cloud-api/src/utils.py

import logging

from lettermint import Lettermint, ValidationError
from datetime import datetime, timezone
from joserfc import jwt, jwk, errors

from src.config import settings
from src.exceptions import ForbiddenException, UnauthorizedException

KEY = jwk.import_key(settings.SECRET_KEY.get_secret_value(), "oct")


async def generate_jwt(claims):
    jwt_token = jwt.encode(header={"alg": "HS256"}, key=KEY, claims=claims)

    return jwt_token


async def decode_jwt(encoded):
    try:
        token = jwt.decode(encoded, key=KEY)
        return token.claims
    except errors.DecodeError:
        raise UnauthorizedException("Invalid JWS")


async def verify_email_token(user_model, token):
    email_claims = await decode_jwt(token)

    claimed_email = email_claims["email"]

    expiry = datetime.fromtimestamp(email_claims["exp"], timezone.utc)

    if expiry < datetime.now(timezone.utc):
        raise UnauthorizedException("Invitation expired.")

    if user_model.email != claimed_email:
        raise ForbiddenException("The logged in user and email do not match.")

    return email_claims


async def send_email(recipient: str, subject: str, body: str):
    if settings.ENVIRONMENT.is_testing:
        return

    lettermint = Lettermint(api_token=settings.LETTERMINT_API_TOKEN.get_secret_value())

    if settings.ENVIRONMENT == "local":
        recipient = "ok@testing.lettermint.co"

    try:
        response = (
            lettermint.email.from_("noreply@sr2.uk")
            .to(recipient)
            .subject(subject)
            .text(body)
            .send()
        )
        logging.info(
            "Email sent to {} with subject {} (Status: {})".format(
                recipient, subject, response.status_code
            )
        )
    except ValidationError as e:
        logging.exception(e)