Compare commits
10 Commits
fix/run-ro
...
fix/public
| Author | SHA1 | Date | |
|---|---|---|---|
|
8e19dc9f35 | ||
| 5b9d71426d | |||
|
|
efa7192e45 | ||
| b27d613143 | |||
|
|
a1ab1c0319 | ||
| 0b4e04544d | |||
|
|
7593a460c7 | ||
| a4e7388bcf | |||
|
|
ac319b3ee5 | ||
| 8e004c46ef |
@@ -14,13 +14,5 @@ PARSER_USE_PLAYWRIGHT=false
|
||||
ADMIN_USERNAME=admin
|
||||
ADMIN_PASSWORD=change-me
|
||||
SESSION_SECRET=change-me-session-secret
|
||||
MCP_TOKEN=change-me-mcp-token
|
||||
MCP_AUTH_MODE=oauth
|
||||
MCP_RESOURCE_URL=http://localhost:8001/mcp
|
||||
MCP_OAUTH_ISSUER=
|
||||
MCP_OAUTH_AUDIENCE=
|
||||
MCP_OAUTH_JWKS_URL=
|
||||
MCP_OAUTH_REQUIRED_SCOPE=mcp:tools
|
||||
|
||||
API_PORT=8000
|
||||
MCP_PORT=8001
|
||||
|
||||
29
README.md
29
README.md
@@ -6,7 +6,7 @@
|
||||
|
||||
- `api`: FastAPI, REST API, HTML-админка, healthcheck.
|
||||
- `worker`: weekly scheduler, который запускает парсинг по `CRAWL_CRON`.
|
||||
- `mcp`: HTTP MCP endpoint с OAuth/OIDC access token для внешних агентов или legacy static token для локального режима.
|
||||
- `mcp`: открытый HTTP MCP endpoint для ИИ-агентов.
|
||||
- `postgres`: основная БД.
|
||||
|
||||
Парсер использует фиксированный источник сотрудников, по умолчанию `https://miem.hse.ru/persons`. Для каждой карточки сохраняются ФИО, должности, год начала работы, контакты, идентификаторы, вкладки профиля, секции, публикации, курсы, ВКР, JSON-снапшот и сжатый HTML-снапшот. Ссылки обходятся только из меню профиля самого сотрудника (`person-menu`), например `#sci`, `#teaching`, `#main`.
|
||||
@@ -27,13 +27,6 @@ cp .env.example .env
|
||||
- `CRAWL_LIMIT`: опциональный лимит профилей для тестового запуска.
|
||||
- `ADMIN_USERNAME`, `ADMIN_PASSWORD`: логин и пароль админки.
|
||||
- `SESSION_SECRET`: секрет подписи cookie.
|
||||
- `MCP_TOKEN`: статический bearer token для legacy/local режима `MCP_AUTH_MODE=token`.
|
||||
- `MCP_AUTH_MODE`: режим авторизации MCP: `oauth` для внешних агентов или `token` для локальной отладки.
|
||||
- `MCP_RESOURCE_URL`: публичный URL MCP endpoint, например `https://example.com/mcp`.
|
||||
- `MCP_OAUTH_ISSUER`: issuer внешнего OIDC-провайдера.
|
||||
- `MCP_OAUTH_AUDIENCE`: ожидаемый `aud` в OAuth access token.
|
||||
- `MCP_OAUTH_JWKS_URL`: JWKS endpoint; если не задан, используется `<issuer>/.well-known/jwks.json`.
|
||||
- `MCP_OAUTH_REQUIRED_SCOPE`: scope для доступа к MCP tools, по умолчанию `mcp:tools`.
|
||||
- `PARSER_USE_PLAYWRIGHT`: включение Playwright-рендера динамических вкладок.
|
||||
|
||||
## Локальный запуск
|
||||
@@ -88,9 +81,7 @@ curl -X POST http://localhost:8000/api/crawl-runs --cookie "miem_admin_session=.
|
||||
|
||||
## MCP
|
||||
|
||||
Endpoint: `POST /mcp`, авторизация `Authorization: Bearer <token>`.
|
||||
|
||||
Для внешних ИИ-агентов используйте `MCP_AUTH_MODE=oauth`. В этом режиме статический `MCP_TOKEN` не принимается: клиент должен передать OAuth/OIDC access token с нужным scope.
|
||||
Endpoint: `POST /mcp`, без авторизации на уровне приложения.
|
||||
|
||||
Поддерживаемые tools:
|
||||
|
||||
@@ -104,23 +95,11 @@ Endpoint: `POST /mcp`, авторизация `Authorization: Bearer <token>`.
|
||||
|
||||
```bash
|
||||
curl http://localhost:8001/mcp \
|
||||
-H "Authorization: Bearer change-me-mcp-token" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'
|
||||
```
|
||||
|
||||
Для production OAuth/OIDC настройте внешний authorization server и включите режим `oauth`:
|
||||
|
||||
```env
|
||||
MCP_AUTH_MODE=oauth
|
||||
MCP_RESOURCE_URL=https://example.com/mcp
|
||||
MCP_OAUTH_ISSUER=https://auth.example.com
|
||||
MCP_OAUTH_AUDIENCE=miem-mcp
|
||||
MCP_OAUTH_JWKS_URL=https://auth.example.com/.well-known/jwks.json
|
||||
MCP_OAUTH_REQUIRED_SCOPE=mcp:tools
|
||||
```
|
||||
|
||||
MCP server работает как OAuth protected resource: он не выдает токены, а проверяет JWT access token по JWKS, `issuer`, `audience`, сроку действия и scope. Metadata для MCP-клиентов доступна по `GET /.well-known/oauth-protected-resource`.
|
||||
Если MCP нужно ограничить, делайте это на сетевом уровне: localhost binding, VPN, firewall, reverse proxy или другой внешний контур доступа.
|
||||
|
||||
## Обслуживание
|
||||
|
||||
@@ -131,4 +110,4 @@ docker compose exec postgres pg_dump -U miem miem_workers > backup.sql
|
||||
docker compose down
|
||||
```
|
||||
|
||||
Версия сервиса: `0.4.0`. Админка всегда показывает версии backend и frontend в footer.
|
||||
Версия сервиса: `0.4.5`. Админка всегда показывает версии backend и frontend в footer.
|
||||
|
||||
24
app/admin.py
24
app/admin.py
@@ -17,6 +17,7 @@ from app.services.admin_data import (
|
||||
stats_payload,
|
||||
)
|
||||
from app.services.crawl_control import get_running_run, run_crawl_if_idle
|
||||
from app.services.crawler import refresh_employee
|
||||
from app.version import BACKEND_VERSION, FRONTEND_VERSION
|
||||
|
||||
router = APIRouter(prefix="/admin")
|
||||
@@ -144,10 +145,31 @@ def employee_detail(
|
||||
return _render(
|
||||
request,
|
||||
"employee_detail.html",
|
||||
{"employee": employee, "employee_view": employee_detail_payload(employee), "snapshots": snapshots},
|
||||
{
|
||||
"employee": employee,
|
||||
"employee_view": employee_detail_payload(employee),
|
||||
"snapshots": snapshots,
|
||||
"refresh_status": request.query_params.get("refresh_status"),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
@router.post("/employees/{employee_id}/refresh")
|
||||
def refresh_employee_detail(
|
||||
employee_id: int,
|
||||
request: Request,
|
||||
db: Session = Depends(get_db),
|
||||
settings: Settings = Depends(get_settings),
|
||||
):
|
||||
require_admin(request, settings)
|
||||
employee = db.get(Employee, employee_id)
|
||||
if not employee:
|
||||
return RedirectResponse("/admin/directory", status_code=303)
|
||||
run = refresh_employee(db, employee, settings)
|
||||
status = "success" if run.status == "completed" else "error"
|
||||
return RedirectResponse(f"/admin/employees/{employee_id}?refresh_status={status}", status_code=303)
|
||||
|
||||
|
||||
@router.get("/runs", response_class=HTMLResponse)
|
||||
def runs(request: Request, db: Session = Depends(get_db), settings: Settings = Depends(get_settings)):
|
||||
require_admin(request, settings)
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
from functools import lru_cache
|
||||
from typing import Literal
|
||||
|
||||
from pydantic import Field, field_validator
|
||||
from pydantic_settings import BaseSettings, SettingsConfigDict
|
||||
|
||||
@@ -19,13 +17,6 @@ class Settings(BaseSettings):
|
||||
admin_username: str = "admin"
|
||||
admin_password: str = "admin"
|
||||
session_secret: str = Field(default="dev-session-secret", min_length=8)
|
||||
mcp_token: str = "dev-mcp-token"
|
||||
mcp_auth_mode: Literal["token", "oauth"] = "oauth"
|
||||
mcp_resource_url: str = "http://localhost:8001/mcp"
|
||||
mcp_oauth_issuer: str = ""
|
||||
mcp_oauth_audience: str = ""
|
||||
mcp_oauth_jwks_url: str = ""
|
||||
mcp_oauth_required_scope: str = "mcp:tools"
|
||||
|
||||
@field_validator("crawl_limit", mode="before")
|
||||
@classmethod
|
||||
@@ -34,15 +25,6 @@ class Settings(BaseSettings):
|
||||
return None
|
||||
return value
|
||||
|
||||
def oauth_jwks_url(self) -> str:
|
||||
if self.mcp_oauth_jwks_url:
|
||||
return self.mcp_oauth_jwks_url
|
||||
issuer = self.mcp_oauth_issuer.rstrip("/")
|
||||
if not issuer:
|
||||
return ""
|
||||
return f"{issuer}/.well-known/jwks.json"
|
||||
|
||||
|
||||
@lru_cache
|
||||
def get_settings() -> Settings:
|
||||
return Settings()
|
||||
|
||||
@@ -4,7 +4,6 @@ from fastapi.staticfiles import StaticFiles
|
||||
from app.admin import router as admin_router
|
||||
from app.api import router as api_router
|
||||
from app.db import init_db
|
||||
from app.mcp import metadata_router as mcp_metadata_router
|
||||
from app.mcp import router as mcp_router
|
||||
from app.version import BACKEND_VERSION
|
||||
|
||||
@@ -13,7 +12,6 @@ app.mount("/static", StaticFiles(directory="app/static"), name="static")
|
||||
app.include_router(api_router)
|
||||
app.include_router(admin_router)
|
||||
app.include_router(mcp_router)
|
||||
app.include_router(mcp_metadata_router)
|
||||
|
||||
|
||||
@app.on_event("startup")
|
||||
|
||||
10
app/mcp.py
10
app/mcp.py
@@ -4,15 +4,12 @@ from fastapi import APIRouter, Depends, Request
|
||||
from sqlalchemy import desc, or_, select
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from app.config import Settings, get_settings
|
||||
from app.db import get_db
|
||||
from app.models import CrawlRun, Employee
|
||||
from app.security import mcp_protected_resource_metadata, require_mcp_auth
|
||||
from app.services.admin_data import run_detail_payload
|
||||
from app.version import BACKEND_VERSION
|
||||
|
||||
router = APIRouter(prefix="/mcp")
|
||||
metadata_router = APIRouter()
|
||||
|
||||
|
||||
TOOLS = [
|
||||
@@ -65,9 +62,7 @@ TOOLS = [
|
||||
async def mcp_http(
|
||||
request: Request,
|
||||
db: Session = Depends(get_db),
|
||||
settings: Settings = Depends(get_settings),
|
||||
) -> dict:
|
||||
require_mcp_auth(request, settings)
|
||||
payload = await request.json()
|
||||
method = payload.get("method")
|
||||
request_id = payload.get("id")
|
||||
@@ -183,8 +178,3 @@ def _run_payload(run: CrawlRun) -> dict:
|
||||
|
||||
def _tool_response(data: object) -> dict:
|
||||
return {"content": [{"type": "text", "text": json.dumps(data, ensure_ascii=False, default=str)}]}
|
||||
|
||||
|
||||
@metadata_router.get("/.well-known/oauth-protected-resource")
|
||||
def oauth_protected_resource(settings: Settings = Depends(get_settings)) -> dict:
|
||||
return mcp_protected_resource_metadata(settings)
|
||||
|
||||
@@ -263,10 +263,10 @@ def _load_widget_publications(session: Session, soup: BeautifulSoup, headers: di
|
||||
return publications
|
||||
|
||||
result = data.get("result") if isinstance(data, dict) else {}
|
||||
items = result.get("items") if isinstance(result, dict) else []
|
||||
if not isinstance(items, list) or not items:
|
||||
items = _extract_publication_items(result)
|
||||
if not items:
|
||||
break
|
||||
publications.extend(_normalize_publication_item(item) for item in items if isinstance(item, dict))
|
||||
publications.extend(_normalize_publication_item(item) for item in items)
|
||||
|
||||
total = int(result.get("total") or 0)
|
||||
if not result.get("more") and len(publications) >= total:
|
||||
@@ -275,6 +275,34 @@ def _load_widget_publications(session: Session, soup: BeautifulSoup, headers: di
|
||||
return _dedupe_publications(publications)
|
||||
|
||||
|
||||
def _extract_publication_items(result: object) -> list[dict]:
|
||||
if not isinstance(result, dict):
|
||||
return []
|
||||
return _flatten_publication_items(result.get("items"))
|
||||
|
||||
|
||||
def _flatten_publication_items(value: object) -> list[dict]:
|
||||
if isinstance(value, list):
|
||||
return [item for item in value if _is_publication_item(item)]
|
||||
if not isinstance(value, dict):
|
||||
return []
|
||||
|
||||
nested_items = value.get("items")
|
||||
if isinstance(nested_items, list):
|
||||
return [item for item in nested_items if _is_publication_item(item)]
|
||||
if isinstance(nested_items, dict):
|
||||
return _flatten_publication_items(nested_items)
|
||||
|
||||
publications = []
|
||||
for child in value.values():
|
||||
publications.extend(_flatten_publication_items(child))
|
||||
return publications
|
||||
|
||||
|
||||
def _is_publication_item(value: object) -> bool:
|
||||
return isinstance(value, dict) and ("id" in value or "title" in value)
|
||||
|
||||
|
||||
def _load_widget_graduation_theses(
|
||||
session: Session,
|
||||
soup: BeautifulSoup,
|
||||
@@ -359,7 +387,7 @@ def _infer_section_type(title: str, nodes: list) -> str:
|
||||
lowered = title.lower()
|
||||
if _has_table(nodes):
|
||||
return "table"
|
||||
if "публикац" in lowered:
|
||||
if _is_publications_title(lowered):
|
||||
return "publications"
|
||||
if "учебные курсы" in lowered:
|
||||
return "courses_by_year"
|
||||
@@ -370,6 +398,10 @@ def _infer_section_type(title: str, nodes: list) -> str:
|
||||
return "generic"
|
||||
|
||||
|
||||
def _is_publications_title(lowered_title: str) -> bool:
|
||||
return lowered_title.startswith("публикац")
|
||||
|
||||
|
||||
def _has_table(nodes: list) -> bool:
|
||||
return any(isinstance(node, Tag) and (node.name == "table" or node.find("table")) for node in nodes)
|
||||
|
||||
|
||||
@@ -3,10 +3,7 @@ import hashlib
|
||||
import hmac
|
||||
import json
|
||||
import time
|
||||
from functools import lru_cache
|
||||
|
||||
import jwt
|
||||
from jwt import PyJWKClient, PyJWTError
|
||||
from fastapi import HTTPException, Request, status
|
||||
|
||||
from app.config import Settings
|
||||
@@ -47,93 +44,3 @@ def require_admin(request: Request, settings: Settings) -> str:
|
||||
if not username:
|
||||
raise HTTPException(status_code=status.HTTP_303_SEE_OTHER, headers={"Location": "/admin/login"})
|
||||
return username
|
||||
|
||||
|
||||
def require_mcp_auth(request: Request, settings: Settings) -> None:
|
||||
auth = request.headers.get("authorization", "")
|
||||
if not auth.startswith("Bearer "):
|
||||
raise _mcp_unauthorized(settings, "Missing bearer token")
|
||||
|
||||
token = auth.removeprefix("Bearer ").strip()
|
||||
if _mcp_static_token_allowed(settings) and hmac.compare_digest(token, settings.mcp_token):
|
||||
return
|
||||
if _mcp_oauth_allowed(settings):
|
||||
_validate_mcp_oauth_token(token, settings)
|
||||
return
|
||||
raise _mcp_unauthorized(settings, "Invalid MCP token")
|
||||
|
||||
|
||||
def require_mcp_token(request: Request, settings: Settings) -> None:
|
||||
require_mcp_auth(request, settings)
|
||||
|
||||
|
||||
def mcp_protected_resource_metadata(settings: Settings) -> dict:
|
||||
authorization_servers = [settings.mcp_oauth_issuer.rstrip("/")] if settings.mcp_oauth_issuer else []
|
||||
return {
|
||||
"resource": settings.mcp_resource_url,
|
||||
"authorization_servers": authorization_servers,
|
||||
"bearer_methods_supported": ["header"],
|
||||
"scopes_supported": [settings.mcp_oauth_required_scope],
|
||||
"resource_documentation": settings.mcp_resource_url,
|
||||
}
|
||||
|
||||
|
||||
def _mcp_static_token_allowed(settings: Settings) -> bool:
|
||||
return settings.mcp_auth_mode == "token"
|
||||
|
||||
|
||||
def _mcp_oauth_allowed(settings: Settings) -> bool:
|
||||
return settings.mcp_auth_mode == "oauth"
|
||||
|
||||
|
||||
def _validate_mcp_oauth_token(token: str, settings: Settings) -> None:
|
||||
if not settings.mcp_oauth_issuer or not settings.mcp_oauth_audience or not settings.oauth_jwks_url():
|
||||
raise _mcp_unauthorized(settings, "MCP OAuth is not configured")
|
||||
try:
|
||||
signing_key = _get_mcp_oauth_signing_key(token, settings).key
|
||||
claims = jwt.decode(
|
||||
token,
|
||||
signing_key,
|
||||
algorithms=["RS256", "RS384", "RS512", "ES256", "ES384", "ES512"],
|
||||
audience=settings.mcp_oauth_audience,
|
||||
issuer=settings.mcp_oauth_issuer.rstrip("/"),
|
||||
)
|
||||
except PyJWTError as exc:
|
||||
raise _mcp_unauthorized(settings, "Invalid OAuth access token") from exc
|
||||
if not _claims_have_scope(claims, settings.mcp_oauth_required_scope):
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing required MCP OAuth scope")
|
||||
|
||||
|
||||
def _claims_have_scope(claims: dict, required_scope: str) -> bool:
|
||||
scopes: set[str] = set()
|
||||
scope = claims.get("scope")
|
||||
if isinstance(scope, str):
|
||||
scopes.update(scope.split())
|
||||
scp = claims.get("scp")
|
||||
if isinstance(scp, str):
|
||||
scopes.update(scp.split())
|
||||
elif isinstance(scp, list):
|
||||
scopes.update(str(item) for item in scp)
|
||||
return required_scope in scopes
|
||||
|
||||
|
||||
@lru_cache(maxsize=16)
|
||||
def _get_jwk_client(jwks_url: str) -> PyJWKClient:
|
||||
return PyJWKClient(jwks_url)
|
||||
|
||||
|
||||
def _get_mcp_oauth_signing_key(token: str, settings: Settings):
|
||||
return _get_jwk_client(settings.oauth_jwks_url()).get_signing_key_from_jwt(token)
|
||||
|
||||
|
||||
def _mcp_unauthorized(settings: Settings, detail: str) -> HTTPException:
|
||||
headers = {}
|
||||
if _mcp_oauth_allowed(settings):
|
||||
headers["WWW-Authenticate"] = f'Bearer resource_metadata="{_mcp_metadata_url(settings)}"'
|
||||
return HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=detail, headers=headers)
|
||||
|
||||
|
||||
def _mcp_metadata_url(settings: Settings) -> str:
|
||||
resource_url = settings.mcp_resource_url.rstrip("/")
|
||||
base_url = resource_url[: -len("/mcp")] if resource_url.endswith("/mcp") else resource_url
|
||||
return f"{base_url}/.well-known/oauth-protected-resource"
|
||||
|
||||
@@ -80,6 +80,48 @@ def run_crawl(db: Session, settings: Settings) -> CrawlRun:
|
||||
return run
|
||||
|
||||
|
||||
def refresh_employee(db: Session, employee: Employee, settings: Settings) -> CrawlRun:
|
||||
run = CrawlRun(source_url=employee.canonical_url, status="running", found_count=1)
|
||||
db.add(run)
|
||||
db.commit()
|
||||
db.refresh(run)
|
||||
|
||||
try:
|
||||
with requests.Session() as session:
|
||||
parsed = parse_person_profile(
|
||||
session,
|
||||
employee.canonical_url,
|
||||
HEADERS,
|
||||
settings.request_timeout,
|
||||
settings.parser_use_playwright,
|
||||
)
|
||||
if not parsed:
|
||||
raise ValueError("Профиль не удалось распарсить.")
|
||||
if _parsed_profile_key(parsed) != employee.profile_key:
|
||||
raise ValueError("Распарсенный профиль не совпадает с обновляемым сотрудником.")
|
||||
|
||||
_upsert_employee(db, run, parsed)
|
||||
run.parsed_count = 1
|
||||
run.status = "completed"
|
||||
except Exception as exc:
|
||||
run.status = "failed"
|
||||
run.error_count = 1
|
||||
run.message = str(exc)
|
||||
db.add(
|
||||
CrawlError(
|
||||
crawl_run_id=run.id,
|
||||
profile_url=employee.canonical_url,
|
||||
error_type=type(exc).__name__,
|
||||
message=str(exc),
|
||||
)
|
||||
)
|
||||
finally:
|
||||
run.finished_at = datetime.now(timezone.utc)
|
||||
db.commit()
|
||||
db.refresh(run)
|
||||
return run
|
||||
|
||||
|
||||
def _ensure_source(db: Session, source_url: str) -> ParserSource:
|
||||
source = db.scalar(select(ParserSource).where(ParserSource.source_url == source_url))
|
||||
if source:
|
||||
@@ -91,10 +133,14 @@ def _ensure_source(db: Session, source_url: str) -> ParserSource:
|
||||
return source
|
||||
|
||||
|
||||
def _parsed_profile_key(parsed: dict) -> str:
|
||||
return f"{parsed.get('profile_type')}:{parsed.get('profile_id')}"
|
||||
|
||||
|
||||
def _upsert_employee(db: Session, run: CrawlRun, parsed: dict) -> Employee:
|
||||
html = parsed.pop("_html", None)
|
||||
checksum = _checksum(parsed)
|
||||
key = f"{parsed.get('profile_type')}:{parsed.get('profile_id')}"
|
||||
key = _parsed_profile_key(parsed)
|
||||
employee = db.scalar(select(Employee).where(Employee.profile_key == key))
|
||||
now = datetime.now(timezone.utc)
|
||||
if not employee:
|
||||
|
||||
@@ -171,6 +171,10 @@
|
||||
background: transparent;
|
||||
}
|
||||
|
||||
.button--compact {
|
||||
padding: 8px 12px;
|
||||
}
|
||||
|
||||
.code {
|
||||
overflow-x: auto;
|
||||
padding: 14px;
|
||||
@@ -201,11 +205,34 @@
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.employee-card__actions {
|
||||
display: grid;
|
||||
justify-items: end;
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.employee-card__title {
|
||||
margin: 0;
|
||||
font-size: 24px;
|
||||
}
|
||||
|
||||
.employee-card__notice {
|
||||
margin: 0;
|
||||
padding: 12px 14px;
|
||||
border-radius: 8px;
|
||||
font-weight: 700;
|
||||
}
|
||||
|
||||
.employee-card__notice--success {
|
||||
color: #065f46;
|
||||
background: #d1fae5;
|
||||
}
|
||||
|
||||
.employee-card__notice--error {
|
||||
color: #991b1b;
|
||||
background: #fee2e2;
|
||||
}
|
||||
|
||||
.employee-card__section {
|
||||
padding: 20px;
|
||||
background: #ffffff;
|
||||
|
||||
@@ -51,7 +51,7 @@
|
||||
<thead><tr><th class="table__head">ID</th><th class="table__head">Статус</th><th class="table__head">Обработано</th><th class="table__head">Ошибки</th><th class="table__head">Старт</th></tr></thead>
|
||||
<tbody>
|
||||
{% for run in runs %}
|
||||
<tr class="table__row" data-row-href="/admin/runs/{{ run.id }}" role="link" tabindex="0"><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
|
||||
<tr class="table__row" onclick="window.location.href='/admin/runs/{{ run.id }}'" onkeydown="if (event.key === 'Enter' || event.key === ' ') { event.preventDefault(); window.location.href='/admin/runs/{{ run.id }}'; }" role="link" tabindex="0"><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@@ -7,8 +7,18 @@
|
||||
<h2 class="employee-card__title">{{ employee_view.full_name or employee.profile_key }}</h2>
|
||||
<span class="badge {% if employee_view.status == "dismissed" %}badge--dismissed{% endif %}">{{ employee_view.status_display }}</span>
|
||||
</div>
|
||||
<div class="employee-card__actions">
|
||||
<form method="post" action="/admin/employees/{{ employee.id }}/refresh">
|
||||
<button class="button button--compact" type="submit">Обновить данные</button>
|
||||
</form>
|
||||
<a class="admin__link" href="{{ employee_view.canonical_url }}">{{ employee_view.canonical_url }}</a>
|
||||
</div>
|
||||
</div>
|
||||
{% if refresh_status == "success" %}
|
||||
<p class="employee-card__notice employee-card__notice--success">Данные сотрудника обновлены.</p>
|
||||
{% elif refresh_status == "error" %}
|
||||
<p class="employee-card__notice employee-card__notice--error">Не удалось обновить данные сотрудника.</p>
|
||||
{% endif %}
|
||||
|
||||
<section class="employee-card__section">
|
||||
<h3 class="employee-section__title">Основная информация</h3>
|
||||
|
||||
@@ -38,7 +38,7 @@
|
||||
<thead><tr><th class="table__head">ID</th><th class="table__head">Статус</th><th class="table__head">Найдено</th><th class="table__head">Обработано</th><th class="table__head">Новые</th><th class="table__head">Ошибки</th><th class="table__head">Уволены</th><th class="table__head">Старт</th></tr></thead>
|
||||
<tbody>
|
||||
{% for run in runs %}
|
||||
<tr class="table__row" data-row-href="/admin/runs/{{ run.id }}" role="link" tabindex="0"><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.found_count }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.new_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.dismissed_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
|
||||
<tr class="table__row" onclick="window.location.href='/admin/runs/{{ run.id }}'" onkeydown="if (event.key === 'Enter' || event.key === ' ') { event.preventDefault(); window.location.href='/admin/runs/{{ run.id }}'; }" role="link" tabindex="0"><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.found_count }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.new_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.dismissed_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
APP_VERSION = "0.4.3"
|
||||
FRONTEND_VERSION = "0.4.3"
|
||||
BACKEND_VERSION = "0.4.3"
|
||||
APP_VERSION = "0.4.7"
|
||||
FRONTEND_VERSION = "0.4.7"
|
||||
BACKEND_VERSION = "0.4.7"
|
||||
|
||||
@@ -20,7 +20,7 @@ services:
|
||||
environment:
|
||||
DATABASE_URL: postgresql+psycopg://${POSTGRES_USER:-miem}:${POSTGRES_PASSWORD:-miem_password}@postgres:5432/${POSTGRES_DB:-miem_workers}
|
||||
ports:
|
||||
- "127.0.0.1:8000:8000"
|
||||
- "127.0.0.1:${API_PORT:-8000}:8000"
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
@@ -42,33 +42,7 @@ services:
|
||||
environment:
|
||||
DATABASE_URL: postgresql+psycopg://${POSTGRES_USER:-miem}:${POSTGRES_PASSWORD:-miem_password}@postgres:5432/${POSTGRES_DB:-miem_workers}
|
||||
ports:
|
||||
- "127.0.0.1:8001:8000"
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:latest
|
||||
container_name: keycloak
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: jdbc:postgresql://postgres:5432/${KEYCLOAK_DB_NAME}
|
||||
KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
|
||||
KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
|
||||
|
||||
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
|
||||
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||||
|
||||
KC_HTTP_ENABLED: true
|
||||
KC_PROXY_HEADERS: xforwarded
|
||||
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
|
||||
|
||||
KC_HEALTH_ENABLED: true
|
||||
KC_METRICS_ENABLED: true
|
||||
command: start
|
||||
ports:
|
||||
- "127.0.0.1:8080:8080"
|
||||
- "127.0.0.1:${MCP_PORT:-8001}:8000"
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[project]
|
||||
name = "miem-workers"
|
||||
version = "0.4.0"
|
||||
version = "0.4.7"
|
||||
description = "MIEM employees parser, admin API, and MCP server"
|
||||
requires-python = ">=3.11"
|
||||
dependencies = [
|
||||
@@ -12,7 +12,6 @@ dependencies = [
|
||||
"lxml>=5.2.0",
|
||||
"psycopg[binary]>=3.2.0",
|
||||
"pydantic-settings>=2.4.0",
|
||||
"PyJWT[crypto]>=2.9.0",
|
||||
"python-multipart>=0.0.9",
|
||||
"requests>=2.32.0",
|
||||
"sqlalchemy>=2.0.32",
|
||||
|
||||
@@ -6,7 +6,6 @@ jinja2>=3.1.4
|
||||
lxml>=5.2.0
|
||||
psycopg[binary]>=3.2.0
|
||||
pydantic-settings>=2.4.0
|
||||
PyJWT[crypto]>=2.9.0
|
||||
python-multipart>=0.0.9
|
||||
requests>=2.32.0
|
||||
sqlalchemy>=2.0.32
|
||||
|
||||
@@ -45,9 +45,11 @@ def test_dashboard_limits_latest_runs_to_five():
|
||||
def test_runs_template_links_to_run_detail():
|
||||
template = Path("app/templates/runs.html").read_text(encoding="utf-8")
|
||||
|
||||
assert 'data-row-href="/admin/runs/{{ run.id }}"' in template
|
||||
assert 'onclick="window.location.href=\'/admin/runs/{{ run.id }}\'"' in template
|
||||
assert "onkeydown=\"if (event.key === 'Enter' || event.key === ' ')" in template
|
||||
assert 'role="link"' in template
|
||||
assert 'tabindex="0"' in template
|
||||
assert 'data-row-href="/admin/runs/{{ run.id }}"' not in template
|
||||
assert '<a class="admin__link" href="/admin/runs/{{ run.id }}">' not in template
|
||||
|
||||
|
||||
@@ -75,9 +77,11 @@ def test_dashboard_metric_cards_link_to_admin_targets():
|
||||
def test_dashboard_latest_run_rows_link_to_run_detail():
|
||||
template = Path("app/templates/dashboard.html").read_text(encoding="utf-8")
|
||||
|
||||
assert 'data-row-href="/admin/runs/{{ run.id }}"' in template
|
||||
assert 'onclick="window.location.href=\'/admin/runs/{{ run.id }}\'"' in template
|
||||
assert "onkeydown=\"if (event.key === 'Enter' || event.key === ' ')" in template
|
||||
assert 'role="link"' in template
|
||||
assert 'tabindex="0"' in template
|
||||
assert 'data-row-href="/admin/runs/{{ run.id }}"' not in template
|
||||
assert '<a class="admin__link" href="/admin/runs/{{ run.id }}">' not in template
|
||||
|
||||
|
||||
|
||||
@@ -1,15 +1,11 @@
|
||||
import time
|
||||
from datetime import datetime, timezone
|
||||
from types import SimpleNamespace
|
||||
|
||||
import jwt
|
||||
from fastapi.testclient import TestClient
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from sqlalchemy import create_engine
|
||||
from sqlalchemy import create_engine, select
|
||||
from sqlalchemy.orm import sessionmaker
|
||||
from sqlalchemy.pool import StaticPool
|
||||
|
||||
import app.security as security
|
||||
from app.config import Settings, get_settings
|
||||
from app.db import Base, get_db
|
||||
from app.main import app
|
||||
@@ -23,10 +19,10 @@ def test_health_returns_versions():
|
||||
response = client.get("/api/health")
|
||||
|
||||
assert response.status_code == 200
|
||||
assert response.json()["backend_version"] == "0.4.3"
|
||||
assert response.json()["backend_version"] == "0.4.7"
|
||||
|
||||
|
||||
def test_mcp_requires_token_and_lists_tools():
|
||||
def test_mcp_lists_tools_without_auth_and_ignores_auth_header():
|
||||
engine = create_engine(
|
||||
"sqlite:///:memory:",
|
||||
connect_args={"check_same_thread": False},
|
||||
@@ -43,22 +39,20 @@ def test_mcp_requires_token_and_lists_tools():
|
||||
session.close()
|
||||
|
||||
app.dependency_overrides[get_db] = override_db
|
||||
app.dependency_overrides[get_settings] = lambda: Settings(
|
||||
mcp_auth_mode="token", mcp_token="secret", session_secret="session-secret"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
unauthorized = client.post("/mcp", json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}})
|
||||
authorized = client.post(
|
||||
without_auth = client.post("/mcp", json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}})
|
||||
with_auth = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": "Bearer secret"},
|
||||
headers={"Authorization": "Bearer anything"},
|
||||
json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}},
|
||||
)
|
||||
|
||||
assert unauthorized.status_code == 401
|
||||
assert authorized.status_code == 200
|
||||
assert authorized.json()["result"]["tools"][0]["name"] == "search_employees"
|
||||
assert any(tool["name"] == "get_crawl_run_details" for tool in authorized.json()["result"]["tools"])
|
||||
assert without_auth.status_code == 200
|
||||
assert with_auth.status_code == 200
|
||||
assert without_auth.json()["result"]["tools"][0]["name"] == "search_employees"
|
||||
assert any(tool["name"] == "get_crawl_run_details" for tool in without_auth.json()["result"]["tools"])
|
||||
assert with_auth.json()["result"]["tools"] == without_auth.json()["result"]["tools"]
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
@@ -96,14 +90,10 @@ def test_mcp_search_employees_returns_matching_employee():
|
||||
db.close()
|
||||
|
||||
app.dependency_overrides[get_db] = override_db
|
||||
app.dependency_overrides[get_settings] = lambda: Settings(
|
||||
mcp_auth_mode="token", mcp_token="secret", session_secret="session-secret"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": "Bearer secret"},
|
||||
json={
|
||||
"jsonrpc": "2.0",
|
||||
"id": 1,
|
||||
@@ -164,14 +154,10 @@ def test_mcp_get_crawl_run_details_returns_changes():
|
||||
db.close()
|
||||
|
||||
app.dependency_overrides[get_db] = override_db
|
||||
app.dependency_overrides[get_settings] = lambda: Settings(
|
||||
mcp_auth_mode="token", mcp_token="secret", session_secret="session-secret"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": "Bearer secret"},
|
||||
json={
|
||||
"jsonrpc": "2.0",
|
||||
"id": 1,
|
||||
@@ -188,146 +174,12 @@ def test_mcp_get_crawl_run_details_returns_changes():
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def test_mcp_oauth_rejects_static_token():
|
||||
engine = create_engine(
|
||||
"sqlite:///:memory:",
|
||||
connect_args={"check_same_thread": False},
|
||||
poolclass=StaticPool,
|
||||
)
|
||||
Base.metadata.create_all(engine)
|
||||
Session = sessionmaker(bind=engine)
|
||||
|
||||
def override_db():
|
||||
session = Session()
|
||||
try:
|
||||
yield session
|
||||
finally:
|
||||
session.close()
|
||||
|
||||
settings = Settings(
|
||||
mcp_auth_mode="oauth",
|
||||
mcp_token="secret",
|
||||
session_secret="session-secret",
|
||||
mcp_oauth_issuer="https://auth.example.com",
|
||||
mcp_oauth_audience="miem-mcp",
|
||||
mcp_oauth_jwks_url="https://auth.example.com/.well-known/jwks.json",
|
||||
)
|
||||
app.dependency_overrides[get_db] = override_db
|
||||
app.dependency_overrides[get_settings] = lambda: settings
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": "Bearer secret"},
|
||||
json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}},
|
||||
)
|
||||
|
||||
assert response.status_code == 401
|
||||
assert response.headers["www-authenticate"] == (
|
||||
'Bearer resource_metadata="http://localhost:8001/.well-known/oauth-protected-resource"'
|
||||
)
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def test_mcp_oauth_missing_auth_returns_metadata_challenge():
|
||||
settings = Settings(
|
||||
mcp_auth_mode="oauth",
|
||||
mcp_resource_url="https://api.example.com/mcp",
|
||||
mcp_oauth_issuer="https://auth.example.com",
|
||||
mcp_oauth_audience="miem-mcp",
|
||||
mcp_oauth_jwks_url="https://auth.example.com/.well-known/jwks.json",
|
||||
)
|
||||
app.dependency_overrides[get_settings] = lambda: settings
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.post("/mcp", json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}})
|
||||
|
||||
assert response.status_code == 401
|
||||
assert response.headers["www-authenticate"] == (
|
||||
'Bearer resource_metadata="https://api.example.com/.well-known/oauth-protected-resource"'
|
||||
)
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def test_mcp_accepts_valid_oauth_jwt(monkeypatch):
|
||||
public_key, token = _oauth_key_and_token()
|
||||
monkeypatch.setattr(security, "_get_mcp_oauth_signing_key", lambda _token, _settings: SimpleNamespace(key=public_key))
|
||||
app.dependency_overrides[get_settings] = lambda: _oauth_settings()
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}},
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert response.json()["result"]["tools"][0]["name"] == "search_employees"
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def test_mcp_rejects_invalid_oauth_jwts(monkeypatch):
|
||||
public_key, expired_token = _oauth_key_and_token(exp=int(time.time()) - 60)
|
||||
_, wrong_issuer_token = _oauth_key_and_token(issuer="https://other.example.com")
|
||||
_, wrong_audience_token = _oauth_key_and_token(audience="other-audience")
|
||||
_, bad_signature_token = _oauth_key_and_token(public_key=public_key)
|
||||
monkeypatch.setattr(security, "_get_mcp_oauth_signing_key", lambda _token, _settings: SimpleNamespace(key=public_key))
|
||||
app.dependency_overrides[get_settings] = lambda: _oauth_settings()
|
||||
client = TestClient(app)
|
||||
|
||||
for token in [expired_token, wrong_issuer_token, wrong_audience_token, bad_signature_token]:
|
||||
response = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}},
|
||||
)
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def test_mcp_rejects_oauth_jwt_without_required_scope(monkeypatch):
|
||||
public_key, token = _oauth_key_and_token(scope="profile")
|
||||
monkeypatch.setattr(security, "_get_mcp_oauth_signing_key", lambda _token, _settings: SimpleNamespace(key=public_key))
|
||||
app.dependency_overrides[get_settings] = lambda: _oauth_settings()
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.post(
|
||||
"/mcp",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}},
|
||||
)
|
||||
|
||||
assert response.status_code == 403
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def test_mcp_protected_resource_metadata_uses_settings():
|
||||
settings = Settings(
|
||||
mcp_resource_url="https://api.example.com/mcp",
|
||||
mcp_oauth_issuer="https://auth.example.com/",
|
||||
mcp_oauth_required_scope="mcp:tools",
|
||||
)
|
||||
app.dependency_overrides[get_settings] = lambda: settings
|
||||
def test_mcp_protected_resource_metadata_route_is_removed():
|
||||
client = TestClient(app)
|
||||
|
||||
response = client.get("/.well-known/oauth-protected-resource")
|
||||
|
||||
assert response.status_code == 200
|
||||
assert response.json() == {
|
||||
"resource": "https://api.example.com/mcp",
|
||||
"authorization_servers": ["https://auth.example.com"],
|
||||
"bearer_methods_supported": ["header"],
|
||||
"scopes_supported": ["mcp:tools"],
|
||||
"resource_documentation": "https://api.example.com/mcp",
|
||||
}
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_api_employees_and_stats_require_admin_session():
|
||||
@@ -399,33 +251,54 @@ def test_api_employees_and_stats_require_admin_session():
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
|
||||
def _oauth_settings() -> Settings:
|
||||
return Settings(
|
||||
mcp_auth_mode="oauth",
|
||||
mcp_resource_url="https://api.example.com/mcp",
|
||||
mcp_oauth_issuer="https://auth.example.com",
|
||||
mcp_oauth_audience="miem-mcp",
|
||||
mcp_oauth_jwks_url="https://auth.example.com/.well-known/jwks.json",
|
||||
session_secret="session-secret",
|
||||
def test_admin_refresh_employee_route_updates_only_requested_employee(monkeypatch):
|
||||
engine = create_engine(
|
||||
"sqlite:///:memory:",
|
||||
connect_args={"check_same_thread": False},
|
||||
poolclass=StaticPool,
|
||||
)
|
||||
Base.metadata.create_all(engine)
|
||||
Session = sessionmaker(bind=engine)
|
||||
db = Session()
|
||||
db.add(
|
||||
Employee(
|
||||
profile_key="org_person:133709486",
|
||||
profile_type="org_person",
|
||||
profile_id="133709486",
|
||||
canonical_url="https://www.hse.ru/org/persons/133709486",
|
||||
full_name="Будков Юрий Алексеевич",
|
||||
status="active",
|
||||
)
|
||||
)
|
||||
db.commit()
|
||||
employee_id = db.scalar(select(Employee.id))
|
||||
db.close()
|
||||
|
||||
settings = Settings(admin_username="admin", admin_password="password", session_secret="session-secret")
|
||||
|
||||
def _oauth_key_and_token(
|
||||
*,
|
||||
issuer: str = "https://auth.example.com",
|
||||
audience: str = "miem-mcp",
|
||||
scope: str = "mcp:tools",
|
||||
exp: int | None = None,
|
||||
public_key=None,
|
||||
):
|
||||
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
|
||||
claims = {
|
||||
"iss": issuer,
|
||||
"aud": audience,
|
||||
"scope": scope,
|
||||
"sub": "mcp-client",
|
||||
"iat": int(time.time()),
|
||||
"exp": exp or int(time.time()) + 300,
|
||||
}
|
||||
token = jwt.encode(claims, private_key, algorithm="RS256", headers={"kid": "test-key"})
|
||||
return public_key or private_key.public_key(), token
|
||||
def override_db():
|
||||
session = Session()
|
||||
try:
|
||||
yield session
|
||||
finally:
|
||||
session.close()
|
||||
|
||||
calls = []
|
||||
|
||||
def fake_refresh_employee(db, refreshed_employee, route_settings):
|
||||
calls.append((refreshed_employee.id, route_settings))
|
||||
return SimpleNamespace(status="completed")
|
||||
|
||||
app.dependency_overrides[get_db] = override_db
|
||||
app.dependency_overrides[get_settings] = lambda: settings
|
||||
monkeypatch.setattr("app.admin.refresh_employee", fake_refresh_employee)
|
||||
client = TestClient(app)
|
||||
client.cookies.set(SESSION_COOKIE, sign_session("admin", settings))
|
||||
|
||||
response = client.post(f"/admin/employees/{employee_id}/refresh", follow_redirects=False)
|
||||
|
||||
assert response.status_code == 303
|
||||
assert response.headers["location"] == f"/admin/employees/{employee_id}?refresh_status=success"
|
||||
assert calls == [(employee_id, settings)]
|
||||
|
||||
app.dependency_overrides.clear()
|
||||
|
||||
@@ -1,6 +1,3 @@
|
||||
import pytest
|
||||
from pydantic import ValidationError
|
||||
|
||||
from app.config import Settings
|
||||
|
||||
|
||||
@@ -14,8 +11,3 @@ def test_numeric_crawl_limit_is_parsed():
|
||||
settings = Settings(crawl_limit="25")
|
||||
|
||||
assert settings.crawl_limit == 25
|
||||
|
||||
|
||||
def test_mcp_auth_mode_rejects_oauth_or_token_fallback():
|
||||
with pytest.raises(ValidationError):
|
||||
Settings(mcp_auth_mode="oauth_or_token")
|
||||
|
||||
@@ -27,4 +27,6 @@ def test_employee_detail_template_is_human_readable():
|
||||
assert "Дата увольнения" in template
|
||||
assert "Тип профиля" in template
|
||||
assert "ID профиля" in template
|
||||
assert "Обновить данные" in template
|
||||
assert 'action="/admin/employees/{{ employee.id }}/refresh"' in template
|
||||
assert "Снапшоты" in template
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
from bs4 import BeautifulSoup
|
||||
|
||||
from app.parser.profile import enrich_sections_from_hse_widgets, extract_person_tabs
|
||||
from app.parser.profile import enrich_sections_from_hse_widgets, extract_person_tabs, extract_sections
|
||||
from app.parser.profile_url import normalize_profile_url, parse_profile_identity
|
||||
|
||||
|
||||
@@ -64,6 +64,47 @@ class FakeSession:
|
||||
)
|
||||
|
||||
|
||||
class GroupedPublicationsSession(FakeSession):
|
||||
def post(self, url, **kwargs):
|
||||
self.posts.append((url, kwargs))
|
||||
return FakeResponse(
|
||||
{
|
||||
"status": "ok",
|
||||
"result": {
|
||||
"more": False,
|
||||
"total": 1,
|
||||
"groupType": 2,
|
||||
"items": {
|
||||
"year": {
|
||||
"header": {"ru": "по году", "en": "by year"},
|
||||
"criteria": {"year": []},
|
||||
"items": {
|
||||
"2011": [
|
||||
{
|
||||
"id": "146366790",
|
||||
"type": "ARTICLE",
|
||||
"title": "Развитие теории самосогласованного поля",
|
||||
"year": 2011,
|
||||
"description": {"short": {"ru": "Журнал физической химии 2011."}},
|
||||
}
|
||||
],
|
||||
"2012": [
|
||||
{
|
||||
"id": "146367323",
|
||||
"type": "ARTICLE",
|
||||
"title": "Self-consistent field theory investigation",
|
||||
"year": 2012,
|
||||
"description": {"short": {"en": "Russian Journal of Physical Chemistry A 2012."}},
|
||||
}
|
||||
],
|
||||
},
|
||||
}
|
||||
},
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
def test_normalize_profile_url_supports_staff_and_org_persons():
|
||||
assert normalize_profile_url("/staff/avsergeev#sci") == "https://www.hse.ru/staff/avsergeev"
|
||||
assert normalize_profile_url("https://www.hse.ru/org/persons/123/") == "https://www.hse.ru/org/persons/123"
|
||||
@@ -117,3 +158,60 @@ def test_enrich_sections_from_hse_widgets_loads_publications_and_vkr():
|
||||
assert theses["theses"][0]["project_url"] == "https://www.hse.ru/edu/vkr/1045750164"
|
||||
assert session.posts[0][0] == "https://publications.hse.ru/api/searchPubs"
|
||||
assert session.gets[0][1]["params"] == {"supervisorId": "803294906"}
|
||||
|
||||
|
||||
def test_enrich_sections_from_hse_widgets_loads_grouped_publications():
|
||||
soup = BeautifulSoup(
|
||||
"""
|
||||
<script src="/n/stat/publications/dist-w/publs.js" data-author="133709486" data-widget-name="AuthorSearch"></script>
|
||||
""",
|
||||
"html.parser",
|
||||
)
|
||||
session = GroupedPublicationsSession()
|
||||
|
||||
sections = enrich_sections_from_hse_widgets(
|
||||
session,
|
||||
soup,
|
||||
"https://www.hse.ru/org/persons/133709486",
|
||||
{"User-Agent": "test"},
|
||||
10,
|
||||
[],
|
||||
)
|
||||
|
||||
publications = next(section for section in sections if section["type"] == "publications")
|
||||
|
||||
assert publications["publications_count"] == 2
|
||||
assert [item["id"] for item in publications["publications"]] == ["146366790", "146367323"]
|
||||
assert publications["publications"][0]["url"] == "https://publications.hse.ru/view/146366790"
|
||||
assert publications["publications"][1]["url"] == "https://publications.hse.ru/view/146367323"
|
||||
|
||||
|
||||
def test_news_heading_with_publications_word_does_not_absorb_widget_publications():
|
||||
soup = BeautifulSoup(
|
||||
"""
|
||||
<h2>Статья профессора МИЭМ вошла в число самых популярных публикаций на портале SpringerLink</h2>
|
||||
<div class="post__text">
|
||||
<p>Первоначально статья профессора вышла в российском журнале.</p>
|
||||
</div>
|
||||
<script src="/n/stat/publications/dist-w/publs.js" data-author="133709486" data-widget-name="AuthorSearch"></script>
|
||||
""",
|
||||
"html.parser",
|
||||
)
|
||||
session = FakeSession()
|
||||
|
||||
sections = extract_sections(soup, "https://www.hse.ru/org/persons/133709486")
|
||||
sections = enrich_sections_from_hse_widgets(
|
||||
session,
|
||||
soup,
|
||||
"https://www.hse.ru/org/persons/133709486",
|
||||
{"User-Agent": "test"},
|
||||
10,
|
||||
sections,
|
||||
)
|
||||
|
||||
assert sections[0]["type"] == "paragraphs"
|
||||
assert sections[0]["title"].startswith("Статья профессора")
|
||||
publications = [section for section in sections if section["type"] == "publications"]
|
||||
assert len(publications) == 1
|
||||
assert publications[0]["title"] == "Публикации и исследования"
|
||||
assert publications[0]["publications_count"] == 1
|
||||
|
||||
Reference in New Issue
Block a user