Refine memory system user-key flow and search output

memory_system_api/api.py

@@ -4,7 +4,7 @@ from __future__ import annotations
 from fastapi import APIRouter, Depends, HTTPException, Query, status
 
 from .auth import verify_api_key
-from .schemas import MessageIngestRequest, SearchRequest, SessionUserRequest
+from .schemas import MessageIngestRequest, SearchRequest, SessionUserRequest, UserCreateRequest
 from .service import MemorySystemService
 
 
@@ -19,17 +19,31 @@ def get_service() -> MemorySystemService:
     return MemorySystemService()
 
 
+def user_auth_error(exc: PermissionError) -> HTTPException:
+    return HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(exc))
+
+
 @router.get("/health")
 async def health(service: MemorySystemService = Depends(get_service)):
     return await service.health()
 
 
+@router.post("/users")
+async def create_user(request: UserCreateRequest, service: MemorySystemService = Depends(get_service)):
+    return await service.create_user(request.user_id)
+
+
 @router.post("/messages")
-async def ingest_messages(request: MessageIngestRequest, service: MemorySystemService = Depends(get_service)):
+async def ingest_messages(
+    request: MessageIngestRequest,
+    service: MemorySystemService = Depends(get_service),
+):
     try:
         return await service.ingest_messages(request)
     except ValueError as exc:
         raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail=str(exc)) from exc
+    except PermissionError as exc:
+        raise user_auth_error(exc) from exc
 
 
 @router.post("/sessions/{session_id}/commit")
@@ -38,7 +52,10 @@ async def commit_session(
     request: SessionUserRequest,
     service: MemorySystemService = Depends(get_service),
 ):
-    return await service.commit_session(request.user_id, session_id)
+    try:
+        return await service.commit_session(request.user_id, request.user_key, session_id)
+    except PermissionError as exc:
+        raise user_auth_error(exc) from exc
 
 
 @router.post("/sessions/{session_id}/extract")
@@ -47,23 +64,50 @@ async def extract_session(
     request: SessionUserRequest,
     service: MemorySystemService = Depends(get_service),
 ):
-    return await service.extract_session(request.user_id, session_id)
+    try:
+        return await service.extract_session(request.user_id, request.user_key, session_id)
+    except PermissionError as exc:
+        raise user_auth_error(exc) from exc
 
 
 @router.get("/openviking/tasks/{task_id}")
 async def get_openviking_task(
     task_id: str,
     user_id: str = Query(min_length=1),
+    user_key: str = Query(min_length=1),
+    session_id: str | None = Query(default=None, min_length=1),
     service: MemorySystemService = Depends(get_service),
 ):
-    return await service.get_openviking_task(user_id, task_id)
+    try:
+        return await service.get_openviking_task(
+            user_id,
+            user_key,
+            task_id,
+            session_id=session_id,
+        )
+    except PermissionError as exc:
+        raise user_auth_error(exc) from exc
 
 
 @router.post("/search")
-async def search(request: SearchRequest, service: MemorySystemService = Depends(get_service)):
-    return await service.search(request)
+async def search(
+    request: SearchRequest,
+    service: MemorySystemService = Depends(get_service),
+):
+    try:
+        return await service.search(request)
+    except PermissionError as exc:
+        raise user_auth_error(exc) from exc
 
 
 @router.get("/users/{user_id}/profile")
-async def get_profile(user_id: str, service: MemorySystemService = Depends(get_service)):
+async def get_profile(
+    user_id: str,
+    user_key: str = Query(min_length=1),
+    service: MemorySystemService = Depends(get_service),
+):
+    try:
+        service.openviking.credential_for_user(user_id, user_key)
+    except PermissionError as exc:
+        raise user_auth_error(exc) from exc
     return await service.get_profile(user_id)