FastAPI-UI-Auth 0.0.1b0__py3-none-any.whl → 0.1.0__py3-none-any.whl

fastapi_ui_auth-0.1.0.dist-info/METADATA

@@ -0,0 +1,102 @@
+Metadata-Version: 2.4
+Name: FastAPI-UI-Auth
+Version: 0.1.0
+Summary: Python module to add username and password authentication to specific FastAPI routes
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: fastapi==0.115.*
+Requires-Dist: jinja2==3.1.*
+Requires-Dist: pydantic==2.11.*
+Requires-Dist: python-dotenv==1.1.*
+Provides-Extra: dev
+Requires-Dist: pre-commit==4.2.*; extra == "dev"
+Requires-Dist: uvicorn==0.34.*; extra == "dev"
+Dynamic: license-file
+
+# FastAPIAuthenticator
+
+Python module to add username and password authentication to specific FastAPI routes
+
+![Python][label-pyversion]
+
+**Platform Supported**
+
+![Platform][label-platform]
+
+## Installation
+
+```shell
+repo="thevickypedia/FastAPIAuthenticator"
+
+latest=$(curl -s https://api.github.com/repos/${repo}/tags | jq -r '.[0].name')
+
+pip install "git+https://github.com/${repo}.git@${latest}"
+```
+
+## Usage
+
+```python
+import fastapiauthenticator
+
+from fastapi import FastAPI
+
+app = FastAPI()
+
+
+@app.get("/public")
+def public_route():
+    return {"message": "This is a public route"}
+
+
+def private_route():
+    return {"message": "This is a private route"}
+
+
+fastapiauthenticator.Authenticator(app=app, secure_function=private_route)
+```
+
+## Coding Standards
+Docstring format: [`Google`][google-docs] <br>
+Styling conventions: [`PEP 8`][pep8] and [`isort`][isort]
+
+## [Release Notes][release-notes]
+**Requirement**
+```shell
+python -m pip install gitverse
+```
+
+**Usage**
+```shell
+gitverse-release reverse -f release_notes.rst -t 'Release Notes'
+```
+
+## Linting
+
+**Requirement**
+```shell
+python -m pip install sphinx==5.1.1 pre-commit recommonmark
+```
+
+**Usage**
+```shell
+pre-commit run --all-files
+```
+
+## License & copyright
+
+&copy; Vignesh Rao
+
+Licensed under the [MIT License][license]
+
+[//]: # (Labels)
+
+[3.11]: https://docs.python.org/3/whatsnew/3.11.html
+[license]: https://github.com/thevickypedia/FastAPIAuthenticator/blob/main/LICENSE
+[google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
+[pep8]: https://www.python.org/dev/peps/pep-0008/
+[isort]: https://pycqa.github.io/isort/
+
+[label-pyversion]: https://img.shields.io/badge/python-3.11%20%7C%203.12-blue
+[label-platform]: https://img.shields.io/badge/Platform-Linux|macOS|Windows-1f425f.svg
+[release-notes]: https://github.com/thevickypedia/FastAPIAuthenticator/blob/main/release_notes.rst

fastapi_ui_auth-0.1.0.dist-info/RECORD

@@ -0,0 +1,16 @@
+fastapi_ui_auth-0.1.0.dist-info/licenses/LICENSE,sha256=_sOIKJWdD2o1WwwDIwYB2qTP2nlSWqT5Tyg9jr1Xa4w,1070
+fastapiauthenticator/__init__.py,sha256=H1tJUJp4FWweEu2JeMw5vmqjtMhMwR4kUd11ek8UmwQ,320
+fastapiauthenticator/endpoints.py,sha256=PF2qu6XQ3MQStFEprRYYxiS6Dl6ukYaMqEkSlO-F3Ls,2104
+fastapiauthenticator/enums.py,sha256=WO0eBv3l9HHr1I_ZXtAifCgdL-db_tZj9ka7jnjiS5k,547
+fastapiauthenticator/models.py,sha256=GxmQfSvg70OTsvswJ3QFq_lxq-Yz1fIfzW6x8d4Sj40,2726
+fastapiauthenticator/secure.py,sha256=ZOH6kT4BD56VqwaKdKocX7eSE8tqZcu-tK0QOmjY58k,1089
+fastapiauthenticator/service.py,sha256=1UCCUf7yaH11BHB2vlaNYehVn5YyWbGK6bnrN7wJlDM,6485
+fastapiauthenticator/utils.py,sha256=geO78AL-nqv4EANQzQaWI2mGkkZiLZY8wm2LH_EDye0,7145
+fastapiauthenticator/version.py,sha256=aOHawL1zuHMfBWKXqwUkXcW96oXLNCY-CXdHDqkz4g4,18
+fastapiauthenticator/templates/index.html,sha256=mA2R6gk6lvibq_AmPgGHBFQijYtNUD7IIfeBSJWQrM4,9078
+fastapiauthenticator/templates/session.html,sha256=LUCvcEdQOjfIXjRZ2gPx2s5wyzNuCve4OMge0hXaBLM,3053
+fastapiauthenticator/templates/unauthorized.html,sha256=UZo1Jt64-CFfjwWTGicUMdHVWkYkXCJBRxvit4QTiQM,3015
+fastapi_ui_auth-0.1.0.dist-info/METADATA,sha256=taS1d_w3xCMVJB5ymIbhjlM7GpWIfCPEf8PyR9u4pRQ,2402
+fastapi_ui_auth-0.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+fastapi_ui_auth-0.1.0.dist-info/top_level.txt,sha256=EpDRP7uLM0f-Vd5rUtLBh4MTMAnpXzw1pr0DSknW_Ds,21
+fastapi_ui_auth-0.1.0.dist-info/RECORD,,

fastapiauthenticator/__init__.py

@@ -0,0 +1,6 @@
+from fastapiauthenticator.enums import APIEndpoints, APIMethods  # noqa: F401,E402
+from fastapiauthenticator.models import Parameters  # noqa: F401,E402
+from fastapiauthenticator.service import Authenticator  # noqa: F401,E402
+from fastapiauthenticator.version import version  # noqa: F401,E402
+
+protect = Authenticator

fastapiauthenticator/endpoints.py

@@ -0,0 +1,73 @@
+from fastapi.requests import Request
+from fastapi.responses import HTMLResponse
+
+from fastapiauthenticator import enums, models, utils
+from fastapiauthenticator.version import version
+
+
+def session(request: Request) -> HTMLResponse:
+    """Renders the session error page.
+
+    Args:
+        request: Reference to the FastAPI request object.
+
+    Returns:
+        HTMLResponse:
+        Returns an HTML response templated using Jinja2.
+    """
+    return utils.deauthorize(
+        models.templates.TemplateResponse(
+            name="session.html",
+            context={
+                "request": request,
+                "signin": enums.APIEndpoints.fastapi_login,
+                "reason": "Session expired or invalid.",
+                "fallback_path": models.fallback.path,
+                "fallback_button": models.fallback.button,
+                "version": f"v{version}",
+            },
+        ),
+    )
+
+
+def login(request: Request) -> HTMLResponse:
+    """Render the login page with the verification path and version.
+
+    Returns:
+        HTMLResponse:
+        Rendered HTML response for the login page.
+    """
+    return utils.deauthorize(
+        models.templates.TemplateResponse(
+            name="index.html",
+            context={
+                "request": request,
+                "signin": enums.APIEndpoints.fastapi_verify_login,
+                "version": f"v{version}",
+            },
+        ),
+    )
+
+
+def error(request: Request) -> HTMLResponse:
+    """Error endpoint for the authenticator.
+
+    Args:
+        request: Reference to the FastAPI request object.
+
+    Returns:
+        HTMLResponse:
+        Returns an HTML response templated using Jinja2.
+    """
+    return utils.deauthorize(
+        models.templates.TemplateResponse(
+            name="unauthorized.html",
+            context={
+                "request": request,
+                "signin": enums.APIEndpoints.fastapi_login,
+                "fallback_path": models.fallback.path,
+                "fallback_button": models.fallback.button,
+                "version": f"v{version}",
+            },
+        ),
+    )

fastapiauthenticator/enums.py

@@ -0,0 +1,30 @@
+from enum import StrEnum
+
+
+class APIMethods(StrEnum):
+    """HTTP methods for API requests.
+
+    >>> APIMethods
+
+    """
+
+    GET = "GET"
+    POST = "POST"
+    PUT = "PUT"
+    DELETE = "DELETE"
+    PATCH = "PATCH"
+    OPTIONS = "OPTIONS"
+
+
+class APIEndpoints(StrEnum):
+    """API endpoints for all the routes.
+
+    >>> APIEndpoints
+
+    """
+
+    fastapi_error = "/fastapi-error"
+    fastapi_login = "/fastapi-login"
+    fastapi_logout = "/fastapi-logout"
+    fastapi_session = "/fastapi-session"
+    fastapi_verify_login = "/fastapi-verify-login"

fastapiauthenticator/models.py

@@ -0,0 +1,85 @@
+import pathlib
+from typing import Callable, Dict, List, Optional, Type
+
+from fastapi.routing import APIRoute, APIWebSocketRoute
+from fastapi.templating import Jinja2Templates
+from pydantic import BaseModel, Field
+
+from fastapiauthenticator.enums import APIMethods
+
+templates = Jinja2Templates(directory=pathlib.Path(__file__).parent / "templates")
+
+
+class Parameters(BaseModel):
+    """Parameters for the Authenticator class.
+
+    >>> Parameters
+
+    Attributes:
+        path: Path for the secure route, must start with '/'.
+        function: Function to be called for secure routes after authentication.
+        methods: List of HTTP methods that the secure function will handle.
+        route: Type of route to be used for secure routes, either APIWebSocketRoute or APIRoute.
+    """
+
+    path: str = Field(
+        pattern="^/.*$", description="Path for the secure route, must start with '/'"
+    )
+    function: Callable
+    methods: List[APIMethods] = [APIMethods.GET]
+    route: Type[APIWebSocketRoute] | Type[APIRoute] = APIRoute
+
+
+class WSSession(BaseModel):
+    """Object to store websocket session information.
+
+    >>> WSSession
+
+    """
+
+    invalid: Dict[str, int] = Field(default_factory=dict)
+    client_auth: Dict[str, Dict[str, str | int]] = Field(default_factory=dict)
+
+
+class Fallback(BaseModel):
+    """Object to store fallback information.
+
+    >>> Fallback
+
+    """
+
+    button: str = Field(default="LOGIN", description="Title for the fallback button.")
+    path: str = Field(
+        default="/", description="Path to redirect when fallback button is clicked."
+    )
+
+
+class RedirectException(Exception):
+    """Custom ``RedirectException`` raised within the API since HTTPException doesn't support returning HTML content.
+
+    >>> RedirectException
+
+    See Also:
+        - RedirectException allows the API to redirect on demand in cases where returning is not a solution.
+        - There are alternatives to raise HTML content as an exception but none work with our use-case with JavaScript.
+        - This way of exception handling comes handy for many unexpected scenarios.
+
+    References:
+        https://fastapi.tiangolo.com/tutorial/handling-errors/#install-custom-exception-handlers
+    """
+
+    def __init__(self, destination: str, source: str = "/", detail: Optional[str] = ""):
+        """Instantiates the ``RedirectException`` object with the required parameters.
+
+        Args:
+            source: Source from where the redirect is initiated.
+            destination: Location to redirect.
+            detail: Reason for redirect.
+        """
+        self.detail = detail
+        self.source = source
+        self.destination = destination
+
+
+ws_session = WSSession()
+fallback = Fallback()

fastapiauthenticator/secure.py

@@ -0,0 +1,41 @@
+import base64
+import binascii
+import hashlib
+import string
+from typing import Any
+
+UNICODE_PREFIX = (
+    base64.b64decode(b"XA==").decode(encoding="ascii")
+    + string.ascii_letters[20]
+    + string.digits[:1] * 2
+)
+
+
+def calculate_hash(value: Any) -> str:
+    """Generate hash value for the given payload."""
+    return hashlib.sha512(bytes(value, "utf-8")).hexdigest()
+
+
+def base64_encode(value: Any) -> str:
+    """Base64 encode the given payload."""
+    encoded_bytes = base64.b64encode(value.encode("utf-8"))
+    return encoded_bytes.decode("utf-8")
+
+
+def base64_decode(value: Any) -> str:
+    """Base64 decode the given payload."""
+    return base64.b64decode(value).decode("utf-8")
+
+
+def hex_decode(value: Any) -> str:
+    """Convert hex value to a string."""
+    return bytes(value, "utf-8").decode(encoding="unicode_escape")
+
+
+def hex_encode(value: str):
+    """Convert string value to hex."""
+    return UNICODE_PREFIX + UNICODE_PREFIX.join(
+        binascii.hexlify(data=value.encode(encoding="utf-8"), sep="-")
+        .decode(encoding="utf-8")
+        .split(sep="-")
+    )

fastapiauthenticator/service.py

@@ -0,0 +1,167 @@
+import logging
+import os
+from threading import Timer
+from typing import Dict, List
+
+import dotenv
+from fastapi import status
+from fastapi.applications import FastAPI
+from fastapi.exceptions import HTTPException
+from fastapi.params import Depends
+from fastapi.requests import Request
+from fastapi.responses import Response
+from fastapi.routing import APIRoute, APIWebSocketRoute
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from fastapiauthenticator import endpoints, enums, models, utils
+
+dotenv.load_dotenv(dotenv_path=dotenv.find_dotenv(), override=True)
+LOGGER = logging.getLogger("uvicorn.default")
+BEARER_AUTH = HTTPBearer()
+
+
+# noinspection PyDefaultArgument
+class Authenticator:
+    """Authenticator is a FastAPI integration that provides authentication for secure routes.
+
+    >>> Authenticator
+
+    """
+
+    def __init__(
+        self,
+        app: FastAPI,
+        params: models.Parameters | List[models.Parameters],
+        timeout: int = 300,
+        username: str = os.environ.get("USERNAME"),
+        password: str = os.environ.get("PASSWORD"),
+        fallback_button: str = models.fallback.button,
+        fallback_path: str = models.fallback.path,
+    ):
+        """Initialize the APIAuthenticator with the FastAPI app and secure function.
+
+        Args:
+            app: FastAPI application instance to which the authenticator will be added.
+            params: Parameters for the secure routes, can be a single `Parameters` object or a list of `Parameters`.
+            timeout: Session timeout in seconds, default is 300 seconds (5 minutes).
+            username: Username for authentication, can be set via environment variable 'USERNAME'.
+            password: Password for authentication, can be set via environment variable 'PASSWORD'.
+            fallback_button: Title for the fallback button, defaults to "LOGIN".
+            fallback_path: Fallback path to redirect to in case of session timeout or invalid session.
+        """
+        assert all((username, password)), "'username' and 'password' are mandatory."
+        assert fallback_path.startswith("/"), "Fallback path must start with '/'"
+
+        self.app = app
+
+        if isinstance(params, list):
+            self.params = params
+        elif isinstance(params, models.Parameters):
+            self.params = [params]
+
+        self.route_map: Dict[str, models.Parameters] = {
+            param.path: param for param in self.params if param.route is APIRoute
+        }
+
+        models.fallback.path = fallback_path
+        models.fallback.button = fallback_button
+
+        # noinspection PyTypeChecker
+        self.app.add_exception_handler(
+            exc_class_or_status_code=models.RedirectException,
+            handler=utils.redirect_exception_handler,
+        )
+
+        self.username = username
+        self.password = password
+        self.timeout = timeout
+
+        self._secure()
+
+    def _verify_auth(
+        self,
+        request: Request,
+        authorization: HTTPAuthorizationCredentials = Depends(BEARER_AUTH),
+        response: Response = None,
+    ) -> Dict[str, str]:
+        """Verify the authentication credentials and redirect to the secure route.
+
+        Args:
+            request: Request object containing client information.
+            authorization: Authorization credentials from the request, provided by FastAPI's HTTPBearer.
+            response: Response object containing the response from FastAPI's HTTPBearer.
+
+        Returns:
+            Dict[str, str]:
+            A dictionary containing the redirect URL to the secure path.
+        """
+        utils.verify_login(
+            authorization=authorization,
+            request=request,
+            env_username=self.username,
+            env_password=self.password,
+        )
+        destination = request.cookies.get("X-Requested-By")
+        if parameter := self.route_map.get(destination):
+            LOGGER.info("Setting session timeout for %s seconds", self.timeout)
+            # Set session_token cookie with a timeout, to be used for session validation when redirected
+            response.set_cookie(
+                key="session_token",
+                value=models.ws_session.client_auth[request.client.host].get("token"),
+                httponly=True,
+                samesite="strict",
+                max_age=self.timeout,
+            )
+            response.delete_cookie(key="X-Requested-By")
+            Timer(
+                function=utils.clear_session,
+                args=(request.client.host,),
+                interval=self.timeout,
+            ).start()
+            return {"redirect_url": parameter.path}
+        raise HTTPException(
+            status_code=status.HTTP_417_EXPECTATION_FAILED,
+            detail="Unable to find secure route for the requested path.\n"
+            "Missing cookie: 'X-Requested-By'\n"
+            "Reload the source page to authenticate.",
+        )
+
+    def _secure(self) -> None:
+        """Create the login and verification routes for the APIAuthenticator."""
+        login_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_login,
+            endpoint=endpoints.login,
+            methods=["GET"],
+        )
+        error_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_error,
+            endpoint=endpoints.error,
+            methods=["GET"],
+        )
+        session_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_session,
+            endpoint=endpoints.session,
+            methods=["GET"],
+        )
+        verify_route = APIRoute(
+            path=enums.APIEndpoints.fastapi_verify_login,
+            endpoint=self._verify_auth,
+            methods=["POST"],
+        )
+        for param in self.params:
+            if param.route is APIWebSocketRoute:
+                # WebSocket routes will not have a login path, they will be protected by session check
+                secure_route = APIWebSocketRoute(
+                    path=param.path,
+                    endpoint=param.function,
+                    dependencies=[Depends(utils.session_check)],
+                )
+            else:
+                secure_route = APIRoute(
+                    path=param.path,
+                    endpoint=param.function,
+                    methods=["GET"],
+                    dependencies=[Depends(utils.session_check)],
+                )
+            self.app.routes.append(secure_route)
+        self.app.routes.extend([login_route, session_route, verify_route, error_route])

fastapiauthenticator/templates/index.html

@@ -0,0 +1,259 @@
+<!DOCTYPE html>
+<!--suppress JSUnresolvedLibraryURL -->
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <title>FastAPI - Authenticator</title>
+    <meta property="og:type" content="Authenticator">
+    <meta name="keywords" content="Python, fastapi, JavaScript, HTML, CSS">
+    <meta name="author" content="Vignesh Rao">
+    <meta content="width=device-width, initial-scale=1" name="viewport">
+    <script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js"></script>
+    <!-- Favicon.ico and Apple Touch Icon -->
+    <link property="og:image" rel="icon" href="https://thevickypedia.github.io/open-source/images/logo/fastapi.ico">
+    <link property="og:image" rel="apple-touch-icon"
+          href="https://thevickypedia.github.io/open-source/images/logo/fastapi.png">
+    <!-- Font Awesome icons -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/fontawesome.min.css">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/solid.min.css">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/regular.min.css">
+    <style>
+        body {
+            font-family: 'Arial', sans-serif;
+            margin: 0;
+            padding: 0;
+            background-color: #151515;
+        }
+
+        .container {
+            max-width: 400px;
+            margin: 50px auto;
+            background: #fff;
+            padding: 20px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+
+        .header {
+            text-align: center;
+            margin-bottom: 20px;
+        }
+
+        .header img {
+            max-width: 150px;
+        }
+
+        .content {
+            display: flex;
+            flex-direction: column;
+        }
+
+        form {
+            display: flex;
+            flex-direction: column;
+        }
+
+        label {
+            margin-top: 10px;
+            color: #000000;
+            font-size: large;
+            font-family: 'Courier New', sans-serif;
+            font-weight: normal;
+        }
+
+        input {
+            padding: 10px;
+            margin-bottom: 15px;
+            border: 1px solid #ddd;
+            border-radius: 5px;
+        }
+
+        button {
+            padding: 12px;
+            background-color: #000000;
+            color: #fff;
+            border: none;
+            border-radius: 5px;
+            cursor: pointer;
+            font-weight: bold;
+        }
+
+        button:hover {
+            background-color: #494949;
+        }
+
+        footer {
+            bottom: 20px;
+            position: fixed;
+            width: 100%;
+            color: #fff;
+            text-align: center;
+            font-family: 'Courier New', monospace;
+            font-size: small;
+        }
+    </style>
+    <style>
+        .password-container {
+            position: relative;
+        }
+
+        .password-container input[type="password"],
+        .password-container input[type="text"] {
+            width: 100%;
+            padding: 12px 36px 12px 12px;
+            box-sizing: border-box;
+        }
+
+        .fa-eye, .fa-eye-slash {
+            position: absolute;
+            top: 40%;
+            right: 4%;
+            transform: translateY(-50%);
+            cursor: pointer;
+            color: lightgray;
+        }
+    </style>
+    <noscript>
+        <style>
+            body {
+                width: 100%;
+                height: 100%;
+                overflow: hidden;
+            }
+        </style>
+        <div style="position: fixed; text-align:center; height: 100%; width: 100%; background-color: #151515;">
+            <h2 style="margin-top:5%">This page requires JavaScript
+                to be enabled.
+                <br><br>
+                Please refer <a href="https://www.enable-javascript.com/">enable-javascript</a> for how to.
+            </h2>
+            <form>
+                <button type="submit" onClick="<meta httpEquiv='refresh' content='0'>">RETRY</button>
+            </form>
+        </div>
+    </noscript>
+</head>
+<body>
+<div class="container">
+    <div class="header">
+        <i class="fa-solid fa-user"></i>
+    </div>
+    <div class="content">
+        <!-- <form action="{ url_for('signin') }" method="post"> -->
+        <form>
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="username" required>
+            <label for="password">Password:</label>
+            <div class="password-container">
+                <input type="password" id="password" name="password" required>
+                <i class="fa-regular fa-eye" id="eye"></i>
+            </div>
+            <button type="submit" onclick="submitToAPI(event)">Sign In</button>
+        </form>
+    </div>
+</div>
+</body>
+<!-- control the behavior of the browser's navigation without triggering a full page reload -->
+<script>
+    document.addEventListener('DOMContentLoaded', function () {
+        history.pushState(null, document.title, location.href);
+        window.addEventListener('popstate', function (event) {
+            history.pushState(null, document.title, location.href);
+        });
+    });
+</script>
+<!-- handle authentication from login page -->
+<script>
+    async function ConvertStringToHex(str) {
+        let arr = [];
+        for (let i = 0; i < str.length; i++) {
+            arr[i] = ("00" + str.charCodeAt(i).toString(16)).slice(-4);
+        }
+        return "\\u" + arr.join("\\u");
+    }
+
+    async function CalculateHash(username, password, timestamp) {
+        const message = username + password + timestamp;
+        const encoder = new TextEncoder();
+        const data = encoder.encode(message);
+        if (crypto.subtle === undefined) {
+            const wordArray = CryptoJS.lib.WordArray.create(data);
+            const hash = CryptoJS.SHA512(wordArray);
+            // Convert the hash to a hexadecimal string and return it
+            return hash.toString(CryptoJS.enc.Hex);
+        } else {
+            const hashBuffer = await crypto.subtle.digest('SHA-512', data);
+            const hashArray = Array.from(new Uint8Array(hashBuffer));
+            // Convert each byte to a hexadecimal string, pad with zeros, and join them to form the final hash
+            return hashArray.map(byte => byte.toString(16).padStart(2, '0')).join('');
+        }
+    }
+
+    async function submitToAPI(event) {
+        event.preventDefault();
+        const username = $("#username").val();
+        const password = $("#password").val();
+        if (username === "" || password === "") {
+            alert("ERROR: Username and password are required to authenticate your request!");
+            return false;
+        }
+
+        let hex_user = await ConvertStringToHex(username);
+        let hex_pass = await ConvertStringToHex(password);
+        let timestamp = Math.round(new Date().getTime() / 1000);
+        let hash = await CalculateHash(hex_user, hex_pass, timestamp)
+        let authHeaderValue = hex_user + ',' + hash + ',' + timestamp;
+        let origin = window.location.origin
+        $.ajax({
+            method: "POST",
+            url: origin.concat("{{ signin }}"),
+            headers: {
+                'accept': 'application/json',
+                'Authorization': `Bearer ${btoa(authHeaderValue)}`,
+            },
+            crossDomain: "true",
+            contentType: "application/json; charset=utf-8",
+            success: function (data) {
+                // Check if the response contains a redirect URL
+                if (data.redirect_url) {
+                    // Manually handle the redirect
+                    window.location.href = data.redirect_url;
+                } else {
+                    console.log("Unhandled good response data")
+                    // Handle success if needed
+                    console.log(data);
+                }
+            },
+            error: function (jqXHR, textStatus, errorThrown) {
+                console.error(`Status: ${textStatus}, Error: ${errorThrown}`);
+                if (jqXHR.hasOwnProperty("responseJSON")) {
+                    alert(jqXHR.responseJSON.detail);
+                } else {
+                    alert(errorThrown);
+                }
+            }
+        });
+    }
+
+</script>
+<footer>
+    <div class="footer">
+        PyAPIAuthenticator - {{ version }}<br>
+        <a href="https://github.com/thevickypedia/pyapiauthenticator">https://github.com/thevickypedia/pyapiauthenticator</a>
+    </div>
+</footer>
+<script>
+    const passwordInput = document.querySelector("#password")
+    const eye = document.querySelector("#eye")
+    eye.addEventListener("click", function () {
+        if (passwordInput.type === "password") {
+            passwordInput.type = "text";
+            eye.className = "fa-regular fa-eye-slash"
+        } else {
+            passwordInput.type = "password";
+            eye.className = "fa-regular fa-eye"
+        }
+    });
+</script>
+</html>

fastapiauthenticator/templates/session.html

@@ -0,0 +1,86 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>FastAPI - Authenticator</title>
+    <meta property="og:type" content="Authenticator">
+    <meta name="keywords" content="Python, fastapi, JavaScript, HTML, CSS">
+    <meta name="author" content="Vignesh Rao">
+    <link property="og:image" rel="icon" href="https://thevickypedia.github.io/open-source/images/logo/fastapi.ico">
+    <link property="og:image" rel="apple-touch-icon"
+          href="https://thevickypedia.github.io/open-source/images/logo/fastapi.png">
+    <meta content="width=device-width, initial-scale=1" name="viewport">
+    <style>
+        img {
+            display: block;
+            margin-left: auto;
+            margin-right: auto;
+        }
+
+        :is(h1, h2, h3, h4, h5, h6) {
+            text-align: center;
+            color: #F0F0F0;
+            font-family: 'Courier New', sans-serif;
+        }
+
+        button {
+            width: 100px;
+            margin: 0 auto;
+            display: block;
+        }
+
+        body {
+            background-color: #151515;
+        }
+
+        footer {
+            bottom: 20px;
+            position: fixed;
+            width: 100%;
+            color: #fff;
+            text-align: center;
+            font-family: 'Courier New', monospace;
+            font-size: small;
+        }
+    </style>
+    <noscript>
+        <style>
+            body {
+                width: 100%;
+                height: 100%;
+                overflow: hidden;
+            }
+        </style>
+        <div style="position: fixed; text-align:center; height: 100%; width: 100%; background-color: #151515">
+            <h2 style="margin-top:5%">This page requires JavaScript
+                to be enabled.
+                <br><br>
+                Please refer <a href="https://www.enable-javascript.com/">enable-javascript</a> for how to.
+            </h2>
+            <form>
+                <button type="submit" onClick="<meta httpEquiv='refresh' content='0'>">RETRY</button>
+            </form>
+        </div>
+    </noscript>
+</head>
+<body>
+<h2 style="margin-top:5%">{{ reason }}</h2>
+<h3>Authentication doesn't last forever ¯\_(ツ)_/¯ </h3>
+<p>
+    <img src="https://thevickypedia.github.io/open-source/images/gif/shattered_fusion.gif"
+         onerror="this.src='https://vigneshrao.com/open-source/images/gif/shattered_fusion.gif'"
+         width="200" height="200" alt="Image" class="center">
+</p>
+<button style="text-align:center" onClick="window.location.href = '{{ fallback_path }}';">{{ fallback_button }}</button>
+<br>
+<button style="text-align:center" onClick="alert('Forgot Password?\n\nRelax and try to remember your password.');">HELP
+</button>
+<h4>Click <a href="https://vigneshrao.com/contact">HERE</a> to reach out.</h4>
+</body>
+<footer>
+    <div class="footer">
+        FastAPIAuthenticator - {{ version }}<br>
+        <a href="https://github.com/thevickypedia/FastAPIAuthenticator">https://github.com/thevickypedia/FastAPIAuthenticator</a>
+    </div>
+</footer>
+</html>

fastapiauthenticator/templates/unauthorized.html

@@ -0,0 +1,86 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>FastAPI - Authenticator</title>
+    <meta property="og:type" content="Authenticator">
+    <meta name="keywords" content="Python, fastapi, JavaScript, HTML, CSS">
+    <meta name="author" content="Vignesh Rao">
+    <link property="og:image" rel="icon" href="https://thevickypedia.github.io/open-source/images/logo/fastapi.ico">
+    <link property="og:image" rel="apple-touch-icon"
+          href="https://thevickypedia.github.io/open-source/images/logo/fastapi.png">
+    <meta content="width=device-width, initial-scale=1" name="viewport">
+    <style>
+        img {
+            display: block;
+            margin-left: auto;
+            margin-right: auto;
+        }
+
+        :is(h1, h2, h3, h4, h5, h6) {
+            text-align: center;
+            color: #F0F0F0;
+            font-family: 'Courier New', sans-serif;
+        }
+
+        button {
+            width: 100px;
+            margin: 0 auto;
+            display: block;
+        }
+
+        body {
+            background-color: #151515;
+        }
+
+        footer {
+            bottom: 20px;
+            position: fixed;
+            width: 100%;
+            color: #fff;
+            text-align: center;
+            font-family: 'Courier New', monospace;
+            font-size: small;
+        }
+    </style>
+    <noscript>
+        <style>
+            body {
+                width: 100%;
+                height: 100%;
+                overflow: hidden;
+            }
+        </style>
+        <div style="position: fixed; text-align:center; height: 100%; width: 100%; background-color: #151515;">
+            <h2 style="margin-top:5%">This page requires JavaScript
+                to be enabled.
+                <br><br>
+                Please refer <a href="https://www.enable-javascript.com/">enable-javascript</a> for how to.
+            </h2>
+            <form>
+                <button type="submit" onClick="<meta httpEquiv='refresh' content='0'>">RETRY</button>
+            </form>
+        </div>
+    </noscript>
+</head>
+<body>
+<h2 style="margin-top:5%">LOGIN FAILED</h2>
+<h3>USER ERROR - REPLACE USER</h3>
+<p>
+    <img src="https://thevickypedia.github.io/open-source/images/gif/lockscape.gif"
+         onerror="this.src='https://vigneshrao.com/open-source/images/gif/lockscape.gif'"
+         width="200" height="170" alt="Image" class="center">
+</p>
+<button style="text-align:center" onClick="window.location.href = '{{ fallback_path }}';">{{ fallback_button }}</button>
+<br>
+<button style="text-align:center" onClick="alert('Forgot Password?\n\nRelax and try to remember your password.');">HELP
+</button>
+<h4>Click <a href="https://vigneshrao.com/contact">HERE</a> to reach out.</h4>
+</body>
+<footer>
+    <div class="footer">
+        FastAPIAuthenticator - {{ version }}<br>
+        <a href="https://github.com/thevickypedia/FastAPIAuthenticator">https://github.com/thevickypedia/FastAPIAuthenticator</a>
+    </div>
+</footer>
+</html>

fastapiauthenticator/utils.py

@@ -0,0 +1,210 @@
+import logging
+import secrets
+from typing import Dict, List, NoReturn, Union
+
+from fastapi import status
+from fastapi.exceptions import HTTPException
+from fastapi.requests import Request
+from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
+from fastapi.security import HTTPAuthorizationCredentials
+from fastapi.websockets import WebSocket
+
+from fastapiauthenticator import enums, models, secure
+
+LOGGER = logging.getLogger("uvicorn.default")
+
+
+def failed_auth_counter(request: Request) -> None:
+    """Keeps track of failed login attempts from each host, and redirects if failed for 3 or more times.
+
+    Args:
+        request: Request object containing client information.
+    """
+    try:
+        models.ws_session.invalid[request.client.host] += 1
+    except KeyError:
+        models.ws_session.invalid[request.client.host] = 1
+    if models.ws_session.invalid[request.client.host] >= 3:
+        raise models.RedirectException(destination=enums.APIEndpoints.fastapi_error)
+
+
+def redirect_exception_handler(
+    request: Request, exception: models.RedirectException
+) -> JSONResponse | RedirectResponse:
+    """Custom exception handler to handle redirect.
+
+    Args:
+        request: Takes the ``Request`` object as an argument.
+        exception: Takes the ``RedirectException`` object inherited from ``Exception`` as an argument.
+
+    Returns:
+        JSONResponse:
+        Returns the JSONResponse with content, status code and cookie.
+    """
+    if request.url.path == enums.APIEndpoints.fastapi_verify_login:
+        response = JSONResponse(content={"redirect_url": exception.destination})
+    else:
+        response = RedirectResponse(url=exception.destination)
+    if exception.detail:
+        response.set_cookie(
+            "detail", exception.detail.upper(), httponly=True, samesite="strict"
+        )
+    response.set_cookie(
+        "X-Requested-By", exception.source, httponly=True, samesite="strict"
+    )
+    return response
+
+
+def raise_error(request: Request) -> NoReturn:
+    """Raises a 401 Unauthorized error in case of bad credentials.
+
+    Args:
+        request: Request object containing client information.
+    """
+    failed_auth_counter(request)
+    LOGGER.error(
+        "Incorrect username or password: %d",
+        models.ws_session.invalid[request.client.host],
+    )
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Incorrect username or password",
+        headers=None,
+    )
+
+
+def extract_credentials(
+    authorization: HTTPAuthorizationCredentials, host: str
+) -> List[str]:
+    """Extract the credentials from ``Authorization`` headers and decode it before returning as a list of strings.
+
+    Args:
+        authorization: Authorization header from the request.
+        host: Host header from the request.
+    """
+    if not authorization:
+        raise_error(host)
+    decoded_auth = secure.base64_decode(authorization.credentials)
+    # convert hex to a string
+    auth = secure.hex_decode(decoded_auth)
+    return auth.split(",")
+
+
+def verify_login(
+    authorization: HTTPAuthorizationCredentials,
+    request: Request,
+    env_username: str,
+    env_password: str,
+) -> Dict[str, Union[str, int]]:
+    """Verifies authentication and generates session token for each user.
+
+    Args:
+        authorization: Authorization header from the request.
+        request: Request object containing client information.
+        env_username: Environment variable for the username.
+        env_password: Environment variable for the password.
+
+    Returns:
+        Dict[str, str]:
+        Returns a dictionary with the payload required to create the session token.
+    """
+    username, signature, timestamp = extract_credentials(
+        authorization, request.client.host
+    )
+    if secrets.compare_digest(username, env_username):
+        hex_user = secure.hex_encode(env_username)
+        hex_pass = secure.hex_encode(env_password)
+    else:
+        LOGGER.warning("User '%s' not allowed", username)
+        raise_error(request)
+    message = f"{hex_user}{hex_pass}{timestamp}"
+    expected_signature = secure.calculate_hash(message)
+    if secrets.compare_digest(signature, expected_signature):
+        models.ws_session.invalid[request.client.host] = 0
+        key = secrets.token_urlsafe(64)
+        # fixme: By setting a path instead of timestamp, this can handle path specific sessions
+        models.ws_session.client_auth[request.client.host] = dict(
+            username=username, token=key, timestamp=int(timestamp)
+        )
+        return models.ws_session.client_auth[request.client.host]
+    raise_error(request)
+
+
+def session_check(api_request: Request = None, api_websocket: WebSocket = None) -> None:
+    """Check if the session is still valid.
+
+    Args:
+        api_request: Request containing client information.
+        api_websocket: WebSocket connection object.
+
+    Raises:
+        HTTPException: If the session is invalid or expired.
+    """
+    if api_request:
+        request = api_request
+    elif api_websocket:
+        request = api_websocket
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Request or WebSocket connection is required for session check.",
+        )
+    session_token = request.cookies.get("session_token")
+    stored_token = models.ws_session.client_auth.get(request.client.host, {}).get(
+        "token"
+    )
+    if (
+        stored_token
+        and session_token
+        and secrets.compare_digest(session_token, stored_token)
+    ):
+        LOGGER.info("Session is valid for host: %s", request.client.host)
+        return
+    elif not session_token:
+        LOGGER.warning(
+            "Session is invalid or expired for host: %s", request.client.host
+        )
+        raise models.RedirectException(
+            source=request.url.path,
+            destination=enums.APIEndpoints.fastapi_login,
+        )
+    else:
+        LOGGER.warning(
+            "Session token mismatch for host: %s. Expected: %s, Received: %s",
+            request.client.host,
+            stored_token,
+            session_token,
+        )
+        raise models.RedirectException(
+            source=request.url.path,
+            destination=enums.APIEndpoints.fastapi_session,
+        )
+
+
+def deauthorize(response: HTMLResponse) -> HTMLResponse:
+    """Remove authorization headers and clear session token from the response.
+
+    Args:
+        response: FastAPI ``response`` object.
+
+    Returns:
+        HTMLResponse:
+        Returns the response object with the session token cleared.
+    """
+    response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+    response.headers["Authorization"] = ""
+    response.delete_cookie("session_token")
+    return response
+
+
+def clear_session(host: str) -> None:
+    """Clear the session for the given host.
+
+    Args:
+        host: Host header from the request.
+    """
+    if models.ws_session.client_auth.get(host):
+        models.ws_session.client_auth.pop(host)
+        LOGGER.info("Session cleared for host: %s", host)
+    else:
+        LOGGER.warning("No session found for host: %s", host)

fastapiauthenticator/version.py

@@ -1 +1 @@
-version = "0.0.1-b"
+version = "0.1.0"

fastapi_ui_auth-0.0.1b0.dist-info/METADATA

@@ -1,18 +0,0 @@
-Metadata-Version: 2.4
-Name: FastAPI-UI-Auth
-Version: 0.0.1b0
-Summary: Python module to add username and password authentication to specific FastAPI routes
-Requires-Python: >=3.11
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: fastapi==0.115.*
-Requires-Dist: jinja2==3.1.*
-Requires-Dist: pydantic==2.11.*
-Requires-Dist: python-dotenv==1.1.*
-Provides-Extra: dev
-Requires-Dist: websockets==15.0.*; extra == "dev"
-Requires-Dist: pre-commit==4.2.*; extra == "dev"
-Requires-Dist: uvicorn==0.34.*; extra == "dev"
-Dynamic: license-file
-
-# FastAPIAuthenticator

fastapi_ui_auth-0.0.1b0.dist-info/RECORD

@@ -1,6 +0,0 @@
-fastapi_ui_auth-0.0.1b0.dist-info/licenses/LICENSE,sha256=_sOIKJWdD2o1WwwDIwYB2qTP2nlSWqT5Tyg9jr1Xa4w,1070
-fastapiauthenticator/version.py,sha256=2E5Gs4jtm0QsMW0wDxXSfLOzUQteQzS1wu23GRZA064,20
-fastapi_ui_auth-0.0.1b0.dist-info/METADATA,sha256=hii-1Vny63Kn7jt6OFAWF_nHHYdgUdWaDHq_bmEAK8E,582
-fastapi_ui_auth-0.0.1b0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-fastapi_ui_auth-0.0.1b0.dist-info/top_level.txt,sha256=EpDRP7uLM0f-Vd5rUtLBh4MTMAnpXzw1pr0DSknW_Ds,21
-fastapi_ui_auth-0.0.1b0.dist-info/RECORD,,