backend.im/multitenantsaasplatformwithexternalintegrations-7f7k45
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
multitenantsaasplatformwith.../app/core/deps.py
Automated Action 2adbcd0535 Complete multi-tenant SaaS platform with external integrations 
- Implemented comprehensive multi-tenant data isolation using database-level security
- Built JWT authentication system with role-based access control (Super Admin, Org Admin, User, Viewer)
- Created RESTful API endpoints for user and organization operations
- Added complete audit logging for all data modifications with IP tracking
- Implemented API rate limiting and input validation with security middleware
- Built webhook processing engine with async event handling and retry logic
- Created external API call handlers with circuit breaker pattern and error handling
- Implemented data synchronization between external services and internal data
- Added integration health monitoring and status tracking
- Created three mock external services (User Management, Payment, Communication)
- Implemented idempotency for webhook processing to handle duplicates gracefully
- Added comprehensive security headers and XSS/CSRF protection
- Set up Alembic database migrations with proper SQLite configuration
- Included extensive documentation and API examples

Architecture features:
- Multi-tenant isolation at database level
- Circuit breaker pattern for external API resilience
- Async background task processing
- Complete audit trail with user context
- Role-based permission system
- Webhook signature verification
- Request validation and sanitization
- Health monitoring endpoints

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-27 21:14:30 +00:00

105 lines
3.1 KiB
Python
Raw Permalink Blame History

from typing import Generator
from fastapi import Depends, HTTPException, status, Request
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from sqlalchemy.orm import Session
from app.db.session import SessionLocal
from app.core.security import verify_token
from app.models.user import User, UserRole
from app.models.tenant import Organization
from app.services.audit import AuditService
security = HTTPBearer()
def get_db() -> Generator:
try:
db = SessionLocal()
yield db
finally:
db.close()
async def get_current_user(
request: Request,
credentials: HTTPAuthorizationCredentials = Depends(security),
db: Session = Depends(get_db)
) -> User:
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
payload = verify_token(credentials.credentials)
if payload is None:
raise credentials_exception
user_id: int = payload.get("sub")
if user_id is None:
raise credentials_exception
user = db.query(User).filter(User.id == user_id).first()
if user is None:
raise credentials_exception
if not user.is_active:
raise HTTPException(status_code=400, detail="Inactive user")
# Log user activity
audit_service = AuditService(db)
audit_service.log_user_activity(
user=user,
action="view",
resource_type="authentication",
ip_address=request.client.host,
user_agent=request.headers.get("user-agent")
)
return user
async def get_current_active_user(current_user: User = Depends(get_current_user)) -> User:
if not current_user.is_active:
raise HTTPException(status_code=400, detail="Inactive user")
return current_user
def require_roles(allowed_roles: list[UserRole]):
def role_checker(current_user: User = Depends(get_current_active_user)) -> User:
if current_user.role not in allowed_roles:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not enough permissions"
)
return current_user
return role_checker
async def get_current_organization(
current_user: User = Depends(get_current_active_user),
db: Session = Depends(get_db)
) -> Organization:
organization = db.query(Organization).filter(
Organization.id == current_user.organization_id
).first()
if not organization:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Organization not found"
)
if not organization.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Organization is not active"
)
return organization
def get_tenant_db(organization: Organization = Depends(get_current_organization)):
"""Tenant isolation decorator - ensures queries are scoped to the current organization"""
def tenant_filter(db: Session = Depends(get_db)):
return db, organization.id
return tenant_filter
Reference in New Issue View Git Blame Copy Permalink