The latest articles on DEV Community by zwx00 (@zwx00). https://dev.to/zwx00 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F160806%2F4318320c-ff63-4807-97c0-aa911678a434.png https://dev.to/zwx00 en zwx00 Fri, 20 Dec 2024 10:55:58 +0000 https://dev.to/zwx00/replay-failed-stripe-events-via-webhook-14j5 https://dev.to/zwx00/replay-failed-stripe-events-via-webhook-14j5 <p>Sometimes webhook events fail to deliver, and you need to replay them to ensure your system processes all important events. Here's a handy one-liner using the Stripe CLI to resend failed subscription cancellation events:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>stripe events list <span class="se">\</span> <span class="nt">--type</span><span class="o">=</span>customer.subscription.deleted <span class="se">\</span> <span class="nt">--delivery-success</span><span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--live</span> <span class="se">\</span> <span class="nt">--limit</span> 150 <span class="se">\</span> | jq <span class="s2">".data[].id"</span> <span class="se">\</span> | xargs <span class="nt">-n1</span> <span class="nt">-t</span> stripe events resend <span class="se">\</span> <span class="nt">--live</span> <span class="se">\</span> <span class="nt">--webhook-endpoint</span><span class="o">=</span>we_LALALALA </code></pre> </div> <p>Let's break down what this command does:</p> <ol> <li> <p><code>stripe events list</code>: Lists Stripe events</p> <ul> <li> <code>--type=customer.subscription.deleted</code>: Filters for subscription cancellation events</li> <li> <code>--delivery-success=false</code>: Only shows failed deliveries</li> <li> <code>--live</code>: Uses live mode (not test mode)</li> <li> <code>--limit 150</code>: Retrieves up to 150 events</li> </ul> </li> <li><p><code>jq ".data[].id"</code>: Extracts just the event IDs from the JSON response</p></li> <li> <p><code>xargs -n1 -t</code>: Processes each event ID one at a time</p> <ul> <li> <code>-n1</code>: Passes one argument per command</li> <li> <code>-t</code>: Prints each command before executing it</li> </ul> </li> <li> <p><code>stripe events resend</code>: Resends each event to your webhook endpoint</p> <ul> <li> <code>--live</code>: Uses live mode</li> <li> <code>--webhook-endpoint=we_LALALALA</code>: Specifies the webhook endpoint to use</li> </ul> </li> </ol> <p>Remember to replace <code>we_LALALALA</code> with your actual webhook endpoint ID.</p> <p>This command is particularly useful when:</p> <ul> <li>Your webhook endpoint was down</li> <li>You had network issues</li> <li>You're testing new webhook handling code</li> <li>You need to backfill missed events</li> </ul> <p>Make sure you have both the <a href="https://stripe.com/docs/stripe-cli" rel="noopener noreferrer">Stripe CLI</a> and <a href="https://stedolan.github.io/jq/" rel="noopener noreferrer">jq</a> installed before running this command.</p> <p>Happy webhooking! 🎣</p> stripe webhook debugging cli zwx00 Sun, 17 Mar 2024 20:07:59 +0000 https://dev.to/zwx00/async-axiom-logging-4213 https://dev.to/zwx00/async-axiom-logging-4213 <p>Axiom Logger documentation for its python client does not provide any examples on how to log in async fashion. Both Axiom logger and the default python logger utility are blocking. And while streaming to stdout is not a big issue, blocking network responses might be (<code>axiom-py</code> utilizies raw <code>urllib</code> below the hood). Here's how we addressed this at <a href="https://www.katalist.ai">Katalist</a>.</p> <p>We have a file called <code>logging.py</code> from where we import the logging handlers we're gonna be using with our logging config.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># main.py # ... other imports </span><span class="kn">from</span> <span class="n">katalist.logging</span> <span class="kn">import</span> <span class="n">handlers</span> <span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span> <span class="n">handlers</span><span class="o">=</span><span class="n">handlers</span><span class="p">,</span> <span class="n">force</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="sh">"</span><span class="s">%(asctime)s [%(levelname)s] %(name)s: %(message)s</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Define log message format. </span> <span class="n">datefmt</span><span class="o">=</span><span class="sh">"</span><span class="s">%Y-%m-%d %H:%M:%S</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Define the date format to include in log messages. </span><span class="p">)</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="c1"># all the views... </span></code></pre> </div> <p>One important thing to note here: without setting <code>force</code> to <code>True</code>, the handler configuration was being ignored. Other than that, there's nothing special about this setup.</p> <p>So how do we include the <code>AxiomHandler</code> from <code>axiom-py</code> which is by nature synchronous, among our handlers? The answer lies in a <code>QueueHandler</code> utility that python's <code>logging</code> module provides by default. This allows us to basically enqueue logged entries that are then consumed by another thread, started by <code>QueueListener</code>. Python's <code>queue</code>, a thread-safe queue implementation takes care of the communication between threads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># logging.py </span><span class="kn">import</span> <span class="n">queue</span> <span class="kn">from</span> <span class="n">logging</span> <span class="kn">import</span> <span class="n">Handler</span><span class="p">,</span> <span class="n">LogRecord</span><span class="p">,</span> <span class="n">StreamHandler</span> <span class="kn">from</span> <span class="n">logging.handlers</span> <span class="kn">import</span> <span class="n">QueueHandler</span><span class="p">,</span> <span class="n">QueueListener</span> <span class="kn">from</span> <span class="n">axiom.logging</span> <span class="kn">import</span> <span class="n">AxiomHandler</span><span class="p">,</span> <span class="n">Client</span> <span class="kn">from</span> <span class="n">katalystai.conf</span> <span class="kn">import</span> <span class="n">SETTINGS</span> <span class="n">handlers</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="n">Handler</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span><span class="nc">StreamHandler</span><span class="p">()]</span> <span class="k">if</span> <span class="n">SETTINGS</span><span class="p">.</span><span class="n">mode</span> <span class="o">==</span> <span class="sh">"</span><span class="s">production</span><span class="sh">"</span><span class="p">:</span> <span class="n">log_queue</span> <span class="o">=</span> <span class="n">queue</span><span class="p">.</span><span class="nc">Queue</span><span class="p">()</span> <span class="n">queue_handler</span> <span class="o">=</span> <span class="nc">QueueHandler</span><span class="p">(</span><span class="n">log_queue</span><span class="p">)</span> <span class="n">axiom_client</span> <span class="o">=</span> <span class="nc">Client</span><span class="p">(</span><span class="n">token</span><span class="o">=</span><span class="n">SETTINGS</span><span class="p">.</span><span class="n">axiom_token</span><span class="p">)</span> <span class="n">axiom_handler</span> <span class="o">=</span> <span class="nc">AxiomHandler</span><span class="p">(</span> <span class="n">client</span><span class="o">=</span><span class="n">axiom_client</span><span class="p">,</span> <span class="n">dataset</span><span class="o">=</span><span class="sh">"</span><span class="s">katalist-backend</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="nc">QueueListener</span><span class="p">(</span><span class="n">log_queue</span><span class="p">,</span> <span class="n">axiom_handler</span><span class="p">).</span><span class="nf">start</span><span class="p">()</span> <span class="n">handlers</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">queue_handler</span><span class="p">)</span> </code></pre> </div> <p>This is already nice, but another issue remains. <code>QueueHandler</code> will strip off everything but the raw message to prevent pickling errors when passing messages to another thread. But it's 2024 and everyone knows structured logging is the name of the game. And Axiom itself is good for nothing if not for processing structured logs. Hence we need to modify how the <code>QueueHandler</code> processes our messages.</p> <p>To achieve this we will subclass <code>QueueHandler</code> to keep the <code>args</code> parameter intact.</p> <p>Here's the final code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">queue</span> <span class="kn">from</span> <span class="n">logging</span> <span class="kn">import</span> <span class="n">INFO</span><span class="p">,</span> <span class="n">Handler</span><span class="p">,</span> <span class="n">LogRecord</span><span class="p">,</span> <span class="n">StreamHandler</span> <span class="kn">from</span> <span class="n">logging.handlers</span> <span class="kn">import</span> <span class="n">QueueHandler</span><span class="p">,</span> <span class="n">QueueListener</span> <span class="kn">from</span> <span class="n">axiom.logging</span> <span class="kn">import</span> <span class="n">AxiomHandler</span><span class="p">,</span> <span class="n">Client</span> <span class="kn">from</span> <span class="n">katalystai.conf</span> <span class="kn">import</span> <span class="n">SETTINGS</span> <span class="n">handlers</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="n">Handler</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span><span class="nc">StreamHandler</span><span class="p">()]</span> <span class="k">class</span> <span class="nc">KatalistQueueHandler</span><span class="p">(</span><span class="n">QueueHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">prepare</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">record</span><span class="p">:</span> <span class="n">LogRecord</span><span class="p">):</span> <span class="n">args</span> <span class="o">=</span> <span class="n">record</span><span class="p">.</span><span class="n">args</span> <span class="nf">super</span><span class="p">().</span><span class="nf">prepare</span><span class="p">(</span><span class="n">record</span><span class="p">)</span> <span class="n">record</span><span class="p">.</span><span class="n">args</span> <span class="o">=</span> <span class="n">args</span> <span class="k">return</span> <span class="n">record</span> <span class="k">if</span> <span class="n">SETTINGS</span><span class="p">.</span><span class="n">mode</span> <span class="o">==</span> <span class="sh">"</span><span class="s">production</span><span class="sh">"</span><span class="p">:</span> <span class="n">log_queue</span> <span class="o">=</span> <span class="n">queue</span><span class="p">.</span><span class="nc">Queue</span><span class="p">()</span> <span class="n">queue_handler</span> <span class="o">=</span> <span class="nc">KatalistQueueHandler</span><span class="p">(</span><span class="n">log_queue</span><span class="p">)</span> <span class="n">axiom_client</span> <span class="o">=</span> <span class="nc">Client</span><span class="p">(</span><span class="n">token</span><span class="o">=</span><span class="n">SETTINGS</span><span class="p">.</span><span class="n">axiom_token</span><span class="p">)</span> <span class="n">axiom_handler</span> <span class="o">=</span> <span class="nc">AxiomHandler</span><span class="p">(</span> <span class="n">client</span><span class="o">=</span><span class="n">axiom_client</span><span class="p">,</span> <span class="n">dataset</span><span class="o">=</span><span class="sh">"</span><span class="s">katalist-backend</span><span class="sh">"</span><span class="p">,</span> <span class="n">level</span><span class="o">=</span><span class="n">INFO</span><span class="p">,</span> <span class="p">)</span> <span class="nc">QueueListener</span><span class="p">(</span><span class="n">log_queue</span><span class="p">,</span> <span class="n">axiom_handler</span><span class="p">).</span><span class="nf">start</span><span class="p">()</span> <span class="n">handlers</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">queue_handler</span><span class="p">)</span> </code></pre> </div> <p>Now we can log structured data anywhere in our application without worrying about blocking network calls.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">logging</span> <span class="kn">import</span> <span class="n">getLogger</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">I am logged</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">myname</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">robby bobby</span><span class="sh">"</span> <span class="p">})</span> </code></pre> </div> <p>While this workaround works nicely, you now need to make sure to only log data types that can be pickled. In all honestly, I don't see why you'd log anything but dicts, strings and numbers, but who knows. You've been warned. </p> axiom logging python async zwx00 Fri, 15 Mar 2024 17:06:36 +0000 https://dev.to/zwx00/validating-a-supabase-jwt-locally-with-python-and-fastapi-59jf https://dev.to/zwx00/validating-a-supabase-jwt-locally-with-python-and-fastapi-59jf <p>Supabase is nice, but the functionality it provides for verifying tokens (<code>auth.get_user</code>) for some inexplicable reasons makes a round trip to their end, and this trip in fact takes quite a while (up to 600ms).</p> <p>JWT tokens should by their very nature be verifiable locally, provided we know the secret. Luckily Supabase does expose this JWT secret under project settings.</p> <p>Here's how a FastAPI dependency to get user email and verify their authenticity using the token alone might look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">jwt</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> <span class="kn">from</span> <span class="n">fastapi.security</span> <span class="kn">import</span> <span class="n">HTTPAuthorizationCredentials</span><span class="p">,</span> <span class="n">HTTPBearer</span> <span class="kn">from</span> <span class="n">katalystai.conf</span> <span class="kn">import</span> <span class="n">SETTINGS</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_user_email</span><span class="p">(</span> <span class="n">res</span><span class="p">:</span> <span class="n">Response</span><span class="p">,</span> <span class="n">cred</span><span class="p">:</span> <span class="n">HTTPAuthorizationCredentials</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="nc">HTTPBearer</span><span class="p">(</span><span class="n">auto_error</span><span class="o">=</span><span class="bp">False</span><span class="p">)),</span> <span class="p">):</span> <span class="k">if</span> <span class="n">cred</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Bearer authentication required</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">WWW-Authenticate</span><span class="sh">"</span><span class="p">:</span> <span class="sh">'</span><span class="s">Bearer realm=</span><span class="sh">"</span><span class="s">auth_required</span><span class="sh">"'</span><span class="p">},</span> <span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">jwt_result</span> <span class="o">=</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span> <span class="n">cred</span><span class="p">.</span><span class="n">credentials</span><span class="p">,</span> <span class="n">SETTINGS</span><span class="p">.</span><span class="n">supabase_jwt_secret</span><span class="p">,</span> <span class="n">audience</span><span class="o">=</span><span class="sh">"</span><span class="s">authenticated</span><span class="sh">"</span><span class="p">,</span> <span class="n">algorithms</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">HS256</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="k">return</span> <span class="n">jwt_result</span><span class="p">[</span><span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">]</span> <span class="k">except</span> <span class="n">jwt</span><span class="p">.</span><span class="n">exceptions</span><span class="p">.</span><span class="n">PyJWTError</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Invalid authentication credentials</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">WWW-Authenticate</span><span class="sh">"</span><span class="p">:</span> <span class="sh">'</span><span class="s">Bearer realm=</span><span class="sh">"</span><span class="s">auth_required</span><span class="sh">"'</span><span class="p">},</span> <span class="p">)</span> </code></pre> </div> <p>We can then use this "middleware" like so:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Depends</span> <span class="kn">from</span> <span class="n">katalystai.auth</span> <span class="kn">import</span> <span class="n">get_user_email</span> <span class="nd">@router.post</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">create_thing</span><span class="p">(</span><span class="n">user_email</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_user_email</span><span class="p">)):</span> <span class="k">pass</span> </code></pre> </div> <p>Supabase python client overall is not that nice, it's kinda slow and unreliable. I also suggest switching to another ORM and communicating with Postgres directly instead of using their community python client. I had luck using <code>tortoise</code>, which has excellent async support and clean Django-like API. </p> supabase jwt python fastapi zwx00 Sat, 16 Apr 2022 11:17:09 +0000 https://dev.to/zwx00/how-to-impersonate-a-user-through-django-management-shell-4ke3 https://dev.to/zwx00/how-to-impersonate-a-user-through-django-management-shell-4ke3 <p>In a hypothetical scenario where you have access to the underlying system, there has to be a way to impersonate any given user that signed up on for your Django application.</p> <p>It is however not as trivial to achieve this. There are packages like <code>django-hijack</code> etc., which provide this functionality, but we'd like to achieve it without installing new packages or modifying existing code. Here's a simple, non-intrusive way to go about it on a live environment.</p> <h2> Approach </h2> <p>First, you need to login into your Django application with any other account that you have access to. Visit the cookies tab in your development tools and copy the <code>sessionid</code> cookie value. It should look something like this: <code>wxc0ldhcis45md5hbr3l7r4pyhewo0mr</code>.</p> <p>Then, on the system where Django server is running, access the Django management shell:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py dbshell </code></pre> </div> <p>Then do the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Import the required interfaces </span><span class="kn">from</span> <span class="nn">django.contrib.sessions.models</span> <span class="kn">import</span> <span class="n">Session</span> <span class="kn">from</span> <span class="nn">boltobserver.users.models</span> <span class="kn">import</span> <span class="n">User</span> <span class="c1"># This will be different for you, depending on where your User model is </span><span class="kn">from</span> <span class="nn">django.contrib.sessions.backends.db</span> <span class="kn">import</span> <span class="n">SessionStore</span> <span class="c1"># Find the user you wish to impersonate </span><span class="n">u</span> <span class="o">=</span> <span class="n">User</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nb">filter</span><span class="p">(</span><span class="n">email</span><span class="o">=</span><span class="s">"someone@something.com"</span><span class="p">).</span><span class="n">first</span><span class="p">()</span> <span class="c1"># Find the session you are currently using in your browser </span><span class="n">s</span> <span class="o">=</span> <span class="n">Session</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nb">filter</span><span class="p">(</span><span class="n">session_key</span> <span class="o">=</span> <span class="s">"wxc0ldhcis45md5hbr3l7r4pyhewo0mr"</span><span class="p">).</span><span class="n">first</span><span class="p">()</span> <span class="c1"># And finally, modify the session by binding it to your target user # _auth_user_backend might be different for you, check settings.AUTHENTICATION_BACKENDS for the right value </span><span class="n">s2</span><span class="p">.</span><span class="n">session_data</span> <span class="o">=</span> <span class="n">SessionStore</span><span class="p">().</span><span class="n">encode</span><span class="p">({</span><span class="s">"_auth_user_id"</span><span class="p">:</span> <span class="nb">str</span><span class="p">(</span><span class="n">u</span><span class="p">.</span><span class="nb">id</span><span class="p">),</span> <span class="s">"_auth_user_backend"</span><span class="p">:</span> <span class="s">"allauth.account.auth_backends.AuthenticationBackend"</span><span class="p">,</span> <span class="s">"_auth_user_hash"</span><span class="p">:</span> <span class="n">u</span><span class="p">.</span><span class="n">get_session_auth_hash</span><span class="p">()})</span> <span class="n">s2</span><span class="p">.</span><span class="n">save</span><span class="p">()</span> </code></pre> </div> <p>After refreshing the page, you should be logged in as your desired user.</p> <p>Thanks for reading!</p> django session cookie user