auth-kit-fastapi 0.1.0__tar.gz

auth_kit_fastapi-0.1.0/PKG-INFO

@@ -0,0 +1,226 @@
+Metadata-Version: 2.4
+Name: auth-kit-fastapi
+Version: 0.1.0
+Summary: FastAPI authentication backend for Auth Kit
+Home-page: https://github.com/erickva/auth-kit
+Author: Erick Ama
+Author-email: me@erick.no
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Framework :: FastAPI
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: fastapi>=0.100.0
+Requires-Dist: sqlalchemy>=2.0.0
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: pydantic-settings>=2.0.0
+Requires-Dist: python-jose[cryptography]>=3.3.0
+Requires-Dist: passlib[bcrypt]>=1.7.4
+Requires-Dist: python-multipart>=0.0.6
+Requires-Dist: email-validator>=2.0.0
+Requires-Dist: pyotp>=2.9.0
+Requires-Dist: qrcode>=7.4.0
+Requires-Dist: webauthn>=1.9.0
+Requires-Dist: alembic>=1.12.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: httpx>=0.24.0; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: flake8>=6.0.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+Provides-Extra: redis
+Requires-Dist: redis>=4.5.0; extra == "redis"
+Provides-Extra: postgres
+Requires-Dist: psycopg2-binary>=2.9.0; extra == "postgres"
+Provides-Extra: mysql
+Requires-Dist: pymysql>=1.1.0; extra == "mysql"
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: provides-extra
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# Auth Kit FastAPI
+
+FastAPI authentication backend for Auth Kit. Provides a complete authentication solution with JWT tokens, passkeys, 2FA, and more.
+
+## Installation
+
+```bash
+pip install auth-kit-fastapi
+```
+
+## Quick Start
+
+```python
+from fastapi import FastAPI
+from auth_kit_fastapi import create_auth_app, AuthConfig
+
+app = FastAPI()
+
+# Configure authentication
+auth_config = AuthConfig(
+    database_url="postgresql://localhost/myapp",
+    jwt_secret="your-secret-key",
+    features={
+        "passkeys": True,
+        "two_factor": True,
+        "email_verification": True
+    }
+)
+
+# Create auth app
+auth_app = create_auth_app(auth_config)
+
+# Mount auth routes
+app.mount("/api/auth", auth_app)
+```
+
+## Features
+
+- 🔐 JWT-based authentication with refresh tokens
+- 🔑 WebAuthn/Passkey support
+- 🔒 Two-factor authentication (TOTP)
+- 📧 Email verification
+- 🔄 Password reset flow
+- 👤 User management
+- 🗄️ SQLAlchemy ORM support
+- 🔍 Extensible user model
+- 🛡️ Security best practices
+
+## Configuration
+
+```python
+from auth_kit_fastapi import AuthConfig
+
+config = AuthConfig(
+    # Database
+    database_url="postgresql://user:pass@localhost/db",
+    
+    # JWT Settings
+    jwt_secret="your-secret-key",
+    jwt_algorithm="HS256",
+    access_token_expire_minutes=30,
+    refresh_token_expire_days=7,
+    
+    # Passkey Settings
+    passkey_rp_id="localhost",
+    passkey_rp_name="My App",
+    passkey_origin="http://localhost:3000",
+    
+    # Email Settings
+    email_from="noreply@example.com",
+    email_from_name="My App",
+    
+    # Features
+    features={
+        "passkeys": True,
+        "two_factor": True,
+        "email_verification": True,
+        "social_login": ["google", "github"]
+    }
+)
+```
+
+## Custom User Model
+
+Extend the base User model with your own fields:
+
+```python
+from auth_kit_fastapi import BaseUser
+from sqlalchemy import Column, String
+
+class User(BaseUser):
+    __tablename__ = "users"
+    
+    # Add custom fields
+    company_name = Column(String, nullable=True)
+    department = Column(String, nullable=True)
+```
+
+## API Endpoints
+
+All endpoints are mounted under your chosen prefix (e.g., `/api/auth`):
+
+### Authentication
+- `POST /register` - Register new user
+- `POST /login` - Login with email/password
+- `POST /logout` - Logout user
+- `POST /refresh` - Refresh access token
+- `GET /me` - Get current user
+
+### Password Management
+- `POST /password/change` - Change password
+- `POST /password/reset` - Request password reset
+- `POST /password/reset/confirm` - Confirm password reset
+
+### Email Verification
+- `GET /verify-email/{token}` - Verify email
+- `POST /resend-verification` - Resend verification email
+
+### Passkeys
+- `GET /passkeys` - List user's passkeys
+- `POST /passkeys/register/begin` - Begin passkey registration
+- `POST /passkeys/register/complete` - Complete passkey registration
+- `POST /passkeys/authenticate/begin` - Begin passkey authentication
+- `POST /passkeys/authenticate/complete` - Complete passkey authentication
+- `DELETE /passkeys/{id}` - Delete passkey
+
+### Two-Factor Authentication
+- `POST /2fa/setup/begin` - Begin 2FA setup
+- `POST /2fa/setup/verify` - Verify and enable 2FA
+- `POST /2fa/disable` - Disable 2FA
+- `POST /2fa/verify/login` - Verify 2FA during login
+- `POST /2fa/recovery-codes` - Regenerate recovery codes
+
+## Middleware & Dependencies
+
+Use the provided dependencies to protect your routes:
+
+```python
+from fastapi import Depends
+from auth_kit_fastapi import get_current_user, require_verified_user
+
+@app.get("/protected")
+async def protected_route(user = Depends(get_current_user)):
+    return {"message": f"Hello {user.email}"}
+
+@app.get("/verified-only")
+async def verified_only(user = Depends(require_verified_user)):
+    return {"message": "Only verified users can see this"}
+```
+
+## Events & Hooks
+
+Subscribe to authentication events:
+
+```python
+from auth_kit_fastapi import auth_events
+
+@auth_events.on("user_registered")
+async def on_user_registered(user):
+    # Send welcome email
+    print(f"New user registered: {user.email}")
+
+@auth_events.on("user_logged_in")
+async def on_user_logged_in(user):
+    # Log login event
+    print(f"User logged in: {user.email}")
+```
+
+## License
+
+MIT License

auth_kit_fastapi-0.1.0/README.md

@@ -0,0 +1,171 @@
+# Auth Kit FastAPI
+
+FastAPI authentication backend for Auth Kit. Provides a complete authentication solution with JWT tokens, passkeys, 2FA, and more.
+
+## Installation
+
+```bash
+pip install auth-kit-fastapi
+```
+
+## Quick Start
+
+```python
+from fastapi import FastAPI
+from auth_kit_fastapi import create_auth_app, AuthConfig
+
+app = FastAPI()
+
+# Configure authentication
+auth_config = AuthConfig(
+    database_url="postgresql://localhost/myapp",
+    jwt_secret="your-secret-key",
+    features={
+        "passkeys": True,
+        "two_factor": True,
+        "email_verification": True
+    }
+)
+
+# Create auth app
+auth_app = create_auth_app(auth_config)
+
+# Mount auth routes
+app.mount("/api/auth", auth_app)
+```
+
+## Features
+
+- 🔐 JWT-based authentication with refresh tokens
+- 🔑 WebAuthn/Passkey support
+- 🔒 Two-factor authentication (TOTP)
+- 📧 Email verification
+- 🔄 Password reset flow
+- 👤 User management
+- 🗄️ SQLAlchemy ORM support
+- 🔍 Extensible user model
+- 🛡️ Security best practices
+
+## Configuration
+
+```python
+from auth_kit_fastapi import AuthConfig
+
+config = AuthConfig(
+    # Database
+    database_url="postgresql://user:pass@localhost/db",
+    
+    # JWT Settings
+    jwt_secret="your-secret-key",
+    jwt_algorithm="HS256",
+    access_token_expire_minutes=30,
+    refresh_token_expire_days=7,
+    
+    # Passkey Settings
+    passkey_rp_id="localhost",
+    passkey_rp_name="My App",
+    passkey_origin="http://localhost:3000",
+    
+    # Email Settings
+    email_from="noreply@example.com",
+    email_from_name="My App",
+    
+    # Features
+    features={
+        "passkeys": True,
+        "two_factor": True,
+        "email_verification": True,
+        "social_login": ["google", "github"]
+    }
+)
+```
+
+## Custom User Model
+
+Extend the base User model with your own fields:
+
+```python
+from auth_kit_fastapi import BaseUser
+from sqlalchemy import Column, String
+
+class User(BaseUser):
+    __tablename__ = "users"
+    
+    # Add custom fields
+    company_name = Column(String, nullable=True)
+    department = Column(String, nullable=True)
+```
+
+## API Endpoints
+
+All endpoints are mounted under your chosen prefix (e.g., `/api/auth`):
+
+### Authentication
+- `POST /register` - Register new user
+- `POST /login` - Login with email/password
+- `POST /logout` - Logout user
+- `POST /refresh` - Refresh access token
+- `GET /me` - Get current user
+
+### Password Management
+- `POST /password/change` - Change password
+- `POST /password/reset` - Request password reset
+- `POST /password/reset/confirm` - Confirm password reset
+
+### Email Verification
+- `GET /verify-email/{token}` - Verify email
+- `POST /resend-verification` - Resend verification email
+
+### Passkeys
+- `GET /passkeys` - List user's passkeys
+- `POST /passkeys/register/begin` - Begin passkey registration
+- `POST /passkeys/register/complete` - Complete passkey registration
+- `POST /passkeys/authenticate/begin` - Begin passkey authentication
+- `POST /passkeys/authenticate/complete` - Complete passkey authentication
+- `DELETE /passkeys/{id}` - Delete passkey
+
+### Two-Factor Authentication
+- `POST /2fa/setup/begin` - Begin 2FA setup
+- `POST /2fa/setup/verify` - Verify and enable 2FA
+- `POST /2fa/disable` - Disable 2FA
+- `POST /2fa/verify/login` - Verify 2FA during login
+- `POST /2fa/recovery-codes` - Regenerate recovery codes
+
+## Middleware & Dependencies
+
+Use the provided dependencies to protect your routes:
+
+```python
+from fastapi import Depends
+from auth_kit_fastapi import get_current_user, require_verified_user
+
+@app.get("/protected")
+async def protected_route(user = Depends(get_current_user)):
+    return {"message": f"Hello {user.email}"}
+
+@app.get("/verified-only")
+async def verified_only(user = Depends(require_verified_user)):
+    return {"message": "Only verified users can see this"}
+```
+
+## Events & Hooks
+
+Subscribe to authentication events:
+
+```python
+from auth_kit_fastapi import auth_events
+
+@auth_events.on("user_registered")
+async def on_user_registered(user):
+    # Send welcome email
+    print(f"New user registered: {user.email}")
+
+@auth_events.on("user_logged_in")
+async def on_user_logged_in(user):
+    # Log login event
+    print(f"User logged in: {user.email}")
+```
+
+## License
+
+MIT License

auth_kit_fastapi-0.1.0/auth_kit_fastapi/__init__.py

@@ -0,0 +1,27 @@
+"""
+Auth Kit FastAPI - Complete authentication solution for FastAPI applications
+"""
+
+from .core.config import AuthConfig
+from .core.app import create_auth_app
+from .core.dependencies import (
+    get_current_user,
+    get_current_active_user,
+    require_verified_user,
+    require_superuser
+)
+from .models.user import BaseUser
+from .core.events import auth_events
+
+__version__ = "1.0.0"
+
+__all__ = [
+    "AuthConfig",
+    "create_auth_app",
+    "get_current_user",
+    "get_current_active_user", 
+    "require_verified_user",
+    "require_superuser",
+    "BaseUser",
+    "auth_events"
+]

auth_kit_fastapi-0.1.0/auth_kit_fastapi/schemas/__init__.py

@@ -0,0 +1,84 @@
+"""
+Export all schemas
+"""
+
+from .auth import (
+    UserBase,
+    UserCreate,
+    UserUpdate,
+    UserResponse,
+    LoginRequest,
+    TokenResponse,
+    LoginResponse,
+    RefreshTokenRequest,
+    LogoutRequest,
+    PasswordChangeRequest,
+    PasswordResetRequest,
+    PasswordResetConfirmRequest,
+    EmailVerificationRequest,
+    MessageResponse,
+    ErrorResponse
+)
+
+from .passkey import (
+    PasskeyBase,
+    PasskeyCreate,
+    PasskeyResponse,
+    PasskeyListResponse,
+    RegistrationOptionsResponse,
+    RegistrationCompleteRequest,
+    AuthenticationOptionsResponse,
+    AuthenticationCompleteRequest,
+    AuthenticationBeginRequest
+)
+
+from .two_factor import (
+    TwoFactorSetupResponse,
+    TwoFactorVerifyRequest,
+    TwoFactorEnableResponse,
+    TwoFactorDisableRequest,
+    RecoveryCodesRegenerateRequest,
+    RecoveryCodesResponse,
+    TwoFactorLoginVerifyRequest,
+    TwoFactorStatusResponse
+)
+
+__all__ = [
+    # Auth schemas
+    "UserBase",
+    "UserCreate",
+    "UserUpdate",
+    "UserResponse",
+    "LoginRequest",
+    "TokenResponse", 
+    "LoginResponse",
+    "RefreshTokenRequest",
+    "LogoutRequest",
+    "PasswordChangeRequest",
+    "PasswordResetRequest",
+    "PasswordResetConfirmRequest",
+    "EmailVerificationRequest",
+    "MessageResponse",
+    "ErrorResponse",
+    
+    # Passkey schemas
+    "PasskeyBase",
+    "PasskeyCreate",
+    "PasskeyResponse",
+    "PasskeyListResponse",
+    "RegistrationOptionsResponse",
+    "RegistrationCompleteRequest",
+    "AuthenticationOptionsResponse",
+    "AuthenticationCompleteRequest",
+    "AuthenticationBeginRequest",
+    
+    # 2FA schemas
+    "TwoFactorSetupResponse",
+    "TwoFactorVerifyRequest",
+    "TwoFactorEnableResponse",
+    "TwoFactorDisableRequest",
+    "RecoveryCodesRegenerateRequest",
+    "RecoveryCodesResponse",
+    "TwoFactorLoginVerifyRequest",
+    "TwoFactorStatusResponse"
+]

auth_kit_fastapi-0.1.0/auth_kit_fastapi/schemas/auth.py

@@ -0,0 +1,145 @@
+"""
+Authentication schemas for request/response validation
+"""
+
+from datetime import datetime
+from typing import Optional, Dict, Any
+from uuid import UUID
+from pydantic import BaseModel, EmailStr, Field, validator
+
+
+# Base schemas
+class UserBase(BaseModel):
+    """Base user schema"""
+    email: EmailStr
+    first_name: Optional[str] = None
+    last_name: Optional[str] = None
+    phone_number: Optional[str] = None
+
+
+class UserCreate(UserBase):
+    """User registration schema"""
+    password: str = Field(..., min_length=8, max_length=128)
+    confirm_password: Optional[str] = None
+    accept_terms: Optional[bool] = False
+    
+    @validator('confirm_password')
+    def passwords_match(cls, v, values):
+        if 'password' in values and v != values['password']:
+            raise ValueError('Passwords do not match')
+        return v
+
+
+class UserUpdate(BaseModel):
+    """User profile update schema"""
+    first_name: Optional[str] = None
+    last_name: Optional[str] = None
+    phone_number: Optional[str] = None
+    avatar_url: Optional[str] = None
+
+
+class UserResponse(UserBase):
+    """User response schema"""
+    id: UUID
+    is_active: bool
+    is_verified: bool
+    is_superuser: bool
+    two_factor_enabled: bool
+    created_at: datetime
+    updated_at: datetime
+    last_login_at: Optional[datetime] = None
+    
+    class Config:
+        from_attributes = True
+
+
+# Authentication schemas
+class LoginRequest(BaseModel):
+    """Login request schema (OAuth2 compatible)"""
+    username: EmailStr  # OAuth2 spec requires 'username'
+    password: str
+    grant_type: Optional[str] = "password"
+    scope: Optional[str] = ""
+    client_id: Optional[str] = None
+    client_secret: Optional[str] = None
+
+
+class TokenResponse(BaseModel):
+    """Token response schema (OAuth2 compatible)"""
+    access_token: str
+    refresh_token: Optional[str] = None
+    token_type: str = "bearer"
+    expires_in: Optional[int] = None
+    scope: Optional[str] = ""
+
+
+class LoginResponse(BaseModel):
+    """Enhanced login response with user data"""
+    user: UserResponse
+    tokens: TokenResponse
+    requires_2fa: bool = False
+    message: Optional[str] = None
+
+
+class RefreshTokenRequest(BaseModel):
+    """Refresh token request"""
+    refresh_token: str
+
+
+class LogoutRequest(BaseModel):
+    """Logout request"""
+    refresh_token: str
+    everywhere: bool = False  # Logout from all devices
+
+
+# Password management schemas
+class PasswordChangeRequest(BaseModel):
+    """Password change request"""
+    current_password: str
+    new_password: str = Field(..., min_length=8, max_length=128)
+    confirm_password: Optional[str] = None
+    
+    @validator('confirm_password')
+    def passwords_match(cls, v, values):
+        if 'new_password' in values and v != values['new_password']:
+            raise ValueError('Passwords do not match')
+        return v
+
+
+class PasswordResetRequest(BaseModel):
+    """Password reset request"""
+    email: EmailStr
+
+
+class PasswordResetConfirmRequest(BaseModel):
+    """Password reset confirmation"""
+    token: str
+    new_password: str = Field(..., min_length=8, max_length=128)
+    confirm_password: Optional[str] = None
+    
+    @validator('confirm_password')
+    def passwords_match(cls, v, values):
+        if 'new_password' in values and v != values['new_password']:
+            raise ValueError('Passwords do not match')
+        return v
+
+
+# Email verification schemas
+class EmailVerificationRequest(BaseModel):
+    """Request email verification resend"""
+    email: Optional[EmailStr] = None  # Use current user's email if not provided
+
+
+# Response messages
+class MessageResponse(BaseModel):
+    """Generic message response"""
+    message: str
+    success: bool = True
+    data: Optional[Dict[str, Any]] = None
+
+
+class ErrorResponse(BaseModel):
+    """Error response"""
+    detail: str
+    code: Optional[str] = None
+    field: Optional[str] = None