ModernLeft/athena-archive-api
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity Actions
No description
3 commits 4 branches 0 tags 14 MiB
  • Python 99.4%
  • Dockerfile 0.3%
  • Mako 0.1%
  • Makefile 0.1%
Find a file
Exact
Nathan Price 4e070300ec
All checks were successful
Run pytest tests / test (push) Successful in 1m54s
Details
Merge pull request 'Configure Renovate' (#2) from renovate/configure into main 
Reviewed-on: #2
2026-01-19 17:09:07 +00:00
.forgejo/workflows Initial public release 2026-01-17 17:03:33 -05:00
.kilocode/rules Initial public release 2026-01-17 17:03:33 -05:00
.vscode Initial public release 2026-01-17 17:03:33 -05:00
migrations Initial public release 2026-01-17 17:03:33 -05:00
scripts Initial public release 2026-01-17 17:03:33 -05:00
src/athena_archive_api Initial public release 2026-01-17 17:03:33 -05:00
tests Initial public release 2026-01-17 17:03:33 -05:00
.dockerignore Initial public release 2026-01-17 17:03:33 -05:00
.env.example Initial public release 2026-01-17 17:03:33 -05:00
.gitignore Initial public release 2026-01-17 17:03:33 -05:00
.python-version Initial public release 2026-01-17 17:03:33 -05:00
alembic.ini Initial public release 2026-01-17 17:03:33 -05:00
compose.yaml Initial public release 2026-01-17 17:03:33 -05:00
Dockerfile Initial public release 2026-01-17 17:03:33 -05:00
Makefile Initial public release 2026-01-17 17:03:33 -05:00
placeholder_300x300.webp Initial public release 2026-01-17 17:03:33 -05:00
pyproject.toml Initial public release 2026-01-17 17:03:33 -05:00
README.md Initial public release 2026-01-17 17:03:33 -05:00
renovate.json Add renovate.json 2026-01-18 12:01:25 +00:00
uv.lock Initial public release 2026-01-17 17:03:33 -05:00
VERSIONING.md Initial public release 2026-01-17 17:03:33 -05:00

README.md

Athena Archive API

A FastAPI-based digital archive management system with OAuth2 authentication via Authentik.

Requirements:

  • MySQL 8.4 LTS (MariaDB not supported - requires JSON type)
  • Python 3.13+
  • Authentik SSO provider

Notes:

  • A system user is created with id 1000 on startup
  • All GET endpoints are public
  • POST/PUT/DELETE operations require authentication
  • Admin endpoints require 'admin' or 'system' role

Quick Start

# Install dependencies
uv sync

# Run migrations
make migrate

# Start development server
make run

Authentication

This API uses OAuth2 bearer token authentication via Authentik.

Development Mode (Local Testing)

For local development, you can bypass OAuth with static tokens:

  1. Set DEV_MODE=true in .env (already set by default)
  2. Use one of the following tokens:
    • devtoken - Regular user (can create/edit resources)
    • devadmintoken - Admin user (can access admin endpoints)

In FastAPI docs (/docs):

  1. Click "Authorize" button
  2. Enter: devtoken (or devadmintoken for admin access)
  3. Test any protected endpoints

With curl:

# Regular user
curl -H "Authorization: Bearer devtoken" http://localhost:8000/auth/me

# Admin user
curl -H "Authorization: Bearer devadmintoken" http://localhost:8000/auth/me

IMPORTANT: Set DEV_MODE=false in production!

Production Authentication

Use the interactive API docs at http://localhost:8000/docs to test with real Authentik tokens:

  1. Click the "Authorize" button
  2. Enter your bearer token from Authentik
  3. Test any protected endpoints

Making Authenticated Requests

# Get current user info
curl -H "Authorization: Bearer $TOKEN" http://localhost:8000/auth/me

# Create an item (requires authentication)
curl -X POST -H "Authorization: Bearer $TOKEN" http://localhost:8000/item/

User Roles

  • Researcher:
    • search and read privileges of public and private content.
    • This is the default role for new users.
    • Sidebar Visibility:
      • All links in the "Content" Category
      • "Workflow" Category: Add potential content, view "unprocessed" list.\
    • Cannot create, edit, or delete content.
  • Author:
    • all permissions of Researcher.
    • create, edit, and delete own items and media.
    • additional sidebar visibility:
      • "Workflow" Category: Orphaned items and Orphaned media.
  • Editor:
    • all permissions of Author.
    • create, edit, any items and media.
  • Supervisor:
    • all permissions of Editor.
    • additional sidebar visibility:
      • "Administration" Category: User Management, view and run tasks.
  • Global Administrator: full installation privileges.

Users are automatically created on first login from Authentik JWT claims.

Development

Importing legacy Omeka S database models into Omeka-S-Py

Get a copy of your Omeka database:

sudo mysqldump -u root -p Omeka > omeka_backup.sql
# move the sql file to the data/ directory

Set up and run the Docker container:

docker-compose up -d

Database

https://alembic.sqlalchemy.org/en/latest/ops.html

Generate SQLAlchemy models from existing database

uv add sqlacodegen sqlalchemy pymysql cryptography
uv run python -m sqlacodegen "mysql+pymysql://root:password@localhost:3306/omeka" --outfile models_sa.py
uv remove sqlacodegen sqlalchemy pymysql cryptography

Initial Alembic setup and migration

uv run python -m alembic init migrations
uv run python -m alembic revision --autogenerate -m "Initial migrations"
uv run python -m alembic upgrade head

Display the current revision for a database: alembic current View migrations history: alembic history --verbose Revert all migrations: alembic downgrade base Revert migrations one by one: alembic downgrade -1 Apply all migrations:alembic upgrade head Apply migrations one by one: alembic upgrade +1 Display all raw SQL: alembic upgrade head --sql Reset the database: alembic downgrade base && alembic upgrade head

https://medium.com/@johnidouglasmarangon/using-migrations-in-python-sqlalchemy-with-alembic-docker-solution-bd79b219d6a

Squash Migrations

DO NO COMMIT THE SQUASHED MIGRATION FOR PRODUCTION USE WITHOUT TESTING FIRST

# delete old revision files
rm -f migrations/versions/*.py
uv run python -m alembic revision -m "squashed migration"
uv run python -m alembic stamp head --purge
uv run python -m alembic current