PyPI - cryptologin - Versions diffs - 1.0.0__py3-none-any.whl - Mend

cryptologin 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

cryptologin/__init__.py +103 -0
cryptologin/api/__init__.py +7 -0
cryptologin/api/dependencies.py +113 -0
cryptologin/api/models.py +133 -0
cryptologin/api/routes/__init__.py +6 -0
cryptologin/api/routes/auth.py +198 -0
cryptologin/api/routes/health.py +59 -0
cryptologin/api/routes/user.py +289 -0
cryptologin/api/routes/vault.py +7 -0
cryptologin/cli.py +223 -0
cryptologin/config.py +82 -0
cryptologin/core/__init__.py +7 -0
cryptologin/core/constants.py +17 -0
cryptologin/core/crypto_engine.py +138 -0
cryptologin/core/data_vault.py +344 -0
cryptologin/core/exceptions.py +50 -0
cryptologin/core/user_manager.py +373 -0
cryptologin/main.py +125 -0
cryptologin/storage/__init__.py +13 -0
cryptologin/storage/base.py +113 -0
cryptologin/storage/memory.py +64 -0
cryptologin/storage/sqlite.py +434 -0
cryptologin-1.0.0.dist-info/METADATA +289 -0
cryptologin-1.0.0.dist-info/RECORD +28 -0
cryptologin-1.0.0.dist-info/WHEEL +5 -0
cryptologin-1.0.0.dist-info/entry_points.txt +2 -0
cryptologin-1.0.0.dist-info/licenses/LICENSE +215 -0
cryptologin-1.0.0.dist-info/top_level.txt +1 -0

cryptologin/__init__.py ADDED Viewed

@@ -0,0 +1,103 @@
+"""
+CryptoLogin - Zero-Knowledge Authentication System
+"""
+__version__ = "1.0.0"
+__author__ = "CryptoLogin Team"
+__license__ = "Apache-2.0"
+from .core.crypto_engine import CryptoEngine
+from .core.user_manager import UserManager
+from .core.data_vault import DataVault
+from .core.exceptions import (
+    CryptoLoginError,
+    CryptoError,
+    InvalidSecretError,
+    DecryptionError,
+    IntegrityError,
+    UserNotFoundError,
+    UserAlreadyExistsError,
+    AuthenticationError,
+    DataVaultError,
+)
+from .storage.sqlite import SQLiteStorage
+from .storage.memory import MemoryStorage
+from .config import get_settings, Settings
+from .main import app
+class CryptoLogin:
+    """
+    Main entry point for CryptoLogin.
+    Example:
+        >>> from cryptologin import CryptoLogin
+        >>> auth = CryptoLogin()
+        >>> user_id = auth.register("my-secret", {"name": "John"})
+    """
+    def __init__(self, db_path: str = "cryptologin.db"):
+        from .core.user_manager import UserManager
+        from .storage.sqlite import SQLiteStorage
+        from .core.crypto_engine import CryptoEngine
+        self.storage = SQLiteStorage(db_path=db_path)
+        self.crypto_engine = CryptoEngine()
+        self.user_manager = UserManager(storage=self.storage)
+    def register(self, master_secret: str, user_data: dict = None) -> str:
+        """Register a new user."""
+        return self.user_manager.register_user(master_secret, user_data)
+    def login_init(self, master_secret: str) -> str:
+        """Initiate login - returns challenge."""
+        return self.user_manager.initiate_login(master_secret)
+    def login_verify(self, master_secret: str, challenge_response: str):
+        """Complete login - returns session."""
+        return self.user_manager.complete_login(master_secret, challenge_response)
+    def get_user_data(self, user_id: str, master_secret: str) -> dict:
+        """Get user data."""
+        return self.user_manager.get_user_data(user_id, master_secret)
+    def update_user_data(self, user_id: str, master_secret: str, data: dict) -> bool:
+        """Update user data."""
+        return self.user_manager.update_user_data(user_id, master_secret, data)
+    def delete_user(self, user_id: str, master_secret: str) -> bool:
+        """Delete a user."""
+        from .core.exceptions import AuthenticationError
+        # Verify secret matches
+        derived_id = self.crypto_engine.derive_user_id(master_secret)
+        if derived_id != user_id:
+            raise AuthenticationError("Secret does not match user")
+        return self.user_manager.delete_user(user_id)
+# Export cli main for entry point
+from . import cli
+__all__ = [
+    "CryptoLogin",
+    "CryptoEngine",
+    "UserManager",
+    "DataVault",
+    "SQLiteStorage",
+    "MemoryStorage",
+    "CryptoLoginError",
+    "CryptoError",
+    "InvalidSecretError",
+    "DecryptionError",
+    "IntegrityError",
+    "UserNotFoundError",
+    "UserAlreadyExistsError",
+    "AuthenticationError",
+    "DataVaultError",
+    "get_settings",
+    "Settings",
+    "app",
+    "__version__",
+    "cli",
+]

cryptologin/api/__init__.py ADDED Viewed

@@ -0,0 +1,7 @@
+# TODO: Implement logic
+def main():
+    pass
+if __name__ == '__main__':
+    main()

cryptologin/api/dependencies.py ADDED Viewed

@@ -0,0 +1,113 @@
+"""
+Dépendances pour l'API CryptoLogin
+"""
+from typing import Optional
+from fastapi import Request, HTTPException, status, Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.responses import JSONResponse
+from ..core.user_manager import UserManager
+from ..storage.sqlite import SQLiteStorage
+from ..config import get_settings, Settings
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+from slowapi.errors import RateLimitExceeded
+# Singleton pour UserManager
+_user_manager_instance = None
+_storage_instance = None
+# ============================================================
+# STORAGE - Singleton
+# ============================================================
+def get_storage(settings: Settings = Depends(get_settings)) -> SQLiteStorage:
+    """Retourne l'instance de stockage (Singleton)."""
+    global _storage_instance
+    if _storage_instance is None:
+        db_path = settings.DATABASE_URL.replace("sqlite:///", "")
+        _storage_instance = SQLiteStorage(db_path=db_path, auto_migrate=True)
+    return _storage_instance
+# ============================================================
+# USER MANAGER - Singleton
+# ============================================================
+def get_user_manager(storage: SQLiteStorage = Depends(get_storage)) -> UserManager:
+    """Retourne l'instance du UserManager (Singleton)."""
+    global _user_manager_instance
+    if _user_manager_instance is None:
+        _user_manager_instance = UserManager(storage=storage, session_duration_hours=24)
+    return _user_manager_instance
+# ============================================================
+# AUTHENTIFICATION
+# ============================================================
+security = HTTPBearer(auto_error=False)
+async def get_current_user(
+    request: Request,
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(security),
+    user_manager: UserManager = Depends(get_user_manager)
+) -> str:
+    """
+    Valide la session et retourne l'ID utilisateur.
+    """
+    if not credentials:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    user_id = credentials.credentials
+    # Vérifier la session
+    if not user_manager.validate_session(user_id):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or expired session",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return user_id
+# ============================================================
+# RATE LIMITING
+# ============================================================
+limiter = Limiter(key_func=get_remote_address)
+def get_limiter() -> Limiter:
+    """Retourne l'instance du rate limiter."""
+    return limiter
+def rate_limit_exceeded_handler(request: Request, exc: RateLimitExceeded) -> JSONResponse:
+    """
+    Gestionnaire personnalisé pour les erreurs de rate limiting.
+    """
+    return JSONResponse(
+        status_code=status.HTTP_429_TOO_MANY_REQUESTS,
+        content={
+            "error": "Rate limit exceeded",
+            "detail": f"Too many requests. Please wait {exc.retry_after} seconds.",
+            "status_code": status.HTTP_429_TOO_MANY_REQUESTS,
+            "retry_after": exc.retry_after
+        }
+    )
+# Réinitialiser les singletons pour les tests
+def reset_singletons():
+    """Réinitialise les singletons (pour les tests)."""
+    global _user_manager_instance, _storage_instance
+    _user_manager_instance = None
+    _storage_instance = None

cryptologin/api/models.py ADDED Viewed

@@ -0,0 +1,133 @@
+"""
+Modèles Pydantic pour l'API CryptoLogin - Version Pydantic v2
+"""
+from pydantic import BaseModel, Field, field_validator
+from typing import Optional, Dict, Any
+from datetime import datetime
+# ============================================================
+# REQUESTS
+# ============================================================
+class RegisterRequest(BaseModel):
+    """Requête d'enregistrement."""
+    master_secret: str = Field(..., min_length=32, description="Secret maître de l'utilisateur")
+    user_data: Optional[Dict[str, Any]] = Field(default=None, description="Données initiales de l'utilisateur")
+    @field_validator('master_secret')
+    @classmethod
+    def validate_secret(cls, v: str) -> str:
+        if len(v) < 32:
+            raise ValueError('Master secret must be at least 32 characters')
+        return v
+class LoginInitRequest(BaseModel):
+    """Requête d'initiation de login."""
+    master_secret: str = Field(..., min_length=32, description="Secret maître de l'utilisateur")
+    @field_validator('master_secret')
+    @classmethod
+    def validate_secret(cls, v: str) -> str:
+        if len(v) < 32:
+            raise ValueError('Master secret must be at least 32 characters')
+        return v
+class LoginVerifyRequest(BaseModel):
+    """Requête de vérification de login."""
+    master_secret: str = Field(..., min_length=32, description="Secret maître de l'utilisateur")
+    challenge_response: str = Field(..., description="Réponse au challenge (déchiffré)")
+    @field_validator('master_secret')
+    @classmethod
+    def validate_secret(cls, v: str) -> str:
+        if len(v) < 32:
+            raise ValueError('Master secret must be at least 32 characters')
+        return v
+class UpdateDataRequest(BaseModel):
+    """Requête de mise à jour des données."""
+    master_secret: str = Field(..., min_length=32, description="Secret maître de l'utilisateur")
+    data: Dict[str, Any] = Field(..., description="Nouvelles données")
+    @field_validator('master_secret')
+    @classmethod
+    def validate_secret(cls, v: str) -> str:
+        if len(v) < 32:
+            raise ValueError('Master secret must be at least 32 characters')
+        return v
+class RotateSecretRequest(BaseModel):
+    """Requête de rotation de secret."""
+    old_secret: str = Field(..., min_length=32, description="Ancien secret")
+    new_secret: str = Field(..., min_length=32, description="Nouveau secret")
+    @field_validator('old_secret', 'new_secret')
+    @classmethod
+    def validate_secret(cls, v: str) -> str:
+        if len(v) < 32:
+            raise ValueError('Secret must be at least 32 characters')
+        return v
+class DeleteUserRequest(BaseModel):
+    """Requête de suppression d'utilisateur."""
+    master_secret: str = Field(..., min_length=32, description="Secret maître de l'utilisateur")
+    @field_validator('master_secret')
+    @classmethod
+    def validate_secret(cls, v: str) -> str:
+        if len(v) < 32:
+            raise ValueError('Master secret must be at least 32 characters')
+        return v
+# ============================================================
+# RESPONSES
+# ============================================================
+class UserResponse(BaseModel):
+    """Réponse utilisateur."""
+    user_id: str
+    created_at: datetime
+    updated_at: datetime
+    last_activity_at: Optional[datetime]
+    has_data: bool
+    has_vault: bool
+class DataResponse(BaseModel):
+    """Réponse des données."""
+    data: Dict[str, Any]
+    version: str = "1.0"
+class AuthInitResponse(BaseModel):
+    """Réponse d'initiation de login."""
+    challenge: str
+    message: str = "Please decrypt the challenge and submit it with /verify"
+class AuthResponse(BaseModel):
+    """Réponse d'authentification."""
+    user_id: str
+    session_id: str
+    expires_at: datetime
+    message: str = "Authentication successful"
+class MessageResponse(BaseModel):
+    """Réponse de message simple."""
+    message: str
+    success: bool = True
+    data: Optional[Dict[str, Any]] = None
+class ErrorResponse(BaseModel):
+    """Réponse d'erreur."""
+    error: str
+    detail: Optional[str] = None
+    status_code: int

cryptologin/api/routes/__init__.py ADDED Viewed

@@ -0,0 +1,6 @@
+"""
+Package des routes API
+"""
+from . import auth, user, health
+__all__ = ['auth', 'user', 'health']

cryptologin/api/routes/auth.py ADDED Viewed

@@ -0,0 +1,198 @@
+"""
+Routes d'authentification
+"""
+from typing import Any
+from fastapi import APIRouter, Depends, HTTPException, status, Request
+from fastapi.responses import JSONResponse
+from ...core.user_manager import UserManager
+from ...core.exceptions import (
+    UserNotFoundError,
+    UserAlreadyExistsError,
+    AuthenticationError,
+    InvalidSecretError
+)
+from ..models import (
+    RegisterRequest,
+    LoginInitRequest,
+    LoginVerifyRequest,
+    AuthInitResponse,
+    AuthResponse,
+    MessageResponse,
+    ErrorResponse
+)
+from ..dependencies import get_user_manager, get_current_user
+from ..dependencies import limiter as rate_limiter
+router = APIRouter(prefix="/auth", tags=["Authentication"])
+@router.post(
+    "/register",
+    response_model=MessageResponse,
+    responses={
+        400: {"model": ErrorResponse},
+        409: {"model": ErrorResponse},
+        500: {"model": ErrorResponse}
+    }
+)
+@rate_limiter.limit("10/minute")
+async def register(
+    request: Request,  # Ajouté pour rate_limiter
+    user_data: RegisterRequest,
+    user_manager: UserManager = Depends(get_user_manager)
+) -> Any:
+    """Enregistre un nouvel utilisateur."""
+    try:
+        user_id = user_manager.register_user(
+            user_data.master_secret,
+            user_data.user_data or {}
+        )
+        return MessageResponse(
+            message="User registered successfully",
+            data={"user_id": user_id}
+        )
+    except InvalidSecretError as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except UserAlreadyExistsError as e:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail=str(e)
+        )
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Registration failed: {str(e)}"
+        )
+@router.post(
+    "/login/init",
+    response_model=AuthInitResponse,
+    responses={
+        400: {"model": ErrorResponse},
+        401: {"model": ErrorResponse},
+        404: {"model": ErrorResponse},
+        500: {"model": ErrorResponse}
+    }
+)
+@rate_limiter.limit("30/minute")
+async def login_init(
+    request: Request,  # Ajouté pour rate_limiter
+    login_data: LoginInitRequest,
+    user_manager: UserManager = Depends(get_user_manager)
+) -> Any:
+    """Initie le processus de login."""
+    try:
+        challenge = user_manager.initiate_login(login_data.master_secret)
+        return AuthInitResponse(
+            challenge=challenge,
+            message="Please decrypt the challenge and submit it with /verify"
+        )
+    except InvalidSecretError as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except UserNotFoundError as e:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=str(e)
+        )
+    except AuthenticationError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e)
+        )
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Login initiation failed: {str(e)}"
+        )
+@router.post(
+    "/login/verify",
+    response_model=AuthResponse,
+    responses={
+        400: {"model": ErrorResponse},
+        401: {"model": ErrorResponse},
+        404: {"model": ErrorResponse},
+        500: {"model": ErrorResponse}
+    }
+)
+@rate_limiter.limit("30/minute")
+async def login_verify(
+    request: Request,  # Ajouté pour rate_limiter
+    verify_data: LoginVerifyRequest,
+    user_manager: UserManager = Depends(get_user_manager)
+) -> Any:
+    """Vérifie la réponse au challenge et crée une session."""
+    try:
+        session = user_manager.complete_login(
+            verify_data.master_secret,
+            verify_data.challenge_response
+        )
+        return AuthResponse(
+            user_id=session.user_id,
+            session_id=session.user_id,
+            expires_at=session.expires_at,
+            message="Authentication successful"
+        )
+    except InvalidSecretError as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except UserNotFoundError as e:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=str(e)
+        )
+    except AuthenticationError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e)
+        )
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Login verification failed: {str(e)}"
+        )
+@router.post(
+    "/logout",
+    response_model=MessageResponse,
+    responses={
+        401: {"model": ErrorResponse},
+        500: {"model": ErrorResponse}
+    }
+)
+@rate_limiter.limit("60/minute")
+async def logout(
+    request: Request,  # Ajouté pour rate_limiter
+    user_id: str = Depends(get_current_user),
+    user_manager: UserManager = Depends(get_user_manager)
+) -> Any:
+    """Déconnecte l'utilisateur."""
+    try:
+        user_manager.logout(user_id)
+        return MessageResponse(
+            message="Logged out successfully"
+        )
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Logout failed: {str(e)}"
+        )

cryptologin/api/routes/health.py ADDED Viewed

@@ -0,0 +1,59 @@
+"""
+Routes de santé - Pas de rate limiting nécessaire
+"""
+from typing import Any
+from fastapi import APIRouter, Depends, status
+from pydantic import BaseModel
+from datetime import datetime
+from ...config import get_settings, Settings
+from ...storage.sqlite import SQLiteStorage
+from ..dependencies import get_storage
+router = APIRouter(prefix="/health", tags=["Health"])
+class HealthResponse(BaseModel):
+    """Réponse de santé."""
+    status: str
+    version: str
+    timestamp: str
+    database: str
+    uptime: str
+class ReadyResponse(BaseModel):
+    """Réponse de disponibilité."""
+    ready: bool
+    database: bool
+@router.get("", response_model=HealthResponse)
+async def health_check(
+    settings: Settings = Depends(get_settings)
+) -> Any:
+    """Vérifie l'état de santé de l'application."""
+    return HealthResponse(
+        status="healthy",
+        version=settings.APP_VERSION,
+        timestamp=datetime.now().isoformat(),
+        database="sqlite",
+        uptime="running"
+    )
+@router.get("/ready", response_model=ReadyResponse)
+async def ready_check(
+    storage: SQLiteStorage = Depends(get_storage)
+) -> Any:
+    """Vérifie si l'application est prête à servir."""
+    try:
+        storage.get_user_count()
+        db_ready = True
+    except Exception:
+        db_ready = False
+    return ReadyResponse(
+        ready=db_ready,
+        database=db_ready
+    )