feat(oauth): add csas connection, allow oauth from react

2026-03-22 06:57:47 +01:00 · 2025-10-21 22:01:09 +02:00
parent be4a3b401a
commit 3ebf47e371
13 changed files with 509 additions and 20 deletions
--- a/7project/backend/app/services/bank_scraper.py
+++ b/7project/backend/app/services/bank_scraper.py
@@ -0,0 +1,121 @@
+import json
+import logging
+from os.path import dirname, join
+from uuid import UUID
+
+import httpx
+from sqlalchemy import select
+
+from app.core.db import async_session_maker
+from app.models.user import User
+
+logger = logging.getLogger(__name__)
+
+# Reuse CSAS mTLS certs used by OAuth profile calls
+OAUTH_DIR = join(dirname(__file__), "..", "oauth")
+CERTS = (
+    join(OAUTH_DIR, "public_key.pem"),
+    join(OAUTH_DIR, "private_key.key"),
+)
+
+
+async def aload_ceska_sporitelna_transactions(user_id: str) -> None:
+    """
+    Async entry point to load Česká spořitelna transactions for a single user.
+    Validates the user_id and performs a minimal placeholder action.
+    """
+    try:
+        uid = UUID(str(user_id))
+    except Exception:
+        logger.error("Invalid user_id provided to bank_scraper (async): %r", user_id)
+        return
+
+    await _aload_ceska_sporitelna_transactions(uid)
+
+
+async def aload_all_ceska_sporitelna_transactions() -> None:
+    """
+    Async entry point to load Česká spořitelna transactions for all users.
+    """
+    async with async_session_maker() as session:
+        result = await session.execute(select(User))
+        users = result.unique().scalars().all()
+        logger.info("[BankScraper] Starting CSAS scrape for all users | count=%d", len(users))
+
+    processed = 0
+    for user in users:
+        try:
+            await _aload_ceska_sporitelna_transactions(user.id)
+            processed += 1
+        except Exception:
+            logger.exception("[BankScraper] Error scraping for user id=%s email=%s", user.id,
+                             getattr(user, 'email', None))
+    logger.info("[BankScraper] Finished CSAS scrape for all users | processed=%d", processed)
+
+
+async def _aload_ceska_sporitelna_transactions(user_id: UUID) -> None:
+    async with async_session_maker() as session:
+        result = await session.execute(select(User).where(User.id == user_id))
+        user: User = result.unique().scalar_one_or_none()
+        if user is None:
+            logger.warning("User not found for id=%s", user_id)
+            return
+
+        cfg = user.config or {}
+        if "csas" not in cfg:
+            return
+
+        cfg = json.loads(cfg["csas"])
+        if "access_token" not in cfg:
+            return
+
+        accounts = []
+        try:
+            async with httpx.AsyncClient(cert=CERTS, timeout=httpx.Timeout(20.0)) as client:
+                response = await client.get(
+                    "https://webapi.developers.erstegroup.com/api/csas/sandbox/v4/account-information/my/accounts?size=10&page=0&sort=iban&order=desc",
+                    headers={
+                        "Authorization": f"Bearer {cfg['access_token']}",
+                        "WEB-API-key": "09fdc637-3c57-4242-95f2-c2205a2438f3",
+                        "user-involved": "false",
+                    },
+                )
+                if response.status_code != httpx.codes.OK:
+                    return
+
+                for account in response.json()["accounts"]:
+                    accounts.append(account)
+
+        except (httpx.HTTPError,) as e:
+            logger.exception("[BankScraper] HTTP error during CSAS request | user_id=%s", user_id)
+            return
+
+        for account in accounts:
+            id = account["id"]
+
+            url = f"https://webapi.developers.erstegroup.com/api/csas/sandbox/v4/account-information/my/accounts/{id}/transactions?size=100&page=0&sort=bookingdate&order=desc"
+            async with httpx.AsyncClient(cert=CERTS) as client:
+                response = await client.get(
+                    url,
+                    headers={
+                        "Authorization": f"Bearer {cfg['access_token']}",
+                        "WEB-API-key": "09fdc637-3c57-4242-95f2-c2205a2438f3",
+                        "user-involved": "false",
+                    },
+                )
+                if response.status_code != httpx.codes.OK:
+                    continue
+
+                # Placeholder: just print the account transactions
+
+                transactions = response.json()["transactions"]
+                pass
+
+            for transaction in transactions:
+                #parse and store transaction to database
+                #create Transaction object and save to DB
+                #obj =
+
+
+                pass
+            pass
--- a/7project/backend/app/services/user_service.py
+++ b/7project/backend/app/services/user_service.py
@@ -14,6 +14,7 @@ from httpx_oauth.oauth2 import BaseOAuth2

 from app.models.user import User
 from app.oauth.bank_id import BankID
+from app.oauth.csas import CSASOAuth
 from app.oauth.custom_openid import CustomOpenID
 from app.oauth.moje_id import MojeIDOAuth
 from app.services.db import get_user_db
@@ -32,7 +33,8 @@ providers = {
    "BankID": BankID(
        os.getenv("BANKID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
        os.getenv("BANKID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
-    )
+    ),
+    "CSAS": CSASOAuth("95082b91-ae16-4033-b850-c04d66274331", "175cf6ce-9ebe-435a-8a63-13b226663032"),
 }