Upload 7 files

utils/encrypt_string.py

@@ -0,0 +1,28 @@
+import argparse, os, sys
+from cryptography.fernet import Fernet, InvalidToken
+
+ENV = "FLARE_TOKEN_KEY"
+
+def get_fernet(key_arg: str | None) -> Fernet:
+    key = key_arg or os.getenv(ENV)
+    if not key:
+        print(f"[HATA] Anahtar yok. --key parametresi verin veya {ENV} ortam değişkenini ayarlayın.", file=sys.stderr)
+        sys.exit(1)
+    try:
+        return Fernet(key.encode())
+    except Exception as e:
+        print(f"[HATA] Anahtar geçersiz: {e}", file=sys.stderr)
+        sys.exit(1)
+
+def main():
+    parser = argparse.ArgumentParser(description="String şifreleyici")
+    parser.add_argument("plain", help="Şifrelenecek string")
+    parser.add_argument("--key", help="Fernet anahtarı (opsiyonel, yoksa env kullanılacak)")
+    args = parser.parse_args()
+
+    f = get_fernet(args.key)
+    enc = f.encrypt(args.plain.encode()).decode()
+    print(f"enc:{enc}")
+
+if __name__ == "__main__":
+    main()

utils/encrypt_token.py

@@ -0,0 +1,14 @@
+"""
+CLI: python encrypt_token.py <PLAIN_TOKEN>
+Çıktıyı service_config.jsonc içindeki cloud_token alanına yapıştır.
+"""
+
+import sys, os
+from encryption_utils import encrypt
+
+if len(sys.argv) < 2:
+    print("Usage: python encrypt_token.py <plain_token>")
+    sys.exit(1)
+
+plain = sys.argv[1]
+print(encrypt(plain))

utils/encryption_utils.py

@@ -0,0 +1,88 @@
+"""
+Flare – Fernet şifreleme yardımcıları
+- encrypt():  düz string → "enc:<blob>"
+- decrypt():  enc:<blob>  → düz string      (veya enc: yoksa aynen döner)
+Anahtar: FLARE_TOKEN_KEY   (32-bayt, base64, URL-safe)
+"""
+
+import os
+from typing import Optional
+from cryptography.fernet import Fernet, InvalidToken
+from logger import log_error, log_warning
+
+_ENV_KEY = "FLARE_TOKEN_KEY"
+
+def _get_key() -> Fernet:
+    """Get encryption key with better error messages"""
+    # Direkt environment variable kullan
+    key = os.getenv(_ENV_KEY)
+    
+    # .env dosyasından yüklemeyi dene
+    if not key:
+        try:
+            from dotenv import load_dotenv
+            load_dotenv()
+            key = os.getenv(_ENV_KEY)
+        except ImportError:
+            pass
+    
+    if not key:
+        error_msg = (
+            f"{_ENV_KEY} ortam değişkeni tanımlanmadı. "
+            f"Lütfen 32-byte base64 key oluşturun: python generate_key.py"
+        )
+        log_error(error_msg)
+        raise RuntimeError(error_msg)
+    
+    # Key formatını kontrol et
+    try:
+        return Fernet(key.encode())
+    except Exception as e:
+        error_msg = (
+            f"{_ENV_KEY} geçersiz format. "
+            f"32-byte base64 URL-safe key olmalı. "
+            f"Yeni key için: python generate_key.py"
+        )
+        log_error(error_msg, error=str(e))
+        raise RuntimeError(error_msg)
+
+def encrypt(plain: str) -> str:
+    """düz string → enc:..."""
+    if not plain:
+        log_warning("Empty string passed to encrypt")
+        return ""
+    
+    try:
+        f = _get_key()
+        encrypted = f.encrypt(plain.encode()).decode()
+        return "enc:" + encrypted
+    except Exception as e:
+        log_error("Encryption failed", error=str(e))
+        raise
+
+def decrypt(value: Optional[str]) -> Optional[str]:
+    """enc:... ise çözer, değilse aynen döndürür"""
+    if value is None or not isinstance(value, str):
+        return value
+    
+    if not value.startswith("enc:"):
+        return value
+    
+    token = value.split("enc:", 1)[1]
+    
+    try:
+        f = _get_key()
+        decrypted = f.decrypt(token.encode()).decode()
+        return decrypted
+    except InvalidToken:
+        error_msg = (
+            "Şifre çözme başarısız. Muhtemel sebepler:\n"
+            "1. FLARE_TOKEN_KEY değişti\n"
+            "2. Şifreli veri bozuldu\n"
+            "3. Farklı bir key ile şifrelendi"
+        )
+        log_error(error_msg)
+        raise RuntimeError(error_msg)
+    except Exception as e:
+        log_error("Decryption error", error=str(e))
+        raise

utils/exceptions.py

@@ -0,0 +1,193 @@
+"""
+Custom Exception Classes for Flare Platform
+"""
+from typing import Optional, Dict, Any
+from datetime import datetime
+
+class FlareException(Exception):
+    """Base exception for Flare"""
+    def __init__(self, message: str, details: Optional[Dict[str, Any]] = None):
+        self.message = message
+        self.details = details or {}
+        self.timestamp = datetime.utcnow()
+        super().__init__(self.message)
+    
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert exception to dictionary"""
+        return {
+            "error": self.__class__.__name__,
+            "message": self.message,
+            "details": self.details,
+            "timestamp": self.timestamp.isoformat()
+        }
+    
+    def to_http_detail(self) -> Dict[str, Any]:
+        """Convert to HTTP response detail"""
+        return {
+            "detail": self.message,
+            "error_type": self.__class__.__name__.lower().replace('error', ''),
+            **self.details
+        }
+
+class RaceConditionError(FlareException):
+    """Raised when a race condition is detected during concurrent updates"""
+    def __init__(
+        self, 
+        message: str, 
+        current_user: Optional[str] = None,
+        last_update_user: Optional[str] = None,
+        last_update_date: Optional[str] = None,
+        entity_type: Optional[str] = None,
+        entity_id: Optional[Any] = None
+    ):
+        details = {
+            "current_user": current_user,
+            "last_update_user": last_update_user,
+            "last_update_date": last_update_date,
+            "entity_type": entity_type,
+            "entity_id": entity_id,
+            "action": "Please reload the data and try again"
+        }
+        super().__init__(message, details)
+        self.current_user = current_user
+        self.last_update_user = last_update_user
+        self.last_update_date = last_update_date
+    
+    def to_http_detail(self) -> Dict[str, Any]:
+        """Convert to HTTPException detail format with proper serialization"""
+        return {
+            "message": self.message,
+            "last_update_user": self.last_update_user,
+            "last_update_date": self.last_update_date.isoformat() if isinstance(self.last_update_date, datetime) else self.last_update_date,
+            "type": "race_condition"
+        }
+
+class ConfigurationError(FlareException):
+    """Raised when there's a configuration issue"""
+    def __init__(self, message: str, config_key: Optional[str] = None):
+        details = {"config_key": config_key} if config_key else {}
+        super().__init__(message, details)
+
+class ValidationError(FlareException):
+    """Raised when validation fails"""
+    def __init__(self, message: str, field: Optional[str] = None, value: Any = None):
+        details = {}
+        if field:
+            details["field"] = field
+        if value is not None:
+            details["value"] = str(value)
+        super().__init__(message, details)
+
+class AuthenticationError(FlareException):
+    """Raised when authentication fails"""
+    def __init__(self, message: str = "Authentication failed"):
+        super().__init__(message)
+
+class AuthorizationError(FlareException):
+    """Raised when authorization fails"""
+    def __init__(self, message: str = "Insufficient permissions", required_permission: Optional[str] = None):
+        details = {"required_permission": required_permission} if required_permission else {}
+        super().__init__(message, details)
+
+class SessionError(FlareException):
+    """Raised when there's a session-related error"""
+    def __init__(self, message: str, session_id: Optional[str] = None):
+        details = {"session_id": session_id} if session_id else {}
+        super().__init__(message, details)
+
+class ProviderError(FlareException):
+    """Raised when a provider (LLM, TTS, STT) fails"""
+    def __init__(self, message: str, provider_type: str, provider_name: str, original_error: Optional[str] = None):
+        details = {
+            "provider_type": provider_type,
+            "provider_name": provider_name,
+            "original_error": original_error
+        }
+        super().__init__(message, details)
+
+class APICallError(FlareException):
+    """Raised when an external API call fails"""
+    def __init__(
+        self, 
+        message: str, 
+        api_name: str, 
+        status_code: Optional[int] = None,
+        response_body: Optional[str] = None
+    ):
+        details = {
+            "api_name": api_name,
+            "status_code": status_code,
+            "response_body": response_body
+        }
+        super().__init__(message, details)
+
+class WebSocketError(FlareException):
+    """Raised when WebSocket operations fail"""
+    def __init__(self, message: str, session_id: Optional[str] = None, state: Optional[str] = None):
+        details = {
+            "session_id": session_id,
+            "state": state
+        }
+        super().__init__(message, details)
+
+class ResourceNotFoundError(FlareException):
+    """Raised when a requested resource is not found"""
+    def __init__(self, resource_type: str, resource_id: Any):
+        message = f"{resource_type} not found: {resource_id}"
+        details = {
+            "resource_type": resource_type,
+            "resource_id": str(resource_id)
+        }
+        super().__init__(message, details)
+
+class DuplicateResourceError(FlareException):
+    """Raised when attempting to create a duplicate resource"""
+    def __init__(self, resource_type: str, identifier: str):
+        message = f"{resource_type} already exists: {identifier}"
+        details = {
+            "resource_type": resource_type,
+            "identifier": identifier
+        }
+        super().__init__(message, details)
+
+# Error response formatters
+def format_error_response(error: Exception, request_id: Optional[str] = None) -> Dict[str, Any]:
+    """Format any exception into a standardized error response"""
+    if isinstance(error, FlareException):
+        response = error.to_dict()
+    else:
+        # Generic error
+        response = {
+            "error": error.__class__.__name__,
+            "message": str(error),
+            "details": {},
+            "timestamp": datetime.utcnow().isoformat()
+        }
+    
+    if request_id:
+        response["request_id"] = request_id
+    
+    return response
+
+def get_http_status_code(error: Exception) -> int:
+    """Get appropriate HTTP status code for an exception"""
+    status_map = {
+        ValidationError: 422,
+        AuthenticationError: 401,
+        AuthorizationError: 403,
+        ResourceNotFoundError: 404,
+        DuplicateResourceError: 409,
+        RaceConditionError: 409,
+        ConfigurationError: 500,
+        ProviderError: 503,
+        APICallError: 502,
+        WebSocketError: 500,
+        SessionError: 400
+    }
+    
+    for error_class, status_code in status_map.items():
+        if isinstance(error, error_class):
+            return status_code
+    
+    # Default to 500 for unknown errors
+    return 500

utils/generate_key.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+"""
+generate_key.py
+----------------------------------
+Çalıştır:   python generate_key.py
+Çıktı:      8rSihw0d3Sh_ceyDYobMHNPrgSg0riwGSK4Vco3O5qA=
+Bu çıktıyı ortam değişkeni (veya HF Spaces `Secrets`) olarak kullan.
+
+Not: cryptography==42.x yüklü olmalı (requirements.txt’de varsa yeterli).
+"""
+from cryptography.fernet import Fernet
+
+def main():
+    key = Fernet.generate_key().decode()
+    print(key)
+
+if __name__ == "__main__":
+    main()

utils/logger.py

@@ -0,0 +1,223 @@
+"""
+Centralized Logging System for Flare Platform
+"""
+import sys
+import logging
+import json
+import os
+import threading
+import traceback
+from datetime import datetime
+from enum import Enum
+from typing import Optional, Dict, Any, Union
+from pathlib import Path
+
+class LogLevel(Enum):
+    DEBUG = "DEBUG"
+    INFO = "INFO"
+    WARNING = "WARNING"
+    ERROR = "ERROR"
+    CRITICAL = "CRITICAL"
+
+class FlareLogger:
+    _instance = None
+    _lock = threading.Lock()
+    
+    def __new__(cls):
+        if cls._instance is None:
+            with cls._lock:
+                if cls._instance is None:
+                    cls._instance = super().__new__(cls)
+                    cls._instance._initialized = False
+        return cls._instance
+    
+    def __init__(self):
+        if self._initialized:
+            return
+            
+        self._initialized = True
+        
+        # Log level from environment
+        self.log_level = LogLevel[os.getenv('LOG_LEVEL', 'INFO')]
+        
+        # Configure Python logging
+        self.logger = logging.getLogger('flare')
+        self.logger.setLevel(self.log_level.value)
+        
+        # Remove default handlers
+        self.logger.handlers = []
+        
+        # Console handler with custom format
+        console_handler = logging.StreamHandler(sys.stdout)
+        console_handler.setFormatter(self._get_formatter())
+        self.logger.addHandler(console_handler)
+        
+        # File handler for production
+        if os.getenv('LOG_TO_FILE', 'false').lower() == 'true':
+            log_dir = Path('logs')
+            log_dir.mkdir(exist_ok=True)
+            file_handler = logging.FileHandler(
+                log_dir / f"flare_{datetime.now().strftime('%Y%m%d')}.log"
+            )
+            file_handler.setFormatter(self._get_formatter())
+            self.logger.addHandler(file_handler)
+        
+        # Future: Add ElasticSearch handler here
+        # if os.getenv('ELASTICSEARCH_URL'):
+        #     from elasticsearch_handler import ElasticsearchHandler
+        #     es_handler = ElasticsearchHandler(
+        #         hosts=[os.getenv('ELASTICSEARCH_URL')],
+        #         index='flare-logs'
+        #     )
+        #     self.logger.addHandler(es_handler)
+    
+    def _get_formatter(self):
+        return logging.Formatter(
+            '[%(asctime)s.%(msecs)03d] [%(levelname)s] [%(name)s] %(message)s',
+            datefmt='%H:%M:%S'
+        )
+    
+    def log(self, level: LogLevel, message: str, **kwargs):
+        """Central logging method with structured data"""
+        # Add context data
+        extra_data = {
+            'timestamp': datetime.utcnow().isoformat(),
+            'service': 'flare',
+            'thread_id': threading.get_ident(),
+            **kwargs
+        }
+        
+        # Log with structured data
+        log_message = message
+        if kwargs:
+            # Format kwargs for readability
+            kwargs_str = json.dumps(kwargs, ensure_ascii=False, default=str)
+            log_message = f"{message} | {kwargs_str}"
+        
+        getattr(self.logger, level.value.lower())(log_message, extra={'data': extra_data})
+        
+        # Always flush for real-time debugging
+        sys.stdout.flush()
+    
+    def debug(self, message: str, **kwargs):
+        """Log debug message"""
+        self.log(LogLevel.DEBUG, message, **kwargs)
+    
+    def info(self, message: str, **kwargs):
+        """Log info message"""
+        self.log(LogLevel.INFO, message, **kwargs)
+    
+    def warning(self, message: str, **kwargs):
+        """Log warning message"""
+        self.log(LogLevel.WARNING, message, **kwargs)
+    
+    def error(self, message: str, **kwargs):
+        """Log error message"""
+        self.log(LogLevel.ERROR, message, **kwargs)
+    
+    def critical(self, message: str, **kwargs):
+        """Log critical message"""
+        self.log(LogLevel.CRITICAL, message, **kwargs)
+    
+    def set_level(self, level: str):
+        """Dynamically change log level"""
+        try:
+            self.log_level = LogLevel[level.upper()]
+            self.logger.setLevel(self.log_level.value)
+            self.info(f"Log level changed to {level}")
+        except KeyError:
+            self.warning(f"Invalid log level: {level}")
+
+# Global logger instance
+logger = FlareLogger()
+
+# Convenience functions
+def log_debug(message: str, **kwargs):
+    """Log debug message"""
+    logger.debug(message, **kwargs)
+
+def log_info(message: str, **kwargs):
+    """Log info message"""
+    logger.info(message, **kwargs)
+
+def log_warning(message: str, **kwargs):
+    """Log warning message"""
+    logger.warning(message, **kwargs)
+
+def log_error(message: str, exception: Optional[Exception] = None, **kwargs):
+    """
+    Log error message with optional exception
+    
+    Usage:
+        log_error("Error occurred")
+        log_error("Error occurred", e)  # Otomatik olarak str(e) ve traceback ekler
+        log_error("Error occurred", error="custom error")
+        log_error("Error occurred", e, extra_field="value")
+    """
+    import traceback
+    
+    # Eğer exception parametresi verilmişse, otomatik olarak error ve traceback ekle
+    if exception is not None:
+        # Eğer kwargs'da error yoksa, exception'dan al
+        if 'error' not in kwargs:
+            kwargs['error'] = str(exception)
+        
+        # Exception tipini ekle
+        if 'error_type' not in kwargs:
+            kwargs['error_type'] = type(exception).__name__
+        
+        # Eğer kwargs'da traceback yoksa ve bu bir Exception ise, traceback ekle
+        if 'traceback' not in kwargs and isinstance(exception, Exception):
+            kwargs['traceback'] = traceback.format_exc()
+        
+        # Özel exception tipleri için ekstra bilgi
+        if hasattr(exception, '__dict__'):
+            # Custom exception'ların attribute'larını ekle
+            for attr, value in exception.__dict__.items():
+                if not attr.startswith('_') and attr not in kwargs:
+                    kwargs[f'exc_{attr}'] = value
+        
+        # HTTP status code varsa ekle
+        if hasattr(exception, 'status_code') and 'status_code' not in kwargs:
+            kwargs['status_code'] = exception.status_code
+    
+    # Orijinal logger'a gönder
+    logger.error(message, **kwargs)
+
+def log_critical(message: str, **kwargs):
+    """Log critical message"""
+    logger.critical(message, **kwargs)
+
+# Backward compatibility
+def log(message: str, level: str = "INFO", **kwargs):
+    """Legacy log function for compatibility"""
+    getattr(logger, level.lower())(message, **kwargs)
+
+# Performance logging helpers
+class LogTimer:
+    """Context manager for timing operations"""
+    def __init__(self, operation_name: str, **extra_kwargs):
+        self.operation_name = operation_name
+        self.extra_kwargs = extra_kwargs
+        self.start_time = None
+    
+    def __enter__(self):
+        self.start_time = datetime.now()
+        log_debug(f"Starting {self.operation_name}", **self.extra_kwargs)
+        return self
+    
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        duration_ms = (datetime.now() - self.start_time).total_seconds() * 1000
+        if exc_type:
+            log_error(
+                f"{self.operation_name} failed after {duration_ms:.2f}ms",
+                error=str(exc_val),
+                duration_ms=duration_ms,
+                **self.extra_kwargs
+            )
+        else:
+            log_info(
+                f"{self.operation_name} completed in {duration_ms:.2f}ms",
+                duration_ms=duration_ms,
+                **self.extra_kwargs
+            )

utils/utils.py

@@ -0,0 +1,162 @@
+
+import os
+from typing import Optional
+from fastapi import HTTPException, Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from datetime import datetime, timedelta, timezone
+import jwt
+from logger import log_info, log_warning
+
+security = HTTPBearer()
+
+# ===================== Rate Limiting =====================
+class RateLimiter:
+    """Simple in-memory rate limiter"""
+    def __init__(self):
+        self.requests = {}  # {key: [(timestamp, count)]}
+        self.lock = threading.Lock()
+    
+    def is_allowed(self, key: str, max_requests: int, window_seconds: int) -> bool:
+        """Check if request is allowed"""
+        with self.lock:
+            now = datetime.now(timezone.utc)
+            
+            if key not in self.requests:
+                self.requests[key] = []
+            
+            # Remove old entries
+            cutoff = now.timestamp() - window_seconds
+            self.requests[key] = [
+                (ts, count) for ts, count in self.requests[key]
+                if ts > cutoff
+            ]
+            
+            # Count requests in window
+            total = sum(count for _, count in self.requests[key])
+            
+            if total >= max_requests:
+                return False
+            
+            # Add this request
+            self.requests[key].append((now.timestamp(), 1))
+            return True
+    
+    def reset(self, key: str):
+        """Reset rate limit for key"""
+        with self.lock:
+            if key in self.requests:
+                del self.requests[key]
+
+# Create global rate limiter instance
+import threading
+rate_limiter = RateLimiter()
+
+# ===================== JWT Config =====================
+def get_jwt_config():
+    """Get JWT configuration based on environment"""
+    # Check if we're in HuggingFace Space
+    if os.getenv("SPACE_ID"):
+        # Cloud mode - use secrets from environment
+        jwt_secret = os.getenv("JWT_SECRET")
+        if not jwt_secret:
+            log_warning("⚠️  WARNING: JWT_SECRET not found in environment, using fallback")
+            jwt_secret = "flare-admin-secret-key-change-in-production"  # Fallback
+    else:
+        # On-premise mode - use .env file
+        from dotenv import load_dotenv
+        load_dotenv()
+        jwt_secret = os.getenv("JWT_SECRET", "flare-admin-secret-key-change-in-production")
+    
+    return {
+        "secret": jwt_secret,
+        "algorithm": os.getenv("JWT_ALGORITHM", "HS256"),
+        "expiration_hours": int(os.getenv("JWT_EXPIRATION_HOURS", "24"))
+    }
+    
+# ===================== Auth Helpers =====================
+def create_token(username: str) -> str:
+    """Create JWT token for user"""
+    config = get_jwt_config()
+    expiry = datetime.now(timezone.utc) + timedelta(hours=config["expiration_hours"])
+    
+    payload = {
+        "sub": username,
+        "exp": expiry,
+        "iat": datetime.now(timezone.utc)
+    }
+    
+    return jwt.encode(payload, config["secret"], algorithm=config["algorithm"])
+
+def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> str:
+    """Verify JWT token and return username"""
+    token = credentials.credentials
+    config = get_jwt_config()
+    
+    try:
+        payload = jwt.decode(token, config["secret"], algorithms=[config["algorithm"]])
+        return payload["sub"]
+    except jwt.ExpiredSignatureError:
+        raise HTTPException(status_code=401, detail="Token expired")
+    except jwt.InvalidTokenError:
+        raise HTTPException(status_code=401, detail="Invalid token")
+
+# ===================== Utility Functions =====================
+
+def truncate_string(text: str, max_length: int = 100, suffix: str = "...") -> str:
+    """Truncate string to max length"""
+    if len(text) <= max_length:
+        return text
+    return text[:max_length - len(suffix)] + suffix
+
+def format_file_size(size_bytes: int) -> str:
+    """Format file size in human readable format"""
+    for unit in ['B', 'KB', 'MB', 'GB', 'TB']:
+        if size_bytes < 1024.0:
+            return f"{size_bytes:.2f} {unit}"
+        size_bytes /= 1024.0
+    return f"{size_bytes:.2f} PB"
+
+def is_safe_path(path: str, base_path: str) -> bool:
+    """Check if path is safe (no directory traversal)"""
+    import os
+    # Resolve to absolute paths
+    base = os.path.abspath(base_path)
+    target = os.path.abspath(os.path.join(base, path))
+    
+    # Check if target is under base
+    return target.startswith(base)
+
+def get_current_timestamp() -> str:
+    """
+    Get current UTC timestamp in ISO format with Z suffix
+    Returns: "2025-01-10T12:00:00.123Z"
+    """
+    return datetime.now(timezone.utc).isoformat().replace('+00:00', 'Z')
+
+def normalize_timestamp(timestamp: Optional[str]) -> str:
+    """
+    Normalize timestamp string for consistent comparison
+    Handles various formats:
+    - "2025-01-10T12:00:00Z"
+    - "2025-01-10T12:00:00.000Z"  
+    - "2025-01-10T12:00:00+00:00"
+    - "2025-01-10 12:00:00+00:00"
+    """
+    if not timestamp:
+        return ""
+    
+    # Normalize various formats
+    normalized = timestamp.replace(' ', 'T')  # Space to T
+    normalized = normalized.replace('+00:00', 'Z')  # UTC timezone
+    
+    # Remove milliseconds if present for comparison
+    if '.' in normalized and normalized.endswith('Z'):
+        normalized = normalized.split('.')[0] + 'Z'
+    
+    return normalized
+
+def timestamps_equal(ts1: Optional[str], ts2: Optional[str]) -> bool:
+    """
+    Compare two timestamps regardless of format differences
+    """
+    return normalize_timestamp(ts1) == normalize_timestamp(ts2)