setu-trafficmonitor 2.0.0__py3-none-any.whl

trafficmonitor/monitoring.py

@@ -0,0 +1,104 @@
+"""
+Monitoring and observability utilities
+"""
+import time
+import logging
+from typing import Dict, Any, Optional
+from contextlib import contextmanager
+from django.core.cache import cache
+from django.conf import settings
+
+logger = logging.getLogger(__name__)
+
+
+class MetricsCollector:
+    """Collects application metrics"""
+    
+    def __init__(self):
+        self.metrics = {}
+    
+    def increment(self, metric_name: str, value: int = 1, tags: Optional[Dict[str, str]] = None):
+        """Increment a counter metric"""
+        key = f"trafficmonitor.{metric_name}"
+        current = cache.get(key, 0)
+        cache.set(key, current + value, timeout=3600)
+        
+        # Log structured metric
+        logger.info("metric.increment", extra={
+            "metric_name": metric_name,
+            "value": value,
+            "tags": tags or {},
+            "timestamp": time.time()
+        })
+    
+    def gauge(self, metric_name: str, value: float, tags: Optional[Dict[str, str]] = None):
+        """Set a gauge metric"""
+        key = f"trafficmonitor.gauge.{metric_name}"
+        cache.set(key, value, timeout=3600)
+        
+        logger.info("metric.gauge", extra={
+            "metric_name": metric_name,
+            "value": value,
+            "tags": tags or {},
+            "timestamp": time.time()
+        })
+    
+    def timing(self, metric_name: str, duration_ms: float, tags: Optional[Dict[str, str]] = None):
+        """Record timing metric"""
+        logger.info("metric.timing", extra={
+            "metric_name": metric_name,
+            "duration_ms": duration_ms,
+            "tags": tags or {},
+            "timestamp": time.time()
+        })
+
+
+class StructuredLogger:
+    """Structured logging for enterprise applications"""
+    
+    def __init__(self, name: str):
+        self.logger = logging.getLogger(name)
+    
+    def log_request(self, request, response, duration_ms: float, **kwargs):
+        """Log request with structured format"""
+        self.logger.info("http.request", extra={
+            "method": request.method,
+            "path": request.path,
+            "status_code": response.status_code,
+            "duration_ms": duration_ms,
+            "user_agent": request.META.get('HTTP_USER_AGENT', ''),
+            "ip_address": self._get_client_ip(request),
+            **kwargs
+        })
+    
+    def log_error(self, error: Exception, context: Dict[str, Any]):
+        """Log error with context"""
+        self.logger.error("application.error", extra={
+            "error_type": type(error).__name__,
+            "error_message": str(error),
+            "context": context,
+            "timestamp": time.time()
+        }, exc_info=True)
+    
+    def _get_client_ip(self, request) -> str:
+        """Get client IP address"""
+        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+        if x_forwarded_for:
+            return x_forwarded_for.split(',')[0].strip()
+        return request.META.get('REMOTE_ADDR', '')
+
+
+@contextmanager
+def performance_timer(metric_name: str, tags: Optional[Dict[str, str]] = None):
+    """Context manager for timing operations"""
+    start_time = time.time()
+    try:
+        yield
+    finally:
+        duration_ms = (time.time() - start_time) * 1000
+        metrics.timing(metric_name, duration_ms, tags)
+
+
+# Global instances
+metrics = MetricsCollector()
+structured_logger = StructuredLogger('trafficmonitor')

trafficmonitor/permissions.py

@@ -0,0 +1,64 @@
+"""
+Role-based permission classes for TrafficMonitor analytics.
+Enterprise-grade access control using header-based authentication.
+"""
+from rest_framework import permissions
+from trafficmonitor.conf import TrafficMonitorConfig
+
+
+class HasTrafficMonitorAccess(permissions.BasePermission):
+    """
+    Permission class for analytics access.
+    Allows access if:
+    1. User is authenticated via Django (staff or superuser)
+    2. No role header exists (open access)
+    3. Role header exists and is authorized
+    """
+    message = "You do not have permission to access traffic monitoring analytics."
+    
+    def has_permission(self, request, view):
+        # Allow Django authenticated staff/superusers
+        if request.user and request.user.is_authenticated:
+            if request.user.is_staff or request.user.is_superuser:
+                return True
+        
+        # Check role-based access via headers
+        user_info = TrafficMonitorConfig.get_user_info_from_request(request)
+        user_role = user_info.get('role')
+        
+        # If no role header, allow access
+        if not user_role:
+            return True
+        
+        # If role header exists, check if user role is in allowed roles
+        return TrafficMonitorConfig.is_user_authorized(user_role)
+
+
+
+class HasTrafficMonitorAdminAccess(permissions.BasePermission):
+    """
+    Permission class for admin-only analytics access.
+    Allows access if:
+    1. User is Django superuser
+    2. No role header exists (open access)
+    3. Role header exists and has admin role
+    """
+    message = "You need admin privileges to access this resource."
+    
+    def has_permission(self, request, view):
+        # Allow Django superusers
+        if request.user and request.user.is_authenticated:
+            if request.user.is_superuser:
+                return True
+        
+        # Check role-based access via headers
+        user_info = TrafficMonitorConfig.get_user_info_from_request(request)
+        user_role = user_info.get('role')
+        
+        # If no role header, allow access
+        if not user_role:
+            return True
+        
+        # If role header exists, check if user has admin role
+        return TrafficMonitorConfig.is_admin(user_role)
+

trafficmonitor/security.py

@@ -0,0 +1,180 @@
+"""
+Security utilities for PII protection and data sanitization
+"""
+import re
+import json
+import datetime
+import decimal
+from uuid import UUID
+from typing import Dict, Any, Optional
+from django.conf import settings
+
+
+class DataSanitizer:
+    """Sanitizes sensitive data from requests/responses"""
+    
+    # PII patterns
+    EMAIL_PATTERN = re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b')
+    PHONE_PATTERN = re.compile(r'\b\d{3}[-.]?\d{3}[-.]?\d{4}\b')
+    SSN_PATTERN = re.compile(r'\b\d{3}-\d{2}-\d{4}\b')
+    CREDIT_CARD_PATTERN = re.compile(r'\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b')
+    
+    SENSITIVE_KEYS = {
+        'password', 'passwd', 'pwd', 'secret', 'token', 'key', 'auth',
+        'authorization', 'credential', 'api_key', 'access_token', 'refresh_token',
+        'ssn', 'social_security', 'credit_card', 'card_number', 'cvv', 'pin'
+    }
+    
+    @staticmethod
+    def sanitize_for_json(obj):
+        """
+        Recursively sanitize any Python object so it becomes JSON serializable.
+        Handles datetime, Decimal, UUID, Django objects, and any non-serializable type.
+        """
+        if obj is None:
+            return None
+
+        # Ellipsis
+        if obj is Ellipsis:
+            return None
+
+        # Primitives
+        if isinstance(obj, (str, int, float, bool)):
+            # Truncate very long strings
+            if isinstance(obj, str) and len(obj) > 1000:
+                return obj[:1000] + '...'
+            return obj
+
+        # Decimal
+        if isinstance(obj, decimal.Decimal):
+            return float(obj)
+
+        # UUID
+        if isinstance(obj, UUID):
+            return str(obj)
+
+        # Date/Time
+        if isinstance(obj, (datetime.datetime, datetime.date, datetime.time)):
+            try:
+                from django.utils.timezone import is_aware
+                # Make datetime timezone-naive ISO if aware
+                if isinstance(obj, datetime.datetime) and is_aware(obj):
+                    obj = obj.astimezone(datetime.timezone.utc).replace(tzinfo=None)
+            except ImportError:
+                pass
+            return obj.isoformat()
+
+        # Lists / Tuples
+        if isinstance(obj, (list, tuple)):
+            return [DataSanitizer.sanitize_for_json(item) for item in obj]
+
+        # Sets
+        if isinstance(obj, set):
+            return [DataSanitizer.sanitize_for_json(item) for item in obj]
+
+        # Dict
+        if isinstance(obj, dict):
+            return {
+                DataSanitizer.sanitize_for_json(k): DataSanitizer.sanitize_for_json(v) 
+                for k, v in obj.items()
+            }
+
+        # Django model instance — return pk if exists
+        if hasattr(obj, "pk"):
+            return str(obj.pk)
+
+        # Fallback: string representation
+        return str(obj)
+    
+    @classmethod
+    def sanitize_headers(cls, headers: Dict[str, Any]) -> Dict[str, Any]:
+        """Remove sensitive headers and ensure JSON serializable values"""
+        if not isinstance(headers, dict):
+            return {}
+        
+        sanitized = {}
+        for key, value in headers.items():
+            # Skip WSGI internal objects completely (not serializable)
+            if isinstance(key, str) and key.startswith('wsgi.'):
+                continue
+            
+            # Skip non-string keys
+            if not isinstance(key, str):
+                key = str(key)
+            
+            # Redact sensitive keys
+            if any(sensitive in key.lower() for sensitive in cls.SENSITIVE_KEYS):
+                sanitized[key] = "[REDACTED]"
+            else:
+                # Use sanitize_for_json to handle any type of value
+                sanitized[key] = cls.sanitize_for_json(value)
+        
+        return sanitized
+    
+    @classmethod
+    def sanitize_body(cls, body: str, max_length: int = 10000) -> str:
+        """Sanitize request/response body"""
+        if not body:
+            return body
+            
+        # Truncate if too long
+        if len(body) > max_length:
+            body = body[:max_length] + "...[TRUNCATED]"
+        
+        # Remove PII patterns
+        body = cls.EMAIL_PATTERN.sub('[EMAIL_REDACTED]', body)
+        body = cls.PHONE_PATTERN.sub('[PHONE_REDACTED]', body)
+        body = cls.SSN_PATTERN.sub('[SSN_REDACTED]', body)
+        body = cls.CREDIT_CARD_PATTERN.sub('[CARD_REDACTED]', body)
+        
+        # Try to parse as JSON and sanitize keys
+        try:
+            data = json.loads(body)
+            if isinstance(data, dict):
+                data = cls._sanitize_dict(data)
+                return json.dumps(data)
+        except (json.JSONDecodeError, TypeError):
+            pass
+            
+        return body
+    
+    @classmethod
+    def _sanitize_dict(cls, data: Dict[str, Any]) -> Dict[str, Any]:
+        """Recursively sanitize dictionary keys"""
+        sanitized = {}
+        for key, value in data.items():
+            if any(sensitive in key.lower() for sensitive in cls.SENSITIVE_KEYS):
+                sanitized[key] = "[REDACTED]"
+            elif isinstance(value, dict):
+                sanitized[key] = cls._sanitize_dict(value)
+            elif isinstance(value, list):
+                sanitized[key] = [cls._sanitize_dict(item) if isinstance(item, dict) else item for item in value]
+            else:
+                sanitized[key] = value
+        return sanitized
+
+
+class SecurityValidator:
+    """Validates security requirements"""
+    
+    @staticmethod
+    def validate_user_access(user_id: str, user_role: str, required_roles: list) -> bool:
+        """Validate user access with proper logging"""
+        if not user_id or not user_role:
+            return False
+        
+        # Add audit logging here
+        return user_role.lower() in [r.lower() for r in required_roles]
+    
+    @staticmethod
+    def get_client_ip(request) -> Optional[str]:
+        """Get real client IP considering proxies"""
+        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+        if x_forwarded_for:
+            return x_forwarded_for.split(',')[0].strip()
+        
+        x_real_ip = request.META.get('HTTP_X_REAL_IP')
+        if x_real_ip:
+            return x_real_ip
+            
+        return request.META.get('REMOTE_ADDR')

trafficmonitor/settings_production.py

@@ -0,0 +1,105 @@
+"""
+Production settings template for TrafficMonitor
+Copy these settings to your Django settings.py and adjust as needed.
+"""
+
+# TrafficMonitor Production Configuration
+TRAFFICMONITOR_ASYNC_LOGGING = True
+TRAFFICMONITOR_ENABLE_SAMPLING = True
+TRAFFICMONITOR_SAMPLE_RATE = 0.1  # Log 10% of requests in production
+
+# Circuit Breaker
+TRAFFICMONITOR_CIRCUIT_BREAKER_ENABLED = True
+TRAFFICMONITOR_CB_FAILURE_THRESHOLD = 5
+
+# Security
+TRAFFICMONITOR_ENABLE_PII_SANITIZATION = True
+TRAFFICMONITOR_MAX_BODY_LENGTH = 5000  # Smaller in production
+
+# Performance
+TRAFFICMONITOR_BULK_BATCH_SIZE = 5000
+TRAFFICMONITOR_ENABLE_METRICS = True
+
+# Data Retention
+TRAFFICMONITOR_RETENTION_DAYS = 30  # Shorter retention in production
+
+# Authentication (adjust based on your auth system)
+TRAFFICMONITOR_USER_ID_HEADER = 'X-User-ID'
+TRAFFICMONITOR_USER_ROLE_HEADER = 'X-User-Role'
+TRAFFICMONITOR_VIEWER_ROLES = ['analyst', 'viewer', 'developer']
+TRAFFICMONITOR_ADMIN_ROLES = ['admin', 'superuser']
+
+# Excluded paths (add your specific paths)
+TRAFFICMONITOR_EXCLUDED_PATHS = [
+    '/admin/jsi18n/',
+    '/static/',
+    '/media/',
+    '/__debug__/',
+    '/favicon.ico',
+    '/health/',
+    '/healthz/',
+    '/metrics/',
+    '/prometheus/',
+    # Add your application-specific paths
+    '/api/health/',
+    '/api/metrics/',
+]
+
+# Logging Configuration
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'formatters': {
+        'structured': {
+            'format': '%(asctime)s %(name)s %(levelname)s %(message)s',
+        },
+    },
+    'handlers': {
+        'trafficmonitor': {
+            'level': 'INFO',
+            'class': 'logging.StreamHandler',
+            'formatter': 'structured',
+        },
+    },
+    'loggers': {
+        'trafficmonitor': {
+            'handlers': ['trafficmonitor'],
+            'level': 'INFO',
+            'propagate': False,
+        },
+    },
+}
+
+# Database Configuration (example for PostgreSQL)
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': 'your_db_name',
+        'USER': 'your_db_user',
+        'PASSWORD': 'your_db_password',
+        'HOST': 'your_db_host',
+        'PORT': '5432',
+        'OPTIONS': {
+            'MAX_CONNS': 20,  # Connection pooling
+        },
+    }
+}
+
+# Cache Configuration (Redis recommended)
+CACHES = {
+    'default': {
+        'BACKEND': 'django_redis.cache.RedisCache',
+        'LOCATION': 'redis://127.0.0.1:6379/1',
+        'OPTIONS': {
+            'CLIENT_CLASS': 'django_redis.client.DefaultClient',
+            'CONNECTION_POOL_KWARGS': {'max_connections': 50},
+        }
+    }
+}
+
+# Celery Configuration (for async logging)
+CELERY_BROKER_URL = 'redis://localhost:6379/0'
+CELERY_RESULT_BACKEND = 'redis://localhost:6379/0'
+CELERY_TASK_SERIALIZER = 'json'
+CELERY_ACCEPT_CONTENT = ['json']
+CELERY_RESULT_SERIALIZER = 'json'

trafficmonitor/static/analytics/css/dashboard.css

@@ -0,0 +1,99 @@
+/* Production-ready dashboard styles */
+:root {
+    --primary-color: #3b82f6;
+    --success-color: #10b981;
+    --warning-color: #f59e0b;
+    --danger-color: #ef4444;
+    --info-color: #8b5cf6;
+    --gray-color: #6b7280;
+}
+
+/* Performance optimizations */
+* {
+    box-sizing: border-box;
+}
+
+.card {
+    transition: transform 0.15s ease-out, box-shadow 0.15s ease-out;
+    will-change: transform;
+}
+
+.card:hover {
+    transform: translateY(-2px);
+    box-shadow: 0 10px 20px rgba(0,0,0,0.1);
+}
+
+/* Chart containers with proper aspect ratios */
+.chart-container {
+    position: relative;
+    height: 300px;
+    margin-bottom: 1rem;
+    contain: layout style paint;
+}
+
+.chart-container-large {
+    position: relative;
+    height: 400px;
+    margin-bottom: 1rem;
+    contain: layout style paint;
+}
+
+/* Responsive design */
+@media (max-width: 768px) {
+    .chart-container,
+    .chart-container-large {
+        height: 250px;
+    }
+}
+
+/* Loading states */
+.loading-skeleton {
+    background: linear-gradient(90deg, #f0f0f0 25%, #e0e0e0 50%, #f0f0f0 75%);
+    background-size: 200% 100%;
+    animation: loading 1.5s infinite;
+}
+
+@keyframes loading {
+    0% { background-position: 200% 0; }
+    100% { background-position: -200% 0; }
+}
+
+/* Error states */
+.error-state {
+    color: var(--danger-color);
+    text-align: center;
+    padding: 2rem;
+}
+
+/* Accessibility improvements */
+.sr-only {
+    position: absolute;
+    width: 1px;
+    height: 1px;
+    padding: 0;
+    margin: -1px;
+    overflow: hidden;
+    clip: rect(0, 0, 0, 0);
+    white-space: nowrap;
+    border: 0;
+}
+
+/* Focus states for keyboard navigation */
+button:focus,
+select:focus,
+input:focus {
+    outline: 2px solid var(--primary-color);
+    outline-offset: 2px;
+}
+
+/* Print styles */
+@media print {
+    .no-print {
+        display: none !important;
+    }
+    
+    .chart-container,
+    .chart-container-large {
+        break-inside: avoid;
+    }
+}