Public postcode enrichment API

hub/apps.py

@@ -1,6 +1,16 @@
 from django.apps import AppConfig
+from django.db.utils import ProgrammingError
 
 
 class HubConfig(AppConfig):
     default_auto_field = "django.db.models.BigAutoField"
     name = "hub"
+
+    def ready(self):
+        try:
+            from hub.models import refresh_tokens_cache
+
+            refresh_tokens_cache()
+        except ProgrammingError:
+            # This is expected when running migrations
+            pass

hub/graphql/dataloaders.py

@@ -145,12 +145,16 @@ class ReverseFKWithFiltersDataLoader(dataloaders.BasicReverseFKDataLoader):
     @classmethod
     @sync_to_async
     def load_fn(cls, keys: list[str]) -> list[list[DjangoModel]]:
-        filter_dict = strawberry.asdict(cls.filters)
-        results: list["DjangoModel"] = list(
-            cls.model.objects.filter(**{f"{cls.reverse_path}__in": keys})
-            .prefetch_related(*cls.prefetch)
-            .filter(**filter_dict)
+        unsanitised_filter_dict = strawberry.asdict(cls.filters)
+        filter_dict = {}
+        for key in unsanitised_filter_dict:
+            if unsanitised_filter_dict[key] is not strawberry.UNSET:
+                filter_dict[key] = unsanitised_filter_dict[key]
+        results = cls.model.objects.prefetch_related(*cls.prefetch).filter(
+            **{f"{cls.reverse_path}__in": keys}
         )
+        if len(filter_dict.keys()) > 0:
+            results = results.filter(**filter_dict)
         return [
             [result for result in results if getattr(result, cls.reverse_path) == key]
             for key in keys

hub/graphql/extensions/analytics.py

@@ -0,0 +1,43 @@
+import posthog
+from gqlauth.core.utils import app_settings
+from graphql import ExecutionResult as GraphQLExecutionResult
+from graphql.error import GraphQLError
+from strawberry.extensions import SchemaExtension
+
+from hub.models import APIToken, get_api_token
+
+
+class APIAnalyticsExtension(SchemaExtension):
+    def on_operation(self):
+        yield
+        request = self.execution_context.context.request
+        if token_str := app_settings.JWT_TOKEN_FINDER(request):
+            try:
+                signature = token_str.split(".")[2]
+            except IndexError:
+                self.execution_context.result = GraphQLExecutionResult(
+                    data=None,
+                    errors=[GraphQLError("Invalid auth token")],
+                )
+                return
+            try:
+                db_token = get_api_token(signature)
+                if db_token is not None:
+                    if db_token.revoked:
+                        self.execution_context.result = GraphQLExecutionResult(
+                            data=None,
+                            errors=[GraphQLError("Token has been revoked")],
+                        )
+                    if not posthog.disabled:
+                        posthog.capture(
+                            db_token.user_id,
+                            "API request",
+                            {
+                                "operation_name": self.execution_context.operation_name,
+                                "operation_type": self.execution_context.operation_type,
+                            },
+                        )
+                    else:
+                        print("API request run by User ID", db_token.user_id)
+            except APIToken.DoesNotExist:
+                pass

hub/graphql/schema.py

@@ -9,14 +9,16 @@
 from gqlauth.user import arg_mutations as auth_mutations
 from gqlauth.user.queries import UserQueries
 from graphql import GraphQLError
+from strawberry.extensions import QueryDepthLimiter
 from strawberry.types import ExecutionContext
 from strawberry_django import mutations as django_mutations
 from strawberry_django.optimizer import DjangoOptimizerExtension
 from strawberry_django.permissions import IsAuthenticated
 
 from hub import models
 from hub.graphql import mutations as mutation_types
-from hub.graphql.types import model_types
+from hub.graphql.extensions.analytics import APIAnalyticsExtension
+from hub.graphql.types import model_types, public_queries
 
 logger = logging.getLogger(__name__)
 
@@ -43,7 +45,6 @@ class Query(UserQueries):
     my_organisations: List[model_types.Organisation] = strawberry_django.field(
         extensions=[IsAuthenticated()]
     )
-
     external_data_source: model_types.ExternalDataSource = strawberry_django.field(
         extensions=[IsAuthenticated()]
     )
@@ -87,6 +88,15 @@ class Query(UserQueries):
     area: Optional[model_types.Area] = model_types.area_by_gss
     dataSet: Optional[model_types.DataSet] = model_types.dataset_by_name
 
+    enrich_postcode: public_queries.PostcodeQueryResponse = strawberry.field(
+        resolver=public_queries.enrich_postcode,
+        extensions=[IsAuthenticated()],
+    )
+    enrich_postcodes: List[public_queries.PostcodeQueryResponse] = strawberry.field(
+        resolver=public_queries.enrich_postcodes,
+        extensions=[IsAuthenticated()],
+    )
+
     @strawberry.field
     def test_data_source(
         self, info: strawberry.types.Info, input: TestDataSourceInput
@@ -100,6 +110,8 @@ def test_data_source(
         else:
             raise ValueError("Unsupported data source type")
 
+    list_api_tokens = public_queries.list_api_tokens
+
 
 @strawberry.type
 class Mutation:
@@ -108,6 +120,9 @@ class Mutation:
     verify_account = auth_mutations.VerifyAccount.field
     resend_activation_email = auth_mutations.ResendActivationEmail.field
 
+    create_api_token = public_queries.create_api_token
+    revoke_api_token = public_queries.revoke_api_token
+
     create_external_data_source: mutation_types.CreateExternalDataSourceOutput = (
         mutation_types.create_external_data_source
     )
@@ -203,5 +218,7 @@ def process_errors(
     mutation=Mutation,
     extensions=[
         DjangoOptimizerExtension,  # not required, but highly recommended
+        APIAnalyticsExtension,
+        QueryDepthLimiter(max_depth=10),
     ],
 )

hub/graphql/types/model_types.py

@@ -175,6 +175,7 @@ class FieldDefinition:
     value: str = dict_key_field()
     label: Optional[str] = dict_key_field()
     description: Optional[str] = dict_key_field()
+    external_id: Optional[str] = dict_key_field()
 
 
 @strawberry_django.filter(models.ExternalDataSource)

hub/graphql/types/postcodes.py

@@ -14,7 +14,7 @@ class PostcodesIOCodes:
     admin_district: str = dict_key_field()
     admin_county: str = dict_key_field()
     admin_ward: str = dict_key_field()
-    parish: str = dict_key_field()
+    parish: Optional[str] = dict_key_field()
     parliamentary_constituency: str = dict_key_field()
     parliamentary_constituency_2025: str = dict_key_field()
     ccg: str = dict_key_field()
@@ -59,4 +59,6 @@ class PostcodesIOResult:
 
     @strawberry.field
     def feature(self, info: strawberry.types.info.Info) -> PointFeature:
-        return PointFeature(point=Point(self.longitude, self.latitude), properties=self)
+        return PointFeature.from_geodjango(
+            point=Point(self.longitude, self.latitude), properties=self
+        )

hub/graphql/types/public_queries.py

@@ -0,0 +1,187 @@
+import datetime
+import json
+from typing import List, Optional, cast
+
+from django.conf import settings
+from django.db.models import Q
+
+import jwt
+import pytz
+import strawberry
+import strawberry_django
+from gqlauth.core.utils import app_settings
+from gqlauth.jwt.types_ import TokenPayloadType, TokenType
+from strawberry.dataloader import DataLoader
+from strawberry.types.info import Info
+from strawberry_django.auth.utils import get_current_user
+from strawberry_django.permissions import IsAuthenticated
+
+from hub import models
+from hub.graphql.types import model_types
+from hub.graphql.types.postcodes import PostcodesIOResult
+from utils.postcodesIO import get_bulk_postcode_geo
+
+
+@strawberry.type
+class PostcodeQueryResponse:
+    postcode: str
+    loaders: strawberry.Private[models.Loaders]
+
+    @strawberry.field
+    async def postcodesIO(self) -> Optional[PostcodesIOResult]:
+        return await self.loaders["postcodesIO"].load(self.postcode)
+
+    @strawberry.field
+    async def constituency(self) -> Optional[model_types.Area]:
+        postcode_data = await self.loaders["postcodesIO"].load(self.postcode)
+        if postcode_data is None:
+            return None
+        id = postcode_data.codes.parliamentary_constituency
+        return await models.Area.objects.aget(Q(gss=id) | Q(name=id))
+
+    @strawberry.field
+    async def custom_source_data(
+        self, source: str, source_path: str, info: Info
+    ) -> Optional[str]:
+        source_loader = self.loaders["source_loaders"].get(source, None)
+        postcode_data = await self.loaders["postcodesIO"].load(self.postcode)
+        if source_loader is not None and postcode_data is not None:
+            return await source_loader.load(
+                models.EnrichmentLookup(
+                    member_id=self.postcode,
+                    postcode_data=postcode_data,
+                    source_id=source,
+                    source_path=source_path,
+                )
+            )
+
+
+async def enrich_postcode(postcode: str, info: Info) -> PostcodeQueryResponse:
+    user = get_current_user(info)
+    loaders = models.Loaders(
+        postcodesIO=DataLoader(load_fn=get_bulk_postcode_geo),
+        source_loaders={
+            str(source.id): source.data_loader_factory()
+            async for source in models.ExternalDataSource.objects.filter(
+                organisation__members__user=user,
+                geography_column__isnull=False,
+                geography_column_type__isnull=False,
+            ).all()
+        },
+    )
+    return PostcodeQueryResponse(postcode=postcode, loaders=loaders)
+
+
+async def enrich_postcodes(postcodes: List[str], info: Info) -> PostcodeQueryResponse:
+    if len(postcodes) > settings.POSTCODES_IO_BATCH_MAXIMUM:
+        raise ValueError(
+            f"Batch query takes a maximum of 100 postcodes. You provided {len(postcodes)}"
+        )
+    user = get_current_user(info)
+    loaders = models.Loaders(
+        postcodesIO=DataLoader(load_fn=get_bulk_postcode_geo),
+        source_loaders={
+            str(source.id): source.data_loader_factory()
+            async for source in models.ExternalDataSource.objects.filter(
+                organisation__members__user=user,
+                geography_column__isnull=False,
+                geography_column_type__isnull=False,
+            ).all()
+        },
+    )
+    return [
+        PostcodeQueryResponse(postcode=postcode, loaders=loaders)
+        for postcode in postcodes
+    ]
+
+
+########################
+# API token management
+########################
+
+
+@strawberry_django.type(models.APIToken)
+class APIToken:
+    token: str
+    expires_at: datetime.datetime
+    signature: strawberry.ID
+    created_at: datetime.datetime
+    revoked: bool
+
+
+@strawberry_django.mutation(extensions=[IsAuthenticated()])
+def create_api_token(info: Info, expiry_days: int = 3650) -> APIToken:
+    user = get_current_user(info)
+    user_pk = app_settings.JWT_PAYLOAD_PK.python_name
+    pk_field = {user_pk: getattr(user, user_pk)}
+    expires_at = datetime.datetime.now(tz=pytz.utc) + datetime.timedelta(
+        days=expiry_days
+    )
+    payload = TokenPayloadType(**pk_field, exp=expires_at)
+    serialized = json.dumps(payload.as_dict(), sort_keys=True, indent=1)
+    token = TokenType(
+        token=str(
+            jwt.encode(
+                payload={"payload": serialized},
+                key=cast(str, app_settings.JWT_SECRET_KEY.value),
+                algorithm=app_settings.JWT_ALGORITHM,
+            )
+        ),
+        payload=payload,
+    )
+
+    token_db = models.APIToken.objects.create(
+        signature=token.token.split(".")[2],
+        token=token.token,
+        user=user,
+        expires_at=expires_at,
+    )
+    models.refresh_tokens_cache()
+    return token_db
+
+
+@strawberry_django.mutation(extensions=[IsAuthenticated()])
+def revoke_api_token(signature: strawberry.ID, info: Info) -> APIToken:
+    token = models.APIToken.objects.get(signature=signature)
+    token.revoked = True
+    token.save()
+    models.refresh_tokens_cache()
+    return token
+
+
+@strawberry_django.field(extensions=[IsAuthenticated()])
+def list_api_tokens(info: Info) -> List[APIToken]:
+    tokens = models.APIToken.objects.filter(user=get_current_user(info), revoked=False)
+    return tokens
+
+
+def decode_jwt(token: str) -> "TokenType":
+    from gqlauth.core.utils import app_settings
+    from gqlauth.jwt.types_ import TokenPayloadType, TokenType
+
+    decoded = json.loads(
+        jwt.decode(
+            token,
+            key=cast(str, app_settings.JWT_SECRET_KEY.value),
+            algorithms=[
+                app_settings.JWT_ALGORITHM,
+            ],
+        )["payload"]
+    )
+
+    signature = token.split(".")[2]
+
+    if models.is_api_token_revoked(signature):
+        return ExpiredTokenType(
+            token=token, payload=TokenPayloadType.from_dict(decoded)
+        )
+
+    return TokenType(token=token, payload=TokenPayloadType.from_dict(decoded))
+
+
+class ExpiredTokenType(TokenType):
+    def is_expired(self) -> bool:
+        return True
+
+    def expires_at(self) -> datetime.datetime:
+        return datetime.datetime.now()