PyPI - core-framework - Versions diffs - 0.12.4__py3-none-any.whl → 0.12.6__py3-none-any.whl - Mend

core-framework 0.12.4py3-none-any.whl → 0.12.6py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

core/__init__.py +1 -1
core/auth/__init__.py +15 -0
core/auth/backends.py +5 -5
core/auth/decorators.py +7 -6
core/auth/helpers.py +104 -0
core/auth/middleware.py +286 -168
core/auth/tokens.py +17 -3
core/auth/views.py +27 -7
core/cli/main.py +6 -4
core/dependencies.py +3 -1
core/permissions.py +8 -6
core/tenancy.py +3 -2
{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/METADATA +1 -1
{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/RECORD +16 -15
{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/WHEEL +0 -0
{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/entry_points.txt +0 -0

core/__init__.py CHANGED Viewed

@@ -278,7 +278,7 @@ from core.exceptions import (
     MissingDependency,
 )
-__version__ = "0.12.4"
+__version__ = "0.12.6"
 __all__ = [
     # Models
     "Model",

core/auth/__init__.py CHANGED Viewed

@@ -121,9 +121,18 @@ from core.auth.views import (
 from core.auth.middleware import (
     AuthenticationMiddleware,
     OptionalAuthenticationMiddleware,
+    JWTAuthBackend,
+    AuthenticatedUser,
     ensure_auth_middleware,
 )
+# Helper functions for consistent user access
+from core.auth.helpers import (
+    get_request_user,
+    is_authenticated,
+    set_request_user,
+)
 __all__ = [
     # Base
     "AuthBackend",
@@ -196,5 +205,11 @@ __all__ = [
     # Middleware
     "AuthenticationMiddleware",
     "OptionalAuthenticationMiddleware",
+    "JWTAuthBackend",
+    "AuthenticatedUser",
     "ensure_auth_middleware",
+    # Helpers
+    "get_request_user",
+    "is_authenticated",
+    "set_request_user",
 ]

core/auth/backends.py CHANGED Viewed

@@ -161,14 +161,14 @@ class ModelBackend(AuthBackend):
     async def login(self, request: "Request", user: Any) -> None:
         """Executa ações pós-login."""
-        # Armazena usuário no request.state
-        request.state.user = user
+        # Armazena usuário no request.state (for backward compatibility)
+        from core.auth.helpers import set_request_user
+        set_request_user(request, user)
     async def logout(self, request: "Request", user: Any) -> None:
         """Executa ações de logout."""
-        # Remove usuário do request.state
-        if hasattr(request.state, "user"):
-            request.state.user = None
+        from core.auth.helpers import set_request_user
+        set_request_user(request, None)
 class TokenAuthBackend(AuthBackend):

core/auth/decorators.py CHANGED Viewed

@@ -24,6 +24,7 @@ from typing import Any, TYPE_CHECKING
 from fastapi import Depends, HTTPException, Request, status
 from core.permissions import Permission as PermissionBase
+from core.auth.helpers import get_request_user
 if TYPE_CHECKING:
     pass
@@ -70,7 +71,7 @@ class HasPermission(PermissionBase):
         request: Request,
         view: Any = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -135,7 +136,7 @@ class IsInGroup(PermissionBase):
         request: Request,
         view: Any = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -179,7 +180,7 @@ class IsSuperuser(PermissionBase):
         request: Request,
         view: Any = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -207,7 +208,7 @@ class IsStaff(PermissionBase):
         request: Request,
         view: Any = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -235,7 +236,7 @@ class IsActive(PermissionBase):
         request: Request,
         view: Any = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -371,7 +372,7 @@ def login_required():
             ...
     """
     async def check(request: Request):
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             raise HTTPException(

core/auth/helpers.py ADDED Viewed

@@ -0,0 +1,104 @@
+"""
+Helper functions for authentication.
+Provides consistent user access across the framework, supporting both:
+- request.user (Starlette AuthenticationMiddleware pattern - preferred)
+- request.state.user (legacy pattern - backward compatibility)
+"""
+from __future__ import annotations
+import logging
+from typing import Any, TYPE_CHECKING
+if TYPE_CHECKING:
+    from starlette.requests import Request
+logger = logging.getLogger("core.auth")
+def get_request_user(request: "Request") -> Any | None:
+    """
+    Get authenticated user from request.
+    Checks both patterns for compatibility:
+    1. request.user (Starlette AuthenticationMiddleware - preferred)
+    2. request.state.user (legacy pattern)
+    Args:
+        request: The Starlette/FastAPI request object
+    Returns:
+        The authenticated user model or None if not authenticated
+    Example:
+        from core.auth.helpers import get_request_user
+        async def my_view(request: Request):
+            user = get_request_user(request)
+            if user is None:
+                raise HTTPException(401, "Not authenticated")
+    """
+    # Pattern 1: request.user (Starlette AuthenticationMiddleware)
+    user = getattr(request, "user", None)
+    if user is not None:
+        # Check if it's an authenticated user (has is_authenticated = True)
+        if getattr(user, "is_authenticated", False):
+            # If it's our AuthenticatedUser wrapper, return the underlying model
+            if hasattr(user, "_user"):
+                return user._user
+            return user
+    # Pattern 2: request.state.user (legacy)
+    user = getattr(request.state, "user", None) if hasattr(request, "state") else None
+    return user
+def is_authenticated(request: "Request") -> bool:
+    """
+    Check if request has an authenticated user.
+    Args:
+        request: The Starlette/FastAPI request object
+    Returns:
+        True if authenticated, False otherwise
+    """
+    # Pattern 1: request.user with is_authenticated
+    user = getattr(request, "user", None)
+    if user is not None and getattr(user, "is_authenticated", False):
+        return True
+    # Pattern 2: request.state.user
+    if hasattr(request, "state"):
+        user = getattr(request.state, "user", None)
+        if user is not None:
+            return True
+    return False
+def set_request_user(request: "Request", user: Any | None) -> None:
+    """
+    Set the authenticated user on the request.
+    Sets both patterns for maximum compatibility:
+    - request.state.user (for dependencies and legacy code)
+    Note: request.user is set by Starlette's AuthenticationMiddleware
+    via scope["user"] and cannot be set directly.
+    Args:
+        request: The Starlette/FastAPI request object
+        user: The user model or None
+    """
+    if hasattr(request, "state"):
+        request.state.user = user
+__all__ = [
+    "get_request_user",
+    "is_authenticated",
+    "set_request_user",
+]

core/auth/middleware.py CHANGED Viewed

@@ -1,10 +1,10 @@
 """
 Authentication Middleware for Core Framework.
-Bug #8 Fix: Provides built-in middleware for populating request.state.user.
+Uses Starlette's AuthenticationMiddleware pattern which correctly propagates
+user to views via scope["user"] (accessed as request.user).
-This middleware automatically authenticates requests using the configured
-authentication backend and populates request.state.user.
+IMPORTANT: Use request.user (not request.state.user) in your views!
 Usage:
     from core.auth.middleware import AuthenticationMiddleware
@@ -13,78 +13,117 @@ Usage:
         middlewares=[(AuthenticationMiddleware, {})],
     )
-    # Or configure via configure_auth()
-    from core.auth import configure_auth
-    configure_auth(
-        user_model=User,
-        auto_middleware=True,  # Automatically adds middleware
-    )
-The middleware will:
-1. Extract Bearer token from Authorization header
-2. Validate the token
-3. Fetch the user from database
-4. Set request.state.user to the authenticated user (or None)
+    # In your view - use request.user
+    @router.get("/me")
+    async def me(request: Request):
+        if not request.user.is_authenticated:
+            raise HTTPException(401, "Not authenticated")
+        return {"id": request.user.id, "email": request.user.email}
 """
 from __future__ import annotations
+import logging
 from typing import Any, TYPE_CHECKING
+from uuid import UUID
-from starlette.middleware.base import BaseHTTPMiddleware
-from starlette.requests import Request
-from starlette.responses import Response
+from starlette.authentication import (
+    AuthenticationBackend,
+    AuthCredentials,
+    BaseUser,
+    UnauthenticatedUser,
+)
+from starlette.middleware.authentication import AuthenticationMiddleware as StarletteAuthMiddleware
+from starlette.requests import HTTPConnection
+from core.exceptions import (
+    InvalidToken,
+    TokenExpired,
+    UserNotFound,
+    UserInactive,
+    DatabaseException,
+    ConfigurationError,
+)
 if TYPE_CHECKING:
-    from collections.abc import Callable, Awaitable
+    from sqlalchemy.ext.asyncio import AsyncSession
+# Logger for authentication - NEVER silent!
+logger = logging.getLogger("core.auth")
-class AuthenticationMiddleware(BaseHTTPMiddleware):
+# =============================================================================
+# Authenticated User Wrapper
+# =============================================================================
+class AuthenticatedUser(BaseUser):
     """
-    Middleware that authenticates requests and populates request.state.user.
+    Wrapper for authenticated user that implements Starlette's BaseUser.
-    This middleware:
-    1. Initializes request.state.user to None
-    2. Extracts Bearer token from Authorization header
-    3. Validates the token using configured backend
-    4. Fetches user from database
-    5. Sets request.state.user to authenticated user
+    Provides access to the underlying database user model while implementing
+    the required Starlette interface.
-    Example:
-        from core.auth.middleware import AuthenticationMiddleware
-        app = CoreApp(
-            middlewares=[(AuthenticationMiddleware, {})],
-        )
-        # In your view
-        @router.get("/me")
-        async def me(request: Request):
-            user = request.state.user  # User or None
-            if user is None:
-                raise HTTPException(401, "Not authenticated")
-            return {"id": user.id, "email": user.email}
+    Usage in views:
+        user = request.user
+        if user.is_authenticated:
+            print(user.email)  # Access model attributes
+            print(user.id)     # Access model attributes
+    """
+    def __init__(self, user: Any) -> None:
+        self._user = user
+    @property
+    def is_authenticated(self) -> bool:
+        return True
+    @property
+    def display_name(self) -> str:
+        return getattr(self._user, "email", str(self._user))
+    @property
+    def identity(self) -> str:
+        return str(getattr(self._user, "id", ""))
+    def __getattr__(self, name: str) -> Any:
+        """Proxy attribute access to underlying user model."""
+        return getattr(self._user, name)
+    def __repr__(self) -> str:
+        return f"<AuthenticatedUser {self.display_name}>"
+# =============================================================================
+# Authentication Backend
+# =============================================================================
+class JWTAuthBackend(AuthenticationBackend):
+    """
+    JWT Authentication Backend for Starlette.
+    This backend:
+    1. Extracts Bearer token from Authorization header
+    2. Verifies the token using core.auth.tokens
+    3. Fetches user from database
+    4. Returns AuthCredentials and AuthenticatedUser
+    IMPORTANT: All errors are logged, NEVER silenced!
-    Configuration via kwargs:
+    Configuration:
         - user_model: User model class (uses global config if None)
         - header_name: Header to extract token from (default: "Authorization")
         - scheme: Expected scheme (default: "Bearer")
-        - skip_paths: List of paths to skip authentication (e.g., ["/health"])
     """
     def __init__(
         self,
-        app: "Callable[[Request], Awaitable[Response]]",
         user_model: type | None = None,
         header_name: str = "Authorization",
         scheme: str = "Bearer",
-        skip_paths: list[str] | None = None,
     ) -> None:
-        super().__init__(app)
         self._user_model = user_model
         self.header_name = header_name
         self.scheme = scheme
-        self.skip_paths = skip_paths or []
     @property
     def user_model(self) -> type | None:
@@ -95,139 +134,181 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
         try:
             from core.auth.models import get_user_model
             return get_user_model()
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to get user model: {e}")
             return None
-    async def dispatch(
-        self,
-        request: Request,
-        call_next: "Callable[[Request], Awaitable[Response]]",
-    ) -> Response:
+    async def authenticate(self, conn: HTTPConnection) -> tuple[AuthCredentials, BaseUser] | None:
         """
-        Process request and authenticate user.
+        Authenticate the request.
-        Always sets request.state.user (to User or None).
+        Returns:
+            Tuple of (AuthCredentials, AuthenticatedUser) if authenticated
+            None if no credentials provided
+        Note: Returns None for missing credentials, but LOGS all errors!
         """
-        # Initialize user to None
-        request.state.user = None
-        # Skip authentication for configured paths
-        if self._should_skip(request.url.path):
-            return await call_next(request)
-        # Try to authenticate
-        try:
-            user = await self._authenticate(request)
-            request.state.user = user
-        except Exception:
-            # Authentication failed, keep user as None
-            pass
-        return await call_next(request)
-    def _should_skip(self, path: str) -> bool:
-        """Check if path should skip authentication."""
-        for skip_path in self.skip_paths:
-            if path.startswith(skip_path):
-                return True
-        return False
-    def _extract_token(self, request: Request) -> str | None:
-        """Extract token from Authorization header."""
-        auth_header = request.headers.get(self.header_name)
+        # Extract token from header
+        auth_header = conn.headers.get(self.header_name)
         if not auth_header:
+            logger.debug("No Authorization header present")
             return None
+        # Parse header
         parts = auth_header.split()
         if len(parts) != 2:
+            logger.warning(f"Malformed Authorization header: expected 2 parts, got {len(parts)}")
             return None
         scheme, token = parts
         if scheme.lower() != self.scheme.lower():
+            logger.warning(f"Unexpected auth scheme: expected '{self.scheme}', got '{scheme}'")
             return None
-        return token
+        logger.debug(f"Token extracted: {token[:20]}...")
+        # Verify token
+        try:
+            user = await self._verify_and_get_user(token)
+            if user is None:
+                return None
+            logger.info(f"User authenticated: {getattr(user, 'email', user)}")
+            return AuthCredentials(["authenticated"]), AuthenticatedUser(user)
+        except InvalidToken as e:
+            logger.warning(f"Invalid token: {e.message}")
+            return None
+        except TokenExpired as e:
+            logger.warning(f"Token expired: {e.message}")
+            return None
+        except UserNotFound as e:
+            logger.warning(f"User not found: {e.message}")
+            return None
+        except UserInactive as e:
+            logger.warning(f"User inactive: {e.message}")
+            return None
+        except DatabaseException as e:
+            logger.error(f"Database error during authentication: {e.message}", exc_info=True)
+            raise  # Re-raise database errors - these are critical!
+        except ConfigurationError as e:
+            logger.error(f"Configuration error: {e.message}", exc_info=True)
+            raise  # Re-raise configuration errors - these need to be fixed!
+        except Exception as e:
+            # Log unexpected errors with full stack trace
+            logger.exception(f"Unexpected error during authentication: {e}")
+            raise  # NEVER silence unexpected errors!
-    async def _authenticate(self, request: Request) -> Any | None:
+    async def _verify_and_get_user(self, token: str) -> Any | None:
         """
-        Authenticate request and return user.
-        Returns:
-            User instance if authenticated, None otherwise
+        Verify token and fetch user from database.
+        Raises:
+            InvalidToken: If token is invalid or malformed
+            TokenExpired: If token has expired
+            UserNotFound: If user doesn't exist
+            UserInactive: If user is inactive
+            DatabaseException: If database query fails
+            ConfigurationError: If auth is not properly configured
         """
-        token = self._extract_token(request)
-        if not token:
-            return None
+        from core.auth.tokens import verify_token, decode_token
+        from core.auth.base import TokenError
         # Verify token
-        from core.auth.tokens import verify_token
-        payload = verify_token(token, token_type="access")
+        try:
+            payload = verify_token(token, token_type="access")
+        except TokenError as e:
+            raise InvalidToken(f"Token verification failed: {e}")
         if payload is None:
-            return None
+            # verify_token returns None for various reasons - let's be more specific
+            try:
+                # Try to decode to get more info
+                raw_payload = decode_token(token)
+                token_type = raw_payload.get("type")
+                if token_type != "access":
+                    raise InvalidToken(f"Token type mismatch: expected 'access', got '{token_type}'")
+            except Exception as e:
+                raise InvalidToken(f"Token decode failed: {e}")
+            raise InvalidToken("Token verification returned None")
+        logger.debug(f"Token payload: {payload}")
         # Get user_id from token
         user_id = payload.get("sub") or payload.get("user_id")
         if not user_id:
-            return None
+            raise InvalidToken("Token missing 'sub' or 'user_id' claim")
-        # Get user from database
+        logger.debug(f"User ID from token: {user_id}")
+        # Get user model
         User = self.user_model
         if User is None:
-            return None
+            raise ConfigurationError(
+                "No user model configured. "
+                "Set user_model in AuthenticationMiddleware or call configure_auth(user_model=...)"
+            )
-        # Bug #3 & #4 Fix: Get database session correctly
-        # The middleware runs outside FastAPI DI context, so we need to
-        # handle database session creation carefully
+        # Get database session
         db = await self._get_db_session()
         if db is None:
-            return None
+            raise DatabaseException(
+                "Could not obtain database session. "
+                "Ensure database is initialized with init_replicas() or database_url is set in settings."
+            )
         try:
             # Convert user_id to correct type
             user_id_converted = self._convert_user_id(user_id, User)
+            logger.debug(f"User ID converted: {user_id_converted} (type: {type(user_id_converted).__name__})")
+            # Fetch user
             user = await User.objects.using(db).filter(id=user_id_converted).first()
             if user is None:
-                return None
+                raise UserNotFound(f"User with id={user_id} not found")
             # Check if user is active
             if hasattr(user, "is_active") and not user.is_active:
-                return None
+                raise UserInactive(f"User {user_id} is inactive")
+            logger.debug(f"User found: {getattr(user, 'email', user)}")
             return user
-        except Exception:
-            return None
+        except (UserNotFound, UserInactive):
+            raise  # Re-raise our exceptions
+        except Exception as e:
+            raise DatabaseException(f"Database query failed: {e}")
         finally:
             await db.close()
-    async def _get_db_session(self) -> Any | None:
+    async def _get_db_session(self) -> "AsyncSession | None":
         """
         Get a database session for authentication.
-        Bug #3 & #4 Fix: Handles both initialized and uninitialized database states.
-        Creates session directly from engine if normal path fails.
+        Tries multiple strategies and logs each attempt.
         Returns:
-            AsyncSession or None if database not available
+            AsyncSession or None if all strategies fail
         """
-        # Try 1: Use the standard get_read_session (if database is initialized)
+        errors: list[str] = []
+        # Strategy 1: Use initialized session factory
         try:
-            from core.database import get_read_session, _read_session_factory
+            from core.database import _read_session_factory
             if _read_session_factory is not None:
+                logger.debug("Using initialized session factory")
                 return _read_session_factory()
-        except (RuntimeError, ImportError):
-            pass
-        # Try 2: Create session from settings (lazy initialization)
+            else:
+                errors.append("Session factory not initialized (init_replicas not called)")
+        except ImportError as e:
+            errors.append(f"Could not import database module: {e}")
+        except Exception as e:
+            errors.append(f"Session factory error: {e}")
+        # Strategy 2: Create session from settings
         try:
             from core.config import get_settings
             from sqlalchemy.ext.asyncio import create_async_engine, async_sessionmaker, AsyncSession
@@ -236,12 +317,22 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
             db_url = getattr(settings, 'database_read_url', None) or getattr(settings, 'database_url', None)
             if db_url:
+                logger.debug(f"Creating session from settings: {db_url[:30]}...")
                 engine = create_async_engine(db_url, echo=False)
                 session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
                 return session_factory()
-        except Exception:
-            pass
+            else:
+                errors.append("No database_url in settings")
+        except ImportError as e:
+            errors.append(f"Could not import config module: {e}")
+        except Exception as e:
+            errors.append(f"Settings engine error: {e}")
+        # All strategies failed - log detailed error
+        logger.error(
+            f"Could not obtain database session. Attempted strategies:\n" +
+            "\n".join(f"  - {err}" for err in errors)
+        )
         return None
     def _convert_user_id(self, user_id: str, User: type) -> Any:
@@ -250,9 +341,7 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
         Handles INTEGER, UUID, and string IDs.
         """
-        from uuid import UUID
-        # Try to detect PK type
+        # Try to detect PK type from model
         try:
             from core.auth.models import _get_pk_column_type
             from sqlalchemy.dialects.postgresql import UUID as PG_UUID
@@ -261,86 +350,113 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
             pk_type = _get_pk_column_type(User)
             if pk_type == PG_UUID:
+                logger.debug(f"Converting user_id to UUID: {user_id}")
                 return UUID(user_id)
             elif pk_type in (Integer, BigInteger):
+                logger.debug(f"Converting user_id to int: {user_id}")
                 return int(user_id)
-        except Exception:
-            pass
+        except Exception as e:
+            logger.debug(f"Could not detect PK type, trying heuristics: {e}")
-        # Try UUID first, then int, then string
+        # Fallback: Try UUID first (common in modern systems)
         try:
             return UUID(user_id)
         except (ValueError, TypeError):
             pass
+        # Try int
         try:
             return int(user_id)
         except (ValueError, TypeError):
             pass
+        # Return as string
+        logger.debug(f"Using user_id as string: {user_id}")
         return user_id
-class OptionalAuthenticationMiddleware(AuthenticationMiddleware):
+# =============================================================================
+# Middleware Factory
+# =============================================================================
+class AuthenticationMiddleware(StarletteAuthMiddleware):
     """
-    Same as AuthenticationMiddleware but never raises errors.
+    Authentication Middleware using Starlette's proper pattern.
-    Always proceeds with the request, setting user to None on any failure.
-    Useful for endpoints that work both with and without authentication.
-    """
+    This middleware correctly propagates user to views via request.user
+    (not request.state.user which doesn't work with BaseHTTPMiddleware).
-    async def dispatch(
-        self,
-        request: Request,
-        call_next: "Callable[[Request], Awaitable[Response]]",
-    ) -> Response:
-        """Process request, never failing on auth errors."""
-        request.state.user = None
+    Usage:
+        app = CoreApp(
+            middlewares=[(AuthenticationMiddleware, {})],
+        )
-        if not self._should_skip(request.url.path):
-            try:
-                user = await self._authenticate(request)
-                request.state.user = user
-            except Exception:
-                pass  # Silently ignore all errors
+        # Or with shortcut:
+        app = CoreApp(middleware=["auth"])
-        return await call_next(request)
+        # In views, use request.user:
+        @router.get("/me")
+        async def me(request: Request):
+            if not request.user.is_authenticated:
+                raise HTTPException(401, "Not authenticated")
+            return {"email": request.user.email}
+    Note: Also sets request.state.user for backward compatibility.
+    """
+    def __init__(
+        self,
+        app: Any,
+        user_model: type | None = None,
+        header_name: str = "Authorization",
+        scheme: str = "Bearer",
+        on_error: Any = None,
+    ) -> None:
+        backend = JWTAuthBackend(
+            user_model=user_model,
+            header_name=header_name,
+            scheme=scheme,
+        )
+        super().__init__(app, backend=backend, on_error=on_error)
+        logger.info("AuthenticationMiddleware initialized")
-# =============================================================================
-# Auto-configuration helper
-# =============================================================================
+class OptionalAuthenticationMiddleware(AuthenticationMiddleware):
+    """
+    Same as AuthenticationMiddleware but doesn't require authentication.
+    Useful for endpoints that work both with and without authentication.
+    User will be UnauthenticatedUser if no valid token provided.
+    """
+    pass
-_middleware_registered = False
+# =============================================================================
+# Legacy Compatibility
+# =============================================================================
 def ensure_auth_middleware(app: Any) -> None:
     """
     Ensure AuthenticationMiddleware is registered on the app.
-    Call this from configure_auth() when auto_middleware=True.
-    Args:
-        app: FastAPI or CoreApp instance
+    DEPRECATED: Use middleware=["auth"] instead.
     """
-    global _middleware_registered
-    if _middleware_registered:
-        return
-    # Try to add middleware
+    logger.warning(
+        "ensure_auth_middleware is deprecated. "
+        "Use middleware=['auth'] or add AuthenticationMiddleware directly."
+    )
     try:
         if hasattr(app, "add_middleware"):
             app.add_middleware(AuthenticationMiddleware)
-            _middleware_registered = True
-    except Exception:
-        pass
+            logger.info("AuthenticationMiddleware added to app")
+    except Exception as e:
+        logger.error(f"Failed to add AuthenticationMiddleware: {e}")
+        raise
 def reset_middleware_state() -> None:
-    """Reset middleware registration state (for testing)."""
-    global _middleware_registered
-    _middleware_registered = False
+    """Reset middleware state (for testing)."""
+    pass  # No longer needed with new implementation
 # =============================================================================
@@ -350,6 +466,8 @@ def reset_middleware_state() -> None:
 __all__ = [
     "AuthenticationMiddleware",
     "OptionalAuthenticationMiddleware",
+    "JWTAuthBackend",
+    "AuthenticatedUser",
     "ensure_auth_middleware",
     "reset_middleware_state",
 ]

core/auth/tokens.py CHANGED Viewed

@@ -18,6 +18,7 @@ Uso:
 from __future__ import annotations
+import logging
 from datetime import timedelta
 from typing import Any
@@ -29,6 +30,9 @@ from core.auth.base import (
 )
 from core.datetime import timezone
+# Logger for token operations
+logger = logging.getLogger("core.auth.tokens")
 class JWTBackend(TokenBackend):
     """
@@ -123,10 +127,14 @@ class JWTBackend(TokenBackend):
         import jwt
         try:
-            return jwt.decode(token, self.secret_key, algorithms=[self.algorithm])
+            payload = jwt.decode(token, self.secret_key, algorithms=[self.algorithm])
+            logger.debug(f"Token decoded: sub={payload.get('sub')}, type={payload.get('type')}")
+            return payload
         except jwt.ExpiredSignatureError:
+            logger.debug("Token decode failed: token expired")
             raise TokenError("Token expired")
         except jwt.InvalidTokenError as e:
+            logger.debug(f"Token decode failed: {e}")
             raise TokenError(f"Invalid token: {e}")
     def verify_token(
@@ -147,11 +155,17 @@ class JWTBackend(TokenBackend):
         try:
             payload = self.decode_token(token)
-            if payload.get("type") != token_type:
+            actual_type = payload.get("type")
+            if actual_type != token_type:
+                logger.debug(
+                    f"Token type mismatch: expected '{token_type}', got '{actual_type}'"
+                )
                 return None
+            logger.debug(f"Token verified successfully: sub={payload.get('sub')}")
             return payload
-        except TokenError:
+        except TokenError as e:
+            logger.debug(f"Token verification failed: {e}")
             return None
     def refresh_token(self, refresh_token: str) -> tuple[str, str] | None:

core/auth/views.py CHANGED Viewed

@@ -360,15 +360,27 @@ class AuthViewSet(ViewSet):
     ) -> dict:
         """
         Get current authenticated user.
+        Uses request.user (Starlette pattern) with fallback to request.state.user
+        for backward compatibility.
         """
+        # Try request.user first (Starlette AuthenticationMiddleware pattern)
+        user = getattr(request, "user", None)
+        if user is not None and getattr(user, "is_authenticated", False):
+            # user is an AuthenticatedUser wrapper - get underlying model
+            if hasattr(user, "_user"):
+                user = user._user
+            return self.user_output_schema.model_validate(user).model_dump()
+        # Fallback to request.state.user (legacy pattern)
         user = getattr(request.state, "user", None)
-        if user is None:
-            raise HTTPException(
-                status_code=401,
-                detail="Not authenticated"
-            )
+        if user is not None:
+            return self.user_output_schema.model_validate(user).model_dump()
-        return self.user_output_schema.model_validate(user).model_dump()
+        raise HTTPException(
+            status_code=401,
+            detail="Not authenticated"
+        )
     @action(methods=["POST"], detail=False, permission_classes=[IsAuthenticated])
     async def change_password(
@@ -381,7 +393,15 @@ class AuthViewSet(ViewSet):
         """
         Change password for current user.
         """
-        user = getattr(request.state, "user", None)
+        # Try request.user first (Starlette pattern)
+        user = getattr(request, "user", None)
+        if user is not None and getattr(user, "is_authenticated", False):
+            if hasattr(user, "_user"):
+                user = user._user
+        else:
+            # Fallback to request.state.user
+            user = getattr(request.state, "user", None)
         if user is None:
             raise HTTPException(
                 status_code=401,

core/cli/main.py CHANGED Viewed

@@ -1039,9 +1039,10 @@ class AuthViewSet(ModelViewSet):
         Returns:
             Current user data
         """
-        # User is available via request.state.user (populated by auth middleware)
+        # User is available via request.user (Starlette pattern) or request.state.user (legacy)
         # permission_classes=[IsAuthenticated] ensures user is authenticated
-        user = request.state.user
+        from core.auth.helpers import get_request_user
+        user = get_request_user(request)
         if user is None:
             raise HTTPException(status_code=401, detail="Authentication required")
@@ -1065,9 +1066,10 @@ class AuthViewSet(ModelViewSet):
         body = await request.json()
         data = ChangePasswordInput.model_validate(body)
-        # User is available via request.state.user (populated by auth middleware)
+        # User is available via request.user (Starlette pattern) or request.state.user (legacy)
         # permission_classes=[IsAuthenticated] ensures user is authenticated
-        user = request.state.user
+        from core.auth.helpers import get_request_user
+        user = get_request_user(request)
         if user is None:
             raise HTTPException(status_code=401, detail="Authentication required")

core/dependencies.py CHANGED Viewed

@@ -395,12 +395,14 @@ async def get_request_context(request: Request) -> dict[str, Any]:
     Útil para logging e auditoria.
     """
+    from core.auth.helpers import get_request_user
     return {
         "method": request.method,
         "url": str(request.url),
         "client_ip": request.client.host if request.client else None,
         "user_agent": request.headers.get("user-agent"),
-        "user": getattr(request.state, "user", None),
+        "user": get_request_user(request),
     }

core/permissions.py CHANGED Viewed

@@ -15,6 +15,8 @@ from typing import Any, TYPE_CHECKING
 from fastapi import HTTPException, Request, status
+from core.auth.helpers import get_request_user
 if TYPE_CHECKING:
     from core.views import APIView
@@ -32,7 +34,7 @@ class Permission(ABC):
                 request: Request,
                 view: APIView | None = None,
             ) -> bool:
-                user = getattr(request.state, "user", None)
+                user = get_request_user(request)
                 return user is not None and user.is_admin
     """
@@ -214,7 +216,7 @@ class IsAuthenticated(Permission):
         request: Request,
         view: "APIView | None" = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         return user is not None
@@ -236,7 +238,7 @@ class IsAuthenticatedOrReadOnly(Permission):
         if request.method in self.SAFE_METHODS:
             return True
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         return user is not None
@@ -250,7 +252,7 @@ class IsAdmin(Permission):
         request: Request,
         view: "APIView | None" = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -285,7 +287,7 @@ class IsOwner(Permission):
         if obj is None:
             return True
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False
@@ -318,7 +320,7 @@ class HasRole(Permission):
         request: Request,
         view: "APIView | None" = None,
     ) -> bool:
-        user = getattr(request.state, "user", None)
+        user = get_request_user(request)
         if user is None:
             return False

core/tenancy.py CHANGED Viewed

@@ -231,8 +231,9 @@ async def extract_tenant_from_request(
     Checks user, header, and query param in order.
     """
-    # tenant_id = await extract_tenant_from_request(request)
-    user = getattr(request.state, "user", None)
+    from core.auth.helpers import get_request_user
+    user = get_request_user(request)
     if user is not None:
         tenant_id = getattr(user, user_tenant_attr, None)
         if tenant_id is not None:

{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: core-framework
-Version: 0.12.4
+Version: 0.12.6
 Summary: Core Framework - Django-inspired, FastAPI-powered. Alta performance, baixo acoplamento, produtividade extrema.
 Project-URL: Homepage, https://github.com/SorPuti/core-framework
 Project-URL: Documentation, https://github.com/SorPuti/core-framework#readme

{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/RECORD RENAMED Viewed

@@ -1,35 +1,36 @@
-core/__init__.py,sha256=LpMfN4s5QgM0suYMegcYK7uf2m8dIH90qOsbM5IWSNs,12058
+core/__init__.py,sha256=vm-wiEtrmCVt8WjZQ0iEghsZqmiC5CYPifbNP_BY8kk,12058
 core/app.py,sha256=sCA3mJI696i7MIjrPxfOr5zEYt0njarQfHHy3EAajk4,21071
 core/choices.py,sha256=rhcL3p2dB7RK99zIilpmoTFVcibQEIaRpz0CY0kImCE,10502
 core/config.py,sha256=2-MVF9nLoYmxpYYH_Gzn4-Sa3MU87YZskRPtlNyhg6Q,14049
 core/database.py,sha256=XqB5tZnb9UYDbVGIh96YbmbGJZMqln6-diPBHCr3VWk,11564
 core/datetime.py,sha256=bzqlAj3foA-lzbhXjlEiDNR2D-nwXu9mpxpdcUb-Pmw,32730
-core/dependencies.py,sha256=LrNLbmQhXoCPRvoRPRMGNo0w6_l4NLGWeeTHzpUU36M,11582
+core/dependencies.py,sha256=p207A8qwj-QVAb7nNSe3HxkefClwSQNQQylSFFa-meU,11627
 core/exceptions.py,sha256=cdcffeYnMzCbS4hApOYNmPVNbPUpKcrgJbi3nKhqTuI,22702
 core/fields.py,sha256=F2NdToowkJ_LFvPN9KVyxIFES1AlVDy7WkEp-8UiBpA,9327
 core/middleware.py,sha256=MZVw7smJ2MiycYvkaYIC2cNpyqYGk3m-eeoDandqZU4,23506
 core/models.py,sha256=jdNdjRPKBZiOBOgg8CmDYBwmuWdD7twCIpqINLGY4Q4,33788
-core/permissions.py,sha256=HQu_eNBEodJyR50CYcFvdCw9LlEfhI5vJbljV5VIs7M,10162
+core/permissions.py,sha256=HhIXtmK9nehfRpTLoxKaBA-g-aCWOlDpLigo06fsEew,10144
 core/querysets.py,sha256=Z87-U06Un_xA9GKwcjXx0yzw6F_xf_tvG_rBT5UGL9c,22678
 core/relations.py,sha256=UbdRgj0XQGI4lv2FQV1ImSAwu4Pn8yxTkSsdzR3m8cM,21372
 core/routing.py,sha256=vIiJN8bQ2836WW2zUKTJVBTC8RpjtDYgEGdz7mldnGc,15422
 core/serializers.py,sha256=gR5Y7wTACm1pECkUEpAKBUbPmONGLMDDwej4fyIiOdo,9438
-core/tenancy.py,sha256=bDnQCejlfhmpoeGhs4sOsvl0aiaz99ukYiutFv7BtgM,9185
+core/tenancy.py,sha256=R4tNrLcAgRRDSqOvJS2IRXcD2J-zoCE4ng01ip9xWKI,9169
 core/validators.py,sha256=LCDyvqwIKnMaUEdaVx5kWveZt3XsydknZ_bxBL4ic5U,27895
 core/views.py,sha256=Vm2FREET0IJ2JZbClNJ0vvZ6RN5aQKC1sDXsrOb4-SY,43319
-core/auth/__init__.py,sha256=hVBigKluu4NdEmS2fbSHS-ylg3t99q5IH0cdjFDJ3JU,4322
-core/auth/backends.py,sha256=R-siIE8TrNqDHkCx42zXN1WVvvuWOun1nj8D5elrC9g,10425
+core/auth/__init__.py,sha256=_yr4rMMvDt_uKujzkKfqlQZ6x9UiQ6jmRppw14hTQNc,4645
+core/auth/backends.py,sha256=PkLk2RQN2rQdtYSiN0mn7cqSp95hnLjO9xTFZqSsPF8,10486
 core/auth/base.py,sha256=Q7vXgwTmgdmyW7G8eJmDket2bKB_8YFnraZ_kK9_gTs,21425
-core/auth/decorators.py,sha256=tmC7prKUvHuzQ3J872nM6r83DR9d82dCLXKLvUB1Os8,12288
+core/auth/decorators.py,sha256=Db8ihM7E2d658500aZwYKoSPduXC5nPjkQLzPakc1Mc,12269
 core/auth/hashers.py,sha256=0gIf67TU0k5H744FADpyh9_ugxA7m3mhYPZxLh_lEtc,12808
-core/auth/middleware.py,sha256=r4F3AIb4k9Z7gbTwcyG-MVWCyGikQqP54IHNKmyNtdc,10963
+core/auth/helpers.py,sha256=nuaVL9KzIy6ZkVWz9Z327qe4-sfF0NbbJDFIX3tR6vg,3020
+core/auth/middleware.py,sha256=3Wddxi2MKHrHguKfdW9LRKhHaHcmQ807edVcsFLqhVc,16645
 core/auth/models.py,sha256=aEE7deQKPS1aH0Btzzh3Z1Bwuqy8zvLZwu4JFEmiUNk,34058
 core/auth/permissions.py,sha256=v3ykAgNpq5wJ0NkuC_FuveMctOkDfM9Xp11XEnUAuBg,12461
 core/auth/schemas.py,sha256=L0W96dOD348rJDGeu1K5Rz3aJj-GdwMr2vbwwsYfo2g,3469
-core/auth/tokens.py,sha256=jk-TnMRdVGPhy6pWqSF2Ef8RTqLrP6Mkuo5GvRQh9no,8489
-core/auth/views.py,sha256=n-WhSIVHJCsjyxBFrI2JCfy-kRpg4YybsOCPnbRpwWM,13277
+core/auth/tokens.py,sha256=jOF40D5O8WRG8klRwMBuSG-jOhdsp1irXn2aZ2puNSg,9149
+core/auth/views.py,sha256=3gMaq8pzWoWr29ExJk21JgGay2fE3Fq3Tz99Wb_ftvE,14203
 core/cli/__init__.py,sha256=obodnvfe8DUziqpk-IAaHTEOb1KSfYQeuBZEAofut4o,449
-core/cli/main.py,sha256=daWz8tuMkMYrkNBfueDH5OghncdqLs3k7BUMmvDsSvk,119635
+core/cli/main.py,sha256=Odl-tetCDffs9xJ7l18xK4X583nGXYmD3nr-w-8cdZM,119787
 core/deployment/__init__.py,sha256=RNcBRO9oB3WRnhtTTwM6wzVEcUKpKF4XfRkGSbbykIc,794
 core/deployment/docker.py,sha256=ywraIk-ncbHiAX2vXH7jcU9KjhCGPIg7j0xgOTu5Cg8,8681
 core/deployment/kubernetes.py,sha256=IV6gf664EFEyQry2ehgJ2UFhZhWovKpaHXln_0WXCMg,8414
@@ -78,7 +79,7 @@ example/auth.py,sha256=zBpLutb8lVKnGfQqQ2wnyygsSutHYZzeJBuhnFhxBaQ,4971
 example/models.py,sha256=xKdx0kJ9n0tZ7sCce3KhV3BTvKvsh6m7G69eFm3ukf0,4549
 example/schemas.py,sha256=wJ9QofnuHp4PjtM_IuMMBLVFVDJ4YlwcF6uQm1ooKiY,6139
 example/views.py,sha256=GQwgQcW6yoeUIDbF7-lsaZV7cs8G1S1vGVtiwVpZIQE,14338
-core_framework-0.12.4.dist-info/METADATA,sha256=YJACIGfMLNMWJNHuGVX2ltcOvKdZDajmp6GLc_GFzNA,12791
-core_framework-0.12.4.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-core_framework-0.12.4.dist-info/entry_points.txt,sha256=lQ65IAOpieqU1VcHCUReeyandpyy8IKGix6IkJW_4Is,39
-core_framework-0.12.4.dist-info/RECORD,,
+core_framework-0.12.6.dist-info/METADATA,sha256=LsQ-RfhBtAvm3GxcRMBLur-3lVBeig9b0pE3Hp_WXkg,12791
+core_framework-0.12.6.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+core_framework-0.12.6.dist-info/entry_points.txt,sha256=lQ65IAOpieqU1VcHCUReeyandpyy8IKGix6IkJW_4Is,39
+core_framework-0.12.6.dist-info/RECORD,,

{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/WHEEL RENAMED Viewed

File without changes

{core_framework-0.12.4.dist-info → core_framework-0.12.6.dist-info}/entry_points.txt RENAMED Viewed

File without changes

core-framework 0.12.4__py3-none-any.whl → 0.12.6__py3-none-any.whl

core-framework 0.12.4py3-none-any.whl → 0.12.6py3-none-any.whl