Lead-Studios
diff --git a/‎docker-compose.yml‎
Lines changed: 38 additions & 0 deletions b/‎docker-compose.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎src/analytics/service.py‎
Lines changed: 100 additions & 43 deletions b/‎src/analytics/service.py‎
Lines changed: 100 additions & 43 deletions
diff --git a/‎src/main.py‎
Lines changed: 106 additions & 27 deletions b/‎src/main.py‎
Lines changed: 106 additions & 27 deletions
@@ -9,6 +9,7 @@ services:
       - PYTHONUNBUFFERED=1
       - QR_SIGNING_KEY=${QR_SIGNING_KEY:-test_signing_key}
       - DATABASE_URL=postgresql://veritix:veritix@db:5432/veritix
+      - ADMIN_API_KEY=${ADMIN_API_KEY:-default_admin_secret_change_me}
     ports:
       - "8000:8000"
     command: uvicorn src.main:app --host 0.0.0.0 --port 8000
@@ -27,7 +28,44 @@ services:
     volumes:
       - db_data:/var/lib/postgresql/data
 
+  # Prometheus monitoring (optional)
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: veritix-prometheus
+    ports:
+      - "9090:9090"
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--storage.tsdb.path=/prometheus"
+      - "--web.console.libraries=/etc/prometheus/console_libraries"
+      - "--web.console.templates=/etc/prometheus/consoles"
+    depends_on:
+      - app
+    profiles: ["monitoring"]
+
 volumes:
   db_data:
 
+# Prometheus Configuration Example
+# Create a prometheus.yml file with the following content:
+#
+# global:
+#   scrape_interval: 15s
+#
+# scrape_configs:
+#   - job_name: 'veritix-metrics'
+#     scheme: http
+#     metrics_path: /metrics
+#     static_configs:
+#       - targets: ['app:8000']
+#     authorization:
+#       type: Bearer
+#       credentials: ${ADMIN_API_KEY}
+#
+# Usage:
+# 1. Set ADMIN_API_KEY environment variable: export ADMIN_API_KEY="your-secure-admin-key"
+# 2. Start with monitoring profile: docker-compose --profile monitoring up
+# 3. Access Prometheus at http://localhost:9090
 
@@ -279,23 +279,42 @@ def get_stats_for_all_events(self) -> Dict[str, Dict[str, int]]:
         finally:
             session.close()
 
-    def get_recent_scans(self, event_id: str, limit: int = 100) -> List[Dict[str, Any]]:
-        """Get recent scan records for an event."""
+    def get_recent_scans(self, event_id: str, from_ts: Optional[datetime] = None, to_ts: Optional[datetime] = None, page: int = 1, limit: int = 100) -> Dict[str, Any]:
+        """Get recent scan records for an event with date filtering and pagination."""
         try:
             session = get_session()
 
-            scans = session.query(TicketScan).filter(
-                TicketScan.event_id == event_id
-            ).order_by(desc(TicketScan.scan_timestamp)).limit(limit).all()
-            
-            return [{
-                "id": scan.id,
-                "ticket_id": scan.ticket_id,
-                "scanner_id": scan.scanner_id,
-                "scan_timestamp": scan.scan_timestamp.isoformat(),
-                "is_valid": scan.is_valid,
-                "location": scan.location
-            } for scan in scans]
+            # Build base query
+            query = session.query(TicketScan).filter(TicketScan.event_id == event_id)
+            
+            # Apply time filters
+            if from_ts:
+                query = query.filter(TicketScan.scan_timestamp >= from_ts)
+            if to_ts:
+                query = query.filter(TicketScan.scan_timestamp <= to_ts)
+            
+            # Get total count for pagination
+            total = query.count()
+            
+            # Apply pagination
+            offset = (page - 1) * limit
+            scans = query.order_by(desc(TicketScan.scan_timestamp)).offset(offset).limit(limit).all()
+            
+            return {
+                "data": [{
+                    "id": scan.id,
+                    "ticket_id": scan.ticket_id,
+                    "scanner_id": scan.scanner_id,
+                    "scan_timestamp": scan.scan_timestamp.isoformat(),
+                    "is_valid": scan.is_valid,
+                    "location": scan.location
+                } for scan in scans],
+                "total": total,
+                "page": page,
+                "limit": limit,
+                "from_ts": from_ts.isoformat() if from_ts else None,
+                "to_ts": to_ts.isoformat() if to_ts else None
+            }
 
         except Exception as e:
             log_error("Failed to get recent scans", {
@@ -330,24 +349,43 @@ def get_scans_by_ticket_id(self, ticket_id: str, limit: int = 100) -> List[Dict[
         finally:
             session.close()
 
-    def get_recent_transfers(self, event_id: str, limit: int = 100) -> List[Dict[str, Any]]:
-        """Get recent transfer records for an event."""
+    def get_recent_transfers(self, event_id: str, from_ts: Optional[datetime] = None, to_ts: Optional[datetime] = None, page: int = 1, limit: int = 100) -> Dict[str, Any]:
+        """Get recent transfer records for an event with date filtering and pagination."""
         try:
             session = get_session()
 
-            transfers = session.query(TicketTransfer).filter(
-                TicketTransfer.event_id == event_id
-            ).order_by(desc(TicketTransfer.transfer_timestamp)).limit(limit).all()
-            
-            return [{
-                "id": transfer.id,
-                "ticket_id": transfer.ticket_id,
-                "from_user_id": transfer.from_user_id,
-                "to_user_id": transfer.to_user_id,
-                "transfer_timestamp": transfer.transfer_timestamp.isoformat(),
-                "is_successful": transfer.is_successful,
-                "transfer_reason": transfer.transfer_reason
-            } for transfer in transfers]
+            # Build base query
+            query = session.query(TicketTransfer).filter(TicketTransfer.event_id == event_id)
+            
+            # Apply time filters
+            if from_ts:
+                query = query.filter(TicketTransfer.transfer_timestamp >= from_ts)
+            if to_ts:
+                query = query.filter(TicketTransfer.transfer_timestamp <= to_ts)
+            
+            # Get total count for pagination
+            total = query.count()
+            
+            # Apply pagination
+            offset = (page - 1) * limit
+            transfers = query.order_by(desc(TicketTransfer.transfer_timestamp)).offset(offset).limit(limit).all()
+            
+            return {
+                "data": [{
+                    "id": transfer.id,
+                    "ticket_id": transfer.ticket_id,
+                    "from_user_id": transfer.from_user_id,
+                    "to_user_id": transfer.to_user_id,
+                    "transfer_timestamp": transfer.transfer_timestamp.isoformat(),
+                    "is_successful": transfer.is_successful,
+                    "transfer_reason": transfer.transfer_reason
+                } for transfer in transfers],
+                "total": total,
+                "page": page,
+                "limit": limit,
+                "from_ts": from_ts.isoformat() if from_ts else None,
+                "to_ts": to_ts.isoformat() if to_ts else None
+            }
 
         except Exception as e:
             log_error("Failed to get recent transfers", {
@@ -358,23 +396,42 @@ def get_recent_transfers(self, event_id: str, limit: int = 100) -> List[Dict[str
         finally:
             session.close()
 
-    def get_invalid_attempts(self, event_id: str, limit: int = 100) -> List[Dict[str, Any]]:
-        """Get recent invalid attempt records for an event."""
+    def get_invalid_attempts(self, event_id: str, from_ts: Optional[datetime] = None, to_ts: Optional[datetime] = None, page: int = 1, limit: int = 100) -> Dict[str, Any]:
+        """Get recent invalid attempt records for an event with date filtering and pagination."""
         try:
             session = get_session()
 
-            invalid_attempts = session.query(InvalidAttempt).filter(
-                InvalidAttempt.event_id == event_id
-            ).order_by(desc(InvalidAttempt.attempt_timestamp)).limit(limit).all()
-            
-            return [{
-                "id": attempt.id,
-                "attempt_type": attempt.attempt_type,
-                "ticket_id": attempt.ticket_id,
-                "attempt_timestamp": attempt.attempt_timestamp.isoformat(),
-                "reason": attempt.reason,
-                "ip_address": attempt.ip_address
-            } for attempt in invalid_attempts]
+            # Build base query
+            query = session.query(InvalidAttempt).filter(InvalidAttempt.event_id == event_id)
+            
+            # Apply time filters
+            if from_ts:
+                query = query.filter(InvalidAttempt.attempt_timestamp >= from_ts)
+            if to_ts:
+                query = query.filter(InvalidAttempt.attempt_timestamp <= to_ts)
+            
+            # Get total count for pagination
+            total = query.count()
+            
+            # Apply pagination
+            offset = (page - 1) * limit
+            invalid_attempts = query.order_by(desc(InvalidAttempt.attempt_timestamp)).offset(offset).limit(limit).all()
+            
+            return {
+                "data": [{
+                    "id": attempt.id,
+                    "attempt_type": attempt.attempt_type,
+                    "ticket_id": attempt.ticket_id,
+                    "attempt_timestamp": attempt.attempt_timestamp.isoformat(),
+                    "reason": attempt.reason,
+                    "ip_address": attempt.ip_address
+                } for attempt in invalid_attempts],
+                "total": total,
+                "page": page,
+                "limit": limit,
+                "from_ts": from_ts.isoformat() if from_ts else None,
+                "to_ts": to_ts.isoformat() if to_ts else None
+            }
 
         except Exception as e:
             log_error("Failed to get invalid attempts", {
 
@@ -215,12 +215,20 @@ def on_shutdown() -> None:
 def read_root() -> RootResponse:
     return RootResponse(message="Veritix Service is running. Check /health for status.")
 
-
-
 @app.get("/metrics", response_class=PlainTextResponse, response_model=str)
-async def metrics_endpoint() -> PlainTextResponse:
-    """Prometheus metrics endpoint."""
-    log_info("Metrics endpoint requested")
+async def metrics_endpoint(_: str = Depends(require_admin_key)) -> PlainTextResponse:
+    """Prometheus metrics endpoint (ADMIN)."""
+    settings = get_settings()
+    
+    # Return 503 if ADMIN_API_KEY is still the default value
+    if settings.ADMIN_API_KEY == "default_admin_secret_change_me":
+        return PlainTextResponse(
+            content="503 Service Unavailable: ADMIN_API_KEY not configured. Please set a secure ADMIN_API_KEY environment variable to access metrics.",
+            status_code=503,
+            media_type="text/plain"
+        )
+    
+    log_info("Metrics endpoint requested (authenticated)")
     return PlainTextResponse(content=get_metrics(), media_type=get_metrics_content_type())
 
 
@@ -331,48 +339,119 @@ def get_analytics_stats(query: Annotated[AnalyticsStatsQuery, Query()]) -> Any:
 
 @app.get("/stats/scans", response_model=AnalyticsScansResponse)
 def get_recent_scans(query: Annotated[AnalyticsListQuery, Query()]) -> AnalyticsScansResponse:
-    """Get recent scan records for an event."""
-    event_id = query.event_id
-    limit = query.limit
-    log_info("Recent scans requested", {"event_id": event_id, "limit": limit})
+    """Get recent scan records for an event with date filtering and pagination."""
+    log_info("Recent scans requested", {
+        "event_id": query.event_id,
+        "from_ts": query.from_ts.isoformat() if query.from_ts else None,
+        "to_ts": query.to_ts.isoformat() if query.to_ts else None,
+        "page": query.page,
+        "limit": query.limit
+    })
     try:
-        scans = analytics_service.get_recent_scans(event_id, limit)
-        log_info("Recent scans retrieved", {"event_id": event_id, "scan_count": len(scans)})
-        return AnalyticsScansResponse(event_id=event_id, scans=scans, count=len(scans))
+        result = analytics_service.get_recent_scans(
+            event_id=query.event_id,
+            from_ts=query.from_ts,
+            to_ts=query.to_ts,
+            page=query.page,
+            limit=query.limit
+        )
+        log_info("Recent scans retrieved", {
+            "event_id": query.event_id,
+            "total": result["total"],
+            "page": result["page"],
+            "limit": result["limit"]
+        })
+        return AnalyticsScansResponse(
+            event_id=query.event_id,
+            data=result["data"],
+            total=result["total"],
+            page=result["page"],
+            limit=result["limit"],
+            from_ts=query.from_ts,
+            to_ts=query.to_ts
+        )
     except Exception as exc:
-        log_error("Failed to retrieve recent scans", {"event_id": event_id, "error": str(exc)})
+        log_error("Failed to retrieve recent scans", {"event_id": query.event_id, "error": str(exc)})
         raise HTTPException(status_code=500, detail=f"Failed to retrieve recent scans: {exc}")
 
 
 @app.get("/stats/transfers", response_model=AnalyticsTransfersResponse)
 def get_recent_transfers(
     query: Annotated[AnalyticsListQuery, Query()]
 ) -> AnalyticsTransfersResponse:
-    """Get recent transfer records for an event."""
-    event_id = query.event_id
-    limit = query.limit
-    log_info("Recent transfers requested", {"event_id": event_id, "limit": limit})
+    """Get recent transfer records for an event with date filtering and pagination."""
+    log_info("Recent transfers requested", {
+        "event_id": query.event_id,
+        "from_ts": query.from_ts.isoformat() if query.from_ts else None,
+        "to_ts": query.to_ts.isoformat() if query.to_ts else None,
+        "page": query.page,
+        "limit": query.limit
+    })
     try:
-        transfers = analytics_service.get_recent_transfers(event_id, limit)
-        return AnalyticsTransfersResponse(event_id=event_id, transfers=transfers, count=len(transfers))
+        result = analytics_service.get_recent_transfers(
+            event_id=query.event_id,
+            from_ts=query.from_ts,
+            to_ts=query.to_ts,
+            page=query.page,
+            limit=query.limit
+        )
+        log_info("Recent transfers retrieved", {
+            "event_id": query.event_id,
+            "total": result["total"],
+            "page": result["page"],
+            "limit": result["limit"]
+        })
+        return AnalyticsTransfersResponse(
+            event_id=query.event_id,
+            data=result["data"],
+            total=result["total"],
+            page=result["page"],
+            limit=result["limit"],
+            from_ts=query.from_ts,
+            to_ts=query.to_ts
+        )
     except Exception as exc:
-        log_error("Failed to retrieve recent transfers", {"event_id": event_id, "error": str(exc)})
+        log_error("Failed to retrieve recent transfers", {"event_id": query.event_id, "error": str(exc)})
         raise HTTPException(status_code=500, detail=f"Failed to retrieve recent transfers: {exc}")
 
 
 @app.get("/stats/invalid-attempts", response_model=AnalyticsInvalidAttemptsResponse)
 def get_invalid_attempts(
     query: Annotated[AnalyticsListQuery, Query()]
 ) -> AnalyticsInvalidAttemptsResponse:
-    """Get recent invalid scan attempt records for an event."""
-    event_id = query.event_id
-    limit = query.limit
-    log_info("Invalid attempts requested", {"event_id": event_id, "limit": limit})
+    """Get recent invalid scan attempt records for an event with date filtering and pagination."""
+    log_info("Invalid attempts requested", {
+        "event_id": query.event_id,
+        "from_ts": query.from_ts.isoformat() if query.from_ts else None,
+        "to_ts": query.to_ts.isoformat() if query.to_ts else None,
+        "page": query.page,
+        "limit": query.limit
+    })
     try:
-        attempts = analytics_service.get_invalid_attempts(event_id, limit)
-        return AnalyticsInvalidAttemptsResponse(event_id=event_id, attempts=attempts, count=len(attempts))
+        result = analytics_service.get_invalid_attempts(
+            event_id=query.event_id,
+            from_ts=query.from_ts,
+            to_ts=query.to_ts,
+            page=query.page,
+            limit=query.limit
+        )
+        log_info("Invalid attempts retrieved", {
+            "event_id": query.event_id,
+            "total": result["total"],
+            "page": result["page"],
+            "limit": result["limit"]
+        })
+        return AnalyticsInvalidAttemptsResponse(
+            event_id=query.event_id,
+            data=result["data"],
+            total=result["total"],
+            page=result["page"],
+            limit=result["limit"],
+            from_ts=query.from_ts,
+            to_ts=query.to_ts
+        )
     except Exception as exc:
-        log_error("Failed to retrieve invalid attempts", {"event_id": event_id, "error": str(exc)})
+        log_error("Failed to retrieve invalid attempts", {"event_id": query.event_id, "error": str(exc)})
         raise HTTPException(status_code=500, detail=f"Failed to retrieve invalid attempts: {exc}")