Added download audit model and endpoint

nando-bingani · nando-bingani · commit ae281d5ffd7d · 2025-10-29T07:31:36.000+02:00
diff --git a/odp/api/main.py b/odp/api/main.py
@@ -1,7 +1,7 @@
 from fastapi import FastAPI, Request, Response
 from fastapi.middleware.cors import CORSMiddleware
 
-from odp.api.routers import catalog, client, collection, provider, record, role, schema, scope, status, tag, token, user, vocabulary
+from odp.api.routers import catalog, client, collection, provider, record, role, schema, scope, status, tag, token, user, vocabulary, download
 from odp.config import config
 from odp.db import Session
 from odp.version import VERSION
@@ -28,6 +28,7 @@
 app.include_router(token.router, prefix='/token', tags=['Token'])
 app.include_router(user.router, prefix='/user', tags=['User'])
 app.include_router(vocabulary.router, prefix='/vocabulary', tags=['Vocabulary'])
+app.include_router(download.router, prefix='/download', tags=['Download'])
 
 app.add_middleware(
     CORSMiddleware,
diff --git a/odp/api/routers/download.py b/odp/api/routers/download.py
@@ -0,0 +1,64 @@
+from datetime import datetime, timezone
+
+from fastapi import APIRouter, Depends, HTTPException, Request
+from starlette.status import HTTP_201_CREATED, HTTP_400_BAD_REQUEST
+from sqlalchemy import insert
+
+from odp.db import Session
+from odp.db.models import DownloadAudit
+from odp.api.lib.auth import Authorize, Authorized  # only if you want auth; otherwise omit
+
+router = APIRouter()
+
+@router.post('/audit', status_code=HTTP_201_CREATED)
+async def create_download_audit(request: Request):
+    """
+    Accept JSON payload to record a download audit and return success.
+    """
+    payload = await request.json()
+    if not isinstance(payload, dict):
+        raise HTTPException(HTTP_400_BAD_REQUEST, 'Invalid JSON payload')
+
+    # derive client_id/user_id from request context (if you have that info).
+    # Use placeholders if not available
+    client_id = getattr(request.state, 'client_id', None) or payload.get('client_id') or 'unknown'
+    user_id = getattr(request.state, 'user_id', None) or payload.get('user_id')
+
+    download_url = payload.get('download_url')
+    file_size = payload.get('file_size')
+    success = bool(payload.get('success', True))
+    meta = payload.get('meta', {}) or {}
+
+    # copy optional form fields into meta for storage
+    for k in ('name', 'email', 'organisation'):
+        if payload.get(k) is not None:
+            meta[k] = payload.get(k)
+
+    # capture IP and UA
+    ip_address = request.client.host if request.client else None
+    user_agent = request.headers.get('user-agent')
+
+    # persist using Session
+    #
+    # --- THIS IS THE FIX ---
+    # We use `Session.begin()` to manage the transaction,
+    # and call methods on the imported `Session` object itself.
+    #
+    with Session.begin():
+        audit = DownloadAudit(
+            client_id=client_id,
+            user_id=user_id,
+            download_url=download_url,
+            ip_address=ip_address,
+            user_agent=user_agent,
+            file_size=file_size,
+            success=success,
+            timestamp=datetime.now(timezone.utc),
+            meta=meta,
+        )
+        Session.add(audit)
+        Session.flush()
+        audit_id = audit.id
+    # --- END OF FIX ---
+
+    return {"status": "ok", "audit_id": audit_id}
diff --git a/odp/db/models/download.py b/odp/db/models/download.py
@@ -0,0 +1,24 @@
+from datetime import datetime, timezone
+
+from sqlalchemy import Column, Integer, String, TIMESTAMP, Boolean, BigInteger, Text
+from sqlalchemy.dialects.postgresql import JSONB
+from sqlalchemy.orm import relationship
+
+from odp.db import Base
+
+
+class DownloadAudit(Base):
+    """Download audit log."""
+
+    __tablename__ = 'download_audit'
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    client_id = Column(String, nullable=False)
+    user_id = Column(String, nullable=True)
+    download_url = Column(String, nullable=True)
+    ip_address = Column(String, nullable=True)
+    user_agent = Column(Text, nullable=True)
+    file_size = Column(BigInteger, nullable=True)
+    success = Column(Boolean, nullable=False)
+    timestamp = Column(TIMESTAMP(timezone=True), nullable=False, default=lambda: datetime.now(timezone.utc))
+    meta = Column(JSONB, nullable=True)
