added bearer token authentication

Merge branch 'master' of https://gitlab.chiefsoft.net/DigiFi/digifi-BankEmulator into sync_payload
pulled latest master changes
2025-10-29 17:39:31 +01:00 · 2025-10-29 07:17:25 +01:00 · 2025-10-28 19:24:45 +00:00 · 2025-08-29 19:18:35 +00:00 · 2025-07-13 13:44:34 +01:00 · 2025-07-13 13:44:27 +01:00
21 changed files with 362 additions and 69 deletions
@@ -1,17 +1,21 @@
-from flask import Flask
+from flask import Flask, jsonify
 import os
 from flask_swagger_ui import get_swaggerui_blueprint
 from flask_cors import CORS
 from app.config import Config
-from app.api.routes import api
+from app.api.routes import api, auth_bp
 from app.errors import register_error_handlers
+from flask_jwt_extended import JWTManager

 def create_app():
    """ Factory function to create a Flask app instance """
    app = Flask(__name__)
+    
+   

    # Load configuration
    app.config.from_object(Config)
+    jwt = JWTManager(app)

    CORS(app)

@@ -21,11 +25,36 @@ def create_app():

    # Register blueprints with /api prefix for the main API routes
    app.register_blueprint(api, url_prefix='/api')
+    # Register blueprints with /auth prefix for the authentication routes
+    app.register_blueprint(auth_bp, url_prefix='/api/Auth')

    swagger_ui_blueprint = get_swaggerui_blueprint(SWAGGER_URL, API_URL)
    app.register_blueprint(swagger_ui_blueprint, url_prefix=SWAGGER_URL)
+    
+    def jwt_error(message, code=401):
+        return jsonify({
+            "status": "error",
+            "message": message
+        }), code


+    @jwt.unauthorized_loader
+    def unauthorized_response(callback):
+        return jwt_error("Unauthorized access")
+
+    @jwt.expired_token_loader
+    def expired_token_callback(jwt_header, jwt_payload):
+        return jwt_error("Expired token")
+
+    @jwt.invalid_token_loader
+    def invalid_token_callback(error):
+        return jwt_error("Invalid authentication token.", 422)
+
+    @jwt.revoked_token_loader
+    def revoked_token_callback(jwt_header, jwt_payload):
+        return jwt_error("This token has been revoked. Please log in again.")
+
+   
    # Error Handlers
    register_error_handlers(app)

@@ -1,3 +1,3 @@
 from .verify_api_key import require_api_key
 from .app_id_checker import require_app_id
-from .cors import enforce_json
+from .cors import enforce_json
@@ -1,4 +1,5 @@
 from flask import request, jsonify
+from app.utils.logger import logger


 def enforce_json():
@@ -1 +1,2 @@
 from .routes import api 
+from .authentication import auth_bp
@@ -0,0 +1,24 @@
+from flask import Blueprint, request, jsonify
+from app.utils.logger import logger
+from app.api.middlewares import  enforce_json
+from app.api.services.generate_token import GenerateTokenService
+
+
+auth_bp = Blueprint("api/Auth", __name__)
+
+# Enforce json
+@auth_bp.before_request
+def cors_middleware():
+    """Middleware applied globally to all API routes in this blueprint"""
+    return enforce_json()
+
+@auth_bp.route('/generate-token', methods=['POST'])
+def get_token():
+    try:
+        data = request.get_json()
+        logger.info(f"GenerateToken request received: {data}")
+        response = GenerateTokenService.process_request(data)
+        return response
+    except Exception as e:
+        logger.exception("Unhandled exception in /GenerateToken route", exc_info=e)
+        return jsonify({"message": "Unhandled server error"}), 500
@@ -14,7 +14,9 @@ from app.api.services import (
    CompleteRACcheckService
 )
 from app.utils.logger import logger
-from app.api.middlewares import require_api_key, require_app_id, enforce_json 
+from app.api.middlewares import  enforce_json
+from flask_jwt_extended import (jwt_required)
+



@@ -43,10 +45,11 @@ def serve_paths(filename):

 # RACCheck Endpoint
@api.route('/rac-check', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def rac_check():
+    logger.info("RACCheck request received")
    try:
+        logger.info("RACCheck inside try request received")
        data = request.get_json()
        response = RACCheckService.process_request(data)
        return response
@@ -56,8 +59,7 @@ def rac_check():

 # CompleteRACcheck Endpoint
@api.route('/CompleteRACcheck', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def complete_rac_check():
    try:
        data = request.get_json()
@@ -69,8 +71,7 @@ def complete_rac_check():

 # Disbursement Endpoint
@api.route('/DisburseLoan', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def disbursement():
    try:
        data = request.get_json()
@@ -83,8 +84,7 @@ def disbursement():

 # CollectLoan Endpoint
@api.route('/CollectLoan', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def collect_loan():
    try:
        data = request.get_json()
@@ -97,8 +97,7 @@ def collect_loan():

 # TransactionVerify Endpoint
@api.route('/TransactionVerify', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def transaction_verify():
    try:
        data = request.get_json()
@@ -111,8 +110,7 @@ def transaction_verify():

 # PenalCharge Endpoint
@api.route('/CollectPenalFee', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def penal_charge():
    try:
        data = request.get_json()
@@ -126,8 +124,7 @@ def penal_charge():

 # RevokeEnableConsent Endpoint
@api.route('/RevokeEnableConsent', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def revoke_enable_consent():
    data = request.get_json()
    # logger.info(f"RevokeEnableConsent request received: {data}")
@@ -136,8 +133,7 @@ def revoke_enable_consent():

 # TokenValidation Endpoint
@api.route('/TokenValidation', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def token_validation():
    data = request.get_json()
    # logger.info(f"TokenValidation request received: {data}")
@@ -146,8 +142,7 @@ def token_validation():

 # LienCheck Endpoint
@api.route('/LienCheck', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def lien_check():
    data = request.get_json()
    # logger.info(f"LienCheck request received: {data}")
@@ -156,8 +151,7 @@ def lien_check():

 # NewTransactionCheck Endpoint
@api.route('/NewTransactionCheck', methods=['POST'])
-@require_api_key
-@require_app_id
+@jwt_required()
 def new_transaction_check():
    data = request.get_json()
    # logger.info(f"NewTransactionCheck request received: {data}")
@@ -167,6 +161,7 @@ def new_transaction_check():

 # Health Check Endpoint
@api.route('/system-health-check', methods=['GET'])
+@jwt_required()
 def health_check():
    """Basic system health check"""
    try:
@@ -2,7 +2,7 @@ from marshmallow import Schema, fields

 class DisbursementSchema(Schema):
    transactionId = fields.Str(required=False, allow_none=True)
-    FbnTransactionId = fields.Str(required=False, allow_none=True)
+    fbnTransactionId = fields.Str(required=False, allow_none=True)
    debtId = fields.Str(required=False, allow_none=True)
    customerId = fields.Str(required=False, allow_none=True)
    accountId = fields.Str(required=False, allow_none=True)
@@ -32,7 +32,7 @@ class DisburseLoanResponseSchema(Schema):
    countryId = fields.Str(allow_none=True)
    responseCode = fields.Str(allow_none=True)
    responseMessage = fields.Str(allow_none=True)
-    disburseMessage = fields.Str(allow_none=True)
+    disburseResult = fields.Str(allow_none=True)
    disburseDate = fields.Str(allow_none=True)
    disburseVerify = fields.Str(allow_none=True)
    disburseDescription = fields.Str(allow_none=True)
@@ -0,0 +1,18 @@
+from marshmallow import Schema, fields
+
+
+class GenerateTokenRequestSchema(Schema):
+    username = fields.Str(required=True)
+    password = fields.Str(required=True)
+    grant_type = fields.Str(required=True)
+    
+
+class GenerateTokenResponseSchema(Schema):
+    access_token = fields.Str(required=True)
+    token_type = fields.Str(required=True)
+    expires_in = fields.Int(required=True)
+    userName = fields.Str(required=False, allow_none=True)
+    ipaddress = fields.Str(required=False, allow_none=True)
+    errorMessage = fields.Str(required=False, allow_none=True)
+    issued = fields.DateTime(required=False, allow_none=True)
+    expires = fields.DateTime(required=False, allow_none=True)
@@ -18,8 +18,4 @@ class TransactionVerifyResponseSchema(Schema):
    providedAmount = fields.Float(required=True)
    collectedAmount = fields.Float(required=True)
    transactionId = fields.Str(allow_none=True)
-    transactionType = fields.Str(allow_none=True)
-    disburseVerify = fields.Str(allow_none=True)
-    verifyDescription = fields.Str(allow_none=True)
-    verifyResult = fields.Str(allow_none=True)
-    
+    transactionType = fields.Str(allow_none=True)
@@ -8,3 +8,4 @@ from app.api.services.token_validation import TokenValidationService
 from app.api.services.lien_check import LienCheckService
 from app.api.services.new_transaction_check import NewTransactionCheckService
 from app.api.services.complete_rac_check_service import CompleteRACcheckService
+from app.api.services.generate_token import GenerateTokenService
@@ -40,6 +40,9 @@ class DisbursementService:
                "countryId": validated_data.get("countryId"),
                "responseCode": "00",  # success code example
                "responseMessage": "Loan Request Completed Successfully!",
+                "disburseVerify": datetime.datetime.now().isoformat(),
+                "verifyResult": "00",
+                "verifyDescription": "Collect Status retrieved successfully.",
                "disburseDate": datetime.datetime.now().isoformat(),
                "disburseResult": "00",
                "disburseDescription": "Loan Request Completed Successfully!",
@@ -0,0 +1,89 @@
+import datetime
+from datetime import timedelta
+from flask import request, jsonify
+from marshmallow import ValidationError
+from app.utils.logger import logger
+from app.api.helpers.response_helper import ResponseHelper
+from app.api.schemas.generate_token import GenerateTokenRequestSchema, GenerateTokenResponseSchema
+from app.config import Config
+from flask_jwt_extended import (
+    create_access_token,
+)
+
+
+class GenerateTokenService:
+    USERNAME = Config.BANK_CALL_BASIC_AUTH_USERNAME
+    PASSWORD = Config.BANK_CALL_BASIC_AUTH_PASSWORD
+    TYPE = Config.BANK_GRANT_TYPE
+    @staticmethod
+    def process_request(data):
+        """
+        Process the GenerateToken request.
+
+        Args:
+            data (dict): The request JSON payload.
+
+        Returns:
+            tuple: (JSON response, status code)
+        """
+        try:
+            logger.info("Processing GenerateToken request")
+
+            # Step 1: Validate input using schema
+            schema = GenerateTokenRequestSchema()
+            validated_data = schema.load(data)
+            
+            logger.info(f"Validated data: {validated_data}")
+
+            username = validated_data.get("username")
+            password = validated_data.get("password")
+            grant_type = validated_data.get("grant_type")
+            
+            if password != GenerateTokenService.PASSWORD or username != GenerateTokenService.USERNAME or grant_type != GenerateTokenService.TYPE:
+                return {
+                    "message": "Invalid credentials",
+                    "status": 401
+                }
+               
+            expires_in = 1800
+            identity = username
+            # Step 2: Generate JWT token
+            access_token = create_access_token(identity=identity, expires_delta=timedelta(seconds=expires_in))
+
+            # Step 3: Get client IP address
+            ipaddress = request.remote_addr or "127.0.0.1"
+
+            # Step 4: Build response timestamps
+            issued_time = datetime.datetime.utcnow()
+            expires_time = issued_time + datetime.timedelta(seconds=expires_in)
+
+            # Step 5: Construct response payload
+            response_data = {
+                "access_token": access_token,
+                "token_type": "bearer",
+                "expires_in": expires_in,
+                "userName": username,
+                "ipaddress": ipaddress,
+                "errorMessage": "",
+                "issued": issued_time,
+                "expires": expires_time
+            }
+
+            # Serialize with response schema
+            response_schema = GenerateTokenResponseSchema()
+            response_json = response_schema.dump(response_data)
+
+            return jsonify(response_json), 200
+
+        except ValidationError as err:
+            logger.error(f"Validation Error: {err.messages}")
+            return jsonify({
+                "message": "Validation exception",
+                "errors": err.messages
+            }), 422
+
+        except Exception as e:
+            logger.error(f"An error occurred while generating token: {str(e)}", exc_info=True)
+            return jsonify({
+                "message": "Internal Server Error"
+            }), 500
@@ -6,7 +6,6 @@ from app.api.schemas.transaction_verify import (
    TransactionVerifySchema,
    TransactionVerifyResponseSchema
 )
-import datetime


 class TransactionVerifyService:
@@ -38,10 +37,7 @@ class TransactionVerifyService:
                "providedAmount": 0.0,
                "collectedAmount": 7.50,
                "transactionId": validated_data.get("transactionId"),
-                "transactionType": validated_data.get("transactionType"),
-                "disburseVerify": datetime.datetime.now().isoformat(),
-                "verifyResult": "00",
-                "verifyDescription": "Collect Status retrieved successfully.",
+                "transactionType": validated_data.get("transactionType")
            }

            # Validate and serialize response with TransactionVerifyResponseSchema
@@ -1,6 +1,7 @@
 import os
 from re import M
 from dotenv import load_dotenv
+from datetime import timedelta

 class Config:
    """Base configuration for Flask app"""
@@ -9,10 +10,15 @@ class Config:
    API_URL = '/api/swagger.json'

    DEBUG = True
+    JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", "753fc155-6a63-4314-bd97-ae91d61dbafe")
+    JWT_ACCESS_TOKEN_EXPIRES = timedelta(seconds=int(os.getenv("JWT_ACCESS_TOKEN_EXPIRES", 1800)))
    VALID_APP_ID = os.getenv("VALID_APP_ID", "app1")
    VALID_API_KEY = os.getenv("VALID_API_KEY", "test-api-key-12345")
    MIN_AMOUNT_FOR_COLLECTION = int(os.getenv("MIN_AMOUNT_FOR_COLLECTION", 10000))
    MAX_AMOUNT_FOR_COLLECTION = int(os.getenv("MAX_AMOUNT_FOR_COLLECTION", 25000))
+    BANK_CALL_BASIC_AUTH_USERNAME = os.environ.get("BANK_CALL_BASIC_AUTH_USERNAME", "simbrella")
+    BANK_CALL_BASIC_AUTH_PASSWORD = os.environ.get("BANK_CALL_BASIC_AUTH_PASSWORD", "G7$k9@pL2!qR")
+    BANK_GRANT_TYPE = os.getenv("BANK_GRANT_TYPE", "password")

    # SQLALCHEMY_DATABASE_URI =os.environ.get("DATABASE_URL", "database_url")
    # SQLALCHEMY_TRACK_MODIFICATIONS = False
@@ -28,6 +28,15 @@
    }
  ],
  "tags": [
+    {
+       "name": "Auth",
+      "description": "Get access token for verification",
+      "externalDocs": {
+        "description": "Find out more",
+        "url": "https://www.simbrellang.net"
+      }
+
+    },
    {
      "name": "RACCheck",
      "description": "Risk Acceptance Criteria Request",
@@ -110,6 +119,9 @@
    }
  ],
  "paths": {
+    "/api/Auth/generate-token": {
+      "$ref": "swagger/paths/GenerateToken.json"
+    },
    "/api/system-health-check": {
     "$ref": "swagger/paths/HealthCheck.json"
    },
@@ -146,6 +158,12 @@
  },
  "components": {
    "schemas": {
+      "GenerateTokenRequest": {
+        "$ref": "./schemas/GenerateTokenRequest.json"
+      },
+      "GenerateTokenResponse": {
+        "$ref": "./schemas/GenerateTokenResponse.json"
+      },
      "RACCheckRequest": {
        "$ref": "./schemas/RACCheckRequest.json"
      },
@@ -217,24 +235,18 @@
      }
    },
    "securitySchemes": {
-      "api_key": {
-        "type": "apiKey",
-        "name": "x-api-key",
-        "in": "header"
-      },
-      "app_id": {
-        "type": "apiKey",
-        "name": "App-Id",
-        "in": "header"
-      }
-    }
+  "BearerAuth": {
+    "type": "http",
+    "scheme": "bearer",
+    "bearerFormat": "JWT",
+    "description": "Standard Authorization header using the Bearer scheme. Example: 'Bearer {token}'"
+  }
+}   
  },
-  "security": [
-    {
-      "api_key": []
-    },
-    {
-      "app_id": []
-    }
-  ]
+ 
+"security": [
+  {
+    "BearerAuth": []
+  }
+]
 }
@@ -0,0 +1,56 @@
+{
+    "post": {
+      "tags": [
+        "GenerateToken"
+      ],
+      "summary": "Generate Access Token Request",
+      "description": "Generate Access Token Request",
+      "operationId": "GenerateToken",
+      "requestBody": {
+        "required": true,
+        "content": {
+          "application/json": {
+            "schema": {
+              "$ref": "../schemas/GenerateTokenRequest.json"
+            }
+          },
+          "application/xml": {
+            "schema": {
+              "$ref": "../schemas/GenerateTokenRequest.json"
+            }
+          },
+          "application/x-www-form-urlencoded": {
+            "schema": {
+              "$ref": "../schemas/GenerateTokenRequest.json"
+            }
+          }
+        }
+      },
+      "responses": {
+        "200": {
+          "description": "GenerateToken Successful",
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "../schemas/GenerateTokenResponse.json"
+              }
+            },
+            "application/xml": {
+              "schema": {
+                "$ref": "../schemas/GenerateTokenResponse.json"
+              }
+            }
+          }
+        },
+        "400": {
+          "description": "Invalid request"
+        },
+        "422": {
+          "description": "Validation exception"
+        },
+        "500": {
+          "description": "Internal server error"
+        }
+      }
+    }
+  }
@@ -86,6 +86,22 @@
      "type": "string",
      "example": "Loan Request Completed Successfully!",
      "nullable": true
+    },
+    "disburseVerify": {
+      "type": "string",
+      "format": "date-time",
+      "example": "2023-10-01T12:00:00Z",
+      "nullable": true
+    },
+    "verifyResult": {
+      "type": "string",
+      "example": "00",
+      "nullable": true
+    },
+    "verifyDescription": {
+      "type": "string",
+      "example": "Collect Status retrieved successfully.",
+      "nullable": true
    }
  },
  "required": [
@@ -0,0 +1,21 @@
+{
+    "type": "object",
+    "properties": {
+        "username": {
+            "type": "string"
+        },
+        "password": {
+            "type": "string"
+        },
+        "grant_type":{
+            "type":"string"
+
+        }
+      
+    },
+    "required": [
+        "username",
+        "password",
+        "grant_type"
+    ]
+}
@@ -0,0 +1,41 @@
+{
+    "type": "object",
+    "properties": {
+        "access_token": {
+            "type": "string",
+            "format": "eyjhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiYWRtaW4ifQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
+        },
+        "token_type": {
+            "type": "string",
+            "format": "bearer"
+        },
+        "expires_in": {
+            "type": "integer",
+            "format": "1800"
+        },
+        "userName": {
+            "type": "string",
+            "format": "sinbrella"
+        },
+        "ipaddress": {
+            "type": "string",
+            "format": "127.0.0.1"
+        },
+        "errorMessage":{
+            "type":"string"
+
+        },
+        "issued": {
+            "type": "string",
+            "format":"date-time"
+
+        },
+        "expires": {
+            "type": "string",
+            "format": "date-time"
+        }
+    },
+    "xml": {
+        "name": "##default"
+    }
+}
@@ -38,20 +38,6 @@
    "transactionType": {
      "type": "string",
      "example": "Disbursement"
-    },
-    "disburseVerify":{
-      "type": "string",
-      "format": "date-time",
-      "example": "2023-10-01T12:00:00Z",
-      "nullable": true
-    },
-    "verifyResult": {
-      "type": "string",
-      "example": "Success"
-    },
-    "verifyDescription": {
-      "type": "string",
-      "example": "Disbursement was verified and collection completed."
    }
  },
  "required": [
@@ -6,6 +6,8 @@ Flask-Cors==3.0.10
 gunicorn
 flask-swagger-ui
 python-dotenv
+flask-jwt-extended==4.7.1
+
Author	SHA1	Message	Date
Chinenye Nmoh	5794ddfa0c	added bearer token authentication	2025-10-29 17:39:31 +01:00
Chinenye Nmoh	1293f28bf2	Merge branch 'master' of https://gitlab.chiefsoft.net/DigiFi/digifi-BankEmulator into sync_payload pulled latest master changes	2025-10-29 07:17:25 +01:00
ameye	db36278ae7	Merge branch 'partial_payment' of DigiFi/digifi-BankEmulator into master	2025-10-28 19:24:45 +00:00
ameye	4e52459d51	Merge branch 'partial_payment' of DigiFi/digifi-BankEmulator into master	2025-08-29 19:18:35 +00:00
Chinenye Nmoh	6869b77428	Merge branch 'master' of https://gitlab.chiefsoft.net/DigiFi/digifi-BankEmulator into sync_payload pulled changes	2025-07-13 13:44:34 +01:00
Chinenye Nmoh	73c0377033	pull changes	2025-07-13 13:44:27 +01:00
Chinenye Nmoh	02b4ba4a5a	Merge branch 'master' of https://gitlab.chiefsoft.net/DigiFi/digifi-BankEmulator into sync_payload pulled	2025-06-26 14:01:31 +01:00
Chinenye Nmoh	b468b2ad4b	Merge branch 'master' of https://gitlab.chiefsoft.net/DigiFi/digifi-BankEmulator into sync_payload pulled	2025-06-25 13:22:11 +01:00
Chinenye Nmoh	7b1da3b095	expanded disbursement endpoint	2025-06-09 21:08:02 +01:00