hyperpocket 0.0.1__py3-none-any.whl

hyperpocket/auth/google/oauth2_handler.py

@@ -0,0 +1,137 @@
+from typing import Optional
+from urllib.parse import urlencode, urljoin
+
+import httpx
+
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.google.oauth2_context import GoogleOAuth2AuthContext
+from hyperpocket.auth.google.oauth2_schema import GoogleOAuth2Request, GoogleOAuth2Response
+from hyperpocket.auth.handler import AuthHandlerInterface, AuthProvider
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class GoogleOAuth2AuthHandler(AuthHandlerInterface):
+    _GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth"
+    _GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token"
+
+    name: str = "google-oauth2"
+    description: str = "This handler is used to authenticate users using Google OAuth."
+    scoped: bool = True
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.GOOGLE
+
+    @staticmethod
+    def provider_default() -> bool:
+        return True
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return set()
+
+    def prepare(
+            self,
+            auth_req: GoogleOAuth2Request,
+            thread_id: str,
+            profile: str,
+            future_uid: str,
+            *args,
+            **kwargs,
+    ) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/google/oauth2/callback",
+        )
+        auth_url = self._make_auth_url(auth_req, redirect_uri, future_uid)
+
+        FutureStore.create_future(
+            future_uid,
+            data={
+                "redirect_uri": redirect_uri,
+                "thread_id": thread_id,
+                "profile": profile,
+            },
+        )
+
+        return f"User needs to authenticate using the following URL: {auth_url}"
+
+    async def authenticate(
+            self, auth_req: GoogleOAuth2Request, future_uid: str, *args, **kwargs
+    ) -> AuthContext:
+        future_data = FutureStore.get_future( future_uid)
+        auth_code = await future_data.future
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._GOOGLE_TOKEN_URL,
+                data={
+                    "code": auth_code,
+                    "client_id": auth_req.client_id,
+                    "client_secret": auth_req.client_secret,
+                    "redirect_uri": future_data.data["redirect_uri"],
+                    "grant_type": "authorization_code",
+                },
+            )
+
+        if resp.status_code != 200:
+            raise Exception(f"failed to authenticate. status_code : {resp.status_code}")
+
+        resp_json = resp.json()
+        auth_response = GoogleOAuth2Response(**resp_json)
+        return GoogleOAuth2AuthContext.from_google_oauth2_response(auth_response)
+
+    async def refresh(
+            self, auth_req: GoogleOAuth2Request, context: AuthContext, *args, **kwargs
+    ) -> AuthContext:
+        google_context: GoogleOAuth2AuthContext = context
+        last_oauth2_resp: GoogleOAuth2Response = google_context.detail
+        refresh_token = google_context.refresh_token
+        if refresh_token is None:
+            raise Exception(
+                f"refresh token is None. last_oauth2_resp: {last_oauth2_resp}"
+            )
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._GOOGLE_TOKEN_URL,
+                data={
+                    "client_id": auth_req.client_id,
+                    "client_secret": auth_req.client_secret,
+                    "refresh_token": refresh_token,
+                    "grant_type": "refresh_token",
+                },
+            )
+
+            if resp.status_code != 200:
+                raise Exception(
+                    f"failed to authenticate. status_code : {resp.status_code}"
+                )
+
+            resp_json = resp.json()
+            if "refresh_token" not in resp_json:
+                resp_json["refresh_token"] = refresh_token
+
+            response = GoogleOAuth2Response(**resp_json)
+            return GoogleOAuth2AuthContext.from_google_oauth2_response(response)
+
+    def _make_auth_url(self, auth_req: GoogleOAuth2Request, redirect_uri: str, state: str):
+        params = {
+            "client_id": auth_req.client_id,
+            "redirect_uri": redirect_uri,
+            "response_type": "code",
+            "scope": " ".join(auth_req.auth_scopes),
+            "access_type": "offline",
+            "state": state,
+        }
+        return f"{self._GOOGLE_AUTH_URL}?{urlencode(params)}"
+
+    def make_request(
+            self, auth_scopes: Optional[list[str]] = None, **kwargs
+    ) -> GoogleOAuth2Request:
+        return GoogleOAuth2Request(
+            auth_scopes=auth_scopes,
+            client_id=config.auth.google.client_id,
+            client_secret=config.auth.google.client_secret,
+        )

hyperpocket/auth/google/oauth2_schema.py

@@ -0,0 +1,18 @@
+from typing import Optional
+
+from pydantic import Field
+
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+
+
+class GoogleOAuth2Request(AuthenticateRequest):
+    client_id: str
+    client_secret: str
+
+
+class GoogleOAuth2Response(AuthenticateResponse):
+    access_token: str
+    expires_in: int
+    refresh_token: Optional[str] = Field(default=None)
+    scope: str
+    token_type: str

hyperpocket/auth/handler.py

@@ -0,0 +1,171 @@
+from abc import ABC, abstractmethod
+from typing import Optional
+
+from pydantic import Field
+
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.provider import AuthProvider
+from hyperpocket.auth.schema import AuthenticateRequest
+
+
+class AuthHandlerInterface(ABC):
+    name: str = Field(description="name of the authentication handler")
+    description: str = Field(description="description of the authentication handler")
+    scoped: bool = Field(description="Indicates whether the handler requires an auth_scope for access control")
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        """
+        Returns the authentication provider enum.
+
+        This method is used to determine the appropriate authentication handler
+
+        based on the authentication provider.
+        """
+        raise NotImplementedError()
+
+    @staticmethod
+    def provider_default() -> bool:
+        """
+        Indicates whether this authentication handler is the default handler.
+
+        If no specific handler is designated, the default handler will be used.
+
+        Returns:
+            bool: True if this handler is the default, False otherwise.
+        """
+        return False
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        """
+        Returns the recommended authentication scopes.
+
+        If `use_recommended_scope` is set to True in the `AuthConfig`,
+
+        this method should return the proper recommended scopes. Otherwise,
+
+        it should return an empty set.
+
+        Returns:
+            set[str]: A set of recommended scopes, or an empty set if not applicable.
+
+        Examples:
+            Slack OAuth2 recommended_scopes::
+
+                def recommended_scopes() -> set[str]:
+                    if config.auth.slack.use_recommended_scope:
+                        recommended_scopes = {
+                            "channels:history",
+                            "channels:read",
+                            "chat:write",
+                            "groups:history",
+                            "groups:read",
+                            "im:history",
+                            "mpim:history",
+                            "reactions:read",
+                            "reactions:write",
+                        }
+                    else:
+                        recommended_scopes = {}
+                    return recommended_scopes
+        """
+        raise NotImplementedError()
+
+    @abstractmethod
+    def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> AuthenticateRequest:
+        """
+        Make an AuthenticationRequest.
+
+        Usually, this method only requires `auth_scopes`.
+
+        If additional static information is needed (e.g., clientID, secretID),
+
+        retrieve it from the configuration.
+
+        Args:
+            auth_scopes (Optional[list[str]]): list of auth scopes
+
+        Returns:
+            AuthenticateRequest: A authentication request object with the necessary details.
+
+        Examples:
+            Create a Slack OAuth2 request::
+
+                def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> SlackOAuth2Request:
+                    return SlackOAuth2Request(
+                        auth_scopes=auth_scopes,
+                        client_id=config.auth.slack.client_id,
+                        client_secret=config.auth.slack.client_secret
+                    )
+        """
+        raise NotImplementedError()
+
+    @abstractmethod
+    def prepare(self, auth_req: AuthenticateRequest, thread_id: str, profile: str,
+                future_uid: str, *args, **kwargs) -> str:
+        """
+        Performs preliminary tasks required for authentication.
+
+        This method typically performs the following actions:
+
+        - Creates a future to wait for user authentication completion during the authentication process.
+        - Issues an authentication URI that the user can access.
+
+        Args:
+            auth_req (AuthenticateRequest): The authentication request object.
+            thread_id (str): The thread ID.
+            profile (str): The profile name.
+            future_uid (str): A unique identifier for each future.
+
+        Returns:
+            str: The authentication URI that the user can access.
+        """
+        raise NotImplementedError()
+
+    @abstractmethod
+    async def authenticate(self, auth_req: AuthenticateRequest, future_uid: str, *args, **kwargs) -> AuthContext:
+        """
+        Performs the actual authentication process.
+
+        This function assumes that the user has completed the authentication during the `prepare` step,
+        and the associated future has been resolved. At this point, the result contains the required
+        values for authentication (e.g., an auth code).
+
+        Typically, this process involves:
+
+        - Accessing the resolved future to retrieve the necessary values for authentication.
+        - Performing the actual authentication using these values.
+        - Converting the returned response into an appropriate `AuthContext` object and returning it.
+
+        Args:
+            auth_req (AuthenticateRequest): The authentication request object.
+            future_uid (str): A unique identifier for the future, used to retrieve the correct
+                              result issued during the `prepare` step.
+
+        Returns:
+            AuthContext: The authentication context object containing the authentication result.
+        """
+        raise NotImplementedError()
+
+    @abstractmethod
+    async def refresh(self, auth_req: AuthenticateRequest, context: AuthContext, *args, **kwargs) -> AuthContext:
+        """
+        Performs re-authentication for an expired session.
+
+        This method is optional and does not need to be implemented for handlers that do not require re-authentication.
+
+        Typically, the information needed for re-authentication (e.g., a refresh token) should be stored
+        within the `AuthContext` during the previous authentication step.
+
+        In the `refresh` step, this method accesses the necessary re-authentication details from the provided `context`,
+        performs the re-authentication, and returns an updated `AuthContext`.
+
+        Args:
+            auth_req (AuthenticateRequest): The authentication request object.
+            context (AuthContext): The current authentication context that it should contain data required for re-authentication.
+
+        Returns:
+            AuthContext: An updated authentication context object.
+        """
+        raise NotImplementedError()

hyperpocket/auth/linear/context.py

@@ -0,0 +1,15 @@
+from hyperpocket.auth.context import AuthContext
+
+
+class LinearAuthContext(AuthContext):
+    _ACCESS_TOKEN_KEY: str = "LINEAR_API_KEY"
+
+    def to_dict(self) -> dict[str, str]:
+        return {
+            self._ACCESS_TOKEN_KEY: self.access_token,
+        }
+
+    def to_profiled_dict(self, profile: str) -> dict[str, str]:
+        return {
+            f"{profile.upper()}_{self._ACCESS_TOKEN_KEY}": self.access_token,
+        }

hyperpocket/auth/linear/token_context.py

@@ -0,0 +1,15 @@
+from hyperpocket.auth.linear.context import LinearAuthContext
+from hyperpocket.auth.linear.token_schema import LinearTokenResponse
+
+
+class LinearTokenAuthContext(LinearAuthContext):
+
+    @classmethod
+    def from_linear_token_response(cls, response: LinearTokenResponse):
+        description = f'Linear Token Context logged in'
+
+        return cls(
+            access_token=response.access_token,
+            description=description,
+            expires_at=None
+        )

hyperpocket/auth/linear/token_handler.py

@@ -0,0 +1,68 @@
+from typing import Optional
+from urllib.parse import urljoin, urlencode
+
+from hyperpocket.auth import AuthProvider
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.handler import AuthHandlerInterface
+from hyperpocket.auth.linear.token_context import LinearTokenAuthContext
+from hyperpocket.auth.linear.token_schema import LinearTokenResponse, LinearTokenRequest
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class LinearTokenAuthHandler(AuthHandlerInterface):
+    name: str = "linear-token"
+    description: str = "This handler is used to authenticate users using the Linear token."
+    scoped: bool = False
+
+    _TOKEN_URL: str = urljoin(config.public_base_url + "/", f"{config.callback_url_rewrite_prefix}/auth/token")
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.LINEAR
+
+    @staticmethod
+    def provider_default() -> bool:
+        return True
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return set()
+
+    def prepare(self, auth_req: LinearTokenRequest, thread_id: str, profile: str,
+                future_uid: str, *args, **kwargs) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/linear/token/callback",
+        )
+        auth_url = self._make_auth_url(auth_req=auth_req, redirect_uri=redirect_uri, state=future_uid)
+        FutureStore.create_future(future_uid, data={
+            "redirect_uri": redirect_uri,
+            "thread_id": thread_id,
+            "profile": profile,
+        })
+
+        return f'User needs to authenticate using the following URL: {auth_url}'
+
+    async def authenticate(self, auth_req: LinearTokenResponse, future_uid: str, *args,
+                           **kwargs) -> LinearTokenAuthContext:
+        future_data = FutureStore.get_future( future_uid)
+        access_token = await future_data.future
+
+        response = LinearTokenResponse(access_token=access_token)
+        context = LinearTokenAuthContext.from_linear_token_response(response)
+
+        return context
+
+    async def refresh(self, auth_req: LinearTokenRequest, context: AuthContext, *args, **kwargs) -> AuthContext:
+        raise Exception("Linear token doesn't support refresh")
+
+    def _make_auth_url(self, auth_req: LinearTokenRequest, redirect_uri: str, state: str):
+        params = {
+            "redirect_uri": redirect_uri,
+            "state": state,
+        }
+        return f"{self._TOKEN_URL}?{urlencode(params)}"
+
+    def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> LinearTokenRequest:
+        return LinearTokenRequest()

hyperpocket/auth/linear/token_schema.py

@@ -0,0 +1,9 @@
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+
+
+class LinearTokenRequest(AuthenticateRequest):
+    pass
+
+
+class LinearTokenResponse(AuthenticateResponse):
+    access_token: str

hyperpocket/auth/provider.py

@@ -0,0 +1,16 @@
+from enum import Enum
+
+
+class AuthProvider(Enum):
+    SLACK = 'slack'
+    LINEAR = 'linear'
+    GITHUB = 'github'
+    GOOGLE = 'google'
+    CALENDLY = 'calendly'
+
+    @classmethod
+    def get_auth_provider(cls, auth_provider_name: str) -> "AuthProvider":
+        try:
+            return AuthProvider[auth_provider_name.upper()]
+        except KeyError:
+            raise ValueError(f"Invalid auth provider name. {auth_provider_name}")

hyperpocket/auth/schema.py

@@ -0,0 +1,19 @@
+from typing import Optional
+
+from pydantic import BaseModel, Field
+
+
+class AuthenticateRequest(BaseModel):
+    """
+    This class is used to define the interface of the authentication request.
+    """
+    auth_scopes: Optional[list[str]] = Field(
+        default_factory=list,
+        description="authentication scopes. if the authentication handler is non scoped, it isn't needed")
+
+
+class AuthenticateResponse(BaseModel):
+    """
+    This class is used to define the interface of the authentication response.
+    """
+    pass

hyperpocket/auth/slack/context.py

@@ -0,0 +1,15 @@
+from hyperpocket.auth.context import AuthContext
+
+
+class SlackAuthContext(AuthContext):
+    _ACCESS_TOKEN_KEY: str = "SLACK_BOT_TOKEN"
+
+    def to_dict(self) -> dict[str, str]:
+        return {
+            self._ACCESS_TOKEN_KEY: self.access_token,
+        }
+
+    def to_profiled_dict(self, profile: str) -> dict[str, str]:
+        return {
+            f"{profile.upper()}_{self._ACCESS_TOKEN_KEY}": self.access_token,
+        }

hyperpocket/auth/slack/oauth2_context.py

@@ -0,0 +1,40 @@
+from datetime import datetime, timedelta, timezone
+from typing import Optional
+
+from pydantic import Field
+
+from hyperpocket.auth.slack.context import SlackAuthContext
+from hyperpocket.auth.slack.oauth2_schema import SlackOAuth2Response
+
+
+class SlackOAuth2AuthContext(SlackAuthContext):
+    refresh_token: Optional[str] = Field(default=None, description="refresh token")
+
+    @classmethod
+    def from_slack_oauth2_response(cls, response: SlackOAuth2Response):
+        description = f'Slack OAuth2 Context logged in as a user {response.authed_user.id}'
+        now = datetime.now(tz=timezone.utc)
+
+        # user token
+        if response.authed_user:
+            access_token = response.authed_user.access_token
+            refresh_token = response.authed_user.refresh_token
+            expires_in = response.authed_user.expires_in
+        # bot token
+        else:
+            access_token = response.access_token
+            refresh_token = response.refresh_token
+            expires_in = response.expires_in
+
+        if expires_in:
+            expires_at = now + timedelta(seconds=response.authed_user.expires_in)
+        else:
+            expires_at = None
+
+        return cls(
+            access_token=access_token,
+            refresh_token=refresh_token,
+            expires_at=expires_at,
+            description=description,
+            detail=response,
+        )