OpenAI Key per Org (#82)

* Update README.md (#44)

* changes (#45)

* Readme update (#47)

rename project and stack

---------

Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

* fix create_user endpoint (#62)

* standard api response and http exception handling (#67)

* Upgrade PostgreSQL to 16 & Fix CORS Configuration (#57)

* use latest docker image

* update envsample

* Add Customizable Token Expiry Time in Login API (#70)

* token expiry time can be customize

* default to one day

* Organization/project : Crud, Endpoint and Test Cases (#63)

* trial

* pushing all

* models file

* renaming

* Rename Project.py to project.py

* Rename oganization.py to organization.py

* Update README.md (#44)

* changes (#45)

Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

* Readme update (#47)

rename project and stack

---------

Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

* fix create_user endpoint (#62)

* standard api response and http exception handling (#67)

* standardization and edits

* small edits

* small edits

* small edits

* fixed project post

* trial

* pushing all

* models file

* renaming

* Rename Project.py to project.py

* Rename oganization.py to organization.py

* standardization and edits

* small edits

* small edits

* small edits

* fixed project post

* remove these files since they were somehow pushed into this branch

* re-push the docker file

* re-push utils file

* re-push the file

* fixing test cases

---------

Co-authored-by: Sourabh Lodha <sourabh_lodha@ymail.com>
Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>
Co-authored-by: Aviraj Gour <100823015+avirajsingh7@users.noreply.github.com>
Co-authored-by: Ishankoradia <ikoradia@umich.edu>

* Add Project User Management (#65)

* intial commit user project mapping and authorization

* fix alembic migration

* Use standard API response

* add pagination

* add index and use base model

* Alembic: migration fixes for organization  (#77)

* fixing testcases and migrations

* changes migration file name

* remove old migration

---------

Co-authored-by: Akhilesh Negi <akhileshnegi.an3@gmail.com>

* Added Support of API Key Authentication (#76)

* Intial setup api key

* added Api key auth flow

* support both api key and oauth

---------

Co-authored-by: Sourabh Lodha <sourabh_lodha@ymail.com>

* Main to stage code sync (#80)

Back merge Production to staging code

* added migration for api table (#81)

* creds table

* Refactor Authentication Logic and Testing Enhancements (#89)

* fix authentication part

* Modify test cases to compatible with new auth

* Github: CI (#74)

* issue CI

* first stab at continuous integration

* fixing testcases and migrations

* syncing with master

* moving to python version 3.11.7

* making copy of env

* updating env

* added migrations

* added uv sync

* updating working directory

* added step to activate env

* updating working directory

* updating working directory for codecov upload

* updating script to upload to codecov

* remove working directory

* added working directory for % check

* clenaup

* cleanup

* activating env

* update the issue template

* update readme and env file

* adding badges (#91)

* OpenAI: Threads (#40)

* getting threads up and running

* added testcases and citation

* removing ssl verify

* using standardized APIResponse

* getting rid of redundant files

* refactor code after testing

* refactor testcases

* setting up init.py

* fixing review comments

* cleanup

* cleanup

* removed validate thread as it can be handled by default

* fixing few code review suggestions

* removed validation testcases for assistant ID

* threads testcases fix (#93)

* project router changes

* endpoint,crud and migration file

* models file

* minor fix

* fixes

* fixes

* test cases and fixes

* alembic file

* type checking

* cleaner exception

* fixing alembic revision heads

* using crendentials

* init module

* running pre commit

* running pre commit

* final changes

* migration file

* Rename fa868aa8debd_add_credetial_table.py to fa868aa8debd_add_credential_table.py

* test case change

* test cases

* test cases

* test cases

* removing duplicate lines

* datetime columns addition

* migration file

---------

Co-authored-by: Sourabh Lodha <sourabh_lodha@ymail.com>
Co-authored-by: Aviraj Gour <100823015+avirajsingh7@users.noreply.github.com>
Co-authored-by: Akhilesh Negi <akhileshnegi.an3@gmail.com>

Author: 4 people

backend/app/alembic/versions/543f97951bd0_add_credential_table.py

@@ -0,0 +1,38 @@
+"""add credetial table
+
+Revision ID: 543f97951bd0
+Revises: 8d7a05fd0ad4
+Create Date: 2025-04-14 23:50:51.118373
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+
+
+# revision identifiers, used by Alembic.
+revision = "543f97951bd0"
+down_revision = "8d7a05fd0ad4"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table(
+        "credential",
+        sa.Column("organization_id", sa.Integer(), nullable=False),
+        sa.Column("is_active", sa.Boolean(), nullable=False),
+        sa.Column("id", sa.Integer(), nullable=False),
+        sa.Column("credential", sa.JSON(), nullable=True),
+        sa.Column("inserted_at", sa.DateTime(), nullable=True),
+        sa.Column("updated_at", sa.DateTime(), nullable=True),
+        sa.Column("deleted_at", sa.DateTime(), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["organization_id"], ["organization.id"], ondelete="CASCADE"
+        ),
+        sa.PrimaryKeyConstraint("id"),
+    )
+
+
+def downgrade():
+    op.drop_table("credential")

backend/app/api/main.py

@@ -11,6 +11,7 @@
     threads,
     users,
     utils,
+    credentials,
 )
 from app.core.config import settings
 
@@ -24,6 +25,8 @@
 api_router.include_router(project.router)
 api_router.include_router(project_user.router)
 api_router.include_router(api_keys.router)
+api_router.include_router(credentials.router)
+
 
 if settings.ENVIRONMENT == "local":
     api_router.include_router(private.router)

backend/app/api/routes/credentials.py

@@ -0,0 +1,127 @@
+from fastapi import APIRouter, Depends, HTTPException
+from app.api.deps import SessionDep, get_current_active_superuser
+from app.crud.credentials import (
+    get_creds_by_org,
+    get_key_by_org,
+    remove_creds_for_org,
+    set_creds_for_org,
+    update_creds_for_org,
+)
+from app.models import CredsCreate, CredsPublic, CredsUpdate
+from app.utils import APIResponse
+from datetime import datetime
+
+router = APIRouter(prefix="/credentials", tags=["credentials"])
+
+
+@router.post(
+    "/",
+    dependencies=[Depends(get_current_active_superuser)],
+    response_model=APIResponse[CredsPublic],
+)
+def create_new_credential(*, session: SessionDep, creds_in: CredsCreate):
+    new_creds = None
+    try:
+        existing_creds = get_creds_by_org(
+            session=session, org_id=creds_in.organization_id
+        )
+        if not existing_creds:
+            new_creds = set_creds_for_org(session=session, creds_add=creds_in)
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"An unexpected error occurred: {str(e)}"
+        )
+
+    # Ensure inserted_at is set during creation
+    new_creds.inserted_at = datetime.utcnow()
+
+    return APIResponse.success_response(new_creds)
+
+
+@router.get(
+    "/{org_id}",
+    dependencies=[Depends(get_current_active_superuser)],
+    response_model=APIResponse[CredsPublic],
+)
+def read_credential(*, session: SessionDep, org_id: int):
+    try:
+        creds = get_creds_by_org(session=session, org_id=org_id)
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"An unexpected error occurred: {str(e)}"
+        )
+
+    if creds is None:
+        raise HTTPException(status_code=404, detail="Credentials not found")
+
+    return APIResponse.success_response(creds)
+
+
+@router.get(
+    "/{org_id}/api-key",
+    dependencies=[Depends(get_current_active_superuser)],
+    response_model=APIResponse[dict],
+)
+def read_api_key(*, session: SessionDep, org_id: int):
+    try:
+        api_key = get_key_by_org(session=session, org_id=org_id)
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"An unexpected error occurred: {str(e)}"
+        )
+
+    if api_key is None:
+        raise HTTPException(status_code=404, detail="API key not found")
+
+    return APIResponse.success_response({"api_key": api_key})
+
+
+@router.patch(
+    "/{org_id}",
+    dependencies=[Depends(get_current_active_superuser)],
+    response_model=APIResponse[CredsPublic],
+)
+def update_credential(*, session: SessionDep, org_id: int, creds_in: CredsUpdate):
+    try:
+        updated_creds = update_creds_for_org(
+            session=session, org_id=org_id, creds_in=creds_in
+        )
+
+        updated_creds.updated_at = datetime.utcnow()
+
+        return APIResponse.success_response(updated_creds)
+    except ValueError as e:
+        raise HTTPException(status_code=404, detail=str(e))
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"An unexpected error occurred: {str(e)}"
+        )
+
+
+from fastapi import HTTPException, Depends
+from app.crud.credentials import remove_creds_for_org
+from app.utils import APIResponse
+from app.api.deps import SessionDep, get_current_active_superuser
+
+
+@router.delete(
+    "/{org_id}/api-key",
+    dependencies=[Depends(get_current_active_superuser)],
+    response_model=APIResponse[dict],
+)
+def delete_credential(*, session: SessionDep, org_id: int):
+    try:
+        creds = remove_creds_for_org(session=session, org_id=org_id)
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"An unexpected error occurred: {str(e)}"
+        )
+
+    if creds is None:
+        raise HTTPException(
+            status_code=404, detail="Credentials for organization not found"
+        )
+
+    # No need to manually set deleted_at and is_active if it's done in remove_creds_for_org
+    # Simply return the success response
+    return APIResponse.success_response({"message": "Credentials deleted successfully"})

backend/app/crud/credentials.py

@@ -0,0 +1,104 @@
+from typing import Optional, Dict, Any
+from sqlmodel import Session, select
+from sqlalchemy.exc import IntegrityError
+from datetime import datetime
+
+from app.models import Credential, CredsCreate, CredsUpdate
+
+
+def set_creds_for_org(*, session: Session, creds_add: CredsCreate) -> Credential:
+    creds = Credential.model_validate(creds_add)
+
+    # Set the inserted_at timestamp (current UTC time)
+    creds.inserted_at = datetime.utcnow()
+
+    try:
+        session.add(creds)
+        session.commit()
+        session.refresh(creds)
+    except IntegrityError as e:
+        session.rollback()  # Rollback the session if there's a unique constraint violation
+        raise ValueError(f"Error while adding credentials: {str(e)}")
+
+    return creds
+
+
+def get_creds_by_org(*, session: Session, org_id: int) -> Optional[Credential]:
+    """Fetches the credentials for the given organization."""
+    statement = select(Credential).where(Credential.organization_id == org_id)
+    return session.exec(statement).first()
+
+
+def get_key_by_org(*, session: Session, org_id: int) -> Optional[str]:
+    """Fetches the API key from the credentials for the given organization."""
+    statement = select(Credential).where(Credential.organization_id == org_id)
+    creds = session.exec(statement).first()
+
+    # Check if creds exists and if the credential field contains the api_key
+    if (
+        creds
+        and creds.credential
+        and "openai" in creds.credential
+        and "api_key" in creds.credential["openai"]
+    ):
+        return creds.credential["openai"]["api_key"]
+
+    return None
+
+
+def update_creds_for_org(
+    session: Session, org_id: int, creds_in: CredsUpdate
+) -> Credential:
+    # Fetch the current credentials for the organization
+    creds = session.exec(
+        select(Credential).where(Credential.organization_id == org_id)
+    ).first()
+
+    if not creds:
+        raise ValueError(f"Credentials not found")
+
+    # Update the credentials data with the provided values
+    creds_data = creds_in.dict(exclude_unset=True)
+
+    # Directly update the fields on the original creds object instead of creating a new one
+    for key, value in creds_data.items():
+        setattr(creds, key, value)
+
+    # Set the updated_at timestamp (current UTC time)
+    creds.updated_at = datetime.utcnow()
+
+    try:
+        # Add the updated creds to the session and flush the changes to the database
+        session.add(creds)
+        session.flush()  # This will flush the changes to the database but without committing
+        session.commit()  # Now we commit the changes to make them permanent
+    except IntegrityError as e:
+        # Rollback in case of any integrity errors (e.g., constraint violations)
+        session.rollback()
+        raise ValueError(f"Error while updating credentials: {str(e)}")
+
+    # Refresh the session to get the latest updated data
+    session.refresh(creds)
+
+    return creds
+
+
+def remove_creds_for_org(*, session: Session, org_id: int) -> Optional[Credential]:
+    """Removes (soft deletes) the credentials for the given organization."""
+    statement = select(Credential).where(Credential.organization_id == org_id)
+    creds = session.exec(statement).first()
+
+    if creds:
+        try:
+            # Soft delete: Set is_active to False and set deleted_at timestamp
+            creds.is_active = False
+            creds.deleted_at = (
+                datetime.utcnow()
+            )  # Set the current time as the deleted_at timestamp
+            session.add(creds)
+            session.commit()
+        except IntegrityError as e:
+            session.rollback()  # Rollback in case of a failure during delete operation
+            raise ValueError(f"Error while deleting credentials: {str(e)}")
+
+    return creds

backend/app/models/__init__.py

@@ -42,3 +42,11 @@
     UsersPublic,
     UpdatePassword,
 )
+
+from .credentials import (
+    Credential,
+    CredsBase,
+    CredsCreate,
+    CredsPublic,
+    CredsUpdate,
+)

backend/app/models/credentials.py

@@ -0,0 +1,46 @@
+from typing import Dict, Any, Optional
+import sqlalchemy as sa
+from sqlmodel import Field, Relationship, SQLModel
+from datetime import datetime
+
+
+class CredsBase(SQLModel):
+    organization_id: int = Field(foreign_key="organization.id")
+    is_active: bool = True
+
+
+class CredsCreate(CredsBase):
+    credential: Dict[str, Any] = Field(default=None, sa_column=sa.Column(sa.JSON))
+
+
+class CredsUpdate(SQLModel):
+    credential: Optional[Dict[str, Any]] = Field(
+        default=None, sa_column=sa.Column(sa.JSON)
+    )
+    is_active: Optional[bool] = Field(default=None)
+
+
+class Credential(CredsBase, table=True):
+    id: int = Field(default=None, primary_key=True)
+    credential: Dict[str, Any] = Field(default=None, sa_column=sa.Column(sa.JSON))
+    inserted_at: datetime = Field(
+        default_factory=datetime.utcnow,
+        sa_column=sa.Column(sa.DateTime, default=datetime.utcnow),
+    )
+    updated_at: datetime = Field(
+        default_factory=datetime.utcnow,
+        sa_column=sa.Column(sa.DateTime, onupdate=datetime.utcnow),
+    )
+    deleted_at: Optional[datetime] = Field(
+        default=None, sa_column=sa.Column(sa.DateTime, nullable=True)
+    )
+
+    organization: Optional["Organization"] = Relationship(back_populates="creds")
+
+
+class CredsPublic(CredsBase):
+    id: int
+    credential: Dict[str, Any]
+    inserted_at: datetime
+    updated_at: datetime
+    deleted_at: Optional[datetime]

backend/app/models/organization.py

@@ -1,4 +1,10 @@
+from typing import List, TYPE_CHECKING
 from sqlmodel import Field, Relationship, SQLModel
+from sqlalchemy.orm import relationship
+
+
+if TYPE_CHECKING:
+    from .credentials import Credential
 
 
 # Shared properties for an Organization
@@ -22,7 +28,11 @@ class OrganizationUpdate(SQLModel):
 class Organization(OrganizationBase, table=True):
     id: int = Field(default=None, primary_key=True)
 
+    # Relationship back to Creds
     api_keys: list["APIKey"] = Relationship(back_populates="organization")
+    creds: list["Credential"] = Relationship(
+        back_populates="organization", sa_relationship_kwargs={"cascade": "all, delete"}
+    )
 
 
 # Properties to return via API