FastAPI-UI-Auth 0.0.1__py3-none-any.whl

fastapi_ui_auth-0.0.1.dist-info/METADATA

@@ -0,0 +1,102 @@
+Metadata-Version: 2.4
+Name: FastAPI-UI-Auth
+Version: 0.0.1
+Summary: Python module to add username and password authentication to specific FastAPI routes
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: fastapi==0.115.*
+Requires-Dist: jinja2==3.1.*
+Requires-Dist: pydantic==2.11.*
+Requires-Dist: python-dotenv==1.1.*
+Provides-Extra: dev
+Requires-Dist: pre-commit==4.2.*; extra == "dev"
+Requires-Dist: uvicorn==0.34.*; extra == "dev"
+Dynamic: license-file
+
+# FastAPIAuthenticator
+
+Python module to add username and password authentication to specific FastAPI routes
+
+![Python][label-pyversion]
+
+**Platform Supported**
+
+![Platform][label-platform]
+
+## Installation
+
+```shell
+repo="thevickypedia/FastAPIAuthenticator"
+
+latest=$(curl -s https://api.github.com/repos/${repo}/tags | jq -r '.[0].name')
+
+pip install "git+https://github.com/${repo}.git@${latest}"
+```
+
+## Usage
+
+```python
+import fastapiauthenticator
+
+from fastapi import FastAPI
+
+app = FastAPI()
+
+
+@app.get("/public")
+def public_route():
+    return {"message": "This is a public route"}
+
+
+def private_route():
+    return {"message": "This is a private route"}
+
+
+fastapiauthenticator.Authenticator(app=app, secure_function=private_route)
+```
+
+## Coding Standards
+Docstring format: [`Google`][google-docs] <br>
+Styling conventions: [`PEP 8`][pep8] and [`isort`][isort]
+
+## [Release Notes][release-notes]
+**Requirement**
+```shell
+python -m pip install gitverse
+```
+
+**Usage**
+```shell
+gitverse-release reverse -f release_notes.rst -t 'Release Notes'
+```
+
+## Linting
+
+**Requirement**
+```shell
+python -m pip install sphinx==5.1.1 pre-commit recommonmark
+```
+
+**Usage**
+```shell
+pre-commit run --all-files
+```
+
+## License & copyright
+
+&copy; Vignesh Rao
+
+Licensed under the [MIT License][license]
+
+[//]: # (Labels)
+
+[3.11]: https://docs.python.org/3/whatsnew/3.11.html
+[license]: https://github.com/thevickypedia/FastAPIAuthenticator/blob/main/LICENSE
+[google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
+[pep8]: https://www.python.org/dev/peps/pep-0008/
+[isort]: https://pycqa.github.io/isort/
+
+[label-pyversion]: https://img.shields.io/badge/python-3.11%20%7C%203.12-blue
+[label-platform]: https://img.shields.io/badge/Platform-Linux|macOS|Windows-1f425f.svg
+[release-notes]: https://github.com/thevickypedia/FastAPIAuthenticator/blob/main/release_notes.rst

fastapi_ui_auth-0.0.1.dist-info/RECORD

@@ -0,0 +1,16 @@
+fastapi_ui_auth-0.0.1.dist-info/licenses/LICENSE,sha256=_sOIKJWdD2o1WwwDIwYB2qTP2nlSWqT5Tyg9jr1Xa4w,1070
+fastapiauthenticator/__init__.py,sha256=b8LChxHIMiYL64em-dnSAglCgQwt0qL8NgFaaLWwFUg,213
+fastapiauthenticator/endpoints.py,sha256=9qGQbLny8OtkcJg4D5xT2gJO43ivuQdrY8A6xhQ7ma4,2161
+fastapiauthenticator/enums.py,sha256=FSKEU8QjAvW8kijMgbSATokd6Ig6EQ4G-_xW7hfz5Jk,373
+fastapiauthenticator/models.py,sha256=itH5YsFJa8-eR1iRm_UCkBtrLZ7ypDMNt8tnaJGiMuk,1778
+fastapiauthenticator/secure.py,sha256=ZOH6kT4BD56VqwaKdKocX7eSE8tqZcu-tK0QOmjY58k,1089
+fastapiauthenticator/service.py,sha256=mJURiebq6nugXh6PkFsZkTAbwkkvKXJJb0CJDjsENNc,7013
+fastapiauthenticator/utils.py,sha256=-wLLL7Qd9TSBYL_qla69Ng6gnMQtpHlrnZd_CqIxC2o,5528
+fastapiauthenticator/version.py,sha256=CactNZqrHHYTPrkHKccy2WKXmaiUdtTgPqSjFyVXnJk,18
+fastapiauthenticator/templates/index.html,sha256=mA2R6gk6lvibq_AmPgGHBFQijYtNUD7IIfeBSJWQrM4,9078
+fastapiauthenticator/templates/session.html,sha256=LUCvcEdQOjfIXjRZ2gPx2s5wyzNuCve4OMge0hXaBLM,3053
+fastapiauthenticator/templates/unauthorized.html,sha256=UZo1Jt64-CFfjwWTGicUMdHVWkYkXCJBRxvit4QTiQM,3015
+fastapi_ui_auth-0.0.1.dist-info/METADATA,sha256=XZDh_Vi29aIxQSGJnKEMnn1woBYkvsgTuJ3fR2DPi2c,2402
+fastapi_ui_auth-0.0.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+fastapi_ui_auth-0.0.1.dist-info/top_level.txt,sha256=EpDRP7uLM0f-Vd5rUtLBh4MTMAnpXzw1pr0DSknW_Ds,21
+fastapi_ui_auth-0.0.1.dist-info/RECORD,,

fastapi_ui_auth-0.0.1.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

fastapi_ui_auth-0.0.1.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 TheVickypedia
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

fastapi_ui_auth-0.0.1.dist-info/top_level.txt

@@ -0,0 +1 @@
+fastapiauthenticator

fastapiauthenticator/__init__.py

@@ -0,0 +1,3 @@
+from fastapiauthenticator.enums import APIEndpoints  # noqa: F401,E402
+from fastapiauthenticator.service import Authenticator  # noqa: F401,E402
+from fastapiauthenticator.version import version  # noqa: F401,E402

fastapiauthenticator/endpoints.py

@@ -0,0 +1,76 @@
+from fastapi.requests import Request
+from fastapi.responses import HTMLResponse
+
+from fastapiauthenticator import enums, models, utils
+from fastapiauthenticator.version import version
+
+
+def session(request: Request) -> HTMLResponse:
+    """Renders the session error page.
+
+    Args:
+        request: Reference to the FastAPI request object.
+
+    Returns:
+        HTMLResponse:
+        Returns an HTML response templated using Jinja2.
+    """
+    return utils.clear_session(
+        request,
+        models.templates.TemplateResponse(
+            name="session.html",
+            context={
+                "request": request,
+                "signin": enums.APIEndpoints.fastapi_login,
+                "reason": "Session expired or invalid.",
+                "fallback_path": models.fallback.path,
+                "fallback_button": models.fallback.button,
+                "version": f"v{version}",
+            },
+        ),
+    )
+
+
+def login(request: Request) -> HTMLResponse:
+    """Render the login page with the verification path and version.
+
+    Returns:
+        HTMLResponse:
+        Rendered HTML response for the login page.
+    """
+    return utils.clear_session(
+        request,
+        models.templates.TemplateResponse(
+            name="index.html",
+            context={
+                "request": request,
+                "signin": enums.APIEndpoints.fastapi_verify_login,
+                "version": f"v{version}",
+            },
+        ),
+    )
+
+
+def error(request: Request) -> HTMLResponse:
+    """Error endpoint for the authenticator.
+
+    Args:
+        request: Reference to the FastAPI request object.
+
+    Returns:
+        HTMLResponse:
+        Returns an HTML response templated using Jinja2.
+    """
+    return utils.clear_session(
+        request,
+        models.templates.TemplateResponse(
+            name="unauthorized.html",
+            context={
+                "request": request,
+                "signin": enums.APIEndpoints.fastapi_login,
+                "fallback_path": models.fallback.path,
+                "fallback_button": models.fallback.button,
+                "version": f"v{version}",
+            },
+        ),
+    )

fastapiauthenticator/enums.py

@@ -0,0 +1,16 @@
+from enum import StrEnum
+
+
+class APIEndpoints(StrEnum):
+    """API endpoints for all the routes.
+
+    >>> APIEndpoints
+
+    """
+
+    fastapi_error = "/fastapi-error"
+    fastapi_login = "/fastapi-login"
+    fastapi_logout = "/fastapi-logout"
+    fastapi_secure = "/fastapi-secure"
+    fastapi_session = "/fastapi-session"
+    fastapi_verify_login = "/fastapi-verify-login"

fastapiauthenticator/models.py

@@ -0,0 +1,60 @@
+import pathlib
+from typing import Dict, Optional
+
+from fastapi.templating import Jinja2Templates
+from pydantic import BaseModel, Field
+
+templates = Jinja2Templates(directory=pathlib.Path(__file__).parent / "templates")
+
+
+class WSSession(BaseModel):
+    """Object to store websocket session information.
+
+    >>> WSSession
+
+    """
+
+    invalid: Dict[str, int] = Field(default_factory=dict)
+    client_auth: Dict[str, Dict[str, int]] = Field(default_factory=dict)
+
+
+class Fallback(BaseModel):
+    """Object to store fallback information.
+
+    >>> Fallback
+
+    """
+
+    button: str = Field(default="LOGIN", description="Title for the fallback button.")
+    path: str = Field(
+        default="/", description="Path to redirect when fallback button is clicked."
+    )
+
+
+class RedirectException(Exception):
+    """Custom ``RedirectException`` raised within the API since HTTPException doesn't support returning HTML content.
+
+    >>> RedirectException
+
+    See Also:
+        - RedirectException allows the API to redirect on demand in cases where returning is not a solution.
+        - There are alternatives to raise HTML content as an exception but none work with our use-case with JavaScript.
+        - This way of exception handling comes handy for many unexpected scenarios.
+
+    References:
+        https://fastapi.tiangolo.com/tutorial/handling-errors/#install-custom-exception-handlers
+    """
+
+    def __init__(self, location: str, detail: Optional[str] = ""):
+        """Instantiates the ``RedirectException`` object with the required parameters.
+
+        Args:
+            location: Location for redirect.
+            detail: Reason for redirect.
+        """
+        self.location = location
+        self.detail = detail
+
+
+ws_session = WSSession()
+fallback = Fallback()

fastapiauthenticator/secure.py

@@ -0,0 +1,41 @@
+import base64
+import binascii
+import hashlib
+import string
+from typing import Any
+
+UNICODE_PREFIX = (
+    base64.b64decode(b"XA==").decode(encoding="ascii")
+    + string.ascii_letters[20]
+    + string.digits[:1] * 2
+)
+
+
+def calculate_hash(value: Any) -> str:
+    """Generate hash value for the given payload."""
+    return hashlib.sha512(bytes(value, "utf-8")).hexdigest()
+
+
+def base64_encode(value: Any) -> str:
+    """Base64 encode the given payload."""
+    encoded_bytes = base64.b64encode(value.encode("utf-8"))
+    return encoded_bytes.decode("utf-8")
+
+
+def base64_decode(value: Any) -> str:
+    """Base64 decode the given payload."""
+    return base64.b64decode(value).decode("utf-8")
+
+
+def hex_decode(value: Any) -> str:
+    """Convert hex value to a string."""
+    return bytes(value, "utf-8").decode(encoding="unicode_escape")
+
+
+def hex_encode(value: str):
+    """Convert string value to hex."""
+    return UNICODE_PREFIX + UNICODE_PREFIX.join(
+        binascii.hexlify(data=value.encode(encoding="utf-8"), sep="-")
+        .decode(encoding="utf-8")
+        .split(sep="-")
+    )

fastapiauthenticator/service.py

@@ -0,0 +1,180 @@
+import logging
+import os
+from threading import Timer
+from typing import Callable, Dict, List
+
+import dotenv
+from fastapi import FastAPI
+from fastapi.params import Depends
+from fastapi.requests import Request
+from fastapi.responses import Response
+from fastapi.routing import APIRoute
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from fastapiauthenticator import endpoints, enums, models, utils
+
+dotenv.load_dotenv(dotenv_path=dotenv.find_dotenv(), override=True)
+LOGGER = logging.getLogger("uvicorn.default")
+BEARER_AUTH = HTTPBearer()
+
+
+# noinspection PyDefaultArgument
+class Authenticator:
+    """Authenticator is a FastAPI integration that provides authentication for secure routes.
+
+    >>> Authenticator
+
+    """
+
+    def __init__(
+        self,
+        app: FastAPI,
+        secure_function: Callable = None,
+        secure_methods: List[str] = ["GET", "POST"],
+        secure_path: str = enums.APIEndpoints.fastapi_secure,
+        username: str = os.environ.get("USERNAME"),
+        password: str = os.environ.get("PASSWORD"),
+        session_timeout: int = 3600,
+        fallback_button: str = models.fallback.button,
+        fallback_path: str = models.fallback.path,
+    ):
+        """Initialize the APIAuthenticator with the FastAPI app and secure function.
+
+        Args:
+            app: FastAPI application instance to which the authenticator will be added.
+            secure_function: Function to be called for secure routes after authentication.
+            secure_methods: List of HTTP methods that the secure function will handle.
+            secure_path: Path for the secure route, must start with '/'.
+            username: Username for authentication, can be set via environment variable 'USERNAME'.
+            password: Password for authentication, can be set via environment variable 'PASSWORD'.
+            session_timeout: Duration in seconds after which the session expires.
+            fallback_button: Title for the fallback button, defaults to "LOGIN".
+            fallback_path: Fallback path to redirect to in case of session timeout or invalid session.
+        """
+        assert all((username, password)), "'username' and 'password' are mandatory."
+        assert secure_function, "Secure function must be provided."
+        assert secure_path.startswith("/"), "Secure path must start with '/'"
+        assert fallback_path.startswith("/"), "Fallback path must start with '/'"
+
+        self.app = app
+        self.secure_methods = secure_methods
+        self.secure_function = secure_function
+        self.secure_path = secure_path
+        self.session_timeout = session_timeout
+        models.fallback.path = fallback_path
+        models.fallback.button = fallback_button
+
+        # noinspection PyTypeChecker
+        self.app.add_exception_handler(
+            exc_class_or_status_code=models.RedirectException,
+            handler=utils.redirect_exception_handler,
+        )
+
+        self.username = username
+        self.password = password
+
+        self._secure()
+
+    def _verify_auth(
+        self,
+        request: Request,
+        authorization: HTTPAuthorizationCredentials = Depends(BEARER_AUTH),
+        response: Response = None,
+    ) -> Dict[str, str]:
+        """Verify the authentication credentials and redirect to the secure route.
+
+        Args:
+            request: Request object containing client information.
+            authorization: Authorization credentials from the request, provided by FastAPI's HTTPBearer.
+            response: Response object containing the response from FastAPI's HTTPBearer.
+
+        Returns:
+            Dict[str, str]:
+            A dictionary containing the redirect URL to the secure path.
+        """
+        utils.verify_login(
+            authorization=authorization,
+            host=request.client.host,
+            env_username=self.username,
+            env_password=self.password,
+        )
+        secure_route = APIRoute(
+            path=self.secure_path,
+            endpoint=self.secure_function,
+            methods=self.secure_methods,
+            dependencies=[Depends(utils.session_check)],
+        )
+        self.app.routes.append(secure_route)
+        LOGGER.info("Setting session timeout for %s seconds", self.session_timeout)
+        self._handle_session(
+            response=response, request=request, secure_route=secure_route
+        )
+        return {"redirect_url": self.secure_path}
+
+    def _setup_session_route(self, secure_route: APIRoute) -> None:
+        """Removes the secure route and adds a routing logic for invalid sessions.
+
+        Args:
+            secure_route: Secure route to be removed from the app after the session timeout.
+        """
+        LOGGER.info("Session expired, removing secure route: %s", secure_route.path)
+        self.app.routes.remove(secure_route)
+        LOGGER.info(
+            "Adding session route to handle expired sessions at %s", self.secure_path
+        )
+        self.app.routes.append(
+            APIRoute(
+                path=self.secure_path,
+                endpoint=endpoints.session,
+                methods=["GET"],
+            )
+        )
+
+    def _handle_session(
+        self, response: Response, request: Request, secure_route: APIRoute
+    ) -> None:
+        """Handle session management by setting a cookie and scheduling session removal.
+
+        Args:
+            response: Response object to set the session cookie.
+            request: Request object containing client information.
+            secure_route: Secure route to be removed from the app after the session timeout.
+        """
+        # Remove the secure route after the session timeout - backend
+        Timer(
+            function=self._setup_session_route,
+            args=(secure_route,),
+            interval=self.session_timeout,
+        ).start()
+        # Set the max age in session cookie to session timeout - frontend
+        response.set_cookie(
+            key="session_token",
+            value=models.ws_session.client_auth[request.client.host].get("token"),
+            httponly=True,
+            samesite="strict",
+            max_age=self.session_timeout,
+        )
+
+    def _secure(self) -> None:
+        """Create the login and verification routes for the APIAuthenticator."""
+        login_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_login,
+            endpoint=endpoints.login,
+            methods=["GET"],
+        )
+        error_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_error,
+            endpoint=endpoints.error,
+            methods=["GET"],
+        )
+        session_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_session,
+            endpoint=endpoints.session,
+            methods=["GET"],
+        )
+        verify_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_verify_login,
+            endpoint=self._verify_auth,
+            methods=["POST"],
+        )
+        self.app.routes.extend([login_route, session_route, error_route, verify_route])

fastapiauthenticator/templates/index.html

@@ -0,0 +1,259 @@
+<!DOCTYPE html>
+<!--suppress JSUnresolvedLibraryURL -->
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <title>FastAPI - Authenticator</title>
+    <meta property="og:type" content="Authenticator">
+    <meta name="keywords" content="Python, fastapi, JavaScript, HTML, CSS">
+    <meta name="author" content="Vignesh Rao">
+    <meta content="width=device-width, initial-scale=1" name="viewport">
+    <script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js"></script>
+    <!-- Favicon.ico and Apple Touch Icon -->
+    <link property="og:image" rel="icon" href="https://thevickypedia.github.io/open-source/images/logo/fastapi.ico">
+    <link property="og:image" rel="apple-touch-icon"
+          href="https://thevickypedia.github.io/open-source/images/logo/fastapi.png">
+    <!-- Font Awesome icons -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/fontawesome.min.css">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/solid.min.css">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/regular.min.css">
+    <style>
+        body {
+            font-family: 'Arial', sans-serif;
+            margin: 0;
+            padding: 0;
+            background-color: #151515;
+        }
+
+        .container {
+            max-width: 400px;
+            margin: 50px auto;
+            background: #fff;
+            padding: 20px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+
+        .header {
+            text-align: center;
+            margin-bottom: 20px;
+        }
+
+        .header img {
+            max-width: 150px;
+        }
+
+        .content {
+            display: flex;
+            flex-direction: column;
+        }
+
+        form {
+            display: flex;
+            flex-direction: column;
+        }
+
+        label {
+            margin-top: 10px;
+            color: #000000;
+            font-size: large;
+            font-family: 'Courier New', sans-serif;
+            font-weight: normal;
+        }
+
+        input {
+            padding: 10px;
+            margin-bottom: 15px;
+            border: 1px solid #ddd;
+            border-radius: 5px;
+        }
+
+        button {
+            padding: 12px;
+            background-color: #000000;
+            color: #fff;
+            border: none;
+            border-radius: 5px;
+            cursor: pointer;
+            font-weight: bold;
+        }
+
+        button:hover {
+            background-color: #494949;
+        }
+
+        footer {
+            bottom: 20px;
+            position: fixed;
+            width: 100%;
+            color: #fff;
+            text-align: center;
+            font-family: 'Courier New', monospace;
+            font-size: small;
+        }
+    </style>
+    <style>
+        .password-container {
+            position: relative;
+        }
+
+        .password-container input[type="password"],
+        .password-container input[type="text"] {
+            width: 100%;
+            padding: 12px 36px 12px 12px;
+            box-sizing: border-box;
+        }
+
+        .fa-eye, .fa-eye-slash {
+            position: absolute;
+            top: 40%;
+            right: 4%;
+            transform: translateY(-50%);
+            cursor: pointer;
+            color: lightgray;
+        }
+    </style>
+    <noscript>
+        <style>
+            body {
+                width: 100%;
+                height: 100%;
+                overflow: hidden;
+            }
+        </style>
+        <div style="position: fixed; text-align:center; height: 100%; width: 100%; background-color: #151515;">
+            <h2 style="margin-top:5%">This page requires JavaScript
+                to be enabled.
+                <br><br>
+                Please refer <a href="https://www.enable-javascript.com/">enable-javascript</a> for how to.
+            </h2>
+            <form>
+                <button type="submit" onClick="<meta httpEquiv='refresh' content='0'>">RETRY</button>
+            </form>
+        </div>
+    </noscript>
+</head>
+<body>
+<div class="container">
+    <div class="header">
+        <i class="fa-solid fa-user"></i>
+    </div>
+    <div class="content">
+        <!-- <form action="{ url_for('signin') }" method="post"> -->
+        <form>
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="username" required>
+            <label for="password">Password:</label>
+            <div class="password-container">
+                <input type="password" id="password" name="password" required>
+                <i class="fa-regular fa-eye" id="eye"></i>
+            </div>
+            <button type="submit" onclick="submitToAPI(event)">Sign In</button>
+        </form>
+    </div>
+</div>
+</body>
+<!-- control the behavior of the browser's navigation without triggering a full page reload -->
+<script>
+    document.addEventListener('DOMContentLoaded', function () {
+        history.pushState(null, document.title, location.href);
+        window.addEventListener('popstate', function (event) {
+            history.pushState(null, document.title, location.href);
+        });
+    });
+</script>
+<!-- handle authentication from login page -->
+<script>
+    async function ConvertStringToHex(str) {
+        let arr = [];
+        for (let i = 0; i < str.length; i++) {
+            arr[i] = ("00" + str.charCodeAt(i).toString(16)).slice(-4);
+        }
+        return "\\u" + arr.join("\\u");
+    }
+
+    async function CalculateHash(username, password, timestamp) {
+        const message = username + password + timestamp;
+        const encoder = new TextEncoder();
+        const data = encoder.encode(message);
+        if (crypto.subtle === undefined) {
+            const wordArray = CryptoJS.lib.WordArray.create(data);
+            const hash = CryptoJS.SHA512(wordArray);
+            // Convert the hash to a hexadecimal string and return it
+            return hash.toString(CryptoJS.enc.Hex);
+        } else {
+            const hashBuffer = await crypto.subtle.digest('SHA-512', data);
+            const hashArray = Array.from(new Uint8Array(hashBuffer));
+            // Convert each byte to a hexadecimal string, pad with zeros, and join them to form the final hash
+            return hashArray.map(byte => byte.toString(16).padStart(2, '0')).join('');
+        }
+    }
+
+    async function submitToAPI(event) {
+        event.preventDefault();
+        const username = $("#username").val();
+        const password = $("#password").val();
+        if (username === "" || password === "") {
+            alert("ERROR: Username and password are required to authenticate your request!");
+            return false;
+        }
+
+        let hex_user = await ConvertStringToHex(username);
+        let hex_pass = await ConvertStringToHex(password);
+        let timestamp = Math.round(new Date().getTime() / 1000);
+        let hash = await CalculateHash(hex_user, hex_pass, timestamp)
+        let authHeaderValue = hex_user + ',' + hash + ',' + timestamp;
+        let origin = window.location.origin
+        $.ajax({
+            method: "POST",
+            url: origin.concat("{{ signin }}"),
+            headers: {
+                'accept': 'application/json',
+                'Authorization': `Bearer ${btoa(authHeaderValue)}`,
+            },
+            crossDomain: "true",
+            contentType: "application/json; charset=utf-8",
+            success: function (data) {
+                // Check if the response contains a redirect URL
+                if (data.redirect_url) {
+                    // Manually handle the redirect
+                    window.location.href = data.redirect_url;
+                } else {
+                    console.log("Unhandled good response data")
+                    // Handle success if needed
+                    console.log(data);
+                }
+            },
+            error: function (jqXHR, textStatus, errorThrown) {
+                console.error(`Status: ${textStatus}, Error: ${errorThrown}`);
+                if (jqXHR.hasOwnProperty("responseJSON")) {
+                    alert(jqXHR.responseJSON.detail);
+                } else {
+                    alert(errorThrown);
+                }
+            }
+        });
+    }
+
+</script>
+<footer>
+    <div class="footer">
+        PyAPIAuthenticator - {{ version }}<br>
+        <a href="https://github.com/thevickypedia/pyapiauthenticator">https://github.com/thevickypedia/pyapiauthenticator</a>
+    </div>
+</footer>
+<script>
+    const passwordInput = document.querySelector("#password")
+    const eye = document.querySelector("#eye")
+    eye.addEventListener("click", function () {
+        if (passwordInput.type === "password") {
+            passwordInput.type = "text";
+            eye.className = "fa-regular fa-eye-slash"
+        } else {
+            passwordInput.type = "password";
+            eye.className = "fa-regular fa-eye"
+        }
+    });
+</script>
+</html>

fastapiauthenticator/templates/session.html

@@ -0,0 +1,86 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>FastAPI - Authenticator</title>
+    <meta property="og:type" content="Authenticator">
+    <meta name="keywords" content="Python, fastapi, JavaScript, HTML, CSS">
+    <meta name="author" content="Vignesh Rao">
+    <link property="og:image" rel="icon" href="https://thevickypedia.github.io/open-source/images/logo/fastapi.ico">
+    <link property="og:image" rel="apple-touch-icon"
+          href="https://thevickypedia.github.io/open-source/images/logo/fastapi.png">
+    <meta content="width=device-width, initial-scale=1" name="viewport">
+    <style>
+        img {
+            display: block;
+            margin-left: auto;
+            margin-right: auto;
+        }
+
+        :is(h1, h2, h3, h4, h5, h6) {
+            text-align: center;
+            color: #F0F0F0;
+            font-family: 'Courier New', sans-serif;
+        }
+
+        button {
+            width: 100px;
+            margin: 0 auto;
+            display: block;
+        }
+
+        body {
+            background-color: #151515;
+        }
+
+        footer {
+            bottom: 20px;
+            position: fixed;
+            width: 100%;
+            color: #fff;
+            text-align: center;
+            font-family: 'Courier New', monospace;
+            font-size: small;
+        }
+    </style>
+    <noscript>
+        <style>
+            body {
+                width: 100%;
+                height: 100%;
+                overflow: hidden;
+            }
+        </style>
+        <div style="position: fixed; text-align:center; height: 100%; width: 100%; background-color: #151515">
+            <h2 style="margin-top:5%">This page requires JavaScript
+                to be enabled.
+                <br><br>
+                Please refer <a href="https://www.enable-javascript.com/">enable-javascript</a> for how to.
+            </h2>
+            <form>
+                <button type="submit" onClick="<meta httpEquiv='refresh' content='0'>">RETRY</button>
+            </form>
+        </div>
+    </noscript>
+</head>
+<body>
+<h2 style="margin-top:5%">{{ reason }}</h2>
+<h3>Authentication doesn't last forever ¯\_(ツ)_/¯ </h3>
+<p>
+    <img src="https://thevickypedia.github.io/open-source/images/gif/shattered_fusion.gif"
+         onerror="this.src='https://vigneshrao.com/open-source/images/gif/shattered_fusion.gif'"
+         width="200" height="200" alt="Image" class="center">
+</p>
+<button style="text-align:center" onClick="window.location.href = '{{ fallback_path }}';">{{ fallback_button }}</button>
+<br>
+<button style="text-align:center" onClick="alert('Forgot Password?\n\nRelax and try to remember your password.');">HELP
+</button>
+<h4>Click <a href="https://vigneshrao.com/contact">HERE</a> to reach out.</h4>
+</body>
+<footer>
+    <div class="footer">
+        FastAPIAuthenticator - {{ version }}<br>
+        <a href="https://github.com/thevickypedia/FastAPIAuthenticator">https://github.com/thevickypedia/FastAPIAuthenticator</a>
+    </div>
+</footer>
+</html>

fastapiauthenticator/templates/unauthorized.html

@@ -0,0 +1,86 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>FastAPI - Authenticator</title>
+    <meta property="og:type" content="Authenticator">
+    <meta name="keywords" content="Python, fastapi, JavaScript, HTML, CSS">
+    <meta name="author" content="Vignesh Rao">
+    <link property="og:image" rel="icon" href="https://thevickypedia.github.io/open-source/images/logo/fastapi.ico">
+    <link property="og:image" rel="apple-touch-icon"
+          href="https://thevickypedia.github.io/open-source/images/logo/fastapi.png">
+    <meta content="width=device-width, initial-scale=1" name="viewport">
+    <style>
+        img {
+            display: block;
+            margin-left: auto;
+            margin-right: auto;
+        }
+
+        :is(h1, h2, h3, h4, h5, h6) {
+            text-align: center;
+            color: #F0F0F0;
+            font-family: 'Courier New', sans-serif;
+        }
+
+        button {
+            width: 100px;
+            margin: 0 auto;
+            display: block;
+        }
+
+        body {
+            background-color: #151515;
+        }
+
+        footer {
+            bottom: 20px;
+            position: fixed;
+            width: 100%;
+            color: #fff;
+            text-align: center;
+            font-family: 'Courier New', monospace;
+            font-size: small;
+        }
+    </style>
+    <noscript>
+        <style>
+            body {
+                width: 100%;
+                height: 100%;
+                overflow: hidden;
+            }
+        </style>
+        <div style="position: fixed; text-align:center; height: 100%; width: 100%; background-color: #151515;">
+            <h2 style="margin-top:5%">This page requires JavaScript
+                to be enabled.
+                <br><br>
+                Please refer <a href="https://www.enable-javascript.com/">enable-javascript</a> for how to.
+            </h2>
+            <form>
+                <button type="submit" onClick="<meta httpEquiv='refresh' content='0'>">RETRY</button>
+            </form>
+        </div>
+    </noscript>
+</head>
+<body>
+<h2 style="margin-top:5%">LOGIN FAILED</h2>
+<h3>USER ERROR - REPLACE USER</h3>
+<p>
+    <img src="https://thevickypedia.github.io/open-source/images/gif/lockscape.gif"
+         onerror="this.src='https://vigneshrao.com/open-source/images/gif/lockscape.gif'"
+         width="200" height="170" alt="Image" class="center">
+</p>
+<button style="text-align:center" onClick="window.location.href = '{{ fallback_path }}';">{{ fallback_button }}</button>
+<br>
+<button style="text-align:center" onClick="alert('Forgot Password?\n\nRelax and try to remember your password.');">HELP
+</button>
+<h4>Click <a href="https://vigneshrao.com/contact">HERE</a> to reach out.</h4>
+</body>
+<footer>
+    <div class="footer">
+        FastAPIAuthenticator - {{ version }}<br>
+        <a href="https://github.com/thevickypedia/FastAPIAuthenticator">https://github.com/thevickypedia/FastAPIAuthenticator</a>
+    </div>
+</footer>
+</html>

fastapiauthenticator/utils.py

@@ -0,0 +1,167 @@
+import logging
+import secrets
+from typing import Dict, List, NoReturn, Union
+
+from fastapi import status
+from fastapi.exceptions import HTTPException
+from fastapi.requests import Request
+from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
+from fastapi.security import HTTPAuthorizationCredentials
+
+from fastapiauthenticator import enums, models, secure
+
+LOGGER = logging.getLogger("uvicorn.default")
+
+
+def failed_auth_counter(host: str) -> None:
+    """Keeps track of failed login attempts from each host, and redirects if failed for 3 or more times.
+
+    Args:
+        host: Host header from the request.
+    """
+    try:
+        models.ws_session.invalid[host] += 1
+    except KeyError:
+        models.ws_session.invalid[host] = 1
+    if models.ws_session.invalid[host] >= 3:
+        raise models.RedirectException(location=enums.APIEndpoints.fastapi_error)
+
+
+def redirect_exception_handler(
+    request: Request, exception: models.RedirectException
+) -> JSONResponse | RedirectResponse:
+    """Custom exception handler to handle redirect.
+
+    Args:
+        request: Takes the ``Request`` object as an argument.
+        exception: Takes the ``RedirectException`` object inherited from ``Exception`` as an argument.
+
+    Returns:
+        JSONResponse:
+        Returns the JSONResponse with content, status code and cookie.
+    """
+    LOGGER.warning("Exception headers: %s", request.headers)
+    LOGGER.warning("Exception cookies: %s", request.cookies)
+    if request.url.path == enums.APIEndpoints.fastapi_verify_login:
+        response = JSONResponse(
+            content={"redirect_url": exception.location}, status_code=200
+        )
+    else:
+        response = RedirectResponse(url=exception.location)
+    if exception.detail:
+        response.set_cookie(
+            "detail", exception.detail.upper(), httponly=True, samesite="strict"
+        )
+    return response
+
+
+def raise_error(host: str) -> NoReturn:
+    """Raises a 401 Unauthorized error in case of bad credentials.
+
+    Args:
+        host: Host header from the request.
+    """
+    failed_auth_counter(host)
+    LOGGER.error(
+        "Incorrect username or password: %d",
+        models.ws_session.invalid[host],
+    )
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Incorrect username or password",
+        headers=None,
+    )
+
+
+def extract_credentials(
+    authorization: HTTPAuthorizationCredentials, host: str
+) -> List[str]:
+    """Extract the credentials from ``Authorization`` headers and decode it before returning as a list of strings.
+
+    Args:
+        authorization: Authorization header from the request.
+        host: Host header from the request.
+    """
+    if not authorization:
+        raise_error(host)
+    decoded_auth = secure.base64_decode(authorization.credentials)
+    # convert hex to a string
+    auth = secure.hex_decode(decoded_auth)
+    return auth.split(",")
+
+
+def verify_login(
+    authorization: HTTPAuthorizationCredentials,
+    host: str,
+    env_username: str,
+    env_password: str,
+) -> Dict[str, Union[str, int]]:
+    """Verifies authentication and generates session token for each user.
+
+    Returns:
+        Dict[str, str]:
+        Returns a dictionary with the payload required to create the session token.
+    """
+    username, signature, timestamp = extract_credentials(authorization, host)
+    if secrets.compare_digest(username, env_username):
+        hex_user = secure.hex_encode(env_username)
+        hex_pass = secure.hex_encode(env_password)
+    else:
+        LOGGER.warning("User '%s' not allowed", username)
+        raise_error(host)
+    message = f"{hex_user}{hex_pass}{timestamp}"
+    expected_signature = secure.calculate_hash(message)
+    if secrets.compare_digest(signature, expected_signature):
+        models.ws_session.invalid[host] = 0
+        key = secrets.token_urlsafe(64)
+        models.ws_session.client_auth[host] = dict(
+            username=username, token=key, timestamp=int(timestamp)
+        )
+        return models.ws_session.client_auth[host]
+    raise_error(host)
+
+
+def session_check(request: Request) -> None:
+    """Check if the session is still valid.
+
+    Args:
+        request: Request object containing client information.
+
+    Raises:
+        HTTPException: If the session is invalid or expired.
+    """
+    stored_token = models.ws_session.client_auth.get(request.client.host, {}).get(
+        "token"
+    )
+    session_token = request.cookies.get("session_token")
+    if (
+        stored_token
+        and session_token
+        and secrets.compare_digest(session_token, stored_token)
+    ):
+        LOGGER.info("Session is valid for host: %s", request.client.host)
+        return
+    raise models.RedirectException(
+        location=enums.APIEndpoints.fastapi_session,
+        detail="Session expired or invalid. Please log in again.",
+    )
+
+
+def clear_session(request: Request, response: HTMLResponse) -> HTMLResponse:
+    """Clear the session token from the response.
+
+    Args:
+        request: FastAPI ``request`` object.
+        response: FastAPI ``response`` object.
+
+    Returns:
+        HTMLResponse:
+        Returns the response object with the session token cleared.
+    """
+    for cookie in request.cookies:
+        # Deletes all cookies stored in current session
+        LOGGER.info("Deleting cookie: '%s'", cookie)
+        response.delete_cookie(cookie)
+    response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+    response.headers["Authorization"] = ""
+    return response

fastapiauthenticator/version.py

@@ -0,0 +1 @@
+version = "0.0.1"