fix: import SearchFilter in api_crud_v3.py to resolve NameError

2026-01-07 14:25:58 -05:00
parent 6d13b952c4
commit cf96d93246
3 changed files with 54 additions and 45 deletions
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -49,42 +49,39 @@ I am an interactive CLI agent assisting with software engineering tasks for One
 ## Session Learnings & Progress (Jan 2-7, 2026)
-### Agent Bridge & Docker Integration (Jan 7, 2026)
+### V3 API Security Hardening (Jan 7, 2026) - MILESTONE
- **Agent Bridge Implementation**: Developed `app/routers/agent_bridge.py` to provide administrative insight into the Docker runtime environment.
+- **Mandatory JWT Authentication**: Successfully implemented strict multi-tenant isolation across all V3 CRUD and Search endpoints.
-    - Endpoints include `/status`, `/system/usage`, `/logs`, `/logs/list`, `/processes`, and `/container/metadata`.
+    - All requests (except context resolution) now require a valid JWT `Authorization: Bearer <token>` or `?jwt=<token>`.
-    - Implemented `is_admin` helper for consistent security across administrative tools.
+    - **Account Isolation**: results are automatically filtered by `account_id` from the JWT.
-    - Added support for listing and tailing various log files, with path sanitization.
+    - **Documentation**: Updated `V3_FRONTEND_API_GUIDE.md` with explicit instructions and security requirements for the frontend agent.
- **MCP Docker Explorer**: Created `mcp_docker_explorer.py` as a standalone client to test the Model Context Protocol (MCP) Docker server integration. This script uses `npx` to run `@modelcontextprotocol/server-docker`.
+
- **Authentication Exceptions**: 
+### Agent Bridge & Docker Integration
-    - Acknowledged that `x_no_account_id` is used intentionally in some contexts, though a more robust solution will be needed later.
+- **Agent Bridge Implementation**: Developed `app/routers/agent_bridge.py` for environment diagnostics.
-    - **Direct Download Links**: Noted that Hosted Files and Event Files often require direct download links that cannot include custom headers, as they are often shared directly with users.
+- **Dependency Management**: Noted `psutil` is missing from the container, causing system usage metrics to fail.
    - **Decision**: Holding off on adding `psutil` to minimize extra dependencies; the code fails gracefully for now.
 - **MCP Docker Explorer**: Created `mcp_docker_explorer.py` to test MCP server integration.
 ### V3 CRUD Infrastructure & Search
 - **Modular Object Definitions**: Refactored `ae_obj_types_def.py` into modular domain files in `app/object_definitions/`.
 - **Advanced Search Fixes**: 
-    - Resolved account listing and search issues by implementing `get_supported_filters` in `api_crud_v3.py`. This helper automatically adjusts `status_filter` (enabled/hidden) based on model field support (e.g., handles tables missing the `hide` column).
+    - Resolved account listing and search issues by implementing `get_supported_filters` in `api_crud_v3.py`.
-    - Improved standardized full-text search (`q` parameter) in `sql_search_qry_part` with a dry-run check for the `default_qry_str` column. It now falls back to a `LIKE` search across all searchable fields if the column is missing.
+    - Improved standardized full-text search (`q` parameter) with fallback logic for missing columns.
-    - Added support for the `%` wildcard in `q`, allowing it to bypass filtering and return all records.
+- **Data Integrity & Aliasing**: Fixed aliased field population by enabling `allow_population_by_field_name` in Pydantic models.
 - **Data Integrity & Aliasing**: Fixed a critical issue where aliased fields (like `account_id_random`) were returned as `null` by adding `allow_population_by_field_name = True` to Pydantic models (updated `Account_Base`, `Site_Domain_Base`, etc.).
 - **Consolidated V3 Router**: Systematically cleaned up `api_crud_v3.py`, removing duplicate endpoint definitions and standardizing logic across all CRUD and Search routes.
 - **Robust Error Handling**: Updated V3 routers to return 500 status codes on database failures instead of masking errors with empty result sets.
-### Database Schema Insights
+### Tool Stability & Recovery Note (Jan 7, 2026)
- Verified schema for core tables (`account`, `event`, `person`, `user`, `data_store`, `site`, `site_domain`).
+- **Frequent Hangs:** The agent experienced multiple hangs (18+) when using shell commands or `list_directory`.
- Noted that `site_domain` lacks a `hide` column, and `hosted_file_link` lacks both `hide` and `enable`.
+- **Recovery Action:** A `NameError: name 'SearchFilter' is not defined` in `app/routers/api_crud_v3.py` was fixed by adding the missing import. This error was triggered by the new account isolation logic in the search endpoint.
- Most major tables now have a standardized `hide` column (added to `account` on Jan 6, 2026).
+- **Verification:** The fix was applied, but verification was interrupted by a tool hang. Verification resumes in the next session.
 ## Current To-Do List
-1. **Docker MCP Integration (Priority: High)**: Proceed with integrating the Docker MCP server into the Gemini CLI environment for direct container management.
+1. **Frontend Integration (Priority: High)**: Coordinate with the frontend agent to ensure they adopt the mandatory JWT authentication pattern.
-2. **Security - Field Allowlists (Priority: Done)**: Finished populating `searchable_fields` for all object definitions (Core, CMS, Events, Membership, Orders, Other).
+2. **Routing - Nginx (Priority: High)**: Resolve 404 errors on `/v3/` and `/agent/` routes (Port 8888) by updating the Nginx configuration.
-3. **Refactoring - Modularize `db_sql.py` (Priority: Done/Low)**: Successfully implemented a facade pattern, moving search builders and Redis helpers to modular files. This reduced `db_sql.py` by nearly 500 lines while preserving stability. Further modularization of core CRUD should only be attempted if stability risks are mitigated.
+3. **Docker MCP Integration (Priority: Medium)**: Proceed with integrating the Docker MCP server into the Gemini CLI environment.
 4. **Specialized Endpoints (Priority: Medium)**: Plan modernization of custom logic (importing, websockets) to match V3 patterns.
-5. **Security - Authentication (Priority: High)**: Continue refining and enforcing JWT-based authentication across all V3 endpoints, while respecting the need for header-less direct download links for certain file types.
+5. **Account ID Handling (Priority: Low)**: Address the `x_no_account_id` usage with a more permanent architecture.
 6. **Account ID Handling (Priority: Low)**: Address the `x_no_account_id` usage with a more permanent and secure architecture.
 ### Workflow & Collaboration
 - **`GEMINI.md` Strategy:** The user is creating `GEMINI.md` files in key project directories. Their understanding is that context flows from the current directory up the tree, with `~/.gemini/GEMINI.md` serving as a global catch-all for general memories.
 - **Agents Sync (rsync):** Shared documentation, notes, and architectural updates are pushed to the `agents_sync` directory using `rsync`. This allows real-time coordination between different specialized agents (e.g., FastAPI backend and Svelte frontend agents).
- **Home Server:** The user self-hosts a Proxmox server for services like Nextcloud.
+- **Home Server:** The user self-hosts a Proxmox server for services like Nextcloud.
--- a/app/routers/api_crud_v3.py
+++ b/app/routers/api_crud_v3.py
@@ -16,7 +16,7 @@ from app.lib_general_v3 import (
    DelayParams, get_delay_params
 )
 from app.models.response_models import *
-from app.models.api_crud_models import SearchQuery
+from app.models.api_crud_models import SearchFilter, SearchQuery
 from app.ae_obj_types_def import obj_type_kv_li
 from app.db_sql import redis_lookup_id_random, sql_select, sql_insert, sql_update, sql_delete, get_id_random
@@ -451,10 +451,13 @@ async def search_obj_li(
    # Forced account isolation for the search query itself
    # We inject the account_id into the SearchQuery object if it's not a super user
    if not account.super and account.auth_method != 'bypass' and account.account_id:
        if search_query.and_filters is None:
            search_query.and_filters = []
        if obj_name == 'account':
-            search_query.and_filter['id'] = account.account_id
+            search_query.and_filters.append(SearchFilter(field='id', op='eq', value=account.account_id))
        elif base_name and hasattr(base_name, '__fields__') and 'account_id' in base_name.__fields__:
-            search_query.and_filter['account_id'] = account.account_id
+            search_query.and_filters.append(SearchFilter(field='account_id', op='eq', value=account.account_id))
    if for_obj_type and for_obj_id:
        resolved_for_obj_id = redis_lookup_id_random(record_id_random=for_obj_id, table_name=for_obj_type)
--- a/documentation/V3_FRONTEND_API_GUIDE.md
+++ b/documentation/V3_FRONTEND_API_GUIDE.md
@@ -202,35 +202,44 @@ Use the `q` property in your search body for a keyword search.
 }
 ```
-## 6. Authentication in V3
+## 6. Authentication and Security in V3 (Mandatory)
-V3 supports multiple authentication methods. The backend resolves these automatically.
+Implemented in January 2026, the V3 architecture enforces strict **Multi-Tenant Isolation** and requires valid authentication for nearly all requests.
-### A. Standard Requests (Header)
+### A. Authentication Requirement
-For most API calls, use the standard Bearer token in the `Authorization` header.
+Most API calls now require a standard Bearer token in the `Authorization` header.
-```ts
+*   **Mandatory:** V3 CRUD endpoints require a valid JWT or an administrative bypass header.
-// Example: Setting the JWT in headers
+*   **Account Isolation:** The backend automatically filters all results based on the `account_id` found in your JWT. You cannot access data belonging to another account even if you know the ID.
-headers: {
+*   **Status Codes:**
-    "Authorization": `Bearer ${user_jwt_token}`
+    *   `401 Unauthorized`: Your JWT is invalid or expired.
-}
+    *   `403 Forbidden`: No authentication provided, or you attempted to access an object belonging to a different account.
 **Example Request Header:**
 ```http
 Authorization: Bearer <your_jwt_token>
 ```
-### B. Secure File Downloads (URL Parameter)
+### B. Role-Based Access
-**Crucial for `hosted_file` and `event_file`**: To allow browsers to download files without complex header modifications, you can pass the JWT directly in the URL.
+The API performs background checks on the user's role stored in the system:
 *   **Managers/Admins:** Can see and edit most data within their account.
 *   **Super Users:** Can bypass account isolation (reserved for system maintenance).
 ### C. Secure File Downloads (URL Parameter)
 For `hosted_file` and `event_file`, browsers often need to download files without complex header modifications. In these cases, you can pass the JWT directly in the URL.
 ```ts
-// Example: Creating a secure download link
+// Example: Creating a secure download link for a browser
 // GET /v3/crud/hosted_file/{id}/?jwt={token}
-const downloadUrl = `${BASE_URL}/hosted_file/${fileId}/?jwt=${jwtToken}`;
+const downloadUrl = `${BASE_URL}/v3/crud/hosted_file/${fileId}/?jwt=${jwtToken}`;
 ```
-### C. Legacy Fallback (X-Account-ID)
+### D. Administrative Bypass (Utility/Dev only)
-For development and backward compatibility, the `X-Account-ID` header is still supported but should be phased out in favor of JWT.
+For development utilities and automated scripts, the `X-No-Account-ID: true` header grants full administrative access. **Never use this in a public-facing application.**
 ---
-## 5. Best Practices for V3
+## 7. Best Practices for V3
 1.  **Use `view` for Rich Data**: Instead of manually joining data in separate calls, use `?view=enriched` or `?view=detail` if defined in the backend.
 2.  **Hybrid Search**: Use query parameters for simple toggles (enabled/hidden) and the POST body for complex logic.