Skip to content

Commit

Permalink
[ADD] fastapi_encrypted_errors
Browse files Browse the repository at this point in the history
  • Loading branch information
paradoxxxzero committed Nov 6, 2024
1 parent c89c938 commit 3f15227
Show file tree
Hide file tree
Showing 18 changed files with 791 additions and 0 deletions.
99 changes: 99 additions & 0 deletions fastapi_encrypted_errors/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
========================
FastAPI Encrypted Errors
========================

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:296fbef824a5eb64e9bbaedc382ef15e41d146f0cc59d458c0d76de46a54358e
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Frest--framework-lightgray.png?logo=github
:target: https://github.com/OCA/rest-framework/tree/16.0/fastapi_encrypted_errors
:alt: OCA/rest-framework
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/rest-framework-16-0/rest-framework-16-0-fastapi_encrypted_errors
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/rest-framework&target_branch=16.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

This module adds a "ref" field in the error response of FastAPI.
This field is an AES encrypted string that contains the error message / traceback.
This encrypted string can be decrypted using the endpoint decrypt error wizard.

**Table of contents**

.. contents::
:local:

Usage
=====

First you have to enable the encryption for an endpoint by checking the `Encrypt Errors` checkbox
in the endpoint configuration.

To decrypt an error message, you can use the "Decrypt Error" wizard in the
FastAPI menu.

You can regenerate a new key by clicking on the "Regenerate Key" button next to the `Errors Secret Key` field.

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/rest-framework/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/rest-framework/issues/new?body=module:%20fastapi_encrypted_errors%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* Akretion

Contributors
~~~~~~~~~~~~

* `Akretion <https://www.akretion.com>`_:

* Florian Mounier

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

.. |maintainer-paradoxxxzero| image:: https://github.com/paradoxxxzero.png?size=40px
:target: https://github.com/paradoxxxzero
:alt: paradoxxxzero

Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:

|maintainer-paradoxxxzero|

This module is part of the `OCA/rest-framework <https://github.com/OCA/rest-framework/tree/16.0/fastapi_encrypted_errors>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
3 changes: 3 additions & 0 deletions fastapi_encrypted_errors/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
from . import models
from . import wizards
from . import fastapi_dispatcher
26 changes: 26 additions & 0 deletions fastapi_encrypted_errors/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Copyright 2024 Akretion (http://www.akretion.com).
# @author Florian Mounier <[email protected]>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).

{
"name": "FastAPI Encrypted Errors",
"summary": "Adds encrypted error messages to FastAPI error responses.",
"version": "16.0.1.0.0",
"license": "AGPL-3",
"author": "Akretion,Odoo Community Association (OCA)",
"maintainers": ["paradoxxxzero"],
"website": "https://github.com/OCA/rest-framework",
"depends": [
"fastapi",
"extendable_fastapi", # Just to make sure dispatcher won't be overriden
],
"data": [
"security/ir.model.access.csv",
"views/fastapi_endpoint_views.xml",
"wizards/wizard_fastapi_decrypt_errors_views.xml",
],
"demo": [],
"external_dependencies": {
"python": ["cryptography"],
},
}
32 changes: 32 additions & 0 deletions fastapi_encrypted_errors/fastapi_dispatcher.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Copyright 2024 Akretion (http://www.akretion.com).
# @author Florian Mounier <[email protected]>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).

from odoo.http import _dispatchers

from odoo.addons.fastapi.error_handlers import convert_exception_to_status_body


# Inherit from last dispatcher of fastapi registered
# This handles extendable_fastapi overloaded dispatcher for instance
class FastApiDispatcher(_dispatchers["fastapi"]):
routing_type = "fastapi"

def handle_error(self, exc):
environ = self._get_environ()
root_path = "/" + environ["PATH_INFO"].split("/")[1]
fastapi_endpoint = (
self.request.env["fastapi.endpoint"]
.sudo()
.search([("root_path", "=", root_path)])
)
if fastapi_endpoint.encrypt_errors:
headers = getattr(exc, "headers", None)
status_code, body = convert_exception_to_status_body(exc)
if body:
body["ref"] = fastapi_endpoint._encrypt_error(exc)
return self.request.make_json_response(
body, status=status_code, headers=headers
)

return super().handle_error(exc)
1 change: 1 addition & 0 deletions fastapi_encrypted_errors/models/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import fastapi_endpoint
49 changes: 49 additions & 0 deletions fastapi_encrypted_errors/models/fastapi_endpoint.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Copyright 2024 Akretion (http://www.akretion.com).
# @author Florian Mounier <[email protected]>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
import traceback
import zlib

from cryptography.fernet import Fernet

from odoo import fields, models


class FastapiEndpoint(models.Model):
_inherit = "fastapi.endpoint"

encrypt_errors = fields.Boolean(
string="Encrypt Errors",
help="Encrypt errors before sending them to the client.",
)
encrypted_errors_secret_key = fields.Char(
string="Errors Secret Key",
help="The secret key used to encrypt errors before sending them to the client.",
default=lambda _: Fernet.generate_key(),
readonly=True,
)

def action_generate_encrypted_errors_secret_key(self):
for record in self:
record.encrypted_errors_secret_key = Fernet.generate_key()

def _encrypt_error(self, exc):
self.ensure_one()
if not self.encrypt_errors or not self.encrypted_errors_secret_key:
return

# Get full traceback
error = "".join(traceback.format_exception(exc))
# zlib compression works quite well on tracebacks
error = zlib.compress(error.encode("utf-8"))
f = Fernet(self.encrypted_errors_secret_key)
return f.encrypt(error)

def _decrypt_error(self, error):
self.ensure_one()
if not self.encrypt_errors or not self.encrypted_errors_secret_key:
return

f = Fernet(self.encrypted_errors_secret_key)
error = f.decrypt(error)
return zlib.decompress(error).decode("utf-8")
3 changes: 3 additions & 0 deletions fastapi_encrypted_errors/readme/CONTRIBUTORS.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
* `Akretion <https://www.akretion.com>`_:

* Florian Mounier
3 changes: 3 additions & 0 deletions fastapi_encrypted_errors/readme/DESCRIPTION.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
This module adds a "ref" field in the error response of FastAPI.
This field is an AES encrypted string that contains the error message / traceback.
This encrypted string can be decrypted using the endpoint decrypt error wizard.
7 changes: 7 additions & 0 deletions fastapi_encrypted_errors/readme/USAGE.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
First you have to enable the encryption for an endpoint by checking the `Encrypt Errors` checkbox
in the endpoint configuration.

To decrypt an error message, you can use the "Decrypt Error" wizard in the
FastAPI menu.

You can regenerate a new key by clicking on the "Regenerate Key" button next to the `Errors Secret Key` field.
2 changes: 2 additions & 0 deletions fastapi_encrypted_errors/security/ir.model.access.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_fastapi_wizard_auth_partner_impersonate,wizard_fastapi_decrypt_errors,model_wizard_fastapi_decrypt_errors,fastapi.group_fastapi_manager,1,1,1,1
Loading

0 comments on commit 3f15227

Please sign in to comment.