Merge pull request #908 from karrioapi/patch-2025.5rc35

Patch 2025.5rc35

Author: danh91

CHANGELOG.md

@@ -1,3 +1,50 @@
+# Karrio 2025.5rc45
+
+## Changes
+
+### Feat
+
+- feat: introduce shipping rules, app management, and improve types setup scripting
+- feat: introduce bulk print and shipment CSV export
+- feat: add landmark_maxipak_scan_pddp for LGINTBPMO landmark service
+- feat: add support for manual organization creation in the dashboard
+- feat: add sensitive default to DHL Parcel DE and missing required exportType
+- feat: introduce package_configuration field to shipping methods
+- feat: improve dhl parcel error parsing
+- feat: add full Sentry features
+
+### Fix
+
+- fix: regression for final N+1 manager models solution
+- fix: slow archiving queries
+- fix: database lock issue with SQLite-based worker
+- fix: N+1 issue with tenants resolution
+- fix: invalid GraphQL query filter applied to Logs on GraphQL
+- fix: JSONDecode issue with Sapient auth error
+- fix: N+1 issue with `constance` config
+- fix: shipment cancellation webhook notification unparsable format data
+- fix: N+1 issue for all carrier_config affected models
+- fix: N+1 issue with the tracker's background update
+- fix: Sentry caught a validator issue
+- fix: solve the orders duplication and race conditions issues
+- fix: N+1 issues across Models and GraphQL queries
+- fix: tests and installation for Teleship to be released
+- fix: OAuth token expiry calculation and add comprehensive error handling
+- fix: exclude customs node completely for DHL Parcel national label requests
+- fix: download header content causing failure in production
+- fix: AttributeError: 'ShipmentSerializer' object has no attribute 'Meta', overshadowing root cause error
+- fix: regression in custom rate resolution when dimensions are absent
+- fix: remove Redis health check when using granular parameters
+- fix: Redis configuration for health check and task queue
+- fix: regression redis connection setup for worker and API
+- fix: unstable state management for connections and method forms
+
+### Chores
+
+- chore: clean up dhl parcel and landmark tests to match coding design
+- chore: add data isolation tests for contextual carrier configs
+- chore: customize karrio admin session cookies to prevent clash with ORY sessions
+
 # Karrio 2025.5rc34
 
 ## Changes

apps/api/karrio/server/VERSION

@@ -1 +1 @@
-2025.5rc34
+2025.5rc35

apps/api/karrio/server/settings/apm.py

@@ -49,12 +49,19 @@
         dsn=SENTRY_DSN,
         integrations=integrations,
         # Set traces_sample_rate to 1.0 to capture 100%
-        # of transactions for performance monitoring.
-        # We recommend adjusting this value in production,
+        # of transactions for tracing.
         traces_sample_rate=1.0,
+        # Set profile_session_sample_rate to 1.0 to profile 100%
+        # of profile sessions.
+        profile_session_sample_rate=1.0,
+        # Set profile_lifecycle to "trace" to automatically
+        # run the profiler on when there is an active transaction
+        profile_lifecycle="trace",
         # If you wish to associate users to errors (assuming you are using
         # django.contrib.auth) you may enable sending PII data.
         send_default_pii=True,
+        # Enable sending logs to Sentry
+        enable_logs=True,
     )
 
 

apps/api/karrio/server/settings/base.py

@@ -67,6 +67,7 @@
 # HTTPS configuration
 if USE_HTTPS is True:
     global SECURE_SSL_REDIRECT
+    global SECURE_REDIRECT_EXEMPT
     global SECURE_PROXY_SSL_HEADER
     global SESSION_COOKIE_SECURE
     global SECURE_HSTS_SECONDS
@@ -75,6 +76,8 @@
     global SECURE_HSTS_PRELOAD
 
     SECURE_SSL_REDIRECT = True
+    # Exempt health check endpoint from HTTPS redirect for Kubernetes probes
+    SECURE_REDIRECT_EXEMPT = [r'^status/$']
     SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
     SESSION_COOKIE_SECURE = True
     SECURE_HSTS_SECONDS = 1
@@ -385,6 +388,16 @@
 AUTH_USER_MODEL = "user.User"
 
 
+# Session configuration
+# Use a unique session cookie name to prevent conflicts with other applications
+# (e.g., ORY Kratos sessions in the shipping-app frontend)
+SESSION_COOKIE_NAME = config("SESSION_COOKIE_NAME", default="karrio_sessionid")
+SESSION_COOKIE_PATH = config("SESSION_COOKIE_PATH", default="/")
+SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", default="Lax")
+# SESSION_COOKIE_DOMAIN is intentionally not set to allow per-host cookies
+
+
 # Internationalization
 # https://docs.djangoproject.com/en/3.0/topics/i18n/
 

apps/api/karrio/server/settings/cache.py

@@ -14,9 +14,9 @@
 # Detect if running as a worker process (via run_huey command)
 IS_WORKER_PROCESS = any("run_huey" in arg for arg in sys.argv)
 
-# Skip default Redis cache configuration if in worker mode
-# Workers only need HUEY Redis, not the default Django cache
-SKIP_DEFAULT_CACHE = DETACHED_WORKER or IS_WORKER_PROCESS
+# Skip default Redis cache configuration only for worker processes
+# API servers should use Redis cache even when DETACHED_WORKER is True
+SKIP_DEFAULT_CACHE = IS_WORKER_PROCESS
 
 # Redis configuration - REDIS_URL takes precedence and supersedes granular env vars
 REDIS_URL = config("REDIS_URL", default=None)
@@ -60,8 +60,16 @@
 
 # Configure Django cache if Redis is available and not in worker mode
 if REDIS_HOST is not None and not SKIP_DEFAULT_CACHE:
-    HEALTH_CHECK_APPS += ["health_check.contrib.redis"]
-    INSTALLED_APPS += ["health_check.contrib.redis"]
+    # Configure connection pool with max_connections to prevent exhaustion
+    # Default: 50 connections per process (2 Gunicorn workers = 100 total)
+    # Azure Redis Basic: 256 max connections total
+    REDIS_CACHE_MAX_CONNECTIONS = config(
+        "REDIS_CACHE_MAX_CONNECTIONS", default=50, cast=int
+    )
+
+    pool_kwargs = {"max_connections": REDIS_CACHE_MAX_CONNECTIONS}
+    if REDIS_SSL:
+        pool_kwargs["ssl_cert_reqs"] = None
 
     CACHES = {
         "default": {
@@ -78,6 +86,14 @@
             "KEY_PREFIX": REDIS_PREFIX,
         }
     }
+
+    # Django cache health check uses the cache backend directly
+    # Only add Redis health check if REDIS_URL environment variable is set
+    # When using granular params, the cache check is sufficient
+    if config("REDIS_URL", default=None) is not None:
+        HEALTH_CHECK_APPS += ["health_check.contrib.redis"]
+        INSTALLED_APPS += ["health_check.contrib.redis"]
+
     print(f"Redis cache connection initialized")
 elif SKIP_DEFAULT_CACHE:
     print(

apps/api/karrio/server/settings/workers.py

@@ -22,117 +22,118 @@
 )
 
 # Detect if running as a worker process (via run_huey command)
-# Workers always need Huey configured regardless of DETACHED_WORKER setting
 IS_WORKER_PROCESS = any("run_huey" in arg for arg in sys.argv)
 
-# Skip Huey configuration only if:
-# 1. Running in detached worker mode (DETACHED_WORKER=True)
-# 2. AND not running as a worker process (IS_WORKER_PROCESS=False)
-# This ensures workers always get Huey configured, but API servers don't when detached
-if DETACHED_WORKER and not IS_WORKER_PROCESS:
-    # API server in detached mode - skip Huey configuration
-    HUEY = None
-else:
-    # Either: worker process, or API server with embedded workers
-    # Redis configuration - REDIS_URL takes precedence and supersedes granular env vars
-    REDIS_URL = decouple.config("REDIS_URL", default=None)
-
-    # Parse REDIS_URL or construct from individual parameters
-    if REDIS_URL is not None:
-        from urllib.parse import urlparse
-
-        parsed = urlparse(REDIS_URL)
-
-        # Extract values from REDIS_URL (these supersede granular env vars)
-        REDIS_HOST = parsed.hostname
-        REDIS_PORT = parsed.port or 6379
-        REDIS_USERNAME = parsed.username or "default"
-        REDIS_PASSWORD = parsed.password
-
-        # Determine SSL from URL scheme (rediss:// means SSL is enabled)
-        REDIS_SCHEME = (
-            parsed.scheme if parsed.scheme in ("redis", "rediss") else "redis"
-        )
-        REDIS_SSL = REDIS_SCHEME == "rediss"
-
-    else:
-        # Fall back to individual parameters
-        REDIS_HOST = decouple.config("REDIS_HOST", default=None)
-        REDIS_PORT = decouple.config("REDIS_PORT", default=None)
-        REDIS_PASSWORD = decouple.config("REDIS_PASSWORD", default=None)
-        REDIS_USERNAME = decouple.config("REDIS_USERNAME", default="default")
-        REDIS_SSL = decouple.config("REDIS_SSL", default=False, cast=bool)
-
-    # Configure HUEY based on available Redis configuration
-    if REDIS_HOST is not None:
-        # Calculate max connections based on environment
-        # Each worker replica needs: (workers_per_replica + 1 scheduler) connections
-        # Formula: (worker_replicas * (threads_per_worker + 1)) + api_connections + buffer
-        # Example: 100 connections = (5 replicas * (8 workers + 1 scheduler)) + 40 API + 15 buffer
-        REDIS_MAX_CONNECTIONS = decouple.config(
-            "REDIS_MAX_CONNECTIONS", default=100, cast=int
-        )
-
-        # Connection pool configuration with timeouts
-        # Use BlockingConnectionPool to wait for available connections instead of failing immediately
-        pool_kwargs = {
-            "host": REDIS_HOST,
-            "port": REDIS_PORT,
-            "max_connections": REDIS_MAX_CONNECTIONS,
-            "timeout": 20,  # Wait up to 20 seconds for an available connection
-            # Timeout settings to prevent hung connections
-            "socket_timeout": 10,  # Command execution timeout (seconds)
-            "socket_connect_timeout": 10,  # Connection establishment timeout (seconds)
-            # Keep connections alive to prevent closure by firewalls/load balancers
-            "socket_keepalive": True,
-            # Retry on transient failures
-            "retry_on_timeout": True,
-        }
+# Always configure Huey for both API servers and workers
+# API servers need to enqueue tasks even when DETACHED_WORKER=True
+# Only the worker pods will consume tasks
+# Redis configuration - REDIS_URL takes precedence and supersedes granular env vars
+REDIS_URL = decouple.config("REDIS_URL", default=None)
+
+# Parse REDIS_URL or construct from individual parameters
+if REDIS_URL is not None:
+    from urllib.parse import urlparse
+
+    parsed = urlparse(REDIS_URL)
 
-        # Add TCP keepalive options if available (Linux/Unix only)
-        try:
-            pool_kwargs["socket_keepalive_options"] = {
-                socket.TCP_KEEPIDLE: 60,  # Start keepalive after 60s idle
-                socket.TCP_KEEPINTVL: 10,  # Keepalive interval
-                socket.TCP_KEEPCNT: 3,  # Keepalive probes before timeout
-            }
-        except AttributeError:
-            # TCP keepalive constants not available on this platform
-            pass
-
-        # Add authentication if provided
-        if REDIS_PASSWORD:
-            pool_kwargs["password"] = REDIS_PASSWORD
-        if REDIS_USERNAME:
-            pool_kwargs["username"] = REDIS_USERNAME
-
-        # Add SSL/TLS configuration if enabled
-        if REDIS_SSL:
-            # Use SSLConnection class for SSL/TLS connections
-            pool_kwargs["connection_class"] = redis.SSLConnection
-            pool_kwargs["ssl_cert_reqs"] = None  # For Azure Redis compatibility
-
-        # Use BlockingConnectionPool to wait for connections instead of raising errors immediately
-        pool = redis.BlockingConnectionPool(**pool_kwargs)
-
-        HUEY = huey.RedisHuey(
-            "default",
-            connection_pool=pool,
-            **({"immediate": WORKER_IMMEDIATE_MODE} if WORKER_IMMEDIATE_MODE else {}),
-        )
-
-    else:
-        # No Redis configured, use SQLite
-        WORKER_DB_DIR = decouple.config("WORKER_DB_DIR", default=settings.WORK_DIR)
-        WORKER_DB_FILE_NAME = os.path.join(WORKER_DB_DIR, "tasks.sqlite3")
-
-        settings.DATABASES["workers"] = {
-            "NAME": WORKER_DB_FILE_NAME,
-            "ENGINE": "django.db.backends.sqlite3",
+    # Extract values from REDIS_URL (these supersede granular env vars)
+    REDIS_HOST = parsed.hostname
+    REDIS_PORT = parsed.port or 6379
+    REDIS_USERNAME = parsed.username or "default"
+    REDIS_PASSWORD = parsed.password
+
+    # Determine SSL from URL scheme (rediss:// means SSL is enabled)
+    REDIS_SCHEME = (
+        parsed.scheme if parsed.scheme in ("redis", "rediss") else "redis"
+    )
+    REDIS_SSL = REDIS_SCHEME == "rediss"
+
+else:
+    # Fall back to individual parameters
+    REDIS_HOST = decouple.config("REDIS_HOST", default=None)
+    REDIS_PORT = decouple.config("REDIS_PORT", default=None)
+    REDIS_PASSWORD = decouple.config("REDIS_PASSWORD", default=None)
+    REDIS_USERNAME = decouple.config("REDIS_USERNAME", default="default")
+    REDIS_SSL = decouple.config("REDIS_SSL", default=False, cast=bool)
+
+# Configure HUEY based on available Redis configuration
+if REDIS_HOST is not None:
+    # Calculate max connections based on environment
+    # Each worker replica needs: (workers_per_replica + 1 scheduler) connections
+    # Formula: (worker_replicas * (threads_per_worker + 1)) + api_connections + buffer
+    # Example: 100 connections = (5 replicas * (8 workers + 1 scheduler)) + 40 API + 15 buffer
+    REDIS_MAX_CONNECTIONS = decouple.config(
+        "REDIS_MAX_CONNECTIONS", default=100, cast=int
+    )
+
+    # Connection pool configuration with timeouts
+    # Use BlockingConnectionPool to wait for available connections instead of failing immediately
+    pool_kwargs = {
+        "host": REDIS_HOST,
+        "port": REDIS_PORT,
+        "max_connections": REDIS_MAX_CONNECTIONS,
+        "timeout": 20,  # Wait up to 20 seconds for an available connection
+        # Timeout settings to prevent hung connections
+        "socket_timeout": 10,  # Command execution timeout (seconds)
+        "socket_connect_timeout": 10,  # Connection establishment timeout (seconds)
+        # Keep connections alive to prevent closure by firewalls/load balancers
+        "socket_keepalive": True,
+        # Retry on transient failures
+        "retry_on_timeout": True,
+    }
+
+    # Add TCP keepalive options if available (Linux/Unix only)
+    try:
+        pool_kwargs["socket_keepalive_options"] = {
+            socket.TCP_KEEPIDLE: 60,  # Start keepalive after 60s idle
+            socket.TCP_KEEPINTVL: 10,  # Keepalive interval
+            socket.TCP_KEEPCNT: 3,  # Keepalive probes before timeout
         }
+    except AttributeError:
+        # TCP keepalive constants not available on this platform
+        pass
+
+    # Add authentication if provided
+    if REDIS_PASSWORD:
+        pool_kwargs["password"] = REDIS_PASSWORD
+    if REDIS_USERNAME:
+        pool_kwargs["username"] = REDIS_USERNAME
+
+    # Add SSL/TLS configuration if enabled
+    if REDIS_SSL:
+        # Use SSLConnection class for SSL/TLS connections
+        pool_kwargs["connection_class"] = redis.SSLConnection
+        pool_kwargs["ssl_cert_reqs"] = None  # For Azure Redis compatibility
+
+    # Use BlockingConnectionPool to wait for connections instead of raising errors immediately
+    pool = redis.BlockingConnectionPool(**pool_kwargs)
+
+    HUEY = huey.RedisHuey(
+        "default",
+        connection_pool=pool,
+        **({"immediate": WORKER_IMMEDIATE_MODE} if WORKER_IMMEDIATE_MODE else {}),
+    )
 
-        HUEY = huey.SqliteHuey(
-            name="default",
-            filename=WORKER_DB_FILE_NAME,
-            **({"immediate": WORKER_IMMEDIATE_MODE} if WORKER_IMMEDIATE_MODE else {}),
-        )
+else:
+    # No Redis configured, use SQLite
+    WORKER_DB_DIR = decouple.config("WORKER_DB_DIR", default=settings.WORK_DIR)
+    WORKER_DB_FILE_NAME = os.path.join(WORKER_DB_DIR, "tasks.sqlite3")
+
+    settings.DATABASES["workers"] = {
+        "NAME": WORKER_DB_FILE_NAME,
+        "ENGINE": "django.db.backends.sqlite3",
+    }
+
+    # SQLite-specific Huey configuration
+    # WAL mode (Write-Ahead Logging) enables better concurrency for multiple workers
+    # Increased timeout helps handle lock contention under concurrent access
+    HUEY = huey.SqliteHuey(
+        name="default",
+        filename=WORKER_DB_FILE_NAME,
+        # Storage-specific kwargs for better concurrent access handling
+        journal_mode="wal",  # Enable Write-Ahead Logging for better concurrency
+        timeout=30,  # Increase timeout to 30s to handle lock contention with multiple workers
+        cache_mb=16,  # Increase cache size for better performance (default: 8MB)
+        fsync=False,  # Disable forced fsync for better performance (default: False)
+        **({"immediate": WORKER_IMMEDIATE_MODE} if WORKER_IMMEDIATE_MODE else {}),
+    )

apps/api/karrio/server/static/karrio/carriers/teleship_icon.svg

@@ -0,0 +1 @@
+export { default } from "@karrio/core/layouts/create-org-layout";

apps/dashboard/public/carriers/teleship_icon.svg

@@ -0,0 +1,3 @@
+import { dynamicMetadata } from "@karrio/core/components/metadata";
+export { default } from "@karrio/core/modules/Registration/create_org";
+export const generateMetadata = dynamicMetadata("Create Organization");