Spaces:
Running
Running
| # backend/app/api/admin.py | |
| # Admin-only endpoints. Not exposed in public docs. | |
| # Used exclusively by the retrain_reranker GitHub Actions workflow to pull | |
| # the live interaction SQLite DB without needing HF Space persistent-storage | |
| # access credentials beyond what the workflow already holds. | |
| import os | |
| from fastapi import APIRouter, Depends, HTTPException, Request, status | |
| from fastapi.responses import FileResponse | |
| from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer | |
| from app.core.config import get_settings | |
| from app.core.logging import get_logger | |
| router = APIRouter() | |
| logger = get_logger(__name__) | |
| _bearer = HTTPBearer() | |
| def _require_admin(credentials: HTTPAuthorizationCredentials = Depends(_bearer)) -> None: | |
| settings = get_settings() | |
| if not settings.ADMIN_TOKEN: | |
| raise HTTPException( | |
| status_code=status.HTTP_503_SERVICE_UNAVAILABLE, | |
| detail="Admin access not configured on this instance.", | |
| ) | |
| if credentials.credentials != settings.ADMIN_TOKEN: | |
| raise HTTPException( | |
| status_code=status.HTTP_401_UNAUTHORIZED, | |
| detail="Invalid admin token.", | |
| ) | |
| async def export_db(request: Request) -> FileResponse: | |
| """ | |
| Stream the SQLite interaction log to the caller. | |
| Used by the retrain_reranker GitHub Actions workflow to pull the live DB | |
| for triplet generation without direct access to HF Space storage volumes. | |
| """ | |
| settings = get_settings() | |
| db_path = settings.DB_PATH | |
| if not os.path.exists(db_path): | |
| raise HTTPException( | |
| status_code=status.HTTP_404_NOT_FOUND, | |
| detail="Interaction log database not yet initialised.", | |
| ) | |
| logger.info("Admin DB export requested from %s", request.client) | |
| return FileResponse( | |
| path=db_path, | |
| filename="sqlite.db", | |
| media_type="application/octet-stream", | |
| ) | |