dashboard-nanobot/backend/api/bot_router.py

from fastapi import APIRouter, Depends, HTTPException, Request, Response
from sqlmodel import Session

from core.database import get_session
from models.bot import BotInstance
from schemas.bot import BotCreateRequest, BotPageAuthLoginRequest, BotUpdateRequest
from services.platform_auth_service import (
    clear_bot_token_cookie,
    create_bot_token,
    resolve_bot_request_auth,
    revoke_bot_token,
    set_bot_token_cookie,
)
from services.bot_management_service import (
    authenticate_bot_page_access,
    create_bot_record,
    get_bot_detail_cached,
    list_bots_with_cache,
    update_bot_record,
)
from services.provider_service import test_provider_connection

router = APIRouter()


@router.post("/api/providers/test")
async def test_provider(payload: dict):
    return await test_provider_connection(payload)


@router.post("/api/bots")
def create_bot(payload: BotCreateRequest, session: Session = Depends(get_session)):
    return create_bot_record(session, payload=payload)


@router.get("/api/bots")
def list_bots(session: Session = Depends(get_session)):
    return list_bots_with_cache(session)


@router.get("/api/bots/{bot_id}")
def get_bot_detail(bot_id: str, session: Session = Depends(get_session)):
    return get_bot_detail_cached(session, bot_id=bot_id)


@router.post("/api/bots/{bot_id}/auth/login")
def login_bot_page(
    bot_id: str,
    payload: BotPageAuthLoginRequest,
    request: Request,
    response: Response,
    session: Session = Depends(get_session),
):
    result = authenticate_bot_page_access(session, bot_id=bot_id, password=payload.password)
    try:
        raw_token = create_bot_token(session, request, bot_id)
    except RuntimeError as exc:
        raise HTTPException(status_code=503, detail=str(exc)) from exc
    set_bot_token_cookie(response, request, bot_id, raw_token, session)
    return result


@router.get("/api/bots/{bot_id}/auth/status")
def get_bot_auth_status(bot_id: str, request: Request, session: Session = Depends(get_session)):
    bot = session.get(BotInstance, bot_id)
    if not bot:
        return {"enabled": False, "authenticated": False, "auth_source": None, "bot_id": bot_id}
    principal = resolve_bot_request_auth(session, request, bot_id)
    return {
        "enabled": bool(str(bot.access_password or "").strip()),
        "authenticated": bool(principal.authenticated),
        "auth_source": principal.auth_source if principal.authenticated else None,
        "bot_id": bot_id,
    }


@router.post("/api/bots/{bot_id}/auth/logout")
def logout_bot_page(bot_id: str, request: Request, response: Response, session: Session = Depends(get_session)):
    revoke_bot_token(session, request, bot_id)
    clear_bot_token_cookie(response, bot_id)
    return {"success": True, "bot_id": bot_id}


@router.put("/api/bots/{bot_id}")
def update_bot(bot_id: str, payload: BotUpdateRequest, session: Session = Depends(get_session)):
    return update_bot_record(session, bot_id=bot_id, payload=payload)