fastapi-async-auth-kit 0.1.0__py3-none-any.whl

fastapi_async_auth_kit-0.1.0.dist-info/METADATA

@@ -0,0 +1,21 @@
+Metadata-Version: 2.4
+Name: fastapi-async-auth-kit
+Version: 0.1.0
+Summary: Async FastAPI auth with JWT, refresh tokens, logout
+Author-email: Keyurkumar <kmistry1110@gmail.com>
+Requires-Python: >=3.8
+License-File: LICENSE
+Requires-Dist: fastapi
+Requires-Dist: pydantic
+Requires-Dist: python-jose
+Requires-Dist: argon2-cffi
+Requires-Dist: sqlalchemy>=2.0
+Provides-Extra: postgres
+Requires-Dist: asyncpg; extra == "postgres"
+Provides-Extra: mysql
+Requires-Dist: aiomysql; extra == "mysql"
+Provides-Extra: sqlite
+Requires-Dist: aiosqlite; extra == "sqlite"
+Provides-Extra: mongodb
+Requires-Dist: motor; extra == "mongodb"
+Dynamic: license-file

fastapi_async_auth_kit-0.1.0.dist-info/RECORD

@@ -0,0 +1,17 @@
+fastapi_async_auth_kit-0.1.0.dist-info/licenses/LICENSE,sha256=_NXHqoXfXIN9cX2fcEQZRjJnIeYAo-1zB8J7LsAihlg,1089
+fastapi_auth_kit/__init__.py,sha256=frlKWesm2oGWoCerX1dxcnIrECX6ZybwpYeeHhv9H-A,228
+fastapi_auth_kit/api/auth.py,sha256=sPsWnMWpnz-Ko6bT3iIvKd70l0skjzBVxZYge899NOI,986
+fastapi_auth_kit/core/config.py,sha256=6sYXF4xW0lNplO2xW5SrnIGeyVekqChYgJRpK3cyqf4,157
+fastapi_auth_kit/core/security.py,sha256=Qs6FHWKPhCSvKQZZeRNNLH7d32g0TAWMtN8FG6jwfEE,817
+fastapi_auth_kit/core/setup.py,sha256=j7cSbyoIzsSu8nWKbMsbdxo9pQBst72rAMv78M3YI1o,451
+fastapi_auth_kit/db/base.py,sha256=jjaKf8nclEwdX8IV7J_jKnB1MgqVSl9yK-KDjKFwOV4,279
+fastapi_auth_kit/db/factory.py,sha256=DomyoHGZiasank4yRR1aRDsGmD2dFLL5vX4fE_qJIDU,295
+fastapi_auth_kit/db/mongo_repo.py,sha256=jKmTXl0yVgLCxCoCqp6c1TxO0bt-KufPG810SrHMrHQ,911
+fastapi_auth_kit/db/sqlalchemy_repo.py,sha256=hb2XQKY3smA5RVjNFBZMszotGqcsO57p325_xT6CmM8,2068
+fastapi_auth_kit/dependencies/auth.py,sha256=4g9zFcSzJ43MHtYRUpC9h-IXsfrNVV6ILx6ECJuh80I,458
+fastapi_auth_kit/schemas/auth.py,sha256=f4Hn3wlYuU1Q7tJozh5CbNy8KMvZol4Uno0b9HE_j0w,1340
+fastapi_auth_kit/services/auth_service.py,sha256=NhkKHUfIJDGc3QYdSrosHnwEdTZXmp2jdO93B8s6QMY,3177
+fastapi_async_auth_kit-0.1.0.dist-info/METADATA,sha256=jqxGzQcr7AFc5yxRYg2wM4OyA6zZ8SmPK5OXr123wY4,661
+fastapi_async_auth_kit-0.1.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+fastapi_async_auth_kit-0.1.0.dist-info/top_level.txt,sha256=LCeW47pupGZVWyFMSeK48VYfdXS-5RF_FeNNX8-tN0A,17
+fastapi_async_auth_kit-0.1.0.dist-info/RECORD,,

fastapi_async_auth_kit-0.1.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

fastapi_async_auth_kit-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 kmistry1110
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

fastapi_async_auth_kit-0.1.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+fastapi_auth_kit

fastapi_auth_kit/__init__.py

@@ -0,0 +1,5 @@
+from fastapi_auth_kit.core.setup import init_auth
+from fastapi_auth_kit.core.config import AuthConfig
+from fastapi_auth_kit.dependencies.auth import get_current_user
+
+__all__ = ["init_auth", "AuthConfig", "get_current_user"]

fastapi_auth_kit/api/auth.py

@@ -0,0 +1,34 @@
+from fastapi import APIRouter, Request, Depends
+from fastapi_auth_kit.schemas.auth import (
+    RegisterRequest,
+    LoginRequest,
+    RefreshRequest,
+    TokenResponse
+)
+from fastapi_auth_kit.dependencies.auth import get_current_user
+
+router = APIRouter()
+
+
+@router.post("/register")
+async def register(req: Request, data: RegisterRequest):
+    return await req.app.state.auth.register(data.username, data.password)
+
+
+@router.post("/login", response_model=TokenResponse)
+async def login(req: Request, data: LoginRequest):
+    return await req.app.state.auth.login(data.username, data.password)
+
+
+@router.post("/refresh")
+async def refresh(req: Request, data: RefreshRequest):
+    return await req.app.state.auth.refresh(data.refresh)
+
+
+@router.post("/logout")
+async def logout(req: Request, data: RefreshRequest):
+    return await req.app.state.auth.logout(data.refresh)
+
+@router.get("/me")
+async def me(user=Depends(get_current_user)):
+    return user

fastapi_auth_kit/core/config.py

@@ -0,0 +1,6 @@
+from pydantic import BaseModel
+
+class AuthConfig(BaseModel):
+    secret_key: str
+    db_url: str
+    db_type: str  # postgres | mysql | sqlite | mongodb

fastapi_auth_kit/core/security.py

@@ -0,0 +1,33 @@
+from passlib.context import CryptContext
+from jose import jwt
+from datetime import datetime, timedelta
+
+pwd = CryptContext(schemes=["argon2"], deprecated="auto")
+
+ALGO = "HS256"
+
+
+def hash_password(password: str) -> str:
+    return pwd.hash(password)
+
+
+def verify_password(password: str, hashed: str) -> bool:
+    valid = pwd.verify(password, hashed)
+
+    if valid and pwd.needs_update(hashed):
+        new_hash = pwd.hash(password)
+
+    return valid
+
+
+def create_token(data, secret, minutes, ttype):
+    payload = data.copy()
+    payload.update({
+        "exp": datetime.utcnow() + timedelta(minutes=minutes),
+        "type": ttype
+    })
+    return jwt.encode(payload, secret, algorithm=ALGO)
+
+
+def decode_token(token, secret):
+    return jwt.decode(token, secret, algorithms=[ALGO])

fastapi_auth_kit/core/setup.py

@@ -0,0 +1,14 @@
+from fastapi_auth_kit.db.factory import get_repo
+from fastapi_auth_kit.services.auth_service import AuthService
+from fastapi_auth_kit.api.auth import router
+from fastapi_auth_kit.dependencies import auth
+
+async def init_auth(app, config):
+    repo = await get_repo(config)
+
+    service = AuthService(repo, config.secret_key)
+
+    auth.SECRET = config.secret_key
+
+    app.state.auth = service
+    app.include_router(router, prefix="/auth")

fastapi_auth_kit/db/base.py

@@ -0,0 +1,6 @@
+class UserRepository:
+    async def get_user(self, username): ...
+    async def create_user(self, username, password): ...
+    async def save_refresh_token(self, token): ...
+    async def is_token_blacklisted(self, token): ...
+    async def blacklist_token(self, token): ...

fastapi_auth_kit/db/factory.py

@@ -0,0 +1,10 @@
+from fastapi_auth_kit.db.sqlalchemy_repo import SQLRepo
+from fastapi_auth_kit.db.mongo_repo import MongoRepo
+
+async def get_repo(config):
+    if config.db_type == "mongodb":
+        return MongoRepo(config.db_url)
+
+    repo = SQLRepo(config.db_url)
+    await repo.init()
+    return repo

fastapi_auth_kit/db/mongo_repo.py

@@ -0,0 +1,27 @@
+from motor.motor_asyncio import AsyncIOMotorClient
+
+class MongoRepo:
+    def __init__(self, url):
+        client = AsyncIOMotorClient(url)
+        db = client["auth"]
+        self.users = db["users"]
+        self.tokens = db["tokens"]
+
+    async def get_user(self, username):
+        return await self.users.find_one({"username": username})
+
+    async def create_user(self, u, p):
+        await self.users.insert_one({"username": u, "password": p})
+
+    async def save_refresh_token(self, token):
+        await self.tokens.insert_one({"token": token, "blacklisted": False})
+
+    async def is_token_blacklisted(self, token):
+        t = await self.tokens.find_one({"token": token})
+        return t and t["blacklisted"]
+
+    async def blacklist_token(self, token):
+        await self.tokens.update_one(
+            {"token": token},
+            {"$set": {"blacklisted": True}}
+        )

fastapi_auth_kit/db/sqlalchemy_repo.py

@@ -0,0 +1,61 @@
+from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession
+from sqlalchemy.orm import sessionmaker, declarative_base
+from sqlalchemy import Column, String, Integer, select
+
+Base = declarative_base()
+
+class User(Base):
+    __tablename__ = "users"
+    id = Column(Integer, primary_key=True)
+    username = Column(String, unique=True)
+    password = Column(String)
+
+class Token(Base):
+    __tablename__ = "tokens"
+    token = Column(String, primary_key=True)
+    blacklisted = Column(Integer, default=0)
+
+
+class SQLRepo:
+    def __init__(self, url):
+        self.engine = create_async_engine(url, future=True)
+        self.Session = sessionmaker(
+            self.engine,
+            class_=AsyncSession,
+            expire_on_commit=False
+        )
+
+    async def init(self):
+        async with self.engine.begin() as conn:
+            await conn.run_sync(Base.metadata.create_all)
+
+    async def get_user(self, username):
+        async with self.Session() as db:
+            res = await db.execute(select(User).where(User.username == username))
+            return res.scalar_one_or_none()
+
+    async def create_user(self, u, p):
+        async with self.Session() as db:
+            user = User(username=u, password=p)
+            db.add(user)
+            await db.commit()
+            return user
+
+    async def save_refresh_token(self, token):
+        async with self.Session() as db:
+            db.add(Token(token=token))
+            await db.commit()
+
+    async def is_token_blacklisted(self, token):
+        async with self.Session() as db:
+            res = await db.execute(select(Token).where(Token.token == token))
+            t = res.scalar_one_or_none()
+            return t and t.blacklisted == 1
+
+    async def blacklist_token(self, token):
+        async with self.Session() as db:
+            res = await db.execute(select(Token).where(Token.token == token))
+            t = res.scalar_one_or_none()
+            if t:
+                t.blacklisted = 1
+                await db.commit()

fastapi_auth_kit/dependencies/auth.py

@@ -0,0 +1,14 @@
+from fastapi import Depends, HTTPException
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi_auth_kit.core.security import decode_token
+
+security = HTTPBearer()
+
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Depends(security)
+):
+    try:
+        token = credentials.credentials
+        return decode_token(token, SECRET)
+    except:
+        raise HTTPException(401, "Invalid token")

fastapi_auth_kit/schemas/auth.py

@@ -0,0 +1,49 @@
+from pydantic import BaseModel, Field, field_validator
+import re
+
+
+USERNAME_REGEX = r"^[a-zA-Z][a-zA-Z0-9_]{2,29}$"
+PASSWORD_REGEX = r"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&]).{8,}$"
+
+
+class RegisterRequest(BaseModel):
+    username: str = Field(
+        ...,
+        description="3-30 chars, letters/numbers/_ only, must start with letter"
+    )
+    password: str = Field(
+        ...,
+        description="Min 8 chars, include uppercase, lowercase, number, special char"
+    )
+
+    @field_validator("username")
+    @classmethod
+    def validate_username(cls, v):
+        if not re.match(USERNAME_REGEX, v):
+            raise ValueError(
+                "Username must be 3-30 chars, start with letter, and contain only letters, numbers, underscores"
+            )
+        return v
+
+    @field_validator("password")
+    @classmethod
+    def validate_password(cls, v):
+        if not re.match(PASSWORD_REGEX, v):
+            raise ValueError(
+                "Password must be at least 8 characters long and include uppercase, lowercase, number, and special character"
+            )
+        return v
+
+
+class LoginRequest(BaseModel):
+    username: str
+    password: str
+
+
+class RefreshRequest(BaseModel):
+    refresh: str
+
+
+class TokenResponse(BaseModel):
+    access: str
+    refresh: str

fastapi_auth_kit/services/auth_service.py

@@ -0,0 +1,100 @@
+from fastapi import HTTPException, status
+from fastapi_auth_kit.core.security import *
+
+class AuthService:
+    def __init__(self, repo, secret):
+        self.repo = repo
+        self.secret = secret
+
+    async def register(self, username: str, password: str):
+        existing_user = await self.repo.get_user(username)
+
+        if existing_user:
+            raise HTTPException(
+                status_code=status.HTTP_409_CONFLICT,
+                detail="User already exists"
+            )
+
+        user = await self.repo.create_user(
+            username,
+            hash_password(password)
+        )
+
+        return {
+            "message": "User registered successfully",
+            "username": username
+        }
+
+    async def login(self, username: str, password: str):
+        user = await self.repo.get_user(username)
+
+        if not user or not verify_password(password, user.password):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid username or password"
+            )
+
+        access = create_token({"sub": username}, self.secret, 15, "access")
+        refresh = create_token({"sub": username}, self.secret, 60*24, "refresh")
+
+        await self.repo.save_refresh_token(refresh)
+
+        return {
+            "access": access,
+            "refresh": refresh
+        }
+
+    async def refresh(self, token: str):
+        try:
+            data = decode_token(token, self.secret)
+        except Exception:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid or expired refresh token"
+            )
+
+        if data.get("type") != "refresh":
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid token type (expected refresh token)"
+            )
+
+        if await self.repo.is_token_blacklisted(token):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Token has been revoked (logout)"
+            )
+
+        return {
+            "access": create_token(
+                {"sub": data["sub"]},
+                self.secret,
+                15,
+                "access"
+            )
+        }
+
+    async def logout(self, token: str):
+        try:
+            data = decode_token(token, self.secret)
+        except Exception:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid or expired refresh token"
+            )
+
+        if data.get("type") != "refresh":
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid token type"
+            )
+
+        if await self.repo.is_token_blacklisted(token):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Token already logged out"
+            )
+
+        await self.repo.blacklist_token(token)
+
+        return {"message": "Logged out successfully"}