botrun-flow-lang 5.12.262__py3-none-any.whl → 5.12.264__py3-none-any.whl

botrun_flow_lang/api/auth_api.py

@@ -1,40 +1,40 @@
-from fastapi import APIRouter, HTTPException, Form
-from typing import Dict, Any
-
-from botrun_flow_lang.utils.clients.token_verify_client import TokenVerifyClient
-
-router = APIRouter(prefix="/auth")
-
-
-@router.post("/token_verify")
-async def verify_token(access_token: str = Form(...)) -> Dict[Any, Any]:
-    """
-    驗證 access token 的有效性。
-
-    Args:
-        access_token: 要驗證的 access token (from form data)
-
-    Returns:
-        包含驗證結果的字典:
-        {
-            "is_success": true,
-            "username": "user@example.com"
-        }
-
-    Raises:
-        HTTPException: 當 token 無效 (401) 或後端 API 無法訪問時 (500)
-    """
-    try:
-        client = TokenVerifyClient()
-        result = await client.verify_token(access_token)
-        return result
-    except ValueError as e:
-        error_msg = str(e).lower()
-        # Token 無效時回傳 401
-        if "invalid" in error_msg and "token" in error_msg:
-            raise HTTPException(status_code=401, detail="Invalid access token")
-        # 請求格式錯誤時回傳 400  
-        elif "bad request" in error_msg:
-            raise HTTPException(status_code=400, detail="Bad request: missing or invalid token format")
-        # 其他錯誤回傳 500
+from fastapi import APIRouter, HTTPException, Form
+from typing import Dict, Any
+
+from botrun_flow_lang.utils.clients.token_verify_client import TokenVerifyClient
+
+router = APIRouter(prefix="/auth")
+
+
+@router.post("/token_verify")
+async def verify_token(access_token: str = Form(...)) -> Dict[Any, Any]:
+    """
+    驗證 access token 的有效性。
+
+    Args:
+        access_token: 要驗證的 access token (from form data)
+
+    Returns:
+        包含驗證結果的字典:
+        {
+            "is_success": true,
+            "username": "user@example.com"
+        }
+
+    Raises:
+        HTTPException: 當 token 無效 (401) 或後端 API 無法訪問時 (500)
+    """
+    try:
+        client = TokenVerifyClient()
+        result = await client.verify_token(access_token)
+        return result
+    except ValueError as e:
+        error_msg = str(e).lower()
+        # Token 無效時回傳 401
+        if "invalid" in error_msg and "token" in error_msg:
+            raise HTTPException(status_code=401, detail="Invalid access token")
+        # 請求格式錯誤時回傳 400  
+        elif "bad request" in error_msg:
+            raise HTTPException(status_code=400, detail="Bad request: missing or invalid token format")
+        # 其他錯誤回傳 500
         raise HTTPException(status_code=500, detail=str(e))

botrun_flow_lang/api/auth_utils.py

@@ -1,183 +1,183 @@
-"""Utility functions for authentication shared across API modules."""
-
-import os
-import logging
-from fastapi import HTTPException, Depends
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
-from pydantic import BaseModel
-from typing import TYPE_CHECKING
-
-from botrun_flow_lang.utils.clients.token_verify_client import TokenVerifyClient
-
-if TYPE_CHECKING:
-    from botrun_flow_lang.services.hatch.hatch_fs_store import HatchFsStore
-
-# Reusable HTTPBearer security scheme
-security = HTTPBearer()
-
-
-class CurrentUser(BaseModel):
-    """Current authenticated user information."""
-    user_id: str  # From botrun_back API's username field or admin for universal tokens
-    is_admin: bool = False  # Universal token users are marked as admin
-
-def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)):
-    """Verify that the provided Bearer token is in the allowed JWT_TOKENS list.
-
-    Args:
-        credentials: Parsed `Authorization` header credentials supplied by FastAPI's
-            dependency injection using `HTTPBearer`.
-
-    Raises:
-        HTTPException: If the token is missing or not present in the allowed list.
-    """
-    jwt_tokens_env = os.getenv("JWT_TOKENS", "")
-    tokens = [t.strip() for t in jwt_tokens_env.split("\n") if t.strip()]
-    if credentials.credentials not in tokens:
-        raise HTTPException(
-            status_code=401,
-            detail="Invalid authentication credentials",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    return True
-
-
-async def verify_jwt_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> CurrentUser:
-    """Verify JWT token using dual authentication mechanism.
-    
-    First checks if token is in JWT_TOKENS (universal tokens for testing),
-    then calls botrun_back API for user authentication using TokenVerifyClient.
-    
-    Args:
-        credentials: Parsed Authorization header credentials
-        
-    Returns:
-        CurrentUser: Authenticated user information
-        
-    Raises:
-        HTTPException: If authentication fails
-    """
-    # 1. Check universal tokens (existing logic)
-    jwt_tokens_env = os.getenv("JWT_TOKENS", "")
-    tokens = [t.strip() for t in jwt_tokens_env.split("\n") if t.strip()]
-    
-    if credentials.credentials in tokens:
-        return CurrentUser(user_id="admin", is_admin=True)
-    
-    # 2. Use TokenVerifyClient for authentication (with IAP support)
-    try:
-        client = TokenVerifyClient()
-        result = await client.verify_token(credentials.credentials)
-        
-        if result.get('is_success', False):
-            username = result.get('username', '')
-            if username:
-                return CurrentUser(user_id=username, is_admin=False)
-            else:
-                raise HTTPException(status_code=401, detail="Invalid response from auth service")
-        else:
-            raise HTTPException(status_code=401, detail="Invalid authentication credentials")
-            
-    except ValueError as e:
-        error_msg = str(e).lower()
-        if "invalid" in error_msg and "token" in error_msg:
-            raise HTTPException(status_code=401, detail="Invalid authentication credentials")
-        elif "not configured" in error_msg:
-            raise HTTPException(status_code=500, detail="Authentication service not configured")
-        else:
-            raise HTTPException(status_code=500, detail="Authentication service unavailable")
-    except Exception as e:
-        logging.error(f"Unexpected error during authentication: {e}")
-        raise HTTPException(status_code=500, detail="Authentication error")
-
-
-def verify_user_permission(current_user: CurrentUser, target_user_id: str):
-    """Verify user has permission to access resources for the specified user_id.
-    
-    Args:
-        current_user: Current authenticated user
-        target_user_id: Target user ID to check permission for
-        
-    Raises:
-        HTTPException: If user lacks permission
-    """
-    if current_user.is_admin:
-        return  # Admin can access all resources
-    
-    if current_user.user_id != target_user_id:
-        raise HTTPException(
-            status_code=403, 
-            detail="Insufficient permissions to access this resource"
-        )
-
-
-async def verify_hatch_owner(current_user: CurrentUser, hatch_id: str, store: "HatchFsStore"):
-    """Verify user is the owner of the specified hatch.
-    
-    Args:
-        current_user: Current authenticated user
-        hatch_id: Hatch ID to check ownership for
-        store: Hatch store instance
-        
-    Raises:
-        HTTPException: If user is not the owner or hatch not found
-    """
-    if current_user.is_admin:
-        return  # Admin can access all hatches
-    
-    hatch = await store.get_hatch(hatch_id)
-    if not hatch:
-        raise HTTPException(status_code=404, detail="Hatch not found")
-    
-    if hatch.user_id != current_user.user_id:
-        raise HTTPException(
-            status_code=403, 
-            detail="Insufficient permissions to access this hatch"
-        )
-
-
-async def verify_hatch_access(current_user: CurrentUser, hatch_id: str, store: "HatchFsStore"):
-    """Verify user can read the hatch (owner or shared with user).
-    
-    Args:
-        current_user: Current authenticated user
-        hatch_id: Hatch ID to check access for
-        store: Hatch store instance
-        
-    Raises:
-        HTTPException: If user lacks access or hatch not found
-    """
-    if current_user.is_admin:
-        return  # Admin can access all hatches
-    
-    hatch = await store.get_hatch(hatch_id)
-    if not hatch:
-        raise HTTPException(status_code=404, detail="Hatch not found")
-    
-    # Check if user is owner
-    if hatch.user_id == current_user.user_id:
-        return
-    
-    # Check if hatch is shared with user
-    is_shared, _ = await store.is_hatch_shared_with_user(hatch_id, current_user.user_id)
-    if not is_shared:
-        raise HTTPException(
-            status_code=403, 
-            detail="Insufficient permissions to access this hatch"
-        )
-
-
-def verify_admin_permission(current_user: CurrentUser):
-    """Verify user has admin permissions.
-    
-    Args:
-        current_user: Current authenticated user
-        
-    Raises:
-        HTTPException: If user is not admin
-    """
-    if not current_user.is_admin:
-        raise HTTPException(
-            status_code=403, 
-            detail="Admin permissions required"
-        )
+"""Utility functions for authentication shared across API modules."""
+
+import os
+import logging
+from fastapi import HTTPException, Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from pydantic import BaseModel
+from typing import TYPE_CHECKING
+
+from botrun_flow_lang.utils.clients.token_verify_client import TokenVerifyClient
+
+if TYPE_CHECKING:
+    from botrun_flow_lang.services.hatch.hatch_fs_store import HatchFsStore
+
+# Reusable HTTPBearer security scheme
+security = HTTPBearer()
+
+
+class CurrentUser(BaseModel):
+    """Current authenticated user information."""
+    user_id: str  # From botrun_back API's username field or admin for universal tokens
+    is_admin: bool = False  # Universal token users are marked as admin
+
+def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)):
+    """Verify that the provided Bearer token is in the allowed JWT_TOKENS list.
+
+    Args:
+        credentials: Parsed `Authorization` header credentials supplied by FastAPI's
+            dependency injection using `HTTPBearer`.
+
+    Raises:
+        HTTPException: If the token is missing or not present in the allowed list.
+    """
+    jwt_tokens_env = os.getenv("JWT_TOKENS", "")
+    tokens = [t.strip() for t in jwt_tokens_env.split("\n") if t.strip()]
+    if credentials.credentials not in tokens:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return True
+
+
+async def verify_jwt_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> CurrentUser:
+    """Verify JWT token using dual authentication mechanism.
+    
+    First checks if token is in JWT_TOKENS (universal tokens for testing),
+    then calls botrun_back API for user authentication using TokenVerifyClient.
+    
+    Args:
+        credentials: Parsed Authorization header credentials
+        
+    Returns:
+        CurrentUser: Authenticated user information
+        
+    Raises:
+        HTTPException: If authentication fails
+    """
+    # 1. Check universal tokens (existing logic)
+    jwt_tokens_env = os.getenv("JWT_TOKENS", "")
+    tokens = [t.strip() for t in jwt_tokens_env.split("\n") if t.strip()]
+    
+    if credentials.credentials in tokens:
+        return CurrentUser(user_id="admin", is_admin=True)
+    
+    # 2. Use TokenVerifyClient for authentication (with IAP support)
+    try:
+        client = TokenVerifyClient()
+        result = await client.verify_token(credentials.credentials)
+        
+        if result.get('is_success', False):
+            username = result.get('username', '')
+            if username:
+                return CurrentUser(user_id=username, is_admin=False)
+            else:
+                raise HTTPException(status_code=401, detail="Invalid response from auth service")
+        else:
+            raise HTTPException(status_code=401, detail="Invalid authentication credentials")
+            
+    except ValueError as e:
+        error_msg = str(e).lower()
+        if "invalid" in error_msg and "token" in error_msg:
+            raise HTTPException(status_code=401, detail="Invalid authentication credentials")
+        elif "not configured" in error_msg:
+            raise HTTPException(status_code=500, detail="Authentication service not configured")
+        else:
+            raise HTTPException(status_code=500, detail="Authentication service unavailable")
+    except Exception as e:
+        logging.error(f"Unexpected error during authentication: {e}")
+        raise HTTPException(status_code=500, detail="Authentication error")
+
+
+def verify_user_permission(current_user: CurrentUser, target_user_id: str):
+    """Verify user has permission to access resources for the specified user_id.
+    
+    Args:
+        current_user: Current authenticated user
+        target_user_id: Target user ID to check permission for
+        
+    Raises:
+        HTTPException: If user lacks permission
+    """
+    if current_user.is_admin:
+        return  # Admin can access all resources
+    
+    if current_user.user_id != target_user_id:
+        raise HTTPException(
+            status_code=403, 
+            detail="Insufficient permissions to access this resource"
+        )
+
+
+async def verify_hatch_owner(current_user: CurrentUser, hatch_id: str, store: "HatchFsStore"):
+    """Verify user is the owner of the specified hatch.
+    
+    Args:
+        current_user: Current authenticated user
+        hatch_id: Hatch ID to check ownership for
+        store: Hatch store instance
+        
+    Raises:
+        HTTPException: If user is not the owner or hatch not found
+    """
+    if current_user.is_admin:
+        return  # Admin can access all hatches
+    
+    hatch = await store.get_hatch(hatch_id)
+    if not hatch:
+        raise HTTPException(status_code=404, detail="Hatch not found")
+    
+    if hatch.user_id != current_user.user_id:
+        raise HTTPException(
+            status_code=403, 
+            detail="Insufficient permissions to access this hatch"
+        )
+
+
+async def verify_hatch_access(current_user: CurrentUser, hatch_id: str, store: "HatchFsStore"):
+    """Verify user can read the hatch (owner or shared with user).
+    
+    Args:
+        current_user: Current authenticated user
+        hatch_id: Hatch ID to check access for
+        store: Hatch store instance
+        
+    Raises:
+        HTTPException: If user lacks access or hatch not found
+    """
+    if current_user.is_admin:
+        return  # Admin can access all hatches
+    
+    hatch = await store.get_hatch(hatch_id)
+    if not hatch:
+        raise HTTPException(status_code=404, detail="Hatch not found")
+    
+    # Check if user is owner
+    if hatch.user_id == current_user.user_id:
+        return
+    
+    # Check if hatch is shared with user
+    is_shared, _ = await store.is_hatch_shared_with_user(hatch_id, current_user.user_id)
+    if not is_shared:
+        raise HTTPException(
+            status_code=403, 
+            detail="Insufficient permissions to access this hatch"
+        )
+
+
+def verify_admin_permission(current_user: CurrentUser):
+    """Verify user has admin permissions.
+    
+    Args:
+        current_user: Current authenticated user
+        
+    Raises:
+        HTTPException: If user is not admin
+    """
+    if not current_user.is_admin:
+        raise HTTPException(
+            status_code=403, 
+            detail="Admin permissions required"
+        )

botrun_flow_lang/api/botrun_back_api.py

@@ -1,65 +1,65 @@
-import os
-from fastapi import APIRouter, HTTPException
-import aiohttp
-from urllib.parse import urljoin
-import json
-from google.auth.transport.requests import Request
-from google.oauth2 import service_account
-
-router = APIRouter()
-
-router = APIRouter(prefix="/botrun_back")
-
-
-def normalize_url(base_url, path):
-    f_base_url = base_url
-    if not f_base_url.endswith("/"):
-        f_base_url = f_base_url + "/"
-    return urljoin(f_base_url, path)
-
-
-@router.get("/info")
-async def get_botrun_back_info():
-    """Get information from the botrun backend service."""
-    try:
-        botrun_base_url = os.environ.get("BOTRUN_BACK_API_BASE")
-        if not botrun_base_url:
-            raise HTTPException(
-                status_code=500, detail="BOTRUN_BACK_API_BASE not configured"
-            )
-
-        info_url = normalize_url(botrun_base_url, "botrun/info")
-        iap_client_id = os.getenv("IAP_CLIENT_ID")
-        iap_service_account_key_file = os.getenv("IAP_SERVICE_ACCOUNT_KEY_FILE")
-        headers = {}
-        if iap_client_id and iap_service_account_key_file:
-            try:
-                credentials = (
-                    service_account.IDTokenCredentials.from_service_account_file(
-                        iap_service_account_key_file,
-                        target_audience=iap_client_id,
-                    )
-                )
-                credentials.refresh(Request())
-                token = credentials.token
-                headers = {"Authorization": f"Bearer {token}"}
-            except Exception as e:
-                raise ValueError(f"Error generating IAP JWT token: {str(e)}")
-
-        async with aiohttp.ClientSession() as session:
-            async with session.get(info_url, headers=headers) as response:
-                if response.status != 200:
-                    error_text = await response.text()
-                    raise HTTPException(
-                        status_code=response.status,
-                        detail=f"Error calling botrun backend: {error_text}",
-                    )
-
-                text = await response.text()
-                return json.loads(text)
-    except aiohttp.ClientError as e:
-        raise HTTPException(
-            status_code=500, detail=f"Error connecting to botrun backend: {str(e)}"
-        )
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Unexpected error: {str(e)}")
+import os
+from fastapi import APIRouter, HTTPException
+import aiohttp
+from urllib.parse import urljoin
+import json
+from google.auth.transport.requests import Request
+from google.oauth2 import service_account
+
+router = APIRouter()
+
+router = APIRouter(prefix="/botrun_back")
+
+
+def normalize_url(base_url, path):
+    f_base_url = base_url
+    if not f_base_url.endswith("/"):
+        f_base_url = f_base_url + "/"
+    return urljoin(f_base_url, path)
+
+
+@router.get("/info")
+async def get_botrun_back_info():
+    """Get information from the botrun backend service."""
+    try:
+        botrun_base_url = os.environ.get("BOTRUN_BACK_API_BASE")
+        if not botrun_base_url:
+            raise HTTPException(
+                status_code=500, detail="BOTRUN_BACK_API_BASE not configured"
+            )
+
+        info_url = normalize_url(botrun_base_url, "botrun/info")
+        iap_client_id = os.getenv("IAP_CLIENT_ID")
+        iap_service_account_key_file = os.getenv("IAP_SERVICE_ACCOUNT_KEY_FILE")
+        headers = {}
+        if iap_client_id and iap_service_account_key_file:
+            try:
+                credentials = (
+                    service_account.IDTokenCredentials.from_service_account_file(
+                        iap_service_account_key_file,
+                        target_audience=iap_client_id,
+                    )
+                )
+                credentials.refresh(Request())
+                token = credentials.token
+                headers = {"Authorization": f"Bearer {token}"}
+            except Exception as e:
+                raise ValueError(f"Error generating IAP JWT token: {str(e)}")
+
+        async with aiohttp.ClientSession() as session:
+            async with session.get(info_url, headers=headers) as response:
+                if response.status != 200:
+                    error_text = await response.text()
+                    raise HTTPException(
+                        status_code=response.status,
+                        detail=f"Error calling botrun backend: {error_text}",
+                    )
+
+                text = await response.text()
+                return json.loads(text)
+    except aiohttp.ClientError as e:
+        raise HTTPException(
+            status_code=500, detail=f"Error connecting to botrun backend: {str(e)}"
+        )
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Unexpected error: {str(e)}")

botrun_flow_lang/api/flow_api.py

@@ -1,3 +1,3 @@
-from fastapi import FastAPI, HTTPException, Query, APIRouter, Body, Depends
-
-crawl_api_router = APIRouter()
+from fastapi import FastAPI, HTTPException, Query, APIRouter, Body, Depends
+
+crawl_api_router = APIRouter()