✨ (backend) Add document search view.

New API view that calls the indexed documents search view (resource server) of app "Find".

Signed-off-by: Fabre Florian <ffabre@hybird.org>

Author: joehybird

env.d/development/common

@@ -49,6 +49,11 @@ LOGOUT_REDIRECT_URL=http://localhost:3000
 OIDC_REDIRECT_ALLOWED_HOSTS=["http://localhost:8083", "http://localhost:3000"]
 OIDC_AUTH_REQUEST_EXTRA_PARAMS={"acr_values": "eidas1"}
 
+# Store OIDC tokens in the session
+OIDC_STORE_ACCESS_TOKEN = True  # Store the access token in the session
+OIDC_STORE_REFRESH_TOKEN = True  # Store the encrypted refresh token in the session
+OIDC_STORE_REFRESH_TOKEN_KEY = "uoJc422rSQjOXx6QIU5NOXSxeiycT47NrGQIBTWsjFU="
+
 # AI
 AI_FEATURE_ENABLED=true
 AI_BASE_URL=https://openaiendpoint.com

src/backend/core/api/serializers.py

@@ -821,3 +821,17 @@ class MoveDocumentSerializer(serializers.Serializer):
         choices=enums.MoveNodePositionChoices.choices,
         default=enums.MoveNodePositionChoices.LAST_CHILD,
     )
+
+
+class FindDocumentSerializer(serializers.Serializer):
+    """Serializer for Find search requests"""
+
+    q = serializers.CharField(required=True)
+
+    def validate_q(self, value):
+        """Ensure the text field is not empty."""
+
+        if len(value.strip()) == 0:
+            raise serializers.ValidationError("Text field cannot be empty.")
+
+        return value

src/backend/core/api/viewsets.py

@@ -21,6 +21,7 @@
 from django.db.models.functions import Left, Length
 from django.http import Http404, StreamingHttpResponse
 from django.urls import reverse
+from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.text import capfirst, slugify
 from django.utils.translation import gettext_lazy as _
@@ -31,6 +32,7 @@
 from csp.constants import NONE
 from csp.decorators import csp_update
 from lasuite.malware_detection import malware_detection
+from lasuite.oidc_login.decorators import refresh_oidc_access_token
 from rest_framework import filters, status, viewsets
 from rest_framework import response as drf_response
 from rest_framework.permissions import AllowAny
@@ -47,6 +49,7 @@
 from core.services.converter_services import (
     YdocConverter,
 )
+from core.services.search_indexers import FindDocumentIndexer
 from core.tasks.mail import send_ask_for_access_mail
 from core.utils import extract_attachments, filter_descendants
 
@@ -367,6 +370,7 @@ class DocumentViewSet(
     list_serializer_class = serializers.ListDocumentSerializer
     trashbin_serializer_class = serializers.ListDocumentSerializer
     tree_serializer_class = serializers.ListDocumentSerializer
+    search_serializer_class = serializers.ListDocumentSerializer
 
     def get_queryset(self):
         """Get queryset performing all annotation and filtering on the document tree structure."""
@@ -997,10 +1001,37 @@ def duplicate(self, request, *args, **kwargs):
             {"id": str(duplicated_document.id)}, status=status.HTTP_201_CREATED
         )
 
-    # TODO
-    # @drf.decorators.action(detail=False, methods=["get"])
-    # def search(self, request, *args, **kwargs):
-    #    index.search()
+    @drf.decorators.action(detail=False, methods=["get"], url_path="search")
+    @method_decorator(refresh_oidc_access_token)
+    def search(self, request, *args, **kwargs):
+        """
+        Returns a DRF response containing the filtered, annotated and ordered document list.
+        The filtering allows full text search through the opensearch indexation app "find".
+        """
+        access_token = request.session.get("oidc_access_token")
+
+        serializer = serializers.FindDocumentSerializer(data=request.query_params)
+        serializer.is_valid(raise_exception=True)
+
+        try:
+            indexer = FindDocumentIndexer()
+            queryset = indexer.search(
+                text=serializer.validated_data.get("q", ""),
+                user=request.user,
+                token=access_token,
+            )
+        except RuntimeError:
+            return drf.response.Response(
+                {"detail": "The service is not configured properly."},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        return self.get_response_for_queryset(
+            queryset,
+            context={
+                "request": request,
+            },
+        )
 
     @drf.decorators.action(detail=True, methods=["get"], url_path="versions")
     def versions_list(self, request, *args, **kwargs):

src/backend/core/models.py

@@ -41,8 +41,8 @@
     RoleChoices,
     get_equivalent_link_definition,
 )
-from .validators import sub_validator
 from .tasks.find import trigger_document_indexer
+from .validators import sub_validator
 
 logger = getLogger(__name__)
 

src/backend/core/services/search_indexers.py

@@ -48,19 +48,19 @@ def get_batch_accesses_by_users_and_teams(paths):
 
 
 def get_visited_document_ids_of(user):
+    """
+    Returns the ids of the documents that have a linktrace to the user and NOT owned.
+    It will be use to limit the opensearch responses to the public documents already
+    "visited" by the user.
+    """
     if isinstance(user, AnonymousUser):
         return []
 
-    # TODO : exclude links when user already have a specific access to the doc
-    qs = models.LinkTrace.objects.filter(
-        user=user
-    ).exclude(
+    qs = models.LinkTrace.objects.filter(user=user).exclude(
         document__accesses__user=user,
     )
 
-    return list({
-        str(id) for id in qs.values_list("document_id", flat=True)
-    })
+    return list({str(id) for id in qs.values_list("document_id", flat=True)})
 
 
 class BaseDocumentIndexer(ABC):
@@ -129,13 +129,14 @@ def search(self, text, user, token):
         """
         visited_ids = get_visited_document_ids_of(user)
 
-        response = self.search_query(data={
-            "q": text,
-            "visited": visited_ids,
-            "services": ["docs"],
-        }, token=token)
-
-        print(response)
+        response = self.search_query(
+            data={
+                "q": text,
+                "visited": visited_ids,
+                "services": ["docs"],
+            },
+            token=token,
+        )
 
         return self.format_response(response)
 
@@ -207,7 +208,7 @@ def search_query(self, data, token) -> requests.Response:
 
         if not url:
             raise RuntimeError(
-                "SEARCH_INDEXER_QUERY_URL must be set in Django settings before indexing."
+                "SEARCH_INDEXER_QUERY_URL must be set in Django settings before search."
             )
 
         try:
@@ -228,9 +229,7 @@ def format_response(self, data: dict):
         """
         Retrieve documents ids from Find app response and return a queryset.
         """
-        return models.Document.objects.filter(pk__in=[
-            d['_id'] for d in data
-        ])
+        return models.Document.objects.filter(pk__in=[d["_id"] for d in data])
 
     def push(self, data):
         """

src/backend/core/tasks/find.py

@@ -86,7 +86,8 @@ def _aux():
 
         logger.info(
             "Add task for document %s indexation in %.2f seconds",
-            document.pk, countdown
+            document.pk,
+            countdown,
         )
 
         # Each time this method is called during the countdown, we increment the

src/backend/core/tests/commands/test_index.py

@@ -21,7 +21,7 @@ def test_index():
 
     with transaction.atomic():
         doc = factories.DocumentFactory()
-        empty_doc = factories.DocumentFactory(title=None, content='')
+        empty_doc = factories.DocumentFactory(title=None, content="")
         no_title_doc = factories.DocumentFactory(title=None)
 
         factories.UserDocumentAccessFactory(document=doc, user=user)
@@ -43,7 +43,10 @@ def sortkey(d):
         push_call_args = [call.args[0] for call in mock_push.call_args_list]
 
         assert len(push_call_args) == 1  # called once but with a batch of docs
-        assert sorted(push_call_args[0], key=sortkey) == sorted([
-            indexer.serialize_document(doc, accesses),
-            indexer.serialize_document(no_title_doc, accesses),
-        ], key=sortkey)
+        assert sorted(push_call_args[0], key=sortkey) == sorted(
+            [
+                indexer.serialize_document(doc, accesses),
+                indexer.serialize_document(no_title_doc, accesses),
+            ],
+            key=sortkey,
+        )

src/backend/core/tests/documents/test_api_documents_search.py

@@ -0,0 +1,137 @@
+"""
+Tests for Documents API endpoint in impress's core app: list
+"""
+
+import pytest
+import responses
+from faker import Faker
+from rest_framework.test import APIClient
+
+from core import factories, models
+
+fake = Faker()
+pytestmark = pytest.mark.django_db
+
+
+@pytest.mark.parametrize("role", models.LinkRoleChoices.values)
+@pytest.mark.parametrize("reach", models.LinkReachChoices.values)
+@responses.activate
+def test_api_documents_search_anonymous(reach, role, settings):
+    """
+    Anonymous users should not be allowed to search documents whatever the
+    link reach and link role
+    """
+    factories.DocumentFactory(link_reach=reach, link_role=role)
+    settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    factories.DocumentFactory(link_reach=reach, link_role=role)
+
+    # Find response
+    responses.add(
+        responses.POST,
+        "http://find/api/v1.0/search",
+        json=[],
+        status=200,
+    )
+
+    response = APIClient().get("/api/v1.0/documents/search/", data={"q": "alpha"})
+
+    assert response.status_code == 200
+    assert response.json() == {
+        "count": 0,
+        "next": None,
+        "previous": None,
+        "results": [],
+    }
+
+
+def test_api_documents_search_endpoint_is_none(settings):
+    """Missing SEARCH_INDEXER_QUERY_URL should throw an error"""
+    settings.SEARCH_INDEXER_QUERY_URL = None
+
+    user = factories.UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    response = APIClient().get("/api/v1.0/documents/search/", data={"q": "alpha"})
+
+    assert response.status_code == 401
+    assert response.json() == {"detail": "The service is not configured properly."}
+
+
+@responses.activate
+def test_api_documents_search_invalid_params(settings):
+    """Validate the format of documents as returned by the search view."""
+    settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    user = factories.UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    response = APIClient().get("/api/v1.0/documents/search/")
+
+    assert response.status_code == 400
+    assert response.json() == {"q": ["This field is required."]}
+
+
+@responses.activate
+def test_api_documents_search_format(settings):
+    """Validate the format of documents as returned by the search view."""
+    settings.SEARCH_INDEXER_QUERY_URL = "http://find/api/v1.0/search"
+
+    user = factories.UserFactory()
+
+    client = APIClient()
+    client.force_login(user)
+
+    user_a, user_b, user_c = factories.UserFactory.create_batch(3)
+    document = factories.DocumentFactory(
+        title="alpha",
+        users=(user_a, user_c),
+        link_traces=(user, user_b),
+    )
+    access = factories.UserDocumentAccessFactory(document=document, user=user)
+
+    # Find response
+    responses.add(
+        responses.POST,
+        "http://find/api/v1.0/search",
+        json=[
+            {"_id": str(document.pk)},
+        ],
+        status=200,
+    )
+    response = client.get("/api/v1.0/documents/search/", data={"q": "alpha"})
+
+    assert response.status_code == 200
+    content = response.json()
+    results = content.pop("results")
+    assert content == {
+        "count": 1,
+        "next": None,
+        "previous": None,
+    }
+    assert len(results) == 1
+    assert results[0] == {
+        "id": str(document.id),
+        "abilities": document.get_abilities(user),
+        "ancestors_link_reach": None,
+        "ancestors_link_role": None,
+        "computed_link_reach": document.computed_link_reach,
+        "computed_link_role": document.computed_link_role,
+        "created_at": document.created_at.isoformat().replace("+00:00", "Z"),
+        "creator": str(document.creator.id),
+        "depth": 1,
+        "excerpt": document.excerpt,
+        "link_reach": document.link_reach,
+        "link_role": document.link_role,
+        "nb_accesses_ancestors": 3,
+        "nb_accesses_direct": 3,
+        "numchild": 0,
+        "path": document.path,
+        "title": document.title,
+        "updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
+        "user_role": access.role,
+    }