abs-auth-rbac-core 0.1.0__tar.gz

abs_auth_rbac_core-0.1.0/PKG-INFO

@@ -0,0 +1,232 @@
+Metadata-Version: 2.3
+Name: abs-auth-rbac-core
+Version: 0.1.0
+Summary: RBAC and Auth core utilities including JWT token management.
+License: MIT
+Author: AutoBridgeSystems
+Author-email: info@autobridgesystems.com
+Requires-Python: >=3.13,<4.0
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.13
+Requires-Dist: abs-exception-core (>=0.1.0,<0.2.0)
+Requires-Dist: casbin (>=1.41.0,<2.0.0)
+Requires-Dist: casbin-sqlalchemy-adapter (>=1.4.0,<2.0.0)
+Requires-Dist: fastapi[standard] (>=0.115.12,<0.116.0)
+Requires-Dist: passlib (>=1.7.4,<2.0.0)
+Requires-Dist: pyjwt (>=2.10.1,<3.0.0)
+Requires-Dist: sqlalchemy (>=2.0.40,<3.0.0)
+Description-Content-Type: text/markdown
+
+# ABS Auth RBAC Core
+
+A comprehensive authentication and Role-Based Access Control (RBAC) package for FastAPI applications. This package provides robust JWT-based authentication and flexible role-based permission management using Casbin.
+
+## Features
+
+- JWT-based authentication with customizable token expiration
+- Password hashing using bcrypt
+- Role-Based Access Control (RBAC) with Casbin integration
+- Flexible permission management
+- User-role and role-permission associations
+- Middleware for authentication and authorization
+
+## Installation
+
+```bash
+pip install abs-auth-rbac-core
+```
+
+## Quick Start
+
+### 1. Authentication Setup
+
+```python
+from abs_auth_rbac_core.auth.jwt_functions import JWTFunctions
+import os
+
+# Initialize JWT functions with environment variables
+jwt_functions = JWTFunctions(
+    secret_key=os.getenv("JWT_SECRET_KEY"),
+    algorithm=os.getenv("JWT_ALGORITHM", "HS256"),
+    expire_minutes=int(os.getenv("JWT_EXPIRE_MINUTES", "60"))
+)
+
+# Create access token
+token = jwt_functions.create_access_token(data={"sub": "user_id"})
+
+# Verify password
+is_valid = jwt_functions.verify_password(plain_password, hashed_password)
+
+# Get password hash
+hashed_password = jwt_functions.get_password_hash(plain_password)
+```
+
+### 2. RBAC Setup
+
+```python
+from abs_auth_rbac_core.rbac.service import RBACService
+
+# Initialize RBAC service
+rbac_service = RBACService(
+    session=your_db_session
+)
+
+# Create a role with permissions
+role = rbac_service.create_role(
+    name="admin",
+    description="Administrator role",
+    permission_ids=["permission_uuid1", "permission_uuid2"]
+)
+
+# Assign roles to user
+rbac_service.bulk_assign_roles_to_user(
+    user_uuid="user_uuid",
+    role_uuids=["role_uuid1", "role_uuid2"]
+)
+
+# Check permission
+has_permission = rbac_service.check_permission(
+    user_uuid="user_uuid",
+    resource="resource_name",
+    action="action_name",
+    module="module_name"
+)
+```
+
+## Core Components
+
+### Authentication (`auth/`)
+- `jwt_functions.py`: JWT token management and password hashing
+- `middleware.py`: Authentication middleware for FastAPI
+- `auth_functions.py`: Core authentication functions
+
+### RBAC (`rbac/`)
+- `service.py`: Main RBAC service with role and permission management
+- `decorator.py`: Decorators for permission checking
+
+### Models (`models/`)
+- `user.py`: User model
+- `roles.py`: Role model
+- `permissions.py`: Permission model
+- `user_role.py`: User-Role association model
+- `role_permission.py`: Role-Permission association model
+- `rbac_model.py`: Base RBAC model
+- `base_model.py`: Base model with common fields
+
+## Usage Examples
+
+### 1. Setting Up Authentication Middleware
+
+```python
+from fastapi import FastAPI, Depends
+from dependency_injector import containers, providers
+from abs_auth_rbac_core.auth.middleware import auth_middleware
+from abs_auth_rbac_core.rbac import RBACService
+
+# Create a container for dependency injection
+class Container(containers.DeclarativeContainer):
+    # Database session provider
+    db_session = providers.Factory(your_db_session_factory)
+    
+    # RBAC service provider
+    rbac_service = providers.Factory(
+        RBACService,
+        session=db_session
+    )
+    
+    # Auth middleware provider
+    get_auth_middleware = providers.Factory(
+        auth_middleware,
+        db_session=db_session,
+        jwt_secret_key=os.getenv("JWT_SECRET_KEY"),
+        jwt_algorithm=os.getenv("JWT_ALGORITHM", "HS256")
+    )
+
+# Initialize FastAPI app
+app = FastAPI()
+container = Container()
+app.container = container
+```
+
+### 2. Applying Middleware to Routers
+
+```python
+from fastapi import FastAPI, Depends
+from src.core.container import Container
+
+class CreateApp:
+    def __init__(self):
+        self.container = Container()
+        self.auth_middleware = self.container.get_auth_middleware()
+        
+        self.app = FastAPI(
+            title="Your Service",
+            description="Service Description",
+            version="0.0.1"
+        )
+        
+        # Apply middleware to specific routers
+        self.app.include_router(
+            users_router,
+            dependencies=[Depends(self.auth_middleware)],
+            tags=["Users"]
+        )
+        
+        # Public routes (no middleware)
+        self.app.include_router(
+            public_router,
+            tags=["Public"]
+        )
+```
+
+### 3. Permission Management
+
+```python
+from abs_auth_rbac_core.util.permission_constants import (
+    PermissionAction,
+    PermissionModule,
+    PermissionResource
+)
+
+# permissions
+permission = PermissionData(
+    name="User Management",
+    description="Manage user accounts",
+    module=PermissionModule.USER_MANAGEMENT,
+    resource=PermissionResource.USER_MANAGEMENT,
+    action=PermissionAction.MANAGE
+)
+
+# Check permissions in route
+@app.get("/users")
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+)
+async def list_users():
+    return {"users": [...]}
+```
+
+## Error Handling
+
+The package includes comprehensive error handling for common scenarios:
+- `UnauthorizedError`: For invalid or expired tokens
+- `ValidationError`: For invalid token formats
+- `DuplicatedError`: For duplicate role names
+- `NotFoundError`: For non-existent resources
+- `PermissionDeniedError`: For insufficient permissions
+
+## Best Practices
+
+1. Always use environment variables for sensitive data (secret keys, etc.)
+2. Implement proper error handling for authentication and authorization failures
+3. Use the middleware for global authentication
+4. Implement proper logging for security-related events
+5. Regularly rotate secret keys and tokens
+6. Use strong password policies
+7. Implement rate limiting for authentication endpoints
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.
+

abs_auth_rbac_core-0.1.0/README.md

@@ -0,0 +1,211 @@
+# ABS Auth RBAC Core
+
+A comprehensive authentication and Role-Based Access Control (RBAC) package for FastAPI applications. This package provides robust JWT-based authentication and flexible role-based permission management using Casbin.
+
+## Features
+
+- JWT-based authentication with customizable token expiration
+- Password hashing using bcrypt
+- Role-Based Access Control (RBAC) with Casbin integration
+- Flexible permission management
+- User-role and role-permission associations
+- Middleware for authentication and authorization
+
+## Installation
+
+```bash
+pip install abs-auth-rbac-core
+```
+
+## Quick Start
+
+### 1. Authentication Setup
+
+```python
+from abs_auth_rbac_core.auth.jwt_functions import JWTFunctions
+import os
+
+# Initialize JWT functions with environment variables
+jwt_functions = JWTFunctions(
+    secret_key=os.getenv("JWT_SECRET_KEY"),
+    algorithm=os.getenv("JWT_ALGORITHM", "HS256"),
+    expire_minutes=int(os.getenv("JWT_EXPIRE_MINUTES", "60"))
+)
+
+# Create access token
+token = jwt_functions.create_access_token(data={"sub": "user_id"})
+
+# Verify password
+is_valid = jwt_functions.verify_password(plain_password, hashed_password)
+
+# Get password hash
+hashed_password = jwt_functions.get_password_hash(plain_password)
+```
+
+### 2. RBAC Setup
+
+```python
+from abs_auth_rbac_core.rbac.service import RBACService
+
+# Initialize RBAC service
+rbac_service = RBACService(
+    session=your_db_session
+)
+
+# Create a role with permissions
+role = rbac_service.create_role(
+    name="admin",
+    description="Administrator role",
+    permission_ids=["permission_uuid1", "permission_uuid2"]
+)
+
+# Assign roles to user
+rbac_service.bulk_assign_roles_to_user(
+    user_uuid="user_uuid",
+    role_uuids=["role_uuid1", "role_uuid2"]
+)
+
+# Check permission
+has_permission = rbac_service.check_permission(
+    user_uuid="user_uuid",
+    resource="resource_name",
+    action="action_name",
+    module="module_name"
+)
+```
+
+## Core Components
+
+### Authentication (`auth/`)
+- `jwt_functions.py`: JWT token management and password hashing
+- `middleware.py`: Authentication middleware for FastAPI
+- `auth_functions.py`: Core authentication functions
+
+### RBAC (`rbac/`)
+- `service.py`: Main RBAC service with role and permission management
+- `decorator.py`: Decorators for permission checking
+
+### Models (`models/`)
+- `user.py`: User model
+- `roles.py`: Role model
+- `permissions.py`: Permission model
+- `user_role.py`: User-Role association model
+- `role_permission.py`: Role-Permission association model
+- `rbac_model.py`: Base RBAC model
+- `base_model.py`: Base model with common fields
+
+## Usage Examples
+
+### 1. Setting Up Authentication Middleware
+
+```python
+from fastapi import FastAPI, Depends
+from dependency_injector import containers, providers
+from abs_auth_rbac_core.auth.middleware import auth_middleware
+from abs_auth_rbac_core.rbac import RBACService
+
+# Create a container for dependency injection
+class Container(containers.DeclarativeContainer):
+    # Database session provider
+    db_session = providers.Factory(your_db_session_factory)
+    
+    # RBAC service provider
+    rbac_service = providers.Factory(
+        RBACService,
+        session=db_session
+    )
+    
+    # Auth middleware provider
+    get_auth_middleware = providers.Factory(
+        auth_middleware,
+        db_session=db_session,
+        jwt_secret_key=os.getenv("JWT_SECRET_KEY"),
+        jwt_algorithm=os.getenv("JWT_ALGORITHM", "HS256")
+    )
+
+# Initialize FastAPI app
+app = FastAPI()
+container = Container()
+app.container = container
+```
+
+### 2. Applying Middleware to Routers
+
+```python
+from fastapi import FastAPI, Depends
+from src.core.container import Container
+
+class CreateApp:
+    def __init__(self):
+        self.container = Container()
+        self.auth_middleware = self.container.get_auth_middleware()
+        
+        self.app = FastAPI(
+            title="Your Service",
+            description="Service Description",
+            version="0.0.1"
+        )
+        
+        # Apply middleware to specific routers
+        self.app.include_router(
+            users_router,
+            dependencies=[Depends(self.auth_middleware)],
+            tags=["Users"]
+        )
+        
+        # Public routes (no middleware)
+        self.app.include_router(
+            public_router,
+            tags=["Public"]
+        )
+```
+
+### 3. Permission Management
+
+```python
+from abs_auth_rbac_core.util.permission_constants import (
+    PermissionAction,
+    PermissionModule,
+    PermissionResource
+)
+
+# permissions
+permission = PermissionData(
+    name="User Management",
+    description="Manage user accounts",
+    module=PermissionModule.USER_MANAGEMENT,
+    resource=PermissionResource.USER_MANAGEMENT,
+    action=PermissionAction.MANAGE
+)
+
+# Check permissions in route
+@app.get("/users")
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+)
+async def list_users():
+    return {"users": [...]}
+```
+
+## Error Handling
+
+The package includes comprehensive error handling for common scenarios:
+- `UnauthorizedError`: For invalid or expired tokens
+- `ValidationError`: For invalid token formats
+- `DuplicatedError`: For duplicate role names
+- `NotFoundError`: For non-existent resources
+- `PermissionDeniedError`: For insufficient permissions
+
+## Best Practices
+
+1. Always use environment variables for sensitive data (secret keys, etc.)
+2. Implement proper error handling for authentication and authorization failures
+3. Use the middleware for global authentication
+4. Implement proper logging for security-related events
+5. Regularly rotate secret keys and tokens
+6. Use strong password policies
+7. Implement rate limiting for authentication endpoints
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.

abs_auth_rbac_core-0.1.0/abs_auth_rbac_core/auth/__init__.py

@@ -0,0 +1,3 @@
+from .jwt_functions import JWTFunctions
+
+__all__ = ["JWTFunctions"]

abs_auth_rbac_core-0.1.0/abs_auth_rbac_core/auth/auth_functions.py

@@ -0,0 +1,31 @@
+from typing import Callable, Any
+from ..models import Users
+
+from abs_exception_core.exceptions import NotFoundError, ValidationError
+
+
+def get_user_by_attribute(db_session: Callable[...,Any],attribute: str, value: str):
+    """
+    Get a user by an attribute.
+
+    Args:
+        attribute (str): The attribute to get the user by.
+        value (str): The value of the attribute.
+    
+    Returns:
+        User: The user object if found, otherwise None.
+    """
+    with db_session() as session:
+        try:
+            if not hasattr(Users, attribute):
+                raise ValidationError(detail=f"Attribute {attribute} does not exist on the User model")
+            
+            user = session.query(Users).filter(getattr(Users, attribute) == value).first()
+
+            if not user:
+                raise NotFoundError(detail="User not found")
+            
+            return user
+        
+        except Exception as e:
+            raise e

abs_auth_rbac_core-0.1.0/abs_auth_rbac_core/auth/jwt_functions.py

@@ -0,0 +1,134 @@
+from datetime import datetime, timedelta, UTC
+from typing import Dict, Type, Callable,Any
+
+import jwt
+from fastapi import Depends
+from fastapi.security import HTTPBearer
+from passlib.context import CryptContext
+from abs_exception_core.exceptions import UnauthorizedError,ValidationError
+
+
+# === JWT Setup ===
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+bearer_scheme = HTTPBearer()
+
+# === Password Hashing ===
+
+class JWTFunctions:
+    def __init__(self,secret_key: str,algorithm: str,expire_minutes: int=None):
+        """
+        Args:
+            secret_key (str): The secret key for the JWT token.
+            algorithm (str): The algorithm for the JWT token.
+            expire_minutes (int): The expiration time for the JWT token in minutes.
+        """
+        self.secret_key = secret_key
+        self.algorithm = algorithm
+        self.expire_minutes = expire_minutes
+
+    def verify_password(self,plain_password: str, hashed_password: str) -> bool:
+        """
+        Verify a plain password against a hashed password using the password hashing context.
+
+        Args:
+            plain_password (str): The plain password to verify.
+            hashed_password (str): The hashed password to verify against.
+        
+        Returns:
+            bool: True if the password is verified, False otherwise.
+        """
+        return pwd_context.verify(plain_password, hashed_password)
+
+    def get_password_hash(self,password: str) -> str:
+        """
+        Generate a hashed password using the password hashing context.
+
+        Args:
+            password (str): The plain password to hash.
+        
+        Returns:
+            str: The hashed password.
+        """
+        return pwd_context.hash(password)
+
+
+    # === Token Dependencies ===
+
+    async def get_token(self,token=Depends(bearer_scheme)) -> str:
+        """
+        Get the token from the bearer scheme.
+
+        Args:
+            token (str): The token to get.
+        
+        Returns:
+            str: The token without the bearer prefix.
+        """
+        return str(token.credentials)
+
+    # === JWT Token Creation & Decoding ===
+
+    def create_jwt_token(self,data: dict, expires_delta: timedelta=None) -> str:
+        """
+        Create a JWT token.
+
+        Args:
+            data (dict): The data to encode in the token.
+            expires_delta (timedelta): The expiration time for the token.
+        
+        Returns:
+            str: The JWT token.
+        """
+        payload = data.copy()
+        if expires_delta:
+            expire = datetime.now(UTC) + expires_delta
+        else:
+            expire = datetime.now(UTC) + timedelta(
+                minutes=self.expire_minutes
+            )
+        payload.update({"exp": expire})
+        return jwt.encode(payload, self.secret_key, algorithm=self.algorithm)
+
+    def decode_jwt(self,token: str) -> dict:
+        """
+        Decode a JWT token.
+
+        Args:
+            token (str): The token to decode.
+        
+        Returns:
+            dict: The decoded token.
+        """
+        try:
+            return jwt.decode(token, self.secret_key, algorithms=[self.algorithm])
+        except jwt.ExpiredSignatureError:
+            raise UnauthorizedError(detail="Token has expired")
+        except jwt.InvalidTokenError:
+            raise  ValidationError(detail="Invalid token")
+
+    def get_data(self,token: str = Depends(get_token)) -> Dict:
+        """
+        Get the data from the JWT token.
+
+        Args:
+            token (str): The token to get the data from.
+        
+        Returns:
+            Dict: The decoded token.
+        """
+        return self.decode_jwt(token)
+    
+    # === Token Generators ===
+
+    def create_access_token(self,data: Dict, expires_delta: timedelta=None) -> str:
+        """
+        Create an access token.
+
+        Args:
+            data (Dict): The data to encode in the token.
+            expires_delta (timedelta): The expiration time for the token.
+        
+        Returns:
+            str: The access token.
+        """
+        return self.create_jwt_token(data=data, expires_delta=expires_delta)

abs_auth_rbac_core-0.1.0/abs_auth_rbac_core/auth/middleware.py

@@ -0,0 +1,50 @@
+from fastapi import Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+import logging
+from typing import Callable, Any
+
+from .jwt_functions import JWTFunctions
+from .auth_functions import get_user_by_attribute
+from abs_exception_core.exceptions import UnauthorizedError
+
+security = HTTPBearer()
+logger = logging.getLogger(__name__)
+
+
+# Dependency acting like per-route middleware
+def auth_middleware(
+    db_session: Callable[...,Any],
+    jwt_secret_key:str,
+    jwt_algorithm:str
+):
+    """
+    This middleware is used for authentication of the user.
+    Args:
+        db_session: Callable[...,Any]: Session of the SQLAlchemy database engine
+        Users: User table fo teh system
+        jwt_secret_key: Secret key of the JWT for jwt functions
+        jwt_algorithm: Algorithm used for JWT
+
+    Returns:
+    """
+    def get_auth(token: HTTPAuthorizationCredentials = Depends(security)):
+        jwt_functions = JWTFunctions(secret_key=jwt_secret_key,algorithm=jwt_algorithm)
+        try:
+            if not token or not token.credentials:
+                raise UnauthorizedError(detail="Invalid authentication credentials")
+
+            payload = jwt_functions.get_data(token=token.credentials)
+            uuid = payload.get("uuid")
+
+            user = get_user_by_attribute(db_session=db_session,attribute="uuid", value=uuid)
+            
+            if not user:
+                logger.error(f"Authentication failed: User with id {uuid} not found")
+                raise UnauthorizedError(detail="Authentication failed")
+
+            return user  # Attach user for use in route
+
+        except Exception as e:
+            logger.error(f"Authentication error: {str(e)}", exc_info=True)
+            raise UnauthorizedError(detail="Authentication failed")
+    return get_auth

abs_auth_rbac_core-0.1.0/abs_auth_rbac_core/models/__init__.py

@@ -0,0 +1,7 @@
+from .permissions import Permission
+from .roles import Role
+from .user_role import UserRole
+from .user import Users
+from .role_permission import RolePermission
+
+__all__ = ["Permission", "Role", "UserRole", "Users","RolePermission"]

abs_auth_rbac_core-0.1.0/abs_auth_rbac_core/models/base_model.py

@@ -0,0 +1,20 @@
+import uuid
+from datetime import UTC, datetime
+
+from sqlalchemy import Column, DateTime, Integer, String
+from sqlalchemy.ext.declarative import declarative_base
+
+Base = declarative_base()
+
+
+class BaseModel(Base):
+    """
+    Base model for all models
+    """
+    __abstract__ = True
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    uuid = Column(String(36), unique=True, default=lambda: str(uuid.uuid4()))
+    created_at = Column(DateTime, default=lambda: datetime.now(UTC))
+    updated_at = Column(
+        DateTime, default=lambda: datetime.now(UTC), onupdate=lambda: datetime.now(UTC)
+    )