chore: tidy up

Author: iziang

aperag/db/models.py

@@ -774,7 +774,7 @@ class AuditLog(Base):
     id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
     user_id = Column(String(36), nullable=True, comment="User ID")
     username = Column(String(255), nullable=True, comment="Username")
-    resource_type = Column(Enum(AuditResource), nullable=True, comment="Resource type")
+    resource_type = Column(EnumColumn(AuditResource), nullable=True, comment="Resource type")
     resource_id = Column(String(255), nullable=True, comment="Resource ID (extracted at query time)")
     api_name = Column(String(255), nullable=False, comment="API operation name")
     http_method = Column(String(10), nullable=False, comment="HTTP method (POST, PUT, DELETE)")

aperag/middleware/audit_middleware.py

@@ -74,9 +74,15 @@ def _get_audit_info_from_route(self, request: Request) -> Tuple[Optional[str], O
                 if hasattr(route, 'tags') and route.tags:
                     resource_type = audit_service.get_resource_type_from_tags(route.tags)
 
+                # Debug logging
+                logger.debug(f"Route info - Path: {request.url.path}, API name: {api_name}, Tags: {getattr(route, 'tags', None)}, Resource type: {resource_type}")
+                
                 # Both API name and resource type are required
                 if api_name and resource_type:
                     return api_name, resource_type
+                elif api_name or resource_type:
+                    # Log when we have partial info to help debugging
+                    logger.warning(f"Partial audit info - Path: {request.url.path}, API name: {api_name}, Resource type: {resource_type}, Tags: {getattr(route, 'tags', None)}")
 
         except Exception as e:
             logger.warning(f"Failed to get audit info from route: {e}")
@@ -111,13 +117,6 @@ async def dispatch(self, request: Request, call_next):
         if not self._should_audit(request.url.path, request.method):
             return await call_next(request)
 
-        # Get audit info from route
-        api_name, resource_type = self._get_audit_info_from_route(request)
-        
-        if not api_name or not resource_type:
-            # No matching operation found, skip audit
-            return await call_next(request)
-
         # Record start time in milliseconds
         start_time_ms = int(time.time() * 1000)
         request_data = None
@@ -127,7 +126,7 @@ async def dispatch(self, request: Request, call_next):
         end_time_ms = None
 
         try:
-            # Extract request data
+            # Extract request data before calling next
             request_data = await self._extract_request_data(request)
 
             # Call the actual endpoint
@@ -137,52 +136,92 @@ async def dispatch(self, request: Request, call_next):
             # Record end time
             end_time_ms = int(time.time() * 1000)
 
-            # Try to extract response data for non-streaming responses
-            if hasattr(response, 'body'):
+            # Get audit info from route (now available after call_next)
+            api_name, resource_type = self._get_audit_info_from_route(request)
+            
+            # Only proceed with audit if we have both api_name and resource_type
+            if api_name and resource_type:
+                # Try to extract response data for non-streaming responses
+                if hasattr(response, 'body'):
+                    try:
+                        response_body = response.body.decode() if response.body else None
+                        if response_body:
+                            response_data = json.loads(response_body)
+                    except:
+                        pass
+                
+                # Log audit asynchronously
                 try:
-                    response_body = response.body.decode() if response.body else None
-                    if response_body:
-                        response_data = json.loads(response_body)
-                except:
-                    pass
+                    # Get user info from request state (set by auth middleware)
+                    user_id = getattr(request.state, 'user_id', None)
+                    username = getattr(request.state, 'username', None)
+                    
+                    # Extract client info
+                    ip_address, user_agent = audit_service._extract_client_info(request)
+                    
+                    # Log audit in background (don't await to avoid blocking)
+                    import asyncio
+                    asyncio.create_task(
+                        audit_service.log_audit(
+                            user_id=user_id,
+                            username=username,
+                            resource_type=resource_type,
+                            api_name=api_name,
+                            http_method=request.method,
+                            path=request.url.path,
+                            status_code=status_code,
+                            start_time=start_time_ms,
+                            end_time=end_time_ms,
+                            request_data=request_data,
+                            response_data=response_data,
+                            error_message=error_message,
+                            ip_address=ip_address,
+                            user_agent=user_agent
+                        )
+                    )
+                except Exception as audit_error:
+                    logger.error(f"Failed to log audit: {audit_error}")
 
         except Exception as e:
             error_message = str(e)
             status_code = 500
             end_time_ms = int(time.time() * 1000)
-            # Re-raise for normal error handling
-            raise
-        finally:
-            # Log audit asynchronously
+            
+            # Still try to log the error audit if route info is available
             try:
-                # Get user info from request state (set by auth middleware)
-                user_id = getattr(request.state, 'user_id', None)
-                username = getattr(request.state, 'username', None)
-                
-                # Extract client info
-                ip_address, user_agent = audit_service._extract_client_info(request)
-                
-                # Log audit in background (don't await to avoid blocking)
-                import asyncio
-                asyncio.create_task(
-                    audit_service.log_audit(
-                        user_id=user_id,
-                        username=username,
-                        resource_type=resource_type,
-                        api_name=api_name,
-                        http_method=request.method,
-                        path=request.url.path,
-                        status_code=status_code,
-                        start_time=start_time_ms,
-                        end_time=end_time_ms,
-                        request_data=request_data,
-                        response_data=response_data,
-                        error_message=error_message,
-                        ip_address=ip_address,
-                        user_agent=user_agent
+                api_name, resource_type = self._get_audit_info_from_route(request)
+                if api_name and resource_type:
+                    # Get user info from request state (set by auth middleware)
+                    user_id = getattr(request.state, 'user_id', None)
+                    username = getattr(request.state, 'username', None)
+                    
+                    # Extract client info
+                    ip_address, user_agent = audit_service._extract_client_info(request)
+                    
+                    # Log audit in background (don't await to avoid blocking)
+                    import asyncio
+                    asyncio.create_task(
+                        audit_service.log_audit(
+                            user_id=user_id,
+                            username=username,
+                            resource_type=resource_type,
+                            api_name=api_name,
+                            http_method=request.method,
+                            path=request.url.path,
+                            status_code=status_code,
+                            start_time=start_time_ms,
+                            end_time=end_time_ms,
+                            request_data=request_data,
+                            response_data=response_data,
+                            error_message=error_message,
+                            ip_address=ip_address,
+                            user_agent=user_agent
+                        )
                     )
-                )
             except Exception as audit_error:
-                logger.error(f"Failed to log audit: {audit_error}")
+                logger.error(f"Failed to log error audit: {audit_error}")
+            
+            # Re-raise for normal error handling
+            raise
 
         return response 

aperag/migration/versions/20250617113449-audit_log_table.py

@@ -0,0 +1,70 @@
+"""empty message
+
+Revision ID: 3369b50dc810
+Revises: 12ea6d2bf365
+Create Date: 2025-06-20 17:22:42.655570
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '3369b50dc810'
+down_revision: Union[str, None] = '12ea6d2bf365'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('audit_log',
+    sa.Column('id', sa.String(length=36), nullable=False),
+    sa.Column('user_id', sa.String(length=36), nullable=True, comment='User ID'),
+    sa.Column('username', sa.String(length=255), nullable=True, comment='Username'),
+    sa.Column('resource_type', sa.Enum('collection', 'document', 'bot', 'chat', 'message', 'api_key', 'llm_provider', 'llm_provider_model', 'model_service_provider', 'user', 'config', name='auditresource'), nullable=True, comment='Resource type'),
+    sa.Column('resource_id', sa.String(length=255), nullable=True, comment='Resource ID (extracted at query time)'),
+    sa.Column('api_name', sa.String(length=255), nullable=False, comment='API operation name'),
+    sa.Column('http_method', sa.String(length=10), nullable=False, comment='HTTP method (POST, PUT, DELETE)'),
+    sa.Column('path', sa.String(length=512), nullable=False, comment='API path'),
+    sa.Column('status_code', sa.Integer(), nullable=True, comment='HTTP status code'),
+    sa.Column('request_data', sa.Text(), nullable=True, comment='Request data (JSON)'),
+    sa.Column('response_data', sa.Text(), nullable=True, comment='Response data (JSON)'),
+    sa.Column('error_message', sa.Text(), nullable=True, comment='Error message if failed'),
+    sa.Column('ip_address', sa.String(length=45), nullable=True, comment='Client IP address'),
+    sa.Column('user_agent', sa.String(length=500), nullable=True, comment='User agent string'),
+    sa.Column('request_id', sa.String(length=255), nullable=False, comment='Request ID for tracking'),
+    sa.Column('start_time', sa.BigInteger(), nullable=False, comment='Request start time (milliseconds since epoch)'),
+    sa.Column('end_time', sa.BigInteger(), nullable=True, comment='Request end time (milliseconds since epoch)'),
+    sa.Column('gmt_created', sa.DateTime(timezone=True), nullable=False, comment='Created time'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index('idx_audit_api_name', 'audit_log', ['api_name'], unique=False)
+    op.create_index('idx_audit_gmt_created', 'audit_log', ['gmt_created'], unique=False)
+    op.create_index('idx_audit_http_method', 'audit_log', ['http_method'], unique=False)
+    op.create_index('idx_audit_request_id', 'audit_log', ['request_id'], unique=False)
+    op.create_index('idx_audit_resource_id', 'audit_log', ['resource_id'], unique=False)
+    op.create_index('idx_audit_resource_type', 'audit_log', ['resource_type'], unique=False)
+    op.create_index('idx_audit_start_time', 'audit_log', ['start_time'], unique=False)
+    op.create_index('idx_audit_status_code', 'audit_log', ['status_code'], unique=False)
+    op.create_index('idx_audit_user_id', 'audit_log', ['user_id'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index('idx_audit_user_id', table_name='audit_log')
+    op.drop_index('idx_audit_status_code', table_name='audit_log')
+    op.drop_index('idx_audit_start_time', table_name='audit_log')
+    op.drop_index('idx_audit_resource_type', table_name='audit_log')
+    op.drop_index('idx_audit_resource_id', table_name='audit_log')
+    op.drop_index('idx_audit_request_id', table_name='audit_log')
+    op.drop_index('idx_audit_http_method', table_name='audit_log')
+    op.drop_index('idx_audit_gmt_created', table_name='audit_log')
+    op.drop_index('idx_audit_api_name', table_name='audit_log')
+    op.drop_table('audit_log')
+    # ### end Alembic commands ###

aperag/migration/versions/20250620172242-3369b50dc810.py

@@ -17,6 +17,7 @@
 import re
 import time
 import uuid
+from datetime import datetime
 from typing import Any, Dict, List, Optional
 
 from sqlalchemy import and_, desc, select
@@ -40,14 +41,24 @@ def __init__(self):
 
         # Map FastAPI tags to audit resources
         self.tag_resource_map = {
+            # Support both singular and plural forms
+            "collection": AuditResource.COLLECTION,
             "collections": AuditResource.COLLECTION,
+            "document": AuditResource.DOCUMENT,
             "documents": AuditResource.DOCUMENT,
+            "bot": AuditResource.BOT,
             "bots": AuditResource.BOT,
+            "chat": AuditResource.CHAT,
             "chats": AuditResource.CHAT,
+            "message": AuditResource.MESSAGE,
             "messages": AuditResource.MESSAGE,
+            "apikey": AuditResource.API_KEY,
             "apikeys": AuditResource.API_KEY,
+            "llm_provider": AuditResource.LLM_PROVIDER,
             "llm_providers": AuditResource.LLM_PROVIDER,
+            "llm_provider_model": AuditResource.LLM_PROVIDER_MODEL,
             "llm_provider_models": AuditResource.LLM_PROVIDER_MODEL,
+            "user": AuditResource.USER,
             "users": AuditResource.USER,
             "config": AuditResource.CONFIG,
         }
@@ -206,7 +217,7 @@ async def log_audit(
             )
 
             # Save to database asynchronously
-            async with get_async_session() as session:
+            async for session in get_async_session():
                 session.add(audit_log)
                 await session.commit()
 
@@ -220,12 +231,12 @@ async def list_audit_logs(
         api_name: Optional[str] = None,
         http_method: Optional[str] = None,
         status_code: Optional[int] = None,
-        start_date: Optional[str] = None,
-        end_date: Optional[str] = None,
+        start_date: Optional[datetime] = None,
+        end_date: Optional[datetime] = None,
         limit: int = 1000
     ) -> List[AuditLog]:
         """List audit logs with filtering"""
-        async with get_async_session() as session:
+        async for session in get_async_session():
             # Build query
             stmt = select(AuditLog)
 

aperag/service/audit_service.py

@@ -22,18 +22,11 @@
 from aperag.config import get_async_session
 from aperag.schema import view_models
 from aperag.service.audit_service import audit_service
-from aperag.views.auth import get_current_active_user, get_current_admin
+from aperag.views.auth import current_user, get_current_admin
 
 router = APIRouter()
 
 
-async def verify_admin_user(current_user: User = Depends(get_current_active_user)) -> User:
-    """Verify that the current user is an admin"""
-    if not current_user.is_superuser:
-        raise HTTPException(status_code=403, detail="Admin access required")
-    return current_user
-
-
 @router.get("/audit-logs", tags=["audit"], name="ListAuditLogs", response_model=view_models.AuditLogList)
 async def list_audit_logs(
     user_id: Optional[str] = Query(None, description="Filter by user ID"),
@@ -46,7 +39,7 @@ async def list_audit_logs(
     start_date: Optional[datetime] = Query(None, description="Filter by start date"),
     end_date: Optional[datetime] = Query(None, description="Filter by end date"),
     limit: int = Query(1000, le=5000, description="Maximum number of records"),
-    current_user: User = Depends(verify_admin_user)
+    user: User = Depends(current_user)
 ):
     """List audit logs with filtering"""
 
@@ -66,8 +59,8 @@ async def list_audit_logs(
         api_name=api_name,
         http_method=http_method,
         status_code=status_code,
-        start_date=start_date.isoformat() if start_date else None,
-        end_date=end_date.isoformat() if end_date else None,
+        start_date=start_date,
+        end_date=end_date,
         limit=limit
     )
 
@@ -78,7 +71,7 @@ async def list_audit_logs(
             id=str(log.id),
             user_id=log.user_id,
             username=log.username,
-            resource_type=log.resource_type.value if log.resource_type else None,
+            resource_type=log.resource_type.value if hasattr(log.resource_type, 'value') else log.resource_type,
             resource_id=getattr(log, 'resource_id', None),  # This is set during query
             api_name=log.api_name,
             http_method=log.http_method,
@@ -102,7 +95,7 @@ async def list_audit_logs(
 @router.get("/audit-logs/{audit_id}", tags=["audit"], name="GetAuditLog", response_model=view_models.AuditLog)
 async def get_audit_log(
     audit_id: str,
-    current_user: User = Depends(verify_admin_user)
+    user: User = Depends(current_user)
 ):
     """Get a specific audit log by ID"""
 
@@ -153,7 +146,7 @@ async def list_audit_logs_view(
     limit: int = Query(20, ge=1, le=100, description="Items per page"),
     resource_type: Optional[str] = Query(None, description="Filter by resource type"),
     api_name: Optional[str] = Query(None, description="Filter by API name"),
-    user: User = Depends(get_current_admin),
+    user: User = Depends(current_user),
 ) -> view_models.AuditLogList:
     """List audit logs with filtering and pagination"""
     return await audit_service.list_audit_logs(

aperag/views/audit.py

@@ -368,7 +368,7 @@ export default {
   'settings.title': '设置',
   'settings.profile': '个人资料',
   'settings.apiKeys': 'API 密钥',
-  'settings.auditLogs': '审计日志',
+  'settings.auditLogs': '操作日志',
   'settings.models': '模型管理',
   'settings.invitations': '邀请管理',