Cookie ids

.env.example

@@ -1,6 +1,6 @@
 CLIENT_ORIGINS=https://fake-origin.example.com
 CLIENT_ORIGINS_REGEX="^http://fake-localhost:.*"
-
+ENV=development
 ##### MISTRAL AZURE #####
 AZURE_MISTRAL_SWEDEN_API_BASE=https://fake-mistral-sweden.example.com/models
 AZURE_MISTRAL_SWEDEN_API_KEY=FAKE_MISTRAL_SWEDEN_API_KEY

k8s/welearn-api/values.dev.yaml

@@ -6,6 +6,7 @@ config:
     PG_HOST: dev-lab-projects-backend.postgres.database.azure.com
     TIKA_URL_BASE: https://tika.k8s.lp-i.dev/
     DATA_COLLECTION_ORIGIN_PREFIX: welearn
+    ENV: development
 allowedHostsRegexes:
   mainUrl: |-
     https:\/\/welearn\.k8s\.lp-i\.dev

k8s/welearn-api/values.prod.yaml

@@ -6,6 +6,7 @@ config:
     PG_HOST: prod-prod-projects-backend.postgres.database.azure.com
     TIKA_URL_BASE: https://tika.k8s.lp-i.org/
     DATA_COLLECTION_ORIGIN_PREFIX: workshop
+    ENV: production
 allowedHostsRegexes:
   alphaUrls: |-
     https://[a-zA-Z0-9-]*\.alpha-welearn\.lp-i\.org

k8s/welearn-api/values.staging.yaml

@@ -8,6 +8,7 @@ config:
     PG_DATABASE: welearn_datastack_staging
     TIKA_URL_BASE: https://tika.k8s.lp-i.dev/
     DATA_COLLECTION_ORIGIN_PREFIX: welearn
+    ENV: staging
 allowedHostsRegexes:
   mainUrl: |-
     https:\/\/welearn\.k8s\.lp-i\.xyz

pytest.ini

@@ -21,6 +21,7 @@ env =
     TIKA_URL_BASE=https://tika.example.com
     USE_CACHED_SETTINGS=True
     DATA_COLLECTION_ORIGIN_PREFIX=workshop
+    ENV=test
 
 filterwarnings =
     ignore:.*U.*mode is deprecated:DeprecationWarning

src/app/api/api_v1/api.py

@@ -2,9 +2,10 @@
 
 from fastapi import APIRouter
 
-from src.app.api.api_v1.endpoints import chat, metric, micro_learning, user
+from src.app.api.api_v1.endpoints import chat, metric, micro_learning
 from src.app.search.api import router as search_router
 from src.app.tutor.api import router as tutor_router
+from src.app.user.api import router as user_router
 
 api_router = APIRouter()
 api_router.include_router(chat.router, prefix="/qna", tags=["qna"])
@@ -14,7 +15,7 @@
 api_router.include_router(
     micro_learning.router, prefix="/micro_learning", tags=["micro_learning"]
 )
-api_router.include_router(user.router, prefix="/user", tags=["user"])
+api_router.include_router(user_router.router, prefix="/user", tags=["user"])
 
 
 api_tags_metadata = [

src/app/api/api_v1/endpoints/chat.py

@@ -23,6 +23,7 @@
 )
 from src.app.shared.infra.abst_chat import get_chat_service
 from src.app.shared.utils.dependencies import get_settings
+from src.app.shared.utils.requests import extract_session_cookie
 from src.app.utils.logger import logger as utils_logger
 
 logger = utils_logger(__name__)
@@ -256,7 +257,7 @@ async def q_and_a_ans(
         str: openai chat completion content
     """
 
-    session_id = request.headers.get("X-Session-ID")
+    session_id = extract_session_cookie(request)
 
     try:
         content = await chatfactory.chat_message(
@@ -354,7 +355,7 @@ async def agent_response(
     data_collection=Depends(get_data_collection_service),
 ) -> Optional[Dict]:
     try:
-        session_id = request.headers.get("X-Session-ID")
+        session_id = extract_session_cookie(request)
         docs = []
 
         if body.query is None:

src/app/api/api_v1/endpoints/metric.py

@@ -6,6 +6,7 @@
 from src.app.services.data_collection import get_data_collection_service
 from src.app.services.sql_db.queries import get_document_qty_table_info_sync
 from src.app.shared.utils.dependencies import get_settings
+from src.app.shared.utils.requests import extract_session_cookie
 from src.app.utils.logger import logger as utils_logger
 
 logger = utils_logger(__name__)
@@ -55,6 +56,6 @@ async def update_clicked_doc_from_chat_message(
 async def register_syllabus_download(
     request: Request, data_collection=Depends(get_data_collection_service)
 ) -> str:
-    session_id = request.headers.get("X-Session-ID")
+    session_id = extract_session_cookie(request)
     await data_collection.register_syllabus_download(session_id)
     return "registered"

src/app/core/config.py

@@ -42,6 +42,7 @@ def get_api_version(self) -> dict:
     AZURE_API_VERSION: str
 
     LLM_MODEL_NAME: str
+    ENV: str
 
     # PG
     PG_USER: Optional[str] = None

src/app/middleware/monitor_requests.py

@@ -3,6 +3,7 @@
 from starlette.middleware.base import BaseHTTPMiddleware
 
 from src.app.services.sql_db.queries import register_endpoint
+from src.app.shared.utils.requests import extract_session_cookie
 from src.app.utils.logger import logger as logger_utils
 
 logger = logger_utils(__name__)
@@ -11,7 +12,7 @@
 class MonitorRequestsMiddleware(BaseHTTPMiddleware):
     async def dispatch(self, request: Request, call_next):
         if request.url.path.startswith("/api/v1/"):
-            session_id = request.headers.get("X-Session-ID")
+            session_id = extract_session_cookie(request)
             if session_id:
                 try:
                     await run_in_threadpool(
@@ -24,7 +25,7 @@ async def dispatch(self, request: Request, call_next):
                     logger.error(f"Failed to register endpoint {request.url.path}: {e}")
             else:
                 logger.warning(
-                    f"No X-Session-ID header provided for {request.url.path}"
+                    f"No X-Session-ID cookie provided for {request.url.path}"
                 )
 
         response = await call_next(request)

src/app/search/api/router.py

@@ -32,6 +32,7 @@
     ModelNotFoundError,
     bad_request,
 )
+from src.app.shared.utils.requests import extract_session_cookie
 from src.app.utils.logger import logger as logger_utils
 
 router = APIRouter()
@@ -206,7 +207,7 @@ async def search_all(
     data_collection=Depends(get_data_collection_service),
 ):
     try:
-        session_id = request.headers.get("X-Session-ID")
+        session_id = extract_session_cookie(request)
 
         res = await sp.search_handler(
             qp=qp, method=SearchMethods.BY_DOCUMENT, background_tasks=background_tasks

src/app/services/data_collection.py

@@ -65,7 +65,7 @@ def get_campaign_state(
 
     async def register_search_data(
         self,
-        session_id: str | None,
+        session_id: uuid.UUID | None,
         query: str,
         search_results: list[Document | ScoredPoint],
         sdg_filter: list[int] | None = None,
@@ -88,9 +88,7 @@ async def register_search_data(
                 },
             )
 
-        user_id = await run_in_threadpool(
-            get_user_from_session_id, uuid.UUID(session_id)
-        )
+        user_id = await run_in_threadpool(get_user_from_session_id, session_id)
 
         if not user_id:
             raise HTTPException(
@@ -241,7 +239,7 @@ async def register_syllabus_update(
 
     async def register_chat_data(
         self,
-        session_id: str | None,
+        session_id: uuid.UUID | None,
         user_query: str,
         conversation_id: uuid.UUID | None,
         answer_content: str,
@@ -264,9 +262,7 @@ async def register_chat_data(
                 },
             )
 
-        user_id = await run_in_threadpool(
-            get_user_from_session_id, uuid.UUID(session_id)
-        )
+        user_id = await run_in_threadpool(get_user_from_session_id, session_id)
 
         if not user_id:
             raise HTTPException(

src/app/services/sql_db/queries_user.py

@@ -3,6 +3,7 @@
 import uuid
 from datetime import datetime, timedelta
 
+from fastapi import HTTPException
 from sqlalchemy.sql import select
 from welearn_database.data.models import Bookmark, InferredUser, Session
 
@@ -27,6 +28,12 @@ def get_or_create_user_sync(
             ).first()
             if user:
                 return user.id
+            else:
+                logger.error(f"User with id {user_id} not found,")
+                raise HTTPException(
+                    status_code=404, detail=f"User with id {user_id} not found"
+                )
+
         user = InferredUser(origin_referrer=referer)
         s.add(user)
         s.commit()
@@ -70,11 +77,23 @@ def get_or_create_session_sync(
         return new_session.id
 
 
-def get_user_from_session_id(session_id: uuid.UUID) -> uuid.UUID | None:
+def get_user_from_session_id(session_id: uuid.UUID | None) -> uuid.UUID | None:
+    if not session_id:
+        return None
+
     with session_maker() as s:
         session = s.execute(select(Session).where(Session.id == session_id)).first()
         if session:
+            logger.info(
+                "Valid session. user_id=%s session_id=%s",
+                session[0].inferred_user_id,
+                session_id,
+            )
             return session[0].inferred_user_id
+        else:
+            HTTPException(
+                status_code=404, detail=f"Session with id {session_id} not found"
+            )
     return None
 
 

src/app/shared/domain/constants.py

@@ -25,3 +25,7 @@
 }
 
 APP_NAME = "welearn-api"
+
+
+SESSION_COOKIE_NAME = "x-session-id"
+SESSION_TTL_SECONDS = 60 * 60 * 24 * 400  # 400 days

src/app/shared/utils/requests.py

@@ -0,0 +1,25 @@
+from typing import Optional
+from uuid import UUID
+
+from fastapi import Request
+
+from src.app.shared.domain.constants import SESSION_COOKIE_NAME
+from src.app.utils.logger import logger as utils_logger
+
+logger = utils_logger(__name__)
+
+
+def extract_session_cookie(request: Request) -> Optional[UUID]:
+    cookie_value = request.cookies.get(SESSION_COOKIE_NAME)
+    if not cookie_value:
+        return None
+
+    try:
+        return UUID(cookie_value)
+    except ValueError:
+        logger.warning("Invalid session cookie format: %s", cookie_value)
+        return None
+
+
+def extract_origin_from_request(request: Request) -> str:
+    return request.headers.get("origin", "unknown")

src/app/tests/api/api_v1/test_search.py

@@ -333,7 +333,7 @@ async def test_search_all_no_collections(self, *mocks):
                 headers={
                     "X-API-Key": "test",
                     "origin": "test.com",
-                    "X-Session-ID": str(uuid.uuid4()),
+                    "Cookie": f"x-session-id={str(uuid.uuid4())}",
                 },
             )
             self.assertEqual(response.status_code, 404)
@@ -349,7 +349,7 @@ async def test_search_all_no_result(self, *mocks):
                 headers={
                     "X-API-Key": "test",
                     "origin": "test.com",
-                    "X-Session-ID": str(uuid.uuid4()),
+                    "Cookie": f"x-session-id={str(uuid.uuid4())}",
                 },  # noqa: E501
             )
 
@@ -363,7 +363,7 @@ async def test_search_all_no_query(self, *mocks):
                 headers={
                     "X-API-Key": "test",
                     "origin": "test.com",
-                    "X-Session-Id": str(uuid.uuid4()),
+                    "Cookie": f"x-session-id={str(uuid.uuid4())}",
                 },
             )
             self.assertEqual(response.status_code, 400)

src/app/tests/api/api_v1/test_user.py

@@ -1,4 +1,5 @@
 import unittest
+import uuid
 from unittest import mock
 from unittest.mock import MagicMock
 
@@ -231,30 +232,36 @@ async def test_get_user_bookmarks_success_empty(self, session_maker_mock, *mocks
         session.execute.return_value.all.return_value = []
         session_maker_mock.return_value.__enter__.return_value = session
 
-        user_id = "22222222-2222-2222-2222-222222222222"
         response = client.get(
-            f"{settings.API_V1_STR}/user/:user_id/bookmarks",
-            params={"user_id": user_id},
+            f"{settings.API_V1_STR}/user/bookmarks",
             headers={"X-API-Key": "test"},
+            cookies={"x-session-id": "bdb62bb2-1fe5-4d14-92fd-60a041355aea"},
         )
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(), {"bookmarks": []})
 
-    @mock.patch("src.app.services.sql_db.queries_user.session_maker")
-    async def test_add_user_bookmark_success(self, session_maker_mock, *mocks):
-        """Ajout d'un bookmark"""
-        session = MagicMock()
-        session.execute.return_value.first.side_effect = [MagicMock(id="user-1"), None]
-        session_maker_mock.return_value.__enter__.return_value = session
+    @mock.patch("src.app.user.api.router.run_in_threadpool")
+    @mock.patch("src.app.user.api.router.resolve_user_and_session")
+    async def test_add_user_bookmark_success(
+        self, resolve_user_and_session_mock, run_in_threadpool_mock, *mocks
+    ):
+        """Ajout d'un bookmark - mocks only what is needed"""
+        # Mock resolve_user_and_session to return user_id and session_id
+        user_id = uuid.UUID("cfc8072c-a055-442a-9878-b5a73d9141b2")
+        session_id = uuid.UUID("bdb62bb2-1fe5-4d14-92fd-60a041355aea")
+        resolve_user_and_session_mock.return_value = (user_id, session_id)
 
-        user_id = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
+        # Mock run_in_threadpool to simulate DB add_user_bookmark_sync
         document_id = "ffffffff-ffff-ffff-ffff-ffffffffffff"
+        run_in_threadpool_mock.return_value = document_id
+
         response = client.post(
-            f"{settings.API_V1_STR}/user/:user_id/bookmarks/:document_id",
-            params={"user_id": user_id, "document_id": document_id},
+            f"{settings.API_V1_STR}/user/bookmarks/:document_id",
+            params={"document_id": document_id},
             headers={"X-API-Key": "test"},
+            cookies={"x-session-id": str(session_id)},
         )
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(), {"added": document_id})
-        session.add.assert_called_once()
-        session.commit.assert_called_once()
+        resolve_user_and_session_mock.assert_called_once()
+        run_in_threadpool_mock.assert_called_once()