ccproxy-api 0.1.0__py3-none-any.whl

ccproxy/auth/exceptions.py

@@ -0,0 +1,79 @@
+"""Authentication exceptions."""
+
+
+class AuthenticationError(Exception):
+    """Base authentication error."""
+
+    pass
+
+
+class AuthenticationRequiredError(AuthenticationError):
+    """Authentication is required but not provided."""
+
+    pass
+
+
+class InvalidTokenError(AuthenticationError):
+    """Invalid or expired token."""
+
+    pass
+
+
+class InsufficientPermissionsError(AuthenticationError):
+    """Insufficient permissions for the requested operation."""
+
+    pass
+
+
+class CredentialsError(AuthenticationError):
+    """Base credentials error."""
+
+    pass
+
+
+class CredentialsNotFoundError(CredentialsError):
+    """Credentials not found error."""
+
+    pass
+
+
+class CredentialsExpiredError(CredentialsError):
+    """Credentials expired error."""
+
+    pass
+
+
+class CredentialsInvalidError(CredentialsError):
+    """Credentials are invalid or malformed."""
+
+    pass
+
+
+class CredentialsStorageError(CredentialsError):
+    """Error occurred during credentials storage operations."""
+
+    pass
+
+
+class OAuthError(AuthenticationError):
+    """Base OAuth error."""
+
+    pass
+
+
+class OAuthLoginError(OAuthError):
+    """OAuth login failed."""
+
+    pass
+
+
+class OAuthTokenRefreshError(OAuthError):
+    """OAuth token refresh failed."""
+
+    pass
+
+
+class OAuthCallbackError(OAuthError):
+    """OAuth callback failed."""
+
+    pass

ccproxy/auth/manager.py

@@ -0,0 +1,102 @@
+"""Authentication manager interfaces for centralized auth handling."""
+
+from abc import ABC, abstractmethod
+from typing import Any, Protocol
+
+from ccproxy.auth.models import ClaudeCredentials, UserProfile
+
+
+class AuthManager(Protocol):
+    """Protocol for authentication managers."""
+
+    async def get_access_token(self) -> str:
+        """Get valid access token.
+
+        Returns:
+            Access token string
+
+        Raises:
+            AuthenticationError: If authentication fails
+        """
+        ...
+
+    async def get_credentials(self) -> ClaudeCredentials:
+        """Get valid credentials.
+
+        Returns:
+            Valid credentials
+
+        Raises:
+            AuthenticationError: If authentication fails
+        """
+        ...
+
+    async def is_authenticated(self) -> bool:
+        """Check if current authentication is valid.
+
+        Returns:
+            True if authenticated, False otherwise
+        """
+        ...
+
+    async def get_user_profile(self) -> UserProfile | None:
+        """Get user profile information.
+
+        Returns:
+            UserProfile if available, None otherwise
+        """
+        ...
+
+
+class BaseAuthManager(ABC):
+    """Base class for authentication managers."""
+
+    @abstractmethod
+    async def get_access_token(self) -> str:
+        """Get valid access token.
+
+        Returns:
+            Access token string
+
+        Raises:
+            AuthenticationError: If authentication fails
+        """
+        pass
+
+    @abstractmethod
+    async def get_credentials(self) -> ClaudeCredentials:
+        """Get valid credentials.
+
+        Returns:
+            Valid credentials
+
+        Raises:
+            AuthenticationError: If authentication fails
+        """
+        pass
+
+    @abstractmethod
+    async def is_authenticated(self) -> bool:
+        """Check if current authentication is valid.
+
+        Returns:
+            True if authenticated, False otherwise
+        """
+        pass
+
+    async def get_user_profile(self) -> UserProfile | None:
+        """Get user profile information.
+
+        Returns:
+            UserProfile if available, None otherwise
+        """
+        return None
+
+    async def __aenter__(self) -> "BaseAuthManager":
+        """Async context manager entry."""
+        return self
+
+    @abstractmethod
+    async def __aexit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
+        """Async context manager exit."""
+        pass

ccproxy/auth/models.py

@@ -0,0 +1,118 @@
+"""Data models for authentication."""
+
+from datetime import UTC, datetime
+
+from pydantic import BaseModel, Field
+
+
+class OAuthToken(BaseModel):
+    """OAuth token information from Claude credentials."""
+
+    access_token: str = Field(..., alias="accessToken")
+    refresh_token: str = Field(..., alias="refreshToken")
+    expires_at: int | None = Field(None, alias="expiresAt")
+    scopes: list[str] = Field(default_factory=list)
+    subscription_type: str | None = Field(None, alias="subscriptionType")
+    token_type: str = Field(default="Bearer", alias="tokenType")
+
+    def __repr__(self) -> str:
+        """Safe string representation that masks sensitive tokens."""
+        access_preview = (
+            f"{self.access_token[:8]}...{self.access_token[-8:]}"
+            if len(self.access_token) > 16
+            else "***"
+        )
+        refresh_preview = (
+            f"{self.refresh_token[:8]}...{self.refresh_token[-8:]}"
+            if len(self.refresh_token) > 16
+            else "***"
+        )
+
+        expires_at = (
+            datetime.fromtimestamp(self.expires_at / 1000, tz=UTC).isoformat()
+            if self.expires_at is not None
+            else "None"
+        )
+        return (
+            f"OAuthToken(access_token='{access_preview}', "
+            f"refresh_token='{refresh_preview}', "
+            f"expires_at={expires_at}, "
+            f"scopes={self.scopes}, "
+            f"subscription_type='{self.subscription_type}', "
+            f"token_type='{self.token_type}')"
+        )
+
+    @property
+    def is_expired(self) -> bool:
+        """Check if the token is expired."""
+        if self.expires_at is None:
+            # If no expiration info, assume not expired for backward compatibility
+            return False
+        now = datetime.now(UTC).timestamp() * 1000  # Convert to milliseconds
+        return now >= self.expires_at
+
+    @property
+    def expires_at_datetime(self) -> datetime:
+        """Get expiration as datetime object."""
+        if self.expires_at is None:
+            # Return a far future date if no expiration info
+            return datetime.fromtimestamp(2147483647, tz=UTC)  # Year 2038
+        return datetime.fromtimestamp(self.expires_at / 1000, tz=UTC)
+
+
+class OrganizationInfo(BaseModel):
+    """Organization information from OAuth API."""
+
+    uuid: str
+    name: str
+    organization_type: str | None = None
+    billing_type: str | None = None
+    rate_limit_tier: str | None = None
+
+
+class AccountInfo(BaseModel):
+    """Account information from OAuth API."""
+
+    uuid: str
+    email: str
+    full_name: str | None = None
+    display_name: str | None = None
+    has_claude_max: bool | None = None
+    has_claude_pro: bool | None = None
+
+    @property
+    def email_address(self) -> str:
+        """Compatibility property for email_address."""
+        return self.email
+
+
+class UserProfile(BaseModel):
+    """User profile information from Anthropic OAuth API."""
+
+    organization: OrganizationInfo | None = None
+    account: AccountInfo | None = None
+
+
+class ClaudeCredentials(BaseModel):
+    """Claude credentials from the credentials file."""
+
+    claude_ai_oauth: OAuthToken = Field(..., alias="claudeAiOauth")
+
+    def __repr__(self) -> str:
+        """Safe string representation that masks sensitive tokens."""
+        return f"ClaudeCredentials(claude_ai_oauth={repr(self.claude_ai_oauth)})"
+
+
+class ValidationResult(BaseModel):
+    """Result of credentials validation."""
+
+    valid: bool
+    expired: bool | None = None
+    credentials: ClaudeCredentials | None = None
+    path: str | None = None
+
+
+# Backwards compatibility - provide common aliases
+User = UserProfile
+Credentials = ClaudeCredentials
+Profile = UserProfile

ccproxy/auth/oauth/__init__.py

@@ -0,0 +1,26 @@
+"""OAuth authentication module for Anthropic OAuth login."""
+
+from ccproxy.auth.oauth.models import (
+    OAuthCallbackRequest,
+    OAuthState,
+    OAuthTokenRequest,
+    OAuthTokenResponse,
+)
+from ccproxy.auth.oauth.routes import (
+    get_oauth_flow_result,
+    register_oauth_flow,
+    router,
+)
+
+
+__all__ = [
+    # Router
+    "router",
+    "register_oauth_flow",
+    "get_oauth_flow_result",
+    # Models
+    "OAuthState",
+    "OAuthCallbackRequest",
+    "OAuthTokenRequest",
+    "OAuthTokenResponse",
+]

ccproxy/auth/oauth/models.py

@@ -0,0 +1,49 @@
+"""OAuth-specific models for authentication."""
+
+from datetime import datetime
+from typing import Optional
+
+from pydantic import BaseModel, Field
+
+
+class OAuthState(BaseModel):
+    """OAuth state information for pending flows."""
+
+    code_verifier: str = Field(..., description="PKCE code verifier")
+    custom_paths: list[str] | None = Field(None, description="Custom credential paths")
+    completed: bool = Field(default=False, description="Whether the flow is completed")
+    success: bool = Field(default=False, description="Whether the flow was successful")
+    error: str | None = Field(None, description="Error message if failed")
+    created_at: datetime = Field(
+        default_factory=datetime.utcnow, description="Creation timestamp"
+    )
+
+
+class OAuthCallbackRequest(BaseModel):
+    """OAuth callback request parameters."""
+
+    code: str | None = Field(None, description="Authorization code")
+    state: str | None = Field(None, description="State parameter")
+    error: str | None = Field(None, description="OAuth error")
+    error_description: str | None = Field(None, description="OAuth error description")
+
+
+class OAuthTokenRequest(BaseModel):
+    """OAuth token exchange request."""
+
+    grant_type: str = Field(default="authorization_code")
+    code: str = Field(..., description="Authorization code")
+    redirect_uri: str = Field(..., description="Redirect URI")
+    client_id: str = Field(..., description="Client ID")
+    code_verifier: str = Field(..., description="PKCE code verifier")
+
+
+class OAuthTokenResponse(BaseModel):
+    """OAuth token exchange response."""
+
+    access_token: str = Field(..., description="Access token")
+    refresh_token: str | None = Field(None, description="Refresh token")
+    expires_in: int | None = Field(None, description="Token expiration in seconds")
+    scope: str | None = Field(None, description="Granted scopes")
+    subscription_type: str | None = Field(None, description="Subscription type")
+    token_type: str = Field(default="Bearer", description="Token type")