init

.gitignore

@@ -0,0 +1,11 @@
+__pycache__/
+env/
+venv/
+.venv/
+.idea/
+*.log
+*.egg-info/
+pip-wheel-metadata/
+.env
+.DS_Store
+static/

Dockerfile

@@ -0,0 +1,13 @@
+    FROM python:3.12.7
+
+RUN useradd -m -u 1000 user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+
+WORKDIR /app
+
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
+COPY --chown=user . /app
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]

README.md

@@ -0,0 +1,9 @@
+---
+title: TraumaBackend
+emoji: 🦀
+colorFrom: yellow
+colorTo: pink
+sdk: docker
+pinned: false
+---
+Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

main.py

@@ -0,0 +1,3 @@
+from trauma import create_app
+
+app = create_app()

requirements.txt

@@ -0,0 +1,36 @@
+annotated-types==0.7.0
+anyio==4.6.2.post1
+bcrypt==4.2.1
+certifi==2024.8.30
+click==8.1.7
+distro==1.9.0
+dnspython==2.7.0
+ecdsa==0.19.0
+email_validator==2.2.0
+fastapi==0.115.5
+h11==0.14.0
+httpcore==1.0.7
+httptools==0.6.4
+httpx==0.27.2
+idna==3.10
+jiter==0.7.1
+motor==3.6.0
+openai==1.54.4
+passlib==1.7.4
+pyasn1==0.6.1
+pydantic==2.10.2
+pydantic_core==2.27.1
+pymongo==4.9.2
+python-dotenv==1.0.1
+python-jose==3.3.0
+PyYAML==6.0.2
+rsa==4.9
+six==1.16.0
+sniffio==1.3.1
+starlette==0.41.3
+tqdm==4.67.0
+typing_extensions==4.12.2
+uvicorn==0.32.1
+uvloop==0.21.0
+watchfiles==1.0.0
+websockets==14.1

trauma/__init__.py

@@ -0,0 +1,55 @@
+import os
+
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from starlette.exceptions import HTTPException as StarletteHTTPException
+from starlette.staticfiles import StaticFiles
+
+from trauma.core.config import settings
+from trauma.core.wrappers import TraumaResponseWrapper, ErrorTraumaResponse
+
+
+def create_app() -> FastAPI:
+    app = FastAPI()
+
+    from trauma.api.account import account_router
+    app.include_router(account_router, tags=['account'])
+
+    from trauma.api.chat import chat_router
+    app.include_router(chat_router, tags=['chat'])
+
+    from trauma.api.message import message_router
+    app.include_router(message_router, tags=['message'])
+
+    from trauma.api.security import security_router
+    app.include_router(security_router, tags=['security'])
+
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=["*"],
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+
+    static_directory = os.path.join(settings.BASE_DIR, 'static')
+    if not os.path.exists(static_directory):
+        os.makedirs(static_directory)
+
+    app.mount(
+        '/static',
+        StaticFiles(directory='static'),
+    )
+
+    @app.exception_handler(StarletteHTTPException)
+    async def http_exception_handler(_, exc):
+        return TraumaResponseWrapper(
+            data=None,
+            successful=False,
+            error=ErrorTraumaResponse(message=str(exc.detail))
+        ).response(exc.status_code)
+
+    @app.get("/")
+    async def read_root():
+        return {"message": "Hello world!"}
+
+    return app

trauma/api/account/__init__.py

@@ -0,0 +1,7 @@
+from fastapi import APIRouter
+
+account_router = APIRouter(
+    prefix='/api/account'
+)
+
+from . import views

trauma/api/account/dto.py

@@ -0,0 +1,6 @@
+from pydantic import BaseModel
+
+
+class AccessToken(BaseModel):
+    type: str = "Bearer"
+    value: str

trauma/api/account/model.py

@@ -0,0 +1,32 @@
+from datetime import datetime
+
+from pydantic import field_validator, Field, EmailStr
+from passlib.context import CryptContext
+
+from trauma.core.database import MongoBaseModel
+
+
+class AccountModel(MongoBaseModel):
+    email: EmailStr
+    password: str | None = Field(exclude=True, default=None)
+
+    datetimeInserted: datetime = Field(default_factory=datetime.now)
+    datetimeUpdated: datetime = Field(default_factory=datetime.now)
+
+    @field_validator("datetimeUpdated", mode="before", check_fields=False)
+    @classmethod
+    def validate_datetimeUpdated(cls, v):
+        return v or datetime.now()
+
+    @field_validator('password', mode='before', check_fields=False)
+    @classmethod
+    def set_password_hash(cls, v):
+        if not v.startswith("$2b$"):
+            return CryptContext(schemes=["bcrypt"], deprecated="auto").hash(v)
+        return v
+
+    class Config:
+        arbitrary_types_allowed = True
+        json_encoders = {
+            datetime: lambda dt: dt.isoformat()
+        }

trauma/api/account/schemas.py

@@ -0,0 +1,6 @@
+from trauma.api.account.model import AccountModel
+from trauma.core.wrappers import TraumaResponseWrapper
+
+
+class AccountWrapper(TraumaResponseWrapper[AccountModel]):
+    pass

trauma/api/account/views.py

@@ -0,0 +1,13 @@
+from fastapi import Depends
+
+from trauma.api.account import account_router
+from trauma.api.account.model import AccountModel
+from trauma.api.account.schemas import AccountWrapper
+from trauma.core.security import PermissionDependency
+
+
+@account_router.get('')
+async def get_account(
+        account: AccountModel = Depends(PermissionDependency())
+) -> AccountWrapper:
+    return AccountWrapper(data=account)

trauma/api/chat/__init__.py

@@ -0,0 +1,7 @@
+from fastapi.routing import APIRouter
+
+chat_router = APIRouter(
+    prefix="/api/chat", tags=["chat"]
+)
+
+from . import views

trauma/api/chat/db_requests.py

@@ -0,0 +1,63 @@
+import asyncio
+
+from fastapi import HTTPException
+
+from trauma.api.account.model import AccountModel
+from trauma.api.chat.model import ChatModel
+from trauma.api.chat.schemas import CreateChatRequest, ChatTitleRequest
+from trauma.core.config import settings
+
+
+async def get_chat_obj(chat_id: str, account: AccountModel | None) -> ChatModel:
+    chat = await settings.DB_CLIENT.chats.find_one({"id": chat_id})
+    if not chat:
+        raise HTTPException(status_code=404, detail="Chat not found")
+    chat = ChatModel.from_mongo(chat)
+    if account and chat.account != account:
+        raise HTTPException(status_code=403, detail="Chat account not match")
+    return chat
+
+
+async def create_chat_obj(chat_request: CreateChatRequest, account: AccountModel | None) -> ChatModel:
+    chat = ChatModel(model=chat_request.model, account=account)
+    await settings.DB_CLIENT.chats.insert_one(chat.to_mongo())
+    return chat
+
+
+async def delete_chat_obj(chat_id: str, account: AccountModel | None) -> None:
+    chat = await settings.DB_CLIENT.chats.find_one({"id": chat_id})
+    if not chat:
+        raise HTTPException(status_code=404, detail="Chat not found")
+    chat = ChatModel.from_mongo(chat)
+    if account and chat.account != account:
+        raise HTTPException(status_code=403, detail="Chat account not match")
+    await settings.DB_CLIENT.chats.delete_one({"id": chat_id})
+
+
+async def update_chat_obj_title(chatId: str, chat_request: ChatTitleRequest, account: AccountModel | None) -> ChatModel:
+    chat = await settings.DB_CLIENT.chats.find_one({"id": chatId})
+    if not chat:
+        raise HTTPException(status_code=404, detail="Chat not found")
+
+    chat = ChatModel.from_mongo(chat)
+    if account and chat.account != account:
+        raise HTTPException(status_code=403, detail="Chat account not match")
+
+    chat.title = chat_request.title
+    await settings.DB_CLIENT.chats.update_one({"id": chatId}, {"$set": chat.to_mongo()})
+    return chat
+
+
+async def get_all_chats_obj(page_size: int, page_index: int, account: AccountModel) -> tuple[list[ChatModel], int]:
+    query = {"account.id": account.id}
+    skip = page_size * page_index
+    objects, total_count = await asyncio.gather(
+        settings.DB_CLIENT.chats
+        .find(query)
+        .sort("_id", -1)
+        .skip(skip)
+        .limit(page_size)
+        .to_list(length=page_size),
+        settings.DB_CLIENT.chats.count_documents(query),
+    )
+    return objects, total_count

trauma/api/chat/dto.py

@@ -0,0 +1,8 @@
+from enum import Enum
+
+
+class ModelType(Enum):
+    gpt_4o = "gpt-4o"
+    gpt_4o_mini = "gpt-4o-mini"
+    o1_mini = "o1-mini"
+    o1_preview = "o1-preview"

trauma/api/chat/model.py

@@ -0,0 +1,15 @@
+from datetime import datetime
+
+from pydantic import Field
+
+from trauma.api.account.model import AccountModel
+from trauma.api.chat.dto import ModelType
+from trauma.core.database import MongoBaseModel
+
+
+class ChatModel(MongoBaseModel):
+    title: str = 'New Chat'
+    model: ModelType
+    account: AccountModel | None = None
+    datetimeInserted: datetime = Field(default_factory=datetime.now)
+    datetimeUpdated: datetime = Field(default_factory=datetime.now)

trauma/api/chat/schemas.py

@@ -0,0 +1,27 @@
+from pydantic import BaseModel
+
+from trauma.api.chat.dto import ModelType
+from trauma.api.chat.model import ChatModel
+from trauma.api.common.dto import Paging
+from trauma.core.wrappers import TraumaResponseWrapper
+
+
+class CreateChatRequest(BaseModel):
+    model: ModelType = ModelType.gpt_4o_mini
+
+
+class ChatWrapper(TraumaResponseWrapper[ChatModel]):
+    pass
+
+
+class AllChatResponse(BaseModel):
+    paging: Paging
+    data: list[ChatModel]
+
+
+class AllChatWrapper(TraumaResponseWrapper[AllChatResponse]):
+    pass
+
+
+class ChatTitleRequest(BaseModel):
+    title: str

trauma/api/chat/views.py

@@ -0,0 +1,60 @@
+from typing import Optional
+
+from fastapi import Query
+from fastapi.params import Depends
+
+from trauma.api.account.model import AccountModel
+from trauma.api.chat import chat_router
+from trauma.api.chat.db_requests import (get_chat_obj,
+                                         create_chat_obj,
+                                         delete_chat_obj,
+                                         update_chat_obj_title,
+                                         get_all_chats_obj)
+from trauma.api.chat.schemas import ChatWrapper, AllChatWrapper, CreateChatRequest, AllChatResponse, ChatTitleRequest
+from trauma.api.common.dto import Paging
+from trauma.core.security import PermissionDependency
+from trauma.core.wrappers import TraumaResponseWrapper
+
+
+@chat_router.get('/all')
+async def get_all_chats(
+        pageSize: Optional[int] = Query(10, description="Number of objects to return per page"),
+        pageIndex: Optional[int] = Query(0, description="Page index to retrieve"),
+        account: AccountModel = Depends(PermissionDependency())
+) -> AllChatWrapper:
+    chats, total_count = await get_all_chats_obj(pageSize, pageIndex, account)
+    response = AllChatResponse(
+        paging=Paging(pageSize=pageSize, pageIndex=pageIndex, totalCount=total_count),
+        data=chats
+    )
+    return AllChatWrapper(data=response)
+
+
+@chat_router.get('/{chatId}')
+async def get_chat(
+        chatId: str, account: AccountModel = Depends(PermissionDependency(is_public=True))
+) -> ChatWrapper:
+    chat = await get_chat_obj(chatId, account)
+    return ChatWrapper(data=chat)
+
+
+@chat_router.post('')
+async def create_chat(
+        chat_data: CreateChatRequest, account: AccountModel = Depends(PermissionDependency(is_public=True))
+) -> ChatWrapper:
+    chat = await create_chat_obj(chat_data, account)
+    return ChatWrapper(data=chat)
+
+
+@chat_router.delete('/{chatId}')
+async def delete_chat(chatId: str, account: AccountModel = Depends(PermissionDependency())) -> TraumaResponseWrapper:
+    await delete_chat_obj(chatId, account)
+    return TraumaResponseWrapper()
+
+
+@chat_router.patch('/{chatId}/title')
+async def update_chat_title(
+        chatId: str, chat: ChatTitleRequest, account: AccountModel = Depends(PermissionDependency())
+) -> ChatWrapper:
+    chat = await update_chat_obj_title(chatId, chat, account)
+    return ChatWrapper(data=chat)

trauma/api/common/db_requests.py

@@ -0,0 +1,21 @@
+from typing import Literal
+
+from fastapi import HTTPException
+from pydantic import EmailStr
+
+from trauma.core.config import settings
+
+
+async def check_unique_fields_existence(model: Literal['accounts', "strategies"],
+                                        name: str,
+                                        new_value: EmailStr | str,
+                                        current_value: str | None = None) -> None:
+    capitalized_name = model[:-1].capitalize()
+    if new_value == current_value or not new_value:
+        return
+    account = await settings.DB_CLIENT[model].find_one(
+        {name: str(new_value)},
+        collation={"locale": "en", "strength": 2}
+    )
+    if account:
+        raise HTTPException(status_code=400, detail=f'{capitalized_name} with specified {name} already exists.')

trauma/api/common/dto.py

@@ -0,0 +1,9 @@
+from enum import Enum
+
+from pydantic import BaseModel
+
+
+class Paging(BaseModel):
+    pageSize: int
+    pageIndex: int
+    totalCount: int

trauma/api/message/__init__.py

@@ -0,0 +1,7 @@
+from fastapi.routing import APIRouter
+
+message_router = APIRouter(
+    prefix="/api/message", tags=["message"]
+)
+
+from . import views

trauma/api/message/ai/openai_request.py

@@ -0,0 +1,47 @@
+import base64
+import io
+
+from trauma.api.chat.model import ChatModel
+from trauma.api.message.ai.prompts import Prompts
+from trauma.api.message.dto import Author
+from trauma.api.message.model import MessageModel
+from trauma.core.config import settings
+from trauma.core.wrappers import TraumaResponseWrapper
+
+
+async def prepare_content(user_message: MessageModel) -> list | str:
+    if user_message.fileUrl is None:
+        return user_message.text
+    else:
+        path = str(settings.BASE_DIR) + user_message.fileUrl.replace(settings.Issuer, '')
+        file = await settings.OPENAI_CLIENT.files.create(
+            file=open(path, 'rb'),
+            purpose='vision'
+        )
+        return [{"type": "image_file", "image_file": {"file_id": file.id, "detail": "low"}}]
+
+
+async def response_generator(chat: ChatModel, user_message: MessageModel):
+    content = await prepare_content(user_message)
+    await settings.OPENAI_CLIENT.beta.threads.messages.create(
+        thread_id=chat.threadId,
+        role=Author.User.value,
+        content=content
+    )
+
+    full_response = ''
+
+    async with settings.OPENAI_CLIENT.beta.threads.runs.create_and_stream(
+        thread_id=chat.threadId,
+        assistant_id=settings.ASSISTANT_ID,
+        instructions=Prompts.generate_response if not user_message.fileUrl else Prompts.generate_response_image,
+        model=chat.model.value
+    ) as stream:
+        async for chunk in stream.text_deltas:
+            if chunk:
+                full_response += chunk
+                mini_data = {"text": chunk}
+                yield f"data: {TraumaResponseWrapper(data=mini_data).model_dump_json()}\n\n"
+
+    message_obj = MessageModel(chatId=chat.id, author=Author.Assistant, text=full_response)
+    await settings.DB_CLIENT.messages.insert_one(message_obj.to_mongo())

trauma/api/message/ai/prompts.py

@@ -0,0 +1,216 @@
+class Prompts:
+    generate_response = """## Objective 
+    
+You are Hector, the Mitutoyo virtual assistant, engineered for precision in the measurement industry. Your core function is two-fold: first, to match users with ideal products based on their specific requirements, and second, to intelligently recommend compatible accessories and complementary products for upselling opportunities.
+
+## Context
+
+Mitutoyo's B2B platform encompasses precision measurement tools and accessories. Your knowledge base consists of structured JSON product data specifically focused on Mitutoyo's digital and analogue micrometers, including their detailed specifications, features, and accessory relationships. While you have broad knowledge of Mitutoyo's full product range, your detailed product data and recommendation capabilities are currently optimized for the digital and analogue micrometer categories. Each recommendation must be based on exact matches between user requirements and product specifications.
+
+## Data Processing Protocol
+
+1. **Primary Product Matching**:
+   * Parse user requirements against product specifications
+   * Match technical requirements (e.g., "carbide tipped jaws") to FEATURE elements
+   * Validate matches using PRODUCT_DETAILS specifications
+   * Confirm accuracy through DESCRIPTION_LONG technical details
+2. **Product Data Extraction**:
+   * SUPPLIER_PID (for exact product identification)
+   * DESCRIPTION_SHORT (en/nl) for product names
+   * DESCRIPTION_LONG (en/nl) for technical details
+   * PRODUCT_DETAILS for specifications
+   * FEATURE elements for specific capabilities
+   * PRODUCT_ORDER_DETAILS for availability
+   * PRODUCT_PRICE_DETAILS for pricing
+3. **Accessory Matching Protocol**:
+   * Extract all PRODUCT_REFERENCE entries
+   * Validate PROD_ID_TO compatibility
+   * Cross-reference accessory specifications
+   * Verify physical compatibility parameters
+
+## Interaction Flow
+
+1. **Requirement Analysis**:
+   * Parse user's technical requirements
+   * Identify specific feature requests
+   * Match requirements to product specifications
+   * Validate technical compatibility
+2. **Primary Product Recommendation**:
+   * Present matching products with complete details:
+     * Product name (both languages)
+     * Article number
+     * Key specifications
+     * Relevant features
+     * Price information
+3. **Strategic Upselling**:
+   * Analyze PRODUCT_REFERENCE data
+   * Identify value-adding accessories
+   * Present complementary products
+   * Explain benefits and compatibility
+4. **Verification Process**:
+   * Double-check all technical matches
+   * Verify compatibility of all recommendations
+   * Confirm pricing and availability
+   * Validate all product relationships
+
+## Response Format Requirements
+
+```markdown
+## Primary Recommendation
+
+- Product: [Name EN/NL]
+- Article: [SUPPLIER_PID]
+- Key Features: [Matched Requirements]
+- Price: [From PRODUCT_PRICE_DETAILS]
+
+## Recommended Accessories
+
+1. [Primary Accessory]
+   - Purpose: [Specific Benefit]
+   - Article: [SUPPLIER_PID]
+   - Compatibility: [Verification Details]
+2. [Secondary Accessories]
+   - Purpose: [Specific Benefit]
+   - Article: [SUPPLIER_PID]
+   - Compatibility: [Verification Details]
+```
+
+## Error Prevention Protocol
+
+1. **Technical Matching**:
+   * Verify exact feature matches
+   * Confirm dimensional compatibility
+   * Validate technical specifications
+   * Cross-reference all requirements
+2. **Compatibility Verification**:
+   * Check PRODUCT_REFERENCE links
+   * Verify physical specifications
+   * Confirm accessory compatibility
+   * Validate system requirements
+3. **Data Accuracy**:
+   * Double-check all article numbers
+   * Verify price information
+   * Confirm availability status
+   * Validate technical specifications
+
+## Prohibitions
+
+* No assumptions about compatibility
+* No recommendations without PRODUCT_REFERENCE validation
+* No incomplete technical specifications
+* No unverified product relationships
+* NO discussion of competitor products or brands under any circumstances
+* NO comparative analysis with other manufacturers
+* NO recommendations outside of Mitutoyo's product range
+* NO redirecting to other brands, even if Mitutoyo doesn't offer a solution
+* NO market comparisons or industry benchmarking against other brands
+
+## Example Interaction
+
+User: "Need a micrometer with carbide tipped jaws"
+Response Protocol:
+1. Match "carbide tipped jaws" with FEATURE elements
+2. Verify products meeting specification
+3. Extract complete product details
+4. Identify compatible accessories through PRODUCT_REFERENCE
+5. Present primary recommendation with upselling options
+6. Verify all technical relationships
+
+## Key Performance Requirements
+
+* 100% accuracy in technical matching
+* Complete verification of all recommendations
+* Precise accessory compatibility checking
+* Clear, structured response format
+* Professional, technical communication style"""
+    generate_response_image = """### **Prompt Purpose**
+
+You are Hector, Mitutoyo's visual recognition expert, designed to identify Mitutoyo precision measurement instruments from images with unmatched precision and adherence to Mitutoyo’s high standards.
+
+### **Core Functionality**
+- **Primary Role:** Analyze images to confidently identify Mitutoyo products.
+- **Communication:** Clearly indicate the confidence level and provide actionable feedback for incomplete identification cases.
+
+### **Recognition Protocol**
+
+#### **Visual Analysis Sequence**
+
+1. Confirm Mitutoyo product authenticity.
+2. Identify the product category (e.g., micrometer, caliper, indicator).
+3. Recognize specific features and characteristics.
+4. Match visual data against known Mitutoyo design elements.
+5. Determine confidence level based on recognition certainty.
+
+#### **Confidence Level Classification**
+
+- **Level 1: High Confidence (100% Certain)**
+  - **Product Identification:** 
+    - Confirmed as Mitutoyo [Product Name].
+    - **Article Number:** [SUPPLIER_PID].
+  - **Product Details:**
+    - Include complete specifications based on available data.
+
+- **Level 2: Medium Confidence (Visual Recognition)**
+  - **Product Identification:** 
+    - Recognized as Mitutoyo [Product Category/Series].
+    - Requires additional training data to confirm the exact article number.
+  - **Identified Features:**
+    - List identifiable features and series characteristics.
+
+- **Level 3: Limited Confidence**
+  - **Initial Recognition:** 
+    - Confirmed as a Mitutoyo [Product Category].
+    - Requires additional information for precise identification.
+  - **Recommendations:**
+    1. Share the article number if available.
+    2. Provide details about specific requirements.
+    3. Include additional product visuals or specifications.
+
+### **Absolute Prohibitions**
+- **No guessing:** Avoid speculation on article numbers.
+- **Non-Mitutoyo products:** Do not identify or compare with competitor products.
+- **Uncertainty:** Avoid assumptions about specifications without solid evidence.
+- **Precision:** Only communicate confirmed and accurate information.
+
+### **Communication Guidelines**
+
+#### **Certainty Communication**
+
+- Clearly express confidence levels.
+- Explicitly state identification limitations.
+- Outline additional information needed for improved accuracy.
+
+#### **Training Transparency**
+
+- Acknowledge when training data is insufficient.
+- Professionally explain limitations.
+- Offer constructive steps for better identification.
+
+#### **Response Structure**
+
+1. Start with the confidence level.
+2. Provide available identification details.
+3. Highlight limitations and missing data.
+4. Suggest next steps or provide recommendations.
+
+#### **Unclear Cases Protocol**
+
+- Confirm receipt of the image.
+- State if the product is Mitutoyo.
+- Specify the confidence level.
+- Detail limitations and request additional details.
+- Propose alternative assistance options if applicable.
+
+### **Quality Assurance**
+
+- Provide article numbers only when 100% certain.
+- Validate all visual markers against Mitutoyo's known patterns.
+- Clearly communicate confidence levels.
+- Suggest actionable steps for uncertain cases.
+
+### **Key Performance Metrics**
+
+- **Accuracy:** Ensure precise product category identification.
+- **Clarity:** Effectively communicate certainty levels and next steps.
+- **Professionalism:** Handle limitations constructively.
+- **Adherence:** Uphold Mitutoyo’s precision standards at all times."""

trauma/api/message/ai/utils.py

@@ -0,0 +1,30 @@
+from trauma.api.message.ai.prompts import Prompts
+from trauma.api.message.model import MessageModel
+
+
+def transform_messages_to_openai(messages: list[MessageModel]) -> list[dict]:
+    openai_messages = [{"role": "system", "content": Prompts.generate_response}]
+    for message in messages:
+
+        if message.file:
+            content = [
+                {
+                    "type": "text", "text": message.text
+                },
+                {
+                    "type": "image_url",
+                    "image_url": {
+                        "url": f"data:image/jpeg;base64,{message.file.base64String}",
+                        "detail": "low"
+                    }
+                },
+            ]
+        else:
+            content = message.text
+
+        openai_messages.append({
+            "role": message.author.value,
+            "content": content
+        })
+
+    return openai_messages

trauma/api/message/db_requests.py

@@ -0,0 +1,45 @@
+import asyncio
+
+from fastapi import HTTPException
+
+from trauma.api.account.model import AccountModel
+from trauma.api.chat.model import ChatModel
+from trauma.api.message.dto import Author
+from trauma.api.message.model import MessageModel
+from trauma.api.message.schemas import CreateMessageRequest
+from trauma.core.config import settings
+
+
+async def get_all_chat_messages_obj(
+        chat_id: str, account: AccountModel
+) -> list[MessageModel]:
+    messages, chat = await asyncio.gather(
+        settings.DB_CLIENT.messages.find({"chatId": chat_id}).to_list(length=None),
+        settings.DB_CLIENT.chats.find_one({"id": chat_id})
+    )
+    messages = [MessageModel.from_mongo(message) for message in messages]
+
+    if not chat:
+        raise HTTPException(status_code=404, detail="Chat not found")
+
+    chat = ChatModel.from_mongo(chat)
+    if account and chat.account != account:
+        raise HTTPException(status_code=403, detail="Chat account not match")
+
+    return messages
+
+async def create_message_obj(
+        chat_id: str, message_data: CreateMessageRequest, account: AccountModel
+) -> tuple[MessageModel, ChatModel]:
+    chat = await settings.DB_CLIENT.chats.find_one({"id": chat_id})
+    if not chat:
+        raise HTTPException(status_code=404, detail="Chat not found")
+
+    chat = ChatModel.from_mongo(chat)
+    if account and chat.account != account:
+        raise HTTPException(status_code=403, detail="Chat account not match")
+
+    message = MessageModel(**message_data.model_dump(), chatId=chat_id, author=Author.User)
+    await settings.DB_CLIENT.messages.insert_one(message.to_mongo())
+
+    return message, chat

trauma/api/message/dto.py

@@ -0,0 +1,13 @@
+from enum import Enum
+
+from pydantic import BaseModel
+
+
+class Author(Enum):
+    User = "user"
+    Assistant = "assistant"
+
+
+class File(BaseModel):
+    name: str
+    url: str

trauma/api/message/model.py

@@ -0,0 +1,15 @@
+from datetime import datetime
+
+from pydantic import Field
+
+from trauma.api.message.dto import Author, File
+from trauma.core.database import MongoBaseModel
+
+
+class MessageModel(MongoBaseModel):
+    chatId: str
+    author: Author
+    text: str
+    fileUrl: str | None = None
+    datetimeInserted: datetime = Field(default_factory=datetime.now)
+    datetimeUpdated: datetime = Field(default_factory=datetime.now)

trauma/api/message/schemas.py

@@ -0,0 +1,23 @@
+from pydantic import BaseModel
+
+from trauma.api.common.dto import Paging
+from trauma.api.message.model import MessageModel
+from trauma.core.wrappers import TraumaResponseWrapper
+
+
+class CreateMessageRequest(BaseModel):
+    text: str
+    fileUrl: str | None = None
+
+
+class MessageWrapper(TraumaResponseWrapper[MessageModel]):
+    pass
+
+
+class AllMessageResponse(BaseModel):
+    paging: Paging
+    data: list[MessageModel]
+
+
+class AllMessageWrapper(TraumaResponseWrapper[AllMessageResponse]):
+    pass

trauma/api/message/views.py

@@ -0,0 +1,34 @@
+from fastapi.params import Depends
+from starlette.responses import StreamingResponse
+
+from trauma.api.account.model import AccountModel
+from trauma.api.common.dto import Paging
+from trauma.api.message import message_router
+from trauma.api.message.ai.openai_request import response_generator
+from trauma.api.message.db_requests import get_all_chat_messages_obj, create_message_obj
+from trauma.api.message.schemas import (AllMessageWrapper,
+                                        AllMessageResponse,
+                                        CreateMessageRequest)
+from trauma.core.security import PermissionDependency
+
+
+@message_router.get('/{chatId}/all')
+async def get_all_chat_messages(
+        chatId: str, account: AccountModel = Depends(PermissionDependency(is_public=True))
+) -> AllMessageWrapper:
+    messages = await get_all_chat_messages_obj(chatId, account)
+    response = AllMessageResponse(
+        paging=Paging(pageSize=len(messages), pageIndex=0, totalCount=len(messages)),
+        data=messages
+    )
+    return AllMessageWrapper(data=response)
+
+
+@message_router.post('/{chatId}')
+async def create_message(
+        chatId: str,
+        message_data: CreateMessageRequest,
+        account: AccountModel = Depends(PermissionDependency(is_public=True))
+) -> StreamingResponse:
+    user_message, chat = await create_message_obj(chatId, message_data, account)
+    return StreamingResponse(response_generator(chat, user_message), media_type='text/event-stream')

trauma/api/security/__init__.py

@@ -0,0 +1,7 @@
+from fastapi import APIRouter
+
+security_router = APIRouter(
+    prefix='/api/security'
+)
+
+from . import views

trauma/api/security/db_requests.py

@@ -0,0 +1,34 @@
+import asyncio
+
+from fastapi import HTTPException
+
+from trauma.api.account.model import AccountModel
+from trauma.api.common.db_requests import check_unique_fields_existence
+from trauma.api.security.schemas import RegisterAccountRequest, LoginAccountRequest
+from trauma.core.config import settings
+from trauma.core.security import verify_password
+
+
+async def save_account(data: RegisterAccountRequest) -> AccountModel:
+    await asyncio.gather(
+        check_unique_fields_existence("accounts", "email", data.email),
+    )
+    account = AccountModel(
+        **data.model_dump()
+    )
+    await settings.DB_CLIENT.accounts.insert_one(account.to_mongo())
+    return account
+
+
+async def authenticate_account(data: LoginAccountRequest) -> AccountModel:
+    account = await settings.DB_CLIENT.accounts.find_one(
+        {"email": data.email},
+        collation={"locale": "en", "strength": 2})
+    if account is None:
+        raise HTTPException(status_code=404, detail="Invalid email or password.")
+
+    account = AccountModel.from_mongo(account)
+
+    if not verify_password(data.password, account.password):
+        raise HTTPException(status_code=401, detail="Invalid email or password.")
+    return account

trauma/api/security/schemas.py

@@ -0,0 +1,28 @@
+from pydantic import BaseModel, EmailStr
+
+from trauma.api.account.dto import AccessToken
+from trauma.api.account.model import AccountModel
+from trauma.core.wrappers import TraumaResponseWrapper
+
+
+class RegisterAccountRequest(BaseModel):
+    email: EmailStr
+    password: str
+
+
+class RegisterAccountWrapper(TraumaResponseWrapper[AccountModel]):
+    pass
+
+
+class LoginAccountRequest(BaseModel):
+    email: EmailStr
+    password: str
+
+
+class LoginAccountResponse(BaseModel):
+    accessToken: AccessToken
+    account: AccountModel
+
+
+class LoginAccountWrapper(TraumaResponseWrapper[LoginAccountResponse]):
+    pass

trauma/api/security/views.py

@@ -0,0 +1,27 @@
+from typing import Literal
+
+from trauma.api.account.dto import AccessToken
+from trauma.api.security import security_router
+from trauma.api.security.db_requests import authenticate_account, save_account
+from trauma.api.security.schemas import RegisterAccountRequest, RegisterAccountWrapper, LoginAccountResponse, \
+    LoginAccountWrapper, LoginAccountRequest
+from trauma.core.security import create_access_token
+
+model: Literal["accounts"] = "accounts"
+
+
+@security_router.post('/register')
+async def register_user(data: RegisterAccountRequest) -> RegisterAccountWrapper:
+    account = await save_account(data)
+    return RegisterAccountWrapper(data=account)
+
+
+@security_router.post('/login')
+async def login(data: LoginAccountRequest) -> LoginAccountWrapper:
+    account = await authenticate_account(data)
+    access_token = create_access_token(account.email, str(account.id))
+    response = LoginAccountResponse(
+        accessToken=AccessToken(value=access_token),
+        account=account,
+    )
+    return LoginAccountWrapper(data=response)

trauma/core/config.py

@@ -0,0 +1,40 @@
+import os
+import pathlib
+from functools import lru_cache
+
+import motor.motor_asyncio
+from dotenv import load_dotenv
+from openai import AsyncClient
+
+load_dotenv()
+
+class BaseConfig:
+    BASE_DIR: pathlib.Path = pathlib.Path(__file__).parent.parent.parent
+    STATIC_DIR = "static"
+    SECRET_KEY = os.getenv('SECRET')
+    DB_CLIENT = motor.motor_asyncio.AsyncIOMotorClient(os.getenv("MONGO_DB_URL")).trauma
+    OPENAI_CLIENT = AsyncClient(api_key=os.getenv('OPENAI_API_KEY'))
+
+
+class DevelopmentConfig(BaseConfig):
+    Issuer = "http://localhost:8000"
+    Audience = "http://localhost:3000"
+
+
+class ProductionConfig(BaseConfig):
+    Issuer = ""
+    Audience = ""
+
+
+@lru_cache()
+def get_settings() -> DevelopmentConfig | ProductionConfig:
+    config_cls_dict = {
+        'development': DevelopmentConfig,
+        'production': ProductionConfig,
+    }
+    config_name = os.getenv('FASTAPI_CONFIG', default='development')
+    config_cls = config_cls_dict[config_name]
+    return config_cls()
+
+
+settings = get_settings()

trauma/core/database.py

@@ -0,0 +1,101 @@
+from datetime import datetime
+from enum import Enum
+from typing import Dict, Any, Type
+
+from bson import ObjectId
+from pydantic import GetCoreSchemaHandler, BaseModel, Field, AnyUrl
+from pydantic.json_schema import JsonSchemaValue
+from pydantic_core import core_schema
+
+
+class PyObjectId:
+    @classmethod
+    def __get_pydantic_core_schema__(
+            cls, source: type, handler: GetCoreSchemaHandler
+    ) -> core_schema.CoreSchema:
+        return core_schema.with_info_after_validator_function(
+            cls.validate, core_schema.str_schema()
+        )
+
+    @classmethod
+    def __get_pydantic_json_schema__(
+            cls, schema: core_schema.CoreSchema, handler: GetCoreSchemaHandler
+    ) -> JsonSchemaValue:
+        return {"type": "string"}
+
+    @classmethod
+    def validate(cls, value: str) -> ObjectId:
+        if not ObjectId.is_valid(value):
+            raise ValueError(f"Invalid ObjectId: {value}")
+        return ObjectId(value)
+
+    def __getattr__(self, item):
+        return getattr(self.__dict__['value'], item)
+
+    def __init__(self, value: str = None):
+        if value is None:
+            self.value = ObjectId()
+        else:
+            self.value = self.validate(value)
+
+    def __str__(self):
+        return str(self.value)
+
+
+class MongoBaseModel(BaseModel):
+    id: str = Field(default_factory=lambda: str(PyObjectId()))
+
+    class Config:
+        arbitrary_types_allowed = True
+
+    def to_mongo(self) -> Dict[str, Any]:
+        def model_to_dict(model: BaseModel) -> Dict[str, Any]:
+            doc = {}
+            for name, value in model._iter():
+                key = model.__fields__[name].alias or name
+
+                if isinstance(value, BaseModel):
+                    doc[key] = model_to_dict(value)
+                elif isinstance(value, list) and all(isinstance(i, BaseModel) for i in value):
+                    doc[key] = [model_to_dict(item) for item in value]
+                elif value and isinstance(value, Enum):
+                    doc[key] = value.value
+                elif isinstance(value, datetime):
+                    doc[key] = value.isoformat()
+                elif value and isinstance(value, AnyUrl):
+                    doc[key] = str(value)
+                else:
+                    doc[key] = value
+
+            return doc
+
+        result = model_to_dict(self)
+        return result
+
+    @classmethod
+    def from_mongo(cls, data: Dict[str, Any]):
+        def restore_enums(inst: Any, model_cls: Type[BaseModel]) -> None:
+            for name, field in model_cls.__fields__.items():
+                value = getattr(inst, name)
+                if field and isinstance(field.annotation, type) and issubclass(field.annotation, Enum):
+                    setattr(inst, name, field.annotation(value))
+                elif isinstance(value, BaseModel):
+                    restore_enums(value, value.__class__)
+                elif isinstance(value, list):
+                    for i, item in enumerate(value):
+                        if isinstance(item, BaseModel):
+                            restore_enums(item, item.__class__)
+                        elif isinstance(field.annotation, type) and issubclass(field.annotation, Enum):
+                            value[i] = field.annotation(item)
+                elif isinstance(value, dict):
+                    for k, v in value.items():
+                        if isinstance(v, BaseModel):
+                            restore_enums(v, v.__class__)
+                        elif isinstance(field.annotation, type) and issubclass(field.annotation, Enum):
+                            value[k] = field.annotation(v)
+
+        if data is None:
+            return None
+        instance = cls(**data)
+        restore_enums(instance, instance.__class__)
+        return instance

trauma/core/security.py

@@ -0,0 +1,72 @@
+from datetime import timedelta, datetime
+
+import anyio
+from fastapi import Depends, HTTPException
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from jose import jwt, JWTError
+from passlib.context import CryptContext
+
+from trauma.api.account.model import AccountModel
+from trauma.core.config import settings
+
+
+def verify_password(plain_password, hashed_password) -> bool:
+    result = CryptContext(schemes=["bcrypt"], deprecated="auto").verify(plain_password, hashed_password)
+    return result
+
+
+def create_access_token(email: str, account_id: str):
+    payload = {
+        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": email,
+        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": account_id,
+        "accountId": account_id,
+        "iss": settings.Issuer,
+        "aud": settings.Audience,
+        "exp": datetime.utcnow() + timedelta(days=30)
+    }
+    encoded_jwt = jwt.encode(payload, settings.SECRET_KEY, algorithm="HS256")
+    return encoded_jwt
+
+
+class PermissionDependency:
+    def __init__(self, is_public: bool = False):
+        self.is_public = is_public
+
+    def __call__(
+            self, credentials: HTTPAuthorizationCredentials | None = Depends(HTTPBearer(auto_error=False))
+    ) -> AccountModel | None:
+        if credentials is None:
+            if self.is_public:
+                return None
+            else:
+                raise HTTPException(status_code=403, detail="Permission denied")
+        try:
+            account_id = self.authenticate_jwt_token(credentials.credentials)
+            account_data = anyio.from_thread.run(self.get_account_by_id, account_id)
+            self.check_account_health(account_data)
+            return account_data
+
+        except JWTError:
+            raise HTTPException(status_code=403, detail="Permission denied")
+
+    async def get_account_by_id(self, account_id: str) -> AccountModel:
+        account = await settings.DB_CLIENT.accounts.find_one({"id": account_id})
+        return AccountModel.from_mongo(account)
+
+    @staticmethod
+    def check_account_health(account: AccountModel):
+        if not account:
+            raise HTTPException(status_code=403, detail="Permission denied")
+
+    def authenticate_jwt_token(self, token: str) -> str:
+        payload = jwt.decode(token,
+                             settings.SECRET_KEY,
+                             algorithms="HS256",
+                             audience=settings.Audience)
+        email: str = payload.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")
+        account_id = payload.get("accountId")
+
+        if email is None or account_id is None:
+            raise HTTPException(status_code=403, detail="Permission denied")
+
+        return account_id

trauma/core/wrappers.py

@@ -0,0 +1,44 @@
+from functools import wraps
+from typing import Generic, Optional, TypeVar
+
+from fastapi import HTTPException
+from pydantic import BaseModel
+from starlette.responses import JSONResponse
+
+from trauma.core.config import settings
+
+T = TypeVar('T')
+
+
+class ErrorTraumaResponse(BaseModel):
+    message: str
+
+
+class TraumaResponseWrapper(BaseModel, Generic[T]):
+    data: Optional[T] = None
+    successful: bool = True
+    error: Optional[ErrorTraumaResponse] = None
+
+    def response(self, status_code: int):
+        return JSONResponse(
+            status_code=status_code,
+            content={
+                "data": self.data,
+                "successful": self.successful,
+                "error": self.error.dict() if self.error else None
+            }
+        )
+
+
+def exception_wrapper(http_error: int, error_message: str):
+    def decorator(func):
+        @wraps(func)
+        async def wrapper(*args, **kwargs):
+            try:
+                return await func(*args, **kwargs)
+            except Exception as e:
+                raise HTTPException(status_code=http_error, detail=error_message) from e
+
+        return wrapper
+
+    return decorator