aws-python-helper 0.23.0__py3-none-any.whl

aws_python_helper/__init__.py

@@ -0,0 +1,45 @@
+"""
+AWS Python Framework
+"""
+
+__version__ = "0.1.0"
+
+# All classes
+from .api.base import API
+from .sqs.consumer_base import SQSConsumer
+from .database.mongo_manager import MongoManager
+from .database.database_proxy import DatabaseProxy
+from .sns.publisher import SNSPublisher
+from .fargate.task_base import FargateTask
+from .fargate.executor import FargateExecutor
+from .lambda_standalone.base import Lambda
+
+# All handlers
+from .fargate.handler import fargate_handler
+from .api.handler import api_handler
+from .sqs.handler import sqs_handler
+from .lambda_standalone.handler import lambda_handler
+
+# Utils
+from .utils.json_encoder import MongoJSONEncoder, mongo_json_dumps
+from .utils.serializer import serialize_mongo_types
+
+
+__all__ = [
+    'API',
+    'SQSConsumer',
+    'MongoManager',
+    'DatabaseProxy',
+    'SNSPublisher',
+    'FargateTask',
+    'FargateExecutor',
+    'Lambda',
+    'fargate_handler',
+    'api_handler',
+    'sqs_handler',
+    'lambda_handler',
+    'MongoJSONEncoder',
+    'mongo_json_dumps',
+    'serialize_mongo_types',
+]
+

aws_python_helper/api/__init__.py

@@ -0,0 +1,11 @@
+"""
+API Module - Components to handle REST APIs
+"""
+
+from .base import API
+from .dispatcher import Dispatcher
+from .fetcher import Fetcher
+from .handler import api_handler
+
+__all__ = ['API', 'Dispatcher', 'Fetcher', 'api_handler']
+

aws_python_helper/api/auth_middleware.py

@@ -0,0 +1,108 @@
+"""
+Auth Middleware - Handles authentication for API requests
+"""
+
+from typing import Dict, Any
+import logging
+
+from .auth_validators import AuthValidator
+from .exceptions import UnauthorizedError
+
+logger = logging.getLogger(__name__)
+
+
+class AuthMiddleware:
+    """
+    Middleware to handle authentication for API requests
+    
+    This middleware:
+    1. Extracts token from Authorization header
+    2. Validates token using configured validator
+    3. Injects user information into API instance
+    4. Raises UnauthorizedError if authentication fails
+    """
+    
+    def __init__(self, validator: AuthValidator):
+        """
+        Initialize middleware with an auth validator
+        
+        Args:
+            validator: AuthValidator instance to use for token validation
+        """
+        self.validator = validator
+    
+    def _extract_token(self, headers: Dict[str, str]) -> str:
+        """
+        Extract token from Authorization header
+        
+        Supports two formats:
+        - Authorization: Bearer <token>
+        - authorization: Bearer <token> (case insensitive)
+        
+        Args:
+            headers: Request headers dictionary
+        
+        Returns:
+            The extracted token string
+        
+        Raises:
+            UnauthorizedError: If Authorization header is missing or invalid
+        """
+        # Try to get Authorization header (case-insensitive)
+        auth_header = None
+        for key, value in headers.items():
+            if key.lower() == 'authorization':
+                auth_header = value
+                break
+        
+        if not auth_header:
+            raise UnauthorizedError("Authorization header is required")
+        
+        # Check Bearer format
+        if not auth_header.startswith('Bearer '):
+            raise UnauthorizedError("Authorization header must use Bearer scheme")
+        
+        # Extract token
+        token = auth_header.replace('Bearer ', '').strip()
+        
+        if not token:
+            raise UnauthorizedError("Token cannot be empty")
+        
+        return token
+    
+    async def authenticate(self, headers: Dict[str, str], api: Any):
+        """
+        Authenticate the request and inject user data into API instance
+        
+        This method:
+        1. Extracts token from headers
+        2. Validates token using the configured validator
+        3. Injects authentication data into the API instance
+        
+        Args:
+            headers: Request headers dictionary
+            api: API instance to inject authentication data into
+        
+        Raises:
+            UnauthorizedError: If authentication fails
+        """
+        
+        try:
+            # 1. Extract token from headers
+            token = self._extract_token(headers)
+            
+            # 2. Validate token
+            auth_data = await self.validator.validate_token(token)
+            
+            # 3. Inject authentication data into API instance
+            api._current_user = auth_data.get('user')
+            api._auth_data = auth_data
+            api._is_authenticated = True
+        except UnauthorizedError:
+            # Re-raise UnauthorizedError as is
+            raise
+        
+        except Exception as e:
+            # Catch any other error and convert to UnauthorizedError
+            logger.error(f"Authentication error: {e}", exc_info=True)
+            raise UnauthorizedError(f"Authentication failed: {str(e)}")

aws_python_helper/api/auth_validators.py

@@ -0,0 +1,143 @@
+"""
+Auth Validators - Validators for different authentication strategies
+"""
+
+from abc import ABC, abstractmethod
+from typing import Dict, Any, Optional
+import os
+import logging
+from datetime import datetime
+from .exceptions import UnauthorizedError
+from ..database.mongo_manager import MongoManager
+
+logger = logging.getLogger(__name__)
+
+
+class AuthValidator(ABC):
+    """
+    Abstract base class for authentication validators
+    
+    Each validator implements a different strategy to validate tokens.
+    """
+    
+    @abstractmethod
+    async def validate_token(self, token: str) -> Dict[str, Any]:
+        """
+        Validate a token and return user information
+        
+        Args:
+            token: The authentication token to validate
+        
+        Returns:
+            Dict with user information: {'user_id': ..., 'user': {...}, ...}
+        
+        Raises:
+            UnauthorizedError: If token is invalid
+        """
+        raise NotImplementedError("Subclasses must implement validate_token()")
+
+
+class TokenValidator(AuthValidator):
+    """
+    Validates authentication tokens
+    
+    Simple unified validator that:
+    1. First checks if token matches AUTH_BYPASS_TOKEN (if set)
+    2. If not bypass, searches token in MongoDB 'tokens' collection
+    3. Validates token is not expired and is active
+    4. Loads complete user data from 'users' collection
+    5. Updates last_used_at timestamp for auditing
+    """
+    
+    async def validate_token(self, token: str) -> Dict[str, Any]:
+        """
+        Validate token against MongoDB or bypass token
+        
+        Args:
+            token: The authentication token to validate
+        
+        Returns:
+            Dict with user_id, user object, and token_data
+        
+        Raises:
+            UnauthorizedError: If token is invalid or expired
+        """
+        
+        # 1. Check bypass token first (for development/testing)
+        bypass_token = os.getenv('AUTH_BYPASS_TOKEN')
+        if bypass_token and token == bypass_token:
+            logger.info("Bypass token used - skipping DB validation")
+            return {
+                'user_id': 'bypass',
+                'user': {
+                    'email': 'bypass@system',
+                    'role': 'admin',
+                    'name': 'Bypass User',
+                    '_id': 'bypass'
+                },
+                'is_bypass': True,
+                'token_data': None
+            }
+        
+        # 2. Get database name from environment
+        db_name = os.getenv('AUTH_DB_NAME') or 'core'
+        if not db_name:
+            raise ValueError(
+                "AUTH_DB_NAME environment variable not set. "
+                "This is required for MongoDB authentication."
+            )
+        
+        # 3. Get database reference
+        if not MongoManager.is_initialized():
+            raise RuntimeError("MongoManager not initialized")
+        
+        db = MongoManager.get_database(db_name)
+        
+        # 4. Search for token in database
+        token_doc = await db.tokens.find_one({
+            'token': token,
+            'is_active': True
+        })
+        
+        if not token_doc:
+            logger.warning(f"Token not found or inactive")
+            raise UnauthorizedError("Invalid or revoked token")
+        
+        # 5. Check if token is expired
+        if 'expires_at' in token_doc:
+            if token_doc['expires_at'] < datetime.utcnow():
+                logger.warning(f"Token expired at {token_doc['expires_at']}")
+                raise UnauthorizedError("Token has expired")
+        
+        # 6. Load user from database
+        user = await db.users.find_one({'_id': token_doc['user_id']})
+        
+        if not user:
+            logger.error(f"User {token_doc['user_id']} not found for valid token")
+            raise UnauthorizedError("User not found")
+        
+        # 7. Check if user is active
+        if 'is_active' in user and not user['is_active']:
+            logger.warning(f"User {user['_id']} is inactive")
+            raise UnauthorizedError("User account is inactive")
+        
+        # 8. Update last_used_at for auditing
+        try:
+            await db.tokens.update_one(
+                {'_id': token_doc['_id']},
+                {'$set': {'last_used_at': datetime.utcnow()}}
+            )
+        except Exception as e:
+            # Non-critical, just log
+            logger.warning(f"Failed to update last_used_at: {e}")
+        
+        # 9. Return user data (remove password from response)
+        user_data = dict(user)
+        user_data.pop('password', None)  # Never return password
+        
+        return {
+            'user_id': str(token_doc['user_id']),
+            'user': user_data,
+            'token_data': token_doc,
+            'is_bypass': False
+        }

aws_python_helper/api/base.py

@@ -0,0 +1,272 @@
+"""
+API Base Class - Base class for all REST APIs
+"""
+
+from abc import ABC, abstractmethod
+import logging
+from typing import Dict, Any, Optional, List
+from ..database.mongo_manager import MongoManager
+from ..database.database_proxy import DatabaseProxy
+from ..database.external_mongo_manager import ExternalMongoManager
+from ..database.external_database_proxy import ExternalDatabaseProxy
+
+
+class API(ABC):
+    """
+    Base class for all REST APIs
+    
+    Base class that provides the basic structure
+    to handle requests and responses from API Gateway.
+    """
+    
+    def __init__(self):
+        # Request properties
+        self._endpoint: str = ""
+        self._http_method: str = ""
+        self._data: Dict[str, Any] = {}
+        self._headers: Dict[str, str] = {}
+        self._path_parameters: List[str] = []
+        self._query_parameters: Dict[str, Any] = {}
+        
+        # Response properties
+        self._response_code: Optional[int] = None
+        self._response_body: Any = None
+        self._response_headers: Dict[str, str] = {}
+        
+        # Database proxy
+        self._db = None
+        self._external_db = None
+        
+        # Authentication properties
+        self._current_user: Optional[Dict[str, Any]] = None
+        self._auth_data: Optional[Dict[str, Any]] = None
+        self._is_authenticated: bool = False
+        self.logger = logging.getLogger(self.__class__.__name__)   
+    
+    @property
+    def endpoint(self) -> str:
+        """Endpoint of the request"""
+        return self._endpoint
+    
+    @endpoint.setter
+    def endpoint(self, value: str):
+        self._endpoint = value
+    
+    @property
+    def http_method(self) -> str:
+        """HTTP method (get, post, put, delete, etc.)"""
+        return self._http_method
+    
+    @http_method.setter
+    def http_method(self, value: str):
+        self._http_method = value
+    
+    @property
+    def data(self) -> Dict[str, Any]:
+        """Data of the request (body for POST/PUT, query params for GET)"""
+        return self._data
+    
+    @data.setter
+    def data(self, value: Dict[str, Any]):
+        self._data = value or {}
+    
+    @property
+    def headers(self) -> Dict[str, str]:
+        """Headers of the request"""
+        return self._headers
+    
+    @headers.setter
+    def headers(self, value: Dict[str, str]):
+        self._headers = value or {}
+    
+    @property
+    def path_parameters(self) -> List[str]:
+        """Path parameters extracted from the URL"""
+        return self._path_parameters
+    
+    @path_parameters.setter
+    def path_parameters(self, value: List[str]):
+        self._path_parameters = value or []
+    
+    @property
+    def query_parameters(self) -> Dict[str, Any]:
+        """Query parameters of the URL"""
+        return self._query_parameters
+    
+    @query_parameters.setter
+    def query_parameters(self, value: Dict[str, Any]):
+        self._query_parameters = value or {}
+    
+    @property
+    def db(self):
+        """
+        Access to MongoDB databases (main cluster)
+        """
+        if self._db is None:
+            self._db = DatabaseProxy(MongoManager)
+        return self._db
+    
+    @property
+    def external_db(self):
+        """
+        Access to external MongoDB clusters
+        
+        Returns None if EXTERNAL_MONGODB_CONNECTIONS environment variable is not set.
+        
+        Usage:
+            if self.external_db:
+                result = await self.external_db.ClusterDockets.smart_data.addresses.find_one({...})
+                await self.external_db.ClusterDockets.core.users.insert_one({...})
+        
+        Returns:
+            ExternalDatabaseProxy instance for accessing external clusters, or None if not configured
+        """
+        if self._external_db is None:
+            # Initialize external connections if not already done
+            if not ExternalMongoManager.is_initialized():
+                has_connections = ExternalMongoManager.initialize()
+                if not has_connections:
+                    # No external connections available, return None
+                    return None
+            else:
+                # Check if there are any connections available
+                if len(ExternalMongoManager.get_available_clusters()) == 0:
+                    return None
+            
+            self._external_db = ExternalDatabaseProxy()
+        return self._external_db
+    
+    @property
+    def current_user(self) -> Optional[Dict[str, Any]]:
+        """
+        Current authenticated user or None if not authenticated
+        
+        This property is populated by the authentication middleware
+        when REQUIRE_AUTH=true.
+        
+        Returns:
+            Dict with user data (email, role, name, etc.) or None
+        
+        Example:
+            if self.is_authenticated:
+                user_email = self.current_user['email']
+                user_role = self.current_user.get('role', 'user')
+        """
+        return self._current_user
+    
+    @property
+    def is_authenticated(self) -> bool:
+        """
+        True if the request has been authenticated
+        
+        This is set to True by the authentication middleware
+        when a valid token is provided.
+        
+        Returns:
+            True if authenticated, False otherwise
+        
+        Example:
+            if not self.is_authenticated:
+                raise ValueError("This operation requires authentication")
+        """
+        return self._is_authenticated
+    
+    @property
+    def auth_data(self) -> Optional[Dict[str, Any]]:
+        """
+        Complete authentication data from the middleware
+        
+        This includes user data, token data, and other metadata
+        provided by the authentication validator.
+        
+        Returns:
+            Dict with authentication data or None
+        """
+        return self._auth_data
+    
+    def set_code(self, code: int):
+        """
+        Set the HTTP response code
+        
+        Args:
+            code: HTTP code (200, 404, 500, etc.)
+        
+        Returns:
+            self to chain calls
+        """
+        self._response_code = code
+        return self
+    
+    def set_body(self, body: Any):
+        """
+        Set the body of the response
+        
+        Args:
+            body: Any serializable object to JSON
+        
+        Returns:
+            self to chain calls
+        """
+        self._response_body = body
+        return self
+    
+    def set_header(self, key: str, value: str):
+        """
+        Add a header to the response
+        
+        Args:
+            key: Name of the header
+            value: Value of the header
+        
+        Returns:
+            self to chain calls
+        """
+        self._response_headers[key] = value
+        return self
+    
+    def set_headers(self, headers: Dict[str, str]):
+        """
+        Set multiple headers
+        
+        Args:
+            headers: Dictionary of headers
+        
+        Returns:
+            self to chain calls
+        """
+        self._response_headers.update(headers)
+        return self
+    
+    @property
+    def response(self) -> Dict[str, Any]:
+        """
+        Return the complete response object
+        
+        Returns:
+            Dict with code, body and headers
+        """
+        return {
+            'code': self._response_code,
+            'body': self._response_body,
+            'headers': self._response_headers
+        }
+    
+    async def validate(self):
+        """
+        Hook for data validation
+        
+        Override this method to implement custom validations.
+        If the validation fails, raise an exception.
+        """
+        pass
+    
+    @abstractmethod
+    async def process(self):
+        """
+        Main method that must be implemented by each class
+        
+        This is the method where you implement the logic of your API.
+        You must use set_body() and optionally set_code() and set_header().
+        """
+        raise NotImplementedError("You must implement the process() method")
+