World!')",
    "timeout": 10,
    "webhook_url": "https://example.com/webhook",
    "id": "unique-request-id"
}
```

**cURL Command:**

```bash
curl -X POST \
     -H "x-api-key: YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{"code": "print('Hello, World!')", "timeout": 10, "webhook_url": "https://example.com/webhook", "id": "unique-request-id"}' \
     http://your-api-endpoint/v1/code/execute/python
```

## 4. Response

### Success Response

The success response follows the general response format defined in `app.py`. Here's an example:

```json
{
    "endpoint": "/v1/code/execute/python",
    "code": 200,
    "id": "unique-request-id",
    "job_id": "generated-job-id",
    "response": {
        "result": null,
        "stdout": "Hello, World!\n",
        "stderr": "",
        "exit_code": 0
    },
    "message": "success",
    "pid": 12345,
    "queue_id": 1234567890,
    "run_time": 0.123,
    "queue_time": 0.0,
    "total_time": 0.123,
    "queue_length": 0,
    "build_number": "1.0.0"
}
```

### Error Responses

#### Missing or Invalid Parameters

**Status Code:** 400 Bad Request

```json
{
    "error": "Missing or invalid parameters",
    "stdout": "",
    "exit_code": 400
}
```

#### Execution Error

**Status Code:** 400 Bad Request

```json
{
    "error": "Error message from the executed code",
    "stdout": "Output from the executed code",
    "exit_code": 400
}
```

#### Execution Timeout

**Status Code:** 408 Request Timeout

```json
{
    "error": "Execution timed out after 10 seconds"
}
```

#### Internal Server Error

**Status Code:** 500 Internal Server Error

```json
{
    "error": "An internal server error occurred",
    "stdout": "",
    "stderr": "",
    "exit_code": 500
}
```

## 5. Error Handling

The endpoint handles various types of errors, including:

- Missing or invalid parameters (400 Bad Request)
- Execution errors, such as syntax errors or exceptions (400 Bad Request)
- Execution timeout (408 Request Timeout)
- Internal server errors (500 Internal Server Error)

The main application context (`app.py`) also includes error handling for queue overload (429 Too Many Requests) and other general errors.

## 6. Usage Notes

- The executed code runs in a sandboxed environment, with limited access to system resources.
- The code execution is limited to a maximum of 300 seconds (5 minutes) by default, but this can be adjusted using the `timeout` parameter.
- The execution result, including stdout, stderr, and the return value, is captured and returned in the response.
- If a `webhook_url` is provided, the execution result will also be sent to the specified webhook.

## 7. Common Issues

- Attempting to execute code that accesses restricted resources or performs disallowed operations may result in an execution error.
- Long-running or resource-intensive code may trigger the execution timeout.
- Providing an invalid `webhook_url` will prevent the execution result from being delivered to the specified webhook.

## 8. Best Practices

- Always validate and sanitize user input to prevent code injection attacks.
- Set an appropriate timeout value based on the expected execution time of the code.
- Monitor the execution logs for any errors or unexpected behavior.
- Implement rate limiting or queue management to prevent abuse or overload of the endpoint.
- Consider implementing additional security measures, such as code sandboxing or whitelisting/blacklisting certain operations or modules.