aiteamutils 0.2.51__py3-none-any.whl → 0.2.52__py3-none-any.whl

aiteamutils/security.py

@@ -6,10 +6,10 @@ from fastapi import Request, HTTPException, status
 from functools import wraps
 from jose import jwt, JWTError
 from passlib.context import CryptContext
+from sqlalchemy.ext.asyncio import AsyncSession
 import logging
 
 from .exceptions import CustomException, ErrorCode
-from .database import DatabaseService
 from .enums import ActivityType
 from .config import get_settings
 
@@ -29,15 +29,7 @@ class RateLimitExceeded(CustomException):
         max_requests: int,
         window_seconds: int
     ):
-        """Rate limit 초과 예외를 초기화합니다.
-        
-        Args:
-            detail: 상세 메시지
-            source_function: 예외가 발생한 함수명
-            remaining_seconds: 다음 요청까지 남은 시간 (초)
-            max_requests: 허용된 최대 요청 수
-            window_seconds: 시간 윈도우 (초)
-        """
+        """Rate limit 초과 예외를 초기화합니다."""
         super().__init__(
             ErrorCode.RATE_LIMIT_EXCEEDED,
             detail=detail,
@@ -52,119 +44,8 @@ class RateLimitExceeded(CustomException):
         self.max_requests = max_requests
         self.window_seconds = window_seconds
 
-class SecurityError(CustomException):
-    """보안 관련 기본 예외."""
-    
-    def __init__(
-        self,
-        error_code: ErrorCode,
-        detail: str,
-        source_function: str,
-        original_error: Optional[Exception] = None
-    ):
-        """보안 관련 예외를 초기화합니다.
-        
-        Args:
-            error_code: 에러 코드
-            detail: 상세 메시지
-            source_function: 예외가 발생한 함수명
-            original_error: 원본 예외
-        """
-        super().__init__(
-            error_code,
-            detail=detail,
-            source_function=f"security.{source_function}",
-            original_error=original_error
-        )
-
-class TokenError(SecurityError):
-    """토큰 관련 예외."""
-    
-    def __init__(
-        self,
-        detail: str,
-        source_function: str,
-        original_error: Optional[Exception] = None
-    ):
-        """토큰 관련 예외를 초기화합니다."""
-        super().__init__(
-            ErrorCode.INVALID_TOKEN,
-            detail=detail,
-            source_function=source_function,
-            original_error=original_error
-        )
-
-class RateLimiter:
-    """Rate limit 관리 클래스."""
-    
-    def __init__(self, max_requests: int, window_seconds: int):
-        """Rate limiter를 초기화합니다.
-        
-        Args:
-            max_requests: 허용된 최대 요청 수
-            window_seconds: 시간 윈도우 (초)
-        """
-        self.max_requests = max_requests
-        self.window_seconds = window_seconds
-        self._cache: Dict[str, Dict[str, Any]] = {}
-        
-    def is_allowed(self, key: str) -> bool:
-        """현재 요청이 허용되는지 확인합니다.
-        
-        Args:
-            key: Rate limit 키
-            
-        Returns:
-            bool: 요청 허용 여부
-        """
-        now = datetime.now(UTC)
-        rate_info = self._cache.get(key)
-        
-        if rate_info is None or (now - rate_info["start_time"]).total_seconds() >= self.window_seconds:
-            self._cache[key] = {
-                "count": 1,
-                "start_time": now
-            }
-            return True
-            
-        if rate_info["count"] >= self.max_requests:
-            return False
-            
-        rate_info["count"] += 1
-        return True
-        
-    def get_remaining_time(self, key: str) -> float:
-        """남은 시간을 반환합니다.
-        
-        Args:
-            key: Rate limit 키
-            
-        Returns:
-            float: 남은 시간 (초)
-        """
-        rate_info = self._cache.get(key)
-        if not rate_info:
-            return 0
-            
-        now = datetime.now(UTC)
-        return max(
-            0,
-            self.window_seconds - (now - rate_info["start_time"]).total_seconds()
-        )
-
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    """비밀번호를 검증합니다.
-    
-    Args:
-        plain_password: 평문 비밀번호
-        hashed_password: 해시된 비밀번호
-        
-    Returns:
-        bool: 비밀번호 일치 여부
-        
-    Raises:
-        CustomException: 비밀번호 검증 실패 시
-    """
+    """비밀번호를 검증합니다."""
     try:
         return pwd_context.verify(plain_password, hashed_password)
     except Exception as e:
@@ -176,17 +57,7 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
         )
 
 def hash_password(password: str) -> str:
-    """비밀번호를 해시화합니다.
-    
-    Args:
-        password: 평문 비밀번호
-        
-    Returns:
-        str: 해시된 비밀번호
-        
-    Raises:
-        CustomException: 비밀번호 해시화 실패 시
-    """
+    """비밀번호를 해시화합니다."""
     try:
         return pwd_context.hash(password)
     except Exception as e:
@@ -197,135 +68,21 @@ def hash_password(password: str) -> str:
             original_error=e
         )
 
-def rate_limit(
-    max_requests: int,
-    window_seconds: int,
-    key_func: Optional[Callable] = None
-):
-    """Rate limiting 데코레이터."""
-    def decorator(func: Callable) -> Callable:
-        @wraps(func)
-        async def wrapper(*args, **kwargs):
-            logging.info(f"[rate_limit] Starting rate limit check for {func.__name__}")
-            
-            # Request 객체 찾기
-            request = None
-            for arg in args:
-                if isinstance(arg, Request):
-                    request = arg
-                    break
-            if not request:
-                for arg in kwargs.values():
-                    if isinstance(arg, Request):
-                        request = arg
-                        break
-            if not request:
-                logging.error("[rate_limit] Request object not found in args or kwargs")
-                raise CustomException(
-                    ErrorCode.INTERNAL_ERROR,
-                    detail="Request object not found",
-                    source_function="rate_limit"
-                )
-            
-            # 레이트 리밋 키 생성
-            if key_func:
-                rate_limit_key = f"rate_limit:{key_func(request)}"
-            else:
-                client_ip = request.client.host
-                rate_limit_key = f"rate_limit:{client_ip}:{func.__name__}"
-            
-            logging.info(f"[rate_limit] Rate limit key: {rate_limit_key}")
-            
-            now = datetime.now(UTC)
-            
-            # 현재 rate limit 정보 가져오기
-            rate_info = _rate_limits.get(rate_limit_key)
-            logging.info(f"[rate_limit] Current rate info: {rate_info}")
-            
-            if rate_info is None or (now - rate_info["start_time"]).total_seconds() >= window_seconds:
-                # 새로운 rate limit 설정
-                _rate_limits[rate_limit_key] = {
-                    "count": 1,
-                    "start_time": now
-                }
-                logging.info(f"[rate_limit] Created new rate limit: {_rate_limits[rate_limit_key]}")
-            else:
-                # 기존 rate limit 업데이트
-                if rate_info["count"] >= max_requests:
-                    # rate limit 초과
-                    remaining_seconds = window_seconds - (now - rate_info["start_time"]).total_seconds()
-                    logging.warning(f"[rate_limit] Rate limit exceeded. Remaining seconds: {remaining_seconds}")
-                    raise RateLimitExceeded(
-                        detail=rate_limit_key,
-                        source_function=func.__name__,
-                        remaining_seconds=remaining_seconds,
-                        max_requests=max_requests,
-                        window_seconds=window_seconds
-                    )
-                rate_info["count"] += 1
-                logging.info(f"[rate_limit] Updated rate info: {rate_info}")
-            
-            try:
-                logging.info(f"[rate_limit] Executing original function: {func.__name__}")
-                result = await func(*args, **kwargs)
-                logging.info("[rate_limit] Function executed successfully")
-                return result
-            except CustomException as e:
-                logging.error(f"[rate_limit] CustomException occurred: {str(e)}")
-                raise e
-            except Exception as e:
-                logging.error(f"[rate_limit] Unexpected error occurred: {str(e)}")
-                raise CustomException(
-                    ErrorCode.INTERNAL_ERROR,
-                    detail=str(e),
-                    source_function=func.__name__,
-                    original_error=e
-                )
-        
-        return wrapper
-    return decorator
-
-class TokenCreationError(SecurityError):
-    """토큰 생성 관련 예외."""
-    
-    def __init__(
-        self,
-        detail: str,
-        source_function: str,
-        token_type: str,
-        original_error: Optional[Exception] = None
-    ):
-        """토큰 생성 예외를 초기화합니다.
-        
-        Args:
-            detail: 상세 메시지
-            source_function: 예외가 발생한 함수명
-            token_type: 토큰 타입
-            original_error: 원본 예외
-        """
-        super().__init__(
-            ErrorCode.INTERNAL_ERROR,
-            detail=detail,
-            source_function=source_function,
-            original_error=original_error
-        )
-        self.token_type = token_type
-
 async def create_jwt_token(
     user_data: Dict[str, Any],
     token_type: Literal["access", "refresh"],
-    db_service: DatabaseService,
+    session: AsyncSession,
     log_model: Type[Base],
     request: Optional[Request] = None
 ) -> str:
-    """JWT 토큰을 생성하고 로그를 기록합니다.
+    """JWT 토큰을 생성합니다.
     
     Args:
-        user_data: 사용자 데이터 딕셔너리 (username, ulid, name, role_ulid, status, organization 정보 등)
-        token_type: 토큰 타입 ("access" 또는 "refresh")
-        db_service: 데이터베이스 서비스
-        log_model: 로그 모델 클래스
-        request: FastAPI 요청 객체
+        user_data (Dict[str, Any]): 사용자 데이터
+        token_type (Literal["access", "refresh"]): 토큰 타입
+        session (AsyncSession): 데이터베이스 세션
+        log_model (Type[Base]): 로그 모델
+        request (Optional[Request], optional): FastAPI 요청 객체. Defaults to None.
         
     Returns:
         str: 생성된 JWT 토큰
@@ -336,23 +93,13 @@ async def create_jwt_token(
     try:
         settings = get_settings()
         
-        # 필수 필드 검증
-        required_fields = {"username", "ulid"}
-        missing_fields = required_fields - set(user_data.keys())
-        if missing_fields:
-            raise CustomException(
-                ErrorCode.REQUIRED_FIELD_MISSING,
-                detail="|".join(missing_fields),
-                source_function="security.create_jwt_token"
-            )
-        
         if token_type == "access":
-            expires_at = datetime.now(UTC) + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+            expires_at = datetime.now(UTC) + timedelta(minutes=settings.access_token_expire_minutes)
             token_data = {
                 # 등록 클레임
-                "iss": settings.TOKEN_ISSUER,
+                "iss": settings.token_issuer,
                 "sub": user_data["ulid"],
-                "aud": settings.TOKEN_AUDIENCE,
+                "aud": settings.token_audience,
                 "exp": expires_at,
                 
                 # 공개 클레임
@@ -375,18 +122,18 @@ async def create_jwt_token(
         else:  # refresh token
             expires_at = datetime.now(UTC) + timedelta(days=14)
             token_data = {
-                "iss": settings.TOKEN_ISSUER,
+                "iss": settings.token_issuer,
                 "sub": user_data["ulid"],
                 "exp": expires_at,
                 "token_type": token_type,
                 "user_ulid": user_data["ulid"]
             }
-        
+
         try:
             token = jwt.encode(
                 token_data,
-                settings.JWT_SECRET,
-                algorithm=settings.JWT_ALGORITHM
+                settings.jwt_secret,
+                algorithm=settings.jwt_algorithm
             )
         except Exception as e:
             raise CustomException(
@@ -399,18 +146,16 @@ async def create_jwt_token(
         # 로그 생성
         try:
             activity_type = ActivityType.ACCESS_TOKEN_ISSUED if token_type == "access" else ActivityType.REFRESH_TOKEN_ISSUED
-            await db_service.create_log(
-                model=log_model,
-                log_data={
-                    "type": activity_type,
-                    "user_ulid": user_data["ulid"],
-                    "token": token
-                },
-                request=request
+            log_entry = log_model(
+                type=activity_type,
+                user_ulid=user_data["ulid"],
+                token=token
             )
+            session.add(log_entry)
+            await session.flush()
         except Exception as e:
             # 로그 생성 실패는 토큰 생성에 영향을 주지 않음
-            pass
+            logging.error(f"Failed to create token log: {str(e)}")
         
         return token
         
@@ -442,29 +187,47 @@ async def verify_jwt_token(
     """
     try:
         settings = get_settings()
+        
         # 토큰 디코딩
         payload = jwt.decode(
             token,
-            settings.JWT_SECRET,
-            algorithms=[settings.JWT_ALGORITHM],
-            audience=settings.TOKEN_AUDIENCE,
-            issuer=settings.TOKEN_ISSUER
+            settings.jwt_secret,
+            algorithms=[settings.jwt_algorithm],
+            audience=settings.token_audience,
+            issuer=settings.token_issuer
         )
         
-        # 토큰 타입 검증 (expected_type이 주어진 경우에만)
-        if expected_type and payload.get("token_type") != expected_type:
+        # 토큰 타입 검증
+        token_type = payload.get("token_type")
+        if not token_type:
             raise CustomException(
                 ErrorCode.INVALID_TOKEN,
-                detail=f"token|{expected_type}|{payload.get('token_type')}",
+                detail="Token type is missing",
                 source_function="security.verify_jwt_token"
             )
-        
+            
+        if expected_type and token_type != expected_type:
+            raise CustomException(
+                ErrorCode.INVALID_TOKEN,
+                detail=f"Expected {expected_type} token but got {token_type}",
+                source_function="security.verify_jwt_token"
+            )
+            
+        # 사용자 식별자 검증
+        user_ulid = payload.get("user_ulid")
+        if not user_ulid:
+            raise CustomException(
+                ErrorCode.INVALID_TOKEN,
+                detail="User identifier is missing",
+                source_function="security.verify_jwt_token"
+            )
+            
         return payload
         
     except JWTError as e:
         raise CustomException(
             ErrorCode.INVALID_TOKEN,
-            detail=token[:10] + "...",
+            detail=str(e),
             source_function="security.verify_jwt_token",
             original_error=e
         )

aiteamutils/version.py

@@ -1,2 +1,2 @@
 """버전 정보"""
-__version__ = "0.2.51"
+__version__ = "0.2.52"

{aiteamutils-0.2.51.dist-info → aiteamutils-0.2.52.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiteamutils
-Version: 0.2.51
+Version: 0.2.52
 Summary: AI Team Utilities
 Project-URL: Homepage, https://github.com/yourusername/aiteamutils
 Project-URL: Issues, https://github.com/yourusername/aiteamutils/issues

aiteamutils-0.2.52.dist-info/RECORD

@@ -0,0 +1,16 @@
+aiteamutils/__init__.py,sha256=IAvWobxODQeMIgttFf3e1IGMO-DktLyUmnHeKqGDZWg,1346
+aiteamutils/base_model.py,sha256=ODEnjvUVoxQ1RPCfq8-uZTfTADIA4c7Z3E6G4EVsSX0,2708
+aiteamutils/base_repository.py,sha256=vqsundoN0h7FVvgqTBEnnJNMcFpvMK0s_nxBWdIYg-U,7846
+aiteamutils/base_service.py,sha256=s2AcA-6_ogOQKgt2xf_3AG2s6tqBceU4nJoXO1II7S8,24588
+aiteamutils/cache.py,sha256=07xBGlgAwOTAdY5mnMOQJ5EBxVwe8glVD7DkGEkxCtw,1373
+aiteamutils/config.py,sha256=OM_b7g8sqZ3zY_DSF9ry-zn5wn4dlXdx5OhjfTGr0TE,2876
+aiteamutils/database.py,sha256=uSMNWJge5RuQI7zJBJVX24fAHcSPChl-95_2TwK_GOw,39654
+aiteamutils/dependencies.py,sha256=q-OrEOJh4xEpc7ag6nTyey1pQwK9G0ZEDgXB_iTbaM0,6449
+aiteamutils/enums.py,sha256=ipZi6k_QD5-3QV7Yzv7bnL0MjDz-vqfO9I5L77biMKs,632
+aiteamutils/exceptions.py,sha256=_lKWXq_ujNj41xN6LDE149PwsecAP7lgYWbOBbLOntg,15368
+aiteamutils/security.py,sha256=AUcGlNZeURF9AIF87p9SvWYKVao2_CISk8B6WasF-mo,8050
+aiteamutils/validators.py,sha256=3N245cZFjgwtW_KzjESkizx5BBUDaJLbbxfNO4WOFZ0,7764
+aiteamutils/version.py,sha256=jkNi_8VOucj0ySHwq10MaZLBXEjXin60tdcDfPSEO5A,42
+aiteamutils-0.2.52.dist-info/METADATA,sha256=1XX034T6pG0yeYvGKWcPiSbUpmGF1NFlP8wQELSqyRo,1718
+aiteamutils-0.2.52.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+aiteamutils-0.2.52.dist-info/RECORD,,

aiteamutils-0.2.51.dist-info/RECORD

@@ -1,16 +0,0 @@
-aiteamutils/__init__.py,sha256=IAvWobxODQeMIgttFf3e1IGMO-DktLyUmnHeKqGDZWg,1346
-aiteamutils/base_model.py,sha256=ODEnjvUVoxQ1RPCfq8-uZTfTADIA4c7Z3E6G4EVsSX0,2708
-aiteamutils/base_repository.py,sha256=qdwQ7Sj2fUqxpDg6cWM48n_QbwPK_VUlG9zTSem8iCk,18968
-aiteamutils/base_service.py,sha256=E4dHGE0DvhmRyFplh46SwKJOSF_nUL7OAsCkf_ZJF_8,24733
-aiteamutils/cache.py,sha256=07xBGlgAwOTAdY5mnMOQJ5EBxVwe8glVD7DkGEkxCtw,1373
-aiteamutils/config.py,sha256=OM_b7g8sqZ3zY_DSF9ry-zn5wn4dlXdx5OhjfTGr0TE,2876
-aiteamutils/database.py,sha256=Be0hr833X3zMz2gaJYugvE9E7o05uBmXKPhZiGFJQTM,38984
-aiteamutils/dependencies.py,sha256=0mNmZiPlA8wTj4cgmjGXs6y9kkIQ5RtLZHdEeHxyblo,4490
-aiteamutils/enums.py,sha256=ipZi6k_QD5-3QV7Yzv7bnL0MjDz-vqfO9I5L77biMKs,632
-aiteamutils/exceptions.py,sha256=_lKWXq_ujNj41xN6LDE149PwsecAP7lgYWbOBbLOntg,15368
-aiteamutils/security.py,sha256=KSZf3WJAlW0UXVM1GEHwuGy2x27UHwtMr8aq-GuIXZk,16016
-aiteamutils/validators.py,sha256=3N245cZFjgwtW_KzjESkizx5BBUDaJLbbxfNO4WOFZ0,7764
-aiteamutils/version.py,sha256=8MKWHJHM8zYlzctvZN4uCH_rdHayPQd-Sxyv9JJ2554,42
-aiteamutils-0.2.51.dist-info/METADATA,sha256=u7kI-u4xQZcrWK20EtNRzzzJNJvZ22GRD3eI8I7-u-M,1718
-aiteamutils-0.2.51.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-aiteamutils-0.2.51.dist-info/RECORD,,