hyperpocket 0.0.1__py3-none-any.whl

hyperpocket/auth/calendly/oauth2_context.py

@@ -0,0 +1,25 @@
+from datetime import datetime, timedelta, timezone
+
+from hyperpocket.auth.calendly.context import CalendlyAuthContext
+from hyperpocket.auth.calendly.oauth2_schema import CalendlyOAuth2Response
+
+
+class CalendlyOAuth2AuthContext(CalendlyAuthContext):
+    @classmethod
+    def from_calendly_oauth2_response(
+        cls, response: CalendlyOAuth2Response
+    ) -> "CalendlyOAuth2AuthContext":
+        description = f"Calendly OAuth2 Context logged in with {response.scope} scopes"
+        now = datetime.now(tz=timezone.utc)
+
+        if response.expires_in:
+            expires_at = now + timedelta(seconds=response.expires_in)
+        else:
+            expires_at = None
+
+        return cls(
+            access_token=response.access_token,
+            description=description,
+            expires_at=expires_at,
+            detail=response,
+        )

hyperpocket/auth/calendly/oauth2_handler.py

@@ -0,0 +1,146 @@
+from typing import Optional
+from urllib.parse import urlencode, urljoin
+
+import httpx
+
+from hyperpocket.auth.calendly.oauth2_context import CalendlyOAuth2AuthContext
+from hyperpocket.auth.calendly.oauth2_schema import CalendlyOAuth2Request, CalendlyOAuth2Response
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.handler import AuthHandlerInterface, AuthProvider
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class CalendlyOAuth2AuthHandler(AuthHandlerInterface):
+    _CALENDLY_AUTH_URL = "https://auth.calendly.com/oauth/authorize"
+    _CALENDLY_TOKEN_URL = "https://auth.calendly.com/oauth/token"
+
+    name: str = "calendly-oauth2"
+    description: str = "This handler is used to authenticate users using Calendly OAuth."
+    scoped: bool = False
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.CALENDLY
+
+    @staticmethod
+    def provider_default() -> bool:
+        return True
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return set()
+
+    def prepare(
+            self,
+            auth_req: CalendlyOAuth2Request,
+            thread_id: str,
+            profile: str,
+            future_uid: str,
+            *args,
+            **kwargs,
+    ) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/calendly/oauth2/callback",
+        )
+        auth_url = self._make_auth_url(auth_req, redirect_uri, future_uid)
+
+        FutureStore.create_future(
+            future_uid,
+            data={
+                "redirect_uri": redirect_uri,
+                "thread_id": thread_id,
+                "profile": profile,
+            },
+        )
+
+        return f"User needs to authenticate using the following URL: {auth_url}"
+
+    async def authenticate(
+            self, auth_req: CalendlyOAuth2Request, future_uid: str, *args, **kwargs
+    ) -> AuthContext:
+        future_data = FutureStore.get_future(future_uid)
+        auth_code = await future_data.future
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._CALENDLY_TOKEN_URL,
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+                auth=(auth_req.client_id, auth_req.client_secret),
+                data={
+                    "code": auth_code,
+                    "client_id": auth_req.client_id,
+                    "client_secret": auth_req.client_secret,
+                    "redirect_uri": future_data.data["redirect_uri"],
+                    "grant_type": "authorization_code",
+                },
+            )
+
+        if resp.status_code != 200:
+            raise Exception(f"failed to authenticate. status_code : {resp.status_code}")
+        result = resp.json()
+
+        auth_response = CalendlyOAuth2Response(
+            access_token=result["access_token"],
+            token_type=result["token_type"],
+            scope=result["scope"],
+            refresh_token=(
+                result["refresh_token"] if "refresh_token" in result else None
+            ),
+            expires_in=(
+                result["refresh_token_expires_in"]
+                if "refresh_token_expires_in" in result
+                else None
+            ),
+        )
+        return CalendlyOAuth2AuthContext.from_calendly_oauth2_response(auth_response)
+
+    async def refresh(
+            self, auth_req: CalendlyOAuth2Request, context: AuthContext, *args, **kwargs
+    ) -> AuthContext:
+        last_oauth2_resp: CalendlyOAuth2Response = context.detail
+        refresh_token = last_oauth2_resp.refresh_token
+        if refresh_token is None:
+            raise Exception(
+                f"refresh token is None. last_oauth2_resp: {last_oauth2_resp}"
+            )
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._CALENDLY_TOKEN_URL,
+                data={
+                    "client_id": auth_req.client_id,
+                    "client_secret": auth_req.client_secret,
+                    "refresh_token": refresh_token,
+                    "grant_type": "refresh_token",
+                },
+            )
+
+            if resp.status_code != 200:
+                raise Exception(
+                    f"failed to authenticate. status_code : {resp.status_code}"
+                )
+
+            resp_json = resp.json()
+            resp_json["refresh_token"] = refresh_token
+            response = CalendlyOAuth2Response(**resp_json)
+            return CalendlyOAuth2AuthContext.from_calendly_oauth2_response(response)
+
+    def _make_auth_url(self, auth_req: CalendlyOAuth2Request, redirect_uri: str, state: str):
+        params = {
+            "client_id": auth_req.client_id,
+            "redirect_uri": redirect_uri,
+            "response_type": "code",
+            "state": state,
+        }
+        return f"{self._CALENDLY_AUTH_URL}?{urlencode(params)}"
+
+    def make_request(
+            self, auth_scopes: Optional[list[str]] = None, **kwargs
+    ) -> CalendlyOAuth2Request:
+        return CalendlyOAuth2Request(
+            auth_scopes=auth_scopes,
+            client_id=config.auth.calendly.client_id,
+            client_secret=config.auth.calendly.client_secret,
+        )

hyperpocket/auth/calendly/oauth2_schema.py

@@ -0,0 +1,16 @@
+from typing import Optional
+from hyperpocket.auth.handler import AuthenticateRequest
+from pydantic import BaseModel
+
+
+class CalendlyOAuth2Request(AuthenticateRequest):
+    client_id: str
+    client_secret: str
+
+
+class CalendlyOAuth2Response(BaseModel):
+    access_token: str
+    expires_in: Optional[int]
+    refresh_token: Optional[str]
+    scope: str
+    token_type: str

hyperpocket/auth/context.py

@@ -0,0 +1,38 @@
+from abc import ABC, abstractmethod
+from datetime import datetime
+from typing import Optional, Any
+
+from pydantic import BaseModel, Field
+
+
+class AuthContext(BaseModel, ABC):
+    """
+    This class is used to define the interface of the authentication model.
+    """
+    access_token: str = Field(description="user's access token")
+    description: str = Field(description="description of this authentication context")
+    expires_at: Optional[datetime] = Field(description="expiration datetime")
+    detail: Optional[Any] = Field(default=None, description="detailed information")
+
+    @abstractmethod
+    def to_dict(self) -> dict[str, str]:
+        """
+        This method is used to convert the authentication context to a dictionary.
+
+        Returns:
+            dict[str, str]: The dictionary representation of the authentication context.
+        """
+        raise NotImplementedError
+
+    @abstractmethod
+    def to_profiled_dict(self, profile: str) -> dict[str, str]:
+        """
+        This method is used to convert the authentication context to a profiled dictionary.
+
+        Args:
+            profile (str): The profile name.
+
+        Returns:
+            dict[str, str]: The profiled dictionary representation of the authentication context.
+        """
+        raise NotImplementedError

hyperpocket/auth/github/context.py

@@ -0,0 +1,13 @@
+from hyperpocket.auth.context import AuthContext
+
+
+class GitHubAuthContext(AuthContext):
+    _ACCESS_TOKEN_KEY: str = "GITHUB_TOKEN"
+
+    def to_dict(self) -> dict[str, str]:
+        return {self._ACCESS_TOKEN_KEY: self.access_token}
+
+    def to_profiled_dict(self, profile: str) -> dict[str, str]:
+        return {
+            f"{profile.upper()}_{self._ACCESS_TOKEN_KEY}": self.access_token,
+        }

hyperpocket/auth/github/oauth2_context.py

@@ -0,0 +1,25 @@
+from datetime import datetime, timedelta, timezone
+
+from hyperpocket.auth.github.context import GitHubAuthContext
+from hyperpocket.auth.github.oauth2_schema import GitHubOAuth2Response
+
+
+class GitHubOAuth2AuthContext(GitHubAuthContext):
+    @classmethod
+    def from_github_oauth2_response(
+        cls, response: GitHubOAuth2Response
+    ) -> "GitHubOAuth2AuthContext":
+        description = f"Github OAuth2 Context logged in with {response.scope} scopes"
+        now = datetime.now(tz=timezone.utc)
+
+        if response.expires_in:
+            expires_at = now + timedelta(seconds=response.expires_in)
+        else:
+            expires_at = None
+
+        return cls(
+            access_token=response.access_token,
+            description=description,
+            expires_at=expires_at,
+            detail=response,
+        )

hyperpocket/auth/github/oauth2_handler.py

@@ -0,0 +1,143 @@
+from typing import Optional
+from urllib.parse import parse_qs, urlencode, urljoin
+
+import httpx
+
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.github.oauth2_context import GitHubOAuth2AuthContext
+from hyperpocket.auth.github.oauth2_schema import GitHubOAuth2Request, GitHubOAuth2Response
+from hyperpocket.auth.handler import AuthHandlerInterface, AuthProvider
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class GitHubOAuth2AuthHandler(AuthHandlerInterface):
+    _GITHUB_AUTH_URL = "https://github.com/login/oauth/authorize"
+    _GITHUB_TOKEN_URL = "https://github.com/login/oauth/access_token"
+
+    name: str = "github-oauth2"
+    description: str = "This handler is used to authenticate users using Github OAuth."
+    scoped: bool = True
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.GITHUB
+
+    @staticmethod
+    def provider_default() -> bool:
+        return True
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return {"repo"}
+
+    def prepare(
+        self,
+        auth_req: GitHubOAuth2Request,
+        thread_id: str,
+        profile: str,
+        future_uid: str,
+        *args,
+        **kwargs,
+    ) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/github/oauth2/callback",
+        )
+        auth_url = self._make_auth_url(auth_req, redirect_uri, future_uid)
+
+        FutureStore.create_future(
+            future_uid,
+            data={
+                "redirect_uri": redirect_uri,
+                "thread_id": thread_id,
+                "profile": profile,
+            },
+        )
+
+        return f"User needs to authenticate using the following URL: {auth_url}"
+
+    async def authenticate(
+        self, auth_req: GitHubOAuth2Request, future_uid: str, *args, **kwargs
+    ) -> AuthContext:
+        future_data = FutureStore.get_future( future_uid)
+        auth_code = await future_data.future
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._GITHUB_TOKEN_URL,
+                data={
+                    "code": auth_code,
+                    "client_id": auth_req.client_id,
+                    "client_secret": auth_req.client_secret,
+                    "redirect_uri": future_data.data["redirect_uri"],
+                },
+            )
+
+        if resp.status_code != 200:
+            raise Exception(f"failed to authenticate. status_code : {resp.status_code}")
+
+        result = parse_qs(resp.text)
+        auth_response = GitHubOAuth2Response(
+            access_token=result["access_token"][0],
+            token_type=result["token_type"][0],
+            scope=result["scope"][0],
+            refresh_token=(
+                result["refresh_token"][0] if "refresh_token" in result else None
+            ),
+            expires_in=(
+                result["refresh_token_expires_in"][0]
+                if "refresh_token_expires_in" in result
+                else None
+            ),
+        )
+        return GitHubOAuth2AuthContext.from_github_oauth2_response(auth_response)
+
+    async def refresh(
+        self, auth_req: GitHubOAuth2Request, context: AuthContext, *args, **kwargs
+    ) -> AuthContext:
+        last_oauth2_resp: GitHubOAuth2Response = context.detail
+        refresh_token = last_oauth2_resp.refresh_token
+        if refresh_token is None:
+            raise Exception(
+                f"refresh token is None. last_oauth2_resp: {last_oauth2_resp}"
+            )
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._GITHUB_TOKEN_URL,
+                data={
+                    "client_id": auth_req.client_id,
+                    "client_secret": auth_req.client_secret,
+                    "refresh_token": refresh_token,
+                    "grant_type": "refresh_token",
+                },
+            )
+
+            if resp.status_code != 200:
+                raise Exception(
+                    f"failed to authenticate. status_code : {resp.status_code}"
+                )
+
+            resp_json = resp.json()
+            resp_json["refresh_token"] = refresh_token
+            response = GitHubOAuth2Response(**resp_json)
+            return GitHubOAuth2AuthContext.from_github_oauth2_response(response)
+
+    def _make_auth_url(self, auth_req: GitHubOAuth2Request, redirect_uri: str, state: str):
+        params = {
+            "client_id": auth_req.client_id,
+            "redirect_uri": redirect_uri,
+            "scope": ",".join(auth_req.auth_scopes),
+            "state": state,
+        }
+        return f"{self._GITHUB_AUTH_URL}?{urlencode(params)}"
+        
+    def make_request(
+        self, auth_scopes: Optional[list[str]] = None, **kwargs
+    ) -> GitHubOAuth2Request:
+        return GitHubOAuth2Request(
+            auth_scopes=auth_scopes,
+            client_id=config.auth.github.client_id,
+            client_secret=config.auth.github.client_secret,
+        )

hyperpocket/auth/github/oauth2_schema.py

@@ -0,0 +1,16 @@
+from typing import Optional
+
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+
+
+class GitHubOAuth2Request(AuthenticateRequest):
+    client_id: str
+    client_secret: str
+
+
+class GitHubOAuth2Response(AuthenticateResponse):
+    access_token: str
+    expires_in: Optional[int]
+    refresh_token: Optional[str]
+    scope: str
+    token_type: str

hyperpocket/auth/github/token_context.py

@@ -0,0 +1,12 @@
+from hyperpocket.auth.github.context import GitHubAuthContext
+from hyperpocket.auth.github.token_schema import GitHubTokenResponse
+
+
+class GitHubTokenAuthContext(GitHubAuthContext):
+    @classmethod
+    def from_github_token_response(cls, response: GitHubTokenResponse):
+        description = "GitHub Token Context logged in"
+
+        return cls(
+            access_token=response.access_token, description=description, expires_at=None
+        )

hyperpocket/auth/github/token_handler.py

@@ -0,0 +1,79 @@
+from typing import Optional
+from urllib.parse import urljoin, urlencode
+
+from hyperpocket.auth import AuthProvider, AuthHandlerInterface
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.github.token_context import GitHubTokenAuthContext
+from hyperpocket.auth.github.token_schema import GitHubTokenRequest, GitHubTokenResponse
+from hyperpocket.auth.schema import AuthenticateRequest
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class GitHubTokenAuthHandler(AuthHandlerInterface):
+    name: str = "github-token"
+    description: str = (
+        "This handler is used to authenticate users using the GitHub token."
+    )
+    scoped: bool = False
+
+    _TOKEN_URL: str = urljoin(config.public_base_url + "/", f"{config.callback_url_rewrite_prefix}/auth/token")
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.GITHUB
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return set()
+
+    def prepare(
+            self,
+            auth_req: AuthenticateRequest,
+            thread_id: str,
+            profile: str,
+            future_uid: str,
+            *args,
+            **kwargs,
+    ) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/github/token/callback",
+        )
+        auth_url = self._make_auth_url(auth_req=auth_req, redirect_uri=redirect_uri, state=future_uid)
+        FutureStore.create_future(
+            future_uid,
+            data={
+                "redirect_uri": redirect_uri,
+                "thread_id": thread_id,
+                "profile": profile,
+            },
+        )
+
+        return f"User needs to authenticate using the following URL: {auth_url}"
+
+    async def authenticate(
+            self, auth_req: GitHubTokenRequest, future_uid: str, *args, **kwargs
+    ) -> GitHubTokenAuthContext:
+        future_data = FutureStore.get_future(future_uid)
+        access_token = await future_data.future
+
+        response = GitHubTokenResponse(access_token=access_token)
+        context = GitHubTokenAuthContext.from_github_token_response(response)
+
+        return context
+
+    async def refresh(
+            self, auth_req: GitHubTokenRequest, context: AuthContext, *args, **kwargs
+    ) -> AuthContext:
+        raise Exception("GitHub token doesn't support refresh")
+
+    def _make_auth_url(self, auth_req: GitHubTokenRequest, redirect_uri: str, state: str):
+        params = {
+            "redirect_uri": redirect_uri,
+            "state": state
+        }
+        return f"{self._TOKEN_URL}?{urlencode(params)}"
+
+    def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> GitHubTokenRequest:
+        return GitHubTokenRequest()

hyperpocket/auth/github/token_schema.py

@@ -0,0 +1,9 @@
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+
+
+class GitHubTokenRequest(AuthenticateRequest):
+    pass
+
+
+class GitHubTokenResponse(AuthenticateResponse):
+    access_token: str

hyperpocket/auth/google/context.py

@@ -0,0 +1,15 @@
+from hyperpocket.auth.context import AuthContext
+
+
+class GoogleAuthContext(AuthContext):
+    _ACCESS_TOKEN_KEY: str = "GOOGLE_TOKEN"
+
+    def to_dict(self) -> dict[str, str]:
+        return {
+            self._ACCESS_TOKEN_KEY: self.access_token
+        }
+
+    def to_profiled_dict(self, profile: str) -> dict[str, str]:
+        return {
+            f"{profile.upper()}_{self._ACCESS_TOKEN_KEY}": self.access_token,
+        }

hyperpocket/auth/google/oauth2_context.py

@@ -0,0 +1,31 @@
+from datetime import datetime, timedelta, timezone
+from typing import Optional
+
+from pydantic import Field
+
+from hyperpocket.auth.google.context import GoogleAuthContext
+from hyperpocket.auth.google.oauth2_schema import GoogleOAuth2Response
+
+
+class GoogleOAuth2AuthContext(GoogleAuthContext):
+    refresh_token: Optional[str] = Field(default=None, description="Refresh token")
+
+    @classmethod
+    def from_google_oauth2_response(
+            cls, response: GoogleOAuth2Response
+    ) -> "GoogleOAuth2AuthContext":
+        description = f"Google OAuth2 Context logged in with {response.scope} scopes"
+        now = datetime.now(tz=timezone.utc)
+
+        if response.expires_in:
+            expires_at = now + timedelta(seconds=response.expires_in)
+        else:
+            expires_at = None
+
+        return cls(
+            access_token=response.access_token,
+            refresh_token=response.refresh_token,
+            description=description,
+            expires_at=expires_at,
+            detail=response,
+        )