geek-cafe-saas-sdk 0.7.5__py3-none-any.whl → 0.8.0__py3-none-any.whl

geek_cafe_saas_sdk/domains/tenancy/handlers/tenants/get/app.py

@@ -9,7 +9,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 tenant_service_pool = ServicePool(TenantService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for retrieving a tenant by ID.
     

geek_cafe_saas_sdk/domains/tenancy/handlers/tenants/me/app.py

@@ -9,7 +9,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 tenant_service_pool = ServicePool(TenantService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for retrieving the authenticated user's tenant.
     

geek_cafe_saas_sdk/domains/tenancy/handlers/tenants/signup/app.py

@@ -10,7 +10,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 tenant_service_pool = ServicePool(TenantService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for tenant signup (creates tenant + primary admin user).
     

geek_cafe_saas_sdk/domains/tenancy/handlers/tenants/update/app.py

@@ -10,7 +10,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 tenant_service_pool = ServicePool(TenantService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for updating a tenant.
     

geek_cafe_saas_sdk/domains/tenancy/services/subscription_service.py

@@ -38,11 +38,11 @@ class SubscriptionService(DatabaseService[Subscription]):
     """
 
     def __init__(self, *, dynamodb: DynamoDB = None, table_name: str = None,
-                 tenant_service: TenantService = None):
-        super().__init__(dynamodb=dynamodb, table_name=table_name)
+                 tenant_service: TenantService = None, request_context: Optional[Dict[str, str]] = None):
+        super().__init__(dynamodb=dynamodb, table_name=table_name, request_context=request_context)
         # Tenant service for updating tenant plan_tier
         self.tenant_service = tenant_service or TenantService(
-            dynamodb=dynamodb, table_name=table_name
+            dynamodb=dynamodb, table_name=table_name, request_context=request_context
         )
 
     def create(self, tenant_id: str, user_id: str, payload: Dict[str, Any]) -> ServiceResult[Subscription]:

geek_cafe_saas_sdk/domains/tenancy/services/tenant_service.py

@@ -29,11 +29,11 @@ class TenantService(DatabaseService[Tenant]):
 
     def __init__(self, *, dynamodb: DynamoDB = None, table_name: str = None,
                  user_service: UserService = None, cognito_utility: CognitoUtility = None,
-                 user_pool_id: str = None, enable_cognito: bool = True):
-        super().__init__(dynamodb=dynamodb, table_name=table_name)
+                 user_pool_id: str = None, enable_cognito: bool = True, request_context: Optional[Dict[str, str]] = None):
+        super().__init__(dynamodb=dynamodb, table_name=table_name, request_context=request_context)
         # User service for creating primary users
         self.user_service = user_service or UserService(
-            dynamodb=dynamodb, table_name=table_name
+            dynamodb=dynamodb, table_name=table_name, request_context=request_context
         )
         # Cognito integration (optional for testing)
         self.cognito_utility = cognito_utility

geek_cafe_saas_sdk/domains/voting/handlers/votes/delete/app.py

@@ -9,7 +9,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 vote_service_pool = ServicePool(VoteService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for deleting a vote by its ID.
     

geek_cafe_saas_sdk/domains/voting/handlers/votes/get/app.py

@@ -9,7 +9,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 vote_service_pool = ServicePool(VoteService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for retrieving a single vote by its ID.
     

geek_cafe_saas_sdk/domains/voting/handlers/votes/list/app.py

@@ -9,7 +9,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 vote_service_pool = ServicePool(VoteService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for listing votes with optional filters.
     

geek_cafe_saas_sdk/domains/voting/handlers/votes/update/app.py

@@ -10,7 +10,7 @@ from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
 
 vote_service_pool = ServicePool(VoteService)
 
-def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+def lambda_handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
     """
     Lambda handler for updating an existing vote.
     

geek_cafe_saas_sdk/domains/voting/services/vote_service.py

@@ -11,9 +11,6 @@ from geek_cafe_saas_sdk.domains.voting.models import Vote
 class VoteService(DatabaseService[Vote]):
     """Service for Vote database operations."""
     
-    def __init__(self, *, dynamodb: DynamoDB = None, table_name: str = None):
-        super().__init__(dynamodb=dynamodb, table_name=table_name)
-    
     def create(self, tenant_id: str, user_id: str, **kwargs) -> ServiceResult[Vote]:
         """Create or update (upsert) a vote for a target by a user."""
         try:
@@ -211,10 +208,9 @@ class VoteService(DatabaseService[Vote]):
                     setattr(vote, field, value)
             
             # Update metadata
-            vote.updated_by_id = user_id
             vote.prep_for_save()  # Updates timestamp
             
-            # Save updated vote
+            # Save updated vote (_save_model automatically populates updated_by_id from request_context)
             return self._save_model(vote)
             
         except Exception as e:

geek_cafe_saas_sdk/domains/voting/services/vote_summary_service.py

@@ -11,9 +11,6 @@ from geek_cafe_saas_sdk.domains.voting.models import VoteSummary
 class VoteSummaryService(DatabaseService[VoteSummary]):
     """Service for VoteSummary database operations."""
     
-    def __init__(self, *, dynamodb: DynamoDB = None, table_name: str = None):
-        super().__init__(dynamodb=dynamodb, table_name=table_name)
-    
     def create(self, tenant_id: str, user_id: str, **kwargs) -> ServiceResult[VoteSummary]:
         """Create or update (upsert) a vote summary for a target."""
         try:
@@ -155,10 +152,9 @@ class VoteSummaryService(DatabaseService[VoteSummary]):
                     setattr(summary, field, value)
             
             # Update metadata
-            summary.updated_by_id = user_id
             summary.prep_for_save()  # Updates timestamp
             
-            # Save updated summary
+            # Save updated summary (_save_model automatically populates updated_by_id from request_context)
             return self._save_model(summary)
             
         except Exception as e:

geek_cafe_saas_sdk/domains/voting/services/vote_tally_service.py

@@ -4,6 +4,7 @@ from typing import Dict, Any, Optional, List
 from boto3_assist.dynamodb.dynamodb import DynamoDB
 from geek_cafe_saas_sdk.core.service_result import ServiceResult
 from geek_cafe_saas_sdk.core.error_codes import ErrorCode
+from geek_cafe_saas_sdk.core.request_context import RequestContext
 from .vote_service import VoteService
 from .vote_summary_service import VoteSummaryService
 from geek_cafe_saas_sdk.domains.voting.models import Vote, VoteSummary
@@ -17,9 +18,15 @@ logger = Logger()
 class VoteTallyService:
     """Service for tallying votes and updating vote summaries."""
     
-    def __init__(self, *, dynamodb: DynamoDB = None, table_name: str = None):
-        self.vote_service = VoteService(dynamodb=dynamodb, table_name=table_name)
-        self.vote_summary_service = VoteSummaryService(dynamodb=dynamodb, table_name=table_name)
+    def __init__(self, *, dynamodb: DynamoDB = None, table_name: str = None, request_context: RequestContext):
+        """
+        Initialize tally service with child services.
+        
+        NOTE: This service keeps custom __init__ because it creates child services.
+        Simple services inherit DatabaseService.__init__ directly.
+        """
+        self.vote_service = VoteService(dynamodb=dynamodb, table_name=table_name, request_context=request_context)
+        self.vote_summary_service = VoteSummaryService(dynamodb=dynamodb, table_name=table_name, request_context=request_context)
         self.page_size = 100  # Configurable page size for pagination
         
         # Pagination monitoring configuration from environment variables

geek_cafe_saas_sdk/lambda_handlers/_base/base_handler.py

@@ -6,6 +6,7 @@ request/response handling, error management, and service injection.
 """
 
 import json
+import time
 from typing import Dict, Any, Callable, Optional, Type, TypeVar
 from aws_lambda_powertools import Logger
 
@@ -60,19 +61,33 @@ class BaseLambdaHandler:
         # Initialize service pool if a class is provided
         self._service_pool = ServicePool(service_class, **self.service_kwargs) if service_class else None
 
-    def _get_service(self, injected_service: Optional[T]) -> Optional[T]:
+    def _get_service(self, injected_service: Optional[T], request_context: Optional[Any] = None) -> Optional[T]:
         """
-        Get service instance (injected or from pool).
+        Get service instance (injected or from pool) with FRESH request_context.
+        
+        Args:
+            injected_service: Injected service for testing
+            request_context: Fresh RequestContext for this invocation
+            
+        Returns:
+            Service instance with refreshed security context
         """
         if injected_service:
+            # Testing: Refresh context on injected service too
+            if request_context is not None and hasattr(injected_service, '_request_context'):
+                injected_service._request_context = request_context
             return injected_service
         
         if self._service_pool:
-            return self._service_pool.get()
+            # Production: Get from pool with fresh context
+            return self._service_pool.get(request_context)
         
         # Fallback for direct instantiation if pooling is not used (rare)
         if self.service_class:
-            return self.service_class(**self.service_kwargs)
+            kwargs = {**self.service_kwargs}
+            if request_context is not None:
+                kwargs['request_context'] = request_context
+            return self.service_class(**kwargs)
 
         return None
 
@@ -86,6 +101,8 @@ class BaseLambdaHandler:
         """
         Execute the Lambda handler with the given business logic.
         
+        SECURITY: Creates fresh RequestContext at start, clears it at end.
+        
         Args:
             event: Lambda event dictionary
             context: Lambda context object
@@ -95,6 +112,8 @@ class BaseLambdaHandler:
         Returns:
             Lambda response dictionary
         """
+        service = None  # Track service for cleanup
+        start_time = time.time()  # Track execution time for telemetry
         try:
             # Log event payload if enabled (sanitized for security)
             if EnvironmentVariables.should_log_lambda_events():
@@ -152,8 +171,12 @@ class BaseLambdaHandler:
             # Extract user context from authorizer claims
             user_context = extract_user_context(event)
             
-            # Get service instance
-            service = self._get_service(injected_service)
+            # Create FRESH RequestContext for this invocation
+            from geek_cafe_saas_sdk.core.request_context import RequestContext
+            request_context = RequestContext(user_context)
+            
+            # Get service instance with FRESH request_context
+            service = self._get_service(injected_service, request_context)
             
             # Execute business logic
             result = business_logic(event, service, user_context)
@@ -190,3 +213,14 @@ class BaseLambdaHandler:
                     500
                 )
             raise
+        finally:
+            # Track execution time for telemetry
+            execution_time_ms = (time.time() - start_time) * 1000
+            if self._service_pool and hasattr(self._service_pool, 'track_execution_time'):
+                self._service_pool.track_execution_time(execution_time_ms)
+            
+            # SECURITY: Clear request_context after invocation completes
+            # This ensures no lingering user credentials in warm Lambda containers
+            if service and hasattr(service, '_request_context'):
+                service._request_context = None
+                logger.debug("Cleared request_context after invocation")

geek_cafe_saas_sdk/lambda_handlers/_base/service_pool.py

@@ -3,53 +3,198 @@ Service pooling manager for Lambda warm starts.
 
 Manages service initialization and caching to improve Lambda performance
 by reusing connections across invocations.
+
+Includes optional telemetry for tracking cold/warm starts, execution times,
+and Lambda container uptime.
 """
 
-from typing import Dict, Type, TypeVar, Generic, Optional
+import os
+import time
+from typing import Dict, Type, TypeVar, Generic, Optional, Any
+from aws_lambda_powertools import Logger
+
+logger = Logger()
 
 T = TypeVar('T')
 
 
 class ServicePool(Generic[T]):
     """
-    Manages service instances for Lambda warm starts.
+    Manages service instances for Lambda warm starts with PER-INVOCATION security context refresh.
     
     Lambda containers reuse the global scope between invocations, allowing
     us to cache service instances (and their DB connections) to reduce 
     cold start latency by 80-90%.
     
+    SECURITY: request_context is refreshed on EVERY invocation to prevent
+    cross-user data leaks in warm Lambda containers.
+    
     Example:
         # Module level
-        vote_service_pool = ServicePool(VoteService)
+        vote_service_pool = ServicePool(VoteService, dynamodb=db, table_name=TABLE)
         
-        # In handler
-        service = vote_service_pool.get()
+        # In handler (per invocation)
+        request_context = RequestContext(user_context)  # Fresh context
+        service = vote_service_pool.get(request_context)  # Context refreshed!
     """
     
-    def __init__(self, service_class: Type[T]):
+    def __init__(self, service_class: Type[T], **service_kwargs):
         """
-        Initialize the service pool.
+        Initialize the service pool with optional telemetry.
         
         Args:
             service_class: The service class to instantiate
+            **service_kwargs: Keyword arguments for service (dynamodb, table_name, etc.)
+                             NOTE: request_context should NOT be in kwargs - it's per-invocation
+        
+        Environment Variables:
+            ENABLE_SERVICE_POOL_TELEMETRY: Set to 'true' to enable metrics logging
         """
         self.service_class = service_class
+        self.service_kwargs = service_kwargs
         self._instance: Optional[T] = None
+        
+        # Telemetry tracking (optional)
+        self._telemetry_enabled = os.getenv('ENABLE_SERVICE_POOL_TELEMETRY', 'false').lower() in ('true', '1', 'yes')
+        self._container_start_time = time.time()  # When this Lambda container started
+        self._cold_start_count = 0  # Number of cold starts
+        self._warm_start_count = 0  # Number of warm starts
+        self._total_invocations = 0  # Total invocations
+        self._last_invocation_time: Optional[float] = None
+        self._execution_times: list = []  # Track execution durations (limited to last 10)
     
-    def get(self) -> T:
+    def get(self, request_context: Optional[Any] = None) -> T:
         """
-        Get or create the service instance.
+        Get or create the service instance with FRESH request_context.
         
+        SECURITY CRITICAL: On warm starts, the request_context is REFRESHED
+        to prevent User A's credentials from being used for User B's request.
+        
+        TELEMETRY: Tracks cold/warm starts and logs metrics if enabled.
+        
+        Args:
+            request_context: Fresh RequestContext for this invocation
+            
         Returns:
-            Service instance (cached on warm starts)
+            Service instance (DB connection cached, security context refreshed)
         """
-        if self._instance is None:
-            self._instance = self.service_class()
+        is_cold_start = self._instance is None
+        
+        if is_cold_start:
+            # Cold start - create new service instance
+            if self._telemetry_enabled:
+                self._cold_start_count += 1
+                logger.info(
+                    "ServicePool: Cold start",
+                    extra={
+                        "service": self.service_class.__name__,
+                        "cold_starts": self._cold_start_count,
+                        "warm_starts": self._warm_start_count
+                    }
+                )
+            
+            kwargs = {**self.service_kwargs}
+            if request_context is not None:
+                kwargs['request_context'] = request_context
+            self._instance = self.service_class(**kwargs)
+        else:
+            # Warm start - REFRESH request_context for security
+            if self._telemetry_enabled:
+                self._warm_start_count += 1
+            
+            if request_context is not None and hasattr(self._instance, '_request_context'):
+                self._instance._request_context = request_context
+        
+        self._total_invocations += 1
+        self._last_invocation_time = time.time()
+        
+        # Log telemetry periodically (every 10 invocations)
+        if self._telemetry_enabled and self._total_invocations % 10 == 0:
+            self._log_telemetry()
+        
         return self._instance
     
+    def track_execution_time(self, duration_ms: float):
+        """
+        Track execution time for this invocation.
+        
+        Args:
+            duration_ms: Execution duration in milliseconds
+        """
+        if not self._telemetry_enabled:
+            return
+        
+        # Keep only last 10 execution times to avoid memory bloat
+        self._execution_times.append(duration_ms)
+        if len(self._execution_times) > 10:
+            self._execution_times.pop(0)
+    
+    def _log_telemetry(self):
+        """Log telemetry metrics."""
+        container_uptime_seconds = time.time() - self._container_start_time
+        
+        metrics = {
+            "service": self.service_class.__name__,
+            "total_invocations": self._total_invocations,
+            "cold_starts": self._cold_start_count,
+            "warm_starts": self._warm_start_count,
+            "container_uptime_seconds": round(container_uptime_seconds, 2),
+            "container_uptime_minutes": round(container_uptime_seconds / 60, 2),
+            "warm_start_ratio": round(
+                self._warm_start_count / self._total_invocations * 100, 2
+            ) if self._total_invocations > 0 else 0
+        }
+        
+        # Add execution time stats if available
+        if self._execution_times:
+            avg_exec_time = sum(self._execution_times) / len(self._execution_times)
+            metrics.update({
+                "avg_execution_ms": round(avg_exec_time, 2),
+                "min_execution_ms": round(min(self._execution_times), 2),
+                "max_execution_ms": round(max(self._execution_times), 2),
+                "recent_executions_tracked": len(self._execution_times)
+            })
+        
+        logger.info(
+            "ServicePool Telemetry",
+            extra=metrics
+        )
+    
+    def get_metrics(self) -> Dict[str, Any]:
+        """
+        Get current telemetry metrics.
+        
+        Returns:
+            Dictionary of metrics
+        """
+        container_uptime = time.time() - self._container_start_time
+        
+        metrics = {
+            "service_class": self.service_class.__name__,
+            "total_invocations": self._total_invocations,
+            "cold_starts": self._cold_start_count,
+            "warm_starts": self._warm_start_count,
+            "container_uptime_seconds": round(container_uptime, 2),
+            "warm_start_ratio_percent": round(
+                self._warm_start_count / self._total_invocations * 100, 2
+            ) if self._total_invocations > 0 else 0,
+            "telemetry_enabled": self._telemetry_enabled
+        }
+        
+        if self._execution_times:
+            avg_exec = sum(self._execution_times) / len(self._execution_times)
+            metrics.update({
+                "avg_execution_ms": round(avg_exec, 2),
+                "min_execution_ms": round(min(self._execution_times), 2),
+                "max_execution_ms": round(max(self._execution_times), 2)
+            })
+        
+        return metrics
+    
     def reset(self):
         """Reset the pool (useful for testing)."""
         self._instance = None
+        # Don't reset telemetry - it tracks the entire container lifecycle
 
 
 class MultiServicePool:

geek_cafe_saas_sdk/middleware/authorization.py

@@ -427,7 +427,7 @@ def require_authorization(
         
     Usage:
         @require_authorization(operation=Operation.READ, resource_type="message")
-        def handler(event, context):
+        def lambda_handler(event, context):
             # Authorization already checked
             # Access auth info via event['authorization_context']
             pass

geek_cafe_saas_sdk/middleware/cors.py

@@ -5,13 +5,13 @@ import functools
 from typing import Dict, Any, Callable
 
 
-def add_cors_headers(handler: Callable) -> Callable:
+def add_cors_headers(lambda_handler: Callable) -> Callable:
     """
     Decorator that adds CORS headers to Lambda response.
     """
-    @functools.wraps(handler)
+    @functools.wraps(lambda_handler)
     def wrapper(event: Dict[str, Any], context: Any, *args, **kwargs) -> Dict[str, Any]:
-        response = handler(event, context, *args, **kwargs)
+        response = lambda_handler(event, context, *args, **kwargs)
         
         # Ensure headers exist
         if 'headers' not in response:
@@ -31,11 +31,11 @@ def add_cors_headers(handler: Callable) -> Callable:
     return wrapper
 
 
-def handle_preflight(handler: Callable) -> Callable:
+def handle_preflight(lambda_handler: Callable) -> Callable:
     """
     Decorator that handles OPTIONS preflight requests.
     """
-    @functools.wraps(handler)
+    @functools.wraps(lambda_handler)
     def wrapper(event: Dict[str, Any], context: Any, *args, **kwargs) -> Dict[str, Any]:
         # Handle OPTIONS request
         if event.get('httpMethod') == 'OPTIONS':
@@ -50,14 +50,14 @@ def handle_preflight(handler: Callable) -> Callable:
                 'body': ''
             }
         
-        return handler(event, context, *args, **kwargs)
+        return lambda_handler(event, context, *args, **kwargs)
     
     return wrapper
 
 
 # Convenience decorator that combines both CORS functionalities
-def handle_cors(handler: Callable) -> Callable:
+def handle_cors(lambda_handler: Callable) -> Callable:
     """
     Decorator that handles both preflight requests and adds CORS headers.
     """
-    return add_cors_headers(handle_preflight(handler))
+    return add_cors_headers(handle_preflight(lambda_handler))