aimodelshare 0.3.7__py3-none-any.whl

aimodelshare/moral_compass/apps/session_auth.py

@@ -0,0 +1,254 @@
+"""
+Session-based authentication helpers for multi-user Gradio apps in Cloud Run.
+
+This module provides utilities for managing per-session authentication state
+instead of using global environment variables, which are unsafe in multi-user
+Cloud Run deployments where multiple users share the same container instance.
+
+Key Design Principles:
+- All authentication state is stored in Gradio State objects (per-session)
+- No usage of os.environ for username, password, or tokens
+- Thread-safe token generation
+- Backward compatible with existing get_aws_token() function
+"""
+
+import logging
+from typing import Optional, Dict, Any, Tuple
+import os
+
+# Import dependencies at module level
+try:
+    import botocore.config
+    import boto3
+    from aimodelshare.exceptions import AuthorizationError
+except ImportError as e:
+    # These are required dependencies
+    raise ImportError(
+        "Required dependencies not found. Ensure boto3 and botocore are installed."
+    ) from e
+
+logger = logging.getLogger("aimodelshare.moral_compass.apps.session_auth")
+
+
+def generate_auth_token(username: str, password: str) -> str:
+    """
+    Generate an authentication token for a user session.
+    
+    This function wraps the existing get_aws_token() function from aimodelshare.aws
+    but accepts username and password as parameters instead of reading from
+    environment variables. This makes it safe for multi-user Cloud Run deployments.
+    
+    Args:
+        username: The user's username
+        password: The user's password
+        
+    Returns:
+        str: The AWS authentication token (IdToken from Cognito)
+        
+    Raises:
+        AuthorizationError: If authentication fails
+        ValueError: If username or password is empty
+        
+    Example:
+        >>> token = generate_auth_token("myuser", "mypass")
+        >>> # Store token in Gradio State, not in os.environ
+    """
+    if not username or not username.strip():
+        raise ValueError("Username cannot be empty")
+    
+    if not password or not password.strip():
+        raise ValueError("Password cannot be empty")
+    
+    try:
+        # Get Cognito client ID from environment or use default
+        # Note: This default is for the shared modelshare.ai Cognito pool
+        client_id = os.getenv('COGNITO_CLIENT_ID', '7ptv9f8pt36elmg0e4v9v7jo9t')
+        region = os.getenv('COGNITO_REGION', 'us-east-2')
+        
+        # Create unsigned config for Cognito client
+        config = botocore.config.Config(signature_version=botocore.UNSIGNED)
+        
+        # Initialize Cognito provider client
+        provider_client = boto3.client(
+            "cognito-idp", 
+            region_name=region, 
+            config=config
+        )
+        
+        # Authenticate with Cognito using USER_PASSWORD_AUTH flow
+        response = provider_client.initiate_auth(
+            ClientId=client_id,
+            AuthFlow="USER_PASSWORD_AUTH",
+            AuthParameters={
+                "USERNAME": username.strip(),
+                "PASSWORD": password.strip()
+            },
+        )
+        
+        # Extract IdToken from response
+        token = response["AuthenticationResult"]["IdToken"]
+        
+        logger.info(f"Successfully generated auth token for user: {username}")
+        return token
+        
+    except Exception as err:
+        logger.error(f"Authentication failed for user {username}: {err}")
+        raise AuthorizationError(f"Could not authorize user. {str(err)}")
+
+
+def create_session_state() -> Dict[str, Any]:
+    """
+    Create an initial session state dictionary for authentication.
+    
+    This state object should be stored in a Gradio State component and
+    passed through all functions that need authentication information.
+    
+    Returns:
+        Dict containing:
+        - 'username': str or None
+        - 'token': str or None
+        - 'team_name': str or None
+        - 'is_authenticated': bool
+        
+    Example:
+        >>> session_state = gr.State(value=create_session_state())
+    """
+    return {
+        'username': None,
+        'token': None,
+        'team_name': None,
+        'is_authenticated': False
+    }
+
+
+def authenticate_session(
+    session_state: Dict[str, Any],
+    username: str,
+    password: str
+) -> Tuple[Dict[str, Any], bool, str]:
+    """
+    Authenticate a user and update the session state.
+    
+    Args:
+        session_state: Current session state dictionary
+        username: Username to authenticate
+        password: Password to authenticate
+        
+    Returns:
+        Tuple of (updated_session_state, success, message)
+        - updated_session_state: New session state with auth info
+        - success: True if authentication succeeded
+        - message: User-friendly message about authentication result
+        
+    Example:
+        >>> session_state = create_session_state()
+        >>> new_state, success, msg = authenticate_session(
+        ...     session_state, "myuser", "mypass"
+        ... )
+        >>> if success:
+        ...     print(f"Logged in as {new_state['username']}")
+    """
+    try:
+        # Generate token
+        token = generate_auth_token(username, password)
+        
+        # Update session state
+        new_state = session_state.copy()
+        new_state['username'] = username.strip()
+        new_state['token'] = token
+        new_state['is_authenticated'] = True
+        
+        message = f"✓ Successfully authenticated as {username}"
+        logger.info(f"Session authenticated for user: {username}")
+        
+        return new_state, True, message
+        
+    except Exception as e:
+        # Authentication failed - don't update state
+        error_msg = f"⚠️ Authentication failed: {str(e)}"
+        logger.error(f"Session authentication failed for user {username}: {e}")
+        
+        return session_state, False, error_msg
+
+
+def get_session_token(session_state: Dict[str, Any]) -> Optional[str]:
+    """
+    Get the authentication token from session state.
+    
+    Args:
+        session_state: Current session state dictionary
+        
+    Returns:
+        The authentication token, or None if not authenticated
+        
+    Example:
+        >>> token = get_session_token(session_state)
+        >>> if token:
+        ...     # User is authenticated, proceed with API call
+        ...     api_client.set_token(token)
+    """
+    if session_state and session_state.get('is_authenticated'):
+        return session_state.get('token')
+    return None
+
+
+def get_session_username(session_state: Dict[str, Any]) -> Optional[str]:
+    """
+    Get the username from session state.
+    
+    Args:
+        session_state: Current session state dictionary
+        
+    Returns:
+        The username, or None if not authenticated
+    """
+    if session_state and session_state.get('is_authenticated'):
+        return session_state.get('username')
+    return None
+
+
+def is_session_authenticated(session_state: Dict[str, Any]) -> bool:
+    """
+    Check if the session is authenticated.
+    
+    Args:
+        session_state: Current session state dictionary
+        
+    Returns:
+        True if session is authenticated, False otherwise
+    """
+    return bool(session_state and session_state.get('is_authenticated'))
+
+
+def set_session_team(
+    session_state: Dict[str, Any],
+    team_name: str
+) -> Dict[str, Any]:
+    """
+    Set the team name in session state.
+    
+    Args:
+        session_state: Current session state dictionary
+        team_name: Team name to assign
+        
+    Returns:
+        Updated session state dictionary
+    """
+    new_state = session_state.copy()
+    new_state['team_name'] = team_name
+    return new_state
+
+
+def get_session_team(session_state: Dict[str, Any]) -> Optional[str]:
+    """
+    Get the team name from session state.
+    
+    Args:
+        session_state: Current session state dictionary
+        
+    Returns:
+        The team name, or None if not set
+    """
+    if session_state:
+        return session_state.get('team_name')
+    return None

aimodelshare/moral_compass/apps/shared_activity_styles.css

@@ -0,0 +1,349 @@
+/*
+ * Shared Activity Styles for Activities 7, 8, and 9
+ * 
+ * Consistent styling aligned with model_building_game.py patterns
+ */
+
+/* ============================================================================
+   KPI Cards (Moral Compass widgets, score displays)
+   ============================================================================ */
+
+.kpi-card {
+    background: var(--card-bg-strong, var(--block-background-fill));
+    border: 2px solid var(--accent-strong, #4f46e5);
+    padding: 24px;
+    border-radius: var(--slide-radius-lg, 12px);
+    text-align: center;
+    max-width: 600px;
+    margin: auto;
+    color: var(--text-main, #1f2937);
+    box-shadow: var(--shadow-drop, 0 4px 6px -1px rgba(0,0,0,0.08));
+    min-height: 200px;
+}
+
+.kpi-card-body {
+    display: flex;
+    flex-wrap: wrap;
+    justify-content: space-around;
+    align-items: flex-end;
+    margin-top: 24px;
+}
+
+.kpi-metric-box {
+    min-width: 150px;
+    margin: 10px;
+}
+
+.kpi-label {
+    font-size: 1rem;
+    color: var(--text-muted, #6b7280);
+    margin: 0;
+}
+
+.kpi-score {
+    font-size: 3rem;
+    font-weight: 700;
+    margin: 0;
+    line-height: 1.1;
+    color: var(--accent-strong, #4f46e5);
+}
+
+.kpi-subtext-muted {
+    font-size: 1.2rem;
+    font-weight: 500;
+    color: var(--text-muted, #6b7280);
+}
+
+/* KPI Card Variants */
+.kpi-card--neutral {
+    border-color: var(--card-border-subtle, #e5e7eb);
+}
+
+.kpi-card--subtle-accent {
+    border-color: var(--accent-strong, #4f46e5);
+}
+
+.kpi-score--muted {
+    color: var(--text-muted, #6b7280);
+}
+
+/* ============================================================================
+   Leaderboard Tables
+   ============================================================================ */
+
+.leaderboard-html-table {
+    width: 100%;
+    border-collapse: collapse;
+    text-align: left;
+    font-size: 1rem;
+    color: var(--text-main, #1f2937);
+    min-height: 300px;
+}
+
+.leaderboard-html-table thead {
+    background: var(--block-background-fill, #f9fafb);
+}
+
+.leaderboard-html-table th {
+    padding: 12px 16px;
+    font-size: 0.9rem;
+    color: var(--text-muted, #6b7280);
+    font-weight: 500;
+}
+
+.leaderboard-html-table tbody tr {
+    border-bottom: 1px solid var(--card-border-subtle, #e5e7eb);
+}
+
+.leaderboard-html-table td {
+    padding: 12px 16px;
+}
+
+.leaderboard-html-table tbody tr:hover {
+    background: var(--block-background-fill, #f9fafb);
+}
+
+/* User row highlighting */
+.user-row-highlight {
+    background: color-mix(in srgb, var(--accent-strong, #4f46e5) 10%, transparent) !important;
+    font-weight: 600;
+}
+
+.user-row-highlight td {
+    color: var(--accent-strong, #4f46e5);
+}
+
+/* ============================================================================
+   Buttons (Consistent variants)
+   ============================================================================ */
+
+/* Primary buttons - main progression actions */
+.btn-primary {
+    background: var(--accent-strong, #4f46e5);
+    color: white;
+    border: none;
+    padding: 12px 24px;
+    border-radius: 8px;
+    font-weight: 600;
+    cursor: pointer;
+    transition: background 0.2s;
+}
+
+.btn-primary:hover {
+    background: color-mix(in srgb, var(--accent-strong, #4f46e5) 90%, black);
+}
+
+/* Secondary buttons - back, cancel */
+.btn-secondary {
+    background: var(--block-background-fill, #f9fafb);
+    color: var(--text-main, #1f2937);
+    border: 2px solid var(--card-border-subtle, #e5e7eb);
+    padding: 12px 24px;
+    border-radius: 8px;
+    font-weight: 600;
+    cursor: pointer;
+    transition: all 0.2s;
+}
+
+.btn-secondary:hover {
+    border-color: var(--accent-strong, #4f46e5);
+}
+
+/* Neutral buttons - force sync, utility actions */
+.btn-neutral {
+    background: var(--block-background-fill, #f9fafb);
+    color: var(--text-muted, #6b7280);
+    border: 1px solid var(--card-border-subtle, #e5e7eb);
+    padding: 10px 20px;
+    border-radius: 8px;
+    font-weight: 500;
+    cursor: pointer;
+    transition: all 0.2s;
+}
+
+.btn-neutral:hover {
+    background: var(--card-bg-strong, var(--block-background-fill));
+}
+
+/* Success buttons - certificate, completion */
+.btn-success {
+    background: #10b981;
+    color: white;
+    border: none;
+    padding: 12px 24px;
+    border-radius: 8px;
+    font-weight: 600;
+    cursor: pointer;
+    transition: background 0.2s;
+}
+
+.btn-success:hover {
+    background: #059669;
+}
+
+/* Info buttons - educational expansions, help */
+.btn-info {
+    background: #3b82f6;
+    color: white;
+    border: none;
+    padding: 10px 20px;
+    border-radius: 8px;
+    font-weight: 500;
+    cursor: pointer;
+    transition: background 0.2s;
+}
+
+.btn-info:hover {
+    background: #2563eb;
+}
+
+/* ============================================================================
+   Moral Compass Widget
+   ============================================================================ */
+
+.moral-compass-widget {
+    background: var(--block-background-fill, #f9fafb);
+    padding: 16px;
+    border-radius: 8px;
+    border: 2px solid var(--accent-strong, #4f46e5);
+    margin: 16px 0;
+}
+
+.moral-compass-widget h3 {
+    margin-top: 0;
+    color: var(--text-main, #1f2937);
+}
+
+.moral-compass-metrics {
+    display: flex;
+    justify-content: space-around;
+    flex-wrap: wrap;
+}
+
+.moral-compass-metric {
+    text-align: center;
+    margin: 10px;
+}
+
+.moral-compass-metric-label {
+    font-size: 0.9rem;
+    color: var(--text-muted, #6b7280);
+}
+
+.moral-compass-metric-value {
+    font-size: 2rem;
+    font-weight: bold;
+    color: var(--accent-strong, #4f46e5);
+}
+
+.moral-compass-metric-status {
+    font-size: 0.8rem;
+    color: var(--text-muted, #6b7280);
+}
+
+/* ============================================================================
+   Alert Panels (Error/Warning/Success messages)
+   ============================================================================ */
+
+.alert-panel {
+    padding: 16px;
+    border-radius: 8px;
+    margin: 16px 0;
+    border-left: 4px solid;
+}
+
+.alert-panel--error {
+    background: #fef2f2;
+    border-color: #ef4444;
+    color: #991b1b;
+}
+
+.alert-panel--warning {
+    background: #fffbeb;
+    border-color: #f59e0b;
+    color: #92400e;
+}
+
+.alert-panel--success {
+    background: #f0fdf4;
+    border-color: #10b981;
+    color: #065f46;
+}
+
+.alert-panel--info {
+    background: #eff6ff;
+    border-color: #3b82f6;
+    color: #1e40af;
+}
+
+/* ============================================================================
+   Educational Content Expansions
+   ============================================================================ */
+
+.educational-expansion {
+    background: var(--block-background-fill, #f9fafb);
+    padding: 20px;
+    border-radius: 8px;
+    border: 1px solid var(--card-border-subtle, #e5e7eb);
+    margin: 16px 0;
+}
+
+.educational-expansion h4 {
+    margin-top: 0;
+    color: var(--accent-strong, #4f46e5);
+}
+
+.educational-expansion-content {
+    color: var(--text-main, #1f2937);
+    line-height: 1.6;
+}
+
+/* ============================================================================
+   Dark Mode Support
+   ============================================================================ */
+
+@media (prefers-color-scheme: dark) {
+    .kpi-card {
+        background: color-mix(in srgb, var(--block-background-fill) 85%, #000 15%);
+    }
+
+    .leaderboard-html-table thead {
+        background: color-mix(in srgb, var(--block-background-fill) 75%, #000 25%);
+    }
+
+    .btn-secondary {
+        background: color-mix(in srgb, var(--block-background-fill) 90%, #fff 10%);
+    }
+
+    .btn-neutral {
+        background: color-mix(in srgb, var(--block-background-fill) 85%, #fff 15%);
+    }
+}
+
+/* ============================================================================
+   Responsive Design
+   ============================================================================ */
+
+@media (max-width: 768px) {
+    .kpi-card {
+        padding: 16px;
+        min-height: 150px;
+    }
+
+    .kpi-score {
+        font-size: 2rem;
+    }
+
+    .leaderboard-html-table {
+        font-size: 0.9rem;
+    }
+
+    .leaderboard-html-table th,
+    .leaderboard-html-table td {
+        padding: 8px 12px;
+    }
+
+    .moral-compass-metric-value {
+        font-size: 1.5rem;
+    }
+}