fal 0.12.2__py3-none-any.whl → 0.12.4__py3-none-any.whl

fal/auth/__init__.py

@@ -62,7 +62,7 @@ def _fetch_access_token() -> str:
 
         if access_token is not None:
             try:
-                auth0.validate_access_token(access_token)
+                auth0.verify_access_token_expiration(access_token)
                 return access_token
             except:
                 # access_token expired, will refresh
@@ -85,10 +85,12 @@ def _fetch_access_token() -> str:
 class UserAccess:
     _access_token: str | None = field(repr=False, default=None)
     _user_info: dict | None = field(repr=False, default=None)
+    _exc: Exception | None = field(repr=False, default=None)
 
     def invalidate(self) -> None:
         self._access_token = None
         self._user_info = None
+        self._exc = None
 
     @property
     def info(self) -> dict:
@@ -99,8 +101,18 @@ class UserAccess:
 
     @property
     def access_token(self) -> str:
+        if self._exc is not None:
+            # We access this several times, so we want to raise the
+            # original exception instead of the newer exceptions we
+            # would get from the effects of the original exception.
+            raise self._exc
+
         if self._access_token is None:
-            self._access_token = _fetch_access_token()
+            try:
+                self._access_token = _fetch_access_token()
+            except Exception as e:
+                self._exc = e
+                raise
 
         return self._access_token
 

fal/auth/auth0.py

@@ -1,14 +1,11 @@
 from __future__ import annotations
 
+import functools
 import time
 import warnings
 
 import click
-import requests
-from auth0.authentication.token_verifier import (
-    AsymmetricSignatureVerifier,
-    TokenVerifier,
-)
+import httpx
 
 from fal.console import console
 from fal.console.icons import CHECK_ICON
@@ -54,7 +51,7 @@ def login() -> dict:
         "client_id": AUTH0_CLIENT_ID,
         "scope": AUTH0_SCOPE,
     }
-    device_code_response = requests.post(
+    device_code_response = httpx.post(
         f"https://{AUTH0_DOMAIN}/oauth/device/code", data=device_code_payload
     )
 
@@ -81,7 +78,7 @@ def login() -> dict:
 
     with console.status("Waiting for confirmation...") as status:
         while True:
-            token_response = requests.post(
+            token_response = httpx.post(
                 f"https://{AUTH0_DOMAIN}/oauth/token", data=token_payload
             )
 
@@ -109,14 +106,12 @@ def refresh(token: str) -> dict:
         "refresh_token": token,
     }
 
-    token_response = requests.post(
+    token_response = httpx.post(
         f"https://{AUTH0_DOMAIN}/oauth/token", data=token_payload
     )
 
     token_data = token_response.json()
     if token_response.status_code == 200:
-        # DEBUG: print("Authenticated!")
-
         validate_id_token(token_data["id_token"])
 
         return token_data
@@ -130,7 +125,7 @@ def revoke(token: str):
         "token": token,
     }
 
-    token_response = requests.post(
+    token_response = httpx.post(
         f"https://{AUTH0_DOMAIN}/oauth/revoke", data=token_payload
     )
 
@@ -142,7 +137,7 @@ def revoke(token: str):
 
 
 def get_user_info(bearer_token: str) -> dict:
-    userinfo_response = requests.post(
+    userinfo_response = httpx.post(
         f"https://{AUTH0_DOMAIN}/userinfo",
         headers={"Authorization": bearer_token},
     )
@@ -153,30 +148,44 @@ def get_user_info(bearer_token: str) -> dict:
     return userinfo_response.json()
 
 
+@functools.lru_cache
+def build_jwk_client():
+    from jwt import PyJWKClient
+
+    return PyJWKClient(AUTH0_JWKS_URL, cache_keys=True)
+
+
 def validate_id_token(token: str):
     """
-    Verify the token and its precedence.
-    `id_token`s are intended for the client (this sdk) only.
-    Never send one to another service.
-
-    :param id_token:
+    id_token is intended for the client (this sdk) only. Never send one to another service.
     """
-    sv = AsymmetricSignatureVerifier(AUTH0_JWKS_URL)
-    tv = TokenVerifier(
-        signature_verifier=sv,
+    from jwt import decode
+
+    jwk_client = build_jwk_client()
+
+    decode(
+        token,
+        key=jwk_client.get_signing_key_from_jwt(token).key,
+        algorithms=AUTH0_ALGORITHMS,
         issuer=AUTH0_ISSUER,
         audience=AUTH0_CLIENT_ID,
+        leeway=60,  # 1 minute, to account for clock skew
+        options={
+            "verify_signature": True,
+            "verify_exp": True,
+            "verify_iat": True,
+            "verify_aud": True,
+            "verify_iss": True,
+        },
     )
-    tv.verify(token)
-
 
-def validate_access_token(token: str):
-    from datetime import timedelta
 
+def verify_access_token_expiration(token: str):
     from jwt import decode
 
+    leeway = 60 * 30 * 60  # 30 minutes
     decode(
         token,
-        leeway=timedelta(minutes=-30),  # Mark as expired some time before it expires
+        leeway=-leeway,  # negative to consider expired before actual expiration
         options={"verify_exp": True, "verify_signature": False},
     )

fal/cli.py

@@ -29,7 +29,7 @@ PORT_ENVVAR = "FAL_PORT"
 DEBUG_ENABLED = False
 
 
-log = get_logger(__name__)
+logger = get_logger(__name__)
 
 
 class ExecutionInfo:
@@ -63,13 +63,13 @@ class MainGroup(click.Group):
             qualified_name, attributes={"invocation_id": invocation_id}
         ):
             try:
-                log.debug(
+                logger.debug(
                     f"Executing command: {qualified_name}",
                     command=qualified_name,
                 )
                 return super().invoke(ctx)
             except Exception as exception:
-                log.error(exception)
+                logger.error(exception)
                 if execution_info.debug:
                     # Here we supress detailed errors on click lines because
                     # they're mostly decorator calls, irrelevant to the dev's error tracing
@@ -123,7 +123,10 @@ class AliasCommand(click.Command):
         return self._wrapped.__getattribute__(__name)
 
 
-@click.group(cls=MainGroup)
+@click.group(
+    cls=MainGroup,
+    context_settings={"allow_interspersed_args": True},
+)
 @click.option(
     "--debug", is_flag=True, help="Enable detailed errors and verbose logging."
 )
@@ -468,6 +471,7 @@ def alias_list_runners(
     table.add_column("Runner ID")
     table.add_column("In Flight Requests")
     table.add_column("Expires in")
+    table.add_column("Uptime")
 
     for runner in runners:
         table.add_row(
@@ -478,6 +482,7 @@ def alias_list_runners(
                 if not runner.expiration_countdown
                 else f"{runner.expiration_countdown}s"
             ),
+            f"{runner.uptime} ({runner.uptime.total_seconds()}s)",
         )
 
     console.print(table)

fal/env.py

@@ -1,7 +1,3 @@
 from __future__ import annotations
 
 CLI_ENV = "prod"
-
-DATADOG_API_KEY = "pub4cd6a1c4763c93ad5af2740b2d931145"
-DATADOG_APP_KEY = "4981bae640864a409dcfaddd69c2a157523b1585"
-

fal/flags.py

@@ -30,3 +30,4 @@ FAL_RUN_HOST = (
 )
 
 FORCE_SETUP = bool_envvar("FAL_FORCE_SETUP")
+DONT_OPEN_LINKS = bool_envvar("FAL_DONT_OPEN_LINKS")

fal/logging/__init__.py

@@ -5,7 +5,6 @@ from typing import Any
 import structlog
 from structlog.typing import EventDict, WrappedLogger
 
-from .datadog import submit_to_datadog
 from .style import LEVEL_STYLES
 from .user import add_user_id
 
@@ -45,7 +44,6 @@ structlog.configure(
         structlog.processors.TimeStamper(fmt="%Y-%m-%d %H:%M:%S"),
         structlog.processors.StackInfoRenderer(),
         add_user_id,
-        submit_to_datadog,
         _console_log_output,
     ],
     wrapper_class=structlog.stdlib.BoundLogger,

fal/logging/trace.py

@@ -7,6 +7,10 @@ from grpc_interceptor import ClientCallDetails, ClientInterceptor
 from opentelemetry import trace
 from opentelemetry.sdk.trace import TracerProvider
 
+from fal.logging import get_logger
+
+logger = get_logger(__name__)
+
 provider = TracerProvider()
 # The line below can be used in dev to inspect opentelemetry result
 # It must be imported from opentelemetry.sdk.trace.export
@@ -41,6 +45,7 @@ class TraceContextInterceptor(ClientInterceptor):
         call_details: ClientCallDetails,
     ):
         current_span = get_current_span_context()
+
         if current_span is not None:
             new_details = call_details._replace(
                 metadata=(
@@ -50,5 +55,7 @@ class TraceContextInterceptor(ClientInterceptor):
                     ("x-fal-invocation-id", current_span.invocation_id),
                 )
             )
-            return method(request_or_iterator, new_details)
+            call_details = new_details
+
+        logger.debug("Calling %s", call_details)
         return method(request_or_iterator, call_details)

fal/sdk.py

@@ -29,7 +29,7 @@ FAL_SERVERLESS_DEFAULT_KEEP_ALIVE = 10
 FAL_SERVERLESS_DEFAULT_MAX_MULTIPLEXING = 1
 FAL_SERVERLESS_DEFAULT_MIN_CONCURRENCY = 0
 
-log = get_logger(__name__)
+logger = get_logger(__name__)
 
 patch_dill()
 
@@ -39,8 +39,29 @@ class ServerCredentials:
         raise NotImplementedError
 
     @property
-    def extra_options(self) -> list[tuple[str, str]]:
-        return GRPC_OPTIONS
+    def base_options(self) -> dict[str, str | int]:
+        import json
+
+        grpc_ops: dict[str, str | int] = dict(GRPC_OPTIONS)
+        grpc_ops["grpc.enable_retries"] = 1
+        grpc_ops["grpc.service_config"] = json.dumps(
+            {
+                "methodConfig": [
+                    {
+                        "name": [{}],
+                        "retryPolicy": {
+                            "maxAttempts": 5,
+                            "initialBackoff": "0.1s",
+                            "maxBackoff": "5s",
+                            "backoffMultiplier": 2,
+                            "retryableStatusCodes": ["UNAVAILABLE"],
+                        },
+                    }
+                ]
+            }
+        )
+
+        return grpc_ops
 
 
 class LocalCredentials(ServerCredentials):
@@ -140,7 +161,7 @@ def get_default_credentials() -> Credentials:
 
     key_creds = key_credentials()
     if key_creds:
-        log.debug("Using key credentials")
+        logger.debug("Using key credentials")
         return FalServerlessKeyCredentials(key_creds[0], key_creds[1])
     else:
         return AuthenticatedCredentials()
@@ -183,6 +204,7 @@ class RunnerInfo:
     runner_id: str
     in_flight_requests: int
     expiration_countdown: int
+    uptime: timedelta
 
 
 @dataclass
@@ -270,6 +292,7 @@ def _from_grpc_runner_info(message: isolate_proto.RunnerInfo) -> RunnerInfo:
         runner_id=message.runner_id,
         in_flight_requests=message.in_flight_requests,
         expiration_countdown=message.expiration_countdown,
+        uptime=timedelta(seconds=message.uptime),
     )
 
 
@@ -346,10 +369,14 @@ class FalServerlessConnection:
         if self._stub:
             return self._stub
 
-        options = self.credentials.server_credentials.extra_options
+        options = self.credentials.server_credentials.base_options
         channel_creds = self.credentials.to_grpc()
         channel = self._stack.enter_context(
-            grpc.secure_channel(self.hostname, channel_creds, options)
+            grpc.secure_channel(
+                target=self.hostname,
+                credentials=channel_creds,
+                options=list(options.items()),
+            )
         )
         channel = grpc.intercept_channel(channel, TraceContextInterceptor())
         self._stub = isolate_proto.IsolateControllerStub(channel)

fal/toolkit/__init__.py

@@ -12,3 +12,19 @@ from fal.toolkit.utils import (
     download_file,
     download_model_weights,
 )
+
+__all__ = [
+    "CompressedFile",
+    "File",
+    "Image",
+    "ImageSizeInput",
+    "get_image_size",
+    "mainify",
+    "optimize",
+    "FAL_MODEL_WEIGHTS_DIR",
+    "FAL_PERSISTENT_DIR",
+    "FAL_REPOSITORY_DIR",
+    "clone_repository",
+    "download_file",
+    "download_model_weights",
+]