pylantir 0.1.3__py3-none-any.whl → 0.2.1__py3-none-any.whl

pylantir/cli/run.py

@@ -39,11 +39,16 @@ def parse_args():
                     help="""
                         Command to run:
                         - start: start the MWL server
-                        - query: query the MWL db
+                        - query-db: query the MWL db
                         - test-client: run tests for MWL
                         - test-mpps: run tests for MPPS
+                        - start-api: start the FastAPI server (requires [api] dependencies)
+                        - admin-password: change admin password
+                        - create-user: create a new user (admin only)
+                        - list-users: list all users (admin only)
                     """,
-                    choices=["start", "query-db", "test-client", "test-mpps"],
+                    choices=["start", "query-db", "test-client", "test-mpps",
+                            "start-api", "admin-password", "create-user", "list-users"],
                     )
     p.add_argument("--AEtitle", help="AE Title for the server")
     p.add_argument("--ip", help="IP/host address for the server", default="0.0.0.0")
@@ -99,6 +104,57 @@ def parse_args():
         help="SOPInstanceUID to test MPPS",
     )
 
+    # API server arguments
+    p.add_argument(
+        "--api-host",
+        default="0.0.0.0",
+        type=str,
+        help="API server host address (default: 0.0.0.0)"
+    )
+
+    p.add_argument(
+        "--api-port",
+        default=8000,
+        type=int,
+        help="API server port (default: 8000)"
+    )
+
+    # User management arguments
+    p.add_argument(
+        "--username",
+        default=None,
+        type=str,
+        help="Username for user operations"
+    )
+
+    p.add_argument(
+        "--password",
+        default=None,
+        type=str,
+        help="Password for user operations"
+    )
+
+    p.add_argument(
+        "--email",
+        default=None,
+        type=str,
+        help="Email for user creation"
+    )
+
+    p.add_argument(
+        "--full-name",
+        default=None,
+        type=str,
+        help="Full name for user creation"
+    )
+
+    p.add_argument(
+        "--role",
+        default="read",
+        choices=["admin", "write", "read"],
+        help="User role (default: read)"
+    )
+
     return p.parse_args()
 
 def load_config(config_path=None):
@@ -156,10 +212,17 @@ def run_test_script(script_name, **kwargs):
     else:
         lgr.error(f"Test script {script_name} does not have a 'main' function.")
 
-def update_env_with_config(db_path="~/Desktop/worklist.db", db_echo="False", env_path=".env"):
+def update_env_with_config(config):
     """
-    Updates db_path from the config to DB_PATH in .env.
+    Updates environment variables from configuration.
+
+    Args:
+        config: Configuration dictionary
     """
+    # Extract values from config with defaults
+    db_path = config.get("db_path", "~/Desktop/worklist.db")
+    db_echo = str(config.get("db_echo", "False"))
+    users_db_path = config.get("users_db_path")
 
     # Expand the db_path from the config
     try:
@@ -168,15 +231,38 @@ def update_env_with_config(db_path="~/Desktop/worklist.db", db_echo="False", env
         lgr.error("Invalid db_path in config.")
         return
 
-    # Set the default env_path to the src/pylantir folder
-    dot_env_path = pkg_resources.files("pylantir").joinpath(env_path)
-    dot_env_path = Path.Path(dot_env_path)
+    # Set environment variables directly (for API server)
+    os.environ["DB_PATH"] = db_path_expanded
+    os.environ["DB_ECHO"] = db_echo
+
+    # Set users database path if provided in config
+    if users_db_path:
+        try:
+            users_db_path_expanded = os.path.expanduser(users_db_path)
+            os.environ["USERS_DB_PATH"] = users_db_path_expanded
+            lgr.debug(f"USERS_DB_PATH set to {users_db_path_expanded}")
+        except AttributeError:
+            lgr.error("Invalid users_db_path in config.")
+
+    # Set CORS configuration if provided
+    api_config = config.get("api", {})
+    if "cors_allowed_origins" in api_config:
+        import json
+        os.environ["CORS_ALLOWED_ORIGINS"] = json.dumps(api_config["cors_allowed_origins"])
+        lgr.debug(f"CORS origins set to {api_config['cors_allowed_origins']}")
+
+    if "cors_allow_credentials" in api_config:
+        os.environ["CORS_ALLOW_CREDENTIALS"] = str(api_config["cors_allow_credentials"])
 
-    # Write to .env using python-dotenv's set_key
-    set_key(dot_env_path, "DB_PATH", db_path_expanded)
-    set_key(dot_env_path, "DB_ECHO", db_echo)
+    if "cors_allow_methods" in api_config:
+        import json
+        os.environ["CORS_ALLOW_METHODS"] = json.dumps(api_config["cors_allow_methods"])
 
-    lgr.debug(f"DB_PATH set to {db_path_expanded} and DB_ECHO to {db_echo} in {dot_env_path}")
+    if "cors_allow_headers" in api_config:
+        import json
+        os.environ["CORS_ALLOW_HEADERS"] = json.dumps(api_config["cors_allow_headers"])
+
+    lgr.debug(f"Environment configured: DB_PATH={db_path_expanded}, DB_ECHO={db_echo}")
 
 def main() -> None:
     args = parse_args()
@@ -196,11 +282,8 @@ def main() -> None:
     if (args.command == "start"):
         # Load configuration (either user-specified or default)
         config = load_config(args.pylantir_config)
-        # Extract the database path (default to worklist.db if missing) &
-        # Extract the database echo setting (default to False if missing)
-        db_path = config.get("db_path", "./worklist.db")
-        db_echo = config.get("db_echo", "False")
-        update_env_with_config(db_path=db_path, db_echo=db_echo)
+        # Load configuration into environment variables
+        update_env_with_config(config)
 
 
         from ..mwl_server import run_mwl_server
@@ -286,6 +369,229 @@ def main() -> None:
             sop_instance_uid=args.sop_uid,
         )
 
+    if (args.command == "start-api"):
+        lgr.info("Starting Pylantir FastAPI server")
+        try:
+            # Check if API dependencies are available
+            import uvicorn
+            from ..api_server import app
+            from ..auth_db_setup import init_auth_database, create_initial_admin_user
+
+            # Load configuration for database setup
+            config = load_config(args.pylantir_config)
+            update_env_with_config(config)
+            users_db_path = config.get("users_db_path")  # Optional users database path
+
+            # Initialize authentication database with configured path
+            init_auth_database(users_db_path)
+            create_initial_admin_user(users_db_path)
+
+            lgr.info(f"API server starting on {args.api_host}:{args.api_port}")
+            lgr.info("API documentation available at /docs")
+            lgr.info("Default admin credentials: username='admin', password='admin123'")
+            lgr.warning("Change the admin password immediately using 'pylantir admin-password'")
+
+            uvicorn.run(app, host=args.api_host, port=args.api_port)
+
+        except ImportError:
+            lgr.error("API dependencies not installed. Install with: pip install pylantir[api]")
+            sys.exit(1)
+        except Exception as e:
+            lgr.error(f"Failed to start API server: {e}")
+            sys.exit(1)
+
+    if (args.command == "admin-password"):
+        lgr.info("Changing admin password")
+        try:
+            from ..auth_db_setup import get_auth_db, init_auth_database
+            from ..auth_models import User, UserRole
+            from ..auth_utils import get_password_hash
+            import getpass
+
+            # Load configuration to get users_db_path if available
+            config = load_config(args.pylantir_config) if hasattr(args, 'pylantir_config') and args.pylantir_config else {}
+            users_db_path = config.get("users_db_path")
+
+            # Initialize database
+            init_auth_database(users_db_path)
+
+            # Get current password
+            current_password = getpass.getpass("Enter current admin password: ")
+
+            # Get new password
+            new_password = getpass.getpass("Enter new password: ")
+            confirm_password = getpass.getpass("Confirm new password: ")
+
+            if new_password != confirm_password:
+                lgr.error("Passwords do not match")
+                sys.exit(1)
+
+            if len(new_password) < 8:
+                lgr.error("Password must be at least 8 characters long")
+                sys.exit(1)
+
+            # Update password in database
+            db = next(get_auth_db())
+            admin_user = db.query(User).filter(
+                User.username == (args.username or "admin")
+            ).first()
+
+            if not admin_user:
+                lgr.error("Admin user not found")
+                sys.exit(1)
+
+            from ..auth_utils import verify_password
+            if not verify_password(current_password, admin_user.hashed_password):
+                lgr.error("Current password is incorrect")
+                sys.exit(1)
+
+            # Update password
+            admin_user.hashed_password = get_password_hash(new_password)
+            db.commit()
+
+            lgr.info("Admin password updated successfully")
+
+        except ImportError:
+            lgr.error("API dependencies not installed. Install with: pip install pylantir[api]")
+            sys.exit(1)
+        except Exception as e:
+            lgr.error(f"Failed to change admin password: {e}")
+            sys.exit(1)
+
+    if (args.command == "create-user"):
+        lgr.info("Creating new user")
+        try:
+            from ..auth_db_setup import get_auth_db, init_auth_database
+            from ..auth_models import User, UserRole
+            from ..auth_utils import get_password_hash
+            import getpass
+
+            # Load configuration to get users_db_path if available
+            config = load_config(args.pylantir_config) if hasattr(args, 'pylantir_config') and args.pylantir_config else {}
+            users_db_path = config.get("users_db_path")
+
+            # Initialize database
+            init_auth_database(users_db_path)
+
+            # Get admin credentials
+            admin_username = input("Enter admin username: ") or "admin"
+            admin_password = getpass.getpass("Enter admin password: ")
+
+            # Get new user details
+            username = args.username or input("Enter new username: ")
+            email = args.email or input("Enter email (optional): ") or None
+            full_name = args.full_name or input("Enter full name (optional): ") or None
+            password = args.password or getpass.getpass("Enter password for new user: ")
+            
+            # Get user role with interactive prompt
+            if args.role == "read":  # Default value, prompt for role
+                print("\nAvailable user roles:")
+                print("  admin - Full administrative access")
+                print("  write - Can create, read, update, and delete records")
+                print("  read  - Read-only access (default)")
+                role_input = input("Enter user role (admin/write/read) [read]: ").lower().strip()
+                if role_input in ["admin", "write", "read"]:
+                    role = role_input
+                elif role_input == "":
+                    role = "read"  # Keep default
+                else:
+                    lgr.error(f"Invalid role '{role_input}'. Valid roles are: admin, write, read")
+                    sys.exit(1)
+            else:
+                role = args.role
+
+            if not username or not password:
+                lgr.error("Username and password are required")
+                sys.exit(1)
+
+            # Verify admin credentials
+            db = next(get_auth_db())
+            from ..auth_utils import authenticate_user
+            admin_user = authenticate_user(db, admin_username, admin_password)
+
+            if not admin_user or admin_user.role != UserRole.ADMIN:
+                lgr.error("Invalid admin credentials or insufficient permissions")
+                sys.exit(1)
+
+            # Check if username already exists
+            existing_user = db.query(User).filter(User.username == username).first()
+            if existing_user:
+                lgr.error(f"Username '{username}' already exists")
+                sys.exit(1)
+
+            # Create new user
+            from datetime import datetime
+            new_user = User(
+                username=username,
+                email=email,
+                full_name=full_name,
+                hashed_password=get_password_hash(password),
+                role=UserRole(role),
+                is_active=True,
+                created_at=datetime.utcnow(),
+                created_by=admin_user.id
+            )
+
+            db.add(new_user)
+            db.commit()
+
+            lgr.info(f"User '{username}' created successfully with role '{role}'")
+
+        except ImportError:
+            lgr.error("API dependencies not installed. Install with: pip install pylantir[api]")
+            sys.exit(1)
+        except Exception as e:
+            lgr.error(f"Failed to create user: {e}")
+            sys.exit(1)
+
+    if (args.command == "list-users"):
+        lgr.info("Listing all users")
+        try:
+            from ..auth_db_setup import get_auth_db, init_auth_database
+            from ..auth_models import User, UserRole
+            import getpass
+
+            # Load configuration to get users_db_path if available
+            config = load_config(args.pylantir_config) if hasattr(args, 'pylantir_config') and args.pylantir_config else {}
+            users_db_path = config.get("users_db_path")
+
+            # Initialize database
+            init_auth_database(users_db_path)
+
+            # Get admin credentials
+            admin_username = input("Enter admin username: ") or "admin"
+            admin_password = getpass.getpass("Enter admin password: ")
+
+            # Verify admin credentials
+            db = next(get_auth_db())
+            from ..auth_utils import authenticate_user
+            admin_user = authenticate_user(db, admin_username, admin_password)
+
+            if not admin_user or admin_user.role != UserRole.ADMIN:
+                lgr.error("Invalid admin credentials or insufficient permissions")
+                sys.exit(1)
+
+            # List all users
+            users = db.query(User).all()
+
+            print("\nUsers:")
+            print("=" * 80)
+            print(f"{'ID':<5} {'Username':<20} {'Role':<10} {'Active':<8} {'Email':<25} {'Last Login'}")
+            print("-" * 80)
+
+            for user in users:
+                last_login = user.last_login.strftime("%Y-%m-%d %H:%M") if user.last_login else "Never"
+                print(f"{user.id:<5} {user.username:<20} {user.role.value:<10} {user.is_active:<8} {user.email or 'N/A':<25} {last_login}")
+
+            print(f"\nTotal users: {len(users)}")
+
+        except ImportError:
+            lgr.error("API dependencies not installed. Install with: pip install pylantir[api]")
+            sys.exit(1)
+        except Exception as e:
+            lgr.error(f"Failed to list users: {e}")
+            sys.exit(1)
+
 
 if __name__ == "__main__":
     main()

pylantir/config/config_example_with_cors.json

@@ -0,0 +1,108 @@
+{
+    "db_path": "/path/to/worklist.db",
+    "db_echo": "0",
+    "db_update_interval": 60,
+    "allowed_aet": [],
+    "operation_interval": {
+        "start_time": [
+            0,
+            0
+        ],
+        "end_time": [
+            23,
+            59
+        ]
+    },
+    "mri_visit_session_mapping": {
+        "t1_arm_1": "1",
+        "t2_arm_1": "2",
+        "t3_arm_1": "3"
+    },
+    "site": "792",
+    "redcap2wl": {
+        "study_id": "study_id",
+        "family_id": "family_id",
+        "youth_dob_y": "youth_dob_y",
+        "t1_date": "t1_date",
+        "demo_sex": "demo_sex",
+        "scheduled_date": "scheduled_start_date",
+        "scheduled_time": "scheduled_start_time",
+        "mri_wt_lbs": "patient_weight_lb",
+        "referring_physician": "referring_physician_name",
+        "performing_physician": "performing_physician",
+        "station_name": "station_name",
+        "status": "performed_procedure_step_status"
+    },
+    "protocol": {
+        "792": "BRAIN_MRI_3T"
+    },
+    "api": {
+        "_comment": "CORS Configuration Examples",
+        "_development": {
+            "cors_allowed_origins": [
+                "http://localhost:3000",
+                "http://localhost:8080"
+            ],
+            "cors_allow_credentials": true,
+            "cors_allow_methods": [
+                "GET",
+                "POST",
+                "PUT",
+                "DELETE",
+                "OPTIONS"
+            ],
+            "cors_allow_headers": [
+                "*"
+            ]
+        },
+        "_production_single_domain": {
+            "cors_allowed_origins": [
+                "https://my-app.company.com"
+            ],
+            "cors_allow_credentials": true,
+            "cors_allow_methods": [
+                "GET",
+                "POST",
+                "PUT",
+                "DELETE"
+            ],
+            "cors_allow_headers": [
+                "Content-Type",
+                "Authorization"
+            ]
+        },
+        "_production_multiple_domains": {
+            "cors_allowed_origins": [
+                "https://app.company.com",
+                "https://admin.company.com",
+                "https://mobile.company.com"
+            ],
+            "cors_allow_credentials": true,
+            "cors_allow_methods": [
+                "GET",
+                "POST",
+                "PUT",
+                "DELETE"
+            ],
+            "cors_allow_headers": [
+                "Content-Type",
+                "Authorization",
+                "X-API-Key"
+            ]
+        },
+        "cors_allowed_origins": [
+            "http://localhost:3000"
+        ],
+        "cors_allow_credentials": true,
+        "cors_allow_methods": [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE",
+            "OPTIONS"
+        ],
+        "cors_allow_headers": [
+            "*"
+        ]
+    }
+}

pylantir/config/mwl_config.json

@@ -35,5 +35,23 @@
     },
     "protocol": {
         "792": "BRAIN_MRI_3T"
+    },
+    "api": {
+        "cors_allowed_origins": [
+            "http://localhost:3000",
+            "http://localhost:8080",
+            "https://your-frontend-domain.com"
+        ],
+        "cors_allow_credentials": true,
+        "cors_allow_methods": [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE",
+            "OPTIONS"
+        ],
+        "cors_allow_headers": [
+            "*"
+        ]
     }
 }

pylantir/db_concurrency.py

@@ -0,0 +1,180 @@
+#!/usr/bin/env python3
+
+"""
+    Author: Milton Camacho
+    Date: 2025-11-18
+    Database transaction management utilities for safe concurrent access.
+    
+    Ensures API operations don't interfere with RedCap sync functionality
+    through proper transaction isolation and retry logic.
+"""
+
+import logging
+import time
+import functools
+from contextlib import contextmanager
+from sqlalchemy.exc import OperationalError, IntegrityError
+from typing import Generator, Any, Callable
+
+lgr = logging.getLogger(__name__)
+
+class DatabaseBusyError(Exception):
+    """Raised when database is busy and operation should be retried."""
+    pass
+
+
+def retry_on_database_busy(max_retries: int = 3, delay: float = 0.1):
+    """
+    Decorator to retry database operations on SQLite busy/locked errors.
+    
+    Args:
+        max_retries: Maximum number of retry attempts
+        delay: Initial delay between retries (exponential backoff)
+    """
+    def decorator(func: Callable) -> Callable:
+        @functools.wraps(func)
+        def wrapper(*args, **kwargs):
+            last_exception = None
+            
+            for attempt in range(max_retries + 1):
+                try:
+                    return func(*args, **kwargs)
+                except OperationalError as e:
+                    last_exception = e
+                    error_message = str(e).lower()
+                    
+                    # Check if it's a database busy/locked error
+                    if any(keyword in error_message for keyword in 
+                          ['database is locked', 'database busy', 'locked']):
+                        
+                        if attempt < max_retries:
+                            wait_time = delay * (2 ** attempt)  # Exponential backoff
+                            lgr.warning(f"Database busy, retrying in {wait_time}s (attempt {attempt + 1}/{max_retries})")
+                            time.sleep(wait_time)
+                            continue
+                        else:
+                            lgr.error(f"Database busy after {max_retries} retries: {e}")
+                            raise DatabaseBusyError(f"Database busy after {max_retries} retries") from e
+                    else:
+                        # Not a busy error, re-raise immediately
+                        raise
+                except Exception as e:
+                    # Non-database errors, re-raise immediately
+                    raise
+            
+            # This should never be reached, but just in case
+            if last_exception:
+                raise last_exception
+            else:
+                raise DatabaseBusyError("Unknown database error occurred")
+        
+        return wrapper
+    return decorator
+
+
+@contextmanager
+def safe_database_transaction(session) -> Generator[Any, None, None]:
+    """
+    Context manager for safe database transactions with automatic rollback.
+    
+    Args:
+        session: SQLAlchemy database session
+        
+    Yields:
+        session: The database session within transaction context
+        
+    Raises:
+        DatabaseBusyError: If database is busy after retries
+        IntegrityError: If data integrity constraints are violated
+    """
+    try:
+        # Begin explicit transaction
+        session.begin()
+        
+        yield session
+        
+        # Commit if no exceptions occurred
+        session.commit()
+        lgr.debug("Database transaction committed successfully")
+        
+    except OperationalError as e:
+        session.rollback()
+        error_message = str(e).lower()
+        
+        if any(keyword in error_message for keyword in 
+              ['database is locked', 'database busy', 'locked']):
+            lgr.warning(f"Database transaction rolled back due to busy database: {e}")
+            raise DatabaseBusyError("Database is busy, transaction rolled back") from e
+        else:
+            lgr.error(f"Database transaction rolled back due to operational error: {e}")
+            raise
+            
+    except IntegrityError as e:
+        session.rollback()
+        lgr.warning(f"Database transaction rolled back due to integrity error: {e}")
+        raise
+        
+    except Exception as e:
+        session.rollback()
+        lgr.error(f"Database transaction rolled back due to unexpected error: {e}")
+        raise
+    
+    finally:
+        # Ensure session is clean
+        session.close()
+
+
+def isolation_level_read_committed(session):
+    """
+    Set SQLite to use READ COMMITTED isolation level for better concurrency.
+    
+    Args:
+        session: SQLAlchemy database session
+    """
+    try:
+        # SQLite pragma for better concurrency
+        session.execute("PRAGMA journal_mode=WAL")  # Write-Ahead Logging for concurrent reads
+        session.execute("PRAGMA synchronous=NORMAL")  # Balance safety and performance 
+        session.execute("PRAGMA busy_timeout=30000")  # 30 second timeout
+        session.execute("PRAGMA temp_store=MEMORY")  # Use memory for temp tables
+        session.commit()
+        lgr.debug("Database isolation level configured for concurrency")
+    except Exception as e:
+        lgr.warning(f"Could not configure database isolation level: {e}")
+
+
+class ConcurrencyManager:
+    """
+    Manager class for handling database concurrency between API and RedCap sync.
+    """
+    
+    @staticmethod
+    def configure_api_session(session):
+        """
+        Configure database session for API operations with concurrency optimizations.
+        
+        Args:
+            session: SQLAlchemy database session
+        """
+        isolation_level_read_committed(session)
+    
+    @staticmethod
+    @retry_on_database_busy(max_retries=5, delay=0.1)
+    def safe_api_operation(session, operation_func, *args, **kwargs):
+        """
+        Execute API database operation with retry logic and transaction safety.
+        
+        Args:
+            session: Database session
+            operation_func: Function to execute database operation
+            *args, **kwargs: Arguments for operation function
+            
+        Returns:
+            Result of operation function
+            
+        Raises:
+            DatabaseBusyError: If database remains busy after retries
+        """
+        with safe_database_transaction(session) as tx_session:
+            ConcurrencyManager.configure_api_session(tx_session)
+            return operation_func(tx_session, *args, **kwargs)