[ADD] fastapi_encrypted_errors

Author: paradoxxxzero

fastapi_encrypted_errors/README.rst

@@ -0,0 +1,99 @@
+========================
+FastAPI Encrypted Errors
+========================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:296fbef824a5eb64e9bbaedc382ef15e41d146f0cc59d458c0d76de46a54358e
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Frest--framework-lightgray.png?logo=github
+    :target: https://github.com/OCA/rest-framework/tree/16.0/fastapi_encrypted_errors
+    :alt: OCA/rest-framework
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/rest-framework-16-0/rest-framework-16-0-fastapi_encrypted_errors
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/rest-framework&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds a "ref" field in the error response of FastAPI.
+This field is an AES encrypted string that contains the error message / traceback.
+This encrypted string can be decrypted using the endpoint decrypt error wizard.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+First you have to enable the encryption for an endpoint by checking the `Encrypt Errors` checkbox
+in the endpoint configuration.
+
+To decrypt an error message, you can use the "Decrypt Error" wizard in the
+FastAPI menu.
+
+You can regenerate a new key by clicking on the "Regenerate Key" button next to the `Errors Secret Key` field.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/rest-framework/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/rest-framework/issues/new?body=module:%20fastapi_encrypted_errors%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Akretion
+
+Contributors
+~~~~~~~~~~~~
+
+* `Akretion <https://www.akretion.com>`_:
+
+  * Florian Mounier
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-paradoxxxzero| image:: https://github.com/paradoxxxzero.png?size=40px
+    :target: https://github.com/paradoxxxzero
+    :alt: paradoxxxzero
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-paradoxxxzero| 
+
+This module is part of the `OCA/rest-framework <https://github.com/OCA/rest-framework/tree/16.0/fastapi_encrypted_errors>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

fastapi_encrypted_errors/__init__.py

@@ -0,0 +1,3 @@
+from . import models
+from . import wizards
+from . import fastapi_dispatcher

fastapi_encrypted_errors/__manifest__.py

@@ -0,0 +1,26 @@
+# Copyright 2024 Akretion (http://www.akretion.com).
+# @author Florian Mounier <[email protected]>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "FastAPI Encrypted Errors",
+    "summary": "Adds encrypted error messages to FastAPI error responses.",
+    "version": "16.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "Akretion,Odoo Community Association (OCA)",
+    "maintainers": ["paradoxxxzero"],
+    "website": "https://github.com/OCA/rest-framework",
+    "depends": [
+        "fastapi",
+        "extendable_fastapi",  # Just to make sure dispatcher won't be overriden
+    ],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/fastapi_endpoint_views.xml",
+        "wizards/wizard_fastapi_decrypt_errors_views.xml",
+    ],
+    "demo": [],
+    "external_dependencies": {
+        "python": ["cryptography"],
+    },
+}

fastapi_encrypted_errors/fastapi_dispatcher.py

@@ -0,0 +1,32 @@
+# Copyright 2024 Akretion (http://www.akretion.com).
+# @author Florian Mounier <[email protected]>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo.http import _dispatchers
+
+from odoo.addons.fastapi.error_handlers import convert_exception_to_status_body
+
+
+# Inherit from last dispatcher of fastapi registered
+# This handles extendable_fastapi overloaded dispatcher for instance
+class FastApiDispatcher(_dispatchers["fastapi"]):
+    routing_type = "fastapi"
+
+    def handle_error(self, exc):
+        environ = self._get_environ()
+        root_path = "/" + environ["PATH_INFO"].split("/")[1]
+        fastapi_endpoint = (
+            self.request.env["fastapi.endpoint"]
+            .sudo()
+            .search([("root_path", "=", root_path)])
+        )
+        if fastapi_endpoint.encrypt_errors:
+            headers = getattr(exc, "headers", None)
+            status_code, body = convert_exception_to_status_body(exc)
+            if body:
+                body["ref"] = fastapi_endpoint._encrypt_error(exc)
+            return self.request.make_json_response(
+                body, status=status_code, headers=headers
+            )
+
+        return super().handle_error(exc)

fastapi_encrypted_errors/models/__init__.py

@@ -0,0 +1 @@
+from . import fastapi_endpoint

fastapi_encrypted_errors/models/fastapi_endpoint.py

@@ -0,0 +1,49 @@
+# Copyright 2024 Akretion (http://www.akretion.com).
+# @author Florian Mounier <[email protected]>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+import traceback
+import zlib
+
+from cryptography.fernet import Fernet
+
+from odoo import fields, models
+
+
+class FastapiEndpoint(models.Model):
+    _inherit = "fastapi.endpoint"
+
+    encrypt_errors = fields.Boolean(
+        string="Encrypt Errors",
+        help="Encrypt errors before sending them to the client.",
+    )
+    encrypted_errors_secret_key = fields.Char(
+        string="Errors Secret Key",
+        help="The secret key used to encrypt errors before sending them to the client.",
+        default=lambda _: Fernet.generate_key(),
+        readonly=True,
+    )
+
+    def action_generate_encrypted_errors_secret_key(self):
+        for record in self:
+            record.encrypted_errors_secret_key = Fernet.generate_key()
+
+    def _encrypt_error(self, exc):
+        self.ensure_one()
+        if not self.encrypt_errors or not self.encrypted_errors_secret_key:
+            return
+
+        # Get full traceback
+        error = "".join(traceback.format_exception(exc))
+        # zlib compression works quite well on tracebacks
+        error = zlib.compress(error.encode("utf-8"))
+        f = Fernet(self.encrypted_errors_secret_key)
+        return f.encrypt(error)
+
+    def _decrypt_error(self, error):
+        self.ensure_one()
+        if not self.encrypt_errors or not self.encrypted_errors_secret_key:
+            return
+
+        f = Fernet(self.encrypted_errors_secret_key)
+        error = f.decrypt(error)
+        return zlib.decompress(error).decode("utf-8")

fastapi_encrypted_errors/readme/CONTRIBUTORS.rst

@@ -0,0 +1,3 @@
+* `Akretion <https://www.akretion.com>`_:
+
+  * Florian Mounier

fastapi_encrypted_errors/readme/DESCRIPTION.rst

@@ -0,0 +1,3 @@
+This module adds a "ref" field in the error response of FastAPI.
+This field is an AES encrypted string that contains the error message / traceback.
+This encrypted string can be decrypted using the endpoint decrypt error wizard.

fastapi_encrypted_errors/readme/USAGE.rst

@@ -0,0 +1,7 @@
+First you have to enable the encryption for an endpoint by checking the `Encrypt Errors` checkbox
+in the endpoint configuration.
+
+To decrypt an error message, you can use the "Decrypt Error" wizard in the
+FastAPI menu.
+
+You can regenerate a new key by clicking on the "Regenerate Key" button next to the `Errors Secret Key` field.

fastapi_encrypted_errors/security/ir.model.access.csv

@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_fastapi_wizard_auth_partner_impersonate,wizard_fastapi_decrypt_errors,model_wizard_fastapi_decrypt_errors,fastapi.group_fastapi_manager,1,1,1,1