baton/backend/main.py

from __future__ import annotations

import asyncio
import hashlib
import logging
import os
import secrets
from contextlib import asynccontextmanager
from datetime import datetime, timezone
from typing import Any, Optional

import httpx
from fastapi import Depends, FastAPI, HTTPException, Request
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import JSONResponse
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

from backend import config, db, telegram
from backend.middleware import rate_limit_register, rate_limit_signal, verify_admin_token, verify_webhook_secret
from backend.models import (
    AdminBlockRequest,
    AdminCreateUserRequest,
    AdminSetPasswordRequest,
    RegisterRequest,
    RegisterResponse,
    SignalRequest,
    SignalResponse,
)

_api_key_bearer = HTTPBearer(auto_error=False)

logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)


def _hash_api_key(key: str) -> str:
    """SHA-256 хэш для API-ключа (без соли — для быстрого сравнения)."""
    return hashlib.sha256(key.encode()).hexdigest()


def _hash_password(password: str) -> str:
    """Hash a password using PBKDF2-HMAC-SHA256 (stdlib, no external deps).

    Stored format: ``<salt_hex>:<dk_hex>``
    """
    salt = os.urandom(16)
    dk = hashlib.pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 260_000)
    return f"{salt.hex()}:{dk.hex()}"

# aggregator = telegram.SignalAggregator(interval=10)  # v2.0 feature — отключено в v1 (ADR-004)

_KEEPALIVE_INTERVAL = 600  # 10 минут


async def _keep_alive_loop(app_url: str) -> None:
    """Периодически пингует /health чтобы предотвратить cold start на бесплатных хостингах."""
    health_url = f"{app_url.rstrip('/')}/health"
    async with httpx.AsyncClient(timeout=10.0) as client:
        while True:
            await asyncio.sleep(_KEEPALIVE_INTERVAL)
            try:
                resp = await client.get(health_url)
                logger.info("Keep-alive ping %s → %d", health_url, resp.status_code)
            except Exception as exc:
                logger.warning("Keep-alive ping failed: %s", exc)


@asynccontextmanager
async def lifespan(app: FastAPI):
    # Startup
    await db.init_db()
    logger.info("Database initialized")

    if not await telegram.validate_bot_token():
        logger.error(
            "CRITICAL: BOT_TOKEN is invalid — Telegram delivery is broken. Update .env and restart."
        )

    if config.WEBHOOK_ENABLED:
        await telegram.set_webhook(url=config.WEBHOOK_URL, secret=config.WEBHOOK_SECRET)
        logger.info("Webhook registered")

    # v2.0 feature — агрегатор отключён в v1 (ADR-004)
    # task = asyncio.create_task(aggregator.run())
    # logger.info("Aggregator started")

    keepalive_task: asyncio.Task | None = None
    if config.APP_URL:
        keepalive_task = asyncio.create_task(_keep_alive_loop(config.APP_URL))
        logger.info("Keep-alive task started (target: %s/health)", config.APP_URL)
    else:
        logger.info("APP_URL not set — keep-alive disabled")

    yield

    # Shutdown
    if keepalive_task is not None:
        keepalive_task.cancel()
        try:
            await keepalive_task
        except asyncio.CancelledError:
            pass
        logger.info("Keep-alive task stopped")

    # aggregator.stop()
    # await aggregator.flush()
    # task.cancel()
    # try:
    #     await task
    # except asyncio.CancelledError:
    #     pass
    # logger.info("Aggregator stopped, final flush done")


app = FastAPI(lifespan=lifespan)

app.add_middleware(
    CORSMiddleware,
    allow_origins=[config.FRONTEND_ORIGIN],
    allow_methods=["POST"],
    allow_headers=["Content-Type", "Authorization"],
)


@app.get("/health")
@app.get("/api/health")
async def health() -> dict[str, Any]:
    return {"status": "ok"}


@app.post("/api/register", response_model=RegisterResponse)
async def register(body: RegisterRequest, _: None = Depends(rate_limit_register)) -> RegisterResponse:
    api_key = secrets.token_hex(32)
    result = await db.register_user(uuid=body.uuid, name=body.name, api_key_hash=_hash_api_key(api_key))
    return RegisterResponse(user_id=result["user_id"], uuid=result["uuid"], api_key=api_key)


@app.post("/api/signal", response_model=SignalResponse)
async def signal(
    body: SignalRequest,
    credentials: Optional[HTTPAuthorizationCredentials] = Depends(_api_key_bearer),
    _: None = Depends(rate_limit_signal),
) -> SignalResponse:
    if credentials is None:
        raise HTTPException(status_code=401, detail="Unauthorized")
    key_hash = _hash_api_key(credentials.credentials)
    stored_hash = await db.get_api_key_hash_by_uuid(body.user_id)
    if stored_hash is None or not secrets.compare_digest(key_hash, stored_hash):
        raise HTTPException(status_code=401, detail="Unauthorized")

    if await db.is_user_blocked(body.user_id):
        raise HTTPException(status_code=403, detail="User is blocked")

    geo = body.geo
    lat = geo.lat if geo else None
    lon = geo.lon if geo else None
    accuracy = geo.accuracy if geo else None

    signal_id = await db.save_signal(
        user_uuid=body.user_id,
        timestamp=body.timestamp,
        lat=lat,
        lon=lon,
        accuracy=accuracy,
    )

    user_name = await db.get_user_name(body.user_id)
    ts = datetime.fromtimestamp(body.timestamp / 1000, tz=timezone.utc)
    name = user_name or body.user_id[:8]
    geo_info = (
        f"📍 {lat}, {lon} (±{accuracy}м)"
        if geo
        else "Без геолокации"
    )
    text = (
        f"🚨 Сигнал от {name}\n"
        f"⏰ {ts.strftime('%H:%M:%S')} UTC\n"
        f"{geo_info}"
    )
    asyncio.create_task(telegram.send_message(text))

    return SignalResponse(status="ok", signal_id=signal_id)


@app.get("/admin/users", dependencies=[Depends(verify_admin_token)])
async def admin_list_users() -> list[dict]:
    return await db.admin_list_users()


@app.post("/admin/users", status_code=201, dependencies=[Depends(verify_admin_token)])
async def admin_create_user(body: AdminCreateUserRequest) -> dict:
    password_hash = _hash_password(body.password) if body.password else None
    result = await db.admin_create_user(body.uuid, body.name, password_hash)
    if result is None:
        raise HTTPException(status_code=409, detail="User with this UUID already exists")
    return result


@app.put("/admin/users/{user_id}/password", dependencies=[Depends(verify_admin_token)])
async def admin_set_password(user_id: int, body: AdminSetPasswordRequest) -> dict:
    changed = await db.admin_set_password(user_id, _hash_password(body.password))
    if not changed:
        raise HTTPException(status_code=404, detail="User not found")
    return {"ok": True}


@app.put("/admin/users/{user_id}/block", dependencies=[Depends(verify_admin_token)])
async def admin_block_user(user_id: int, body: AdminBlockRequest) -> dict:
    changed = await db.admin_set_blocked(user_id, body.is_blocked)
    if not changed:
        raise HTTPException(status_code=404, detail="User not found")
    user = await db.admin_get_user_by_id(user_id)
    return user  # type: ignore[return-value]


@app.delete("/admin/users/{user_id}", status_code=204, dependencies=[Depends(verify_admin_token)])
async def admin_delete_user(user_id: int) -> None:
    deleted = await db.admin_delete_user(user_id)
    if not deleted:
        raise HTTPException(status_code=404, detail="User not found")


@app.post("/api/webhook/telegram")
async def webhook_telegram(
    request: Request,
    _: None = Depends(verify_webhook_secret),
) -> dict[str, Any]:
    update = await request.json()
    message = update.get("message", {})
    text = message.get("text", "")

    if text.startswith("/start"):
        tg_user = message.get("from", {})
        tg_user_id = str(tg_user.get("id", ""))
        first_name = tg_user.get("first_name", "")
        last_name = tg_user.get("last_name", "")
        name = (first_name + " " + last_name).strip() or tg_user_id
        if tg_user_id:
            await db.register_user(uuid=tg_user_id, name=name)
            logger.info("Telegram /start: registered user %s", tg_user_id)

    return {"ok": True}
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`from __future__ import annotations`

			`import asyncio`
kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`import hashlib`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`import logging`
kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`import os`
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`import secrets`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`from contextlib import asynccontextmanager`
kin: BATON-ARCH-002-backend_dev 2026-03-20 20:50:31 +02:00			`from datetime import datetime, timezone`
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`from typing import Any, Optional`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00			`import httpx`
kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`from fastapi import Depends, FastAPI, HTTPException, Request`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`from fastapi.middleware.cors import CORSMiddleware`
			`from fastapi.responses import JSONResponse`
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
			`from backend import config, db, telegram`
kin: BATON-SEC-002-backend_dev 2026-03-21 07:36:33 +02:00			`from backend.middleware import rate_limit_register, rate_limit_signal, verify_admin_token, verify_webhook_secret`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`from backend.models import (`
kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`AdminBlockRequest,`
			`AdminCreateUserRequest,`
			`AdminSetPasswordRequest,`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`RegisterRequest,`
			`RegisterResponse,`
			`SignalRequest,`
			`SignalResponse,`
			`)`

kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`_api_key_bearer = HTTPBearer(auto_error=False)`

kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`logging.basicConfig(level=logging.INFO)`
			`logger = logging.getLogger(__name__)`

kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`def _hash_api_key(key: str) -> str:`
			`"""SHA-256 хэш для API-ключа (без соли — для быстрого сравнения)."""`
			`return hashlib.sha256(key.encode()).hexdigest()`


kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`def _hash_password(password: str) -> str:`
			`"""Hash a password using PBKDF2-HMAC-SHA256 (stdlib, no external deps).`

			Stored format: ``<salt_hex>:<dk_hex>``
			`"""`
			`salt = os.urandom(16)`
			`dk = hashlib.pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 260_000)`
			`return f"{salt.hex()}:{dk.hex()}"`

kin: BATON-ARCH-002-backend_dev 2026-03-20 20:50:31 +02:00			`# aggregator = telegram.SignalAggregator(interval=10) # v2.0 feature — отключено в v1 (ADR-004)`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00			`_KEEPALIVE_INTERVAL = 600 # 10 минут`


			`async def _keep_alive_loop(app_url: str) -> None:`
			`"""Периодически пингует /health чтобы предотвратить cold start на бесплатных хостингах."""`
			`health_url = f"{app_url.rstrip('/')}/health"`
			`async with httpx.AsyncClient(timeout=10.0) as client:`
			`while True:`
			`await asyncio.sleep(_KEEPALIVE_INTERVAL)`
			`try:`
			`resp = await client.get(health_url)`
			`logger.info("Keep-alive ping %s → %d", health_url, resp.status_code)`
			`except Exception as exc:`
			`logger.warning("Keep-alive ping failed: %s", exc)`

kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
			`@asynccontextmanager`
			`async def lifespan(app: FastAPI):`
			`# Startup`
			`await db.init_db()`
			`logger.info("Database initialized")`

fix(BATON-007): add validate_bot_token() for startup detection and fix test mocks - Add validate_bot_token() to backend/telegram.py: calls getMe on startup, logs ERROR if token is invalid (never raises per #1215 contract) - Call validate_bot_token() in lifespan() after db.init_db() for early detection - Update conftest.py make_app_client() to mock getMe endpoint - Add 3 tests for validate_bot_token (200, 401, network error cases) Root cause: CHAT_ID=5190015988 (positive) was wrong — fixed to -5190015988 on server per decision #1212. Group "Big Red Button" confirmed via getChat. Service restarted. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-21 08:54:07 +02:00			`if not await telegram.validate_bot_token():`
			`logger.error(`
			`"CRITICAL: BOT_TOKEN is invalid — Telegram delivery is broken. Update .env and restart."`
			`)`

kin: BATON-ARCH-012-backend_dev 2026-03-20 21:01:48 +02:00			`if config.WEBHOOK_ENABLED:`
			`await telegram.set_webhook(url=config.WEBHOOK_URL, secret=config.WEBHOOK_SECRET)`
			`logger.info("Webhook registered")`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
kin: BATON-ARCH-002-backend_dev 2026-03-20 20:50:31 +02:00			`# v2.0 feature — агрегатор отключён в v1 (ADR-004)`
			`# task = asyncio.create_task(aggregator.run())`
			`# logger.info("Aggregator started")`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00			`keepalive_task: asyncio.Task \| None = None`
			`if config.APP_URL:`
			`keepalive_task = asyncio.create_task(_keep_alive_loop(config.APP_URL))`
			`logger.info("Keep-alive task started (target: %s/health)", config.APP_URL)`
			`else:`
			`logger.info("APP_URL not set — keep-alive disabled")`

kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`yield`

			`# Shutdown`
kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00			`if keepalive_task is not None:`
			`keepalive_task.cancel()`
			`try:`
			`await keepalive_task`
			`except asyncio.CancelledError:`
			`pass`
			`logger.info("Keep-alive task stopped")`

kin: BATON-ARCH-002-backend_dev 2026-03-20 20:50:31 +02:00			`# aggregator.stop()`
			`# await aggregator.flush()`
			`# task.cancel()`
			`# try:`
			`# await task`
			`# except asyncio.CancelledError:`
			`# pass`
			`# logger.info("Aggregator stopped, final flush done")`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00

			`app = FastAPI(lifespan=lifespan)`

			`app.add_middleware(`
			`CORSMiddleware,`
			`allow_origins=[config.FRONTEND_ORIGIN],`
			`allow_methods=["POST"],`
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`allow_headers=["Content-Type", "Authorization"],`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`)`


kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00			`@app.get("/health")`
fix: add /api/health alias endpoint Adds GET /api/health as alias for /health — fixes frontend 404. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-21 07:18:56 +02:00			`@app.get("/api/health")`
kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00			`async def health() -> dict[str, Any]:`
kin: BATON-SEC-007-backend_dev 2026-03-21 07:39:41 +02:00			`return {"status": "ok"}`
kin: BATON-ARCH-012 Добавить WEBHOOK_ENABLED флаг для локальной разработки 2026-03-20 21:03:45 +02:00

kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`@app.post("/api/register", response_model=RegisterResponse)`
kin: BATON-ARCH-010 Написать unit-тесты бэкенда (tester FAILED без вывода) 2026-03-20 21:10:26 +02:00			`async def register(body: RegisterRequest, _: None = Depends(rate_limit_register)) -> RegisterResponse:`
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`api_key = secrets.token_hex(32)`
			`result = await db.register_user(uuid=body.uuid, name=body.name, api_key_hash=_hash_api_key(api_key))`
			`return RegisterResponse(user_id=result["user_id"], uuid=result["uuid"], api_key=api_key)`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00

			`@app.post("/api/signal", response_model=SignalResponse)`
kin: BATON-SEC-003-backend_dev 2026-03-21 08:12:01 +02:00			`async def signal(`
			`body: SignalRequest,`
			`credentials: Optional[HTTPAuthorizationCredentials] = Depends(_api_key_bearer),`
			`_: None = Depends(rate_limit_signal),`
			`) -> SignalResponse:`
			`if credentials is None:`
			`raise HTTPException(status_code=401, detail="Unauthorized")`
			`key_hash = _hash_api_key(credentials.credentials)`
			`stored_hash = await db.get_api_key_hash_by_uuid(body.user_id)`
			`if stored_hash is None or not secrets.compare_digest(key_hash, stored_hash):`
			`raise HTTPException(status_code=401, detail="Unauthorized")`

kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`if await db.is_user_blocked(body.user_id):`
			`raise HTTPException(status_code=403, detail="User is blocked")`

kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`geo = body.geo`
			`lat = geo.lat if geo else None`
			`lon = geo.lon if geo else None`
			`accuracy = geo.accuracy if geo else None`

			`signal_id = await db.save_signal(`
			`user_uuid=body.user_id,`
			`timestamp=body.timestamp,`
			`lat=lat,`
			`lon=lon,`
			`accuracy=accuracy,`
			`)`

			`user_name = await db.get_user_name(body.user_id)`
kin: BATON-ARCH-002-backend_dev 2026-03-20 20:50:31 +02:00			`ts = datetime.fromtimestamp(body.timestamp / 1000, tz=timezone.utc)`
			`name = user_name or body.user_id[:8]`
			`geo_info = (`
			`f"📍 {lat}, {lon} (±{accuracy}м)"`
			`if geo`
			`else "Без геолокации"`
			`)`
			`text = (`
			`f"🚨 Сигнал от {name}\n"`
			`f"⏰ {ts.strftime('%H:%M:%S')} UTC\n"`
			`f"{geo_info}"`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`)`
kin: BATON-SEC-007-backend_dev 2026-03-21 07:39:41 +02:00			`asyncio.create_task(telegram.send_message(text))`
kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00
			`return SignalResponse(status="ok", signal_id=signal_id)`


kin: BATON-005-backend_dev 2026-03-20 23:39:28 +02:00			`@app.get("/admin/users", dependencies=[Depends(verify_admin_token)])`
			`async def admin_list_users() -> list[dict]:`
			`return await db.admin_list_users()`


			`@app.post("/admin/users", status_code=201, dependencies=[Depends(verify_admin_token)])`
			`async def admin_create_user(body: AdminCreateUserRequest) -> dict:`
			`password_hash = _hash_password(body.password) if body.password else None`
			`result = await db.admin_create_user(body.uuid, body.name, password_hash)`
			`if result is None:`
			`raise HTTPException(status_code=409, detail="User with this UUID already exists")`
			`return result`


			`@app.put("/admin/users/{user_id}/password", dependencies=[Depends(verify_admin_token)])`
			`async def admin_set_password(user_id: int, body: AdminSetPasswordRequest) -> dict:`
			`changed = await db.admin_set_password(user_id, _hash_password(body.password))`
			`if not changed:`
			`raise HTTPException(status_code=404, detail="User not found")`
			`return {"ok": True}`


			`@app.put("/admin/users/{user_id}/block", dependencies=[Depends(verify_admin_token)])`
			`async def admin_block_user(user_id: int, body: AdminBlockRequest) -> dict:`
			`changed = await db.admin_set_blocked(user_id, body.is_blocked)`
			`if not changed:`
			`raise HTTPException(status_code=404, detail="User not found")`
			`user = await db.admin_get_user_by_id(user_id)`
			`return user # type: ignore[return-value]`


			`@app.delete("/admin/users/{user_id}", status_code=204, dependencies=[Depends(verify_admin_token)])`
			`async def admin_delete_user(user_id: int) -> None:`
			`deleted = await db.admin_delete_user(user_id)`
			`if not deleted:`
			`raise HTTPException(status_code=404, detail="User not found")`


kin: BATON-002 [Research] UX Designer 2026-03-20 20:44:00 +02:00			`@app.post("/api/webhook/telegram")`
			`async def webhook_telegram(`
			`request: Request,`
			`_: None = Depends(verify_webhook_secret),`
			`) -> dict[str, Any]:`
			`update = await request.json()`
			`message = update.get("message", {})`
			`text = message.get("text", "")`

			`if text.startswith("/start"):`
			`tg_user = message.get("from", {})`
			`tg_user_id = str(tg_user.get("id", ""))`
			`first_name = tg_user.get("first_name", "")`
			`last_name = tg_user.get("last_name", "")`
			`name = (first_name + " " + last_name).strip() or tg_user_id`
			`if tg_user_id:`
			`await db.register_user(uuid=tg_user_id, name=name)`
			`logger.info("Telegram /start: registered user %s", tg_user_id)`

			`return {"ok": True}`