Encryptors 2.39__tar.gz → 2.41__tar.gz

{encryptors-2.39 → encryptors-2.41}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.39
+Version: 2.41
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai
@@ -59,26 +59,7 @@ Requires-Dist: gunicorn==23.0.0
 Dynamic: author
 Dynamic: author-email
 Dynamic: classifier
-Dynamic: description
 Dynamic: description-content-type
 Dynamic: requires-dist
 Dynamic: requires-python
 Dynamic: summary
-
-# osdental-library
-
-`osdental-library` is a versatile and easy-to-use library for handling common tasks related to **encryption**, **hashing**, and **JWT token management**. Ideal for projects that require a secure and efficient approach to handling sensitive data.
-
-## Features
-
-- Generation and validation of **hashes** using modern algorithms.
-- Encryption and decryption of data using secure keys.
-- Creation and verification of **JWT tokens** for authentication and authorization.
-- Implementations that are easy to integrate into any Python project.
-
-## Installation
-
-You can easily install `osdental-library` using `pip`:
-
-```bash
-pip install osdental-library

{encryptors-2.39 → encryptors-2.41}/setup.py

@@ -1,8 +1,8 @@
 from setuptools import setup, find_packages
- 
+# ANDERSON ESTO YA SE SUBIO Y ESTA ESTABLE, AUN TE QUEDA PENDIENTE LA AUDITORIA CON RSA Y AES DE ACCESSTOKEN
 setup(
     name="Encryptors", 
-    version="2.39",
+    version="2.41",
     author="OSDental LLC",
     author_email="support@osdental.ai",
     description="End-to-end algorithm library",

{encryptors-2.39 → encryptors-2.41}/src/Encryptors.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.39
+Version: 2.41
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai
@@ -59,26 +59,7 @@ Requires-Dist: gunicorn==23.0.0
 Dynamic: author
 Dynamic: author-email
 Dynamic: classifier
-Dynamic: description
 Dynamic: description-content-type
 Dynamic: requires-dist
 Dynamic: requires-python
 Dynamic: summary
-
-# osdental-library
-
-`osdental-library` is a versatile and easy-to-use library for handling common tasks related to **encryption**, **hashing**, and **JWT token management**. Ideal for projects that require a secure and efficient approach to handling sensitive data.
-
-## Features
-
-- Generation and validation of **hashes** using modern algorithms.
-- Encryption and decryption of data using secure keys.
-- Creation and verification of **JWT tokens** for authentication and authorization.
-- Implementations that are easy to integrate into any Python project.
-
-## Installation
-
-You can easily install `osdental-library` using `pip`:
-
-```bash
-pip install osdental-library

{encryptors-2.39 → encryptors-2.41}/src/Encryptors.egg-info/SOURCES.txt

@@ -12,6 +12,7 @@ src/Osdental/Database/BaseRepository.py
 src/Osdental/Database/Connection.py
 src/Osdental/Database/__init__.py
 src/Osdental/Decorators/Grpc.py
+src/Osdental/Decorators/PublicResolver.py
 src/Osdental/Decorators/Retry.py
 src/Osdental/Decorators/SecureResolver.py
 src/Osdental/Decorators/SqlDataNormalizer.py
@@ -37,6 +38,7 @@ src/Osdental/Graphql/_Helpers/_TokenService.py
 src/Osdental/Graphql/_Helpers/__init__.py
 src/Osdental/Helpers/AuditDispatcher.py
 src/Osdental/Helpers/KeyVaultService.py
+src/Osdental/Helpers/ResponseDecryptor.py
 src/Osdental/Helpers/__init__.py
 src/Osdental/Http/APIClient.py
 src/Osdental/Http/_Exceptions.py
@@ -76,6 +78,7 @@ src/Osdental/Shared/Utils/HashValidator.py
 src/Osdental/Shared/Utils/Mapper.py
 src/Osdental/Shared/Utils/PasswordGenerator.py
 src/Osdental/Shared/Utils/QueryGenerator.py
+src/Osdental/Shared/Utils/RsaUtils.py
 src/Osdental/Shared/Utils/TextProcessor.py
 src/Osdental/Shared/Utils/__init__.py
 src/Osdental/Storage/AzureBlobStorage.py

encryptors-2.41/src/Osdental/Decorators/PublicResolver.py

@@ -0,0 +1,3 @@
+def public_resolver(resolver):
+    setattr(resolver, "_is_public", True)
+    return resolver

{encryptors-2.39 → encryptors-2.41}/src/Osdental/Decorators/SecureResolver.py

@@ -8,12 +8,13 @@ from Osdental.Shared.Enums.Profile import Profile
 from Osdental.Exception.ControlledException import OSDException, AccessDeniedException
 from Osdental.Encryptor.Aes import AES
 from Osdental.Graphql.Models import BaseGraphQLContext
+from Osdental.Shared.Logger import logger
 
 def secure_resolver(action = None):
     def decorator(func: Callable):
 
         signature = inspect.signature(func)
-        accepts_data = "data" in signature.parameters
+        params = signature.parameters
 
         @wraps(func)
         async def wrapper(obj: Any, context: BaseGraphQLContext, **kwargs: Dict[str, Any]):
@@ -26,19 +27,23 @@ def secure_resolver(action = None):
                     if Profile(token.abbreviation) not in action.allowed_roles:
                         raise AccessDeniedException(error="The user's profile is not allowed to perform this action.")
 
-                if accepts_data and payload:
+                if "token" in params:
+                    kwargs["token"] = token
+
+                if "data" in params:
                     kwargs["data"] = payload
 
-                result: Response = await func(obj, context, **kwargs)
+                result: Response = await func(obj, **kwargs)
 
                 context.audit_plain_response = copy.deepcopy(result)
 
-                if result.data is not None:
+                if result.data is not None and result.encryption_type == "AES" and result.key is None:
                     result.data = AES.encrypt(aes_auth, result.data)
 
                 return result.send()
 
             except (Exception, OSDException) as e:
+                logger.exception(f"An error has occurred: {str(e)}")
                 result = Response(
                     status=getattr(e, "status_code", "DB_ERROR_UNEXPECTED"),
                     message=getattr(e, "message", "Could not process request."),

{encryptors-2.39 → encryptors-2.41}/src/Osdental/Encryptor/Jwt.py

@@ -1,5 +1,5 @@
 import jwt
-from typing import Dict
+from typing import Dict, Any
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.backends import default_backend
 from Osdental.Exception.ControlledException import JWTokenException
@@ -11,7 +11,7 @@ class JWT:
 
     @staticmethod
     def generate_token(
-        payload: Dict[str, str], jwt_secret_key: str, algorithm="HS256"
+        payload: Dict[str, Any], jwt_secret_key: str, algorithm="HS256"
     ) -> str:
         try:
             token = jwt.encode(payload, jwt_secret_key, algorithm=algorithm)
@@ -22,7 +22,7 @@ class JWT:
             raise JWTokenException(message=Message.UNEXPECTED_ERROR_MSG, error=str(e))
 
     @staticmethod
-    def extract_payload(jwt_token: str, jwt_secret_key: str) -> Dict[str, str]:
+    def extract_payload(jwt_token: str, jwt_secret_key: str) -> Dict[str, Any]:
         try:
             payload = jwt.decode(jwt_token, jwt_secret_key, algorithms=["HS256"])
             return payload

{encryptors-2.39 → encryptors-2.41}/src/Osdental/Encryptor/Rsa.py

@@ -1,6 +1,6 @@
 import json
 from base64 import b64decode, b64encode
-from typing import Dict
+from typing import Dict, Any
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import padding
 from cryptography.hazmat.primitives import hashes
@@ -12,7 +12,7 @@ from Osdental.Shared.Enums.Constant import Constant
 class RSAEncryptor:
 
     @staticmethod
-    def encrypt(data:str | Dict[str,str], public_key_rsa:str) -> str:
+    def encrypt(data: str | Dict[str, Any], public_key_rsa: str) -> str:
         try:
             if isinstance(data, dict):
                 data = json.dumps(data)
@@ -36,7 +36,7 @@ class RSAEncryptor:
 
 
     @staticmethod
-    def decrypt(data:str, private_key_rsa:str, silent:bool = False) -> str:
+    def decrypt(data: str, private_key_rsa: str, silent: bool = False) -> str:
         try:
             encrypted_bytes = b64decode(data)
             private_key = serialization.load_pem_private_key(private_key_rsa.encode(Constant.DEFAULT_ENCODING), password=None)

encryptors-2.41/src/Osdental/Graphql/Extensions/AuditExtension.py

@@ -0,0 +1,189 @@
+import json
+from graphql.pyutils import is_awaitable
+from ariadne.types import Extension
+from Osdental.Shared.Logger import logger
+from Osdental.Encryptor.Aes import AES
+from Osdental.Graphql._Helpers._TenantPolicy import TenantPolicy
+from Osdental.Rest.Context.RequestContext import (
+    current_context,
+    RequestContext
+)
+from Osdental.Graphql.Models import BaseGraphQLContext
+from Osdental.Shared.Enums.Constant import Constant
+
+class AuditExtension(Extension):
+
+    def request_started(self, context):
+        request = context.request
+        self._ctx_token = current_context.set(
+            RequestContext(
+                request=request,
+                request_id=request.headers.get("x-request-id"),
+                user=None
+            )
+        )
+
+        self.errors = None
+        self.request_payload = None
+        self.result = None
+
+    def _should_skip(self, body) -> bool:
+        query = body.get("query", "") or ""
+        return "__schema" in query or "__type(" in query
+
+    async def resolve(self, next_, root, info, **kwargs):
+
+        context: BaseGraphQLContext = info.context
+        request = context.request
+
+        # cache body
+        if not hasattr(context, "_cached_body"):
+            context._cached_body = await request.json()
+
+        body = context._cached_body
+
+        # skip introspection
+        if self._should_skip(body):
+            result = next_(root, info, **kwargs)
+            if is_awaitable(result):
+                result = await result
+            return result
+
+        is_root = root is None
+
+        # SOLO ROOT
+        if is_root:
+
+            # identificar resolver público
+            resolver_fn = getattr(next_, "__wrapped__", next_)
+            is_public = getattr(resolver_fn, "_is_public", False)
+
+            # inicializar auth UNA SOLA VEZ
+            if not hasattr(context, "_auth_initialized"):
+                context._auth_initialized = True
+
+                headers = request.headers
+                container = context.container
+                token_service = container.token_service
+
+                aes_auth = request.app.state.aes_auth
+                aes_user = request.app.state.aes_user
+
+                if not aes_auth or not aes_user:
+                    aes_auth = None
+                    aes_user = None
+
+                original_token = None
+                if not is_public and headers.get("authorization"):
+                    try:
+                        original_token = await token_service.authenticate(headers, aes_user)
+                    except Exception:
+                        original_token = None
+
+                context._original_token = original_token
+                context.token = original_token
+                context.aes_auth = aes_auth
+
+            # VALIDACIÓN SOLO ROOT
+            original_token = getattr(context, "_original_token", None)
+
+            if not is_public and not original_token:
+                raise ValueError("Authorization required")
+
+            # payload
+            variables = body.get("variables") or {}
+
+            encrypted_payload = (
+                kwargs.get("data")
+                or variables.get("data")
+            )
+
+            decrypted_payload = None
+
+            if encrypted_payload is not None:
+                if isinstance(encrypted_payload, dict):
+                    decrypted_payload = encrypted_payload
+
+                elif isinstance(encrypted_payload, str):
+                    try:
+                        decrypted_payload = json.loads(encrypted_payload)
+                    except Exception:
+                        if context.aes_auth:
+                            try:
+                                decrypted_payload = AES.decrypt(context.aes_auth, encrypted_payload)
+                                try:
+                                    decrypted_payload = json.loads(decrypted_payload)
+                                except Exception:
+                                    pass
+                            except Exception:
+                                decrypted_payload = None
+
+            if decrypted_payload is not None:
+                context.decrypted_payload = decrypted_payload
+            
+            if not is_public:
+                token = TenantPolicy.resolve(
+                    token=context._original_token,
+                    headers=request.headers,
+                    decrypted_payload=decrypted_payload,
+                    operation_type=info.operation.operation.value
+                )
+                context.token = token
+
+            # auditoría request payload
+            if not self.request_payload:
+                token = context.token
+
+                self.request = request
+                self.request_payload = {
+                    "operation_type": info.operation.operation.value,
+                    "operation_name": body.get("operationName", "UnknownOperation"),
+                    "query": body.get("query"),
+                    "variables": decrypted_payload,
+                    "user": token.user_full_name if token else "Public"
+                }
+
+        # SIEMPRE ejecutar resolver (root + fields)
+        result = next_(root, info, **kwargs)
+
+        if is_awaitable(result):
+            result = await result
+
+        # SOLO ROOT captura resultado final
+        if is_root and self.result is None:
+            self.result = result
+
+            if not getattr(context, "audit_plain_response", None):
+                context.audit_plain_response = result
+
+        return result
+
+    def has_errors(self, errors, context):
+        self.errors = errors
+
+    def request_finished(self, context):
+
+        if not self.request_payload:
+            return
+
+        query = self.request_payload.get("query", "")
+
+        if "__schema" in query or "__type" in query:
+            return
+
+        final_result = context.audit_plain_response or self.result
+
+        if final_result is None:
+            return
+
+        dispatcher = context.request.app.state.audit_dispatcher
+
+        try:
+            dispatcher.dispatch(
+                request=self.request,
+                request_payload=self.request_payload,
+                result=final_result,
+                audit_type=Constant.MESSAGE_LOG_INTERNAL
+            )
+        except Exception as e:
+            logger(f"[AUDIT ERROR]: {str(e)}")

{encryptors-2.39 → encryptors-2.41}/src/Osdental/Helpers/AuditDispatcher.py

@@ -4,6 +4,7 @@ from fastapi import Request
 from Osdental.Models.AuditConfig import AuditConfig
 from Osdental.Messaging import IMessageQueue
 from Osdental.Graphql._Helpers._AuditHelper import AuditHelper
+from Osdental.Helpers.ResponseDecryptor import decryptor_data, VALID_TYPES
 from Osdental.Models._Audit import Audit
 from Osdental.Models.Response import Response
 from Osdental.Shared.Enums.Constant import Constant
@@ -74,7 +75,7 @@ class AuditDispatcher:
     async def _process(self, payload: Dict[str, Any]):
         request = payload["request"]
         request_payload = payload["request_payload"]
-        result = payload["result"]
+        result: Response = payload["result"]
         audit_type = payload["audit_type"]
 
         operation_name = request_payload.get("operation_name")
@@ -96,6 +97,11 @@ class AuditDispatcher:
         message = result.message
         data = result.data
         error = result.error if result.error else message
+
+        # Obtencion de campos adicionales cuando es otro tipo de encriptacion o clave
+        encryption_type = result.encryption_type
+        key = result.key
+
         
         if audit_type == Constant.MESSAGE_LOG_INTERNAL:
 
@@ -121,6 +127,9 @@ class AuditDispatcher:
             audit_message = request_audit_payload | payload
 
         else:
+            if encryption_type in VALID_TYPES and key is not None:
+                data = decryptor_data(encryption_type, key, data)
+
             payload = AuditHelper.build_final_payload(
                 _type="RESPONSE",
                 status_code=status_code,

encryptors-2.41/src/Osdental/Helpers/ResponseDecryptor.py

@@ -0,0 +1,15 @@
+from typing import Dict, Any
+from Osdental.Encryptor.Aes import AES
+from Osdental.Encryptor.Rsa import RSAEncryptor
+
+VALID_TYPES = {"RSA", "AES"}
+
+def decryptor_data(encryption_type: str, key: str, data: Dict[str, Any] | str) -> Any:
+    
+    match encryption_type:
+
+        case "AES":
+            return AES.decrypt(key, data)
+
+        case "RSA":
+            return RSAEncryptor.decrypt(data, key)

{encryptors-2.39 → encryptors-2.41}/src/Osdental/Models/Response.py

@@ -1,5 +1,5 @@
 from dataclasses import dataclass, field, asdict
-from typing import Optional, Any
+from typing import Optional, Any, Literal
 from Osdental.Shared.Enums.Code import Code
 from Osdental.Shared.Enums.Message import Message
 
@@ -9,6 +9,8 @@ class Response:
     message: str = field(default=Message.PROCESS_SUCCESS_MSG)
     data: Optional[Any] = None
     error: Optional[str] = None
+    encryption_type: Literal["AES", "RSA", "NORMAL"] = "AES"
+    key: Optional[str] = None
 
     def send(self):
         response = asdict(self)
@@ -16,4 +18,10 @@ class Response:
         if response["error"] is None:
             response.pop("error")
 
+        if response["encryption_type"]:
+            response.pop("encryption_type")
+
+        if response["key"]:
+            response.pop("key")
+
         return response

encryptors-2.41/src/Osdental/Shared/Utils/RsaUtils.py

@@ -0,0 +1,30 @@
+
+def normalize_rsa_keys(key_str: str, is_private: bool = True) -> str:
+    """
+    Normaliza una llave RSA (privada o pública) para que sea compatible con cryptography.
+    Si is_private=True, normaliza la llave privada; si False, normaliza la llave pública.
+    """
+
+    # Determinar encabezados correctos
+    if is_private:
+        header = "-----BEGIN RSA PRIVATE KEY-----"
+        footer = "-----END RSA PRIVATE KEY-----"
+        invalid_texts = ["-----BEGINRSAPRIVATEKEY-----", "-----ENDRSAPRIVATEKEY-----",
+                        "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----"]
+    else:
+        header = "-----BEGIN PUBLIC KEY-----"
+        footer = "-----END PUBLIC KEY-----"
+        invalid_texts = ["-----BEGINPUBLICKEY-----", "-----ENDPUBLICKEY-----",
+                        "-----BEGIN PUBLIC KEY-----", "-----END PUBLIC KEY-----"]
+
+    # Limpiar encabezados inválidos y espacios
+    for text in invalid_texts:
+        key_str = key_str.replace(text, "")
+    key_str = key_str.replace("\r", "").replace(" ", "").replace("\n", "")
+
+    # Dividir en líneas de 64 caracteres
+    lines = [key_str[i:i+64] for i in range(0, len(key_str), 64)]
+
+    # Reconstruir PEM válido
+    pem = f"{header}\n" + "\n".join(lines) + f"\n{footer}\n"
+    return pem

{encryptors-2.39 → encryptors-2.41}/src/Osdental/Storage/AzureBlobStorage.py

@@ -80,4 +80,8 @@ class AzureBlobStorage(IStorageService):
         return {
             "uploadUrl": url,
             "blobName": filename
-        }
+        }
+    
+    async def close(self):
+        await self._client.close()
+        await self._credential.close()

encryptors-2.39/README.md

@@ -1,17 +0,0 @@
-# osdental-library
-
-`osdental-library` is a versatile and easy-to-use library for handling common tasks related to **encryption**, **hashing**, and **JWT token management**. Ideal for projects that require a secure and efficient approach to handling sensitive data.
-
-## Features
-
-- Generation and validation of **hashes** using modern algorithms.
-- Encryption and decryption of data using secure keys.
-- Creation and verification of **JWT tokens** for authentication and authorization.
-- Implementations that are easy to integrate into any Python project.
-
-## Installation
-
-You can easily install `osdental-library` using `pip`:
-
-```bash
-pip install osdental-library

encryptors-2.39/src/Osdental/Graphql/Extensions/AuditExtension.py

@@ -1,120 +0,0 @@
-import json
-from graphql.pyutils import is_awaitable
-from ariadne.types import Extension
-from Osdental.Encryptor.Aes import AES
-from Osdental.Graphql._Helpers._TenantPolicy import TenantPolicy
-from Osdental.Rest.Context.RequestContext import (
-    current_context,
-    RequestContext
-)
-from Osdental.Graphql.Models import BaseGraphQLContext
-from Osdental.Graphql._Exceptions import AESKeyNotFound
-from Osdental.Shared.Enums.Constant import Constant
-
-class AuditExtension(Extension):
-
-    def request_started(self, context):
-        request = context.request
-        self._ctx_token = current_context.set(
-            RequestContext(
-                request=request,
-                request_id=request.headers.get("x-request-id"),
-                user=None
-            )
-        )
-
-        self.errors = None
-        self.request_payload = None
-        self.result = None
-
-    async def resolve(self, next_, root, info, **kwargs):
-
-        if not self.request_payload:
-            context: BaseGraphQLContext = info.context
-
-            request = context.request
-            self.request = request
-
-            body = await request.json()
-            headers = request.headers
-
-            container = context.container
-            token_service = container.token_service
-
-            aes_auth = request.app.state.aes_auth
-            aes_user = request.app.state.aes_user
-
-            if not aes_auth:
-                raise AESKeyNotFound("AES user key is missing.", "aes_auth")
-            
-            if not aes_user:
-                raise AESKeyNotFound("AES authorization key is missing.", "aes_user")
-
-            original_token = await token_service.authenticate(headers, aes_user)
-            
-            variables = body.get("variables") or {}
-            encrypted_payload = variables.get("data")
-
-            decrypted_payload = None
-
-            if encrypted_payload:
-                try:
-                    decrypted_payload = AES.decrypt(aes_auth, encrypted_payload)
-
-                    try:
-                        decrypted_payload = json.loads(decrypted_payload)
-                    except Exception:
-                        pass
-
-                except Exception:
-                    decrypted_payload = None
-
-            token = TenantPolicy.resolve(
-                token=original_token,
-                headers=request.headers,
-                decrypted_payload=decrypted_payload,
-                operation_type=info.operation.operation.value
-            )
-            
-            self.request_payload = {
-                "operation_type": info.operation.operation.value,
-                "operation_name": body.get("operationName", "UnknownOperation"),
-                "query": body.get("query"),
-                "variables": decrypted_payload,
-                "user": token.user_full_name
-            }
-
-            context.decrypted_payload = decrypted_payload
-            context.token = token
-            context.aes_auth = aes_auth
-
-        result = next_(root, info, **kwargs)
-
-        if is_awaitable(result):
-            result = await result
-
-        if root is None:
-            self.result = result
-
-        return result
-
-    def has_errors(self, errors, context):
-        self.errors = errors
-
-    def request_finished(self, context):
-        if not self.request_payload: return
-
-        query = self.request_payload.get("query", "")
-        
-        if "__schema" in query or "__type" in query: return
-    
-        if not hasattr(context, "audit_plain_response"): return
-
-        dispatcher = context.request.app.state.audit_dispatcher
-
-        dispatcher.dispatch(
-            request=self.request,
-            request_payload=self.request_payload,
-            result=context.audit_plain_response,
-            audit_type=Constant.MESSAGE_LOG_INTERNAL
-        )