miso-client 0.1.0__py3-none-any.whl → 3.7.2__py3-none-any.whl

miso_client/services/logger_chain.py

@@ -0,0 +1,288 @@
+"""
+Logger chain for fluent logging API.
+
+This module provides the LoggerChain class for method chaining in logging operations.
+"""
+
+from typing import TYPE_CHECKING, Any, Optional
+
+if TYPE_CHECKING:
+    from .logger import LoggerService
+
+from ..models.config import ClientLoggingOptions
+from ..utils.request_context import extract_request_context
+
+
+class LoggerChain:
+    """Method chaining class for fluent logging API."""
+
+    def __init__(
+        self,
+        logger: "LoggerService",
+        context: Optional[dict[str, Any]] = None,
+        options: Optional[ClientLoggingOptions] = None,
+    ):
+        """
+        Initialize logger chain.
+
+        Args:
+            logger: Logger service instance
+            context: Initial context
+            options: Initial logging options
+        """
+        self.logger = logger
+        self.context = context or {}
+        self.options = options or ClientLoggingOptions()
+
+    def add_context(self, key: str, value: Any) -> "LoggerChain":
+        """Add context key-value pair."""
+        self.context[key] = value
+        return self
+
+    def add_user(self, user_id: str) -> "LoggerChain":
+        """Add user ID."""
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        self.options.userId = user_id
+        return self
+
+    def add_application(self, application_id: str) -> "LoggerChain":
+        """Add application ID."""
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        self.options.applicationId = application_id
+        return self
+
+    def add_correlation(self, correlation_id: str) -> "LoggerChain":
+        """Add correlation ID."""
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        self.options.correlationId = correlation_id
+        return self
+
+    def with_token(self, token: str) -> "LoggerChain":
+        """Add token for context extraction."""
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        self.options.token = token
+        return self
+
+    def without_masking(self) -> "LoggerChain":
+        """Disable data masking."""
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        self.options.maskSensitiveData = False
+        return self
+
+    def with_request(self, request: Any) -> "LoggerChain":
+        """
+        Auto-extract logging context from HTTP Request object.
+
+        Extracts: IP, method, path, user-agent, correlation ID, user from JWT.
+
+        Supports:
+        - FastAPI/Starlette Request
+        - Flask Request
+        - Generic dict-like request objects
+
+        Args:
+            request: HTTP request object
+
+        Returns:
+            Self for method chaining
+
+        Example:
+            >>> await logger.with_request(request).info("Processing request")
+        """
+        ctx = extract_request_context(request)
+
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+
+        # Merge into options (these become top-level LogEntry fields)
+        if ctx.user_id:
+            self.options.userId = ctx.user_id
+        if ctx.session_id:
+            self.options.sessionId = ctx.session_id
+        if ctx.correlation_id:
+            self.options.correlationId = ctx.correlation_id
+        if ctx.request_id:
+            self.options.requestId = ctx.request_id
+        if ctx.ip_address:
+            self.options.ipAddress = ctx.ip_address
+        if ctx.user_agent:
+            self.options.userAgent = ctx.user_agent
+
+        # Merge into context (additional request info, not top-level LogEntry fields)
+        if ctx.method:
+            self.context["method"] = ctx.method
+        if ctx.path:
+            self.context["path"] = ctx.path
+        if ctx.referer:
+            self.context["referer"] = ctx.referer
+        if ctx.request_size:
+            self.context["requestSize"] = ctx.request_size
+
+        return self
+
+    def with_indexed_context(
+        self,
+        source_key: Optional[str] = None,
+        source_display_name: Optional[str] = None,
+        external_system_key: Optional[str] = None,
+        external_system_display_name: Optional[str] = None,
+        record_key: Optional[str] = None,
+        record_display_name: Optional[str] = None,
+    ) -> "LoggerChain":
+        """
+        Add indexed context fields for fast querying.
+
+        Args:
+            source_key: ExternalDataSource.key
+            source_display_name: Human-readable source name
+            external_system_key: ExternalSystem.key
+            external_system_display_name: Human-readable system name
+            record_key: ExternalRecord.key
+            record_display_name: Human-readable record identifier
+
+        Returns:
+            Self for method chaining
+        """
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        if source_key:
+            self.options.sourceKey = source_key
+        if source_display_name:
+            self.options.sourceDisplayName = source_display_name
+        if external_system_key:
+            self.options.externalSystemKey = external_system_key
+        if external_system_display_name:
+            self.options.externalSystemDisplayName = external_system_display_name
+        if record_key:
+            self.options.recordKey = record_key
+        if record_display_name:
+            self.options.recordDisplayName = record_display_name
+        return self
+
+    def with_credential_context(
+        self,
+        credential_id: Optional[str] = None,
+        credential_type: Optional[str] = None,
+    ) -> "LoggerChain":
+        """
+        Add credential context for performance analysis.
+
+        Args:
+            credential_id: Credential identifier
+            credential_type: Credential type (apiKey, oauth2, etc.)
+
+        Returns:
+            Self for method chaining
+        """
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        if credential_id:
+            self.options.credentialId = credential_id
+        if credential_type:
+            self.options.credentialType = credential_type
+        return self
+
+    def with_request_metrics(
+        self,
+        request_size: Optional[int] = None,
+        response_size: Optional[int] = None,
+        duration_ms: Optional[int] = None,
+        duration_seconds: Optional[float] = None,
+        timeout: Optional[float] = None,
+        retry_count: Optional[int] = None,
+    ) -> "LoggerChain":
+        """
+        Add request/response metrics.
+
+        Args:
+            request_size: Request body size in bytes
+            response_size: Response body size in bytes
+            duration_ms: Duration in milliseconds
+            duration_seconds: Duration in seconds
+            timeout: Request timeout in seconds
+            retry_count: Number of retry attempts
+
+        Returns:
+            Self for method chaining
+        """
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        if request_size is not None:
+            self.options.requestSize = request_size
+        if response_size is not None:
+            self.options.responseSize = response_size
+        if duration_ms is not None:
+            self.options.durationMs = duration_ms
+        if duration_seconds is not None:
+            self.options.durationSeconds = duration_seconds
+        if timeout is not None:
+            self.options.timeout = timeout
+        if retry_count is not None:
+            self.options.retryCount = retry_count
+        return self
+
+    def with_error_context(
+        self,
+        error_category: Optional[str] = None,
+        http_status_category: Optional[str] = None,
+    ) -> "LoggerChain":
+        """
+        Add error classification context.
+
+        Args:
+            error_category: Error category (network, timeout, auth, validation, server)
+            http_status_category: HTTP status category (2xx, 4xx, 5xx)
+
+        Returns:
+            Self for method chaining
+        """
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        if error_category:
+            self.options.errorCategory = error_category
+        if http_status_category:
+            self.options.httpStatusCategory = http_status_category
+        return self
+
+    def add_session(self, session_id: str) -> "LoggerChain":
+        """
+        Add session ID to logging context.
+
+        Args:
+            session_id: Session identifier
+
+        Returns:
+            Self for method chaining
+        """
+        if self.options is None:
+            self.options = ClientLoggingOptions()
+        self.options.sessionId = session_id
+        return self
+
+    async def error(self, message: str, stack_trace: Optional[str] = None) -> None:
+        """Log error."""
+        await self.logger.error(message, self.context, stack_trace, self.options)
+
+    async def info(self, message: str) -> None:
+        """Log info."""
+        await self.logger.info(message, self.context, self.options)
+
+    async def audit(self, action: str, resource: str) -> None:
+        """Log audit."""
+        await self.logger.audit(action, resource, self.context, self.options)
+
+    async def debug(self, message: str) -> None:
+        """
+        Log debug message.
+
+        Only logs if log level is set to 'debug' in config.
+
+        Args:
+            message: Debug message
+        """
+        await self.logger.debug(message, self.context, self.options)

miso_client/services/permission.py

@@ -6,39 +6,55 @@ Permissions are cached with Redis and in-memory fallback using CacheService.
 Optimized to extract userId from JWT token before API calls for cache optimization.
 """
 
+import logging
 import time
-from typing import List, cast
-from ..models.config import PermissionResult
+from typing import TYPE_CHECKING, List, Optional, cast
+
+from ..models.config import AuthStrategy, PermissionResult
 from ..services.cache import CacheService
+from ..utils.auth_utils import validate_token_request
+from ..utils.error_utils import extract_correlation_id_from_error
 from ..utils.http_client import HttpClient
 from ..utils.jwt_tools import extract_user_id
 
+if TYPE_CHECKING:
+    from ..api import ApiClient
+
+logger = logging.getLogger(__name__)
+
 
 class PermissionService:
     """Permission service for user authorization with caching."""
-    
-    def __init__(self, http_client: HttpClient, cache: CacheService):
+
+    def __init__(
+        self, http_client: HttpClient, cache: CacheService, api_client: Optional["ApiClient"] = None
+    ):
         """
         Initialize permission service.
-        
+
         Args:
-            http_client: HTTP client instance
+            http_client: HTTP client instance (for backward compatibility)
             cache: Cache service instance (handles Redis + in-memory fallback)
+            api_client: Optional API client instance (for typed API calls)
         """
         self.config = http_client.config
         self.http_client = http_client
         self.cache = cache
+        self.api_client = api_client
         self.permission_ttl = self.config.permission_ttl
 
-    async def get_permissions(self, token: str) -> List[str]:
+    async def get_permissions(
+        self, token: str, auth_strategy: Optional[AuthStrategy] = None
+    ) -> List[str]:
         """
         Get user permissions with Redis caching.
-        
+
         Optimized to extract userId from token first to check cache before API call.
-        
+
         Args:
             token: JWT token
-            
+            auth_strategy: Optional authentication strategy
+
         Returns:
             List of user permissions
         """
@@ -56,10 +72,8 @@ class PermissionService:
             # Cache miss or no userId in token - fetch from controller
             # If we don't have userId, get it from validate endpoint
             if not user_id:
-                user_info = await self.http_client.authenticated_request(
-                    "POST",
-                    "/api/auth/validate",
-                    token
+                user_info = await validate_token_request(
+                    token, self.http_client, self.api_client, auth_strategy
                 )
                 user_id = user_info.get("user", {}).get("id") if user_info else None
                 if not user_id:
@@ -67,89 +81,114 @@ class PermissionService:
                 cache_key = f"permissions:{user_id}"
 
             # Cache miss - fetch from controller
-            permission_result = await self.http_client.authenticated_request(
-                "GET",
-                "/api/auth/permissions",  # Backend knows app/env from client token
-                token
-            )
+            if self.api_client:
+                # Use ApiClient for typed API calls
+                response = await self.api_client.permissions.get_permissions(
+                    token, auth_strategy=auth_strategy
+                )
+                permissions = response.data.permissions or []
+            else:
+                # Fallback to HttpClient for backward compatibility
+                if auth_strategy is not None:
+                    permission_result = await self.http_client.authenticated_request(
+                        "GET", "/api/v1/auth/permissions", token, auth_strategy=auth_strategy
+                    )
+                else:
+                    permission_result = await self.http_client.authenticated_request(
+                        "GET", "/api/v1/auth/permissions", token
+                    )
 
-            permission_data = PermissionResult(**permission_result)
-            permissions = permission_data.permissions or []
+                permission_data = PermissionResult(**permission_result)
+                permissions = permission_data.permissions or []
 
             # Cache the result (CacheService handles Redis + in-memory automatically)
             assert cache_key is not None
             await self.cache.set(
                 cache_key,
                 {"permissions": permissions, "timestamp": int(time.time() * 1000)},
-                self.permission_ttl
+                self.permission_ttl,
             )
 
             return permissions
-            
-        except Exception:
-            # Failed to get permissions, return empty list
+
+        except Exception as error:
+            correlation_id = extract_correlation_id_from_error(error)
+            logger.error(
+                "Failed to get permissions",
+                exc_info=error,
+                extra={"correlationId": correlation_id} if correlation_id else None,
+            )
             return []
 
-    async def has_permission(self, token: str, permission: str) -> bool:
+    async def has_permission(
+        self, token: str, permission: str, auth_strategy: Optional[AuthStrategy] = None
+    ) -> bool:
         """
         Check if user has specific permission.
-        
+
         Args:
             token: JWT token
             permission: Permission to check
-            
+            auth_strategy: Optional authentication strategy
+
         Returns:
             True if user has the permission, False otherwise
         """
-        permissions = await self.get_permissions(token)
+        permissions = await self.get_permissions(token, auth_strategy=auth_strategy)
         return permission in permissions
 
-    async def has_any_permission(self, token: str, permissions: List[str]) -> bool:
+    async def has_any_permission(
+        self, token: str, permissions: List[str], auth_strategy: Optional[AuthStrategy] = None
+    ) -> bool:
         """
         Check if user has any of the specified permissions.
-        
+
         Args:
             token: JWT token
             permissions: List of permissions to check
-            
+            auth_strategy: Optional authentication strategy
+
         Returns:
             True if user has any of the permissions, False otherwise
         """
-        user_permissions = await self.get_permissions(token)
+        user_permissions = await self.get_permissions(token, auth_strategy=auth_strategy)
         return any(permission in user_permissions for permission in permissions)
 
-    async def has_all_permissions(self, token: str, permissions: List[str]) -> bool:
+    async def has_all_permissions(
+        self, token: str, permissions: List[str], auth_strategy: Optional[AuthStrategy] = None
+    ) -> bool:
         """
         Check if user has all of the specified permissions.
-        
+
         Args:
             token: JWT token
             permissions: List of permissions to check
-            
+            auth_strategy: Optional authentication strategy
+
         Returns:
             True if user has all permissions, False otherwise
         """
-        user_permissions = await self.get_permissions(token)
+        user_permissions = await self.get_permissions(token, auth_strategy=auth_strategy)
         return all(permission in user_permissions for permission in permissions)
 
-    async def refresh_permissions(self, token: str) -> List[str]:
+    async def refresh_permissions(
+        self, token: str, auth_strategy: Optional[AuthStrategy] = None
+    ) -> List[str]:
         """
         Force refresh permissions from controller (bypass cache).
-        
+
         Args:
             token: JWT token
-            
+            auth_strategy: Optional authentication strategy
+
         Returns:
             Fresh list of user permissions
         """
         try:
             # Get user info to extract userId
-            user_info = await self.http_client.authenticated_request(
-                "POST",
-                "/api/auth/validate",
-                token
+            user_info = await validate_token_request(
+                token, self.http_client, self.api_client, auth_strategy
             )
-            
             user_id = user_info.get("user", {}).get("id") if user_info else None
             if not user_id:
                 return []
@@ -157,43 +196,62 @@ class PermissionService:
             cache_key = f"permissions:{user_id}"
 
             # Fetch fresh permissions from controller using refresh endpoint
-            permission_result = await self.http_client.authenticated_request(
-                "GET",
-                "/api/auth/permissions/refresh",
-                token
-            )
+            if self.api_client:
+                # Use ApiClient for typed API calls
+                response = await self.api_client.permissions.refresh_permissions(
+                    token, auth_strategy=auth_strategy
+                )
+                permissions = response.data.permissions or []
+            else:
+                # Fallback to HttpClient for backward compatibility
+                if auth_strategy is not None:
+                    permission_result = await self.http_client.authenticated_request(
+                        "GET",
+                        "/api/v1/auth/permissions/refresh",
+                        token,
+                        auth_strategy=auth_strategy,
+                    )
+                else:
+                    permission_result = await self.http_client.authenticated_request(
+                        "GET", "/api/v1/auth/permissions/refresh", token
+                    )
 
-            permission_data = PermissionResult(**permission_result)
-            permissions = permission_data.permissions or []
+                permission_data = PermissionResult(**permission_result)
+                permissions = permission_data.permissions or []
 
             # Update cache with fresh data (CacheService handles Redis + in-memory automatically)
             await self.cache.set(
                 cache_key,
                 {"permissions": permissions, "timestamp": int(time.time() * 1000)},
-                self.permission_ttl
+                self.permission_ttl,
             )
 
             return permissions
-            
-        except Exception:
-            # Failed to refresh permissions, return empty list
+
+        except Exception as error:
+            correlation_id = extract_correlation_id_from_error(error)
+            logger.error(
+                "Failed to refresh permissions",
+                exc_info=error,
+                extra={"correlationId": correlation_id} if correlation_id else None,
+            )
             return []
 
-    async def clear_permissions_cache(self, token: str) -> None:
+    async def clear_permissions_cache(
+        self, token: str, auth_strategy: Optional[AuthStrategy] = None
+    ) -> None:
         """
         Clear cached permissions for a user.
-        
+
         Args:
             token: JWT token
+            auth_strategy: Optional authentication strategy
         """
         try:
             # Get user info to extract userId
-            user_info = await self.http_client.authenticated_request(
-                "POST",
-                "/api/auth/validate",
-                token
+            user_info = await validate_token_request(
+                token, self.http_client, self.api_client, auth_strategy
             )
-            
             user_id = user_info.get("user", {}).get("id") if user_info else None
             if not user_id:
                 return
@@ -202,7 +260,12 @@ class PermissionService:
 
             # Clear from cache (CacheService handles Redis + in-memory automatically)
             await self.cache.delete(cache_key)
-                
-        except Exception:
-            # Failed to clear cache, silently continue
-            pass
+
+        except Exception as error:
+            correlation_id = extract_correlation_id_from_error(error)
+            logger.error(
+                "Failed to clear permissions cache",
+                exc_info=error,
+                extra={"correlationId": correlation_id} if correlation_id else None,
+            )
+            # Silently continue per service method pattern