dap-platform 0.1.0__tar.gz

dap_platform-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      - run: pip install build
+      - run: python -m build
+      - uses: pypa/gh-action-pypi-publish@release/v1

dap_platform-0.1.0/.gitignore

@@ -0,0 +1,19 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+dist/
+build/
+.eggs/
+*.egg
+.venv/
+venv/
+*.db
+*.sqlite
+.idea/
+.vscode/
+*.swp
+*.swo
+check_*.py
+fix_*.py
+diagnose*.py

dap_platform-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Pavel Maximov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

dap_platform-0.1.0/PKG-INFO

@@ -0,0 +1,31 @@
+Metadata-Version: 2.4
+Name: dap-platform
+Version: 0.1.0
+Summary: Audit management platform with GRC workflows and BI analytics
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: >=3.10
+Requires-Dist: fastapi>=0.104
+Requires-Dist: httpx>=0.25
+Requires-Dist: itsdangerous>=2.0
+Requires-Dist: jinja2>=3.1
+Requires-Dist: python-docx>=1.0
+Requires-Dist: python-multipart>=0.0.6
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: uvicorn[standard]>=0.24
+Provides-Extra: duckdb
+Requires-Dist: duckdb>=0.9; extra == 'duckdb'
+Provides-Extra: ldap
+Requires-Dist: ldap3>=2.9; extra == 'ldap'
+Provides-Extra: oracle
+Requires-Dist: oracledb>=2.0; extra == 'oracle'
+Provides-Extra: postgres
+Requires-Dist: asyncpg>=0.29; extra == 'postgres'
+Requires-Dist: psycopg2-binary>=2.9; extra == 'postgres'
+Description-Content-Type: text/markdown
+
+# DataAudit Platform
+Audit management platform with GRC workflows and BI analytics.
+
+Install: pip install dap-platform
+Run: dataaudit serve

dap_platform-0.1.0/README.md

@@ -0,0 +1,5 @@
+# DataAudit Platform
+Audit management platform with GRC workflows and BI analytics.
+
+Install: pip install dap-platform
+Run: dataaudit serve

dap_platform-0.1.0/pyproject.toml

@@ -0,0 +1,33 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "dap-platform"
+version = "0.1.0"
+description = "Audit management platform with GRC workflows and BI analytics"
+readme = "README.md"
+requires-python = ">=3.10"
+license = "MIT"
+dependencies = [
+    "fastapi>=0.104",
+    "uvicorn[standard]>=0.24",
+    "jinja2>=3.1",
+    "python-multipart>=0.0.6",
+    "itsdangerous>=2.0",
+    "httpx>=0.25",
+    "pyyaml>=6.0",
+    "python-docx>=1.0",
+]
+
+[project.optional-dependencies]
+postgres = ["asyncpg>=0.29", "psycopg2-binary>=2.9"]
+ldap = ["ldap3>=2.9"]
+oracle = ["oracledb>=2.0"]
+duckdb = ["duckdb>=0.9"]
+
+[project.scripts]
+dataaudit = "dataaudit.cli:main"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/dataaudit"]

dap_platform-0.1.0/rename.py

@@ -0,0 +1,23 @@
+import pathlib
+
+# 1. pyproject.toml
+pp = pathlib.Path("pyproject.toml")
+txt = pp.read_text(encoding="utf-8")
+txt = txt.replace('name = "dataaudit"', 'name = "dap-platform"', 1)
+pp.write_text(txt, encoding="utf-8")
+print("pyproject.toml: name -> dap-platform")
+
+# 2. README.md - update install commands
+rm = pathlib.Path("README.md")
+if rm.exists():
+    rtxt = rm.read_text(encoding="utf-8")
+    rtxt = rtxt.replace("pip install dataaudit", "pip install dap-platform")
+    rtxt = rtxt.replace("pypi.org/project/dataaudit", "pypi.org/project/dap-platform")
+    rtxt = rtxt.replace("badge.fury.io/py/dataaudit", "badge.fury.io/py/dap-platform")
+    rm.write_text(rtxt, encoding="utf-8")
+    print("README.md: updated")
+
+# 3. Rebuild
+print("\nNow run:")
+print("  Remove-Item dist/* -Force")
+print("  python -m build")

dap_platform-0.1.0/rename_pkg.py

@@ -0,0 +1,9 @@
+options = [
+    "dap-platform",
+    "dataaudit-platform", 
+    "audit-platform",
+    "dap-audit",
+    "dataaudit-grc",
+]
+for o in options:
+    print(f"  pip install {o}")

dap_platform-0.1.0/src/dataaudit/__init__.py

@@ -0,0 +1,2 @@
+"""DataAudit Platform — Audit Management & Analytics"""
+__version__ = "0.1.0"

dap_platform-0.1.0/src/dataaudit/__main__.py

@@ -0,0 +1,3 @@
+"""Allow `python -m dataaudit`."""
+from .cli import main
+main()

dap_platform-0.1.0/src/dataaudit/app.py

@@ -0,0 +1,473 @@
+from fastapi import FastAPI, Request, Form
+from fastapi.staticfiles import StaticFiles
+from fastapi.templating import Jinja2Templates
+from fastapi.responses import HTMLResponse, RedirectResponse
+from pathlib import Path
+import asyncio
+import os
+import logging
+from datetime import datetime, time as dtime, timedelta
+import yaml
+
+from dataaudit.routers.bi_native import router as bi_router
+from dataaudit.routers.workflows import router as workflows_router
+from dataaudit.routers.grc import router as grc_router
+from dataaudit.routers.my_reports import router as my_reports_router
+from dataaudit.auth import (
+    get_current_user,
+    auth_middleware,
+    add_user_to_context,
+)
+from dataaudit.auth.local_auth import get_auth_client
+from dataaudit.auth.session import get_session_manager
+logging.getLogger("dap.scheduler").setLevel(logging.INFO)
+logging.getLogger("dap.scheduler").addHandler(logging.StreamHandler())
+app = FastAPI(title="DataAudit Platform")
+app.include_router(bi_router)
+app.include_router(workflows_router)
+app.include_router(grc_router)
+app.include_router(my_reports_router)
+
+
+# Auth middleware - protects all routes except /login, /health, /static
+app.middleware("http")(auth_middleware)
+
+# Mount static files
+_PKG_DIR = Path(__file__).parent
+app.mount("/static", StaticFiles(directory=str(_PKG_DIR / "static")), name="static")
+
+# Setup Jinja2 templates
+templates = Jinja2Templates(directory=str(_PKG_DIR / "templates"))
+
+
+def load_useful_links():
+    """Load useful links from YAML config"""
+    config_path = _PKG_DIR / "config" / "useful_links.yaml"
+    try:
+        with open(config_path, 'r', encoding='utf-8') as f:
+            return yaml.safe_load(f)
+    except Exception as e:
+        print(f"Error loading useful links: {e}")
+        return {"categories": []}
+
+
+@app.get("/", response_class=HTMLResponse)
+async def home(request: Request):
+    return templates.TemplateResponse(
+        "pages/home.html",
+        {"request": request, "current_page": "home", **add_user_to_context(request)}
+    )
+
+
+@app.get("/reports", response_class=HTMLResponse)
+async def reports(request: Request):
+    """Legacy route - redirect to my-reports"""
+    return RedirectResponse(url="/my-reports", status_code=302)
+
+
+@app.get("/my-reports", response_class=HTMLResponse)
+async def my_reports_page(request: Request):
+    return templates.TemplateResponse(
+        "pages/my_reports.html",
+        {"request": request, "current_page": "my-reports", **add_user_to_context(request)}
+    )
+
+
+# ── BI Analytics (Native) ─────────────────────────────────────────────
+
+@app.get("/analytics", response_class=HTMLResponse)
+async def analytics(request: Request):
+    return templates.TemplateResponse(
+        "pages/bi_analytics.html",
+        {"request": request, "current_page": "analytics", **add_user_to_context(request)}
+    )
+
+
+@app.get("/analytics/sql", response_class=HTMLResponse)
+async def analytics_sql(request: Request):
+    return templates.TemplateResponse(
+        "pages/bi/sql_lab.html",
+        {"request": request, "current_page": "analytics", **add_user_to_context(request)}
+    )
+
+
+@app.get("/analytics/charts", response_class=HTMLResponse)
+async def analytics_charts(request: Request):
+    return templates.TemplateResponse(
+        "pages/bi/charts.html",
+        {"request": request, "current_page": "analytics", **add_user_to_context(request)}
+    )
+
+
+@app.get("/analytics/charts/{chart_id}/edit", response_class=HTMLResponse)
+async def analytics_chart_edit(request: Request, chart_id: int):
+    return templates.TemplateResponse(
+        "pages/bi/chart_edit.html",
+        {"request": request, "current_page": "analytics", "chart_id": chart_id, **add_user_to_context(request)}
+    )
+
+
+@app.get("/analytics/dashboards", response_class=HTMLResponse)
+async def analytics_dashboards(request: Request):
+    return templates.TemplateResponse(
+        "pages/bi/dashboards.html",
+        {"request": request, "current_page": "analytics", **add_user_to_context(request)}
+    )
+
+
+@app.get("/analytics/dashboards/{dashboard_id}", response_class=HTMLResponse)
+async def analytics_dashboard_view(request: Request, dashboard_id: int):
+    return templates.TemplateResponse(
+        "pages/bi/dashboard_view.html",
+        {"request": request, "current_page": "analytics", "dashboard_id": dashboard_id, **add_user_to_context(request)}
+    )
+
+
+@app.get("/analytics/datasources", response_class=HTMLResponse)
+async def analytics_datasources(request: Request):
+    return templates.TemplateResponse(
+        "pages/bi/datasources.html",
+        {"request": request, "current_page": "analytics", **add_user_to_context(request)}
+    )
+
+
+# ── GRC Workflows (Native) ────────────────────────────────────────────
+
+@app.get("/workflows", response_class=HTMLResponse)
+async def workflows(request: Request):
+    return templates.TemplateResponse(
+        "pages/workflows.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/plans", response_class=HTMLResponse)
+async def grc_plans(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/plans.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/plans/{plan_id}", response_class=HTMLResponse)
+async def grc_plan_detail(request: Request, plan_id: int):
+    return templates.TemplateResponse(
+        "pages/grc/plan_detail.html",
+        {"request": request, "current_page": "workflows", "plan_id": plan_id, **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/engagements", response_class=HTMLResponse)
+async def grc_engagements(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/engagements.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/engagements/{engagement_id}", response_class=HTMLResponse)
+async def grc_engagement_detail(request: Request, engagement_id: int):
+    return templates.TemplateResponse(
+        "pages/grc/engagement_detail.html",
+        {"request": request, "current_page": "workflows", "engagement_id": engagement_id, **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/findings/{finding_id}", response_class=HTMLResponse)
+async def grc_finding_detail(request: Request, finding_id: int):
+    return templates.TemplateResponse(
+        "pages/grc/finding_detail.html",
+        {"request": request, "current_page": "workflows", "finding_id": finding_id, **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/remediations", response_class=HTMLResponse)
+async def grc_remediations(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/remediations.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/remediations/{remediation_id}", response_class=HTMLResponse)
+async def grc_remediation_detail(request: Request, remediation_id: int):
+    return templates.TemplateResponse(
+        "pages/grc/remediation_detail.html",
+        {"request": request, "current_page": "workflows", "remediation_id": remediation_id, **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/notifications", response_class=HTMLResponse)
+async def grc_notifications(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/notifications.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+
+@app.get("/workflows/settings", response_class=HTMLResponse)
+async def grc_settings(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/settings_workflows.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+@app.get("/workflows/universe", response_class=HTMLResponse)
+async def page_universe(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/universe.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+@app.get("/workflows/strategic-plans", response_class=HTMLResponse)
+async def page_strategic_plans(request: Request):
+    return templates.TemplateResponse(
+        "pages/grc/strategic_plans.html",
+        {"request": request, "current_page": "workflows", **add_user_to_context(request)}
+    )
+
+@app.get("/workflows/strategic-plans/{plan_id}", response_class=HTMLResponse)
+async def page_strategic_plan_detail(request: Request, plan_id: int):
+    return templates.TemplateResponse(
+        "pages/grc/strategic_plan_detail.html",
+        {"request": request, "current_page": "workflows", "plan_id": plan_id, **add_user_to_context(request)}
+    )
+# ── Other Pages ────────────────────────────────────────────────────────
+
+@app.get("/ai", response_class=HTMLResponse)
+async def ai_assistant(request: Request):
+    return templates.TemplateResponse(
+        "pages/ai_assistant.html",
+        {"request": request, "current_page": "ai", **add_user_to_context(request)}
+    )
+
+
+@app.get("/governance", response_class=HTMLResponse)
+async def data_governance(request: Request):
+    return templates.TemplateResponse(
+        "pages/data_governance.html",
+        {"request": request, "current_page": "governance", **add_user_to_context(request)}
+    )
+
+
+@app.get("/useful-links", response_class=HTMLResponse)
+async def useful_links(request: Request):
+    links_config = load_useful_links()
+    return templates.TemplateResponse(
+        "pages/useful_links.html",
+        {
+            "request": request,
+            "current_page": "useful-links",
+            "categories": links_config.get("categories", []),
+            **add_user_to_context(request)
+        }
+    )
+
+
+@app.get("/settings", response_class=HTMLResponse)
+async def settings(request: Request):
+    return templates.TemplateResponse(
+        "pages/settings.html",
+        {"request": request, "current_page": "settings", **add_user_to_context(request)}
+    )
+
+
+@app.get("/login", response_class=HTMLResponse)
+async def login(request: Request, next: str = "/", error: str = None):
+    # If already logged in, redirect
+    user = await get_current_user(request)
+    if user:
+        return RedirectResponse(url=next, status_code=302)
+
+    error_messages = {
+        "invalid": "Неверный логин или пароль",
+        "expired": "Сессия истекла. Войдите снова.",
+        "unavailable": "Сервис авторизации недоступен. Обратитесь в службу поддержки.",
+    }
+
+    return templates.TemplateResponse(
+        "login.html",
+        {"request": request, "next": next, "error_message": error_messages.get(error)}
+    )
+
+
+@app.post("/login")
+async def login_post(
+    request: Request,
+    username: str = Form(...),
+    password: str = Form(...),
+    next: str = Form("/"),
+):
+    auth = get_auth_client()
+    session_mgr = get_session_manager()
+
+    result = await auth.authenticate(username.strip(), password)
+
+    if not result.success:
+        error = "unavailable" if result.error_code == "LDAP_UNREACHABLE" else "invalid"
+        return RedirectResponse(url=f"/login?error={error}&next={next}", status_code=302)
+
+    session = session_mgr.create_session(result.user)
+    response = RedirectResponse(url=next, status_code=302)
+    session_mgr.set_session_cookie(response, session)
+    return response
+
+
+@app.get("/logout")
+async def logout(request: Request):
+    session_mgr = get_session_manager()
+    html = """
+    <!DOCTYPE html>
+    <html>
+    <head><title>Выход...</title></head>
+    <body>
+    <script>
+        window.location.replace('/login');
+    </script>
+    </body>
+    </html>
+    """
+    response = HTMLResponse(html)
+    session_mgr.logout(request, response)
+    response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+    return response
+
+
+@app.get("/api/me")
+async def me(request: Request):
+    user = await get_current_user(request)
+    if not user:
+        return {"error": "Не авторизован"}
+    return user.to_dict()
+
+
+# ── Escalation Scheduler ─────────────────────────────────────────────
+_sched_logger = logging.getLogger("dap.scheduler")
+
+
+async def _run_escalation():
+    """Direct escalation check — no HTTP, no auth needed."""
+    from dataaudit.database import get_pool
+    from dataaudit.routers.grc import (
+        _get_config, _notify, _resolve_user_email,
+        _escalation_email_html, get_email_service, _today,
+    )
+
+    pool = await get_pool()
+    today = _today()
+
+    escalation_config = await _get_config(pool, "escalation", "deadlines")
+    thresholds = escalation_config.get("thresholds", [])
+
+    tasks = await pool.fetch(
+        """SELECT r.*, f.title as finding_title, f.ref_number as finding_ref,
+                  u.head_user_id as unit_head
+           FROM grc.remediation_tasks r
+           LEFT JOIN grc.findings f ON r.finding_id = f.id
+           LEFT JOIN grc.org_units u ON r.assigned_to_unit_id = u.id
+           WHERE r.status NOT IN ('closed', 'cancelled', 'verified')
+             AND r.escalation_enabled = TRUE
+             AND (r.escalation_muted_until IS NULL OR r.escalation_muted_until < $1)""",
+        today,
+    )
+
+    created = 0
+    for task in tasks:
+        deadline = task["deadline"]
+        days_until = (deadline - today).days
+        assignee = task["assigned_to_user_id"]
+        unit_head = task["unit_head"]
+        ref = task["ref_number"] or f"#{task['id']}"
+        title = task["title"]
+
+        if days_until < 0 and not task["is_overdue"]:
+            await pool.execute(
+                "UPDATE grc.remediation_tasks SET is_overdue=TRUE, updated_at=NOW() WHERE id=$1",
+                task["id"],
+            )
+
+        for threshold in thresholds:
+            matched = False
+            ntype = threshold.get("type", "")
+            if "days_before" in threshold:
+                db = threshold["days_before"]
+                if (db > 0 and days_until == db) or (db == 0 and days_until == 0):
+                    matched = True
+            if "days_after" in threshold and days_until < 0:
+                if threshold.get("repeat") == "daily":
+                    matched = True
+                elif abs(days_until) == threshold["days_after"]:
+                    matched = True
+            if not matched:
+                continue
+
+            notify_targets = threshold.get("notify", [])
+            overdue_days = abs(days_until) if days_until < 0 else 0
+            msg_prefix = (
+                f"Срок через {days_until} дн." if days_until > 0
+                else "Срок сегодня" if days_until == 0
+                else f"Просрочено {overdue_days} дн."
+            )
+
+            people = []
+            if "assignee" in notify_targets and assignee:
+                people.append((
+                    assignee,
+                    f"{msg_prefix}: {ref}",
+                    f"Рекомендация «{title}» — срок до {deadline}",
+                ))
+            if "unit_head" in notify_targets and unit_head:
+                people.append((
+                    unit_head,
+                    f"{msg_prefix}: {ref} (подчинённый)",
+                    f"Рекомендация «{title}» назначена {assignee} — срок до {deadline}",
+                ))
+
+            for (uid, ntitle, nmessage) in people:
+                existing = await pool.fetchval(
+                    """SELECT COUNT(*) FROM grc.notifications
+                       WHERE user_id=$1 AND notif_type=$2 AND entity_type='remediation'
+                         AND entity_id=$3 AND created_at::date=$4""",
+                    uid, ntype, task["id"], today,
+                )
+                if existing == 0:
+                    await _notify(pool, uid, ntype, ntitle, nmessage, "remediation", task["id"])
+                    created += 1
+                    email_svc = get_email_service()
+                    user_email = await _resolve_user_email(pool, uid)
+                    if user_email:
+                        email_svc.send(
+                            to=user_email,
+                            subject=f"DAP: {ntitle}",
+                            body_text=f"{ntitle}\n\n{nmessage}\n\n— DataAudit Platform",
+                            body_html=_escalation_email_html(ntitle, nmessage, ref, deadline),
+                        )
+
+    _sched_logger.info(f"Escalation check: {len(tasks)} tasks, {created} notifications")
+
+
+async def _escalation_scheduler():
+    """Run escalation daily at 09:00."""
+    while True:
+        now = datetime.now()
+        target = datetime.combine(now.date(), dtime(9, 0))
+        if now >= target:
+            target += timedelta(days=1)
+        wait = (target - now).total_seconds()
+        _sched_logger.info(f"Next escalation: {target} (in {wait:.0f}s)")
+        await asyncio.sleep(wait)
+        try:
+            await _run_escalation()
+        except Exception as e:
+            _sched_logger.error(f"Escalation failed: {e}")
+
+
+@app.on_event("startup")
+async def start_scheduler():
+    if os.getenv("DAP_SCHEDULER", "false").lower() == "true":
+        asyncio.create_task(_escalation_scheduler())
+
+
+@app.get("/health")
+async def health():
+    return {"status": "ok"}

dap_platform-0.1.0/src/dataaudit/auth/__init__.py

@@ -0,0 +1,20 @@
+"""DAP Authentication Module"""
+
+from .models import User, Role, Session, AuthResult
+from .local_auth import LocalAuth, get_auth_client
+from .session import SessionManager, get_session_manager
+from .dependencies import (
+    get_current_user,
+    require_auth,
+    require_role,
+    auth_middleware,
+    add_user_to_context,
+)
+
+__all__ = [
+    "User", "Role", "Session", "AuthResult",
+    "LocalAuth", "get_auth_client",
+    "SessionManager", "get_session_manager",
+    "get_current_user", "require_auth", "require_role",
+    "auth_middleware", "add_user_to_context",
+]