arthexis 0.1.8__py3-none-any.whl → 0.1.10__py3-none-any.whl

pages/admin.py

@@ -3,10 +3,16 @@ from django.contrib.sites.admin import SiteAdmin as DjangoSiteAdmin
 from django.contrib.sites.models import Site
 from django import forms
 from django.db import models
-from app.widgets import CopyColorWidget
+from core.widgets import CopyColorWidget
 from django.shortcuts import redirect, render, get_object_or_404
 from django.urls import path, reverse
 from django.utils.html import format_html
+from django.template.response import TemplateResponse
+from django.http import JsonResponse
+from django.utils import timezone
+from django.db.models import Count
+from django.db.models.functions import TruncDate
+from datetime import timedelta
 import ipaddress
 from django.apps import apps as django_apps
 from django.conf import settings
@@ -14,8 +20,17 @@ from django.conf import settings
 from nodes.models import Node
 from nodes.utils import capture_screenshot, save_screenshot
 
-from .models import SiteBadge, Application, SiteProxy, Module, Landing, Favorite
+from .models import (
+    SiteBadge,
+    Application,
+    SiteProxy,
+    Module,
+    Landing,
+    Favorite,
+    ViewHistory,
+)
 from django.contrib.contenttypes.models import ContentType
+from core.user_data import EntityModelAdmin
 
 
 def get_local_app_choices():
@@ -65,9 +80,7 @@ class SiteAdmin(DjangoSiteAdmin):
                 self.message_user(request, f"{site.domain}: {exc}", messages.ERROR)
                 continue
             if screenshot:
-                link = reverse(
-                    "admin:nodes_contentsample_change", args=[screenshot.pk]
-                )
+                link = reverse("admin:nodes_contentsample_change", args=[screenshot.pk])
                 self.message_user(
                     request,
                     format_html(
@@ -138,7 +151,7 @@ class ApplicationModuleInline(admin.TabularInline):
 
 
 @admin.register(Application)
-class ApplicationAdmin(admin.ModelAdmin):
+class ApplicationAdmin(EntityModelAdmin):
     form = ApplicationForm
     list_display = ("name", "app_verbose_name", "installed")
     readonly_fields = ("installed",)
@@ -160,13 +173,151 @@ class LandingInline(admin.TabularInline):
 
 
 @admin.register(Module)
-class ModuleAdmin(admin.ModelAdmin):
+class ModuleAdmin(EntityModelAdmin):
     list_display = ("application", "node_role", "path", "menu", "is_default")
     list_filter = ("node_role", "application")
     fields = ("node_role", "application", "path", "menu", "is_default", "favicon")
     inlines = [LandingInline]
 
 
+@admin.register(ViewHistory)
+class ViewHistoryAdmin(EntityModelAdmin):
+    date_hierarchy = "visited_at"
+    list_display = (
+        "path",
+        "status_code",
+        "status_text",
+        "method",
+        "visited_at",
+    )
+    list_filter = ("method", "status_code")
+    search_fields = ("path", "error_message", "view_name", "status_text")
+    readonly_fields = (
+        "path",
+        "method",
+        "status_code",
+        "status_text",
+        "error_message",
+        "view_name",
+        "visited_at",
+    )
+    ordering = ("-visited_at",)
+    change_list_template = "admin/pages/viewhistory/change_list.html"
+    actions = ["view_traffic_graph"]
+
+    def has_add_permission(self, request):
+        return False
+
+    @admin.action(description="View traffic graph")
+    def view_traffic_graph(self, request, queryset):
+        return redirect("admin:pages_viewhistory_traffic_graph")
+
+    def get_urls(self):
+        urls = super().get_urls()
+        custom = [
+            path(
+                "traffic-graph/",
+                self.admin_site.admin_view(self.traffic_graph_view),
+                name="pages_viewhistory_traffic_graph",
+            ),
+            path(
+                "traffic-data/",
+                self.admin_site.admin_view(self.traffic_data_view),
+                name="pages_viewhistory_traffic_data",
+            ),
+        ]
+        return custom + urls
+
+    def traffic_graph_view(self, request):
+        context = {
+            **self.admin_site.each_context(request),
+            "opts": self.model._meta,
+            "title": "Public site traffic",
+            "chart_endpoint": reverse("admin:pages_viewhistory_traffic_data"),
+        }
+        return TemplateResponse(
+            request,
+            "admin/pages/viewhistory/traffic_graph.html",
+            context,
+        )
+
+    def traffic_data_view(self, request):
+        return JsonResponse(self._build_chart_data())
+
+    def _build_chart_data(self, days: int = 30, max_pages: int = 8) -> dict:
+        end_date = timezone.localdate()
+        start_date = end_date - timedelta(days=days - 1)
+        queryset = ViewHistory.objects.filter(
+            visited_at__date__range=(start_date, end_date)
+        )
+
+        meta = {
+            "start": start_date.isoformat(),
+            "end": end_date.isoformat(),
+        }
+
+        if not queryset.exists():
+            meta["pages"] = []
+            return {"labels": [], "datasets": [], "meta": meta}
+
+        top_paths = list(
+            queryset.values("path")
+            .annotate(total=Count("id"))
+            .order_by("-total")[:max_pages]
+        )
+        paths = [entry["path"] for entry in top_paths]
+        meta["pages"] = paths
+
+        labels = [
+            (start_date + timedelta(days=offset)).isoformat() for offset in range(days)
+        ]
+
+        aggregates = (
+            queryset.filter(path__in=paths)
+            .annotate(day=TruncDate("visited_at"))
+            .values("day", "path")
+            .order_by("day")
+            .annotate(total=Count("id"))
+        )
+
+        counts: dict[str, dict[str, int]] = {
+            path: {label: 0 for label in labels} for path in paths
+        }
+        for row in aggregates:
+            day = row["day"].isoformat()
+            path = row["path"]
+            if day in counts.get(path, {}):
+                counts[path][day] = row["total"]
+
+        palette = [
+            "#1f77b4",
+            "#ff7f0e",
+            "#2ca02c",
+            "#d62728",
+            "#9467bd",
+            "#8c564b",
+            "#e377c2",
+            "#7f7f7f",
+            "#bcbd22",
+            "#17becf",
+        ]
+        datasets = []
+        for index, path in enumerate(paths):
+            color = palette[index % len(palette)]
+            datasets.append(
+                {
+                    "label": path,
+                    "data": [counts[path][label] for label in labels],
+                    "borderColor": color,
+                    "backgroundColor": color,
+                    "fill": False,
+                    "tension": 0.3,
+                }
+            )
+
+        return {"labels": labels, "datasets": datasets, "meta": meta}
+
+
 def favorite_toggle(request, ct_id):
     ct = get_object_or_404(ContentType, pk=ct_id)
     fav = Favorite.objects.filter(user=request.user, content_type=ct).first()
@@ -191,7 +342,9 @@ def favorite_toggle(request, ct_id):
 
 
 def favorite_list(request):
-    favorites = Favorite.objects.filter(user=request.user).select_related("content_type")
+    favorites = Favorite.objects.filter(user=request.user).select_related(
+        "content_type"
+    )
     if request.method == "POST":
         selected = request.POST.getlist("user_data")
         for fav in favorites:
@@ -212,11 +365,18 @@ def favorite_clear(request):
     return redirect("admin:favorite_list")
 
 
-def get_admin_urls(urls):
+def get_admin_urls(original_get_urls):
     def get_urls():
+        urls = original_get_urls()
         my_urls = [
-            path("favorites/<int:ct_id>/", admin.site.admin_view(favorite_toggle), name="favorite_toggle"),
-            path("favorites/", admin.site.admin_view(favorite_list), name="favorite_list"),
+            path(
+                "favorites/<int:ct_id>/",
+                admin.site.admin_view(favorite_toggle),
+                name="favorite_toggle",
+            ),
+            path(
+                "favorites/", admin.site.admin_view(favorite_list), name="favorite_list"
+            ),
             path(
                 "favorites/delete/<int:pk>/",
                 admin.site.admin_view(favorite_delete),
@@ -228,9 +388,9 @@ def get_admin_urls(urls):
                 name="favorite_clear",
             ),
         ]
-        return my_urls + urls
+        return my_urls + original_get_urls()
 
     return get_urls
 
 
-admin.site.get_urls = get_admin_urls(admin.site.get_urls())
+admin.site.get_urls = get_admin_urls(admin.site.get_urls)

pages/checks.py

@@ -38,4 +38,3 @@ def landing_views_have_no_args(app_configs, **kwargs):
         if isinstance(p, URLResolver):
             _collect_checks(p, errors, p.pattern._route)
     return errors
-

pages/context_processors.py

@@ -2,12 +2,13 @@ from utils.sites import get_site
 from django.urls import Resolver404, resolve
 from django.conf import settings
 from pathlib import Path
+from types import SimpleNamespace
 from nodes.models import Node
+from core.models import Reference
+from core.reference_utils import filter_visible_references
 from .models import Module
 
-_favicon_path = (
-    Path(settings.BASE_DIR) / "pages" / "fixtures" / "data" / "favicon.txt"
-)
+_favicon_path = Path(settings.BASE_DIR) / "pages" / "fixtures" / "data" / "favicon.txt"
 try:
     _DEFAULT_FAVICON = f"data:image/png;base64,{_favicon_path.read_text().strip()}"
 except OSError:
@@ -21,7 +22,7 @@ def nav_links(request):
     role = node.role if node else None
     if role:
         modules = (
-            Module.objects.filter(node_role=role)
+            Module.objects.filter(node_role=role, is_deleted=False)
             .select_related("application")
             .prefetch_related("landings")
         )
@@ -48,12 +49,28 @@ def nav_links(request):
                 continue
             landings.append(landing)
         if landings:
+            app_name = getattr(module.application, "name", "").lower()
+            if app_name == "awg":
+                module.menu = "Calculate"
+            elif app_name == "man":
+                module.menu = "Manuals"
             module.enabled_landings = landings
             valid_modules.append(module)
             if request.path.startswith(module.path):
-                if current_module is None or len(module.path) > len(current_module.path):
+                if current_module is None or len(module.path) > len(
+                    current_module.path
+                ):
                     current_module = module
 
+    datasette_lock = Path(settings.BASE_DIR) / "locks" / "datasette.lck"
+    if datasette_lock.exists():
+        datasette_module = SimpleNamespace(
+            menu_label="Data",
+            path="/data/",
+            enabled_landings=[SimpleNamespace(path="/data/", label="Datasette")],
+        )
+        valid_modules.append(datasette_module)
+
     valid_modules.sort(key=lambda m: m.menu_label.lower())
 
     if current_module and current_module.favicon:
@@ -69,4 +86,20 @@ def nav_links(request):
         if not favicon_url:
             favicon_url = _DEFAULT_FAVICON
 
-    return {"nav_modules": valid_modules, "favicon_url": favicon_url}
+    header_refs_qs = (
+        Reference.objects.filter(show_in_header=True)
+        .exclude(value="")
+        .prefetch_related("roles", "features", "sites")
+    )
+    header_references = filter_visible_references(
+        header_refs_qs,
+        request=request,
+        site=site,
+        node=node,
+    )
+
+    return {
+        "nav_modules": valid_modules,
+        "favicon_url": favicon_url,
+        "header_references": header_references,
+    }

pages/forms.py

@@ -0,0 +1,131 @@
+"""Forms for the pages app."""
+
+from __future__ import annotations
+
+from django import forms
+from django.contrib.auth import authenticate
+from django.contrib.auth.forms import AuthenticationForm
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
+from django.views.decorators.debug import sensitive_variables
+
+
+class AuthenticatorLoginForm(AuthenticationForm):
+    """Authentication form that supports password or authenticator codes."""
+
+    otp_token = forms.CharField(
+        label=_("Authenticator code"),
+        required=False,
+        widget=forms.TextInput(
+            attrs={
+                "autocomplete": "one-time-code",
+                "inputmode": "numeric",
+                "pattern": "[0-9]*",
+            }
+        ),
+    )
+    auth_method = forms.CharField(required=False, widget=forms.HiddenInput(), initial="password")
+
+    error_messages = {
+        **AuthenticationForm.error_messages,
+        "invalid_token": _("The authenticator code is invalid or has expired."),
+        "token_required": _("Enter the code from your authenticator app."),
+        "password_required": _("Enter your password."),
+    }
+
+    def __init__(self, request=None, *args, **kwargs):
+        super().__init__(request=request, *args, **kwargs)
+        self.fields["password"].required = False
+        self.fields["otp_token"].strip = True
+        self.fields["auth_method"].initial = "password"
+        self.verified_device = None
+
+    def get_invalid_token_error(self) -> ValidationError:
+        return ValidationError(self.error_messages["invalid_token"], code="invalid_token")
+
+    def get_token_required_error(self) -> ValidationError:
+        return ValidationError(self.error_messages["token_required"], code="token_required")
+
+    def get_password_required_error(self) -> ValidationError:
+        return ValidationError(self.error_messages["password_required"], code="password_required")
+
+    @sensitive_variables()
+    def clean(self):
+        username = self.cleaned_data.get("username")
+        method = (self.cleaned_data.get("auth_method") or "password").lower()
+        if method not in {"password", "otp"}:
+            method = "password"
+        self.cleaned_data["auth_method"] = method
+
+        if username is not None:
+            if method == "otp":
+                token = (self.cleaned_data.get("otp_token") or "").strip().replace(" ", "")
+                if not token:
+                    raise self.get_token_required_error()
+                self.user_cache = authenticate(
+                    self.request,
+                    username=username,
+                    otp_token=token,
+                )
+                if self.user_cache is None:
+                    raise self.get_invalid_token_error()
+                self.cleaned_data["otp_token"] = token
+                self.verified_device = getattr(self.user_cache, "otp_device", None)
+            else:
+                password = self.cleaned_data.get("password")
+                if not password:
+                    raise self.get_password_required_error()
+                self.user_cache = authenticate(
+                    self.request, username=username, password=password
+                )
+                if self.user_cache is None:
+                    raise self.get_invalid_login_error()
+            self.confirm_login_allowed(self.user_cache)
+
+        return self.cleaned_data
+
+    def get_verified_device(self):
+        return self.verified_device
+
+
+class AuthenticatorEnrollmentForm(forms.Form):
+    """Form used to confirm a pending authenticator enrollment."""
+
+    token = forms.CharField(
+        label=_("Authenticator code"),
+        min_length=6,
+        max_length=8,
+        widget=forms.TextInput(
+            attrs={
+                "autocomplete": "one-time-code",
+                "inputmode": "numeric",
+                "pattern": "[0-9]*",
+            }
+        ),
+    )
+
+    error_messages = {
+        "invalid_token": _("The provided code is invalid or has expired."),
+        "missing_device": _("Generate a new authenticator secret before confirming it."),
+    }
+
+    def __init__(self, *args, device=None, **kwargs):
+        self.device = device
+        super().__init__(*args, **kwargs)
+
+    def clean_token(self):
+        token = (self.cleaned_data.get("token") or "").strip().replace(" ", "")
+        if not token:
+            raise forms.ValidationError(self.error_messages["invalid_token"], code="invalid_token")
+        if self.device is None:
+            raise forms.ValidationError(self.error_messages["missing_device"], code="missing_device")
+        try:
+            verified = self.device.verify_token(token)
+        except Exception:
+            verified = False
+        if not verified:
+            raise forms.ValidationError(self.error_messages["invalid_token"], code="invalid_token")
+        return token
+
+    def get_verified_device(self):
+        return self.device

pages/middleware.py

@@ -0,0 +1,153 @@
+"""Middleware helpers for the pages application."""
+
+from __future__ import annotations
+
+import ipaddress
+import logging
+from http import HTTPStatus
+
+from django.conf import settings
+from django.urls import Resolver404, resolve
+
+from .models import ViewHistory
+
+
+logger = logging.getLogger(__name__)
+
+
+class ViewHistoryMiddleware:
+    """Persist public site visits for analytics."""
+
+    _EXCLUDED_PREFIXES = ("/admin", "/__debug__", "/healthz", "/status")
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+        static_url = getattr(settings, "STATIC_URL", "") or ""
+        media_url = getattr(settings, "MEDIA_URL", "") or ""
+        self._skipped_prefixes = tuple(
+            prefix.rstrip("/") for prefix in (static_url, media_url) if prefix
+        )
+
+    def __call__(self, request):
+        should_track = self._should_track(request)
+        if not should_track:
+            return self.get_response(request)
+
+        error_message = ""
+        try:
+            response = self.get_response(request)
+        except Exception as exc:  # pragma: no cover - re-raised for Django
+            status_code = getattr(exc, "status_code", 500) or 500
+            error_message = str(exc)
+            self._record_visit(request, status_code, error_message)
+            raise
+        else:
+            status_code = getattr(response, "status_code", 0) or 0
+            self._record_visit(request, status_code, error_message)
+            return response
+
+    def _should_track(self, request) -> bool:
+        method = request.method.upper()
+        if method not in {"GET", "HEAD"}:
+            return False
+
+        path = request.path
+        if any(path.startswith(prefix) for prefix in self._EXCLUDED_PREFIXES):
+            return False
+
+        if any(path.startswith(prefix) for prefix in self._skipped_prefixes):
+            return False
+
+        if path.startswith("/favicon") or path.startswith("/robots.txt"):
+            return False
+
+        if "djdt" in request.GET:
+            return False
+
+        return True
+
+    def _record_visit(self, request, status_code: int, error_message: str) -> None:
+        try:
+            status = HTTPStatus(status_code)
+            status_text = status.phrase
+        except ValueError:
+            status_text = ""
+
+        view_name = self._resolve_view_name(request)
+        full_path = request.get_full_path()
+        if not error_message and status_code >= HTTPStatus.BAD_REQUEST:
+            error_message = status_text or f"HTTP {status_code}"
+
+        try:
+            ViewHistory.objects.create(
+                path=full_path,
+                method=request.method,
+                status_code=status_code,
+                status_text=status_text,
+                error_message=(error_message or "")[:1000],
+                view_name=view_name,
+            )
+        except Exception:  # pragma: no cover - best effort logging
+            logger.debug(
+                "Failed to record ViewHistory for %s", full_path, exc_info=True
+            )
+        else:
+            self._update_user_last_visit_ip(request)
+
+    def _resolve_view_name(self, request) -> str:
+        match = getattr(request, "resolver_match", None)
+        if match is None:
+            try:
+                match = resolve(request.path_info)
+            except Resolver404:
+                return ""
+
+        if getattr(match, "view_name", ""):
+            return match.view_name
+
+        func = getattr(match, "func", None)
+        if func is None:
+            return ""
+
+        module = getattr(func, "__module__", "")
+        name = getattr(func, "__name__", "")
+        if module and name:
+            return f"{module}.{name}"
+        return name or module or ""
+
+    def _extract_client_ip(self, request) -> str:
+        forwarded = request.META.get("HTTP_X_FORWARDED_FOR", "")
+        candidates = []
+        if forwarded:
+            candidates.extend(part.strip() for part in forwarded.split(","))
+        remote = request.META.get("REMOTE_ADDR", "").strip()
+        if remote:
+            candidates.append(remote)
+
+        for candidate in candidates:
+            if not candidate:
+                continue
+            try:
+                ipaddress.ip_address(candidate)
+            except ValueError:
+                continue
+            return candidate
+        return ""
+
+    def _update_user_last_visit_ip(self, request) -> None:
+        user = getattr(request, "user", None)
+        if not getattr(user, "is_authenticated", False) or not getattr(user, "pk", None):
+            return
+
+        ip_address = self._extract_client_ip(request)
+        if not ip_address or getattr(user, "last_visit_ip_address", None) == ip_address:
+            return
+
+        try:
+            user.last_visit_ip_address = ip_address
+            user.save(update_fields=["last_visit_ip_address"])
+        except Exception:  # pragma: no cover - best effort logging
+            logger.debug(
+                "Failed to update last_visit_ip_address for user %s", user.pk,
+                exc_info=True,
+            )