PyPI - fasthtml-auth - Versions diffs - 0.1.0__py3-none-any.whl - Mend

fasthtml-auth 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

fasthtml_auth/__init__.py +31 -0
fasthtml_auth/database.py +34 -0
fasthtml_auth/forms.py +388 -0
fasthtml_auth/init.py +0 -0
fasthtml_auth/manager.py +78 -0
fasthtml_auth/middleware.py +105 -0
fasthtml_auth/models.py +76 -0
fasthtml_auth/repository.py +113 -0
fasthtml_auth/routes.py +203 -0
fasthtml_auth/utils.py +45 -0
fasthtml_auth-0.1.0.dist-info/METADATA +413 -0
fasthtml_auth-0.1.0.dist-info/RECORD +15 -0
fasthtml_auth-0.1.0.dist-info/WHEEL +5 -0
fasthtml_auth-0.1.0.dist-info/licenses/LICENSE +21 -0
fasthtml_auth-0.1.0.dist-info/top_level.txt +1 -0

fasthtml_auth/models.py ADDED Viewed

@@ -0,0 +1,76 @@
+# auth/models.py
+from dataclasses import dataclass
+import bcrypt
+from typing import Optional
+from datetime import datetime
+@dataclass
+class User:
+    id: int|None = None
+    username: str|None = None
+    email: str|None = None
+    password: str|None = None
+    role: str = "user"
+    created_at: str = ""
+    last_login: str = ""
+    active: bool = True
+    # Define primary key for fastlite
+    pk = "id"
+    @classmethod
+    def get_hashed_password(cls, password: str) -> str:
+        """Hash a password using bcrypt"""
+        try:
+            if not password:
+                raise ValueError("Password cannot be empty")
+            # Use bcrypt directly instead of passlib to avoid version issues
+            salt = bcrypt.gensalt()
+            hashed = bcrypt.hashpw(password.encode('utf-8'), salt)
+            return hashed.decode('utf-8')
+        except Exception as e:
+            print(f"Error hashing password: {e}")
+            raise
+    @classmethod
+    def is_hashed(cls, pwd: str) -> bool:
+        """Check if password is already hashed (bcrypt hashes start with $2b$)"""
+        return pwd and pwd.startswith('$2b$') and len(pwd) == 60
+    @classmethod
+    def verify_password(cls, pwd: str, hashed: str) -> bool:
+        """Verify password against hash"""
+        try:
+            if not pwd or not hashed:
+                return False
+            return bcrypt.checkpw(pwd.encode('utf-8'), hashed.encode('utf-8'))
+        except Exception as e:
+            print(f"Error verifying password: {e}")
+            return False
+    def __post_init__(self):
+        """Initialize timestamps and hash password if needed"""
+        # Hash password if not already hashed
+        if self.password and not self.is_hashed(self.password):
+            print(f"Hashing password for user: {self.username}")
+            self.password = self.get_hashed_password(self.password)
+        # Initialize timestamps if not set
+        now = datetime.now().isoformat()
+        if not self.created_at:
+            self.created_at = now
+        if not self.last_login:
+            self.last_login = now
+@dataclass
+class Session:
+    """Pure Session model"""
+    id: str
+    user_id: int
+    data: dict
+    expires_at: str
+    created_at: str
+    # Define primary key for fastlite
+    pk = 'id'

fasthtml_auth/repository.py ADDED Viewed

@@ -0,0 +1,113 @@
+from typing import Optional
+from datetime import datetime
+from fasthtml_auth.models import User
+class UserRepository:
+    """Handles all database operations for users"""
+    def __init__(self, db):
+        self.db = db
+        self.users = db.t.user
+    def _dict_to_user(self, user_dict) -> User:
+        """Convert dictionary from database to User object"""
+        if isinstance(user_dict, User):
+            return user_dict
+        return User(
+            id=user_dict.get('id'),
+            username=user_dict['username'],
+            email=user_dict['email'],
+            password=user_dict['password'],
+            role=user_dict.get('role', 'user'),
+            created_at=user_dict.get('created_at', ''),
+            last_login=user_dict.get('last_login', ''),
+            active=user_dict.get('active', True)
+        )
+    def get_by_username(self, username: str) -> Optional[User]:
+        """Get user by username using parameterized query"""
+        try:
+            user_found = self.users("username=?", (username,))
+            if len(user_found) == 1:
+                if isinstance(user_found[0], User):
+                    return user_found[0]
+                else:
+                    return self._dict_to_user(user_found[0])
+                return user_found[0]  # Return the single user object
+            elif len(user_found) == 0:
+                return None
+            else:
+                raise Exception(f"Multiple users found with username: {username}")
+        except Exception as e:
+            print(f"Error in get_by_username: {e}")
+            return None
+    def get_by_id(self, user_id: int) -> Optional[User]:
+        """Get user by ID"""
+        try:
+            user_dict = self.users[user_id]
+            if user_dict:
+                return self._dict_to_user(user_dict)
+            return None
+        except Exception as e:
+            print(f"Error in get_by_id: {e}")
+            return None
+    def create(self, username: str, email: str, password: str, role: str = "user") -> User:
+        """Create new user.  Note that the dates will be updated by the class -_post_init__ method """
+        user = User(
+            username=username,
+            email=email,
+            password=password,  # Use static method
+            role=role,
+            active=True,
+            created_at="",
+            last_login=""
+        )
+        inserted_user = self.users.insert(user)
+        if isinstance(inserted_user, dict):
+            return self._dict_to_user(inserted_user)
+        else:
+            return inserted_user
+    def authenticate(self, username: str, password: str) -> Optional[User]:
+        """Authenticate user and update last_login"""
+        user = self.get_by_username(username)
+        print(f"User: {user}")
+        if user and user.active and User.verify_password(password, user.password):
+            # Update last_login using the new fastlite approach
+            from datetime import datetime
+            now = datetime.now().isoformat()
+            self.users.update(last_login=now, id=user.id)
+            return user
+        return None
+    def update(self, user_id: int, **kwargs) -> bool:
+        """Update user fields using fastlite kwargs approach"""
+        try:
+            # Hash password if being updated                    # <- NEW
+            if 'password' in kwargs and kwargs['password']:     # <- NEW
+                if not User.is_hashed(kwargs['password']):      # <- NEW
+                    kwargs['password'] = User.get_hashed_password(kwargs['password'])  # <- NEW
+            # Include the primary key in the update kwargs
+            self.users.update(id=user_id, **kwargs)
+            return True
+        except Exception as e:
+            print(f"Error updating user {user_id}: {e}")
+            return False
+    def list_all(self) -> list[User]:
+        """Get all users"""
+        try:
+            users = []
+            for user_dict in self.users():
+                users.append(self._dict_to_user(user_dict))
+            return users
+        except Exception as e:
+            print(f"Error listing users: {e}")
+            return []
+    def verify_password(self, password: str, hashed: str) -> bool:
+        """Verify password against hash - delegates to User class"""
+        return User.verify_password(password, hashed)

fasthtml_auth/routes.py ADDED Viewed

@@ -0,0 +1,203 @@
+# auth/routes.py
+from fasthtml.common import *
+from .forms import create_login_form, create_register_form, create_forgot_password_form, create_profile_form
+class AuthRoutes:
+    """Handles route registration for auth system"""
+    def __init__(self, auth_manager):
+        self.auth = auth_manager
+        self.routes = {}
+    def register_all(self, app, prefix="/auth"):
+        """Register all auth routes"""
+        rt = app.route
+        # Register each route group
+        self._register_login_routes(rt, prefix)
+        self._register_logout_route(rt, prefix)
+        self._register_profile_route(rt, prefix)
+        if self.auth.config.get('allow_registration'):
+            self._register_registration_routes(rt, prefix)
+        if self.auth.config.get('allow_password_reset'):
+            self._register_password_reset_routes(rt, prefix)
+        return self.routes
+    def _register_login_routes(self, rt, prefix):
+        """Register login routes"""
+        # Login routes
+        @rt(f"{prefix}/login", methods=["GET"])
+        def login_page(req):
+            error = req.query_params.get('error')
+            # Get redirect destination from query params
+            redirect_to = req.query_params.get('redirect_to', '/')
+            return Title("Login"), Container(
+                create_login_form(error=error, action=f"{prefix}/login", redirect_to=redirect_to)
+            )
+        self.routes['login_page'] = login_page
+        @rt(f"{prefix}/login", methods=["POST"])
+        async def login_submit(req, sess):
+            form = await req.form()
+            username = form.get('username', '').strip()
+            password = form.get('password', '')
+            # Authenticate
+            user = self.auth.user_repo.authenticate(username, password)
+            if user:
+                # Set session
+                sess['auth'] = user.username
+                sess['user_id'] = user.id
+                sess['role'] = user.role
+                # Redirect to next URL or default
+                redirect_url = form.get('redirect_to', '/')
+                return RedirectResponse(redirect_url, status_code=303)
+            # On failure, preserve the redirect_to parameter
+            redirect_to = form.get('redirect_to', '/')
+            error_url = f"{prefix}/login?error=invalid"
+            if redirect_to != '/':
+                error_url += f"&redirect_to={redirect_to}"
+            return RedirectResponse(error_url, status_code=303)
+        self.routes['login_submit'] = login_submit
+    def _register_logout_route(self, rt, prefix):
+        @rt(f"{prefix}/logout")
+        def logout(sess):
+            sess.clear()
+            return RedirectResponse(f"{prefix}/login", status_code=303)
+        self.routes['logout'] = logout
+    def _register_registration_routes(self, rt, prefix):
+        # Optional: Register route
+        if self.auth.config.get('allow_registration', False):
+            @rt(f"{prefix}/register", methods=["GET"])
+            def register_page(req):
+                error = req.query_params.get("error")
+                return Title("Register"), Container(
+                    create_register_form(error=error, action=f"{prefix}/register")
+                )
+            @rt(f"{prefix}/register", methods=["POST"])
+            async def register_submit(req, sess):
+                form = await req.form()
+                username = form.get('username', '').strip()
+                email = form.get('email', '').strip()
+                password = form.get('password', '')
+                confirm = form.get('confirm_password', '')
+                # Validation
+                if password != confirm:
+                    return RedirectResponse(f"{prefix}/register?error=password_mismatch", status_code=303)
+                if password != confirm:
+                    return RedirectResponse(f"{prefix}/register?error=password_mismatch", status_code=303)
+                # Check if user exists
+                if self.auth.user_repo.get_by_username(username):
+                    return RedirectResponse(f"{prefix}/register?error=username_taken", status_code=303)
+                # Create user
+                try:
+                    user = self.auth.user_repo.create(username, email, password)
+                    if user:
+                        # Auto-login after registration
+                        sess['auth'] = user.username
+                        sess['user_id'] = user.id
+                        sess['role'] = user.role
+                        return RedirectResponse('/', status_code=303)
+                except Exception as e:
+                    print(f"Registration error: {e}")
+                    return RedirectResponse(f"{prefix}/register?error=creation_failed", status_code=303)
+                return RedirectResponse(f"{prefix}/register?error=creation_failed", status_code=303)
+            self.routes['register_page'] = register_page
+            self.routes['register_submit'] = register_submit
+    def _register_password_reset_routes(self, rt, prefix):
+        # Optional: Password reset route
+        if self.auth.config.get('allow_password_reset', False):
+            @rt(f"{prefix}/forgot", methods=["GET"])
+            def forgot_page(req):
+                error = req.query_params.get('error')
+                success = req.query_params.get('success')
+                return Title("Forgot Password"), create_forgot_password_form(
+                    error=error,
+                    success=success,
+                    action=f"{prefix}/forgot"
+                )
+            @rt(f"{prefix}/forgot", methods=["POST"])
+            async def forgot_submit(req):
+                form = await req.form()
+                email = form.get('email', '').strip()
+                # TODO: Implement actual password reset logic
+                # For now, just show success message
+                return RedirectResponse(f"{prefix}/forgot?success=sent", status_code=303)
+            self.routes['forgot_password'] = forgot_page
+            self.routes['forgot_submit'] = forgot_submit
+    def _register_profile_route(self, rt, prefix):
+        # Register route to a profile form
+        @rt(f"{prefix}/profile", methods=["GET"])
+        def profile_page(req):
+            user = req.scope['user']  # Added by beforeware
+            success = req.query_params.get('success')
+            error = req.query_params.get('error')
+            return Title("Profile"), create_profile_form(
+                user=user,
+                success=success,
+                error=error,
+                action=f"{prefix}/profile"
+            )
+        @rt(f"{prefix}/profile", methods=["POST"])
+        async def profile_submit(req):
+            user = req.scope['user']
+            form = await req.form()
+            try:
+                # Update email if changed
+                new_email = form.get('email', '').strip()
+                if new_email and new_email != user.email:
+                    self.auth.user_repo.update(user.id, email=new_email)
+                # Handle password change
+                current_password = form.get('current_password', '')
+                new_password = form.get('new_password', '')
+                confirm_password = form.get('confirm_password', '')
+                if current_password or new_password:
+                    if not current_password:
+                        return RedirectResponse(f"{prefix}/profile?error=Current password required", status_code=303)
+                    if not self.auth.user_repo.verify_password(current_password, user.password):
+                        return RedirectResponse(f"{prefix}/profile?error=Invalid current password", status_code=303)
+                    if new_password != confirm_password:
+                        return RedirectResponse(f"{prefix}/profile?error=New passwords do not match", status_code=303)
+                    if len(new_password) < 8:
+                        return RedirectResponse(f"{prefix}/profile?error=Password must be at least 8 characters", status_code=303)
+                    # Update password (repository will handle hashing)
+                    self.auth.user_repo.update(user.id, password=new_password)
+                return RedirectResponse(f"{prefix}/profile?success=1", status_code=303)
+            except Exception as e:
+                print(f"Profile update error: {e}")
+                return RedirectResponse(f"{prefix}/profile?error=Update failed", status_code=303)
+        self.routes['profile_page'] = profile_page
+        self.routes['profile_submit'] = profile_submit

fasthtml_auth/utils.py ADDED Viewed

@@ -0,0 +1,45 @@
+"""Utility functions for FastHTML-Auth"""
+from typing import Optional
+import secrets
+import string
+import re
+def generate_token(length: int = 32) -> str:
+    """Generate a secure random token for password resets, etc."""
+    alphabet = string.ascii_letters + string.digits
+    return ''.join(secrets.choice(alphabet) for _ in range(length))
+def validate_email(email: str) -> bool:
+    """Basic email validation"""
+    if not email or '@' not in email:
+        return False
+    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
+    return bool(re.match(pattern, email))
+def validate_password(password: str) -> tuple[bool, str]:
+    """
+    Validate password strength
+    Returns: (is_valid, error_message)
+    """
+    if not password:
+        return False, "Password is required"
+    if len(password) < 8:
+        return False, "Password must be at least 8 characters long"
+    # Optional: Add more complexity requirements
+    if not any(c.isdigit() for c in password):
+        return False, "Password must contain at least one number"
+    if not any(c.isupper() for c in password):
+        return False, "Password must contain at least one uppercase letter"
+    return True, ""
+def sanitize_username(username: str) -> str:
+    """Sanitize username to only allow safe characters"""
+    # Only allow alphanumeric and underscore
+    sanitized = re.sub(r'[^a-zA-Z0-9_]', '', username)
+    return sanitized.lower()