Update server config, docker-compose and add test scripts

b4329aaa · Vũ Hoàng Anh · 79dfe7d5 · b4329aaa · b4329aaa · b4329aaa
Commit b4329aaa authored Jan 21, 2026 by Vũ Hoàng Anh
6 changed files
--- a/backend/agent/system_prompt.txt
+++ b/backend/agent/system_prompt.txt
@@ -7,22 +7,13 @@ Bạn là CiCi - Chuyên viên tư vấn thời trang CANIFA.
 ---
-# QUY TẮC TRUNG THỰC - BẮT BUỘC
 KHÔNG BAO GIỜ BỊA ĐẶT - CHỈ NÓI THEO DỮ LIỆU
+ĐÚNG:
-**ĐÚNG:**
+Tool trả về áo thun → Giới thiệu áo thun
- Tool trả về áo thun → Giới thiệu áo thun
+Tool trả về 0 sản phẩm → Nói "Shop chưa có sản phẩm này"
- Tool trả về 0 sản phẩm → Nói "Shop chưa có sản phẩm này"
+Tool trả về quần nỉ mà khách hỏi bikini → Nói "Shop chưa có bikini"
- Tool trả về quần nỉ mà khách hỏi bikini → Nói "Shop chưa có bikini"
+Khách hỏi giá online vs offline mà không có data → "Mình không rõ chi tiết so sánh giá, bạn có thể xem trực tiếp trên web hoặc liên hệ hotline nhé"
-**CẤM:**
- Tool trả về quần nỉ → Gọi là "đồ bơi"
- Tool trả về 0 kết quả → Nói "shop có sản phẩm X"
- Tự bịa mã sản phẩm, giá tiền, chính sách
-Không có trong data = Không nói = Không tư vấn láo
 ---
 # NGÔN NGỮ & XƯNG HÔ

--- a/backend/api/prompt_route.py
+++ b/backend/api/prompt_route.py
 from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
 import os
+import re
 from agent.graph import reset_graph
 router = APIRouter()
 PROMPT_FILE_PATH = os.path.join(os.path.dirname(__file__), "../agent/system_prompt.txt")
+# Allowed variables in prompt (single braces OK for these)
+ALLOWED_VARIABLES = {"date_str"}
 class PromptUpdateRequest(BaseModel):
    content: str
+def validate_prompt_braces(content: str) -> tuple[bool, list[str]]:
+    """
+    Validate that all braces in prompt are properly escaped.
+    Returns (is_valid, list of problematic patterns)
+    """
+    # Find all {word} patterns
+    single_brace_pattern = re.findall(r'\{([^{}]+)\}', content)
+    # Filter out allowed variables
+    problematic = [
+        var for var in single_brace_pattern 
+        if var.strip() not in ALLOWED_VARIABLES and not var.startswith('{')
+    ]
+    return len(problematic) == 0, problematic
 @router.get("/api/agent/system-prompt")
 async def get_system_prompt_content():
    """Get current system prompt content"""
-    # ... existing code ...
    try:
        if os.path.exists(PROMPT_FILE_PATH):
            with open(PROMPT_FILE_PATH, "r", encoding="utf-8") as f:
@@ -28,6 +47,19 @@ async def get_system_prompt_content():
 async def update_system_prompt_content(request: PromptUpdateRequest):
    """Update system prompt content"""
    try:
+        # Validate braces
+        is_valid, problematic = validate_prompt_braces(request.content)
+        if not is_valid:
+            # Return warning but still allow save
+            warning = (
+                f"⚠️ Phát hiện {{...}} chưa escape: {problematic[:3]}... "
+                f"Nếu đây là JSON, hãy dùng {{{{ }}}} thay vì {{ }}. "
+                f"Prompt vẫn được lưu nhưng có thể gây lỗi khi chat."
+            )
+        else:
+            warning = None
        # 1. Update file
        with open(PROMPT_FILE_PATH, "w", encoding="utf-8") as f:
            f.write(request.content)
@@ -35,6 +67,14 @@ async def update_system_prompt_content(request: PromptUpdateRequest):
        # 2. Reset Graph Singleton to force reload prompt
        reset_graph()
-        return {"status": "success", "message": "System prompt updated successfully. Graph reloaded."}
+        response = {
+            "status": "success", 
+            "message": "System prompt updated successfully. Graph reloaded."
+        }
+        if warning:
+            response["warning"] = warning
+        return response
    except Exception as e:
        raise HTTPException(status_code=500, detail=str(e))
--- a/backend/common/middleware.py
+++ b/backend/common/middleware.py
@@ -4,6 +4,7 @@ Singleton Pattern cho cả 2 services
 """
 from __future__ import annotations
+import json
 import logging
 from collections.abc import Callable
 from typing import TYPE_CHECKING
@@ -79,7 +80,25 @@ class CanifaAuthMiddleware(BaseHTTPMiddleware):
        # =====================================================================
        try:
            auth_header = request.headers.get("Authorization")
-            device_id = request.headers.get("device_id", "")
+            # --- Device ID from Body ---
+            device_id = ""
+            if method in ["POST", "PUT", "PATCH"]:
+                try:
+                    body_bytes = await request.body()
+                    async def receive_wrapper():
+                        return {"type": "http.request", "body": body_bytes}
+                    request._receive = receive_wrapper
+                    if body_bytes:
+                        try:
+                            body_json = json.loads(body_bytes)
+                            device_id = body_json.get("device_id", "")
+                        except json.JSONDecodeError:
+                            pass
+                except Exception as e:
+                    logger.warning(f"Error reading device_id from body: {e}")
            # ========== DEV MODE: Bypass auth ==========
            dev_user_id = request.headers.get("X-Dev-User-Id")
@@ -133,7 +152,7 @@ class CanifaAuthMiddleware(BaseHTTPMiddleware):
            request.state.user = None
            request.state.user_id = None
            request.state.is_authenticated = False
-            request.state.device_id = request.headers.get("device_id", "")
+            request.state.device_id = ""
        # =====================================================================
        # STEP 2: RATE LIMIT CHECK (Chỉ cho các path cần limit)

--- a/backend/docker-compose.yml
+++ b/backend/docker-compose.yml
@@ -15,8 +15,18 @@ services:
      resources:
        limits:
          memory: 8g
+    networks:
+      - backend_network
    logging:
      driver: "json-file"
      options:
        tag: "{{.Name}}"
+networks:
+  backend_network:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.24.0.0/16"
+          gateway: "172.24.0.1"
--- a/backend/manual_test_chat.py
+++ b/backend/manual_test_chat.py
+import requests
+import json
+import time
+url = "http://localhost:5000/api/agent/chat"
+token = "071w198x23ict4hs1i6bl889fit5p3f7"
+headers = {
+    "Content-Type": "application/json",
+    "Authorization": f"Bearer {token}"
+}
+payload = {
+    "user_query": "tư vấn cho mình áo hoodie"
+}
+print(f"Sending AUTHENTICATED POST request to {url}...")
+print(f"Token: {token}")
+start = time.time()
+try:
+    response = requests.post(url, json=payload, headers=headers, timeout=120)
+    print(f"Status Code: {response.status_code}")
+    print(f"Time taken: {time.time() - start:.2f}s")
+    if response.status_code == 200:
+        data = response.json()
+        print("Response JSON:")
+        # Print limit info specifically to check if limit increased to USER level (100)
+        if "limit_info" in data:
+            print("Limit Info:", json.dumps(data["limit_info"], indent=2))
+        else:
+            print(json.dumps(data, indent=2, ensure_ascii=False))
+    else:
+        print("Error Response:")
+        print(response.text)
+except Exception as e:
+    print(f"Error: {e}")
--- a/backend/test_auth_verify.py
+++ b/backend/test_auth_verify.py
+import httpx
+import asyncio
+import logging
+# Configure logging
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+async def test_auth():
+    url = "http://localhost:5000/api/agent/chat"
+    # 1. Test GUEST Mode (No Token)
+    logger.info("--- TEST 1: GUEST MODE (No Token) ---")
+    payload_guest = {
+        "device_id": "device_guest_123",
+        "user_query": "hello guest"
+    }
+    try:
+        async with httpx.AsyncClient(timeout=10.0) as client:
+            resp = await client.post(url, json=payload_guest)
+            if resp.status_code == 200:
+                data = resp.json()
+                limit = data.get("limit_info", {}).get("limit")
+                used = data.get("limit_info", {}).get("used")
+                logger.info(f"✅ Guest Response Limit: {limit} (Expected 10)")
+                if limit == 10:
+                     logger.info("=> Logic Guest OK")
+                else:
+                     logger.error(f"=> Logic Guest FAILED (Limit is {limit})")
+            else:
+                logger.error(f"Request failed: {resp.text}")
+    except Exception as e:
+        logger.error(f"Error Test 1: {e}")
+    # 2. Test USER Mode (With Token)
+    logger.info("\n--- TEST 2: USER MODE (With Access Token) ---")
+    token = "071w198x23ict4hs1i6bl889fit5p3f7"
+    payload_user = {
+        "device_id": "device_user_123", # device_id này sẽ bị ignore nếu token valid
+        "user_query": "hello user"
+    }
+    headers = {
+        "Authorization": f"Bearer {token}"
+    }
+    try:
+        async with httpx.AsyncClient(timeout=20.0) as client:
+            resp = await client.post(url, json=payload_user, headers=headers)
+            if resp.status_code == 200:
+                data = resp.json()
+                limit = data.get("limit_info", {}).get("limit")
+                used = data.get("limit_info", {}).get("used")
+                logger.info(f"✅ User Response Limit: {limit} (Expected 100)")
+                if limit == 100:
+                     logger.info("=> Logic User OK (Prioritized Token over DeviceID)")
+                elif limit == 10:
+                     logger.warning("=> Logic User FAILED (Still Guest Mode). Token might be invalid or Canifa API unreachable.")
+                else:
+                     logger.info(f"=> Unexpected Limit: {limit}")
+            elif resp.status_code == 429:
+                logger.warning("Rate limit exceeded for this user/device.")
+            else:
+                logger.error(f"Request failed: {resp.status_code} - {resp.text}")
+    except Exception as e:
+        logger.error(f"Error Test 2: {e}")
+if __name__ == "__main__":
+    asyncio.run(test_auth())