shaapi 0.1.0__py3-none-any.whl

shaapi/template/backend/middleware/jwt_auth_middleware.py

@@ -0,0 +1,73 @@
+from typing import Any
+
+from fastapi import Request, Response
+from fastapi.security.utils import get_authorization_scheme_param
+from pydantic_core import from_json
+from starlette.authentication import AuthCredentials, AuthenticationBackend, AuthenticationError
+from starlette.requests import HTTPConnection
+
+from backend.app.admin.schema.user import CurrentUserIns
+from backend.common.exception.errors import TokenError
+from backend.common.log import log
+from backend.common.security import jwt
+from backend.core.conf import settings
+from backend.database.db_postgres import async_db_session
+from backend.database.db_redis import redis_client
+from backend.utils.serializers import MsgSpecJSONResponse, select_as_dict
+
+
+class _AuthenticationError(AuthenticationError):
+    """Rewrite internal authentication error class"""
+
+    def __init__(self, *, code: int = None, msg: str = None, headers: dict[str, Any] | None = None):
+        self.code = code
+        self.msg = msg
+        self.headers = headers
+
+
+class JwtAuthMiddleware(AuthenticationBackend):
+    """JWT Authentication Middleware"""
+
+    @staticmethod
+    def auth_exception_handler(conn: HTTPConnection, exc: _AuthenticationError) -> Response:
+        """Override internal authentication error handling"""
+        return MsgSpecJSONResponse(content={'code': exc.code, 'msg': exc.msg, 'data': None}, status_code=exc.code)
+
+    async def authenticate(self, request: Request) -> tuple[AuthCredentials, CurrentUserIns] | None:
+        token = request.headers.get('Authorization')
+        if not token:
+            return
+
+        if request.url.path in settings.TOKEN_REQUEST_PATH_EXCLUDE:
+            return
+
+        scheme, token = get_authorization_scheme_param(token)
+        if scheme.lower() != 'bearer':
+            return
+
+        try:
+            sub = await jwt.jwt_authentication(token)
+            cache_user = await redis_client.get(f'{settings.JWT_USER_REDIS_PREFIX}:{sub}')
+            if not cache_user:
+                async with async_db_session() as db:
+                    current_user = await jwt.get_current_user(db, sub)
+                    user = CurrentUserIns(**select_as_dict(current_user))
+                    await redis_client.setex(
+                        f'{settings.JWT_USER_REDIS_PREFIX}:{sub}',
+                        settings.JWT_USER_REDIS_EXPIRE_SECONDS,
+                        user.model_dump_json(),
+                    )
+            else:
+                # TODO: it should be replaced with the use of model_validate_json
+                # https://docs.pydantic.dev/latest/concepts/json/#partial-json-parsing
+                user = CurrentUserIns.model_validate(from_json(cache_user, allow_partial=True))
+        except TokenError as exc:
+            raise _AuthenticationError(code=exc.code, msg=exc.detail, headers=exc.headers)
+        except Exception as e:
+            log.error(f'JWT Authorization Exception:{e}')
+            raise _AuthenticationError(code=getattr(e, 'code', 500), msg=getattr(e, 'msg', 'Internal Server Error'))
+
+        # Note that this return uses a non-standard mode, so some of the standard features will be lost when authentication is passed.
+        # For standard return modes see: https://www.starlette.io/authentication/
+        return AuthCredentials(['authenticated']), user
+

shaapi/template/backend/middleware/opera_log_middleware.py

@@ -0,0 +1,179 @@
+from asyncio import create_task
+from datetime import datetime
+
+from asgiref.sync import sync_to_async
+from fastapi import Response
+from starlette.datastructures import UploadFile
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+
+from backend.app.admin.schema.opera_log import CreateOperaLogParam
+from backend.app.admin.service.opera_log_service import OperaLogService
+from backend.common.dataclasses import RequestCallNext
+from backend.common.enums import OperaLogCipherType, StatusType
+from backend.common.log import log
+from backend.core.conf import settings
+from backend.utils.encrypt import AESCipher, ItsDCipher, Md5Cipher
+from backend.utils.trace_id import get_request_trace_id
+
+
+class OperaLogMiddleware(BaseHTTPMiddleware):
+    """Operation Logging Middleware"""
+
+    async def dispatch(self, request: Request, call_next) -> Response:
+        # Whitelisting of excluded records
+        path = request.url.path
+        if path in settings.OPERA_LOG_PATH_EXCLUDE or not path.startswith((
+            f'/client{settings.FASTAPI_API_V1_PATH}', 
+            f'/admin{settings.FASTAPI_API_V1_PATH}', 
+            f'/company{settings.FASTAPI_API_V1_PATH}',
+            f'/mentor{settings.FASTAPI_API_V1_PATH}')):
+            return await call_next(request)
+
+        # request resolution
+        try:
+            # This information is dependent on the jwt middleware
+            user_email = request.user.email
+        except AttributeError:
+            user_email = None
+        method = request.method
+        args = await self.get_request_args(request)
+        args = await self.desensitization(args)
+
+        # execute a request
+        start_time = datetime.now()
+        request_next = await self.execute_request(request, call_next)
+        end_time = datetime.now()
+        cost_time = (end_time - start_time).total_seconds() * 1000.0
+
+        # This information can only be obtained after a request
+        _route = request.scope.get('route')
+        summary = getattr(_route, 'summary', None) or ''
+
+        # Log Creation
+        opera_log_in = CreateOperaLogParam(
+            trace_id=get_request_trace_id(request),
+            user_email=user_email,
+            method=method,
+            title=summary,
+            path=path,
+            ip=request.state.ip,
+            country=request.state.country,
+            region=request.state.region,
+            city=request.state.city,
+            user_agent=request.state.user_agent,
+            os=request.state.os,
+            browser=request.state.browser,
+            device=request.state.device,
+            args=args,
+            status=request_next.status,
+            code=request_next.code,
+            msg=request_next.msg,
+            cost_time=cost_time,
+            opera_time=start_time,
+        )
+        create_task(OperaLogService.create(obj_in=opera_log_in))  # noqa: ignore
+
+        # error throwing
+        err = request_next.err
+        if err:
+            raise err from None
+
+        return request_next.response
+
+    async def execute_request(self, request: Request, call_next) -> RequestCallNext:
+        """execute a request"""
+        code = 200
+        msg = 'Success'
+        status = StatusType.enable
+        err = None
+        response = None
+        try:
+            response = await call_next(request)
+            code, msg = self.request_exception_handler(request, code, msg)
+        except Exception as e:
+            log.error(f'Request Exception: {e}')
+            # code processing with SQLAlchemy and Pydantic.
+            code = getattr(e, 'code', None) or code
+            msg = getattr(e, 'msg', None) or msg
+            status = StatusType.disable
+            err = e
+
+        return RequestCallNext(code=str(code), msg=msg, status=status, err=err, response=response)
+
+    @staticmethod
+    def request_exception_handler(request: Request, code: int, msg: str) -> tuple[str, str]:
+        """Request Exception Handler"""
+        exception_states = [
+            '__request_http_exception__',
+            '__request_validation_exception__',
+            '__request_pydantic_user_error__',
+            '__request_assertion_error__',
+            '__request_custom_exception__',
+            '__request_all_unknown_exception__',
+            '__request_cors_500_exception__',
+        ]
+        for state in exception_states:
+            exception = getattr(request.state, state, None)
+            if exception:
+                code = exception.get('code')
+                msg = exception.get('msg')
+                log.error(f'Exception: {msg}')
+                break
+        return code, msg
+
+    @staticmethod
+    async def get_request_args(request: Request) -> dict:
+        """Request Exception"""
+        args = dict(request.query_params)
+        args.update(request.path_params)
+        # Tip: .body() must be fetched before .form().
+        # https://github.com/encode/starlette/discussions/1933
+        body_data = await request.body()
+        form_data = await request.form()
+        if len(form_data) > 0:
+            args.update({k: v.filename if isinstance(v, UploadFile) else v for k, v in form_data.items()})
+        else:
+            if body_data:
+                json_data = await request.json()
+                if not isinstance(json_data, dict):
+                    json_data = {
+                        f'{type(json_data)}_to_dict_data': json_data.decode('utf-8')
+                        if isinstance(json_data, bytes)
+                        else json_data
+                    }
+                args.update(json_data)
+        return args
+
+    @staticmethod
+    @sync_to_async
+    def desensitization(args: dict) -> dict | None:
+        """
+        desensitization
+
+        :param args:
+        :return:
+        """
+        if not args:
+            args = None
+        else:
+            match settings.OPERA_LOG_ENCRYPT_TYPE:
+                case OperaLogCipherType.aes:
+                    for key in args.keys():
+                        if key in settings.OPERA_LOG_ENCRYPT_KEY_INCLUDE:
+                            args[key] = (AESCipher(settings.OPERA_LOG_ENCRYPT_SECRET_KEY).encrypt(args[key])).hex()
+                case OperaLogCipherType.md5:
+                    for key in args.keys():
+                        if key in settings.OPERA_LOG_ENCRYPT_KEY_INCLUDE:
+                            args[key] = Md5Cipher.encrypt(args[key])
+                case OperaLogCipherType.itsdangerous:
+                    for key in args.keys():
+                        if key in settings.OPERA_LOG_ENCRYPT_KEY_INCLUDE:
+                            args[key] = ItsDCipher(settings.OPERA_LOG_ENCRYPT_SECRET_KEY).encrypt(args[key])
+                case OperaLogCipherType.plan:
+                    pass
+                case _:
+                    for key in args.keys():
+                        if key in settings.OPERA_LOG_ENCRYPT_KEY_INCLUDE:
+                            args[key] = '******'
+        return args

shaapi/template/backend/middleware/state_middleware.py

@@ -0,0 +1,26 @@
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoint
+
+from backend.utils.request_parse import parse_ip_info, parse_user_agent_info
+
+
+class StateMiddleware(BaseHTTPMiddleware):
+    """Request state middleware"""
+
+    async def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -> Response:
+        ip_info = await parse_ip_info(request)
+        ua_info = parse_user_agent_info(request)
+
+        # Setting up additional request information
+        request.state.ip = ip_info.ip
+        request.state.country = ip_info.country
+        request.state.region = ip_info.region
+        request.state.city = ip_info.city
+        request.state.user_agent = ua_info.user_agent
+        request.state.os = ua_info.os
+        request.state.browser = ua_info.browser
+        request.state.device = ua_info.device
+
+        response = await call_next(request)
+
+        return response

shaapi/template/backend/models/__init__.py

@@ -0,0 +1,10 @@
+from backend.models.casbin_rule import CasbinRule
+from backend.models.role import Role
+from backend.models.user import User
+from backend.models.opera_log import OperaLog
+from backend.models.login_log import LoginLog
+
+import pkgutil
+import importlib
+import inspect
+from backend.common.model import Base

shaapi/template/backend/models/associations.py

@@ -0,0 +1,20 @@
+import sqlalchemy as sa
+from sqlalchemy.orm import Mapped
+
+from backend.common.model import MappedBase
+
+user_role = sa.Table(
+    "user_role",
+    MappedBase.metadata,
+    sa.Column(
+        "id",
+        sa.Integer,
+        primary_key=True,
+        unique=True,
+        index=True,
+        autoincrement=True,
+        comment="Primary Key ID",
+    ),
+    sa.Column("user_id", sa.Integer, sa.ForeignKey("user.id", ondelete="CASCADE")),
+    sa.Column("role_id", sa.Integer, sa.ForeignKey("role.id", ondelete="CASCADE")),
+)

shaapi/template/backend/models/casbin_rule.py

@@ -0,0 +1,30 @@
+from sqlalchemy import String, TEXT
+from sqlalchemy.orm import Mapped, mapped_column
+
+from backend.common.model import MappedBase, id_key
+
+
+class CasbinRule(MappedBase):
+    """Rewrite the CasbinRule model class in Casbin, using a custom Base to avoid alembic migration issues"""
+
+    __tablename__ = 'casbin_rule'
+
+    id: Mapped[id_key]
+    ptype: Mapped[str] = mapped_column(String(255), comment='Policy type: p / g')
+    v0: Mapped[str] = mapped_column(String(255), comment='Role ID / User x_id')
+    v1: Mapped[str] = mapped_column(TEXT, comment='API path / Role name')
+    v2: Mapped[str | None] = mapped_column(String(255), comment='Request method')
+    v3: Mapped[str | None] = mapped_column(String(255))
+    v4: Mapped[str | None] = mapped_column(String(255))
+    v5: Mapped[str | None] = mapped_column(String(255))
+
+    def __str__(self):
+        arr = [self.ptype]
+        for v in (self.v0, self.v1, self.v2, self.v3, self.v4, self.v5):
+            if v is None:
+                break
+            arr.append(v)
+        return ', '.join(arr)
+
+    def __repr__(self):
+        return '<CasbinRule {}: "{}">'.format(self.id, str(self))

shaapi/template/backend/models/login_log.py

@@ -0,0 +1,28 @@
+from datetime import datetime
+import sqlalchemy as sa
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import func
+
+from backend.common.model import DataClassBase, get_id, id_key
+from backend.utils.timezone import timezone
+
+class LoginLog(DataClassBase):
+    """Login Log Table"""
+
+    __tablename__ = 'login_log'
+
+    id: Mapped[id_key] = mapped_column(init=False)
+    user_x_id: Mapped[str] = mapped_column(sa.String(32))
+    email: Mapped[str] = mapped_column(sa.String, comment='User email')
+    status: Mapped[int] = mapped_column(sa.Integer, insert_default=0, comment='Login status (0 failed, 1 success)')
+    ip: Mapped[str] = mapped_column(sa.String, comment='Login IP address')
+    country: Mapped[str | None] = mapped_column(sa.String, comment='Country')
+    region: Mapped[str | None] = mapped_column(sa.String, comment='Region')
+    city: Mapped[str | None] = mapped_column(sa.String, comment='City')
+    user_agent: Mapped[str] = mapped_column(sa.TEXT, comment='User-Agent header')  
+    os: Mapped[str | None] = mapped_column(sa.String, comment='Operating system')
+    browser: Mapped[str | None] = mapped_column(sa.String, comment='Browser')
+    device: Mapped[str | None] = mapped_column(sa.String, comment='Device')
+    msg: Mapped[str] = mapped_column(sa.TEXT, comment='Message')
+    login_time: Mapped[datetime] = mapped_column(comment='Login time')
+    created_time: Mapped[datetime] = mapped_column(sa.DateTime(timezone=True), init=False, default=func.now(), comment='Creation time')

shaapi/template/backend/models/opera_log.py

@@ -0,0 +1,36 @@
+import sqlalchemy as sa
+from sqlalchemy.orm import Mapped, mapped_column
+from datetime import datetime
+from sqlalchemy.sql.functions import current_timestamp
+
+from backend.common.model import DataClassBase, get_id, id_key 
+
+
+
+class OperaLog(DataClassBase):
+    """Operation Log Table"""
+
+    __tablename__ = 'opera_log'
+
+    id: Mapped[id_key] = mapped_column(init=False)
+    # x_id: Mapped[str] = mapped_column(sa.String(32), unique=True, insert_default=get_id)
+    trace_id: Mapped[str] = mapped_column(sa.String(32), comment='Request Tracking ID')
+    user_email: Mapped[str | None] = mapped_column(sa.String, comment='User Email', nullable=True)
+    method: Mapped[str] = mapped_column(sa.String, comment='Request method')
+    title: Mapped[str] = mapped_column(sa.String, comment='Operating module')
+    path: Mapped[str] = mapped_column(sa.String, comment='Request path')
+    ip: Mapped[str] = mapped_column(sa.String, comment='IP address')
+    country: Mapped[str | None] = mapped_column(sa.String, comment='Country', nullable=True)
+    region: Mapped[str | None] = mapped_column(sa.String, comment='Region', nullable=True)
+    city: Mapped[str | None] = mapped_column(sa.String, comment='City', nullable=True)
+    user_agent: Mapped[str] = mapped_column(sa.String, comment='Request header')
+    os: Mapped[str] = mapped_column(sa.String, comment='Operating system')
+    browser: Mapped[str] = mapped_column(sa.String, comment='Browser (software)')
+    device: Mapped[str] = mapped_column(sa.String, comment='Device')
+    args: Mapped[dict] = mapped_column(sa.JSON(), comment='Request Parameters')
+    status: Mapped[int] = mapped_column(sa.Integer, comment='Operation status (0 abnormal 1 normal)')
+    code: Mapped[str] = mapped_column(sa.String(20), insert_default='200', comment='Operation status code')
+    msg: Mapped[str] = mapped_column(sa.TEXT, comment='Alert message')
+    cost_time: Mapped[float] = mapped_column(insert_default=0.0, comment='Request elapsed time (ms)')
+    opera_time: Mapped[datetime] = mapped_column(comment="Operating time")
+    created_time: Mapped[datetime] = mapped_column(sa.DateTime(timezone=True), init=False, default=current_timestamp(), comment="Creation time")

shaapi/template/backend/models/role.py

@@ -0,0 +1,27 @@
+from typing import List
+import sqlalchemy as sa
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from backend.common.model import Base, get_id, id_key
+from backend.models.associations import user_role
+from backend.models.associations import user_role
+
+from backend.common.enums import Role as Role_enum
+
+
+class Role(Base):
+    """Boilerplate roles table"""
+
+    __tablename__ = 'role'
+
+    id: Mapped[id_key] = mapped_column(init=False)
+    x_id: Mapped[str] = mapped_column(sa.String(32), init=False, unique=True, default=get_id)
+    name: Mapped[str] = mapped_column(sa.String(), unique=True, default=Role_enum.USER.value, comment='role name')
+    # data_scope: Mapped[int | None] = mapped_column(insert_default=2, comment='Permission ranges (1: all data permissions 2: custom data permissions)')
+    status: Mapped[int] = mapped_column(sa.Integer, default=1, comment='Role status (0 deactivated 1 normal)')
+    remark: Mapped[str] = mapped_column(sa.Text, default=None, comment='note')
+
+    # Role users many-to-many
+    users: Mapped[List["User"]] = relationship(
+        init=False, secondary=user_role, back_populates="roles", lazy="noload"
+    )

shaapi/template/backend/models/user.py

@@ -0,0 +1,30 @@
+import sqlalchemy as sa
+from sqlalchemy.orm import relationship, Mapped, mapped_column
+from sqlalchemy.sql.functions import current_timestamp
+from sqlalchemy import func
+
+from datetime import datetime
+
+
+from backend.common.model import Base, id_key, get_id
+from backend.utils.timezone import timezone
+from .associations import user_role
+
+
+
+class User(Base):
+    id: Mapped[id_key] = mapped_column(init=False)
+    x_id: Mapped[str] = mapped_column(sa.String(32), init=False, unique=True, default=get_id)
+    firstname: Mapped[str] = mapped_column(sa.String, init=False, nullable=True)
+    lastname: Mapped[str] = mapped_column(sa.String, init=False, index=True, nullable=True)
+    phone: Mapped[str] = mapped_column(sa.String, init=False, index=True, nullable=True) 
+    email: Mapped[str] = mapped_column(sa.String(200), index=True, unique=True, nullable=False)
+    password: Mapped[str] = mapped_column(sa.String, nullable=False)
+    salt: Mapped[str] = mapped_column(sa.String, nullable=True)
+    status: Mapped[bool] = mapped_column(sa.Boolean, default=True, server_default='1')  # User account status (False: deactivated, True: normal)
+    is_multi_login: Mapped[bool] = mapped_column(sa.Boolean(), nullable=False, default=False, server_default='1')
+    last_login_time: Mapped[datetime] = mapped_column(sa.DateTime(timezone=True), init=False, onupdate=func.now(), default=current_timestamp())
+    join_time: Mapped[datetime] = mapped_column(sa.DateTime(timezone=True), init=False, default=current_timestamp())
+
+    # User related roles 
+    roles: Mapped[list["Role"]] = relationship(secondary=user_role, init=False, lazy="joined")

shaapi/template/backend/seeder/json/admin.json

@@ -0,0 +1,15 @@
+{
+    "model": "backend.models.Admin",
+    "data": [
+        {
+            "firstname": "Kaanari",
+            "lastname": "Tech",
+            "fullname": "Kaanari Tech",
+            "phone": "",
+            "email": "admin@kaanari.com",
+            "email_verified": true,
+            "password": "$pbkdf2-sha256$29000$ubcWorT2njOmtLY25ty71w$Yo/aLAd5AxAolsTjDoOqtkvUvUWD6TErRR7.tCsMQ8g"
+
+        }
+    ]
+}

shaapi/template/backend/seeder/json/user.json

@@ -0,0 +1,15 @@
+{
+    "model": "backend.models.User",
+    "data": [
+        {
+            "firstname": "Kaanari",
+            "lastname": "Tech",
+            "fullname": "Kaanari Tech",
+            "phone": "",
+            "email": "admin@kaanari.com",
+            "email_verified": true,
+            "password": "$pbkdf2-sha256$29000$ubcWorT2njOmtLY25ty71w$Yo/aLAd5AxAolsTjDoOqtkvUvUWD6TErRR7.tCsMQ8g"
+
+        }
+    ]
+}

shaapi/template/backend/seeder/run.py

@@ -0,0 +1,34 @@
+from pathlib import Path
+
+from backend.database.db_postgres import drop_all_tables, get_db
+import fire
+from sqlalchemyseed import load_entities_from_json
+from sqlalchemyseed import Seeder
+
+
+
+def drop_tables() -> None:
+    drop_all_tables()
+
+
+def seed() -> None:
+    print("start: import_seed")
+    db = next(get_db())
+    seeds_json_files = list(Path(__file__).parent.glob("json/*.json"))
+    try:
+        entities = []
+        for file in seeds_json_files:
+            print(f"load seed file={str(file)}")
+            entities.append(load_entities_from_json(str(file)))
+
+        seeder = Seeder(db)
+        seeder.seed(entities)
+        db.commit()
+        print("end: seeds import completed")
+    except Exception as e:
+        db.rollback()
+        print(f"end: seeds import failed. detail={e}")
+
+
+if __name__ == "__main__":
+    fire.Fire()