crypticorn 1.0.2rc4__py3-none-any.whl → 2.0.1__py3-none-any.whl

crypticorn/auth/main.py

@@ -0,0 +1,45 @@
+from crypticorn.auth import (
+    ApiClient,
+    Configuration,
+    AdminApi,
+    ServiceApi,
+    UserApi,
+    WalletApi,
+    AuthApi,
+)
+from crypticorn.common import BaseURL, ApiVersion, Service, apikey_header as aph
+
+
+class AuthClient:
+    """
+    A client for interacting with the Crypticorn Auth API.
+    """
+
+    def __init__(
+        self,
+        base_url: BaseURL,
+        api_version: ApiVersion,
+        api_key: str = None,
+        jwt: str = None,
+    ):
+        self.host = f"{base_url.value}/{api_version.value}/{Service.AUTH.value}"
+        self.config = Configuration(
+            host=self.host,
+            access_token=jwt,
+            api_key={aph.scheme_name: api_key} if api_key else None,
+            api_key_prefix=({aph.scheme_name: aph.model.name} if api_key else None),
+            debug=True,
+        )
+        self.base_client = ApiClient(configuration=self.config)
+        # Instantiate all the endpoint clients
+        self.admin = AdminApi(self.base_client)
+        self.service = ServiceApi(self.base_client)
+        self.user = UserApi(self.base_client)
+        self.wallet = WalletApi(self.base_client)
+        self.login = AuthApi(self.base_client)
+
+    async def __aenter__(self):
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        await self.base_client.close()

crypticorn/client.py

@@ -1,16 +1,54 @@
 from crypticorn.hive import HiveClient
-from crypticorn.trade import TradeClient
 from crypticorn.klines import KlinesClient
+from crypticorn.pay import PayClient
+from crypticorn.trade import TradeClient
+from crypticorn.common import BaseURL, ApiVersion
+
+
+class ApiClient:
+    """
+    The official client for interacting with the Crypticorn API.
+
+    It is consisting of multiple microservices covering the whole stack of the Crypticorn project.
+    """
 
-class CrypticornClient:
     def __init__(
-        self, base_url: str = "https://api.crypticorn.com", api_key: str = None, jwt: str = None
+        self,
+        base_url: BaseURL = BaseURL.PROD,
+        api_key: str = None,
+        jwt: str = None,
+        hive_version: ApiVersion = ApiVersion.V1,
+        klines_version: ApiVersion = ApiVersion.V1,
+        pay_version: ApiVersion = ApiVersion.V1,
+        trade_version: ApiVersion = ApiVersion.V1,
+        auth_version: ApiVersion = ApiVersion.V1,
     ):
         self.base_url = base_url
         self.api_key = api_key
         self.jwt = jwt
-        
-        # Initialize service clients
-        self.hive = HiveClient(base_url, api_key, jwt)
-        self.trade = TradeClient(base_url, api_key, jwt)
-        self.klines = KlinesClient(base_url, api_key, jwt)
+        self.hive = HiveClient(base_url, hive_version, api_key, jwt)
+        self.trade = TradeClient(base_url, trade_version, api_key, jwt)
+        self.klines = KlinesClient(base_url, klines_version, api_key, jwt)
+        self.pay = PayClient(base_url, pay_version, api_key, jwt)
+        # currently not working due to circular import since the AUTH_Handler
+        # is also using the ApiClient
+        # self.auth = AuthClient(base_url, auth_version, api_key, jwt)
+
+    async def __aenter__(self):
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        await self.close()
+
+    async def close(self):
+        """Close all client sessions."""
+        clients = [
+            self.hive.base_client,
+            self.trade.base_client,
+            self.klines.base_client,
+            self.pay.base_client,
+        ]
+
+        for client in clients:
+            if hasattr(client, "close"):
+                await client.close()

crypticorn/common/__init__.py

@@ -0,0 +1,5 @@
+from crypticorn.common.errors import *
+from crypticorn.common.scopes import *
+from crypticorn.common.urls import *
+from crypticorn.common.auth import *
+from crypticorn.common.auth_client import *

crypticorn/common/auth.py

@@ -0,0 +1,43 @@
+from typing import Optional, Callable, Any, Annotated
+from typing_extensions import Doc
+from enum import Enum
+
+from fastapi import params
+from fastapi.security import APIKeyHeader, HTTPBearer
+
+from crypticorn.common import Scope
+
+
+http_bearer = HTTPBearer(
+    bearerFormat="JWT",
+    auto_error=False,
+    description="The JWT to use for authentication.",
+)
+
+apikey_header = APIKeyHeader(
+    name="X-API-Key",
+    auto_error=False,
+    description="The API key to use for authentication.",
+)
+
+
+def Security(  # noqa: N802
+    dependency: Annotated[
+        Optional[Callable[..., Any]], Doc("A dependable callable (like a function).")
+    ] = None,
+    scopes: Annotated[
+        Optional[list[Scope]],  # Optional[Sequence[Union[str, Scope]]],
+        Doc("OAuth2 scopes required for the *path operation*."),
+    ] = None,
+    use_cache: Annotated[
+        bool, Doc("Whether to cache the dependency during a single request.")
+    ] = True,
+) -> Any:
+    # Convert Enum scopes to string
+    scopes_str = (
+        [s.value if isinstance(s, Enum) else s for s in scopes] if scopes else None
+    )
+
+    return params.Security(
+        dependency=dependency, scopes=scopes_str, use_cache=use_cache
+    )

crypticorn/common/auth_client.py

@@ -0,0 +1,183 @@
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPAuthorizationCredentials
+from typing_extensions import Annotated, Doc
+import json
+
+from crypticorn.auth import AuthClient, Verify200Response
+from crypticorn.auth.client.exceptions import ApiException
+from crypticorn.common import (
+    ApiError,
+    Scope,
+    ApiVersion,
+    BaseURL,
+    Domain,
+    apikey_header,
+    http_bearer,
+)
+
+
+class AuthHandler:
+    """
+    Middleware for verifying API requests. Verifies the validity of the authentication token, allowed scopes, etc.
+    """
+
+    def __init__(
+        self,
+        base_url: Annotated[
+            BaseURL, Doc("The base URL for the auth service.")
+        ] = BaseURL.PROD,
+        api_version: Annotated[
+            ApiVersion, Doc("The API version of the auth service.")
+        ] = ApiVersion.V1,
+        whitelist: Annotated[
+            list[Domain],
+            Doc(
+                "The domains of which requests are allowed full access to the service."
+            ),
+        ] = [
+            Domain.PROD,
+            Domain.DEV,
+        ],  # TODO: decide whether this is needed, else omit
+    ):
+        self.whitelist = whitelist
+        self.auth_client = AuthClient(base_url=base_url, api_version=api_version)
+
+        self.no_credentials_exception = HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=ApiError.NO_CREDENTIALS.identifier,
+        )
+
+    async def _verify_api_key(self, api_key: str) -> None:
+        """
+        Verifies the API key.
+        """
+        # TODO: Implement in auth service
+        raise NotImplementedError("API key verification not implemented")
+
+    async def _verify_bearer(
+        self, bearer: HTTPAuthorizationCredentials
+    ) -> Verify200Response:
+        """
+        Verifies the bearer token.
+        """
+        self.auth_client.config.access_token = bearer.credentials
+        return await self.auth_client.login.verify()
+
+    async def _validate_scopes(
+        self, api_scopes: list[Scope], user_scopes: list[Scope]
+    ) -> bool:
+        """
+        Checks if the user scopes are a subset of the API scopes.
+        """
+        if not set(api_scopes).issubset(user_scopes):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=ApiError.INSUFFICIENT_SCOPES.identifier,
+            )
+
+    async def _extract_message(self, e: ApiException) -> str:
+        '''
+        Tries to extract the message from the body of the exception.
+        '''
+        try:
+            load = json.loads(e.body)
+        except (json.JSONDecodeError, TypeError):
+            return e.body
+        else:
+            common_keys = ["message"]
+            for key in common_keys:
+                if key in load:
+                    return load[key]
+            return load
+
+    async def _handle_exception(self, e: Exception) -> HTTPException:
+        '''
+        Handles exceptions and returns a HTTPException with the appropriate status code and detail.
+        '''
+        if isinstance(e, ApiException):
+            return HTTPException(
+                status_code=e.status,
+                detail=await self._extract_message(e),
+            )
+        elif isinstance(e, HTTPException):
+            return e
+        else:
+            return HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            )
+    
+    async def api_key_auth(
+        self,
+        api_key: Annotated[str | None, Depends(apikey_header)] = None,
+        scopes: list[Scope] = [],
+    ) -> Verify200Response:
+        """
+        Verifies the API key and checks if the user scopes are a subset of the API scopes.
+        """
+        try:
+            if not api_key:
+                raise self.no_credentials_exception
+            
+            res = await self._verify_api_key(api_key)
+            await self._validate_scopes(scopes, [Scope.from_str(scope) for scope in res.scopes])
+            return res
+        except Exception as e:
+            raise await self._handle_exception(e)
+
+    async def bearer_auth(
+        self,
+        bearer: Annotated[
+            HTTPAuthorizationCredentials | None,
+            Depends(http_bearer),
+        ] = None,
+        scopes: list[Scope] = [],
+    ) -> Verify200Response:
+        """
+        Verifies the bearer token and checks if the user scopes are a subset of the API scopes.
+        """
+        if not bearer:
+            raise self.no_credentials_exception
+
+        try:
+            res = await self._verify_bearer(bearer)
+            await self._validate_scopes(scopes, [Scope.from_str(scope) for scope in res.scopes])
+            return res
+        except Exception as e:
+            raise await self._handle_exception(e)
+
+
+    async def combined_auth(
+        self,
+        bearer: Annotated[
+            HTTPAuthorizationCredentials | None, Depends(http_bearer)
+        ] = None,
+        api_key: Annotated[str | None, Depends(apikey_header)] = None,
+        scopes: list[Scope] = [],
+    ) -> Verify200Response:
+        """
+        Verifies the bearer token and API key and checks if the user scopes are a subset of the API scopes.
+        Returns early on the first successful verification, otherwise tries all available tokens.
+        """
+        tokens = [bearer, api_key]
+
+        last_error = None
+        for token in tokens:
+            try:
+                if token is None:
+                    continue
+                res = None
+                if isinstance(token, str):
+                    res = await self._verify_api_key(token)
+                elif isinstance(token, HTTPAuthorizationCredentials):
+                    res = await self._verify_bearer(token)
+                if res is None:
+                    continue
+                if scopes:
+                    await self._validate_scopes(scopes, [Scope.from_str(scope) for scope in res.scopes])
+                return res
+
+            except Exception as e:
+                last_error = await self._handle_exception(e)
+                continue
+
+        raise last_error or self.no_credentials_exception