Initial commit: Robot ökoszisztéma v2.0 - Stabilizált jármű és szerviz robotok

2026-03-04 02:03:03 +01:00
commit 250f4f4b8f
7942 changed files with 449625 additions and 0 deletions
--- a/backend/app/services/auth_service.py.old_1
+++ b/backend/app/services/auth_service.py.old_1
@@ -0,0 +1,281 @@
+import os
+import logging
+import uuid
+import json
+from datetime import datetime, timedelta, timezone
+from typing import Optional
+
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select, and_
+from sqlalchemy.orm import joinedload
+from fastapi.encoders import jsonable_encoder
+from fastapi import HTTPException, status
+
+from app.models.identity import User, Person, UserRole, VerificationToken, Wallet
+from app.models.gamification import UserStats
+from app.models.organization import Organization, OrganizationMember, OrgType
+from app.schemas.auth import UserLiteRegister, UserKYCComplete
+from app.core.security import get_password_hash, verify_password, generate_secure_slug
+from app.services.email_manager import email_manager
+from app.core.config import settings
+from app.services.config_service import config
+from app.services.geo_service import GeoService
+from app.services.security_service import security_service # Sentinel integráció
+
+logger = logging.getLogger(__name__)
+
+class AuthService:
+    @staticmethod
+    async def register_lite(db: AsyncSession, user_in: UserLiteRegister):
+        """
+        Step 1: Lite Regisztráció (Manuális).
+        Létrehozza a Person és User rekordokat, de a fiók inaktív marad.
+        A folder_slug itt még NEM generálódik le!
+        """
+        try:
+            # --- Dinamikus jelszóhossz ellenőrzés ---
+            # Lekérjük az admin beállítást, minimum 8 karakter a hard limit.
+            min_pass = await config.get_setting(db, "auth_min_password_length", default=8)
+            min_len = max(int(min_pass), 8)
+            
+            if len(user_in.password) < min_len:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=f"A jelszónak legalább {min_len} karakter hosszúnak kell lennie."
+                )
+
+            new_person = Person(
+                first_name=user_in.first_name,
+                last_name=user_in.last_name,
+                is_active=False
+            )
+            db.add(new_person)
+            await db.flush()
+
+            new_user = User(
+                email=user_in.email,
+                hashed_password=get_password_hash(user_in.password),
+                person_id=new_person.id,
+                role=UserRole.user, 
+                is_active=False,
+                is_deleted=False,
+                region_code=user_in.region_code,
+                preferred_language=user_in.lang,
+                timezone=user_in.timezone
+                # folder_slug marad NULL a Step 2-ig
+            )
+            db.add(new_user)
+            await db.flush()
+
+            # Verifikációs token generálása
+            reg_hours = await config.get_setting(db, "auth_registration_hours", region_code=user_in.region_code, default=48)
+            token_val = uuid.uuid4()
+            db.add(VerificationToken(
+                token=token_val,
+                user_id=new_user.id,
+                token_type="registration",
+                expires_at=datetime.now(timezone.utc) + timedelta(hours=int(reg_hours))
+            ))
+            
+            # Email kiküldése
+            verification_link = f"{settings.FRONTEND_BASE_URL}/verify?token={token_val}"
+            await email_manager.send_email(
+                recipient=user_in.email,
+                template_key="reg",
+                variables={"first_name": user_in.first_name, "link": verification_link},
+                lang=user_in.lang
+            )
+
+            # Audit log a regisztrációról
+            await security_service.log_event(
+                db,
+                user_id=new_user.id,
+                action="USER_REGISTER_LITE",
+                severity="info",
+                target_type="User",
+                target_id=str(new_user.id),
+                new_data={"email": user_in.email, "method": "manual"}
+            )
+
+            await db.commit()
+            await db.refresh(new_user)
+            return new_user
+        except HTTPException:
+            await db.rollback()
+            raise
+        except Exception as e:
+            await db.rollback()
+            logger.error(f"Registration Error: {str(e)}")
+            raise e
+
+    @staticmethod
+    async def complete_kyc(db: AsyncSession, user_id: int, kyc_in: UserKYCComplete):
+        """ Step 2: Atomi Tranzakció (Person + Address + Org + Branch + Wallet). """
+        try:
+            # 1. Lekérés Eager Loadinggal a hibák elkerülésére
+            stmt = select(User).options(joinedload(User.person)).where(User.id == user_id)
+            user = (await db.execute(stmt)).scalar_one_or_none()
+            if not user: return None
+
+            # 2. Cím rögzítése
+            addr_id = await GeoService.get_or_create_full_address(
+                db, zip_code=kyc_in.address_zip, city=kyc_in.address_city,
+                street_name=kyc_in.address_street_name, street_type=kyc_in.address_street_type,
+                house_number=kyc_in.address_house_number, parcel_id=kyc_in.address_hrsz
+            )
+
+            # 3. Person adatok frissítése (MDM elv)
+            p = user.person
+            p.mothers_last_name = kyc_in.mothers_last_name
+            p.mothers_first_name = kyc_in.mothers_first_name
+            p.birth_place = kyc_in.birth_place
+            p.birth_date = kyc_in.birth_date
+            p.phone = kyc_in.phone_number
+            p.address_id = addr_id
+            p.identity_docs = jsonable_encoder(kyc_in.identity_docs)
+            p.is_active = True
+
+            # 4. Individual Organization (Privát Széf) létrehozása
+            new_org = Organization(
+                full_name=f"{p.last_name} {p.first_name} Magán Flotta",
+                name=f"{p.last_name} Flotta",
+                folder_slug=generate_secure_slug(12),
+                org_type=OrgType.individual,
+                owner_id=user.id,
+                is_active=True,
+                status="verified",
+                country_code=user.region_code
+            )
+            db.add(new_org)
+            await db.flush()
+
+            # 5. Telephely (Branch) és Tagság
+            db.add(Branch(organization_id=new_org.id, address_id=addr_id, name="Otthon", is_main=True))
+            db.add(OrganizationMember(organization_id=new_org.id, user_id=user.id, role="OWNER"))
+            db.add(Wallet(user_id=user.id, currency=kyc_in.preferred_currency or "HUF"))
+            db.add(UserStats(user_id=user.id))
+
+            # 6. Aktiválás
+            user.is_active = True
+            user.folder_slug = generate_secure_slug(12)
+
+            await db.commit()
+            await db.refresh(user)
+            return user
+        except Exception as e:
+            await db.rollback()
+            logger.error(f"KYC Error: {e}")
+            raise e
+
+    @staticmethod
+    async def soft_delete_user(db: AsyncSession, user_id: int, reason: str, actor_id: int):
+        """
+        Soft-Delete: Email felszabadítás és izoláció.
+        """
+        stmt = select(User).where(User.id == user_id)
+        user = (await db.execute(stmt)).scalar_one_or_none()
+        
+        if not user or user.is_deleted:
+            return False
+
+        old_email = user.email
+        # Email átnevezése az egyediség megőrzése érdekében (újraregisztrációhoz)
+        user.email = f"deleted_{user.id}_{datetime.now().strftime('%Y%m%d')}_{old_email}"
+        user.is_deleted = True
+        user.is_active = False
+        
+        await security_service.log_event(
+            db, 
+            user_id=actor_id, 
+            action="USER_SOFT_DELETE",
+            severity="warning",
+            target_type="User",
+            target_id=str(user_id),
+            old_data={"email": old_email},
+            new_data={"is_deleted": True, "reason": reason}
+        )
+        
+        await db.commit()
+        return True
+
+    @staticmethod
+    async def verify_email(db: AsyncSession, token_str: str):
+        try:
+            token_uuid = uuid.UUID(token_str)
+            stmt = select(VerificationToken).where(
+                and_(
+                    VerificationToken.token == token_uuid,
+                    VerificationToken.is_used == False,
+                    VerificationToken.expires_at > datetime.now(timezone.utc)
+                )
+            )
+            res = await db.execute(stmt)
+            token = res.scalar_one_or_none()
+            if not token: return False
+            
+            token.is_used = True
+            await db.commit()
+            return True
+        except:
+            return False
+
+    @staticmethod
+    async def authenticate(db: AsyncSession, email: str, password: str):
+        stmt = select(User).where(and_(User.email == email, User.is_deleted == False))
+        res = await db.execute(stmt)
+        user = res.scalar_one_or_none()
+        if user and verify_password(password, user.hashed_password):
+            return user
+        return None
+
+    @staticmethod
+    async def initiate_password_reset(db: AsyncSession, email: str):
+        stmt = select(User).where(and_(User.email == email, User.is_deleted == False))
+        user = (await db.execute(stmt)).scalar_one_or_none()
+        
+        if user:
+            reset_hours = await config.get_setting(db, "auth_password_reset_hours", region_code=user.region_code, default=2)
+            token_val = uuid.uuid4()
+            db.add(VerificationToken(
+                token=token_val,
+                user_id=user.id,
+                token_type="password_reset",
+                expires_at=datetime.now(timezone.utc) + timedelta(hours=int(reset_hours))
+            ))
+            
+            reset_link = f"{settings.FRONTEND_BASE_URL}/reset-password?token={token_val}"
+            await email_manager.send_email(
+                recipient=email,
+                template_key="pwd_reset",
+                variables={"link": reset_link},
+                lang=user.preferred_language
+            )
+            await db.commit()
+            return "success"
+        return "not_found"
+
+    @staticmethod
+    async def reset_password(db: AsyncSession, email: str, token_str: str, new_password: str):
+        try:
+            token_uuid = uuid.UUID(token_str)
+            stmt = select(VerificationToken).join(User).where(
+                and_(
+                    User.email == email,
+                    VerificationToken.token == token_uuid,
+                    VerificationToken.token_type == "password_reset",
+                    VerificationToken.is_used == False,
+                    VerificationToken.expires_at > datetime.now(timezone.utc)
+                )
+            )
+            token_rec = (await db.execute(stmt)).scalar_one_or_none()
+            if not token_rec: return False
+            
+            user_stmt = select(User).where(User.id == token_rec.user_id)
+            user = (await db.execute(user_stmt)).scalar_one()
+            user.hashed_password = get_password_hash(new_password)
+            token_rec.is_used = True
+            
+            await db.commit()
+            return True
+        except:
+            return False