Spaces:

digifreely
/

init

Running

App Files Files Community

digifreely commited on 13 days ago

Commit

9e2655d

verified ·

1 Parent(s): c4165e5

Upload 4 files

Browse files

Files changed (4) hide show

Dockerfile +12 -0
README.md +4 -7
app.py +274 -0
requirements.txt +6 -0

Dockerfile ADDED Viewed

	@@ -0,0 +1,12 @@

+FROM python:3.11-slim
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY app.py .
+EXPOSE 7860
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

README.md CHANGED Viewed

@@ -1,11 +1,8 @@
 ---
-title: Init
-emoji: 🔥
-colorFrom: green
-colorTo: green
 sdk: docker
 pinned: false
-license: mit
 ---
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

 ---
+title: Maria PT API
+emoji: 🎓
+colorFrom: blue
+colorTo: purple
 sdk: docker
 pinned: false
 ---

app.py ADDED Viewed

	@@ -0,0 +1,274 @@

+"""
+Maria PT - HuggingFace Spaces Backend
+======================================
+Auth: SHA-256 hash check (primary) or Cloudflare Referer/Domain check (fallback)
+Endpoints: GET /ping  |  POST /base_start
+"""
+import os
+import hashlib
+import logging
+import httpx
+from fastapi import FastAPI, Request, HTTPException, status
+from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
+from pydantic import BaseModel
+from pymongo import MongoClient
+from pymongo.errors import ConnectionFailure, OperationFailure
+from typing import Optional
+# ─────────────────────────────────────────────
+# Logging
+# ─────────────────────────────────────────────
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger("maria_pt")
+# ─────────────────────────────────────────────
+# Environment / Secrets  (set in HF Space Settings → Secrets)
+# ─────────────────────────────────────────────
+EXPECTED_HASH      = os.environ.get("EXPECTED_HASH",
+                       "7208839b7c5d8e5418a492ee2eadaf15d9d32ba7f7c9a4c0f0486cfc358a96c2")
+MONGO_PASSWORD     = os.environ.get("MONGO_PASSWORD", "")
+MONGO_URI          = os.environ.get(
+    "MONGO_URI",
+    f"mongodb+srv://testuser:{MONGO_PASSWORD}@cluster0.ntz2mpi.mongodb.net/"
+)
+MONGO_DB           = os.environ.get("MONGO_DB",   "MariaPTDB")
+MONGO_COLLECTION   = os.environ.get("MONGO_COLL", "MariaPTColl")
+# Cloudflare Turnstile secret (placeholder – paste your real secret in HF Secrets)
+CF_TURNSTILE_SECRET = os.environ.get("CF_TURNSTILE_SECRET", "PLACEHOLDER_CF_TURNSTILE_SECRET")
+ALLOWED_DOMAIN      = os.environ.get("ALLOWED_DOMAIN", "buildwithsupratim.github.io")
+# ─────────────────────────────────────────────
+# FastAPI App
+# ─────────────────────────────────────────────
+app = FastAPI(title="Maria PT API", version="1.0.0", docs_url=None, redoc_url=None)
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["https://buildwithsupratim.github.io"],
+    allow_credentials=True,
+    allow_methods=["GET", "POST"],
+    allow_headers=["*"],
+)
+# ─────────────────────────────────────────────
+# MongoDB Client (lazy singleton)
+# ─────────────────────────────────────────────
+_mongo_client: Optional[MongoClient] = None
+def get_mongo_collection():
+    global _mongo_client
+    if _mongo_client is None:
+        _mongo_client = MongoClient(MONGO_URI, serverSelectionTimeoutMS=5000)
+    db   = _mongo_client[MONGO_DB]
+    coll = db[MONGO_COLLECTION]
+    # Ensure capped (100 MB) – silently ignored if collection already exists
+    try:
+        db.create_collection(
+            MONGO_COLLECTION,
+            capped=True,
+            size=100_000_000,
+        )
+    except Exception:
+        pass
+    return coll
+# ─────────────────────────────────────────────
+# Auth Helpers
+# ─────────────────────────────────────────────
+def _hash_auth_code(auth_code: str) -> str:
+    return hashlib.sha256(auth_code.encode()).hexdigest()
+def _primary_auth(request: Request) -> bool:
+    """Check SHA-256 of auth_code header against EXPECTED_HASH."""
+    auth_code = request.headers.get("auth_code") or request.headers.get("Auth-Code")
+    if not auth_code:
+        return False
+    return _hash_auth_code(auth_code) == EXPECTED_HASH
+async def _cloudflare_domain_check(request: Request) -> bool:
+    """
+    Cloudflare-backed fallback:
+    1. Extract the Referer / Origin header.
+    2. Verify it belongs to ALLOWED_DOMAIN (domain-level check).
+    3. Optionally verify a Cloudflare Turnstile token if present in headers.
+    """
+    # ── Step 1: Domain/Referer check ──────────────────────────────────────
+    referer = request.headers.get("referer", "")
+    origin  = request.headers.get("origin", "")
+    referer_ok = ALLOWED_DOMAIN in referer
+    origin_ok  = ALLOWED_DOMAIN in origin
+    if not (referer_ok or origin_ok):
+        logger.warning("Blocked – domain not allowed. Referer=%s Origin=%s", referer, origin)
+        return False
+    # ── Step 2: Cloudflare Turnstile token (optional header) ─────��───────
+    # If the front-end sends a CF-Turnstile-Token header we verify it.
+    # If no token is sent we fall back to domain-only gating.
+    cf_token = request.headers.get("CF-Turnstile-Token")
+    if cf_token and CF_TURNSTILE_SECRET != "PLACEHOLDER_CF_TURNSTILE_SECRET":
+        try:
+            async with httpx.AsyncClient(timeout=5.0) as client:
+                resp = await client.post(
+                    "https://challenges.cloudflare.com/turnstile/v0/siteverify",
+                    data={
+                        "secret":   CF_TURNSTILE_SECRET,
+                        "response": cf_token,
+                        "remoteip": request.client.host,
+                    },
+                )
+            result = resp.json()
+            if not result.get("success"):
+                logger.warning("Cloudflare Turnstile rejected: %s", result)
+                return False
+        except Exception as exc:
+            logger.error("Turnstile verification error: %s", exc)
+            return False
+    return True
+async def require_auth(request: Request):
+    """
+    Gate every protected endpoint.
+    Primary  → SHA-256 hash check on auth_code header.
+    Fallback → Cloudflare domain / Turnstile check.
+    Block    → 403 + client IP is logged (extend here for real IP-ban storage).
+    """
+    if _primary_auth(request):
+        return  # ✅ Primary auth passed
+    if await _cloudflare_domain_check(request):
+        return  # ✅ Cloudflare check passed
+    # ❌ Both checks failed → block
+    client_ip = request.client.host
+    logger.warning("BLOCKED IP: %s", client_ip)
+    raise HTTPException(
+        status_code=status.HTTP_403_FORBIDDEN,
+        detail="Access denied. Invalid credentials or unauthorized origin.",
+    )
+# ─────────────────────────────────────────────
+# Request Schema
+# ─────────────────────────────────────────────
+class BaseStartRequest(BaseModel):
+    request: str        # e.g. "send_code"
+    student_name: str   # e.g. "Greti"
+# ─────────────────────────────────────────────
+# Response Builders
+# ─────────────────────────────────────────────
+def build_learning_path(doc: dict, student_name: str) -> dict:
+    """
+    Merge the MongoDB document with the student_name from the API call,
+    then build the full learning_path response with blank/initialised fields.
+    """
+    curriculum_objectives = doc.get("curriculum_objectives", [])
+    # ── Normalise curriculum (topic → topics key) ─────────────────────────
+    normalised_curriculum = []
+    for item in curriculum_objectives:
+        normalised_curriculum.append({
+            "topics":              item.get("topic", ""),
+            "content":             item.get("content", ""),
+            "learning_objectives": item.get("learning_objectives", []),
+        })
+    # ── assessment_stages: initialise with FIRST topic only ───────────────
+    first_topic = curriculum_objectives[0] if curriculum_objectives else {}
+    first_learning_objectives = [
+        {
+            "goal":         goal,
+            "teach":        "not_complete",
+            "re_teach":     "not_complete",
+            "show_and_tell":"not_complete",
+            "assess":       "not_complete",
+        }
+        for goal in first_topic.get("learning_objectives", [])
+    ]
+    current_learning = [
+        {
+            "topic":               first_topic.get("topic", ""),
+            "content":             first_topic.get("content", ""),
+            "learning_objectives": first_learning_objectives,
+        }
+    ] if first_topic else []
+    return {
+        "learning_path": {
+            "board":                doc.get("board", ""),
+            "class":                doc.get("class", ""),
+            "subject":              doc.get("subject", ""),
+            "student_name":         student_name,          # from API call
+            "teacher_persona":      doc.get("teacher_persona", ""),
+            "curriculum_objectives": normalised_curriculum,
+            "chat_history":         [],                    # blank – yet to start
+            "scratchpad":           [],                    # blank – yet to start
+            "assessment_stages": {
+                "current_learning": current_learning,
+            },
+        }
+    }
+# ─────────────────────────────────────────────
+# Endpoints
+# ─────────────────────────────────────────────
+@app.get("/ping")
+async def ping(request: Request):
+    """Health-check endpoint – wakes the Space if sleeping."""
+    await require_auth(request)
+    return JSONResponse(content={"status": "alive"})
+@app.post("/base_start")
+async def base_start(request: Request, body: BaseStartRequest):
+    """
+    Accepts { request, student_name }, queries MongoDB for matching request,
+    and returns an initialised learning_path JSON.
+    """
+    await require_auth(request)
+    # ── MongoDB Lookup ────────────────────────────────────────────────────
+    try:
+        collection = get_mongo_collection()
+        doc = collection.find_one(
+            {"request": body.request},
+            {"_id": 0},          # exclude Mongo internal _id
+        )
+    except (ConnectionFailure, OperationFailure) as exc:
+        logger.error("MongoDB error: %s", exc)
+        raise HTTPException(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            detail="Database connection error. Please try again later.",
+        )
+    if doc is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"No curriculum found for request '{body.request}'.",
+        )
+    # ── Build & Return Response ───────────────────────────────────────────
+    response_payload = build_learning_path(doc, body.student_name)
+    return JSONResponse(content=response_payload)
+# ─────────────────────────────────────────────
+# Entry point (for local testing)
+# ─────────────────────────────────────────────
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run("app:app", host="0.0.0.0", port=7860, reload=True)

requirements.txt ADDED Viewed

	@@ -0,0 +1,6 @@

+fastapi==0.115.0
+uvicorn[standard]==0.30.6
+pymongo[srv]==4.8.0
+httpx==0.27.2
+pydantic==2.8.2
+python-dotenv==1.0.1