arthexis 0.1.19__py3-none-any.whl → 0.1.21__py3-none-any.whl

core/tasks.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 import logging
 import shutil
+import re
 import subprocess
 from pathlib import Path
 import urllib.error
@@ -102,6 +103,21 @@ def _resolve_service_url(base_dir: Path) -> str:
     return f"http://127.0.0.1:{port}/"
 
 
+def _parse_major_minor(version: str) -> tuple[int, int] | None:
+    match = re.match(r"^\s*(\d+)\.(\d+)", version)
+    if not match:
+        return None
+    return int(match.group(1)), int(match.group(2))
+
+
+def _shares_stable_series(local: str, remote: str) -> bool:
+    local_parts = _parse_major_minor(local)
+    remote_parts = _parse_major_minor(remote)
+    if not local_parts or not remote_parts:
+        return False
+    return local_parts == remote_parts
+
+
 @shared_task
 def check_github_updates() -> None:
     """Check the GitHub repo for updates and upgrade if needed."""
@@ -196,9 +212,16 @@ def check_github_updates() -> None:
             if startup:
                 startup()
             return
+        if mode == "stable" and _shares_stable_series(local, remote):
+            if startup:
+                startup()
+            return
         if notify:
             notify("Upgrading...", upgrade_stamp)
-        args = ["./upgrade.sh", "--no-restart"]
+        if mode == "stable":
+            args = ["./upgrade.sh", "--stable", "--no-restart"]
+        else:
+            args = ["./upgrade.sh", "--no-restart"]
         upgrade_was_applied = True
 
     with log_file.open("a") as fh:

core/tests.py

@@ -8,6 +8,7 @@ django.setup()
 from django.test import Client, TestCase, RequestFactory, override_settings
 from django.urls import reverse
 from django.http import HttpRequest
+from django.contrib import messages
 import csv
 import json
 import importlib.util
@@ -1289,11 +1290,10 @@ class ReleaseProcessTests(TestCase):
         run.assert_any_call(["git", "clean", "-fd"], check=False)
 
     @mock.patch("core.views.PackageRelease.dump_fixture")
-    @mock.patch("core.views._ensure_release_todo")
     @mock.patch("core.views._sync_with_origin_main")
     @mock.patch("core.views.subprocess.run")
     def test_pre_release_syncs_with_main(
-        self, run, sync_main, ensure_todo, dump_fixture
+        self, run, sync_main, dump_fixture
     ):
         import subprocess as sp
 
@@ -1305,11 +1305,6 @@ class ReleaseProcessTests(TestCase):
             return sp.CompletedProcess(cmd, 0)
 
         run.side_effect = fake_run
-        ensure_todo.return_value = (
-            mock.Mock(request="Create release pkg 1.0.1", url="", request_details=""),
-            Path("core/fixtures/todos__next_release.json"),
-        )
-
         version_path = Path("VERSION")
         original_version = version_path.read_text(encoding="utf-8")
 

core/views.py

@@ -19,7 +19,6 @@ from django.shortcuts import get_object_or_404, redirect, render, resolve_url
 from django.template.response import TemplateResponse
 from django.utils import timezone
 from django.utils.html import strip_tags
-from django.utils.text import slugify
 from django.utils.translation import gettext as _
 from django.urls import NoReverseMatch, reverse
 from django.views.decorators.csrf import csrf_exempt
@@ -448,8 +447,11 @@ def _resolve_release_log_dir(preferred: Path) -> tuple[Path, str | None]:
 
     env_override = os.environ.pop("ARTHEXIS_LOG_DIR", None)
     fallback = select_log_dir(Path(settings.BASE_DIR))
-    if env_override and Path(env_override) != fallback:
-        os.environ["ARTHEXIS_LOG_DIR"] = str(fallback)
+    if env_override is not None:
+        if Path(env_override) == fallback:
+            os.environ["ARTHEXIS_LOG_DIR"] = env_override
+        else:
+            os.environ["ARTHEXIS_LOG_DIR"] = str(fallback)
 
     if fallback == preferred:
         if error:
@@ -608,6 +610,43 @@ def _git_authentication_missing(exc: subprocess.CalledProcessError) -> bool:
     return any(marker in message for marker in auth_markers)
 
 
+def _push_release_changes(log_path: Path) -> bool:
+    """Push release commits to ``origin`` and log the outcome."""
+
+    if not _has_remote("origin"):
+        _append_log(
+            log_path, "No git remote configured; skipping push of release changes"
+        )
+        return False
+
+    try:
+        branch = _current_branch()
+        if branch is None:
+            push_cmd = ["git", "push", "origin", "HEAD"]
+        elif _has_upstream(branch):
+            push_cmd = ["git", "push"]
+        else:
+            push_cmd = ["git", "push", "--set-upstream", "origin", branch]
+        subprocess.run(push_cmd, check=True, capture_output=True, text=True)
+    except subprocess.CalledProcessError as exc:
+        details = _format_subprocess_error(exc)
+        if _git_authentication_missing(exc):
+            _append_log(
+                log_path,
+                "Authentication is required to push release changes to origin; skipping push",
+            )
+            if details:
+                _append_log(log_path, details)
+            return False
+        _append_log(
+            log_path, f"Failed to push release changes to origin: {details}"
+        )
+        raise Exception("Failed to push release changes") from exc
+
+    _append_log(log_path, "Pushed release changes to origin")
+    return True
+
+
 def _ensure_origin_main_unchanged(log_path: Path) -> None:
     """Verify that ``origin/main`` has not advanced during the release."""
 
@@ -653,29 +692,6 @@ def _next_patch_version(version: str) -> str:
     return f"{parsed.major}.{parsed.minor}.{parsed.micro + 1}"
 
 
-def _write_todo_fixture(todo: Todo) -> Path:
-    safe_request = todo.request.replace(".", " ")
-    slug = slugify(safe_request).replace("-", "_")
-    if not slug:
-        slug = "todo"
-    path = TODO_FIXTURE_DIR / f"todos__{slug}.json"
-    path.parent.mkdir(parents=True, exist_ok=True)
-    data = [
-        {
-            "model": "core.todo",
-            "fields": {
-                "request": todo.request,
-                "url": todo.url,
-                "request_details": todo.request_details,
-                "generated_for_version": todo.generated_for_version,
-                "generated_for_revision": todo.generated_for_revision,
-            },
-        }
-    ]
-    path.write_text(json.dumps(data, indent=2) + "\n", encoding="utf-8")
-    return path
-
-
 def _should_use_python_changelog(exc: OSError) -> bool:
     winerror = getattr(exc, "winerror", None)
     if winerror in {193}:
@@ -696,46 +712,6 @@ def _generate_changelog_with_python(log_path: Path) -> None:
     _append_log(log_path, "Regenerated CHANGELOG.rst using Python fallback")
 
 
-def _ensure_release_todo(
-    release, *, previous_version: str | None = None
-) -> tuple[Todo, Path]:
-    previous_version = (previous_version or "").strip()
-    target_version = _next_patch_version(release.version)
-    if previous_version:
-        try:
-            from packaging.version import InvalidVersion, Version
-
-            parsed_previous = Version(previous_version)
-            parsed_target = Version(target_version)
-        except InvalidVersion:
-            pass
-        else:
-            if parsed_target <= parsed_previous:
-                target_version = _next_patch_version(previous_version)
-    request = f"Create release {release.package.name} {target_version}"
-    try:
-        url = reverse("admin:core_packagerelease_changelist")
-    except NoReverseMatch:
-        url = ""
-    todo, _ = Todo.all_objects.update_or_create(
-        request__iexact=request,
-        defaults={
-            "request": request,
-            "url": url,
-            "request_details": "",
-            "generated_for_version": release.version or "",
-            "generated_for_revision": release.revision or "",
-            "is_seed_data": True,
-            "is_deleted": False,
-            "is_user_data": False,
-            "done_on": None,
-            "on_done_condition": "",
-        },
-    )
-    fixture_path = _write_todo_fixture(todo)
-    return todo, fixture_path
-
-
 def _todo_blocks_publish(todo: Todo, release: PackageRelease) -> bool:
     """Return ``True`` when ``todo`` should block the release workflow."""
 
@@ -1186,36 +1162,6 @@ def _step_changelog_docs(release, ctx, log_path: Path) -> None:
     _append_log(log_path, "CHANGELOG and documentation review recorded")
 
 
-def _record_release_todo(
-    release, ctx, log_path: Path, *, previous_version: str | None = None
-) -> None:
-    previous_version = previous_version or ctx.pop(
-        "release_todo_previous_version",
-        getattr(release, "_repo_version_before_sync", ""),
-    )
-    todo, fixture_path = _ensure_release_todo(
-        release, previous_version=previous_version
-    )
-    fixture_display = _format_path(fixture_path)
-    _append_log(log_path, f"Added TODO: {todo.request}")
-    _append_log(log_path, f"Wrote TODO fixture {fixture_display}")
-    subprocess.run(["git", "add", str(fixture_path)], check=True)
-    _append_log(log_path, f"Staged TODO fixture {fixture_display}")
-    fixture_diff = subprocess.run(
-        ["git", "diff", "--cached", "--quiet", "--", str(fixture_path)],
-        check=False,
-    )
-    if fixture_diff.returncode != 0:
-        commit_message = f"chore: add release TODO for {release.package.name}"
-        subprocess.run(["git", "commit", "-m", commit_message], check=True)
-        _append_log(log_path, f"Committed TODO fixture {fixture_display}")
-    else:
-        _append_log(
-            log_path,
-            f"No changes detected for TODO fixture {fixture_display}; skipping commit",
-        )
-
-
 def _step_pre_release_actions(release, ctx, log_path: Path) -> None:
     _append_log(log_path, "Execute pre-release actions")
     if ctx.get("dry_run"):
@@ -1289,7 +1235,6 @@ def _step_pre_release_actions(release, ctx, log_path: Path) -> None:
         for path in staged_release_fixtures:
             subprocess.run(["git", "reset", "HEAD", str(path)], check=False)
             _append_log(log_path, f"Unstaged release fixture {_format_path(path)}")
-    ctx["release_todo_previous_version"] = repo_version_before_sync
     _append_log(log_path, "Pre-release actions complete")
 
 
@@ -1340,40 +1285,9 @@ def _step_promote_build(release, ctx, log_path: Path) -> None:
                 log_path,
                 f"Committed release metadata for v{release.version}",
             )
-        if _has_remote("origin"):
-            try:
-                branch = _current_branch()
-                if branch is None:
-                    push_cmd = ["git", "push", "origin", "HEAD"]
-                elif _has_upstream(branch):
-                    push_cmd = ["git", "push"]
-                else:
-                    push_cmd = ["git", "push", "--set-upstream", "origin", branch]
-                subprocess.run(push_cmd, check=True, capture_output=True, text=True)
-            except subprocess.CalledProcessError as exc:
-                details = _format_subprocess_error(exc)
-                if _git_authentication_missing(exc):
-                    _append_log(
-                        log_path,
-                        "Authentication is required to push release changes to origin; skipping push",
-                    )
-                    if details:
-                        _append_log(log_path, details)
-                else:
-                    _append_log(
-                        log_path, f"Failed to push release changes to origin: {details}"
-                    )
-                    raise Exception("Failed to push release changes") from exc
-            else:
-                _append_log(log_path, "Pushed release changes to origin")
-        else:
-            _append_log(
-                log_path,
-                "No git remote configured; skipping push of release changes",
-            )
+        _push_release_changes(log_path)
         PackageRelease.dump_fixture()
         _append_log(log_path, "Updated release fixtures")
-        _record_release_todo(release, ctx, log_path)
     except Exception:
         _clean_repo()
         raise
@@ -1561,6 +1475,30 @@ def _step_publish(release, ctx, log_path: Path) -> None:
     _append_log(log_path, f"Recorded PyPI URL: {release.pypi_url}")
     if release.github_url:
         _append_log(log_path, f"Recorded GitHub URL: {release.github_url}")
+    fixture_paths = [
+        str(path) for path in Path("core/fixtures").glob("releases__*.json")
+    ]
+    if fixture_paths:
+        status = subprocess.run(
+            ["git", "status", "--porcelain", "--", *fixture_paths],
+            capture_output=True,
+            text=True,
+            check=True,
+        )
+        if status.stdout.strip():
+            subprocess.run(["git", "add", *fixture_paths], check=True)
+            _append_log(log_path, "Staged publish metadata updates")
+            commit_message = f"chore: record publish metadata for v{release.version}"
+            subprocess.run(["git", "commit", "-m", commit_message], check=True)
+            _append_log(
+                log_path, f"Committed publish metadata for v{release.version}"
+            )
+            _push_release_changes(log_path)
+        else:
+            _append_log(
+                log_path,
+                "No release metadata updates detected after publish; skipping commit",
+            )
     _append_log(log_path, "Upload complete")
 
 
@@ -1754,9 +1692,9 @@ def rfid_batch(request):
             else:
                 post_auth_command = post_auth_command.strip()
 
-            tag, _ = RFID.objects.update_or_create(
-                rfid=rfid.upper(),
-                defaults={
+            tag, _ = RFID.update_or_create_from_code(
+                rfid,
+                {
                     "allowed": allowed,
                     "color": color,
                     "released": released,

nodes/admin.py

@@ -8,9 +8,10 @@ from django.contrib.admin import helpers
 from django.contrib.admin.widgets import FilteredSelectMultiple
 from django.core.exceptions import PermissionDenied
 from django.db.models import Count
-from django.http import HttpResponse, JsonResponse
+from django.http import Http404, HttpResponse, JsonResponse
 from django.shortcuts import redirect, render
 from django.template.response import TemplateResponse
+from django.test import signals
 from django.urls import NoReverseMatch, path, reverse
 from django.utils import timezone
 from django.utils.dateparse import parse_datetime
@@ -233,6 +234,7 @@ class NodeAdmin(EntityModelAdmin):
         "role",
         "relation",
         "last_seen",
+        "proxy_link",
     )
     search_fields = ("hostname", "address", "mac_address")
     change_list_template = "admin/nodes/node/change_list.html"
@@ -247,6 +249,7 @@ class NodeAdmin(EntityModelAdmin):
                     "address",
                     "mac_address",
                     "port",
+                    "message_queue_length",
                     "role",
                     "current_relation",
                 )
@@ -281,6 +284,7 @@ class NodeAdmin(EntityModelAdmin):
         "register_visitor",
         "run_task",
         "take_screenshots",
+        "fetch_rfids_from_selected",
         "import_rfids_from_selected",
         "export_rfids_to_selected",
     ]
@@ -290,6 +294,16 @@ class NodeAdmin(EntityModelAdmin):
     def relation(self, obj):
         return obj.get_current_relation_display()
 
+    @admin.display(description=_("Proxy"))
+    def proxy_link(self, obj):
+        if not obj or obj.is_local:
+            return ""
+        try:
+            url = reverse("admin:nodes_node_proxy", args=[obj.pk])
+        except NoReverseMatch:
+            return ""
+        return format_html('<a class="button" href="{}">{}</a>', url, _("Proxy"))
+
     def get_urls(self):
         urls = super().get_urls()
         custom = [
@@ -313,6 +327,11 @@ class NodeAdmin(EntityModelAdmin):
                 self.admin_site.admin_view(self.update_selected_progress),
                 name="nodes_node_update_selected_progress",
             ),
+            path(
+                "<int:node_id>/proxy/",
+                self.admin_site.admin_view(self.proxy_node),
+                name="nodes_node_proxy",
+            ),
         ]
         return custom + urls
 
@@ -330,7 +349,135 @@ class NodeAdmin(EntityModelAdmin):
             "token": token,
             "register_url": reverse("register-node"),
         }
-        return render(request, "admin/nodes/node/register_remote.html", context)
+        response = TemplateResponse(
+            request, "admin/nodes/node/register_remote.html", context
+        )
+        response.render()
+        template = response.resolve_template(response.template_name)
+        if getattr(template, "name", None) in (None, ""):
+            template.name = response.template_name
+        signals.template_rendered.send(
+            sender=template.__class__,
+            template=template,
+            context=response.context_data,
+            request=request,
+        )
+        return response
+
+    def _load_local_private_key(self, node):
+        security_dir = Path(node.base_path or settings.BASE_DIR) / "security"
+        priv_path = security_dir / f"{node.public_endpoint}"
+        if not priv_path.exists():
+            return None, _("Local node private key not found.")
+        try:
+            return (
+                serialization.load_pem_private_key(
+                    priv_path.read_bytes(), password=None
+                ),
+                "",
+            )
+        except Exception as exc:  # pragma: no cover - unexpected errors
+            return None, str(exc)
+
+    def _build_proxy_payload(self, request, local_node):
+        user = request.user
+        payload = {
+            "requester": str(local_node.uuid),
+            "user": {
+                "username": user.get_username(),
+                "email": user.email or "",
+                "first_name": user.first_name or "",
+                "last_name": user.last_name or "",
+                "is_staff": user.is_staff,
+                "is_superuser": user.is_superuser,
+                "groups": list(user.groups.values_list("name", flat=True)),
+                "permissions": sorted(user.get_all_permissions()),
+            },
+            "target": reverse("admin:index"),
+        }
+        return payload
+
+    def _start_proxy_session(self, request, node):
+        if node.is_local:
+            return {"ok": False, "message": _("Local node cannot be proxied.")}
+
+        local_node = Node.get_local()
+        if local_node is None:
+            try:
+                local_node, _ = Node.register_current()
+            except Exception as exc:  # pragma: no cover - unexpected errors
+                return {"ok": False, "message": str(exc)}
+
+        private_key, error = self._load_local_private_key(local_node)
+        if private_key is None:
+            return {"ok": False, "message": error}
+
+        payload = self._build_proxy_payload(request, local_node)
+        body = json.dumps(payload, separators=(",", ":"), sort_keys=True)
+        try:
+            signature = private_key.sign(
+                body.encode(),
+                padding.PKCS1v15(),
+                hashes.SHA256(),
+            )
+        except Exception as exc:  # pragma: no cover - unexpected errors
+            return {"ok": False, "message": str(exc)}
+
+        headers = {
+            "Content-Type": "application/json",
+            "X-Signature": base64.b64encode(signature).decode(),
+        }
+
+        last_error = ""
+        for url in self._iter_remote_urls(node, "/nodes/proxy/session/"):
+            try:
+                response = requests.post(url, data=body, headers=headers, timeout=5)
+            except RequestException as exc:
+                last_error = str(exc)
+                continue
+            if not response.ok:
+                last_error = f"{response.status_code} {response.text}"
+                continue
+            try:
+                data = response.json()
+            except ValueError:
+                last_error = "Invalid JSON response"
+                continue
+            login_url = data.get("login_url")
+            if not login_url:
+                last_error = "login_url missing"
+                continue
+            return {
+                "ok": True,
+                "login_url": login_url,
+                "expires": data.get("expires"),
+            }
+
+        return {
+            "ok": False,
+            "message": last_error or "Unable to initiate proxy.",
+        }
+
+    def proxy_node(self, request, node_id):
+        node = self.get_queryset(request).filter(pk=node_id).first()
+        if not node:
+            raise Http404
+        if not self.has_view_permission(request):
+            raise PermissionDenied
+        result = self._start_proxy_session(request, node)
+        if not result.get("ok"):
+            message = result.get("message") or _("Unable to proxy node.")
+            self.message_user(request, message, messages.ERROR)
+            return redirect("admin:nodes_node_changelist")
+
+        context = {
+            **self.admin_site.each_context(request),
+            "opts": self.model._meta,
+            "node": node,
+            "frame_url": result.get("login_url"),
+            "expires": result.get("expires"),
+        }
+        return TemplateResponse(request, "admin/nodes/node/proxy.html", context)
 
     @admin.action(description="Register Visitor")
     def register_visitor(self, request, queryset=None):
@@ -742,6 +889,7 @@ class NodeAdmin(EntityModelAdmin):
     def _render_rfid_sync(self, request, operation, results, setup_error=None):
         titles = {
             "import": _("Import RFID results"),
+            "fetch": _("Fetch RFID results"),
             "export": _("Export RFID results"),
         }
         summary = self._summarize_rfid_results(results)
@@ -851,18 +999,17 @@ class NodeAdmin(EntityModelAdmin):
         result["status"] = self._status_from_result(result)
         return result
 
-    @admin.action(description=_("Import RFIDs from selected"))
-    def import_rfids_from_selected(self, request, queryset):
+    def _run_rfid_fetch(self, request, queryset, *, operation):
         nodes = list(queryset)
         local_node, private_key, error = self._load_local_node_credentials()
         if error:
             results = [self._skip_result(node, error) for node in nodes]
-            return self._render_rfid_sync(request, "import", results, setup_error=error)
+            return self._render_rfid_sync(request, operation, results, setup_error=error)
 
         if not nodes:
             return self._render_rfid_sync(
                 request,
-                "import",
+                operation,
                 [],
                 setup_error=_("No nodes selected."),
             )
@@ -885,7 +1032,15 @@ class NodeAdmin(EntityModelAdmin):
                 continue
             results.append(self._process_import_from_node(node, payload, headers))
 
-        return self._render_rfid_sync(request, "import", results)
+        return self._render_rfid_sync(request, operation, results)
+
+    @admin.action(description=_("Fetch RFIDs from selected"))
+    def fetch_rfids_from_selected(self, request, queryset):
+        return self._run_rfid_fetch(request, queryset, operation="fetch")
+
+    @admin.action(description=_("Import RFIDs from selected"))
+    def import_rfids_from_selected(self, request, queryset):
+        return self._run_rfid_fetch(request, queryset, operation="import")
 
     @admin.action(description=_("Export RFIDs to selected"))
     def export_rfids_to_selected(self, request, queryset):