compair-core 0.3.10__py3-none-any.whl → 0.3.11__py3-none-any.whl

compair_core/api.py

@@ -59,6 +59,112 @@ GA4_MEASUREMENT_ID = os.getenv("GA4_MEASUREMENT_ID")
 GA4_API_SECRET = os.getenv("GA4_API_SECRET")
 
 IS_CLOUD = os.getenv("COMPAIR_EDITION", "core").lower() == "cloud"
+SINGLE_USER_SESSION_TTL = timedelta(days=365)
+
+
+def _ensure_single_user(session: Session, settings: Settings) -> models.User:
+    """Create or fetch the singleton user used when authentication is disabled."""
+    changed = False
+    user = (
+        session.query(models.User)
+        .options(joinedload(models.User.groups))
+        .filter(models.User.username == settings.single_user_username)
+        .first()
+    )
+    if user is None:
+        now = datetime.now(timezone.utc)
+        user = models.User(
+            username=settings.single_user_username,
+            name=settings.single_user_name,
+            datetime_registered=now,
+            verification_token=None,
+            token_expiration=None,
+        )
+        user.set_password(secrets.token_urlsafe(16))
+        user.status = "active"
+        user.status_change_date = now
+        session.add(user)
+        session.flush()
+        admin = models.Administrator(user_id=user.user_id)
+        group = models.Group(
+            name=user.username,
+            datetime_created=now,
+            group_image=None,
+            category="Private",
+            description=f"Private workspace for {settings.single_user_name}",
+            visibility="private",
+        )
+        group.admins.append(admin)
+        user.groups = [group]
+        session.add_all([group, admin])
+        changed = True
+    else:
+        now = datetime.now(timezone.utc)
+        if user.status != "active":
+            user.status = "active"
+            user.status_change_date = now
+            changed = True
+        group = next((g for g in user.groups if g.name == user.username), None)
+        if group is None:
+            group = session.query(models.Group).filter(models.Group.name == user.username).first()
+            if group is None:
+                group = models.Group(
+                    name=user.username,
+                    datetime_created=now,
+                    group_image=None,
+                    category="Private",
+                    description=f"Private workspace for {user.name}",
+                    visibility="private",
+                )
+                session.add(group)
+                changed = True
+            if group not in user.groups:
+                user.groups.append(group)
+                changed = True
+        admin = session.query(models.Administrator).filter(models.Administrator.user_id == user.user_id).first()
+        if admin is None:
+            admin = models.Administrator(user_id=user.user_id)
+            session.add(admin)
+            changed = True
+        if admin not in group.admins:
+            group.admins.append(admin)
+            changed = True
+
+    if changed:
+        session.commit()
+        user = (
+            session.query(models.User)
+            .options(joinedload(models.User.groups))
+            .filter(models.User.username == settings.single_user_username)
+            .first()
+        )
+    if user is None:
+        raise RuntimeError("Failed to initialize the local Compair user.")
+    user.groups  # ensure relationship is loaded before detaching
+    return user
+
+
+def _ensure_single_user_session(session: Session, user: models.User) -> models.Session:
+    """Return a long-lived session token for the singleton user."""
+    now = datetime.now(timezone.utc)
+    existing = (
+        session.query(models.Session)
+        .filter(models.Session.user_id == user.user_id, models.Session.datetime_valid_until >= now)
+        .order_by(models.Session.datetime_valid_until.desc())
+        .first()
+    )
+    if existing:
+        return existing
+    token = secrets.token_urlsafe()
+    user_session = models.Session(
+        id=token,
+        user_id=user.user_id,
+        datetime_created=now,
+        datetime_valid_until=now + SINGLE_USER_SESSION_TTL,
+    )
+    session.add(user_session)
+    session.commit()
+    return user_session
 
 
 def require_cloud(feature: str) -> None:
@@ -90,7 +196,13 @@ def require_feature(flag: bool, feature: str) -> None:
     if not flag:
         raise HTTPException(status_code=501, detail=f"{feature} is only available in the Compair Cloud edition.")
 
-def get_current_user(auth_token: str = Header(...)):
+def get_current_user(auth_token: str | None = Header(None)):
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        with compair.Session() as session:
+            return _ensure_single_user(session, settings)
+    if not auth_token:
+        raise HTTPException(status_code=401, detail="Missing session token")
     with compair.Session() as session:
         user_session = session.query(models.Session).filter(models.Session.id == auth_token).first()
         if not user_session:
@@ -154,9 +266,20 @@ log_service_resource_metrics(service_name="backend")  # or "frontend"
 
 @router.post("/login")
 def login(request: schema.LoginRequest) -> dict:
+    settings = get_settings_dependency()
     with compair.Session() as session:
+        if not settings.require_authentication:
+            user = _ensure_single_user(session, settings)
+            user_session = _ensure_single_user_session(session, user)
+            return {
+                "user_id": user.user_id,
+                "username": user.username,
+                "name": user.name,
+                "status": user.status,
+                "role": user.role,
+                "auth_token": user_session.id,
+            }
         user = session.query(models.User).filter(models.User.username == request.username).first()
-        print("PW yo: {request.password}")
         if not user or not user.check_password(request.password):
             raise HTTPException(status_code=401, detail="Invalid credentials")
         if user.status == 'inactive':
@@ -530,8 +653,15 @@ def create_user(
 
 
 @router.get("/load_session")
-def load_session(auth_token: str) -> schema.Session | None:
+def load_session(auth_token: str | None = None) -> schema.Session | None:
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        with compair.Session() as session:
+            user = _ensure_single_user(session, settings)
+            return _ensure_single_user_session(session, user)
     with compair.Session() as session:
+        if not auth_token:
+            raise HTTPException(status_code=400, detail="auth_token is required when authentication is enabled.")
         user_session = session.query(models.Session).filter(models.Session.id == auth_token).first()
         if not user_session:
             raise HTTPException(status_code=404, detail="Session not found")
@@ -596,6 +726,9 @@ def update_session_duration(
 def delete_user(
     current_user: models.User = Depends(get_current_user)
 ):
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        raise HTTPException(status_code=403, detail="Deleting the local user is not supported when authentication is disabled.")
     with compair.Session() as session:
         current_user.delete()
         session.commit()
@@ -1711,6 +1844,9 @@ def load_references(
 
 @router.get("/verify-email")
 def verify_email(token: str):
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        raise HTTPException(status_code=403, detail="Email verification is disabled when authentication is disabled.")
     with compair.Session() as session:
         print(token)
         user = session.query(models.User).filter(models.User.verification_token == token).first()
@@ -1769,6 +1905,9 @@ def sign_up(
     request: schema.SignUpRequest,
     analytics: Analytics = Depends(get_analytics),
 ) -> dict:
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        raise HTTPException(status_code=403, detail="Sign-up is disabled when authentication is disabled.")
     print('1')
     if not is_valid_email(request.username):
         raise HTTPException(status_code=400, detail="Invalid email address")
@@ -1802,6 +1941,9 @@ def sign_up(
 
 @router.post("/forgot-password")
 def forgot_password(request: schema.ForgotPasswordRequest) -> dict:
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        raise HTTPException(status_code=403, detail="Password resets are disabled when authentication is disabled.")
     print('1')
     with compair.Session() as session:
         print('2')
@@ -1834,6 +1976,9 @@ def forgot_password(request: schema.ForgotPasswordRequest) -> dict:
 
 @router.post("/reset-password")
 def reset_password(request: schema.ResetPasswordRequest) -> dict:
+    settings = get_settings_dependency()
+    if not settings.require_authentication:
+        raise HTTPException(status_code=403, detail="Password resets are disabled when authentication is disabled.")
     with compair.Session() as session:
         print('1')
         print(request.token)

compair_core/server/routers/capabilities.py

@@ -11,10 +11,13 @@ router = APIRouter(tags=["meta"])
 @router.get("/capabilities")
 def capabilities(settings: Settings = Depends(get_settings)) -> dict[str, object]:
     edition = settings.edition.lower()
+    require_auth = settings.require_authentication
     return {
         "auth": {
             "device_flow": edition == "cloud",
-            "password_login": True,
+            "password_login": require_auth,
+            "required": require_auth,
+            "single_user": not require_auth,
         },
         "inputs": {
             "text": True,

compair_core/server/settings.py

@@ -16,6 +16,9 @@ class Settings(BaseSettings):
     billing_enabled: bool = False
     integrations_enabled: bool = False
     premium_models: bool = False
+    require_authentication: bool = False
+    single_user_username: str = "compair-local@example.com"
+    single_user_name: str = "Compair Local User"
 
     # Core/local storage defaults
     local_upload_dir: str = "~/.compair-core/data/uploads"

{compair_core-0.3.10.dist-info → compair_core-0.3.11.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: compair-core
-Version: 0.3.10
+Version: 0.3.11
 Summary: Open-source foundation of the Compair collaboration platform.
 Author: RocketResearch, Inc.
 License: MIT
@@ -89,6 +89,8 @@ Key environment variables for the core edition:
 - `COMPAIR_SQLITE_DIR` / `COMPAIR_SQLITE_NAME` – override the default local SQLite path (falls back to `./compair_data` if `/data` is not writable).
 - `COMPAIR_LOCAL_MODEL_URL` – endpoint for your local embeddings/feedback service (defaults to `http://local-model:9000`).
 - `COMPAIR_EMAIL_BACKEND` – the core mailer logs emails to stdout; cloud overrides this with transactional delivery.
+- `COMPAIR_REQUIRE_AUTHENTICATION` (`true`) – set to `false` to run the API in single-user mode without login or account management. When disabled, Compair auto-provisions a local user, group, and long-lived session token so you can upload documents immediately.
+- `COMPAIR_SINGLE_USER_USERNAME` / `COMPAIR_SINGLE_USER_NAME` – override the email-style username and display name that are used for the auto-provisioned local user in single-user mode.
 
 See `compair_core/server/settings.py` for the full settings surface.
 

{compair_core-0.3.10.dist-info → compair_core-0.3.11.dist-info}/RECORD

@@ -1,5 +1,5 @@
 compair_core/__init__.py,sha256=ktPgTk1QCd7PF-CUzfcd49JvkEut68SEefx2qcL5M5s,122
-compair_core/api.py,sha256=sNROj9Bp80KInxZwoekW0NSkIO-oTZmU7PJvJe7yY5I,129241
+compair_core/api.py,sha256=acxam2asb8f9Jr6nML1avjlaLVkWAmHVvyI_Jzvzu40,135265
 compair_core/compair/__init__.py,sha256=V2mqe6UQEvY4U8XL8T-TtCRNDWVUMNeCLZ8nsYQLvr4,2494
 compair_core/compair/celery_app.py,sha256=OM_Saza9yC9Q0kz_WXctfswrKkG7ruT52Zl5E4guiT0,640
 compair_core/compair/default_groups.py,sha256=dbacrFkSjqEQZ_uoFU5gYhgIoP_3lmvz6LJNHCJvxlw,498
@@ -19,7 +19,7 @@ compair_core/compair_email/templates_core.py,sha256=1XzBXGjmM6gApSXq382fxCRiVa5J
 compair_core/server/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 compair_core/server/app.py,sha256=8Kbq--xxFQ8zUD6dfm2aQ2rM58LQGwb4bUpzFUju-v4,3415
 compair_core/server/deps.py,sha256=0X-Z5JQGeXwbMooWIOC2kXVmsiJIvgUtqkK2PmDjKpI,1557
-compair_core/server/settings.py,sha256=XutlHezdP6YjxsavE4ILnReSOBvZgeg-Wukqxl3vdxE,1491
+compair_core/server/settings.py,sha256=9xq6vm51kxpgoDTWG5IFjRY5u7fVZtwKA_ch-0mlWR4,1641
 compair_core/server/local_model/__init__.py,sha256=YlzDgorgAjGou9d_W29Xp3TVu08e4t9x8csFxn8cgSE,50
 compair_core/server/local_model/app.py,sha256=2bOLjgAyKnFcng2lmDVMB0G6WgnnVGjHyj2X8TeJjnU,1626
 compair_core/server/providers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -30,9 +30,9 @@ compair_core/server/providers/noop_analytics.py,sha256=OKw23SObxBlQzFdB0xEBg5qD1
 compair_core/server/providers/noop_billing.py,sha256=V18Cpl1D1reM3xhgw-lShGliVpYO8IsiAPWOAIR34jM,1358
 compair_core/server/providers/noop_ocr.py,sha256=fMaJrivDef38-ECgIuTXUBCIm_avgvZf3nQ3UTdFPNI,341
 compair_core/server/routers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-compair_core/server/routers/capabilities.py,sha256=FZBLgmlIw6tWZiuihpzRmZ9AvbrY1jolVs7zqnhNPRU,1150
-compair_core-0.3.10.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-compair_core-0.3.10.dist-info/METADATA,sha256=Uxz10AhV2Qr4tZzomNLX4tbVJPLg0bgFCCoBq_D3U7c,4639
-compair_core-0.3.10.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-compair_core-0.3.10.dist-info/top_level.txt,sha256=1dpwoLSY2DWQUVGS05Tq0MuFXg8sabYzg4V2deLzzuo,13
-compair_core-0.3.10.dist-info/RECORD,,
+compair_core/server/routers/capabilities.py,sha256=pMnNjnDeHKCDVSVrF_1xhTXUclvyH3kYFksnGQRXKqY,1292
+compair_core-0.3.11.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+compair_core-0.3.11.dist-info/METADATA,sha256=LKa90nl50pe8RG8GbC3SgtG4I5K2RlxNeaWZfV1oPr4,5092
+compair_core-0.3.11.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+compair_core-0.3.11.dist-info/top_level.txt,sha256=1dpwoLSY2DWQUVGS05Tq0MuFXg8sabYzg4V2deLzzuo,13
+compair_core-0.3.11.dist-info/RECORD,,