updates: making tutor restricted to students

.gitignore

@@ -176,4 +176,6 @@ code/storage/models/
 **/translations/zh-CN.json
 
 
-**/vectorstores/*
+**/vectorstores/*
+
+**/private/students.json

apps/ai_tutor/app.py

@@ -16,6 +16,7 @@ from modules.config.constants import (
     DOCS_WEBSITE,
     ALL_TIME_TOKENS_ALLOCATED,
     TOKENS_LEFT,
+    EMAIL_ENCRYPTION_KEY,
 )
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
@@ -26,6 +27,7 @@ from modules.chat_processor.helpers import (
     check_user_cooldown,
     update_user_info,
 )
+import hashlib
 
 GOOGLE_CLIENT_ID = OAUTH_GOOGLE_CLIENT_ID
 GOOGLE_CLIENT_SECRET = OAUTH_GOOGLE_CLIENT_SECRET
@@ -46,13 +48,8 @@ session_store = {}
 CHAINLIT_PATH = "/chainlit_tutor"
 
 # only admin is given any additional permissions for now -- no limits on tokens
-USER_ROLES = {
-    "tgardos@bu.edu": ["instructor", "bu"],
-    "xthomas@bu.edu": ["admin", "instructor", "bu"],
-    "faridkar@bu.edu": ["instructor", "bu"],
-    "xavierohan1@gmail.com": ["guest"],
-    # Add more users and roles as needed
-}
+with open("private/students_encrypted.json", "r") as file:
+    USER_ROLES = json.load(file)
 
 # Create a Google OAuth flow
 flow = Flow.from_client_config(
@@ -80,7 +77,20 @@ flow = Flow.from_client_config(
 
 
 def get_user_role(username: str):
-    return USER_ROLES.get(username, ["guest"])  # Default to "guest" role
+
+    # Function to deterministically hash emails
+    def deterministic_hash(email, salt):
+        return hashlib.pbkdf2_hmac("sha256", email.encode(), salt, 100000).hex()
+
+    # encrypt email (#FIXME: this is not the best way to do this, not really encryption, more like a hash)
+    encryption_salt = EMAIL_ENCRYPTION_KEY.encode()
+    encrypted_email = deterministic_hash(username, encryption_salt)
+    role = USER_ROLES.get(encrypted_email, ["guest"])
+
+    if "guest" in role:
+        return "unauthorized"
+
+    return role
 
 
 async def get_user_info_from_cookie(request: Request):
@@ -146,6 +156,11 @@ async def login_page(request: Request):
 #     return response
 
 
+@app.get("/unauthorized", response_class=HTMLResponse)
+async def unauthorized(request: Request):
+    return templates.TemplateResponse("unauthorized.html", {"request": request})
+
+
 @app.get("/login/google")
 async def login_google(request: Request):
     # Clear any existing session cookies to avoid conflicts with guest sessions
@@ -176,6 +191,9 @@ async def auth_google(request: Request):
         profile_image = user_info.get("picture", "")
         role = get_user_role(email)
 
+        if role == "unauthorized":
+            return RedirectResponse("/unauthorized")
+
         session_token = secrets.token_hex(16)
         session_store[session_token] = {
             "email": email,

apps/ai_tutor/encrypt_students.py

@@ -0,0 +1,29 @@
+import os
+from dotenv import load_dotenv
+import hashlib
+import json
+
+# Load the .env file
+load_dotenv()
+
+# Get the encryption key (salt)
+encryption_salt = os.getenv("EMAIL_ENCRYPTION_KEY").encode()
+
+
+# Function to deterministically hash emails
+def deterministic_hash(email, salt):
+    return hashlib.pbkdf2_hmac("sha256", email.encode(), salt, 100000).hex()
+
+
+# Load emails from private/students.json
+with open("private/students.json", "r") as file:
+    emails = json.load(file)
+
+# Replace emails with deterministic hashed emails, {hashed_email: [roles]}
+hashed_emails = {
+    deterministic_hash(email, encryption_salt): roles for email, roles in emails.items()
+}
+
+# Save hashed emails to private/students_encrypted.json
+with open("private/students_encrypted.json", "w") as file:
+    json.dump(hashed_emails, file)

apps/ai_tutor/private/students_encrypted.json

@@ -0,0 +1 @@
+{"7f1cacca66ee914ddde2ee20e0f2c96651d60cd8aabd310ef25a9e6d88f42df0": ["instructor", "bu"], "f74d264b6b5b2b4c10ce69e4ec16e869e01cb5eb668ed846aa8f6dae5c96cda0": ["admin", "instructor", "bu"], "53401356a874b1539775c73a8564d5e5f4f840441630c9cf649e16d201454f20": ["instructor", "bu"]}

apps/ai_tutor/templates/unauthorized.html

@@ -0,0 +1,94 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Access Restricted</title>
+    <style>
+        @import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap');
+
+        body, html {
+            margin: 0;
+            padding: 0;
+            font-family: 'Inter', sans-serif;
+            background-color: #f7f7f7; /* Light gray background */
+            background-image: url('https://www.transparenttextures.com/patterns/cubes.png'); /* Subtle geometric pattern */
+            background-repeat: repeat;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+            color: #333;
+        }
+
+        .container {
+            background: rgba(255, 255, 255, 0.9);
+            border: 1px solid #ddd;
+            border-radius: 8px;
+            width: 100%;
+            max-width: 400px;
+            padding: 50px;
+            box-sizing: border-box;
+            text-align: center;
+            box-shadow: 0 4px 15px rgba(0, 0, 0, 0.1);
+            backdrop-filter: blur(10px);
+            -webkit-backdrop-filter: blur(10px);
+        }
+
+        .avatar {
+            width: 90px;
+            height: 90px;
+            border-radius: 50%;
+            margin-bottom: 25px;
+            border: 2px solid #ddd;
+        }
+
+        .container h1 {
+            margin-bottom: 20px;
+            font-size: 26px;
+            font-weight: 600;
+            color: #1a1a1a;
+        }
+
+        .container p {
+            font-size: 18px;
+            color: #4a4a4a;
+            margin-bottom: 35px;
+            line-height: 1.5;
+        }
+
+        .button {
+            padding: 14px 0;
+            margin: 12px 0;
+            font-size: 16px;
+            border-radius: 6px;
+            cursor: pointer;
+            width: 100%;
+            border: 1px solid #ccc;
+            background-color: #007BFF;
+            color: #fff;
+            transition: background-color 0.3s ease, border-color 0.3s ease;
+        }
+
+        .button:hover {
+            background-color: #0056b3;
+            border-color: #0056b3;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <img src="/public/avatars/ai-tutor.png" alt="AI Tutor Avatar" class="avatar">
+        <h1>Access Restricted</h1>
+        <p>
+            We're currently testing things out for the <strong>DS701</strong> course. 
+            Access is restricted to students of the course. If you're enrolled in <strong>DS701</strong> and seeing this message, 
+            please reach out to us, and we'll help you get access.<br><br>
+            <em>P.S. Don't forget to use your BU email when logging in!</em>
+        </p>
+        <form action="/" method="get">
+            <button type="submit" class="button">Return to Home</button>
+        </form>
+    </div>
+</body>
+</html>

modules/config/constants.py

@@ -20,6 +20,7 @@ HUGGINGFACE_TOKEN = os.getenv("HUGGINGFACE_TOKEN")
 LITERAL_API_KEY_LOGGING = os.getenv("LITERAL_API_KEY_LOGGING")
 LITERAL_API_URL = os.getenv("LITERAL_API_URL")
 CHAINLIT_URL = os.getenv("CHAINLIT_URL")
+EMAIL_ENCRYPTION_KEY = os.getenv("EMAIL_ENCRYPTION_KEY")
 
 OAUTH_GOOGLE_CLIENT_ID = os.getenv("OAUTH_GOOGLE_CLIENT_ID")
 OAUTH_GOOGLE_CLIENT_SECRET = os.getenv("OAUTH_GOOGLE_CLIENT_SECRET")

modules/dataloader/helpers.py

@@ -2,7 +2,9 @@ import requests
 from bs4 import BeautifulSoup
 from urllib.parse import urlparse
 import tempfile
-from modules.config.constants import TIMEOUT  # TODO: MOVE THIS TO APP SPECIFIC DIRECTORY
+from modules.config.constants import (
+    TIMEOUT,
+)  # TODO: MOVE THIS TO APP SPECIFIC DIRECTORY
 
 
 def get_urls_from_file(file_path: str):

modules/vectorstore/store_manager.py

@@ -172,7 +172,10 @@ if __name__ == "__main__":
         "--config_file", type=str, help="Path to the main config file", required=True
     )
     parser.add_argument(
-        "--project_config_file", type=str, help="Path to the project config file", required=True
+        "--project_config_file",
+        type=str,
+        help="Path to the project config file",
+        required=True,
     )
     args = parser.parse_args()
 

requirements.txt

@@ -34,3 +34,4 @@ fastapi
 google-auth
 google-auth-oauthlib
 Jinja2
+cryptography

setup.py

@@ -6,4 +6,4 @@ setup(
     packages=find_packages(),
     python_requires=">=3.7",
     description="A Deep Learning for Data Science Tutor application",
-)
+)