Files
jigoong a587be08bd feat: MinIO integration — bucket finance, API service upload, Nginx routing
- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks
  (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite)
- 03-apiservice: integrate MinIO minio-python SDK for file upload
  - requirements.txt: add minio==7.2.11
  - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL
  - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file()
  - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket
  - docker-compose.yml: pass MinIO env vars to container
  - .env.example: document MinIO vars
- 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section
- 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide
- CLAUDE.md: project context (servers, SSH, paths, service distribution)
- document-obsidiant/: initial Obsidian docs for all services
2026-05-20 17:42:39 +07:00

252 lines
5.8 KiB
Markdown

---
tags:
- project/sriphat
- apiservice
- fastapi
- python
created: 2026-05-07
status: active
folder: 03-apiservice
---
# API Service (03-apiservice)
> **Docker Compose:** `03-apiservice/docker-compose.yml`
> **Env File:** `03-apiservice/.env`
> **Language:** Python / FastAPI
## Overview
Custom FastAPI service สำหรับ:
- รับข้อมูล Checkpoint จาก HIS (Hospital Information System)
- จัดการ API Keys แบบ permission-based
- Admin UI สำหรับบริหาร API Clients
- รองรับ Keycloak SSO สำหรับหน้าเว็บ Admin
## Container
| รายการ | ค่า |
|--------|-----|
| **Container** | `apiservice` |
| **Image** | `03-apiservice-apiservice:latest` (build local) |
| **Port** | `8040:8040` |
| **URL** | `https://ai.sriphat.com/apiservice` |
| **Health Check** | `http://localhost:8040/apiservice/docs` |
---
## API Endpoints (หลัก)
### Data Feed Endpoints
```
POST /apiservice/api/v1/feed/checkpoint
```
**Payload ตัวอย่าง:**
```json
[
{
"id": 1,
"hn": 123,
"vn": 456,
"location": "OPD",
"type": "Scan",
"timestamp_in": "2026-02-16T10:00:00",
"timestamp_out": null,
"waiting_time": null,
"bu": "SRIPHAT"
}
]
```
**Required Permission:** `feed.checkpoint:write`
### Admin Endpoints
```
GET /apiservice/admin/ # Admin dashboard
POST /apiservice/admin/api-keys/generate # สร้าง API Key ใหม่
GET /apiservice/admin/api-clients # รายการ API Clients
```
### Documentation
```
GET /apiservice/docs # Swagger UI
GET /apiservice/redoc # ReDoc
```
---
## Database Schema
API Service ใช้ PostgreSQL (Infra) และ Supabase:
### Tables (PostgreSQL Infra)
| Table | ใช้สำหรับ |
|-------|---------|
| `fastapi.ApiClient` | ข้อมูล API Client (ระบบที่ขอใช้ API) |
| `fastapi.ApiKey` | API Keys ที่เข้ารหัสแล้ว |
### Tables (Supabase)
| Table | Schema | ใช้สำหรับ |
|-------|--------|---------|
| `RawWaitingTime` | `operationbi` | ข้อมูล waiting time ดิบ |
| `RawOpdCheckpoint` | — | ข้อมูล OPD checkpoint |
---
## Authentication
### 1. API Key Authentication (สำหรับ System Integration)
```bash
# Request header
Authorization: Bearer <api-key>
# หรือ query param
?api_key=<api-key>
```
API Key สร้างได้จาก Admin UI โดยกำหนด permissions:
- `feed.checkpoint:write` — บันทึกข้อมูล checkpoint
- (สามารถเพิ่ม permissions เพิ่มเติมได้)
### 2. Keycloak SSO (สำหรับ Admin Web UI)
```bash
# Environment variables
KEYCLOAK_SERVER_URL=http://keycloak:8080
KEYCLOAK_REALM=master
KEYCLOAK_CLIENT_ID=apiservice
KEYCLOAK_CLIENT_SECRET=<secret>
KEYCLOAK_REDIRECT_URI=http://localhost:8040/apiservice/auth/callback
```
---
## File Structure
```
03-apiservice/
├── app/
│ ├── api/v1/
│ │ ├── routes.py # API endpoints
│ │ └── schemas.py # Pydantic schemas
│ ├── core/
│ │ └── config.py # Settings / Config
│ ├── db/
│ │ ├── models.py # SQLAlchemy models
│ │ ├── init_db.py # Database initialization
│ │ └── session.py # DB session
│ ├── middleware/ # Custom middleware
│ ├── models/ # Additional models
│ ├── routes/ # Additional routes
│ ├── security/
│ │ ├── api_key.py # API Key handling
│ │ ├── keycloak_auth.py # Keycloak integration
│ │ ├── permissions.py # Permission system
│ │ └── dependencies.py # FastAPI dependencies
│ ├── services/ # Business logic
│ ├── templates/ # HTML templates (Admin UI)
│ └── utils/
│ └── supabase_client.py
├── data/uploads/ # File uploads
├── docker-compose.yml
├── requirements.txt
└── .env
```
---
## Environment Variables
```bash
# Application
APP_NAME=APIsService
ROOT_PATH=/apiservice
TIMEZONE=Asia/Bangkok
# PostgreSQL (Infra DB)
DB_HOST=postgres
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=<secret>
DB_NAME=postgres
DB_SSLMODE=prefer
# Supabase DB (สำหรับ RawOpdCheckpoint)
SUPABASE_DB_HOST=sdp-supabase-db
SUPABASE_DB_PORT=5432
SUPABASE_DB_USER=postgres.1
SUPABASE_DB_NAME=postgres
# Supabase API
SUPABASE_API_URL=http://sdp-kong:8000
SUPABASE_API_KEY=<anon-or-service-role-key>
# Admin
ADMIN_SECRET_KEY=<secret>
ADMIN_USERNAME=admin
ADMIN_PASSWORD=<secret>
API_KEY_ENC_SECRET=<encryption-key>
# Keycloak
KEYCLOAK_SERVER_URL=http://keycloak:8080
KEYCLOAK_REALM=master
KEYCLOAK_CLIENT_ID=apiservice
KEYCLOAK_CLIENT_SECRET=<secret>
KEYCLOAK_REDIRECT_URI=<redirect-url>
# Airflow Integration
AIRFLOW_API_URL=http://airflow-webserver:8080
AIRFLOW_API_TOKEN=<token>
AIRFLOW_DAG_ID_FINANCE=process_finance_excel
# Debug
DEBUG_AUTH=false
LOG_LEVEL=debug
```
---
## Build & Deploy
```bash
# Build image
cd 03-apiservice
docker compose --env-file ../.env.global build
# Start service
docker compose --env-file ../.env.global up -d
# View logs
docker logs apiservice -f
# Restart
docker restart apiservice
```
---
## Airflow Integration
API Service มี integration กับ Apache Airflow:
- ส่ง trigger ไปยัง Airflow DAG
- DAG `process_finance_excel` สำหรับประมวลผล Excel files
ดูรายละเอียดที่ `03-apiservice/AIRFLOW_INTEGRATION.md`
---
## Related
- [[00-Project-Overview]]
- [[01-Infrastructure]]
- [[02-Supabase]]
- [[04-Airflow]]
- [[07-Security-Strategy]]