interloper-api 0.2.0__py3-none-any.whl

interloper_api/routes/jobs.py

@@ -0,0 +1,216 @@
+"""Jobs API: CRUD for scheduled materialization jobs."""
+
+from __future__ import annotations
+
+import datetime as dt
+from uuid import UUID
+
+from fastapi import APIRouter, Depends, HTTPException
+from interloper.errors import NotFoundError
+from interloper_db import Profile, Store
+from interloper_db.models import Job
+from pydantic import BaseModel
+
+from interloper_api.dependencies import get_org_id, get_store, require_editor, require_viewer
+
+router = APIRouter()
+
+
+class JobCreateRequest(BaseModel):
+    """Request body for creating or updating a job."""
+
+    name: str
+    cron: str
+    source_ids: list[UUID] | None = None
+    asset_ids: list[UUID] | None = None
+    tags: list[str] | None = None
+    enabled: bool = True
+    partitioned: bool = False
+    backfill_days: int | None = None
+
+
+class JobResponse(BaseModel):
+    """Response body for a job."""
+
+    id: UUID
+    org_id: UUID
+    name: str
+    cron: str
+    tags: list[str]
+    enabled: bool
+    partitioned: bool
+    backfill_days: int | None
+    source_ids: list[UUID]
+    asset_ids: list[UUID]
+    last_run_at: str | None = None
+    next_run_at: str | None = None
+    created_at: str | None = None
+
+
+class RunRequest(BaseModel):
+    """Request body for queuing a single run."""
+
+    partition_date: dt.date | None = None
+
+
+class BackfillRequest(BaseModel):
+    """Request body for queuing a backfill."""
+
+    start_date: dt.date
+    end_date: dt.date
+    concurrency: int = 1
+    fail_fast: bool = False
+
+
+def _job_to_response(job: Job) -> JobResponse:
+    """Convert a DB Job to a JobResponse.
+
+    Args:
+        job: The DB Job row with sources loaded.
+
+    Returns:
+        The response model.
+    """
+    return JobResponse(
+        id=job.id,  # type: ignore[arg-type]
+        org_id=job.org_id,
+        name=job.name,
+        cron=job.cron,
+        tags=job.tags,
+        enabled=job.enabled,
+        partitioned=job.partitioned,
+        backfill_days=job.backfill_days,
+        source_ids=[s.id for s in job.sources],  # type: ignore[misc]
+        asset_ids=[a.id for a in job.assets if a.id],
+        last_run_at=str(job.last_run_at) if job.last_run_at else None,
+        next_run_at=str(job.next_run_at) if job.next_run_at else None,
+        created_at=str(job.created_at) if job.created_at else None,
+    )
+
+
+@router.get("/")
+def list_jobs(
+    user: Profile = Depends(require_viewer),
+    org_id: UUID = Depends(get_org_id),
+    store: Store = Depends(get_store),
+) -> list[JobResponse]:
+    """List all jobs for the current organisation."""
+    jobs = store.list_jobs(org_id)
+    return [_job_to_response(j) for j in jobs]
+
+
+@router.get("/{job_id}")
+def get_job(
+    job_id: UUID,
+    user: Profile = Depends(require_viewer),
+    store: Store = Depends(get_store),
+) -> JobResponse:
+    """Get a single job by ID."""
+    try:
+        job = store.get_job(job_id)
+    except NotFoundError:
+        raise HTTPException(status_code=404, detail=f"Job {job_id} not found")
+    return _job_to_response(job)
+
+
+@router.post("/")
+def create_job(
+    body: JobCreateRequest,
+    user: Profile = Depends(require_editor),
+    org_id: UUID = Depends(get_org_id),
+    store: Store = Depends(get_store),
+) -> JobResponse:
+    """Create a new job."""
+    job = store.create_job(
+        org_id,
+        name=body.name,
+        cron=body.cron,
+        source_ids=body.source_ids,
+        asset_ids=body.asset_ids,
+        tags=body.tags,
+        enabled=body.enabled,
+        partitioned=body.partitioned,
+        backfill_days=body.backfill_days,
+    )
+    return _job_to_response(store.get_job(job.id))  # type: ignore[arg-type]
+
+
+@router.put("/{job_id}")
+def update_job(
+    job_id: UUID,
+    body: JobCreateRequest,
+    user: Profile = Depends(require_editor),
+    store: Store = Depends(get_store),
+) -> JobResponse:
+    """Update an existing job."""
+    try:
+        job = store.update_job(
+            job_id,
+            name=body.name,
+            cron=body.cron,
+            source_ids=body.source_ids,
+            asset_ids=body.asset_ids,
+            tags=body.tags,
+            enabled=body.enabled,
+            partitioned=body.partitioned,
+            backfill_days=body.backfill_days,
+        )
+    except NotFoundError:
+        raise HTTPException(status_code=404, detail=f"Job {job_id} not found")
+    return _job_to_response(store.get_job(job.id))  # type: ignore[arg-type]
+
+
+@router.delete("/{job_id}")
+def delete_job(
+    job_id: UUID,
+    user: Profile = Depends(require_editor),
+    store: Store = Depends(get_store),
+) -> dict[str, str]:
+    """Delete a job."""
+    store.delete_job(job_id)
+    return {"status": "deleted"}
+
+
+@router.post("/{job_id}/run")
+def queue_run(
+    job_id: UUID,
+    body: RunRequest | None = None,
+    user: Profile = Depends(require_editor),
+    store: Store = Depends(get_store),
+) -> dict[str, str]:
+    """Queue a single run for a job."""
+    try:
+        job = store.get_job(job_id)
+    except NotFoundError:
+        raise HTTPException(status_code=404, detail=f"Job {job_id} not found")
+
+    run = store.create_run(
+        job.org_id,
+        job_id=job_id,
+        partition_date=body.partition_date if body else None,
+    )
+    return {"status": "queued", "run_id": str(run.id)}
+
+
+@router.post("/{job_id}/backfill")
+def queue_backfill(
+    job_id: UUID,
+    body: BackfillRequest,
+    user: Profile = Depends(require_editor),
+    store: Store = Depends(get_store),
+) -> dict[str, str]:
+    """Queue a backfill for a job."""
+    try:
+        job = store.get_job(job_id)
+    except NotFoundError:
+        raise HTTPException(status_code=404, detail=f"Job {job_id} not found")
+
+    backfill = store.create_backfill(
+        job.org_id,
+        job_id=job_id,
+        start_date=body.start_date,
+        end_date=body.end_date,
+        concurrency=body.concurrency,
+        fail_fast=body.fail_fast,
+    )
+    return {"status": "queued", "backfill_id": str(backfill.id)}

interloper_api/routes/oauth.py

@@ -0,0 +1,345 @@
+"""OAuth2 token exchange routes.
+
+Each provider has an explicit exchange function with its own URL,
+HTTP method, body encoding, and parameter names.  The ``client_id``
+and ``client_secret`` are read from environment variables and injected
+into the token response so they can be stored alongside the tokens.
+
+The ``GET /providers`` endpoint returns metadata for all providers
+that have credentials configured, so the frontend knows which
+"Sign in with X" buttons to render.
+"""
+
+from __future__ import annotations
+
+import base64
+import logging
+import os
+from typing import Any
+
+import httpx
+from fastapi import APIRouter, Depends, HTTPException
+from pydantic import BaseModel
+
+from interloper_api.dependencies import get_catalog
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/oauth", tags=["oauth"])
+
+
+# ---------------------------------------------------------------------------
+# Provider registry
+# ---------------------------------------------------------------------------
+
+
+class _ProviderConfig:
+    """Runtime provider config resolved from environment variables."""
+
+    def __init__(self, key: str, *, env_prefix: str | None = None) -> None:
+        prefix = (env_prefix or key).upper()
+        self.key = key
+        self.client_id = os.environ.get(f"{prefix}_CLIENT_ID", "")
+        self.client_secret = os.environ.get(f"{prefix}_CLIENT_SECRET", "")
+        self.redirect_uri = os.environ.get(f"{prefix}_REDIRECT_URI", "")
+
+    @property
+    def configured(self) -> bool:
+        return bool(self.client_id and self.client_secret and self.redirect_uri)
+
+
+_PROVIDER_KEYS = [
+    "amazon",
+    "criteo",
+    "facebook",
+    "google",
+    "linkedin",
+    "microsoft",
+    "pinterest",
+    "snapchat",
+    "tiktok",
+]
+
+
+def _load_providers() -> dict[str, _ProviderConfig]:
+    return {k: _ProviderConfig(k) for k in _PROVIDER_KEYS}
+
+
+# ---------------------------------------------------------------------------
+# Token exchange functions (one per provider)
+# ---------------------------------------------------------------------------
+
+
+async def _amazon(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://api.amazon.com/auth/o2/token",
+        json={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _criteo(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://api.criteo.com/oauth2/token",
+        json={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _facebook(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.get(
+        "https://graph.facebook.com/v19.0/oauth/access_token",
+        params={
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _google(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://oauth2.googleapis.com/token",
+        json={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _linkedin(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://www.linkedin.com/oauth/v2/accessToken",
+        data={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _microsoft(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://login.microsoftonline.com/common/oauth2/v2.0/token",
+        data={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _pinterest(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    creds = base64.b64encode(f"{cfg.client_id}:{cfg.client_secret}".encode()).decode()
+    resp = await client.post(
+        "https://api.pinterest.com/v5/oauth/token",
+        data={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+        headers={
+            "Content-Type": "application/x-www-form-urlencoded",
+            "Authorization": f"Basic {creds}",
+        },
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _snapchat(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://accounts.snapchat.com/login/oauth2/access_token",
+        data={
+            "grant_type": "authorization_code",
+            "code": code,
+            "redirect_uri": cfg.redirect_uri,
+            "client_id": cfg.client_id,
+            "client_secret": cfg.client_secret,
+        },
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+async def _tiktok(client: httpx.AsyncClient, cfg: _ProviderConfig, code: str) -> dict[str, Any]:
+    resp = await client.post(
+        "https://business-api.tiktok.com/open_api/v1.3/oauth2/access_token",
+        json={
+            "auth_code": code,
+            "app_id": cfg.client_id,
+            "secret": cfg.client_secret,
+        },
+    )
+    resp.raise_for_status()
+    result = resp.json()
+    result["client_id"] = cfg.client_id
+    result["client_secret"] = cfg.client_secret
+    return result
+
+
+_EXCHANGE_FNS: dict[str, Any] = {
+    "amazon": _amazon,
+    "criteo": _criteo,
+    "facebook": _facebook,
+    "google": _google,
+    "linkedin": _linkedin,
+    "microsoft": _microsoft,
+    "pinterest": _pinterest,
+    "snapchat": _snapchat,
+    "tiktok": _tiktok,
+}
+
+
+# ---------------------------------------------------------------------------
+# Routes
+# ---------------------------------------------------------------------------
+
+
+class TokenExchangeRequest(BaseModel):
+    """Request body for exchanging an authorization code for tokens."""
+
+    code: str
+
+
+class ProviderInfo(BaseModel):
+    """Public provider metadata (no secrets)."""
+
+    key: str
+    client_id: str
+    redirect_uri: str
+    auth_url: str = ""
+    label: str = ""
+    icon: str = ""
+
+
+def _extract_oauth_metadata(catalog: dict[str, Any]) -> dict[str, dict[str, str]]:
+    """Extract OAuth metadata (auth_url, label, icon) from catalog definitions.
+
+    Scans all resource definitions for ``x-oauth`` config schema extensions.
+    Returns a dict keyed by provider key.
+    """
+    metadata: dict[str, dict[str, str]] = {}
+    for defn in catalog.values():
+        oauth_ext = defn.get("config_schema", {}).get("x-oauth")
+        if oauth_ext and isinstance(oauth_ext, dict):
+            provider = oauth_ext.get("provider", "")
+            if provider and provider not in metadata:
+                metadata[provider] = {
+                    "auth_url": oauth_ext.get("auth_url", ""),
+                    "label": oauth_ext.get("label", ""),
+                    "icon": oauth_ext.get("icon", ""),
+                }
+    return metadata
+
+
+@router.get("/providers")
+def list_providers(catalog: dict[str, Any] = Depends(get_catalog)) -> list[ProviderInfo]:
+    """Return metadata for all configured OAuth providers.
+
+    Only providers with ``CLIENT_ID``, ``CLIENT_SECRET``, and
+    ``REDIRECT_URI`` environment variables set are included.
+    Metadata (auth_url, label, icon) is extracted from the catalog.
+    """
+    providers = _load_providers()
+    oauth_meta = _extract_oauth_metadata(catalog)
+    return [
+        ProviderInfo(
+            key=cfg.key,
+            client_id=cfg.client_id,
+            redirect_uri=cfg.redirect_uri,
+            **(oauth_meta.get(cfg.key, {})),
+        )
+        for cfg in providers.values()
+        if cfg.configured
+    ]
+
+
+@router.post("/{provider}")
+async def exchange_token(provider: str, body: TokenExchangeRequest) -> dict[str, Any]:
+    """Exchange an authorization code for tokens.
+
+    The response includes ``client_id`` and ``client_secret`` so they
+    can be stored alongside the tokens in the connection data.
+    """
+    exchange = _EXCHANGE_FNS.get(provider)
+    if exchange is None:
+        raise HTTPException(status_code=400, detail=f"Unknown OAuth provider: {provider}")
+
+    providers = _load_providers()
+    cfg = providers.get(provider)
+    if cfg is None or not cfg.configured:
+        raise HTTPException(status_code=400, detail=f"OAuth provider {provider} is not configured")
+
+    try:
+        logger.info("Exchanging auth code for provider %s", provider)
+        async with httpx.AsyncClient(timeout=30) as client:
+            result = await exchange(client, cfg, body.code)
+        logger.info("Successfully exchanged auth code for provider %s", provider)
+        return result
+    except httpx.HTTPStatusError as exc:
+        detail = exc.response.text
+        logger.error("Token exchange failed for %s: %s %s", provider, exc.response.status_code, detail)
+        raise HTTPException(status_code=500, detail=f"Failed to exchange auth code: {detail}")
+    except Exception as exc:
+        logger.error("Token exchange failed for %s: %s", provider, exc)
+        raise HTTPException(status_code=500, detail=f"Failed to exchange auth code: {exc}")