siftlode/backend/app/state.py

110 lines
3.4 KiB
Python
Raw Normal View History

"""Global admin-controlled app state (e.g. pausing background sync, first-run setup)."""
import logging
import secrets
from sqlalchemy.orm import Session
from app.config import settings
from app.models import AppState
from app.security import hash_token
log = logging.getLogger("siftlode.state")
# Bounds for the admin-set maintenance re-validation batch (videos re-checked per run).
MAINTENANCE_BATCH_MIN = 100
MAINTENANCE_BATCH_MAX = 100_000
# Once configuration completes in this process it never reverts, so cache it to skip the per-request
# DB hit in the setup-mode gate (see main.setup_gate). Starts False; refreshed from the DB.
_configured_cache = False
def _row(db: Session) -> AppState:
row = db.get(AppState, 1)
if row is None:
row = AppState(id=1, sync_paused=False)
db.add(row)
db.commit()
return row
def is_sync_paused(db: Session) -> bool:
return _row(db).sync_paused
def set_sync_paused(db: Session, paused: bool) -> None:
row = _row(db)
row.sync_paused = paused
db.add(row)
db.commit()
log.info("Background sync %s", "paused" if paused else "resumed")
# --- First-run install wizard ------------------------------------------------------------
def is_configured(db: Session) -> bool:
return _row(db).configured
def setup_complete() -> bool:
"""Fast, DB-free check for the request gate: True once configuration finished this process."""
return _configured_cache
def is_configured_cached(db: Session) -> bool:
"""Configured check that promotes the module cache once true (configuration is one-way)."""
global _configured_cache
if _configured_cache:
return True
if is_configured(db):
_configured_cache = True
return _configured_cache
def mark_configured(db: Session) -> None:
"""Finish setup: flip the instance to configured and invalidate the setup token."""
global _configured_cache
row = _row(db)
row.configured = True
row.setup_token_hash = None
db.add(row)
db.commit()
_configured_cache = True
log.info("Instance marked configured; setup wizard disabled.")
def rotate_setup_token(db: Session) -> str:
"""Generate a fresh one-time setup token, persist only its hash, and return the raw token
(logged at startup so the admin can open the wizard)."""
raw = secrets.token_urlsafe(24)
row = _row(db)
row.setup_token_hash = hash_token(raw)
db.add(row)
db.commit()
return raw
def check_setup_token(db: Session, raw: str | None) -> bool:
"""Whether `raw` matches the stored setup-token hash (constant-time)."""
if not raw:
return False
stored = _row(db).setup_token_hash
return stored is not None and secrets.compare_digest(stored, hash_token(raw))
def get_maintenance_batch(db: Session) -> int:
"""Effective maintenance re-validation batch: the admin override if set, else the
env/config default."""
return _row(db).maintenance_revalidate_batch or settings.maintenance_revalidate_batch
def set_maintenance_batch(db: Session, value: int) -> int:
"""Clamp and persist the maintenance batch override. Returns the applied value."""
value = max(MAINTENANCE_BATCH_MIN, min(MAINTENANCE_BATCH_MAX, int(value)))
row = _row(db)
row.maintenance_revalidate_batch = value
db.add(row)
db.commit()
log.info("Maintenance re-validation batch set to %s", value)
return value