hardpy 0.9.0__py3-none-any.whl → 0.10.1__py3-none-any.whl

hardpy/common/stand_cloud/registration.py

@@ -0,0 +1,236 @@
+# Copyright (c) 2024 Everypin
+# GNU General Public License v3.0 (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import annotations
+
+import base64
+import hashlib
+import json
+import os
+import re
+import secrets
+import socket
+import subprocess
+import sys
+from contextlib import suppress
+from platform import system
+from time import sleep
+from typing import TYPE_CHECKING
+from urllib.parse import urlencode
+
+import requests
+from keyring import delete_password, get_credential
+from keyring.errors import KeyringError
+from oauthlib.common import urldecode
+from oauthlib.oauth2 import WebApplicationClient
+from oauthlib.oauth2.rfc6749.errors import InvalidClientIdError
+
+from hardpy.common.stand_cloud.connector import StandCloudConnector, StandCloudError
+from hardpy.common.stand_cloud.token_storage import get_token_store
+
+if TYPE_CHECKING:
+    from requests_oauth2client import BearerToken
+
+
+def login(addr: str) -> None:
+    """Login HardPy in StandCloud.
+
+    Args:
+        addr (str): StandCloud address
+    """
+    # OAuth client configuration
+    client_id = "hardpy-report-uploader"
+    client = WebApplicationClient(client_id)
+    try:
+        sc_connector = StandCloudConnector(addr=addr)
+    except StandCloudError as exc:
+        print(str(exc))
+        sys.exit(1)
+
+    verify_ssl = not __debug__
+
+    # Auth requests
+    port = _reserve_socket_port()
+    callback_process = _create_callback_process(port)
+    state = secrets.token_urlsafe(16)
+    code_verifier = _code_verifier()
+    data = _par_data(code_verifier, client_id, port, state, sc_connector.url.api)
+    timeout = 10
+
+    # fmt: off
+    # pushed authorization response
+    try:
+        response = json.loads(requests.post(sc_connector.url.par, data=data, verify=verify_ssl, timeout=timeout).content)
+    except Exception as e:  # noqa: BLE001
+        print(f"Authentication server is unavailable: {e}")
+        sys.exit(1)
+    url = (sc_connector.url.auth + "?" + urlencode({"client_id": client_id, "request_uri": response["request_uri"]}))
+
+    # OAuth authorization code request
+    print(f"\nOpen the provided URL and authorize HardPy to use StandCloud\n\n{url}")
+
+    # use subprocess
+    first_line = next(callback_process.stdout)  # type: ignore
+    sleep(1)
+
+    # OAuth authorization code grant
+    response = json.loads(first_line)
+    callback_process.kill()
+
+    _check_incorrect_response(response, state)
+
+    code = response["code"]
+    uri = _redirect_uri(port)
+    data = client.prepare_request_body(code=code, client_id=client_id, redirect_uri=uri, code_verifier=code_verifier)
+
+    # OAuth access token request
+    data = dict(urldecode(data))
+    response = requests.post(sc_connector.url.token, data=data, verify=verify_ssl, timeout=timeout)
+    # fmt: on
+
+    try:
+        # OAuth access token grant
+        response = client.parse_request_body_response(response.text)
+    except InvalidClientIdError as e:
+        print(e)
+        sys.exit(1)
+
+    _store_password(client.token)
+
+
+def logout() -> bool:
+    """Logout HardPy from StandCloud.
+
+    Returns:
+        bool: True if successful else False
+    """
+    service_name = "HardPy"
+
+    try:
+        while cred := get_credential(service_name, None):
+            delete_password(service_name, cred.username)
+    except KeyringError:
+        return False
+    # TODO(xorialexandrov): fix keyring clearing
+    # Windows does not clear refresh token by itself
+    if system() == "Windows":
+        storage_keyring, _ = get_token_store()
+        with suppress(KeyringError):
+            storage_keyring.delete_password(service_name, "refresh_token")
+    return True
+
+
+def _redirect_uri(port: str) -> str:
+    return f"http://127.0.0.1:{port}/oauth2/callback"
+
+
+def _reserve_socket_port() -> str:
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.bind(("127.0.0.1", 0))
+    port = sock.getsockname()[1]
+    sock.close()
+
+    return str(port)
+
+
+def _code_verifier() -> str:
+    code_verifier = base64.urlsafe_b64encode(os.urandom(40)).decode("utf-8")
+    return re.sub("[^a-zA-Z0-9]+", "", code_verifier)
+
+
+def _code_challenge(code_verifier: str) -> str:
+    code_challenge = hashlib.sha256(code_verifier.encode("utf-8")).digest()
+    code_challenge = base64.urlsafe_b64encode(code_challenge).decode("utf-8")
+    return code_challenge.replace("=", "")
+
+
+def _create_callback_process(port: str) -> subprocess.Popen:
+    args = [
+        sys.executable,
+        "-m",
+        "uvicorn",
+        "hardpy.common.stand_cloud.oauth_callback:app",
+        "--host=127.0.0.1",
+        f"--port={port}",
+        "--log-level=error",
+    ]
+
+    if system() == "Windows":
+        env = os.environ.copy()
+        env["PYTHONUNBUFFERED"] = "1"
+
+        return subprocess.Popen(  # noqa: S603
+            args,
+            stdout=subprocess.PIPE,
+            bufsize=1,
+            universal_newlines=True,
+            env=env,
+            creationflags=subprocess.CREATE_NEW_PROCESS_GROUP,  # type: ignore
+        )
+    return subprocess.Popen(  # noqa: S603
+        args,
+        stdout=subprocess.PIPE,
+        bufsize=1,
+        universal_newlines=True,
+        env=dict(PYTHONUNBUFFERED="1"),  # noqa: C408
+    )
+
+
+def _store_password(token: BearerToken) -> None:
+    storage_keyring, mem_keyring = get_token_store()
+
+    storage_keyring.set_password(
+        "HardPy",
+        "refresh_token",
+        token["refresh_token"],
+    )
+    token_data = {
+        "access_token": token["access_token"],
+        "expires_at": token["expires_at"],
+    }
+    try:
+        mem_keyring.set_password("HardPy", "access_token", json.dumps(token_data))
+    except KeyringError as e:
+        print(e)
+        return
+    print("\nRegistration completed successfully")
+
+
+def _check_incorrect_response(response: dict, state: str) -> None:
+    if response["state"] != state:
+        print("Wrong state in response")
+        sys.exit(1)
+
+    if "error" in response:
+        error = response["error"]
+        error_description = response["error_description"]
+        print(f"{error}: {error_description}")
+        sys.exit(1)
+
+
+def _par_data(
+    code_verifier: str,
+    client_id: str,
+    port: str,
+    state: str,
+    api_url: str,
+) -> dict:
+    """Create pushed authorization request data.
+
+    Returns:
+        dict: pushed authorization request data
+    """
+    # Code Challenge Data
+    code_challenge = _code_challenge(code_verifier)
+
+    # pushed authorization request
+    return {
+        "scope": "authelia.bearer.authz offline_access",
+        "response_type": "code",
+        "client_id": client_id,
+        "redirect_uri": _redirect_uri(port),
+        "code_challenge": code_challenge,
+        "code_challenge_method": "S256",
+        "state": state,
+        "audience": api_url,
+    }

hardpy/common/stand_cloud/token_storage.py

@@ -0,0 +1,27 @@
+# Copyright (c) 2024 Everypin
+# GNU General Public License v3.0 (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import annotations
+
+from platform import system
+from typing import TYPE_CHECKING
+
+from keyring.core import load_keyring
+
+if TYPE_CHECKING:
+    from keyring.backend import KeyringBackend
+
+
+def get_token_store() -> tuple[KeyringBackend, KeyringBackend]:
+    """Get token store.
+
+    Returns:
+        tuple[KeyringBackend, KeyringBackend]: token store
+    """
+    if system() == "Linux":
+        storage_keyring = load_keyring("keyring.backends.SecretService.Keyring")
+    elif system() == "Windows":
+        storage_keyring = load_keyring("keyring.backends.Windows.WinVaultKeyring")
+    # TODO(xorialexandrov): add memory keyring or other store
+    mem_keyring = storage_keyring
+
+    return storage_keyring, mem_keyring

hardpy/hardpy_panel/api.py

@@ -1,6 +1,7 @@
 # Copyright (c) 2024 Everypin
 # GNU General Public License v3.0 (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 
+import os
 import re
 from enum import Enum
 from pathlib import Path
@@ -119,11 +120,12 @@ def confirm_operator_msg(is_msg_visible: str) -> dict:
     return {"status": Status.ERROR}
 
 
-app.mount(
-    "/",
-    StaticFiles(
-        directory=Path(__file__).parent / "frontend/dist",
-        html=True,
-    ),
-    name="static",
-)
+if "DEBUG_FRONTEND" not in os.environ:
+    app.mount(
+        "/",
+        StaticFiles(
+            directory=Path(__file__).parent / "frontend/dist",
+            html=True,
+        ),
+        name="static",
+    )

hardpy/hardpy_panel/frontend/dist/asset-manifest.json

@@ -1,7 +1,7 @@
 {
   "files": {
     "main.css": "/static/css/main.e8a862f1.css",
-    "main.js": "/static/js/main.403e9cd8.js",
+    "main.js": "/static/js/main.8a7d8f7d.js",
     "blueprint-icons-all-paths-loader.js": "/static/js/blueprint-icons-all-paths-loader.0aa89747.chunk.js",
     "blueprint-icons-split-paths-by-size-loader.js": "/static/js/blueprint-icons-split-paths-by-size-loader.52a072d3.chunk.js",
     "static/js/808.ce070002.chunk.js": "/static/js/808.ce070002.chunk.js",
@@ -21,7 +21,7 @@
     "static/media/logo_smol.png": "/static/media/logo_smol.5b16f92447a4a9e80331.png",
     "index.html": "/index.html",
     "main.e8a862f1.css.map": "/static/css/main.e8a862f1.css.map",
-    "main.403e9cd8.js.map": "/static/js/main.403e9cd8.js.map",
+    "main.8a7d8f7d.js.map": "/static/js/main.8a7d8f7d.js.map",
     "blueprint-icons-all-paths-loader.0aa89747.chunk.js.map": "/static/js/blueprint-icons-all-paths-loader.0aa89747.chunk.js.map",
     "blueprint-icons-split-paths-by-size-loader.52a072d3.chunk.js.map": "/static/js/blueprint-icons-split-paths-by-size-loader.52a072d3.chunk.js.map",
     "808.ce070002.chunk.js.map": "/static/js/808.ce070002.chunk.js.map",
@@ -31,6 +31,6 @@
   },
   "entrypoints": [
     "static/css/main.e8a862f1.css",
-    "static/js/main.403e9cd8.js"
+    "static/js/main.8a7d8f7d.js"
   ]
 }

hardpy/hardpy_panel/frontend/dist/index.html

@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><title>HardPy Operator Panel</title><script defer="defer" src="/static/js/main.403e9cd8.js"></script><link href="/static/css/main.e8a862f1.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><title>HardPy Operator Panel</title><script defer="defer" src="/static/js/main.8a7d8f7d.js"></script><link href="/static/css/main.e8a862f1.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>