oxutils 0.1.5__tar.gz → 0.1.11__tar.gz

{oxutils-0.1.5 → oxutils-0.1.11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oxutils
-Version: 0.1.5
+Version: 0.1.11
 Summary: Production-ready utilities for Django applications in the Oxiliere ecosystem
 Keywords: django,utilities,jwt,s3,audit,logging,celery,structlog
 Author: Edimedia Mutoke
@@ -30,12 +30,31 @@ Requires-Dist: jwcrypto>=1.5.6
 Requires-Dist: pydantic-settings>=2.12.0
 Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: requests>=2.32.5
+Requires-Dist: bcc-rates>=1.1.0 ; extra == 'all'
+Requires-Dist: django-cacheops>=7.2 ; extra == 'all'
+Requires-Dist: django-tenants>=3.9.0 ; extra == 'all'
+Requires-Dist: django-safedelete>=1.4.1 ; extra == 'all'
+Requires-Dist: django-auditlog>=3.4.1 ; extra == 'all'
+Requires-Dist: django-ninja-jwt>=5.4.2 ; extra == 'all'
+Requires-Dist: weasyprint>=67.0 ; extra == 'all'
+Requires-Dist: bcc-rates>=1.1.0 ; extra == 'currency'
+Requires-Dist: django-ninja-jwt>=5.4.2 ; extra == 'jwt'
+Requires-Dist: django-cacheops>=7.2 ; extra == 'oxiliere'
+Requires-Dist: django-tenants>=3.9.0 ; extra == 'oxiliere'
+Requires-Dist: django-safedelete>=1.4.1 ; extra == 'oxiliere'
+Requires-Dist: django-auditlog>=3.4.1 ; extra == 'oxiliere'
+Requires-Dist: weasyprint>=67.0 ; extra == 'pdf'
 Requires-Python: >=3.12
 Project-URL: Changelog, https://github.com/oxiliere/oxutils/blob/main/CHANGELOG.md
 Project-URL: Documentation, https://github.com/oxiliere/oxutils/tree/main/docs
 Project-URL: Homepage, https://github.com/oxiliere/oxutils
 Project-URL: Issues, https://github.com/oxiliere/oxutils/issues
 Project-URL: Repository, https://github.com/oxiliere/oxutils
+Provides-Extra: all
+Provides-Extra: currency
+Provides-Extra: jwt
+Provides-Extra: oxiliere
+Provides-Extra: pdf
 Description-Content-Type: text/markdown
 
 # OxUtils

{oxutils-0.1.5 → oxutils-0.1.11}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "oxutils"
-version = "0.1.5"
+version = "0.1.11"
 description = "Production-ready utilities for Django applications in the Oxiliere ecosystem"
 readme = "README.md"
 license = "Apache-2.0"
@@ -57,10 +57,36 @@ members = [
 [tool.uv.sources]
 oxutils = { workspace = true }
 
-[dependency-groups]
+[project.optional-dependencies]
 currency = [
     "bcc-rates>=1.1.0",
 ]
+
+oxiliere = [
+    "django-cacheops>=7.2",
+    "django-tenants>=3.9.0",
+    "django-safedelete>=1.4.1",
+    "django-auditlog>=3.4.1",
+]
+pdf = [
+    "weasyprint>=67.0",
+]
+
+jwt = [
+    "django-ninja-jwt>=5.4.2",
+]
+
+all = [
+    "bcc-rates>=1.1.0",
+    "django-cacheops>=7.2",
+    "django-tenants>=3.9.0",
+    "django-safedelete>=1.4.1",
+    "django-auditlog>=3.4.1",
+    "django-ninja-jwt>=5.4.2",
+    "weasyprint>=67.0",
+]
+
+[dependency-groups]
 dev = [
     "pytest>=8.0.0",
     "pytest-django>=4.8.0",
@@ -69,14 +95,9 @@ dev = [
     "coverage>=7.4.0",
     "pillow>=12.0.0",
     "ruff>=0.8.0",
+    "psycopg[binary]>=3.3.2",
 ]
-oxiliere = [
-    "django-cacheops>=7.2",
-    "django-tenants>=3.9.0",
-]
-pdf = [
-    "weasyprint>=67.0",
-]
+
 
 [tool.ruff]
 line-length = 100

{oxutils-0.1.5 → oxutils-0.1.11}/src/oxutils/__init__.py

@@ -8,9 +8,10 @@ This package provides:
 - Celery integration
 - Django model mixins
 - Custom exceptions
+- Permission management
 """
 
-__version__ = "0.1.5"
+__version__ = "0.1.10"
 
 from oxutils.settings import oxi_settings
 from oxutils.conf import UTILS_APPS, AUDIT_MIDDLEWARE

oxutils-0.1.11/src/oxutils/constants.py

@@ -0,0 +1,8 @@
+ORGANIZATION_QUERY_KEY = 'organization_id'
+ORGANIZATION_HEADER_KEY = 'X-Organization-ID'
+ORGANIZATION_TOKEN_COOKIE_KEY = 'organization_token'
+OXILIERE_SERVICE_TOKEN = 'X-Oxiliere-Token'
+
+REFRESH_TOKEN_COOKIE = 'refresh_token'
+ACCESS_TOKEN_COOKIE = 'access_token'
+

oxutils-0.1.11/src/oxutils/jwt/auth.py

@@ -0,0 +1,204 @@
+import os
+from typing import Dict, Any, Optional, Type, Tuple, List
+from django.utils.translation import gettext_lazy as _
+from django.http import HttpRequest
+from django.contrib.auth.models import AbstractUser
+from django.contrib.auth import (
+    authenticate as django_authenticate,
+    login as django_login,
+    get_user_model
+)
+from jwcrypto import jwk
+from django.core.exceptions import ImproperlyConfigured
+
+from ninja.security.base import AuthBase
+from ninja_jwt.authentication import (
+    JWTBaseAuthentication,
+    JWTStatelessUserAuthentication
+)
+from ninja.security import (
+    APIKeyCookie,
+    HttpBasicAuth,
+)
+from ninja_jwt.exceptions import InvalidToken
+from ninja_jwt.settings import api_settings
+from oxutils.constants import ACCESS_TOKEN_COOKIE
+from oxutils.settings import oxi_settings
+
+
+
+
+_public_jwk_cache: Optional[jwk.JWK] = None
+
+
+
+def get_jwks() -> Dict[str, Any]:
+    """
+    Get JSON Web Key Set (JWKS) for JWT verification.
+    
+    Returns:
+        Dict containing the public JWK in JWKS format.
+        
+    Raises:
+        ImproperlyConfigured: If jwt_verifying_key is not configured or file doesn't exist.
+    """
+    global _public_jwk_cache
+    
+    if oxi_settings.jwt_verifying_key is None:
+        raise ImproperlyConfigured(
+            "JWT verifying key is not configured. Set OXI_JWT_VERIFYING_KEY environment variable."
+        )
+    
+    key_path = oxi_settings.jwt_verifying_key
+    
+    if not os.path.exists(key_path):
+        raise ImproperlyConfigured(
+            f"JWT verifying key file not found at: {key_path}"
+        )
+    
+    if _public_jwk_cache is None:
+        try:
+            with open(key_path, 'r') as f:
+                key_data = f.read()
+            
+            _public_jwk_cache = jwk.JWK.from_pem(key_data.encode('utf-8'))
+            _public_jwk_cache.update(kid='main')
+        except Exception as e:
+            raise ImproperlyConfigured(
+                f"Failed to load JWT verifying key from {key_path}: {str(e)}"
+            )
+    
+    return {"keys": [_public_jwk_cache.export(as_dict=True)]}
+
+
+def clear_jwk_cache() -> None:
+    """Clear the cached JWK. Useful for testing or key rotation."""
+    global _public_jwk_cache
+    _public_jwk_cache = None
+
+
+class AuthMixin:
+    def jwt_authenticate(self, request: HttpRequest, token: str) -> AbstractUser:
+        """
+        Add token_user to the request object, witch will be erased by the jwt_allauth.utils.popolate_user
+        function.
+        """
+        token_user = super().jwt_authenticate(request, token)
+        request.token_user = token_user
+        return token_user
+
+
+class JWTAuth(AuthMixin, JWTStatelessUserAuthentication):
+    pass
+
+
+class JWTCookieAuth(AuthMixin, JWTBaseAuthentication, APIKeyCookie):
+    """
+    An authentication plugin that authenticates requests through a JSON web
+    token provided in a request header without performing a database lookup to obtain a user instance.
+    """
+
+    param_name = ACCESS_TOKEN_COOKIE
+
+    def authenticate(self, request: HttpRequest, token: str) -> Any:
+        return self.jwt_authenticate(request, token)
+
+    def get_user(self, validated_token: Any) -> Type[AbstractUser]:
+        """
+        Returns a stateless user object which is backed by the given validated
+        token.
+        """
+        if api_settings.USER_ID_CLAIM not in validated_token:
+            # The TokenUser class assumes tokens will have a recognizable user
+            # identifier claim.
+            raise InvalidToken(_("Token contained no recognizable user identification"))
+
+        return api_settings.TOKEN_USER_CLASS(validated_token)
+
+
+def authenticate_by_x_session_token(token: str) -> Optional[Tuple]:
+    """
+    Copied from allauth.headless.internal.sessionkit, to "select_related"
+    """
+    from allauth.headless import app_settings
+
+
+    session = app_settings.TOKEN_STRATEGY.lookup_session(token)
+    if not session:
+        return None
+    user_id_str = session.get(SESSION_KEY)
+    if user_id_str:
+        meta_pk = get_user_model()._meta.pk
+        if meta_pk:
+            user_id = meta_pk.to_python(user_id_str)
+            user = get_user_model().objects.filter(pk=user_id).first()
+            if user and user.is_active:
+                return (user, session)
+    return None
+
+
+class XSessionTokenAuth(AuthBase):
+    """
+    This security class uses the X-Session-Token that django-allauth
+    is using for authentication purposes.
+    """
+
+    openapi_type: str = "apiKey"
+
+    def __call__(self, request: HttpRequest):
+        token = self.get_session_token(request)
+        if token:
+            user_session = authenticate_by_x_session_token(token)
+            if user_session:
+                return user_session[0]
+        return None
+
+    def get_session_token(self, request: HttpRequest) -> Optional[str]:
+        """
+        Returns the session token for the given request, by looking up the
+        ``X-Session-Token`` header. Override this if you want to extract the token
+        from e.g. the ``Authorization`` header.
+        """
+        if request.session.session_key:
+            return request.session.session_key
+        
+        return request.headers.get("X-Session-Token")
+
+
+class BasicAuth(HttpBasicAuth):
+    def authenticate(self, request: HttpRequest, username: str, password: str) -> Optional[Any]:
+        user = django_authenticate(email=username, password=password)
+        if user and user.is_active:
+            django_login(request, user)
+            return user
+        return None
+
+
+class BasicNoPasswordAuth(HttpBasicAuth):
+    def authenticate(self, request: HttpRequest, username: str, password: str) -> Optional[Any]:
+        try:
+            user = get_user_model().objects.get(email=username)
+            if user and user.is_active:
+                django_login(request, user)
+                return user
+            return None
+        except Exception as e:
+            return None
+
+x_session_token_auth = XSessionTokenAuth()
+basic_auth = BasicAuth()
+basic_no_password_auth = BasicNoPasswordAuth()
+jwt_auth = JWTAuth()
+jwt_cookie_auth = JWTCookieAuth()
+
+
+
+
+def get_auth_handlers(auths: List[AuthBase] = []) -> List[AuthBase]:
+    """Auth handler switcher based on settings.DEBUG"""
+    from django.conf import settings
+
+    if settings.DEBUG:
+        return auths
+
+    return [jwt_auth, jwt_cookie_auth]

oxutils-0.1.11/src/oxutils/jwt/models.py

@@ -0,0 +1,81 @@
+from uuid import UUID
+from django.utils.functional import cached_property
+from ninja_jwt.models import TokenUser as DefaultTonkenUser
+from ninja_jwt.settings import api_settings
+
+import structlog
+from .tokens import OrganizationAccessToken
+
+
+
+logger = structlog.get_logger(__name__)
+
+
+class TokenTenant:
+
+    def __init__(
+        self,
+        schema_name: str,
+        tenant_id: int,
+        oxi_id: str,
+        subscription_plan: str,
+        subscription_status: str,
+        status: str,
+        ):
+        self.schema_name = schema_name
+        self.id = tenant_id
+        self.oxi_id = oxi_id
+        self.subscription_plan = subscription_plan
+        self.subscription_status = subscription_status
+        self.status = status
+
+    def __str__(self):
+        return f"{self.schema_name} - {self.oxi_id}"
+
+    @property
+    def pk(self):
+        return self.id
+
+    @property
+    def is_active(self):
+        return self.status == 'active'
+
+    @property
+    def is_deleted(self):
+        return self.status == 'deleted'
+
+    @classmethod
+    def for_token(cls, token):
+        try:
+            token_obj = OrganizationAccessToken(token=token)
+            tenant = cls(
+                schema_name=token_obj['schema_name'],
+                tenant_id=token_obj['tenant_id'],
+                oxi_id=token_obj['oxi_id'],
+                subscription_plan=token_obj['subscription_plan'],
+                subscription_status=token_obj['subscription_status'],
+                status=token_obj['status'],
+            )
+            return tenant
+        except Exception:
+            logger.exception('Failed to create TokenTenant from token', token=token)
+            return None
+
+
+class TokenUser(DefaultTonkenUser):
+    @cached_property
+    def id(self):
+        return UUID(self.token[api_settings.USER_ID_CLAIM])
+
+    @property
+    def oxi_id(self):
+        # for compatibility with the User model
+        return self.id
+
+    @cached_property
+    def token_created_at(self):
+        return self.token.get('cat', None)
+
+    @cached_property
+    def token_session(self):
+        return self.token.get('session', None)

oxutils-0.1.11/src/oxutils/jwt/tokens.py

@@ -0,0 +1,69 @@
+from django.conf import settings
+from ninja_jwt.tokens import Token, AccessToken
+from ninja_jwt.backends import TokenBackend
+from ninja_jwt.settings import api_settings
+from datetime import timedelta
+from oxutils.settings import oxi_settings
+
+
+
+
+__all__ = [
+    'AccessToken',
+    'OrganizationAccessToken',
+]
+
+
+
+token_backend = TokenBackend(
+    algorithm='HS256',
+    signing_key=settings.SECRET_KEY,
+    verifying_key="",
+    audience=None,
+    issuer=None,
+    jwk_url=None,
+    leeway=api_settings.LEEWAY,
+    json_encoder=api_settings.JSON_ENCODER,
+)
+
+
+
+class OxilierServiceToken(Token):
+    token_type = oxi_settings.jwt_service_token_key
+    lifetime = timedelta(minutes=oxi_settings.jwt_service_token_lifetime)
+
+
+    @classmethod
+    def for_service(cls, payload: dict = {}) -> Token:
+        token = cls()
+
+        for key, value in payload.items():
+            token[key] = value
+
+        return token
+
+
+class OrganizationAccessToken(Token):
+    token_type = oxi_settings.jwt_org_access_token_key
+    lifetime = timedelta(minutes=oxi_settings.jwt_org_access_token_lifetime)
+
+    @classmethod
+    def for_tenant(cls, tenant) -> Token:
+        token = cls()
+        token.payload['tenant_id'] = str(tenant.id)
+        token.payload['oxi_id'] = str(tenant.oxi_id)
+        token.payload['schema_name'] = str(tenant.schema_name)
+        token.payload['subscription_plan'] = str(tenant.subscription_plan)
+        token.payload['subscription_status'] = str(tenant.subscription_status)
+        token.payload['subscription_end_date'] = str(tenant.subscription_end_date)
+        token.payload['status'] = str(tenant.status)
+
+        return token
+
+    @property
+    def token_backend(self):
+        return token_backend
+
+    def get_token_backend(self):
+        # Backward compatibility.
+        return self.token_backend

oxutils-0.1.11/src/oxutils/jwt/utils.py

@@ -0,0 +1,45 @@
+from functools import wraps
+import structlog
+from django.contrib.auth import get_user_model
+from django.http import HttpRequest
+
+from ninja_jwt.exceptions import InvalidToken
+
+
+
+logger = structlog.getLogger("django")
+User = get_user_model()
+
+
+def load_user(f):
+    """
+    Decorator that loads the complete user object from the database for stateless JWT authentication.
+    This is necessary because JWT tokens only contain the user ID, and the full user object
+    might be needed in the view methods.
+
+    Usage:
+
+    .. code-block:: python
+
+        @load_user
+        def my_view_method(self, *args, **kwargs):
+            # self.request.user will be the complete user object
+            pass
+    """
+    @wraps(f)
+    def wrapper(self, *args, **kwargs):
+        populate_user(self.context.request)
+        res = f(self, *args, **kwargs)
+        return res
+    return wrapper
+
+
+def populate_user(request: HttpRequest):
+    if isinstance(request.user, User):
+        return
+
+    try:
+        request.user = User.objects.get(oxi_id=request.user.id)
+    except User.DoesNotExist as exc:
+        logger.exception('user_not_found', oxi_id=request.user.id, message=str(exc))
+        raise InvalidToken()

oxutils-0.1.11/src/oxutils/logger/receivers.py

@@ -0,0 +1,20 @@
+from django.contrib.sites.shortcuts import RequestSite
+from django.dispatch import receiver
+import structlog
+from django_structlog import signals
+from oxutils.settings import oxi_settings
+from oxutils.oxiliere.context import get_current_tenant_schema_name
+
+
+@receiver(signals.bind_extra_request_metadata)
+def bind_domain(request, logger, **kwargs):
+    current_site = RequestSite(request)
+    ctx = {
+        'domain': current_site.domain,
+        'user_id': str(request.user.pk),
+        'service': oxi_settings.service_name
+    }
+    if oxi_settings.multitenancy:
+        ctx['tenant'] = get_current_tenant_schema_name()
+
+    structlog.contextvars.bind_contextvars(**ctx)

{oxutils-0.1.5 → oxutils-0.1.11}/src/oxutils/logger/settings.py

@@ -1,5 +1,5 @@
 import structlog
-
+from oxutils.settings import oxi_settings
 
 
 
@@ -29,7 +29,7 @@ LOGGING = {
         },
         "json_file": {
             "class": "logging.handlers.WatchedFileHandler",
-            "filename": "logs/json.log",
+            "filename": oxi_settings.log_file_path,
             "formatter": "json_formatter",
         },
     },