nlbone 0.4.1__tar.gz → 0.4.3__tar.gz

{nlbone-0.4.1 → nlbone-0.4.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nlbone
-Version: 0.4.1
+Version: 0.4.3
 Summary: Backbone package for interfaces and infrastructure in Python projects
 Author-email: Amir Hosein Kahkbazzadeh <a.khakbazzadeh@gmail.com>
 License: MIT
@@ -8,14 +8,18 @@ License-File: LICENSE
 Requires-Python: >=3.10
 Requires-Dist: anyio>=4.0
 Requires-Dist: dependency-injector>=4.48.1
+Requires-Dist: elasticsearch==8.14.0
 Requires-Dist: fastapi>=0.116
 Requires-Dist: httpx>=0.27
 Requires-Dist: psycopg>=3.2.9
 Requires-Dist: pydantic-settings>=2.0
 Requires-Dist: pydantic>=2.0
+Requires-Dist: python-dateutil~=2.9.0.post0
 Requires-Dist: python-keycloak==5.8.1
+Requires-Dist: redis~=6.4.0
 Requires-Dist: sqlalchemy>=2.0
 Requires-Dist: starlette>=0.47
+Requires-Dist: typer>=0.17.4
 Requires-Dist: uvicorn>=0.35
 Description-Content-Type: text/markdown
 
@@ -75,4 +79,8 @@ async def main():
 
 
 anyio.run(main)
-```
+```
+
+## 📦 Used In
+- **Explore**
+- **Pricing**

{nlbone-0.4.1 → nlbone-0.4.3}/README.md

@@ -54,4 +54,8 @@ async def main():
 
 
 anyio.run(main)
-```
+```
+
+## 📦 Used In
+- **Explore**
+- **Pricing**

{nlbone-0.4.1 → nlbone-0.4.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "nlbone"
-version = "0.4.1"
+version = "0.4.3"
 description = "Backbone package for interfaces and infrastructure in Python projects"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -22,7 +22,11 @@ dependencies = [
     "uvicorn>=0.35",
     "sqlalchemy>=2.0",
     "psycopg>=3.2.9",
-    "dependency-injector>=4.48.1"
+    "dependency-injector>=4.48.1",
+    "elasticsearch==8.14.0",
+    "redis~=6.4.0",
+    "python-dateutil~=2.9.0.post0",
+    "typer>=0.17.4"
 ]
 
 [tool.ruff]
@@ -56,3 +60,6 @@ dev = [
     "pytest>=8.4.2",
     "ruff>=0.12.12",
 ]
+
+[project.scripts]
+nlbone = "nlbone.interfaces.cli.main:main"

{nlbone-0.4.1 → nlbone-0.4.3}/src/nlbone/adapters/auth/keycloak.py

@@ -1,7 +1,7 @@
 from keycloak import KeycloakOpenID
 from keycloak.exceptions import KeycloakAuthenticationError
 
-from nlbone.config.settings import Settings, get_settings
+from nlbone.config.settings import Settings, get_settings, is_production_env
 from nlbone.core.ports.auth import AuthService
 
 
@@ -14,8 +14,12 @@ class KeycloakAuthService(AuthService):
             realm_name=s.KEYCLOAK_REALM_NAME,
             client_secret_key=s.KEYCLOAK_CLIENT_SECRET.get_secret_value().strip(),
         )
+        self.bypass = not is_production_env()
 
     def has_access(self, token, permissions):
+        if self.bypass:
+            return True
+
         try:
             result = self.keycloak_openid.has_uma_access(token, permissions=permissions)
             return result.is_authorized
@@ -71,4 +75,4 @@ class KeycloakAuthService(AuthService):
     def client_has_access(self, token: str, permissions: list[str], allowed_clients: set[str] | None = None) -> bool:
         if not self.is_client_token(token, allowed_clients):
             return False
-        return self.has_access(token, permissions)
+        return self.has_access(token, permissions)

nlbone-0.4.3/src/nlbone/adapters/auth/token_provider.py

@@ -0,0 +1,40 @@
+import threading
+import time
+from typing import Optional, Dict, Any
+
+from nlbone.adapters.auth.keycloak import KeycloakAuthService
+
+
+class ClientTokenProvider:
+    """Caches Keycloak client-credentials token and refreshes before expiry."""
+
+    def __init__(self, auth: KeycloakAuthService, *, skew_seconds: int = 30) -> None:
+        self._auth = auth
+        self._skew = skew_seconds
+        self._lock = threading.Lock()
+        self._token: Optional[str] = None  # access_token
+        self._expires_at: float = 0.0  # epoch seconds
+
+    def _needs_refresh(self) -> bool:
+        return not self._token or time.time() >= (self._expires_at - self._skew)
+
+    def get_access_token(self) -> str:
+        """Return a valid access token; refresh if needed."""
+        if not self._needs_refresh():
+            return self._token
+
+        with self._lock:
+            if not self._needs_refresh():
+                return self._token
+
+            data: Dict[str, Any] = self._auth.get_client_token()
+            access_token = data.get("access_token")
+            if not access_token:
+                raise RuntimeError("Keycloak: missing access_token")
+            expires_in = int(data.get("expires_in", 60))
+            self._token = access_token
+            self._expires_at = time.time() + max(1, expires_in)
+            return self._token
+
+    def get_auth_header(self) -> str:
+        return f"Bearer {self.get_access_token()}"

nlbone-0.4.3/src/nlbone/adapters/db/__init__.py

@@ -0,0 +1,4 @@
+from .postgres import apply_pagination, get_paginated_response
+from .postgres.base import Base
+from .postgres.engine import async_ping, async_session, init_async_engine, init_sync_engine, sync_ping, sync_session
+import nlbone.adapters.db.postgres.audit

nlbone-0.4.3/src/nlbone/adapters/db/postgres/audit.py

@@ -0,0 +1,150 @@
+import uuid
+from datetime import date, datetime
+from typing import Any
+from sqlalchemy import event, inspect as sa_inspect
+from sqlalchemy.orm import Session as SASession
+from enum import Enum as _Enum
+from decimal import Decimal
+
+from nlbone.core.domain.models import AuditLog
+from nlbone.utils.context import current_context_dict
+
+DEFAULT_EXCLUDE = {"updated_at", "created_at"}
+DEFAULT_ENABLED = False
+DEFAULT_OPS = {"INSERT", "UPDATE", "DELETE"}
+
+
+def _get_ops_for(obj) -> set[str]:
+    ops = getattr(obj, "__audit_ops__", None)
+    if ops is None:
+        return set(DEFAULT_OPS)
+    return {str(op).upper() for op in ops}
+
+
+def _is_audit_disabled(obj) -> bool:
+    if not DEFAULT_ENABLED:
+        return True
+    if getattr(obj, "__audit_disable__", False):
+        return True
+    if hasattr(obj, "__audit_enable__") and not getattr(obj, "__audit_enable__"):
+        return True
+    return False
+
+
+def _is_op_enabled(obj, op: str) -> bool:
+    if _is_audit_disabled(obj):
+        return False
+    return op.upper() in _get_ops_for(obj)
+
+
+def _ser(val):
+    if isinstance(val, (date, datetime)):
+        return val.isoformat()
+    # UUID
+    if isinstance(val, uuid.UUID):
+        return str(val)
+    # Enum
+    if isinstance(val, _Enum):
+        return val.value
+    if isinstance(val, Decimal):
+        return str(val)
+    if isinstance(val, set):
+        return list(val)
+    return val
+
+
+def _entity_name(obj: Any) -> str:
+    return getattr(getattr(obj, "__table__", None), "name", None) or getattr(obj, "__tablename__",
+                                                                             None) or obj.__class__.__name__
+
+
+def _entity_id(obj: Any) -> str:
+    insp = sa_inspect(obj)
+    if insp.identity and len(insp.identity) == 1:
+        return _ser(insp.identity[0])
+    for pk in insp.mapper.primary_key:
+        v = getattr(obj, pk.key)
+        if v is not None:
+            return _ser(v)
+    return _ser(getattr(obj, "id", "?"))
+
+
+def _changes_for_update(obj: any) -> dict[str, dict[str, any]]:
+    changes = {}
+    insp = sa_inspect(obj)
+    exclude = set(getattr(obj, "__audit_exclude__", set())) | DEFAULT_EXCLUDE
+
+    for col in insp.mapper.column_attrs:
+        key = col.key
+        if key in exclude:
+            continue
+
+        try:
+            state = insp.attrs[key]
+        except KeyError:
+            continue
+
+        hist = state.history                 # History object
+        if hist.has_changes():
+            old = hist.deleted[0] if hist.deleted else None
+            new = hist.added[0] if hist.added else None
+            if old != new:
+                changes[key] = {"old": _ser(old), "new": _ser(new)}
+    return changes
+@event.listens_for(SASession, "before_flush")
+def before_flush(session: SASession, flush_context, instances):
+    entries = session.info.setdefault("_audit_entries", [])
+
+    # INSERT
+    for obj in session.new:
+        if isinstance(obj, AuditLog) or not _is_op_enabled(obj, "INSERT"):
+            continue
+        insp = sa_inspect(obj)
+        exclude = set(getattr(obj, "__audit_exclude__", set())) | DEFAULT_EXCLUDE
+        row = {}
+        for col_attr in insp.mapper.column_attrs:
+            key = col_attr.key
+            if key in exclude:
+                continue
+            row[key] = _ser(getattr(obj, key, None))
+        entries.append({
+            "obj": obj,
+            "op": "INSERT",
+            "changes": {k: {"old": None, "new": v} for k, v in row.items()}
+        })
+
+    # UPDATE
+    for obj in session.dirty:
+        if isinstance(obj, AuditLog) or not _is_op_enabled(obj, "UPDATE"):
+            continue
+        if session.is_modified(obj, include_collections=False):
+            ch = _changes_for_update(obj)
+            if ch:
+                entries.append({"obj": obj, "op": "UPDATE", "changes": ch})
+
+    # DELETE
+    for obj in session.deleted:
+        if isinstance(obj, AuditLog) or not _is_op_enabled(obj, "DELETE"):
+            continue
+        entries.append({"obj": obj, "op": "DELETE", "changes": None})
+
+
+@event.listens_for(SASession, "after_flush_postexec")
+def after_flush_postexec(session: SASession, flush_context):
+    entries = session.info.pop("_audit_entries", [])
+    if not entries:
+        return
+    ctx = current_context_dict()
+    for e in entries:
+        obj = e["obj"]
+        al = AuditLog(
+            entity=_entity_name(obj),
+            entity_id=str(_entity_id(obj)),
+            operation=e["op"],
+            changes=e.get("changes"),
+            actor_id=ctx.get("user_id"),
+            request_id=ctx.get("request_id"),
+            ip=ctx.get("ip"),
+            user_agent=ctx.get("user_agent"),
+        )
+        session.add(al)

{nlbone-0.4.1/src/nlbone/adapters/db/sqlalchemy → nlbone-0.4.3/src/nlbone/adapters/db/postgres}/schema.py

@@ -1,8 +1,8 @@
 import importlib
 from typing import Sequence
 
-from nlbone.adapters.db.sqlalchemy.base import Base
-from nlbone.adapters.db.sqlalchemy.engine import init_async_engine, init_sync_engine
+from nlbone.adapters.db.postgres.base import Base
+from nlbone.adapters.db.postgres.engine import init_async_engine, init_sync_engine
 
 DEFAULT_MODEL_MODULES: Sequence[str] = ()
 

nlbone-0.4.3/src/nlbone/adapters/db/redis/client.py

@@ -0,0 +1,22 @@
+import redis
+
+from nlbone.config.settings import get_settings
+
+
+class RedisClient:
+    _client: redis.Redis | None = None
+
+    @classmethod
+    def get_client(cls) -> redis.Redis:
+        if cls._client is None:
+            cls._client = redis.from_url(
+                get_settings().REDIS_URL,
+                decode_responses=True
+            )
+        return cls._client
+
+    @classmethod
+    def close(cls):
+        if cls._client is not None:
+            cls._client.close()
+            cls._client = None

{nlbone-0.4.1 → nlbone-0.4.3}/src/nlbone/adapters/http_clients/uploadchi.py

@@ -7,6 +7,7 @@ from urllib.parse import urlparse, urlunparse
 import httpx
 import requests
 
+from nlbone.adapters.auth.token_provider import ClientTokenProvider
 from nlbone.config.settings import get_settings
 from nlbone.core.ports.files import FileServicePort
 
@@ -30,7 +31,7 @@ def _auth_headers(token: str | None) -> dict[str, str]:
 
 
 def _build_list_query(
-    limit: int, offset: int, filters: dict[str, Any] | None, sort: list[tuple[str, str]] | None
+        limit: int, offset: int, filters: dict[str, Any] | None, sort: list[tuple[str, str]] | None
 ) -> dict[str, Any]:
     q: dict[str, Any] = {"limit": limit, "offset": offset}
     if filters:
@@ -58,21 +59,23 @@ def _normalize_https_base(url: str) -> str:
 
 class UploadchiClient(FileServicePort):
     def __init__(
-        self,
-        base_url: Optional[str] = None,
-        timeout_seconds: Optional[float] = None,
-        client: httpx.Client | None = None,
+            self,
+            token_provider: ClientTokenProvider | None = None,
+            base_url: Optional[str] = None,
+            timeout_seconds: Optional[float] = None,
+            client: httpx.Client | None = None,
     ) -> None:
         s = get_settings()
         self._base_url = _normalize_https_base(base_url or str(s.UPLOADCHI_BASE_URL))
         self._timeout = timeout_seconds or float(s.HTTP_TIMEOUT_SECONDS)
         self._client = client or requests.session()
+        self._token_provider = token_provider
 
     def close(self) -> None:
         self._client.close()
 
     def upload_file(
-        self, file_bytes: bytes, filename: str, params: dict[str, Any] | None = None, token: str | None = None
+            self, file_bytes: bytes, filename: str, params: dict[str, Any] | None = None, token: str | None = None
     ) -> dict:
         tok = _resolve_token(token)
         files = {"file": (filename, file_bytes)}
@@ -82,23 +85,35 @@ class UploadchiClient(FileServicePort):
             raise UploadchiError(r.status_code, r.text)
         return r.json()
 
-    def commit_file(self, file_id: int, client_id: str, token: str | None = None) -> None:
+    def commit_file(self, file_id: str, token: str | None = None) -> None:
+        if not token and not self._token_provider:
+            raise UploadchiError(detail="token_provider is not provided", status=400)
         tok = _resolve_token(token)
         r = self._client.post(
             f"{self._base_url}/{file_id}/commit",
             headers=_auth_headers(tok),
-            params={"client_id": client_id} if client_id else None,
+        )
+        if r.status_code not in (204, 200):
+            raise UploadchiError(r.status_code, r.text)
+
+    def rollback(self, file_id: str, token: str | None = None) -> None:
+        if not token and not self._token_provider:
+            raise UploadchiError(detail="token_provider is not provided", status=400)
+        tok = _resolve_token(token)
+        r = self._client.post(
+            f"{self._base_url}/{file_id}/rollback",
+            headers=_auth_headers(tok),
         )
         if r.status_code not in (204, 200):
             raise UploadchiError(r.status_code, r.text)
 
     def list_files(
-        self,
-        limit: int = 10,
-        offset: int = 0,
-        filters: dict[str, Any] | None = None,
-        sort: list[tuple[str, str]] | None = None,
-        token: str | None = None,
+            self,
+            limit: int = 10,
+            offset: int = 0,
+            filters: dict[str, Any] | None = None,
+            sort: list[tuple[str, str]] | None = None,
+            token: str | None = None,
     ) -> dict:
         tok = _resolve_token(token)
         q = _build_list_query(limit, offset, filters, sort)
@@ -107,14 +122,14 @@ class UploadchiClient(FileServicePort):
             raise UploadchiError(r.status_code, r.text)
         return r.json()
 
-    def get_file(self, file_id: int, token: str | None = None) -> dict:
+    def get_file(self, file_id: str, token: str | None = None) -> dict:
         tok = _resolve_token(token)
         r = self._client.get(f"{self._base_url}/{file_id}", headers=_auth_headers(tok))
         if r.status_code >= 400:
             raise UploadchiError(r.status_code, r.text)
         return r.json()
 
-    def download_file(self, file_id: int, token: str | None = None) -> tuple[bytes, str, str]:
+    def download_file(self, file_id: str, token: str | None = None) -> tuple[bytes, str, str]:
         tok = _resolve_token(token)
         r = self._client.get(f"{self._base_url}/{file_id}/download", headers=_auth_headers(tok))
         if r.status_code >= 400:
@@ -123,7 +138,7 @@ class UploadchiClient(FileServicePort):
         media_type = r.headers.get("content-type", "application/octet-stream")
         return r.content, filename, media_type
 
-    def delete_file(self, file_id: int, token: str | None = None) -> None:
+    def delete_file(self, file_id: str, token: str | None = None) -> None:
         tok = _resolve_token(token)
         r = self._client.delete(f"{self._base_url}/{file_id}", headers=_auth_headers(tok))
         if r.status_code not in (204, 200):

{nlbone-0.4.1 → nlbone-0.4.3}/src/nlbone/adapters/http_clients/uploadchi_async.py

@@ -8,14 +8,16 @@ from nlbone.config.settings import get_settings
 from nlbone.core.ports.files import AsyncFileServicePort
 
 from .uploadchi import UploadchiError, _auth_headers, _build_list_query, _filename_from_cd, _resolve_token
+from ..auth.token_provider import ClientTokenProvider
 
 
 class UploadchiAsyncClient(AsyncFileServicePort):
     def __init__(
-        self,
-        base_url: Optional[str] = None,
-        timeout_seconds: Optional[float] = None,
-        client: httpx.AsyncClient | None = None,
+            self,
+            token_provider: ClientTokenProvider | None = None,
+            base_url: Optional[str] = None,
+            timeout_seconds: Optional[float] = None,
+            client: httpx.AsyncClient | None = None,
     ) -> None:
         s = get_settings()
         self._base_url = base_url or str(s.UPLOADCHI_BASE_URL)
@@ -23,12 +25,13 @@ class UploadchiAsyncClient(AsyncFileServicePort):
         self._client = client or httpx.AsyncClient(
             base_url=self._base_url, timeout=self._timeout, follow_redirects=True
         )
+        self._token_provider = token_provider
 
     async def aclose(self) -> None:
         await self._client.aclose()
 
     async def upload_file(
-        self, file_bytes: bytes, filename: str, params: dict[str, Any] | None = None, token: str | None = None
+            self, file_bytes: bytes, filename: str, params: dict[str, Any] | None = None, token: str | None = None
     ) -> dict:
         tok = _resolve_token(token)
         files = {"file": (filename, file_bytes)}
@@ -38,21 +41,33 @@ class UploadchiAsyncClient(AsyncFileServicePort):
             raise UploadchiError(r.status_code, await r.aread())
         return r.json()
 
-    async def commit_file(self, file_id: int, client_id: str, token: str | None = None) -> None:
+    async def commit_file(self, file_id: str, token: str | None = None) -> None:
+        if not token and not self._token_provider:
+            raise UploadchiError(detail="token_provider is not provided", status=400)
         tok = _resolve_token(token)
         r = await self._client.post(
-            f"/{file_id}/commit", headers=_auth_headers(tok), params={"client_id": client_id} if client_id else None
+            f"/{file_id}/commit", headers=_auth_headers(tok)
+        )
+        if r.status_code not in (204, 200):
+            raise UploadchiError(r.status_code, await r.aread())
+
+    async def rollback(self, file_id: str, token: str | None = None) -> None:
+        if not token and not self._token_provider:
+            raise UploadchiError(detail="token_provider is not provided", status=400)
+        tok = _resolve_token(token)
+        r = await self._client.post(
+            f"/{file_id}/rollback", headers=_auth_headers(tok)
         )
         if r.status_code not in (204, 200):
             raise UploadchiError(r.status_code, await r.aread())
 
     async def list_files(
-        self,
-        limit: int = 10,
-        offset: int = 0,
-        filters: dict[str, Any] | None = None,
-        sort: list[tuple[str, str]] | None = None,
-        token: str | None = None,
+            self,
+            limit: int = 10,
+            offset: int = 0,
+            filters: dict[str, Any] | None = None,
+            sort: list[tuple[str, str]] | None = None,
+            token: str | None = None,
     ) -> dict:
         tok = _resolve_token(token)
         q = _build_list_query(limit, offset, filters, sort)
@@ -61,14 +76,14 @@ class UploadchiAsyncClient(AsyncFileServicePort):
             raise UploadchiError(r.status_code, await r.aread())
         return r.json()
 
-    async def get_file(self, file_id: int, token: str | None = None) -> dict:
+    async def get_file(self, file_id: str, token: str | None = None) -> dict:
         tok = _resolve_token(token)
         r = await self._client.get(f"/{file_id}", headers=_auth_headers(tok))
         if r.status_code >= 400:
             raise UploadchiError(r.status_code, await r.aread())
         return r.json()
 
-    async def download_file(self, file_id: int, token: str | None = None) -> tuple[AsyncIterator[bytes], str, str]:
+    async def download_file(self, file_id: str, token: str | None = None) -> tuple[AsyncIterator[bytes], str, str]:
         tok = _resolve_token(token)
         r = await self._client.get(f"/{file_id}/download", headers=_auth_headers(tok), stream=True)
         if r.status_code >= 400:
@@ -86,7 +101,7 @@ class UploadchiAsyncClient(AsyncFileServicePort):
 
         return _aiter(), filename, media_type
 
-    async def delete_file(self, file_id: int, token: str | None = None) -> None:
+    async def delete_file(self, file_id: str, token: str | None = None) -> None:
         tok = _resolve_token(token)
         r = await self._client.delete(f"/{file_id}", headers=_auth_headers(tok))
         if r.status_code not in (204, 200):

nlbone-0.4.3/src/nlbone/adapters/percolation/__init__.py

@@ -0,0 +1 @@
+from .connection import get_es_client

nlbone-0.4.3/src/nlbone/adapters/percolation/connection.py

@@ -0,0 +1,12 @@
+from elasticsearch import Elasticsearch
+
+from nlbone.config.settings import get_settings
+
+setting = get_settings()
+
+def get_es_client():
+    es = Elasticsearch(
+        setting.ELASTIC_PERCOLATE_URL,
+        basic_auth=(setting.ELASTIC_PERCOLATE_USER, setting.ELASTIC_PERCOLATE_PASS.get_secret_value().strip())
+    )
+    return es