mirror of
https://github.com/azaion/detections.git
synced 2026-04-23 01:46:33 +00:00
Oleksandr Bezdieniezhnykh
097811a67b
- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass
Made-with: Cursor
82 lines
2.4 KiB
Python
82 lines
2.4 KiB
Python
import json
|
|
import threading
|
|
import time
|
|
import uuid
|
|
|
|
import pytest
|
|
|
|
|
|
def _ai_config_video() -> dict:
|
|
return {}
|
|
|
|
|
|
def _ai_config_image() -> dict:
|
|
return {}
|
|
|
|
|
|
def test_ft_p08_immediate_async_response(
|
|
warm_engine, http_client, jwt_token
|
|
):
|
|
media_id = f"async-{uuid.uuid4().hex}"
|
|
body = _ai_config_image()
|
|
headers = {"Authorization": f"Bearer {jwt_token}"}
|
|
t0 = time.monotonic()
|
|
r = http_client.post(f"/detect/{media_id}", json=body, headers=headers)
|
|
elapsed = time.monotonic() - t0
|
|
assert elapsed < 2.0
|
|
assert r.status_code == 200
|
|
assert r.json() == {"status": "started", "mediaId": media_id}
|
|
|
|
|
|
@pytest.mark.timeout(10)
|
|
def test_ft_p09_sse_event_delivery(
|
|
warm_engine, http_client, jwt_token, sse_client_factory
|
|
):
|
|
media_id = f"sse-{uuid.uuid4().hex}"
|
|
body = _ai_config_video()
|
|
headers = {"Authorization": f"Bearer {jwt_token}"}
|
|
collected: list[dict] = []
|
|
thread_exc: list[BaseException] = []
|
|
first_event = threading.Event()
|
|
|
|
def _listen():
|
|
try:
|
|
with sse_client_factory(media_id) as sse:
|
|
time.sleep(0.3)
|
|
for event in sse.events():
|
|
if not event.data or not str(event.data).strip():
|
|
continue
|
|
data = json.loads(event.data)
|
|
if data.get("mediaId") != media_id:
|
|
continue
|
|
collected.append(data)
|
|
first_event.set()
|
|
if len(collected) >= 5:
|
|
break
|
|
except BaseException as e:
|
|
thread_exc.append(e)
|
|
finally:
|
|
first_event.set()
|
|
|
|
th = threading.Thread(target=_listen, daemon=True)
|
|
th.start()
|
|
time.sleep(0.5)
|
|
r = http_client.post(f"/detect/{media_id}", json=body, headers=headers)
|
|
assert r.status_code == 200
|
|
first_event.wait(timeout=5)
|
|
th.join(timeout=5)
|
|
assert not thread_exc, thread_exc
|
|
assert collected, "no SSE events received"
|
|
|
|
|
|
def test_ft_n04_duplicate_media_id_409(
|
|
warm_engine, http_client, jwt_token
|
|
):
|
|
media_id = "dup-test"
|
|
body = _ai_config_image()
|
|
headers = {"Authorization": f"Bearer {jwt_token}"}
|
|
r1 = http_client.post(f"/detect/{media_id}", json=body, headers=headers)
|
|
assert r1.status_code == 200
|
|
r2 = http_client.post(f"/detect/{media_id}", json=body, headers=headers)
|
|
assert r2.status_code == 409
|