feat(clean-release): complete compliance redesign phases and polish tasks T047-T052

backend/src/core/utils/network.py

@@ -8,10 +8,12 @@
 # @PUBLIC_API: APIClient
 
 # [SECTION: IMPORTS]
-from typing import Optional, Dict, Any, List, Union, cast
+from typing import Optional, Dict, Any, List, Union, cast, Tuple
 import json
 import io
 from pathlib import Path
+import threading
+import time
 import requests
 from requests.adapters import HTTPAdapter
 import urllib3
@@ -86,6 +88,62 @@ class NetworkError(Exception):
     # [/DEF:__init__:Function]
 # [/DEF:NetworkError:Class]
 
+
+# [DEF:SupersetAuthCache:Class]
+# @PURPOSE: Process-local cache for Superset access/csrf tokens keyed by environment credentials.
+# @PRE: base_url and username are stable strings.
+# @POST: Cached entries expire automatically by TTL and can be reused across requests.
+class SupersetAuthCache:
+    TTL_SECONDS = 300
+
+    _lock = threading.Lock()
+    _entries: Dict[Tuple[str, str, bool], Dict[str, Any]] = {}
+
+    @classmethod
+    def build_key(cls, base_url: str, auth: Optional[Dict[str, Any]], verify_ssl: bool) -> Tuple[str, str, bool]:
+        username = ""
+        if isinstance(auth, dict):
+            username = str(auth.get("username") or "").strip()
+        return (str(base_url or "").strip(), username, bool(verify_ssl))
+
+    @classmethod
+    def get(cls, key: Tuple[str, str, bool]) -> Optional[Dict[str, str]]:
+        now = time.time()
+        with cls._lock:
+            payload = cls._entries.get(key)
+            if not payload:
+                return None
+            expires_at = float(payload.get("expires_at") or 0)
+            if expires_at <= now:
+                cls._entries.pop(key, None)
+                return None
+            tokens = payload.get("tokens")
+            if not isinstance(tokens, dict):
+                cls._entries.pop(key, None)
+                return None
+            return {
+                "access_token": str(tokens.get("access_token") or ""),
+                "csrf_token": str(tokens.get("csrf_token") or ""),
+            }
+
+    @classmethod
+    def set(cls, key: Tuple[str, str, bool], tokens: Dict[str, str], ttl_seconds: Optional[int] = None) -> None:
+        normalized_ttl = max(int(ttl_seconds or cls.TTL_SECONDS), 1)
+        with cls._lock:
+            cls._entries[key] = {
+                "tokens": {
+                    "access_token": str(tokens.get("access_token") or ""),
+                    "csrf_token": str(tokens.get("csrf_token") or ""),
+                },
+                "expires_at": time.time() + normalized_ttl,
+            }
+
+    @classmethod
+    def invalidate(cls, key: Tuple[str, str, bool]) -> None:
+        with cls._lock:
+            cls._entries.pop(key, None)
+# [/DEF:SupersetAuthCache:Class]
+
 # [DEF:APIClient:Class]
 # @PURPOSE: Инкапсулирует HTTP-логику для работы с API, включая сессии, аутентификацию, и обработку запросов.
 class APIClient:
@@ -107,6 +165,11 @@ class APIClient:
         self.request_settings = {"verify_ssl": verify_ssl, "timeout": timeout}
         self.session = self._init_session()
         self._tokens: Dict[str, str] = {}
+        self._auth_cache_key = SupersetAuthCache.build_key(
+            self.base_url,
+            self.auth,
+            verify_ssl,
+        )
         self._authenticated = False
         app_logger.info("[APIClient.__init__][Exit] APIClient initialized.")
     # [/DEF:__init__:Function]
@@ -194,6 +257,12 @@ class APIClient:
     def authenticate(self) -> Dict[str, str]:
         with belief_scope("authenticate"):
             app_logger.info("[authenticate][Enter] Authenticating to %s", self.base_url)
+            cached_tokens = SupersetAuthCache.get(self._auth_cache_key)
+            if cached_tokens and cached_tokens.get("access_token") and cached_tokens.get("csrf_token"):
+                self._tokens = cached_tokens
+                self._authenticated = True
+                app_logger.info("[authenticate][CacheHit] Reusing cached Superset auth tokens for %s", self.base_url)
+                return self._tokens
             try:
                 login_url = f"{self.api_base_url}/security/login"
                 # Log the payload keys and values (masking password)
@@ -215,14 +284,17 @@ class APIClient:
                 
                 self._tokens = {"access_token": access_token, "csrf_token": csrf_response.json()["result"]}
                 self._authenticated = True
+                SupersetAuthCache.set(self._auth_cache_key, self._tokens)
                 app_logger.info("[authenticate][Exit] Authenticated successfully.")
                 return self._tokens
             except requests.exceptions.HTTPError as e:
+                SupersetAuthCache.invalidate(self._auth_cache_key)
                 status_code = e.response.status_code if e.response is not None else None
                 if status_code in [502, 503, 504]:
                     raise NetworkError(f"Environment unavailable during authentication (Status {status_code})", status_code=status_code) from e
                 raise AuthenticationError(f"Authentication failed: {e}") from e
             except (requests.exceptions.RequestException, KeyError) as e:
+                SupersetAuthCache.invalidate(self._auth_cache_key)
                 raise NetworkError(f"Network or parsing error during authentication: {e}") from e
     # [/DEF:authenticate:Function]
 
@@ -263,6 +335,10 @@ class APIClient:
             response.raise_for_status()
             return response if raw_response else response.json()
         except requests.exceptions.HTTPError as e:
+            if e.response is not None and e.response.status_code == 401:
+                self._authenticated = False
+                self._tokens = {}
+                SupersetAuthCache.invalidate(self._auth_cache_key)
             self._handle_http_error(e, endpoint)
         except requests.exceptions.RequestException as e:
             self._handle_network_error(e, full_url)