added bearer token authentication

pulled latest master changes

app/__init__.py

@@ -1,17 +1,21 @@
-from flask import Flask
+from flask import Flask, jsonify
 import os
 from flask_swagger_ui import get_swaggerui_blueprint
 from flask_cors import CORS
 from app.config import Config
-from app.api.routes import api
+from app.api.routes import api, auth_bp
 from app.errors import register_error_handlers
+from flask_jwt_extended import JWTManager
 
 def create_app():
     """ Factory function to create a Flask app instance """
     app = Flask(__name__)
     
+   
+
     # Load configuration
     app.config.from_object(Config)
+    jwt = JWTManager(app)
 
     CORS(app)
 
@@ -21,10 +25,35 @@ def create_app():
 
     # Register blueprints with /api prefix for the main API routes
     app.register_blueprint(api, url_prefix='/api')
+    # Register blueprints with /auth prefix for the authentication routes
+    app.register_blueprint(auth_bp, url_prefix='/api/Auth')
 
     swagger_ui_blueprint = get_swaggerui_blueprint(SWAGGER_URL, API_URL)
     app.register_blueprint(swagger_ui_blueprint, url_prefix=SWAGGER_URL)
     
+    def jwt_error(message, code=401):
+        return jsonify({
+            "status": "error",
+            "message": message
+        }), code
+
+
+    @jwt.unauthorized_loader
+    def unauthorized_response(callback):
+        return jwt_error("Unauthorized access")
+
+    @jwt.expired_token_loader
+    def expired_token_callback(jwt_header, jwt_payload):
+        return jwt_error("Expired token")
+
+    @jwt.invalid_token_loader
+    def invalid_token_callback(error):
+        return jwt_error("Invalid authentication token.", 422)
+
+    @jwt.revoked_token_loader
+    def revoked_token_callback(jwt_header, jwt_payload):
+        return jwt_error("This token has been revoked. Please log in again.")
+
    
     # Error Handlers
     register_error_handlers(app)

app/api/middlewares/cors.py

@@ -1,4 +1,5 @@
 from flask import request, jsonify
+from app.utils.logger import logger
 
 
 def enforce_json():

app/api/routes/__init__.py

@@ -1 +1,2 @@
 from .routes import api 
+from .authentication import auth_bp

app/api/routes/authentication.py

@@ -0,0 +1,24 @@
+from flask import Blueprint, request, jsonify
+from app.utils.logger import logger
+from app.api.middlewares import  enforce_json
+from app.api.services.generate_token import GenerateTokenService
+
+
+auth_bp = Blueprint("api/Auth", __name__)
+
+# Enforce json
+@auth_bp.before_request
+def cors_middleware():
+    """Middleware applied globally to all API routes in this blueprint"""
+    return enforce_json()
+
+@auth_bp.route('/generate-token', methods=['POST'])
+def get_token():
+    try:
+        data = request.get_json()
+        logger.info(f"GenerateToken request received: {data}")
+        response = GenerateTokenService.process_request(data)
+        return response
+    except Exception as e:
+        logger.exception("Unhandled exception in /GenerateToken route", exc_info=e)
+        return jsonify({"message": "Unhandled server error"}), 500

app/api/routes/routes.py

@@ -14,7 +14,9 @@ from app.api.services import (
     CompleteRACcheckService
 )
 from app.utils.logger import logger
-from app.api.middlewares import require_api_key, require_app_id, enforce_json 
+from app.api.middlewares import  enforce_json
+from flask_jwt_extended import (jwt_required)
+
 
 
 
@@ -43,10 +45,11 @@ def serve_paths(filename):
 
 # RACCheck Endpoint
 @api.route('/rac-check', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def rac_check():
+    logger.info("RACCheck request received")
     try:
+        logger.info("RACCheck inside try request received")
         data = request.get_json()
         response = RACCheckService.process_request(data)
         return response
@@ -56,8 +59,7 @@ def rac_check():
 
 # CompleteRACcheck Endpoint
 @api.route('/CompleteRACcheck', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def complete_rac_check():
     try:
         data = request.get_json()
@@ -69,8 +71,7 @@ def complete_rac_check():
 
 # Disbursement Endpoint
 @api.route('/DisburseLoan', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def disbursement():
     try:
         data = request.get_json()
@@ -83,8 +84,7 @@ def disbursement():
 
 # CollectLoan Endpoint
 @api.route('/CollectLoan', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def collect_loan():
     try:
         data = request.get_json()
@@ -97,8 +97,7 @@ def collect_loan():
 
 # TransactionVerify Endpoint
 @api.route('/TransactionVerify', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def transaction_verify():
     try:
         data = request.get_json()
@@ -111,8 +110,7 @@ def transaction_verify():
 
 # PenalCharge Endpoint
 @api.route('/CollectPenalFee', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def penal_charge():
     try:
         data = request.get_json()
@@ -126,8 +124,7 @@ def penal_charge():
 
 # RevokeEnableConsent Endpoint
 @api.route('/RevokeEnableConsent', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def revoke_enable_consent():
     data = request.get_json()
     # logger.info(f"RevokeEnableConsent request received: {data}")
@@ -136,8 +133,7 @@ def revoke_enable_consent():
 
 # TokenValidation Endpoint
 @api.route('/TokenValidation', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def token_validation():
     data = request.get_json()
     # logger.info(f"TokenValidation request received: {data}")
@@ -146,8 +142,7 @@ def token_validation():
 
 # LienCheck Endpoint
 @api.route('/LienCheck', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def lien_check():
     data = request.get_json()
     # logger.info(f"LienCheck request received: {data}")
@@ -156,8 +151,7 @@ def lien_check():
 
 # NewTransactionCheck Endpoint
 @api.route('/NewTransactionCheck', methods=['POST'])
-@require_api_key
+@jwt_required()
-@require_app_id
 def new_transaction_check():
     data = request.get_json()
     # logger.info(f"NewTransactionCheck request received: {data}")
@@ -167,6 +161,7 @@ def new_transaction_check():
 
 # Health Check Endpoint
 @api.route('/system-health-check', methods=['GET'])
+@jwt_required()
 def health_check():
     """Basic system health check"""
     try:

app/api/schemas/disbursement.py

@@ -2,7 +2,7 @@ from marshmallow import Schema, fields
 
 class DisbursementSchema(Schema):
     transactionId = fields.Str(required=False, allow_none=True)
-    FbnTransactionId = fields.Str(required=False, allow_none=True)
+    fbnTransactionId = fields.Str(required=False, allow_none=True)
     debtId = fields.Str(required=False, allow_none=True)
     customerId = fields.Str(required=False, allow_none=True)
     accountId = fields.Str(required=False, allow_none=True)
@@ -32,7 +32,7 @@ class DisburseLoanResponseSchema(Schema):
     countryId = fields.Str(allow_none=True)
     responseCode = fields.Str(allow_none=True)
     responseMessage = fields.Str(allow_none=True)
-    disburseMessage = fields.Str(allow_none=True)
+    disburseResult = fields.Str(allow_none=True)
     disburseDate = fields.Str(allow_none=True)
     disburseVerify = fields.Str(allow_none=True)
     disburseDescription = fields.Str(allow_none=True)

app/api/schemas/generate_token.py

@@ -0,0 +1,18 @@
+from marshmallow import Schema, fields
+
+
+class GenerateTokenRequestSchema(Schema):
+    username = fields.Str(required=True)
+    password = fields.Str(required=True)
+    grant_type = fields.Str(required=True)
+    
+
+class GenerateTokenResponseSchema(Schema):
+    access_token = fields.Str(required=True)
+    token_type = fields.Str(required=True)
+    expires_in = fields.Int(required=True)
+    userName = fields.Str(required=False, allow_none=True)
+    ipaddress = fields.Str(required=False, allow_none=True)
+    errorMessage = fields.Str(required=False, allow_none=True)
+    issued = fields.DateTime(required=False, allow_none=True)
+    expires = fields.DateTime(required=False, allow_none=True)

app/api/schemas/transaction_verify.py

@@ -19,7 +19,3 @@ class TransactionVerifyResponseSchema(Schema):
     collectedAmount = fields.Float(required=True)
     transactionId = fields.Str(allow_none=True)
     transactionType = fields.Str(allow_none=True)
-    disburseVerify = fields.Str(allow_none=True)
-    verifyDescription = fields.Str(allow_none=True)
-    verifyResult = fields.Str(allow_none=True)
-    

app/api/services/__init__.py

@@ -8,3 +8,4 @@ from app.api.services.token_validation import TokenValidationService
 from app.api.services.lien_check import LienCheckService
 from app.api.services.new_transaction_check import NewTransactionCheckService
 from app.api.services.complete_rac_check_service import CompleteRACcheckService
+from app.api.services.generate_token import GenerateTokenService

app/api/services/disbursement.py

@@ -40,6 +40,9 @@ class DisbursementService:
                 "countryId": validated_data.get("countryId"),
                 "responseCode": "00",  # success code example
                 "responseMessage": "Loan Request Completed Successfully!",
+                "disburseVerify": datetime.datetime.now().isoformat(),
+                "verifyResult": "00",
+                "verifyDescription": "Collect Status retrieved successfully.",
                 "disburseDate": datetime.datetime.now().isoformat(),
                 "disburseResult": "00",
                 "disburseDescription": "Loan Request Completed Successfully!",

app/api/services/generate_token.py

@@ -0,0 +1,89 @@
+import datetime
+from datetime import timedelta
+from flask import request, jsonify
+from marshmallow import ValidationError
+from app.utils.logger import logger
+from app.api.helpers.response_helper import ResponseHelper
+from app.api.schemas.generate_token import GenerateTokenRequestSchema, GenerateTokenResponseSchema
+from app.config import Config
+from flask_jwt_extended import (
+    create_access_token,
+)
+
+
+class GenerateTokenService:
+    USERNAME = Config.BANK_CALL_BASIC_AUTH_USERNAME
+    PASSWORD = Config.BANK_CALL_BASIC_AUTH_PASSWORD
+    TYPE = Config.BANK_GRANT_TYPE
+    @staticmethod
+    def process_request(data):
+        """
+        Process the GenerateToken request.
+
+        Args:
+            data (dict): The request JSON payload.
+
+        Returns:
+            tuple: (JSON response, status code)
+        """
+        try:
+            logger.info("Processing GenerateToken request")
+
+            # Step 1: Validate input using schema
+            schema = GenerateTokenRequestSchema()
+            validated_data = schema.load(data)
+            
+            logger.info(f"Validated data: {validated_data}")
+
+            username = validated_data.get("username")
+            password = validated_data.get("password")
+            grant_type = validated_data.get("grant_type")
+            
+            if password != GenerateTokenService.PASSWORD or username != GenerateTokenService.USERNAME or grant_type != GenerateTokenService.TYPE:
+                return {
+                    "message": "Invalid credentials",
+                    "status": 401
+                }
+               
+            expires_in = 1800
+            identity = username
+            # Step 2: Generate JWT token
+            access_token = create_access_token(identity=identity, expires_delta=timedelta(seconds=expires_in))
+
+            # Step 3: Get client IP address
+            ipaddress = request.remote_addr or "127.0.0.1"
+
+            # Step 4: Build response timestamps
+            issued_time = datetime.datetime.utcnow()
+            expires_time = issued_time + datetime.timedelta(seconds=expires_in)
+
+            # Step 5: Construct response payload
+            response_data = {
+                "access_token": access_token,
+                "token_type": "bearer",
+                "expires_in": expires_in,
+                "userName": username,
+                "ipaddress": ipaddress,
+                "errorMessage": "",
+                "issued": issued_time,
+                "expires": expires_time
+            }
+
+            # Serialize with response schema
+            response_schema = GenerateTokenResponseSchema()
+            response_json = response_schema.dump(response_data)
+
+            return jsonify(response_json), 200
+
+        except ValidationError as err:
+            logger.error(f"Validation Error: {err.messages}")
+            return jsonify({
+                "message": "Validation exception",
+                "errors": err.messages
+            }), 422
+
+        except Exception as e:
+            logger.error(f"An error occurred while generating token: {str(e)}", exc_info=True)
+            return jsonify({
+                "message": "Internal Server Error"
+            }), 500

app/api/services/transaction_verify.py

@@ -6,7 +6,6 @@ from app.api.schemas.transaction_verify import (
     TransactionVerifySchema,
     TransactionVerifyResponseSchema
 )
-import datetime
 
 
 class TransactionVerifyService:
@@ -38,10 +37,7 @@ class TransactionVerifyService:
                 "providedAmount": 0.0,
                 "collectedAmount": 7.50,
                 "transactionId": validated_data.get("transactionId"),
-                "transactionType": validated_data.get("transactionType"),
+                "transactionType": validated_data.get("transactionType")
-                "disburseVerify": datetime.datetime.now().isoformat(),
-                "verifyResult": "00",
-                "verifyDescription": "Collect Status retrieved successfully.",
             }
 
             # Validate and serialize response with TransactionVerifyResponseSchema

app/config.py

@@ -1,6 +1,7 @@
 import os
 from re import M
 from dotenv import load_dotenv
+from datetime import timedelta
 
 class Config:
     """Base configuration for Flask app"""
@@ -9,10 +10,15 @@ class Config:
     API_URL = '/api/swagger.json'
 
     DEBUG = True
+    JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY", "753fc155-6a63-4314-bd97-ae91d61dbafe")
+    JWT_ACCESS_TOKEN_EXPIRES = timedelta(seconds=int(os.getenv("JWT_ACCESS_TOKEN_EXPIRES", 1800)))
     VALID_APP_ID = os.getenv("VALID_APP_ID", "app1")
     VALID_API_KEY = os.getenv("VALID_API_KEY", "test-api-key-12345")
     MIN_AMOUNT_FOR_COLLECTION = int(os.getenv("MIN_AMOUNT_FOR_COLLECTION", 10000))
     MAX_AMOUNT_FOR_COLLECTION = int(os.getenv("MAX_AMOUNT_FOR_COLLECTION", 25000))
+    BANK_CALL_BASIC_AUTH_USERNAME = os.environ.get("BANK_CALL_BASIC_AUTH_USERNAME", "simbrella")
+    BANK_CALL_BASIC_AUTH_PASSWORD = os.environ.get("BANK_CALL_BASIC_AUTH_PASSWORD", "G7$k9@pL2!qR")
+    BANK_GRANT_TYPE = os.getenv("BANK_GRANT_TYPE", "password")
 
     # SQLALCHEMY_DATABASE_URI =os.environ.get("DATABASE_URL", "database_url")
     # SQLALCHEMY_TRACK_MODIFICATIONS = False

app/swagger/digifi_swagger.json

@@ -28,6 +28,15 @@
     }
   ],
   "tags": [
+    {
+       "name": "Auth",
+      "description": "Get access token for verification",
+      "externalDocs": {
+        "description": "Find out more",
+        "url": "https://www.simbrellang.net"
+      }
+
+    },
     {
       "name": "RACCheck",
       "description": "Risk Acceptance Criteria Request",
@@ -110,6 +119,9 @@
     }
   ],
   "paths": {
+    "/api/Auth/generate-token": {
+      "$ref": "swagger/paths/GenerateToken.json"
+    },
     "/api/system-health-check": {
      "$ref": "swagger/paths/HealthCheck.json"
     },
@@ -146,6 +158,12 @@
   },
   "components": {
     "schemas": {
+      "GenerateTokenRequest": {
+        "$ref": "./schemas/GenerateTokenRequest.json"
+      },
+      "GenerateTokenResponse": {
+        "$ref": "./schemas/GenerateTokenResponse.json"
+      },
       "RACCheckRequest": {
         "$ref": "./schemas/RACCheckRequest.json"
       },
@@ -217,24 +235,18 @@
       }
     },
     "securitySchemes": {
-      "api_key": {
+  "BearerAuth": {
-        "type": "apiKey",
+    "type": "http",
-        "name": "x-api-key",
+    "scheme": "bearer",
-        "in": "header"
+    "bearerFormat": "JWT",
-      },
+    "description": "Standard Authorization header using the Bearer scheme. Example: 'Bearer {token}'"
-      "app_id": {
+  }
-        "type": "apiKey",
+}   
-        "name": "App-Id",
+  },
-        "in": "header"
+ 
-      }
+"security": [
-    }
+  {
-  },
+    "BearerAuth": []
-  "security": [
+  }
-    {
+]
-      "api_key": []
-    },
-    {
-      "app_id": []
-    }
-  ]
 }

app/swagger/paths/GenerateToken.json

@@ -0,0 +1,56 @@
+{
+    "post": {
+      "tags": [
+        "GenerateToken"
+      ],
+      "summary": "Generate Access Token Request",
+      "description": "Generate Access Token Request",
+      "operationId": "GenerateToken",
+      "requestBody": {
+        "required": true,
+        "content": {
+          "application/json": {
+            "schema": {
+              "$ref": "../schemas/GenerateTokenRequest.json"
+            }
+          },
+          "application/xml": {
+            "schema": {
+              "$ref": "../schemas/GenerateTokenRequest.json"
+            }
+          },
+          "application/x-www-form-urlencoded": {
+            "schema": {
+              "$ref": "../schemas/GenerateTokenRequest.json"
+            }
+          }
+        }
+      },
+      "responses": {
+        "200": {
+          "description": "GenerateToken Successful",
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "../schemas/GenerateTokenResponse.json"
+              }
+            },
+            "application/xml": {
+              "schema": {
+                "$ref": "../schemas/GenerateTokenResponse.json"
+              }
+            }
+          }
+        },
+        "400": {
+          "description": "Invalid request"
+        },
+        "422": {
+          "description": "Validation exception"
+        },
+        "500": {
+          "description": "Internal server error"
+        }
+      }
+    }
+  }

app/swagger/schemas/DisbursementResponse.json

@@ -86,6 +86,22 @@
       "type": "string",
       "example": "Loan Request Completed Successfully!",
       "nullable": true
+    },
+    "disburseVerify": {
+      "type": "string",
+      "format": "date-time",
+      "example": "2023-10-01T12:00:00Z",
+      "nullable": true
+    },
+    "verifyResult": {
+      "type": "string",
+      "example": "00",
+      "nullable": true
+    },
+    "verifyDescription": {
+      "type": "string",
+      "example": "Collect Status retrieved successfully.",
+      "nullable": true
     }
   },
   "required": [

app/swagger/schemas/GenerateTokenRequest.json

@@ -0,0 +1,21 @@
+{
+    "type": "object",
+    "properties": {
+        "username": {
+            "type": "string"
+        },
+        "password": {
+            "type": "string"
+        },
+        "grant_type":{
+            "type":"string"
+
+        }
+      
+    },
+    "required": [
+        "username",
+        "password",
+        "grant_type"
+    ]
+}

app/swagger/schemas/GenerateTokenResponse.json

@@ -0,0 +1,41 @@
+{
+    "type": "object",
+    "properties": {
+        "access_token": {
+            "type": "string",
+            "format": "eyjhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiYWRtaW4ifQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
+        },
+        "token_type": {
+            "type": "string",
+            "format": "bearer"
+        },
+        "expires_in": {
+            "type": "integer",
+            "format": "1800"
+        },
+        "userName": {
+            "type": "string",
+            "format": "sinbrella"
+        },
+        "ipaddress": {
+            "type": "string",
+            "format": "127.0.0.1"
+        },
+        "errorMessage":{
+            "type":"string"
+
+        },
+        "issued": {
+            "type": "string",
+            "format":"date-time"
+
+        },
+        "expires": {
+            "type": "string",
+            "format": "date-time"
+        }
+    },
+    "xml": {
+        "name": "##default"
+    }
+}

app/swagger/schemas/TransactionVerifyResponse.json

@@ -38,20 +38,6 @@
     "transactionType": {
       "type": "string",
       "example": "Disbursement"
-    },
-    "disburseVerify":{
-      "type": "string",
-      "format": "date-time",
-      "example": "2023-10-01T12:00:00Z",
-      "nullable": true
-    },
-    "verifyResult": {
-      "type": "string",
-      "example": "Success"
-    },
-    "verifyDescription": {
-      "type": "string",
-      "example": "Disbursement was verified and collection completed."
     }
   },
   "required": [

requirements.txt

@@ -6,6 +6,8 @@ Flask-Cors==3.0.10
 gunicorn
 flask-swagger-ui
 python-dotenv
+flask-jwt-extended==4.7.1
+