harden memory edits and uploads

core/api.py

@@ -9,7 +9,7 @@ from .config import GatewayConfig
 from .db import init_db
 from .everos_client import EverOSClient
 from .repository import MemoryRepository
-from .service import MemoryGatewayService
+from .service import MemoryGatewayService, UnsupportedContentType, UploadTooLarge
 
 
 class SearchMemoriesRequest(BaseModel):
@@ -28,14 +28,14 @@ class SearchMemoriesRequest(BaseModel):
 class MemoryOverrideRequest(BaseModel):
     user_id: str = Field(min_length=1)
     user_key: str = Field(min_length=1)
-    session_id: str | None = None
+    session_id: str = Field(min_length=1)
     override_text: str = Field(min_length=1)
 
 
 class MemoryDeleteRequest(BaseModel):
     user_id: str = Field(min_length=1)
     user_key: str = Field(min_length=1)
-    session_id: str | None = None
+    session_id: str = Field(min_length=1)
     reason: str | None = None
 
 
@@ -51,7 +51,10 @@ def create_app(
     cfg = config or GatewayConfig.from_env()
     init_db(cfg.database_path)
     repository = MemoryRepository(cfg.database_path)
-    client = everos_client or EverOSClient(cfg.everos_base_url)
+    client = everos_client or EverOSClient(
+        cfg.everos_base_url,
+        timeout=cfg.everos_timeout_seconds,
+    )
     service = MemoryGatewayService(cfg, repository, client)
 
     app = FastAPI(title="memory-gateway2", version="0.1.0")
@@ -105,14 +108,19 @@ def create_app(
         file: UploadFile = File(...),
     ) -> dict[str, Any]:
         require_user(user_id, user_key)
-        return await service.upload_resource(
-            user_id=user_id,
-            app_id=app_id,
-            project_id=project_id,
-            file=file,
-            title=title,
-            description=description,
-        )
+        try:
+            return await service.upload_resource(
+                user_id=user_id,
+                app_id=app_id,
+                project_id=project_id,
+                file=file,
+                title=title,
+                description=description,
+            )
+        except UploadTooLarge as exc:
+            raise HTTPException(status_code=413, detail=str(exc)) from exc
+        except UnsupportedContentType as exc:
+            raise HTTPException(status_code=415, detail=str(exc)) from exc
 
     @router.get("/resources")
     async def list_resources(
@@ -167,6 +175,10 @@ def create_app(
         request: MemoryOverrideRequest,
     ) -> dict[str, Any]:
         require_user(request.user_id, request.user_key)
+        try:
+            service.assert_memory_session_owned(request.user_id, request.session_id)
+        except PermissionError as exc:
+            raise HTTPException(status_code=403, detail=str(exc)) from exc
         return service.upsert_override(
             user_id=request.user_id,
             memory_id=memory_id,
@@ -180,6 +192,10 @@ def create_app(
         request: MemoryDeleteRequest,
     ) -> dict[str, Any]:
         require_user(request.user_id, request.user_key)
+        try:
+            service.assert_memory_session_owned(request.user_id, request.session_id)
+        except PermissionError as exc:
+            raise HTTPException(status_code=403, detail=str(exc)) from exc
         return service.delete_memory(
             user_id=request.user_id,
             memory_id=memory_id,