desdeo 2.1.0__py3-none-any.whl → 2.2.0__py3-none-any.whl

desdeo/api/routers/problem.py

@@ -5,9 +5,8 @@ from typing import Annotated
 
 from fastapi import APIRouter, Depends, HTTPException, Request, UploadFile, status
 from fastapi.responses import JSONResponse
-from sqlmodel import Session, select
+from sqlmodel import select
 
-from desdeo.api.db import get_session
 from desdeo.api.models import (
     ForestProblemMetaData,
     ProblemDB,
@@ -26,6 +25,8 @@ from desdeo.api.routers.user_authentication import get_current_user
 from desdeo.problem import Problem
 from desdeo.tools.utils import available_solvers
 
+from .utils import SessionContext, get_session_context, get_session_context_without_request
+
 router = APIRouter(prefix="/problem")
 
 
@@ -87,15 +88,13 @@ def get_problems_info(user: Annotated[User, Depends(get_current_user)]) -> list[
 @router.post("/get")
 def get_problem(
     request: ProblemGetRequest,
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_session)],
+    context: Annotated[SessionContext, Depends(get_session_context)],
 ) -> ProblemInfo:
     """Get the model of a specific problem.
 
     Args:
         request (ProblemGetRequest): the request containing the problem's id `problem_id`.
-        user (Annotated[User, Depends): the current user.
-        session (Annotated[Session, Depends): the database session.
+        context (Annotated[SessionContext, Depends): the session context.
 
     Raises:
         HTTPException: could not find a problem with the given id.
@@ -103,29 +102,28 @@ def get_problem(
     Returns:
         ProblemInfo: detailed information on the requested problem.
     """
-    problem = session.get(ProblemDB, request.problem_id)
+    problem_db = context.problem_db
 
-    if problem is None:
+    # Ensure problem exists
+    if problem_db is None:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
             detail=f"The problem with the requested id={request.problem_id} was not found.",
         )
 
-    return problem
+    return problem_db
 
 
 @router.post("/add")
 def add_problem(
     request: Annotated[Problem, Depends(parse_problem_json)],
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_session)],
+    context: Annotated[SessionContext, Depends(get_session_context_without_request)],
 ) -> ProblemInfo:
     """Add a newly defined problem to the database.
 
     Args:
         request (Problem): the JSON representation of the problem.
-        user (Annotated[User, Depends): the current user.
-        session (Annotated[Session, Depends): the database session.
+        context (Annotated[SessionContext, Depends): the session context.
 
     Note:
         Users with the role 'guest' may not add new problems.
@@ -136,10 +134,15 @@ def add_problem(
     Returns:
         ProblemInfo: the information about the problem added.
     """
+    user = context.user
+    db_session = context.db_session
+
     if user.role == UserRole.guest:
         raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED, detail="Guest users are not allowed to add new problems."
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Guest users are not allowed to add new problems.",
         )
+
     try:
         problem_db = ProblemDB.from_problem(request, user=user)
     except Exception as e:
@@ -148,9 +151,9 @@ def add_problem(
             detail=f"Could not add problem. Possible reason: {e!r}",
         ) from e
 
-    session.add(problem_db)
-    session.commit()
-    session.refresh(problem_db)
+    db_session.add(problem_db)
+    db_session.commit()
+    db_session.refresh(problem_db)
 
     return problem_db
 
@@ -158,15 +161,13 @@ def add_problem(
 @router.post("/add_json")
 def add_problem_json(
     json_file: UploadFile,
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_session)],
+    context: Annotated[SessionContext, Depends(get_session_context_without_request)],
 ) -> ProblemInfo:
     """Adds a problem to the database based on its JSON definition.
 
     Args:
         json_file (UploadFile): a file in JSON format describing the problem.
-        user (Annotated[User, Depends): the usr for which the problem is added.
-        session (Annotated[Session, Depends): the database session.
+        context (Annotated[SessionContext, Depends): the session context.
 
     Raises:
         HTTPException: if the provided `json_file` is empty.
@@ -175,23 +176,25 @@ def add_problem_json(
     Returns:
         ProblemInfo: a description of the added problem.
     """
+    user = context.user
+    db_session = context.db_session
+
     raw = json_file.file.read()
 
     if not raw:
-        raise HTTPException(400, "Empty upload.")
+        raise HTTPException(status_code=400, detail="Empty upload.")
 
     try:
-        # for extra validation
-        json.loads(raw)
+        json.loads(raw)  # extra validation
     except json.JSONDecodeError as e:
-        raise HTTPException(400, "Invalid JSON.") from e
+        raise HTTPException(status_code=400, detail="Invalid JSON.") from e
 
     problem = Problem.model_validate_json(raw, by_name=True)
     problem_db = ProblemDB.from_problem(problem, user=user)
 
-    session.add(problem_db)
-    session.commit()
-    session.refresh(problem_db)
+    db_session.add(problem_db)
+    db_session.commit()
+    db_session.refresh(problem_db)
 
     return problem_db
 
@@ -199,8 +202,7 @@ def add_problem_json(
 @router.post("/get_metadata")
 def get_metadata(
     request: ProblemMetaDataGetRequest,
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_session)],
+    context: Annotated[SessionContext, Depends(get_session_context)],
 ) -> list[ForestProblemMetaData | RepresentativeNonDominatedSolutions | SolverSelectionMetadata]:
     """Fetch specific metadata for a specific problem.
 
@@ -210,19 +212,21 @@ def get_metadata(
 
     Args:
         request (MetaDataGetRequest): the requested metadata type.
-        user (Annotated[User, Depends]): the current user.
-        session (Annotated[Session, Depends]): the database session.
+        context (Annotated[SessionContext, Depends]): the session context.
 
     Returns:
         list[ForestProblemMetadata | RepresentativeNonDominatedSolutions]: list containing all the metadata
             defined for the problem with the requested metadata type. If no match is found,
             returns an empty list.
     """
-    statement = select(ProblemDB).where(ProblemDB.id == request.problem_id)
-    problem_from_db = session.exec(statement).first()
+    db_session = context.db_session
+
+    problem_from_db = db_session.exec(select(ProblemDB).where(ProblemDB.id == request.problem_id)).first()
+
     if problem_from_db is None:
         raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail=f"Problem with ID {request.problem_id} not found!"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Problem with ID {request.problem_id} not found!",
         )
 
     problem_metadata = problem_from_db.problem_metadata
@@ -230,7 +234,6 @@ def get_metadata(
     if problem_metadata is None:
         # no metadata define for the problem
         return []
-
     # metadata is defined, try to find matching types based on request
     return [metadata for metadata in problem_metadata.all_metadata if metadata.metadata_type == request.metadata_type]
 
@@ -240,17 +243,17 @@ def get_available_solvers() -> list[str]:
     """Return the list of available solver names."""
     return list(available_solvers.keys())
 
+
 @router.post("/assign_solver")
 def select_solver(
     request: ProblemSelectSolverRequest,
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_session)],
+    context: Annotated[SessionContext, Depends(get_session_context)],
 ) -> JSONResponse:
     """Assign a specific solver for a problem.
 
-    request: ProblemSelectSolverRequest: The request containing problem id and string representation of the solver
-    user: Annotated[User, Depends(get_current_user): The user that is logged in.
-    session: Annotated[Session, Depends(get_session)]: The database session.
+    Args:
+        request: ProblemSelectSolverRequest: The request containing problem id and string representation of the solver
+        context: Annotated[SessionContext, Depends(get_session)]: The session context.
 
     Raises:
         HTTPException: Unknown solver, unauthorized user
@@ -258,50 +261,60 @@ def select_solver(
     Returns:
         JSONResponse: A simple confirmation.
     """
+    db_session = context.db_session
+    user = context.user
+
+    # Validate solver type
     if request.solver_string_representation not in [x for x, _ in available_solvers.items()]:
         raise HTTPException(
             detail=f"Solver of unknown type: {request.solver_string_representation}",
             status_code=status.HTTP_404_NOT_FOUND,
         )
 
-    """Set a specific solver for a specific problem."""
-    # Get the problem
-    problem_db = session.exec(select(ProblemDB).where(ProblemDB.id == request.problem_id)).first()
+    # Fetch problem
+    problem_db = db_session.exec(select(ProblemDB).where(ProblemDB.id == request.problem_id)).first()
+
     if problem_db is None:
         raise HTTPException(
             detail=f"No problem with ID {request.problem_id}!",
             status_code=status.HTTP_404_NOT_FOUND,
         )
+
     # Auth the user
     if user.id != problem_db.user_id:
-        raise HTTPException(detail="Unauthorized user!", status_code=status.HTTP_401_UNAUTHORIZED)
+        raise HTTPException(
+            detail="Unauthorized user!",
+            status_code=status.HTTP_401_UNAUTHORIZED,
+        )
 
     # All good, get on with it.
     problem_metadata = problem_db.problem_metadata
     if problem_metadata is None:
         # There's no metadata for this problem! Create some.
         problem_metadata = ProblemMetaDataDB(problem_id=problem_db.id, problem=problem_db)
-        session.add(problem_metadata)
-        session.commit()
-        session.refresh(problem_metadata)
+        db_session.add(problem_metadata)
+        db_session.commit()
+        db_session.refresh(problem_metadata)
 
+    # Remove existing solver selection metadata
     if problem_metadata.solver_selection_metadata:
-        session.delete(problem_metadata.solver_selection_metadata[-1])
-        session.commit()
+        db_session.delete(problem_metadata.solver_selection_metadata[-1])
+        db_session.commit()
 
+    # Add new solver selection metadata
     solver_selection_metadata = SolverSelectionMetadata(
         metadata_id=problem_metadata.id,
         solver_string_representation=request.solver_string_representation,
         metadata_instance=problem_metadata,
     )
 
-    session.add(solver_selection_metadata)
-    session.commit()
-    session.refresh(solver_selection_metadata)
+    db_session.add(solver_selection_metadata)
+    db_session.commit()
+    db_session.refresh(solver_selection_metadata)
 
     problem_metadata.solver_selection_metadata.append(solver_selection_metadata)
-    session.add(problem_metadata)
-    session.commit()
-    session.refresh(problem_metadata)
+    db_session.add(problem_metadata)
+    db_session.commit()
+    db_session.refresh(problem_metadata)
 
     return JSONResponse(content={"message": "OK"}, status_code=status.HTTP_200_OK)

desdeo/api/routers/reference_point_method.py

@@ -2,26 +2,20 @@
 
 from typing import Annotated
 
-from fastapi import APIRouter, Depends
-from sqlmodel import Session
+from fastapi import APIRouter, Depends, HTTPException, status
 
-from desdeo.api.db import get_session
 from desdeo.api.models import (
-    InteractiveSessionDB,
     PreferenceDB,
-    ProblemDB,
     RPMSolveRequest,
     RPMState,
     StateDB,
-    User,
 )
 from desdeo.api.routers.problem import check_solver
-from desdeo.api.routers.user_authentication import get_current_user
 from desdeo.mcdm import rpm_solve_solutions
 from desdeo.problem import Problem
 from desdeo.tools import SolverResults
 
-from .utils import fetch_interactive_session, fetch_parent_state, fetch_user_problem
+from .utils import SessionContext, get_session_context
 
 router = APIRouter(prefix="/method/rpm")
 
@@ -29,31 +23,35 @@ router = APIRouter(prefix="/method/rpm")
 @router.post("/solve")
 def solve_solutions(
     request: RPMSolveRequest,
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_session)],
+    context: Annotated[SessionContext, Depends(get_session_context)],
 ) -> RPMState:
     """Runs an iteration of the reference point method.
 
     Args:
         request (RPMSolveRequest): a request with the needed information to run the method.
         user (Annotated[User, Depends): the current user.
-        session (Annotated[Session, Depends): the current database session.
+        context (Annotated[SessionContext, Depends): the current session context.
 
     Returns:
         RPMState: a state with information on the results of iterating the reference point method
             once.
     """
-    # fetch interactive session, parent state, and ProblemDB
-    interactive_session: InteractiveSessionDB = fetch_interactive_session(user, request, session)
-    parent_state = fetch_parent_state(user, request, session, interactive_session)
-
-    problem_db: ProblemDB = fetch_user_problem(user, request, session)
+    user = context.user
+    db_session = context.db_session
+    problem_db = context.problem_db
+    interactive_session = context.interactive_session
+    parent_state = context.parent_state
+
+    # ensure problem exists
+    if problem_db is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Problem context missing.",
+        )
 
     solver = check_solver(problem_db=problem_db)
-
     problem = Problem.from_problemdb(problem_db)
 
-    # optimize for solutions
     solver_results: list[SolverResults] = rpm_solve_solutions(
         problem,
         request.preference.aspiration_levels,
@@ -63,11 +61,15 @@ def solve_solutions(
     )
 
     # create DB preference
-    preference_db = PreferenceDB(user_id=user.id, problem_id=problem_db.id, preference=request.preference)
+    preference_db = PreferenceDB(
+        user_id=user.id,
+        problem_id=problem_db.id,
+        preference=request.preference,
+    )
 
-    session.add(preference_db)
-    session.commit()
-    session.refresh(preference_db)
+    db_session.add(preference_db)
+    db_session.commit()
+    db_session.refresh(preference_db)
 
     # create state and add to DB
     rpm_state = RPMState(
@@ -81,13 +83,13 @@ def solve_solutions(
     state = StateDB(
         problem_id=problem_db.id,
         preference_id=preference_db.id,
-        session_id=interactive_session.id if interactive_session is not None else None,
-        parent_id=parent_state.id if parent_state is not None else None,
+        session_id=interactive_session.id if interactive_session else None,
+        parent_id=parent_state.id if parent_state else None,
         state=rpm_state,
     )
 
-    session.add(state)
-    session.commit()
-    session.refresh(state)
+    db_session.add(state)
+    db_session.commit()
+    db_session.refresh(state)
 
     return rpm_state

desdeo/api/routers/session.py

@@ -14,7 +14,7 @@ from desdeo.api.models import (
     User,
 )
 from desdeo.api.routers.user_authentication import get_current_user
-from desdeo.api.routers.utils import fetch_interactive_session
+from desdeo.api.routers.utils import SessionContext, fetch_interactive_session, get_session_context_without_request
 
 router = APIRouter(prefix="/session")
 
@@ -22,21 +22,25 @@ router = APIRouter(prefix="/session")
 @router.post("/new")
 def create_new_session(
     request: CreateSessionRequest,
-    user: Annotated[User, Depends(get_current_user)],
-    session: Annotated[Session, Depends(get_db_session)],
+    context: Annotated[SessionContext, Depends(get_session_context_without_request)],
 ) -> InteractiveSessionInfo:
-    """."""
-    interactive_session = InteractiveSessionDB(user_id=user.id, info=request.info)
+    """Creates a new interactive session."""
+    user = context.user
+    db_session = context.db_session
+
+    interactive_session = InteractiveSessionDB(
+        user_id=user.id,
+        info=request.info,
+    )
 
-    session.add(interactive_session)
-    session.commit()
-    session.refresh(interactive_session)
+    db_session.add(interactive_session)
+    db_session.commit()
+    db_session.refresh(interactive_session)
 
     user.active_session_id = interactive_session.id
 
-    session.add(user)
-    session.commit()
-    session.refresh(interactive_session)
+    db_session.add(user)
+    db_session.commit()
 
     return interactive_session
 

desdeo/api/routers/user_authentication.py

@@ -9,8 +9,6 @@ from fastapi import APIRouter, Cookie, Depends, HTTPException, Response, Securit
 from fastapi.responses import JSONResponse
 from fastapi.security import (
     APIKeyCookie,
-    HTTPAuthorizationCredentials,
-    HTTPBearer,
     OAuth2PasswordBearer,
     OAuth2PasswordRequestForm,
 )
@@ -119,7 +117,8 @@ def get_current_user(
     This function is a dependency for other functions that need to get the current user.
 
     Args:
-        token (Annotated[str, Depends(oauth2_scheme)]): The authentication token.
+        header_token (Annotated[str, Depends(oauth2_scheme)]): The authentication token as part of the request header.
+        cookie_token (Annotated[str, Depends(cookie_scheme)]): The authentication token as part of request cookie.
         session (Annotated[Session, Depends(get_db)]): A database session.
 
     Returns:
@@ -447,8 +446,31 @@ def refresh_access_token(
 
     # Generate a new access token for the user
     access_token = create_access_token({"id": user.id, "sub": user.username})
+    response = JSONResponse(content={"access_token": access_token})
 
-    return {"access_token": access_token}
+    if AuthConfig.cookie_domain == "":
+        response.set_cookie(
+            key="access_token",
+            value=access_token,
+            httponly=True,
+            secure=False,
+            samesite="lax",
+            max_age=AuthConfig.authjwt_access_token_expires * 60,
+            path="/",
+        )
+    else:
+        response.set_cookie(
+            key="access_token",
+            value=access_token,
+            httponly=True,
+            secure=True,
+            samesite="none",
+            max_age=AuthConfig.authjwt_access_token_expires * 60,
+            path="/",
+            domain=AuthConfig.cookie_domain,
+        )
+
+    return response
 
 
 @router.post("/add_new_dm")
@@ -502,7 +524,7 @@ def add_new_analyst(
 
     """
     # Check if the user who tries to create the user is either an analyst or an admin.
-    if not (user.role == UserRole.analyst or user.role == UserRole.admin):
+    if user.role not in (UserRole.analyst, UserRole.admin):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Logged in user has insufficient rights.",

desdeo/api/routers/utils.py

@@ -67,7 +67,7 @@ def fetch_interactive_session(user: User, request: RequestType, session: Session
     return interactive_session
 
 
-def fetch_user_problem(user: User, request: RequestType, session: Session) -> ProblemDB:
+def fetch_user_problem(user: User, request: RequestType, session: Session) -> ProblemDB | None:
     """Fetches a user's `ProblemDB` based on the id in the given request.
 
     Args:
@@ -81,19 +81,21 @@ def fetch_user_problem(user: User, request: RequestType, session: Session) -> Pr
     Returns:
         Problem: the instance of `ProblemDB` with the given id.
     """
-    statement = select(ProblemDB).where(ProblemDB.user_id == user.id, ProblemDB.id == request.problem_id)
-    problem_db = session.exec(statement).first()
+    if request.problem_id is None:
+        return None
 
-    if problem_db is None:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail=f"Problem with id={request.problem_id} could not be found."
-        )
-
-    return problem_db
+    statement = select(ProblemDB).where(
+        ProblemDB.user_id == user.id,
+        ProblemDB.id == request.problem_id,
+    )
+    return session.exec(statement).first()
 
 
 def fetch_parent_state(
-    user: User, request: RequestType, session: Session, interactive_session: InteractiveSessionDB | None = None
+    user: User,
+    request: RequestType,
+    session: Session,
+    interactive_session: InteractiveSessionDB | None = None,
 ) -> StateDB | None:
     """Fetches the parent state, if an id is given, or if defined in the given interactive session.
 
@@ -105,18 +107,17 @@ def fetch_parent_state(
     given `interactive_session`, if available. If neither source provides a
     parent state, `None` is returned.
 
-
     Args:
-        user (User): the user for which the parent state is fetched.
-        request (RequestType): request containing details about the parent state and optionally the
-            interactive session.
-        session (Session): the database session from which to fetch the parent state.
-        interactive_session (InteractiveSessionDB | None, optional): the interactive session containing
-            information about the parent state. Defaults to None.
+    user (User): the user for which the parent state is fetched.
+    request (RequestType): request containing details about the parent state and optionally the
+        interactive session.
+    session (Session): the database session from which to fetch the parent state.
+    interactive_session (InteractiveSessionDB | None, optional): the interactive session containing
+        information about the parent state. Defaults to None.
 
     Raises:
-        HTTPException: when `request.parent_state_id` is not `None` and a `StateDB` with this id cannot
-            be found in the given database session.
+    HTTPException: when `request.parent_state_id` is not `None` and a `StateDB` with this id cannot
+        be found in the given database session.
 
     Returns:
         StateDB | None: if `request.parent_state_id` is given, returns the corresponding `StateDB`.
@@ -126,23 +127,19 @@ def fetch_parent_state(
     if request.parent_state_id is None:
         # parent state is assumed to be the last sate added to the session.
         # if `interactive_session` is None, then parent state is set to None.
-        parent_state = (
-            interactive_session.states[-1]
-            if (interactive_session is not None and len(interactive_session.states) > 0)
-            else None
-        )
+        return interactive_session.states[-1] if interactive_session and interactive_session.states else None
 
-    else:
-        # request.parent_state_id is not None
-        statement = select(StateDB).where(StateDB.id == request.parent_state_id)
-        parent_state = session.exec(statement).first()
+    # request.parent_state_id is not None
+    statement = select(StateDB).where(StateDB.id == request.parent_state_id)
+    parent_state = session.exec(statement).first()
 
-        # this error is raised because if a parent_state_id is given, it is assumed that the
-        # user wished to use that state explicitly as the parent.
-        if parent_state is None:
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND, detail=f"Could not find state with id={request.parent_state_id}"
-            )
+    # this error is raised because if a parent_state_id is given, it is assumed that the
+    # user wished to use that state explicitly as the parent.
+    if parent_state is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Could not find state with id={request.parent_state_id}",
+        )
 
     return parent_state
 
@@ -153,9 +150,9 @@ class SessionContext:
 
     user: User
     db_session: Session
-    problem_db: ProblemDB
-    interactive_session: InteractiveSessionDB | None
-    parent_state: StateDB | None
+    problem_db: ProblemDB | None = None
+    interactive_session: InteractiveSessionDB | None = None
+    parent_state: StateDB | None = None
 
 
 def get_session_context(
@@ -185,3 +182,11 @@ def get_session_context(
         interactive_session=interactive_session,
         parent_state=parent_state,
     )
+
+
+def get_session_context_without_request(
+    user: Annotated[User, Depends(get_current_user)],
+    db_session: Annotated[Session, Depends(get_session)],
+) -> SessionContext:
+    """Gets the current session context. Should be used as a dep."""
+    return SessionContext(user=user, db_session=db_session)