Encryptors 2.57__tar.gz → 2.59__tar.gz

{encryptors-2.57 → encryptors-2.59}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.57
+Version: 2.59
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai

{encryptors-2.57 → encryptors-2.59}/setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 # ANDERSON REVISAR EL CACHE LOCAL DEL KEYVAULT PARA VALIDAR SI FUNCIONA
 setup(
     name="Encryptors", 
-    version="2.57",
+    version="2.59",
     author="OSDental LLC",
     author_email="support@osdental.ai",
     description="End-to-end algorithm library",

{encryptors-2.57 → encryptors-2.59}/src/Encryptors.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Encryptors
-Version: 2.57
+Version: 2.59
 Summary: End-to-end algorithm library
 Author: OSDental LLC
 Author-email: support@osdental.ai

{encryptors-2.57 → encryptors-2.59}/src/Encryptors.egg-info/SOURCES.txt

@@ -13,6 +13,7 @@ src/Osdental/Cli/__init__.py
 src/Osdental/Constants/Constant.py
 src/Osdental/Constants/Message.py
 src/Osdental/Constants/__init__.py
+src/Osdental/Context/__init__.py
 src/Osdental/Database/BaseRepository.py
 src/Osdental/Database/Connection.py
 src/Osdental/Database/__init__.py
@@ -27,25 +28,17 @@ src/Osdental/Encryptor/Jwt.py
 src/Osdental/Encryptor/Rsa.py
 src/Osdental/Encryptor/Sha512.py
 src/Osdental/Encryptor/__init__.py
+src/Osdental/Enums/AuditType.py
 src/Osdental/Enums/ErrorSource.py
 src/Osdental/Enums/FileType.py
 src/Osdental/Enums/GrahpqlOperation.py
 src/Osdental/Enums/Profile.py
+src/Osdental/Enums/ResultType.py
 src/Osdental/Enums/StatusCode.py
 src/Osdental/Enums/__init__.py
 src/Osdental/Exception/ControlledException.py
 src/Osdental/Exception/__init__.py
-src/Osdental/Graphql/__init__.py
-src/Osdental/Graphql/Extensions/AuditExtension.py
-src/Osdental/Graphql/Extensions/__init__.py
-src/Osdental/Graphql/Models/__init__.py
-src/Osdental/Graphql/_Exceptions/__init__.py
-src/Osdental/Graphql/_Helpers/_AuditHelper.py
-src/Osdental/Graphql/_Helpers/_ExtractAuthToken.py
-src/Osdental/Graphql/_Helpers/_TenantPolicy.py
-src/Osdental/Graphql/_Helpers/_TokenService.py
-src/Osdental/Graphql/_Helpers/__init__.py
-src/Osdental/Helpers/AuditDispatcher.py
+src/Osdental/Helpers/AuditHelper.py
 src/Osdental/Helpers/AzureClassifier.py
 src/Osdental/Helpers/GrpcConnection.py
 src/Osdental/Helpers/JwtTokenHelper.py
@@ -54,26 +47,23 @@ src/Osdental/Helpers/ResponseDecryptor.py
 src/Osdental/Helpers/_AuthTokenProcessor.py
 src/Osdental/Helpers/__init__.py
 src/Osdental/Http/APIClient.py
-src/Osdental/Http/_Helpers.py
 src/Osdental/Http/__init__.py
 src/Osdental/Messaging/AzureServiceBus.py
 src/Osdental/Messaging/Kafka.py
 src/Osdental/Messaging/RabbitMQ.py
 src/Osdental/Messaging/__init__.py
 src/Osdental/Models/ApiResponse.py
+src/Osdental/Models/AuditContext.py
+src/Osdental/Models/Graphql.py
 src/Osdental/Models/Notification.py
 src/Osdental/Models/Response.py
 src/Osdental/Models/Token.py
 src/Osdental/Models/TokenClaims.py
 src/Osdental/Models/__init__.py
-src/Osdental/Rest/__init__.py
-src/Osdental/Rest/Context/RequestContext.py
-src/Osdental/Rest/Context/__init__.py
-src/Osdental/Rest/Middlewares/RequestContextMiddleware.py
-src/Osdental/Rest/Middlewares/__init__.py
 src/Osdental/Secrets/AzureKeyVaultProvider.py
 src/Osdental/Secrets/__init__.py
 src/Osdental/Services/JwtAuthTokenService.py
+src/Osdental/Services/ServiceBusAuditEmitter.py
 src/Osdental/Services/WebsocketClient.py
 src/Osdental/Services/__init__.py
 src/Osdental/Storage/AzureBlobStorage.py

encryptors-2.59/src/Osdental/Context/__init__.py

@@ -0,0 +1,5 @@
+from contextvars import ContextVar
+from typing import Optional
+from Osdental.Models.AuditContext import AuditContext
+
+_ctx: ContextVar[Optional[AuditContext]] = ContextVar('ctx', default=None)

encryptors-2.59/src/Osdental/Decorators/SecureResolver.py

@@ -0,0 +1,134 @@
+import logging
+from functools import wraps
+from typing import Callable
+from graphql import GraphQLResolveInfo
+from Osdental.Models.Response import Response
+from Osdental.Models.Graphql import BaseGraphQLContext
+from Osdental.Models.TokenClaims import UserTokenClaims
+from Osdental.Models.Token import AuthToken
+from Osdental.Enums.Profile import Profile
+from Osdental.Exception.ControlledException import (
+    OSDException, AccessDeniedException
+)
+from Osdental.Services import IAuthTokenService
+from Osdental.Helpers._AuthTokenProcessor import (
+    extract_bearer_token, build_auth_token, decrypt_and_parse_payload
+)
+from Osdental.Enums.StatusCode import StatusCode
+from Osdental.Models.AuditContext import AuditContext
+from Osdental.Helpers.AuditHelper import (
+    _build_success_payload, _build_error_payload, _build_unexpected_payload
+)
+from Osdental.Context import _ctx
+
+logger = logging.getLogger(__name__)
+
+
+def resolver(public: bool = False, action=None):
+
+    def decorator(func: Callable):
+        func._is_public = public
+
+        @wraps(func)
+        async def wrapper(obj, info: GraphQLResolveInfo, **kwargs):
+            try:
+                context: BaseGraphQLContext = info.context
+                container = context.container
+                request = context.request
+                headers = request.headers
+                settings = container.settings
+
+                token: type[AuthToken] | None = None
+
+                # ── 1. AUTENTICACIÓN ──────────────────────────────
+                if not public:
+
+                    token_service: IAuthTokenService = container.auth_token_service
+                    user_token = extract_bearer_token(headers)
+                    
+                    claims: UserTokenClaims = await token_service.validate_internal_access_token(
+                        user_token
+                    )
+
+                # ── 2. DECRYPT DEL PAYLOAD ────────────────────────
+                body = await request.json()
+                variables = body.get("variables") or {}
+                encrypted_payload = kwargs.get("data") or variables.get("data")
+                decrypted_payload = None
+
+                if not public and encrypted_payload is not None:
+                    decrypted_payload = decrypt_and_parse_payload(
+                        aes_key_auth=claims.aes_key_auth,
+                        encrypted_payload=encrypted_payload
+                    )
+
+                    kwargs["data"] = decrypted_payload
+
+                # ── 3. TENANT POLICY ──────────────────────────────
+                if not public:
+
+                    token = build_auth_token(
+                        claims=claims,
+                        headers=request.headers,
+                        decrypted_payload=decrypted_payload,
+                        operation_type=info.operation.operation.value
+                    )
+
+                # ── 4. CONTROL DE ACCESO POR ROL ─────────────────
+                if not public and action:
+                    if Profile(token.abbreviation) not in action.allowed_roles:
+                        raise AccessDeniedException(
+                            status_code=StatusCode.BUSINESS_RULE_WARNING,
+                            error="User not allowed to perform this action"
+                        )
+
+                # ── 5. CONTEXTO DE AUDITORÍA ──────────────
+                # Lo construimos antes del resolver para que siempre exista
+
+                audit_ctx = AuditContext.from_request(
+                    request=request,
+                    settings=settings,
+                    body=body,
+                    operation_type=info.operation.operation.value,
+                    token=token,
+                    decrypted_payload=decrypted_payload,
+                )
+
+                _ctx.set(audit_ctx)
+
+                # ── 6. EJECUTAR RESOLVER ──────────────────
+                result = await func(obj, info, **kwargs)
+
+                if not isinstance(result, Response):
+                    raise TypeError("Resolver must return a Response instance")
+
+                # ── 7. AUDITAR ÉXITO ──────────────────────
+                await container.audit_emitter.emit(
+                    _build_success_payload(audit_ctx, result)
+                )
+
+                return result
+
+            except OSDException as e:
+                # logger.warning(f"Business error: {str(e)}")
+                await container.audit_emitter.emit(
+                    _build_error_payload(audit_ctx, e)
+                )
+                return Response(
+                    status=e.status_code,
+                    message=e.message,
+                    error=e.error
+                )
+            except Exception as e:
+                # logger.exception(f"Unexpected error: {str(e)}")
+                await container.audit_emitter.emit(
+                    _build_unexpected_payload(audit_ctx, e)
+                )
+                return Response(
+                    status=StatusCode.INTERNAL_SERVER_ERROR,
+                    message="Could not process request.",
+                    error=str(e)
+                )
+
+        return wrapper
+    return decorator

encryptors-2.59/src/Osdental/Enums/AuditType.py

@@ -0,0 +1,5 @@
+from enum import StrEnum
+
+class AuditType(StrEnum):
+    INTERNAL = "MESSAGE_LOG_INTERNAL"
+    EXTERNAL = "MESSAGE_LOG_EXTERNAL"

encryptors-2.59/src/Osdental/Enums/ResultType.py

@@ -0,0 +1,5 @@
+from enum import StrEnum
+
+class ResultType(StrEnum):
+    RESPONSE = "Response"
+    ERROR = "Error"

encryptors-2.59/src/Osdental/Helpers/AuditHelper.py

@@ -0,0 +1,166 @@
+import json
+from typing import Optional, List, Dict, Any
+from fastapi import Request
+from httpx import HTTPStatusError, RequestError
+from Osdental.Models.AuditContext import AuditContext
+from Osdental.Models.Response import Response
+from Osdental.Models.ApiResponse import ApiResponse
+from Osdental.Exception.ControlledException import OSDException
+from Osdental.Enums.StatusCode import StatusCode
+from Osdental.Enums.AuditType import AuditType
+from Osdental.Enums.ResultType import ResultType
+
+def build_request_payload(
+    request: Request, 
+    payload: Dict[str, Any], 
+    audit_type: str
+) -> Dict[str, Any]:
+
+    default_value = "*"
+
+    user_ip = request.headers.get("X-Forwarded-For")
+    if user_ip:
+        user_ip = user_ip.split(",")[0]
+    else:
+        user_ip = getattr(request.client, "host", "*")
+
+    SAFE_HEADERS = {
+        "user-agent",
+        "host",
+        "origin",
+        "referer",
+        "content-type"
+    }
+
+    headers = {
+        k: v 
+        for k, v in request.headers.items() 
+        if k.lower() in SAFE_HEADERS
+    }
+
+    return {
+        "idMessageLog": request.headers.get("Idmessagelog"),
+        "environment": payload.get("env"),
+        "header": json.dumps(headers),
+        "microServiceUrl": str(request.url),
+        "microServiceName": payload.get("ms_name"),
+        "microServiceVersion": payload.get("ms_version"),
+        "serviceName": payload.get("operation_name"),
+        "machineNameUser": request.headers.get("Machinenameuser", default_value),
+        "ipUser": user_ip or default_value,
+        "userName": payload.get("user"),
+        "localitation": default_value,
+        "httpMethod": request.method,
+        "messageIn": json.dumps(payload) if payload else default_value,
+        "auditLog": audit_type,
+    }
+
+def _build_final_payload(
+    status_code: int | str,
+    type_: ResultType = ResultType.ERROR,
+    result: Optional[Any] = None,
+    error: Optional[Any] = None
+) -> Dict[str, Any]:
+
+    result = "*" if result is None else result
+    error = "*" if error is None else error
+
+    if isinstance(result, (dict, list)):
+        result = json.dumps(result)
+
+    return {
+        "type": type_,
+        "httpResponseCode": status_code,
+        "messageOut": result,
+        "errorProducer": error
+    }
+
+def _build_success_payload(ctx: Optional[AuditContext], result: Response) -> Dict[str, Any]:
+    base = _base_payload(ctx)
+    return base | _build_final_payload(
+        type_=ResultType.RESPONSE,
+        status_code=result.status,
+        result=result.data
+    )
+
+def _build_error_payload(ctx: Optional[AuditContext], exc: OSDException) -> Dict[str, Any]:
+    base = _base_payload(ctx)
+    return base | _build_final_payload(
+        status_code=exc.audit_status_code,
+        error=exc.error or exc.message
+    )
+
+def _build_unexpected_payload(ctx: Optional[AuditContext], exc: Exception) -> Dict[str, Any]:
+    base = _base_payload(ctx)
+    return base | _build_final_payload(
+        status_code=StatusCode.INTERNAL_SERVER_ERROR,
+        error=str(exc)
+    )
+
+def _base_payload(ctx: Optional[AuditContext], audit_type: AuditType = AuditType.INTERNAL) -> Dict[str, Any]:
+    if not ctx:
+        return {"user": "unknown", "operation_name": "unknown"}
+    
+    return {
+        "idMessageLog": ctx.message_log_id,
+        "environment": ctx.env,
+        "header": json.dumps(ctx.headers or {}),
+        "microServiceUrl": ctx.url,
+        "microServiceName": ctx.ms_name,
+        "microServiceVersion": ctx.ms_version,
+        "serviceName": ctx.operation_name,
+        "machineNameUser": "*",
+        "ipUser": ctx.user_ip or "*",
+        "userName": ctx.user,
+        "localitation": "*",
+        "httpMethod": ctx.http_method,
+        "messageIn": json.dumps(ctx.variables) if ctx.variables else "*",
+        "auditLog": audit_type,
+    }
+
+
+# ------------ FOR EXTERNAL APIS --------------------
+def _build_success_http_payload(ctx: Optional[AuditContext], result: ApiResponse) -> Dict[str, Any]:
+    base = _base_payload(ctx, AuditType.EXTERNAL)
+    return base | _build_final_payload(
+        type_=ResultType.RESPONSE,
+        status_code=result.status,
+        result=result.data
+    )
+
+def _build_error_http_payload(ctx: Optional[AuditContext], exc: HTTPStatusError) -> Dict[str, Any]:
+    base = _base_payload(ctx, AuditType.EXTERNAL)
+    return base | _build_final_payload(
+        status_code=exc.response.status_code,
+        error=exc.response.text
+    )
+
+def _build_error_http_request_payload(ctx: Optional[AuditContext], exc: RequestError) -> Dict[str, Any]:
+    base = _base_payload(ctx, AuditType.EXTERNAL)
+    return base | _build_final_payload(
+        status_code=503,
+        error=str(exc)
+    )
+
+def _build_unexpected_http_payload(ctx: Optional[AuditContext], exc: Exception) -> Dict[str, Any]:
+    base = _base_payload(ctx, AuditType.EXTERNAL)
+    return base | _build_final_payload(
+        status_code=StatusCode.INTERNAL_SERVER_ERROR,
+        error=str(exc)
+    )
+
+def _build_success_graphql_payload(ctx: Optional[AuditContext], result: Dict[str, Any]) -> Dict[str, Any]:
+    base = _base_payload(ctx, AuditType.EXTERNAL)
+    return base | _build_final_payload(
+        type_=ResultType.RESPONSE,
+        status_code=200,
+        result=result
+    )
+
+
+def _build_error_graphql_payload(ctx: Optional[AuditContext], errors: List[Dict[str, Any]]) -> Dict[str, Any]:
+    base = _base_payload(ctx, AuditType.EXTERNAL)
+    return base | _build_final_payload(
+        status_code=StatusCode.INTERNAL_SERVER_ERROR,
+        error=json.dumps(errors)
+    )

{encryptors-2.57 → encryptors-2.59}/src/Osdental/Http/APIClient.py

@@ -3,12 +3,16 @@ from typing import Optional, Dict, Any
 import httpx
 from http import HTTPMethod
 from Osdental.Decorators.Retry import rest_retry
-from Osdental.Http._Helpers import (
-    audit_success, audit_http_error, audit_exception_error,
-    audit_unknown_error, audit_graphql_error
-)
+from Osdental.Models.ApiResponse import ApiResponse
+from Osdental.Services import IAuditEmitter
 from Osdental.Exception.ControlledException import HttpClientException
 from Osdental.Enums.StatusCode import StatusCode
+from Osdental.Context import _ctx
+from Osdental.Helpers.AuditHelper import (
+    _build_success_http_payload, _build_error_http_payload,
+    _build_error_http_request_payload, _build_unexpected_http_payload,
+    _build_success_graphql_payload, _build_error_graphql_payload
+)
 
 logger = logging.getLogger(__name__)
 
@@ -16,9 +20,12 @@ class APIClient:
 
     def __init__(
         self,
+        audit: Optional[IAuditEmitter] = None,
         timeout: Optional[httpx.Timeout] = None,
         limits: Optional[httpx.Limits] = None
     ):
+        self._audit = audit
+
         self._client = httpx.AsyncClient(
             follow_redirects=True,
             timeout=timeout or httpx.Timeout(10.0, read=20.0),
@@ -42,24 +49,37 @@ class APIClient:
                 **kwargs
             )
 
+            audit_ctx = _ctx.get()
+            
+            audit_ctx.headers = kwargs["headers"] or {}
+
             response.raise_for_status()
 
-            audit_success(response, method, url, kwargs)
+            api_res = ApiResponse(
+                status=response.status_code,
+                data=response.text
+            )
+
+            await self._audit_emit.emit(
+                _build_success_http_payload(audit_ctx, api_res)
+            )
 
             return response
 
         except httpx.HTTPStatusError as exc:
             
-            audit_http_error(exc.response, method, url, kwargs)
+            await self._audit_emit.emit(
+                _build_error_http_payload(audit_ctx, exc)
+            )
+
             raise HttpClientException(
                 status_code=StatusCode.BAD_GATEWAY,
                 error=exc.response.text,
-                raw_status_code=exc.response.status_code,
             ) from exc
         
         except httpx.RequestError as exc:
 
-            audit_exception_error(exc, method, url, kwargs)
+            _build_error_http_request_payload(audit_ctx, exc)
             raise HttpClientException(
                 status_code=StatusCode.GATEWAY_TIMEOUT,
                 error=str(exc),
@@ -67,7 +87,7 @@ class APIClient:
         
         except Exception as exc:
 
-            audit_unknown_error(exc, method, url, kwargs)
+            _build_unexpected_http_payload(audit_ctx, exc)
 
             raise
     
@@ -119,13 +139,20 @@ class APIClient:
 
         data = response.json()
 
-        if "errors" in data:
+        audit_ctx = _ctx.get()
+            
+        audit_ctx.headers = headers or {}
 
+        _build_success_graphql_payload(audit_ctx, data)
+
+        if "errors" in data:
+            
+            errors = data['errors']
             logger.error(
-                f"GraphQL error: {data['errors']}"
+                f"GraphQL error: {errors}"
             )
 
-            audit_graphql_error(data["errors"], url, payload)
+            _build_error_graphql_payload(audit_ctx, errors)
             raise HttpClientException(
                 message="GraphQL execution failed",
                 error=str(data["errors"])

encryptors-2.59/src/Osdental/Models/AuditContext.py

@@ -0,0 +1,61 @@
+from dataclasses import dataclass
+from typing import Optional, Dict, Any
+from fastapi import Request
+
+
+@dataclass
+class AuditContext:
+    env: str
+    ms_name: str
+    ms_version: str
+    is_auditable: bool
+    operation_type: str
+    operation_name: str
+    query: Optional[str]
+    variables: Optional[Dict[str, Any]]
+    user: str
+    message_log_id: Optional[str]
+    decrypted_key: Optional[str] = None
+    user_ip: Optional[str] = None
+    headers: Optional[Dict[str, str]] = None
+    url: Optional[str] = None
+    http_method: Optional[str] = None
+
+    SAFE_HEADERS = {"user-agent", "host", "origin", "referer", "content-type"}
+
+    @classmethod
+    def from_request(
+        cls,
+        request: Request,
+        settings,
+        body: Dict,
+        operation_type: str,
+        token=None,
+        decrypted_payload=None,
+    ) -> "AuditContext":
+        
+        user_ip = request.headers.get("X-Forwarded-For")
+        user_ip = user_ip.split(",")[0] if user_ip else getattr(request.client, "host", "*")
+
+        safe_headers = {
+            k: v for k, v in request.headers.items()
+            if k.lower() in cls.SAFE_HEADERS
+        }
+
+        return cls(
+            env=settings.environment,
+            ms_name=settings.microservice_name,
+            ms_version=settings.microservice_version,
+            is_auditable=settings.is_auditable,
+            operation_type=operation_type,
+            operation_name=body.get("operationName", "UnknownOperation"),
+            query=body.get("query"),
+            variables=decrypted_payload,
+            user=token.user_full_name if token else "Public",
+            message_log_id=request.headers.get("Idmessagelog"),
+            decrypted_key=token.aes_key_auth if token else None,
+            user_ip=user_ip,
+            headers=safe_headers,
+            url=str(request.url),
+            http_method=request.method,
+        )

encryptors-2.59/src/Osdental/Services/ServiceBusAuditEmitter.py

@@ -0,0 +1,17 @@
+import json
+from typing import Dict, Any
+from Osdental.Messaging import IMessageQueue
+from Osdental.Storage import IStorageService
+
+class ServiceBusAuditEmitter:
+    
+    def __init__(self, messaging: IMessageQueue, storage: IStorageService):
+        self._messaging = messaging
+        self._storage = storage
+
+    async def emit(self, payload: Dict[str, Any]) -> None:
+        message_log_id = payload.get("idMessageLog")
+        data = json.dumps(payload)
+        blob_name = f"audits/{message_log_id}.text"
+        await self._storage.upload(blob_name, data)
+        await self._messaging.send_message(blob_name)

{encryptors-2.57 → encryptors-2.59}/src/Osdental/Services/__init__.py

@@ -1,4 +1,5 @@
 from abc import ABC, abstractmethod
+from typing import Protocol, Any, Dict
 from Osdental.Models.Notification import Notification
 
 class INotificationPublisher(ABC):
@@ -44,4 +45,9 @@ class IAuthTokenService(ABC):
         self,
         token: str,
     ) -> ActionTokenClaims:
-        pass
+        pass
+
+
+class IAuditEmitter(Protocol):
+    async def emit(self, payload: Dict[str, Any]) -> None:
+        ...