minos-framework
diff --git a/‎packages/plugins/minos-discovery-kong/README.md‎
Lines changed: 115 additions & 0 deletions b/‎packages/plugins/minos-discovery-kong/README.md‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎packages/plugins/minos-discovery-kong/minos/plugins/kong/client.py‎
Lines changed: 74 additions & 4 deletions b/‎packages/plugins/minos-discovery-kong/minos/plugins/kong/client.py‎
Lines changed: 74 additions & 4 deletions
diff --git a/‎packages/plugins/minos-discovery-kong/minos/plugins/kong/discovery.py‎
Lines changed: 22 additions & 11 deletions b/‎packages/plugins/minos-discovery-kong/minos/plugins/kong/discovery.py‎
Lines changed: 22 additions & 11 deletions
diff --git a/‎packages/plugins/minos-discovery-kong/minos/plugins/kong/utils.py‎
Lines changed: 20 additions & 0 deletions b/‎packages/plugins/minos-discovery-kong/minos/plugins/kong/utils.py‎
Lines changed: 20 additions & 0 deletions
@@ -63,6 +63,34 @@ services:
           - NODE_ENV=production
 ```
 
+## Decorators
+Decorator `@enroute` can support next params:
+ - `path` - route url path.
+ - `method` - HTTP method.
+ - `authenticated` (Optional) - True if route need authentication.
+ - `authorized_groups` (Optional) - Groups which can access to specified route (they must exist in Kong).
+ - `regex_priority` (Optional) - A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). Defaults to 0.
+
+Example:
+```python
+    @enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/jwt", "POST", authenticated=True, authorized_groups=["admin"], regex_priority=2)
+    @enroute.broker.command("GetUserJWT")
+    async def foo(self, request: Request) -> Response:
+       ...
+```
+## Route path
+It is important to know that it is best to define routes with a regular expression when it is an id, uuid or similar. This is to avoid collisions with similar routes.
+Instead of using:
+```python
+@enroute.rest.command("/users/{uuid}", "POST")
+```
+Use:
+```python
+import re
+UUID_REGEX = re.compile(r"\w{8}-\w{4}-\w{4}-\w{4}-\w{12}")
+@enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}", "POST")
+```
+
 ## Authentication
 
 Modify `config.yml` file. Add new middleware and modify discovery section:
@@ -85,6 +113,91 @@ Currently, there are 2 possible types of authentication:
 - `basic-auth`
 - `jwt`
 
+For jwt auth type you can specify default token expiration. Example:
+```yaml
+...
+middleware:
+  ...
+  - minos.plugins.kong.middleware
+
+discovery:
+  connector: minos.networks.DiscoveryConnector
+  client: minos.plugins.kong.KongDiscoveryClient
+  host: localhost
+  auth-type: jwt
+  token-exp: 60 # seconds
+  port: 8001
+...
+```
+
+### JWT Token creation & refresh
+Example on how to create and refresh token. You need to store in database or similar the secret and key returned form kong in order to refresh existing token.
+```python
+from minos.common import (
+    UUID_REGEX,
+    NotProvidedException,
+    Config,
+    Inject,
+)
+from minos.cqrs import (
+    CommandService,
+)
+from minos.networks import (
+    Request,
+    Response,
+    enroute,
+)
+
+from ..aggregates import (
+    User,
+)
+from minos.plugins.kong import KongClient
+
+class UserCommandService(CommandService):
+    """UserCommandService class."""
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.kong = self._get_kong_client()
+
+    @staticmethod
+    @Inject()
+    def _get_kong_client(config: Config) -> KongClient:
+        """Get the service name."""
+        if config is None:
+            raise NotProvidedException("The config object must be provided.")
+        return KongClient.from_config(config)
+
+    @enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/jwt", "POST", authenticated=True,
+                          authorized_groups=["admin"], regex_priority=3)
+    @enroute.broker.command("GetUserJWT")
+    async def create_user_jwt(self, request: Request) -> Response:
+        params = await request.params()
+        uuid = params["uuid"]
+        user = await User.get(uuid)
+
+        if user.uuid == request.user:
+            token = await self.add_jwt_to_consumer(request.headers.get("X-Consumer-ID"))
+            return Response({"token": token})
+        else:
+            return Response(status=404)
+
+    async def add_jwt_to_consumer(self, consumer: str):
+        resp = await self.kong.add_jwt_to_consumer(consumer=consumer)
+        res = resp.json()
+        self.key = res['key']
+        self.secret = res['secret']
+        token = await self.kong.generate_jwt_token(key=self.key, secret=self.secret)
+        return token
+
+    @enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/refresh-jwt", "POST", authenticated=True,
+                          authorized_groups=["admin"], regex_priority=3)
+    @enroute.broker.command("RefreshJWT")
+    async def refresh_jwt(self, request: Request) -> Response:
+        token = await self.kong.generate_jwt_token(key=self.key, secret=self.secret)
+        return Response({"token": token})
+```
+
 For the route to be authenticated with the method specified above, a parameter called `authenticated` must be passed:
 ```python
 class CategoryCommandService(CommandService):
@@ -222,6 +335,8 @@ class UserCommandService(CommandService):
 ```
 
 You can get read the official docs [here](https://pantsel.github.io/konga/).
+
+
 ## Documentation
 
 The official API Reference is publicly available at the [GitHub Pages](https://minos-framework.github.io/minos-python).
 
@@ -1,15 +1,51 @@
+from __future__ import (
+    annotations,
+)
+
+from datetime import (
+    datetime,
+    timedelta,
+)
 from uuid import (
     UUID,
 )
 
 import httpx as httpx
+import jwt
 
+from minos.common import (
+    Config,
+    SetupMixin,
+    current_datetime,
+)
 
-class KongClient:
+
+class KongClient(SetupMixin):
     """Kong Client class."""
 
-    def __init__(self, route):
-        self.route = route
+    def __init__(
+        self, protocol: str = "http", host: str = None, port: int = None, token_expiration_sec: int = None, **kwargs
+    ):
+        super().__init__(**kwargs)
+        if host is None:
+            host = "localhost"
+        if port is None:
+            port = 8001
+        if token_expiration_sec is None:
+            token_expiration_sec = 60 * 5
+
+        self.route = f"{protocol}://{host}:{port}"
+        self.token_expiration_sec = token_expiration_sec
+
+    @classmethod
+    def _from_config(cls, config: Config, **kwargs) -> KongClient:
+        discovery_config = config.get_discovery()
+
+        token_expiration_sec = discovery_config.get("token-exp")
+        host = discovery_config.get("host")
+        port = discovery_config.get("port")
+
+        return cls(host=host, port=port, token_expiration_sec=token_expiration_sec, **kwargs)
 
     @staticmethod
     async def register_service(
@@ -49,6 +85,7 @@ async def create_route(
         methods: list[str],
         paths: list[str],
         service: str,
+        regex_priority: int,
         strip_path: bool = False,
     ):
         url = f"{endpoint}/routes"
@@ -57,6 +94,7 @@ async def create_route(
             "methods": methods,
             "paths": paths,
             "service": {"id": service},
+            "regex_priority": regex_priority,
             "strip_path": strip_path,
         }
 
@@ -130,8 +168,40 @@ async def activate_basic_auth_plugin_on_route(self, route_id: str):
             return resp
 
     async def activate_jwt_plugin_on_route(self, route_id: str):
-        payload = {"name": "jwt", "config": {"secret_is_base64": False, "run_on_preflight": True}}
+        payload = {
+            "name": "jwt",
+            "config": {"secret_is_base64": False, "run_on_preflight": True, "claims_to_verify": ["exp", "nbf"]},
+        }
 
         async with httpx.AsyncClient() as client:
             resp = await client.post(f"{self.route}/routes/{route_id}/plugins", json=payload)
             return resp
+
+    async def generate_jwt_token(
+        self, key: str, secret: str, algorithm: str = "HS256", exp: datetime = None, nbf: datetime = None
+    ) -> str:
+        payload = {"iss": key, "exp": exp, "nbf": nbf}
+
+        current = current_datetime()
+
+        if not exp:
+            payload["exp"] = current + timedelta(seconds=self.token_expiration_sec)
+
+        if not nbf:
+            payload["nbf"] = current
+
+        return jwt.encode(payload, secret, algorithm=algorithm)
+
+    @staticmethod
+    async def decode_token(token: str, algorithm: str = "HS256"):
+        return jwt.decode(token, options={"verify_signature": False}, algorithms=[algorithm])
+
+    async def get_jwt_by_id(self, id: str):
+        async with httpx.AsyncClient() as client:
+            resp = await client.get(f"{self.route}/jwts/{id}")
+            return resp
+
+    async def get_consumer_jwts(self, consumer: str):
+        async with httpx.AsyncClient() as client:
+            resp = await client.get(f"{self.route}/consumers/{consumer}/jwt")
+            return resp
@@ -41,6 +41,7 @@ def __init__(
         host: Optional[str] = None,
         port: Optional[int] = None,
         circuit_breaker_exceptions: Iterable[type] = tuple(),
+        client: KongClient = None,
         **kwargs,
     ):
         if host is None:
@@ -50,7 +51,11 @@ def __init__(
         super().__init__(
             host, port, circuit_breaker_exceptions=(httpx.HTTPStatusError, *circuit_breaker_exceptions), **kwargs
         )
-        self.kong = KongClient(self.route)
+
+        if client is None:
+            client = KongClient(host=host, port=port)
+
+        self.client = client
 
         self.auth_type = None
         if "auth_type" in kwargs:
@@ -66,8 +71,9 @@ def _from_config(cls, config: Config, **kwargs) -> KongDiscoveryClient:
                 auth_type = config.get_by_key("discovery.auth-type")
             except Exception:
                 auth_type = None
+        client = KongClient.from_config(config)
 
-        return super()._from_config(config, auth_type=auth_type, **kwargs)
+        return super()._from_config(config, auth_type=auth_type, client=client, **kwargs)
 
     async def subscribe(
         self, host: str, port: int, name: str, endpoints: list[dict[str, str]], *args, **kwargs
@@ -83,43 +89,48 @@ async def subscribe(
         :return: This method does not return anything.
         """
 
-        fnsr = partial(self.kong.register_service, self.route, name, host, port)
+        fnsr = partial(self.client.register_service, self.route, name, host, port)
         response_service = await self.with_circuit_breaker(fnsr)  # register a service
         if response_service.status_code == 409:  # service already exist
             # if service already exist, delete and add again
-            fn_delete = partial(self.kong.delete_service, self.route, name)
+            fn_delete = partial(self.client.delete_service, self.route, name)
             await self.with_circuit_breaker(fn_delete)  # delete the service
-            fnsr = partial(self.kong.register_service, self.route, name, host, port)
+            fnsr = partial(self.client.register_service, self.route, name, host, port)
             response_service = await self.with_circuit_breaker(fnsr)  # send the servie subscription again
 
         content_service = response_service.json()  # get the servie information like the id
 
         for endpoint in endpoints:
             endpointClass = Endpoint(endpoint["url"])
 
+            regex_priority = 0
+            if "regex_priority" in endpoint:
+                regex_priority = endpoint["regex_priority"]
+
             fn = partial(
-                self.kong.create_route,
+                self.client.create_route,
                 self.route,
                 ["http"],
                 [endpoint["method"]],
-                [endpointClass.path_as_str],
+                [endpointClass.path_as_regex],
                 content_service["id"],
+                regex_priority,
                 False,
             )
             response = await self.with_circuit_breaker(fn)  # send the route request
             resp = response.json()
 
             if "authenticated" in endpoint and self.auth_type:
                 if self.auth_type == "basic-auth":
-                    fn = partial(self.kong.activate_basic_auth_plugin_on_route, route_id=resp["id"])
+                    fn = partial(self.client.activate_basic_auth_plugin_on_route, route_id=resp["id"])
                     await self.with_circuit_breaker(fn)
                 elif self.auth_type == "jwt":
-                    fn = partial(self.kong.activate_jwt_plugin_on_route, route_id=resp["id"])
+                    fn = partial(self.client.activate_jwt_plugin_on_route, route_id=resp["id"])
                     await self.with_circuit_breaker(fn)
 
             if "authorized_groups" in endpoint:
                 fn = partial(
-                    self.kong.activate_acl_plugin_on_route, route_id=resp["id"], allow=endpoint["authorized_groups"]
+                    self.client.activate_acl_plugin_on_route, route_id=resp["id"], allow=endpoint["authorized_groups"]
                 )
                 await self.with_circuit_breaker(fn)
 
@@ -133,6 +144,6 @@ async def unsubscribe(self, name: str, *args, **kwargs) -> httpx.Response:
         :param kwargs: Additional named arguments.
         :return: This method does not return anything.
         """
-        fn = partial(self.kong.delete_service, self.route, name)
+        fn = partial(self.client.delete_service, self.route, name)
         response = await self.with_circuit_breaker(fn)
         return response
@@ -1,10 +1,15 @@
+import re
+
+
 class PathPart:
     def __init__(self, name: str):
         self.name = name
         self.is_generic: bool = True if self.name.startswith("{") and self.name.endswith("}") else False
 
 
 class Endpoint:
+    part_path_pattern = r"\{\S+:.+\}"
+
     def __init__(self, path: str):
         self.path: tuple[PathPart] = tuple(PathPart(path_part) for path_part in path.split("/"))
 
@@ -16,3 +21,18 @@ def path_as_str(self) -> str:
                 part.name = ".*"
             list_parts.append(str(part.name))
         return "/".join(list_parts)
+
+    @property
+    def path_as_regex(self) -> str:
+        list_parts = []
+        for part in self.path:
+            if part.is_generic:
+                if re.match(self.part_path_pattern, part.name):
+                    regex = part.name.split(":")[1]
+                    regex = regex[:-1]
+                    list_parts.append(regex)
+                else:
+                    list_parts.append(".*")
+            else:
+                list_parts.append(part.name)
+        return "/".join(list_parts)