flwr-nightly 1.9.0.dev20240423__py3-none-any.whl → 1.9.0.dev20240425__py3-none-any.whl

flwr/cli/config_utils.py

@@ -14,49 +14,16 @@
 # ==============================================================================
 """Utility to validate the `pyproject.toml` file."""
 
-import os
 from pathlib import Path
 from typing import Any, Dict, List, Optional, Tuple
 
 import tomli
-import typer
 
 from flwr.common import object_ref
 
 
-def validate_project_dir(project_dir: Path) -> Optional[Dict[str, Any]]:
-    """Check if a Flower App directory is valid."""
-    config = load(str(project_dir / "pyproject.toml"))
-    if config is None:
-        typer.secho(
-            "❌ Project configuration could not be loaded. "
-            "`pyproject.toml` does not exist.",
-            fg=typer.colors.RED,
-            bold=True,
-        )
-        return None
-
-    if not validate(config):
-        typer.secho(
-            "❌ Project configuration is invalid.",
-            fg=typer.colors.RED,
-            bold=True,
-        )
-        return None
-
-    if "publisher" not in config["flower"]:
-        typer.secho(
-            "❌ Project configuration is missing required `publisher` field.",
-            fg=typer.colors.RED,
-            bold=True,
-        )
-        return None
-
-    return config
-
-
 def load_and_validate_with_defaults(
-    path: Optional[str] = None,
+    path: Optional[Path] = None,
 ) -> Tuple[Optional[Dict[str, Any]], List[str], List[str]]:
     """Load and validate pyproject.toml as dict.
 
@@ -70,7 +37,8 @@ def load_and_validate_with_defaults(
 
     if config is None:
         errors = [
-            "Project configuration could not be loaded. pyproject.toml does not exist."
+            "Project configuration could not be loaded. "
+            "`pyproject.toml` does not exist."
         ]
         return (None, errors, [])
 
@@ -90,22 +58,23 @@ def load_and_validate_with_defaults(
     return (config, errors, warnings)
 
 
-def load(path: Optional[str] = None) -> Optional[Dict[str, Any]]:
+def load(path: Optional[Path] = None) -> Optional[Dict[str, Any]]:
     """Load pyproject.toml and return as dict."""
     if path is None:
-        cur_dir = os.getcwd()
-        toml_path = os.path.join(cur_dir, "pyproject.toml")
+        cur_dir = Path.cwd()
+        toml_path = cur_dir / "pyproject.toml"
     else:
         toml_path = path
 
-    if not os.path.isfile(toml_path):
+    if not toml_path.is_file():
         return None
 
-    with open(toml_path, encoding="utf-8") as toml_file:
+    with toml_path.open(encoding="utf-8") as toml_file:
         data = tomli.loads(toml_file.read())
         return data
 
 
+# pylint: disable=too-many-branches
 def validate_fields(config: Dict[str, Any]) -> Tuple[bool, List[str], List[str]]:
     """Validate pyproject.toml fields."""
     errors = []
@@ -127,13 +96,16 @@ def validate_fields(config: Dict[str, Any]) -> Tuple[bool, List[str], List[str]]
 
     if "flower" not in config:
         errors.append("Missing [flower] section")
-    elif "components" not in config["flower"]:
-        errors.append("Missing [flower.components] section")
     else:
-        if "serverapp" not in config["flower"]["components"]:
-            errors.append('Property "serverapp" missing in [flower.components]')
-        if "clientapp" not in config["flower"]["components"]:
-            errors.append('Property "clientapp" missing in [flower.components]')
+        if "publisher" not in config["flower"]:
+            errors.append('Property "publisher" missing in [flower]')
+        if "components" not in config["flower"]:
+            errors.append("Missing [flower.components] section")
+        else:
+            if "serverapp" not in config["flower"]["components"]:
+                errors.append('Property "serverapp" missing in [flower.components]')
+            if "clientapp" not in config["flower"]["components"]:
+                errors.append('Property "clientapp" missing in [flower.components]')
 
     return len(errors) == 0, errors, warnings
 

flwr/cli/new/new.py

@@ -15,6 +15,7 @@
 """Flower command line interface `new` command."""
 
 import os
+import re
 from enum import Enum
 from string import Template
 from typing import Dict, Optional
@@ -86,25 +87,24 @@ def new(
         Optional[MlFramework],
         typer.Option(case_sensitive=False, help="The ML framework to use"),
     ] = None,
+    username: Annotated[
+        Optional[str],
+        typer.Option(case_sensitive=False, help="The Flower username of the author"),
+    ] = None,
 ) -> None:
     """Create new Flower project."""
     if project_name is None:
-        project_name = prompt_text("Please provide project name")
+        project_name = prompt_text("Please provide the project name")
     if not is_valid_project_name(project_name):
         project_name = prompt_text(
             "Please provide a name that only contains "
-            "characters in {'_', 'a-zA-Z', '0-9'}",
+            "characters in {'-', a-zA-Z', '0-9'}",
             predicate=is_valid_project_name,
             default=sanitize_project_name(project_name),
         )
 
-    print(
-        typer.style(
-            f"🔨 Creating Flower project {project_name}...",
-            fg=typer.colors.GREEN,
-            bold=True,
-        )
-    )
+    if username is None:
+        username = prompt_text("Please provide your Flower username")
 
     if framework is not None:
         framework_str = str(framework.value)
@@ -122,19 +122,32 @@ def new(
 
     framework_str = framework_str.lower()
 
+    print(
+        typer.style(
+            f"\n🔨 Creating Flower project {project_name}...",
+            fg=typer.colors.GREEN,
+            bold=True,
+        )
+    )
+
     # Set project directory path
     cwd = os.getcwd()
-    pnl = project_name.lower()
-    project_dir = os.path.join(cwd, pnl)
+    package_name = re.sub(r"[-_.]+", "-", project_name).lower()
+    import_name = package_name.replace("-", "_")
+    project_dir = os.path.join(cwd, package_name)
 
     # List of files to render
     files = {
         ".gitignore": {"template": "app/.gitignore.tpl"},
         "README.md": {"template": "app/README.md.tpl"},
         "pyproject.toml": {"template": f"app/pyproject.{framework_str}.toml.tpl"},
-        f"{pnl}/__init__.py": {"template": "app/code/__init__.py.tpl"},
-        f"{pnl}/server.py": {"template": f"app/code/server.{framework_str}.py.tpl"},
-        f"{pnl}/client.py": {"template": f"app/code/client.{framework_str}.py.tpl"},
+        f"{import_name}/__init__.py": {"template": "app/code/__init__.py.tpl"},
+        f"{import_name}/server.py": {
+            "template": f"app/code/server.{framework_str}.py.tpl"
+        },
+        f"{import_name}/client.py": {
+            "template": f"app/code/client.{framework_str}.py.tpl"
+        },
     }
 
     # Depending on the framework, generate task.py file
@@ -142,9 +155,16 @@ def new(
         MlFramework.PYTORCH.value.lower(),
     ]
     if framework_str in frameworks_with_tasks:
-        files[f"{pnl}/task.py"] = {"template": f"app/code/task.{framework_str}.py.tpl"}
-
-    context = {"project_name": project_name}
+        files[f"{import_name}/task.py"] = {
+            "template": f"app/code/task.{framework_str}.py.tpl"
+        }
+
+    context = {
+        "project_name": project_name,
+        "package_name": package_name,
+        "import_name": import_name.replace("-", "_"),
+        "username": username,
+    }
 
     for file_path, value in files.items():
         render_and_create(

flwr/cli/new/templates/app/README.md.tpl

@@ -8,7 +8,7 @@ pip install .
 
 ## Run (Simulation Engine)
 
-In the `$project_name` directory, use `flwr run` to run a local simulation:
+In the `$import_name` directory, use `flwr run` to run a local simulation:
 
 ```bash
 flwr run

flwr/cli/new/templates/app/code/client.pytorch.py.tpl

@@ -2,7 +2,7 @@
 
 from flwr.client import NumPyClient, ClientApp
 
-from $project_name.task import (
+from $import_name.task import (
     Net,
     DEVICE,
     load_data,

flwr/cli/new/templates/app/code/server.pytorch.py.tpl

@@ -4,7 +4,7 @@ from flwr.common import ndarrays_to_parameters
 from flwr.server import ServerApp, ServerConfig
 from flwr.server.strategy import FedAvg
 
-from $project_name.task import Net, get_weights
+from $import_name.task import Net, get_weights
 
 
 # Initialize model parameters

flwr/cli/new/templates/app/pyproject.numpy.toml.tpl

@@ -3,7 +3,7 @@ requires = ["hatchling"]
 build-backend = "hatchling.build"
 
 [project]
-name = "$project_name"
+name = "$package_name"
 version = "1.0.0"
 description = ""
 authors = [
@@ -18,6 +18,9 @@ dependencies = [
 [tool.hatch.build.targets.wheel]
 packages = ["."]
 
+[flower]
+publisher = "$username"
+
 [flower.components]
-serverapp = "$project_name.server:app"
-clientapp = "$project_name.client:app"
+serverapp = "$import_name.server:app"
+clientapp = "$import_name.client:app"

flwr/cli/new/templates/app/pyproject.pytorch.toml.tpl

@@ -3,7 +3,7 @@ requires = ["hatchling"]
 build-backend = "hatchling.build"
 
 [project]
-name = "$project_name"
+name = "$package_name"
 version = "1.0.0"
 description = ""
 authors = [
@@ -20,6 +20,9 @@ dependencies = [
 [tool.hatch.build.targets.wheel]
 packages = ["."]
 
+[flower]
+publisher = "$username"
+
 [flower.components]
-serverapp = "$project_name.server:app"
-clientapp = "$project_name.client:app"
+serverapp = "$import_name.server:app"
+clientapp = "$import_name.client:app"

flwr/cli/new/templates/app/pyproject.sklearn.toml.tpl

@@ -3,7 +3,7 @@ requires = ["hatchling"]
 build-backend = "hatchling.build"
 
 [project]
-name = "$project_name"
+name = "$package_name"
 version = "1.0.0"
 description = ""
 authors = [
@@ -19,6 +19,9 @@ dependencies = [
 [tool.hatch.build.targets.wheel]
 packages = ["."]
 
+[flower]
+publisher = "$username"
+
 [flower.components]
-serverapp = "$project_name.server:app"
-clientapp = "$project_name.client:app"
+serverapp = "$import_name.server:app"
+clientapp = "$import_name.client:app"

flwr/cli/new/templates/app/pyproject.tensorflow.toml.tpl

@@ -3,7 +3,7 @@ requires = ["hatchling"]
 build-backend = "hatchling.build"
 
 [project]
-name = "$project_name"
+name = "$package_name"
 version = "1.0.0"
 description = ""
 authors = [
@@ -19,6 +19,9 @@ dependencies = [
 [tool.hatch.build.targets.wheel]
 packages = ["."]
 
+[flower]
+publisher = "$username"
+
 [flower.components]
-serverapp = "$project_name.server:app"
-clientapp = "$project_name.client:app"
+serverapp = "$import_name.server:app"
+clientapp = "$import_name.client:app"

flwr/cli/run/run.py

@@ -30,7 +30,7 @@ def run() -> None:
 
     if config is None:
         typer.secho(
-            "Project configuration could not be loaded.\nflower.toml is invalid:\n"
+            "Project configuration could not be loaded.\npyproject.toml is invalid:\n"
             + "\n".join([f"- {line}" for line in errors]),
             fg=typer.colors.RED,
             bold=True,

flwr/cli/utils.py

@@ -14,6 +14,7 @@
 # ==============================================================================
 """Flower command line interface utils."""
 
+import re
 from typing import Callable, List, Optional, cast
 
 import typer
@@ -73,51 +74,51 @@ def prompt_options(text: str, options: List[str]) -> str:
 
 
 def is_valid_project_name(name: str) -> bool:
-    """Check if the given string is a valid Python module name.
+    """Check if the given string is a valid Python project name.
 
-    A valid module name must start with a letter or an underscore, and can only contain
-    letters, digits, and underscores.
+    A valid project name must start with a letter and can only contain letters, digits,
+    and hyphens.
     """
     if not name:
         return False
 
-    # Check if the first character is a letter or underscore
-    if not (name[0].isalpha() or name[0] == "_"):
+    # Check if the first character is a letter
+    if not name[0].isalpha():
         return False
 
-    # Check if the rest of the characters are valid (letter, digit, or underscore)
+    # Check if the rest of the characters are valid (letter, digit, or dash)
     for char in name[1:]:
-        if not (char.isalnum() or char == "_"):
+        if not (char.isalnum() or char in "-"):
             return False
 
     return True
 
 
 def sanitize_project_name(name: str) -> str:
-    """Sanitize the given string to make it a valid Python module name.
+    """Sanitize the given string to make it a valid Python project name.
 
-    This version replaces hyphens with underscores, removes any characters not allowed
-    in Python module names, makes the string lowercase, and ensures it starts with a
-    valid character.
+    This version replaces spaces, dots, slashes, and underscores with dashes, removes
+    any characters not allowed in Python project names, makes the string lowercase, and
+    ensures it starts with a valid character.
     """
-    # Replace '-' with '_'
-    name_with_underscores = name.replace("-", "_").replace(" ", "_")
+    # Replace whitespace with '_'
+    name_with_hyphens = re.sub(r"[ ./_]", "-", name)
 
     # Allowed characters in a module name: letters, digits, underscore
     allowed_chars = set(
-        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_"
+        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-"
     )
 
     # Make the string lowercase
-    sanitized_name = name_with_underscores.lower()
+    sanitized_name = name_with_hyphens.lower()
 
     # Remove any characters not allowed in Python module names
     sanitized_name = "".join(c for c in sanitized_name if c in allowed_chars)
 
     # Ensure the first character is a letter or underscore
-    if sanitized_name and (
+    while sanitized_name and (
         sanitized_name[0].isdigit() or sanitized_name[0] not in allowed_chars
     ):
-        sanitized_name = "_" + sanitized_name
+        sanitized_name = sanitized_name[1:]
 
     return sanitized_name

flwr/client/grpc_client/connection.py

@@ -22,6 +22,8 @@ from pathlib import Path
 from queue import Queue
 from typing import Callable, Iterator, Optional, Tuple, Union, cast
 
+from cryptography.hazmat.primitives.asymmetric import ec
+
 from flwr.common import (
     DEFAULT_TTL,
     GRPC_MAX_MESSAGE_LENGTH,
@@ -56,12 +58,15 @@ def on_channel_state_change(channel_connectivity: str) -> None:
 
 
 @contextmanager
-def grpc_connection(  # pylint: disable=R0915
+def grpc_connection(  # pylint: disable=R0913, R0915
     server_address: str,
     insecure: bool,
     retry_invoker: RetryInvoker,  # pylint: disable=unused-argument
     max_message_length: int = GRPC_MAX_MESSAGE_LENGTH,
     root_certificates: Optional[Union[bytes, str]] = None,
+    authentication_keys: Optional[  # pylint: disable=unused-argument
+        Tuple[ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]
+    ] = None,
 ) -> Iterator[
     Tuple[
         Callable[[], Optional[Message]],

flwr/client/grpc_rere_client/client_interceptor.py

@@ -0,0 +1,150 @@
+# Copyright 2024 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Flower client interceptor."""
+
+
+import base64
+import collections
+from typing import Any, Callable, Optional, Sequence, Tuple, Union
+
+import grpc
+from cryptography.hazmat.primitives.asymmetric import ec
+
+from flwr.common.secure_aggregation.crypto.symmetric_encryption import (
+    bytes_to_public_key,
+    compute_hmac,
+    generate_shared_key,
+    public_key_to_bytes,
+)
+from flwr.proto.fleet_pb2 import (  # pylint: disable=E0611
+    CreateNodeRequest,
+    DeleteNodeRequest,
+    GetRunRequest,
+    PullTaskInsRequest,
+    PushTaskResRequest,
+)
+
+_PUBLIC_KEY_HEADER = "public-key"
+_AUTH_TOKEN_HEADER = "auth-token"
+
+Request = Union[
+    CreateNodeRequest,
+    DeleteNodeRequest,
+    PullTaskInsRequest,
+    PushTaskResRequest,
+    GetRunRequest,
+]
+
+
+def _get_value_from_tuples(
+    key_string: str, tuples: Sequence[Tuple[str, Union[str, bytes]]]
+) -> bytes:
+    value = next((value for key, value in tuples if key == key_string), "")
+    if isinstance(value, str):
+        return value.encode()
+
+    return value
+
+
+class _ClientCallDetails(
+    collections.namedtuple(
+        "_ClientCallDetails", ("method", "timeout", "metadata", "credentials")
+    ),
+    grpc.ClientCallDetails,  # type: ignore
+):
+    """Details for each client call.
+
+    The class will be passed on as the first argument in continuation function.
+    In our case, `AuthenticateClientInterceptor` adds new metadata to the construct.
+    """
+
+
+class AuthenticateClientInterceptor(grpc.UnaryUnaryClientInterceptor):  # type: ignore
+    """Client interceptor for client authentication."""
+
+    def __init__(
+        self,
+        private_key: ec.EllipticCurvePrivateKey,
+        public_key: ec.EllipticCurvePublicKey,
+    ):
+        self.private_key = private_key
+        self.public_key = public_key
+        self.shared_secret: Optional[bytes] = None
+        self.server_public_key: Optional[ec.EllipticCurvePublicKey] = None
+        self.encoded_public_key = base64.urlsafe_b64encode(
+            public_key_to_bytes(self.public_key)
+        )
+
+    def intercept_unary_unary(
+        self,
+        continuation: Callable[[Any, Any], Any],
+        client_call_details: grpc.ClientCallDetails,
+        request: Request,
+    ) -> grpc.Call:
+        """Flower client interceptor.
+
+        Intercept unary call from client and add necessary authentication header in the
+        RPC metadata.
+        """
+        metadata = []
+        postprocess = False
+        if client_call_details.metadata is not None:
+            metadata = list(client_call_details.metadata)
+
+        # Always add the public key header
+        metadata.append(
+            (
+                _PUBLIC_KEY_HEADER,
+                self.encoded_public_key,
+            )
+        )
+
+        if isinstance(request, CreateNodeRequest):
+            postprocess = True
+        elif isinstance(
+            request,
+            (DeleteNodeRequest, PullTaskInsRequest, PushTaskResRequest, GetRunRequest),
+        ):
+            if self.shared_secret is None:
+                raise RuntimeError("Failure to compute hmac")
+
+            metadata.append(
+                (
+                    _AUTH_TOKEN_HEADER,
+                    base64.urlsafe_b64encode(
+                        compute_hmac(
+                            self.shared_secret, request.SerializeToString(True)
+                        )
+                    ),
+                )
+            )
+
+        client_call_details = _ClientCallDetails(
+            client_call_details.method,
+            client_call_details.timeout,
+            metadata,
+            client_call_details.credentials,
+        )
+
+        response = continuation(client_call_details, request)
+        if postprocess:
+            server_public_key_bytes = base64.urlsafe_b64decode(
+                _get_value_from_tuples(_PUBLIC_KEY_HEADER, response.initial_metadata())
+            )
+            self.server_public_key = bytes_to_public_key(server_public_key_bytes)
+            self.shared_secret = generate_shared_key(
+                self.private_key, self.server_public_key
+            )
+        return response

flwr/client/grpc_rere_client/connection.py

@@ -21,7 +21,10 @@ from contextlib import contextmanager
 from copy import copy
 from logging import DEBUG, ERROR
 from pathlib import Path
-from typing import Callable, Iterator, Optional, Tuple, Union, cast
+from typing import Callable, Iterator, Optional, Sequence, Tuple, Union, cast
+
+import grpc
+from cryptography.hazmat.primitives.asymmetric import ec
 
 from flwr.client.heartbeat import start_ping_loop
 from flwr.client.message_handler.message_handler import validate_out_message
@@ -52,6 +55,8 @@ from flwr.proto.fleet_pb2_grpc import FleetStub  # pylint: disable=E0611
 from flwr.proto.node_pb2 import Node  # pylint: disable=E0611
 from flwr.proto.task_pb2 import TaskIns  # pylint: disable=E0611
 
+from .client_interceptor import AuthenticateClientInterceptor
+
 
 def on_channel_state_change(channel_connectivity: str) -> None:
     """Log channel connectivity."""
@@ -59,12 +64,15 @@ def on_channel_state_change(channel_connectivity: str) -> None:
 
 
 @contextmanager
-def grpc_request_response(  # pylint: disable=R0914, R0915
+def grpc_request_response(  # pylint: disable=R0913, R0914, R0915
     server_address: str,
     insecure: bool,
     retry_invoker: RetryInvoker,
     max_message_length: int = GRPC_MAX_MESSAGE_LENGTH,  # pylint: disable=W0613
     root_certificates: Optional[Union[bytes, str]] = None,
+    authentication_keys: Optional[
+        Tuple[ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]
+    ] = None,
 ) -> Iterator[
     Tuple[
         Callable[[], Optional[Message]],
@@ -109,11 +117,18 @@ def grpc_request_response(  # pylint: disable=R0914, R0915
     if isinstance(root_certificates, str):
         root_certificates = Path(root_certificates).read_bytes()
 
+    interceptors: Optional[Sequence[grpc.UnaryUnaryClientInterceptor]] = None
+    if authentication_keys is not None:
+        interceptors = AuthenticateClientInterceptor(
+            authentication_keys[0], authentication_keys[1]
+        )
+
     channel = create_channel(
         server_address=server_address,
         insecure=insecure,
         root_certificates=root_certificates,
         max_message_length=max_message_length,
+        interceptors=interceptors,
     )
     channel.subscribe(on_channel_state_change)
 

flwr/client/rest_client/connection.py

@@ -23,6 +23,7 @@ from copy import copy
 from logging import ERROR, INFO, WARN
 from typing import Callable, Iterator, Optional, Tuple, Type, TypeVar, Union
 
+from cryptography.hazmat.primitives.asymmetric import ec
 from google.protobuf.message import Message as GrpcMessage
 
 from flwr.client.heartbeat import start_ping_loop
@@ -74,7 +75,7 @@ T = TypeVar("T", bound=GrpcMessage)
 
 
 @contextmanager
-def http_request_response(  # pylint: disable=R0914, R0915
+def http_request_response(  # pylint: disable=,R0913, R0914, R0915
     server_address: str,
     insecure: bool,  # pylint: disable=unused-argument
     retry_invoker: RetryInvoker,
@@ -82,6 +83,9 @@ def http_request_response(  # pylint: disable=R0914, R0915
     root_certificates: Optional[
         Union[bytes, str]
     ] = None,  # pylint: disable=unused-argument
+    authentication_keys: Optional[  # pylint: disable=unused-argument
+        Tuple[ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]
+    ] = None,
 ) -> Iterator[
     Tuple[
         Callable[[], Optional[Message]],