PyPI - oxutils - Versions diffs - 0.1.6__py3-none-any.whl → 0.1.8__py3-none-any.whl - Mend

oxutils 0.1.6py3-none-any.whl → 0.1.8py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

oxutils/__init__.py +1 -1
oxutils/constants.py +2 -0
oxutils/jwt/models.py +68 -0
oxutils/jwt/tokens.py +69 -0
oxutils/jwt/utils.py +45 -0
oxutils/logger/settings.py +2 -2
oxutils/oxiliere/apps.py +4 -1
oxutils/oxiliere/caches.py +8 -5
oxutils/oxiliere/middleware.py +45 -7
oxutils/oxiliere/models.py +35 -9
oxutils/oxiliere/permissions.py +22 -30
oxutils/oxiliere/schemas.py +3 -2
oxutils/oxiliere/utils.py +22 -1
oxutils/settings.py +9 -2
oxutils/users/apps.py +1 -1
oxutils/users/migrations/0001_initial.py +47 -0
oxutils/utils.py +25 -0
{oxutils-0.1.6.dist-info → oxutils-0.1.8.dist-info}/METADATA +13 -1
{oxutils-0.1.6.dist-info → oxutils-0.1.8.dist-info}/RECORD +20 -17
oxutils/jwt/client.py +0 -123
oxutils/jwt/constants.py +0 -1
{oxutils-0.1.6.dist-info → oxutils-0.1.8.dist-info}/WHEEL +0 -0

oxutils/__init__.py CHANGED Viewed

@@ -10,7 +10,7 @@ This package provides:
 - Custom exceptions
 """
-__version__ = "0.1.6"
+__version__ = "0.1.8"
 from oxutils.settings import oxi_settings
 from oxutils.conf import UTILS_APPS, AUDIT_MIDDLEWARE

oxutils/constants.py CHANGED Viewed

@@ -1,2 +1,4 @@
 ORGANIZATION_QUERY_KEY = 'organization_id'
 ORGANIZATION_HEADER_KEY = 'X-Organization-ID'
+ORGANIZATION_TOKEN_COOKIE_KEY = 'organization_token'
+OXILIERE_SERVICE_TOKEN = 'X-Oxiliere-Token'

oxutils/jwt/models.py ADDED Viewed

@@ -0,0 +1,68 @@
+from uuid import UUID
+from django.utils.functional import cached_property
+from ninja_jwt.models import TokenUser as DefaultTonkenUser
+from ninja_jwt.settings import api_settings
+import structlog
+from .tokens import OrganizationAccessToken
+logger = structlog.get_logger(__name__)
+class TokenTenant:
+    def __init__(
+        self,
+        schema_name: str,
+        tenant_id: int,
+        oxi_id: str,
+        subscription_plan: str,
+        subscription_status: str,
+        status: str,
+        ):
+        self.schema_name = schema_name
+        self.id = tenant_id
+        self.oxi_id = oxi_id
+        self.subscription_plan = subscription_plan
+        self.subscription_status = subscription_status
+        self.status = status
+    def __str__(self):
+        return f"{self.schema_name} - {self.oxi_id}"
+    @property
+    def pk(self):
+        return self.id
+    @classmethod
+    def for_token(cls, token):
+        try:
+            token_obj = OrganizationAccessToken(token=token)
+            tenant = cls(
+                schema_name=token_obj['schema_name'],
+                tenant_id=token_obj['tenant_id'],
+                oxi_id=token_obj['oxi_id'],
+                subscription_plan=token_obj['subscription_plan'],
+                subscription_status=token_obj['subscription_status'],
+                status=token_obj['status'],
+            )
+            return tenant
+        except Exception:
+            logger.exception('Failed to create TokenTenant from token', token=token)
+            return None
+class TokenUser(DefaultTonkenUser):
+    @cached_property
+    def id(self):
+        return UUID(self.token[api_settings.USER_ID_CLAIM])
+    @cached_property
+    def token_created_at(self):
+        return self.token.get('cat', None)
+    @cached_property
+    def token_session(self):
+        return self.token.get('session', None)

oxutils/jwt/tokens.py ADDED Viewed

@@ -0,0 +1,69 @@
+from django.conf import settings
+from ninja_jwt.tokens import Token, AccessToken
+from ninja_jwt.backends import TokenBackend
+from ninja_jwt.settings import api_settings
+from datetime import timedelta
+from oxutils.settings import oxi_settings
+__all__ = [
+    'AccessToken',
+    'OrganizationAccessToken',
+]
+token_backend = TokenBackend(
+    algorithm='HS256',
+    signing_key=settings.SECRET_KEY,
+    verifying_key="",
+    audience=None,
+    issuer=None,
+    jwk_url=None,
+    leeway=api_settings.LEEWAY,
+    json_encoder=api_settings.JSON_ENCODER,
+)
+class OxilierServiceToken(Token):
+    token_type = oxi_settings.jwt_service_token_key
+    lifetime = timedelta(minutes=oxi_settings.jwt_service_token_lifetime)
+    @classmethod
+    def for_service(cls, payload: dict = {}) -> Token:
+        token = cls()
+        for key, value in payload.items():
+            token[key] = value
+        return token
+class OrganizationAccessToken(Token):
+    token_type = oxi_settings.jwt_org_access_token_key
+    lifetime = timedelta(minutes=oxi_settings.jwt_org_access_token_lifetime)
+    @classmethod
+    def for_tenant(cls, tenant) -> Token:
+        token = cls()
+        token.payload['tenant_id'] = str(tenant.id)
+        token.payload['oxi_id'] = str(tenant.oxi_id)
+        token.payload['schema_name'] = str(tenant.schema_name)
+        token.payload['subscription_plan'] = str(tenant.subscription_plan)
+        token.payload['subscription_status'] = str(tenant.subscription_status)
+        token.payload['subscription_end_date'] = str(tenant.subscription_end_date)
+        token.payload['status'] = str(tenant.status)
+        return token
+    @property
+    def token_backend(self):
+        return token_backend
+    def get_token_backend(self):
+        # Backward compatibility.
+        return self.token_backend

oxutils/jwt/utils.py ADDED Viewed

@@ -0,0 +1,45 @@
+from functools import wraps
+import structlog
+from django.contrib.auth import get_user_model
+from django.http import HttpRequest
+from ninja_jwt.exceptions import InvalidToken
+logger = structlog.getLogger("django")
+User = get_user_model()
+def load_user(f):
+    """
+    Decorator that loads the complete user object from the database for stateless JWT authentication.
+    This is necessary because JWT tokens only contain the user ID, and the full user object
+    might be needed in the view methods.
+    Usage:
+    .. code-block:: python
+        @load_user
+        def my_view_method(self, *args, **kwargs):
+            # self.request.user will be the complete user object
+            pass
+    """
+    @wraps(f)
+    def wrapper(self, *args, **kwargs):
+        populate_user(self.context.request)
+        res = f(self, *args, **kwargs)
+        return res
+    return wrapper
+def populate_user(request: HttpRequest):
+    if isinstance(request.user, User):
+        return
+    try:
+        request.user = User.objects.get(oxi_id=request.user.id)
+    except User.DoesNotExist as exc:
+        logger.exception('user_not_found', oxi_id=request.user.id, message=str(exc))
+        raise InvalidToken()

oxutils/logger/settings.py CHANGED Viewed

@@ -1,5 +1,5 @@
 import structlog
+from oxutils.settings import oxi_settings
@@ -29,7 +29,7 @@ LOGGING = {
         },
         "json_file": {
             "class": "logging.handlers.WatchedFileHandler",
-            "filename": "logs/json.log",
+            "filename": oxi_settings.log_file_path,
             "formatter": "json_formatter",
         },
     },

oxutils/oxiliere/apps.py CHANGED Viewed

@@ -3,4 +3,7 @@ from django.apps import AppConfig
 class OxiliereConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
-    name = 'oxiliere'
+    name = 'oxutils.oxiliere'
+    def ready(self):
+        import oxutils.oxiliere.caches

oxutils/oxiliere/caches.py CHANGED Viewed

@@ -1,9 +1,12 @@
+from django.conf import settings
 from cacheops import cached_as, cached
-from oxutils.oxiliere.models import Tenant, TenantUser
-from django_tenants.utils import get_tenant_model
+from oxutils.oxiliere.utils import get_tenant_model, get_tenant_user_model
 TenantModel = get_tenant_model()
+TenantUserModel = get_tenant_user_model()
 @cached_as(TenantModel, timeout=60*15)
@@ -12,13 +15,13 @@ def get_tenant_by_oxi_id(oxi_id: str):
 @cached_as(TenantModel, timeout=60*15)
-def get_tenant_by_schema_name(schema_name: str) -> Tenant:
+def get_tenant_by_schema_name(schema_name: str):
     return TenantModel.objects.get(schema_name=schema_name)
-@cached_as(TenantUser, timeout=60*15)
+@cached_as(TenantUserModel, timeout=60*15)
 def get_tenant_user(oxi_org_id: str, oxi_user_id: str):
-    return TenantUser.objects.get(
+    return TenantUserModel.objects.get(
         tenant__oxi_id=oxi_org_id,
         user__oxi_id=oxi_user_id
     )

oxutils/oxiliere/middleware.py CHANGED Viewed

@@ -9,7 +9,14 @@ from django_tenants.utils import (
     get_public_schema_name,
     get_public_schema_urlconf
 )
-from oxutils.constants import ORGANIZATION_HEADER_KEY
+from oxutils.settings import oxi_settings
+from oxutils.constants import (
+    ORGANIZATION_HEADER_KEY,
+    ORGANIZATION_TOKEN_COOKIE_KEY
+)
+from oxutils.jwt.models import TokenTenant
+from oxutils.jwt.tokens import OrganizationAccessToken
 class TenantMainMiddleware(MiddlewareMixin):
     TENANT_NOT_FOUND_EXCEPTION = Http404
@@ -42,17 +49,48 @@ class TenantMainMiddleware(MiddlewareMixin):
             from django.http import HttpResponseBadRequest
             return HttpResponseBadRequest('Missing X-Organization-ID header')
-        tenant_model = connection.tenant_model
-        try:
-            tenant = self.get_tenant(tenant_model, oxi_id)
-        except tenant_model.DoesNotExist:
-            default_tenant = self.no_tenant_found(request, oxi_id)
-            return default_tenant
+        # Try to get tenant from cookie token first
+        tenant_token = request.COOKIES.get(ORGANIZATION_TOKEN_COOKIE_KEY)
+        tenant = None
+        request._should_set_tenant_cookie = False
+        if tenant_token:
+            tenant = TokenTenant.for_token(tenant_token)
+            # Verify the token's oxi_id matches the request
+            if tenant and tenant.oxi_id != oxi_id:
+                tenant = None
+        # If no valid token, fetch from database
+        if not tenant:
+            tenant_model = connection.tenant_model
+            try:
+                tenant = self.get_tenant(tenant_model, oxi_id)
+                # Mark that we need to set the cookie in the response
+                request._should_set_tenant_cookie = True
+            except tenant_model.DoesNotExist:
+                default_tenant = self.no_tenant_found(request, oxi_id)
+                return default_tenant
         request.tenant = tenant
         connection.set_tenant(request.tenant)
         self.setup_url_routing(request)
+    def process_response(self, request, response):
+        """Set the tenant token cookie if needed."""
+        if hasattr(request, '_should_set_tenant_cookie') and request._should_set_tenant_cookie:
+            if hasattr(request, 'tenant') and not isinstance(request.tenant, TokenTenant):
+                # Generate token from DB tenant
+                token = OrganizationAccessToken.for_tenant(request.tenant)
+                response.set_cookie(
+                    key=ORGANIZATION_TOKEN_COOKIE_KEY,
+                    value=str(token),
+                    max_age=60 * oxi_settings.jwt_org_access_token_lifetime,
+                    httponly=True,
+                    secure=getattr(settings, 'SESSION_COOKIE_SECURE', False),
+                    samesite='Lax',
+                )
+        return response
     def no_tenant_found(self, request, oxi_id):
         """ What should happen if no tenant is found.
         This makes it easier if you want to override the default behavior """

oxutils/oxiliere/models.py CHANGED Viewed

@@ -1,18 +1,25 @@
 from django.db import models
 from django.conf import settings
-from django_tenants.models import TenantMixin, DomainMixin
+from django.utils.translation import gettext_lazy as _
+from django_tenants.models import TenantMixin
 from oxutils.models import (
     TimestampMixin,
     BaseModelMixin,
+    UUIDPrimaryKeyMixin,
 )
 from oxutils.oxiliere.enums import TenantStatus
-class Tenant(TenantMixin, TimestampMixin):
+tenant_model = getattr(settings, 'TENANT_MODEL', 'oxiliere.Tenant')
+tenant_user_model = getattr(settings, 'TENANT_USER_MODEL', 'oxiliere.TenantUser')
+class BaseTenant(TenantMixin, UUIDPrimaryKeyMixin, TimestampMixin):
     name = models.CharField(max_length=100)
-    oxi_id = models.UUIDField(unique=True)
+    oxi_id = models.CharField(unique=True)
     subscription_plan = models.CharField(max_length=255, null=True, blank=True)
     subscription_status = models.CharField(max_length=255, null=True, blank=True)
     subscription_end_date = models.DateTimeField(null=True, blank=True)
@@ -25,15 +32,18 @@ class Tenant(TenantMixin, TimestampMixin):
     # default true, schema will be automatically created and synced when it is saved
     auto_create_schema = True
-class Domain(DomainMixin):
-    pass
+    class Meta:
+        abstract = True
+        verbose_name = _('Tenant')
+        verbose_name_plural = _('Tenants')
+        indexes = [
+            models.Index(fields=['oxi_id'])
+        ]
-class TenantUser(BaseModelMixin):
+class BaseTenantUser(BaseModelMixin):
     tenant = models.ForeignKey(
-        settings.TENANT_MODEL, on_delete=models.CASCADE
+        tenant_model, on_delete=models.CASCADE
     )
     user = models.ForeignKey(
         settings.AUTH_USER_MODEL, on_delete=models.CASCADE
@@ -47,9 +57,25 @@ class TenantUser(BaseModelMixin):
     )
     class Meta:
+        abstract = True
+        verbose_name = 'Tenant User'
+        verbose_name_plural = 'Tenant Users'
         constraints = [
             models.UniqueConstraint(
                 fields=['tenant', 'user'],
                 name='unique_tenant_user'
             )
         ]
+        indexes = [
+            models.Index(fields=['tenant', 'user'])
+        ]
+class Tenant(BaseTenant):
+    class Meta(BaseTenant.Meta):
+        abstract = not tenant_model == 'oxiliere.Tenant'
+class TenantUser(BaseTenantUser):
+    class Meta(BaseTenantUser.Meta):
+        abstract = not tenant_user_model == 'oxiliere.TenantUser'

oxutils/oxiliere/permissions.py CHANGED Viewed

@@ -1,6 +1,7 @@
-from ninja.permissions import BasePermission
-from django.conf import settings
+from ninja_extra.permissions import BasePermission
 from oxutils.oxiliere.models import TenantUser
+from oxutils.constants import OXILIERE_SERVICE_TOKEN
+from oxutils.jwt.tokens import OxilierServiceToken
 class TenantPermission(BasePermission):
@@ -8,7 +9,7 @@ class TenantPermission(BasePermission):
     Vérifie que l'utilisateur a accès au tenant actuel.
     L'utilisateur doit être authentifié et avoir un lien avec le tenant.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
@@ -17,8 +18,8 @@ class TenantPermission(BasePermission):
         # Vérifier que l'utilisateur a accès à ce tenant
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk
         ).exists()
@@ -26,17 +27,16 @@ class TenantOwnerPermission(BasePermission):
     """
     Vérifie que l'utilisateur est propriétaire (owner) du tenant actuel.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
         if not hasattr(request, 'tenant'):
             return False
-        # Vérifier que l'utilisateur est owner du tenant
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user,
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk,
             is_owner=True
         ).exists()
@@ -45,22 +45,17 @@ class TenantAdminPermission(BasePermission):
     """
     Vérifie que l'utilisateur est admin ou owner du tenant actuel.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
         if not hasattr(request, 'tenant'):
             return False
-        # Vérifier que l'utilisateur est admin ou owner du tenant
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user,
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk,
             is_admin=True
-        ).exists() or TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user,
-            is_owner=True
         ).exists()
@@ -69,7 +64,7 @@ class TenantUserPermission(BasePermission):
     Vérifie que l'utilisateur est un membre du tenant actuel.
     Alias de TenantPermission pour plus de clarté sémantique.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
@@ -77,8 +72,8 @@ class TenantUserPermission(BasePermission):
             return False
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk
         ).exists()
@@ -87,18 +82,15 @@ class OxiliereServicePermission(BasePermission):
     Vérifie que la requête provient d'un service interne Oxiliere.
     Utilise un token de service ou une clé API spéciale.
     """
-    def has_permission(self, request, view):
-        # Vérifier le header de service
-        service_token = request.headers.get('X-Oxiliere-Service-Token')
+    def has_permission(self, request, **kwargs):
+        custom = 'HTTP_' + OXILIERE_SERVICE_TOKEN.upper().replace('-', '_')
+        service_token = request.headers.get(OXILIERE_SERVICE_TOKEN) or request.META.get(custom)
         if not service_token:
             return False
-        # Comparer avec le token configuré dans settings
-        expected_token = getattr(settings, 'OXILIERE_SERVICE_TOKEN', None)
-        if not expected_token:
+        try:
+            OxilierServiceToken(token=service_token)
+            return True
+        except Exception:
             return False
-        return service_token == expected_token

oxutils/oxiliere/schemas.py CHANGED Viewed

@@ -1,4 +1,5 @@
 from typing import Optional
+from uuid import UUID
 from ninja import Schema
 from django.db import transaction
 from django.contrib.auth import get_user_model
@@ -20,7 +21,7 @@ class TenantSchema(Schema):
 class TenantOwnerSchema(Schema):
-    oxi_id: str
+    oxi_id: UUID
     email: str
@@ -38,7 +39,7 @@ class CreateTenantSchema(Schema):
             logger.info("tenant_exists", oxi_id=self.tenant.oxi_id)
             raise ValueError("Tenant with oxi_id {} already exists".format(self.tenant.oxi_id))
-        user = UserModel.objects.get_or_create(
+        user, _ = UserModel.objects.get_or_create(
             oxi_id=self.owner.oxi_id,
             defaults={
                 'email': self.owner.email,

oxutils/oxiliere/utils.py CHANGED Viewed

@@ -1,4 +1,25 @@
-# utils.py
+from typing import Any
+from django.apps import apps
+from django.conf import settings
+def get_model(setting: str) -> Any:
+    try:
+        value = getattr(settings, setting)
+    except AttributeError:
+        raise ValueError(f"Model `{setting}` is not a valid Tenant model.")
+    return apps.get_model(value)
+def get_tenant_model() -> Any:
+    return get_model('TENANT_MODEL')
+def get_tenant_user_model() -> Any:
+    return get_model('TENANT_USER_MODEL')
 def oxid_to_schema_name(oxid: str) -> str:
     """

oxutils/settings.py CHANGED Viewed

@@ -28,14 +28,21 @@ class OxUtilsSettings(BaseSettings):
     jwt_signing_key: Optional[str] = None
     jwt_verifying_key: Optional[str] = None
     jwt_jwks_url: Optional[str] = None
-    jwt_access_token_key: str = Field('access_token')
-    jwt_org_access_token_key: str = Field('org_access_token')
+    jwt_access_token_key: str = Field('access')
+    jwt_org_access_token_key: str = Field('org_access')
+    jwt_service_token_key: str = Field('service')
+    jwt_algorithm: Optional[str] = Field('RS256')
+    jwt_access_token_lifetime: int = Field(15) # minutes
+    jwt_service_token_lifetime: int = Field(3) # minutes
+    jwt_org_access_token_lifetime: int = Field(60) # minutes
     # AuditLog
     log_access: bool = Field(False)
     retention_delay: int = Field(7)  # one week
+    # logger
+    log_file_path: Optional[str] = Field('logs/oxiliere.log')
     # Static S3
     use_static_s3: bool = Field(False)

oxutils/users/apps.py CHANGED Viewed

@@ -3,4 +3,4 @@ from django.apps import AppConfig
 class UsersConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
-    name = 'users'
+    name = 'oxutils.users'

oxutils/users/migrations/0001_initial.py ADDED Viewed

@@ -0,0 +1,47 @@
+# Generated by Django 5.2.9 on 2025-12-23 10:52
+import django.utils.timezone
+import uuid
+from django.db import migrations, models
+class Migration(migrations.Migration):
+    initial = True
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, help_text='Unique identifier for this record', primary_key=True, serialize=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='Date and time when this record was created')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='Date and time when this record was last updated')),
+                ('deleted', models.DateTimeField(db_index=True, editable=False, null=True)),
+                ('deleted_by_cascade', models.BooleanField(default=False, editable=False)),
+                ('oxi_id', models.UUIDField(unique=True)),
+                ('email', models.EmailField(max_length=254, unique=True)),
+                ('is_active', models.BooleanField(default=True)),
+                ('subscription_plan', models.CharField(blank=True, max_length=255, null=True)),
+                ('subscription_status', models.CharField(blank=True, max_length=255, null=True)),
+                ('subscription_end_date', models.DateTimeField(blank=True, null=True)),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'utilisateur',
+                'verbose_name_plural': 'utilisateurs',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['oxi_id'], name='users_user_oxi_id_389c72_idx'), models.Index(fields=['email'], name='users_user_email_6f2530_idx')],
+            },
+        ),
+    ]

oxutils/utils.py ADDED Viewed

@@ -0,0 +1,25 @@
+from django.http import HttpRequest
+def get_client_ip(request: HttpRequest) -> str:
+    """
+    Extract client IP address from request metadata.
+    Priority:
+        1. X-Forwarded-For header (first entry if multiple)
+        2. REMOTE_ADDR meta value
+    Args:
+        request (HttpRequest): Django request object
+    Returns:
+        str: Client IP address or None if not found
+    """
+    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(',')[0]
+    else:
+        ip = request.META.get('REMOTE_ADDR')
+    return ip

{oxutils-0.1.6.dist-info → oxutils-0.1.8.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oxutils
-Version: 0.1.6
+Version: 0.1.8
 Summary: Production-ready utilities for Django applications in the Oxiliere ecosystem
 Keywords: django,utilities,jwt,s3,audit,logging,celery,structlog
 Author: Edimedia Mutoke
@@ -30,9 +30,19 @@ Requires-Dist: jwcrypto>=1.5.6
 Requires-Dist: pydantic-settings>=2.12.0
 Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: requests>=2.32.5
+Requires-Dist: bcc-rates>=1.1.0 ; extra == 'all'
+Requires-Dist: django-cacheops>=7.2 ; extra == 'all'
+Requires-Dist: django-tenants>=3.9.0 ; extra == 'all'
+Requires-Dist: django-safedelete>=1.4.1 ; extra == 'all'
+Requires-Dist: django-auditlog>=3.4.1 ; extra == 'all'
+Requires-Dist: django-ninja-jwt>=5.4.2 ; extra == 'all'
+Requires-Dist: weasyprint>=67.0 ; extra == 'all'
 Requires-Dist: bcc-rates>=1.1.0 ; extra == 'currency'
+Requires-Dist: django-ninja-jwt>=5.4.2 ; extra == 'jwt'
 Requires-Dist: django-cacheops>=7.2 ; extra == 'oxiliere'
 Requires-Dist: django-tenants>=3.9.0 ; extra == 'oxiliere'
+Requires-Dist: django-safedelete>=1.4.1 ; extra == 'oxiliere'
+Requires-Dist: django-auditlog>=3.4.1 ; extra == 'oxiliere'
 Requires-Dist: weasyprint>=67.0 ; extra == 'pdf'
 Requires-Python: >=3.12
 Project-URL: Changelog, https://github.com/oxiliere/oxutils/blob/main/CHANGELOG.md
@@ -40,7 +50,9 @@ Project-URL: Documentation, https://github.com/oxiliere/oxutils/tree/main/docs
 Project-URL: Homepage, https://github.com/oxiliere/oxutils
 Project-URL: Issues, https://github.com/oxiliere/oxutils/issues
 Project-URL: Repository, https://github.com/oxiliere/oxutils
+Provides-Extra: all
 Provides-Extra: currency
+Provides-Extra: jwt
 Provides-Extra: oxiliere
 Provides-Extra: pdf
 Description-Content-Type: text/markdown

{oxutils-0.1.6.dist-info → oxutils-0.1.8.dist-info}/RECORD RENAMED Viewed

@@ -1,4 +1,4 @@
-oxutils/__init__.py,sha256=dR4pOinh8r-27oEc1KHgk1_rJ0MY6ieLFiQ0Y9gvIbQ,536
+oxutils/__init__.py,sha256=cSYDL8bZ0uhcOS2f6NLOnk7-6U19dsz0lLXtSpIG0_M,536
 oxutils/apps.py,sha256=8pO8eXUZeKYn8fPo0rkoytmHACwDNuTNhdRcpkPTxGM,347
 oxutils/audit/__init__.py,sha256=uonc00G73Xm7RwRHVWD-wBn8lJYNCq3iBgnRGMWAEWs,583
 oxutils/audit/apps.py,sha256=xvnmB5Z6nLV7ejzhSeQbesTkwRoFygoPFob8H5QTHgU,304
@@ -13,7 +13,7 @@ oxutils/celery/__init__.py,sha256=29jo4DfdvOoThX-jfL0ZiDjsy3-Z_fNhwHVJaLO5rsk,29
 oxutils/celery/base.py,sha256=qLlBU2XvT2zj8qszy8togqH7hM_wUYyWWA3JAQPPJx0,3378
 oxutils/celery/settings.py,sha256=njhHBErpcFczV2e23NCPX_Jxs015jr4dIig4Is_wbgE,33
 oxutils/conf.py,sha256=TR0RIVaLMHvG0gm3NgbKsoU25eJFBjItAhknFJdiOiQ,231
-oxutils/constants.py,sha256=CW-ho9Vasys-L2ZNJHFMovG5NzHNU6GPldE9vqyVcLM,89
+oxutils/constants.py,sha256=-sBwwte7rxVQ6whvYUaz-NgGUD56YVP3u-TnInugCvM,186
 oxutils/context/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/context/site_name_processor.py,sha256=1gc0Td_3HVlUn9ThhQBCQ8kfnRnI88bEflK9vEzTvEc,225
 oxutils/currency/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -34,12 +34,13 @@ oxutils/exceptions.py,sha256=CCjENOD0of6_noif2ajrpfbBLoG16DWa46iB9_uEe3M,3592
 oxutils/functions.py,sha256=4stHj94VebWX0s1XeWshubMD2v8w8QztTWppbkTE_Gg,3246
 oxutils/jwt/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/jwt/auth.py,sha256=rO-xWNfug9Ok6zA7EIPvVkpD8TBUdq05CdrnMrL-t9Q,1597
-oxutils/jwt/client.py,sha256=bskLpmSBrehi_snbo3Qbq1m99Kbfg2GP7jqfcXKHvys,3341
-oxutils/jwt/constants.py,sha256=MUahZjm8plTYpHjLOMQCuH0H18lkIwS45EtRm617wq8,26
+oxutils/jwt/models.py,sha256=xAoIeGw6tqo91g0bupgig6F6OE46CiglREyw7jM4wc0,1854
+oxutils/jwt/tokens.py,sha256=kWgtPl4XxV0xHkjbhd5QteQy8Wv5MsvyLcLVyO-gzuo,1822
+oxutils/jwt/utils.py,sha256=Wuy-PnCcUw6MpY6z1Isy2vOx-_u1o6LjUfRJgf_cqbY,1202
 oxutils/locale/fr/LC_MESSAGES/django.po,sha256=APXt_8R99seCWjJyS5ELOawvRLvUqqBT32O252BaG5s,7971
 oxutils/logger/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/logger/receivers.py,sha256=EBpkwMCHYacOJvuOPzUtM_8ttWWetz17kIwoudGiV34,488
-oxutils/logger/settings.py,sha256=aiKiJqNNkw1g5vQgjk3Zfh6UgY7jx-lbmcFgATiXrGI,1805
+oxutils/logger/settings.py,sha256=VILlpWtq9JYYSUtU-sulP8sCqTXWzn7Aae8GRAwSDms,1857
 oxutils/mixins/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/mixins/base.py,sha256=0cGY4mGKhL-hJTEBsbETYiaKMVuUgio5DISCv5iYtGI,589
 oxutils/mixins/schemas.py,sha256=DGW0GQBJc9K7hwOJLX-fEryi7KCoY1QaCLny8fjtQMI,319
@@ -50,22 +51,22 @@ oxutils/models/billing.py,sha256=aCDZcMx4CUyAwh3wgJGypAJl_fSEuWrL27-cSYv3gCs,332
 oxutils/models/invoice.py,sha256=nqphkhlBhssODm2H4dBYyb1cOmHS29fToER40UN0cXo,13216
 oxutils/oxiliere/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/oxiliere/admin.py,sha256=suMo4x8I3JBxAFBVIdE-5qnqZ6JAZV0FESABHOSc-vg,63
-oxutils/oxiliere/apps.py,sha256=DAb8O1Vt4XPTIlFg5NB6SISTYRHyW3TY55-l7TC08Lo,148
+oxutils/oxiliere/apps.py,sha256=BLS5slH_vuIZP89jh2EAoRteBRsh4IrpzgO80p8CLUk,217
 oxutils/oxiliere/cacheops.py,sha256=VGG5qG5IsxvWJTu1aTlmsaDXV2aiuIMVdVcvHGHeY3g,163
-oxutils/oxiliere/caches.py,sha256=PljqpDxkaE5F8Gsmvdqoq8W0MDh6aDtgXxCrN2T8b-4,976
+oxutils/oxiliere/caches.py,sha256=eKZCVekWSzwdEX2LQat3B4JqDIcrumZI9x_wXW1xXCY,1023
 oxutils/oxiliere/controllers.py,sha256=hL_snutY1EuSO0n06NDbjkz-3A3hkqa3sYGie3Grbmg,847
 oxutils/oxiliere/enums.py,sha256=etpHgzsHTQKMrPIxVH-d592_DYSRJ2_o0c8bOdIza-8,201
 oxutils/oxiliere/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/oxiliere/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/oxiliere/management/commands/init_oxiliere_system.py,sha256=ogNQGARqUUfTv4JgZsRuEh4FInfMUO4nFHHCbgeLLbk,3659
-oxutils/oxiliere/middleware.py,sha256=mGOUs0bjtp_TKkZRgcC6kE7euZrZ6mIG1PgKHBhTDCc,4013
+oxutils/oxiliere/middleware.py,sha256=NgC2FqYQVJTB2vujY_9CJ8eSoQ2CuFcHDVZWKuQJk1s,5672
 oxutils/oxiliere/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-oxutils/oxiliere/models.py,sha256=IqASvymJ6EcLc9bhxnas7-XXZStQYz7_UqroFkqS8xE,1543
-oxutils/oxiliere/permissions.py,sha256=BVSbXqMa9Ohb1joBA_uXRCkYsYc3_CabhAWL9-VS4IU,3227
-oxutils/oxiliere/schemas.py,sha256=kjX6N1INx9wikatniEM5s-ECuuVtDCcu6VEBbbEIdZE,1897
+oxutils/oxiliere/models.py,sha256=EQHoQIzRVBa2VH7J44v-jc3dUZGNTjw_S61RuKcT6lw,2382
+oxutils/oxiliere/permissions.py,sha256=B171KebFVxZdAAdyNB36vsyjHg_cfdJkIb4LsgMmIVE,3059
+oxutils/oxiliere/schemas.py,sha256=WnWnGTyBQRP_cWyPNuvJwEkdJUPFRwG-dqzVJOfAVKU,1924
 oxutils/oxiliere/settings.py,sha256=ZuKppEyrucWxvvYC2-wLap4RzKfaEfaRdjJnsNZzpuY,440
 oxutils/oxiliere/tests.py,sha256=mrbGGRNg5jwbTJtWWa7zSKdDyeB4vmgZCRc2nk6VY-g,60
-oxutils/oxiliere/utils.py,sha256=iZc3BjaqVSrZkELVpYsYiwMHC5MfDeDQPKn8iTsB3Bk,2488
+oxutils/oxiliere/utils.py,sha256=iSxvtMWHKPVDHyQuVflw6vObP6N3IpVOFxpV_CKpgbI,2941
 oxutils/pdf/__init__.py,sha256=Uu_yOEd-FcNHIB7CV6y76c53wjL5Hce2GMjho8gnkbM,236
 oxutils/pdf/printer.py,sha256=VVvpGU5GdSNTOP06wLqgm36ICDfRTRaRjmmiS-vJ0wM,2449
 oxutils/pdf/utils.py,sha256=cn1Yc7KnjuATSQKM3hrYptCo0IsQurBdrNHh7Nu08b8,3786
@@ -74,15 +75,17 @@ oxutils/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/s3/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/s3/settings.py,sha256=NIlVhaOzWdsepOgCpxdTTJRHfM0tM5EcAoy4kaFC1R8,1190
 oxutils/s3/storages.py,sha256=gjQg05edVn6NuyfJZ-NwUB2lRWwg8GqgzHB8I1D5vbI,5402
-oxutils/settings.py,sha256=mp_ZSf8bcCUe2Zc9YdOe_EtltBgIY2n_8lUERQtsIFk,9742
+oxutils/settings.py,sha256=a7eLYIrwIvob0YwQc--XjQLGhY5ax0Iu036s2DV51qQ,10079
 oxutils/types.py,sha256=DIz8YK8xMpLc7FYbf88yEElyLsYN_-rbvaZXvENQkOQ,234
 oxutils/users/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/users/admin.py,sha256=suMo4x8I3JBxAFBVIdE-5qnqZ6JAZV0FESABHOSc-vg,63
-oxutils/users/apps.py,sha256=u3PAY2AZGQXSWH2DSkQ1lOTIVm33qUbzeKls0J8H8No,142
+oxutils/users/apps.py,sha256=zfWHq8f0DIh8skbnqskDSoHG9nrvVrCegSz22Mw4BGI,150
+oxutils/users/migrations/0001_initial.py,sha256=7l5xgJnms2D8Nnazh38iBQ7I1W9NgNTF228-og_tOVw,3136
 oxutils/users/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 oxutils/users/models.py,sha256=YXAHcXuhmHZfcRDOqA5lBiSRcJ24snBs9X6tcJPCcFs,2960
 oxutils/users/tests.py,sha256=mrbGGRNg5jwbTJtWWa7zSKdDyeB4vmgZCRc2nk6VY-g,60
 oxutils/users/utils.py,sha256=jY-zL8vLT5U3E2FV3DqCvrPORjKLutbkPZTQ-z96dCw,376
-oxutils-0.1.6.dist-info/WHEEL,sha256=eh7sammvW2TypMMMGKgsM83HyA_3qQ5Lgg3ynoecH3M,79
-oxutils-0.1.6.dist-info/METADATA,sha256=9frFJnEQATQH0nvB5a0WbDWVc7M-mI--wy9KkSOeKkA,8168
-oxutils-0.1.6.dist-info/RECORD,,
+oxutils/utils.py,sha256=6yGX2d1ajU5RqgfqiaS4McYm7ip2KEgADABo3M-yA3U,595
+oxutils-0.1.8.dist-info/WHEEL,sha256=eh7sammvW2TypMMMGKgsM83HyA_3qQ5Lgg3ynoecH3M,79
+oxutils-0.1.8.dist-info/METADATA,sha256=_CW_yBDOyOTv04ABahWzZbJ0XJHlnNqutefdq089hVA,8759
+oxutils-0.1.8.dist-info/RECORD,,

oxutils/jwt/client.py DELETED Viewed

@@ -1,123 +0,0 @@
-import jwt
-import requests
-from typing import Dict, Any, Optional
-from datetime import datetime, timedelta
-from django.core.exceptions import ImproperlyConfigured
-from oxutils.settings import oxi_settings
-from .constants import JWT_ALGORITHM
-_jwks_cache: Optional[Dict[str, Any]] = None
-_jwks_cache_time: Optional[datetime] = None
-_jwks_cache_ttl = timedelta(hours=1)
-def get_jwks_url() -> str:
-    """
-    Get JWKS URL from settings.
-    Returns:
-        The configured JWKS URL.
-    Raises:
-        ImproperlyConfigured: If jwt_jwks_url is not configured.
-    """
-    if not oxi_settings.jwt_jwks_url:
-        raise ImproperlyConfigured(
-            "JWT JWKS URL is not configured. Set OXI_JWT_JWKS_URL environment variable."
-        )
-    return oxi_settings.jwt_jwks_url
-def fetch_jwks(force_refresh: bool = False) -> Dict[str, Any]:
-    """
-    Fetch JWKS from the authentication server with caching.
-    Args:
-        force_refresh: Force refresh the cache even if not expired.
-    Returns:
-        Dict containing the JWKS.
-    Raises:
-        ImproperlyConfigured: If JWKS cannot be fetched.
-    """
-    global _jwks_cache, _jwks_cache_time
-    now = datetime.now()
-    # Return cached JWKS if valid
-    if not force_refresh and _jwks_cache is not None and _jwks_cache_time is not None:
-        if now - _jwks_cache_time < _jwks_cache_ttl:
-            return _jwks_cache
-    # Fetch fresh JWKS
-    jwks_url = get_jwks_url()
-    try:
-        response = requests.get(jwks_url, timeout=10)
-        response.raise_for_status()
-        _jwks_cache = response.json()
-        _jwks_cache_time = now
-        return _jwks_cache
-    except requests.RequestException as e:
-        raise ImproperlyConfigured(
-            f"Failed to fetch JWKS from {jwks_url}: {str(e)}"
-        )
-def get_key(kid: str):
-    """
-    Get the public key for a given Key ID (kid).
-    Args:
-        kid: The Key ID from the JWT header.
-    Returns:
-        RSA public key for verification.
-    Raises:
-        ValueError: If the kid is not found in JWKS.
-    """
-    jwks = fetch_jwks()
-    for key in jwks.get("keys", []):
-        if key.get("kid") == kid:
-            return jwt.algorithms.RSAAlgorithm.from_jwk(key)
-    raise ValueError(f"Unknown Key ID (kid): {kid}")
-def verify_token(token: str) -> Dict[str, Any]:
-    """
-    Verify and decode a JWT token.
-    Args:
-        token: The JWT token string to verify.
-    Returns:
-        Dict containing the decoded token payload.
-    Raises:
-        jwt.InvalidTokenError: If token is invalid or expired.
-        ValueError: If kid is not found.
-    """
-    try:
-        headers = jwt.get_unverified_header(token)
-        kid = headers.get("kid")
-        if not kid:
-            raise ValueError("Token header missing 'kid' field")
-        key = get_key(kid)
-        return jwt.decode(token, key=key, algorithms=JWT_ALGORITHM)
-    except jwt.InvalidTokenError:
-        raise
-    except Exception as e:
-        raise jwt.InvalidTokenError(f"Token verification failed: {str(e)}")
-def clear_jwks_cache() -> None:
-    """Clear the cached JWKS. Useful for testing or key rotation."""
-    global _jwks_cache, _jwks_cache_time
-    _jwks_cache = None
-    _jwks_cache_time = None

oxutils/jwt/constants.py DELETED Viewed

	@@ -1 +0,0 @@
1	- JWT_ALGORITHM = ["RS256"]

{oxutils-0.1.6.dist-info → oxutils-0.1.8.dist-info}/WHEEL RENAMED Viewed

File without changes

oxutils 0.1.6__py3-none-any.whl → 0.1.8__py3-none-any.whl

oxutils 0.1.6py3-none-any.whl → 0.1.8py3-none-any.whl