FastAPI-UI-Auth 0.2.3__py3-none-any.whl → 0.3.1__py3-none-any.whl

{fastapi_ui_auth-0.2.3.dist-info → fastapi_ui_auth-0.3.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: FastAPI-UI-Auth
-Version: 0.2.3
+Version: 0.3.1
 Summary: Python module to add username and password authentication to specific FastAPI routes
 Requires-Python: >=3.11
 Description-Content-Type: text/markdown
@@ -12,6 +12,10 @@ Provides-Extra: dev
 Requires-Dist: websockets==15.0.*; extra == "dev"
 Requires-Dist: pre-commit==4.2.*; extra == "dev"
 Requires-Dist: uvicorn==0.34.*; extra == "dev"
+Provides-Extra: test
+Requires-Dist: pytest; extra == "test"
+Requires-Dist: pytest-cov; extra == "test"
+Requires-Dist: httpx; extra == "test"
 Dynamic: license-file
 
 # FastAPIUIAuth
@@ -44,6 +48,7 @@ pip install FastAPI-UI-Auth
 import uiauth
 
 from fastapi import FastAPI
+from fastapi.routing import APIRoute
 
 app = FastAPI()
 
@@ -56,9 +61,9 @@ async def private_route():
 
 uiauth.protect(
     app=app,
-    params=uiauth.Parameters(
+    routes=APIRoute(
         path="/private",
-        function=private_route
+        endpoint=private_route
     )
 )
 ```

fastapi_ui_auth-0.3.1.dist-info/RECORD

@@ -0,0 +1,18 @@
+fastapi_ui_auth-0.3.1.dist-info/licenses/LICENSE,sha256=_sOIKJWdD2o1WwwDIwYB2qTP2nlSWqT5Tyg9jr1Xa4w,1070
+uiauth/__init__.py,sha256=hbHN-Vv4xTxDqpQW2lmgdl-OlEkAtL6JXAGL-nucaOU,211
+uiauth/endpoints.py,sha256=CJteXsGQWfn--U6_VdVN8VhnPsf3HSefYX1NOzAhacM,2837
+uiauth/enums.py,sha256=W_9U2luXbscyBEROXqEhKY5DHpJRV1J4VUOpkyUOOzU,334
+uiauth/logger.py,sha256=z67PBMs4zWOfy-Gfm_41dj5Uulm-ChvZxB_jmYKKXeI,391
+uiauth/models.py,sha256=56d8O9bExxwPZcOzMYL0IN9LOnVTJyfOSvD58kzTklc,3210
+uiauth/secure.py,sha256=ZOH6kT4BD56VqwaKdKocX7eSE8tqZcu-tK0QOmjY58k,1089
+uiauth/service.py,sha256=XeVFxWR5k7QIdgxjRBiUaE0oYpSlX3HE-RadJq-7HW4,7827
+uiauth/utils.py,sha256=Ga8RivN3PJX8zg2uu3RfEtJLGKaT1_iwphqvhh2XrPY,7007
+uiauth/version.py,sha256=sEAhGxRzEBE5t0VjAcJ-336II62pGIQ0eLrs42I-sGU,18
+uiauth/templates/index.html,sha256=n8tOiKXEUI4zBh1YOQNlH5MKNMRTQ2adH0QIuvrEcv4,9071
+uiauth/templates/logout.html,sha256=JrWBJCbK1E4NfrNipMsLzfJ_-Fs2C6D4S0B6O7JNoek,3504
+uiauth/templates/session.html,sha256=EL4gajOED3IcOnrALMiJ2SzJl2at8GFfruTuExhgOVI,3040
+uiauth/templates/unauthorized.html,sha256=ahv78zLM04_Lu83LdX0Ua_toKeP5JZkYsTCWCrfCvHA,3002
+fastapi_ui_auth-0.3.1.dist-info/METADATA,sha256=UbiHi5QjWiG7VqUYCbRQGpVj6_TEW3ozAYBQi4cNOpU,3662
+fastapi_ui_auth-0.3.1.dist-info/WHEEL,sha256=YCfwYGOYMi5Jhw2fU4yNgwErybb2IX5PEwBKV4ZbdBo,91
+fastapi_ui_auth-0.3.1.dist-info/top_level.txt,sha256=ra3nGTbDTgQ7eChlkngJ7xGXhSCeFTWMvb_b6q8uPVA,7
+fastapi_ui_auth-0.3.1.dist-info/RECORD,,

uiauth/__init__.py

@@ -1,6 +1,5 @@
-from uiauth.enums import APIEndpoints, APIMethods  # noqa: F401,E402
-from uiauth.models import Parameters  # noqa: F401,E402
-from uiauth.service import FastAPIUIAuth  # noqa: F401,E402
+from uiauth.enums import APIEndpoints  # noqa: F401,E402
+from uiauth.service import FastAPIUIAuth as _authProduct  # noqa: F401,E402
 from uiauth.version import version  # noqa: F401,E402
 
-protect = FastAPIUIAuth
+protect = _authProduct

uiauth/enums.py

@@ -1,21 +1,6 @@
 from enum import StrEnum
 
 
-class APIMethods(StrEnum):
-    """HTTP methods for API requests.
-
-    >>> APIMethods
-
-    """
-
-    GET = "GET"
-    POST = "POST"
-    PUT = "PUT"
-    DELETE = "DELETE"
-    PATCH = "PATCH"
-    OPTIONS = "OPTIONS"
-
-
 class APIEndpoints(StrEnum):
     """API endpoints for all the routes.
 

uiauth/models.py

@@ -1,13 +1,10 @@
 import os
 import pathlib
-from typing import Callable, Dict, Iterable, List, Optional, Type
+from typing import Dict, Iterable, Optional
 
-from fastapi.routing import APIRoute, APIWebSocketRoute
 from fastapi.templating import Jinja2Templates
 from pydantic import BaseModel, Field
 
-from uiauth.enums import APIMethods
-
 templates = Jinja2Templates(directory=pathlib.Path(__file__).parent / "templates")
 
 
@@ -58,26 +55,6 @@ def env_loader(**kwargs) -> EnvConfig:
 env = EnvConfig
 
 
-class Parameters(BaseModel):
-    """Parameters for the Authenticator class.
-
-    >>> Parameters
-
-    Attributes:
-        path: Path for the secure route, must start with '/'.
-        function: Function to be called for secure routes after authentication.
-        methods: List of HTTP methods that the secure function will handle.
-        route: Type of route to be used for secure routes, either APIWebSocketRoute or APIRoute.
-    """
-
-    path: str = Field(
-        pattern="^/.*$", description="Path for the secure route, must start with '/'"
-    )
-    function: Callable
-    methods: List[APIMethods] = [APIMethods.GET]
-    route: Type[APIWebSocketRoute] | Type[APIRoute] = APIRoute
-
-
 class WSSession(BaseModel):
     """Object to store websocket session information.
 

uiauth/service.py

@@ -1,13 +1,9 @@
+import inspect
 import logging
-from threading import Timer
+import time
 from typing import Dict, List
 
-from fastapi import status
-from fastapi.applications import FastAPI
-from fastapi.exceptions import HTTPException
-from fastapi.params import Depends
-from fastapi.requests import Request
-from fastapi.responses import Response
+from fastapi import Depends, FastAPI, HTTPException, Request, Response, status
 from fastapi.routing import APIRoute, APIWebSocketRoute
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
@@ -24,13 +20,10 @@ class FastAPIUIAuth:
 
     """
 
-    # TODO: Consume APIRoute or APIWebSocketRoute directly in params instead of creating them in the _secure method
-    #   Include stricter type validation (if that works)
-    #   Update samples and readme - major version change
     def __init__(
         self,
         app: FastAPI,
-        params: models.Parameters | List[models.Parameters],
+        routes: APIRoute | APIWebSocketRoute | List[APIRoute] | List[APIWebSocketRoute],
         timeout: int = 300,
         username: str = None,
         password: str = None,
@@ -42,7 +35,7 @@ class FastAPIUIAuth:
 
         Args:
             app: FastAPI application instance to which the authenticator will be added.
-            params: Parameters for the secure routes can be a single `Parameters` object or a list of `Parameters`.
+            routes: APIRoute or APIWebSocketRoute instance(s) representing the routes to be protected by authentication.
             timeout: Session timeout in seconds, default is 300 seconds (5 minutes).
             username: Username for authentication, can be set via environment variable 'USERNAME'.
             password: Password for authentication, can be set via environment variable 'PASSWORD'.
@@ -50,7 +43,10 @@ class FastAPIUIAuth:
             fallback_path: Fallback path to redirect to in case of session timeout or invalid session.
             custom_logger: Custom logger instance, defaults to the custom logger.
         """
-        models.env = models.EnvConfig(username=username, password=password)
+        assert (
+            isinstance(timeout, int) and timeout > 29
+        ), "Timeout must be an integer at least 30 seconds"
+        models.env = models.env_loader(username=username, password=password)
         assert (
             models.env.username and models.env.password
         ), "Username and password must be provided either as arguments or environment variables"
@@ -58,18 +54,18 @@ class FastAPIUIAuth:
 
         self.app = app
 
-        if isinstance(params, list):
-            assert len(params) > 0, "No endpoints to register"
-            for param in params:
-                assert isinstance(
-                    param, models.Parameters
-                ), f"{param} must be an instance of models.Parameters"
-            self.params = params
-        elif isinstance(params, models.Parameters):
-            self.params = [params]
+        if isinstance(routes, list):
+            assert len(routes) > 0, "No endpoints to register"
+            for route in routes:
+                assert isinstance(route, APIRoute) or isinstance(
+                    route, APIWebSocketRoute
+                ), f"{route} must be an instance of APIRoute or APIWebSocketRoute"
+            self.routes = routes
+        elif isinstance(routes, APIRoute) or isinstance(routes, APIWebSocketRoute):
+            self.routes = [routes]
         else:
             raise ValueError(
-                "Params must be an instance of Parameters or a list of Parameters"
+                "Routes must be an instance of APIRoute or APIWebSocketRoute or a list of them"
             )
 
         assert fallback_path.startswith("/"), "Fallback path must start with '/'"
@@ -90,7 +86,7 @@ class FastAPIUIAuth:
         self.timeout = timeout
 
         self._secure()
-        logger.CUSTOM_LOGGER.debug("Endpoints registered: %s", len(self.params))
+        logger.CUSTOM_LOGGER.debug("Endpoints registered: %s", len(self.routes))
 
     def _verify_auth(
         self,
@@ -125,12 +121,11 @@ class FastAPIUIAuth:
                 samesite="strict",
                 max_age=self.timeout,
             )
+            models.ws_session.client_auth[request.client.host] = {
+                "token": session_token,
+                "expires_at": time.time() + self.timeout,
+            }
             response.delete_cookie(key="X-Requested-By")
-            Timer(
-                function=utils.clear_session,
-                args=(request.client.host,),
-                interval=self.timeout,
-            ).start()
             return {"redirect_url": destination}
         raise HTTPException(
             status_code=status.HTTP_417_EXPECTATION_FAILED,
@@ -145,42 +140,55 @@ class FastAPIUIAuth:
             path=enums.APIEndpoints.fastapi_login,
             endpoint=endpoints.login,
             methods=["GET"],
+            include_in_schema=False,
         )
         logout_route = APIRoute(
             path=enums.APIEndpoints.fastapi_logout,
             endpoint=endpoints.logout,
             methods=["GET"],
+            include_in_schema=False,
         )
         error_route = APIRoute(
             path=enums.APIEndpoints.fastapi_error,
             endpoint=endpoints.error,
             methods=["GET"],
+            include_in_schema=False,
         )
         session_route = APIRoute(
             path=enums.APIEndpoints.fastapi_session,
             endpoint=endpoints.session,
             methods=["GET"],
+            include_in_schema=False,
         )
         verify_route = APIRoute(
             path=enums.APIEndpoints.fastapi_verify_login,
             endpoint=self._verify_auth,
             methods=["POST"],
+            include_in_schema=False,
         )
-        for param in self.params:
-            if param.route is APIWebSocketRoute:
-                # WebSocket routes will not have a login path, they will be protected by session check
-                secure_route = APIWebSocketRoute(
-                    path=param.path,
-                    endpoint=param.function,
-                    dependencies=[Depends(utils.verify_session)],
-                )
-            else:
-                secure_route = APIRoute(
-                    path=param.path,
-                    endpoint=param.function,
-                    methods=["GET"],
-                    dependencies=[Depends(utils.verify_session)],
-                )
+        protected_paths = {route.path for route in self.routes}
+        conflicting = [
+            route
+            for route in self.app.routes
+            if isinstance(route, (APIRoute, APIWebSocketRoute))
+            and route.path in protected_paths
+        ]
+        for existing in conflicting:
+            logger.CUSTOM_LOGGER.warning(
+                "Route %s already registered in the app, removing and re-registering with authentication",
+                existing.path,
+            )
+            self.app.routes.remove(existing)
+        for route in self.routes:
+            kwargs = {
+                name: getattr(route, name)
+                for name in inspect.signature(route.__class__.__init__).parameters
+                if name != "self" and hasattr(route, name)
+            }
+            kwargs["dependencies"] = list(route.dependencies) + [
+                Depends(utils.verify_session)
+            ]
+            secure_route = route.__class__(**kwargs)
             self.app.routes.append(secure_route)
         self.app.routes.extend(
             [login_route, logout_route, session_route, verify_route, error_route]

uiauth/utils.py

@@ -1,4 +1,5 @@
 import secrets
+import time
 from typing import List, NoReturn
 
 from fastapi import status
@@ -111,7 +112,6 @@ def verify_login(
     if secrets.compare_digest(signature, expected_signature):
         models.ws_session.invalid[request.client.host] = 0
         key = secrets.token_urlsafe(64)
-        models.ws_session.client_auth[request.client.host] = key
         return key
     raise_error(request)
 
@@ -138,14 +138,25 @@ def verify_session(
             detail="Request or WebSocket connection is required for session check.",
         )
     session_token = request.cookies.get("session_token")
-    stored_token = models.ws_session.client_auth.get(request.client.host)
+    stored = models.ws_session.client_auth.get(request.client.host, {})
     if (
-        stored_token
+        stored.get("token")
         and session_token
-        and secrets.compare_digest(session_token, stored_token)
+        and secrets.compare_digest(session_token, stored["token"])
     ):
-        logger.CUSTOM_LOGGER.info("Session is valid for host: %s", request.client.host)
-        return
+        if time.time() < stored["expires_at"]:
+            logger.CUSTOM_LOGGER.debug(
+                "Session is valid for host: %s", request.client.host
+            )
+            return
+        models.ws_session.client_auth.pop(request.client.host, None)
+        logger.CUSTOM_LOGGER.warning(
+            "Session expired for host: %s", request.client.host
+        )
+        raise models.RedirectException(
+            source=request.url.path,
+            destination=enums.APIEndpoints.fastapi_login,
+        )
     elif not session_token:
         logger.CUSTOM_LOGGER.warning(
             "Session is invalid or expired for host: %s", request.client.host
@@ -158,7 +169,7 @@ def verify_session(
         logger.CUSTOM_LOGGER.warning(
             "Session token mismatch for host: %s. Expected: %s, Received: %s",
             request.client.host,
-            stored_token,
+            stored.get("token", "None"),
             session_token,
         )
         raise models.RedirectException(

uiauth/version.py

@@ -1 +1 @@
-version = "0.2.3"
+version = "0.3.1"

fastapi_ui_auth-0.2.3.dist-info/RECORD

@@ -1,18 +0,0 @@
-fastapi_ui_auth-0.2.3.dist-info/licenses/LICENSE,sha256=_sOIKJWdD2o1WwwDIwYB2qTP2nlSWqT5Tyg9jr1Xa4w,1070
-uiauth/__init__.py,sha256=s8r2Z0O9w3cuw7GcmRTOWY0NZC0KJXzBS9QsG9wUWsk,264
-uiauth/endpoints.py,sha256=CJteXsGQWfn--U6_VdVN8VhnPsf3HSefYX1NOzAhacM,2837
-uiauth/enums.py,sha256=WO0eBv3l9HHr1I_ZXtAifCgdL-db_tZj9ka7jnjiS5k,547
-uiauth/logger.py,sha256=z67PBMs4zWOfy-Gfm_41dj5Uulm-ChvZxB_jmYKKXeI,391
-uiauth/models.py,sha256=cU1VoPtHsB0A8DIvXSDpAZz2KtbOtQPB507cQ4MGeOw,4014
-uiauth/secure.py,sha256=ZOH6kT4BD56VqwaKdKocX7eSE8tqZcu-tK0QOmjY58k,1089
-uiauth/service.py,sha256=sJG-RbiiO-qKtvaGrSsu_UfTndRPkdRn0AXWhGnjJmQ,7443
-uiauth/utils.py,sha256=DzXqxLpKHUDy1bxffg1cw0izqxcgmnCybSytywiPgbQ,6625
-uiauth/version.py,sha256=7YVXTLSKw_SIjam_Lv65ld1ty1jiyVmclya8_CjMMqY,18
-uiauth/templates/index.html,sha256=n8tOiKXEUI4zBh1YOQNlH5MKNMRTQ2adH0QIuvrEcv4,9071
-uiauth/templates/logout.html,sha256=JrWBJCbK1E4NfrNipMsLzfJ_-Fs2C6D4S0B6O7JNoek,3504
-uiauth/templates/session.html,sha256=EL4gajOED3IcOnrALMiJ2SzJl2at8GFfruTuExhgOVI,3040
-uiauth/templates/unauthorized.html,sha256=ahv78zLM04_Lu83LdX0Ua_toKeP5JZkYsTCWCrfCvHA,3002
-fastapi_ui_auth-0.2.3.dist-info/METADATA,sha256=QeOE9sG3SJE5Tzqm7AoOe65z8QjgqcS_t_mSmFJHYBU,3493
-fastapi_ui_auth-0.2.3.dist-info/WHEEL,sha256=YCfwYGOYMi5Jhw2fU4yNgwErybb2IX5PEwBKV4ZbdBo,91
-fastapi_ui_auth-0.2.3.dist-info/top_level.txt,sha256=ra3nGTbDTgQ7eChlkngJ7xGXhSCeFTWMvb_b6q8uPVA,7
-fastapi_ui_auth-0.2.3.dist-info/RECORD,,