django-cfg 1.5.14__py3-none-any.whl → 1.5.29__py3-none-any.whl

django_cfg/apps/integrations/centrifugo/services/token_generator.py

@@ -0,0 +1,122 @@
+"""
+Centrifugo Token Generator Service.
+
+Provides utilities for generating Centrifugo JWT tokens with user permissions.
+"""
+
+import time
+import jwt
+from datetime import datetime, timezone
+from typing import List, Dict, Any, Optional
+
+from .config_helper import get_centrifugo_config
+
+
+def get_user_channels(user) -> List[str]:
+    """
+    Get list of Centrifugo channels user is allowed to subscribe to.
+
+    Args:
+        user: Django user instance
+
+    Returns:
+        List of channel names user can access
+
+    Channel naming convention:
+        - user#{user_id} - Personal channel for RPC responses
+        - notifications#user#{user_id} - Personal notifications
+        - centrifugo#dashboard - Admin dashboard events
+        - admin#notifications - Admin notifications
+        - grpc#* - All gRPC bot events (admin only)
+        - broadcast - Global broadcast channel
+    """
+    channels = []
+
+    # Personal channel for RPC responses
+    channels.append(f"user#{user.id}")
+
+    # Notifications channel
+    channels.append(f"notifications#user#{user.id}")
+
+    # Admin channels
+    if user.is_staff or user.is_superuser:
+        channels.append("centrifugo#dashboard")
+        channels.append("admin#notifications")
+        # Allow admins to see all gRPC bot events
+        channels.append("grpc#*")
+
+    # Broadcast channel for all users
+    channels.append("broadcast")
+
+    return channels
+
+
+def generate_centrifugo_token(
+    user,
+    exp_seconds: int = 3600,
+    additional_channels: Optional[List[str]] = None
+) -> Dict[str, Any]:
+    """
+    Generate Centrifugo JWT token with user's allowed channels.
+
+    Args:
+        user: Django user instance
+        exp_seconds: Token expiration time in seconds (default: 1 hour)
+        additional_channels: Optional additional channels to include
+
+    Returns:
+        Dictionary with:
+            - token: JWT token string
+            - centrifugo_url: Centrifugo WebSocket URL
+            - expires_at: Token expiration datetime
+            - channels: List of allowed channels
+
+    Raises:
+        ValueError: If Centrifugo is not configured or disabled
+    """
+    config = get_centrifugo_config()
+    if not config or not config.enabled:
+        raise ValueError("Centrifugo not configured or disabled")
+
+    # Get user's allowed channels
+    channels = get_user_channels(user)
+
+    # Add additional channels if provided
+    if additional_channels:
+        channels.extend(additional_channels)
+        # Remove duplicates while preserving order
+        channels = list(dict.fromkeys(channels))
+
+    # Generate JWT token
+    now = int(time.time())
+    exp = now + exp_seconds
+
+    payload = {
+        "sub": str(user.id),        # User ID
+        "exp": exp,                  # Expiration time
+        "iat": now,                  # Issued at
+        "channels": channels,        # Allowed channels
+    }
+
+    # Sign token with HMAC secret
+    token = jwt.encode(
+        payload,
+        config.centrifugo_token_hmac_secret,
+        algorithm="HS256"
+    )
+
+    # Use timezone-aware datetime for proper ISO 8601 format
+    expires_at = datetime.fromtimestamp(exp, tz=timezone.utc)
+
+    return {
+        "token": token,
+        "centrifugo_url": config.centrifugo_url,
+        "expires_at": expires_at,
+        "channels": channels,
+    }
+
+
+__all__ = [
+    "get_user_channels",
+    "generate_centrifugo_token",
+]

django_cfg/apps/integrations/centrifugo/urls.py

@@ -10,6 +10,8 @@ from rest_framework import routers
 from .views.admin_api import CentrifugoAdminAPIViewSet
 from .views.monitoring import CentrifugoMonitorViewSet
 from .views.testing_api import CentrifugoTestingAPIViewSet
+from .views.token_api import CentrifugoTokenViewSet
+from .views.wrapper import PublishWrapperView
 
 app_name = 'django_cfg_centrifugo'
 
@@ -25,7 +27,13 @@ router.register(r'server', CentrifugoAdminAPIViewSet, basename='server')
 # Testing API endpoints (live testing from dashboard)
 router.register(r'testing', CentrifugoTestingAPIViewSet, basename='testing')
 
+# Token API endpoints (JWT token generation for client connections)
+router.register(r'auth', CentrifugoTokenViewSet, basename='auth')
+
 urlpatterns = [
+    # Wrapper API endpoint (for CentrifugoClient)
+    path('api/publish', PublishWrapperView.as_view(), name='wrapper_publish'),
+
     # Include router URLs
     path('', include(router.urls)),
 ]

django_cfg/apps/integrations/centrifugo/views/__init__.py

@@ -5,9 +5,11 @@ Views for Centrifugo module.
 from .admin_api import CentrifugoAdminAPIViewSet
 from .monitoring import CentrifugoMonitorViewSet
 from .testing_api import CentrifugoTestingAPIViewSet
+from .wrapper import PublishWrapperView
 
 __all__ = [
     'CentrifugoMonitorViewSet',
     'CentrifugoAdminAPIViewSet',
     'CentrifugoTestingAPIViewSet',
+    'PublishWrapperView',
 ]

django_cfg/apps/integrations/centrifugo/views/admin_api.py

@@ -5,7 +5,6 @@ Proxies requests to Centrifugo server API with authentication and type safety.
 Provides Django endpoints that map to Centrifugo HTTP API methods.
 """
 
-import asyncio
 import httpx
 from django.http import JsonResponse
 from django_cfg.modules.django_logging import get_logger
@@ -113,10 +112,10 @@ class CentrifugoAdminAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="info")
-    def info(self, request):
-        """Get Centrifugo server information."""
+    async def info(self, request):
+        """Get Centrifugo server information (ASYNC)."""
         try:
-            result = asyncio.run(self._call_centrifugo_api("info", params={}))
+            result = await self._call_centrifugo_api("info", params={})
 
             # Check for Centrifugo API error
             if "error" in result and result["error"]:
@@ -147,13 +146,13 @@ class CentrifugoAdminAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="channels")
-    def channels(self, request):
-        """List active channels."""
+    async def channels(self, request):
+        """List active channels (ASYNC)."""
         try:
             req_data = CentrifugoChannelsRequest(**request.data)
-            result = asyncio.run(self._call_centrifugo_api(
+            result = await self._call_centrifugo_api(
                 "channels", params=req_data.model_dump(exclude_none=True)
-            ))
+            )
 
             # Check for Centrifugo API error
             if "error" in result and result["error"]:
@@ -183,13 +182,13 @@ class CentrifugoAdminAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="presence")
-    def presence(self, request):
-        """Get channel presence (active subscribers)."""
+    async def presence(self, request):
+        """Get channel presence (active subscribers) (ASYNC)."""
         try:
             req_data = CentrifugoPresenceRequest(**request.data)
-            result = asyncio.run(self._call_centrifugo_api(
+            result = await self._call_centrifugo_api(
                 "presence", params=req_data.model_dump()
-            ))
+            )
 
             # Check for Centrifugo API error (e.g., code 108 "not available")
             if "error" in result and result["error"]:
@@ -219,13 +218,13 @@ class CentrifugoAdminAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="presence-stats")
-    def presence_stats(self, request):
-        """Get channel presence statistics."""
+    async def presence_stats(self, request):
+        """Get channel presence statistics (ASYNC)."""
         try:
             req_data = CentrifugoPresenceStatsRequest(**request.data)
-            result = asyncio.run(self._call_centrifugo_api(
+            result = await self._call_centrifugo_api(
                 "presence_stats", params=req_data.model_dump()
-            ))
+            )
 
             # Check for Centrifugo API error (e.g., code 108 "not available")
             if "error" in result and result["error"]:
@@ -255,13 +254,13 @@ class CentrifugoAdminAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="history")
-    def history(self, request):
-        """Get channel message history."""
+    async def history(self, request):
+        """Get channel message history (ASYNC)."""
         try:
             req_data = CentrifugoHistoryRequest(**request.data)
-            result = asyncio.run(self._call_centrifugo_api(
+            result = await self._call_centrifugo_api(
                 "history", params=req_data.model_dump(exclude_none=True)
-            ))
+            )
 
             # Check for Centrifugo API error (e.g., code 108 "not available")
             if "error" in result and result["error"]:
@@ -359,19 +358,17 @@ class CentrifugoAdminAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
                 status=status.HTTP_500_INTERNAL_SERVER_ERROR
             )
 
-    def __del__(self):
-        """Cleanup HTTP client on deletion."""
+    async def cleanup(self):
+        """
+        Explicit async cleanup method for HTTP client.
+
+        Note: Django handles ViewSet lifecycle automatically.
+        This method is provided for explicit cleanup if needed,
+        but httpx.AsyncClient will be garbage collected normally.
+        """
         if self._http_client:
-            import asyncio
-
-            try:
-                loop = asyncio.get_event_loop()
-                if loop.is_running():
-                    loop.create_task(self._http_client.aclose())
-                else:
-                    loop.run_until_complete(self._http_client.aclose())
-            except Exception:
-                pass  # Ignore cleanup errors
+            await self._http_client.aclose()
+            self._http_client = None
 
 
 __all__ = ["CentrifugoAdminAPIViewSet"]

django_cfg/apps/integrations/centrifugo/views/testing_api.py

@@ -5,7 +5,6 @@ Provides endpoints for live testing of Centrifugo integration from dashboard.
 Includes connection tokens, publish proxying, and ACK management.
 """
 
-import asyncio
 import time
 from datetime import datetime, timedelta
 from typing import Any, Dict
@@ -32,23 +31,6 @@ logger = get_logger("centrifugo.testing_api")
 # ========================================================================
 
 
-class ConnectionTokenRequest(BaseModel):
-    """Request model for connection token generation."""
-
-    user_id: str = Field(..., description="User ID for the connection")
-    channels: list[str] = Field(
-        default_factory=list, description="List of channels to authorize"
-    )
-
-
-class ConnectionTokenResponse(BaseModel):
-    """Response model for connection token."""
-
-    token: str = Field(..., description="JWT token for WebSocket connection")
-    centrifugo_url: str = Field(..., description="Centrifugo WebSocket URL")
-    expires_at: str = Field(..., description="Token expiration time (ISO 8601)")
-
-
 class PublishTestRequest(BaseModel):
     """Request model for test message publishing."""
 
@@ -132,68 +114,6 @@ class CentrifugoTestingAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
 
         return self._http_client
 
-    @extend_schema(
-        tags=["Centrifugo Testing"],
-        summary="Generate connection token",
-        description="Generate JWT token for WebSocket connection to Centrifugo.",
-        request=ConnectionTokenRequest,
-        responses={
-            200: ConnectionTokenResponse,
-            400: {"description": "Invalid request"},
-            500: {"description": "Server error"},
-        },
-    )
-    @action(detail=False, methods=["post"], url_path="connection-token")
-    def connection_token(self, request):
-        """
-        Generate JWT token for WebSocket connection.
-
-        Returns token that can be used to connect to Centrifugo from browser.
-        """
-        try:
-            config = get_centrifugo_config()
-            if not config:
-                return Response(
-                    {"error": "Centrifugo not configured"},
-                    status=status.HTTP_500_INTERNAL_SERVER_ERROR,
-                )
-
-            # Parse request
-            req_data = ConnectionTokenRequest(**request.data)
-
-            # Generate JWT token
-            now = int(time.time())
-            exp = now + 3600  # 1 hour
-
-            payload = {
-                "sub": req_data.user_id,
-                "exp": exp,
-                "iat": now,
-            }
-
-            # Add channels if provided
-            if req_data.channels:
-                payload["channels"] = req_data.channels
-
-            # Use HMAC secret from config or Django SECRET_KEY
-            secret = config.centrifugo_token_hmac_secret or settings.SECRET_KEY
-
-            token = jwt.encode(payload, secret, algorithm="HS256")
-
-            response = ConnectionTokenResponse(
-                token=token,
-                centrifugo_url=config.centrifugo_url,
-                expires_at=datetime.utcfromtimestamp(exp).isoformat() + "Z",
-            )
-
-            return Response(response.model_dump())
-
-        except Exception as e:
-            logger.error(f"Failed to generate connection token: {e}", exc_info=True)
-            return Response(
-                {"error": str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR
-            )
-
     @extend_schema(
         tags=["Centrifugo Testing"],
         summary="Publish test message",
@@ -206,23 +126,21 @@ class CentrifugoTestingAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="publish-test")
-    def publish_test(self, request):
+    async def publish_test(self, request):
         """
-        Publish test message via wrapper.
+        Publish test message via wrapper (ASYNC).
 
         Proxies request to Centrifugo wrapper with ACK tracking support.
         """
         try:
             req_data = PublishTestRequest(**request.data)
 
-            # Call wrapper API
-            result = asyncio.run(
-                self._publish_to_wrapper(
-                    channel=req_data.channel,
-                    data=req_data.data,
-                    wait_for_ack=req_data.wait_for_ack,
-                    ack_timeout=req_data.ack_timeout,
-                )
+            # Call wrapper API (ASYNC - no asyncio.run()!)
+            result = await self._publish_to_wrapper(
+                channel=req_data.channel,
+                data=req_data.data,
+                wait_for_ack=req_data.wait_for_ack,
+                ack_timeout=req_data.ack_timeout,
             )
 
             response = PublishTestResponse(
@@ -259,20 +177,18 @@ class CentrifugoTestingAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="send-ack")
-    def send_ack(self, request):
+    async def send_ack(self, request):
         """
-        Send manual ACK for message.
+        Send manual ACK for message (ASYNC).
 
         Proxies ACK to wrapper for testing ACK flow.
         """
         try:
             req_data = ManualAckRequest(**request.data)
 
-            # Send ACK to wrapper
-            result = asyncio.run(
-                self._send_ack_to_wrapper(
-                    message_id=req_data.message_id, client_id=req_data.client_id
-                )
+            # Send ACK to wrapper (ASYNC - no asyncio.run()!)
+            result = await self._send_ack_to_wrapper(
+                message_id=req_data.message_id, client_id=req_data.client_id
             )
 
             response = ManualAckResponse(
@@ -413,9 +329,9 @@ class CentrifugoTestingAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
         },
     )
     @action(detail=False, methods=["post"], url_path="publish-with-logging")
-    def publish_with_logging(self, request):
+    async def publish_with_logging(self, request):
         """
-        Publish message using CentrifugoClient with database logging.
+        Publish message using CentrifugoClient with database logging (ASYNC).
 
         This endpoint uses the production CentrifugoClient which logs all
         publishes to the database (CentrifugoLog model).
@@ -426,25 +342,24 @@ class CentrifugoTestingAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
             # Use CentrifugoClient for publishing
             client = CentrifugoClient()
 
-            # Publish message
-            result = asyncio.run(
-                client.publish_with_ack(
+            # Publish message (ASYNC - no asyncio.run()!)
+            if req_data.wait_for_ack:
+                result = await client.publish_with_ack(
                     channel=req_data.channel,
                     data=req_data.data,
-                    ack_timeout=req_data.ack_timeout if req_data.wait_for_ack else None,
+                    ack_timeout=req_data.ack_timeout,
                     user=request.user if request.user.is_authenticated else None,
                     caller_ip=request.META.get("REMOTE_ADDR"),
                     user_agent=request.META.get("HTTP_USER_AGENT"),
                 )
-                if req_data.wait_for_ack
-                else client.publish(
+            else:
+                result = await client.publish(
                     channel=req_data.channel,
                     data=req_data.data,
                     user=request.user if request.user.is_authenticated else None,
                     caller_ip=request.META.get("REMOTE_ADDR"),
                     user_agent=request.META.get("HTTP_USER_AGENT"),
                 )
-            )
 
             # Convert PublishResponse to dict
             response_data = {
@@ -465,17 +380,17 @@ class CentrifugoTestingAPIViewSet(AdminAPIMixin, viewsets.ViewSet):
                 status=status.HTTP_500_INTERNAL_SERVER_ERROR,
             )
 
-    def __del__(self):
-        """Cleanup HTTP client on deletion."""
+    async def cleanup(self):
+        """
+        Explicit async cleanup method for HTTP client.
+
+        Note: Django handles ViewSet lifecycle automatically.
+        This method is provided for explicit cleanup if needed,
+        but httpx.AsyncClient will be garbage collected normally.
+        """
         if self._http_client:
-            try:
-                loop = asyncio.get_event_loop()
-                if loop.is_running():
-                    loop.create_task(self._http_client.aclose())
-                else:
-                    loop.run_until_complete(self._http_client.aclose())
-            except Exception:
-                pass
+            await self._http_client.aclose()
+            self._http_client = None
 
 
 __all__ = ["CentrifugoTestingAPIViewSet"]

django_cfg/apps/integrations/centrifugo/views/token_api.py

@@ -0,0 +1,101 @@
+"""
+Centrifugo Token API
+
+Provides endpoint for generating Centrifugo JWT tokens with user permissions.
+"""
+
+import logging
+
+from drf_spectacular.utils import extend_schema
+from pydantic import BaseModel, Field
+from rest_framework import status, viewsets
+from rest_framework.decorators import action
+from rest_framework.response import Response
+from rest_framework.permissions import IsAuthenticated
+
+from ..services import generate_centrifugo_token
+
+logger = logging.getLogger(__name__)
+
+
+# ========================================================================
+# Response Models
+# ========================================================================
+
+
+class ConnectionTokenResponse(BaseModel):
+    """Response model for Centrifugo connection token."""
+
+    token: str = Field(..., description="JWT token for Centrifugo connection")
+    centrifugo_url: str = Field(..., description="Centrifugo WebSocket URL")
+    expires_at: str = Field(..., description="Token expiration time (ISO 8601)")
+    channels: list[str] = Field(..., description="List of allowed channels")
+
+
+class CentrifugoTokenViewSet(viewsets.ViewSet):
+    """
+    Centrifugo Token API ViewSet.
+
+    Provides endpoint for authenticated users to get Centrifugo JWT token
+    with their allowed channels based on permissions.
+    """
+
+    permission_classes = [IsAuthenticated]
+
+    @extend_schema(
+        tags=["Centrifugo Auth"],
+        summary="Get Centrifugo connection token",
+        description=(
+            "Generate JWT token for WebSocket connection to Centrifugo. "
+            "Token includes user's allowed channels based on their permissions. "
+            "Requires authentication."
+        ),
+        responses={
+            200: ConnectionTokenResponse,
+            401: {"description": "Unauthorized - authentication required"},
+            500: {"description": "Server error"},
+        },
+    )
+    @action(detail=False, methods=["get"], url_path="token")
+    def get_token(self, request):
+        """
+        Get Centrifugo connection token for authenticated user.
+
+        Returns JWT token with user's allowed channels that can be used
+        to connect to Centrifugo WebSocket.
+        """
+        try:
+            user = request.user
+
+            # Generate token with user's channels
+            token_data = generate_centrifugo_token(user)
+
+            logger.debug(
+                f"Generated Centrifugo token for user {user.email} (ID: {user.id}) "
+                f"with {len(token_data['channels'])} channels: {token_data['channels']}"
+            )
+
+            # Format expires_at as ISO 8601 string
+            return Response({
+                "token": token_data["token"],
+                "centrifugo_url": token_data["centrifugo_url"],
+                "expires_at": token_data["expires_at"].isoformat() + "Z",
+                "channels": token_data["channels"],
+            })
+
+        except ValueError as e:
+            # Centrifugo not configured or disabled
+            logger.warning(f"Centrifugo token generation failed: {e}")
+            return Response(
+                {"error": str(e)},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            )
+        except Exception as e:
+            logger.error(f"Failed to generate Centrifugo token: {e}", exc_info=True)
+            return Response(
+                {"error": "Failed to generate token"},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            )
+
+
+__all__ = ["CentrifugoTokenViewSet"]