remdb 0.3.14__py3-none-any.whl → 0.3.133__py3-none-any.whl

rem/api/routers/shared_sessions.py

@@ -0,0 +1,406 @@
+"""
+Session sharing endpoints.
+
+Enables session sharing between users for collaborative access to conversation history.
+
+Endpoints:
+    POST   /api/v1/sessions/{session_id}/share                      - Share a session with another user
+    DELETE /api/v1/sessions/{session_id}/share/{user_id}            - Revoke a share (soft delete)
+    GET    /api/v1/sessions/shared-with-me                          - Get users sharing sessions with you
+    GET    /api/v1/sessions/shared-with-me/{user_id}/messages       - Get messages from a user's shared sessions
+
+See src/rem/models/entities/shared_session.py for full documentation.
+"""
+
+from typing import Literal
+
+from fastapi import APIRouter, Depends, Header, HTTPException, Query, Request
+from loguru import logger
+from pydantic import BaseModel, Field
+
+from ..deps import get_current_user, require_auth
+from ...models.entities import (
+    Message,
+    SharedSession,
+    SharedSessionCreate,
+    SharedWithMeResponse,
+    SharedWithMeSummary,
+)
+from ...services.postgres import get_postgres_service
+from ...settings import settings
+from ...utils.date_utils import utc_now
+
+router = APIRouter(prefix="/api/v1")
+
+
+async def get_connected_postgres():
+    """Get a connected PostgresService instance."""
+    pg = get_postgres_service()
+    if pg and not pg.pool:
+        await pg.connect()
+    return pg
+
+
+# =============================================================================
+# Request/Response Models
+# =============================================================================
+
+
+class PaginationMetadata(BaseModel):
+    """Pagination metadata for paginated responses."""
+
+    total: int = Field(description="Total number of records matching filters")
+    page: int = Field(description="Current page number (1-indexed)")
+    page_size: int = Field(description="Number of records per page")
+    total_pages: int = Field(description="Total number of pages")
+    has_next: bool = Field(description="Whether there are more pages after this one")
+    has_previous: bool = Field(description="Whether there are pages before this one")
+
+
+class SharedMessagesResponse(BaseModel):
+    """Response for shared messages query."""
+
+    object: Literal["list"] = "list"
+    data: list[Message] = Field(description="List of messages from shared sessions")
+    metadata: PaginationMetadata = Field(description="Pagination metadata")
+
+
+class ShareSessionResponse(BaseModel):
+    """Response after sharing a session."""
+
+    success: bool = True
+    message: str
+    share: SharedSession
+
+
+# =============================================================================
+# Share Session Endpoints
+# =============================================================================
+
+
+@router.post(
+    "/sessions/{session_id}/share",
+    response_model=ShareSessionResponse,
+    status_code=201,
+    tags=["sessions"],
+)
+async def share_session(
+    request: Request,
+    session_id: str,
+    body: SharedSessionCreate,
+    user: dict = Depends(require_auth),
+    x_tenant_id: str = Header(alias="X-Tenant-Id", default="default"),
+) -> ShareSessionResponse:
+    """
+    Share a session with another user.
+
+    Creates a SharedSession record that grants the recipient access to view
+    messages in this session.
+
+    Args:
+        session_id: The session to share
+        body: Contains shared_with_user_id - the recipient
+
+    Returns:
+        The created SharedSession record
+
+    Raises:
+        400: Session already shared with this user
+        503: Database not enabled
+    """
+    if not settings.postgres.enabled:
+        raise HTTPException(status_code=503, detail="Database not enabled")
+
+    current_user_id = user.get("id", "default")
+    pg = await get_connected_postgres()
+
+    # Check if share already exists (active)
+    existing = await pg.fetchrow(
+        """
+        SELECT id FROM shared_sessions
+        WHERE tenant_id = $1
+          AND session_id = $2
+          AND owner_user_id = $3
+          AND shared_with_user_id = $4
+          AND deleted_at IS NULL
+        """,
+        x_tenant_id,
+        session_id,
+        current_user_id,
+        body.shared_with_user_id,
+    )
+
+    if existing:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Session '{session_id}' is already shared with user '{body.shared_with_user_id}'",
+        )
+
+    # Create the share
+    result = await pg.fetchrow(
+        """
+        INSERT INTO shared_sessions (session_id, owner_user_id, shared_with_user_id, tenant_id)
+        VALUES ($1, $2, $3, $4)
+        RETURNING id, session_id, owner_user_id, shared_with_user_id, tenant_id, created_at, updated_at, deleted_at
+        """,
+        session_id,
+        current_user_id,
+        body.shared_with_user_id,
+        x_tenant_id,
+    )
+
+    share = SharedSession(
+        id=result["id"],
+        session_id=result["session_id"],
+        owner_user_id=result["owner_user_id"],
+        shared_with_user_id=result["shared_with_user_id"],
+        tenant_id=result["tenant_id"],
+        created_at=result["created_at"],
+        updated_at=result["updated_at"],
+        deleted_at=result["deleted_at"],
+    )
+
+    logger.debug(
+        f"User {current_user_id} shared session '{session_id}' with {body.shared_with_user_id}"
+    )
+
+    return ShareSessionResponse(
+        success=True,
+        message=f"Session shared with {body.shared_with_user_id}",
+        share=share,
+    )
+
+
+@router.delete(
+    "/sessions/{session_id}/share/{shared_with_user_id}",
+    status_code=200,
+    tags=["sessions"],
+)
+async def remove_session_share(
+    request: Request,
+    session_id: str,
+    shared_with_user_id: str,
+    user: dict = Depends(require_auth),
+    x_tenant_id: str = Header(alias="X-Tenant-Id", default="default"),
+) -> dict:
+    """
+    Remove a session share (soft delete).
+
+    Sets deleted_at on the SharedSession record. The share can be re-created
+    later if needed.
+
+    Args:
+        session_id: The session to unshare
+        shared_with_user_id: The user to remove access from
+
+    Returns:
+        Success message
+
+    Raises:
+        404: Share not found
+        503: Database not enabled
+    """
+    if not settings.postgres.enabled:
+        raise HTTPException(status_code=503, detail="Database not enabled")
+
+    current_user_id = user.get("id", "default")
+    pg = await get_connected_postgres()
+
+    # Soft delete the share
+    result = await pg.fetchrow(
+        """
+        UPDATE shared_sessions
+        SET deleted_at = $1, updated_at = $1
+        WHERE tenant_id = $2
+          AND session_id = $3
+          AND owner_user_id = $4
+          AND shared_with_user_id = $5
+          AND deleted_at IS NULL
+        RETURNING id
+        """,
+        utc_now(),
+        x_tenant_id,
+        session_id,
+        current_user_id,
+        shared_with_user_id,
+    )
+
+    if not result:
+        raise HTTPException(
+            status_code=404,
+            detail=f"Share not found for session '{session_id}' with user '{shared_with_user_id}'",
+        )
+
+    logger.debug(
+        f"User {current_user_id} removed share for session '{session_id}' with {shared_with_user_id}"
+    )
+
+    return {
+        "success": True,
+        "message": f"Share removed for user {shared_with_user_id}",
+    }
+
+
+# =============================================================================
+# Shared With Me Endpoints
+# =============================================================================
+
+
+@router.get(
+    "/sessions/shared-with-me",
+    response_model=SharedWithMeResponse,
+    tags=["sessions"],
+)
+async def get_shared_with_me(
+    request: Request,
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(default=50, ge=1, le=100, description="Results per page"),
+    user: dict = Depends(require_auth),
+    x_tenant_id: str = Header(alias="X-Tenant-Id", default="default"),
+) -> SharedWithMeResponse:
+    """
+    Get aggregate summary of users sharing sessions with you.
+
+    Returns a paginated list of users who have shared sessions with the
+    current user, including message counts and date ranges.
+
+    Each entry shows:
+    - user_id, name, email of the person sharing
+    - message_count: total messages across all their shared sessions
+    - session_count: number of sessions they've shared
+    - first_message_at, last_message_at: date range
+
+    Results are ordered by most recent message first.
+    """
+    if not settings.postgres.enabled:
+        raise HTTPException(status_code=503, detail="Database not enabled")
+
+    current_user_id = user.get("id", "default")
+    pg = await get_connected_postgres()
+    offset = (page - 1) * page_size
+
+    # Get total count
+    count_result = await pg.fetchrow(
+        "SELECT fn_count_shared_with_me($1, $2) as total",
+        x_tenant_id,
+        current_user_id,
+    )
+    total = count_result["total"] if count_result else 0
+
+    # Get paginated results
+    rows = await pg.fetch(
+        "SELECT * FROM fn_get_shared_with_me($1, $2, $3, $4)",
+        x_tenant_id,
+        current_user_id,
+        page_size,
+        offset,
+    )
+
+    data = [
+        SharedWithMeSummary(
+            user_id=row["user_id"],
+            name=row["name"],
+            email=row["email"],
+            message_count=row["message_count"],
+            session_count=row["session_count"],
+            first_message_at=row["first_message_at"],
+            last_message_at=row["last_message_at"],
+        )
+        for row in rows
+    ]
+
+    total_pages = (total + page_size - 1) // page_size if total > 0 else 1
+
+    return SharedWithMeResponse(
+        data=data,
+        metadata={
+            "total": total,
+            "page": page,
+            "page_size": page_size,
+            "total_pages": total_pages,
+            "has_next": page < total_pages,
+            "has_previous": page > 1,
+        },
+    )
+
+
+@router.get(
+    "/sessions/shared-with-me/{owner_user_id}/messages",
+    response_model=SharedMessagesResponse,
+    tags=["sessions"],
+)
+async def get_shared_messages(
+    request: Request,
+    owner_user_id: str,
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(default=50, ge=1, le=100, description="Results per page"),
+    user: dict = Depends(require_auth),
+    x_tenant_id: str = Header(alias="X-Tenant-Id", default="default"),
+) -> SharedMessagesResponse:
+    """
+    Get messages from sessions shared by a specific user.
+
+    Returns paginated messages from all sessions that owner_user_id has
+    shared with the current user. Messages are ordered by created_at DESC.
+
+    Args:
+        owner_user_id: The user who shared the sessions
+
+    Returns:
+        Paginated list of Message objects
+    """
+    if not settings.postgres.enabled:
+        raise HTTPException(status_code=503, detail="Database not enabled")
+
+    current_user_id = user.get("id", "default")
+    pg = await get_connected_postgres()
+    offset = (page - 1) * page_size
+
+    # Get total count
+    count_result = await pg.fetchrow(
+        "SELECT fn_count_shared_messages($1, $2, $3) as total",
+        x_tenant_id,
+        current_user_id,
+        owner_user_id,
+    )
+    total = count_result["total"] if count_result else 0
+
+    # Get paginated messages
+    rows = await pg.fetch(
+        "SELECT * FROM fn_get_shared_messages($1, $2, $3, $4, $5)",
+        x_tenant_id,
+        current_user_id,
+        owner_user_id,
+        page_size,
+        offset,
+    )
+
+    # Convert to Message objects
+    data = [
+        Message(
+            id=row["id"],
+            content=row["content"],
+            message_type=row["message_type"],
+            session_id=row["session_id"],
+            model=row["model"],
+            token_count=row["token_count"],
+            created_at=row["created_at"],
+            metadata=row["metadata"] or {},
+            tenant_id=x_tenant_id,
+        )
+        for row in rows
+    ]
+
+    total_pages = (total + page_size - 1) // page_size if total > 0 else 1
+
+    return SharedMessagesResponse(
+        data=data,
+        metadata=PaginationMetadata(
+            total=total,
+            page=page,
+            page_size=page_size,
+            total_pages=total_pages,
+            has_next=page < total_pages,
+            has_previous=page > 1,
+        ),
+    )

rem/auth/middleware.py

@@ -2,14 +2,29 @@
 OAuth Authentication Middleware for FastAPI.
 
 Protects API endpoints by requiring valid session.
-Redirects unauthenticated requests to login page.
+Supports anonymous access with rate limiting when allow_anonymous=True.
+MCP endpoints are always protected unless explicitly disabled.
 
 Design Pattern:
 - Check session for user on protected paths
-- Return 401 for API calls (JSON)
-- Redirect to login for browser requests (HTML)
+- Check Bearer token for dev token (non-production only)
+- MCP paths always require authentication (protected service)
+- If allow_anonymous=True: Allow unauthenticated requests (marked as ANONYMOUS tier)
+- If allow_anonymous=False: Return 401 for API calls, redirect browsers to login
 - Exclude auth endpoints and public paths
 
+Access Modes (configured in settings.auth):
+- enabled=true, allow_anonymous=true: Auth available, anonymous gets rate-limited access
+- enabled=true, allow_anonymous=false: Auth required for all requests
+- enabled=false: Middleware not loaded, all requests pass through
+- mcp_requires_auth=true (default): MCP always requires login regardless of allow_anonymous
+- mcp_requires_auth=false: MCP follows normal allow_anonymous rules (dev only)
+
+Dev Token Support (non-production only):
+- GET /api/auth/dev/token returns a Bearer token for test-user
+- Include as: Authorization: Bearer dev_<signature>
+- Only works when ENVIRONMENT != "production"
+
 Usage:
     from rem.auth.middleware import AuthMiddleware
 
@@ -17,6 +32,8 @@ Usage:
         AuthMiddleware,
         protected_paths=["/api/v1"],
         excluded_paths=["/api/auth", "/health"],
+        allow_anonymous=settings.auth.allow_anonymous,
+        mcp_requires_auth=settings.auth.mcp_requires_auth,
     )
 """
 
@@ -25,6 +42,8 @@ from starlette.requests import Request
 from starlette.responses import JSONResponse, RedirectResponse
 from loguru import logger
 
+from ..settings import settings
+
 
 class AuthMiddleware(BaseHTTPMiddleware):
     """
@@ -32,6 +51,8 @@ class AuthMiddleware(BaseHTTPMiddleware):
 
     Checks for valid user session on protected paths.
     Compatible with OAuth flows from auth router.
+    Supports anonymous access with rate limiting.
+    MCP endpoints are always protected unless explicitly disabled.
     """
 
     def __init__(
@@ -39,6 +60,9 @@ class AuthMiddleware(BaseHTTPMiddleware):
         app,
         protected_paths: list[str] | None = None,
         excluded_paths: list[str] | None = None,
+        allow_anonymous: bool = True,
+        mcp_requires_auth: bool = True,
+        mcp_path: str = "/api/v1/mcp",
     ):
         """
         Initialize auth middleware.
@@ -47,10 +71,52 @@ class AuthMiddleware(BaseHTTPMiddleware):
             app: ASGI application
             protected_paths: Paths that require authentication
             excluded_paths: Paths to exclude from auth check
+            allow_anonymous: Allow unauthenticated requests (rate-limited)
+            mcp_requires_auth: Always require auth for MCP (protected service)
+            mcp_path: Path prefix for MCP endpoints
         """
         super().__init__(app)
         self.protected_paths = protected_paths or ["/api/v1"]
         self.excluded_paths = excluded_paths or ["/api/auth", "/health", "/docs", "/openapi.json"]
+        self.allow_anonymous = allow_anonymous
+        self.mcp_requires_auth = mcp_requires_auth
+        self.mcp_path = mcp_path
+
+    def _check_dev_token(self, request: Request) -> dict | None:
+        """
+        Check for valid dev token in Authorization header (non-production only).
+
+        Returns:
+            Test user dict if valid dev token, None otherwise
+        """
+        if settings.environment == "production":
+            return None
+
+        auth_header = request.headers.get("authorization", "")
+        if not auth_header.startswith("Bearer "):
+            return None
+
+        token = auth_header[7:]  # Strip "Bearer "
+
+        # Only check dev tokens (start with "dev_")
+        if not token.startswith("dev_"):
+            return None
+
+        # Verify dev token
+        from ..api.routers.dev import verify_dev_token
+        if verify_dev_token(token):
+            logger.debug(f"Dev token authenticated as test-user")
+            return {
+                "id": "test-user",
+                "email": "test@rem.local",
+                "name": "Test User",
+                "provider": "dev",
+                "tenant_id": "default",
+                "tier": "pro",  # Give test user pro tier for full access
+                "roles": ["admin"],
+            }
+
+        return None
 
     async def dispatch(self, request: Request, call_next):
         """
@@ -61,7 +127,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
             call_next: Next middleware in chain
 
         Returns:
-            Response (401/redirect if unauthorized, normal response if authorized)
+            Response (401/redirect if unauthorized, normal response if authorized/anonymous)
         """
         path = request.url.path
 
@@ -69,32 +135,65 @@ class AuthMiddleware(BaseHTTPMiddleware):
         is_protected = any(path.startswith(p) for p in self.protected_paths)
         is_excluded = any(path.startswith(p) for p in self.excluded_paths)
 
+        # Check if this is an MCP path (paid service, always requires auth)
+        is_mcp_path = path.startswith(self.mcp_path)
+
         # Skip auth check for excluded paths
         if not is_protected or is_excluded:
             return await call_next(request)
 
+        # Check for dev token (non-production only)
+        dev_user = self._check_dev_token(request)
+        if dev_user:
+            request.state.user = dev_user
+            request.state.is_anonymous = False
+            return await call_next(request)
+
         # Check for valid session
         user = request.session.get("user")
-        if not user:
-            logger.warning(f"Unauthorized access attempt: {path}")
-
-            # Return 401 for API requests (JSON)
-            # Check Accept header to determine if client expects JSON
-            accept = request.headers.get("accept", "")
-            if "application/json" in accept or path.startswith("/api/"):
-                return JSONResponse(
-                    status_code=401,
-                    content={"detail": "Authentication required"},
-                    headers={
-                        "WWW-Authenticate": 'Bearer realm="REM API"',
-                    },
-                )
-
-            # Redirect to login for browser requests
-            # TODO: Store original URL for post-login redirect
-            return RedirectResponse(url="/api/auth/google/login", status_code=302)
-
-        # Add user to request state for downstream handlers
-        request.state.user = user
-
-        return await call_next(request)
+
+        if user:
+            # Authenticated user - add to request state
+            request.state.user = user
+            request.state.is_anonymous = False
+            return await call_next(request)
+
+        # No user session - check if MCP path requires auth
+        if is_mcp_path and self.mcp_requires_auth:
+            # MCP is a protected service - always require authentication
+            logger.warning(f"Unauthorized MCP access attempt: {path}")
+            return JSONResponse(
+                status_code=401,
+                content={
+                    "detail": "Authentication required for MCP. Please login to use this service.",
+                    "code": "MCP_AUTH_REQUIRED",
+                },
+                headers={
+                    "WWW-Authenticate": 'Bearer realm="REM MCP"',
+                },
+            )
+
+        # No user session - handle anonymous access for non-MCP paths
+        if self.allow_anonymous:
+            # Allow anonymous access - rate limiting handled downstream
+            request.state.user = None
+            request.state.is_anonymous = True
+            logger.debug(f"Anonymous access: {path}")
+            return await call_next(request)
+
+        # Anonymous not allowed - require authentication
+        logger.warning(f"Unauthorized access attempt: {path}")
+
+        # Return 401 for API requests (JSON)
+        accept = request.headers.get("accept", "")
+        if "application/json" in accept or path.startswith("/api/"):
+            return JSONResponse(
+                status_code=401,
+                content={"detail": "Authentication required"},
+                headers={
+                    "WWW-Authenticate": 'Bearer realm="REM API"',
+                },
+            )
+
+        # Redirect to login for browser requests
+        return RedirectResponse(url="/api/auth/google/login", status_code=302)