arthexis 0.1.9__py3-none-any.whl → 0.1.11__py3-none-any.whl

nodes/models.py

@@ -1,16 +1,21 @@
+from __future__ import annotations
+
 from collections.abc import Iterable
 from django.db import models
+from django.db.utils import DatabaseError
 from django.db.models.signals import post_delete
-from django.dispatch import receiver
+from django.dispatch import Signal, receiver
 from core.entity import Entity
 from core.models import Profile
-from core.fields import SigilShortAutoField
+from core.fields import SigilLongAutoField, SigilShortAutoField
 import re
 import json
 import base64
+from django.utils import timezone
 from django.utils.text import slugify
 from django.conf import settings
 from django.contrib.sites.models import Site
+from datetime import timedelta
 import uuid
 import os
 import shutil
@@ -19,6 +24,7 @@ import stat
 import subprocess
 from pathlib import Path
 from utils import revision
+from core.notifications import notify_async
 from django.core.exceptions import ValidationError
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives import serialization, hashes
@@ -119,12 +125,23 @@ def get_terminal_role():
 class Node(Entity):
     """Information about a running node in the network."""
 
+    class Relation(models.TextChoices):
+        UPSTREAM = "UPSTREAM", "Upstream"
+        DOWNSTREAM = "DOWNSTREAM", "Downstream"
+        PEER = "PEER", "Peer"
+        SELF = "SELF", "Self"
+
     hostname = models.CharField(max_length=100)
     address = models.GenericIPAddressField()
     mac_address = models.CharField(max_length=17, unique=True, null=True, blank=True)
     port = models.PositiveIntegerField(default=8000)
     badge_color = models.CharField(max_length=7, default="#28a745")
     role = models.ForeignKey(NodeRole, on_delete=models.SET_NULL, null=True, blank=True)
+    current_relation = models.CharField(
+        max_length=10,
+        choices=Relation.choices,
+        default=Relation.PEER,
+    )
     last_seen = models.DateTimeField(auto_now=True)
     enable_public_api = models.BooleanField(
         default=False,
@@ -175,11 +192,35 @@ class Node(Entity):
         """Return the MAC address of the current host."""
         return ":".join(re.findall("..", f"{uuid.getnode():012x}"))
 
+    @classmethod
+    def normalize_relation(cls, value):
+        """Normalize ``value`` to a valid :class:`Relation`."""
+
+        if isinstance(value, cls.Relation):
+            return value
+        if value is None:
+            return cls.Relation.PEER
+        text = str(value).strip()
+        if not text:
+            return cls.Relation.PEER
+        for relation in cls.Relation:
+            if text.lower() == relation.label.lower():
+                return relation
+            if text.upper() == relation.name:
+                return relation
+            if text.lower() == relation.value.lower():
+                return relation
+        return cls.Relation.PEER
+
     @classmethod
     def get_local(cls):
         """Return the node representing the current host if it exists."""
         mac = cls.get_current_mac()
-        return cls.objects.filter(mac_address=mac).first()
+        try:
+            return cls.objects.filter(mac_address=mac).first()
+        except DatabaseError:
+            logger.debug("nodes.Node.get_local skipped: database unavailable", exc_info=True)
+            return None
 
     @classmethod
     def register_current(cls):
@@ -209,6 +250,7 @@ class Node(Entity):
             "installed_revision": installed_revision,
             "public_endpoint": slug,
             "mac_address": mac,
+            "current_relation": cls.Relation.SELF,
         }
         if node:
             for field, value in defaults.items():
@@ -235,8 +277,112 @@ class Node(Entity):
                 node.save(update_fields=["role"])
         Site.objects.get_or_create(domain=hostname, defaults={"name": "host"})
         node.ensure_keys()
+        node.notify_peers_of_update()
         return node, created
 
+    def notify_peers_of_update(self):
+        """Attempt to update this node's registration with known peers."""
+
+        from secrets import token_hex
+
+        try:
+            import requests
+        except Exception:  # pragma: no cover - requests should be available
+            return
+
+        security_dir = Path(self.base_path or settings.BASE_DIR) / "security"
+        priv_path = security_dir / f"{self.public_endpoint}"
+        if not priv_path.exists():
+            logger.debug("Private key for %s not found; skipping peer update", self)
+            return
+        try:
+            private_key = serialization.load_pem_private_key(
+                priv_path.read_bytes(), password=None
+            )
+        except Exception as exc:  # pragma: no cover - defensive
+            logger.warning("Failed to load private key for %s: %s", self, exc)
+            return
+        token = token_hex(16)
+        try:
+            signature = private_key.sign(
+                token.encode(),
+                padding.PKCS1v15(),
+                hashes.SHA256(),
+            )
+        except Exception as exc:  # pragma: no cover - defensive
+            logger.warning("Failed to sign peer update for %s: %s", self, exc)
+            return
+
+        payload = {
+            "hostname": self.hostname,
+            "address": self.address,
+            "port": self.port,
+            "mac_address": self.mac_address,
+            "public_key": self.public_key,
+            "token": token,
+            "signature": base64.b64encode(signature).decode(),
+        }
+        if self.installed_version:
+            payload["installed_version"] = self.installed_version
+        if self.installed_revision:
+            payload["installed_revision"] = self.installed_revision
+
+        payload_json = json.dumps(payload, separators=(",", ":"), sort_keys=True)
+        headers = {"Content-Type": "application/json"}
+
+        peers = Node.objects.exclude(pk=self.pk)
+        for peer in peers:
+            host_candidates: list[str] = []
+            if peer.address:
+                host_candidates.append(peer.address)
+            if peer.hostname and peer.hostname not in host_candidates:
+                host_candidates.append(peer.hostname)
+            port = peer.port or 8000
+            urls: list[str] = []
+            for host in host_candidates:
+                host = host.strip()
+                if not host:
+                    continue
+                if ":" in host and not host.startswith("["):
+                    host = f"[{host}]"
+                http_url = (
+                    f"http://{host}/nodes/register/"
+                    if port == 80
+                    else f"http://{host}:{port}/nodes/register/"
+                )
+                https_url = (
+                    f"https://{host}/nodes/register/"
+                    if port in {80, 443}
+                    else f"https://{host}:{port}/nodes/register/"
+                )
+                for url in (https_url, http_url):
+                    if url not in urls:
+                        urls.append(url)
+            if not urls:
+                continue
+            for url in urls:
+                try:
+                    response = requests.post(
+                        url, data=payload_json, headers=headers, timeout=2
+                    )
+                except Exception as exc:  # pragma: no cover - best effort
+                    logger.debug("Failed to update %s via %s: %s", peer, url, exc)
+                    continue
+                if response.ok:
+                    version_display = _format_upgrade_body(
+                        self.installed_version,
+                        self.installed_revision,
+                    )
+                    version_suffix = f" ({version_display})" if version_display else ""
+                    logger.info(
+                        "Announced startup to %s%s",
+                        peer,
+                        version_suffix,
+                    )
+                    break
+            else:
+                logger.warning("Unable to notify node %s of startup", peer)
+
     def ensure_keys(self):
         security_dir = Path(settings.BASE_DIR) / "security"
         security_dir.mkdir(parents=True, exist_ok=True)
@@ -526,6 +672,52 @@ class Node(Entity):
         )
 
 
+node_information_updated = Signal()
+
+
+def _format_upgrade_body(version: str, revision: str) -> str:
+    version = (version or "").strip()
+    revision = (revision or "").strip()
+    parts: list[str] = []
+    if version:
+        normalized = version.lstrip("vV") or version
+        parts.append(f"v{normalized}")
+    if revision:
+        rev_clean = re.sub(r"[^0-9A-Za-z]", "", revision)
+        rev_short = (rev_clean[-6:] if rev_clean else revision[-6:])
+        parts.append(f"r{rev_short}")
+    return " ".join(parts).strip()
+
+
+@receiver(node_information_updated)
+def _announce_peer_startup(
+    sender,
+    *,
+    node: "Node",
+    previous_version: str = "",
+    previous_revision: str = "",
+    current_version: str = "",
+    current_revision: str = "",
+    **_: object,
+) -> None:
+    current_version = (current_version or "").strip()
+    current_revision = (current_revision or "").strip()
+    previous_version = (previous_version or "").strip()
+    previous_revision = (previous_revision or "").strip()
+
+    local = Node.get_local()
+    if local and node.pk == local.pk:
+        return
+
+    body = _format_upgrade_body(current_version, current_revision)
+    if not body:
+        body = "Online"
+
+    hostname = (node.hostname or "Node").strip() or "Node"
+    subject = f"UP {hostname}"
+    notify_async(subject, body)
+
+
 class NodeFeatureAssignment(Entity):
     """Bridge between :class:`Node` and :class:`NodeFeature`."""
 
@@ -560,6 +752,243 @@ def _sync_tasks_on_assignment_delete(sender, instance, **kwargs):
         node.sync_feature_tasks()
 
 
+class NodeManager(Profile):
+    """Credentials for interacting with external DNS providers."""
+
+    class Provider(models.TextChoices):
+        GODADDY = "godaddy", "GoDaddy"
+
+    profile_fields = (
+        "provider",
+        "api_key",
+        "api_secret",
+        "customer_id",
+        "default_domain",
+    )
+
+    provider = models.CharField(
+        max_length=20,
+        choices=Provider.choices,
+        default=Provider.GODADDY,
+    )
+    api_key = SigilShortAutoField(
+        max_length=255,
+        help_text="API key issued by the DNS provider.",
+    )
+    api_secret = SigilShortAutoField(
+        max_length=255,
+        help_text="API secret issued by the DNS provider.",
+    )
+    customer_id = SigilShortAutoField(
+        max_length=100,
+        blank=True,
+        help_text="Optional GoDaddy customer identifier for the account.",
+    )
+    default_domain = SigilShortAutoField(
+        max_length=253,
+        blank=True,
+        help_text="Fallback domain when records omit one.",
+    )
+    use_sandbox = models.BooleanField(
+        default=False,
+        help_text="Use the GoDaddy OTE (test) environment.",
+    )
+    is_enabled = models.BooleanField(
+        default=True,
+        help_text="Disable to prevent deployments with this manager.",
+    )
+
+    class Meta:
+        verbose_name = "Node Manager"
+        verbose_name_plural = "Node Managers"
+
+    def __str__(self) -> str:
+        owner = self.owner_display()
+        provider = self.get_provider_display()
+        if owner:
+            return f"{provider} ({owner})"
+        return provider
+
+    def clean(self):
+        if self.user_id or self.group_id:
+            super().clean()
+        else:
+            super(Profile, self).clean()
+
+    def get_base_url(self) -> str:
+        if self.provider != self.Provider.GODADDY:
+            raise ValueError("Unsupported DNS provider")
+        if self.use_sandbox:
+            return "https://api.ote-godaddy.com"
+        return "https://api.godaddy.com"
+
+    def get_auth_header(self) -> str:
+        key = (self.resolve_sigils("api_key") or "").strip()
+        secret = (self.resolve_sigils("api_secret") or "").strip()
+        if not key or not secret:
+            raise ValueError("API credentials are required for DNS deployment")
+        return f"sso-key {key}:{secret}"
+
+    def get_customer_id(self) -> str:
+        return (self.resolve_sigils("customer_id") or "").strip()
+
+    def get_default_domain(self) -> str:
+        return (self.resolve_sigils("default_domain") or "").strip()
+
+    def publish_dns_records(self, records: Iterable["DNSRecord"]):
+        from . import dns as dns_utils
+
+        return dns_utils.deploy_records(self, records)
+
+
+class DNSRecord(Entity):
+    """Stored DNS configuration ready for deployment."""
+
+    class Type(models.TextChoices):
+        A = "A", "A"
+        AAAA = "AAAA", "AAAA"
+        CNAME = "CNAME", "CNAME"
+        MX = "MX", "MX"
+        NS = "NS", "NS"
+        SRV = "SRV", "SRV"
+        TXT = "TXT", "TXT"
+
+    class Provider(models.TextChoices):
+        GODADDY = "godaddy", "GoDaddy"
+
+    provider = models.CharField(
+        max_length=20,
+        choices=Provider.choices,
+        default=Provider.GODADDY,
+    )
+    node_manager = models.ForeignKey(
+        "NodeManager",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="dns_records",
+    )
+    domain = SigilShortAutoField(
+        max_length=253,
+        help_text="Base domain such as example.com.",
+    )
+    name = SigilShortAutoField(
+        max_length=253,
+        help_text="Record host. Use @ for the zone apex.",
+    )
+    record_type = models.CharField(
+        max_length=10,
+        choices=Type.choices,
+        default=Type.A,
+        verbose_name="Type",
+    )
+    data = SigilLongAutoField(
+        help_text="Record value such as an IP address or hostname.",
+    )
+    ttl = models.PositiveIntegerField(
+        default=600,
+        help_text="Time to live in seconds.",
+    )
+    priority = models.PositiveIntegerField(
+        null=True,
+        blank=True,
+        help_text="Priority for MX and SRV records.",
+    )
+    port = models.PositiveIntegerField(
+        null=True,
+        blank=True,
+        help_text="Port for SRV records.",
+    )
+    weight = models.PositiveIntegerField(
+        null=True,
+        blank=True,
+        help_text="Weight for SRV records.",
+    )
+    service = SigilShortAutoField(
+        max_length=50,
+        blank=True,
+        help_text="Service label for SRV records (for example _sip).",
+    )
+    protocol = SigilShortAutoField(
+        max_length=10,
+        blank=True,
+        help_text="Protocol label for SRV records (for example _tcp).",
+    )
+    last_synced_at = models.DateTimeField(null=True, blank=True)
+    last_verified_at = models.DateTimeField(null=True, blank=True)
+    last_error = models.TextField(blank=True)
+
+    class Meta:
+        verbose_name = "DNS Record"
+        verbose_name_plural = "DNS Records"
+
+    def __str__(self) -> str:
+        return f"{self.record_type} {self.fqdn()}"
+
+    def get_domain(self, manager: "NodeManager" | None = None) -> str:
+        domain = (self.resolve_sigils("domain") or "").strip()
+        if domain:
+            return domain.rstrip(".")
+        if manager:
+            fallback = manager.get_default_domain()
+            if fallback:
+                return fallback.rstrip(".")
+        return ""
+
+    def get_name(self) -> str:
+        name = (self.resolve_sigils("name") or "").strip()
+        return name or "@"
+
+    def fqdn(self, manager: "NodeManager" | None = None) -> str:
+        domain = self.get_domain(manager)
+        name = self.get_name()
+        if name in {"@", ""}:
+            return domain
+        if name.endswith("."):
+            return name.rstrip(".")
+        if domain:
+            return f"{name}.{domain}".rstrip(".")
+        return name.rstrip(".")
+
+    def to_godaddy_payload(self) -> dict[str, object]:
+        payload: dict[str, object] = {
+            "data": (self.resolve_sigils("data") or "").strip(),
+            "ttl": self.ttl,
+        }
+        if self.priority is not None:
+            payload["priority"] = self.priority
+        if self.port is not None:
+            payload["port"] = self.port
+        if self.weight is not None:
+            payload["weight"] = self.weight
+        service = (self.resolve_sigils("service") or "").strip()
+        if service:
+            payload["service"] = service
+        protocol = (self.resolve_sigils("protocol") or "").strip()
+        if protocol:
+            payload["protocol"] = protocol
+        return payload
+
+    def mark_deployed(self, manager: "NodeManager" | None = None, timestamp=None) -> None:
+        if timestamp is None:
+            timestamp = timezone.now()
+        update_fields = ["last_synced_at", "last_error"]
+        self.last_synced_at = timestamp
+        self.last_error = ""
+        if manager and self.node_manager_id != getattr(manager, "pk", None):
+            self.node_manager = manager
+            update_fields.append("node_manager")
+        self.save(update_fields=update_fields)
+
+    def mark_error(self, message: str, manager: "NodeManager" | None = None) -> None:
+        update_fields = ["last_error"]
+        self.last_error = message
+        if manager and self.node_manager_id != getattr(manager, "pk", None):
+            self.node_manager = manager
+            update_fields.append("node_manager")
+        self.save(update_fields=update_fields)
+
+
 class EmailOutbox(Profile):
     """SMTP credentials for sending mail."""
 
@@ -612,11 +1041,37 @@ class EmailOutbox(Profile):
         max_length=254,
         help_text="Default From address; usually the same as username",
     )
+    is_enabled = models.BooleanField(
+        default=True,
+        help_text="Disable to remove this outbox from automatic selection.",
+    )
 
     class Meta:
         verbose_name = "Email Outbox"
         verbose_name_plural = "Email Outboxes"
 
+    def __str__(self) -> str:
+        address = (self.from_email or "").strip()
+        if address:
+            return address
+
+        username = (self.username or "").strip()
+        host = (self.host or "").strip()
+        if username and host:
+            if "@" in username:
+                return username
+            return f"{username}@{host}"
+        if username:
+            return username
+        if host:
+            return host
+
+        owner = self.owner_display()
+        if owner:
+            return owner
+
+        return super().__str__()
+
     def clean(self):
         if self.user_id or self.group_id:
             super().clean()
@@ -662,6 +1117,13 @@ class NetMessage(Entity):
         editable=False,
         verbose_name="UUID",
     )
+    node_origin = models.ForeignKey(
+        "Node",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="originated_net_messages",
+    )
     subject = models.CharField(max_length=64, blank=True)
     body = models.CharField(max_length=256, blank=True)
     reach = models.ForeignKey(
@@ -669,7 +1131,6 @@ class NetMessage(Entity):
         on_delete=models.SET_NULL,
         null=True,
         blank=True,
-        default=get_terminal_role,
     )
     propagated_to = models.ManyToManyField(
         Node, blank=True, related_name="received_net_messages"
@@ -696,10 +1157,12 @@ class NetMessage(Entity):
                 role = reach
             else:
                 role = NodeRole.objects.filter(name=reach).first()
+        origin = Node.get_local()
         msg = cls.objects.create(
             subject=subject[:64],
             body=body[:256],
-            reach=role or get_terminal_role(),
+            reach=role,
+            node_origin=origin,
         )
         msg.propagate(seen=seen or [])
         return msg
@@ -709,8 +1172,28 @@ class NetMessage(Entity):
         import random
         import requests
 
-        notify(self.subject, self.body)
+        displayed = notify(self.subject, self.body)
         local = Node.get_local()
+        if displayed:
+            cutoff = timezone.now() - timedelta(days=7)
+            prune_qs = type(self).objects.filter(created__lt=cutoff)
+            if local:
+                prune_qs = prune_qs.filter(
+                    models.Q(node_origin=local) | models.Q(node_origin__isnull=True)
+                )
+            else:
+                prune_qs = prune_qs.filter(node_origin__isnull=True)
+            if self.pk:
+                prune_qs = prune_qs.exclude(pk=self.pk)
+            prune_qs.delete()
+        if local and not self.node_origin_id:
+            self.node_origin = local
+            self.save(update_fields=["node_origin"])
+        origin_uuid = None
+        if self.node_origin_id:
+            origin_uuid = str(self.node_origin.uuid)
+        elif local:
+            origin_uuid = str(local.uuid)
         private_key = None
         seen = list(seen or [])
         local_id = None
@@ -749,7 +1232,7 @@ class NetMessage(Entity):
 
         target_limit = min(3, len(remaining))
 
-        reach_name = self.reach.name if self.reach else "Terminal"
+        reach_name = self.reach.name if self.reach else None
         role_map = {
             "Terminal": ["Terminal"],
             "Control": ["Control", "Terminal"],
@@ -761,10 +1244,15 @@ class NetMessage(Entity):
                 "Terminal",
             ],
         }
-        role_order = role_map.get(reach_name, ["Terminal"])
+        role_order = role_map.get(reach_name, [None])
         selected: list[Node] = []
         for role_name in role_order:
-            role_nodes = [n for n in remaining if n.role and n.role.name == role_name]
+            if role_name is None:
+                role_nodes = remaining[:]
+            else:
+                role_nodes = [
+                    n for n in remaining if n.role and n.role.name == role_name
+                ]
             random.shuffle(role_nodes)
             for n in role_nodes:
                 selected.append(n)
@@ -785,6 +1273,7 @@ class NetMessage(Entity):
                 "seen": payload_seen,
                 "reach": reach_name,
                 "sender": local_id,
+                "origin": origin_uuid,
             }
             payload_json = json.dumps(payload, separators=(",", ":"), sort_keys=True)
             headers = {"Content-Type": "application/json"}