arize-phoenix 4.25.0__py3-none-any.whl → 4.26.0__py3-none-any.whl

{arize_phoenix-4.25.0.dist-info → arize_phoenix-4.26.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: arize-phoenix
-Version: 4.25.0
+Version: 4.26.0
 Summary: AI Observability and Evaluation
 Project-URL: Documentation, https://docs.arize.com/phoenix/
 Project-URL: Issues, https://github.com/Arize-ai/phoenix/issues
@@ -90,7 +90,7 @@ Requires-Dist: pandas>=1.0; extra == 'dev'
 Requires-Dist: portpicker; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'
 Requires-Dist: prometheus-client; extra == 'dev'
-Requires-Dist: psycopg[binary]; extra == 'dev'
+Requires-Dist: psycopg[binary,pool]; extra == 'dev'
 Requires-Dist: pytest-asyncio; extra == 'dev'
 Requires-Dist: pytest-cov; extra == 'dev'
 Requires-Dist: pytest-postgresql; extra == 'dev'
@@ -111,6 +111,7 @@ Requires-Dist: llama-index-readers-file==0.1.25; extra == 'llama-index'
 Requires-Dist: llama-index==0.10.51; extra == 'llama-index'
 Provides-Extra: pg
 Requires-Dist: asyncpg; extra == 'pg'
+Requires-Dist: psycopg[binary,pool]; extra == 'pg'
 Provides-Extra: test
 Description-Content-Type: text/markdown
 

{arize_phoenix-4.25.0.dist-info → arize_phoenix-4.26.0.dist-info}/RECORD

@@ -1,13 +1,12 @@
 phoenix/__init__.py,sha256=TGNWqm2UW-l67yIRpOtmqGHVAmdoobSNqUsiTtip7uQ,1542
+phoenix/auth.py,sha256=N8vTFmc5BEsdX4xr6Bmh6OwBrNUQykr74LuCIkC28jA,1455
 phoenix/config.py,sha256=wYA_8GSSz5rnpfIWDjeBL9ehKuTy9jqXaMZnxUqRYEU,10131
 phoenix/datetime_utils.py,sha256=yDKjwX2Vtqw9h5F_ProtP-TsXidM43uIvmJ_pOzYc9A,3405
 phoenix/exceptions.py,sha256=n2L2KKuecrdflB9MsCdAYCiSEvGJptIsfRkXMoJle7A,169
 phoenix/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
 phoenix/services.py,sha256=OyML4t2XGnlqF0JXA9_uccL8HslTABxep9Ci7MViKEU,5216
 phoenix/settings.py,sha256=cO-qgis_S27nHirTobYI9hHPfZH18R--WMmxNdsVUwc,273
-phoenix/version.py,sha256=gMIFKEThnzM4tu5IZY3JHWVjHbXMgpnlK4Y7S0AWlGs,23
-phoenix/auth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-phoenix/auth/utils.py,sha256=g-97oiJR219P6JvDUU5likHN4CdWtWo7bDJRmfVb0qk,450
+phoenix/version.py,sha256=4h0uTKk4f4HhC84z3Ggthi61qR_IkvFgq-cnwxm5tCU,23
 phoenix/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 phoenix/core/embedding_dimension.py,sha256=zKGbcvwOXgLf-yrJBpQyKtd-LEOPRKHnUToyAU8Owis,87
 phoenix/core/model.py,sha256=km_a--PBHOuA337ClRw9xqhOHhrUT6Rl9pz_zV0JYkQ,4843
@@ -17,7 +16,7 @@ phoenix/db/README.md,sha256=IvKaZyf9ECbGBYYePaRhBveKZwDbxAc-c7BMxJYZh6Q,595
 phoenix/db/__init__.py,sha256=pDjEFXukHmJBM-1D8RjmXkvLsz85YWNxMQczt81ec3A,118
 phoenix/db/alembic.ini,sha256=p8DjVqGUs_tTx8oU56JP7qj-rMUebNFizItUSv_hPhs,3763
 phoenix/db/bulk_inserter.py,sha256=qgg8pt5k4VnHKOE0-KoReXVAfXRhLt-sMZihI-b4X9I,12761
-phoenix/db/engines.py,sha256=QDdRE6AM7JHWotAGCCljbaM_tz2hHB3-TSr_F4KUe-Q,5292
+phoenix/db/engines.py,sha256=l9Zl7mPd1q4RTXpThzYzc4Lo7TuuBwaGrC-zK0SMnn4,5300
 phoenix/db/helpers.py,sha256=2zSc4n5IJfu-CaOFoBfqTB35M1nTFcAc8tqLsNtF2Jw,3488
 phoenix/db/migrate.py,sha256=NNcci4LHw0wFR7U6quWrA-sw_A4h2lAA1_LePMLkb4w,2629
 phoenix/db/models.py,sha256=lYWJYtD2asQwKU1B8JKyteWpHVYjhr1j0tmZdf9CQ5Y,23686
@@ -70,7 +69,7 @@ phoenix/pointcloud/pointcloud.py,sha256=4zAIkKs2xOUbchpj4XDAV-iPMXrfAJ15TG6rlIYG
 phoenix/pointcloud/projectors.py,sha256=zO_RrtDYSv2rqVOfIP2_9Cv11Dc8EmcZR94xhFcBYPU,1057
 phoenix/pointcloud/umap_parameters.py,sha256=3UQSjrysVOvq2V4KNpTMqNqNiK0BsTZnPBHWZ4fyJtQ,1708
 phoenix/server/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-phoenix/server/app.py,sha256=Jy_QX0YpX6wSHe9oz45gU3VCaQ18dyyWsOxM-xcOul4,21149
+phoenix/server/app.py,sha256=KcxSXDR_awZlIcJg4YkUTZIXlje85_dpdMB2OM-M7SQ,22059
 phoenix/server/dml_event.py,sha256=MpjCFqljxvgb9OB5Cez9vJesb3oHb3XxXictynBfcis,2851
 phoenix/server/dml_event_handler.py,sha256=6p-PucctivelVHfO-_9zNxWZYPr_eGjDF3bKjLtc5co,8251
 phoenix/server/grpc_server.py,sha256=jllxDNkpLQxDkvej4RhTokobowbvydF-SU8gSw1MTCc,3378
@@ -138,8 +137,9 @@ phoenix/server/api/input_types/SpanAnnotationSort.py,sha256=T5pAGzmh4MiJp9JMAzND
 phoenix/server/api/input_types/SpanSort.py,sha256=Dhvl8BIoV52yHoqntfOax_gUc15uH8ITI_00Ha7PvYc,5959
 phoenix/server/api/input_types/TimeRange.py,sha256=yzx-gxj8mDeGLft1FzU_x1MVEgIG5Pt6-f8PUVDgipQ,522
 phoenix/server/api/input_types/TraceAnnotationSort.py,sha256=BzwiUnMh2VsgQYnhDlbJ6ljHugqIS4YDUlYzvq_tl3o,365
+phoenix/server/api/input_types/UserRoleInput.py,sha256=xxhFe0ITZOgRVEJbVem_W6F1Ip_H6xDENdQqMMx-kKE,129
 phoenix/server/api/input_types/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-phoenix/server/api/mutations/__init__.py,sha256=XFlHUZKD6oJWfnXVXOoP1HYeC7Jdw1TntmAUnOQWn8M,880
+phoenix/server/api/mutations/__init__.py,sha256=Cu4lPgUFRAGzKO528jKepwKtfre9lkLTN059S2Shmnw,977
 phoenix/server/api/mutations/api_key_mutations.py,sha256=cv6AT6UAL55lTC_UqMdcN-1TjWAgqqZi__S9Tw12t6I,3688
 phoenix/server/api/mutations/auth.py,sha256=8o4tTfGCPkpUauuB9ijPH84Od77UX_UrQWfmUsnujI4,524
 phoenix/server/api/mutations/dataset_mutations.py,sha256=0feBUW_07FEIx6uzepjxfRVhk5lAck0AkrqS1GVdoF4,27041
@@ -148,10 +148,12 @@ phoenix/server/api/mutations/export_events_mutations.py,sha256=t_wYBxaqvBJYRoHsl
 phoenix/server/api/mutations/project_mutations.py,sha256=MLm7I97lJ85hTuc1tq8sdYA8Ps5WKMV-bGqeeN-Ey90,2279
 phoenix/server/api/mutations/span_annotations_mutations.py,sha256=DM9gzxrMSAcxwXQ6jNaNGDVgl8oP50LZsBWRYQwLaSo,5955
 phoenix/server/api/mutations/trace_annotations_mutations.py,sha256=VDiNzX63Agci7WeMbiK-C770JedlC5R7TZVe1UaRhDE,5930
+phoenix/server/api/mutations/user_mutations.py,sha256=uUZ9LEPQAWRxGA4CVHFClHSGpyMlFHwgi6blu3pkuVA,2998
 phoenix/server/api/openapi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 phoenix/server/api/openapi/main.py,sha256=KNutA_7AvV_WlGX8cOkvvDujcJKQ7AD1HT6rTpCpR8A,616
 phoenix/server/api/openapi/schema.py,sha256=oVZoflWMfzOrLKMIrjr3iLnJ13rmN-t_DOe9g6KoN5s,471
 phoenix/server/api/routers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+phoenix/server/api/routers/auth.py,sha256=dGug0NjOjW1mmIghmheAgHutG7_0-RjL-FcEReWzTHc,1806
 phoenix/server/api/routers/utils.py,sha256=M41BoH-fl37izhRuN2aX7lWm7jOC20A_3uClv9TVUUY,583
 phoenix/server/api/routers/v1/__init__.py,sha256=nb49zcOdAi3DSGuC9gUubN9Yri-o7-WFdlGak4jGuFw,1462
 phoenix/server/api/routers/v1/datasets.py,sha256=l3Hlc9AVyvX5GdT9iOXBsV-i4c_vtnCaXeSAWdNzcw8,37090
@@ -289,8 +291,8 @@ phoenix/utilities/logging.py,sha256=lDXd6EGaamBNcQxL4vP1au9-i_SXe0OraUDiJOcszSw,
 phoenix/utilities/project.py,sha256=8IJuMM4yUMoooPi37sictGj8Etu9rGmq6RFtc9848cQ,436
 phoenix/utilities/re.py,sha256=PDve_OLjRTM8yQQJHC8-n3HdIONi7aNils3ZKRZ5uBM,2045
 phoenix/utilities/span_store.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-arize_phoenix-4.25.0.dist-info/METADATA,sha256=zbUCVE7dfjz9AjNV6ZOauoujdQmaAZwXsn02rUz4UhM,11967
-arize_phoenix-4.25.0.dist-info/WHEEL,sha256=1yFddiXMmvYK7QYTqtRNtX66WJ0Mz8PYEiEUoOUUxRY,87
-arize_phoenix-4.25.0.dist-info/licenses/IP_NOTICE,sha256=JBqyyCYYxGDfzQ0TtsQgjts41IJoa-hiwDrBjCb9gHM,469
-arize_phoenix-4.25.0.dist-info/licenses/LICENSE,sha256=HFkW9REuMOkvKRACuwLPT0hRydHb3zNg-fdFt94td18,3794
-arize_phoenix-4.25.0.dist-info/RECORD,,
+arize_phoenix-4.26.0.dist-info/METADATA,sha256=tf_mydvCrJ0GBxa58iEnat5FdCDItFKPN88hnZj7Dqs,12023
+arize_phoenix-4.26.0.dist-info/WHEEL,sha256=1yFddiXMmvYK7QYTqtRNtX66WJ0Mz8PYEiEUoOUUxRY,87
+arize_phoenix-4.26.0.dist-info/licenses/IP_NOTICE,sha256=JBqyyCYYxGDfzQ0TtsQgjts41IJoa-hiwDrBjCb9gHM,469
+arize_phoenix-4.26.0.dist-info/licenses/LICENSE,sha256=HFkW9REuMOkvKRACuwLPT0hRydHb3zNg-fdFt94td18,3794
+arize_phoenix-4.26.0.dist-info/RECORD,,

phoenix/auth.py

@@ -0,0 +1,45 @@
+import re
+from hashlib import pbkdf2_hmac
+
+
+def compute_password_hash(*, password: str, salt: str) -> str:
+    """
+    Salts and hashes a password using PBKDF2, HMAC, and SHA256.
+    """
+    password_bytes = password.encode("utf-8")
+    salt_bytes = salt.encode("utf-8")
+    password_hash_bytes = pbkdf2_hmac("sha256", password_bytes, salt_bytes, NUM_ITERATIONS)
+    password_hash = password_hash_bytes.hex()
+    return password_hash
+
+
+def is_valid_password(*, password: str, salt: str, password_hash: str) -> bool:
+    """
+    Determines whether the password is valid by salting and hashing the password
+    and comparing against the existing hash value.
+    """
+    return password_hash == compute_password_hash(password=password, salt=salt)
+
+
+def validate_email_format(email: str) -> None:
+    """
+    Checks that the email has a valid format.
+    """
+    if EMAIL_PATTERN.match(email) is None:
+        raise ValueError("Invalid email address")
+
+
+def validate_password_format(password: str) -> None:
+    """
+    Checks that the password has a valid format.
+    """
+    if not password:
+        raise ValueError("Password must be non-empty")
+    if any(char.isspace() for char in password):
+        raise ValueError("Password cannot contain whitespace characters")
+    if not password.isascii():
+        raise ValueError("Password can contain only ASCII characters")
+
+
+EMAIL_PATTERN = re.compile(r"^[^@\s]+@[^@\s]+[.][^@\s]+\Z")
+NUM_ITERATIONS = 10_000

phoenix/db/engines.py

@@ -139,7 +139,7 @@ def aio_postgresql_engine(
     if not migrate:
         return engine
     sync_engine = sqlalchemy.create_engine(
-        url=url.set(drivername="postgresql"),
+        url=url.set(drivername="postgresql+psycopg"),
         echo=Settings.log_migrations,
         json_serializer=_dumps,
     )

phoenix/server/api/input_types/UserRoleInput.py

@@ -0,0 +1,9 @@
+from enum import Enum
+
+import strawberry
+
+
+@strawberry.enum
+class UserRoleInput(Enum):
+    ADMIN = "ADMIN"
+    MEMBER = "MEMBER"

phoenix/server/api/mutations/__init__.py

@@ -7,6 +7,7 @@ from phoenix.server.api.mutations.export_events_mutations import ExportEventsMut
 from phoenix.server.api.mutations.project_mutations import ProjectMutationMixin
 from phoenix.server.api.mutations.span_annotations_mutations import SpanAnnotationMutationMixin
 from phoenix.server.api.mutations.trace_annotations_mutations import TraceAnnotationMutationMixin
+from phoenix.server.api.mutations.user_mutations import UserMutationMixin
 
 
 @strawberry.type
@@ -18,5 +19,6 @@ class Mutation(
     SpanAnnotationMutationMixin,
     TraceAnnotationMutationMixin,
     ApiKeyMutationMixin,
+    UserMutationMixin,
 ):
     pass

phoenix/server/api/mutations/user_mutations.py

@@ -0,0 +1,89 @@
+import asyncio
+from typing import Optional
+
+import strawberry
+from sqlalchemy import insert, select
+from sqlean.dbapi2 import IntegrityError  # type: ignore[import-untyped]
+from strawberry.types import Info
+
+from phoenix.auth import compute_password_hash, validate_email_format, validate_password_format
+from phoenix.db import models
+from phoenix.server.api.context import Context
+from phoenix.server.api.input_types.UserRoleInput import UserRoleInput
+from phoenix.server.api.types.User import User
+from phoenix.server.api.types.UserRole import UserRole
+
+
+@strawberry.input
+class CreateUserInput:
+    email: str
+    username: Optional[str]
+    password: str
+    role: UserRoleInput
+
+
+@strawberry.type
+class UserMutationPayload:
+    user: User
+
+
+@strawberry.type
+class UserMutationMixin:
+    @strawberry.mutation
+    async def create_user(
+        self,
+        info: Info[Context, None],
+        input: CreateUserInput,
+    ) -> UserMutationPayload:
+        validate_email_format(email := input.email)
+        validate_password_format(password := input.password)
+        role_name = input.role.value
+        user_role_id = (
+            select(models.UserRole.id).where(models.UserRole.name == role_name).scalar_subquery()
+        )
+        secret = info.context.get_secret()
+        loop = asyncio.get_running_loop()
+        password_hash = await loop.run_in_executor(
+            executor=None,
+            func=lambda: compute_password_hash(password=password, salt=secret),
+        )
+        try:
+            async with info.context.db() as session:
+                user = await session.scalar(
+                    insert(models.User)
+                    .values(
+                        user_role_id=user_role_id,
+                        username=input.username,
+                        email=email,
+                        auth_method="LOCAL",
+                        password_hash=password_hash,
+                        reset_password=True,
+                    )
+                    .returning(models.User)
+                )
+            assert user is not None
+        except IntegrityError as error:
+            raise ValueError(_get_user_create_error_message(error))
+        return UserMutationPayload(
+            user=User(
+                id_attr=user.id,
+                email=user.email,
+                username=user.username,
+                created_at=user.created_at,
+                role=UserRole(id_attr=user.user_role_id, name=role_name),
+            )
+        )
+
+
+def _get_user_create_error_message(error: IntegrityError) -> str:
+    """
+    Gets a user-facing error message to explain why user creation failed.
+    """
+    original_error_message = str(error)
+    username_already_exists = "users.username" in original_error_message
+    email_already_exists = "users.email" in original_error_message
+    if username_already_exists:
+        return "Username already exists"
+    elif email_already_exists:
+        return "Email already exists"
+    return "Failed to create user"

phoenix/server/api/routers/auth.py

@@ -0,0 +1,52 @@
+import asyncio
+from datetime import timedelta
+
+from fastapi import APIRouter, Form, Request, Response
+from sqlalchemy import select
+from starlette.status import HTTP_204_NO_CONTENT, HTTP_401_UNAUTHORIZED
+from typing_extensions import Annotated
+
+from phoenix.auth import is_valid_password
+from phoenix.db import models
+
+router = APIRouter(include_in_schema=False)
+
+PHOENIX_ACCESS_TOKEN_COOKIE_NAME = "phoenix-access-token"
+PHOENIX_ACCESS_TOKEN_COOKIE_MAX_AGE_IN_SECONDS = int(timedelta(days=31).total_seconds())
+
+
+@router.post("/login")
+async def login(
+    request: Request,
+    email: Annotated[str, Form()],
+    password: Annotated[str, Form()],
+) -> Response:
+    async with request.app.state.db() as session:
+        if (
+            user := await session.scalar(select(models.User).where(models.User.email == email))
+        ) is None or (password_hash := user.password_hash) is None:
+            return Response(status_code=HTTP_401_UNAUTHORIZED)
+    secret = request.app.state.get_secret()
+    loop = asyncio.get_running_loop()
+    if not await loop.run_in_executor(
+        executor=None,
+        func=lambda: is_valid_password(password=password, salt=secret, password_hash=password_hash),
+    ):
+        return Response(status_code=HTTP_401_UNAUTHORIZED)
+    response = Response(status_code=HTTP_204_NO_CONTENT)
+    response.set_cookie(
+        key=PHOENIX_ACCESS_TOKEN_COOKIE_NAME,
+        value="token",  # todo: compute access token
+        secure=True,
+        httponly=True,
+        samesite="strict",
+        max_age=PHOENIX_ACCESS_TOKEN_COOKIE_MAX_AGE_IN_SECONDS,
+    )
+    return response
+
+
+@router.post("/logout")
+async def logout() -> Response:
+    response = Response(status_code=HTTP_204_NO_CONTENT)
+    response.delete_cookie(key=PHOENIX_ACCESS_TOKEN_COOKIE_NAME)
+    return response

phoenix/server/app.py

@@ -4,6 +4,7 @@ import json
 import logging
 from functools import cached_property
 from pathlib import Path
+from types import MethodType
 from typing import (
     TYPE_CHECKING,
     Any,
@@ -30,6 +31,7 @@ from sqlalchemy.ext.asyncio import (
     AsyncSession,
     async_sessionmaker,
 )
+from starlette.datastructures import State as StarletteState
 from starlette.exceptions import HTTPException
 from starlette.middleware import Middleware
 from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoint
@@ -80,6 +82,7 @@ from phoenix.server.api.dataloaders import (
     TokenCountDataLoader,
     TraceRowIdsDataLoader,
 )
+from phoenix.server.api.routers.auth import router as auth_router
 from phoenix.server.api.routers.v1 import REST_API_VERSION
 from phoenix.server.api.routers.v1 import router as v1_router
 from phoenix.server.api.schema import schema
@@ -536,6 +539,8 @@ def create_app(
     app.include_router(router)
     app.include_router(graphql_router)
     app.add_middleware(GZipMiddleware)
+    if authentication_enabled:
+        app.include_router(auth_router)
     if serve_ui:
         app.mount(
             "/",
@@ -554,8 +559,7 @@ def create_app(
             ),
             name="static",
         )
-
-    app.state.db = db
+    app = _update_app_state(app, db=db, secret=secret)
     if tracer_provider:
         from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor
 
@@ -563,3 +567,22 @@ def create_app(
         FastAPIInstrumentor.instrument_app(app, tracer_provider=tracer_provider)
         shutdown_callbacks_list.append(FastAPIInstrumentor().uninstrument)
     return app
+
+
+def _update_app_state(app: FastAPI, /, *, db: DbSessionFactory, secret: Optional[str]) -> FastAPI:
+    """
+    Dynamically updates the app's `state` to include useful fields and methods
+    (at the time of this writing, FastAPI does not support setting this state
+    during the creation of the app).
+    """
+    app.state.db = db
+    app.state._secret = secret
+
+    def get_secret(self: StarletteState) -> str:
+        if (secret := self._secret) is None:
+            raise ValueError("app secret is not set")
+        assert isinstance(secret, str)
+        return secret
+
+    app.state.get_secret = MethodType(get_secret, app.state)
+    return app

phoenix/version.py

@@ -1 +1 @@
-__version__ = "4.25.0"
+__version__ = "4.26.0"

phoenix/auth/utils.py

@@ -1,15 +0,0 @@
-from hashlib import pbkdf2_hmac
-
-
-def compute_password_hash(password: str, salt: str) -> str:
-    """
-    Salts and hashes a password using PBKDF2, HMAC, and SHA256.
-    """
-    password_bytes = password.encode("utf-8")
-    salt_bytes = salt.encode("utf-8")
-    password_hash_bytes = pbkdf2_hmac("sha256", password_bytes, salt_bytes, NUM_ITERATIONS)
-    password_hash = password_hash_bytes.hex()
-    return password_hash
-
-
-NUM_ITERATIONS = 1_000_000