- Modernized authentication with the introduction of TenantProject

- Created a base mail template
- Adapt and improve document API to usage of catalogs and processors
- Adapt eveai_sync to new authentication mechanism and usage of catalogs and processors

eveai_api/api/auth.py

@@ -2,7 +2,7 @@ from datetime import timedelta
 
 from flask_restx import Namespace, Resource, fields
 from flask_jwt_extended import create_access_token
-from common.models.user import Tenant
+from common.models.user import Tenant, TenantProject
 from common.extensions import simple_encryption
 from flask import current_app, request
 
@@ -30,8 +30,9 @@ class Token(Resource):
         """
         Get JWT token
         """
+        current_app.logger.debug(f'Token Requested {auth_ns.payload}')
         try:
-            tenant_id = auth_ns.payload['tenant_id']
+            tenant_id = int(auth_ns.payload['tenant_id'])
             api_key = auth_ns.payload['api_key']
         except KeyError as e:
             current_app.logger.error(f"Missing required field: {e}")
@@ -41,18 +42,34 @@ class Token(Resource):
 
         if not tenant:
             current_app.logger.error(f"Tenant not found: {tenant_id}")
-            return {'message': "Tenant not found"}, 404
+            return {'message': f"Authentication invalid for tenant {tenant_id}"}, 404
 
-        try:
-            decrypted_api_key = simple_encryption.decrypt_api_key(tenant.encrypted_api_key)
-        except Exception as e:
-            current_app.logger.error(f"Error decrypting API key: {e}")
-            return {'message': "Internal server error"}, 500
+        projects = TenantProject.query.filter_by(
+            tenant_id=tenant_id,
+            active=True
+        ).all()
 
-        if api_key != decrypted_api_key:
-            current_app.logger.error(f"Invalid API key for tenant: {tenant_id}")
+        # Find project with matching API key
+        matching_project = None
+        for project in projects:
+            try:
+                decrypted_key = simple_encryption.decrypt_api_key(project.encrypted_api_key)
+                if decrypted_key == api_key:
+                    matching_project = project
+                    break
+            except Exception as e:
+                current_app.logger.error(f"Error decrypting API key for project {project.id}: {e}")
+                continue
+
+        if not matching_project:
+            current_app.logger.error(f"Project for given API key not found for Tenant: {tenant_id}")
             return {'message': "Invalid API key"}, 401
 
+        if "DOCAPI" not in matching_project.services:
+            current_app.logger.error(f"Service DOCAPI not authorized for Project {matching_project.name} "
+                                     f"for Tenant: {tenant_id}")
+            return {'message': f"Service DOCAPI not authorized for Project {matching_project.name}"}, 403
+
         # Get the JWT_ACCESS_TOKEN_EXPIRES setting from the app config
         expires_delta = current_app.config.get('JWT_ACCESS_TOKEN_EXPIRES', timedelta(minutes=15))
 

eveai_api/api/document_api.py

@@ -10,9 +10,10 @@ from werkzeug.utils import secure_filename
 from common.utils.document_utils import (
     create_document_stack, process_url, start_embedding_task,
     validate_file_type, EveAIInvalidLanguageException, EveAIDoubleURLException, EveAIUnsupportedFileType,
-    process_multiple_urls, get_documents_list, edit_document, refresh_document, edit_document_version,
+    get_documents_list, edit_document, refresh_document, edit_document_version,
     refresh_document_with_info
 )
+from common.utils.eveai_exceptions import EveAIException
 
 
 def validate_date(date_str):
@@ -212,14 +213,23 @@ class DocumentResource(Resource):
     @document_ns.doc('edit_document')
     @document_ns.expect(edit_document_model)
     @document_ns.response(200, 'Document updated successfully')
+    @document_ns.response(400, 'Validation Error')
+    @document_ns.response(404, 'Document not found')
+    @document_ns.response(500, 'Internal Server Error')
     def put(self, document_id):
         """Edit a document"""
-        data = request.json
-        updated_doc, error = edit_document(document_id, data['name'], data.get('valid_from'), data.get('valid_to'))
-        if updated_doc:
-            return {'message': f'Document {updated_doc.id} updated successfully'}, 200
-        else:
-            return {'message': f'Error updating document: {error}'}, 400
+        try:
+            current_app.logger.debug(f'Editing document {document_id}')
+            data = request.json
+            tenant_id = get_jwt_identity()
+            updated_doc, error = edit_document(tenant_id, document_id, data.get('name', None),
+                                               data.get('valid_from', None), data.get('valid_to', None))
+            if updated_doc:
+                return {'message': f'Document {updated_doc.id} updated successfully'}, 200
+            else:
+                return {'message': f'Error updating document: {error}'}, 400
+        except EveAIException as e:
+            return e.to_dict(), e.status_code
 
     @jwt_required()
     @document_ns.doc('refresh_document')
@@ -249,7 +259,8 @@ class DocumentVersionResource(Resource):
     def put(self, version_id):
         """Edit a document version"""
         data = request.json
-        updated_version, error = edit_document_version(version_id, data['user_context'], data.get('catalog_properties'))
+        tenant_id = get_jwt_identity()
+        updated_version, error = edit_document_version(tenant_id, version_id, data['user_context'], data.get('catalog_properties'))
         if updated_version:
             return {'message': f'Document Version {updated_version.id} updated successfully'}, 200
         else: