cattle_grid 0.2.0__tar.gz

cattle_grid-0.2.0/.behaverc

@@ -0,0 +1,3 @@
+[behave]
+show_skipped = 0
+default_tags = ~@wishlist

cattle_grid-0.2.0/.gitignore

@@ -0,0 +1,13 @@
+.coverage
+*.sqlite*
+*.whl
+/cattle_grid_auth.toml
+/cattle_grid_block_list.toml
+cattle_grid.db*
+*.pem
+dist
+reports
+build
+cattle_grid.egg-info
+docs/assets/openapi.json
+requirements.txt

cattle_grid-0.2.0/.readthedocs.yaml

@@ -0,0 +1,15 @@
+version: 2
+
+build:
+  os: "ubuntu-22.04"
+  tools:
+    python: "3.11"
+  jobs:
+    post_create_environment:
+      - pip install poetry
+      - poetry config virtualenvs.create false
+    post_install:
+      - poetry install --with=dev,doc --all-extras -vvv
+
+mkdocs:
+  configuration: docs/mkdocs.yml

cattle_grid-0.2.0/.woodpecker/publish.yml

@@ -0,0 +1,13 @@
+when:
+  - event: tag
+    branch: main
+steps:
+  bovine:
+    image: ghcr.io/astral-sh/uv:python3.11-alpine
+    commands:
+      - uv sync --frozen
+      - uv build
+      - uv publish --token  $PYPI_API_KEY
+    environment:
+      PYPI_API_KEY:
+        from_secret: pypi_api_key

cattle_grid-0.2.0/.woodpecker/test.yml

@@ -0,0 +1,23 @@
+when:
+  - branch: [main]
+    event: [pull_request, push]
+
+steps:
+  build:
+    image: ghcr.io/astral-sh/uv:python3.11-alpine
+    commands:
+      - uv sync --frozen
+  test_format:
+    image: ghcr.io/astral-sh/uv:python3.11-alpine
+    commands:
+      - uv run ruff format .
+      - uv run ruff check .
+  test_pytest:
+    image: ghcr.io/astral-sh/uv:python3.11-alpine
+    commands:
+      - uv run pytest
+  build_docs:
+    image: ghcr.io/astral-sh/uv:python3.11-alpine
+    commands:
+      - uv run mkdocs build
+

cattle_grid-0.2.0/.woodpecker/website.yml

@@ -0,0 +1,27 @@
+when:
+  branch: main
+  event: push
+
+steps:
+  build:
+    image: ghcr.io/astral-sh/uv:python3.11-alpine
+    commands:
+      - mkdir -p docs/assets/schemas
+      - uv sync --frozen
+      - uv run python -mcattle_grid.auth new-config http://localhost/cattle_grid_actor
+      - uv run python -mcattle_grid openapi --filename docs/assets/schemas/openapi.json
+      - uv run python -mcattle_grid openapi --filename docs/assets/schemas/openapi_ap.json --component ap
+      - uv run python -mcattle_grid openapi --filename docs/assets/schemas/openapi_autn.json --component auth
+      - uv run python -mcattle_grid async-api --filename docs/assets/schemas/asyncapi_ap.json --component ap
+      - uv run python -mcattle_grid async-api --filename docs/assets/schemas/asyncapi_exchange.json
+      - uv run python -mcattle_grid openapi --component account --filename docs/assets/schemas/openapi_account.json
+      - uv run python -mcattle_grid openapi --component account --filename docs/assets/schemas/openapi_account_ap.json --component ap
+      - uv run python -mcattle_grid async-api --component account --filename docs/assets/schemas/asyncapi_account.json
+      - uv run python -mcattle_grid openapi --component rabbit --filename docs/assets/schemas/openapi_rabbit.json
+      - uv run mkdocs build
+  deploy:
+    image: codeberg.org/xfix/plugin-codeberg-pages-deploy:1
+    settings:
+      folder: site
+      ssh_key:
+        from_secret: deploy_ssh_key

cattle_grid-0.2.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Helge
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cattle_grid-0.2.0/PKG-INFO

@@ -0,0 +1,109 @@
+Metadata-Version: 2.4
+Name: cattle_grid
+Version: 0.2.0
+Summary: Middleware for the Fediverse
+License-File: LICENSE
+Requires-Python: >=3.11
+Requires-Dist: aerich>=0.8.0
+Requires-Dist: almabtrieb>=0.1.0a1
+Requires-Dist: argon2-cffi>=23.1.0
+Requires-Dist: bleach>=6.2.0
+Requires-Dist: bovine>=0.5.13
+Requires-Dist: dynaconf>=3.2.6
+Requires-Dist: fastapi>=0.115.4
+Requires-Dist: faststream[cli,rabbit]>=0.5.25
+Requires-Dist: fediverse-pasture>=0.2.14
+Requires-Dist: python-multipart>=0.0.17
+Requires-Dist: quart>=0.19.6
+Requires-Dist: sqlalchemy-utils>=0.41.2
+Requires-Dist: sqlalchemy[asyncio]>=2.0.36
+Requires-Dist: tomli-w>=1.0.0
+Requires-Dist: tortoise-orm[asyncpg]>=0.21.6
+Requires-Dist: uuid6>=2024.7.10
+Provides-Extra: cache
+Requires-Dist: redis>=5.2.1; extra == 'cache'
+Description-Content-Type: text/markdown
+
+# cattle_grid
+
+THIS README needs to be updated for cattle_grid 0.2.0
+
+cattle_grid is meant to simplify handling authentication in server to
+server communication of the Fediverse. cattle_grid checks the HTTP
+signatures based on the headers. For this public keys are retrieved
+and cached.
+
+For installation instructions see the [documentation](https://bovine.codeberg.page/cattle_grid/).
+
+## Running
+
+After creating a configuration file, one can run cattle_grid via
+
+```bash
+poetry run uvicorn cattle_grid:create_app
+```
+
+## Development
+
+One can run the pytest tests via
+
+```bash
+poetry install
+poetry run pytest
+```
+
+## Development with Fediverse pasture
+
+In your Funfedi.dev directory (see [here](https://funfedi.dev/testing_tools/verify_actor/)
+for details), run
+
+```bash
+cd fediverse-pasture
+docker compose --file pasture.yml up pasture_verify_actor
+```
+
+Now in the cattle grid directory, run
+
+```bash
+poetry run python -mcattle_grid.config --actor_id http://cattle_grid/actor
+```
+
+to create a `cattle_grid.toml` file. Then start the docker containers via
+
+```bash
+docker compose up
+```
+
+By opening [http://localhost:2909/?actor_uri=jskitten@cattle_grid_demo](http://localhost:2909/?actor_uri=jskitten%40cattle_grid_demo), you should then be able to view the verify actor result. By refreshing the page and inspecting the log files, you can also check that the requests only ran once.
+
+### Creating an user
+
+By running
+
+```bash
+docker compose run runner
+```
+
+one can start a shell in the docker environment. By then running in it
+
+```bash
+curl abel/admin/create -X POST -F username=name -F password=secret
+```
+
+one can create the user with handle `@name@abel`.
+
+## Running GUI tests with the pasture
+
+Start mastodon accessible through your browser
+
+```bash
+cd fediverse-pasture
+docker compose --file mastodon42.yml --profile nginx up
+```
+
+See [Fun Fediverse Development](https://funfedi.dev/fediverse_pasture/applications/mastodon_4_2/) for instructions.
+
+Then you can open [mastodon42web](http://mastodon42web) and lookup `jskitten@cattle_grid_demo`.
+When you send a message to this kitten, it should reply with a meow, e.g.
+
+![Kitten meows](mastodon.png)

cattle_grid-0.2.0/README.md

@@ -0,0 +1,83 @@
+# cattle_grid
+
+THIS README needs to be updated for cattle_grid 0.2.0
+
+cattle_grid is meant to simplify handling authentication in server to
+server communication of the Fediverse. cattle_grid checks the HTTP
+signatures based on the headers. For this public keys are retrieved
+and cached.
+
+For installation instructions see the [documentation](https://bovine.codeberg.page/cattle_grid/).
+
+## Running
+
+After creating a configuration file, one can run cattle_grid via
+
+```bash
+poetry run uvicorn cattle_grid:create_app
+```
+
+## Development
+
+One can run the pytest tests via
+
+```bash
+poetry install
+poetry run pytest
+```
+
+## Development with Fediverse pasture
+
+In your Funfedi.dev directory (see [here](https://funfedi.dev/testing_tools/verify_actor/)
+for details), run
+
+```bash
+cd fediverse-pasture
+docker compose --file pasture.yml up pasture_verify_actor
+```
+
+Now in the cattle grid directory, run
+
+```bash
+poetry run python -mcattle_grid.config --actor_id http://cattle_grid/actor
+```
+
+to create a `cattle_grid.toml` file. Then start the docker containers via
+
+```bash
+docker compose up
+```
+
+By opening [http://localhost:2909/?actor_uri=jskitten@cattle_grid_demo](http://localhost:2909/?actor_uri=jskitten%40cattle_grid_demo), you should then be able to view the verify actor result. By refreshing the page and inspecting the log files, you can also check that the requests only ran once.
+
+### Creating an user
+
+By running
+
+```bash
+docker compose run runner
+```
+
+one can start a shell in the docker environment. By then running in it
+
+```bash
+curl abel/admin/create -X POST -F username=name -F password=secret
+```
+
+one can create the user with handle `@name@abel`.
+
+## Running GUI tests with the pasture
+
+Start mastodon accessible through your browser
+
+```bash
+cd fediverse-pasture
+docker compose --file mastodon42.yml --profile nginx up
+```
+
+See [Fun Fediverse Development](https://funfedi.dev/fediverse_pasture/applications/mastodon_4_2/) for instructions.
+
+Then you can open [mastodon42web](http://mastodon42web) and lookup `jskitten@cattle_grid_demo`.
+When you send a message to this kitten, it should reply with a meow, e.g.
+
+![Kitten meows](mastodon.png)

cattle_grid-0.2.0/cattle_grid/__init__.py

@@ -0,0 +1,84 @@
+import logging
+from typing import List
+
+from fastapi import FastAPI
+from faststream.rabbit import RabbitBroker
+from contextlib import asynccontextmanager
+
+from .activity_pub.server import router as ap_router
+from .auth.router import create_auth_router
+
+from .config import load_settings, default_filenames
+from .config.messaging import broker
+from .config.auth import get_auth_config
+from .exchange.server import create_exchange_api_router
+from .account.server import router as fe_router
+from .account.rabbit import rabbit_router
+from .extensions.load import load_extensions, add_routes_to_api, set_globals
+from .dependencies.globals import alchemy_database
+
+from .version import __version__
+from .database import database, upgrade
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+
+tags_description = [
+    {
+        "name": "activity_pub",
+        "description": "Endpoints used and consumed by other Fediverse applications to communicate through cattle_grid",
+    },
+    {
+        "name": "auth",
+        "description": """Authentication endpoints
+    
+The auth endpoint allows one to check the HTTP Signature
+and reject requests with an invalid one, only based on the
+headers. This step then occurs before the request is passed
+to the application. Furthermore, this behavior can be shared
+accross many services.""",
+    },
+]
+
+
+def create_app(filenames: List[str] = default_filenames) -> FastAPI:
+    logger.info("Running cattle grid version %s", __version__)
+
+    base_config = load_settings(filenames=filenames)
+
+    extensions = load_extensions(base_config)
+    set_globals(extensions)
+
+    @asynccontextmanager
+    async def lifespan(app: FastAPI, broker: RabbitBroker = broker()):
+        await upgrade(base_config)
+
+        await broker.start()
+        async with database(base_config.db_uri, generate_schemas=False):
+            async with alchemy_database(base_config.db_uri):
+                yield
+        await broker.close()
+
+    app = FastAPI(
+        lifespan=lifespan,
+        title="cattle_grid",
+        description="middle ware for the Fediverse",
+        version=__version__,
+        openapi_tags=tags_description,
+    )
+
+    app.include_router(ap_router)
+    app.include_router(create_exchange_api_router(base_config))
+    app.include_router(create_auth_router(get_auth_config(base_config)), prefix="/auth")
+
+    app.include_router(fe_router, prefix="/fe")
+    app.include_router(rabbit_router)
+
+    add_routes_to_api(app, extensions)
+
+    @app.get("/")
+    async def main() -> str:
+        return "cattle_grid"
+
+    return app

cattle_grid-0.2.0/cattle_grid/__main__.py

@@ -0,0 +1,150 @@
+import click
+import os
+import asyncio
+import logging
+
+from cattle_grid.config import load_settings, default_filenames
+from .statistics import statistics
+from .auth.block_cli import add_block_command
+from .auth.key_cli import add_keys_command
+
+from .extensions.helper import add_extension_commands
+from .account.cli import add_account_commands
+
+logger = logging.getLogger(__name__)
+
+
+@click.group()
+@click.option("--config_file", default="cattle_grid.toml")
+@click.pass_context
+def main(ctx, config_file):
+    ctx.ensure_object(dict)
+    ctx.obj["config_file"] = config_file
+
+    try:
+        ctx.obj["config"] = load_settings(config_file)
+    except Exception as e:
+        logger.Exception(e)
+
+
+@main.command()
+@click.option(
+    "--force",
+    help="Used to override the old configuration file",
+    is_flag=True,
+    default=False,
+)
+@click.pass_context
+def new_config(ctx, force):
+    """Creates a new configuration file"""
+    filename = ctx.obj["config_file"]
+
+    if os.path.exists(filename) and not force:
+        print("Configuration file already exists! Use --force to overwrite.")
+        exit(1)
+
+    # FIXME
+
+    exit(1)
+
+
+@main.command()
+@click.pass_context
+def stat(ctx):
+    """Displays statistical information about cattle_grid"""
+    asyncio.run(statistics(ctx.obj["config"]))
+
+
+@main.command()
+@click.option("--db_uri")
+@click.option("--name")
+@click.pass_context
+def create_db_migration(ctx, db_uri, name):
+    """Creates a database migration; run after editing models"""
+    from .database import migrate
+
+    config = ctx.obj["config"]
+
+    if db_uri:
+        config.db_uri = db_uri
+
+    asyncio.run(migrate(config, name))
+
+
+@main.command()
+@click.option("--db_uri")
+@click.pass_context
+def upgrade_db(ctx, db_uri):
+    from .database import upgrade
+
+    config = ctx.obj["config"]
+
+    if db_uri:
+        config.db_uri = db_uri
+
+    asyncio.run(upgrade(config))
+
+
+@main.command()
+@click.option("--filename", default="asyncapi.json")
+@click.option(
+    "--component",
+    default=None,
+    help="Restrict to a component. Currently allowed ap",
+)
+def async_api(filename, component):
+    if component == "ap":
+        from .activity_pub import get_async_api_schema
+    elif component == "account":
+        from .account.router.schema import get_async_api_schema
+    else:
+        from .exchange import get_async_api_schema
+
+    schema = get_async_api_schema().to_json()
+
+    with open(filename, "w") as fp:
+        fp.write(schema)
+
+
+@main.command()
+@click.option("--filename", default="openapi.json")
+@click.option(
+    "--component",
+    default=None,
+    help="Restrict to a component. Currently allowed auth or ap",
+)
+@click.pass_context
+def openapi(ctx, filename, component):
+    import json
+
+    match component:
+        case "auth":
+            from .auth import create_app
+
+            app = create_app(default_filenames)
+        case "ap":
+            from .activity_pub import get_fastapi_app
+
+            app = get_fastapi_app()
+        case "account":
+            from .account.server.app import app
+        case "rabbit":
+            from .account.rabbit import app_for_schema
+
+            app = app_for_schema()
+        case _:
+            from . import create_app
+
+            # app = create_app(ctx.obj["config_file"])
+            app = create_app()
+    with open(filename, "w") as fp:
+        json.dump(app.openapi(), fp)
+
+
+add_block_command(main)
+add_keys_command(main)
+add_extension_commands(main)
+add_account_commands(main)
+
+if __name__ == "__main__":
+    main()

cattle_grid-0.2.0/cattle_grid/account/account.py

@@ -0,0 +1,39 @@
+import argon2
+import logging
+
+
+from .models import Account
+
+logger = logging.getLogger(__name__)
+
+password_hasher = argon2.PasswordHasher()
+
+
+async def create_account(username: str, password: str) -> Account | None:
+    """Creates a new account for username and password"""
+    if await Account.get_or_none(name=username):
+        return None
+
+    return await Account.create(
+        name=username, password_hash=password_hasher.hash(password)
+    )
+
+
+async def account_with_username_password(
+    username: str, password: str
+) -> Account | None:
+    """Retrieves account for given username and password"""
+    account = await Account.get_or_none(name=username)
+    if account is None:
+        return None
+
+    try:
+        password_hasher.verify(account.password_hash, password)
+    except argon2.exceptions.VerifyMismatchError:
+        logger.warning("Got wrong password for %s", username)
+        return None
+
+    # Implement rehash?
+    # https://argon2-cffi.readthedocs.io/en/stable/howto.html
+
+    return account

cattle_grid-0.2.0/cattle_grid/account/cli.py

@@ -0,0 +1,39 @@
+import click
+import asyncio
+
+
+from cattle_grid.database import database
+from .models import Account
+from .account import create_account
+
+
+async def new_account(config, name, password):
+    async with database(db_uri=config.db_uri):
+        await create_account(name, password)
+
+
+async def list_accounts(config):
+    async with database(db_uri=config.db_uri):
+        accounts = await Account.all()
+        for account in accounts:
+            print(account.name)
+
+
+def add_account_commands(main):
+    @main.group()
+    def account():
+        """Used to manage accounts associated with cattle_grid"""
+
+    @account.command()
+    @click.argument("name")
+    @click.argument("password")
+    @click.pass_context
+    def new(cfg, name, password):
+        """Creates a new account"""
+        asyncio.run(new_account(cfg.obj["config"], name, password))
+
+    @account.command()
+    @click.pass_context
+    def list(cfg):
+        """Lists existing accounts"""
+        asyncio.run(list_accounts(cfg.obj["config"]))

cattle_grid-0.2.0/cattle_grid/account/models.py

@@ -0,0 +1,37 @@
+from tortoise import fields
+from tortoise.models import Model
+
+
+class Account(Model):
+    """Represents an Account"""
+
+    id = fields.IntField(primary_key=True)
+
+    name = fields.CharField(max_length=255)
+    """The account name"""
+
+    password_hash = fields.CharField(max_length=255)
+    """The hashed password"""
+
+    actors: fields.ReverseRelation["ActorForAccount"]
+    """Actors associated with this account"""
+
+    token: fields.ReverseRelation["AuthenticationToken"]
+    """Authentication tokens for this account"""
+
+
+class ActorForAccount(Model):
+    id = fields.IntField(primary_key=True)
+
+    account: fields.ForeignKeyRelation[Account] = fields.ForeignKeyField(
+        "gateway_models.Account", related_name="actors"
+    )
+    actor = fields.CharField(max_length=255)
+
+
+class AuthenticationToken(Model):
+    token = fields.CharField(max_length=64, primary_key=True)
+
+    account: fields.ForeignKeyRelation[Account] = fields.ForeignKeyField(
+        "gateway_models.Account", related_name="tokens"
+    )