fix

assets/chroma_db/88b01f33-9f9f-4ac5-b7a5-c6afecf476d2/length.bin

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d6a4c4d53359423150f4f21fa4bb976d16f34587b0e8d2925da3a6cc0505f3fa
+oid sha256:c467497f6e6f489256b14d0a00d70cdc3736a24e198d87e3b5abbef0a407cf99
 size 4000

auth/json_database.py

@@ -2,50 +2,52 @@
 JSON file-based database module
 
 Handles:
-- JSON file storage for users, refresh tokens, and blacklisted tokens
+- JSON file storage for users, tokens, and blacklisted tokens
 - User management and authentication
 - Token blacklist management
 - Refresh token storage
 - Thread-safe JSON operations with file locking
-
-Hugging Face notes:
-- Use AUTH_DB_DIR=/data/auth_db to store runtime JSON files.
-- Optionally set AUTH_SEED_DIR=/home/user/app/data (repo data folder) to seed initial users.json.
+- Hugging Face friendly seeding + writable fallback
 """
 
 import os
 import json
 import threading
+import shutil
 from typing import Optional, Dict, Any, List, Tuple
 from pathlib import Path
 from datetime import datetime
-import tempfile
-import shutil
-
 
 # =========================================================
-# STORAGE LOCATION (LOCAL DEFAULT + HUGGING FACE OVERRIDE)
+# PATHS
 # =========================================================
 
-# Local default: repo_root/data  (auth/../data)
-DEFAULT_DB_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "data"))
+def _project_root() -> Path:
+    # auth/json_database.py -> auth (parent) -> project root (parent)
+    return Path(__file__).resolve().parent.parent
 
-# Runtime DB directory (HF: /data/auth_db)
-DB_DIR = os.path.abspath(os.getenv("AUTH_DB_DIR", DEFAULT_DB_DIR))
+DEFAULT_DB_DIR = str((_project_root() / "data").resolve())  # <project>/data
+DB_DIR_ENV = os.getenv("AUTH_DB_DIR", DEFAULT_DB_DIR)
 
-# Seed directory (where you keep committed JSONs in repo)
-# HF typical repo path is /home/user/app
-DEFAULT_SEED_DIR = os.path.abspath(os.getenv("AUTH_SEED_DIR", DEFAULT_DB_DIR))
+# Seed dir (where your repo JSON files exist)
+SEED_DIR_ENV = os.getenv("AUTH_SEED_DIR", DEFAULT_DB_DIR)
+
+# Seeding controls
+SEED_ON_START = os.getenv("AUTH_SEED_ON_START", "1") == "1"
+SEED_IF_EMPTY = os.getenv("AUTH_SEED_IF_EMPTY", "1") == "1"
+
+# Initialize DB files on startup
+RUN_INIT_DB = os.getenv("RUN_INIT_DB", "1") == "1"
+
+# Resolve target db dir
+DB_DIR = str(Path(DB_DIR_ENV).expanduser().resolve())
+SEED_DIR = str(Path(SEED_DIR_ENV).expanduser().resolve())
 
 USERS_FILE = os.path.join(DB_DIR, "users.json")
 BLACKLISTED_TOKENS_FILE = os.path.join(DB_DIR, "blacklisted_tokens.json")
 REFRESH_TOKENS_FILE = os.path.join(DB_DIR, "refresh_tokens.json")
 
-SEED_USERS_FILE = os.path.join(DEFAULT_SEED_DIR, "users.json")
-SEED_BLACKLISTED_FILE = os.path.join(DEFAULT_SEED_DIR, "blacklisted_tokens.json")
-SEED_REFRESH_FILE = os.path.join(DEFAULT_SEED_DIR, "refresh_tokens.json")
-
-# Thread-safe file locks
+# Thread locks
 _file_locks = {
     "users": threading.Lock(),
     "blacklisted_tokens": threading.Lock(),
@@ -55,81 +57,106 @@ _file_locks = {
 _db_init_done = False
 _db_init_lock = threading.Lock()
 
+# =========================================================
+# HELPERS
+# =========================================================
 
-# -----------------------------
-# Helpers
-# -----------------------------
-def ensure_data_directory() -> None:
-    Path(DB_DIR).mkdir(parents=True, exist_ok=True)
+def _log(msg: str):
+    # Simple stdout logging (Hugging Face logs show this)
+    print(msg, flush=True)
+
+def ensure_data_directory():
+    """
+    Create DB directory. If not writable, fallback to /tmp/auth_db.
+    """
+    global DB_DIR, USERS_FILE, BLACKLISTED_TOKENS_FILE, REFRESH_TOKENS_FILE
 
+    try:
+        Path(DB_DIR).mkdir(parents=True, exist_ok=True)
+        # write test
+        test_file = os.path.join(DB_DIR, ".write_test")
+        with open(test_file, "w", encoding="utf-8") as f:
+            f.write("ok")
+        os.remove(test_file)
+        return
+    except Exception as e:
+        _log(f"[AUTH][WARN] DB_DIR not writable: {DB_DIR}. Error: {e}")
+        fallback = "/tmp/auth_db"
+        _log(f"[AUTH][WARN] Falling back to: {fallback}")
+        DB_DIR = fallback
+        Path(DB_DIR).mkdir(parents=True, exist_ok=True)
+
+        USERS_FILE = os.path.join(DB_DIR, "users.json")
+        BLACKLISTED_TOKENS_FILE = os.path.join(DB_DIR, "blacklisted_tokens.json")
+        REFRESH_TOKENS_FILE = os.path.join(DB_DIR, "refresh_tokens.json")
 
 def load_json_file(filepath: str) -> Dict[str, Any]:
-    """Load JSON file. Returns empty dict if file doesn't exist or is invalid."""
+    """
+    Load JSON file with error handling.
+    Returns {} if file does not exist.
+    """
     if not os.path.exists(filepath):
         return {}
+
     try:
         with open(filepath, "r", encoding="utf-8") as f:
-            data = json.load(f)
-            return data if isinstance(data, dict) else {}
-    except Exception:
+            return json.load(f)
+    except (json.JSONDecodeError, IOError) as e:
+        _log(f"[AUTH][ERROR] Error loading {filepath}: {e}")
         return {}
 
-
-def _atomic_write_json(filepath: str, data: Dict[str, Any]) -> None:
+def save_json_file(filepath: str, data: Dict[str, Any]):
     """
-    Atomic JSON write:
-    write to temp file in same directory, then replace.
+    Atomic save JSON file (prevents partial writes).
     """
-    directory = os.path.dirname(filepath)
-    Path(directory).mkdir(parents=True, exist_ok=True)
+    parent = os.path.dirname(filepath)
+    os.makedirs(parent, exist_ok=True)
 
-    fd, tmp_path = tempfile.mkstemp(prefix=".tmp_", dir=directory)
+    tmp_path = filepath + ".tmp"
     try:
-        with os.fdopen(fd, "w", encoding="utf-8") as f:
+        with open(tmp_path, "w", encoding="utf-8") as f:
             json.dump(data, f, indent=2, ensure_ascii=False)
-        os.replace(tmp_path, filepath)  # atomic on POSIX
-    finally:
+        os.replace(tmp_path, filepath)
+    except Exception as e:
+        _log(f"[AUTH][ERROR] Error saving {filepath}: {e}")
+        # cleanup temp if exists
         try:
             if os.path.exists(tmp_path):
                 os.remove(tmp_path)
         except Exception:
             pass
+        raise
 
-
-def save_json_file(filepath: str, data: Dict[str, Any]) -> None:
-    _atomic_write_json(filepath, data)
-
-
-def _is_empty_or_missing(filepath: str) -> bool:
+def _file_is_empty_json(filepath: str) -> bool:
     if not os.path.exists(filepath):
         return True
     try:
-        d = load_json_file(filepath)
-        return len(d) == 0
+        data = load_json_file(filepath)
+        return not bool(data)
     except Exception:
         return True
 
-
-def _copy_seed_file_if_needed(seed_path: str, target_path: str, *, only_if_missing_or_empty: bool = True) -> bool:
+def _seed_file_if_needed(target_path: str, seed_path: str):
     """
-    Copy seed json into runtime DB.
-    Returns True if copied.
+    Copy seed file -> target if:
+    - target missing, OR
+    - target exists but empty AND SEED_IF_EMPTY=1
     """
-    if not os.path.exists(seed_path):
-        return False
+    if not SEED_ON_START:
+        return
 
-    if only_if_missing_or_empty and not _is_empty_or_missing(target_path):
-        return False
+    seed_exists = os.path.exists(seed_path)
+    target_exists = os.path.exists(target_path)
 
-    ensure_data_directory()
-    Path(os.path.dirname(target_path)).mkdir(parents=True, exist_ok=True)
-    shutil.copy2(seed_path, target_path)
-    return True
+    if (not target_exists and seed_exists) or (target_exists and SEED_IF_EMPTY and seed_exists and _file_is_empty_json(target_path)):
+        os.makedirs(os.path.dirname(target_path), exist_ok=True)
+        shutil.copy2(seed_path, target_path)
+        _log(f"[AUTH][SEED] Copied seed: {seed_path} -> {target_path}")
 
+# =========================================================
+# STORAGE CLASSES
+# =========================================================
 
-# -----------------------------
-# Data Access Classes
-# -----------------------------
 class JSONUsers:
     @staticmethod
     def load_all() -> Dict[str, Any]:
@@ -152,7 +179,7 @@ class JSONUsers:
                 return False
 
             users[username_lower] = {
-                "id": (max([u.get("id", 0) for u in users.values()], default=0) + 1),
+                "id": len(users) + 1,
                 "username": username_lower,
                 "password_hash": password_hash,
                 "role": role,
@@ -165,17 +192,18 @@ class JSONUsers:
     @staticmethod
     def get_all_users() -> List[Dict[str, Any]]:
         users = JSONUsers.load_all()
-        return [{"id": u["id"], "username": u["username"], "role": u["role"]} for u in users.values()]
+        return [
+            {"id": u.get("id"), "username": u.get("username"), "role": u.get("role")}
+            for u in users.values()
+        ]
 
     @staticmethod
     def promote_to_admin(username: str) -> bool:
         username_lower = username.lower()
-
         with _file_locks["users"]:
             users = load_json_file(USERS_FILE)
             if username_lower not in users:
                 return False
-
             users[username_lower]["role"] = "admin"
             save_json_file(USERS_FILE, users)
             return True
@@ -184,7 +212,6 @@ class JSONUsers:
     def user_count() -> int:
         return len(JSONUsers.load_all())
 
-
 class JSONBlacklistedTokens:
     @staticmethod
     def load_all() -> Dict[str, Any]:
@@ -207,7 +234,6 @@ class JSONBlacklistedTokens:
             save_json_file(BLACKLISTED_TOKENS_FILE, tokens)
             return True
 
-
 class JSONRefreshTokens:
     @staticmethod
     def load_all() -> Dict[str, Any]:
@@ -240,106 +266,110 @@ class JSONRefreshTokens:
         username_lower = username.lower()
         with _file_locks["refresh_tokens"]:
             tokens = load_json_file(REFRESH_TOKENS_FILE)
-            keys = [k for k, v in tokens.items() if v.get("username") == username_lower]
-            for k in keys:
-                tokens.pop(k, None)
+            to_remove = [k for k, v in tokens.items() if v.get("username") == username_lower]
+            for k in to_remove:
+                del tokens[k]
             save_json_file(REFRESH_TOKENS_FILE, tokens)
             return True
 
+# =========================================================
+# INIT / DIAG
+# =========================================================
 
-# -----------------------------
-# Init / Seed
-# -----------------------------
-def init_db_files() -> None:
+def init_db():
     """
-    Create runtime json files if missing.
-    Also seeds users.json from repo data folder into runtime DB if runtime is empty.
+    Initialize JSON database files.
+    If AUTH_SEED_ON_START=1, seed from AUTH_SEED_DIR when missing or empty.
     """
     ensure_data_directory()
 
-    # Seed users first if runtime missing/empty
-    _copy_seed_file_if_needed(SEED_USERS_FILE, USERS_FILE, only_if_missing_or_empty=True)
+    # seed paths
+    seed_users = os.path.join(SEED_DIR, "users.json")
+    seed_blacklist = os.path.join(SEED_DIR, "blacklisted_tokens.json")
+    seed_refresh = os.path.join(SEED_DIR, "refresh_tokens.json")
 
-    # For tokens: usually you want them empty on first boot. If you want to seed them, set SEED_TOKENS=1
-    seed_tokens = os.getenv("SEED_TOKENS", "0") == "1"
-    if seed_tokens:
-        _copy_seed_file_if_needed(SEED_BLACKLISTED_FILE, BLACKLISTED_TOKENS_FILE, only_if_missing_or_empty=True)
-        _copy_seed_file_if_needed(SEED_REFRESH_FILE, REFRESH_TOKENS_FILE, only_if_missing_or_empty=True)
+    # Seed (if needed)
+    _seed_file_if_needed(USERS_FILE, seed_users)
+    _seed_file_if_needed(BLACKLISTED_TOKENS_FILE, seed_blacklist)
+    _seed_file_if_needed(REFRESH_TOKENS_FILE, seed_refresh)
 
-    # Create missing files (keep existing)
+    # Ensure files exist (create empty if still missing)
     if not os.path.exists(USERS_FILE):
         save_json_file(USERS_FILE, {})
+        _log(f"[AUTH][INIT] Created empty {USERS_FILE}")
 
     if not os.path.exists(BLACKLISTED_TOKENS_FILE):
         save_json_file(BLACKLISTED_TOKENS_FILE, {})
+        _log(f"[AUTH][INIT] Created empty {BLACKLISTED_TOKENS_FILE}")
 
     if not os.path.exists(REFRESH_TOKENS_FILE):
         save_json_file(REFRESH_TOKENS_FILE, {})
+        _log(f"[AUTH][INIT] Created empty {REFRESH_TOKENS_FILE}")
 
+    # Startup log (very useful in HF logs)
+    try:
+        users_count = len(load_json_file(USERS_FILE))
+        _log(f"[AUTH][READY] DB_DIR={DB_DIR} | users={users_count}")
+    except Exception as e:
+        _log(f"[AUTH][WARN] Could not read users count: {e}")
 
 def ensure_database_initialized() -> bool:
     """
-    Ensure JSON database is initialized (thread-safe).
-    Controlled by RUN_INIT_DB (default 1).
+    Ensure JSON DB is initialized once (thread-safe).
+    Controlled by RUN_INIT_DB.
     """
     global _db_init_done
-    should_init = os.getenv("RUN_INIT_DB", "1") == "1"
 
-    if not should_init:
+    if not RUN_INIT_DB:
         return False
 
-    if _db_init_done:
-        return True
-
-    with _db_init_lock:
-        if _db_init_done:
-            return True
-        init_db_files()
-        _db_init_done = True
-        return True
-
+    if not _db_init_done:
+        with _db_init_lock:
+            if not _db_init_done:
+                init_db()
+                _db_init_done = True
+    return True
 
 def get_database_info() -> Dict[str, Any]:
-    """
-    Return non-sensitive diagnostics.
-    """
-    def _file_info(path: str) -> Dict[str, Any]:
+    info = {
+        "database_type": "JSON",
+        "storage_location": DB_DIR,
+        "seed_location": SEED_DIR,
+        "files": {},
+    }
+
+    def _file_info(path: str, label: str):
         if not os.path.exists(path):
-            return {"exists": False}
-        return {
+            info["files"][label] = {"exists": False}
+            return
+        data = load_json_file(path)
+        info["files"][label] = {
             "exists": True,
             "path": path,
             "size_bytes": os.path.getsize(path),
-            "count": len(load_json_file(path)),
+            "count": len(data) if isinstance(data, dict) else 0,
         }
 
-    info = {
-        "database_type": "JSON",
-        "db_dir": DB_DIR,
-        "seed_dir": DEFAULT_SEED_DIR,
-        "files": {
-            "users": _file_info(USERS_FILE),
-            "blacklisted_tokens": _file_info(BLACKLISTED_TOKENS_FILE),
-            "refresh_tokens": _file_info(REFRESH_TOKENS_FILE),
-        },
-    }
-    return info
+    try:
+        _file_info(USERS_FILE, "users")
+        _file_info(BLACKLISTED_TOKENS_FILE, "blacklisted_tokens")
+        _file_info(REFRESH_TOKENS_FILE, "refresh_tokens")
+        info["connection_status"] = "ok"
+    except Exception as e:
+        info["connection_status"] = "error"
+        info["error"] = str(e)
 
+    return info
 
 def test_database_connection() -> Tuple[bool, str]:
-    """
-    Test read/write access to DB_DIR.
-    """
     try:
         ensure_data_directory()
-        # Read users
         _ = JSONUsers.load_all()
 
-        # Write temp file
-        test_file = os.path.join(DB_DIR, ".test_write")
-        save_json_file(test_file, {"ok": True})
+        test_file = os.path.join(DB_DIR, ".test")
+        save_json_file(test_file, {"test": "ok"})
         os.remove(test_file)
 
         return True, "JSON database connection successful"
     except Exception as e:
-        return False, f"JSON database connection failed: {e}"
+        return False, f"JSON database connection failed: {str(e)}"

data/blacklisted_tokens.json

@@ -58,5 +58,9 @@
   "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNzY5NTgwNTIwfQ.xaovVHywd_uCUPkkEN0C9juXhZuBzEwvnotk4LgMTa8": {
     "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNzY5NTgwNTIwfQ.xaovVHywd_uCUPkkEN0C9juXhZuBzEwvnotk4LgMTa8",
     "created_at": "2026-01-28T11:23:48.110513"
+  },
+  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNzY5NTgyMDQ3fQ.SjH67H5hTvAr0A2X9UeFy9BTzkMoeRAv2AQideORr2w": {
+    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNzY5NTgyMDQ3fQ.SjH67H5hTvAr0A2X9UeFy9BTzkMoeRAv2AQideORr2w",
+    "created_at": "2026-01-28T11:49:25.157795"
   }
 }

data/refresh_tokens.json

@@ -1 +1,7 @@
-{}
+{
+  "admin_1": {
+    "username": "admin",
+    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNzcwMTg1OTgwfQ.meq8kajfaFjc4ne6xfR-Pf1WzUvxybUvyseI16N7ztM",
+    "created_at": "2026-01-28T11:49:40.529887"
+  }
+}