easyapi-django 0.34__tar.gz → 0.36__tar.gz

{easyapi_django-0.34/easyapi_django.egg-info → easyapi_django-0.36}/PKG-INFO

@@ -1,9 +1,9 @@
 Metadata-Version: 2.4
 Name: easyapi_django
-Version: 0.34
+Version: 0.36
 Summary: A simple rest api generator for django based on models
 Author-email: Stamatios Stamou Jr <bushier.outsets.0c@icloud.com>
-License: MIT
+License-Expression: MIT
 Project-URL: Homepage, https://github.com/ssjunior/easyapi-django
 Project-URL: Bug Tracker, https://github.com/ssjunior/easyapi-django/issues
 Classifier: Programming Language :: Python :: 3
@@ -75,7 +75,11 @@ MIDDLEWARE = [
     'easyapi.AuthMiddleware',        # session-based auth from Redis
     'easyapi.ExceptionMiddleware',
 ]
-TRUSTED_PROXIES = ['10.0.0.0/8']     # only trust X-Real-IP from these
+
+EASYAPI = {
+    'TRUSTED_PROXIES': ['10.0.0.0/8'],   # only trust X-Real-IP from these
+    # 'COOKIE_ID': 'sessionid', 'ENFORCE_TOKEN': True, ...
+}
 ```
 
 ## Create a resource
@@ -141,7 +145,7 @@ class YourResource(BaseResource):
 
     # Cache
     cache = True
-    cache_ttl = 600
+    cache_ttl = 600                    # default 120s; settings.CACHE_TTL overrides
 ```
 
 ## Querystrings
@@ -153,10 +157,48 @@ class YourResource(BaseResource):
 | `?field=value` / `?field__gte=...` | Filter on whitelisted fields                    |
 | `?fields=a,b`                      | Restrict returned fields (filtered by `list_fields`) |
 | `?filter=<json>`                   | Advanced filter expression on whitelisted fields |
-| `?segment_id=N`                    | Apply a stored segment                          |
+| `?segment_id=N`                    | Apply a saved segment (see below)               |
 | `?page=N&limit=M&order_by=field`   | Pagination + order                              |
 | `?normalize=true`                  | Return list as `{id: {...}}` instead of array   |
 
+## Saved segments
+
+A segment is a saved JSON filter expression — the same boolean tree
+`?filter=<json>` accepts, stored under a stable id. Useful for CRM-style
+"saved views", marketing audiences, dashboard filters.
+
+Wire it up by pointing `EASYAPI.SEGMENT_MODEL` at a model that exposes a
+`.conditions` attribute returning the Layer-2 dict:
+
+```python
+# settings.py
+EASYAPI = {
+    'SEGMENT_MODEL': 'modules.segment.models.Segment',
+}
+
+# modules/segment/models.py
+class Segment(models.Model):
+    name = models.CharField(max_length=120)
+    conditions = models.JSONField()      # the Layer-2 boolean tree
+
+Segment.objects.create(
+    name='Active demo accounts',
+    conditions={
+        'logical_operator': 'AND',
+        'rules': [
+            {'field': 'active', 'operator': 'exact',     'value': True},
+            {'field': 'name',   'operator': 'icontains', 'value': 'demo'},
+        ],
+    },
+)
+```
+
+Any resource then accepts `GET /clients?segment_id=42`. Conditions are
+validated against the resource's `filter_fields` whitelist; missing rows
+return 404. When `SEGMENT_MODEL` is unset, `?segment_id=` is a no-op. A
+bad path raises `ImportError` at first use — typos fail loudly instead of
+silently disabling segments.
+
 ## Pydantic schemas (optional)
 
 Set any of `create_schema`, `update_schema`, `list_schema` and easyapi
@@ -256,13 +298,45 @@ configuration needed; it just works for any project that uses
 `aset_tenant`. The auto-fold is keyed by `account_id is not None`, so an
 explicit `account_id = 0` still produces a per-tenant key (real value,
 not absence). Disable globally via
-`AUTO_SCOPE_CACHE_BY_ACCOUNT = False` if you have a single-tenant
-deployment and want the legacy key shape.
+`EASYAPI = {'AUTO_SCOPE_CACHE_BY_ACCOUNT': False}` if you have a
+single-tenant deployment and want the legacy key shape.
 
 If you override `_build_cache_key` in a project, call
 `self._account_cache_segment()` and append the result so the override
 inherits the tenant isolation.
 
+**TTL settings.** Two project-level knobs in the `EASYAPI` bag:
+
+- `CACHE_TTL` — default 120s; overrides the framework default for
+  resources that don't declare an explicit `cache_ttl`.
+- `CACHE_TTL_ENABLE` — default `True`; flip to `False` for a global
+  kill switch (every `cache=True` resource becomes `cache=False` at
+  runtime, no Redis read or write).
+
+Every easyapi setting lives inside the `EASYAPI = {...}` dict
+(DRF/Celery-style namespace):
+
+```python
+# settings.py
+EASYAPI = {
+    'CACHE_TTL': 300,
+    'CACHE_TTL_ENABLE': True,
+    'ENFORCE_TOKEN': True,
+    'COOKIE_ID': 'sessionid',
+    'RATE_LIMITS': {...},
+}
+```
+
+Inside the bag the historical `EASYAPI_` prefix is redundant —
+`EASYAPI_API_KEY_RESOLVER` and `API_KEY_RESOLVER` resolve to the
+same setting.
+
+`CACHE_TTL` only sets the default — resources that declare
+`cache_ttl = N` keep that explicit value.
+`CACHE_TTL_ENABLE = False` is a kill switch that forces
+`self.cache = False` for every request, useful for incident response
+without code edits.
+
 **Per-scope caching.** When the response varies on a user/account
 dimension *inside* the same tenant — role, space, plan, country —
 declare it with `cache_scope_fields` so users sharing the same scope
@@ -482,11 +556,13 @@ pip install -r requirements-dev.txt
 pytest
 ```
 
-216 tests covering util, redis, cache, filters, filter validation, init,
-auth tokens (incl. nonce replay), schemas, openapi, helpers, serializer,
-client_ip, SecurityMiddleware, dispatch error handling, tenant connection
-and registry, MCP middleware chain, route gating, WS subscription
-hardening, public exports, and WebSocket optional import.
+301 tests covering util, redis, cache (incl. per-account auto-fold and
+per-scope keys), filters, filter validation, init, auth tokens (incl.
+nonce replay), schemas, openapi, helpers, serializer (incl. per-call
+timezone subclass), client_ip, allowed-domain checks, SecurityMiddleware,
+dispatch error handling, tenant connection and registry, MCP middleware
+chain, route gating, WS subscription hardening, public exports, and
+WebSocket optional import.
 
 ## Author
 

{easyapi_django-0.34 → easyapi_django-0.36}/README.md

@@ -48,7 +48,11 @@ MIDDLEWARE = [
     'easyapi.AuthMiddleware',        # session-based auth from Redis
     'easyapi.ExceptionMiddleware',
 ]
-TRUSTED_PROXIES = ['10.0.0.0/8']     # only trust X-Real-IP from these
+
+EASYAPI = {
+    'TRUSTED_PROXIES': ['10.0.0.0/8'],   # only trust X-Real-IP from these
+    # 'COOKIE_ID': 'sessionid', 'ENFORCE_TOKEN': True, ...
+}
 ```
 
 ## Create a resource
@@ -114,7 +118,7 @@ class YourResource(BaseResource):
 
     # Cache
     cache = True
-    cache_ttl = 600
+    cache_ttl = 600                    # default 120s; settings.CACHE_TTL overrides
 ```
 
 ## Querystrings
@@ -126,10 +130,48 @@ class YourResource(BaseResource):
 | `?field=value` / `?field__gte=...` | Filter on whitelisted fields                    |
 | `?fields=a,b`                      | Restrict returned fields (filtered by `list_fields`) |
 | `?filter=<json>`                   | Advanced filter expression on whitelisted fields |
-| `?segment_id=N`                    | Apply a stored segment                          |
+| `?segment_id=N`                    | Apply a saved segment (see below)               |
 | `?page=N&limit=M&order_by=field`   | Pagination + order                              |
 | `?normalize=true`                  | Return list as `{id: {...}}` instead of array   |
 
+## Saved segments
+
+A segment is a saved JSON filter expression — the same boolean tree
+`?filter=<json>` accepts, stored under a stable id. Useful for CRM-style
+"saved views", marketing audiences, dashboard filters.
+
+Wire it up by pointing `EASYAPI.SEGMENT_MODEL` at a model that exposes a
+`.conditions` attribute returning the Layer-2 dict:
+
+```python
+# settings.py
+EASYAPI = {
+    'SEGMENT_MODEL': 'modules.segment.models.Segment',
+}
+
+# modules/segment/models.py
+class Segment(models.Model):
+    name = models.CharField(max_length=120)
+    conditions = models.JSONField()      # the Layer-2 boolean tree
+
+Segment.objects.create(
+    name='Active demo accounts',
+    conditions={
+        'logical_operator': 'AND',
+        'rules': [
+            {'field': 'active', 'operator': 'exact',     'value': True},
+            {'field': 'name',   'operator': 'icontains', 'value': 'demo'},
+        ],
+    },
+)
+```
+
+Any resource then accepts `GET /clients?segment_id=42`. Conditions are
+validated against the resource's `filter_fields` whitelist; missing rows
+return 404. When `SEGMENT_MODEL` is unset, `?segment_id=` is a no-op. A
+bad path raises `ImportError` at first use — typos fail loudly instead of
+silently disabling segments.
+
 ## Pydantic schemas (optional)
 
 Set any of `create_schema`, `update_schema`, `list_schema` and easyapi
@@ -229,13 +271,45 @@ configuration needed; it just works for any project that uses
 `aset_tenant`. The auto-fold is keyed by `account_id is not None`, so an
 explicit `account_id = 0` still produces a per-tenant key (real value,
 not absence). Disable globally via
-`AUTO_SCOPE_CACHE_BY_ACCOUNT = False` if you have a single-tenant
-deployment and want the legacy key shape.
+`EASYAPI = {'AUTO_SCOPE_CACHE_BY_ACCOUNT': False}` if you have a
+single-tenant deployment and want the legacy key shape.
 
 If you override `_build_cache_key` in a project, call
 `self._account_cache_segment()` and append the result so the override
 inherits the tenant isolation.
 
+**TTL settings.** Two project-level knobs in the `EASYAPI` bag:
+
+- `CACHE_TTL` — default 120s; overrides the framework default for
+  resources that don't declare an explicit `cache_ttl`.
+- `CACHE_TTL_ENABLE` — default `True`; flip to `False` for a global
+  kill switch (every `cache=True` resource becomes `cache=False` at
+  runtime, no Redis read or write).
+
+Every easyapi setting lives inside the `EASYAPI = {...}` dict
+(DRF/Celery-style namespace):
+
+```python
+# settings.py
+EASYAPI = {
+    'CACHE_TTL': 300,
+    'CACHE_TTL_ENABLE': True,
+    'ENFORCE_TOKEN': True,
+    'COOKIE_ID': 'sessionid',
+    'RATE_LIMITS': {...},
+}
+```
+
+Inside the bag the historical `EASYAPI_` prefix is redundant —
+`EASYAPI_API_KEY_RESOLVER` and `API_KEY_RESOLVER` resolve to the
+same setting.
+
+`CACHE_TTL` only sets the default — resources that declare
+`cache_ttl = N` keep that explicit value.
+`CACHE_TTL_ENABLE = False` is a kill switch that forces
+`self.cache = False` for every request, useful for incident response
+without code edits.
+
 **Per-scope caching.** When the response varies on a user/account
 dimension *inside* the same tenant — role, space, plan, country —
 declare it with `cache_scope_fields` so users sharing the same scope
@@ -455,11 +529,13 @@ pip install -r requirements-dev.txt
 pytest
 ```
 
-216 tests covering util, redis, cache, filters, filter validation, init,
-auth tokens (incl. nonce replay), schemas, openapi, helpers, serializer,
-client_ip, SecurityMiddleware, dispatch error handling, tenant connection
-and registry, MCP middleware chain, route gating, WS subscription
-hardening, public exports, and WebSocket optional import.
+301 tests covering util, redis, cache (incl. per-account auto-fold and
+per-scope keys), filters, filter validation, init, auth tokens (incl.
+nonce replay), schemas, openapi, helpers, serializer (incl. per-call
+timezone subclass), client_ip, allowed-domain checks, SecurityMiddleware,
+dispatch error handling, tenant connection and registry, MCP middleware
+chain, route gating, WS subscription hardening, public exports, and
+WebSocket optional import.
 
 ## Author
 

{easyapi_django-0.34 → easyapi_django-0.36}/easyapi/auth.py

@@ -5,10 +5,17 @@ from time import time
 
 from .exception import HTTPException
 from .redis_config import KEY_PREFIX, get_redis
+from .settings_helper import get_token_max_drift_ms
 
 _NONCE_RE = re.compile(r'^[A-Za-z0-9_\-]{1,64}$')
 
 
+def _resolve_max_drift_ms(max_drift_ms):
+    if max_drift_ms is None:
+        return get_token_max_drift_ms()
+    return max_drift_ms
+
+
 def make_token(session_token, nonce, timestamp_ms=None):
     """Build an X-Token value from the session token, a nonce and a
     timestamp. Format: ``<timestamp_ms>.<nonce>.<hex_hmac>``.
@@ -25,7 +32,7 @@ def make_token(session_token, nonce, timestamp_ms=None):
     return f'{timestamp_ms}.{nonce}.{digest}'
 
 
-def validate_token(token, session_token, max_drift_ms=5000):
+def validate_token(token, session_token, max_drift_ms=None):
     """Validate the X-Token anti-replay header.
 
     Token format: ``<timestamp_ms>.<nonce>.<hex_hmac>``.
@@ -33,6 +40,8 @@ def validate_token(token, session_token, max_drift_ms=5000):
 
     Raises HTTPException(403) on any failure.
     """
+    max_drift_ms = _resolve_max_drift_ms(max_drift_ms)
+
     if not token:
         raise HTTPException(403, 'Not allowed, missing token')
     if not session_token:
@@ -61,12 +70,14 @@ def validate_token(token, session_token, max_drift_ms=5000):
     return nonce, timestamp_ms
 
 
-async def consume_nonce(session_token, nonce, timestamp_ms, max_drift_ms=5000):
+async def consume_nonce(session_token, nonce, timestamp_ms, max_drift_ms=None):
     """Reserve nonce in Redis to prevent replay within the drift window.
 
     Keyed by sha256(session_token):nonce. TTL = 2 * max_drift_ms (ms).
     Raises HTTPException(403) if nonce was already used.
     """
+    max_drift_ms = _resolve_max_drift_ms(max_drift_ms)
+
     redis = get_redis()
     sess_hash = hashlib.sha256(session_token.encode('utf-8')).hexdigest()[:16]
     key = f'{KEY_PREFIX}nonce:{sess_hash}:{nonce}'
@@ -76,7 +87,8 @@ async def consume_nonce(session_token, nonce, timestamp_ms, max_drift_ms=5000):
         raise HTTPException(403, 'Not allowed, replayed token')
 
 
-async def validate_token_async(token, session_token, max_drift_ms=5000):
+async def validate_token_async(token, session_token, max_drift_ms=None):
     """Validate X-Token and consume nonce atomically (Redis SETNX)."""
+    max_drift_ms = _resolve_max_drift_ms(max_drift_ms)
     nonce, timestamp_ms = validate_token(token, session_token, max_drift_ms)
     await consume_nonce(session_token, nonce, timestamp_ms, max_drift_ms)

{easyapi_django-0.34 → easyapi_django-0.36}/easyapi/base.py

@@ -41,52 +41,56 @@ from .util import validate_session_key
 from .rate_limit import RateLimiter
 from .tenant.tenant import aset_tenant, get_api_session
 from .redis_config import KEY_PREFIX, get_redis
-from settings.settings import COOKIE_ID
-
-try:
-    from settings.settings import ALLOWED_ORIGINS
-except Exception:
-    ALLOWED_ORIGINS = []
-
-try:
-    from settings.settings import ENFORCE_TOKEN
-except Exception:
-    ENFORCE_TOKEN = False
-
-try:
-    from settings.settings import AUTO_SCOPE_CACHE_BY_ACCOUNT
-except Exception:
-    AUTO_SCOPE_CACHE_BY_ACCOUNT = True
-
-try:
-    from settings.settings import RATE_LIMITS
-except Exception:
-    RATE_LIMITS = {
-        'api': [
-            {'interval': 1000, 'limit': 4},
-            {'interval': 5000, 'limit': 20}
-        ],
-        'login': [
-            {'interval': 5000, 'limit': 3},  # Janela curta
-            {'interval': 3600000, 'limit': 50}  # Janela longa
-        ],
-        'abuse': [
-            {'interval': 5000, 'limit': 20},
-            {'interval': 3600000, 'limit': 200}
-        ]
-    }
+from .settings_helper import get_cookie_id, get_setting, get_token_max_drift_ms
+
+COOKIE_ID = get_cookie_id()
+TOKEN_MAX_DRIFT_MS = get_token_max_drift_ms()
+ALLOWED_ORIGINS = get_setting('ALLOWED_ORIGINS', default=[])
+ENFORCE_TOKEN = get_setting('ENFORCE_TOKEN', default=False)
+AUTO_SCOPE_CACHE_BY_ACCOUNT = get_setting(
+    'AUTO_SCOPE_CACHE_BY_ACCOUNT', default=True,
+)
+CACHE_TTL = get_setting('CACHE_TTL')
+CACHE_TTL_ENABLE = get_setting('CACHE_TTL_ENABLE', default=True)
+RATE_LIMITS = get_setting('RATE_LIMITS', default={
+    'api': [
+        {'interval': 1000, 'limit': 4},
+        {'interval': 5000, 'limit': 20},
+    ],
+    'login': [
+        {'interval': 5000, 'limit': 3},
+        {'interval': 3600000, 'limit': 50},
+    ],
+    'abuse': [
+        {'interval': 5000, 'limit': 20},
+        {'interval': 3600000, 'limit': 200},
+    ],
+})
 
 
 logger = logging.getLogger(__name__)
 
 
-try:
-    Segment = getattr(
-        import_module('modules.segment.models'),
-        'Segment'
-    )
-except ImportError:
-    Segment = None
+_SEGMENT_MODEL_PATH = get_setting('SEGMENT_MODEL')
+_segment_model_cache = False  # sentinel; resolved lazily on first use
+
+
+def _get_segment_model():
+    """Lazy-resolve the project's Segment model.
+
+    Reads the dotted path from ``EASYAPI = {'SEGMENT_MODEL': ...}``.
+    When unset, ``?segment_id=`` is a no-op. Bad path raises so a typo
+    fails loudly instead of silently disabling segments.
+    """
+    global _segment_model_cache
+    if _segment_model_cache is not False:
+        return _segment_model_cache
+    if not _SEGMENT_MODEL_PATH:
+        _segment_model_cache = None
+        return None
+    module_path, attr = _SEGMENT_MODEL_PATH.rsplit('.', 1)
+    _segment_model_cache = getattr(import_module(module_path), attr)
+    return _segment_model_cache
 
 
 class BaseResource(View):
@@ -106,7 +110,9 @@ class BaseResource(View):
 
     account_db = 'default'
     cache = False
-    cache_ttl = 60
+    # Default TTL: settings.CACHE_TTL when set, else 120s.
+    # Subclasses can still override via ``cache_ttl = N`` and that wins.
+    cache_ttl = CACHE_TTL if CACHE_TTL is not None else 120
     cache_namespace = None
     route_cache = False
     session_cache = False
@@ -218,15 +224,6 @@ class BaseResource(View):
                     self.m2m_fields.append(field.name)
                     continue
 
-                # if field.concrete and field.many_to_one:
-                #     self.fk_fields.append(field.name)
-                #     fields.append(f'{field.name}_id')
-                #     continue
-
-                # if not field.concrete and field.one_to_many:
-                #     self.related_fields.append(field.name)
-                #     continue
-
             all_fields = [
                 field.name for field in self.model._meta.local_fields
             ]
@@ -252,25 +249,21 @@ class BaseResource(View):
         return None, None, None
 
     def get_allowed_domain(self, request):
-        if ALLOWED_ORIGINS:
-            allowed = False
-
-            host = request.headers.get('Host')
-            match = LOCAL_HOST.match(host)
-
-            if match:
-                allowed = True
+        if not ALLOWED_ORIGINS:
+            return
 
-            else:
-                referer = request.headers.get('Referer')
-                if referer:
-                    parsed_url = urlparse(referer)
-                    domain = parsed_url.netloc
-                    domain = domain.split(':')[0]
-                    for origin in ALLOWED_ORIGINS:
-                        if domain.endswith(origin):
-                            allowed = True
-                            break
+        allowed = False
+        host = request.headers.get('Host') or ''
+        if LOCAL_HOST.match(host):
+            allowed = True
+        else:
+            referer = request.headers.get('Referer')
+            if referer:
+                domain = urlparse(referer).netloc.split(':')[0]
+                for origin in ALLOWED_ORIGINS:
+                    if domain.endswith(origin):
+                        allowed = True
+                        break
 
         if not allowed:
             raise HTTPException(403, 'Not allowed')
@@ -290,12 +283,12 @@ class BaseResource(View):
         await self.check_is_blocked(self.identifier)
 
         if request.path.startswith('/login'):
-            result = RateLimiter.login_limited(self.identifier, RATE_LIMITS)
+            result = await RateLimiter.login_limited(self.identifier, RATE_LIMITS)
             if result['rate_limited']:
                 await self.block(self.identifier)
             return
 
-        result = RateLimiter.api_limited(self.identifier, RATE_LIMITS)
+        result = await RateLimiter.api_limited(self.identifier, RATE_LIMITS)
         if result['abuse']:
             await self.block(self.identifier)
         if result['rate_limited']:
@@ -338,6 +331,7 @@ class BaseResource(View):
         await validate_token_async(
             request.headers.get('X-Token'),
             self.user.get('token') if self.user else None,
+            max_drift_ms=TOKEN_MAX_DRIFT_MS,
         )
 
     _CACHE_SCOPE_SOURCES = ('user', 'account')
@@ -482,8 +476,15 @@ class BaseResource(View):
 
         label = self.model._meta.label_lower if self.model else 'unknown'
         outcome = 'hits' if response else 'misses'
-        await redis.incr(f'{KEY_PREFIX}cache_stats:{outcome}')
-        await redis.incr(f'{KEY_PREFIX}cache_stats:{outcome}:{label}')
+        # Per-model counters live in a single hash so ``get_cache_stats``
+        # can read them with one HGETALL instead of SCAN over the whole
+        # keyspace (the original ``cache_stats:hits:<label>`` layout
+        # cost 10+ seconds on production-sized Redis).
+        from .redis_config import _BY_MODEL_KEY, cache_stats_field
+        pipe = redis.pipeline()
+        pipe.incr(f'{KEY_PREFIX}cache_stats:{outcome}')
+        pipe.hincrby(_BY_MODEL_KEY, cache_stats_field(outcome, label), 1)
+        await pipe.execute()
 
         if response:
             return HttpResponse(response, content_type='application/json')
@@ -586,7 +587,15 @@ class BaseResource(View):
         handler = getattr(self, self.method, method_not_allowed) if not func else None
 
         is_custom_route = func is not None
-        self.cache = self.cache and self.method == 'get' and (not is_custom_route or self.route_cache)
+        # ``CACHE_TTL_ENABLE = False`` is a global kill switch — treats
+        # every ``cache=True`` resource as off without code edits.
+        # Useful for incident response (cache poisoning, stale data).
+        self.cache = (
+            self.cache
+            and CACHE_TTL_ENABLE
+            and self.method == 'get'
+            and (not is_custom_route or self.route_cache)
+        )
         if self.cache:
             cached = await self._serve_cache(request, session_key, is_custom_route)
             if cached is not None:
@@ -654,10 +663,18 @@ class BaseResource(View):
 
                 if field in self.filter_fields:
                     param = params[key][0]
-                    if param.lower() == 'false':
-                        param = False
-                    elif param.lower() == 'true':
-                        param = True
+                    is_bool_field = False
+                    if self.model:
+                        try:
+                            model_field = self.model._meta.get_field(field)
+                            is_bool_field = isinstance(model_field, models.BooleanField)
+                        except Exception:
+                            is_bool_field = False
+                    if is_bool_field:
+                        if param.lower() == 'false':
+                            param = False
+                        elif param.lower() == 'true':
+                            param = True
 
                     filter[key] = param
 
@@ -697,9 +714,6 @@ class BaseResource(View):
             except Exception:
                 pass
 
-    #########################################################
-    # Funçoes dentro do Resource
-    #########################################################
     async def serialize(self, result, **kwargs):
 
         if type(result) is JsonResponse:
@@ -819,7 +833,6 @@ class BaseResource(View):
     # GET
     #########################################################
 
-    # count só se aplica a listagens
     @sync_to_async
     def count(self):
         # InnoDB count(*) and Django's queryset.count() are slow on large tables
@@ -871,7 +884,6 @@ class BaseResource(View):
 
         check(conditions)
 
-    # filtro por segmento/filter só se aplica a listagens
     async def get_filters(self, request):
         if self.filters:
             self.queryset = self.queryset.filter(self.filters)
@@ -887,6 +899,7 @@ class BaseResource(View):
         if segment_id is None and filter_ is None:
             return
 
+        Segment = _get_segment_model()
         if Segment and segment_id:
             segment = await Segment.objects.filter(id=segment_id).afirst()
             if not segment:
@@ -1171,8 +1184,12 @@ class BaseResource(View):
 
         try:
             await qs.adelete()
-        except Exception as err:
-            raise HTTPException(400, err.__class__.__name__ + ': ' + err.__str__())
+        except Exception:
+            logger.exception(
+                'delete failed for %s id=%s',
+                self.model._meta.label if self.model else '<unknown>', id,
+            )
+            raise HTTPException(400, 'Could not delete item')
 
         return {'success': True, 'id': id, 'message': 'Deleted'}
 
@@ -1231,7 +1248,14 @@ class BaseResource(View):
                 field = getattr(self.model, key)
                 if field.field.primary_key:
                     key += '_id'
-                    value = int(value)
+                    target = getattr(field.field, 'target_field', field.field)
+                    if target.get_internal_type() in (
+                        'AutoField', 'BigAutoField', 'SmallAutoField',
+                        'IntegerField', 'BigIntegerField',
+                        'PositiveIntegerField', 'PositiveBigIntegerField',
+                        'PositiveSmallIntegerField', 'SmallIntegerField',
+                    ):
+                        value = int(value)
 
                 if isinstance(field.field, models.ForeignKey):
                     if not key.endswith('_id'):
@@ -1335,10 +1359,15 @@ class BaseResource(View):
         except IntegrityError as error:
             error_message = str(error)
             if "Duplicate entry" in error_message:
-                duplicate_value = error_message.split("'")[1]
-                error_message = f'{duplicate_value} already exist'
+                parts = error_message.split("'")
+                duplicate_value = parts[1] if len(parts) > 1 else 'value'
+                raise HTTPException(409, f'{duplicate_value} already exist')
 
-            raise HTTPException(409, error_message)
+            logger.exception(
+                'integrity error on create for %s',
+                self.model._meta.label if self.model else '<unknown>',
+            )
+            raise HTTPException(409, 'Conflict creating item')
 
         for key in custom.keys():
             try: