core-framework 0.12.1__py3-none-any.whl → 0.12.3__py3-none-any.whl

core/auth/middleware.py

@@ -0,0 +1,355 @@
+"""
+Authentication Middleware for Core Framework.
+
+Bug #8 Fix: Provides built-in middleware for populating request.state.user.
+
+This middleware automatically authenticates requests using the configured
+authentication backend and populates request.state.user.
+
+Usage:
+    from core.auth.middleware import AuthenticationMiddleware
+    
+    app = CoreApp(
+        middlewares=[(AuthenticationMiddleware, {})],
+    )
+    
+    # Or configure via configure_auth()
+    from core.auth import configure_auth
+    configure_auth(
+        user_model=User,
+        auto_middleware=True,  # Automatically adds middleware
+    )
+
+The middleware will:
+1. Extract Bearer token from Authorization header
+2. Validate the token
+3. Fetch the user from database
+4. Set request.state.user to the authenticated user (or None)
+"""
+
+from __future__ import annotations
+
+from typing import Any, TYPE_CHECKING
+
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import Response
+
+if TYPE_CHECKING:
+    from collections.abc import Callable, Awaitable
+
+
+class AuthenticationMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware that authenticates requests and populates request.state.user.
+    
+    This middleware:
+    1. Initializes request.state.user to None
+    2. Extracts Bearer token from Authorization header
+    3. Validates the token using configured backend
+    4. Fetches user from database
+    5. Sets request.state.user to authenticated user
+    
+    Example:
+        from core.auth.middleware import AuthenticationMiddleware
+        
+        app = CoreApp(
+            middlewares=[(AuthenticationMiddleware, {})],
+        )
+        
+        # In your view
+        @router.get("/me")
+        async def me(request: Request):
+            user = request.state.user  # User or None
+            if user is None:
+                raise HTTPException(401, "Not authenticated")
+            return {"id": user.id, "email": user.email}
+    
+    Configuration via kwargs:
+        - user_model: User model class (uses global config if None)
+        - header_name: Header to extract token from (default: "Authorization")
+        - scheme: Expected scheme (default: "Bearer")
+        - skip_paths: List of paths to skip authentication (e.g., ["/health"])
+    """
+    
+    def __init__(
+        self,
+        app: "Callable[[Request], Awaitable[Response]]",
+        user_model: type | None = None,
+        header_name: str = "Authorization",
+        scheme: str = "Bearer",
+        skip_paths: list[str] | None = None,
+    ) -> None:
+        super().__init__(app)
+        self._user_model = user_model
+        self.header_name = header_name
+        self.scheme = scheme
+        self.skip_paths = skip_paths or []
+    
+    @property
+    def user_model(self) -> type | None:
+        """Get user model from instance or global config."""
+        if self._user_model is not None:
+            return self._user_model
+        
+        try:
+            from core.auth.models import get_user_model
+            return get_user_model()
+        except Exception:
+            return None
+    
+    async def dispatch(
+        self,
+        request: Request,
+        call_next: "Callable[[Request], Awaitable[Response]]",
+    ) -> Response:
+        """
+        Process request and authenticate user.
+        
+        Always sets request.state.user (to User or None).
+        """
+        # Initialize user to None
+        request.state.user = None
+        
+        # Skip authentication for configured paths
+        if self._should_skip(request.url.path):
+            return await call_next(request)
+        
+        # Try to authenticate
+        try:
+            user = await self._authenticate(request)
+            request.state.user = user
+        except Exception:
+            # Authentication failed, keep user as None
+            pass
+        
+        return await call_next(request)
+    
+    def _should_skip(self, path: str) -> bool:
+        """Check if path should skip authentication."""
+        for skip_path in self.skip_paths:
+            if path.startswith(skip_path):
+                return True
+        return False
+    
+    def _extract_token(self, request: Request) -> str | None:
+        """Extract token from Authorization header."""
+        auth_header = request.headers.get(self.header_name)
+        
+        if not auth_header:
+            return None
+        
+        parts = auth_header.split()
+        
+        if len(parts) != 2:
+            return None
+        
+        scheme, token = parts
+        
+        if scheme.lower() != self.scheme.lower():
+            return None
+        
+        return token
+    
+    async def _authenticate(self, request: Request) -> Any | None:
+        """
+        Authenticate request and return user.
+        
+        Returns:
+            User instance if authenticated, None otherwise
+        """
+        token = self._extract_token(request)
+        
+        if not token:
+            return None
+        
+        # Verify token
+        from core.auth.tokens import verify_token
+        
+        payload = verify_token(token, token_type="access")
+        
+        if payload is None:
+            return None
+        
+        # Get user_id from token
+        user_id = payload.get("sub") or payload.get("user_id")
+        
+        if not user_id:
+            return None
+        
+        # Get user from database
+        User = self.user_model
+        if User is None:
+            return None
+        
+        # Bug #3 & #4 Fix: Get database session correctly
+        # The middleware runs outside FastAPI DI context, so we need to
+        # handle database session creation carefully
+        db = await self._get_db_session()
+        if db is None:
+            return None
+        
+        try:
+            # Convert user_id to correct type
+            user_id_converted = self._convert_user_id(user_id, User)
+            
+            user = await User.objects.using(db).filter(id=user_id_converted).first()
+            
+            if user is None:
+                return None
+            
+            # Check if user is active
+            if hasattr(user, "is_active") and not user.is_active:
+                return None
+            
+            return user
+        except Exception:
+            return None
+        finally:
+            await db.close()
+    
+    async def _get_db_session(self) -> Any | None:
+        """
+        Get a database session for authentication.
+        
+        Bug #3 & #4 Fix: Handles both initialized and uninitialized database states.
+        Creates session directly from engine if normal path fails.
+        
+        Returns:
+            AsyncSession or None if database not available
+        """
+        # Try 1: Use the standard get_read_session (if database is initialized)
+        try:
+            from core.database import get_read_session, _read_session_factory
+            
+            if _read_session_factory is not None:
+                return _read_session_factory()
+        except (RuntimeError, ImportError):
+            pass
+        
+        # Try 2: Create session from settings (lazy initialization)
+        try:
+            from core.config import get_settings
+            from sqlalchemy.ext.asyncio import create_async_engine, async_sessionmaker, AsyncSession
+            
+            settings = get_settings()
+            db_url = getattr(settings, 'database_read_url', None) or getattr(settings, 'database_url', None)
+            
+            if db_url:
+                engine = create_async_engine(db_url, echo=False)
+                session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
+                return session_factory()
+        except Exception:
+            pass
+        
+        return None
+    
+    def _convert_user_id(self, user_id: str, User: type) -> Any:
+        """
+        Convert user_id string to the correct type based on model.
+        
+        Handles INTEGER, UUID, and string IDs.
+        """
+        from uuid import UUID
+        
+        # Try to detect PK type
+        try:
+            from core.auth.models import _get_pk_column_type
+            from sqlalchemy.dialects.postgresql import UUID as PG_UUID
+            from sqlalchemy import Integer, BigInteger
+            
+            pk_type = _get_pk_column_type(User)
+            
+            if pk_type == PG_UUID:
+                return UUID(user_id)
+            elif pk_type in (Integer, BigInteger):
+                return int(user_id)
+        except Exception:
+            pass
+        
+        # Try UUID first, then int, then string
+        try:
+            return UUID(user_id)
+        except (ValueError, TypeError):
+            pass
+        
+        try:
+            return int(user_id)
+        except (ValueError, TypeError):
+            pass
+        
+        return user_id
+
+
+class OptionalAuthenticationMiddleware(AuthenticationMiddleware):
+    """
+    Same as AuthenticationMiddleware but never raises errors.
+    
+    Always proceeds with the request, setting user to None on any failure.
+    Useful for endpoints that work both with and without authentication.
+    """
+    
+    async def dispatch(
+        self,
+        request: Request,
+        call_next: "Callable[[Request], Awaitable[Response]]",
+    ) -> Response:
+        """Process request, never failing on auth errors."""
+        request.state.user = None
+        
+        if not self._should_skip(request.url.path):
+            try:
+                user = await self._authenticate(request)
+                request.state.user = user
+            except Exception:
+                pass  # Silently ignore all errors
+        
+        return await call_next(request)
+
+
+# =============================================================================
+# Auto-configuration helper
+# =============================================================================
+
+_middleware_registered = False
+
+
+def ensure_auth_middleware(app: Any) -> None:
+    """
+    Ensure AuthenticationMiddleware is registered on the app.
+    
+    Call this from configure_auth() when auto_middleware=True.
+    
+    Args:
+        app: FastAPI or CoreApp instance
+    """
+    global _middleware_registered
+    
+    if _middleware_registered:
+        return
+    
+    # Try to add middleware
+    try:
+        if hasattr(app, "add_middleware"):
+            app.add_middleware(AuthenticationMiddleware)
+            _middleware_registered = True
+    except Exception:
+        pass
+
+
+def reset_middleware_state() -> None:
+    """Reset middleware registration state (for testing)."""
+    global _middleware_registered
+    _middleware_registered = False
+
+
+# =============================================================================
+# Exports
+# =============================================================================
+
+__all__ = [
+    "AuthenticationMiddleware",
+    "OptionalAuthenticationMiddleware",
+    "ensure_auth_middleware",
+    "reset_middleware_state",
+]

core/auth/models.py

@@ -27,12 +27,14 @@ Uso:
 from __future__ import annotations
 
 from typing import Any, ClassVar, TYPE_CHECKING
+from uuid import UUID
 
 from sqlalchemy import Table, Column, Integer, ForeignKey, inspect
 from sqlalchemy.orm import Mapped, relationship, declared_attr
 from sqlalchemy.dialects.postgresql import UUID as PG_UUID
 
 from core.models import Model, Field
+from core.fields import AdvancedField
 from core.auth.base import get_password_hasher, get_auth_config
 from core.datetime import timezone, DateTime
 
@@ -47,11 +49,16 @@ if TYPE_CHECKING:
 # Cache de tabelas criadas para evitar duplicação
 _association_tables: dict[str, Table] = {}
 
+# Cache de tipos de PK detectados
+_pk_type_cache: dict[str, type] = {}
+
 
 def _get_pk_column_type(model_class: type) -> type:
     """
     Detecta o tipo da coluna PK de um modelo.
     
+    Bug #3 Fix: Detecção robusta do tipo de PK para FKs.
+    
     Suporta:
     - Integer (int)
     - BigInteger (int com bigint=True)
@@ -63,42 +70,83 @@ def _get_pk_column_type(model_class: type) -> type:
     """
     from sqlalchemy import Integer, BigInteger, String
     from sqlalchemy.dialects.postgresql import UUID as PG_UUID
-    import uuid
+    from sqlalchemy import Uuid
+    
+    # Verifica cache primeiro
+    cache_key = f"{model_class.__module__}.{model_class.__name__}"
+    if cache_key in _pk_type_cache:
+        return _pk_type_cache[cache_key]
     
-    # Tenta obter do __annotations__ ou columns
+    detected_type = Integer  # Default
+    
+    # Método 1: Tenta obter da tabela já mapeada
     if hasattr(model_class, "__table__"):
-        # Modelo já mapeado - pega direto da tabela
         pk_columns = [c for c in model_class.__table__.columns if c.primary_key]
         if pk_columns:
-            return type(pk_columns[0].type)
+            pk_col_type = pk_columns[0].type
+            # Verifica se é UUID
+            if isinstance(pk_col_type, (PG_UUID, Uuid)):
+                detected_type = PG_UUID
+            elif isinstance(pk_col_type, BigInteger):
+                detected_type = BigInteger
+            elif isinstance(pk_col_type, String):
+                detected_type = String
+            elif isinstance(pk_col_type, Integer):
+                detected_type = Integer
+            else:
+                # Tenta pelo nome do tipo
+                type_name = type(pk_col_type).__name__.upper()
+                if "UUID" in type_name:
+                    detected_type = PG_UUID
+            
+            _pk_type_cache[cache_key] = detected_type
+            return detected_type
     
-    # Tenta via annotations
+    # Método 2: Tenta via annotations
     annotations = getattr(model_class, "__annotations__", {})
     
     if "id" in annotations:
         ann = annotations["id"]
         ann_str = str(ann)
         
-        # Detecta UUID
-        if "UUID" in ann_str or "uuid" in ann_str:
-            return PG_UUID
-        
+        # Detecta UUID (vários formatos)
+        if "UUID" in ann_str or "uuid" in ann_str or "Uuid" in ann_str:
+            detected_type = PG_UUID
         # Detecta int
-        if "int" in ann_str.lower():
-            return Integer
-        
+        elif "int" in ann_str.lower() and "uuid" not in ann_str.lower():
+            detected_type = Integer
         # Detecta str
-        if "str" in ann_str.lower():
-            return String
-    
-    # Default: Integer
-    return Integer
+        elif "str" in ann_str.lower() and "uuid" not in ann_str.lower():
+            detected_type = String
+    
+    # Método 3: Verifica campos na classe (declared_attr ou column_property)
+    for attr_name in dir(model_class):
+        if attr_name == "id":
+            attr = getattr(model_class, attr_name, None)
+            if attr is not None:
+                # Pode ser um InstrumentedAttribute
+                if hasattr(attr, "type"):
+                    attr_type = attr.type
+                    if isinstance(attr_type, (PG_UUID, Uuid)):
+                        detected_type = PG_UUID
+                        break
+                # Pode ser um mapped_column
+                if hasattr(attr, "property") and hasattr(attr.property, "columns"):
+                    for col in attr.property.columns:
+                        if isinstance(col.type, (PG_UUID, Uuid)):
+                            detected_type = PG_UUID
+                            break
+    
+    _pk_type_cache[cache_key] = detected_type
+    return detected_type
 
 
 def _create_user_fk_column(user_tablename: str, user_model: type | None = None):
     """
     Cria coluna FK para user_id detectando automaticamente o tipo.
     
+    Bug #3 Fix: Suporte correto a UUID em FKs.
+    
     Args:
         user_tablename: Nome da tabela do usuário
         user_model: Classe do modelo (opcional, para detecção de tipo)
@@ -108,9 +156,10 @@ def _create_user_fk_column(user_tablename: str, user_model: type | None = None):
     """
     from sqlalchemy import Integer, BigInteger, String
     from sqlalchemy.dialects.postgresql import UUID as PG_UUID
+    from sqlalchemy import Uuid
     
     # Tenta detectar o tipo do modelo
-    col_type = Integer  # Default
+    col_type: Any = Integer  # Default
     
     if user_model is not None:
         detected = _get_pk_column_type(user_model)
@@ -122,6 +171,16 @@ def _create_user_fk_column(user_tablename: str, user_model: type | None = None):
             col_type = String(36)  # UUID como string
         else:
             col_type = Integer
+    else:
+        # Sem modelo, tenta inferir da configuração global
+        try:
+            config = get_auth_config()
+            if config.user_model is not None:
+                detected = _get_pk_column_type(config.user_model)
+                if detected == PG_UUID:
+                    col_type = PG_UUID(as_uuid=True)
+        except Exception:
+            pass
     
     return Column(
         "user_id",
@@ -131,6 +190,17 @@ def _create_user_fk_column(user_tablename: str, user_model: type | None = None):
     )
 
 
+def clear_association_table_cache() -> None:
+    """
+    Limpa o cache de tabelas de associação.
+    
+    Útil para testes ou quando o modelo de usuário muda.
+    """
+    global _association_tables, _pk_type_cache
+    _association_tables.clear()
+    _pk_type_cache.clear()
+
+
 def get_user_groups_table(user_tablename: str = "auth_users", user_model: type | None = None) -> Table:
     """
     Obtém ou cria tabela de associação user <-> groups.
@@ -433,17 +503,29 @@ class AbstractUser(Model):
     """
     Modelo abstrato base para usuários.
     
+    Bug #4 Fix: Suporta tanto INTEGER quanto UUID como PK.
+    
     Herde desta classe para criar seu modelo de usuário customizado:
     
+        # Com INTEGER (padrão)
         class User(AbstractUser, PermissionsMixin):
             __tablename__ = "users"
-            
-            # Campos adicionais
-            phone: Mapped[str | None] = Field.string(max_length=20, nullable=True)
-            avatar_url: Mapped[str | None] = Field.string(max_length=500, nullable=True)
+        
+        # Com UUID - sobrescreva o campo id
+        from core.fields import AdvancedField
+        from uuid import UUID
+        
+        class User(AbstractUser, PermissionsMixin):
+            __tablename__ = "users"
+            id: Mapped[UUID] = AdvancedField.uuid_pk()  # Override para UUID
+    
+    Ou use AbstractUUIDUser para UUID por padrão:
+    
+        class User(AbstractUUIDUser, PermissionsMixin):
+            __tablename__ = "users"
     
     Campos incluídos:
-        - id: Chave primária
+        - id: Chave primária (INTEGER por padrão, pode ser UUID)
         - email: Email único (usado para login)
         - password_hash: Hash da senha
         - is_active: Se o usuário está ativo
@@ -455,7 +537,7 @@ class AbstractUser(Model):
     
     __abstract__ = True
     
-    # Campos de autenticação
+    # Campos de autenticação - id pode ser sobrescrito por subclasses
     id: Mapped[int] = Field.pk()
     email: Mapped[str] = Field.string(max_length=255, unique=True, index=True)
     password_hash: Mapped[str] = Field.string(max_length=255)
@@ -682,6 +764,38 @@ class AbstractUser(Model):
         return await cls.objects.using(db).filter(email=email.lower()).first()
 
 
+# =============================================================================
+# AbstractUUIDUser Model (Bug #4 Fix)
+# =============================================================================
+
+class AbstractUUIDUser(AbstractUser):
+    """
+    Modelo abstrato base para usuários com UUID como PK.
+    
+    Bug #4 Fix: Fornece uma versão do AbstractUser que usa UUID por padrão.
+    
+    Ideal para:
+    - Sistemas distribuídos
+    - APIs públicas (UUIDs são mais seguros que IDs sequenciais)
+    - Microservices
+    
+    Exemplo:
+        from core.auth import AbstractUUIDUser, PermissionsMixin
+        
+        class User(AbstractUUIDUser, PermissionsMixin):
+            __tablename__ = "users"
+            
+            # Campos adicionais
+            name: Mapped[str] = Field.string(max_length=100)
+    """
+    
+    __abstract__ = True
+    
+    # Override: usa UUID como PK
+    # UUID importado no topo do módulo para resolução correta de tipos
+    id: Mapped[UUID] = AdvancedField.uuid_pk()
+
+
 # =============================================================================
 # PermissionsMixin
 # =============================================================================

core/auth/schemas.py

@@ -100,12 +100,16 @@ class BaseUserOutput(OutputSchema):
     """
     Base user output schema.
     
+    Bug #4 Fix: Now supports both int and UUID ids.
+    
     Extend to add custom fields:
         class UserOutput(BaseUserOutput):
             phone: str | None = None
             avatar_url: str | None = None
+    
+    For UUID users, the id will be automatically serialized to string.
     """
-    id: int
+    id: int | str  # Supports both INTEGER and UUID (serialized as string)
     email: str
     is_active: bool = True
     is_staff: bool = False