From b28dda7c5a5598499fa90f876614fd1d1a6e8655 Mon Sep 17 00:00:00 2001 From: justin Date: Wed, 10 Jun 2026 12:13:43 -0500 Subject: [PATCH] feat(telegram): include a presigned PDF view link in the admin-review alert When an MCS-150/USDOT order hits the pre-submission admin-verification gate, the Telegram FULFILLMENT NEEDED alert now appends a presigned link to the prepared PDF (via the public minio.performancewest.net endpoint, IP-allowlisted to admin) so you can review the document straight from the alert before approving. Added notify_fulfillment_todo(view_url=...) + a _presigned_view_url helper (public endpoint + explicit region to avoid the region-probe that 403s from the worker). --- scripts/workers/services/mcs150_update.py | 28 +++++++++++++++++++++++ scripts/workers/telegram_notify.py | 7 +++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/scripts/workers/services/mcs150_update.py b/scripts/workers/services/mcs150_update.py index eb6ca97..ce7c7af 100644 --- a/scripts/workers/services/mcs150_update.py +++ b/scripts/workers/services/mcs150_update.py @@ -453,12 +453,40 @@ class MCS150UpdateHandler: service_slug=slug, priority="high", description=todo_description, + view_url=self._presigned_view_url(minio_path), ) conn.close() LOG.info("[%s] Admin-review (pre-submission) todo created", order_number) except Exception as exc: LOG.warning("[%s] Failed to create admin-review todo: %s", order_number, exc) + @staticmethod + def _presigned_view_url(minio_path, days=7): + """Presigned, browser-openable URL to a MinIO object via the PUBLIC + endpoint (minio.performancewest.net), so operator Telegram alerts can + link directly to the prepared PDF for review. Returns "" on failure. + The public host is IP-allowlisted at nginx, so the link only opens from + an allowlisted office/admin IP -- which is the intended audience. + """ + if not minio_path: + return "" + try: + from minio import Minio + from datetime import timedelta + pub = os.environ.get("MINIO_PUBLIC_ENDPOINT", "minio.performancewest.net") + mc = Minio( + pub, + access_key=os.environ.get("MINIO_ACCESS_KEY", ""), + secret_key=os.environ.get("MINIO_SECRET_KEY", ""), + secure=True, + region=os.environ.get("MINIO_REGION", "us-east-1"), + ) + bucket = os.environ.get("MINIO_BUCKET", "performancewest") + return mc.presigned_get_object(bucket, minio_path, expires=timedelta(days=days)) + except Exception as exc: # noqa: BLE001 + LOG.warning("Could not presign view URL for %s: %s", minio_path, exc) + return "" + @staticmethod def _upload_submission_evidence(order_number, slug, filing_result): """Persist submission proof (confirmation screenshot for web, attested diff --git a/scripts/workers/telegram_notify.py b/scripts/workers/telegram_notify.py index 326d3e1..e9feaf7 100644 --- a/scripts/workers/telegram_notify.py +++ b/scripts/workers/telegram_notify.py @@ -112,11 +112,14 @@ def notify_fulfillment_todo( service_slug: str, priority: str = "normal", description: str = "", + view_url: str = "", ) -> bool: """Operator alert that a fulfillment task needs attention. Called whenever an admin_todo is created so nothing waits unseen in the - queue. The description is trimmed to keep the message readable. + queue. The description is trimmed to keep the message readable. ``view_url`` + (a presigned link to the prepared document) is appended when supplied so the + operator can review the PDF directly from the alert. """ icon = {"high": "šŸ”“", "urgent": "šŸ”“", "normal": "šŸŸ”", "low": "āšŖ"}.get( (priority or "normal").lower(), "šŸŸ”" @@ -133,4 +136,6 @@ def notify_fulfillment_todo( ) if desc: text += f"\n{desc}" + if view_url: + text += f"\n\nšŸ“„ Review the prepared document:\n{view_url}" return send_telegram(text)