feat(auth): enhance SSO integration and token management

- add buildAuthorization function for token handling - implement consumeAuthTokensFromUrl to extract tokens from URL - update axios request interceptor to handle authorization - improve error handling for unauthorized access - refactor app.py to validate JWT tokens and manage user sessions - add auth_guard for claim-based authorization checks - create auth_user model for user profile management - update README with service details and setup instructions
2026-06-24 18:20:00 +08:00
parent 988678b75f
commit e5d3c957de
7 changed files with 899 additions and 56 deletions
--- a/fst_data_pipeline/apps/README.md
+++ b/fst_data_pipeline/apps/README.md
@@ -1,2 +1,122 @@
-# Micro Service apps
-Backend micro service application for fst data production line.
+# Micro Service Apps
+
+Backend micro services for the FST data production line.
+
+## Services
+
+- `root_db_api`: FST/root database APIs (Flask + SQLAlchemy + PostgreSQL)
+- `mta_manage_system`: MTA management service (Flask + Flask-SQLAlchemy)
+
+## Prerequisites
+
+- Python `>=3.12`
+- `uv` package manager
+- PostgreSQL (for `root_db_api`)
+
+## Dependency Installation
+
+### Option A: Install from repo root (recommended)
+
+```powershell
+cd "C:\Users\A200315753\Work\FST\fst-editor\fst_data_pipeline-feature-editor-api"
+uv venv
+.\.venv\Scripts\Activate.ps1
+uv sync
+```
+
+### Option B: Install per app
+
+#### root_db_api
+
+```powershell
+cd "C:\Users\A200315753\Work\FST\fst-editor\fst_data_pipeline-feature-editor-api\fst_data_pipeline\apps\root_db_api"
+uv venv
+.\.venv\Scripts\Activate.ps1
+uv sync
+```
+
+#### mta_manage_system
+
+```powershell
+cd "C:\Users\A200315753\Work\FST\fst-editor\fst_data_pipeline-feature-editor-api\fst_data_pipeline\apps\mta_manage_system"
+uv venv
+.\.venv\Scripts\Activate.ps1
+uv sync
+```
+
+## Database Configuration
+
+### 1) root_db_api
+
+`root_db_api` reads DB settings from environment variables in:
+
+- `fst_data_pipeline/apps/root_db_api/src/db/connection.py`
+
+Required variables:
+
+- `DB_USER`
+- `DB_PASSWORD`
+- `DB_BASE_URL`
+
+The runtime DB URL is assembled as:
+
+- `postgresql://{DB_USER}:{DB_PASSWORD}@{DB_BASE_URL}`
+
+Example (`PowerShell`):
+
+```powershell
+$env:DB_USER = "admin"
+$env:DB_PASSWORD = "your_password"
+$env:DB_BASE_URL = "127.0.0.1:5432/fsq_dev"
+```
+
+You can also see a container run example in:
+
+- `start.sh`
+
+### 2) mta_manage_system
+
+`mta_manage_system` reads DB from:
+
+- `fst_data_pipeline/apps/mta_manage_system/config.py`
+
+Key variable:
+
+- `DATABASE_URL`
+
+Example:
+
+```powershell
+$env:DATABASE_URL = "postgresql://username:password@127.0.0.1:5432/dbname"
+```
+
+`config.py` will load env files automatically in this order:
+
+- `.env`
+- `.env.<FLASK_ENV>`
+- `.env.local`
+
+## Run (quick)
+
+### root_db_api
+
+```powershell
+cd "C:\Users\A200315753\Work\FST\fst-editor\fst_data_pipeline-feature-editor-api\fst_data_pipeline\apps\root_db_api"
+python src\app.py
+```
+
+Default API endpoint:
+
+- `http://localhost:5232/api`
+
+### mta_manage_system
+
+```powershell
+cd "C:\Users\A200315753\Work\FST\fst-editor\fst_data_pipeline-feature-editor-api\fst_data_pipeline\apps\mta_manage_system"
+python app.py
+```
+
+## Notes
+
+- `root_db_api` has a detailed service-level guide in `fst_data_pipeline/apps/root_db_api/README.md`.
+- Keep secrets (DB password, OAuth secrets) in environment variables or local `.env` files; do not commit them.