atlas-chat 0.1.0__py3-none-any.whl

atlas/routes/feedback_routes.py

@@ -0,0 +1,361 @@
+"""Feedback routes for user feedback collection and management.
+
+This module provides endpoints for:
+- Submitting user feedback with ratings and comments
+- Admin viewing of collected feedback data
+- Downloading feedback data as CSV or JSON
+"""
+
+import csv
+import io
+import json
+import logging
+import uuid
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, Literal
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Request
+from fastapi.responses import StreamingResponse
+from pydantic import BaseModel
+
+from atlas.core.auth import is_user_in_group
+from atlas.core.log_sanitizer import get_current_user, sanitize_for_logging
+from atlas.infrastructure.app_factory import app_factory
+
+logger = logging.getLogger(__name__)
+
+# Feedback router
+feedback_router = APIRouter(prefix="/api", tags=["feedback"])
+
+
+class FeedbackData(BaseModel):
+    """Model for user feedback submission."""
+    rating: int  # -1, 0, or 1
+    comment: str = ""
+    session: dict = {}
+
+
+class FeedbackResponse(BaseModel):
+    """Model for feedback list responses."""
+    id: str
+    timestamp: str
+    user: str
+    rating: int
+    comment: str
+    session_info: dict
+    server_context: dict
+
+
+def get_feedback_directory() -> Path:
+    """Get the feedback storage directory."""
+    from atlas.modules.config import config_manager
+    base = Path(config_manager.app_settings.runtime_feedback_dir)
+    base.mkdir(parents=True, exist_ok=True)
+    return base
+
+
+async def require_admin_for_feedback(current_user: str = Depends(get_current_user)) -> str:
+    """Dependency to require admin group membership for feedback viewing."""
+    config_manager = app_factory.get_config_manager()
+    admin_group = config_manager.app_settings.admin_group
+    if not await is_user_in_group(current_user, admin_group):
+        raise HTTPException(
+            status_code=403,
+            detail=f"Admin access required to view feedback. User must be in '{admin_group}' group."
+        )
+    return current_user
+
+
+@feedback_router.post("/feedback")
+async def submit_feedback(
+    feedback: FeedbackData,
+    request: Request,
+    current_user: str = Depends(get_current_user)
+):
+    """Submit user feedback and save it as a JSON file."""
+    try:
+        # Validate rating
+        if feedback.rating not in [-1, 0, 1]:
+            raise HTTPException(status_code=400, detail="Rating must be -1, 0, or 1")
+
+        # Get feedback directory
+        feedback_dir = get_feedback_directory()
+
+        # Generate unique filename with timestamp
+        timestamp = datetime.now().isoformat().replace(":", "-").replace(".", "-")
+        feedback_id = str(uuid.uuid4())[:8]
+        filename = f"feedback_{timestamp}_{feedback_id}.json"
+
+        # Prepare feedback data with additional context
+        feedback_data = {
+            "id": feedback_id,
+            "timestamp": datetime.now().isoformat(),
+            "user": current_user,
+            "rating": feedback.rating,
+            "comment": feedback.comment.strip(),
+            "session_info": feedback.session,
+            "server_context": {
+                "user_agent": request.headers.get("user-agent", ""),
+                "client_host": request.client.host if request.client else "unknown",
+                "forwarded_for": request.headers.get("x-forwarded-for", ""),
+                "referer": request.headers.get("referer", "")
+            }
+        }
+
+        # Save feedback to JSON file
+        feedback_file = feedback_dir / filename
+        with open(feedback_file, 'w', encoding='utf-8') as f:
+            json.dump(feedback_data, f, indent=2, ensure_ascii=False)
+
+        rating_label = {1: "positive", 0: "neutral", -1: "negative"}.get(feedback.rating, "unknown")
+        safe_current_user = sanitize_for_logging(current_user)
+        logger.info(
+            "Feedback submitted",
+            extra={
+                "user": safe_current_user,
+                "rating": rating_label,
+                "id": feedback_id,
+                "file": str(feedback_file)
+            }
+        )
+
+        return {
+            "message": "Feedback submitted successfully",
+            "feedback_id": feedback_id,
+            "timestamp": feedback_data["timestamp"]
+        }
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error saving feedback: {e}", exc_info=True)
+        raise HTTPException(status_code=500, detail="Failed to save feedback")
+
+
+@feedback_router.get("/feedback")
+async def get_all_feedback(
+    limit: int = 50,
+    offset: int = 0,
+    admin_user: str = Depends(require_admin_for_feedback)
+) -> Dict[str, Any]:
+    """Get all submitted feedback (admin only)."""
+    try:
+        feedback_dir = get_feedback_directory()
+
+        # Get all feedback files, sorted by creation time (newest first)
+        feedback_files = sorted(
+            feedback_dir.glob("feedback_*.json"),
+            key=lambda x: x.stat().st_mtime,
+            reverse=True
+        )
+
+        # Apply pagination
+        total_count = len(feedback_files)
+        paginated_files = feedback_files[offset:offset + limit]
+
+        # Read and parse feedback files
+        feedback_list = []
+        for feedback_file in paginated_files:
+            try:
+                with open(feedback_file, 'r', encoding='utf-8') as f:
+                    feedback_data = json.load(f)
+                    feedback_list.append(feedback_data)
+            except Exception as e:
+                logger.error(f"Error reading feedback file {feedback_file}: {e}")
+                continue
+
+        # Calculate rating statistics
+        ratings = [fb["rating"] for fb in feedback_list if "rating" in fb]
+        rating_stats = {
+            "positive": sum(1 for r in ratings if r == 1),
+            "neutral": sum(1 for r in ratings if r == 0),
+            "negative": sum(1 for r in ratings if r == -1),
+            "total": len(ratings),
+            "average": sum(ratings) / len(ratings) if ratings else 0
+        }
+
+        return {
+            "feedback": feedback_list,
+            "pagination": {
+                "total": total_count,
+                "limit": limit,
+                "offset": offset,
+                "has_more": offset + limit < total_count
+            },
+            "statistics": rating_stats,
+            "retrieved_by": admin_user
+        }
+
+    except Exception as e:
+        logger.error(f"Error retrieving feedback: {e}", exc_info=True)
+        raise HTTPException(status_code=500, detail="Failed to retrieve feedback")
+
+
+@feedback_router.get("/feedback/stats")
+async def get_feedback_stats(
+    admin_user: str = Depends(require_admin_for_feedback)
+) -> Dict[str, Any]:
+    """Get feedback statistics summary (admin only)."""
+    try:
+        feedback_dir = get_feedback_directory()
+        feedback_files = list(feedback_dir.glob("feedback_*.json"))
+
+        if not feedback_files:
+            return {
+                "total_feedback": 0,
+                "rating_distribution": {"positive": 0, "neutral": 0, "negative": 0},
+                "average_rating": 0,
+                "recent_feedback": 0
+            }
+
+        # Read all feedback files
+        all_feedback = []
+        recent_count = 0
+        now = datetime.now()
+
+        for feedback_file in feedback_files:
+            try:
+                with open(feedback_file, 'r', encoding='utf-8') as f:
+                    feedback_data = json.load(f)
+                    all_feedback.append(feedback_data)
+
+                    # Count recent feedback (last 24 hours)
+                    if "timestamp" in feedback_data:
+                        feedback_time = datetime.fromisoformat(feedback_data["timestamp"].replace("Z", "+00:00"))
+                        if (now - feedback_time).total_seconds() < 86400:  # 24 hours
+                            recent_count += 1
+
+            except Exception as e:
+                logger.error(f"Error reading feedback file {feedback_file}: {e}")
+                continue
+
+        # Calculate statistics
+        ratings = [fb["rating"] for fb in all_feedback if "rating" in fb]
+        rating_distribution = {
+            "positive": sum(1 for r in ratings if r == 1),
+            "neutral": sum(1 for r in ratings if r == 0),
+            "negative": sum(1 for r in ratings if r == -1)
+        }
+
+        return {
+            "total_feedback": len(all_feedback),
+            "rating_distribution": rating_distribution,
+            "average_rating": sum(ratings) / len(ratings) if ratings else 0,
+            "recent_feedback": recent_count,
+            "feedback_with_comments": sum(1 for fb in all_feedback if fb.get("comment", "").strip()),
+            "unique_users": len(set(fb.get("user", "unknown") for fb in all_feedback)),
+            "retrieved_by": admin_user
+        }
+
+    except Exception as e:
+        logger.error(f"Error calculating feedback stats: {e}", exc_info=True)
+        raise HTTPException(status_code=500, detail="Failed to calculate feedback statistics")
+
+
+@feedback_router.delete("/feedback/{feedback_id}")
+async def delete_feedback(
+    feedback_id: str,
+    admin_user: str = Depends(require_admin_for_feedback)
+):
+    """Delete a specific feedback entry (admin only)."""
+    try:
+        feedback_dir = get_feedback_directory()
+
+        # Find the feedback file by ID
+        feedback_file = None
+        for file_path in feedback_dir.glob("feedback_*.json"):
+            try:
+                with open(file_path, 'r', encoding='utf-8') as f:
+                    data = json.load(f)
+                    if data.get("id") == feedback_id:
+                        feedback_file = file_path
+                        break
+            except Exception:
+                continue
+
+        if not feedback_file:
+            raise HTTPException(status_code=404, detail="Feedback not found")
+
+        # Delete the file
+        feedback_file.unlink()
+        safe_feedback_id = sanitize_for_logging(feedback_id)
+        safe_admin_user = sanitize_for_logging(admin_user)
+        logger.info(
+            "Feedback deleted feedback_id=%s deleted_by=%s",
+            safe_feedback_id,
+            safe_admin_user,
+        )
+
+        return {
+            "message": "Feedback deleted successfully",
+            "feedback_id": feedback_id,
+            "deleted_by": admin_user
+        }
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error deleting feedback: {e}", exc_info=True)
+        raise HTTPException(status_code=500, detail="Failed to delete feedback")
+
+
+@feedback_router.get("/feedback/download")
+async def download_feedback(
+    format: Literal["csv", "json"] = Query(default="csv", description="Download format"),
+    admin_user: str = Depends(require_admin_for_feedback)
+) -> StreamingResponse:
+    """Download all feedback data as CSV or JSON (admin only)."""
+    try:
+        feedback_dir = get_feedback_directory()
+
+        feedback_files = sorted(
+            feedback_dir.glob("feedback_*.json"),
+            key=lambda x: x.stat().st_mtime,
+            reverse=True
+        )
+
+        all_feedback = []
+        for feedback_file in feedback_files:
+            try:
+                with open(feedback_file, 'r', encoding='utf-8') as f:
+                    feedback_data = json.load(f)
+                    all_feedback.append(feedback_data)
+            except Exception as e:
+                logger.error(f"Error reading feedback file {feedback_file}: {e}")
+                continue
+
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+
+        if format == "json":
+            content = json.dumps(all_feedback, indent=2, ensure_ascii=False)
+            filename = f"feedback_export_{timestamp}.json"
+            media_type = "application/json"
+        else:
+            output = io.StringIO()
+            fieldnames = ["id", "timestamp", "user", "rating", "comment"]
+            writer = csv.DictWriter(output, fieldnames=fieldnames, extrasaction='ignore')
+            writer.writeheader()
+            for fb in all_feedback:
+                writer.writerow({
+                    "id": fb.get("id", ""),
+                    "timestamp": fb.get("timestamp", ""),
+                    "user": fb.get("user", ""),
+                    "rating": fb.get("rating", ""),
+                    "comment": fb.get("comment", "")
+                })
+            content = output.getvalue()
+            filename = f"feedback_export_{timestamp}.csv"
+            media_type = "text/csv"
+
+        logger.info(f"Feedback downloaded by {sanitize_for_logging(admin_user)} as {format}")
+
+        return StreamingResponse(
+            iter([content]),
+            media_type=media_type,
+            headers={"Content-Disposition": f"attachment; filename={filename}"}
+        )
+
+    except Exception as e:
+        logger.error(f"Error downloading feedback: {e}", exc_info=True)
+        raise HTTPException(status_code=500, detail="Failed to download feedback")

atlas/routes/files_routes.py

@@ -0,0 +1,274 @@
+"""
+Files API routes for S3 file management.
+
+Provides REST API endpoints for file operations including upload, download,
+list, delete, and user statistics. Integrates with S3 storage backend.
+"""
+
+import base64
+import logging
+import re
+from typing import Any, Dict, List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Response
+from pydantic import BaseModel, Field
+
+from atlas.core.capabilities import verify_file_token
+from atlas.core.log_sanitizer import get_current_user
+from atlas.core.metrics_logger import log_metric
+from atlas.infrastructure.app_factory import app_factory
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api", tags=["files"])
+
+
+class FileUploadRequest(BaseModel):
+    filename: str
+    content_base64: str
+    content_type: Optional[str] = "application/octet-stream"
+    tags: Optional[Dict[str, str]] = Field(default_factory=dict)
+
+
+class FileResponse(BaseModel):
+    key: str
+    filename: str
+    size: int
+    content_type: str
+    last_modified: str
+    etag: str
+    tags: Dict[str, str]
+    user_email: str
+
+
+class FileContentResponse(BaseModel):
+    key: str
+    filename: str
+    content_base64: str
+    content_type: str
+    size: int
+    last_modified: str
+    etag: str
+    tags: Dict[str, str]
+
+
+@router.get("/files/healthz")
+async def files_health_check():
+    """Health check for files service.
+
+    Note: Declared before the dynamic /files/{file_key} route to avoid path capture.
+    """
+    s3_client = app_factory.get_file_storage()
+    return {
+        "status": "healthy",
+        "service": "files-api",
+        "s3_config": {
+            "endpoint": s3_client.endpoint_url if hasattr(s3_client, 'endpoint_url') else "unknown",
+            "bucket": s3_client.bucket_name if hasattr(s3_client, 'bucket_name') else "unknown"
+        }
+    }
+
+
+@router.post("/files", response_model=FileResponse)
+async def upload_file(
+    request: FileUploadRequest,
+    current_user: str = Depends(get_current_user)
+) -> FileResponse:
+    """Upload a file to S3 storage."""
+    # Validate base64 content size (configurable limit to prevent abuse)
+    try:
+        content_size = len(request.content_base64) * 3 // 4  # approximate decoded size
+    except Exception:
+        raise HTTPException(status_code=400, detail="Invalid base64 content")
+
+    max_size = 250 * 1024 * 1024  # 250MB default (configurable)
+    if content_size > max_size:
+        raise HTTPException(status_code=413, detail=f"File too large. Maximum size is {max_size // (1024*1024)}MB")
+
+    try:
+        s3_client = app_factory.get_file_storage()
+        result = await s3_client.upload_file(
+            user_email=current_user,
+            filename=request.filename,
+            content_base64=request.content_base64,
+            content_type=request.content_type,
+            tags=request.tags,
+            source_type=request.tags.get("source", "user") if request.tags else "user"
+        )
+
+        log_metric("file_upload", current_user, file_size=content_size, content_type=request.content_type)
+
+        return FileResponse(**result)
+
+    except Exception as e:
+        logger.error(f"Error uploading file: {str(e)}")
+
+        log_metric("error", current_user, error_type="file_upload_failed")
+
+        raise HTTPException(status_code=500, detail=f"Upload failed: {str(e)}")
+
+
+@router.get("/files/{file_key}", response_model=FileContentResponse)
+async def get_file(
+    file_key: str,
+    current_user: str = Depends(get_current_user)
+) -> FileContentResponse:
+    """Get a file from S3 storage."""
+    try:
+        s3_client = app_factory.get_file_storage()
+        result = await s3_client.get_file(current_user, file_key)
+
+        if not result:
+            raise HTTPException(status_code=404, detail="File not found")
+
+        return FileContentResponse(**result)
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error getting file: {str(e)}")
+        if "Access denied" in str(e):
+            raise HTTPException(status_code=403, detail="Access denied")
+        raise HTTPException(status_code=500, detail=f"Failed to get file: {str(e)}")
+
+
+@router.get("/files", response_model=List[FileResponse])
+async def list_files(
+    current_user: str = Depends(get_current_user),
+    file_type: Optional[str] = None,
+    limit: int = 100
+) -> List[FileResponse]:
+    """List files for the current user."""
+    try:
+        s3_client = app_factory.get_file_storage()
+        result = await s3_client.list_files(
+            user_email=current_user,
+            file_type=file_type,
+            limit=limit
+        )
+
+        # Convert any datetime objects to ISO format strings for pydantic validation
+        processed_files = []
+        for file_data in result:
+            processed_file = file_data.copy()
+            if not isinstance(processed_file.get('last_modified'), str):
+                # Convert datetime to ISO format string if it's not already a string
+                try:
+                    processed_file['last_modified'] = processed_file['last_modified'].isoformat()
+                except AttributeError:
+                    # If it's not a datetime object, convert to string
+                    processed_file['last_modified'] = str(processed_file['last_modified'])
+            processed_files.append(processed_file)
+
+        return [FileResponse(**file_data) for file_data in processed_files]
+
+    except Exception as e:
+        logger.error(f"Error listing files: {str(e)}")
+        raise HTTPException(status_code=500, detail=f"Failed to list files: {str(e)}")
+
+
+@router.delete("/files/{file_key}")
+async def delete_file(
+    file_key: str,
+    current_user: str = Depends(get_current_user)
+) -> Dict[str, str]:
+    """Delete a file from S3 storage."""
+    try:
+        s3_client = app_factory.get_file_storage()
+        success = await s3_client.delete_file(current_user, file_key)
+
+        if not success:
+            raise HTTPException(status_code=404, detail="File not found")
+
+        return {"message": "File deleted successfully", "key": file_key}
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error deleting file: {str(e)}")
+        if "Access denied" in str(e):
+            raise HTTPException(status_code=403, detail="Access denied")
+        raise HTTPException(status_code=500, detail=f"Failed to delete file: {str(e)}")
+
+
+@router.get("/users/{user_email}/files/stats")
+async def get_user_file_stats(
+    user_email: str,
+    current_user: str = Depends(get_current_user)
+) -> Dict[str, Any]:
+    """Get file statistics for a user."""
+    # Users can only see their own stats
+    if current_user != user_email:
+        raise HTTPException(status_code=403, detail="Access denied")
+
+    try:
+        s3_client = app_factory.get_file_storage()
+        result = await s3_client.get_user_stats(current_user)
+        return result
+
+    except Exception as e:
+        logger.error(f"Error getting user stats: {str(e)}")
+        raise HTTPException(status_code=500, detail=f"Failed to get stats: {str(e)}")
+
+
+@router.get("/files/download/{file_key:path}")
+async def download_file(
+    file_key: str,
+    token: str | None = Query(default=None, description="Capability token for headless access"),
+    current_user: str = Depends(get_current_user)
+):
+    """Download a file by key as raw bytes.
+
+    Returns a binary response with appropriate content type and filename.
+    This endpoint is used by the frontend CanvasPanel and can also be used by tools.
+    """
+    try:
+        s3_client = app_factory.get_file_storage()
+
+        # If token provided, validate and override current_user
+        if token:
+            claims = verify_file_token(token)
+            if not claims or claims.get("k") != file_key:
+                raise HTTPException(status_code=403, detail="Invalid token")
+            current_user = claims.get("u") or current_user
+
+        result = await s3_client.get_file(current_user, file_key)
+        if not result:
+            raise HTTPException(status_code=404, detail="File not found")
+
+        try:
+            raw = base64.b64decode(result["content_base64"]) if result.get("content_base64") else b""
+        except Exception:
+            raise HTTPException(status_code=500, detail="Corrupted file content")
+
+        # Sanitize filename for header safety
+        fn = result.get('filename', 'download') or 'download'
+        # Remove control characters and dangerous bytes
+        fn = re.sub(r"[\r\n\t\x00-\x1f\x7f]", "_", fn)
+        # Keep it reasonably short
+        if len(fn) > 150:
+            fn = fn[:150]
+
+        content_type = result.get("content_type", "application/octet-stream") or "application/octet-stream"
+
+        # Default to attachment to reduce XSS risk; allow inline only for a small allowlist
+        inline_allow = (
+            content_type.startswith("image/")
+            or content_type.startswith("text/plain")
+            or content_type in ("application/pdf",)
+        )
+        disposition = "inline" if inline_allow else "attachment"
+
+        headers = {
+            "Content-Disposition": f"{disposition}; filename=\"{fn}\"",
+            "X-Content-Type-Options": "nosniff",
+        }
+
+        return Response(content=raw, media_type=content_type, headers=headers)
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error downloading file: {str(e)}")
+        if "Access denied" in str(e):
+            raise HTTPException(status_code=403, detail="Access denied")
+        raise HTTPException(status_code=500, detail=f"Failed to download file: {str(e)}")

atlas/routes/health_routes.py

@@ -0,0 +1,40 @@
+"""Health check routes for service monitoring and load balancing.
+
+Provides simple health check endpoint for monitoring tools, orchestrators,
+and load balancers to verify service availability.
+"""
+
+import logging
+from datetime import datetime, timezone
+from typing import Any, Dict
+
+from fastapi import APIRouter
+
+from atlas.version import VERSION
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api", tags=["health"])
+
+
+@router.get("/health")
+async def health_check() -> Dict[str, Any]:
+    """Health check endpoint for service monitoring.
+
+    Returns basic service status information. This endpoint does not require
+    authentication and is intended for use by load balancers, monitoring
+    systems, and orchestration platforms.
+
+    Returns:
+        Dictionary containing:
+        - status: Service health status ("healthy")
+        - service: Service name
+        - version: Service version
+        - timestamp: Current UTC timestamp in ISO-8601 format
+    """
+    return {
+        "status": "healthy",
+        "service": "atlas-ui-3-backend",
+        "version": VERSION,
+        "timestamp": datetime.now(timezone.utc).isoformat()
+    }