aavaaz 0.9.0__py3-none-any.whl

aavaaz/__init__.py

@@ -0,0 +1,3 @@
+"""Aavaaz — production-grade speech-to-text platform."""
+
+__version__ = "0.9.0"

aavaaz/api/__init__.py

@@ -0,0 +1 @@
+"""Aavaaz extended API modules."""

aavaaz/api/auth.py

@@ -0,0 +1,72 @@
+"""
+JWT-based authentication and API key access control for Aavaaz REST API.
+"""
+
+import logging
+import os
+import time
+
+import jwt
+from fastapi import HTTPException, Request, Security
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+logger = logging.getLogger(__name__)
+
+_security = HTTPBearer(auto_error=False)
+
+# Default secret — MUST be overridden via AAVAAZ_JWT_SECRET env var
+_JWT_SECRET = os.environ.get("AAVAAZ_JWT_SECRET", "")
+_JWT_ALGORITHM = "HS256"
+_API_KEYS: set[str] = set()
+
+
+def configure_auth(jwt_secret: str, api_keys: list[str] | None = None):
+    """Configure authentication settings."""
+    global _JWT_SECRET, _API_KEYS
+    _JWT_SECRET = jwt_secret
+    if api_keys:
+        _API_KEYS = set(api_keys)
+
+
+def create_token(subject: str, expires_in: int = 3600, **claims) -> str:
+    """Create a signed JWT token."""
+    if not _JWT_SECRET:
+        raise ValueError("JWT secret not configured — set AAVAAZ_JWT_SECRET")
+    payload = {
+        "sub": subject,
+        "iat": int(time.time()),
+        "exp": int(time.time()) + expires_in,
+        **claims,
+    }
+    return jwt.encode(payload, _JWT_SECRET, algorithm=_JWT_ALGORITHM)
+
+
+def verify_token(token: str) -> dict:
+    """Verify and decode a JWT token."""
+    if not _JWT_SECRET:
+        raise ValueError("JWT secret not configured")
+    return jwt.decode(token, _JWT_SECRET, algorithms=[_JWT_ALGORITHM])
+
+
+async def require_auth(
+    request: Request,
+    credentials: HTTPAuthorizationCredentials | None = Security(_security),
+) -> dict:
+    """FastAPI dependency that requires valid authentication.
+
+    Supports both JWT bearer tokens and API keys (via X-API-Key header).
+    """
+    # Check API key header first
+    api_key = request.headers.get("X-API-Key")
+    if api_key and api_key in _API_KEYS:
+        return {"sub": "api_key", "key": api_key}
+
+    if credentials is None:
+        raise HTTPException(status_code=401, detail="Authentication required")
+
+    try:
+        return verify_token(credentials.credentials)
+    except jwt.ExpiredSignatureError:
+        raise HTTPException(status_code=401, detail="Token expired")
+    except jwt.InvalidTokenError:
+        raise HTTPException(status_code=401, detail="Invalid token")

aavaaz/api/dynamo_store.py

@@ -0,0 +1,237 @@
+"""
+DynamoDB-backed data store for Aavaaz SaaS.
+
+Drop-in replacement for the in-memory store in api/saas.py.
+Uses AWS DynamoDB for persistence — fits within free tier for early usage.
+
+Tables:
+  - aavaaz-api-keys-{env}: API key storage (GSI on key_hash for auth lookups)
+  - aavaaz-usage-{env}: Daily usage records per user
+  - aavaaz-subscriptions-{env}: User subscription state
+  - aavaaz-transcripts-{env}: Transcript job history
+"""
+
+import contextlib
+import hashlib
+import logging
+import os
+import secrets
+import uuid
+from datetime import UTC, datetime
+
+import boto3
+from boto3.dynamodb.conditions import Key
+
+logger = logging.getLogger(__name__)
+
+ENV = os.environ.get("AAVAAZ_ENVIRONMENT", "prod")
+REGION = os.environ.get("AWS_REGION", "us-east-1")
+
+_dynamodb = boto3.resource("dynamodb", region_name=REGION)
+
+_table_api_keys = _dynamodb.Table(f"aavaaz-api-keys-{ENV}")
+_table_usage = _dynamodb.Table(f"aavaaz-usage-{ENV}")
+_table_subscriptions = _dynamodb.Table(f"aavaaz-subscriptions-{ENV}")
+_table_transcripts = _dynamodb.Table(f"aavaaz-transcripts-{ENV}")
+
+
+# ─── API Keys ────────────────────────────────────────────────────────────────
+
+
+def create_api_key(user_id: str, name: str) -> tuple[dict, str]:
+    """Create a new API key. Returns (key_metadata, raw_secret)."""
+    raw_key = f"aavaaz_{secrets.token_urlsafe(32)}"
+    key_hash = hashlib.sha256(raw_key.encode()).hexdigest()
+    key_id = str(uuid.uuid4())
+    now = datetime.now(UTC).isoformat()
+
+    item = {
+        "user_id": user_id,
+        "key_id": key_id,
+        "name": name,
+        "key_hash": key_hash,
+        "prefix": raw_key[:12],
+        "created_at": now,
+        "last_used": None,
+        "expires_at": None,
+    }
+
+    _table_api_keys.put_item(Item=item)
+
+    metadata = {
+        "id": key_id,
+        "name": name,
+        "prefix": raw_key[:12],
+        "created_at": now,
+        "last_used": None,
+        "expires_at": None,
+    }
+    return metadata, raw_key
+
+
+def list_api_keys(user_id: str) -> list[dict]:
+    """List all API keys for a user."""
+    response = _table_api_keys.query(KeyConditionExpression=Key("user_id").eq(user_id))
+    return [
+        {
+            "id": item["key_id"],
+            "name": item["name"],
+            "prefix": item["prefix"],
+            "created_at": item["created_at"],
+            "last_used": item.get("last_used"),
+            "expires_at": item.get("expires_at"),
+        }
+        for item in response.get("Items", [])
+    ]
+
+
+def revoke_api_key(user_id: str, key_id: str) -> bool:
+    """Revoke (delete) an API key. Returns True if found and deleted."""
+    try:
+        _table_api_keys.delete_item(
+            Key={"user_id": user_id, "key_id": key_id},
+            ConditionExpression="attribute_exists(user_id)",
+        )
+        return True
+    except _dynamodb.meta.client.exceptions.ConditionalCheckFailedException:
+        return False
+
+
+def validate_api_key(raw_key: str) -> str | None:
+    """Validate an API key and return user_id, or None if invalid."""
+    key_hash = hashlib.sha256(raw_key.encode()).hexdigest()
+
+    response = _table_api_keys.query(
+        IndexName="key-hash-index",
+        KeyConditionExpression=Key("key_hash").eq(key_hash),
+    )
+
+    items = response.get("Items", [])
+    if not items:
+        return None
+
+    item = items[0]
+
+    # Update last_used timestamp (fire and forget)
+    with contextlib.suppress(Exception):
+        _table_api_keys.update_item(
+            Key={"user_id": item["user_id"], "key_id": item["key_id"]},
+            UpdateExpression="SET last_used = :now",
+            ExpressionAttributeValues={":now": datetime.now(UTC).isoformat()},
+        )
+
+    return item["user_id"]
+
+
+# ─── Usage Tracking ──────────────────────────────────────────────────────────
+
+
+def record_usage(user_id: str, audio_minutes: float):
+    """Record usage for the current day. Atomic increment."""
+    today = datetime.now(UTC).strftime("%Y-%m-%d")
+
+    _table_usage.update_item(
+        Key={"user_id": user_id, "date": today},
+        UpdateExpression="ADD audio_minutes :mins, requests :one",
+        ExpressionAttributeValues={
+            ":mins": round(audio_minutes, 4),
+            ":one": 1,
+        },
+    )
+
+
+def get_usage(user_id: str, days: int = 30) -> list[dict]:
+    """Get daily usage records for a user (last N days)."""
+    from datetime import timedelta
+
+    start_date = (datetime.now(UTC) - timedelta(days=days)).strftime("%Y-%m-%d")
+
+    response = _table_usage.query(
+        KeyConditionExpression=Key("user_id").eq(user_id) & Key("date").gte(start_date),
+        ScanIndexForward=True,
+    )
+
+    return [
+        {
+            "date": item["date"],
+            "audio_minutes": float(item.get("audio_minutes", 0)),
+            "requests": int(item.get("requests", 0)),
+        }
+        for item in response.get("Items", [])
+    ]
+
+
+# ─── Subscriptions ───────────────────────────────────────────────────────────
+
+
+def get_subscription(user_id: str) -> dict:
+    """Get subscription info for a user."""
+    response = _table_subscriptions.get_item(Key={"user_id": user_id})
+    item = response.get("Item")
+
+    if not item:
+        return {
+            "user_id": user_id,
+            "plan": "free",
+            "status": "active",
+            "stripe_customer_id": "",
+            "stripe_subscription_id": "",
+            "current_period_end": "",
+            "cancel_at_period_end": False,
+        }
+
+    return item
+
+
+def update_subscription(user_id: str, updates: dict):
+    """Update subscription fields."""
+    expressions = []
+    values = {}
+    for key, value in updates.items():
+        expressions.append(f"{key} = :{key}")
+        values[f":{key}"] = value
+
+    _table_subscriptions.update_item(
+        Key={"user_id": user_id},
+        UpdateExpression="SET " + ", ".join(expressions),
+        ExpressionAttributeValues=values,
+    )
+
+
+def find_user_by_stripe_customer(stripe_customer_id: str) -> str | None:
+    """Find user_id by Stripe customer ID."""
+    response = _table_subscriptions.query(
+        IndexName="stripe-customer-index",
+        KeyConditionExpression=Key("stripe_customer_id").eq(stripe_customer_id),
+    )
+    items = response.get("Items", [])
+    return items[0]["user_id"] if items else None
+
+
+# ─── Transcripts ─────────────────────────────────────────────────────────────
+
+
+def save_transcript(user_id: str, job: dict):
+    """Save a transcript job record."""
+    job["user_id"] = user_id
+    if "created_at" not in job:
+        job["created_at"] = datetime.now(UTC).isoformat()
+    _table_transcripts.put_item(Item=job)
+
+
+def list_transcripts(user_id: str, limit: int = 50) -> list[dict]:
+    """List recent transcript jobs for a user."""
+    response = _table_transcripts.query(
+        KeyConditionExpression=Key("user_id").eq(user_id),
+        ScanIndexForward=False,
+        Limit=limit,
+    )
+    return response.get("Items", [])
+
+
+def get_transcript(user_id: str, created_at: str) -> dict | None:
+    """Get a specific transcript by user_id and created_at."""
+    response = _table_transcripts.get_item(
+        Key={"user_id": user_id, "created_at": created_at}
+    )
+    return response.get("Item")

aavaaz/api/metrics.py

@@ -0,0 +1,41 @@
+"""
+Prometheus metrics endpoint for Aavaaz.
+
+Wraps WhisperLive's metrics module and adds Aavaaz-specific metrics.
+"""
+
+from fastapi import APIRouter
+from fastapi.responses import Response
+from prometheus_client import Counter, Gauge, Histogram, generate_latest
+
+router = APIRouter()
+
+# Aavaaz-level metrics
+TRANSCRIPTION_REQUESTS = Counter(
+    "aavaaz_transcription_requests_total",
+    "Total transcription requests",
+    ["method", "status"],
+)
+TRANSCRIPTION_DURATION = Histogram(
+    "aavaaz_transcription_duration_seconds",
+    "Time spent transcribing audio",
+    buckets=[0.1, 0.5, 1, 2, 5, 10, 30, 60, 120],
+)
+ACTIVE_CONNECTIONS = Gauge(
+    "aavaaz_active_websocket_connections",
+    "Currently active WebSocket connections",
+)
+PLUGIN_ERRORS = Counter(
+    "aavaaz_plugin_errors_total",
+    "Plugin processing errors",
+    ["plugin_name"],
+)
+
+
+@router.get("/metrics")
+async def metrics():
+    """Prometheus metrics endpoint."""
+    return Response(
+        content=generate_latest(),
+        media_type="text/plain; version=0.0.4; charset=utf-8",
+    )