PyPI - svc-infra - Versions diffs - 0.1.593__tar.gz → 0.1.595__tar.gz - Mend

svc-infra 0.1.593tar.gz → 0.1.595tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of svc-infra might be problematic. Click here for more details.

Files changed (253) hide show

{svc_infra-0.1.593 → svc_infra-0.1.595}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: svc-infra
-Version: 0.1.593
+Version: 0.1.595
 Summary: Infrastructure for building and deploying prod-ready services
 License: MIT
 Keywords: fastapi,sqlalchemy,alembic,auth,infra,async,pydantic

{svc_infra-0.1.593 → svc_infra-0.1.595}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "svc-infra"
-version = "0.1.593"
+version = "0.1.595"
 description = "Infrastructure for building and deploying prod-ready services"
 authors = ["Ali Khatami <aliikhatami94@gmail.com>"]
 license = "MIT"
@@ -119,6 +119,10 @@ testpaths = ["tests"]
 python_files = ["test_*.py", "*_test.py"]
 python_classes = ["Test*",]
 python_functions = ["test_*"]
+markers = [
+    "security: Security and auth hardening tests",
+    "ratelimit: Rate limiting and abuse protection tests",
+]
 filterwarnings = [
     "ignore:The `route` decorator is deprecated:DeprecationWarning:starlette.*",
 ]

{svc_infra-0.1.593 → svc_infra-0.1.595}/src/svc_infra/apf_payments/README.md RENAMED Viewed

@@ -111,6 +111,32 @@ app = setup_service_api(
 add_payments(app, prefix="/payments")
 ```
+**Tenant Context**
+All payments endpoints require a tenant identifier. The FastAPI router now
+derives it automatically from the authenticated principal:
+- API key principals → ``principal.api_key.tenant_id``
+- User principals → ``principal.user.tenant_id``
+- Fallbacks: ``X-Tenant-Id`` request header or ``request.state.tenant_id``
+If you need custom mapping logic (for example, translating API keys to an
+external tenant registry), register an override during startup:
+```python
+from svc_infra.api.fastapi.apf_payments.router import set_payments_tenant_resolver
+async def resolve_tenant(request, identity, header):
+    # return a string tenant id, or None to fall back to the defaults
+    return "tenant-from-custom-logic"
+set_payments_tenant_resolver(resolve_tenant)
+```
+If no tenant can be derived (and the override also returns ``None``), the
+router responds with ``400 tenant_context_missing`` so callers can supply the
+missing context explicitly.
 **Environment-Based Configuration**
 The `easy_service_app` reads these env vars automatically:

{svc_infra-0.1.593 → svc_infra-0.1.595}/src/svc_infra/apf_payments/provider/aiydan.py RENAMED Viewed

@@ -5,6 +5,7 @@ from datetime import date, datetime, timezone
 from typing import Any, Optional, Sequence, Tuple
 from svc_infra.apf_payments.schemas import (
+    BalanceAmount,
     BalanceSnapshotOut,
     CustomerOut,
     CustomerUpsertIn,
@@ -277,13 +278,38 @@ def _usage_record_to_out(data: dict[str, Any]) -> UsageRecordOut:
         provider_price_id=(
             str(data.get("provider_price_id")) if data.get("provider_price_id") else None
         ),
+        action=(str(data.get("action")) if data.get("action") else None),
     )
 def _balance_snapshot_to_out(data: dict[str, Any]) -> BalanceSnapshotOut:
+    def _normalize(side: Any) -> list[dict[str, Any]]:
+        if isinstance(side, list):
+            out: list[dict[str, Any]] = []
+            for item in side:
+                if isinstance(item, dict) and "currency" in item and "amount" in item:
+                    out.append(
+                        {
+                            "currency": str(item["currency"]).upper(),
+                            "amount": int(item["amount"] or 0),
+                        }
+                    )
+            return out
+        if isinstance(side, dict):
+            return [
+                {"currency": str(cur).upper(), "amount": int(amt or 0)} for cur, amt in side.items()
+            ]
+        return []
     return BalanceSnapshotOut(
-        available=data.get("available", {}),
-        pending=data.get("pending", {}),
+        available=[
+            BalanceAmount(currency=i["currency"], amount=i["amount"])
+            for i in _normalize(data.get("available"))
+        ],
+        pending=[
+            BalanceAmount(currency=i["currency"], amount=i["amount"])
+            for i in _normalize(data.get("pending"))
+        ],
     )

{svc_infra-0.1.593 → svc_infra-0.1.595}/src/svc_infra/apf_payments/service.py RENAMED Viewed

@@ -65,9 +65,24 @@ def _default_provider_name() -> str:
 class PaymentsService:
+    """Payments service facade wrapping provider adapters and persisting key rows.
-    def __init__(self, session: AsyncSession, provider_name: Optional[str] = None):
+    NOTE: tenant_id is now required for all persistence operations. This is a breaking
+    change; callers must supply a valid tenant scope. (Future: could allow multi-tenant
+    mapping via adapter registry.)
+    """
+    def __init__(
+        self,
+        session: AsyncSession,
+        *,
+        tenant_id: str,
+        provider_name: Optional[str] = None,
+    ):
+        if not tenant_id:
+            raise ValueError("tenant_id is required for PaymentsService")
         self.session = session
+        self.tenant_id = tenant_id
         self._provider_name = (provider_name or _default_provider_name()).lower()
         self._adapter = None  # resolved on first use
@@ -118,6 +133,7 @@ class PaymentsService:
             # If your PayCustomer model has additional columns (email/name), include them here.
             self.session.add(
                 PayCustomer(
+                    tenant_id=self.tenant_id,
                     provider=out.provider,
                     provider_customer_id=out.provider_customer_id,
                     user_id=data.user_id,
@@ -132,6 +148,7 @@ class PaymentsService:
         out = await adapter.create_intent(data, user_id=user_id)
         self.session.add(
             PayIntent(
+                tenant_id=self.tenant_id,
                 provider=out.provider,
                 provider_intent_id=out.provider_intent_id,
                 user_id=user_id,
@@ -167,6 +184,32 @@ class PaymentsService:
     async def refund(self, provider_intent_id: str, data: RefundIn) -> IntentOut:
         adapter = self._get_adapter()
         out = await adapter.refund(provider_intent_id, data)
+        # Create ledger entry if amount present and not already recorded
+        pi = await self.session.scalar(
+            select(PayIntent).where(PayIntent.provider_intent_id == provider_intent_id)
+        )
+        if pi:
+            amount = int(data.amount) if data.amount is not None else out.amount
+            # Guard against duplicates (same provider_ref + kind)
+            existing = await self.session.scalar(
+                select(LedgerEntry).where(
+                    LedgerEntry.provider_ref == provider_intent_id,
+                    LedgerEntry.kind == "refund",
+                )
+            )
+            if amount > 0 and not existing:
+                self.session.add(
+                    LedgerEntry(
+                        tenant_id=self.tenant_id,
+                        provider=pi.provider,
+                        provider_ref=provider_intent_id,
+                        user_id=pi.user_id,
+                        amount=+amount,
+                        currency=out.currency,
+                        kind="refund",
+                        status="posted",
+                    )
+                )
         return out
     # --- Webhooks -------------------------------------------------------------
@@ -176,6 +219,7 @@ class PaymentsService:
         parsed = await adapter.verify_and_parse_webhook(signature, payload)
         self.session.add(
             PayEvent(
+                tenant_id=self.tenant_id,
                 provider=provider,
                 provider_event_id=parsed["id"],
                 type=parsed.get("type", ""),
@@ -199,6 +243,7 @@ class PaymentsService:
             intent.status = "succeeded"
             self.session.add(
                 LedgerEntry(
+                    tenant_id=self.tenant_id,
                     provider=intent.provider,
                     provider_ref=provider_intent_id,
                     user_id=intent.user_id,
@@ -217,17 +262,27 @@ class PaymentsService:
             select(PayIntent).where(PayIntent.provider_intent_id == pi_id)
         )
         if intent:
-            self.session.add(
-                LedgerEntry(
-                    provider=intent.provider,
-                    provider_ref=charge_obj.get("id"),
-                    user_id=intent.user_id,
-                    amount=+amount,
-                    currency=currency,
-                    kind="capture",
-                    status="posted",
+            # Avoid duplicate capture entries
+            existing = await self.session.scalar(
+                select(LedgerEntry).where(
+                    LedgerEntry.provider_ref == charge_obj.get("id"),
+                    LedgerEntry.kind == "capture",
                 )
             )
+            if not existing:
+                self.session.add(
+                    LedgerEntry(
+                        tenant_id=self.tenant_id,
+                        provider=intent.provider,
+                        provider_ref=charge_obj.get("id"),
+                        user_id=intent.user_id,
+                        amount=+amount,
+                        currency=currency,
+                        kind="capture",
+                        status="posted",
+                    )
+                )
+            intent.captured = True
     async def _post_refund(self, charge_obj: dict):
         amount = int(charge_obj.get("amount_refunded") or 0)
@@ -237,22 +292,31 @@ class PaymentsService:
             select(PayIntent).where(PayIntent.provider_intent_id == pi_id)
         )
         if intent and amount > 0:
-            self.session.add(
-                LedgerEntry(
-                    provider=intent.provider,
-                    provider_ref=charge_obj.get("id"),
-                    user_id=intent.user_id,
-                    amount=+amount,
-                    currency=currency,
-                    kind="refund",
-                    status="posted",
+            existing = await self.session.scalar(
+                select(LedgerEntry).where(
+                    LedgerEntry.provider_ref == charge_obj.get("id"),
+                    LedgerEntry.kind == "refund",
                 )
             )
+            if not existing:
+                self.session.add(
+                    LedgerEntry(
+                        tenant_id=self.tenant_id,
+                        provider=intent.provider,
+                        provider_ref=charge_obj.get("id"),
+                        user_id=intent.user_id,
+                        amount=+amount,
+                        currency=currency,
+                        kind="refund",
+                        status="posted",
+                    )
+                )
     async def attach_payment_method(self, data: PaymentMethodAttachIn) -> PaymentMethodOut:
         out = await self._get_adapter().attach_payment_method(data)
         # Upsert locally for quick listing
         pm = PayPaymentMethod(
+            tenant_id=self.tenant_id,
             provider=out.provider,
             provider_customer_id=out.provider_customer_id,
             provider_method_id=out.provider_method_id,
@@ -283,6 +347,7 @@ class PaymentsService:
         out = await self._get_adapter().create_product(data)
         self.session.add(
             PayProduct(
+                tenant_id=self.tenant_id,
                 provider=out.provider,
                 provider_product_id=out.provider_product_id,
                 name=out.name,
@@ -295,6 +360,7 @@ class PaymentsService:
         out = await self._get_adapter().create_price(data)
         self.session.add(
             PayPrice(
+                tenant_id=self.tenant_id,
                 provider=out.provider,
                 provider_price_id=out.provider_price_id,
                 provider_product_id=out.provider_product_id,
@@ -312,6 +378,7 @@ class PaymentsService:
         out = await self._get_adapter().create_subscription(data)
         self.session.add(
             PaySubscription(
+                tenant_id=self.tenant_id,
                 provider=out.provider,
                 provider_subscription_id=out.provider_subscription_id,
                 provider_price_id=out.provider_price_id,
@@ -340,6 +407,7 @@ class PaymentsService:
         out = await self._get_adapter().create_invoice(data)
         self.session.add(
             PayInvoice(
+                tenant_id=self.tenant_id,
                 provider=out.provider,
                 provider_invoice_id=out.provider_invoice_id,
                 provider_customer_id=out.provider_customer_id,
@@ -432,6 +500,27 @@ class PaymentsService:
             pi.status = out.status
             if out.status in ("succeeded", "requires_capture"):  # Stripe specifics vary
                 pi.captured = True if out.status == "succeeded" else pi.captured
+                # Add capture ledger entry if succeeded and not already posted
+                if out.status == "succeeded":
+                    existing = await self.session.scalar(
+                        select(LedgerEntry).where(
+                            LedgerEntry.provider_ref == provider_intent_id,
+                            LedgerEntry.kind == "capture",
+                        )
+                    )
+                    if not existing:
+                        self.session.add(
+                            LedgerEntry(
+                                tenant_id=self.tenant_id,
+                                provider=pi.provider,
+                                provider_ref=provider_intent_id,
+                                user_id=pi.user_id,
+                                amount=+out.amount,
+                                currency=out.currency,
+                                kind="capture",
+                                status="posted",
+                            )
+                        )
         return out
     async def list_intents(self, f: IntentListFilter) -> tuple[list[IntentOut], str | None]:
@@ -475,6 +564,7 @@ class PaymentsService:
         out = await self._get_adapter().create_setup_intent(data)
         self.session.add(
             PaySetupIntent(
+                tenant_id=self.tenant_id,
                 provider=out.provider,
                 provider_setup_intent_id=out.provider_setup_intent_id,
                 user_id=None,
@@ -510,6 +600,7 @@ class PaymentsService:
         else:
             self.session.add(
                 PaySetupIntent(
+                    tenant_id=self.tenant_id,
                     provider=out.provider,
                     provider_setup_intent_id=out.provider_setup_intent_id,
                     user_id=None,
@@ -549,6 +640,7 @@ class PaymentsService:
         else:
             self.session.add(
                 PayDispute(
+                    tenant_id=self.tenant_id,
                     provider=out.provider,
                     provider_dispute_id=out.provider_dispute_id,
                     provider_charge_id=None,  # set if adapter returns it
@@ -594,6 +686,7 @@ class PaymentsService:
         else:
             self.session.add(
                 PayPayout(
+                    tenant_id=self.tenant_id,
                     provider=out.provider,
                     provider_payout_id=out.provider_payout_id,
                     amount=out.amount,
@@ -678,10 +771,10 @@ class PaymentsService:
         if not row:
             self.session.add(
                 PayCustomer(
+                    tenant_id=self.tenant_id,
                     provider=out.provider,
                     provider_customer_id=out.provider_customer_id,
                     user_id=None,
-                    tenant_id="",
                 )
             )
         return out

{svc_infra-0.1.593 → svc_infra-0.1.595}/src/svc_infra/api/fastapi/apf_payments/router.py RENAMED Viewed

@@ -1,8 +1,9 @@
 from __future__ import annotations
-from typing import Literal, Optional, cast
+import inspect
+from typing import Annotated, Awaitable, Callable, Literal, Optional, cast
-from fastapi import Body, Depends, Header, Request, Response, status
+from fastapi import Body, Depends, Header, HTTPException, Request, Response, status
 from starlette.responses import JSONResponse
 from svc_infra.apf_payments.schemas import (
@@ -47,6 +48,7 @@ from svc_infra.apf_payments.schemas import (
     WebhookReplayOut,
 )
 from svc_infra.apf_payments.service import PaymentsService
+from svc_infra.api.fastapi.auth.security import OptionalIdentity, Principal
 from svc_infra.api.fastapi.db.sql.session import SqlSessionDep
 from svc_infra.api.fastapi.dual import protected_router, public_router, service_router, user_router
 from svc_infra.api.fastapi.dual.router import DualAPIRouter
@@ -69,8 +71,69 @@ def _tx_kind(kind: str) -> Literal["payment", "refund", "fee", "payout", "captur
 # --- deps ---
-async def get_service(session: SqlSessionDep) -> PaymentsService:
-    return PaymentsService(session=session)
+TenantOverrideHook = Callable[
+    [Request, Optional[Principal], Optional[str]],
+    Awaitable[Optional[str]] | Optional[str],
+]
+_tenant_override_hook: TenantOverrideHook | None = None
+def set_payments_tenant_resolver(resolver: TenantOverrideHook | None) -> None:
+    """Override the default tenant resolution used by the payments router.
+    Projects can call this during startup to plug custom logic (e.g. multi-tenant
+    mappings). Passing ``None`` resets to the built-in behavior.
+    """
+    global _tenant_override_hook
+    _tenant_override_hook = resolver
+async def resolve_payments_tenant_id(
+    request: Request,
+    identity: OptionalIdentity = None,
+    tenant_header: Annotated[Optional[str], Header(alias="X-Tenant-Id", default=None)] = None,
+) -> str:
+    """Determine the tenant id for the current request.
+    The default strategy prefers authenticated principals (API keys first, then
+    user accounts) and falls back to the ``X-Tenant-Id`` header or ``request.state``.
+    Applications may override the behavior via
+    :func:`set_payments_tenant_resolver`.
+    """
+    if _tenant_override_hook is not None:
+        maybe = _tenant_override_hook(request, identity, tenant_header)
+        if inspect.isawaitable(maybe):  # pragma: no cover - depends on override type
+            maybe = await maybe
+        if maybe is not None:
+            return maybe
+    if identity:
+        api_key_tenant = getattr(getattr(identity, "api_key", None), "tenant_id", None)
+        if api_key_tenant:
+            return api_key_tenant
+        user_tenant = getattr(getattr(identity, "user", None), "tenant_id", None)
+        if user_tenant:
+            return user_tenant
+    if tenant_header:
+        return tenant_header
+    state_tenant = getattr(request.state, "tenant_id", None)
+    if state_tenant:
+        return state_tenant
+    raise HTTPException(status.HTTP_400_BAD_REQUEST, detail="tenant_context_missing")
+PaymentsTenantDep = Annotated[str, Depends(resolve_payments_tenant_id)]
+async def get_service(session: SqlSessionDep, tenant_id: PaymentsTenantDep) -> PaymentsService:
+    return PaymentsService(session=session, tenant_id=tenant_id)
 # --- routers grouped by auth posture (same prefix is fine; FastAPI merges) ---

{svc_infra-0.1.593 → svc_infra-0.1.595}/src/svc_infra/api/fastapi/auth/add.py RENAMED Viewed

@@ -11,6 +11,7 @@ from svc_infra.api.fastapi.auth.mfa.router import mfa_router
 from svc_infra.api.fastapi.auth.routers.account import account_router
 from svc_infra.api.fastapi.auth.routers.apikey_router import apikey_router
 from svc_infra.api.fastapi.auth.routers.oauth_router import oauth_router_with_backend
+from svc_infra.api.fastapi.auth.routers.session_router import build_session_router
 from svc_infra.api.fastapi.db.sql.users import get_fastapi_users
 from svc_infra.api.fastapi.paths.prefix import AUTH_PREFIX, USER_PREFIX
 from svc_infra.app.env import CURRENT_ENVIRONMENT, DEV_ENV, LOCAL_ENV
@@ -73,6 +74,15 @@ def install_user_routers(
         include_in_schema=include_in_docs,
         dependencies=[Depends(login_client_gaurd)],
     )
+    # Session/device listing & revocation endpoints (AuthSession model)
+    # Mounted under the user prefix so final paths become /{user_prefix}/sessions/... (e.g., /users/sessions/me)
+    # The router itself has a /sessions prefix.
+    app.include_router(
+        build_session_router(),
+        prefix=user_prefix,
+        tags=["Session Management"],
+        include_in_schema=include_in_docs,
+    )
     app.include_router(
         register_router,
         prefix=user_prefix,

{svc_infra-0.1.593 → svc_infra-0.1.595}/src/svc_infra/api/fastapi/auth/gaurd.py RENAMED Viewed

@@ -1,5 +1,6 @@
 from __future__ import annotations
+import hashlib
 from datetime import datetime, timezone
 from fastapi import APIRouter, Depends, Form, HTTPException, Request, status
@@ -65,6 +66,9 @@ def auth_session_router(
     router = public_router()
     policy = auth_policy or DefaultAuthPolicy(get_auth_settings())
+    from svc_infra.api.fastapi.db.sql import SqlSessionDep
+    from svc_infra.security.lockout import get_lockout_status, record_attempt
     @router.post("/login", name="auth:jwt.login")
     async def login(
         request: Request,
@@ -74,27 +78,78 @@ def auth_session_router(
         client_id: str | None = Form(None),
         client_secret: str | None = Form(None),
         user_manager=Depends(fapi.get_user_manager),
+        session: SqlSessionDep = Depends(),
     ):
-        # 1) lookup user (normalize email)
         strategy = auth_backend.get_strategy()
         email = username.strip().lower()
+        # Compute IP hash for lockout correlation
+        client_ip = getattr(request.client, "host", None)
+        ip_hash = hashlib.sha256(client_ip.encode()).hexdigest() if client_ip else None
+        # Pre-check lockout by IP to avoid enumeration
+        try:
+            status_lo = await get_lockout_status(session, user_id=None, ip_hash=ip_hash)
+            if status_lo.locked and status_lo.next_allowed_at:
+                retry = int(
+                    (status_lo.next_allowed_at - datetime.now(timezone.utc)).total_seconds()
+                )
+                raise HTTPException(
+                    status_code=429,
+                    detail="account_locked",
+                    headers={"Retry-After": str(max(0, retry))},
+                )
+        except Exception:
+            pass
+        # Lookup user
         user = await user_manager.user_db.get_by_email(email)
         if not user:
             _, _ = _pwd.verify_and_update(password, _DUMMY_BCRYPT)
+            try:
+                await record_attempt(session, user_id=None, ip_hash=ip_hash, success=False)
+            except Exception:
+                pass
             raise HTTPException(400, "LOGIN_BAD_CREDENTIALS")
-        # 2) verify status + password
+        # Status checks
         if not getattr(user, "is_active", True):
             raise HTTPException(401, "account_disabled")
         hashed = getattr(user, "hashed_password", None) or getattr(user, "password_hash", None)
         if not hashed:
-            # No password set (likely OAuth-only account)
+            try:
+                await record_attempt(
+                    session, user_id=getattr(user, "id", None), ip_hash=ip_hash, success=False
+                )
+            except Exception:
+                pass
             raise HTTPException(400, "LOGIN_BAD_CREDENTIALS")
+        # Check lockout for this user + IP before verifying password
+        try:
+            status_user = await get_lockout_status(
+                session, user_id=getattr(user, "id", None), ip_hash=ip_hash
+            )
+            if status_user.locked and status_user.next_allowed_at:
+                retry = int(
+                    (status_user.next_allowed_at - datetime.now(timezone.utc)).total_seconds()
+                )
+                raise HTTPException(
+                    status_code=429,
+                    detail="account_locked",
+                    headers={"Retry-After": str(max(0, retry))},
+                )
+        except Exception:
+            pass
         ok, new_hash = _pwd.verify_and_update(password, hashed)
         if not ok:
+            try:
+                await record_attempt(
+                    session, user_id=getattr(user, "id", None), ip_hash=ip_hash, success=False
+                )
+            except Exception:
+                pass
             raise HTTPException(400, "LOGIN_BAD_CREDENTIALS")
         # If the hash needs upgrading, persist it (optional but recommended)
@@ -106,7 +161,6 @@ def auth_session_router(
             try:
                 await user_manager.user_db.update(user)
             except Exception:
-                # don't block login if updating hash fails; log if you have logging here
                 pass
         if getattr(user, "is_verified") is False:
@@ -130,6 +184,14 @@ def auth_session_router(
             # don’t block login if this write fails
             pass
+        # Record successful attempt (for audit)
+        try:
+            await record_attempt(
+                session, user_id=getattr(user, "id", None), ip_hash=ip_hash, success=True
+            )
+        except Exception:
+            pass
         # 5) mint token and set cookie
         token = await strategy.write_token(user)
         st = get_auth_settings()

svc-infra 0.1.593__tar.gz → 0.1.595__tar.gz

Potentially problematic release.

svc-infra 0.1.593tar.gz → 0.1.595tar.gz