arthexis 0.1.9__py3-none-any.whl → 0.1.10__py3-none-any.whl

{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: arthexis
-Version: 0.1.9
+Version: 0.1.10
 Summary: Django-based MESH system
 Author-email: "Rafael J. Guillén-Osorio" <tecnologia@gelectriic.com>
 License-Expression: GPL-3.0-only
@@ -43,6 +43,7 @@ Requires-Dist: django-celery-beat==2.8.1
 Requires-Dist: django-debug-toolbar==6.0.0
 Requires-Dist: django-import-export==4.3.9
 Requires-Dist: django-object-actions==5.0.0
+Requires-Dist: django-otp==1.5.4
 Requires-Dist: django-timezone-field==7.1
 Requires-Dist: dnspython==2.7.0
 Requires-Dist: docutils==0.22
@@ -63,6 +64,7 @@ Requires-Dist: outcome==1.3.0.post0
 Requires-Dist: packaging==25.0
 Requires-Dist: pillow==11.3.0
 Requires-Dist: prompt_toolkit==3.0.51
+Requires-Dist: psutil==5.9.8
 Requires-Dist: psycopg==3.2.9
 Requires-Dist: psycopg-binary==3.2.9
 Requires-Dist: pyasn1==0.6.1
@@ -112,50 +114,91 @@ Dynamic: license-file
 
 # Arthexis Constellation
 
+[![Coverage](https://raw.githubusercontent.com/arthexis/arthexis/main/coverage.svg)](https://github.com/arthexis/arthexis/actions/workflows/coverage.yml)
+
 ## Purpose
 
 Arthexis Constellation is a [narrative-driven](https://en.wikipedia.org/wiki/Narrative) [Django](https://www.djangoproject.com/)-based [software suite](https://en.wikipedia.org/wiki/Software_suite) that centralizes tools for managing [electric vehicle charging infrastructure](https://en.wikipedia.org/wiki/Charging_station) and orchestrating [energy](https://en.wikipedia.org/wiki/Energy)-related [products](https://en.wikipedia.org/wiki/Product_(business)) and [services](https://en.wikipedia.org/wiki/Service_(economics)).
 
 ## Features
 
-- Compatible with the [Open Charge Point Protocol (OCPP) 1.6](https://www.openchargealliance.org/protocols/ocpp-16/)
-- [API](https://en.wikipedia.org/wiki/API) integration with [Odoo](https://www.odoo.com/) 1.6
+- Compatible with the [Open Charge Point Protocol (OCPP) 1.6](https://www.openchargealliance.org/protocols/ocpp-16/) central system, handling:
+  - Lifecycle & sessions: BootNotification, Heartbeat, StatusNotification, StartTransaction, StopTransaction
+  - Access & metering: Authorize, MeterValues
+  - Maintenance & firmware: DiagnosticsStatusNotification, FirmwareStatusNotification
+- [API](https://en.wikipedia.org/wiki/API) integration with [Odoo](https://www.odoo.com/), syncing:
+  - Employee credentials via `res.users`
+  - Product catalog lookups via `product.product`
 - Runs on [Windows 11](https://www.microsoft.com/windows/windows-11) and [Ubuntu 22.04 LTS](https://releases.ubuntu.com/22.04/)
 - Tested for the [Raspberry Pi 4 Model B](https://www.raspberrypi.com/products/raspberry-pi-4-model-b/)
 
 Project under active development.
 
-## Four Role Architecture
+## Role Architecture
 
 Arthexis Constellation ships in four node roles tailored to different deployment scenarios.
 
-| Role | Description & Common Features |
-| --- | --- |
-| Terminal | Single-User Research & Development<br>Features: GUI Toast |
-| Control | Single-Device Testing & Special Task Appliances<br>Features: AP Public Wi-Fi, Celery Queue, GUI Toast, LCD Screen, NGINX Server, RFID Scanner |
-| Satellite | Multi-Device Edge, Network & Data Acquisition<br>Features: AP Router, Celery Queue, NGINX Server, RFID Scanner |
-| Constellation | Multi-User Cloud & Orchestration<br>Features: Celery Queue, NGINX Server |
+<table border="1" cellpadding="8" cellspacing="0">
+  <thead>
+    <tr>
+      <th align="left">Role</th>
+      <th align="left">Description &amp; Common Features</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td valign="top"><strong>Terminal</strong></td>
+      <td valign="top"><strong>Single-User Research &amp; Development</strong><br />Features: GUI Toast</td>
+    </tr>
+    <tr>
+      <td valign="top"><strong>Control</strong></td>
+      <td valign="top"><strong>Single-Device Testing &amp; Special Task Appliances</strong><br />Features: AP Public Wi-Fi, Celery Queue, GUI Toast, LCD Screen, NGINX Server, RFID Scanner</td>
+    </tr>
+    <tr>
+      <td valign="top"><strong>Satellite</strong></td>
+      <td valign="top"><strong>Multi-Device Edge, Network &amp; Data Acquisition</strong><br />Features: AP Router, Celery Queue, NGINX Server, RFID Scanner</td>
+    </tr>
+    <tr>
+      <td valign="top"><strong>Constellation</strong></td>
+      <td valign="top"><strong>Multi-User Cloud &amp; Orchestration</strong><br />Features: Celery Queue, NGINX Server</td>
+    </tr>
+  </tbody>
+</table>
 
 ## Quick Guide
 
 ### 1. Clone
-- **[Linux](https://en.wikipedia.org/wiki/Linux)**: open a [terminal](https://en.wikipedia.org/wiki/Command-line_interface) and run  
-  `git clone https://github.com/arthexis/arthexis.git`
+- **[Linux](https://en.wikipedia.org/wiki/Linux)**: open a [terminal](https://en.wikipedia.org/wiki/Command-line_interface) and run `git clone https://github.com/arthexis/arthexis.git`.
 - **[Windows](https://en.wikipedia.org/wiki/Microsoft_Windows)**: open [PowerShell](https://learn.microsoft.com/powershell/) or [Git Bash](https://gitforwindows.org/) and run the same command.
 
 ### 2. Start and stop
-- **[VS Code](https://code.visualstudio.com/)**: open the folder, go to the
-  **Run and Debug** panel (`Ctrl+Shift+D`), select the **Run Server** (or
-  **Debug Server**) configuration, and press the green start button. Stop the
-  server with the red square button (`Shift+F5`).
-- **[Shell](https://en.wikipedia.org/wiki/Shell_(computing))**: on Linux run [`./start.sh`](start.sh) and stop with [`./stop.sh`](stop.sh); on Windows run [`start.bat`](start.bat) and stop with `Ctrl+C`.
+Terminal nodes can start directly with the scripts below without installing; Control, Satellite, and Constellation roles require installation first. Both approaches listen on [`http://localhost:8000/`](http://localhost:8000/) by default.
+
+**[VS Code](https://code.visualstudio.com/)**
+- Open the folder and go to the **Run and Debug** panel (`Ctrl+Shift+D`).
+- Select the **Run Server** (or **Debug Server**) configuration.
+- Press the green start button. Stop the server with the red square button (`Shift+F5`).
+
+**[Shell](https://en.wikipedia.org/wiki/Shell_(computing))**
+- Linux: run [`./start.sh`](start.sh) and stop with [`./stop.sh`](stop.sh).
+- Windows: run [`start.bat`](start.bat) and stop with `Ctrl+C`.
 
 ### 3. Install and upgrade
-- **Linux**: use [`./install.sh`](install.sh) with options like `--service NAME`, `--public` or `--internal`, `--port PORT`, `--upgrade`, `--auto-upgrade`, `--latest`, `--celery`, `--lcd-screen`, `--no-lcd-screen`, `--clean`, `--datasette`. Upgrade with [`./upgrade.sh`](upgrade.sh) using flags such as `--latest`, `--clean`, or `--no-restart`.
-- **Windows**: run [`install.bat`](install.bat) to install and [`upgrade.bat`](upgrade.bat) to upgrade.
+**Linux:** run [`./install.sh`](install.sh) with a node role flag:
+- `--terminal` – default when unspecified and recommended if you're unsure. Terminal nodes can also use the start/stop scripts above without installing.
+- `--control` – prepares the single-device testing appliance.
+- `--satellite` – configures the edge data acquisition node.
+- `--constellation` – enables the multi-user orchestration stack.
+Use `./install.sh --help` to list every available flag if you need to customize the node beyond the role defaults.
+
+Upgrade with [`./upgrade.sh`](upgrade.sh).
+
+**Windows:**
+- Run [`install.bat`](install.bat) to install (Terminal role) and [`upgrade.bat`](upgrade.bat) to upgrade.
+- Installation is not required to start in Terminal mode (the default).
 
 ### 4. Administration
-Visit [`http://localhost:8888/admin/`](http://localhost:8888/admin/) for the [Django admin](https://docs.djangoproject.com/en/stable/ref/contrib/admin/) and [`http://localhost:8888/admindocs/`](http://localhost:8888/admindocs/) for the [admindocs](https://docs.djangoproject.com/en/stable/ref/contrib/admin/admindocs/). Use port `8000` if you started with [`start.bat`](start.bat) or the `--public` option.
+Visit [`http://localhost:8000/admin/`](http://localhost:8000/admin/) for the [Django admin](https://docs.djangoproject.com/en/stable/ref/contrib/admin/) and [`http://localhost:8000/admindocs/`](http://localhost:8000/admindocs/) for the [admindocs](https://docs.djangoproject.com/en/stable/ref/contrib/admin/admindocs/). Use `--port` with the start scripts or installer when you need to expose a different port.
 
 ## Support
 

{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/RECORD

@@ -1,4 +1,4 @@
-arthexis-0.1.9.dist-info/licenses/LICENSE,sha256=IwGE9guuL-ryRPEKi6wFPI_zOhg7zDZbTYuHbSt_SAk,35823
+arthexis-0.1.10.dist-info/licenses/LICENSE,sha256=IwGE9guuL-ryRPEKi6wFPI_zOhg7zDZbTYuHbSt_SAk,35823
 config/__init__.py,sha256=8_b7rx_-Xcuzu3Z7mSR94q3PAhjyYqLFQi3IOEz6hcI,108
 config/active_app.py,sha256=MET_G7oHL7GkoSo3VkkMzymM-PwsSZazMLZxpgjFLTo,388
 config/asgi.py,sha256=n09URedOmQ_59II3UCl3iodGSDWOuN_A8DFyfLjuylA,803
@@ -10,18 +10,19 @@ config/loadenv.py,sha256=bhFbHTbRJSkSwrFk3UInKEKQ8ZY-poatOGi7rC57YAI,298
 config/logging.py,sha256=334jADN4dM5GNHaCWlYPOKYa5BhfxbsuejH_QDALG6g,1793
 config/middleware.py,sha256=EvraDumepnKwCDswHGXb1mK7vud_dEEoZ4eh0IQ7fhQ,744
 config/offline.py,sha256=mhQjCUzdOwSzZ6oLgPDJR48xaPIDzOi34ARUEz43seE,1431
-config/settings.py,sha256=wRfx3EH5YHuiSB73Xnq-RqLtkLzISBEPwpcXRhqh-ws,14696
-config/urls.py,sha256=Eap8bmBfKAA43H05QpAJQfLrGamJYHwmOx4j663EJpU,4950
+config/settings.py,sha256=TQI_hBt0XhDnggDcMlLu8R_5xsSP04keONR2e8Udo30,21764
+config/urls.py,sha256=-ehzyYSbOTWC_QOtgxNCPMnjJZJNRoGn8Ww7-t2D9Do,5143
 config/wsgi.py,sha256=Fu-ONO2SgYeU6rhmy909P-uLX-n8ALJQObdm9MHPS-k,450
 core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-core/admin.py,sha256=5Dv16tphT5JoCjn1oLiLMfKKJOIeNjz1AZmmgMc6eBs,71319
+core/admin.py,sha256=f61hqWOI1RCydHJQ9XGO9ULFLd7YcPSfsnZvovcCGgk,87335
 core/admin_history.py,sha256=NIDWkosJoHMaucBvUjq8VmmL-0e8ngJ4l4XA89d4jwQ,1833
 core/admindocs.py,sha256=GufdugiNEG87xGSDYVq4CBMhGRubsQCzgz-FqDIqzpM,5367
-core/apps.py,sha256=YFto4vdVW4uq98s-HypSAZx-q3HXDbKuyU7rYaqVDYs,9059
-core/backends.py,sha256=fOf64Ajg1arDUzz9yDCvFw5T4ZoRljurIUlcT9GYBHM,4540
+core/apps.py,sha256=gg8wxmrG7455a2i6xITO-akOc5daG87HJ3hhEseFcgo,9263
+core/auto_upgrade.py,sha256=BkoE7rJuYAmwoMux22NqujWZYjYXtN40GBloC0sNMY4,1799
+core/backends.py,sha256=y7ywo9EliuHItP-cOe_lIn0R7PpgcSq92PZVn_XSW3w,6936
 core/entity.py,sha256=dkPywTVk981fV8bOEoZw-1SMrdh8T0jVAUZnRxg3dDg,4505
 core/environment.py,sha256=QcOshpWNG0l_agW-b9efNvVFKqdatj6sUK8FT6p92gU,1238
-core/fields.py,sha256=fe9XupyF7K-5L6Dpxt6by_sQXoxSxf3F_eZpFSf_uFk,2459
+core/fields.py,sha256=4nJ_tngso8NHs6HBl8nn5PWvbcOiuAgkoM6hixrFm64,5580
 core/github_helper.py,sha256=k9LmxL0Ec5MzFwZsbMpWMMJ-5tGMe-5yRoI8V0sbFsw,682
 core/github_issues.py,sha256=LKqt-Ilx5TRYnx2LXttc54Nvuh3_1VRP0u_M3whe09c,4963
 core/lcd_screen.py,sha256=mkKtIJjHGDLaV4t80L-JScsZXbLhlYUDknAcvV9Ijr0,2651
@@ -29,64 +30,66 @@ core/liveupdate.py,sha256=kTgbE2gnU3PPIV-88Bw2swSl1aGp6stSdBYqBFbLvx0,716
 core/log_paths.py,sha256=6UXYk6QIUmRO3ecFaFH3dgJ_pf4C_wUN6b0JqUhLVBY,3045
 core/mailer.py,sha256=ziw6r4AhMcMRMtNOrcqRXimjo17SooaJJ-fkSVfo_aI,2787
 core/middleware.py,sha256=a4XL0pld4YiG-vanHrzYbJNHv64s75lvmG9inoG1ln0,3479
-core/models.py,sha256=rkyUZkonxByZi-QnKxPskSD23voC-x-Ud62vFbBSW9U,75354
+core/models.py,sha256=iUTgJIBDC1SHqaKtu3AF48YgMg-eCsbF0U79UmNyOSM,82274
 core/notifications.py,sha256=YtNDGxNveZ6t3tlMXJ7wIaZZTWIZfOKy6vN9mXkeYnA,4021
 core/public_wifi.py,sha256=A08IPJqcdgUKSWbktyqsV4ol8C0uxDxZy1s1ECuPdBE,6526
+core/reference_utils.py,sha256=vsjF4XaZAAluVbEu6xqQDR1xtHPConXwu2px-4KlllY,3224
 core/release.py,sha256=thtgbfAnxHlOODM8xUVETgY5aAIbddWan0wW9lKmtQI,11064
-core/sigil_builder.py,sha256=XxzL0d-GDtHR93_gKNChEWWHb40t8V-CJRQGCzaHEHg,4458
+core/sigil_builder.py,sha256=NdTqNT8Bdo32Bf2h3ciy48C6zZIIoWTrm8TjzOtlThc,4854
 core/sigil_context.py,sha256=8xrGiB2L1dFfSTrVLsFPLKfkhRwCXXZ0-EXvZdPeTMU,459
 core/sigil_resolver.py,sha256=kRzkv669R1JggQ7eAXsIfw8kH9wuB8L71pmZYg4vwqs,10108
-core/system.py,sha256=wzhWpV1uC1YGHZI_2eJvr3yyj5FgQEIoD1cWCAfDkHo,7866
-core/tasks.py,sha256=WBA2WLHNIDhioV7ibTJZLTx_Ix3738qYlP6BpHooJug,5772
-core/test_system_info.py,sha256=2uIKVf38Z-isGZJAVmqu8uAYQ8vTBMuLoWpeMQ7Xi0s,1294
-core/tests.py,sha256=Uzzg6nWMJiMtN4Yi3fDAbza82rHMT8oXPaAapKPZMpg,42559
+core/system.py,sha256=26lDZOauEUvsQEq24N_BMMvAINlR85urSHEjX5zm1rI,7461
+core/tasks.py,sha256=hwowcVsbwME-75KN90D2r0kX_YPMZEVevOrrxIxpM34,10595
+core/test_system_info.py,sha256=d2_SgIUWwqWibOpesliSC7mzK5IyEN6P-5DZWWGmTwI,2605
+core/tests.py,sha256=4dzMoHbhbKLRTfQJMa57s-ldd7mt0kSCfpI2Sj-X7lU,53954
 core/tests_liveupdate.py,sha256=D1o2gPopnK7wDCeDQlJ-tfitWh4umZQFRxSTCFY-puc,527
 core/urls.py,sha256=x-LNCxCgrLINdBsJTUUcAuMS5EK5Sh1ybvsVuUnJfLw,436
-core/user_data.py,sha256=p5Y7m9gqV8SHaiPtkIfEsdk7oopqh-pA2ohRPJXnzH8,17186
-core/views.py,sha256=RAk9ZEP6Zl2isijsC1AL_jwhMDHjTH-jTJjHNsw-7fY,27929
+core/user_data.py,sha256=69AFm-HKM2SqNs77O-k5vRkWB7u4zrdlUQoUsB1-oPM,20142
+core/views.py,sha256=9Fzkvt2O48H4AljFAapdr8Lst9KsAYLmEarcYMQ0bcA,35873
 core/widgets.py,sha256=ihah_-NtFJ3oRCS3TdcT6iHCUTlg1tUULJsVCu05C0o,1379
 core/workgroup_urls.py,sha256=2bC8mOMkxIj04WsNis0Td6AmmJFr6z27Ol5epIvhO28,424
 core/workgroup_views.py,sha256=pFJ4PIRN3WWpRyombpWDKKteYQYoI7lu7ddSEKojD7I,2983
 nodes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nodes/actions.py,sha256=HHnwByTBc3guOORvrKOuvUFID-_BpBq6OENE_PDgk9s,2335
-nodes/admin.py,sha256=6wmUDTpCFyZdUt8Ef7c8c347JJ-BOPRPlADFMsUxd9Y,16560
+nodes/admin.py,sha256=o0iiNzHE7fNv8bpj7VAdTGboT05hVCCtrTdknAzevZE,16736
 nodes/apps.py,sha256=KijGydsQBS-8Q8uBc0ahDZXSSCMzP3tQcYIEigJxdCE,2077
-nodes/backends.py,sha256=cHMpliDO453O8gVmtBRTg2VT0tZ1XL_cgneMyuo3In8,2080
+nodes/backends.py,sha256=dQMbC-T9vSxvXMxssi0Y2ZKmc8LbSM_h4lm3EDbtZeo,5525
 nodes/lcd.py,sha256=7MqS3jV_De2ysSmTtXQfYTWaxdfbmm6YfNdb_7qIVZc,5923
-nodes/models.py,sha256=Hq-4dK0IxSZ0JSAGjX4wlTBT0AZFDE6Y6801Rl1pFv4,30229
+nodes/models.py,sha256=mvryiS3S3ZT0sOpANGJYzA1P3W00kT-InIgXzwFFsao,37629
 nodes/tasks.py,sha256=jorbN4h0PqWMBRMFdkGgJtvG8GPFwGr5Hxlm5In3EeY,1568
-nodes/tests.py,sha256=CqZwGQRrqqVFcIunfnLaP0S3eV0alBBPhZl8LKsh308,59797
+nodes/tests.py,sha256=1J97W3r12EOpJ8YY-3Ak3mWD0YGwo5zkGjA0heAzdV8,75302
 nodes/urls.py,sha256=20yZDZf4DNgIZ9hQWsUzjp8k5Fryg9ukk761_KGQt9k,548
 nodes/utils.py,sha256=B9BD3bKBkwDjIqyp0pyjnKQQlRbGRVQndfoaMEJoNDc,2815
-nodes/views.py,sha256=uUHDTgARj4eOUOrEUCx41GZzWajT5vHSa9svcAuLYVo,10261
+nodes/views.py,sha256=qBEu19h64cTyn9YuuL9YRnqymCdZPsmMbjXedjd9fzY,14988
 ocpp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ocpp/admin.py,sha256=sHJaSfFFx6T1J4WBKp_-_Y0zJXZDCJJxFpXrOgH6jTg,14825
+ocpp/admin.py,sha256=Rw0PinweVSaBjIQIcgj_cgfalNRBHcrAh3JInx8Hn7A,17129
 ocpp/apps.py,sha256=mCZ5Z0ei7z7c62luIcIhbEuwL1N4czQFSToOkGvRmms,867
-ocpp/consumers.py,sha256=C7ZfTuGxf3EDt2cizlSxsdn1KnbpbqUb-rfIUD-mKr4,28171
-ocpp/evcs.py,sha256=TppUZ9ACaiXsfhF_DsL0I9jEyZFPbdUpFWP9Ljbe6gI,33973
-ocpp/models.py,sha256=RXfdlZ268otOZsWQVEcc0n0YmsrDqserHFNSSuCFIzs,22253
+ocpp/consumers.py,sha256=xxfQxSeFvP39Mq5N_pWDlWNCSdgMcAeV03oiOhr3SYk,36392
+ocpp/evcs.py,sha256=O53rCHdxKcgPsj7o57rDiNHTVvEii3DTtQ3djWFTohw,34065
+ocpp/models.py,sha256=bGzbU68o7-oIKOHvE1_pqj9B-KLDP1mnT-T-wlOsI_4,23801
 ocpp/routing.py,sha256=g9vPnLw-D1N8L_mW0_oCe-nTDibjC0Et-SFxe8NFAOI,308
-ocpp/simulator.py,sha256=iS9Y-ZRdQXd6TuRoviDOVtOgyDtc4in4FkKFwmTrZD8,13764
-ocpp/store.py,sha256=h4Mq82dR_8LIXelD99ND12HSHWHEvWhPNNXMyDAwm1M,13247
+ocpp/simulator.py,sha256=es6SJNzKUwLwrLy-zDdRu__n34V2RZSQRb8SeZHh4Fw,15636
+ocpp/store.py,sha256=FyyZW2YKTWleuNdHTo_RsUO2InZZJhvMYyuZmLgQZe4,14051
 ocpp/tasks.py,sha256=cOcJBshckFKs8GnACvmYZUBG116amtLRAzEP-JNqlZ0,905
 ocpp/test_export_import.py,sha256=TK1__E4K5WrLYPIx-1iJWoIhuRCnOtXc2cYEpGigd3U,4660
 ocpp/test_rfid.py,sha256=1Xw54WNLzIv4IvvKbQEAs3jtdcg5sTqQBLJK9ZzCqwE,19301
-ocpp/tests.py,sha256=4JCXBL5ieIl4rAiIUFB_aCN6vLNa4OkFF8DdylFysR0,90789
+ocpp/tests.py,sha256=-wjEccNB2zBGiOd9WNXzh_8wlBdIcnfV60gmT8Eimng,106222
 ocpp/transactions_io.py,sha256=OvRynP3DeC9ZpHD3Ez-0YPNPJXFcdSOSKg0nRrwzBJ0,6507
 ocpp/urls.py,sha256=jl6AQLtmLMvrNXP3dQKgPe9Kvaul4oaYd80DskpzVBc,1750
-ocpp/views.py,sha256=lTxK23r62ridqoSNkj_us7IokQ9T0RYZMBtr24F2ef8,35879
+ocpp/views.py,sha256=QlpP8gIXWHqm0pAhQKzlDUmRH2-cTJnJPELuRxV78dw,36781
 pages/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pages/admin.py,sha256=IdaAibuYJbRMuxw9vniTcuToGCaRFJewwXQ2XQ-1384,12476
 pages/apps.py,sha256=mfCxegmnRqKcszyEwpQhZpW9JWOuEYdVereU_w49BXg,298
 pages/checks.py,sha256=an-MlMCIG-FSKmdgOhYV0VOoB_wDQD7dxKD03Hjrzts,1567
-pages/context_processors.py,sha256=Ph4PEaq8NbiG50idlBXHzMgMGgyX5aVg1rBmb9bOvcs,2897
+pages/context_processors.py,sha256=VkApl_Krku1k2CTDt9Xw7OlqF7SN8reLEo9kF7KKxiU,3592
+pages/forms.py,sha256=NuG7ONP1HYY6O5gRoQaRSwSRchcSonRm3rulsqGSqvY,5081
 pages/middleware.py,sha256=fUdAscLa6h2EqJTFUjhVijfSf82gBfm6XUZTVygWAnk,5227
 pages/models.py,sha256=VBGpZVQrOHR6ShvqY5MT_Um8rVUktbKMPnq9KJCsTRo,8375
-pages/tests.py,sha256=gOxh0invZL2vcyXY9QhfPxO6OmUwoOWVNFQwvynoZf8,56715
-pages/urls.py,sha256=7V2nI74v1SdsQ6_vN-8VbOJA_htP3uoogq1ISYmAlpY,687
+pages/tests.py,sha256=zVdoRVu4IE7go5d7Xd7eceyqQitstwCQ0S7OIma4qhc,73823
+pages/urls.py,sha256=wFHov2KAW4vKPScyPpMY9d6rOrKyJHFbOMc9y7L4gEQ,777
 pages/utils.py,sha256=7kik1W0Gk6SFxYGhg6shfI2W9Xdcv1sCpkRCQ883a88,311
-pages/views.py,sha256=VXciSuB4798pCHG7ZaOExQSC3zL1OSP0KeuyUja_xUk,28854
-arthexis-0.1.9.dist-info/METADATA,sha256=WMykpJVayOXcPMDi4bi__VU1mj-kJNGAfKlL7sOW2I0,8029
-arthexis-0.1.9.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-arthexis-0.1.9.dist-info/top_level.txt,sha256=J2a2q8_BWrCZ8H2WFUNMBfO2jz8j2gax6zZh-_1QDac,29
-arthexis-0.1.9.dist-info/RECORD,,
+pages/views.py,sha256=vebvTOX3MCCugUsoArqJJ0VDIJJpAjPvJuPQPiLt9p0,38810
+arthexis-0.1.10.dist-info/METADATA,sha256=UBWs7YFz5bZxreIVPf6ugBOGp3KDtvF7iwSJVtKpSo0,9800
+arthexis-0.1.10.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+arthexis-0.1.10.dist-info/top_level.txt,sha256=J2a2q8_BWrCZ8H2WFUNMBfO2jz8j2gax6zZh-_1QDac,29
+arthexis-0.1.10.dist-info/RECORD,,

config/settings.py

@@ -20,6 +20,7 @@ from core.log_paths import select_log_dir
 from django.utils.translation import gettext_lazy as _
 from celery.schedules import crontab
 from django.http import request as http_request
+from django.http.request import split_domain_port
 from django.middleware.csrf import CsrfViewMiddleware
 from django.core.exceptions import DisallowedHost
 from django.contrib.sites import shortcuts as sites_shortcuts
@@ -34,13 +35,36 @@ if not hasattr(encoding, "force_text"):  # pragma: no cover - Django>=5 compatib
     encoding.force_text = force_str
 
 
+
 _original_validate_host = http_request.validate_host
 
 
-def _validate_host_with_subnets(host, allowed_hosts):
+def _strip_ipv6_brackets(host: str) -> str:
+    if host.startswith("[") and host.endswith("]"):
+        return host[1:-1]
+    return host
+
+
+def _extract_ip_from_host(host: str):
+    """Return an :mod:`ipaddress` object for ``host`` when possible."""
+
+    candidate = _strip_ipv6_brackets(host)
     try:
-        ip = ipaddress.ip_address(host)
+        return ipaddress.ip_address(candidate)
     except ValueError:
+        domain, _port = split_domain_port(host)
+        if domain and domain != host:
+            candidate = _strip_ipv6_brackets(domain)
+            try:
+                return ipaddress.ip_address(candidate)
+            except ValueError:
+                return None
+    return None
+
+
+def _validate_host_with_subnets(host, allowed_hosts):
+    ip = _extract_ip_from_host(host)
+    if ip is None:
         return _original_validate_host(host, allowed_hosts)
     for pattern in allowed_hosts:
         try:
@@ -117,6 +141,18 @@ ALLOWED_HOSTS = [
 ]
 
 
+_DEFAULT_PORTS = {"http": "80", "https": "443"}
+
+
+def _get_allowed_hosts() -> list[str]:
+    from django.conf import settings as django_settings
+
+    configured = getattr(django_settings, "ALLOWED_HOSTS", None)
+    if configured is None:
+        return ALLOWED_HOSTS
+    return list(configured)
+
+
 def _iter_local_hostnames(hostname: str, fqdn: str | None = None) -> list[str]:
     """Return unique hostname variants for the current machine."""
 
@@ -152,34 +188,143 @@ for host in _iter_local_hostnames(_local_hostname, _local_fqdn):
 
 # Allow CSRF origin verification for hosts within allowed subnets.
 _original_origin_verified = CsrfViewMiddleware._origin_verified
+_original_check_referer = CsrfViewMiddleware._check_referer
+
+
+def _host_is_allowed(host: str, allowed_hosts: list[str]) -> bool:
+    if http_request.validate_host(host, allowed_hosts):
+        return True
+    domain, _port = split_domain_port(host)
+    if domain and domain != host:
+        return http_request.validate_host(domain, allowed_hosts)
+    return False
+
+
+def _parse_forwarded_header(header_value: str) -> list[dict[str, str]]:
+    entries: list[dict[str, str]] = []
+    if not header_value:
+        return entries
+    for forwarded_part in header_value.split(","):
+        entry: dict[str, str] = {}
+        for element in forwarded_part.split(";"):
+            if "=" not in element:
+                continue
+            key, value = element.split("=", 1)
+            entry[key.strip().lower()] = value.strip().strip('"')
+        if entry:
+            entries.append(entry)
+    return entries
+
+
+def _get_request_scheme(request, forwarded_entry: dict[str, str] | None = None) -> str:
+    """Return the scheme used by the client, honoring proxy headers."""
+
+    if forwarded_entry and forwarded_entry.get("proto", "").lower() in {"http", "https"}:
+        return forwarded_entry["proto"].lower()
+
+    if request.is_secure():
+        return "https"
+
+    forwarded_proto = request.META.get("HTTP_X_FORWARDED_PROTO", "")
+    if forwarded_proto:
+        candidate = forwarded_proto.split(",")[0].strip().lower()
+        if candidate in {"http", "https"}:
+            return candidate
+
+    forwarded_header = request.META.get("HTTP_FORWARDED", "")
+    for forwarded_entry in _parse_forwarded_header(forwarded_header):
+        candidate = forwarded_entry.get("proto", "").lower()
+        if candidate in {"http", "https"}:
+            return candidate
+
+    return "http"
+
+
+def _normalize_origin_tuple(scheme: str | None, host: str) -> tuple[str, str, str | None] | None:
+    if not scheme or scheme.lower() not in {"http", "https"}:
+        return None
+    domain, port = split_domain_port(host)
+    normalized_host = _strip_ipv6_brackets(domain.strip().lower())
+    if not normalized_host:
+        return None
+    normalized_port = port.strip() if isinstance(port, str) else port
+    if not normalized_port:
+        normalized_port = _DEFAULT_PORTS.get(scheme.lower())
+    if normalized_port is not None:
+        normalized_port = str(normalized_port)
+    return scheme.lower(), normalized_host, normalized_port
+
+
+def _normalized_request_origin(origin: str) -> tuple[str, str, str | None] | None:
+    parsed = urlsplit(origin)
+    if not parsed.scheme or not parsed.hostname:
+        return None
+    scheme = parsed.scheme.lower()
+    host = parsed.hostname.lower()
+    port = str(parsed.port) if parsed.port is not None else _DEFAULT_PORTS.get(scheme)
+    return scheme, host, port
+
+
+def _candidate_origin_tuples(request, allowed_hosts: list[str]) -> list[tuple[str, str, str | None]]:
+    default_scheme = _get_request_scheme(request)
+    candidates: list[tuple[str, str, str | None]] = []
+    seen: set[tuple[str, str, str | None]] = set()
+
+    def _append_candidate(scheme: str | None, host: str) -> None:
+        if not scheme or not host:
+            return
+        normalized = _normalize_origin_tuple(scheme, host)
+        if normalized is None:
+            return
+        if not _host_is_allowed(host, allowed_hosts):
+            return
+        if normalized in seen:
+            return
+        candidates.append(normalized)
+        seen.add(normalized)
 
+    forwarded_header = request.META.get("HTTP_FORWARDED", "")
+    for forwarded_entry in _parse_forwarded_header(forwarded_header):
+        host = forwarded_entry.get("host", "").strip()
+        scheme = _get_request_scheme(request, forwarded_entry)
+        _append_candidate(scheme, host)
+
+    forwarded_host = request.META.get("HTTP_X_FORWARDED_HOST", "")
+    if forwarded_host:
+        host = forwarded_host.split(",")[0].strip()
+        _append_candidate(default_scheme, host)
 
-def _origin_verified_with_subnets(self, request):
-    request_origin = request.META["HTTP_ORIGIN"]
     try:
         good_host = request.get_host()
     except DisallowedHost:
-        pass
-    else:
-        good_origin = "%s://%s" % (
-            "https" if request.is_secure() else "http",
-            good_host,
-        )
-        if request_origin == good_origin:
+        good_host = ""
+    if good_host:
+        _append_candidate(default_scheme, good_host)
+
+    return candidates
+
+
+def _origin_verified_with_subnets(self, request):
+    request_origin = request.META["HTTP_ORIGIN"]
+    allowed_hosts = _get_allowed_hosts()
+    normalized_origin = _normalized_request_origin(request_origin)
+    if normalized_origin is None:
+        return _original_origin_verified(self, request)
+
+    origin_ip = _extract_ip_from_host(normalized_origin[1])
+
+    for candidate in _candidate_origin_tuples(request, allowed_hosts):
+        if candidate == normalized_origin:
             return True
-        try:
-            origin_host = urlsplit(request_origin).hostname
-            origin_ip = ipaddress.ip_address(origin_host)
-            request_ip = ipaddress.ip_address(good_host.split(":")[0])
-        except ValueError:
-            pass
-        else:
-            for pattern in ALLOWED_HOSTS:
+
+        candidate_ip = _extract_ip_from_host(candidate[1])
+        if origin_ip and candidate_ip:
+            for pattern in allowed_hosts:
                 try:
                     network = ipaddress.ip_network(pattern)
                 except ValueError:
                     continue
-                if origin_ip in network and request_ip in network:
+                if origin_ip in network and candidate_ip in network:
                     return True
     return _original_origin_verified(self, request)
 
@@ -187,6 +332,49 @@ def _origin_verified_with_subnets(self, request):
 CsrfViewMiddleware._origin_verified = _origin_verified_with_subnets
 
 
+def _check_referer_with_forwarded(self, request):
+    referer = request.META.get("HTTP_REFERER")
+    if referer is None:
+        return _original_check_referer(self, request)
+
+    try:
+        parsed = urlsplit(referer)
+    except ValueError:
+        return _original_check_referer(self, request)
+
+    if "" in (parsed.scheme, parsed.netloc):
+        return _original_check_referer(self, request)
+
+    if parsed.scheme.lower() != "https":
+        return _original_check_referer(self, request)
+
+    normalized_referer = _normalize_origin_tuple(parsed.scheme.lower(), parsed.netloc)
+    if normalized_referer is None:
+        return _original_check_referer(self, request)
+
+    allowed_hosts = _get_allowed_hosts()
+    referer_ip = _extract_ip_from_host(normalized_referer[1])
+
+    for candidate in _candidate_origin_tuples(request, allowed_hosts):
+        if candidate == normalized_referer:
+            return
+
+        candidate_ip = _extract_ip_from_host(candidate[1])
+        if referer_ip and candidate_ip:
+            for pattern in allowed_hosts:
+                try:
+                    network = ipaddress.ip_network(pattern)
+                except ValueError:
+                    continue
+                if referer_ip in network and candidate_ip in network:
+                    return
+
+    return _original_check_referer(self, request)
+
+
+CsrfViewMiddleware._check_referer = _check_referer_with_forwarded
+
+
 # Application definition
 
 LOCAL_APPS = [
@@ -203,6 +391,8 @@ INSTALLED_APPS = [
     "whitenoise.runserver_nostatic",
     "django.contrib.admin",
     "django.contrib.admindocs",
+    "django_otp",
+    "django_otp.plugins.otp_totp",
     "config.auth_app.AuthConfig",
     "django.contrib.contenttypes",
     "django.contrib.sessions",
@@ -250,6 +440,7 @@ MIDDLEWARE = [
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django_otp.middleware.OTPMiddleware",
     "core.middleware.AdminHistoryMiddleware",
     "core.middleware.SigilContextMiddleware",
     "pages.middleware.ViewHistoryMiddleware",
@@ -268,6 +459,9 @@ if DEBUG:
 
 CSRF_FAILURE_VIEW = "pages.views.csrf_failure"
 
+# Allow staff TODO pages to embed internal admin views inside iframes.
+X_FRAME_OPTIONS = "SAMEORIGIN"
+
 ROOT_URLCONF = "config.urls"
 
 TEMPLATES = [
@@ -326,9 +520,13 @@ AUTH_USER_MODEL = "core.User"
 # Enable RFID authentication backend and restrict default admin login to localhost
 AUTHENTICATION_BACKENDS = [
     "core.backends.LocalhostAdminBackend",
+    "core.backends.TOTPBackend",
     "core.backends.RFIDBackend",
 ]
 
+# Issuer name used when generating otpauth URLs for authenticator apps.
+OTP_TOTP_ISSUER = os.environ.get("OTP_TOTP_ISSUER", "Arthexis")
+
 # Database
 # https://docs.djangoproject.com/en/5.2/ref/settings/#databases
 
@@ -405,10 +603,10 @@ AUTH_PASSWORD_VALIDATORS = [
 LANGUAGE_CODE = "en-us"
 
 LANGUAGES = [
-    ("en", _("English")),
     ("es", _("Spanish")),
-    ("fr", _("French")),
-    ("ru", _("Russian")),
+    ("en", _("English")),
+    ("it", _("Italian")),
+    ("de", _("German")),
 ]
 
 LOCALE_PATHS = [BASE_DIR / "locale"]

config/urls.py

@@ -118,11 +118,17 @@ urlpatterns = [
         admin.site.admin_view(pages_views.admin_model_graph),
         name="admin-model-graph",
     ),
+    path("version/", core_views.version_info, name="version-info"),
     path(
         "admin/core/releases/<int:pk>/<str:action>/",
         core_views.release_progress,
         name="release-progress",
     ),
+    path(
+        "admin/core/todos/<int:pk>/focus/",
+        core_views.todo_focus,
+        name="todo-focus",
+    ),
     path(
         "admin/core/todos/<int:pk>/done/",
         core_views.todo_done,