Implement content_api token resource and service

SDESK-7484

Author: eos87

content_api/tokens/__init__.py

@@ -45,4 +45,5 @@ def check_auth(self, token, allowed_roles, resource, method):
 
 
 def init_app(app) -> None:
-    superdesk.register_resource(TOKEN_RESOURCE, AuthSubscriberTokenResource, SubscriberTokenService, _app=app)
+    # superdesk.register_resource(TOKEN_RESOURCE, AuthSubscriberTokenResource, SubscriberTokenService, _app=app)
+    pass

superdesk/core/auth/token_auth.py

@@ -32,7 +32,7 @@ async def authenticate(self, request: Request):
 
         if token:
             token = token.strip()
-            if token.lower().startswith(("token", "bearer")):
+            if token.lower().startswith(("token", "bearer", "basic")):
                 token = token.split(" ")[1] if " " in token else ""
         else:
             token = request.storage.session.get("session_token")
@@ -79,13 +79,13 @@ async def start_session(self, request: Request, user: dict[str, Any], **kwargs)
     async def continue_session(self, request: Request, user: dict[str, Any], **kwargs) -> None:
         auth_token = request.storage.session.get("session_token")
 
-        if isinstance(auth_token, str):
-            auth_token = json.loads(auth_token)
-
         if not auth_token:
             await self.stop_session(request)
             raise SuperdeskApiError.unauthorizedError()
 
+        if isinstance(auth_token, str):
+            auth_token = json.loads(auth_token)
+
         user_service = get_resource_service("users")
         request.storage.request.set("user", user)
         request.storage.request.set("role", user_service.get_role(user))

superdesk/core/resources/resource_rest_endpoints.py

@@ -8,8 +8,9 @@
 # AUTHORS and LICENSE files distributed with this source code, or
 # at https://www.sourcefabric.org/superdesk/license
 
-from typing import List, Optional, cast, Dict, Any, Type
 import math
+from inspect import get_annotations
+from typing import Annotated, List, Optional, cast, Dict, Any, Type, get_args, get_origin, get_type_hints
 
 from dataclasses import dataclass
 from pydantic import ValidationError, BaseModel, NonNegativeInt
@@ -19,7 +20,7 @@
 from bson import ObjectId
 
 from superdesk.core import json
-from superdesk.core.app import get_current_async_app
+from superdesk.core.app import get_app_config, get_current_async_app
 from superdesk.core.types import (
     SearchRequest,
     SearchArgs,
@@ -33,11 +34,11 @@
 from superdesk.errors import SuperdeskApiError
 from superdesk.resource_fields import STATUS, STATUS_OK, ITEMS
 from superdesk.core.web import RestEndpoints, ItemRequestViewArgs, Endpoint
-from superdesk.utils import get_cors_headers
+from superdesk.utils import get_cors_headers, join_url_parts
 
 from .model import ResourceModel
 from .resource_config import ResourceConfig
-from .validators import convert_pydantic_validation_error_for_response
+from .validators import AsyncValidator, convert_pydantic_validation_error_for_response
 
 
 @dataclass
@@ -90,6 +91,9 @@ class RestEndpointConfig:
 
     enable_cors: bool = False
 
+    # Optionally populate the item nested hateoas
+    populate_item_hateoas: bool = False
+
 
 def get_id_url_type(data_class: type[ResourceModel]) -> str:
     """Get the URL param type for the ID field for route registration"""
@@ -297,7 +301,9 @@ async def get_item(
                 f"{self.resource_config.name} resource with ID '{args.item_id}' not found"
             )
 
+        self._populate_hateoas_if_needed(request, [item])
         response = Response(item, 200, headers)
+
         await signals.web.on_get_response.send(request, response)
         return response
 
@@ -447,8 +453,11 @@ async def search_items(
         cursor = await self.service.find(params)
         count = await cursor.count()
 
+        items = await cursor.to_list_raw()
+        self._populate_hateoas_if_needed(request, items)
+
         response_data = RestGetResponse(
-            _items=await cursor.to_list_raw(),
+            _items=items,
             _meta=dict(
                 page=params.page,
                 max_results=params.max_results if params.max_results is not None else 25,
@@ -483,7 +492,7 @@ def get_item_cors_headers(self):
         if not self.endpoint_config.enable_cors:
             return []
 
-        methods = (self.endpoint_config.resource_methods or ["GET", "PATCH", "DELETE"]) + ["OPTIONS", "HEAD"]
+        methods = (self.endpoint_config.item_methods or ["GET", "PATCH", "DELETE"]) + ["OPTIONS", "HEAD"]
         return get_cors_headers(", ".join(methods))
 
     def _build_resource_hateoas(self, req: SearchRequest, doc_count: Optional[int], request: Request) -> Dict[str, Any]:
@@ -563,10 +572,69 @@ def _build_resource_hateoas(self, req: SearchRequest, doc_count: Optional[int],
 
         return links
 
-    def _populate_item_hateoas(self, request: Request, item: dict[str, Any]) -> dict[str, Any]:
+    def _populate_hateoas_if_needed(self, request: Request, items: list[dict[str, Any]]):
+        """
+        Populate the hateoas information for a list of items only if the
+        endpoint config `populate_item_hateoas` flag is set to True
+        """
+
+        if not self.endpoint_config.populate_item_hateoas:
+            return
+
+        for item in items:
+            self._populate_item_hateoas(request, item, force_append_id=True)
+
+    def _populate_item_hateoas(
+        self, request: Request, item: dict[str, Any], force_append_id: bool = False
+    ) -> dict[str, Any]:
         item.setdefault("_links", {})
         item["_links"]["self"] = {
             "title": self.resource_config.title or self.resource_config.data_class.__name__,
-            "href": self.gen_url_for_item(request, item["_id"]),
+            "href": self.gen_url_for_item(request, item["_id"], force_append_id),
         }
+
+        # extract related links from the `resource_config.data_class` relations (annotations)
+        related_links = self._get_related_links_from_annotations(item)
+        if related_links:
+            item["_links"]["related"] = related_links
+
         return item
+
+    def _get_related_links_from_annotations(self, item: dict[str, Any]) -> dict[str, Any]:
+        """Extract related links from the `resource_config.data_class` annotations.
+
+        Examines the data class annotations for Annotated fields that contain AsyncValidator metadata.
+        For each field with a resource name specified in its validator, generates a related link
+        if the field has a value in the item.
+        """
+        related_links = {}
+        for field_name, annotation in get_annotations(self.resource_config.data_class).items():
+            if get_origin(annotation) is Annotated:
+                relations = [meta for meta in get_args(annotation) if isinstance(meta, AsyncValidator)]
+                for rel in relations:
+                    field_value = item.get(field_name)
+                    if field_value and rel.resource_name:
+                        related_links[field_name] = {
+                            "title": field_name.title(),
+                            "href": self._gen_url_for_related_resource(rel.resource_name, field_value),
+                        }
+        return related_links
+
+    def _gen_url_for_related_resource(self, resource_name: str, item_id: str) -> str:
+        """Generate a URL for a related resource."""
+
+        # TODO-ASYNC: default to resource_name as not all resources are async ready yet
+        resource_url = resource_name
+
+        try:
+            app = get_current_async_app()
+            resource_config = app.resources.get_config(resource_name)
+            if resource_config.rest_endpoints is not None:
+                resource_url = resource_config.rest_endpoints.url or resource_name
+        except KeyError:
+            pass
+
+        url_prefix = get_app_config("URL_PREFIX") or ""
+        api_version = get_app_config("API_VERSION") or ""
+
+        return join_url_parts(url_prefix, api_version, resource_url, item_id)

superdesk/core/resources/service.py

@@ -39,7 +39,7 @@
 from superdesk.utc import utcnow
 from superdesk.cache import cache
 from superdesk.errors import SuperdeskApiError
-from superdesk.json_utils import SuperdeskJSONEncoder
+from superdesk.json_utils import SuperdeskJSONEncoder, cast_item
 from superdesk.resource_fields import ID_FIELD, VERSION_ID_FIELD, CURRENT_VERSION, LATEST_VERSION
 
 from ..app import SuperdeskAsyncApp, get_current_async_app
@@ -691,6 +691,8 @@ async def _mongo_find(
                 kwargs["sort"] = sort
 
         where = json.loads(req.where or "{}") if isinstance(req.where, str) else req.where or {}
+        where = cast_item(where)
+
         kwargs["filter"] = where
 
         projection_include, projection_fields = get_projection_from_request(req)

superdesk/core/resources/validators.py

@@ -106,8 +106,12 @@ def _validate_maxlength(value: MinMaxValueType) -> MinMaxValueType:
 class AsyncValidator:
     func: Callable[["ResourceModel", Any], Awaitable[None]]
 
-    def __init__(self, func: Callable[["ResourceModel", Any], Awaitable[None]]):
+    # to create links with the related resource
+    resource_name: str | None = None
+
+    def __init__(self, func: Callable[["ResourceModel", Any], Awaitable[None]], resource_name: str | None = None):
         self.func = func
+        self.resource_name = resource_name
 
 
 DataRelationValueType = str | ObjectId | list[str] | list[ObjectId] | None
@@ -168,7 +172,7 @@ async def validate_resource_exists(item: ResourceModel, item_id: DataRelationVal
                         ),
                     )
 
-    return AsyncValidator(validate_resource_exists)
+    return AsyncValidator(validate_resource_exists, resource_name)
 
 
 UniqueValueType = str | list[str] | None

superdesk/core/web/rest_endpoints.py

@@ -126,11 +126,12 @@ def get_item_url(self, arg_name: str = "item_id") -> str:
 
         return f"{self.get_resource_url()}/<{self.id_param_type}:{arg_name}>"
 
-    def gen_url_for_item(self, request: Request, item_id: str) -> str:
-        """Ge the URL of an item of this resource, for HATEOAS self link
+    def gen_url_for_item(self, request: Request, item_id: str, force_append_id: bool = False) -> str:
+        """Get the URL of an item of this resource, for HATEOAS self link
 
         :param request: The request instance currently being processed
         :param item_id: The ID of the item being returned
+        :param force_append_id: If True, appends the `item_id` to the path if doesn't end with it
         :return: The URL of an item of this resource
         """
 
@@ -149,7 +150,10 @@ def gen_url_for_item(self, request: Request, item_id: str) -> str:
         if url_prefix and path.startswith(url_prefix):
             path = path[len(url_prefix) :]
 
-        return f"{path}/{item_id}" if request.method == "POST" else path
+        if (request.method == "POST" or force_append_id) and not path.endswith(item_id):
+            return f"{path}/{item_id}"
+
+        return path
 
     async def get_item(
         self,

superdesk/default_settings.py

@@ -418,7 +418,7 @@ def local_to_utc_hour(hour):
 #:
 #: ..versionadded: 3.0.0
 #:
-MODULES = ["superdesk.users", "apps.desks_async"]
+MODULES = ["superdesk.users", "apps.desks_async", "superdesk.publish.subscriber_token"]
 
 ASYNC_AUTH_CLASS = "superdesk.core.auth.token_auth:TokenAuthorization"
 

superdesk/factory/app.py

@@ -416,7 +416,6 @@ def setup_sentry(self):
 
         sentry_sdk.init(dsn=self.config["SENTRY_DSN"], integrations=[QuartIntegration(), AsyncioIntegration()])
 
-
     def extend_eve_home_endpoint(self, links: list[dict]) -> None:
         """Adds async resources to Eve's api root endpoint"""
 

superdesk/publish/__init__.py

@@ -84,6 +84,7 @@ def transmit():
 # must be imported for registration
 from superdesk.publish.subscribers import SubscribersResource, SubscribersService  # NOQA
 from superdesk.publish.publish_queue import PublishQueueResource, PublishQueueService  # NOQA
+
 from superdesk.publish.subscriber_token import SubscriberTokenResource, SubscriberTokenService  # NOQA
 
 
@@ -103,7 +104,7 @@ def init_app(app) -> None:
     service = PublishQueueService(endpoint_name, backend=get_backend())
     PublishQueueResource(endpoint_name, app=app, service=service)
 
-    superdesk.register_resource("subscriber_token", SubscriberTokenResource, SubscriberTokenService)
+    # superdesk.register_resource("subscriber_token", SubscriberTokenResource, SubscriberTokenService)
 
     app.client_config.update(
         {

superdesk/publish/subscriber_token.py

@@ -1,9 +1,21 @@
 import superdesk
+from pydantic import Field
+from typing import Annotated
+from datetime import timedelta, datetime
 
-from datetime import timedelta
+from content_api import MONGO_PREFIX
+from superdesk.core.module import Module
 from superdesk.utc import utcnow
 from superdesk.utils import get_random_token
-from content_api import MONGO_PREFIX
+from superdesk.core.auth.privilege_rules import http_method_privilege_based_rules
+from superdesk.core.resources import (
+    ResourceModel,
+    fields,
+    AsyncResourceService,
+    ResourceConfig,
+    RestEndpointConfig,
+)
+from superdesk.core.resources.validators import validate_data_relation_async
 
 
 class SubscriberTokenResource(superdesk.Resource):
@@ -33,3 +45,50 @@ def create(self, docs, **kwargs):
             if doc.get("expiry_days"):
                 doc.setdefault("expiry", utcnow() + timedelta(days=doc["expiry_days"]))
         return super().create(docs, **kwargs)
+
+
+class SubscriberToken(ResourceModel):
+    id: Annotated[str, Field(alias="_id", default_factory=get_random_token)]
+    expiry: datetime | None = None
+    expiry_days: int | None = None
+    subscriber: Annotated[fields.ObjectId, validate_data_relation_async("subscribers")]
+
+
+class AsyncSubscriberTokenService(AsyncResourceService[SubscriberToken]):
+    async def on_create(self, docs: list[SubscriberToken]) -> None:
+        """
+        Calculates and sets expiry dates based on expiry_days param.
+
+        Args:
+            docs: List of subscriber token models to be created
+        """
+
+        for doc in docs:
+            if doc.expiry_days:
+                doc.expiry = utcnow() + timedelta(days=doc.expiry_days)
+
+        await super().on_create(docs)
+
+
+resource_config = ResourceConfig(
+    name="subscriber_token",
+    data_class=SubscriberToken,
+    service=AsyncSubscriberTokenService,
+    default_sort=[("_created", 1)],
+    rest_endpoints=RestEndpointConfig(
+        resource_methods=["GET", "POST"],
+        item_methods=["GET", "DELETE"],
+        auth=http_method_privilege_based_rules(
+            {
+                "POST": "subscribers",
+                "DELETE": "subscribers",
+            }
+        ),
+        id_param_type="regex('.+')",
+        populate_item_hateoas=True,
+        enable_cors=True,
+    ),
+)
+
+
+module = Module("superdesk.publish.subscriber_token", resources=[resource_config])

superdesk/utils.py

@@ -114,7 +114,7 @@ def get_random_token(n=40):
 
     :param n: how many random bytes to generate
     """
-    return base64.b64encode(os.urandom(n)).decode()
+    return base64.urlsafe_b64encode(os.urandom(n)).decode()
 
 
 def import_by_path(path):
@@ -404,3 +404,13 @@ def flatten(nested_list) -> list:
         else:
             result.append(i)
     return result
+
+
+def join_url_parts(*parts) -> str:
+    """
+    Join a list of URL parts together, ensuring each part is a valid URL segment
+
+    :param parts: The parts of the URL to join
+    :return: A string of the joined URL
+    """
+    return "/".join(str(part).strip("/") for part in parts if part)