Encryptors 2.35__tar.gz → 2.37__tar.gz

{encryptors-2.35 → encryptors-2.37}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.35
+Version: 2.37
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai

{encryptors-2.35 → encryptors-2.37}/setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
  
 setup(
     name="Encryptors", 
-    version="2.35",
+    version="2.37",
     author="OSDental LLC",
     author_email="support@osdental.ai",
     description="End-to-end algorithm library",

{encryptors-2.35 → encryptors-2.37}/src/Encryptors.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.35
+Version: 2.37
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai

{encryptors-2.35 → encryptors-2.37}/src/Encryptors.egg-info/SOURCES.txt

@@ -28,6 +28,7 @@ src/Osdental/Exception/__init__.py
 src/Osdental/Graphql/__init__.py
 src/Osdental/Graphql/Extensions/AuditExtension.py
 src/Osdental/Graphql/Extensions/__init__.py
+src/Osdental/Graphql/Models/__init__.py
 src/Osdental/Graphql/_Exceptions/__init__.py
 src/Osdental/Graphql/_Helpers/_AuditHelper.py
 src/Osdental/Graphql/_Helpers/_ExtractAuthToken.py

encryptors-2.37/src/Osdental/Cli/__init__.py

@@ -0,0 +1,118 @@
+import os
+import sys
+import subprocess
+import platform
+import click
+from Osdental.Shared.Logger import logger
+from Osdental.Shared.Enums.Message import Message
+
+
+@click.group()
+def cli():
+    """Custom commands to manage the project."""
+    pass
+
+@cli.command()
+def clean():
+    """Borrar todos los __pycache__."""
+    if platform.system() == 'Windows':
+        subprocess.run('for /d /r . %d in (__pycache__) do @if exist "%d" rd /s/q "%d"', shell=True)
+    else:
+        subprocess.run("find . -name '__pycache__' -type d -exec rm -rf {} +", shell=True)
+
+    logger.info(Message.PYCACHE_CLEANUP_SUCCESS_MSG)
+
+@cli.command()
+@click.argument('port')
+def start(port: int):
+    """Start the FastAPI server.."""
+    try:
+        subprocess.run(['uvicorn', 'app:app', '--port', str(port), '--reload'], check=True)
+    except subprocess.CalledProcessError as e:
+        logger.error(f'{Message.SERVER_NETWORK_ACCESS_ERROR_MSG}: {e}')
+
+@cli.command()
+@click.argument('port')
+def serve(port: int):
+    """Set up the FastAPI server accessible from any machine."""
+    try:
+        subprocess.run(['uvicorn', 'app:app', '--host', '0.0.0.0', '--port', str(port), '--reload'], check=True)
+    except subprocess.CalledProcessError as e:
+        logger.error(f'{Message.SERVER_NETWORK_ACCESS_ERROR_MSG}: {e}')
+
+@cli.command("clean-redis")
+@click.argument('redis_env')
+async def clean_redis(redis_env: str):
+    try:
+        from Osdental.RedisCache.Redis import RedisCacheAsync
+        redis_url = os.getenv(redis_env)
+        if not redis_url:
+            logger.warning(f'Environment variable not found: {redis_env}')
+            return
+        
+        redis = RedisCacheAsync(redis_url=redis_url)
+        await redis.flush()
+        logger.info(Message.REDIS_CLEANUP_SUCCESS_MSG)
+    except Exception as e:
+        logger.error(f'{Message.REDIS_CLEANUP_ERROR_MSG}: {e}')
+
+@cli.command(name='proto-files')
+@click.argument('name')
+def proto_files(name: str):
+    proto_dir = os.path.join('src', 'Infrastructure', 'Grpc', 'Proto').replace('\\', '/')
+    gen_dir = os.path.join('src', 'Infrastructure', 'Grpc', 'Generated').replace('\\', '/')
+
+    proto_path = os.path.join(proto_dir, f'{name}.proto').replace('\\', '/')
+    common_path = os.path.join(proto_dir, 'Common.proto').replace('\\', '/')
+
+    common_py = os.path.join(gen_dir, 'Common_pb2.py').replace('\\', '/')
+    common_grpc_py = os.path.join(gen_dir, 'Common_pb2_grpc.py').replace('\\', '/')
+
+    proto_files = [proto_path]
+    if not (os.path.exists(common_py) and os.path.exists(common_grpc_py)):
+        proto_files.append(common_path)
+
+    cmd = [
+        sys.executable, "-m", "grpc_tools.protoc",
+        f"-I={proto_dir}",
+        f"--python_out={gen_dir}",
+        f"--grpc_python_out={gen_dir}",
+        *proto_files
+]
+
+    subprocess.run(cmd, shell=False, check=True)
+    logger.info(Message.PROTO_FILES_GENERATED_MSG)
+
+@cli.command('run-server')
+@click.option('--host', default="0.0.0.0", help='Host where to set up the server')
+@click.option('--port', default=5000, help='Server port')
+@click.option('--workers', default=4, help='Number of workers')
+def run_server(host, port, workers):
+    """
+        Launch the application with uvicorn on Windows or gunicorn on other systems
+        :host
+        :port
+        :workers
+    """
+    if sys.platform.startswith('win'):
+        cmd = [
+            sys.executable, '-m', 'uvicorn',
+            'app:app',
+            '--host', host,
+            '--port', str(port),
+            '--workers', str(workers)
+        ]
+    else:
+        cmd = [
+            sys.executable, '-m', 'gunicorn',
+            'app:app',
+            '-k', 'uvicorn.workers.UvicornWorker',
+            '--bind', f'{host}:{port}',
+            '--workers', str(workers)
+        ]
+    
+    logger.info(f'Running: {' '.join(cmd)}')
+    subprocess.run(cmd)
+    
+if __name__ == "__main__":
+    cli()

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Database/BaseRepository.py

@@ -1,7 +1,7 @@
 from typing import Any
 from sqlalchemy import text
 from sqlalchemy.ext.asyncio import AsyncSession
-from Osdental.Exception.ControlledException import DatabaseException
+from Osdental.Exception.ControlledException import DatabaseException, OSDException
 from Osdental.Shared.Utils.DataNormalizer import normalize
 
 class BaseRepository:
@@ -23,6 +23,7 @@ class BaseRepository:
         many: bool = False,
         as_dict: bool = False
     ) -> Any:
+        
         result = await self.async_session.execute(
             text(query),
             params or {}
@@ -34,13 +35,11 @@ class BaseRepository:
             else result.mappings().first()
         )
 
-        if not as_dict or data is None:
-            return data
-
-        if many:
+        if as_dict and data is not None:
             return normalize(data)
 
-        return normalize(data)
+        return data
+
 
     async def _execute_command(
         self,
@@ -48,8 +47,10 @@ class BaseRepository:
         params: dict | None = None,
         *,
         validate: bool = True,
-        success_codes: str | int | tuple[str | int, ...] | None = None
-    ):
+        success_codes: str | int | tuple[str | int, ...] | None = None,
+        as_dict: bool = False
+    ) -> Any:
+        
         result = await self.async_session.execute(
             text(query),
             params or {}
@@ -58,7 +59,8 @@ class BaseRepository:
         row = result.mappings().first()
 
         if not validate or not row:
-            return row
+            return normalize(row) if as_dict else row
+
 
         status_code = self._get_status_value(
             row,
@@ -82,17 +84,29 @@ class BaseRepository:
                     error="Status code missing",
                     status_code=500
                 )
-            return row
 
-        # Normalizamos a tupla
-        if not isinstance(success_codes, tuple):
-            success_codes = (success_codes,)
+        else:
+
+            if not isinstance(success_codes, tuple):
+                success_codes = (success_codes,)
+
+            if status_code not in success_codes:
+                raise DatabaseException(
+                    message=status_message,
+                    error=status_message,
+                    status_code=status_code
+                )
 
-        if status_code not in success_codes:
-            raise DatabaseException(
-                message=status_message,
-                error=status_message,
-                status_code=status_code
-            )
+        return normalize(row) if as_dict else row
+    
 
-        return row
+    async def _execute_scalar(
+        self,
+        query: str,
+        params: dict | None = None
+    ) -> Any | None:
+        result = await self.async_session.execute(
+            text(query),
+            params or {}
+        )
+        return result.scalar_one_or_none()

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Decorators/SecureResolver.py

@@ -2,15 +2,13 @@ import inspect
 import copy
 from functools import wraps
 from typing import Callable, Dict, Any
-from graphql import GraphQLResolveInfo
 from Osdental.Models.Token import AuthToken
 from Osdental.Models.Response import Response
 from Osdental.Shared.Enums.Profile import Profile
-from Osdental.Exception.ControlledException import OSDException
+from Osdental.Exception.ControlledException import OSDException, AccessDeniedException
 from Osdental.Encryptor.Aes import AES
+from Osdental.Graphql.Models import BaseGraphQLContext
 
-
-aes = AES()
 def secure_resolver(action = None):
     def decorator(func: Callable):
 
@@ -18,25 +16,25 @@ def secure_resolver(action = None):
         accepts_data = "data" in signature.parameters
 
         @wraps(func)
-        async def wrapper(obj: Any, info: GraphQLResolveInfo, **kwargs: Dict):
+        async def wrapper(obj: Any, context: BaseGraphQLContext, **kwargs: Dict[str, Any]):
             try:
-                token: AuthToken = info.context.token
-                payload = getattr(info.context, "decrypted_payload", None)
-                aes_key = getattr(info.context, "aes_key", None)
+                token: AuthToken = context.token
+                payload = getattr(context, "decrypted_payload", None)
+                aes_auth = getattr(context, "aes_auth", None)
 
                 if action:
                     if Profile(token.abbreviation) not in action.allowed_roles:
-                        raise OSDException("DB_ERROR_AUTH", "You are not authorized to perform this action.")
+                        raise AccessDeniedException(error="The user's profile is not allowed to perform this action.")
 
                 if accepts_data and payload:
                     kwargs["data"] = payload
 
-                result: Response = await func(obj, info, **kwargs)
+                result: Response = await func(obj, context, **kwargs)
 
-                info.context.audit_plain_response = copy.deepcopy(result)
+                context.audit_plain_response = copy.deepcopy(result)
 
                 if result.data is not None:
-                    result.data = aes.encrypt(aes_key, result.data)
+                    result.data = AES.encrypt(aes_auth, result.data)
 
                 return result.send()
 
@@ -46,7 +44,7 @@ def secure_resolver(action = None):
                     message=getattr(e, "message", "Could not process request."),
                     error=f"{type(e).__name__}: {str(e)}"
                 )
-                info.context.audit_plain_response = result
+                context.audit_plain_response = result
                 return result.send()
 
         return wrapper

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Encryptor/Aes.py

@@ -10,9 +10,8 @@ from Osdental.Shared.Enums.Constant import Constant
 
 class AES:
 
-    def __init__(self):
-        self.IV_LENGTH = 32
-        self.TAG_LENGTH = 16
+    IV_LENGTH = 32
+    TAG_LENGTH = 16
 
     @staticmethod
     def generate_key() -> str:
@@ -20,7 +19,8 @@ class AES:
         key = os.urandom(32)
         return base64.b64encode(key).decode(Constant.DEFAULT_ENCODING)
     
-    def encrypt(self, aes_key:str, data:Dict[str,str] | str | List[Dict[str,str]]) -> str:
+    @classmethod
+    def encrypt(cls, aes_key:str, data:Dict[str,str] | str | List[Dict[str,str]]) -> str:
         """
         Encrypts data using AES-GCM.
         Supports dictionary, string, or list inputs.
@@ -34,7 +34,7 @@ class AES:
 
         try:
             key = base64.b64decode(aes_key)
-            iv = os.urandom(self.IV_LENGTH)
+            iv = os.urandom(cls.IV_LENGTH)
             if isinstance(data, (dict, list)):
                 json_data = json.dumps(data)
             else:
@@ -52,8 +52,8 @@ class AES:
             logger.error(f'Unexpected AES encryption error: {str(e)}')
             raise AESEncryptException(error=str(e))
  
-
-    def decrypt(self, aes_key:str, encrypted_data:str, silent:bool = False):
+    @classmethod
+    def decrypt(cls, aes_key:str, encrypted_data:str, silent:bool = False):
         """
         Decrypts data using AES-GCM.
         Expects encrypted data to represent either a JSON object (dict) or a plain string.
@@ -65,9 +65,9 @@ class AES:
         try:
             key = base64.b64decode(aes_key)
             encrypted_data = base64.b64decode(encrypted_data)
-            iv = encrypted_data[:self.IV_LENGTH]
-            tag = encrypted_data[-self.TAG_LENGTH:]
-            ciphertext = encrypted_data[self.IV_LENGTH:-self.TAG_LENGTH]
+            iv = encrypted_data[:cls.IV_LENGTH]
+            tag = encrypted_data[-cls.TAG_LENGTH:]
+            ciphertext = encrypted_data[cls.IV_LENGTH:-cls.TAG_LENGTH]
             cipher = Cipher(algorithms.AES(key), modes.GCM(iv, tag))
             decryptor = cipher.decryptor()
             plaintext = decryptor.update(ciphertext) + decryptor.finalize()

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Exception/ControlledException.py

@@ -24,6 +24,15 @@ class UnauthorizedException(OSDException):
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
+class AccessDeniedException(OSDException):
+    def __init__(
+        self, 
+        message: str = Message.ACCESS_DENIED_MSG, 
+        error: str = None, 
+        status_code: str = Code.INVALID_REQUEST_PARAMS_CODE
+    ):
+        super().__init__(message=message, error=error, status_code=status_code)
+
 class RequestDataException(OSDException):
     def __init__(
         self, 

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Graphql/Extensions/AuditExtension.py

@@ -7,6 +7,7 @@ from Osdental.Rest.Context.RequestContext import (
     current_context,
     RequestContext
 )
+from Osdental.Graphql.Models import BaseGraphQLContext
 from Osdental.Graphql._Exceptions import AESKeyNotFound
 from Osdental.Shared.Enums.Constant import Constant
 
@@ -25,27 +26,31 @@ class AuditExtension(Extension):
         self.errors = None
         self.request_payload = None
         self.result = None
-        self.aes = AES()
 
     async def resolve(self, next_, root, info, **kwargs):
 
         if not self.request_payload:
-            context = info.context
+            context: BaseGraphQLContext = info.context
 
-            request = info.context.request
+            request = context.request
             self.request = request
 
-            body = request.state.graphql_body
+            body = await request.json()
+            headers = request.headers
 
             container = context.container
-
             token_service = container.token_service
 
-            aes_key = request.app.state.aes_auth
-            if not aes_key:
-                raise AESKeyNotFound("Could not find authorization key Aes.")
+            aes_auth = request.app.state.aes_auth
+            aes_user = request.app.state.aes_user
+
+            if not aes_auth:
+                raise AESKeyNotFound("AES user key is missing.", "aes_auth")
+            
+            if not aes_user:
+                raise AESKeyNotFound("AES authorization key is missing.", "aes_user")
 
-            original_token = await token_service.authenticate(request)
+            original_token = await token_service.authenticate(headers, aes_user)
             
             variables = body.get("variables") or {}
             encrypted_payload = variables.get("data")
@@ -54,7 +59,7 @@ class AuditExtension(Extension):
 
             if encrypted_payload:
                 try:
-                    decrypted_payload = self.aes.decrypt(aes_key, encrypted_payload)
+                    decrypted_payload = AES.decrypt(aes_auth, encrypted_payload)
 
                     try:
                         decrypted_payload = json.loads(decrypted_payload)
@@ -81,7 +86,7 @@ class AuditExtension(Extension):
 
             context.decrypted_payload = decrypted_payload
             context.token = token
-            context.aes_key = aes_key
+            context.aes_auth = aes_auth
 
         result = next_(root, info, **kwargs)
 

encryptors-2.37/src/Osdental/Graphql/Models/__init__.py

@@ -0,0 +1,14 @@
+from dataclasses import dataclass
+from typing import Optional, Any
+from fastapi import Request
+from Osdental.Models.Token import AuthToken
+
+@dataclass
+class BaseGraphQLContext:
+    request: Request
+    container: Any
+    # valores agregados durante ejecución (AuditExtention)
+    token: Optional[AuthToken] = None
+    decrypted_payload: Optional[dict] = None
+    aes_auth: Optional[str] = None
+    audit_plain_response: Optional[Any] = None

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Graphql/_Exceptions/__init__.py

@@ -3,6 +3,6 @@ from Osdental.Exception.ControlledException import OSDException
 class AESKeyNotFound(OSDException):
     def __init__(
         self, 
-        error: str = None,
+        error: str = None
     ):
         super().__init__(error=error)

encryptors-2.37/src/Osdental/Graphql/_Helpers/_ExtractAuthToken.py

@@ -0,0 +1,11 @@
+from starlette.datastructures import Headers
+
+class ExtractAuthToken:
+
+    @staticmethod
+    def get_auth_token(headers: Headers) -> str:
+        authorization = headers.get("authorization")
+        if not authorization or not authorization.startswith("Bearer "):
+            raise ValueError("Missing Bearer token")
+        
+        return authorization.split(" ")[1]

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Graphql/_Helpers/_TenantPolicy.py

@@ -14,13 +14,16 @@ class TenantPolicy:
         decrypted_payload: Dict[str, Any], 
         operation_type: str
     ) -> AuthToken:
-        aes = AES()
-        # Solo aplicamos cambios si es QUERY
-        if operation_type != OperationType.QUERY.value:
-            return token  # devolver token tal cual
 
+        # Set original idExternalEnterprise
+        token.base_id_external_enterprise = token.id_external_enterprise
         # SUPER ADMIN / OSDEL ADMIN -> UUID 0
-        if token.abbreviation.startswith(("SPAU", "OSDA")):
+        should_use_zero_uuid = (
+            token.abbreviation.startswith(("SPAU", "OSDA")) 
+            and operation_type == OperationType.QUERY
+        )
+
+        if should_use_zero_uuid:
             token.id_external_enterprise = str(UUID(int=0))
             return token
 
@@ -28,13 +31,13 @@ class TenantPolicy:
         if token.abbreviation.startswith("OSDMK"):
             dynamic_client_id = headers.get("dynamicClientId")
             if dynamic_client_id:
-                decrypted_mk_id = aes.decrypt(token.aes_key_auth, dynamic_client_id)
+                decrypted_mk_id = AES.decrypt(token.aes_key_auth, dynamic_client_id)
                 token.id_external_enterprise = decrypted_mk_id
                 token.mk_id_external_enterprise = decrypted_mk_id
                 return token
 
         # If it comes by request, it is taken as priority
-        external_enterprise_req = decrypted_payload.get('idExternalEnterprise')
+        external_enterprise_req = decrypted_payload.get("idExternalEnterprise")
         if external_enterprise_req and token:
             token.id_external_enterprise = external_enterprise_req
 

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Graphql/_Helpers/_TokenService.py

@@ -1,4 +1,4 @@
-from fastapi import Request
+from starlette.datastructures import Headers
 from Osdental.Encryptor.Aes import AES
 from Osdental.Encryptor.Jwt import JWT
 from Osdental.Models.Token import AuthToken
@@ -9,23 +9,20 @@ class TokenService:
     def __init__(self, jwt_user_key: str, auth_validator):
         self.jwt_user_key = jwt_user_key
         self.auth_validator = auth_validator
-        self.aes = AES()
 
-    async def authenticate(self, request: Request) -> AuthToken:
-        encrypted_token = ExtractAuthToken.get_auth_token(request)
+    async def authenticate(self, headers: Headers, aes_user: str) -> AuthToken:
+        encrypted_token = ExtractAuthToken.get_auth_token(headers)
 
-        aes_user = request.app.state.aes_user
-
-        user_token = self.aes.decrypt(aes_user, encrypted_token)
+        user_token = AES.decrypt(aes_user, encrypted_token)
         payload = JWT.extract_payload(user_token, self.jwt_user_key)
         token = AuthToken(**payload)
 
         # Validate via RPC
-        request = {
+        paylod = {
             'idToken': token.id_token,
             'idUser': token.id_user
         }
-        is_valid = await self.auth_validator.validate_auth_token(request)
+        is_valid = await self.auth_validator.validate_auth_token(paylod)
         if not is_valid:
             raise ValueError("You are not authorized to access this portal.")
 

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Models/Token.py

@@ -18,8 +18,6 @@ class AuthToken(BaseModel):
     access_token: Optional[str] = Field(default=None, alias="accessToken")
     base_id_external_enterprise: Optional[str] = Field(default=None, alias="baseIdExternalEnterprise")
     mk_id_external_enterprise: Optional[str] = Field(default=None, alias="mkIdExternalEnterprise")
-    jwt_user_key: Optional[str] = Field(default=None, alias="jwtUserKey")
-    legacy: Optional[Legacy] = Field(default=None, alias="legacy")
 
     class ConfigDict:
         populate_by_name = True

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Shared/Enums/Code.py

@@ -8,6 +8,7 @@ class Code(StrEnum):
     APP_ERROR_CODE = 'DB_ERROR_CONTROLLED'
     UNEXPECTED_ERROR_CODE = 'DB_ERROR_UNEXPECTED'
     INVALID_REQUEST_PARAMS_CODE = 'DB_WARNING_INVALID_REQUEST_PARAMS'
+    ACCESS_DENIED_CODE = "DB_WARNING_ACCESS_DENIED_CODE"
     DATABASE_ERROR_CODE = 'DB_WARNING_DATABASE_ERROR'
     DATABASE_CONNECTION_ERROR_CODE = 'DB_ERROR_DATABASE_CONNECTION'
     RSA_ERROR_CODE = 'DB_ERROR_RSA'

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Shared/Enums/Message.py

@@ -1,6 +1,7 @@
 from enum import StrEnum
 
 class Message(StrEnum):
+    ACCESS_DENIED_MSG = "You do not have the necessary privileges for this operation."
     UNEXPECTED_ERROR_MSG = 'Something went wrong while processing your request. Please try again later.'
     PORTAL_ACCESS_RESTRICTED_MSG = 'You are not authorized to access this portal.'
     PROCESS_SUCCESS_MSG = 'Process executed successfully.'
@@ -20,7 +21,6 @@ class Message(StrEnum):
     AES_KEY_USER_REQUIRED_MSG = 'AES key user cannot be empty.'
     AES_KEY_AUTH_REQUIRED_MSG = 'AES key auth cannot be empty.'
     MISSING_FIELD_ERROR_MSG = 'A required field is missing. Please review the data.'
-    ID_CDATA_INTEGRATION_REQUIRED = 'Cdata integration cannot be empty or null'
     EXP_TIME_REQUIRED = 'Expiration time (cdata integration) cannot be empty or null'
     KEY_PRIVATE_REQUIRED = 'Key private cannot be empty or null'
     SUB_ACCOUNT_REQUIRED = 'Sub account parameter is required'

{encryptors-2.35 → encryptors-2.37}/src/Osdental/Shared/Utils/FileMetaData.py

@@ -1,7 +1,7 @@
 import os
 import mimetypes
 from Osdental.Exception.ControlledException import ValidationDataException
-from Osdental.Shared.Message import Message
+from Osdental.Shared.Enums.Message import Message
 from Osdental.Shared.Enums.FileType import FileType
 
 class FileMetaData: