member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: rename idp fields to provider naming

Browse Source
This commit is contained in:
Chris
2026-04-03 01:05:01 +08:00
parent ce181ebf67
commit 388a3f461c
26 changed files with 202 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
app/api/admin_catalog.py
View File

@@ -51,8 +51,8 @@ from app.schemas.catalog import (
)
from app.security.admin_guard import require_admin_principal
from app.security.api_client_auth import hash_api_key
from app.services.idp_admin_service import KeycloakAdminService
from app.services.idp_catalog_sync import sync_from_keycloak
from app.services.idp_admin_service import ProviderAdminService
from app.services.idp_catalog_sync import sync_from_provider
from app.core.config import get_settings
router = APIRouter(
@@ -76,7 +76,7 @@ def _company_item(company) -> CompanyItem:
company_key=company.company_key,
display_name=company.display_name,
legal_name=company.legal_name,
idp_group_id=company.idp_group_id,
provider_group_id=company.provider_group_id,
status=company.status,
)
@@ -89,7 +89,7 @@ def _site_item(site, company) -> SiteItem:
company_display_name=company.display_name,
display_name=site.display_name,
domain=site.domain,
idp_group_id=site.idp_group_id,
provider_group_id=site.provider_group_id,
status=site.status,
)
@@ -99,7 +99,7 @@ def _system_item(system) -> SystemItem:
id=system.id,
system_key=system.system_key,
name=system.name,
idp_client_id=system.idp_client_id,
provider_client_id=system.provider_client_id,
status=system.status,
)
@@ -108,7 +108,7 @@ def _member_item(user) -> MemberItem:
return MemberItem(
id=user.id,
user_sub=user.user_sub,
idp_user_id=user.idp_user_id,
provider_user_id=user.provider_user_id,
username=user.username,
email=user.email,
display_name=user.display_name,
@@ -138,7 +138,7 @@ def list_companies(
limit: int = Query(default=100, ge=1, le=500),
offset: int = Query(default=0, ge=0),
) -> ListResponse:
sync_from_keycloak(db)
sync_from_provider(db)
repo = CompaniesRepository(db)
items, total = repo.list(keyword=keyword, limit=limit, offset=offset)
return ListResponse(items=[_company_item(i) for i in items], total=total, limit=limit, offset=offset)
@@ -147,7 +147,7 @@ def list_companies(
@router.post("/companies", response_model=CompanyItem)
def create_company(payload: CompanyCreateRequest, db: Session = Depends(get_db)) -> CompanyItem:
repo = CompaniesRepository(db)
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
company_key = _generate_unique_key("CP", lambda key: repo.get_by_key(key) is not None)
group_name = _company_group_name(payload.display_name, company_key)
group = idp.ensure_group(
@@ -163,7 +163,7 @@ def create_company(payload: CompanyCreateRequest, db: Session = Depends(get_db))
company_key=company_key,
display_name=payload.display_name,
legal_name=payload.legal_name,
idp_group_id=group.group_id,
provider_group_id=group.group_id,
status=payload.status,
)
return _company_item(item)
@@ -175,10 +175,10 @@ def update_company(company_key: str, payload: CompanyUpdateRequest, db: Session
item = repo.get_by_key(company_key)
if not item:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="company_not_found")
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
resolved_display_name = payload.display_name if payload.display_name is not None else item.display_name
resolved_status = payload.status if payload.status is not None else item.status
resolved_group_id = payload.idp_group_id or item.idp_group_id
resolved_group_id = payload.provider_group_id or item.provider_group_id
group_name = _company_group_name(resolved_display_name, company_key)
group = idp.ensure_group(
group_id=resolved_group_id,
@@ -194,7 +194,7 @@ def update_company(company_key: str, payload: CompanyUpdateRequest, db: Session
item,
display_name=payload.display_name,
legal_name=payload.legal_name,
idp_group_id=group.group_id,
provider_group_id=group.group_id,
status=payload.status,
)
return _company_item(item)
@@ -203,11 +203,11 @@ def update_company(company_key: str, payload: CompanyUpdateRequest, db: Session
@router.delete("/companies/{company_key}")
def delete_company(company_key: str, db: Session = Depends(get_db)) -> dict[str, str]:
repo = CompaniesRepository(db)
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
item = repo.get_by_key(company_key)
if not item:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="company_not_found")
idp.delete_group(group_id=item.idp_group_id)
idp.delete_group(group_id=item.provider_group_id)
repo.delete(item)
return {"deleted": company_key}
@@ -231,7 +231,7 @@ def list_sites(
limit: int = Query(default=100, ge=1, le=500),
offset: int = Query(default=0, ge=0),
) -> ListResponse:
sync_from_keycloak(db)
sync_from_provider(db)
companies_repo = CompaniesRepository(db)
sites_repo = SitesRepository(db)
company_id = None
@@ -252,7 +252,7 @@ def list_sites(
def create_site(payload: SiteCreateRequest, db: Session = Depends(get_db)) -> SiteItem:
companies_repo = CompaniesRepository(db)
sites_repo = SitesRepository(db)
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
company = companies_repo.get_by_key(payload.company_key)
if not company:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="company_not_found")
@@ -262,7 +262,7 @@ def create_site(payload: SiteCreateRequest, db: Session = Depends(get_db)) -> Si
group = idp.ensure_group(
group_id=None,
name=group_name,
parent_group_id=company.idp_group_id,
parent_group_id=company.provider_group_id,
attributes={
"member_entity_type": "site",
"site_key": site_key,
@@ -277,7 +277,7 @@ def create_site(payload: SiteCreateRequest, db: Session = Depends(get_db)) -> Si
company_id=company.id,
display_name=payload.display_name,
domain=payload.domain,
idp_group_id=group.group_id,
provider_group_id=group.group_id,
status=payload.status,
)
return _site_item(item, company)
@@ -287,7 +287,7 @@ def create_site(payload: SiteCreateRequest, db: Session = Depends(get_db)) -> Si
def update_site(site_key: str, payload: SiteUpdateRequest, db: Session = Depends(get_db)) -> SiteItem:
companies_repo = CompaniesRepository(db)
sites_repo = SitesRepository(db)
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
item = sites_repo.get_by_key(site_key)
if not item:
@@ -306,12 +306,12 @@ def update_site(site_key: str, payload: SiteUpdateRequest, db: Session = Depends
resolved_display_name = payload.display_name if payload.display_name is not None else item.display_name
resolved_domain = payload.domain if payload.domain is not None else item.domain
resolved_status = payload.status if payload.status is not None else item.status
resolved_group_id = payload.idp_group_id or item.idp_group_id
resolved_group_id = payload.provider_group_id or item.provider_group_id
group_name = _site_group_name(resolved_display_name, site_key)
group = idp.ensure_group(
group_id=resolved_group_id,
name=group_name,
parent_group_id=target_company.idp_group_id,
parent_group_id=target_company.provider_group_id,
attributes={
"member_entity_type": "site",
"site_key": site_key,
@@ -327,7 +327,7 @@ def update_site(site_key: str, payload: SiteUpdateRequest, db: Session = Depends
company_id=company_id,
display_name=payload.display_name,
domain=payload.domain,
idp_group_id=group.group_id,
provider_group_id=group.group_id,
status=payload.status,
)
company = companies_repo.get_by_id(item.company_id)
@@ -339,11 +339,11 @@ def update_site(site_key: str, payload: SiteUpdateRequest, db: Session = Depends
@router.delete("/sites/{site_key}")
def delete_site(site_key: str, db: Session = Depends(get_db)) -> dict[str, str]:
repo = SitesRepository(db)
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
item = repo.get_by_key(site_key)
if not item:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="site_not_found")
idp.delete_group(group_id=item.idp_group_id)
idp.delete_group(group_id=item.provider_group_id)
repo.delete(item)
return {"deleted": site_key}
@@ -356,7 +356,7 @@ def list_systems(
limit: int = Query(default=100, ge=1, le=500),
offset: int = Query(default=0, ge=0),
) -> ListResponse:
sync_from_keycloak(db)
sync_from_provider(db)
repo = SystemsRepository(db)
items, total = repo.list(keyword=keyword, status=status_filter, limit=limit, offset=offset)
return ListResponse(items=[_system_item(i) for i in items], total=total, limit=limit, offset=offset)
@@ -364,17 +364,17 @@ def list_systems(
@router.post("/systems", response_model=SystemItem)
def create_system(payload: SystemCreateRequest, db: Session = Depends(get_db)) -> SystemItem:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_manage_in_keycloak_only")
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_manage_in_provider_only")
@router.patch("/systems/{system_key}", response_model=SystemItem)
def update_system(system_key: str, payload: SystemUpdateRequest, db: Session = Depends(get_db)) -> SystemItem:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_manage_in_keycloak_only")
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_manage_in_provider_only")
@router.delete("/systems/{system_key}")
def delete_system(system_key: str, db: Session = Depends(get_db)) -> dict[str, str]:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_manage_in_keycloak_only")
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_manage_in_provider_only")
@router.get("/roles", response_model=ListResponse)
@@ -386,7 +386,7 @@ def list_roles(
limit: int = Query(default=100, ge=1, le=500),
offset: int = Query(default=0, ge=0),
) -> ListResponse:
sync_from_keycloak(db)
sync_from_provider(db)
systems_repo = SystemsRepository(db)
roles_repo = RolesRepository(db)
@@ -410,7 +410,7 @@ def list_roles(
system_key=system_map[row.system_id].system_key,
system_name=system_map[row.system_id].name,
name=row.name,
idp_role_name=row.idp_role_name,
provider_role_name=row.provider_role_name,
description=row.description,
status=row.status,
)
@@ -436,7 +436,7 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
system_id=system.id,
name=payload.name,
description=payload.description,
idp_role_name=payload.idp_role_name,
provider_role_name=payload.provider_role_name,
status=payload.status,
)
except IntegrityError:
@@ -449,7 +449,7 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
system_key=system.system_key,
system_name=system.name,
name=row.name,
idp_role_name=row.idp_role_name,
provider_role_name=row.provider_role_name,
description=row.description,
status=row.status,
)
@@ -477,7 +477,7 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
system_id=system_id,
name=payload.name,
description=payload.description,
idp_role_name=payload.idp_role_name,
provider_role_name=payload.provider_role_name,
status=payload.status,
)
except IntegrityError:
@@ -494,7 +494,7 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
system_key=system.system_key,
system_name=system.name,
name=role.name,
idp_role_name=role.idp_role_name,
provider_role_name=role.provider_role_name,
description=role.description,
status=role.status,
)
@@ -529,7 +529,7 @@ def list_system_roles(system_key: str, db: Session = Depends(get_db)) -> SystemR
system_key=system.system_key,
system_name=system.name,
name=row.name,
idp_role_name=row.idp_role_name,
provider_role_name=row.provider_role_name,
description=row.description,
status=row.status,
)
@@ -625,7 +625,7 @@ def list_members(
limit: int = Query(default=100, ge=1, le=500),
offset: int = Query(default=0, ge=0),
) -> ListResponse:
sync_from_keycloak(db)
sync_from_provider(db)
repo = UsersRepository(db)
rows, total = repo.list(keyword=keyword, is_active=is_active, limit=limit, offset=offset)
return ListResponse(items=[_member_item(r) for r in rows], total=total, limit=limit, offset=offset)
@@ -636,11 +636,11 @@ def create_member(payload: MemberUpsertRequest, db: Session = Depends(get_db)) -
users_repo = UsersRepository(db)
resolved_sub = payload.user_sub
idp_user_id: str | None = None
provider_user_id: str | None = None
if payload.sync_to_idp:
if not payload.email:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="email_required_for_idp_sync")
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
sync_result = idp.ensure_user(
sub=payload.user_sub,
email=payload.email,
@@ -648,7 +648,7 @@ def create_member(payload: MemberUpsertRequest, db: Session = Depends(get_db)) -
display_name=payload.display_name,
is_active=payload.is_active,
)
idp_user_id = sync_result.user_id
provider_user_id = sync_result.user_id
resolved_sub = resolved_sub or sync_result.user_sub
if not resolved_sub:
@@ -661,7 +661,7 @@ def create_member(payload: MemberUpsertRequest, db: Session = Depends(get_db)) -
display_name=payload.display_name,
is_active=payload.is_active,
status=payload.status,
idp_user_id=idp_user_id,
provider_user_id=provider_user_id,
)
return _member_item(user)
@@ -681,16 +681,16 @@ def update_member(user_sub: str, payload: MemberUpdateRequest, db: Session = Dep
if payload.sync_to_idp:
if not next_email:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="email_required_for_idp_sync")
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
sync_result = idp.ensure_user(
sub=user.user_sub,
email=next_email,
username=next_username,
display_name=next_display_name,
is_active=next_is_active,
idp_user_id=user.idp_user_id,
provider_user_id=user.provider_user_id,
)
user.idp_user_id = sync_result.user_id
user.provider_user_id = sync_result.user_id
updated = users_repo.update_member(
user,
@@ -711,8 +711,8 @@ def delete_member(user_sub: str, db: Session = Depends(get_db), sync_to_idp: boo
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="member_not_found")
if sync_to_idp:
idp = KeycloakAdminService(get_settings())
idp.delete_user(idp_user_id=user.idp_user_id, email=user.email, username=user.username)
idp = ProviderAdminService(get_settings())
idp.delete_user(provider_user_id=user.provider_user_id, email=user.email, username=user.username)
users_repo.delete(user)
return {"deleted": user_sub}
@@ -725,10 +725,10 @@ def reset_member_password(user_sub: str, db: Session = Depends(get_db)) -> Membe
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="member_not_found")
idp = KeycloakAdminService(get_settings())
result = idp.reset_password(idp_user_id=user.idp_user_id, email=user.email, username=user.username)
if user.idp_user_id != result.user_id:
user.idp_user_id = result.user_id
idp = ProviderAdminService(get_settings())
result = idp.reset_password(provider_user_id=user.provider_user_id, email=user.email, username=user.username)
if user.provider_user_id != result.user_id:
user.provider_user_id = result.user_id
db.commit()
return MemberPasswordResetResponse(user_sub=user_sub, temporary_password=result.temporary_password)
@@ -811,7 +811,7 @@ def list_member_effective_roles(user_sub: str, db: Session = Depends(get_db)) ->
system_name=system.name,
role_key=role.role_key,
role_name=role.name,
idp_role_name=role.idp_role_name,
provider_role_name=role.provider_role_name,
)
for site, company, role, system in rows
]
@@ -836,25 +836,27 @@ def list_api_clients(
)
@router.post("/sync/from-keycloak")
def sync_catalog_from_keycloak(db: Session = Depends(get_db), force: bool = Query(default=True)) -> dict[str, int]:
return sync_from_keycloak(db, force=force)
@router.post("/sync/from-provider")
@router.post("/sync/from-keycloak", include_in_schema=False)
def sync_catalog_from_provider(db: Session = Depends(get_db), force: bool = Query(default=True)) -> dict[str, int]:
return sync_from_provider(db, force=force)
@router.post("/sync/keycloak-group-names")
def sync_keycloak_group_names(db: Session = Depends(get_db)) -> dict[str, int]:
@router.post("/sync/provider-group-names")
@router.post("/sync/keycloak-group-names", include_in_schema=False)
def sync_provider_group_names(db: Session = Depends(get_db)) -> dict[str, int]:
companies_repo = CompaniesRepository(db)
sites_repo = SitesRepository(db)
idp = KeycloakAdminService(get_settings())
idp = ProviderAdminService(get_settings())
companies, _ = companies_repo.list(limit=5000, offset=0)
company_count = 0
for company in companies:
if not company.idp_group_id:
if not company.provider_group_id:
continue
group_name = _company_group_name(company.display_name, company.company_key)
idp.ensure_group(
group_id=company.idp_group_id,
group_id=company.provider_group_id,
name=group_name,
attributes={
"member_entity_type": "company",
@@ -869,16 +871,16 @@ def sync_keycloak_group_names(db: Session = Depends(get_db)) -> dict[str, int]:
site_count = 0
company_map = {company.id: company for company in companies}
for site in sites:
if not site.idp_group_id:
if not site.provider_group_id:
continue
company = company_map.get(site.company_id)
if not company:
continue
group_name = _site_group_name(site.display_name, site.site_key)
idp.ensure_group(
group_id=site.idp_group_id,
group_id=site.provider_group_id,
name=group_name,
parent_group_id=company.idp_group_id,
parent_group_id=company.provider_group_id,
attributes={
"member_entity_type": "site",
"site_key": site.site_key,

27
app/api/internal.py
View File

@@ -5,12 +5,12 @@ from app.core.config import get_settings
from app.db.session import get_db
from app.repositories.users_repo import UsersRepository
from app.repositories.user_sites_repo import UserSitesRepository
from app.schemas.idp_admin import KeycloakEnsureUserRequest, KeycloakEnsureUserResponse
from app.schemas.idp_admin import ProviderEnsureUserRequest, ProviderEnsureUserResponse
from app.schemas.internal import InternalUpsertUserBySubResponse, InternalUserRoleItem, InternalUserRoleResponse
from app.schemas.permissions import RoleSnapshotResponse
from app.schemas.users import UserUpsertBySubRequest
from app.security.api_client_auth import require_api_client
from app.services.idp_admin_service import KeycloakAdminService
from app.services.idp_admin_service import ProviderAdminService
from app.services.permission_service import PermissionService
router = APIRouter(prefix="/internal", tags=["internal"], dependencies=[Depends(require_api_client)])
@@ -33,7 +33,7 @@ def upsert_user_by_sub(
return InternalUpsertUserBySubResponse(
id=user.id,
user_sub=user.user_sub,
idp_user_id=user.idp_user_id,
provider_user_id=user.provider_user_id,
username=user.username,
email=user.email,
display_name=user.display_name,
@@ -61,7 +61,7 @@ def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, st
system.name,
role.role_key,
role.name,
role.idp_role_name,
role.provider_role_name,
)
for site, company, role, system in rows
]
@@ -82,7 +82,7 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
system_name=system_name,
role_key=role_key,
role_name=role_name,
idp_role_name=idp_role_name,
provider_role_name=provider_role_name,
)
for (
site_key,
@@ -93,7 +93,7 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
system_name,
role_key,
role_name,
idp_role_name,
provider_role_name,
) in rows
],
)
@@ -108,14 +108,15 @@ def get_permission_snapshot(
return PermissionService.build_role_snapshot(user_sub=user_sub, rows=rows)
@router.post("/idp/users/ensure", response_model=KeycloakEnsureUserResponse)
@router.post("/keycloak/users/ensure", response_model=KeycloakEnsureUserResponse)
@router.post("/provider/users/ensure", response_model=ProviderEnsureUserResponse)
@router.post("/idp/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
@router.post("/keycloak/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
def ensure_idp_user(
payload: KeycloakEnsureUserRequest,
payload: ProviderEnsureUserRequest,
db: Session = Depends(get_db),
) -> KeycloakEnsureUserResponse:
) -> ProviderEnsureUserResponse:
settings = get_settings()
idp_service = KeycloakAdminService(settings=settings)
idp_service = ProviderAdminService(settings=settings)
sync_result = idp_service.ensure_user(
sub=payload.user_sub,
email=payload.email,
@@ -136,6 +137,6 @@ def ensure_idp_user(
display_name=payload.display_name,
is_active=payload.is_active,
status="active",
idp_user_id=sync_result.user_id,
provider_user_id=sync_result.user_id,
)
return KeycloakEnsureUserResponse(idp_user_id=sync_result.user_id, action=sync_result.action)
return ProviderEnsureUserResponse(provider_user_id=sync_result.user_id, action=sync_result.action)

4
app/api/internal_catalog.py
View File

@@ -34,7 +34,7 @@ def internal_list_systems(
"id": i.id,
"system_key": i.system_key,
"name": i.name,
"idp_client_id": i.idp_client_id,
"provider_client_id": i.provider_client_id,
"status": i.status,
}
for i in items
@@ -72,7 +72,7 @@ def internal_list_roles(
system_key=system_map[i.system_id].system_key,
system_name=system_map[i.system_id].name,
name=i.name,
idp_role_name=i.idp_role_name,
provider_role_name=i.provider_role_name,
description=i.description,
status=i.status,
)

8
app/api/me.py
View File

@@ -5,7 +5,7 @@ from sqlalchemy.orm import Session
from app.db.session import get_db
from app.repositories.users_repo import UsersRepository
from app.repositories.user_sites_repo import UserSitesRepository
from app.schemas.auth import KeycloakPrincipal, MeSummaryResponse
from app.schemas.auth import ProviderPrincipal, MeSummaryResponse
from app.schemas.permissions import RoleSnapshotResponse
from app.security.idp_jwt import require_authenticated_principal
from app.services.permission_service import PermissionService
@@ -15,7 +15,7 @@ router = APIRouter(prefix="/me", tags=["me"])
@router.get("", response_model=MeSummaryResponse)
def get_me(
principal: KeycloakPrincipal = Depends(require_authenticated_principal),
principal: ProviderPrincipal = Depends(require_authenticated_principal),
db: Session = Depends(get_db),
) -> MeSummaryResponse:
try:
@@ -39,7 +39,7 @@ def get_me(
@router.get("/permissions/snapshot", response_model=RoleSnapshotResponse)
def get_my_permission_snapshot(
principal: KeycloakPrincipal = Depends(require_authenticated_principal),
principal: ProviderPrincipal = Depends(require_authenticated_principal),
db: Session = Depends(get_db),
) -> RoleSnapshotResponse:
try:
@@ -65,7 +65,7 @@ def get_my_permission_snapshot(
system.name,
role.role_key,
role.name,
role.idp_role_name,
role.provider_role_name,
)
for site, company, role, system in rows
]