oxutils 0.1.6__tar.gz → 0.1.8__tar.gz

{oxutils-0.1.6 → oxutils-0.1.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oxutils
-Version: 0.1.6
+Version: 0.1.8
 Summary: Production-ready utilities for Django applications in the Oxiliere ecosystem
 Keywords: django,utilities,jwt,s3,audit,logging,celery,structlog
 Author: Edimedia Mutoke
@@ -30,9 +30,19 @@ Requires-Dist: jwcrypto>=1.5.6
 Requires-Dist: pydantic-settings>=2.12.0
 Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: requests>=2.32.5
+Requires-Dist: bcc-rates>=1.1.0 ; extra == 'all'
+Requires-Dist: django-cacheops>=7.2 ; extra == 'all'
+Requires-Dist: django-tenants>=3.9.0 ; extra == 'all'
+Requires-Dist: django-safedelete>=1.4.1 ; extra == 'all'
+Requires-Dist: django-auditlog>=3.4.1 ; extra == 'all'
+Requires-Dist: django-ninja-jwt>=5.4.2 ; extra == 'all'
+Requires-Dist: weasyprint>=67.0 ; extra == 'all'
 Requires-Dist: bcc-rates>=1.1.0 ; extra == 'currency'
+Requires-Dist: django-ninja-jwt>=5.4.2 ; extra == 'jwt'
 Requires-Dist: django-cacheops>=7.2 ; extra == 'oxiliere'
 Requires-Dist: django-tenants>=3.9.0 ; extra == 'oxiliere'
+Requires-Dist: django-safedelete>=1.4.1 ; extra == 'oxiliere'
+Requires-Dist: django-auditlog>=3.4.1 ; extra == 'oxiliere'
 Requires-Dist: weasyprint>=67.0 ; extra == 'pdf'
 Requires-Python: >=3.12
 Project-URL: Changelog, https://github.com/oxiliere/oxutils/blob/main/CHANGELOG.md
@@ -40,7 +50,9 @@ Project-URL: Documentation, https://github.com/oxiliere/oxutils/tree/main/docs
 Project-URL: Homepage, https://github.com/oxiliere/oxutils
 Project-URL: Issues, https://github.com/oxiliere/oxutils/issues
 Project-URL: Repository, https://github.com/oxiliere/oxutils
+Provides-Extra: all
 Provides-Extra: currency
+Provides-Extra: jwt
 Provides-Extra: oxiliere
 Provides-Extra: pdf
 Description-Content-Type: text/markdown

{oxutils-0.1.6 → oxutils-0.1.8}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "oxutils"
-version = "0.1.6"
+version = "0.1.8"
 description = "Production-ready utilities for Django applications in the Oxiliere ecosystem"
 readme = "README.md"
 license = "Apache-2.0"
@@ -65,11 +65,27 @@ currency = [
 oxiliere = [
     "django-cacheops>=7.2",
     "django-tenants>=3.9.0",
+    "django-safedelete>=1.4.1",
+    "django-auditlog>=3.4.1",
 ]
 pdf = [
     "weasyprint>=67.0",
 ]
 
+jwt = [
+    "django-ninja-jwt>=5.4.2",
+]
+
+all = [
+    "bcc-rates>=1.1.0",
+    "django-cacheops>=7.2",
+    "django-tenants>=3.9.0",
+    "django-safedelete>=1.4.1",
+    "django-auditlog>=3.4.1",
+    "django-ninja-jwt>=5.4.2",
+    "weasyprint>=67.0",
+]
+
 [dependency-groups]
 dev = [
     "pytest>=8.0.0",
@@ -79,6 +95,7 @@ dev = [
     "coverage>=7.4.0",
     "pillow>=12.0.0",
     "ruff>=0.8.0",
+    "psycopg[binary]>=3.3.2",
 ]
 
 

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/__init__.py

@@ -10,7 +10,7 @@ This package provides:
 - Custom exceptions
 """
 
-__version__ = "0.1.6"
+__version__ = "0.1.8"
 
 from oxutils.settings import oxi_settings
 from oxutils.conf import UTILS_APPS, AUDIT_MIDDLEWARE

oxutils-0.1.8/src/oxutils/constants.py

@@ -0,0 +1,4 @@
+ORGANIZATION_QUERY_KEY = 'organization_id'
+ORGANIZATION_HEADER_KEY = 'X-Organization-ID'
+ORGANIZATION_TOKEN_COOKIE_KEY = 'organization_token'
+OXILIERE_SERVICE_TOKEN = 'X-Oxiliere-Token'

oxutils-0.1.8/src/oxutils/jwt/models.py

@@ -0,0 +1,68 @@
+from uuid import UUID
+from django.utils.functional import cached_property
+from ninja_jwt.models import TokenUser as DefaultTonkenUser
+from ninja_jwt.settings import api_settings
+
+import structlog
+from .tokens import OrganizationAccessToken
+
+
+
+logger = structlog.get_logger(__name__)
+
+
+class TokenTenant:
+
+    def __init__(
+        self,
+        schema_name: str,
+        tenant_id: int,
+        oxi_id: str,
+        subscription_plan: str,
+        subscription_status: str,
+        status: str,
+        ):
+        self.schema_name = schema_name
+        self.id = tenant_id
+        self.oxi_id = oxi_id
+        self.subscription_plan = subscription_plan
+        self.subscription_status = subscription_status
+        self.status = status
+
+    def __str__(self):
+        return f"{self.schema_name} - {self.oxi_id}"
+
+    @property
+    def pk(self):
+        return self.id
+
+    @classmethod
+    def for_token(cls, token):
+        try:
+            token_obj = OrganizationAccessToken(token=token)
+            tenant = cls(
+                schema_name=token_obj['schema_name'],
+                tenant_id=token_obj['tenant_id'],
+                oxi_id=token_obj['oxi_id'],
+                subscription_plan=token_obj['subscription_plan'],
+                subscription_status=token_obj['subscription_status'],
+                status=token_obj['status'],
+            )
+            return tenant
+        except Exception:
+            logger.exception('Failed to create TokenTenant from token', token=token)
+            return None
+
+
+class TokenUser(DefaultTonkenUser):
+    @cached_property
+    def id(self):
+        return UUID(self.token[api_settings.USER_ID_CLAIM])
+
+    @cached_property
+    def token_created_at(self):
+        return self.token.get('cat', None)
+
+    @cached_property
+    def token_session(self):
+        return self.token.get('session', None)

oxutils-0.1.8/src/oxutils/jwt/tokens.py

@@ -0,0 +1,69 @@
+from django.conf import settings
+from ninja_jwt.tokens import Token, AccessToken
+from ninja_jwt.backends import TokenBackend
+from ninja_jwt.settings import api_settings
+from datetime import timedelta
+from oxutils.settings import oxi_settings
+
+
+
+
+__all__ = [
+    'AccessToken',
+    'OrganizationAccessToken',
+]
+
+
+
+token_backend = TokenBackend(
+    algorithm='HS256',
+    signing_key=settings.SECRET_KEY,
+    verifying_key="",
+    audience=None,
+    issuer=None,
+    jwk_url=None,
+    leeway=api_settings.LEEWAY,
+    json_encoder=api_settings.JSON_ENCODER,
+)
+
+
+
+class OxilierServiceToken(Token):
+    token_type = oxi_settings.jwt_service_token_key
+    lifetime = timedelta(minutes=oxi_settings.jwt_service_token_lifetime)
+
+
+    @classmethod
+    def for_service(cls, payload: dict = {}) -> Token:
+        token = cls()
+
+        for key, value in payload.items():
+            token[key] = value
+
+        return token
+
+
+class OrganizationAccessToken(Token):
+    token_type = oxi_settings.jwt_org_access_token_key
+    lifetime = timedelta(minutes=oxi_settings.jwt_org_access_token_lifetime)
+
+    @classmethod
+    def for_tenant(cls, tenant) -> Token:
+        token = cls()
+        token.payload['tenant_id'] = str(tenant.id)
+        token.payload['oxi_id'] = str(tenant.oxi_id)
+        token.payload['schema_name'] = str(tenant.schema_name)
+        token.payload['subscription_plan'] = str(tenant.subscription_plan)
+        token.payload['subscription_status'] = str(tenant.subscription_status)
+        token.payload['subscription_end_date'] = str(tenant.subscription_end_date)
+        token.payload['status'] = str(tenant.status)
+
+        return token
+
+    @property
+    def token_backend(self):
+        return token_backend
+
+    def get_token_backend(self):
+        # Backward compatibility.
+        return self.token_backend

oxutils-0.1.8/src/oxutils/jwt/utils.py

@@ -0,0 +1,45 @@
+from functools import wraps
+import structlog
+from django.contrib.auth import get_user_model
+from django.http import HttpRequest
+
+from ninja_jwt.exceptions import InvalidToken
+
+
+
+logger = structlog.getLogger("django")
+User = get_user_model()
+
+
+def load_user(f):
+    """
+    Decorator that loads the complete user object from the database for stateless JWT authentication.
+    This is necessary because JWT tokens only contain the user ID, and the full user object
+    might be needed in the view methods.
+
+    Usage:
+
+    .. code-block:: python
+
+        @load_user
+        def my_view_method(self, *args, **kwargs):
+            # self.request.user will be the complete user object
+            pass
+    """
+    @wraps(f)
+    def wrapper(self, *args, **kwargs):
+        populate_user(self.context.request)
+        res = f(self, *args, **kwargs)
+        return res
+    return wrapper
+
+
+def populate_user(request: HttpRequest):
+    if isinstance(request.user, User):
+        return
+
+    try:
+        request.user = User.objects.get(oxi_id=request.user.id)
+    except User.DoesNotExist as exc:
+        logger.exception('user_not_found', oxi_id=request.user.id, message=str(exc))
+        raise InvalidToken()

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/logger/settings.py

@@ -1,5 +1,5 @@
 import structlog
-
+from oxutils.settings import oxi_settings
 
 
 
@@ -29,7 +29,7 @@ LOGGING = {
         },
         "json_file": {
             "class": "logging.handlers.WatchedFileHandler",
-            "filename": "logs/json.log",
+            "filename": oxi_settings.log_file_path,
             "formatter": "json_formatter",
         },
     },

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/apps.py

@@ -3,4 +3,7 @@ from django.apps import AppConfig
 
 class OxiliereConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
-    name = 'oxiliere'
+    name = 'oxutils.oxiliere'
+
+    def ready(self):
+        import oxutils.oxiliere.caches

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/caches.py

@@ -1,9 +1,12 @@
+from django.conf import settings
 from cacheops import cached_as, cached
-from oxutils.oxiliere.models import Tenant, TenantUser
-from django_tenants.utils import get_tenant_model
+from oxutils.oxiliere.utils import get_tenant_model, get_tenant_user_model
+
+
 
 
 TenantModel = get_tenant_model()
+TenantUserModel = get_tenant_user_model()
 
 
 @cached_as(TenantModel, timeout=60*15)
@@ -12,13 +15,13 @@ def get_tenant_by_oxi_id(oxi_id: str):
 
 
 @cached_as(TenantModel, timeout=60*15)
-def get_tenant_by_schema_name(schema_name: str) -> Tenant:
+def get_tenant_by_schema_name(schema_name: str):
     return TenantModel.objects.get(schema_name=schema_name)
 
 
-@cached_as(TenantUser, timeout=60*15)
+@cached_as(TenantUserModel, timeout=60*15)
 def get_tenant_user(oxi_org_id: str, oxi_user_id: str):
-    return TenantUser.objects.get(
+    return TenantUserModel.objects.get(
         tenant__oxi_id=oxi_org_id,
         user__oxi_id=oxi_user_id
     )

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/middleware.py

@@ -9,7 +9,14 @@ from django_tenants.utils import (
     get_public_schema_name,
     get_public_schema_urlconf
 )
-from oxutils.constants import ORGANIZATION_HEADER_KEY
+from oxutils.settings import oxi_settings
+from oxutils.constants import (
+    ORGANIZATION_HEADER_KEY,
+    ORGANIZATION_TOKEN_COOKIE_KEY
+)
+from oxutils.jwt.models import TokenTenant
+from oxutils.jwt.tokens import OrganizationAccessToken
+
 
 class TenantMainMiddleware(MiddlewareMixin):
     TENANT_NOT_FOUND_EXCEPTION = Http404
@@ -42,17 +49,48 @@ class TenantMainMiddleware(MiddlewareMixin):
             from django.http import HttpResponseBadRequest
             return HttpResponseBadRequest('Missing X-Organization-ID header')
 
-        tenant_model = connection.tenant_model
-        try:
-            tenant = self.get_tenant(tenant_model, oxi_id)
-        except tenant_model.DoesNotExist:
-            default_tenant = self.no_tenant_found(request, oxi_id)
-            return default_tenant
+        # Try to get tenant from cookie token first
+        tenant_token = request.COOKIES.get(ORGANIZATION_TOKEN_COOKIE_KEY)
+        tenant = None
+        request._should_set_tenant_cookie = False
+        
+        if tenant_token:
+            tenant = TokenTenant.for_token(tenant_token)
+            # Verify the token's oxi_id matches the request
+            if tenant and tenant.oxi_id != oxi_id:
+                tenant = None
+        
+        # If no valid token, fetch from database
+        if not tenant:
+            tenant_model = connection.tenant_model
+            try:
+                tenant = self.get_tenant(tenant_model, oxi_id)
+                # Mark that we need to set the cookie in the response
+                request._should_set_tenant_cookie = True
+            except tenant_model.DoesNotExist:
+                default_tenant = self.no_tenant_found(request, oxi_id)
+                return default_tenant
 
         request.tenant = tenant
         connection.set_tenant(request.tenant)
         self.setup_url_routing(request)
 
+    def process_response(self, request, response):
+        """Set the tenant token cookie if needed."""
+        if hasattr(request, '_should_set_tenant_cookie') and request._should_set_tenant_cookie:
+            if hasattr(request, 'tenant') and not isinstance(request.tenant, TokenTenant):
+                # Generate token from DB tenant
+                token = OrganizationAccessToken.for_tenant(request.tenant)
+                response.set_cookie(
+                    key=ORGANIZATION_TOKEN_COOKIE_KEY,
+                    value=str(token),
+                    max_age=60 * oxi_settings.jwt_org_access_token_lifetime,
+                    httponly=True,
+                    secure=getattr(settings, 'SESSION_COOKIE_SECURE', False),
+                    samesite='Lax',
+                )
+        return response
+
     def no_tenant_found(self, request, oxi_id):
         """ What should happen if no tenant is found.
         This makes it easier if you want to override the default behavior """

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/models.py

@@ -1,18 +1,25 @@
 from django.db import models
 from django.conf import settings
-from django_tenants.models import TenantMixin, DomainMixin
+from django.utils.translation import gettext_lazy as _
+from django_tenants.models import TenantMixin
 from oxutils.models import (
     TimestampMixin,
     BaseModelMixin,
+    UUIDPrimaryKeyMixin,
 )
 from oxutils.oxiliere.enums import TenantStatus
 
 
 
 
-class Tenant(TenantMixin, TimestampMixin):
+tenant_model = getattr(settings, 'TENANT_MODEL', 'oxiliere.Tenant')
+tenant_user_model = getattr(settings, 'TENANT_USER_MODEL', 'oxiliere.TenantUser')
+
+
+
+class BaseTenant(TenantMixin, UUIDPrimaryKeyMixin, TimestampMixin):
     name = models.CharField(max_length=100)
-    oxi_id = models.UUIDField(unique=True)
+    oxi_id = models.CharField(unique=True)
     subscription_plan = models.CharField(max_length=255, null=True, blank=True)
     subscription_status = models.CharField(max_length=255, null=True, blank=True)
     subscription_end_date = models.DateTimeField(null=True, blank=True)
@@ -25,15 +32,18 @@ class Tenant(TenantMixin, TimestampMixin):
     # default true, schema will be automatically created and synced when it is saved
     auto_create_schema = True
 
-
-class Domain(DomainMixin):
-    pass
-
+    class Meta:
+        abstract = True
+        verbose_name = _('Tenant')
+        verbose_name_plural = _('Tenants')
+        indexes = [
+            models.Index(fields=['oxi_id'])
+        ]
 
 
-class TenantUser(BaseModelMixin):
+class BaseTenantUser(BaseModelMixin):
     tenant = models.ForeignKey(
-        settings.TENANT_MODEL, on_delete=models.CASCADE
+        tenant_model, on_delete=models.CASCADE
     )
     user = models.ForeignKey(
         settings.AUTH_USER_MODEL, on_delete=models.CASCADE
@@ -47,9 +57,25 @@ class TenantUser(BaseModelMixin):
     )
 
     class Meta:
+        abstract = True
+        verbose_name = 'Tenant User'
+        verbose_name_plural = 'Tenant Users'
         constraints = [
             models.UniqueConstraint(
                 fields=['tenant', 'user'],
                 name='unique_tenant_user'
             )
         ]
+        indexes = [
+            models.Index(fields=['tenant', 'user'])
+        ]
+
+
+class Tenant(BaseTenant):
+    class Meta(BaseTenant.Meta):
+        abstract = not tenant_model == 'oxiliere.Tenant'
+
+
+class TenantUser(BaseTenantUser):
+    class Meta(BaseTenantUser.Meta):
+        abstract = not tenant_user_model == 'oxiliere.TenantUser'

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/permissions.py

@@ -1,6 +1,7 @@
-from ninja.permissions import BasePermission
-from django.conf import settings
+from ninja_extra.permissions import BasePermission
 from oxutils.oxiliere.models import TenantUser
+from oxutils.constants import OXILIERE_SERVICE_TOKEN
+from oxutils.jwt.tokens import OxilierServiceToken
 
 
 class TenantPermission(BasePermission):
@@ -8,7 +9,7 @@ class TenantPermission(BasePermission):
     Vérifie que l'utilisateur a accès au tenant actuel.
     L'utilisateur doit être authentifié et avoir un lien avec le tenant.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
         
@@ -17,8 +18,8 @@ class TenantPermission(BasePermission):
         
         # Vérifier que l'utilisateur a accès à ce tenant
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk
         ).exists()
 
 
@@ -26,17 +27,16 @@ class TenantOwnerPermission(BasePermission):
     """
     Vérifie que l'utilisateur est propriétaire (owner) du tenant actuel.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
         
         if not hasattr(request, 'tenant'):
             return False
         
-        # Vérifier que l'utilisateur est owner du tenant
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user,
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk,
             is_owner=True
         ).exists()
 
@@ -45,22 +45,17 @@ class TenantAdminPermission(BasePermission):
     """
     Vérifie que l'utilisateur est admin ou owner du tenant actuel.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
         
         if not hasattr(request, 'tenant'):
             return False
         
-        # Vérifier que l'utilisateur est admin ou owner du tenant
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user,
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk,
             is_admin=True
-        ).exists() or TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user,
-            is_owner=True
         ).exists()
 
 
@@ -69,7 +64,7 @@ class TenantUserPermission(BasePermission):
     Vérifie que l'utilisateur est un membre du tenant actuel.
     Alias de TenantPermission pour plus de clarté sémantique.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, **kwargs):
         if not request.user or not request.user.is_authenticated:
             return False
         
@@ -77,8 +72,8 @@ class TenantUserPermission(BasePermission):
             return False
         
         return TenantUser.objects.filter(
-            tenant=request.tenant,
-            user=request.user
+            tenant__pk=request.tenant.pk,
+            user__pk=request.user.pk
         ).exists()
 
 
@@ -87,18 +82,15 @@ class OxiliereServicePermission(BasePermission):
     Vérifie que la requête provient d'un service interne Oxiliere.
     Utilise un token de service ou une clé API spéciale.
     """
-    def has_permission(self, request, view):
-        # Vérifier le header de service
-        service_token = request.headers.get('X-Oxiliere-Service-Token')
+    def has_permission(self, request, **kwargs):
+        custom = 'HTTP_' + OXILIERE_SERVICE_TOKEN.upper().replace('-', '_')
+        service_token = request.headers.get(OXILIERE_SERVICE_TOKEN) or request.META.get(custom)
         
         if not service_token:
             return False
         
-        # Comparer avec le token configuré dans settings
-        expected_token = getattr(settings, 'OXILIERE_SERVICE_TOKEN', None)
-        
-        if not expected_token:
+        try:
+            OxilierServiceToken(token=service_token)
+            return True
+        except Exception:
             return False
-        
-        return service_token == expected_token
-

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/schemas.py

@@ -1,4 +1,5 @@
 from typing import Optional
+from uuid import UUID 
 from ninja import Schema
 from django.db import transaction
 from django.contrib.auth import get_user_model
@@ -20,7 +21,7 @@ class TenantSchema(Schema):
 
 
 class TenantOwnerSchema(Schema):
-    oxi_id: str
+    oxi_id: UUID
     email: str
 
 
@@ -38,7 +39,7 @@ class CreateTenantSchema(Schema):
             logger.info("tenant_exists", oxi_id=self.tenant.oxi_id)
             raise ValueError("Tenant with oxi_id {} already exists".format(self.tenant.oxi_id))
 
-        user = UserModel.objects.get_or_create(
+        user, _ = UserModel.objects.get_or_create(
             oxi_id=self.owner.oxi_id,
             defaults={
                 'email': self.owner.email,

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/oxiliere/utils.py

@@ -1,4 +1,25 @@
-# utils.py
+from typing import Any
+from django.apps import apps
+from django.conf import settings
+
+
+
+
+def get_model(setting: str) -> Any:
+    try:
+        value = getattr(settings, setting)
+    except AttributeError:
+        raise ValueError(f"Model `{setting}` is not a valid Tenant model.")
+
+    return apps.get_model(value)
+
+
+def get_tenant_model() -> Any:
+    return get_model('TENANT_MODEL')
+
+def get_tenant_user_model() -> Any:
+    return get_model('TENANT_USER_MODEL')
+
 
 def oxid_to_schema_name(oxid: str) -> str:
     """

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/settings.py

@@ -28,14 +28,21 @@ class OxUtilsSettings(BaseSettings):
     jwt_signing_key: Optional[str] = None
     jwt_verifying_key: Optional[str] = None
     jwt_jwks_url: Optional[str] = None
-    jwt_access_token_key: str = Field('access_token') 
-    jwt_org_access_token_key: str = Field('org_access_token')
+    jwt_access_token_key: str = Field('access')
+    jwt_org_access_token_key: str = Field('org_access')
+    jwt_service_token_key: str = Field('service')
+    jwt_algorithm: Optional[str] = Field('RS256')
+    jwt_access_token_lifetime: int = Field(15) # minutes
+    jwt_service_token_lifetime: int = Field(3) # minutes
+    jwt_org_access_token_lifetime: int = Field(60) # minutes
 
 
     # AuditLog
     log_access: bool = Field(False)
     retention_delay: int = Field(7)  # one week
 
+    # logger
+    log_file_path: Optional[str] = Field('logs/oxiliere.log')
 
     # Static S3
     use_static_s3: bool = Field(False)

{oxutils-0.1.6 → oxutils-0.1.8}/src/oxutils/users/apps.py

@@ -3,4 +3,4 @@ from django.apps import AppConfig
 
 class UsersConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
-    name = 'users'
+    name = 'oxutils.users'

oxutils-0.1.8/src/oxutils/users/migrations/0001_initial.py

@@ -0,0 +1,47 @@
+# Generated by Django 5.2.9 on 2025-12-23 10:52
+
+import django.utils.timezone
+import uuid
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, help_text='Unique identifier for this record', primary_key=True, serialize=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='Date and time when this record was created')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='Date and time when this record was last updated')),
+                ('deleted', models.DateTimeField(db_index=True, editable=False, null=True)),
+                ('deleted_by_cascade', models.BooleanField(default=False, editable=False)),
+                ('oxi_id', models.UUIDField(unique=True)),
+                ('email', models.EmailField(max_length=254, unique=True)),
+                ('is_active', models.BooleanField(default=True)),
+                ('subscription_plan', models.CharField(blank=True, max_length=255, null=True)),
+                ('subscription_status', models.CharField(blank=True, max_length=255, null=True)),
+                ('subscription_end_date', models.DateTimeField(blank=True, null=True)),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'utilisateur',
+                'verbose_name_plural': 'utilisateurs',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['oxi_id'], name='users_user_oxi_id_389c72_idx'), models.Index(fields=['email'], name='users_user_email_6f2530_idx')],
+            },
+        ),
+    ]

oxutils-0.1.8/src/oxutils/utils.py

@@ -0,0 +1,25 @@
+from django.http import HttpRequest
+
+
+def get_client_ip(request: HttpRequest) -> str:
+    """
+    Extract client IP address from request metadata.
+
+    Priority:
+
+        1. X-Forwarded-For header (first entry if multiple)
+        2. REMOTE_ADDR meta value
+
+    Args:
+        request (HttpRequest): Django request object
+
+    Returns:
+        str: Client IP address or None if not found
+    """
+    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(',')[0]
+    else:
+        ip = request.META.get('REMOTE_ADDR')
+    return ip
+

oxutils-0.1.6/src/oxutils/constants.py

@@ -1,2 +0,0 @@
-ORGANIZATION_QUERY_KEY = 'organization_id'
-ORGANIZATION_HEADER_KEY = 'X-Organization-ID'

oxutils-0.1.6/src/oxutils/jwt/client.py

@@ -1,123 +0,0 @@
-import jwt
-import requests
-from typing import Dict, Any, Optional
-from datetime import datetime, timedelta
-from django.core.exceptions import ImproperlyConfigured
-from oxutils.settings import oxi_settings
-from .constants import JWT_ALGORITHM
-
-
-_jwks_cache: Optional[Dict[str, Any]] = None
-_jwks_cache_time: Optional[datetime] = None
-_jwks_cache_ttl = timedelta(hours=1)
-
-
-def get_jwks_url() -> str:
-    """
-    Get JWKS URL from settings.
-    
-    Returns:
-        The configured JWKS URL.
-        
-    Raises:
-        ImproperlyConfigured: If jwt_jwks_url is not configured.
-    """
-    if not oxi_settings.jwt_jwks_url:
-        raise ImproperlyConfigured(
-            "JWT JWKS URL is not configured. Set OXI_JWT_JWKS_URL environment variable."
-        )
-    return oxi_settings.jwt_jwks_url
-
-
-def fetch_jwks(force_refresh: bool = False) -> Dict[str, Any]:
-    """
-    Fetch JWKS from the authentication server with caching.
-    
-    Args:
-        force_refresh: Force refresh the cache even if not expired.
-        
-    Returns:
-        Dict containing the JWKS.
-        
-    Raises:
-        ImproperlyConfigured: If JWKS cannot be fetched.
-    """
-    global _jwks_cache, _jwks_cache_time
-    
-    now = datetime.now()
-    
-    # Return cached JWKS if valid
-    if not force_refresh and _jwks_cache is not None and _jwks_cache_time is not None:
-        if now - _jwks_cache_time < _jwks_cache_ttl:
-            return _jwks_cache
-    
-    # Fetch fresh JWKS
-    jwks_url = get_jwks_url()
-    try:
-        response = requests.get(jwks_url, timeout=10)
-        response.raise_for_status()
-        _jwks_cache = response.json()
-        _jwks_cache_time = now
-        return _jwks_cache
-    except requests.RequestException as e:
-        raise ImproperlyConfigured(
-            f"Failed to fetch JWKS from {jwks_url}: {str(e)}"
-        )
-
-
-def get_key(kid: str):
-    """
-    Get the public key for a given Key ID (kid).
-    
-    Args:
-        kid: The Key ID from the JWT header.
-        
-    Returns:
-        RSA public key for verification.
-        
-    Raises:
-        ValueError: If the kid is not found in JWKS.
-    """
-    jwks = fetch_jwks()
-    
-    for key in jwks.get("keys", []):
-        if key.get("kid") == kid:
-            return jwt.algorithms.RSAAlgorithm.from_jwk(key)
-    
-    raise ValueError(f"Unknown Key ID (kid): {kid}")
-
-
-def verify_token(token: str) -> Dict[str, Any]:
-    """
-    Verify and decode a JWT token.
-    
-    Args:
-        token: The JWT token string to verify.
-        
-    Returns:
-        Dict containing the decoded token payload.
-        
-    Raises:
-        jwt.InvalidTokenError: If token is invalid or expired.
-        ValueError: If kid is not found.
-    """
-    try:
-        headers = jwt.get_unverified_header(token)
-        kid = headers.get("kid")
-        
-        if not kid:
-            raise ValueError("Token header missing 'kid' field")
-        
-        key = get_key(kid)
-        return jwt.decode(token, key=key, algorithms=JWT_ALGORITHM)
-    except jwt.InvalidTokenError:
-        raise
-    except Exception as e:
-        raise jwt.InvalidTokenError(f"Token verification failed: {str(e)}")
-
-
-def clear_jwks_cache() -> None:
-    """Clear the cached JWKS. Useful for testing or key rotation."""
-    global _jwks_cache, _jwks_cache_time
-    _jwks_cache = None
-    _jwks_cache_time = None

oxutils-0.1.6/src/oxutils/jwt/constants.py

@@ -1 +0,0 @@
-JWT_ALGORITHM = ["RS256"]