oxutils 0.1.0__py3-none-any.whl

oxutils/exceptions.py

@@ -0,0 +1,117 @@
+from django.utils.translation import gettext_lazy as _
+from oxutils.mixins.base import DetailDictMixin
+
+
+
+class OxException(Exception):
+    pass
+
+
+try:
+    from ninja_extra import status, exceptions
+
+    STATUS_CODE = status.HTTP_500_INTERNAL_SERVER_ERROR
+    NinjaException = exceptions.APIException
+except:
+    STATUS_CODE = 500
+    NinjaException = OxException
+
+
+class ExceptionCode:
+    INTERNAL_ERROR = 'internal_error'
+    FAILED_ERROR = 'failed_error'
+    VALIDATION_ERROR = 'validation_error'
+    CONFLICT_ERROR = 'conflict_error'
+    NOT_FOUND = 'not_found'
+    UNAUTHORIZED = 'unauthorized'
+    FORBIDDEN = 'forbidden'
+    BAD_REQUEST = 'bad_request'
+    AUTHENTICATION_FAILED = 'authentication_failed'
+    PERMISSION_DENIED = 'permission_denied'
+    METHOD_NOT_ALLOWED = 'method_not_allowed'
+    NOT_ACCEPTABLE = 'not_acceptable'
+    TIMEOUT = 'timeout'
+    RATE_LIMIT_EXCEEDED = 'rate_limit_exceeded'
+    SERVICE_UNAVAILABLE = 'service_unavailable'
+    INVALID_TOKEN = 'invalid_token'
+    INVALID_ORGANIZATION_TOKEN = "invalid_org_token"
+    EXPIRED_TOKEN = 'expired_token'
+    INVALID_CREDENTIALS = 'invalid_credentials'
+    ACCOUNT_DISABLED = 'account_disabled'
+    ACCOUNT_NOT_VERIFIED = 'account_not_verified'
+    DUPLICATE_ENTRY = 'duplicate_entry'
+    RESOURCE_LOCKED = 'resource_locked'
+    PAYMENT_REQUIRED = 'payment_required'
+    INSUFFICIENT_PERMISSIONS = 'insufficient_permissions'
+    QUOTA_EXCEEDED = 'quota_exceeded'
+    INVALID_INPUT = 'invalid_input'
+    MISSING_PARAMETER = 'missing_parameter'
+    INVALID_PARAMETER = 'invalid_parameter'
+    OPERATION_NOT_PERMITTED = 'operation_not_permitted'
+    RESOURCE_EXHAUSTED = 'resource_exhausted'
+    PRECONDITION_FAILED = 'precondition_failed'
+
+    # Non Error
+    SUCCESS = 'success'
+    
+
+
+class APIException(DetailDictMixin, NinjaException):
+    status_code = STATUS_CODE
+    default_code = ExceptionCode.INTERNAL_ERROR
+    default_detail = _('We encountered an error, please try again later.')
+
+
+class NotFoundException(APIException):
+    status_code = 404
+    default_code = ExceptionCode.NOT_FOUND
+    default_detail = _('The requested resource does not exist')
+
+
+class ValidationException(APIException):
+    status_code = 400
+    default_code = ExceptionCode.VALIDATION_ERROR
+    default_detail = _('Validation error')
+
+
+class ConflictException(APIException):
+    status_code = 409
+    default_code = ExceptionCode.CONFLICT_ERROR
+    default_detail = _('The operation conflicts with existing data')
+
+
+class DuplicateEntryException(APIException):
+    status_code = 409
+    default_code = ExceptionCode.DUPLICATE_ENTRY
+    default_detail = _('A resource with these details already exists')
+
+
+class PermissionDeniedException(APIException):
+    status_code = 403
+    default_code = ExceptionCode.PERMISSION_DENIED
+    default_detail = _('You do not have permission to perform this action')
+
+
+class UnauthorizedException(APIException):
+    status_code = 401
+    default_code = ExceptionCode.UNAUTHORIZED
+    default_detail = _('Authentication is required')
+
+
+class InvalidParameterException(APIException):
+    status_code = 400
+    default_code = ExceptionCode.INVALID_PARAMETER
+    default_detail = _('Invalid parameter provided')
+
+
+class MissingParameterException(APIException):
+    status_code = 400
+    default_code = ExceptionCode.MISSING_PARAMETER
+    default_detail = _('Required parameter is missing')
+
+
+class InternalErrorException(APIException):
+    status_code = 500
+    default_code = ExceptionCode.INTERNAL_ERROR
+    default_detail = _('An unexpected error occurred while processing your request')
+    

oxutils/functions.py

@@ -0,0 +1,99 @@
+from django.conf import settings
+from urllib.parse import urljoin
+from ninja.files import UploadedFile
+from ninja_extra.exceptions import ValidationError
+
+
+
+def get_absolute_url(url: str, request=None):
+    if request:
+        # Build absolute URL using request
+        return request.build_absolute_uri(url)
+    else:
+        # Fallback: build URL using MEDIA_URL and domain
+        base_url = getattr(settings, 'SITE_URL', 'http://localhost:8000')
+        return urljoin(base_url, url)
+
+
+def request_is_bound(request):
+    """
+    Check if a request is bound (has data), similar to Django Form.is_bound.
+    """
+    
+    if not request or not hasattr(request, 'method'):
+        return False
+    
+    if hasattr(request, 'data'):
+        return (
+            request.data is not None or
+            bool(getattr(request, 'FILES', {})) or
+            request.method in ('POST', 'PUT', 'PATCH')
+        )
+    
+    elif hasattr(request, 'POST'):
+        return (
+            len(getattr(request, 'POST', {})) > 0 or
+            len(getattr(request, 'FILES', {})) > 0 or
+            request.method in ('POST', 'PUT', 'PATCH')
+        )
+    
+    return False
+
+
+def get_request_data(request):
+    """
+    Extract data from request, similar to how Django Forms get their data.
+    
+    Args:
+        request: Django HttpRequest or DRF Request object
+        
+    Returns:
+        dict: Request data (empty dict if no data)
+    """
+    if not request:
+        return {}
+    
+    # DRF Request
+    if hasattr(request, 'data'):
+        return request.data or {}
+    
+    # Django HttpRequest
+    elif hasattr(request, 'POST'):
+        return dict(request.POST) if request.POST else {}
+    
+    return {}
+
+
+def validate_image(image: UploadedFile, size: int = 2):
+    """Validate uploaded image file"""
+    # Check file size (2MB = 2 * 1024 * 1024 bytes)
+    MAX_FILE_SIZE = size * 1024 * 1024  # 2MB
+    if image.size > MAX_FILE_SIZE:
+        raise ValidationError(f"La taille du fichier ne peut pas dépasser 2MB. Taille actuelle: {image.size / (1024 * 1024):.1f}MB")
+    
+    # Check file type
+    ALLOWED_TYPES = ['image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'image/webp']
+    if image.content_type not in ALLOWED_TYPES:
+        raise ValidationError(f"Type de fichier non supporté. Types autorisés: {', '.join(ALLOWED_TYPES)}")
+    
+    # Check file extension
+    ALLOWED_EXTENSIONS = ['.jpg', '.jpeg', '.png', '.gif', '.webp']
+    file_extension = image.name.lower().split('.')[-1] if '.' in image.name else ''
+    if f'.{file_extension}' not in ALLOWED_EXTENSIONS:
+        raise ValidationError(f"Extension de fichier non supportée. Extensions autorisées: {', '.join(ALLOWED_EXTENSIONS)}")
+    
+    # Additional validation: check if file is actually an image
+    try:
+        from PIL import Image
+        import io
+        
+        # Reset file pointer to beginning
+        image.seek(0)
+        image = Image.open(io.BytesIO(image.read()))
+        image.verify()  # Verify it's a valid image
+        
+        # Reset file pointer again for later use
+        image.seek(0)
+        
+    except Exception as e:
+        raise ValidationError("Le fichier n'est pas une image valide")

oxutils/jwt/auth.py

@@ -0,0 +1,55 @@
+import os
+from typing import Dict, Any, Optional
+from jwcrypto import jwk
+from django.core.exceptions import ImproperlyConfigured
+from oxutils.settings import oxi_settings
+
+
+
+_public_jwk_cache: Optional[jwk.JWK] = None
+
+
+
+def get_jwks() -> Dict[str, Any]:
+    """
+    Get JSON Web Key Set (JWKS) for JWT verification.
+    
+    Returns:
+        Dict containing the public JWK in JWKS format.
+        
+    Raises:
+        ImproperlyConfigured: If jwt_verifying_key is not configured or file doesn't exist.
+    """
+    global _public_jwk_cache
+    
+    if oxi_settings.jwt_verifying_key is None:
+        raise ImproperlyConfigured(
+            "JWT verifying key is not configured. Set OXI_JWT_VERIFYING_KEY environment variable."
+        )
+    
+    key_path = oxi_settings.jwt_verifying_key
+    
+    if not os.path.exists(key_path):
+        raise ImproperlyConfigured(
+            f"JWT verifying key file not found at: {key_path}"
+        )
+    
+    if _public_jwk_cache is None:
+        try:
+            with open(key_path, 'r') as f:
+                key_data = f.read()
+            
+            _public_jwk_cache = jwk.JWK.from_pem(key_data.encode('utf-8'))
+            _public_jwk_cache.update(kid='main')
+        except Exception as e:
+            raise ImproperlyConfigured(
+                f"Failed to load JWT verifying key from {key_path}: {str(e)}"
+            )
+    
+    return {"keys": [_public_jwk_cache.export(as_dict=True)]}
+
+
+def clear_jwk_cache() -> None:
+    """Clear the cached JWK. Useful for testing or key rotation."""
+    global _public_jwk_cache
+    _public_jwk_cache = None

oxutils/jwt/client.py

@@ -0,0 +1,123 @@
+import jwt
+import requests
+from typing import Dict, Any, Optional
+from datetime import datetime, timedelta
+from django.core.exceptions import ImproperlyConfigured
+from oxutils.settings import oxi_settings
+from .constants import JWT_ALGORITHM
+
+
+_jwks_cache: Optional[Dict[str, Any]] = None
+_jwks_cache_time: Optional[datetime] = None
+_jwks_cache_ttl = timedelta(hours=1)
+
+
+def get_jwks_url() -> str:
+    """
+    Get JWKS URL from settings.
+    
+    Returns:
+        The configured JWKS URL.
+        
+    Raises:
+        ImproperlyConfigured: If jwt_jwks_url is not configured.
+    """
+    if not oxi_settings.jwt_jwks_url:
+        raise ImproperlyConfigured(
+            "JWT JWKS URL is not configured. Set OXI_JWT_JWKS_URL environment variable."
+        )
+    return oxi_settings.jwt_jwks_url
+
+
+def fetch_jwks(force_refresh: bool = False) -> Dict[str, Any]:
+    """
+    Fetch JWKS from the authentication server with caching.
+    
+    Args:
+        force_refresh: Force refresh the cache even if not expired.
+        
+    Returns:
+        Dict containing the JWKS.
+        
+    Raises:
+        ImproperlyConfigured: If JWKS cannot be fetched.
+    """
+    global _jwks_cache, _jwks_cache_time
+    
+    now = datetime.now()
+    
+    # Return cached JWKS if valid
+    if not force_refresh and _jwks_cache is not None and _jwks_cache_time is not None:
+        if now - _jwks_cache_time < _jwks_cache_ttl:
+            return _jwks_cache
+    
+    # Fetch fresh JWKS
+    jwks_url = get_jwks_url()
+    try:
+        response = requests.get(jwks_url, timeout=10)
+        response.raise_for_status()
+        _jwks_cache = response.json()
+        _jwks_cache_time = now
+        return _jwks_cache
+    except requests.RequestException as e:
+        raise ImproperlyConfigured(
+            f"Failed to fetch JWKS from {jwks_url}: {str(e)}"
+        )
+
+
+def get_key(kid: str):
+    """
+    Get the public key for a given Key ID (kid).
+    
+    Args:
+        kid: The Key ID from the JWT header.
+        
+    Returns:
+        RSA public key for verification.
+        
+    Raises:
+        ValueError: If the kid is not found in JWKS.
+    """
+    jwks = fetch_jwks()
+    
+    for key in jwks.get("keys", []):
+        if key.get("kid") == kid:
+            return jwt.algorithms.RSAAlgorithm.from_jwk(key)
+    
+    raise ValueError(f"Unknown Key ID (kid): {kid}")
+
+
+def verify_token(token: str) -> Dict[str, Any]:
+    """
+    Verify and decode a JWT token.
+    
+    Args:
+        token: The JWT token string to verify.
+        
+    Returns:
+        Dict containing the decoded token payload.
+        
+    Raises:
+        jwt.InvalidTokenError: If token is invalid or expired.
+        ValueError: If kid is not found.
+    """
+    try:
+        headers = jwt.get_unverified_header(token)
+        kid = headers.get("kid")
+        
+        if not kid:
+            raise ValueError("Token header missing 'kid' field")
+        
+        key = get_key(kid)
+        return jwt.decode(token, key=key, algorithms=JWT_ALGORITHM)
+    except jwt.InvalidTokenError:
+        raise
+    except Exception as e:
+        raise jwt.InvalidTokenError(f"Token verification failed: {str(e)}")
+
+
+def clear_jwks_cache() -> None:
+    """Clear the cached JWKS. Useful for testing or key rotation."""
+    global _jwks_cache, _jwks_cache_time
+    _jwks_cache = None
+    _jwks_cache_time = None

oxutils/jwt/constants.py

@@ -0,0 +1 @@
+JWT_ALGORITHM = ["RS256"]