brain2-oc 2.4.0__py3-none-any.whl

brain/__main__.py

@@ -0,0 +1,56 @@
+# coding=utf8
+""" Brain
+
+Handles authorization / user requests
+"""
+
+__author__		= "Chris Nasr"
+__version__		= "1.0.0"
+__copyright__	= "Ouroboros Coding Inc."
+__email__		= "chris@ouroboroscoding.com"
+__created__		= "2022-08-25"
+
+# Python imports
+from sys import argv, exit, stderr
+
+def cli():
+	"""CLI
+
+	Called from the command line to run from the current directory
+
+	Returns:
+		uint
+	"""
+
+	# If we have no arguments
+	if len(argv) == 1:
+
+		# Run the REST server
+		from brain import rest
+		return rest.run()
+
+	# Else, if we have one argument
+	elif len(argv) == 2:
+
+		# If we are installing
+		if argv[1] == 'install':
+			from brain import install
+			return install.run()
+
+		# Else, if we are explicitly stating the rest service
+		elif argv[1] == 'rest':
+			from brain import rest
+			return rest.run()
+
+		# Else, if we are upgrading
+		elif argv[1] == 'upgrade':
+			from brain import upgrade
+			return upgrade.run()
+
+	# Else, arguments are wrong, print and return an error
+	print('Invalid arguments', file = stderr)
+	return 1
+
+# Only run if called directly
+if __name__ == '__main__':
+	exit(cli())

brain/define/.git

@@ -0,0 +1 @@
+gitdir: ../../.git/modules/brain/define

brain/define/README.md

@@ -0,0 +1,2 @@
+# brain2-define
+Define files for the Brain2 service

brain/define/errors.json

@@ -0,0 +1,8 @@
+{
+	"SIGNIN_FAILED": 1200,
+	"PASSWORD_STRENGTH": 1201,
+	"BAD_PORTAL": 1202,
+	"INTERNAL_KEY": 1203,
+	"BAD_OAUTH": 1204,
+	"BAD_CONFIG": 1205
+}

brain/define/key.json

@@ -0,0 +1,27 @@
+{
+	"_id": {
+		"__type__": "string",
+		"__regex__": "^[0-9a-f]{32}$",
+		"__minimum__": 32,
+		"__maximum__": 32
+	},
+
+	"_created": {
+		"__type__": "timestamp",
+		"__optional__": true
+	},
+
+	"_updated": {
+		"__type__": "timestamp",
+		"__optional__": true
+	},
+
+	"user": {
+		"__type__": "tuuid"
+	},
+
+	"type": {
+		"__type__": "string",
+		"__options__": [ "forgot", "setup", "verify" ]
+	}
+}

brain/define/permission.json

@@ -0,0 +1,25 @@
+{
+	"_user": {
+		"__type__": "tuuid"
+	},
+
+	"_portal": {
+		"__type__": "string",
+		"__maximum__": 16
+	},
+
+	"name": {
+		"__type__": "string",
+		"__regex__": "[a-z_]{1,32}"
+	},
+
+	"id": {
+		"__type__": "tuuid"
+	},
+
+	"rights": {
+		"__type__": "uint",
+		"__minimum__": 1,
+		"__maximum__": 15
+	}
+}

brain/define/user.json

@@ -0,0 +1,72 @@
+{
+	"_id": {
+		"__type__": "tuuid",
+		"__optional__": true
+	},
+
+	"_created": {
+		"__type__": "timestamp",
+		"__optional__": true
+	},
+
+	"_updated": {
+		"__type__": "timestamp",
+		"__optional__": true
+	},
+
+	"email": {
+		"__type__": "string",
+		"__maximum__": 127
+	},
+
+	"passwd": {
+		"__type__":"string",
+		"__regex__":"^[0-9a-fA-F]{72}$"
+	},
+
+	"locale": {
+		"__type__": "string",
+		"__regex__": "^[a-z]{2}-[A-Z]{2}$"
+	},
+
+	"first_name": {
+		"__type__": "string",
+		"__minumum__": 1,
+		"__maximum__": 31
+	},
+
+	"last_name": {
+		"__type__": "string",
+		"__minumum__": 2,
+		"__maximum__": 31
+	},
+
+	"title": {
+		"__type__": "string",
+		"__maximum__": 31,
+		"__optional__": true
+	},
+
+	"suffix": {
+		"__type__": "string",
+		"__maximum__": 31,
+		"__optional__": true
+	},
+
+	"phone_number": {
+		"__type__": "string",
+		"__regex__": "^(\\+[\\d \\(\\)-]{10,30}|[\\d \\(\\)-]{10,31})$",
+		"__optional__": true
+	},
+
+	"phone_ext": {
+		"__type__": "string",
+		"__maximum__": 11,
+		"__optional__": true
+	},
+
+	"verified": {
+		"__type__": "bool",
+		"__optional__": true
+	}
+}

brain/define/verify.json

@@ -0,0 +1,21 @@
+{
+	"name": {
+		"__type__": "string"
+	},
+	"right": [ {
+		"__type__": "uint",
+		"__options__": [ 1, 2, 4, 8 ]
+	}, {
+		"__array__": "unique",
+		"__type__": "uint",
+		"__options__": [ 1, 2, 4, 8 ]
+	} ],
+	"id": [ {
+		"__type__": "string",
+		"__optional__": true
+	}, {
+		"__array__": "unique",
+		"__type__": "string",
+		"__optional__": true
+	} ]
+}

brain/errors.py

@@ -0,0 +1,35 @@
+# coding=utf8
+""" Errors
+
+Brain error codes
+"""
+
+__author__ = "Chris Nasr"
+__copyright__ = "Ouroboros Coding Inc"
+__version__ = "1.0.0"
+__email__ = "chris@ouroboroscoding.com"
+__created__ = "2023-01-16"
+
+# Import all body errors as local errors
+from body.errors import *
+
+SIGNIN_FAILED = 1200
+"""Sign In Failed"""
+
+PASSWORD_STRENGTH = 1201
+"""Password not strong enough"""
+
+BAD_PORTAL = 1202
+"""Portal doesn't exist, or the user doesn't have permissions for it"""
+
+INTERNAL_KEY = 1203
+"""Internal key failed to validate"""
+
+BAD_OAUTH = 1204
+"""Something failed in the OAuth process"""
+
+BAD_CONFIG = 1205
+"""Something is missing from the configuration"""
+
+__all__ = [ n for n,v in globals().items() if isinstance(v, int) ]
+""" Export all the constants"""

brain/helpers/access.py

@@ -0,0 +1,275 @@
+# coding=utf8
+""" Access
+
+Shared methods for verifying access
+"""
+
+__author__ = "Chris Nasr"
+__copyright__ = "Ouroboros Coding Inc"
+__version__ = "1.0.0"
+__email__ = "chris@ouroboroscoding.com"
+__created__ = "2022-08-29"
+
+# Limit exports
+__all__ = [
+	'generate_key', 'internal', 'internal_or_verify', 'SYSTEM_USER_ID' 'verify'
+]
+
+# Ouroboros imports
+import body
+from config import config
+import jobject
+from memory import _Memory
+from nredis import nr
+from strings import random
+
+# Python imports
+from hashlib import sha1
+from time import time
+from typing import List, MutableMapping
+from sys import stderr
+
+# Package imports
+from brain import errors, rights
+
+# Constants
+INTERNAL = 1
+VERIFY = 2
+
+ALL = rights.ALL
+A = ALL
+"""Allowed to CRUD"""
+
+CREATE = rights.CREATE
+C = CREATE
+"""Allowed to create records"""
+
+DELETE = rights.DELETE
+D = DELETE
+"""Allowed to delete records"""
+
+READ = rights.READ
+R = READ
+"""Allowed to read records"""
+
+UPDATE = rights.UPDATE
+U = UPDATE
+"""Allowed to update records"""
+
+SYSTEM_USER_ID = '00000000000000000000000000000000'
+"""System User ID"""
+
+RIGHTS_ALL_ID = '012345679abc4defa0123456789abcde'
+"""Used to represent rights across the entire system"""
+
+_internal = config.brain.internal({
+	'redis': 'session',
+	'salt': '',
+	'ttl': 5
+})
+"""Internal Configuration"""
+
+_redis_conn = nr(_internal['redis'])
+"""Redis Connection"""
+
+# Encode the salt to utf-8
+_internal['salt'] = _internal['salt'].encode('utf-8')
+
+# Don't allow 0 for ttl, and give a warning if anyone tries
+if _internal['ttl'] <= 0:
+	print(
+		'brain.internal.ttl can NOT be less than 0 (zero). Setting to 5 ' \
+		'(seconds)',
+		file=stderr
+	)
+	_internal['ttl'] = 5
+
+def generate_key(req: MutableMapping) -> MutableMapping:
+	"""Generate Key
+
+	Used as a wrapper to generates a key and add it to the passed req which it
+	then returns.
+
+	Arguments:
+		req (MutableMapping): The dict or jobject being sent with the request.
+
+	Returns:
+		The same req object passed to it
+	"""
+
+	# Pull in the global internal config
+	global _internal
+
+	# Generate a unique ID
+	sID = str(random(32, [ 'aZ', '10', '!*' ]))
+
+	# Get the current timestamp as a string
+	sTime = str(int(time()))
+
+	# Generate a sha1 from the salt and parts of the time
+	sSHA1 = sha1(
+		sTime[3:].encode('utf-8') +
+		_internal['salt'] +
+		sTime[:3].encode('utf-8')
+	).hexdigest()
+
+	# Store the key
+	if not _redis_conn.set(name = sID, value = sSHA1, ex = _internal['ttl']):
+		return False
+
+	# Add the meta
+	try:
+		req['meta']['Authorize-Internal'] = '%s~%s' % ( sID, sTime )
+	except KeyError:
+		req['meta'] = { 'Authorize-Internal': '%s~%s' % ( sID, sTime ) }
+
+	# Return the req
+	return req
+
+def internal(req: jobject):
+	"""Internal
+
+	Checks for an internal key and throws an exception if it's missing or
+	invalid
+
+	Arguments:
+		req (jobject): The req object passed to the request
+
+	Raises:
+		ResponseException
+
+	Returns:
+		None
+	"""
+
+	# Pull in the global internal config
+	global _internal
+
+	# Get the current time stamp as soon as possible
+	iNow = int(time())
+
+	# Use bottle from inside body.rest to get the text ID and time using the
+	#	Authorize-Internal header
+	try:
+		sID, sTime = req.meta['Authorize-Internal'].split('~')
+	except KeyError:
+		raise body.ResponseException(error = (
+			errors.INTERNAL_KEY, 'missing'
+		))
+
+	# Fetch the key from redis
+	sKey = _redis_conn.get(sID).decode()
+	if sKey is None:
+		raise body.ResponseException(error = (
+			errors.INTERNAL_KEY, 'no key'
+		))
+
+	# If the time is not close enough, the rest is irrelevant
+	if int(sTime) - iNow > _internal['ttl']:
+
+		# Raise an exception
+		raise body.ResponseException(error = (
+			errors.INTERNAL_KEY, 'expired'
+		))
+
+	# Generate a sha1 from the salt, parts of the text, and the time
+	sSHA1 = sha1(
+		sTime[3:].encode('utf-8') +
+		_internal['salt'] +
+		sTime[:3].encode('utf-8')
+	).hexdigest()
+
+	# If they aren't equal
+	if sSHA1 != sKey:
+		raise body.ResponseException(error = (
+			errors.INTERNAL_KEY, 'invalid'
+		))
+
+	# Delete the key
+	_redis_conn.delete(sID)
+
+	# Return OK
+	return True
+
+def internal_or_verify(
+	req: jobject,
+	permission: dict | List[dict]
+) -> str:
+	""" Internal or Verify
+
+	Checks for an internal key, if it wasn't sent, does a verify check.
+
+	Returns the UUID of the user requesting access via the session, else the \
+	SYSTEM_USER_ID when the request is made internally
+
+	Arguments:
+		req (jobject): The current request object sent to the request
+		permission (dict | dict[]): A dict with 'name', 'right' and optional \
+			'id', or a list of those dicts
+
+	Raises:
+		ResponseException
+
+	Returns:
+		string
+	"""
+
+	# If we have an internal key
+	if 'meta' in req and 'Authorize-Internal' in req.meta:
+
+		# Run the internal check
+		internal(req)
+
+		# Return that the request passed the internal check
+		return SYSTEM_USER_ID
+
+	# Else
+	else:
+
+		# Make sure the user has the proper permission to do this
+		verify(req.session, permission)
+
+		# Return that the request passed the verify check
+		return req.session.user._id
+
+def verify(
+	session: _Memory,
+	permission: dict | List[dict],
+	_return: bool = False
+) -> True:
+	"""Verify
+
+	Checks's if the currently signed in user has the requested right on the
+	given permission. If the user has rights, True is returned, else an
+	exception of ResponseException is raised
+
+	Arguments:
+		session (memory._Memory): The current session
+		permission (dict | dict[]): A dict with 'name', 'right' and optional \
+			'id', or a list of those dicts
+		_return (bool): Optional, set to True to return instead of raising
+
+	Raises:
+		ResponseException
+
+	Returns:
+		bool
+	"""
+
+	# Check with the authorization service
+	oResponse = body.read('brain', 'verify', {
+		'data': permission,
+		'session': session
+	})
+
+	# If the response failed
+	if oResponse.error:
+		raise body.ResponseException(oResponse)
+
+	# If the check failed, raise an exception
+	if not oResponse.data:
+		if _return: return False
+		raise body.ResponseException(error = body.errors.RIGHTS)
+
+	# Return OK
+	return True

brain/helpers/users.py

@@ -0,0 +1,171 @@
+# coding=utf8
+""" Users
+
+Shared methods for accessing user info
+"""
+
+__author__ = "Chris Nasr"
+__copyright__ = "Ouroboros Coding Inc"
+__version__ = "1.0.0"
+__email__ = "chris@ouroboroscoding.com"
+__created__ = "2022-08-29"
+
+# Limit exports
+__all__ = [ 'details', 'EMPTY_PASS', 'exists', 'permissions', 'SYSTEM_USER_ID' ]
+
+# Ouroboros modules
+from body import read, ResponseException
+import undefined
+
+# Python imports
+from typing import List, Literal
+
+# Pip imports
+from brain.helpers.access import generate_key, SYSTEM_USER_ID
+
+EMPTY_PASS = '000000000000000000000000000000000000' \
+			 '000000000000000000000000000000000000'
+"""Default password value"""
+
+def details(
+	_id: str | List[str],
+	fields: List[str] = undefined,
+	order: List[str] = undefined,
+	as_dict: Literal[False] | str = '_id'
+) -> dict | list:
+	"""Details
+
+	Fetches user info from IDs and returns a single object if a single ID is \
+	passed, else returns a dict with each key representing the ID, with the \
+	value being the rest of the user details requested via fields. Setting \
+	`as_dict` to False, allows for returning a normal list which will be \
+	sorted by `order`
+
+	Arguments:
+		_id (str|str[]) The ID(s) to fetch info for
+		fields (str[]): The list of fields to return
+		order (str[]): The list of fields to order by
+		as_dict (False | str): Optional, if false, returns a list, if set, must
+						be a field that's passed
+
+	Returns:
+		dict | list
+	"""
+
+	# Init the data by adding the ID(s)
+	dData = { '_id': _id }
+
+	# If we want specific fields
+	if fields:
+		dData['fields'] = fields
+
+	# If we want a specific order
+	if order:
+		dData['order'] = order
+
+	# Make the read using an internal key
+	oResponse = read('brain', 'users/by/id', generate_key({
+		'data': dData
+	}))
+
+	# If there's an error
+	if oResponse.error:
+
+		# Raise it
+		raise ResponseException(oResponse)
+
+	# If we got a single dictionary, or want the original unaltered list
+	if not as_dict or isinstance(oResponse.data, dict):
+		return oResponse.data
+
+	# Convert the data into a dictionary
+	dUsers = {}
+	for d in oResponse.data:
+
+		# Pop off the field used as a key
+		sKey = d.pop(as_dict)
+
+		# Store the rest by the key
+		dUsers[sKey] = d
+
+	# Return the users
+	return dUsers
+
+def exists(
+	_id: str | List[str]
+) -> bool:
+	"""Exists
+
+	Returns true if all User IDs passed exist in the system
+
+	Arguments:
+		_id (str | str[]): One or more IDs to check
+
+	Returns:
+		bool
+	"""
+
+	# Init the data by adding the ID(s)
+	dData = { '_id': _id, 'fields': ['_id'] }
+
+	# Make the read using an internal key
+	oResponse = read('brain', 'users/by/id', generate_key({
+		'data': dData
+	}))
+
+	# If there's an error
+	if oResponse.error:
+
+		# Throw it
+		raise ResponseException(oResponse)
+
+	# If we got a string
+	if isinstance(_id, str):
+
+		# Set the return based on whether we got anything or not
+		bRet = oResponse.data and True or False
+
+	# Else, we got a list
+	else:
+
+		# Set the return based on if the counts match
+		bRet = len(_id) == len(oResponse.data)
+
+	# Return
+	return bRet
+
+def permissions(
+	user: str,
+	portal: str = undefined
+) -> dict:
+	"""Permissions
+
+	Returns the list of all permissions for the user by portal, or only the
+	permissions for one specific portal
+
+	Arguments:
+		user (str): The ID of the user to fetch permissions for
+		portal (str): Optional, the specific set of permissions to return
+
+	Returns:
+		dict | None
+	"""
+
+	# Init the data by adding the ID
+	dData = { 'user': user }
+
+	# If we have a portal
+	if portal is not undefined:
+		dData['portal'] = portal
+
+	# Make the read using an internal key
+	oResponse = read('brain', 'permissions', generate_key({
+		'data': dData
+	}))
+
+	# If there's an error, raise it
+	if oResponse.error:
+		raise ResponseException(oResponse)
+
+	# Return the permissions
+	return oResponse.data