Encryptors 2.49__tar.gz → 2.51__tar.gz

{encryptors-2.49 → encryptors-2.51}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.49
+Version: 2.51
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai
@@ -57,6 +57,7 @@ Requires-Dist: bcrypt==4.3.0
 Requires-Dist: azure-monitor-opentelemetry==1.8.1
 Requires-Dist: uvicorn==0.37.0
 Requires-Dist: gunicorn==23.0.0
+Requires-Dist: jwcrypto==1.5.7
 Dynamic: author
 Dynamic: author-email
 Dynamic: classifier

{encryptors-2.49 → encryptors-2.51}/setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 # ANDERSON REVISAR EL CACHE LOCAL DEL KEYVAULT PARA VALIDAR SI FUNCIONA
 setup(
     name="Encryptors", 
-    version="2.49",
+    version="2.51",
     author="OSDental LLC",
     author_email="support@osdental.ai",
     description="End-to-end algorithm library",
@@ -64,7 +64,8 @@ setup(
         "bcrypt==4.3.0",
         "azure-monitor-opentelemetry==1.8.1",
         "uvicorn==0.37.0",
-        "gunicorn==23.0.0"
+        "gunicorn==23.0.0",
+        "jwcrypto==1.5.7",
     ],
     entry_points={
     'console_scripts': [

{encryptors-2.49 → encryptors-2.51}/src/Encryptors.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.49
+Version: 2.51
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai
@@ -57,6 +57,7 @@ Requires-Dist: bcrypt==4.3.0
 Requires-Dist: azure-monitor-opentelemetry==1.8.1
 Requires-Dist: uvicorn==0.37.0
 Requires-Dist: gunicorn==23.0.0
+Requires-Dist: jwcrypto==1.5.7
 Dynamic: author
 Dynamic: author-email
 Dynamic: classifier

{encryptors-2.49 → encryptors-2.51}/src/Encryptors.egg-info/SOURCES.txt

@@ -41,10 +41,13 @@ src/Osdental/Graphql/_Helpers/__init__.py
 src/Osdental/Helpers/AuditDispatcher.py
 src/Osdental/Helpers/AzureClassifier.py
 src/Osdental/Helpers/GrpcConnection.py
+src/Osdental/Helpers/JwtAuthTokenService.py
+src/Osdental/Helpers/JwtTokenHelper.py
 src/Osdental/Helpers/KeyVaultService.py
 src/Osdental/Helpers/Resilience.py
 src/Osdental/Helpers/ResponseDecryptor.py
 src/Osdental/Helpers/WebsocketClient.py
+src/Osdental/Helpers/_AuthTokenProcessor.py
 src/Osdental/Helpers/_Ports.py
 src/Osdental/Helpers/__init__.py
 src/Osdental/Http/APIClient.py
@@ -59,6 +62,7 @@ src/Osdental/Models/AuditConfig.py
 src/Osdental/Models/Notification.py
 src/Osdental/Models/Response.py
 src/Osdental/Models/Token.py
+src/Osdental/Models/TokenClaims.py
 src/Osdental/Models/_Audit.py
 src/Osdental/Models/__init__.py
 src/Osdental/Rest/__init__.py
@@ -68,12 +72,12 @@ src/Osdental/Rest/Middlewares/RequestContextMiddleware.py
 src/Osdental/Rest/Middlewares/__init__.py
 src/Osdental/Shared/Logger.py
 src/Osdental/Shared/__init__.py
-src/Osdental/Shared/Enums/Code.py
 src/Osdental/Shared/Enums/Constant.py
 src/Osdental/Shared/Enums/FileType.py
 src/Osdental/Shared/Enums/GrahpqlOperation.py
 src/Osdental/Shared/Enums/Message.py
 src/Osdental/Shared/Enums/Profile.py
+src/Osdental/Shared/Enums/StatusCode.py
 src/Osdental/Shared/Enums/__init__.py
 src/Osdental/Shared/Utils/CaseConverter.py
 src/Osdental/Shared/Utils/CodeGenerator.py

{encryptors-2.49 → encryptors-2.51}/src/Encryptors.egg-info/requires.txt

@@ -46,3 +46,4 @@ bcrypt==4.3.0
 azure-monitor-opentelemetry==1.8.1
 uvicorn==0.37.0
 gunicorn==23.0.0
+jwcrypto==1.5.7

{encryptors-2.49 → encryptors-2.51}/src/Osdental/Cache/Redis.py

@@ -18,12 +18,6 @@ class RedisCacheAsync(ICacheService):
     _instances: Dict[str, "RedisCacheAsync"] = {}
     _lock = asyncio.Lock()
 
-    _policy = AzureResiliencePolicy(
-        "redis-cache",
-        max_attempts=3,
-        base_delay=0.5,
-        failure_threshold=5,
-    )
 
     def __new__(cls, redis_host: str, redis_port: int = 6380):
 
@@ -48,7 +42,15 @@ class RedisCacheAsync(ICacheService):
 
         self.client = None
 
+        self._policy = AzureResiliencePolicy(
+            "redis-cache",
+            max_attempts=3,
+            base_delay=0.5,
+            failure_threshold=5,
+        )
+
         self._initialized = True
+        self._reconnect_lock = asyncio.Lock()
 
 
     async def _call(self, func, *args, **kwargs):
@@ -68,8 +70,24 @@ class RedisCacheAsync(ICacheService):
         try:
             return await self._policy.execute(_inner)
         except AzureTransientError as exc:
-            logger.error("redis.exhausted error=%s", exc)
-            raise RedisException(message=Message.UNEXPECTED_ERROR_MSG, error=str(exc))
+            try:
+                await self._reconnect()
+
+            except Exception as reconnect_exc:
+                logger.error(
+                    "redis.reconnect.failed error=%s",
+                    reconnect_exc
+                )
+
+            logger.error(
+                "redis.exhausted error=%s",
+                exc
+            )
+
+            raise RedisException(
+                message=Message.UNEXPECTED_ERROR_MSG,
+                error=str(exc)
+            )
         except Exception as exc:
             raise RedisException(message=Message.UNEXPECTED_ERROR_MSG, error=str(exc))
         
@@ -100,7 +118,7 @@ class RedisCacheAsync(ICacheService):
                     retry_on_timeout=True,
                     socket_connect_timeout=5,
                     socket_timeout=5,
-                    max_connections=50,
+                    max_connections=100,
                     socket_keepalive=True
                 )
 
@@ -135,11 +153,10 @@ class RedisCacheAsync(ICacheService):
     ):
 
         await self._call(
-            self.client.set(
-                key,
-                json.dumps(value),
-                ex=ttl
-            )
+            self.client.set,
+            key,
+            json.dumps(value),
+            ex=ttl
         )
 
 
@@ -151,11 +168,10 @@ class RedisCacheAsync(ICacheService):
     ):
 
         await self._call(
-            self.client.set(
-                key,
-                value,
-                ex=ttl
-            )
+            self.client.set,
+            key,
+            value,
+            ex=ttl
         )
 
     async def get_dict(
@@ -164,10 +180,19 @@ class RedisCacheAsync(ICacheService):
     ) -> Optional[Dict[str, Any]]:
 
         value = await self._call(
-            self.client.get(key)
+            self.client.get,
+            key
         )
 
-        return json.loads(value) if value else None
+        try:
+            return json.loads(value) if value else None
+
+        except json.JSONDecodeError:
+            logger.error(
+                "redis.invalid_json key=%s",
+                key
+            )
+            return None
 
 
     async def get_str(
@@ -176,14 +201,16 @@ class RedisCacheAsync(ICacheService):
     ) -> Optional[str]:
 
         return await self._call(
-            self.client.get(key)
+            self.client.get,
+            key
         )
 
 
     async def delete(self, key: str) -> bool:
 
         result = await self._call(
-            self.client.delete(key)
+            self.client.delete,
+            key
         )
 
         return result > 0
@@ -192,7 +219,8 @@ class RedisCacheAsync(ICacheService):
     async def exists(self, key: str) -> bool:
 
         result = await self._call(
-            self.client.exists(key)
+            self.client.exists,
+            key
         )
 
         return result > 0
@@ -201,14 +229,14 @@ class RedisCacheAsync(ICacheService):
     async def flush(self):
 
         await self._call(
-            self.client.flushdb()
+            self.client.flushdb
         )
 
 
     async def flush_all(self):
 
         await self._call(
-            self.client.flushall()
+            self.client.flushall
         )
 
 
@@ -218,7 +246,8 @@ class RedisCacheAsync(ICacheService):
     ) -> List[Optional[Any]]:
 
         values = await self._call(
-            self.client.mget(keys)
+            self.client.mget,
+            keys
         )
 
         return [
@@ -236,7 +265,10 @@ class RedisCacheAsync(ICacheService):
             match=f"{prefix}*"
         ):
 
-            await self._call(self.client.delete(key))
+            await self._call(
+                self.client.delete,
+                key
+            )
 
 
     async def _scan_keys(self, match: str = "*"):
@@ -246,6 +278,32 @@ class RedisCacheAsync(ICacheService):
         ):
             yield key
 
+
+    async def _reconnect(self):
+
+        async with self._reconnect_lock:
+
+            try:
+
+                if self.client:
+                    await self.client.ping()
+                    return
+
+            except Exception:
+                pass
+
+            try:
+
+                if self.client:
+                    await self.client.aclose()
+
+            except Exception:
+                pass
+
+            self.client = None
+
+            await self.connect()
+
     async def close(self):
 
         try:

{encryptors-2.49 → encryptors-2.51}/src/Osdental/Database/Connection.py

@@ -74,6 +74,17 @@ class Connection:
         self.initialized = True
         logger.info("db.connection_ready url=%s", self._safe_url(db_url))
 
+    @staticmethod
+    def _safe_url(db_url: str) -> str:
+        """Enmascara contraseñas del connection string para logging seguro."""
+        import re
+        return re.sub(
+            r"(password|pwd)=[^;]+",
+            r"\1=***",
+            db_url,
+            flags=re.IGNORECASE
+        )
+
     def _ensure_connection_resiliency(self, db_url: str) -> str:
         """
         Agrega parámetros resilientes por defecto para Azure SQL

encryptors-2.51/src/Osdental/Decorators/SecureResolver.py

@@ -0,0 +1,134 @@
+from functools import wraps
+from typing import Callable
+from graphql import GraphQLResolveInfo
+from Osdental.Models.Response import Response
+from Osdental.Shared.Enums.Profile import Profile
+from Osdental.Exception.ControlledException import (
+    OSDException, AccessDeniedException
+)
+from Osdental.Graphql.Models import BaseGraphQLContext
+from Osdental.Shared.Logger import logger
+from Osdental.Helpers._Ports import IAuthTokenService
+from Osdental.Helpers._AuthTokenProcessor import (
+    extract_bearer_token, build_auth_token, decrypt_and_parse_payload
+)
+from Osdental.Models.TokenClaims import UserTokenClaims
+from Osdental.Shared.Enums.StatusCode import StatusCode
+
+
+def __test(dispatcher, request, request_payload, result, decrypted_key):
+    dispatcher.dispatch(
+        request=request,
+        request_payload=request_payload,
+        result=result,
+        metadata={
+            "decrypted_key": decrypted_key
+        },
+        audit_type="MESSAGE_LOG_INTERNAL"
+    )
+
+def resolver(public: bool = False, action=None):
+
+    def decorator(func: Callable):
+        func._is_public = public
+
+        @wraps(func)
+        async def wrapper(obj, info: GraphQLResolveInfo, **kwargs):
+            try:
+                context: BaseGraphQLContext = info.context
+                request = context.request
+
+                # ── 1. AUTENTICACIÓN ──────────────────────────────
+                if not public:
+
+                    headers = request.headers
+                    container = context.container
+                    token_service: IAuthTokenService = container.auth_token_service
+                    user_token = extract_bearer_token(headers)
+                    
+                    claims: UserTokenClaims = token_service.validate_internal_access_token(
+                        user_token
+                    )
+
+                # ── 2. DECRYPT DEL PAYLOAD ────────────────────────
+                body = await request.json()
+                variables = body.get("variables") or {}
+                encrypted_payload = kwargs.get("data") or variables.get("data")
+                decrypted_payload = None
+
+                if not public and encrypted_payload is not None:
+                    decrypted_payload = decrypt_and_parse_payload(
+                        aes_key_auth=claims.aes_key_auth,
+                        encrypted_payload=encrypted_payload
+                    )
+
+                    kwargs["data"] = decrypted_payload
+
+                # ── 3. TENANT POLICY ──────────────────────────────
+                if not public:
+
+                    token = build_auth_token(
+                        claims=claims,
+                        headers=request.headers,
+                        decrypted_payload=decrypted_payload,
+                        operation_type=info.operation.operation.value
+                    )
+
+                # ── 4. CONTROL DE ACCESO POR ROL ─────────────────
+                if not public and action:
+                    if Profile(token.abbreviation) not in action.allowed_roles:
+                        raise AccessDeniedException(
+                            status_code=StatusCode.BUSINESS_RULE_WARNING,
+                            error="User not allowed to perform this action"
+                        )
+
+                # ── 5. EJECUTAR RESOLVER ──────────────────────────
+                result = await func(obj, info, **kwargs)
+
+                if not isinstance(result, Response):
+                    raise TypeError("Resolver must return a Response instance")
+
+                dispatcher = request.app.state.audit_dispatcher
+
+                request_payload = {
+                    "operation_type": info.operation.operation.value,
+                    "operation_name": body.get("operationName", "UnknownOperation"),
+                    "query": body.get("query"),
+                    "variables": decrypted_payload,
+                    "user": (
+                        token.user_full_name 
+                        if token 
+                        else "Public"
+                    )
+                }
+
+                if isinstance(result, Response):
+                    decrypted_key = result.key or claims.aes_key_auth
+
+                __test(
+                    dispatcher=dispatcher,
+                    request_payload=request_payload,
+                    request=request,
+                    decrypted_key=decrypted_key,
+                    result=result
+                )
+
+                return result
+
+            except OSDException as e:
+                logger.warning(f"Business error: {str(e)}")
+                return Response(
+                    status=e.status_code,
+                    message=e.message,
+                    error=e.error
+                )
+            except Exception as e:
+                logger.exception(f"Unexpected error: {str(e)}")
+                return Response(
+                    status=StatusCode.INTERNAL_SERVER_ERROR,
+                    message="Could not process request.",
+                    error=str(e)
+                )
+
+        return wrapper
+    return decorator

{encryptors-2.49 → encryptors-2.51}/src/Osdental/Exception/ControlledException.py

@@ -1,5 +1,5 @@
 from typing import Any
-from Osdental.Shared.Enums.Code import Code
+from Osdental.Shared.Enums.StatusCode import StatusCode
 from Osdental.Shared.Enums.Message import Message
 
 class OSDException(Exception):
@@ -8,7 +8,7 @@ class OSDException(Exception):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: Any = Code.APP_ERROR_CODE
+        status_code: Any = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(error)
         self.message = message
@@ -25,7 +25,7 @@ class UnauthorizedException(OSDException):
         self, 
         message: str = Message.PORTAL_ACCESS_RESTRICTED_MSG, 
         error: str = None, 
-        status_code: str = Code.UNAUTHORIZATED_CODE
+        status_code: str = StatusCode.UNAUTHORIZED,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -34,7 +34,7 @@ class AccessDeniedException(OSDException):
         self, 
         message: str = Message.ACCESS_DENIED_MSG, 
         error: str = None, 
-        status_code: str = Code.INVALID_REQUEST_PARAMS_CODE
+        status_code: str = StatusCode.BUSINESS_RULE_WARNING,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -43,7 +43,7 @@ class RequestDataException(OSDException):
         self, 
         message: str = Message.INVALID_REQUEST_PARAMS_MSG, 
         error: str = None, 
-        status_code: str = Code.INVALID_REQUEST_PARAMS_CODE
+        status_code: str = StatusCode.VALIDATION_WARNING,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -52,7 +52,7 @@ class DatabaseConnectionException(OSDException):
         self,
         message: str = Message.INVALID_FORMAT_MSG,
         error: str = None,
-        status_code: str = Code.DATABASE_CONNECTION_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -61,7 +61,7 @@ class DatabaseException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.DATABASE_ERROR_CODE
+        status_code: str = StatusCode.DATA_NOT_FOUND_WARNING,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -70,7 +70,7 @@ class RSAEncryptException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.RSA_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -79,7 +79,7 @@ class AESEncryptException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.AES_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -88,7 +88,7 @@ class JWTokenException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.JWT_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -97,7 +97,7 @@ class AzureException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.AZURE_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -106,7 +106,7 @@ class RedisException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.REDIS_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -115,7 +115,7 @@ class ValidationDataException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.REQUEST_VALIDATION_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -124,7 +124,7 @@ class UnexpectedException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.UNEXPECTED_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -133,7 +133,7 @@ class MissingFieldException(OSDException):
         self, 
         message: str = Message.MISSING_FIELD_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.MISSING_FIELD_ERROR_CODE
+        status_code: str = StatusCode.VALIDATION_WARNING,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -142,7 +142,7 @@ class ProfilePermissionDeniedException(OSDException):
         self,
         message: str = Message.PROFILE_PERMISSION_DENIED_MSG,
         error: str = None,
-        status_code: str = Code.PROFILE_PERMISSION_DENIED_CODE
+        status_code: str = StatusCode.BUSINESS_RULE_WARNING,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -151,7 +151,7 @@ class InvalidFormatException(OSDException):
         self,
         message: str = Message.INVALID_FORMAT_MSG,
         error: str = None,
-        status_code: str = Code.INVALID_FORMAT_CODE
+        status_code: str = StatusCode.VALIDATION_WARNING,
     ):
         super().__init__(message=message, error=error, status_code=status_code)
 
@@ -160,6 +160,6 @@ class HttpClientException(OSDException):
         self, 
         message: str = Message.UNEXPECTED_ERROR_MSG, 
         error: str = None, 
-        status_code: str = Code.HTTP_ERROR_CODE
+        status_code: str = StatusCode.INTERNAL_SERVER_ERROR,
     ):
         super().__init__(message=message, error=error, status_code=status_code)

{encryptors-2.49 → encryptors-2.51}/src/Osdental/Helpers/AzureClassifier.py

@@ -1,3 +1,4 @@
+import asyncio
 from azure.core.exceptions import (
     HttpResponseError,
     ResourceNotFoundError,
@@ -21,6 +22,9 @@ def classify(exc: Exception) -> Exception:
     Convierte excepciones del SDK de Azure en AzureTransientError
     o AzurePermanentError según si tiene sentido reintentar.
     """
+    if isinstance(exc, asyncio.TimeoutError):
+        return AzureTransientError(str(exc))
+
     # Fallos de red/conexión → siempre transitorio
     if isinstance(exc, (ServiceRequestError, ServiceResponseError)):
         return AzureTransientError(str(exc))