skill-service 0.2.0__py3-none-any.whl

skill_service/__init__.py

@@ -0,0 +1,2 @@
+"""Standalone Creator SKILL service package."""
+

skill_service/api/__init__.py

@@ -0,0 +1,2 @@
+"""HTTP API package."""
+

skill_service/api/authz.py

@@ -0,0 +1,16 @@
+from fastapi import HTTPException, Request
+
+
+def get_current_account(request: Request) -> dict:
+    account = getattr(request.state, "account", None) or {}
+    if not account.get("account_id"):
+        raise HTTPException(status_code=401, detail="skill token required")
+    return account
+
+
+def require_roles(request: Request, *roles: str) -> dict:
+    account = get_current_account(request)
+    if account.get("role") not in roles:
+        raise HTTPException(status_code=403, detail="insufficient role")
+    return account
+

skill_service/api/middleware/__init__.py

@@ -0,0 +1,2 @@
+"""HTTP middlewares."""
+

skill_service/api/middleware/skill_auth.py

@@ -0,0 +1,125 @@
+import hashlib
+from typing import Any
+
+from loguru import logger
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import JSONResponse, Response
+
+from skill_service.config.settings import settings
+from skill_service.db import verify_skill_token
+from skill_service.services.session_service import session_service
+from skill_service.services.token_service import token_service
+
+
+class SkillAuthMiddleware(BaseHTTPMiddleware):
+    """Auth gate for protected skill endpoints with DB-backed token checks."""
+
+    skill_only_prefixes = (
+        "/mcp",
+        "/api/v1/search",
+        "/api/v1/wallet",
+        "/api/v1/account/status",
+    )
+    protected_prefixes = (
+        *skill_only_prefixes,
+        "/api/v1/tokens",
+        "/api/v1/recharge",
+        "/api/v1/subscriptions",
+        "/api/v1/admin",
+        "/api/v1/portal",
+    )
+    session_allowed_prefixes = (
+        "/api/v1/tokens",
+        "/api/v1/recharge",
+        "/api/v1/subscriptions",
+        "/api/v1/admin",
+        "/api/v1/portal",
+    )
+    portal_session_get_paths = frozenset({
+        "/api/v1/wallet/balance",
+        "/api/v1/account/status",
+    })
+
+    public_prefixes = (
+        "/portal",
+        "/health",
+        "/api/v1/auth/register",
+        "/api/v1/auth/login",
+        "/api/v1/payments",
+    )
+
+    async def dispatch(self, request: Request, call_next) -> Response:
+        path = request.url.path
+        if path == "/api/v1/recharge/packages" and request.method.upper() == "GET":
+            return await call_next(request)
+        if path == "/api/v1/subscriptions/plans" and request.method.upper() == "GET":
+            return await call_next(request)
+        if any(path == p or path.startswith(f"{p}/") for p in self.public_prefixes):
+            return await call_next(request)
+        if not any(path == p or path.startswith(f"{p}/") for p in self.protected_prefixes):
+            return await call_next(request)
+        if request.method == "OPTIONS":
+            return await call_next(request)
+
+        auth = request.headers.get("authorization") or request.headers.get("Authorization")
+        if not auth:
+            return self._token_required_response()
+        parts = auth.split()
+        if len(parts) != 2 or parts[0].lower() != "bearer":
+            return self._token_required_response()
+
+        token = parts[1].strip()
+        _ = hashlib.sha256(token.encode("utf-8")).hexdigest()[:8]
+
+        if token.startswith(settings.session_token_prefix):
+            session_ok = any(path == p or path.startswith(f"{p}/") for p in self.session_allowed_prefixes)
+            if not session_ok and not (
+                request.method.upper() == "GET" and path in self.portal_session_get_paths
+            ):
+                return self._token_required_response(
+                    error_code="SKILL_TOKEN_REQUIRED",
+                    message="Session token cannot access this endpoint",
+                )
+            account = await session_service.verify_session(token)
+            if not account:
+                return self._session_required_response()
+            request.state.account = account
+            return await call_next(request)
+
+        if not token.startswith(settings.skill_token_prefix):
+            return self._token_required_response()
+
+        account = await verify_skill_token(token)
+        if not account:
+            logger.warning("[SkillAuth] Invalid or expired token for path={}", path)
+            return self._token_required_response(error_code="TOKEN_REQUIRED", message="Invalid skill token")
+        if account.get("token_id"):
+            await token_service.touch_token_usage(account["token_id"])
+        request.state.account = account
+        return await call_next(request)
+
+    @staticmethod
+    def _token_required_response(error_code: str = "TOKEN_REQUIRED", message: str = "Skill token required") -> Response:
+        payload: dict[str, Any] = {
+            "code": 401,
+            "message": message,
+            "data": {
+                "errorCode": error_code,
+                "portalUrl": "https://skill.deinai.ai",
+                "tokenCreateUrl": "https://skill.deinai.ai/settings/tokens",
+            },
+        }
+        return JSONResponse(status_code=401, content=payload)
+
+    @staticmethod
+    def _session_required_response() -> Response:
+        payload: dict[str, Any] = {
+            "code": 401,
+            "message": "Session expired or invalid",
+            "data": {
+                "errorCode": "SESSION_REQUIRED",
+                "loginUrl": "https://skill.deinai.ai/login",
+            },
+        }
+        return JSONResponse(status_code=401, content=payload)

skill_service/api/routes/__init__.py

@@ -0,0 +1,28 @@
+from fastapi import APIRouter
+
+from .admin import router as admin_router
+from .auth import router as auth_router
+from .locations import router as locations_router
+from .payments import router as payments_router
+from .portal import router as portal_router
+from .recharge import router as recharge_router
+from .search import router as search_router
+from .subscriptions import router as subscriptions_router
+from .tokens import router as token_router
+from .wallet import router as wallet_router
+
+
+def build_api_router() -> APIRouter:
+    router = APIRouter(prefix="/api/v1")
+    router.include_router(auth_router)
+    router.include_router(token_router)
+    router.include_router(wallet_router)
+    router.include_router(search_router)
+    router.include_router(locations_router)
+    router.include_router(recharge_router)
+    router.include_router(subscriptions_router)
+    router.include_router(payments_router)
+    router.include_router(portal_router)
+    router.include_router(admin_router)
+    return router
+

skill_service/api/routes/admin.py

@@ -0,0 +1,103 @@
+from datetime import datetime
+
+from fastapi import APIRouter, HTTPException, Query, Request
+from pydantic import BaseModel, Field
+
+from skill_service.api.authz import require_roles
+from skill_service.integrations.payments.config_status import payment_config_status
+from skill_service.services.admin_service import admin_service
+
+router = APIRouter(prefix="/admin", tags=["admin"])
+
+
+class CreditPackageCreateRequest(BaseModel):
+    code: str = Field(min_length=1, max_length=32)
+    credits: int = Field(gt=0)
+    price_cents: int = Field(gt=0)
+    list_price_cents: int | None = Field(default=None, gt=0)
+    title: str | None = Field(default=None, max_length=120)
+    description: str | None = Field(default=None, max_length=500)
+    is_active: bool = True
+    effective_from: datetime | None = None
+    effective_to: datetime | None = None
+    reason: str | None = Field(default=None, max_length=200)
+
+
+class CreditPackageUpdateRequest(BaseModel):
+    credits: int | None = Field(default=None, gt=0)
+    price_cents: int | None = Field(default=None, gt=0)
+    list_price_cents: int | None = Field(default=None, gt=0)
+    title: str | None = Field(default=None, max_length=120)
+    description: str | None = Field(default=None, max_length=500)
+    is_active: bool | None = None
+    effective_from: datetime | None = None
+    effective_to: datetime | None = None
+    reason: str | None = Field(default=None, max_length=200)
+
+
+class ConsumeRuleUpdateRequest(BaseModel):
+    unit_type: str | None = Field(default=None, max_length=32)
+    unit_price: int | None = Field(default=None, gt=0)
+    min_charge: int | None = Field(default=None, ge=0)
+    max_charge: int | None = Field(default=None, ge=0)
+    is_active: bool | None = None
+    effective_from: datetime | None = None
+    effective_to: datetime | None = None
+    reason: str | None = Field(default=None, max_length=200)
+
+
+@router.get("/credit-packages")
+async def list_credit_packages(request: Request):
+    require_roles(request, "ops", "admin")
+    packages = await admin_service.list_credit_packages()
+    return {"code": 0, "message": "success", "data": {"packages": packages}}
+
+
+@router.post("/credit-packages")
+async def create_credit_package(payload: CreditPackageCreateRequest, request: Request):
+    account = require_roles(request, "admin")
+    created = await admin_service.create_credit_package(payload.model_dump(), operator=account)
+    return {"code": 0, "message": "success", "data": {"package": created}}
+
+
+@router.patch("/credit-packages/{package_id}")
+async def update_credit_package(package_id: str, payload: CreditPackageUpdateRequest, request: Request):
+    account = require_roles(request, "admin")
+    updated = await admin_service.update_credit_package(package_id, payload.model_dump(exclude_none=True), operator=account)
+    if not updated:
+        raise HTTPException(status_code=404, detail="credit package not found")
+    return {"code": 0, "message": "success", "data": {"package": updated}}
+
+
+@router.get("/consume-rules")
+async def list_consume_rules(request: Request):
+    require_roles(request, "ops", "admin")
+    rules = await admin_service.list_consume_rules()
+    return {"code": 0, "message": "success", "data": {"rules": rules}}
+
+
+@router.patch("/consume-rules/{feature}")
+async def update_consume_rule(feature: str, payload: ConsumeRuleUpdateRequest, request: Request):
+    account = require_roles(request, "admin")
+    updated = await admin_service.update_consume_rule(feature, payload.model_dump(exclude_none=True), operator=account)
+    if not updated:
+        raise HTTPException(status_code=404, detail="consume rule not found")
+    return {"code": 0, "message": "success", "data": {"rule": updated}}
+
+
+@router.get("/payment/status")
+async def payment_status(request: Request):
+    require_roles(request, "ops", "admin")
+    return {"code": 0, "message": "success", "data": payment_config_status()}
+
+
+@router.get("/config-change-logs")
+async def list_config_change_logs(
+    request: Request,
+    limit: int = Query(default=100, ge=1, le=200),
+    offset: int = Query(default=0, ge=0),
+):
+    require_roles(request, "ops", "admin")
+    logs = await admin_service.list_config_change_logs(limit=limit, offset=offset)
+    return {"code": 0, "message": "success", "data": {"logs": logs}}
+

skill_service/api/routes/auth.py

@@ -0,0 +1,74 @@
+from pydantic import BaseModel, EmailStr, Field
+from fastapi import APIRouter, HTTPException, Request
+
+from skill_service.services.auth_service import auth_service
+from skill_service.services.session_service import session_service
+
+router = APIRouter(tags=["auth"])
+
+
+class RegisterRequest(BaseModel):
+    email: EmailStr
+    password: str = Field(min_length=8, max_length=128)
+    display_name: str | None = Field(default=None, max_length=64)
+
+
+class LoginRequest(BaseModel):
+    email: EmailStr
+    password: str = Field(min_length=8, max_length=128)
+
+
+@router.post("/auth/register")
+async def register(payload: RegisterRequest):
+    try:
+        account = await auth_service.register(
+            email=payload.email,
+            password=payload.password,
+            display_name=payload.display_name,
+        )
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=f"register failed: {e}")
+    return {
+        "code": 0,
+        "message": "success",
+        "data": {
+            "accountId": account.account_id,
+            "email": account.email,
+            "displayName": account.display_name,
+        },
+    }
+
+
+@router.post("/auth/login")
+async def login(payload: LoginRequest):
+    account = await auth_service.login(email=payload.email, password=payload.password)
+    if not account:
+        raise HTTPException(status_code=401, detail="invalid credentials")
+    role = await auth_service.get_account_role(account.account_id)
+    session = await session_service.create_session(
+        account_id=account.account_id,
+        email=account.email,
+        display_name=account.display_name,
+        role=role,
+    )
+    return {
+        "code": 0,
+        "message": "success",
+        "data": {
+            "accountId": account.account_id,
+            "email": account.email,
+            "displayName": account.display_name,
+            "role": role,
+            "sessionToken": session.session_token,
+            "expiresAt": session.expires_at.isoformat(),
+        },
+    }
+
+
+@router.post("/auth/logout")
+async def logout(request: Request):
+    auth = request.headers.get("authorization") or request.headers.get("Authorization") or ""
+    parts = auth.split()
+    if len(parts) == 2 and parts[0].lower() == "bearer":
+        await session_service.revoke_by_token(parts[1].strip())
+    return {"code": 0, "message": "success", "data": {"loggedOut": True}}

skill_service/api/routes/locations.py

@@ -0,0 +1,36 @@
+from fastapi import APIRouter, Request
+from pydantic import BaseModel, Field
+
+from skill_service.api.authz import get_current_account
+from skill_service.mcp.models.get_location_ids import GetLocationsData, GetLocationsResponse
+from skill_service.mcp.models.search_influencers import PlatformName
+from skill_service.mcp.tools.get_location_ids import _validate_platform
+from skill_service.services.location_service import location_service
+
+router = APIRouter(prefix="/search", tags=["search"])
+
+
+class ResolveLocationsRequest(BaseModel):
+    platform: PlatformName
+    location_text: list[str] = Field(min_length=1, alias="locationText")
+
+    model_config = {"populate_by_name": True}
+
+
+@router.post("/locations")
+async def resolve_locations(payload: ResolveLocationsRequest, request: Request) -> GetLocationsResponse:
+    account = get_current_account(request)
+    if account.get("token_type") == "session":
+        return GetLocationsResponse(
+            code=401,
+            message="Skill token required",
+            data=GetLocationsData(locationIds=[]),
+        )
+
+    platform_value = _validate_platform(payload.platform)
+    cleaned = [s.strip() for s in payload.location_text if s and s.strip()]
+    if not cleaned:
+        return GetLocationsResponse(code=0, message="success", data=GetLocationsData(locationIds=[]))
+
+    location_ids = await location_service.resolve_location_ids(platform_value, cleaned)
+    return GetLocationsResponse(code=0, message="success", data=GetLocationsData(locationIds=location_ids))

skill_service/api/routes/payments.py

@@ -0,0 +1,181 @@
+from fastapi import APIRouter, Header, Request
+from fastapi.responses import JSONResponse, PlainTextResponse
+import json
+
+from loguru import logger
+
+from skill_service.integrations.payments.alipay_notify import parse_alipay_notify, parse_form_body, verify_alipay_rsa2
+from skill_service.integrations.payments.stripe_notify import (
+    StripeWebhookEvent,
+    parse_checkout_payment_completed,
+    parse_stripe_webhook,
+)
+from skill_service.integrations.payments.wechat_v3_notify import parse_wechat_v3_notify, verify_wechat_v3_signature
+from skill_service.services.payment_security import verify_alipay_notify, verify_wechat_notify
+from skill_service.services.recharge_service import recharge_service
+from skill_service.services.subscription_service import (
+    _invoice_subscription_id,
+    subscription_service,
+)
+
+router = APIRouter(tags=["payments"])
+
+
+@router.post("/payments/wechat/notify")
+async def wechat_notify(
+    request: Request,
+    wechatpay_signature: str | None = Header(default=None, alias="Wechatpay-Signature"),
+    wechatpay_timestamp: str | None = Header(default=None, alias="Wechatpay-Timestamp"),
+    wechatpay_nonce: str | None = Header(default=None, alias="Wechatpay-Nonce"),
+    x_wechat_signature: str | None = Header(default=None, alias="X-Wechat-Signature"),
+):
+    raw_body = (await request.body()).decode("utf-8")
+    try:
+        payload = json.loads(raw_body) if raw_body else {}
+    except json.JSONDecodeError:
+        return JSONResponse(status_code=400, content={"code": "FAIL", "message": "invalid json"})
+
+    if wechatpay_signature and wechatpay_timestamp and wechatpay_nonce:
+        if not verify_wechat_v3_signature(
+            timestamp=wechatpay_timestamp,
+            nonce=wechatpay_nonce,
+            body=raw_body,
+            signature=wechatpay_signature,
+        ):
+            return JSONResponse(status_code=401, content={"code": "FAIL", "message": "invalid signature"})
+    elif not verify_wechat_notify(payload, x_wechat_signature or ""):
+        return JSONResponse(status_code=401, content={"code": "FAIL", "message": "invalid signature"})
+
+    parsed = parse_wechat_v3_notify(payload)
+    if not parsed:
+        logger.info("[Wechat notify] ignored event: {}", payload.get("event_type"))
+        return JSONResponse(content={"code": "SUCCESS", "message": "成功"})
+
+    ok = await recharge_service.mark_order_paid(
+        order_no=parsed["order_no"],
+        provider_txn_id=parsed["provider_txn_id"],
+        channel="wechat",
+        notify_payload=parsed["raw"],
+    )
+    if not ok:
+        return JSONResponse(status_code=404, content={"code": "FAIL", "message": "order not found"})
+    return JSONResponse(content={"code": "SUCCESS", "message": "成功"})
+
+
+@router.post("/payments/alipay/notify")
+async def alipay_notify(
+    request: Request,
+    x_alipay_signature: str | None = Header(default=None, alias="X-Alipay-Signature"),
+):
+    raw = await request.body()
+    content_type = (request.headers.get("content-type") or "").lower()
+
+    if "application/json" in content_type:
+        try:
+            payload = json.loads(raw.decode("utf-8"))
+        except json.JSONDecodeError:
+            return PlainTextResponse("fail", status_code=400)
+        if not verify_alipay_notify(payload, x_alipay_signature or ""):
+            return PlainTextResponse("fail", status_code=401)
+        order_no = str(payload.get("order_no") or payload.get("out_trade_no") or "")
+        provider_txn_id = str(payload.get("trade_no") or payload.get("transactionId") or "")
+        notify_payload = payload
+    else:
+        form = parse_form_body(raw)
+        if not form:
+            try:
+                payload = json.loads(raw.decode("utf-8"))
+                form = {k: str(v) for k, v in payload.items()}
+            except Exception:
+                return PlainTextResponse("fail", status_code=400)
+        if not verify_alipay_rsa2(form):
+            return PlainTextResponse("fail", status_code=401)
+        parsed = parse_alipay_notify(form)
+        if not parsed:
+            return PlainTextResponse("success")
+        order_no = parsed["order_no"]
+        provider_txn_id = parsed["provider_txn_id"]
+        notify_payload = parsed["raw"]
+
+    if not order_no or not provider_txn_id:
+        return PlainTextResponse("fail", status_code=400)
+
+    ok = await recharge_service.mark_order_paid(
+        order_no=order_no,
+        provider_txn_id=provider_txn_id,
+        channel="alipay",
+        notify_payload=notify_payload if isinstance(notify_payload, dict) else {},
+    )
+    return PlainTextResponse("success" if ok else "fail", status_code=200 if ok else 404)
+
+
+@router.post("/payments/stripe/notify")
+async def stripe_notify(
+    request: Request,
+    stripe_signature: str | None = Header(default=None, alias="Stripe-Signature"),
+):
+    raw = await request.body()
+    try:
+        event = parse_stripe_webhook(raw, stripe_signature or "")
+    except ValueError as e:
+        logger.warning("[Stripe notify] invalid webhook: {}", e)
+        return JSONResponse(status_code=400, content={"error": str(e)})
+
+    handled = await _dispatch_stripe_event(event)
+    if handled is None:
+        return JSONResponse(content={"received": True})
+    if not handled:
+        return JSONResponse(status_code=404, content={"error": "not found"})
+    return JSONResponse(content={"received": True})
+
+
+async def _dispatch_stripe_event(event: StripeWebhookEvent) -> bool | None:
+    et = event.event_type
+    payload = event.payload
+
+    if et == "checkout.session.completed":
+        if payload.get("mode") == "subscription":
+            ok = await subscription_service.activate_from_checkout_session(payload)
+            return ok
+        parsed = parse_checkout_payment_completed(payload)
+        if not parsed:
+            return None
+        return await recharge_service.mark_order_paid(
+            order_no=parsed["order_no"],
+            provider_txn_id=parsed["provider_txn_id"],
+            channel="stripe",
+            notify_payload=parsed["raw"],
+        )
+
+    if et == "checkout.session.expired":
+        if payload.get("mode") == "subscription":
+            return await subscription_service.handle_checkout_session_terminal(payload, terminal_status="expired")
+        return None
+
+    if et == "checkout.session.async_payment_failed":
+        if payload.get("mode") == "subscription":
+            return await subscription_service.handle_checkout_session_terminal(payload, terminal_status="failed")
+        return None
+
+    if et == "invoice.paid":
+        return await subscription_service.handle_invoice_paid(payload)
+
+    if et == "invoice.payment_failed":
+        sub_id = _invoice_subscription_id(payload) or payload.get("subscription")
+        order_no = None
+        metadata = payload.get("metadata") or {}
+        if metadata.get("order_no"):
+            order_no = str(metadata["order_no"])
+        if order_no:
+            await subscription_service.mark_subscription_order_terminal(order_no=order_no, status="failed")
+        if sub_id:
+            await subscription_service.handle_subscription_updated({"id": str(sub_id), "status": "past_due"})
+        return True
+
+    if et == "customer.subscription.updated":
+        return await subscription_service.handle_subscription_updated(payload)
+
+    if et == "customer.subscription.deleted":
+        return await subscription_service.handle_subscription_deleted(payload)
+
+    return None

skill_service/api/routes/portal.py

@@ -0,0 +1,37 @@
+from uuid import uuid4
+
+from fastapi import APIRouter, HTTPException, Request
+
+from skill_service.config.settings import settings
+from skill_service.services.recharge_service import recharge_service
+
+router = APIRouter(tags=["portal"])
+
+
+@router.post("/portal/mock-pay/{order_no}")
+async def portal_mock_pay(order_no: str, request: Request):
+    if settings.payment_mode != "mock":
+        raise HTTPException(status_code=403, detail="mock pay only available in PAYMENT_MODE=mock")
+
+    account = getattr(request.state, "account", None) or {}
+    account_id = account.get("account_id")
+    if not account_id:
+        return {"code": 401, "message": "login required", "data": {"errorCode": "SESSION_REQUIRED"}}
+
+    order = await recharge_service.get_order(account_id=account_id, order_no=order_no)
+    if not order:
+        raise HTTPException(status_code=404, detail="order not found")
+    if order["status"] == "paid":
+        return {"code": 0, "message": "already paid", "data": {"orderNo": order_no, "status": "paid"}}
+
+    channel = order.get("channel") or "wechat"
+    txn_id = f"mock_portal_{uuid4().hex[:12]}"
+    ok = await recharge_service.mark_order_paid(
+        order_no=order_no,
+        provider_txn_id=txn_id,
+        channel=str(channel),
+        notify_payload={"source": "portal_mock_pay", "orderNo": order_no},
+    )
+    if not ok:
+        raise HTTPException(status_code=400, detail="payment failed")
+    return {"code": 0, "message": "success", "data": {"orderNo": order_no, "status": "paid"}}