feat: MinIO integration — bucket finance, API service upload, Nginx routing
- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
This commit is contained in:
@@ -0,0 +1,251 @@
|
||||
---
|
||||
tags:
|
||||
- project/sriphat
|
||||
- apiservice
|
||||
- fastapi
|
||||
- python
|
||||
created: 2026-05-07
|
||||
status: active
|
||||
folder: 03-apiservice
|
||||
---
|
||||
|
||||
# API Service (03-apiservice)
|
||||
|
||||
> **Docker Compose:** `03-apiservice/docker-compose.yml`
|
||||
> **Env File:** `03-apiservice/.env`
|
||||
> **Language:** Python / FastAPI
|
||||
|
||||
## Overview
|
||||
|
||||
Custom FastAPI service สำหรับ:
|
||||
- รับข้อมูล Checkpoint จาก HIS (Hospital Information System)
|
||||
- จัดการ API Keys แบบ permission-based
|
||||
- Admin UI สำหรับบริหาร API Clients
|
||||
- รองรับ Keycloak SSO สำหรับหน้าเว็บ Admin
|
||||
|
||||
## Container
|
||||
|
||||
| รายการ | ค่า |
|
||||
|--------|-----|
|
||||
| **Container** | `apiservice` |
|
||||
| **Image** | `03-apiservice-apiservice:latest` (build local) |
|
||||
| **Port** | `8040:8040` |
|
||||
| **URL** | `https://ai.sriphat.com/apiservice` |
|
||||
| **Health Check** | `http://localhost:8040/apiservice/docs` |
|
||||
|
||||
---
|
||||
|
||||
## API Endpoints (หลัก)
|
||||
|
||||
### Data Feed Endpoints
|
||||
|
||||
```
|
||||
POST /apiservice/api/v1/feed/checkpoint
|
||||
```
|
||||
|
||||
**Payload ตัวอย่าง:**
|
||||
```json
|
||||
[
|
||||
{
|
||||
"id": 1,
|
||||
"hn": 123,
|
||||
"vn": 456,
|
||||
"location": "OPD",
|
||||
"type": "Scan",
|
||||
"timestamp_in": "2026-02-16T10:00:00",
|
||||
"timestamp_out": null,
|
||||
"waiting_time": null,
|
||||
"bu": "SRIPHAT"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
**Required Permission:** `feed.checkpoint:write`
|
||||
|
||||
### Admin Endpoints
|
||||
|
||||
```
|
||||
GET /apiservice/admin/ # Admin dashboard
|
||||
POST /apiservice/admin/api-keys/generate # สร้าง API Key ใหม่
|
||||
GET /apiservice/admin/api-clients # รายการ API Clients
|
||||
```
|
||||
|
||||
### Documentation
|
||||
|
||||
```
|
||||
GET /apiservice/docs # Swagger UI
|
||||
GET /apiservice/redoc # ReDoc
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Database Schema
|
||||
|
||||
API Service ใช้ PostgreSQL (Infra) และ Supabase:
|
||||
|
||||
### Tables (PostgreSQL Infra)
|
||||
|
||||
| Table | ใช้สำหรับ |
|
||||
|-------|---------|
|
||||
| `fastapi.ApiClient` | ข้อมูล API Client (ระบบที่ขอใช้ API) |
|
||||
| `fastapi.ApiKey` | API Keys ที่เข้ารหัสแล้ว |
|
||||
|
||||
### Tables (Supabase)
|
||||
|
||||
| Table | Schema | ใช้สำหรับ |
|
||||
|-------|--------|---------|
|
||||
| `RawWaitingTime` | `operationbi` | ข้อมูล waiting time ดิบ |
|
||||
| `RawOpdCheckpoint` | — | ข้อมูล OPD checkpoint |
|
||||
|
||||
---
|
||||
|
||||
## Authentication
|
||||
|
||||
### 1. API Key Authentication (สำหรับ System Integration)
|
||||
|
||||
```bash
|
||||
# Request header
|
||||
Authorization: Bearer <api-key>
|
||||
|
||||
# หรือ query param
|
||||
?api_key=<api-key>
|
||||
```
|
||||
|
||||
API Key สร้างได้จาก Admin UI โดยกำหนด permissions:
|
||||
- `feed.checkpoint:write` — บันทึกข้อมูล checkpoint
|
||||
- (สามารถเพิ่ม permissions เพิ่มเติมได้)
|
||||
|
||||
### 2. Keycloak SSO (สำหรับ Admin Web UI)
|
||||
|
||||
```bash
|
||||
# Environment variables
|
||||
KEYCLOAK_SERVER_URL=http://keycloak:8080
|
||||
KEYCLOAK_REALM=master
|
||||
KEYCLOAK_CLIENT_ID=apiservice
|
||||
KEYCLOAK_CLIENT_SECRET=<secret>
|
||||
KEYCLOAK_REDIRECT_URI=http://localhost:8040/apiservice/auth/callback
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## File Structure
|
||||
|
||||
```
|
||||
03-apiservice/
|
||||
├── app/
|
||||
│ ├── api/v1/
|
||||
│ │ ├── routes.py # API endpoints
|
||||
│ │ └── schemas.py # Pydantic schemas
|
||||
│ ├── core/
|
||||
│ │ └── config.py # Settings / Config
|
||||
│ ├── db/
|
||||
│ │ ├── models.py # SQLAlchemy models
|
||||
│ │ ├── init_db.py # Database initialization
|
||||
│ │ └── session.py # DB session
|
||||
│ ├── middleware/ # Custom middleware
|
||||
│ ├── models/ # Additional models
|
||||
│ ├── routes/ # Additional routes
|
||||
│ ├── security/
|
||||
│ │ ├── api_key.py # API Key handling
|
||||
│ │ ├── keycloak_auth.py # Keycloak integration
|
||||
│ │ ├── permissions.py # Permission system
|
||||
│ │ └── dependencies.py # FastAPI dependencies
|
||||
│ ├── services/ # Business logic
|
||||
│ ├── templates/ # HTML templates (Admin UI)
|
||||
│ └── utils/
|
||||
│ └── supabase_client.py
|
||||
├── data/uploads/ # File uploads
|
||||
├── docker-compose.yml
|
||||
├── requirements.txt
|
||||
└── .env
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Environment Variables
|
||||
|
||||
```bash
|
||||
# Application
|
||||
APP_NAME=APIsService
|
||||
ROOT_PATH=/apiservice
|
||||
TIMEZONE=Asia/Bangkok
|
||||
|
||||
# PostgreSQL (Infra DB)
|
||||
DB_HOST=postgres
|
||||
DB_PORT=5432
|
||||
DB_USER=postgres
|
||||
DB_PASSWORD=<secret>
|
||||
DB_NAME=postgres
|
||||
DB_SSLMODE=prefer
|
||||
|
||||
# Supabase DB (สำหรับ RawOpdCheckpoint)
|
||||
SUPABASE_DB_HOST=sdp-supabase-db
|
||||
SUPABASE_DB_PORT=5432
|
||||
SUPABASE_DB_USER=postgres.1
|
||||
SUPABASE_DB_NAME=postgres
|
||||
|
||||
# Supabase API
|
||||
SUPABASE_API_URL=http://sdp-kong:8000
|
||||
SUPABASE_API_KEY=<anon-or-service-role-key>
|
||||
|
||||
# Admin
|
||||
ADMIN_SECRET_KEY=<secret>
|
||||
ADMIN_USERNAME=admin
|
||||
ADMIN_PASSWORD=<secret>
|
||||
API_KEY_ENC_SECRET=<encryption-key>
|
||||
|
||||
# Keycloak
|
||||
KEYCLOAK_SERVER_URL=http://keycloak:8080
|
||||
KEYCLOAK_REALM=master
|
||||
KEYCLOAK_CLIENT_ID=apiservice
|
||||
KEYCLOAK_CLIENT_SECRET=<secret>
|
||||
KEYCLOAK_REDIRECT_URI=<redirect-url>
|
||||
|
||||
# Airflow Integration
|
||||
AIRFLOW_API_URL=http://airflow-webserver:8080
|
||||
AIRFLOW_API_TOKEN=<token>
|
||||
AIRFLOW_DAG_ID_FINANCE=process_finance_excel
|
||||
|
||||
# Debug
|
||||
DEBUG_AUTH=false
|
||||
LOG_LEVEL=debug
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Build & Deploy
|
||||
|
||||
```bash
|
||||
# Build image
|
||||
cd 03-apiservice
|
||||
docker compose --env-file ../.env.global build
|
||||
|
||||
# Start service
|
||||
docker compose --env-file ../.env.global up -d
|
||||
|
||||
# View logs
|
||||
docker logs apiservice -f
|
||||
|
||||
# Restart
|
||||
docker restart apiservice
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Airflow Integration
|
||||
|
||||
API Service มี integration กับ Apache Airflow:
|
||||
- ส่ง trigger ไปยัง Airflow DAG
|
||||
- DAG `process_finance_excel` สำหรับประมวลผล Excel files
|
||||
|
||||
ดูรายละเอียดที่ `03-apiservice/AIRFLOW_INTEGRATION.md`
|
||||
|
||||
---
|
||||
|
||||
## Related
|
||||
|
||||
- [[00-Project-Overview]]
|
||||
- [[01-Infrastructure]]
|
||||
- [[02-Supabase]]
|
||||
- [[04-Airflow]]
|
||||
- [[07-Security-Strategy]]
|
||||
Reference in New Issue
Block a user