Logan
18d96193ab
auth.py
secrets.compare_digest replaces == for service key comparison (timing-safe)
Added require_service_key — bot-only endpoints (trip/event join/leave)
Added require_service_key_or_admin — node commands/config (bot via service key OR dashboard admin via Firebase)
Added _RateLimiter with three shared instances: trip_chat_limiter (20/5min per user), summarize_limiter (5/10min per incident), bootstrap_limiter (2/hr per system)
nodes.py
send_command and assign_system now require require_service_key_or_admin — the Discord bot can still call them via service key, but regular Firebase users are blocked
tokens.py
add_token, flush_tokens, set_preferred_system, delete_token all require require_admin_token
Token masking changed from token[:10] + "…" + token[-4:] to "•••" + token[-4:]
systems.py
All write endpoints (create, update, delete, ai-flags, ten-codes, vocabulary writes, bootstrap) now require require_admin_token
bootstrap_vocabulary also calls bootstrap_limiter.check(system_id)
incidents.py
POST /incidents/summarize (bulk) now requires require_admin_token
POST /incidents/{id}/summarize now calls summarize_limiter.check(incident_id)
trips.py
join_trip, leave_trip, join_event, leave_event require require_service_key — only the Discord bot can set Discord attendee identity
delete_trip, delete_event require require_service_key_or_admin
trip_chat rate-limited per caller UID, history stripped to user/assistant roles only, user message truncated to 2000 chars, Maps query strings capped at 200 chars
upload.py
Rejects files larger than settings.upload_max_bytes (default 100MB) with 413
storage.py
_safe_audio_filename() derives GCS object name from call_id + allowlisted extension, completely ignoring the client-supplied filename
config.py
Added upload_max_bytes: int = 100 * 1024 * 1024
Both Dockerfiles — python:3.14-slim → python:3.12-slim
148 lines
5.4 KiB
Python
148 lines
5.4 KiB
Python
import secrets
|
|
from typing import Optional
|
|
from fastapi import APIRouter, HTTPException, Depends, Query
|
|
from app.models import CommandPayload
|
|
from app.internal import firestore as fstore
|
|
from app.internal.mqtt_handler import mqtt_handler
|
|
from app.internal.auth import require_admin_token, require_service_key_or_admin
|
|
from app.routers.tokens import assign_token, release_token
|
|
|
|
router = APIRouter(prefix="/nodes", tags=["nodes"])
|
|
|
|
|
|
@router.get("")
|
|
async def list_nodes():
|
|
return await fstore.collection_list("nodes")
|
|
|
|
|
|
@router.get("/{node_id}")
|
|
async def get_node(node_id: str):
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
return node
|
|
|
|
|
|
@router.post("/{node_id}/approve")
|
|
async def approve_node(node_id: str, _: dict = Depends(require_admin_token)):
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
|
|
api_key = secrets.token_hex(32)
|
|
await fstore.doc_set("node_keys", node_id, {"node_id": node_id, "api_key": api_key}, merge=False)
|
|
await fstore.doc_update("nodes", node_id, {"approval_status": "approved"})
|
|
mqtt_handler.publish_node_key(node_id, api_key)
|
|
return {"ok": True}
|
|
|
|
|
|
@router.delete("/{node_id}", status_code=204)
|
|
async def delete_node(node_id: str, _: dict = Depends(require_admin_token)):
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
await fstore.doc_delete("node_keys", node_id)
|
|
await fstore.doc_delete("nodes", node_id)
|
|
|
|
|
|
@router.post("/{node_id}/reject")
|
|
async def reject_node(node_id: str, _: dict = Depends(require_admin_token)):
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
await fstore.doc_update("nodes", node_id, {"approval_status": "rejected"})
|
|
return {"ok": True}
|
|
|
|
|
|
@router.post("/{node_id}/command")
|
|
async def send_command(
|
|
node_id: str,
|
|
cmd: CommandPayload,
|
|
_: dict = Depends(require_service_key_or_admin),
|
|
):
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
|
|
payload = cmd.model_dump(exclude_none=True)
|
|
|
|
if cmd.action == "discord_join":
|
|
# Resolve system doc once — used for preferred token and presence name.
|
|
system_doc = None
|
|
system_id = node.get("assigned_system_id")
|
|
if system_id:
|
|
system_doc = await fstore.doc_get_cached("systems", system_id)
|
|
|
|
# Explicit preferred_token_id in the request beats the system-level preference.
|
|
preferred = payload.pop("preferred_token_id", None) or (system_doc or {}).get("preferred_token_id")
|
|
token = await assign_token(node_id, preferred_token_id=preferred)
|
|
if not token:
|
|
raise HTTPException(503, "No Discord bot tokens available in the pool.")
|
|
payload["token"] = token
|
|
|
|
# Pass system name so the bot can set its Discord presence on join.
|
|
system_name = (system_doc or {}).get("name")
|
|
if system_name:
|
|
payload["system_name"] = system_name
|
|
|
|
elif cmd.action == "discord_leave":
|
|
await release_token(node_id)
|
|
|
|
if not mqtt_handler.send_command(node_id, payload):
|
|
raise HTTPException(503, "MQTT broker unavailable — command not delivered.")
|
|
return {"ok": True}
|
|
|
|
|
|
@router.post("/{node_id}/reissue-key")
|
|
async def reissue_node_key(node_id: str, _: dict = Depends(require_admin_token)):
|
|
"""Generate a new API key for the node and push it via MQTT (retained).
|
|
Use this to rotate a key or recover a node whose key was lost."""
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
api_key = secrets.token_hex(32)
|
|
await fstore.doc_set("node_keys", node_id, {"node_id": node_id, "api_key": api_key}, merge=False)
|
|
mqtt_handler.publish_node_key(node_id, api_key)
|
|
return {"ok": True}
|
|
|
|
|
|
@router.post("/{node_id}/config/{system_id}")
|
|
async def assign_system(
|
|
node_id: str,
|
|
system_id: str,
|
|
hardware_preset: str = Query("rtl-sdr-v3"),
|
|
ppm_override: Optional[float] = Query(None),
|
|
_: dict = Depends(require_service_key_or_admin),
|
|
):
|
|
"""
|
|
Assign a system to a node. Fetches the system config from Firestore
|
|
and pushes it to the node via MQTT, then marks the node as configured.
|
|
"""
|
|
node = await fstore.doc_get("nodes", node_id)
|
|
if not node:
|
|
raise HTTPException(404, f"Node '{node_id}' not found.")
|
|
|
|
system = await fstore.doc_get("systems", system_id)
|
|
if not system:
|
|
raise HTTPException(404, f"System '{system_id}' not found.")
|
|
|
|
# Include hardware preset in the push so the edge node applies it when
|
|
# generating the OP25 config. Strip it from the system doc first so it
|
|
# doesn't collide with SystemConfig field validation on the node side.
|
|
push_payload = {**system, "hardware_preset": hardware_preset}
|
|
if ppm_override is not None:
|
|
push_payload["ppm_override"] = ppm_override
|
|
mqtt_handler.push_config(node_id, push_payload)
|
|
|
|
# Update Firestore
|
|
node_updates = {
|
|
"assigned_system_id": system_id,
|
|
"configured": True,
|
|
"hardware_preset": hardware_preset,
|
|
}
|
|
if ppm_override is not None:
|
|
node_updates["ppm_override"] = ppm_override
|
|
await fstore.doc_update("nodes", node_id, node_updates)
|
|
|
|
return {"ok": True}
|