django-cfg 1.2.22__py3-none-any.whl → 1.2.25__py3-none-any.whl

django_cfg/apps/payments/utils/middleware_utils.py

@@ -0,0 +1,228 @@
+"""
+Utilities for middleware processing.
+"""
+
+from typing import Optional, List
+from django.http import HttpRequest
+from django.conf import settings
+
+
+def get_client_ip(request: HttpRequest) -> Optional[str]:
+    """
+    Get client IP address from request.
+    Handles various proxy headers and configurations.
+    """
+    
+    # Check for forwarded headers first
+    forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+    if forwarded_for:
+        # Take first IP in chain (original client)
+        return forwarded_for.split(',')[0].strip()
+    
+    # Check for real IP header (common with nginx)
+    real_ip = request.META.get('HTTP_X_REAL_IP')
+    if real_ip:
+        return real_ip.strip()
+    
+    # Check for Cloudflare header
+    cf_ip = request.META.get('HTTP_CF_CONNECTING_IP')
+    if cf_ip:
+        return cf_ip.strip()
+    
+    # Fallback to remote address
+    remote_addr = request.META.get('REMOTE_ADDR')
+    if remote_addr:
+        return remote_addr.strip()
+    
+    return None
+
+
+def is_api_request(request: HttpRequest, api_prefixes: Optional[List[str]] = None) -> bool:
+    """
+    Check if request is an API request based on path prefixes.
+    
+    Args:
+        request: Django HTTP request
+        api_prefixes: List of API prefixes to check (defaults to settings)
+    """
+    
+    if api_prefixes is None:
+        api_prefixes = getattr(settings, 'PAYMENTS_API_PREFIXES', ['/api/'])
+    
+    path = request.path
+    return any(path.startswith(prefix) for prefix in api_prefixes)
+
+
+def extract_api_key(request: HttpRequest) -> Optional[str]:
+    """
+    Extract API key from request headers or query parameters.
+    Supports multiple authentication methods.
+    
+    Priority:
+    1. Authorization header (Bearer token)
+    2. X-API-Key header
+    3. Query parameter (less secure, for testing)
+    """
+    
+    # Method 1: Authorization header (Bearer token)
+    auth_header = request.META.get('HTTP_AUTHORIZATION', '')
+    if auth_header.startswith('Bearer '):
+        return auth_header[7:]  # Remove 'Bearer ' prefix
+    
+    # Method 2: X-API-Key header
+    api_key_header = request.META.get('HTTP_X_API_KEY')
+    if api_key_header:
+        return api_key_header.strip()
+    
+    # Method 3: Custom header variations
+    custom_headers = [
+        'HTTP_X_API_TOKEN',
+        'HTTP_APIKEY',
+        'HTTP_API_TOKEN',
+    ]
+    
+    for header in custom_headers:
+        value = request.META.get(header)
+        if value:
+            return value.strip()
+    
+    # Method 4: Query parameter (less secure, mainly for testing)
+    if getattr(settings, 'PAYMENTS_ALLOW_API_KEY_IN_QUERY', False):
+        query_key = request.GET.get('api_key') or request.GET.get('apikey')
+        if query_key:
+            return query_key.strip()
+    
+    return None
+
+
+def is_exempt_path(request: HttpRequest, exempt_paths: Optional[List[str]] = None) -> bool:
+    """
+    Check if request path is exempt from API key requirements.
+    
+    Args:
+        request: Django HTTP request
+        exempt_paths: List of exempt path prefixes (defaults to settings)
+    """
+    
+    if exempt_paths is None:
+        exempt_paths = getattr(settings, 'PAYMENTS_EXEMPT_PATHS', [
+            '/admin/',
+            '/cfg/',
+            '/api/v1/api-key/validate/',
+        ])
+    
+    path = request.path
+    return any(path.startswith(exempt) for exempt in exempt_paths)
+
+
+def get_request_metadata(request: HttpRequest) -> dict:
+    """
+    Extract useful metadata from request for logging and analytics.
+    """
+    
+    return {
+        'method': request.method,
+        'path': request.path,
+        'query_string': request.META.get('QUERY_STRING', ''),
+        'user_agent': request.META.get('HTTP_USER_AGENT', ''),
+        'referer': request.META.get('HTTP_REFERER', ''),
+        'ip_address': get_client_ip(request),
+        'content_type': request.META.get('CONTENT_TYPE', ''),
+        'content_length': request.META.get('CONTENT_LENGTH', 0),
+        'host': request.META.get('HTTP_HOST', ''),
+        'scheme': request.scheme,
+        'is_secure': request.is_secure(),
+    }
+
+
+def should_track_request_body(request: HttpRequest, max_size: int = 10000) -> bool:
+    """
+    Determine if request body should be tracked for analytics.
+    
+    Args:
+        request: Django HTTP request
+        max_size: Maximum body size to track (bytes)
+    """
+    
+    # Check content length
+    content_length = request.META.get('CONTENT_LENGTH')
+    if content_length and int(content_length) > max_size:
+        return False
+    
+    # Don't track file uploads
+    content_type = request.META.get('CONTENT_TYPE', '')
+    if 'multipart/form-data' in content_type:
+        return False
+    
+    # Don't track binary content
+    if 'application/octet-stream' in content_type:
+        return False
+    
+    # Don't track sensitive endpoints
+    sensitive_paths = getattr(settings, 'PAYMENTS_SENSITIVE_PATHS', [
+        '/api/v1/api-key/',
+        '/api/v1/payment/',
+        '/api/v1/subscription/',
+    ])
+    
+    path = request.path
+    if any(path.startswith(sensitive) for sensitive in sensitive_paths):
+        return False
+    
+    return True
+
+
+def should_track_response_body(response, max_size: int = 10000) -> bool:
+    """
+    Determine if response body should be tracked for analytics.
+    
+    Args:
+        response: Django HTTP response
+        max_size: Maximum body size to track (bytes)
+    """
+    
+    # Don't track large responses
+    if hasattr(response, 'content') and len(response.content) > max_size:
+        return False
+    
+    # Only track successful JSON responses
+    if not (200 <= response.status_code < 300):
+        return False
+    
+    # Check content type
+    content_type = response.get('Content-Type', '')
+    if 'application/json' not in content_type:
+        return False
+    
+    return True
+
+
+def format_error_response(error_code: str, 
+                         message: str, 
+                         status_code: int = 400,
+                         additional_data: Optional[dict] = None) -> dict:
+    """
+    Format standardized error response for middleware.
+    
+    Args:
+        error_code: Machine-readable error code
+        message: Human-readable error message
+        status_code: HTTP status code
+        additional_data: Additional error data
+    """
+    
+    from django.utils import timezone
+    
+    error_response = {
+        'error': {
+            'code': error_code,
+            'message': message,
+            'status_code': status_code,
+            'timestamp': timezone.now().isoformat(),
+        }
+    }
+    
+    if additional_data:
+        error_response['error'].update(additional_data)
+    
+    return error_response

django_cfg/apps/payments/utils/validation_utils.py

@@ -0,0 +1,94 @@
+"""
+Validation utilities for payments module.
+
+Basic validation functions for API keys and subscription access.
+"""
+
+import logging
+from typing import Optional, Dict, Any
+from django.contrib.auth import get_user_model
+from django.utils import timezone
+
+from ..models import APIKey, Subscription
+
+User = get_user_model()
+logger = logging.getLogger(__name__)
+
+
+def validate_api_key(api_key: str) -> bool:
+    """
+    Validate API key.
+    
+    Args:
+        api_key: API key to validate
+        
+    Returns:
+        True if valid, False otherwise
+    """
+    try:
+        key = APIKey.objects.select_related('user').get(
+            key_value=api_key,
+            is_active=True
+        )
+        
+        # Check if key is expired
+        if key.expires_at and key.expires_at < timezone.now():
+            return False
+            
+        return True
+        
+    except APIKey.DoesNotExist:
+        return False
+    except Exception as e:
+        logger.error(f"Error validating API key: {e}")
+        return False
+
+
+def check_subscription_access(user_id: int, endpoint_group: str) -> Dict[str, Any]:
+    """
+    Check subscription access for user and endpoint group.
+    
+    Args:
+        user_id: User ID
+        endpoint_group: Endpoint group name
+        
+    Returns:
+        Access check result dictionary
+    """
+    try:
+        subscription = Subscription.objects.select_related('endpoint_group').get(
+            user_id=user_id,
+            endpoint_group__name=endpoint_group,
+            status='active',
+            expires_at__gt=timezone.now()
+        )
+        
+        # Check usage limits
+        usage_percentage = (subscription.current_usage / subscription.monthly_limit) * 100
+        remaining_requests = subscription.monthly_limit - subscription.current_usage
+        
+        return {
+            'allowed': remaining_requests > 0,
+            'subscription_id': str(subscription.id),
+            'remaining_requests': remaining_requests,
+            'usage_percentage': usage_percentage,
+            'reason': 'Active subscription' if remaining_requests > 0 else 'Usage limit exceeded'
+        }
+        
+    except Subscription.DoesNotExist:
+        return {
+            'allowed': False,
+            'reason': 'No active subscription found',
+            'subscription_id': None,
+            'remaining_requests': 0,
+            'usage_percentage': 0
+        }
+    except Exception as e:
+        logger.error(f"Error checking subscription access: {e}")
+        return {
+            'allowed': False,
+            'reason': f'Access check failed: {str(e)}',
+            'subscription_id': None,
+            'remaining_requests': 0,
+            'usage_percentage': 0
+        }

django_cfg/apps/payments/views/payment_views.py

@@ -46,8 +46,46 @@ class UserPaymentViewSet(viewsets.ModelViewSet):
     def check_status(self, request, user_pk=None, pk=None):
         """Check payment status via provider API."""
         payment = self.get_object()
-        # TODO: Implement provider status check
-        return Response({'status': payment.status})
+        
+        # Import PaymentService to check status with provider
+        from ..services.core.payment_service import PaymentService
+        
+        try:
+            payment_service = PaymentService()
+            status_result = payment_service.get_payment_status(str(payment.id))
+            
+            if status_result.success:
+                # Update local payment status if it changed
+                if payment.status != status_result.status:
+                    payment.status = status_result.status
+                    payment.save(update_fields=['status', 'updated_at'])
+                
+                return Response({
+                    'payment_id': str(payment.id),
+                    'status': status_result.status,
+                    'provider_status': status_result.provider_status,
+                    'updated': payment.status != status_result.status
+                })
+            else:
+                return Response({
+                    'payment_id': str(payment.id),
+                    'status': payment.status,
+                    'error': status_result.error_message,
+                    'provider_check_failed': True
+                }, status=status.HTTP_400_BAD_REQUEST)
+                
+        except Exception as e:
+            # Log error but don't fail completely
+            import logging
+            logger = logging.getLogger(__name__)
+            logger.error(f"Payment status check failed for {payment.id}: {e}")
+            
+            return Response({
+                'payment_id': str(payment.id),
+                'status': payment.status,
+                'error': 'Status check temporarily unavailable',
+                'provider_check_failed': True
+            })
     
     @action(detail=False, methods=['get'])
     def summary(self, request, user_pk=None):

django_cfg/apps/payments/views/webhook_views.py

@@ -0,0 +1,266 @@
+"""
+Webhook processing views with signature validation.
+"""
+
+import json
+import logging
+from typing import Dict, Any
+
+from django.http import JsonResponse, HttpResponse
+from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_http_methods
+from django.utils.decorators import method_decorator
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import AllowAny
+from rest_framework.response import Response
+from rest_framework import status
+
+from ..services.core.payment_service import PaymentService
+from ..tasks.webhook_processing import process_webhook_with_fallback
+from ..services.security.webhook_validator import webhook_validator
+from ..services.security.error_handler import error_handler, SecurityError, ValidationError
+
+logger = logging.getLogger(__name__)
+
+
+@csrf_exempt
+@require_http_methods(["POST"])
+def webhook_handler(request, provider: str):
+    """
+    Main webhook handler with signature validation.
+    
+    Accepts webhooks from payment providers and processes them
+    with proper validation and fallback mechanisms.
+    """
+    try:
+        # Parse webhook data
+        webhook_data = json.loads(request.body.decode('utf-8'))
+        
+        # Extract request headers
+        request_headers = {
+            key: value for key, value in request.META.items()
+            if key.startswith('HTTP_')
+        }
+        
+        # Generate idempotency key for deduplication
+        idempotency_key = _generate_idempotency_key(provider, webhook_data, request_headers)
+        
+        logger.info(f"📥 Received webhook from {provider}, key: {idempotency_key}")
+        
+        # Validate webhook with enhanced security
+        is_valid, validation_error = webhook_validator.validate_webhook(
+            provider=provider,
+            webhook_data=webhook_data,
+            request_headers=request_headers,
+            raw_body=request.body
+        )
+        
+        if not is_valid:
+            security_error = SecurityError(
+                f"Webhook validation failed: {validation_error}",
+                details={'provider': provider, 'validation_error': validation_error}
+            )
+            error_handler.handle_error(security_error, {
+                'provider': provider,
+                'webhook_data_keys': list(webhook_data.keys()),
+                'headers_count': len(request_headers)
+            }, request)
+            
+            return JsonResponse(
+                {'error': 'Webhook validation failed', 'code': 'INVALID_WEBHOOK'}, 
+                status=403
+            )
+        
+        # Process webhook (async with fallback to sync)
+        result = process_webhook_with_fallback(
+            provider=provider,
+            webhook_data=webhook_data,
+            idempotency_key=idempotency_key,
+            request_headers=request_headers
+        )
+        
+        if result.get('success'):
+            logger.info(f"✅ Webhook processed successfully: {idempotency_key}")
+            return JsonResponse({
+                'status': 'success',
+                'idempotency_key': idempotency_key,
+                'processing_mode': result.get('mode', 'unknown')
+            })
+        else:
+            logger.error(f"❌ Webhook processing failed: {result.get('error')}")
+            return JsonResponse({
+                'status': 'error',
+                'error': result.get('error', 'Processing failed'),
+                'idempotency_key': idempotency_key
+            }, status=400)
+            
+    except json.JSONDecodeError as e:
+        validation_error = ValidationError(
+            f"Invalid JSON in webhook from {provider}",
+            details={'provider': provider, 'json_error': str(e)}
+        )
+        error_result = error_handler.handle_error(validation_error, {
+            'provider': provider,
+            'raw_body_length': len(request.body) if request.body else 0
+        }, request)
+        
+        return JsonResponse({
+            'error': 'Invalid JSON',
+            'code': validation_error.error_code
+        }, status=400)
+        
+    except Exception as e:
+        # Handle unexpected errors with centralized error handler
+        error_result = error_handler.handle_error(e, {
+            'provider': provider,
+            'operation': 'webhook_processing',
+            'webhook_data_available': 'webhook_data' in locals()
+        }, request)
+    
+        return JsonResponse({
+            'error': 'Internal server error',
+            'code': error_result.error.error_code
+        }, status=500)
+
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def webhook_test(request):
+    """
+    Test webhook endpoint for development.
+    
+    Allows testing webhook processing without requiring
+    actual payment provider signatures.
+    """
+    try:
+        provider = request.data.get('provider', 'test')
+        webhook_data = request.data.get('webhook_data', {})
+        
+        # Add test marker
+        webhook_data['_test_webhook'] = True
+        
+        # Generate test idempotency key
+        import uuid
+        idempotency_key = f"test_{uuid.uuid4().hex[:8]}"
+        
+        logger.info(f"🧪 Processing test webhook: {provider}")
+        
+        # Process with PaymentService directly (sync)
+        payment_service = PaymentService()
+        result = payment_service.process_webhook(
+            provider=provider,
+            webhook_data=webhook_data,
+            request_headers={'HTTP_X_TEST': 'true'}
+        )
+        
+        return Response({
+            'status': 'success',
+            'test_mode': True,
+            'provider': provider,
+            'idempotency_key': idempotency_key,
+            'result': result.dict() if hasattr(result, 'dict') else result
+        })
+        
+    except Exception as e:
+        logger.error(f"❌ Test webhook error: {e}")
+        return Response({
+            'status': 'error',
+            'error': str(e),
+            'test_mode': True
+        }, status=status.HTTP_400_BAD_REQUEST)
+
+
+def _validate_webhook_signature(provider: str, webhook_data: Dict[str, Any], 
+                               request_headers: Dict[str, str]) -> bool:
+    """
+    Validate webhook signature based on provider.
+    
+    Each provider has different signature validation methods.
+    """
+    try:
+        if provider == 'nowpayments':
+            return _validate_nowpayments_signature(webhook_data, request_headers)
+        elif provider == 'cryptapi':
+            return _validate_cryptapi_signature(webhook_data, request_headers)
+        elif provider == 'test':
+            return True  # Allow test webhooks
+        else:
+            logger.warning(f"Unknown provider for signature validation: {provider}")
+            return False
+            
+    except Exception as e:
+        logger.error(f"Signature validation error for {provider}: {e}")
+        return False
+
+
+def _validate_nowpayments_signature(webhook_data: Dict[str, Any], 
+                                  request_headers: Dict[str, str]) -> bool:
+    """Validate NowPayments webhook signature."""
+    import hmac
+    import hashlib
+    from ..utils.config_utils import get_payments_config
+    
+    # Get IPN secret from config
+    config = get_payments_config()
+    if not config or not hasattr(config, 'providers') or 'nowpayments' not in config.providers:
+        logger.warning("NowPayments IPN secret not configured, skipping validation")
+        return True  # Allow if not configured (development mode)
+    
+    nowpayments_config = config.providers['nowpayments']
+    ipn_secret = getattr(nowpayments_config, 'ipn_secret', None)
+    
+    if not ipn_secret:
+        logger.warning("NowPayments IPN secret not configured, skipping validation")
+        return True
+    
+    # Get signature from headers
+    signature = request_headers.get('HTTP_X_NOWPAYMENTS_SIG')
+    if not signature:
+        logger.warning("No NowPayments signature found in headers")
+        return False
+    
+    # Calculate expected signature
+    payload = json.dumps(webhook_data, separators=(',', ':'), sort_keys=True)
+    expected_signature = hmac.new(
+        ipn_secret.encode(),
+        payload.encode(),
+        hashlib.sha512
+    ).hexdigest()
+    
+    return hmac.compare_digest(signature, expected_signature)
+
+
+def _validate_cryptapi_signature(webhook_data: Dict[str, Any], 
+                                request_headers: Dict[str, str]) -> bool:
+    """Validate CryptAPI webhook signature."""
+    # CryptAPI uses different validation method
+    # For now, implement basic validation
+    
+    # Check if required fields are present
+    required_fields = ['address_in', 'address_out', 'txid_in', 'value_coin', 'coin', 'confirmations']
+    for field in required_fields:
+        if field not in webhook_data:
+            logger.warning(f"Missing required field in CryptAPI webhook: {field}")
+            return False
+    
+    return True
+
+
+def _generate_idempotency_key(provider: str, webhook_data: Dict[str, Any], 
+                            request_headers: Dict[str, str]) -> str:
+    """Generate idempotency key for webhook deduplication."""
+    import hashlib
+    
+    # Use provider + payment ID + timestamp for uniqueness
+    payment_id = (
+        webhook_data.get('payment_id') or 
+        webhook_data.get('order_id') or
+        webhook_data.get('id') or
+        'unknown'
+    )
+    
+    timestamp = webhook_data.get('created_at') or webhook_data.get('timestamp')
+    
+    # Create hash from key components
+    key_data = f"{provider}:{payment_id}:{timestamp}"
+    return hashlib.md5(key_data.encode()).hexdigest()[:16]

django_cfg/apps/payments/viewsets.py

@@ -0,0 +1,65 @@
+"""
+Payment system ViewSets router for easy integration.
+"""
+
+from rest_framework.routers import DefaultRouter
+from rest_framework_nested import routers
+
+from .views import (
+    # Balance ViewSets
+    UserBalanceViewSet, TransactionViewSet,
+    
+    # Payment ViewSets
+    UserPaymentViewSet, UniversalPaymentViewSet,
+    
+    # Subscription ViewSets
+    UserSubscriptionViewSet, SubscriptionViewSet, EndpointGroupViewSet,
+    
+    # API Key ViewSets
+    UserAPIKeyViewSet, APIKeyViewSet,
+    
+    # Currency ViewSets
+    CurrencyViewSet, CurrencyNetworkViewSet,
+    
+    # Tariff ViewSets
+    TariffViewSet, TariffEndpointGroupViewSet,
+)
+
+
+class PaymentSystemRouter:
+    """Universal router with all payment endpoints"""
+    
+    def __init__(self):
+        self.router = DefaultRouter()
+        self._setup_main_routes()
+        
+    def _setup_main_routes(self):
+        """Setup main resource routes"""
+        # Core payment resources
+        self.router.register(r'payments', UniversalPaymentViewSet, basename='payment')
+        self.router.register(r'balances', UserBalanceViewSet, basename='balance')
+        self.router.register(r'transactions', TransactionViewSet, basename='transaction')
+        
+        # Subscription management
+        self.router.register(r'subscriptions', SubscriptionViewSet, basename='subscription')
+        self.router.register(r'endpoint-groups', EndpointGroupViewSet, basename='endpoint-group')
+        
+        # API key management
+        self.router.register(r'api-keys', APIKeyViewSet, basename='api-key')
+        
+        # Currency and pricing
+        self.router.register(r'currencies', CurrencyViewSet, basename='currency')
+        self.router.register(r'currency-networks', CurrencyNetworkViewSet, basename='currency-network')
+        self.router.register(r'tariffs', TariffViewSet, basename='tariff')
+        self.router.register(r'tariff-groups', TariffEndpointGroupViewSet, basename='tariff-group')
+    
+    @property
+    def urls(self):
+        """Get all URLs"""
+        return self.router.urls
+
+
+# Create default router instance
+payment_router = PaymentSystemRouter()
+
+__all__ = ['PaymentSystemRouter', 'payment_router']