aspyx-service 0.10.3__py3-none-any.whl → 0.10.4__py3-none-any.whl

aspyx_service/__init__.py

@@ -4,12 +4,14 @@ This module provides the core Aspyx service management framework allowing for se
 
 from aspyx.di import module
 
-from .service import ServiceException, Server, Channel, ComponentDescriptor, inject_service, ChannelAddress, ChannelInstances, ServiceManager, Component, Service, AbstractComponent, ComponentStatus, ComponentRegistry, implementation, health, component, service
-from .channels import HTTPXChannel, DispatchJSONChannel
+from .service import AuthorizationException, MissingTokenException, RemoteServiceException, ServiceCommunicationException, TokenException, TokenExpiredException, InvalidTokenException, component_services, ServiceException, Server, Channel, ComponentDescriptor, inject_service, ChannelAddress, ChannelInstances, ServiceManager, Component, Service, AbstractComponent, ComponentStatus, ComponentRegistry, implementation, health, component, service
+from .channels import HTTPXChannel, DispatchJSONChannel, TokenContext
 from .registries import ConsulComponentRegistry
-from .server import FastAPIServer
+from .server import FastAPIServer, RequestContext
 from .healthcheck import health_checks, health_check, HealthCheckManager, HealthStatus
 from .restchannel import RestChannel, post, get, put, delete, QueryParam, Body, rest
+from .session import Session, SessionManager
+from .authorization import AuthorizationManager, AbstractAuthorizationFactory, AuthorizationException
 
 
 @module()
@@ -38,6 +40,25 @@ __all__ = [
     "service",
     "implementation",
     "inject_service",
+    "component_services",
+    "RemoteServiceException",
+    "ServiceCommunicationException",
+    "TokenException",
+    "TokenExpiredException",
+    "InvalidTokenException",
+    "MissingTokenException",
+    "AuthorizationException",
+
+    # authorization
+
+    "AuthorizationManager",
+    "AbstractAuthorizationFactory",
+    "AuthorizationException",
+
+    # session
+
+    "Session",
+    "SessionManager",
 
     # healthcheck
 
@@ -54,6 +75,7 @@ __all__ = [
 
     "HTTPXChannel",
     "DispatchJSONChannel",
+    "TokenContext",
 
     # rest
 
@@ -69,8 +91,10 @@ __all__ = [
     # registries
 
     "ConsulComponentRegistry",
+    "RequestContext",
 
     # server
 
-    "FastAPIServer"
+    "FastAPIServer",
+    "RequestContext"
 ]

aspyx_service/authorization.py

@@ -0,0 +1,135 @@
+"""
+authorization logic
+"""
+import inspect
+from abc import abstractmethod, ABC
+from typing import Optional, Callable
+
+from aspyx.di import injectable, inject, order
+from aspyx.di.aop import Invocation
+from aspyx.reflection import TypeDescriptor, Decorators
+
+
+class AuthorizationException(Exception):
+    """
+    Any authorization exception
+    """
+    pass
+
+def get_method_class(method):
+    if inspect.ismethod(method) or inspect.isfunction(method):
+        qualname = method.__qualname__
+        parts = qualname.split('.')
+        if len(parts) > 1:
+            cls_name = parts[-2]
+            module = inspect.getmodule(method)
+            if module:
+                for name, obj in inspect.getmembers(module, inspect.isclass):
+                    if name == cls_name and hasattr(obj, method.__name__):
+                        return obj
+    return None
+
+@injectable()
+class AuthorizationManager:
+    """
+    The authorization manager is used to remember and execute pluggable authorization checks.
+    """
+    class Authorization():
+        """
+        Base class for authorization checks
+        """
+        def check(self, invocation: Invocation):
+            """
+            execute the authorization check. Throws an exception in case of violations,
+            """
+            pass
+
+    class AuthorizationFactory(ABC):
+        """
+        An authorization factory is used to create possible authorization checks given a method descriptor
+        """
+
+        def __init__(self, order = 0):
+            self.order = order
+
+        @abstractmethod
+        def compute_authorization(self, method_descriptor: TypeDescriptor.MethodDescriptor) -> Optional['AuthorizationManager.Authorization']:
+            """
+            return a possible authorization check given a method descriptor
+            Args:
+                method_descriptor: the corresponding method descriptor
+
+            Returns:
+                an authorization check or None
+            """
+            pass
+
+    # constructor
+
+    def __init__(self):
+        self.factories : list[AuthorizationManager.AuthorizationFactory] = []
+        self.checks : dict[Callable, list[AuthorizationManager.Authorization]] = {}
+
+    # public
+
+    def register_factory(self, factory: 'AuthorizationManager.AuthorizationFactory'):
+        self.factories.append(factory)
+
+        self.factories.sort(key=lambda factory: factory.order)
+
+    # internal
+
+    def compute_checks(self, func: Callable) -> list[Authorization]:
+        checks = []
+
+        clazz = get_method_class(func)
+
+        descriptor = TypeDescriptor.for_type(clazz).get_method(func.__name__)
+
+        for factory in self.factories:
+            check = factory.compute_authorization(descriptor)
+            if check is not None:
+                checks.append(check)
+
+        return checks
+
+    def get_checks(self, func: Callable) -> list[Authorization]:
+        """
+        return a list of authorization checks given a function.
+
+        Args:
+            func: the corresponding function.
+
+        Returns:
+            list of authorization checks
+        """
+        checks = self.checks.get(func, None)
+        if checks is None:
+            checks = self.compute_checks(func)
+            self.checks[func] = checks
+            print(checks)
+
+        return checks
+
+    def check(self, invocation: Invocation) -> Optional[Authorization]:
+        for check in self.get_checks(invocation.func):
+            check.check(invocation)
+
+class AbstractAuthorizationFactory(AuthorizationManager.AuthorizationFactory):
+    """
+    Abstract base class for authorization factories
+    """
+
+    # constructor
+
+    def __init__(self):
+        super().__init__(0)
+
+        if Decorators.has_decorator(type(self), order):
+            self.order = Decorators.get_decorator(type(self), order).args[0]
+
+    # inject
+
+    @inject()
+    def set_authorization_manager(self, authorization_manager: AuthorizationManager):
+        authorization_manager.register_factory(self)

aspyx_service/channels.py

@@ -3,22 +3,62 @@ Service management and dependency injection framework.
 """
 from __future__ import annotations
 
-import json
-from dataclasses import is_dataclass, asdict, fields
+import typing
+from contextlib import contextmanager
+from dataclasses import is_dataclass, fields
 from typing import Type, Optional, Any, Callable
 
+import httpx
 import msgpack
-from httpx import Client, AsyncClient
+from httpx import Client, AsyncClient, USE_CLIENT_DEFAULT
 from pydantic import BaseModel
 
 from aspyx.di.configuration import inject_value
 from aspyx.reflection import DynamicProxy, TypeDescriptor
-from aspyx.threading import ThreadLocal
-from .service import ServiceManager, ServiceCommunicationException
+from aspyx.threading import ThreadLocal, ContextLocal
+from .service import ServiceManager, ServiceCommunicationException, TokenExpiredException, InvalidTokenException, \
+    AuthorizationException, MissingTokenException
 
 from .service import ComponentDescriptor, ChannelInstances, ServiceException, channel, Channel, RemoteServiceException
-from .serialization import get_deserializer
+from .serialization import get_deserializer, TypeDeserializer, TypeSerializer, get_serializer
 
+class TokenContext:
+    """
+    TokeContext covers two context locals for both the access and - optional - refresh topen
+    """
+    access_token = ContextLocal[str]("access_token", default=None)
+    refresh_token = ContextLocal[str]("refresh_token", default=None)
+
+    @classmethod
+    def get_access_token(cls) -> Optional[str]:
+        return cls.access_token.get()
+
+    @classmethod
+    def get_refresh_token(cls) -> Optional[str]:
+        return cls.refresh_token.get()
+
+
+    @classmethod
+    def set(cls, access_token: str, refresh_token: Optional[str] = None):
+        cls.access_token.set(access_token)
+        if refresh_token:
+            cls.refresh_token.set(refresh_token)
+
+    @classmethod
+    def clear(cls):
+        cls.access_token.set(None)
+        cls.refresh_token.set(None)
+
+    @classmethod
+    @contextmanager
+    def use(cls, access_token: str, refresh_token: Optional[str] = None):
+        access_token = cls.access_token.set(access_token)
+        refresh_token = cls.refresh_token.set(refresh_token)
+        try:
+            yield
+        finally:
+            cls.access_token.reset(access_token)
+            cls.refresh_token.reset(refresh_token)
 
 class HTTPXChannel(Channel):
     __slots__ = [
@@ -26,7 +66,8 @@ class HTTPXChannel(Channel):
         "async_client",
         "service_names",
         "deserializers",
-        "timeout"
+        "timeout",
+        "optimize_serialization"
     ]
 
     # class properties
@@ -39,8 +80,7 @@ class HTTPXChannel(Channel):
     @classmethod
     def to_dict(cls, obj: Any) -> Any:
         if isinstance(obj, BaseModel):
-            return obj.dict()
-
+            return obj.model_dump()
 
         elif is_dataclass(obj):
             return {
@@ -57,10 +97,6 @@ class HTTPXChannel(Channel):
 
         return obj
 
-    @classmethod
-    def to_json(cls, obj) -> str:
-        return json.dumps(cls.to_dict(obj))
-
     # constructor
 
     def __init__(self):
@@ -68,7 +104,9 @@ class HTTPXChannel(Channel):
 
         self.timeout = 1000.0
         self.service_names: dict[Type, str] = {}
+        self.serializers: dict[Callable, list[Callable]] = {}
         self.deserializers: dict[Callable, Callable] = {}
+        self.optimize_serialization = True
 
     # inject
 
@@ -78,7 +116,27 @@ class HTTPXChannel(Channel):
 
     # protected
 
-    def get_deserializer(self, type: Type, method: Callable) -> Type:
+    def serialize_args(self, invocation: DynamicProxy.Invocation) -> list[Any]:
+        deserializers = self.get_serializers(invocation.type, invocation.method)
+
+        args = list(invocation.args)
+        for index, deserializer in enumerate(deserializers):
+            args[index] = deserializer(args[index])
+
+        return args
+
+    def get_serializers(self, type: Type, method: Callable) -> list[TypeSerializer]:
+        serializers = self.serializers.get(method, None)
+        if serializers is None:
+            param_types = TypeDescriptor.for_type(type).get_method(method.__name__).param_types
+
+            serializers = [get_serializer(type) for type in param_types]
+
+            self.serializers[method] = serializers
+
+        return serializers
+
+    def get_deserializer(self, type: Type, method: Callable) -> TypeDeserializer:
         deserializer = self.deserializers.get(method, None)
         if deserializer is None:
             return_type = TypeDescriptor.for_type(type).get_method(method.__name__).return_type
@@ -125,6 +183,79 @@ class HTTPXChannel(Channel):
     def make_async_client(self) -> AsyncClient:
         return AsyncClient()  # base_url=url
 
+    def request(self, http_method: str, url: str, json: Optional[typing.Any] = None,
+                params: Optional[Any] = None, headers: Optional[Any] = None,
+                timeout: Any = USE_CLIENT_DEFAULT, content: Optional[Any] = None) -> httpx.Response:
+
+        token = TokenContext.get_access_token()
+        if token is not None:
+            if headers is None:  # None is also valid!
+                headers = {}
+
+            ## add bearer token
+
+            headers["Authorization"] = f"Bearer {token}"
+
+        try:
+            response = self.get_client().request(http_method, url, params=params, json=json, headers=headers, timeout=timeout, content=content)
+            response.raise_for_status()
+        except httpx.RequestError as e:
+            raise ServiceCommunicationException(str(e)) from e
+
+        except httpx.HTTPStatusError as e:
+            if e.response.status_code == 401:
+                www_auth = e.response.headers.get("www-authenticate", "")
+                if "invalid_token" in www_auth:
+                    if 'expired' in www_auth:
+                        raise TokenExpiredException() from e
+                    elif 'missing' in www_auth:
+                        raise MissingTokenException() from e
+                    else:
+                        raise InvalidTokenException() from e
+
+            raise AuthorizationException(str(e)) from e
+        except httpx.HTTPError as e:
+            raise RemoteServiceException(str(e)) from e
+
+        return response
+
+    async def request_async(self, http_method: str, url: str, json: Optional[typing.Any] = None,
+                params: Optional[Any] = None, headers: Optional[Any] = None,
+                timeout: Any = USE_CLIENT_DEFAULT, content: Optional[Any] = None) -> httpx.Response:
+
+        token = TokenContext.get_access_token()
+        if token is not None:
+            if headers is None:  # None is also valid!
+                headers = {}
+
+            ## add bearer token
+
+            headers["Authorization"] = f"Bearer {token}"
+
+        try:
+            response = await self.get_async_client().request(http_method, url, params=params, json=json, headers=headers,
+                                                 timeout=timeout, content=content)
+            response.raise_for_status()
+        except httpx.RequestError as e:
+            raise ServiceCommunicationException(str(e)) from e
+
+        except httpx.HTTPStatusError as e:
+            if e.response.status_code == 401:
+                www_auth = e.response.headers.get("www-authenticate", "")
+                if "invalid_token" in www_auth:
+                    if 'expired' in www_auth:
+                        raise TokenExpiredException() from e
+                    elif 'missing' in www_auth:
+                        raise MissingTokenException() from e
+                    else:
+                        raise InvalidTokenException() from e
+
+            raise RemoteServiceException(str(e)) from e
+        except httpx.HTTPError as e:
+            raise RemoteServiceException(str(e)) from e
+
+        return response
+
 class Request(BaseModel):
     method: str  # component:service:method
     args: tuple[Any, ...]
@@ -158,20 +289,25 @@ class DispatchJSONChannel(HTTPXChannel):
 
     def invoke(self, invocation: DynamicProxy.Invocation):
         service_name = self.service_names[invocation.type]  # map type to registered service name
-        request = Request(method=f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}",
-                          args=invocation.args)
 
-        dict = self.to_dict(request)
-        try:
-            result = Response(**self.get_client().post(f"{self.get_url()}/invoke", json=dict, timeout=self.timeout).json())
-            if result.exception is not None:
-                raise RemoteServiceException(f"server side exception {result.exception}")
+        request : dict = {
+            "method": f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}"
+            #"args": invocation.args
+        }
 
-            return self.get_deserializer(invocation.type, invocation.method)(result.result)
-        except ServiceCommunicationException:
-            raise
+        if self.optimize_serialization:
+            request["args"] = self.serialize_args(invocation)
+        else:
+            request["args"] = self.to_dict(invocation.args)
 
-        except RemoteServiceException:
+        try:
+            http_result = self.request( "post", f"{self.get_url()}/invoke", json=request, timeout=self.timeout)
+            result = http_result.json()
+            if result["exception"] is not None:
+                raise RemoteServiceException(f"server side exception {result['exception']}")
+
+            return self.get_deserializer(invocation.type, invocation.method)(result["result"])
+        except (ServiceCommunicationException, AuthorizationException, RemoteServiceException) as e:
             raise
 
         except Exception as e:
@@ -180,22 +316,25 @@ class DispatchJSONChannel(HTTPXChannel):
 
     async def invoke_async(self, invocation: DynamicProxy.Invocation):
         service_name = self.service_names[invocation.type]  # map type to registered service name
-        request = Request(method=f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}",
-                          args=invocation.args)
-        dict = self.to_dict(request)
-        try:
-            data =  await self.get_async_client().post(f"{self.get_url()}/invoke", json=dict, timeout=self.timeout)
-            result = Response(**data.json())
+        request : dict = {
+            "method": f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}"
+        }
 
-            if result.exception is not None:
-                raise RemoteServiceException(f"server side exception {result.exception}")
+        if self.optimize_serialization:
+            request["args"] = self.serialize_args(invocation)
+        else:
+            request["args"] = self.to_dict(invocation.args)
 
-            return self.get_deserializer(invocation.type, invocation.method)(result.result)
+        try:
+            data =  await self.request_async("post", f"{self.get_url()}/invoke", json=request, timeout=self.timeout)
+            result = data.json()
 
-        except ServiceCommunicationException:
-            raise
+            if result["exception"] is not None:
+                raise RemoteServiceException(f"server side exception {result['exception']}")
 
-        except RemoteServiceException:
+            return self.get_deserializer(invocation.type, invocation.method)(result["result"])
+
+        except (ServiceCommunicationException, AuthorizationException, RemoteServiceException) as e:
             raise
 
         except Exception as e:
@@ -221,13 +360,19 @@ class DispatchMSPackChannel(HTTPXChannel):
 
     def invoke(self, invocation: DynamicProxy.Invocation):
         service_name = self.service_names[invocation.type]  # map type to registered service name
-        request = Request(method=f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}",
-                          args=invocation.args)
+        request: dict = {
+            "method": f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}"
+        }
+
+        if self.optimize_serialization:
+            request["args"] = self.serialize_args(invocation)
+        else:
+            request["args"] = self.to_dict(invocation.args)
 
         try:
-            packed = msgpack.packb(self.to_dict(request), use_bin_type=True)
+            packed = msgpack.packb(request, use_bin_type=True)
 
-            response = self.get_client().post(
+            response = self.request("post",
                 f"{self.get_url()}/invoke",
                 content=packed,
                 headers={"Content-Type": "application/msgpack"},
@@ -241,6 +386,25 @@ class DispatchMSPackChannel(HTTPXChannel):
 
             return self.get_deserializer(invocation.type, invocation.method)(result["result"])
 
+
+        except httpx.RequestError as e:
+            raise ServiceCommunicationException(str(e)) from e
+
+        except httpx.HTTPStatusError as e:
+            if e.response.status_code == 401:
+                www_auth = e.response.headers.get("www-authenticate", "")
+                if "invalid_token" in www_auth:
+                    if 'expired' in www_auth:
+                        raise TokenExpiredException() from e
+                    elif 'missing' in www_auth:
+                        raise MissingTokenException() from e
+                    else:
+                        raise InvalidTokenException() from e
+
+            raise RemoteServiceException(str(e)) from e
+        except httpx.HTTPError as e:
+            raise RemoteServiceException(str(e)) from e
+
         except ServiceCommunicationException:
             raise
 
@@ -252,13 +416,19 @@ class DispatchMSPackChannel(HTTPXChannel):
 
     async def invoke_async(self, invocation: DynamicProxy.Invocation):
         service_name = self.service_names[invocation.type]  # map type to registered service name
-        request = Request(method=f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}",
-                          args=invocation.args)
+        request: dict = {
+            "method": f"{self.component_descriptor.name}:{service_name}:{invocation.method.__name__}"
+        }
+
+        if self.optimize_serialization:
+            request["args"] = self.serialize_args(invocation)
+        else:
+            request["args"] = self.to_dict(invocation.args)
 
         try:
-            packed = msgpack.packb(self.to_dict(request), use_bin_type=True)
+            packed = msgpack.packb(request, use_bin_type=True)
 
-            response = await self.get_async_client().post(
+            response = await self.request_async("post",
                 f"{self.get_url()}/invoke",
                 content=packed,
                 headers={"Content-Type": "application/msgpack"},
@@ -272,6 +442,25 @@ class DispatchMSPackChannel(HTTPXChannel):
 
             return self.get_deserializer(invocation.type, invocation.method)(result["result"])
 
+        except httpx.RequestError as e:
+            raise ServiceCommunicationException(str(e)) from e
+
+        except httpx.HTTPStatusError as e:
+            if e.response.status_code == 401:
+                www_auth = e.response.headers.get("www-authenticate", "")
+                if "invalid_token" in www_auth:
+                    if 'expired' in www_auth:
+                        raise TokenExpiredException() from e
+                    elif 'missing' in www_auth:
+                        raise MissingTokenException() from e
+                    else:
+                        raise InvalidTokenException() from e
+
+            raise RemoteServiceException(str(e)) from e
+
+        except httpx.HTTPError as e:
+            raise RemoteServiceException(str(e)) from e
+
         except ServiceCommunicationException:
             raise
 

aspyx_service/healthcheck.py

@@ -117,7 +117,7 @@ class HealthCheckManager:
                 "status": str(self.status),
             }
 
-            if len(self.details) > 0:
+            if self.details:
                 result["details"] = self.details
 
             return result

aspyx_service/registries.py

@@ -42,19 +42,19 @@ class ConsulComponentRegistry(ComponentRegistry):
     # injections
 
     @inject_value("consul.watchdog.interval", default=5)
-    def set_interval(self, interval):
+    def set_watchdog_interval(self, interval):
         self.watchdog_interval = interval
 
     @inject_value("consul.healthcheck.interval", default="10s")
-    def set_interval(self, interval):
+    def set_healthcheck_interval(self, interval):
         self.healthcheck_interval = interval
 
     @inject_value("consul.healthcheck.timeout", default="3s")
-    def set_interval(self, interval):
+    def set_healthcheck_timeout(self, interval):
         self.healthcheck_timeout = interval
 
     @inject_value("consul.healthcheck.deregister", default="5m")
-    def set_interval(self, interval):
+    def set_healthcheck_deregister(self, interval):
         self.healthcheck_deregister = interval
 
     # lifecycle hooks
@@ -220,7 +220,7 @@ class ConsulComponentRegistry(ComponentRegistry):
 
             # only cache if non-empty
 
-            if len(component_addresses) > 0:
+            if component_addresses:
                 self.component_addresses[descriptor.name] = component_addresses
 
         return list(component_addresses.values())