abs-auth-rbac-core 0.3.0__py3-none-any.whl → 0.3.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- abs_auth_rbac_core/auth/middleware.py +32 -3
- abs_auth_rbac_core/rbac/service.py +26 -14
- {abs_auth_rbac_core-0.3.0.dist-info → abs_auth_rbac_core-0.3.2.dist-info}/METADATA +2 -2
- {abs_auth_rbac_core-0.3.0.dist-info → abs_auth_rbac_core-0.3.2.dist-info}/RECORD +5 -5
- {abs_auth_rbac_core-0.3.0.dist-info → abs_auth_rbac_core-0.3.2.dist-info}/WHEEL +0 -0
|
@@ -1,13 +1,38 @@
|
|
|
1
1
|
from fastapi import Depends, Request
|
|
2
2
|
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
|
3
|
+
from fastapi import HTTPException
|
|
3
4
|
import logging
|
|
4
|
-
from typing import Callable, Any
|
|
5
|
+
from typing import Callable, Any, Optional
|
|
5
6
|
|
|
6
7
|
from .jwt_functions import JWTFunctions
|
|
7
8
|
from .auth_functions import get_user_by_attribute
|
|
8
|
-
from abs_exception_core.exceptions import UnauthorizedError
|
|
9
|
+
from abs_exception_core.exceptions import UnauthorizedError, AuthError
|
|
10
|
+
from fastapi.security.utils import get_authorization_scheme_param
|
|
9
11
|
|
|
10
|
-
|
|
12
|
+
class CustomHTTPBearer(HTTPBearer):
|
|
13
|
+
def __init__(self, **kwargs):
|
|
14
|
+
super().__init__(**kwargs)
|
|
15
|
+
|
|
16
|
+
async def __call__(self, request: Request) -> Optional[HTTPAuthorizationCredentials]:
|
|
17
|
+
authorization = request.headers.get("Authorization")
|
|
18
|
+
scheme, credentials = get_authorization_scheme_param(authorization)
|
|
19
|
+
|
|
20
|
+
if not (authorization and scheme and credentials):
|
|
21
|
+
if self.auto_error:
|
|
22
|
+
raise UnauthorizedError(detail="Invalid authentication credentials")
|
|
23
|
+
else:
|
|
24
|
+
return None
|
|
25
|
+
|
|
26
|
+
if scheme.lower() != "bearer":
|
|
27
|
+
if self.auto_error:
|
|
28
|
+
raise UnauthorizedError(detail="Invalid authentication credentials")
|
|
29
|
+
else:
|
|
30
|
+
return None
|
|
31
|
+
|
|
32
|
+
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
|
|
33
|
+
|
|
34
|
+
security = CustomHTTPBearer()
|
|
35
|
+
# security = HTTPBearer()
|
|
11
36
|
logger = logging.getLogger(__name__)
|
|
12
37
|
|
|
13
38
|
|
|
@@ -45,7 +70,11 @@ def auth_middleware(
|
|
|
45
70
|
request.state.user = user
|
|
46
71
|
return user
|
|
47
72
|
|
|
73
|
+
except UnauthorizedError as e:
|
|
74
|
+
logger.error(e)
|
|
75
|
+
raise
|
|
48
76
|
except Exception as e:
|
|
49
77
|
logger.error(f"Authentication error: {str(e)}", exc_info=True)
|
|
50
78
|
raise UnauthorizedError(detail="Authentication failed")
|
|
79
|
+
|
|
51
80
|
return get_auth
|
|
@@ -46,6 +46,7 @@ class RBACService:
|
|
|
46
46
|
self._initialize_casbin(redis_config)
|
|
47
47
|
self.watcher = None
|
|
48
48
|
|
|
49
|
+
|
|
49
50
|
def _initialize_casbin(self,redis_config:Optional[RedisWatcherSchema]=None):
|
|
50
51
|
"""
|
|
51
52
|
Initiates the casbin policy using the default rules
|
|
@@ -69,31 +70,42 @@ class RBACService:
|
|
|
69
70
|
|
|
70
71
|
if redis_config:
|
|
71
72
|
try:
|
|
72
|
-
# Create Redis client with proper configuration
|
|
73
73
|
redis_client = Redis(
|
|
74
74
|
host=redis_config.host,
|
|
75
75
|
port=redis_config.port,
|
|
76
76
|
password=redis_config.password if hasattr(redis_config, 'password') else None,
|
|
77
|
-
ssl=redis_config.ssl,
|
|
77
|
+
ssl=redis_config.ssl, # This is crucial for azure redis
|
|
78
|
+
ssl_cert_reqs=None, # This is crucial for azure redis (Should be none for azure redis)
|
|
79
|
+
ssl_check_hostname=False,
|
|
80
|
+
socket_connect_timeout=10, # Only socket_connect_timeout is required for azure redis watcher
|
|
78
81
|
decode_responses=True,
|
|
79
|
-
socket_connect_timeout=5,
|
|
80
|
-
socket_timeout=5,
|
|
81
82
|
retry_on_timeout=True,
|
|
82
|
-
health_check_interval=30
|
|
83
|
-
|
|
83
|
+
health_check_interval=30 # Required for open connection
|
|
84
|
+
)
|
|
85
|
+
|
|
84
86
|
|
|
85
87
|
# Test Redis connection
|
|
86
88
|
redis_client.ping()
|
|
87
89
|
|
|
88
90
|
# Create Watcher and Options
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
91
|
+
option = WatcherOptions()
|
|
92
|
+
option.host = redis_config.host
|
|
93
|
+
option.port = redis_config.port
|
|
94
|
+
option.password = redis_config.password
|
|
95
|
+
option.ssl = redis_config.ssl
|
|
96
|
+
option.channel = redis_config.channel
|
|
97
|
+
option.optional_update_callback = lambda _: self.enforcer.load_policy()
|
|
98
|
+
|
|
99
|
+
option.init_config()
|
|
100
|
+
|
|
101
|
+
watcher = RedisWatcher()
|
|
102
|
+
|
|
103
|
+
watcher.sub_client = redis_client.pubsub()
|
|
104
|
+
watcher.pub_client = redis_client
|
|
105
|
+
watcher.init_config(option)
|
|
106
|
+
watcher.close = False
|
|
107
|
+
watcher.subscribe_thread.start()
|
|
108
|
+
watcher.subscribe_event.wait(timeout=10)
|
|
97
109
|
|
|
98
110
|
self.enforcer.set_watcher(watcher)
|
|
99
111
|
self.watcher = watcher
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: abs-auth-rbac-core
|
|
3
|
-
Version: 0.3.
|
|
3
|
+
Version: 0.3.2
|
|
4
4
|
Summary: RBAC and Auth core utilities including JWT token management.
|
|
5
5
|
License: MIT
|
|
6
6
|
Author: AutoBridgeSystems
|
|
@@ -12,7 +12,7 @@ Classifier: Programming Language :: Python :: 3.11
|
|
|
12
12
|
Classifier: Programming Language :: Python :: 3.12
|
|
13
13
|
Classifier: Programming Language :: Python :: 3.13
|
|
14
14
|
Requires-Dist: abs-exception-core (>=0.2.0,<0.3.0)
|
|
15
|
-
Requires-Dist: abs-utils (>=0.4.
|
|
15
|
+
Requires-Dist: abs-utils (>=0.4.1,<0.5.0)
|
|
16
16
|
Requires-Dist: casbin (>=1.41.0,<2.0.0)
|
|
17
17
|
Requires-Dist: casbin-redis-watcher (>=1.3.0,<2.0.0)
|
|
18
18
|
Requires-Dist: casbin-sqlalchemy-adapter (>=1.4.0,<2.0.0)
|
|
@@ -2,7 +2,7 @@ abs_auth_rbac_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
|
|
|
2
2
|
abs_auth_rbac_core/auth/__init__.py,sha256=Pvetd98VD9jsok1F9e82yS9kLZMFqTpbN51hkxZQHzw,67
|
|
3
3
|
abs_auth_rbac_core/auth/auth_functions.py,sha256=fhfKRhtpE_J9MHu2jSsIA-cy77A3wCAQKbGGZeh4pe4,947
|
|
4
4
|
abs_auth_rbac_core/auth/jwt_functions.py,sha256=9vhjWrxXdE8fVQ4FGrPj9y6PoSEsaeFohPhgI-3hToI,4111
|
|
5
|
-
abs_auth_rbac_core/auth/middleware.py,sha256=
|
|
5
|
+
abs_auth_rbac_core/auth/middleware.py,sha256=sAHhPiSSiS1iqSl8-thsaZXRK4EQLFJ08BKzKPpgmmQ,2965
|
|
6
6
|
abs_auth_rbac_core/models/__init__.py,sha256=9ImboxQ04XxRjd5o1RDBn465BOj3F2pahuVXF15NuqE,292
|
|
7
7
|
abs_auth_rbac_core/models/base_model.py,sha256=AaWObslm8sTetv4H1Ia_gPpi_75uF5z1o7Et9WAvstU,612
|
|
8
8
|
abs_auth_rbac_core/models/gov_casbin_rule.py,sha256=9PpCQWg6TWeBvgjRcC2VxSSFMkNW-B9a4e2LmmDmmiY,1000
|
|
@@ -17,11 +17,11 @@ abs_auth_rbac_core/models/user_role.py,sha256=20pqmtJPzlUrI9ulHGouk8XlFgrGG7I6ik
|
|
|
17
17
|
abs_auth_rbac_core/rbac/__init__.py,sha256=oYjtpmfrkEbwWCBAWuRoU1fM4fCpBxkF_lwQrelK1As,79
|
|
18
18
|
abs_auth_rbac_core/rbac/decorator.py,sha256=pEFAW0Nn2iE4KBctPhNOmO_VLeJFDX2V9v2LsCu6kHY,1824
|
|
19
19
|
abs_auth_rbac_core/rbac/policy.conf,sha256=wghhhKxgZH0rPhh1QFrIpq9nevJT3s7OxxvXiU3zzuI,305
|
|
20
|
-
abs_auth_rbac_core/rbac/service.py,sha256=
|
|
20
|
+
abs_auth_rbac_core/rbac/service.py,sha256=A0Mg6HFUKzRo2pksOJGu-t_QztaB20ZECc5FfIQ8IDU,38447
|
|
21
21
|
abs_auth_rbac_core/schema/__init__.py,sha256=v9xibJ8Wr9k0u6PEYNK0LCGUJD71SB5vxu9BZG0S7tM,46
|
|
22
22
|
abs_auth_rbac_core/schema/permission.py,sha256=XvxPU68FY0PFgkF4GR2bSrzNvFB8c8OgY_d0JOJvMc8,203
|
|
23
23
|
abs_auth_rbac_core/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
24
24
|
abs_auth_rbac_core/util/permission_constants.py,sha256=EHM4ZkQmMWR-AyoSEf-pJL-EC_eZ4Q_JEp9w62GknHY,102747
|
|
25
|
-
abs_auth_rbac_core-0.3.
|
|
26
|
-
abs_auth_rbac_core-0.3.
|
|
27
|
-
abs_auth_rbac_core-0.3.
|
|
25
|
+
abs_auth_rbac_core-0.3.2.dist-info/METADATA,sha256=7q_MiRXEV0O829MFDvvqk0GMpa8ym0nvdGPASQ1_8Ys,23591
|
|
26
|
+
abs_auth_rbac_core-0.3.2.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
|
|
27
|
+
abs_auth_rbac_core-0.3.2.dist-info/RECORD,,
|
|
File without changes
|