arthexis 0.1.9__py3-none-any.whl → 0.1.11__py3-none-any.whl

nodes/admin.py

@@ -9,6 +9,7 @@ from django.db.models import Count
 from django.conf import settings
 from pathlib import Path
 from django.http import HttpResponse
+from django.utils.translation import gettext_lazy as _
 import base64
 import pyperclip
 from pyperclip import PyperclipException
@@ -25,7 +26,10 @@ from .models import (
     NodeFeatureAssignment,
     ContentSample,
     NetMessage,
+    NodeManager,
+    DNSRecord,
 )
+from . import dns as dns_utils
 from core.user_data import EntityModelAdmin
 
 
@@ -42,6 +46,129 @@ class NodeFeatureAssignmentInline(admin.TabularInline):
     autocomplete_fields = ("feature",)
 
 
+class DeployDNSRecordsForm(forms.Form):
+    manager = forms.ModelChoiceField(
+        label="Node Manager",
+        queryset=NodeManager.objects.none(),
+        help_text="Credentials used to authenticate with the DNS provider.",
+    )
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["manager"].queryset = NodeManager.objects.filter(
+            provider=NodeManager.Provider.GODADDY, is_enabled=True
+        )
+
+
+@admin.register(NodeManager)
+class NodeManagerAdmin(EntityModelAdmin):
+    list_display = ("__str__", "provider", "is_enabled", "default_domain")
+    list_filter = ("provider", "is_enabled")
+    search_fields = (
+        "default_domain",
+        "user__username",
+        "group__name",
+    )
+
+
+@admin.register(DNSRecord)
+class DNSRecordAdmin(EntityModelAdmin):
+    list_display = (
+        "record_type",
+        "fqdn",
+        "data",
+        "ttl",
+        "node_manager",
+        "last_synced_at",
+        "last_verified_at",
+    )
+    list_filter = ("record_type", "provider", "node_manager")
+    search_fields = ("domain", "name", "data")
+    autocomplete_fields = ("node_manager",)
+    actions = ["deploy_selected_records", "validate_selected_records"]
+
+    def _default_manager_for_queryset(self, queryset):
+        manager_ids = list(
+            queryset.exclude(node_manager__isnull=True)
+            .values_list("node_manager_id", flat=True)
+            .distinct()
+        )
+        if len(manager_ids) == 1:
+            return manager_ids[0]
+        available = list(
+            NodeManager.objects.filter(
+                provider=NodeManager.Provider.GODADDY, is_enabled=True
+            ).values_list("pk", flat=True)
+        )
+        if len(available) == 1:
+            return available[0]
+        return None
+
+    @admin.action(description="Deploy Selected records")
+    def deploy_selected_records(self, request, queryset):
+        unsupported = queryset.exclude(provider=DNSRecord.Provider.GODADDY)
+        for record in unsupported:
+            self.message_user(
+                request,
+                f"{record} uses unsupported provider {record.get_provider_display()}",
+                messages.WARNING,
+            )
+        queryset = queryset.filter(provider=DNSRecord.Provider.GODADDY)
+        if not queryset:
+            self.message_user(request, "No GoDaddy records selected.", messages.WARNING)
+            return None
+
+        if "apply" in request.POST:
+            form = DeployDNSRecordsForm(request.POST)
+            if form.is_valid():
+                manager = form.cleaned_data["manager"]
+                result = manager.publish_dns_records(list(queryset))
+                for record, reason in result.skipped.items():
+                    self.message_user(request, f"{record}: {reason}", messages.WARNING)
+                for record, reason in result.failures.items():
+                    self.message_user(request, f"{record}: {reason}", messages.ERROR)
+                if result.deployed:
+                    self.message_user(
+                        request,
+                        f"Deployed {len(result.deployed)} DNS record(s) via {manager}.",
+                        messages.SUCCESS,
+                    )
+                return None
+        else:
+            initial_manager = self._default_manager_for_queryset(queryset)
+            form = DeployDNSRecordsForm(initial={"manager": initial_manager})
+
+        context = {
+            **self.admin_site.each_context(request),
+            "opts": self.model._meta,
+            "form": form,
+            "queryset": queryset,
+            "title": "Deploy DNS records",
+        }
+        return render(
+            request,
+            "admin/nodes/dnsrecord/deploy_records.html",
+            context,
+        )
+
+    @admin.action(description="Validate Selected records")
+    def validate_selected_records(self, request, queryset):
+        resolver = dns_utils.create_resolver()
+        successes = 0
+        for record in queryset:
+            ok, message = dns_utils.validate_record(record, resolver=resolver)
+            if ok:
+                successes += 1
+            else:
+                self.message_user(request, f"{record}: {message}", messages.WARNING)
+        if successes:
+            self.message_user(
+                request,
+                f"Validated {successes} DNS record(s).",
+                messages.SUCCESS,
+            )
+
+
 @admin.register(Node)
 class NodeAdmin(EntityModelAdmin):
     list_display = (
@@ -114,6 +241,9 @@ class NodeAdmin(EntityModelAdmin):
 
         token = uuid.uuid4().hex
         context = {
+            **self.admin_site.each_context(request),
+            "opts": self.model._meta,
+            "title": _("Register Visitor Node"),
             "token": token,
             "info_url": reverse("node-info"),
             "register_url": reverse("register-node"),
@@ -228,12 +358,20 @@ class NodeAdmin(EntityModelAdmin):
 
 @admin.register(EmailOutbox)
 class EmailOutboxAdmin(EntityModelAdmin):
-    list_display = ("owner_label", "host", "port", "username", "use_tls", "use_ssl")
+    list_display = (
+        "owner_label",
+        "host",
+        "port",
+        "username",
+        "use_tls",
+        "use_ssl",
+        "is_enabled",
+    )
     change_form_template = "admin/nodes/emailoutbox/change_form.html"
     fieldsets = (
         ("Owner", {"fields": ("user", "group", "node")}),
         (
-            None,
+            "Configuration",
             {
                 "fields": (
                     "host",
@@ -243,6 +381,7 @@ class EmailOutboxAdmin(EntityModelAdmin):
                     "use_tls",
                     "use_ssl",
                     "from_email",
+                    "is_enabled",
                 )
             },
         ),
@@ -280,9 +419,6 @@ class EmailOutboxAdmin(EntityModelAdmin):
             self.message_user(request, str(exc), messages.ERROR)
         return redirect("..")
 
-    def get_model_perms(self, request):  # pragma: no cover - hide from index
-        return {}
-
     def changeform_view(self, request, object_id=None, form_url="", extra_context=None):
         extra_context = extra_context or {}
         if object_id:
@@ -430,7 +566,14 @@ class ContentSampleAdmin(EntityModelAdmin):
 
 @admin.register(NetMessage)
 class NetMessageAdmin(EntityModelAdmin):
-    list_display = ("subject", "body", "reach", "created", "complete")
+    list_display = (
+        "subject",
+        "body",
+        "reach",
+        "node_origin",
+        "created",
+        "complete",
+    )
     search_fields = ("subject", "body")
     list_filter = ("complete", "reach")
     ordering = ("-created",)

nodes/backends.py

@@ -1,5 +1,8 @@
 from __future__ import annotations
 
+import random
+from collections import defaultdict
+
 from django.core.mail.backends.base import BaseEmailBackend
 from django.core.mail import get_connection
 from django.conf import settings
@@ -13,41 +16,145 @@ class OutboxEmailBackend(BaseEmailBackend):
 
     If a matching outbox exists for the message's ``from_email`` (matching
     either ``from_email`` or ``username``), that outbox's SMTP credentials are
-    used. Otherwise, the first available outbox is used. When no outboxes are
-    configured, the system falls back to Django's default SMTP settings.
+    used. ``EmailOutbox`` associations to ``node``, ``user`` and ``group`` are
+    also considered and preferred when multiple criteria match. When no
+    outboxes are configured, the system falls back to Django's default SMTP
+    settings.
     """
 
-    def _select_outbox(self, from_email: str | None) -> EmailOutbox | None:
+    def _resolve_identifier(self, message, attr: str):
+        value = getattr(message, attr, None)
+        if value is None:
+            value = getattr(message, f"{attr}_id", None)
+        if value is None:
+            return None
+        return getattr(value, "pk", value)
+
+    def _select_outbox(
+        self, message
+    ) -> tuple[EmailOutbox | None, list[EmailOutbox]]:
+        from_email = getattr(message, "from_email", None)
+        node_id = self._resolve_identifier(message, "node")
+        user_id = self._resolve_identifier(message, "user")
+        group_id = self._resolve_identifier(message, "group")
+
+        enabled_outboxes = EmailOutbox.objects.filter(is_enabled=True)
+        match_sets: list[tuple[str, list[EmailOutbox]]] = []
+
         if from_email:
-            return (
-                EmailOutbox.objects.filter(
+            email_matches = list(
+                enabled_outboxes.filter(
                     Q(from_email__iexact=from_email) | Q(username__iexact=from_email)
-                ).first()
-                or EmailOutbox.objects.first()
+                )
             )
-        return EmailOutbox.objects.first()
+            if email_matches:
+                match_sets.append(("from_email", email_matches))
+
+        if node_id:
+            node_matches = list(enabled_outboxes.filter(node_id=node_id))
+            if node_matches:
+                match_sets.append(("node", node_matches))
+
+        if user_id:
+            user_matches = list(enabled_outboxes.filter(user_id=user_id))
+            if user_matches:
+                match_sets.append(("user", user_matches))
+
+        if group_id:
+            group_matches = list(enabled_outboxes.filter(group_id=group_id))
+            if group_matches:
+                match_sets.append(("group", group_matches))
+
+        if not match_sets:
+            fallback = self._fallback_outbox(enabled_outboxes)
+            if fallback:
+                return fallback, []
+            return None, []
+
+        candidates: dict[int, EmailOutbox] = {}
+        scores: defaultdict[int, int] = defaultdict(int)
+
+        for _, matches in match_sets:
+            for outbox in matches:
+                candidates[outbox.pk] = outbox
+                scores[outbox.pk] += 1
+
+        if not candidates:
+            fallback = self._fallback_outbox(enabled_outboxes)
+            if fallback:
+                return fallback, []
+            return None, []
+
+        selected: EmailOutbox | None = None
+        fallbacks: list[EmailOutbox] = []
+
+        for score in sorted(set(scores.values()), reverse=True):
+            group = [candidates[pk] for pk, value in scores.items() if value == score]
+            if len(group) > 1:
+                random.shuffle(group)
+            if selected is None:
+                selected = group[0]
+                fallbacks.extend(group[1:])
+            else:
+                fallbacks.extend(group)
+
+        return selected, fallbacks
+
+    def _fallback_outbox(self, queryset):
+        ownerless = queryset.filter(
+            node__isnull=True, user__isnull=True, group__isnull=True
+        ).order_by("pk").first()
+        if ownerless:
+            return ownerless
+        return queryset.order_by("pk").first()
 
     def send_messages(self, email_messages):
         sent = 0
         for message in email_messages:
-            outbox = self._select_outbox(message.from_email)
+            original_from_email = message.from_email
+            outbox, fallbacks = self._select_outbox(message)
+            tried_outboxes = []
             if outbox:
-                connection = outbox.get_connection()
-                if not message.from_email:
+                tried_outboxes.append(outbox)
+            tried_outboxes.extend(fallbacks)
+
+            last_error: Exception | None = None
+
+            if tried_outboxes:
+                for candidate in tried_outboxes:
+                    connection = candidate.get_connection()
                     message.from_email = (
-                        outbox.from_email or settings.DEFAULT_FROM_EMAIL
+                        original_from_email
+                        or candidate.from_email
+                        or settings.DEFAULT_FROM_EMAIL
                     )
+                    try:
+                        sent += connection.send_messages([message]) or 0
+                        last_error = None
+                        break
+                    except Exception as exc:  # pragma: no cover - retry on error
+                        last_error = exc
+                    finally:
+                        try:
+                            connection.close()
+                        except Exception:  # pragma: no cover - close errors shouldn't fail send
+                            pass
+                if last_error is not None:
+                    message.from_email = original_from_email
+                    raise last_error
             else:
                 connection = get_connection(
                     "django.core.mail.backends.smtp.EmailBackend"
                 )
                 if not message.from_email:
                     message.from_email = settings.DEFAULT_FROM_EMAIL
-            try:
-                sent += connection.send_messages([message]) or 0
-            finally:
                 try:
-                    connection.close()
-                except Exception:  # pragma: no cover - close errors shouldn't fail send
-                    pass
+                    sent += connection.send_messages([message]) or 0
+                finally:
+                    try:
+                        connection.close()
+                    except Exception:  # pragma: no cover - close errors shouldn't fail send
+                        pass
+
+            message.from_email = original_from_email
         return sent

nodes/dns.py

@@ -0,0 +1,203 @@
+from __future__ import annotations
+
+from collections import defaultdict
+from dataclasses import dataclass
+from typing import Iterable, Mapping, MutableMapping, TYPE_CHECKING
+
+import requests
+from django.utils import timezone
+from dns import exception as dns_exception
+from dns import resolver as dns_resolver
+from requests import Response
+
+if TYPE_CHECKING:  # pragma: no cover - imported for type checking only
+    from .models import DNSRecord, NodeManager
+
+
+@dataclass
+class DeploymentResult:
+    deployed: list["DNSRecord"]
+    failures: MutableMapping["DNSRecord", str]
+    skipped: MutableMapping["DNSRecord", str]
+
+
+def _error_from_response(response: Response) -> str:
+    try:
+        payload = response.json()
+    except ValueError:
+        payload = None
+
+    if isinstance(payload, dict):
+        for key in ("message", "detail", "error"):
+            message = payload.get(key)
+            if message:
+                return str(message)
+    elif isinstance(payload, list) and payload:
+        first = payload[0]
+        if isinstance(first, Mapping) and "message" in first:
+            return str(first["message"])
+        return str(first)
+
+    reason = response.reason or ""
+    return f"{response.status_code} {reason}".strip()
+
+
+def deploy_records(manager: "NodeManager", records: Iterable["DNSRecord"]) -> DeploymentResult:
+    filtered: list["DNSRecord"] = []
+    skipped: MutableMapping["DNSRecord", str] = {}
+    for record in records:
+        if record.provider != record.Provider.GODADDY:
+            skipped[record] = "Unsupported DNS provider"
+            continue
+        domain = record.get_domain(manager)
+        if not domain:
+            skipped[record] = "Domain is required for deployment"
+            continue
+        filtered.append(record)
+
+    if not filtered:
+        return DeploymentResult([], {}, skipped)
+
+    session = requests.Session()
+    session.headers.update(
+        {
+            "Authorization": manager.get_auth_header(),
+            "Accept": "application/json",
+            "Content-Type": "application/json",
+        }
+    )
+    customer_id = manager.get_customer_id()
+    if customer_id:
+        session.headers["X-Shopper-Id"] = customer_id
+
+    grouped: MutableMapping[tuple[str, str, str], list["DNSRecord"]] = defaultdict(list)
+    for record in filtered:
+        key = (
+            record.get_domain(manager),
+            record.record_type,
+            record.get_name(),
+        )
+        grouped[key].append(record)
+
+    deployed: list["DNSRecord"] = []
+    failures: MutableMapping["DNSRecord", str] = {}
+    now = timezone.now()
+
+    base_url = manager.get_base_url()
+    for (domain, record_type, name), grouped_records in grouped.items():
+        payload = [record.to_godaddy_payload() for record in grouped_records]
+        url = f"{base_url}/v1/domains/{domain}/records/{record_type}/{name or '@'}"
+        try:
+            response = session.put(url, json=payload, timeout=30)
+        except requests.RequestException as exc:
+            message = str(exc)
+            for record in grouped_records:
+                record.mark_error(message, manager=manager)
+                failures[record] = message
+            continue
+
+        if response.status_code >= 400:
+            message = _error_from_response(response)
+            for record in grouped_records:
+                record.mark_error(message, manager=manager)
+                failures[record] = message
+            continue
+
+        for record in grouped_records:
+            record.mark_deployed(manager=manager, timestamp=now)
+            deployed.append(record)
+
+    return DeploymentResult(deployed, failures, skipped)
+
+
+def create_resolver() -> dns_resolver.Resolver:
+    return dns_resolver.Resolver()
+
+
+def _normalize_hostname(value: str) -> str:
+    return value.rstrip(".").lower()
+
+
+def _extract_txt(rdata) -> str:
+    strings = getattr(rdata, "strings", None)
+    if strings:
+        parts = []
+        for segment in strings:
+            if isinstance(segment, bytes):
+                parts.append(segment.decode("utf-8", "ignore"))
+            else:
+                parts.append(str(segment))
+        return "".join(parts)
+    return str(rdata).strip('"')
+
+
+def _matches_record(record: "DNSRecord", rdata) -> bool:
+    expected = (record.resolve_sigils("data") or "").strip()
+    rtype = record.record_type
+
+    if rtype == record.Type.A:
+        return getattr(rdata, "address", str(rdata)) == expected
+    if rtype == record.Type.AAAA:
+        return getattr(rdata, "address", str(rdata)) == expected
+    if rtype == record.Type.CNAME:
+        actual = getattr(rdata, "target", None)
+        if actual is None:
+            return False
+        return _normalize_hostname(actual.to_text()) == _normalize_hostname(expected)
+    if rtype == record.Type.NS:
+        actual = getattr(rdata, "target", None)
+        if actual is None:
+            return False
+        return _normalize_hostname(actual.to_text()) == _normalize_hostname(expected)
+    if rtype == record.Type.MX:
+        host = getattr(rdata, "exchange", None)
+        if host is None:
+            return False
+        host_match = _normalize_hostname(host.to_text()) == _normalize_hostname(expected)
+        priority = getattr(rdata, "preference", None)
+        priority_match = record.priority is None or priority == record.priority
+        return host_match and priority_match
+    if rtype == record.Type.SRV:
+        target = getattr(rdata, "target", None)
+        if target is None:
+            return False
+        target_match = _normalize_hostname(target.to_text()) == _normalize_hostname(expected)
+        priority_match = record.priority is None or getattr(rdata, "priority", None) == record.priority
+        weight_match = record.weight is None or getattr(rdata, "weight", None) == record.weight
+        port_match = record.port is None or getattr(rdata, "port", None) == record.port
+        return target_match and priority_match and weight_match and port_match
+    if rtype == record.Type.TXT:
+        actual = _extract_txt(rdata)
+        return actual == expected
+
+    return str(rdata).strip() == expected
+
+
+def validate_record(
+    record: "DNSRecord", resolver: dns_resolver.Resolver | None = None
+) -> tuple[bool, str]:
+    resolver = resolver or create_resolver()
+    fqdn = record.fqdn()
+    if not fqdn:
+        message = "Domain is required for validation"
+        record.mark_error(message)
+        return False, message
+
+    try:
+        answers = resolver.resolve(fqdn, record.record_type)
+    except (dns_exception.DNSException, OSError) as exc:
+        message = str(exc)
+        record.mark_error(message)
+        return False, message
+
+    for rdata in answers:
+        if _matches_record(record, rdata):
+            record.last_verified_at = timezone.now()
+            record.last_error = ""
+            record.save(update_fields=["last_verified_at", "last_error"])
+            return True, ""
+
+    message = "DNS record does not match expected value"
+    record.mark_error(message)
+    return False, message
+