mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-05-16 05:33:46 +00:00
4b139fb689
Add request-scoped contextvar-based owner filtering to threads_meta,
runs, run_events, and feedback repositories. Router code is unchanged
— isolation is enforced at the storage layer so that any caller that
forgets to pass owner_id still gets filtered results, and new routes
cannot accidentally leak data.
Core infrastructure
-------------------
- deerflow/runtime/user_context.py (new):
- ContextVar[CurrentUser | None] with default None
- runtime_checkable CurrentUser Protocol (structural subtype with .id)
- set/reset/get/require helpers
- AUTO sentinel + resolve_owner_id(value, method_name) for sentinel
three-state resolution: AUTO reads contextvar, explicit str
overrides, explicit None bypasses the filter (for migration/CLI)
Repository changes
------------------
- ThreadMetaRepository: create/get/search/update_*/delete gain
owner_id=AUTO kwarg; read paths filter by owner, writes stamp it,
mutations check ownership before applying
- RunRepository: put/get/list_by_thread/delete gain owner_id=AUTO kwarg
- FeedbackRepository: create/get/list_by_run/list_by_thread/delete
gain owner_id=AUTO kwarg
- DbRunEventStore: list_messages/list_events/list_messages_by_run/
count_messages/delete_by_thread/delete_by_run gain owner_id=AUTO
kwarg. Write paths (put/put_batch) read contextvar softly: when a
request-scoped user is available, owner_id is stamped; background
worker writes without a user context pass None which is valid
(orphan row to be bound by migration)
Schema
------
- persistence/models/run_event.py: RunEventRow.owner_id = Mapped[
str | None] = mapped_column(String(64), nullable=True, index=True)
- No alembic migration needed: 2.0 ships fresh, Base.metadata.create_all
picks up the new column automatically
Middleware
----------
- auth_middleware.py: after cookie check, call get_optional_user_from_
request to load the real User, stamp it into request.state.user AND
the contextvar via set_current_user, reset in a try/finally. Public
paths and unauthenticated requests continue without contextvar, and
@require_auth handles the strict 401 path
Test infrastructure
-------------------
- tests/conftest.py: @pytest.fixture(autouse=True) _auto_user_context
sets a default SimpleNamespace(id="test-user-autouse") on every test
unless marked @pytest.mark.no_auto_user. Keeps existing 20+
persistence tests passing without modification
- pyproject.toml [tool.pytest.ini_options]: register no_auto_user
marker so pytest does not emit warnings for opt-out tests
- tests/test_user_context.py: 6 tests covering three-state semantics,
Protocol duck typing, and require/optional APIs
- tests/test_thread_meta_repo.py: one test updated to pass owner_id=
None explicitly where it was previously relying on the old default
Test results
------------
- test_user_context.py: 6 passed
- test_auth*.py + test_langgraph_auth.py + test_ensure_admin.py: 127
- test_run_event_store / test_run_repository / test_thread_meta_repo
/ test_feedback: 92 passed
- Full backend suite: 1905 passed, 2 failed (both @requires_llm flaky
integration tests unrelated to auth), 1 skipped
160 lines
5.7 KiB
Python
160 lines
5.7 KiB
Python
"""Tests for ThreadMetaRepository (SQLAlchemy-backed)."""
|
|
|
|
import pytest
|
|
|
|
from deerflow.persistence.thread_meta import ThreadMetaRepository
|
|
|
|
|
|
async def _make_repo(tmp_path):
|
|
from deerflow.persistence.engine import get_session_factory, init_engine
|
|
|
|
url = f"sqlite+aiosqlite:///{tmp_path / 'test.db'}"
|
|
await init_engine("sqlite", url=url, sqlite_dir=str(tmp_path))
|
|
return ThreadMetaRepository(get_session_factory())
|
|
|
|
|
|
async def _cleanup():
|
|
from deerflow.persistence.engine import close_engine
|
|
|
|
await close_engine()
|
|
|
|
|
|
class TestThreadMetaRepository:
|
|
@pytest.mark.anyio
|
|
async def test_create_and_get(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
record = await repo.create("t1")
|
|
assert record["thread_id"] == "t1"
|
|
assert record["status"] == "idle"
|
|
assert "created_at" in record
|
|
|
|
fetched = await repo.get("t1")
|
|
assert fetched is not None
|
|
assert fetched["thread_id"] == "t1"
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_create_with_assistant_id(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
record = await repo.create("t1", assistant_id="agent1")
|
|
assert record["assistant_id"] == "agent1"
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_create_with_owner_and_display_name(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
record = await repo.create("t1", owner_id="user1", display_name="My Thread")
|
|
assert record["owner_id"] == "user1"
|
|
assert record["display_name"] == "My Thread"
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_create_with_metadata(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
record = await repo.create("t1", metadata={"key": "value"})
|
|
assert record["metadata"] == {"key": "value"}
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_nonexistent(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
assert await repo.get("nonexistent") is None
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_list_by_owner(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1", owner_id="user1")
|
|
await repo.create("t2", owner_id="user1")
|
|
await repo.create("t3", owner_id="user2")
|
|
results = await repo.list_by_owner("user1")
|
|
assert len(results) == 2
|
|
assert all(r["owner_id"] == "user1" for r in results)
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_list_by_owner_with_limit_and_offset(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
for i in range(5):
|
|
await repo.create(f"t{i}", owner_id="user1")
|
|
results = await repo.list_by_owner("user1", limit=2, offset=1)
|
|
assert len(results) == 2
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_check_access_no_record_allows(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
assert await repo.check_access("unknown", "user1") is True
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_check_access_owner_matches(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1", owner_id="user1")
|
|
assert await repo.check_access("t1", "user1") is True
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_check_access_owner_mismatch(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1", owner_id="user1")
|
|
assert await repo.check_access("t1", "user2") is False
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_check_access_no_owner_allows_all(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
# Explicit owner_id=None to bypass the new AUTO default that
|
|
# would otherwise pick up the test user from the autouse fixture.
|
|
await repo.create("t1", owner_id=None)
|
|
assert await repo.check_access("t1", "anyone") is True
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_update_status(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1")
|
|
await repo.update_status("t1", "busy")
|
|
record = await repo.get("t1")
|
|
assert record["status"] == "busy"
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_delete(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1")
|
|
await repo.delete("t1")
|
|
assert await repo.get("t1") is None
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_delete_nonexistent_is_noop(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.delete("nonexistent") # should not raise
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_update_metadata_merges(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1", metadata={"a": 1, "b": 2})
|
|
await repo.update_metadata("t1", {"b": 99, "c": 3})
|
|
record = await repo.get("t1")
|
|
# Existing key preserved, overlapping key overwritten, new key added
|
|
assert record["metadata"] == {"a": 1, "b": 99, "c": 3}
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_update_metadata_on_empty(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.create("t1")
|
|
await repo.update_metadata("t1", {"k": "v"})
|
|
record = await repo.get("t1")
|
|
assert record["metadata"] == {"k": "v"}
|
|
await _cleanup()
|
|
|
|
@pytest.mark.anyio
|
|
async def test_update_metadata_nonexistent_is_noop(self, tmp_path):
|
|
repo = await _make_repo(tmp_path)
|
|
await repo.update_metadata("nonexistent", {"k": "v"}) # should not raise
|
|
await _cleanup()
|