desdeo 2.0.0__py3-none-any.whl → 2.1.1__py3-none-any.whl

desdeo/api/routers/user_authentication.py

@@ -5,24 +5,22 @@ from datetime import UTC, datetime, timedelta
 from typing import Annotated
 
 import bcrypt
-from fastapi import APIRouter, Cookie, Depends, HTTPException, Response, status
+from fastapi import APIRouter, Cookie, Depends, HTTPException, Response, Security, status
 from fastapi.responses import JSONResponse
-from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
-from jose import JWTError, jwt
+from fastapi.security import (
+    APIKeyCookie,
+    HTTPAuthorizationCredentials,
+    HTTPBearer,
+    OAuth2PasswordBearer,
+    OAuth2PasswordRequestForm,
+)
+from jose import ExpiredSignatureError, JWTError, jwt
 from pydantic import BaseModel
 from sqlmodel import Session, select
 
-from desdeo.api import SettingsConfig
+from desdeo.api import AuthConfig
 from desdeo.api.db import get_session
-from desdeo.api.models import User, UserPublic
-
-# AuthConfig
-if SettingsConfig.debug:
-    from desdeo.api import AuthDebugConfig
-
-    AuthConfig = AuthDebugConfig
-else:
-    pass
+from desdeo.api.models import User, UserPublic, UserRole
 
 router = APIRouter()
 
@@ -37,7 +35,9 @@ class Tokens(BaseModel):
 
 # OAuth2PasswordBearer is a class that creates a dependency that will be used to get the token from the request.
 # The token will be used to authenticate the user.
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login", auto_error=False)
+# Same, but for getting the access_token from the cookies of the request.
+cookie_scheme = APIKeyCookie(name="access_token", auto_error=False)
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
@@ -108,9 +108,11 @@ def authenticate_user(session: Session, username: str, password: str) -> User |
     return user
 
 
+# token: Annotated[str, Depends(oauth2_scheme)],
 def get_current_user(
-    token: Annotated[str, Depends(oauth2_scheme)],
     session: Annotated[Session, Depends(get_session)],
+    header_token: Annotated[str | None, Security(oauth2_scheme)] = None,
+    cookie_token: Annotated[str | None, Security(cookie_scheme)] = None,
 ) -> User:
     """Get the current user based on a JWT token.
 
@@ -126,11 +128,16 @@ def get_current_user(
     Raises:
         HTTPException: If the token is invalid.
     """
+    token = header_token or cookie_token
+
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
         detail="Could not validate credentials",
         headers={"WWW-Authenticate": "Bearer"},
     )
+
+    if not token:
+        raise credentials_exception
     try:
         payload = jwt.decode(token, AuthConfig.authjwt_secret_key, algorithms=[AuthConfig.authjwt_algorithm])
         username = payload.get("sub")
@@ -139,7 +146,7 @@ def get_current_user(
         if username is None or expire_time is None or expire_time < datetime.now(UTC).timestamp():
             raise credentials_exception
 
-    except jwt.exceptions.ExpiredSignatureError:
+    except ExpiredSignatureError:
         raise credentials_exception from None
 
     except JWTError:
@@ -281,6 +288,54 @@ def validate_refresh_token(
     return user
 
 
+def add_user_to_database(
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+    role: UserRole,
+    session: Annotated[Session, Depends(get_session)],
+) -> None:
+    """Add a user to database.
+
+    Args:
+        form_data: Annotated[OAuth2PasswordRequestForm, Depends()]: form with username and password to be added
+        role: UserRole: Role of the user to be added to the database
+        session: Annotated[Session, Depends(get_session)]: database session
+
+    Returns:
+        None
+
+    Raises:
+        HTTPException: If username already is in the database or if adding the user to the database failed.
+    """
+    username = form_data.username
+    password = form_data.password
+
+    # Check if a user with requested username is already in the database
+    if get_user(session=session, username=username):
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail="Username already taken.",
+        )
+
+    # Create the user model and put it into database
+    new_user = User(
+        username=username,
+        password_hash=get_password_hash(
+            password=password,
+        ),
+        role=role,
+    )
+    session.add(new_user)
+    session.commit()
+    session.refresh(new_user)
+
+    # Verify that the user actually is in the database
+    if not get_user(session=session, username=username):
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to add user into database.",
+        )
+
+
 @router.get("/user_info")
 def get_current_user_info(user: Annotated[User, Depends(get_current_user)]) -> UserPublic:
     """Return information about the current user.
@@ -294,7 +349,7 @@ def get_current_user_info(user: Annotated[User, Depends(get_current_user)]) -> U
     return user
 
 
-@router.post("/login")
+@router.post("/login", response_model=Tokens)
 def login(
     form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
     session: Annotated[Session, Depends(get_session)],
@@ -321,19 +376,49 @@ def login(
 
     tokens = generate_tokens({"id": user.id, "sub": user.username})
 
-    response = JSONResponse(content={"access_token": tokens.access_token})
-    response.set_cookie(
-        key="refresh_token",
-        value=tokens.refresh_token,
-        httponly=True,  # HTTP only cookie, more secure than storing the refresh token in the frontend code.
-        secure=False,  # allow http
-        samesite="lax",  # cross-origin requests
-        max_age=cookie_max_age * 60,  # convert to minutes
-    )
+    response = JSONResponse(content={"access_token": tokens.access_token, "refresh_token": tokens.refresh_token})
+
+    if AuthConfig.cookie_domain == "":
+        response.set_cookie(
+            key="refresh_token",
+            value=tokens.refresh_token,
+            httponly=True,  # HTTP only cookie, more secure than storing the refresh token in the frontend code.
+            secure=False,  # allow http
+            samesite="lax",  # cross-origin requests
+            max_age=cookie_max_age * 60,  # convert to minutes
+            path="/",
+        )
+    else:
+        response.set_cookie(
+            key="refresh_token",
+            value=tokens.refresh_token,
+            httponly=True,  # keep this
+            secure=True,  # MUST be true for HTTPS
+            samesite="none",  # required for cross-site subdomains
+            max_age=cookie_max_age * 60,
+            path="/",
+            domain=AuthConfig.cookie_domain,  # <- allow sharing between API + webui
+        )
 
     return response
 
 
+@router.post("/logout")
+def logout() -> JSONResponse:
+    """Log the current user out. Deletes the refresh token that was set by logging in.
+
+    Args:
+        None
+
+    Returns:
+        JSONResponse: A response in which the cookies are deleted
+
+    """
+    response = JSONResponse(content={"message": "logged out"}, status_code=status.HTTP_200_OK)
+    response.delete_cookie("refresh_token")
+    return response
+
+
 @router.post("/refresh")
 def refresh_access_token(
     request: Response,
@@ -364,3 +449,72 @@ def refresh_access_token(
     access_token = create_access_token({"id": user.id, "sub": user.username})
 
     return {"access_token": access_token}
+
+
+@router.post("/add_new_dm")
+def add_new_dm(
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+    session: Annotated[Session, Depends(get_session)],
+) -> JSONResponse:
+    """Add a new user of the role Decision Maker to the database. Requires no login.
+
+    Args:
+        form_data (Annotated[OAuth2PasswordRequestForm, Depends()]): The user credentials to add to the database.
+        session (Annotated[Session, Depends(get_session)]): the database session.
+
+    Returns:
+        JSONResponse: A JSON response
+
+    Raises:
+        HTTPException: if username is already in use or if saving to the database fails for some reason.
+    """
+    add_user_to_database(
+        form_data=form_data,
+        role=UserRole.dm,
+        session=session,
+    )
+
+    return JSONResponse(
+        content={"message": 'User with role "decision maker" created.'},
+        status_code=status.HTTP_201_CREATED,
+    )
+
+
+@router.post("/add_new_analyst")
+def add_new_analyst(
+    user: Annotated[User, Depends(get_current_user)],
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+    session: Annotated[Session, Depends(get_session)],
+) -> JSONResponse:
+    """Add a new user of the role Analyst to the database. Requires a logged in analyst or an admin.
+
+    Args:
+        user: Annotated[User, Depends(get_current_user)]: Logged in user with the role "analyst" or "admin".
+        form_data: (Annotated[OAuth2PasswordRequestForm, Depends()]): The user credentials to add to the database.
+        session: (Annotated[Session, Depends(get_session)]): the database session.
+
+    Returns:
+        JSONResponse: A JSON response
+
+    Raises:
+        HTTPException: if the logged in user is not an analyst or an admin or if
+        username is already in use or if saving to the database fails for some reason.
+
+    """
+    # Check if the user who tries to create the user is either an analyst or an admin.
+    if not (user.role == UserRole.analyst or user.role == UserRole.admin):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Logged in user has insufficient rights.",
+        )
+
+    add_user_to_database(
+        form_data=form_data,
+        role=UserRole.analyst,
+        session=session,
+    )
+
+    return JSONResponse(
+        content={"message": 'User with role "analyst" created.'},
+        status_code=status.HTTP_201_CREATED,
+    )

desdeo/api/routers/utils.py

@@ -0,0 +1,187 @@
+"""A selection of utilities for handling routers and data therein.
+
+NOTE: No routers should be defined in this file!
+"""
+
+from dataclasses import dataclass
+from typing import Annotated
+
+from fastapi import Depends, HTTPException, status
+from sqlmodel import Session, select
+
+from desdeo.api.db import get_session
+from desdeo.api.models import (
+    ENautilusStepRequest,
+    InteractiveSessionDB,
+    ProblemDB,
+    RPMSolveRequest,
+    StateDB,
+    User,
+)
+from desdeo.api.routers.user_authentication import get_current_user
+
+RequestType = RPMSolveRequest | ENautilusStepRequest
+
+
+def fetch_interactive_session(user: User, request: RequestType, session: Session) -> InteractiveSessionDB | None:
+    """Gets the desired instance of `InteractiveSessionDB`.
+
+    Args:
+        user (User): the user whose interactive sessions are to be queried.
+        request (RequestType): the request with possibly information on which interactive session to query.
+        session (Session): the database session (not to be confused with the interactive session) from
+            which the interactive session should be queried.
+
+    Note:
+        If no explicit `session_id` is given in `request`, this function will try to fetch the
+        currently active interactive session for the `user`, e.g., with id `user.active_session_id`.
+        If this is `None`, then the interactive session returned will be `None` as well.
+
+    Raises:
+        HTTPException: when an explicit interactive session is requested, but it is not found.
+
+    Returns:
+        InteractiveSessionDB | None: an interactive session DB model, or nothing.
+    """
+    if request.session_id is not None:
+        # specific interactive session id is given, try using that
+        statement = select(InteractiveSessionDB).where(InteractiveSessionDB.id == request.session_id)
+        interactive_session = session.exec(statement).first()
+
+        if interactive_session is None:
+            # Raise if explicitly requested interactive session cannot be found
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Could not find interactive session with id={request.session_id}.",
+            )
+    else:
+        # request.session_id is None
+        # try to use active session instead
+
+        statement = select(InteractiveSessionDB).where(InteractiveSessionDB.id == user.active_session_id)
+
+        interactive_session = session.exec(statement).first()
+
+    # At this point interactive_session is either an instance of InteractiveSessionDB or None (which is fine)
+
+    return interactive_session
+
+
+def fetch_user_problem(user: User, request: RequestType, session: Session) -> ProblemDB:
+    """Fetches a user's `ProblemDB` based on the id in the given request.
+
+    Args:
+        user (User): the user for which the problem is fetched.
+        request (RequestType): request containing details of the problem to be fetched (`request.problem_id`).
+        session (Session): the database session from which to fetch the problem.
+
+    Raises:
+        HTTPException: a problem with the given id (`request.problem_id`) could not be found (404).
+
+    Returns:
+        Problem: the instance of `ProblemDB` with the given id.
+    """
+    statement = select(ProblemDB).where(ProblemDB.user_id == user.id, ProblemDB.id == request.problem_id)
+    problem_db = session.exec(statement).first()
+
+    if problem_db is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail=f"Problem with id={request.problem_id} could not be found."
+        )
+
+    return problem_db
+
+
+def fetch_parent_state(
+    user: User, request: RequestType, session: Session, interactive_session: InteractiveSessionDB | None = None
+) -> StateDB | None:
+    """Fetches the parent state, if an id is given, or if defined in the given interactive session.
+
+    Determines the appropriate parent `StateDB` instance to associate with a new
+    state or operation. It first checks whether the `request` explicitly
+    provides a `parent_state_id`. If so, it attempts to retrieve the
+    corresponding `StateDB` entry from the database. If no such id is provided,
+    the function defaults to returning the most recently added state from the
+    given `interactive_session`, if available. If neither source provides a
+    parent state, `None` is returned.
+
+
+    Args:
+        user (User): the user for which the parent state is fetched.
+        request (RequestType): request containing details about the parent state and optionally the
+            interactive session.
+        session (Session): the database session from which to fetch the parent state.
+        interactive_session (InteractiveSessionDB | None, optional): the interactive session containing
+            information about the parent state. Defaults to None.
+
+    Raises:
+        HTTPException: when `request.parent_state_id` is not `None` and a `StateDB` with this id cannot
+            be found in the given database session.
+
+    Returns:
+        StateDB | None: if `request.parent_state_id` is given, returns the corresponding `StateDB`.
+            If it is not given, returns the latest state defined in `interactive_session.states`.
+            If both `request.parent_state_id` and `interactive_session` are `None`, then returns `None`.
+    """
+    if request.parent_state_id is None:
+        # parent state is assumed to be the last sate added to the session.
+        # if `interactive_session` is None, then parent state is set to None.
+        parent_state = (
+            interactive_session.states[-1]
+            if (interactive_session is not None and len(interactive_session.states) > 0)
+            else None
+        )
+
+    else:
+        # request.parent_state_id is not None
+        statement = select(StateDB).where(StateDB.id == request.parent_state_id)
+        parent_state = session.exec(statement).first()
+
+        # this error is raised because if a parent_state_id is given, it is assumed that the
+        # user wished to use that state explicitly as the parent.
+        if parent_state is None:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND, detail=f"Could not find state with id={request.parent_state_id}"
+            )
+
+    return parent_state
+
+
+@dataclass(frozen=True)
+class SessionContext:
+    """A generic context to be used in various endpoints."""
+
+    user: User
+    db_session: Session
+    problem_db: ProblemDB
+    interactive_session: InteractiveSessionDB | None
+    parent_state: StateDB | None
+
+
+def get_session_context(
+    request: RequestType,
+    user: Annotated[User, Depends(get_current_user)],
+    db_session: Annotated[Session, Depends(get_session)],
+) -> SessionContext:
+    """Gets the current session context. Should be used as a dep.
+
+    Args:
+        request (RequestType): request based on which the context is fetched.
+        user (Annotated[User, Depends): the current user (dep).
+        db_session (Annotated[Session, Depends): the current database session (dep).
+
+    Returns:
+        SessionContext: the current session context with the relevant instances
+            of `User`, `Session`, `ProblemDB`, `InteractiveSessionDB`, and `StateDB`.
+    """
+    problem_db = fetch_user_problem(user, request, db_session)
+    interactive_session = fetch_interactive_session(user, request, db_session)
+    parent_state = fetch_parent_state(user, request, db_session, interactive_session=interactive_session)
+
+    return SessionContext(
+        user=user,
+        db_session=db_session,
+        problem_db=problem_db,
+        interactive_session=interactive_session,
+        parent_state=parent_state,
+    )

desdeo/api/routers/utopia.py

@@ -0,0 +1,230 @@
+"""Utopia router."""
+
+import json
+from typing import Annotated
+
+from fastapi import APIRouter, Depends
+from sqlmodel import Session, select
+
+from desdeo.api.db import get_session
+from desdeo.api.models import (
+    ForestProblemMetaData,
+    NIMBUSFinalState,
+    NIMBUSInitializationState,
+    NIMBUSSaveState,
+    ProblemMetaDataDB,
+    StateDB,
+    User,
+    UtopiaRequest,
+    UtopiaResponse,
+)
+from desdeo.api.routers.user_authentication import get_current_user
+
+router = APIRouter(prefix="/utopia")
+
+
+@router.post("/")
+def get_utopia_data(
+    request: UtopiaRequest,
+    user: Annotated[User, Depends(get_current_user)],
+    session: Annotated[Session, Depends(get_session)],
+) -> UtopiaResponse:
+    """Request and receive the Utopia map corresponding to the decision variables sent.
+
+    Args:
+        request (UtopiaRequest): the set of decision variables and problem for which the utopia forest map is requested
+        for.
+        user (Annotated[User, Depend(get_current_user)]) the current user
+        session (Annotated[Session, Depends(get_session)]) the current database session
+    Raises:
+        HTTPException:
+    Returns:
+        UtopiaResponse: the map for the forest, to be rendered in frontend
+    """
+    empty_response = UtopiaResponse(is_utopia=False, map_name="", map_json={}, options={}, description="", years=[])
+
+    state = session.exec(select(StateDB).where(StateDB.id == request.solution.state_id)).first()
+    if state is None or not hasattr(state, "state"):
+        return empty_response
+
+    actual_state = state.state
+
+    if type(actual_state) is NIMBUSSaveState:
+        decision_variables = actual_state.result_variable_values[0]
+
+    elif type(actual_state) in [NIMBUSInitializationState, NIMBUSFinalState]:
+        decision_variables = actual_state.solver_results.optimal_variables
+
+    else:
+        # Check if solver_results exists and has the needed index
+        if (
+            not hasattr(actual_state, "solver_results")
+            or request.solution.solution_index >= len(actual_state.solver_results)
+            or actual_state.solver_results[request.solution.solution_index] is None
+        ):
+            return empty_response
+
+        result = actual_state.solver_results[request.solution.solution_index]
+        if not hasattr(result, "optimal_variables") or not result.optimal_variables:
+            return empty_response
+        decision_variables = result.optimal_variables  # expects a list of variables, won't work without.
+
+    from_db_metadata = session.exec(
+        select(ProblemMetaDataDB).where(ProblemMetaDataDB.problem_id == request.problem_id)
+    ).first()
+    if from_db_metadata is None:
+        return empty_response
+
+    # Get the last instance of forest related metadata from the database.
+    # If for some reason there's more than one forest metadata, return the latest.
+    forest_metadata: ForestProblemMetaData = [
+        metadata for metadata in from_db_metadata.all_metadata if metadata.metadata_type == "forest_problem_metadata"
+    ][-1]
+    if forest_metadata is None:
+        return empty_response
+
+    # Figure out the treatments from the decision variables and utopia data
+
+    def treatment_index(part: str) -> str:
+        if "clearcut" in part:
+            return 1
+        if "below" in part:
+            return 2
+        if "above" in part:
+            return 3
+        if "even" in part:
+            return 4
+        if "first" in part:
+            return 5
+        return -1
+
+    treatments_dict = {}
+    for key in decision_variables:
+        if not key.startswith("X"):
+            continue
+        # The dict keys get converted to ints to strings when it's loaded from database
+        try:
+            treatments = forest_metadata.schedule_dict[key][str(decision_variables[key].index(1))]
+        except ValueError as e:
+            # if the optimization didn't choose any decision alternative, it's safe to assume
+            #  that nothing is being done at that forest stand
+            treatments = forest_metadata.schedule_dict[key]["0"]
+            # print(e)
+        treatments_dict[key] = {forest_metadata.years[0]: 0, forest_metadata.years[1]: 0, forest_metadata.years[2]: 0}
+        for year in treatments_dict[key]:
+            if year in treatments:
+                for part in treatments.split():
+                    if year in part:
+                        treatments_dict[key][year] = treatment_index(part)
+
+    # Create the options for the webui
+
+    treatment_colors = {
+        0: "#4daf4a",
+        1: "#e41a1c",
+        2: "#984ea3",
+        3: "#e3d802",
+        4: "#ff7f00",
+        5: "#377eb8",
+    }
+
+    description_dict = {
+        0: "Do nothing",
+        1: "Clearcut",
+        2: "Thinning from below",
+        3: "Thinning from above",
+        4: "Even thinning",
+        5: "First thinning",
+    }
+
+    map_name = "ForestMap"  # This isn't visible anywhere on the ui
+
+    options = {}
+    for year in forest_metadata.years:
+        options[year] = {
+            "tooltip": {
+                "trigger": "item",
+                "showDelay": 0,
+                "transitionDuration": 0.2,
+            },
+            "visualMap": {  # // vis eg. stock levels
+                "left": "right",
+                "showLabel": True,
+                "type": "piecewise",  # // for different plans
+                "pieces": [],
+                "text": ["Management plans"],
+                "calculable": True,
+            },
+            # // predefined symbols for visumap'circle': 'rect': 'roundRect': 'triangle': 'diamond': 'pin':'arrow':
+            # // can give custom svgs also
+            "toolbox": {
+                "show": True,
+                #   //orient: 'vertical',
+                "left": "left",
+                "top": "top",
+                "feature": {
+                    "dataView": {"readOnly": True},
+                    "restore": {},
+                    "saveAsImage": {},
+                },
+            },
+            # // can draw graphic components to indicate different things at least
+            "series": [
+                {
+                    "name": year,
+                    "type": "map",
+                    "roam": True,
+                    "map": map_name,
+                    "nameProperty": forest_metadata.stand_id_field,
+                    "label": {
+                        "show": False  # Hide text labels on the map
+                    },
+                    # "colorBy": "data",
+                    # "itemStyle": {"symbol": "triangle", "color": "red"},
+                    "data": [],
+                    "nameMap": {},
+                }
+            ],
+        }
+
+        for key in decision_variables:
+            if not key.startswith("X"):
+                continue
+            stand = int(forest_metadata.schedule_dict[key]["unit"])
+            treatment_id = treatments_dict[key][year]
+            piece = {
+                "value": treatment_id,
+                "symbol": "circle",
+                "label": description_dict[treatment_id],
+                "color": treatment_colors[treatment_id],
+            }
+            if piece not in options[year]["visualMap"]["pieces"]:
+                options[year]["visualMap"]["pieces"].append(piece)
+            if forest_metadata.stand_descriptor:
+                name = forest_metadata.stand_descriptor[str(stand)] + description_dict[treatment_id]
+            else:
+                name = "Stand " + str(stand) + " " + description_dict[treatment_id]
+            options[year]["series"][0]["data"].append(
+                {
+                    "name": name,
+                    "value": treatment_id,
+                }
+            )
+            options[year]["series"][0]["nameMap"][stand] = name
+
+    # Let's also generate a nice description for the map
+    map_description = (
+        f"Income from harvesting in the first period {int(decision_variables['P_1'])}€.\n"
+        + f"Income from harvesting in the second period {int(decision_variables['P_2'])}€.\n"
+        + f"Income from harvesting in the third period {int(decision_variables['P_3'])}€.\n"
+        + f"The discounted value of the remaining forest at the end of the plan {int(decision_variables['V_end'])}€."
+    )
+
+    return UtopiaResponse(
+        is_utopia=True,
+        map_name=map_name,
+        options=options,
+        map_json=json.loads(forest_metadata.map_json),
+        description=map_description,
+        years=forest_metadata.years,
+    )