miso-client 0.1.0__py3-none-any.whl → 3.7.2__py3-none-any.whl

miso_client/utils/audit_log_queue.py

@@ -0,0 +1,222 @@
+"""
+Audit log queue for batching multiple logs into single requests.
+
+Reduces network overhead by batching audit logs.
+"""
+
+import asyncio
+import signal
+from typing import TYPE_CHECKING, List, Optional
+
+from ..models.config import AuditConfig, LogEntry, MisoClientConfig
+from ..services.redis import RedisService
+from ..utils.circuit_breaker import CircuitBreaker
+
+if TYPE_CHECKING:
+    from ..utils.http_client import HttpClient
+
+
+class QueuedLogEntry:
+    """Internal class for queued log entries."""
+
+    def __init__(self, entry: LogEntry, timestamp: int):
+        """
+        Initialize queued log entry.
+
+        Args:
+            entry: LogEntry object
+            timestamp: Timestamp in milliseconds
+        """
+        self.entry = entry
+        self.timestamp = timestamp
+
+
+class AuditLogQueue:
+    """
+    Audit log queue for batching multiple logs into single requests.
+
+    Automatically batches audit logs based on size and time thresholds.
+    Supports Redis LIST for efficient queuing with HTTP fallback.
+    """
+
+    def __init__(
+        self,
+        http_client: "HttpClient",
+        redis: RedisService,
+        config: MisoClientConfig,
+    ):
+        """
+        Initialize audit log queue.
+
+        Args:
+            http_client: HttpClient instance for sending logs
+            redis: RedisService instance for queuing
+            config: MisoClientConfig with audit configuration
+        """
+        self.http_client = http_client
+        self.redis = redis
+        self.config = config
+        self.queue: List[QueuedLogEntry] = []
+        self.flush_timer: Optional[asyncio.Task] = None
+        self.is_flushing = False
+
+        audit_config: Optional[AuditConfig] = config.audit
+        self.batch_size: int = (
+            audit_config.batchSize if audit_config and audit_config.batchSize is not None else 10
+        )
+        self.batch_interval: int = (
+            audit_config.batchInterval
+            if audit_config and audit_config.batchInterval is not None
+            else 100
+        )
+
+        # Initialize circuit breaker for HTTP logging
+        circuit_breaker_config = audit_config.circuitBreaker if audit_config else None
+        self.circuit_breaker = CircuitBreaker(circuit_breaker_config)
+
+        # Setup graceful shutdown handlers (if available)
+        try:
+            signal.signal(signal.SIGINT, self._signal_handler)
+            signal.signal(signal.SIGTERM, self._signal_handler)
+        except (ValueError, OSError):
+            # Signal handlers may not be available in all environments
+            pass
+
+    def _signal_handler(self, signum, frame):
+        """Handle shutdown signals."""
+        # Schedule flush on next event loop iteration
+        if asyncio.get_event_loop().is_running():
+            asyncio.create_task(self.flush(True))
+
+    async def add(self, entry: LogEntry) -> None:
+        """
+        Add log entry to queue.
+
+        Automatically flushes if batch size is reached.
+
+        Args:
+            entry: LogEntry to add to queue
+        """
+        self.queue.append(QueuedLogEntry(entry, self._current_timestamp()))
+
+        # Flush if batch size reached
+        if len(self.queue) >= self.batch_size:
+            await self.flush(False)
+            return
+
+        # Setup flush timer if not already set
+        if self.flush_timer is None and len(self.queue) > 0:
+            self.flush_timer = asyncio.create_task(self._schedule_flush())
+
+    async def _schedule_flush(self) -> None:
+        """Schedule automatic flush after batch interval."""
+        try:
+            await asyncio.sleep(self.batch_interval / 1000.0)  # Convert ms to seconds
+            await self.flush(False)
+        except asyncio.CancelledError:
+            # Timer was cancelled, ignore
+            pass
+        finally:
+            self.flush_timer = None
+
+    def _current_timestamp(self) -> int:
+        """Get current timestamp in milliseconds."""
+        import time
+
+        return int(time.time() * 1000)
+
+    async def flush(self, sync: bool = False) -> None:
+        """
+        Flush queued logs.
+
+        Args:
+            sync: If True, wait for flush to complete (for shutdown)
+        """
+        if self.is_flushing:
+            return
+
+        # Cancel flush timer
+        if self.flush_timer:
+            self.flush_timer.cancel()
+            try:
+                await self.flush_timer
+            except asyncio.CancelledError:
+                pass
+            self.flush_timer = None
+
+        if len(self.queue) == 0:
+            return
+
+        self.is_flushing = True
+
+        try:
+            entries = self.queue[:]  # Copy queue
+            self.queue.clear()  # Clear queue
+
+            if len(entries) == 0:
+                self.is_flushing = False
+                return
+
+            log_entries = [e.entry for e in entries]
+
+            # Try Redis first (if available)
+            if self.redis.is_connected():
+                queue_name = f"audit-logs:{self.config.client_id}"
+                # Serialize all entries as JSON array
+                import json
+
+                entries_json = json.dumps([entry.model_dump() for entry in log_entries])
+                success = await self.redis.rpush(queue_name, entries_json)
+
+                if success:
+                    self.is_flushing = False
+                    return  # Successfully queued in Redis
+
+            # Check circuit breaker before attempting HTTP logging
+            if self.circuit_breaker.is_open():
+                # Circuit is open, skip HTTP logging to prevent infinite retry loops
+                self.is_flushing = False
+                return
+
+            # Fallback to HTTP batch endpoint
+            try:
+                await self.http_client.request(
+                    "POST",
+                    "/api/v1/logs/batch",
+                    {
+                        "logs": [
+                            entry.model_dump(
+                                exclude={"environment", "application"}, exclude_none=True
+                            )
+                            for entry in log_entries
+                        ]
+                    },
+                )
+                # Record success in circuit breaker
+                self.circuit_breaker.record_success()
+            except Exception:
+                # Failed to send logs - record failure in circuit breaker
+                self.circuit_breaker.record_failure()
+                # Silently fail to avoid infinite loops
+                pass
+        except Exception:
+            # Silently swallow errors - never break logging
+            pass
+        finally:
+            self.is_flushing = False
+
+    def get_queue_size(self) -> int:
+        """
+        Get current queue size.
+
+        Returns:
+            Number of entries in queue
+        """
+        return len(self.queue)
+
+    def clear(self) -> None:
+        """Clear queue (for testing/cleanup)."""
+        if self.flush_timer:
+            self.flush_timer.cancel()
+            self.flush_timer = None
+        self.queue.clear()

miso_client/utils/auth_strategy.py

@@ -0,0 +1,88 @@
+"""
+Authentication strategy handler utility.
+
+This module provides utilities for managing authentication strategies with
+priority-based fallback support.
+"""
+
+from typing import Dict, Optional
+
+from ..models.config import AuthMethod, AuthStrategy
+
+
+class AuthStrategyHandler:
+    """Handler for authentication strategies with priority-based fallback."""
+
+    @staticmethod
+    def build_auth_headers(
+        method: AuthMethod,
+        strategy: AuthStrategy,
+        client_token: Optional[str] = None,
+    ) -> Dict[str, str]:
+        """
+        Build authentication headers for a specific auth method.
+
+        Args:
+            method: Authentication method to use
+            strategy: Auth strategy configuration
+            client_token: Optional client token (for client-token and client-credentials methods)
+
+        Returns:
+            Dictionary of headers to add to the request
+
+        Raises:
+            ValueError: If required credentials are missing for the method
+        """
+        headers: Dict[str, str] = {}
+
+        if method == "bearer":
+            if not strategy.bearerToken:
+                raise ValueError("bearerToken is required for bearer authentication method")
+            headers["Authorization"] = f"Bearer {strategy.bearerToken}"
+
+        elif method == "client-token":
+            if not client_token:
+                raise ValueError("client_token is required for client-token authentication method")
+            headers["x-client-token"] = client_token
+
+        elif method == "client-credentials":
+            # Client credentials uses the same client token mechanism
+            # The client token is already automatically sent via _ensure_client_token
+            # This method is mainly for strategy ordering
+            if not client_token:
+                raise ValueError(
+                    "client_token is required for client-credentials authentication method"
+                )
+            headers["x-client-token"] = client_token
+
+        elif method == "api-key":
+            if not strategy.apiKey:
+                raise ValueError("apiKey is required for api-key authentication method")
+            # API key is sent as Bearer token (same format as bearer tokens)
+            headers["Authorization"] = f"Bearer {strategy.apiKey}"
+
+        return headers
+
+    @staticmethod
+    def should_try_method(method: AuthMethod, strategy: AuthStrategy) -> bool:
+        """
+        Check if a method should be tried based on the strategy.
+
+        Args:
+            method: Authentication method to check
+            strategy: Auth strategy configuration
+
+        Returns:
+            True if method should be tried, False otherwise
+        """
+        return method in strategy.methods
+
+    @staticmethod
+    def get_default_strategy() -> AuthStrategy:
+        """
+        Get default authentication strategy.
+
+        Returns:
+            Default AuthStrategy with ['bearer', 'client-token'] methods
+        """
+        return AuthStrategy(methods=["bearer", "client-token"])

miso_client/utils/auth_utils.py

@@ -0,0 +1,65 @@
+"""
+Authentication utilities for shared use across services.
+
+This module provides shared authentication utilities to avoid code duplication
+across service classes.
+"""
+
+from typing import TYPE_CHECKING, Any, Dict, Optional
+
+from ..models.config import AuthStrategy
+from ..utils.http_client import HttpClient
+
+if TYPE_CHECKING:
+    from ..api import ApiClient
+
+
+async def validate_token_request(
+    token: str,
+    http_client: HttpClient,
+    api_client: Optional["ApiClient"] = None,
+    auth_strategy: Optional[AuthStrategy] = None,
+) -> Dict[str, Any]:
+    """
+    Helper function to call /api/v1/auth/validate endpoint with proper request body.
+
+    Shared utility for RoleService and PermissionService to avoid code duplication.
+
+    Args:
+        token: JWT token to validate
+        http_client: HTTP client instance (for backward compatibility)
+        api_client: Optional API client instance (for typed API calls)
+        auth_strategy: Optional authentication strategy
+
+    Returns:
+        Validation result dictionary
+    """
+    if api_client:
+        # Use ApiClient for typed API calls
+        response = await api_client.auth.validate_token(token, auth_strategy=auth_strategy)
+        # Extract data from typed response
+        return {
+            "success": response.success,
+            "data": {
+                "authenticated": response.data.authenticated,
+                "user": response.data.user.model_dump() if response.data.user else None,
+                "expiresAt": response.data.expiresAt,
+            },
+            "timestamp": response.timestamp,
+        }
+    else:
+        # Fallback to HttpClient for backward compatibility
+        if auth_strategy is not None:
+            result = await http_client.authenticated_request(
+                "POST",
+                "/api/v1/auth/validate",
+                token,
+                {"token": token},
+                auth_strategy=auth_strategy,
+            )
+            return result  # type: ignore[no-any-return]
+        else:
+            result = await http_client.authenticated_request(
+                "POST", "/api/v1/auth/validate", token, {"token": token}
+            )
+            return result  # type: ignore[no-any-return]

miso_client/utils/circuit_breaker.py

@@ -0,0 +1,125 @@
+"""
+Circuit breaker implementation for HTTP logging.
+
+Prevents infinite retry loops when logging service is unavailable by opening
+the circuit after consecutive failures and resetting after a timeout period.
+"""
+
+import time
+from enum import Enum
+from typing import Optional
+
+from ..models.config import CircuitBreakerConfig
+
+
+class CircuitState(Enum):
+    """Circuit breaker state."""
+
+    CLOSED = "CLOSED"  # Normal operation, requests allowed
+    OPEN = "OPEN"  # Circuit open, requests blocked
+    HALF_OPEN = "HALF_OPEN"  # Testing if service recovered
+
+
+class CircuitBreaker:
+    """
+    Circuit breaker for HTTP logging.
+
+    Prevents infinite retry loops when logging service is unavailable.
+    Opens circuit after consecutive failures and resets after timeout period.
+
+    Attributes:
+        failure_threshold: Number of consecutive failures before opening circuit
+        reset_timeout: Seconds to wait before resetting circuit
+        state: Current circuit state
+        failure_count: Current consecutive failure count
+        last_failure_time: Timestamp of last failure
+        opened_at: Timestamp when circuit was opened
+    """
+
+    def __init__(self, config: Optional[CircuitBreakerConfig] = None):
+        """
+        Initialize circuit breaker with configuration.
+
+        Args:
+            config: Circuit breaker configuration (optional)
+        """
+        if config:
+            self.failure_threshold = config.failureThreshold or 3
+            self.reset_timeout = config.resetTimeout or 60
+        else:
+            self.failure_threshold = 3
+            self.reset_timeout = 60
+
+        self.state = CircuitState.CLOSED
+        self.failure_count = 0
+        self.last_failure_time: Optional[float] = None
+        self.opened_at: Optional[float] = None
+
+    def is_open(self) -> bool:
+        """
+        Check if circuit is open (requests should be blocked).
+
+        Automatically transitions from OPEN to HALF_OPEN after reset timeout.
+
+        Returns:
+            True if circuit is open, False otherwise
+        """
+        if self.state == CircuitState.CLOSED:
+            return False
+
+        if self.state == CircuitState.OPEN:
+            # Check if reset timeout has passed
+            if self.opened_at and (time.time() - self.opened_at) >= self.reset_timeout:
+                # Transition to HALF_OPEN to test if service recovered
+                self.state = CircuitState.HALF_OPEN
+                self.failure_count = 0
+                return False
+            return True
+
+        # HALF_OPEN state - allow requests to test recovery
+        return False
+
+    def record_success(self) -> None:
+        """
+        Record successful request.
+
+        Resets failure count and closes circuit if it was open.
+        """
+        if self.state == CircuitState.HALF_OPEN:
+            # Service recovered, close circuit
+            self.state = CircuitState.CLOSED
+            self.failure_count = 0
+            self.opened_at = None
+        elif self.state == CircuitState.CLOSED:
+            # Reset failure count on success
+            self.failure_count = 0
+
+    def record_failure(self) -> None:
+        """
+        Record failed request.
+
+        Increments failure count and opens circuit if threshold reached.
+        """
+        self.failure_count += 1
+        self.last_failure_time = time.time()
+
+        if self.failure_count >= self.failure_threshold:
+            # Open circuit
+            self.state = CircuitState.OPEN
+            self.opened_at = time.time()
+
+    def reset(self) -> None:
+        """Reset circuit breaker to initial state."""
+        self.state = CircuitState.CLOSED
+        self.failure_count = 0
+        self.last_failure_time = None
+        self.opened_at = None
+
+    def get_state(self) -> CircuitState:
+        """
+        Get current circuit state.
+
+        Returns:
+            Current circuit state
+        """
+        return self.state