PyPI - jac-scale - Versions diffs - 0.1.1__tar.gz → 0.1.2__tar.gz - Mend

jac-scale 0.1.1tar.gz → 0.1.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

{jac_scale-0.1.1 → jac_scale-0.1.2}/PKG-INFO RENAMED Viewed

@@ -1,10 +1,10 @@
 Metadata-Version: 2.4
 Name: jac-scale
-Version: 0.1.1
+Version: 0.1.2
 Author-email: Jason Mars <jason@mars.ninja>
 Requires-Python: >=3.12
 Description-Content-Type: text/markdown
-Requires-Dist: jaclang>=0.9.10
+Requires-Dist: jaclang>=0.9.11
 Requires-Dist: python-dotenv<2.0.0,>=1.2.1
 Requires-Dist: docker<8.0.0,>=7.1.0
 Requires-Dist: kubernetes<35.0.0,>=34.1.0
@@ -43,6 +43,13 @@ Requires-Dist: python-multipart<1.0.0,>=0.0.21
 Whether you're developing locally with `jac start` or deploying to production with `jac start --scale`, you get the same powerful features with the flexibility to choose your deployment strategy.
+### 4. Single Sign-On (SSO) Support
+- **Google SSO**: Built-in support for Google Sign-In out of the box
+- **Extensible Architecture**: Easily add other providers (GitHub, Microsoft, etc.)
+- **Secure Authentication**: Integrated with JWT for secure session management
+- **User Management**: Automatic account creation and linking
 ## Prerequisites
 - kubenetes(K8s) installed

{jac_scale-0.1.1 → jac_scale-0.1.2}/README.md RENAMED Viewed

@@ -25,6 +25,13 @@
 Whether you're developing locally with `jac start` or deploying to production with `jac start --scale`, you get the same powerful features with the flexibility to choose your deployment strategy.
+### 4. Single Sign-On (SSO) Support
+- **Google SSO**: Built-in support for Google Sign-In out of the box
+- **Extensible Architecture**: Easily add other providers (GitHub, Microsoft, etc.)
+- **Secure Authentication**: Integrated with JWT for secure session management
+- **User Management**: Automatic account creation and linking
 ## Prerequisites
 - kubenetes(K8s) installed

jac_scale-0.1.2/jac_scale/google_sso_provider.jac ADDED Viewed

@@ -0,0 +1,85 @@
+"""Google SSO Provider implementation for jac-scale.
+This module implements the SSOProvider interface for Google OAuth authentication.
+"""
+import from fastapi { Request, Response }
+import from fastapi_sso.sso.google { GoogleSSO }
+import from jac_scale.sso_provider { SSOProvider, SSOUserInfo }
+"""Google OAuth SSO Provider.
+This class wraps the fastapi_sso GoogleSSO implementation to conform to
+our SSOProvider interface, enabling consistent handling across all SSO vendors.
+"""
+obj GoogleSSOProvider(SSOProvider) {
+    has client_id: str,
+        client_secret: str,
+        redirect_uri: str,
+        allow_insecure_http: bool = True,
+        _google_sso: (GoogleSSO | None) = None;
+    """Initialize the Google SSO provider."""
+    def postinit -> None {
+        self._google_sso = GoogleSSO(
+            client_id=self.client_id,
+            client_secret=self.client_secret,
+            redirect_uri=self.redirect_uri,
+            allow_insecure_http=self.allow_insecure_http
+        );
+    }
+    """Initiate Google OAuth authentication flow.
+    Args:
+        operation: The operation type ('login' or 'register')
+    Returns:
+        RedirectResponse to Google's OAuth authorization page
+    """
+    async def initiate_auth(operation: str) -> Response {
+        if not self._google_sso {
+            raise RuntimeError("GoogleSSO not initialized") ;
+        }
+        with self._google_sso {
+            return await self._google_sso.get_login_redirect();
+        }
+    }
+    """Handle the OAuth callback from Google.
+    Args:
+        request: The FastAPI request object containing OAuth callback data
+    Returns:
+        SSOUserInfo: Standardized user information from Google
+    Raises:
+        Exception: If authentication fails or user info cannot be retrieved
+    """
+    async def handle_callback(request: Request) -> SSOUserInfo {
+        if not self._google_sso {
+            raise RuntimeError("GoogleSSO not initialized") ;
+        }
+        with self._google_sso {
+            user_info = await self._google_sso.verify_and_process(request);
+            return SSOUserInfo(
+                email=user_info.email,
+                external_id=user_info.id,
+                platform=self.get_platform_name(),
+                display_name=user_info?.display_name
+            );
+        }
+    }
+    """Get the platform identifier.
+    Returns:
+        str: 'google'
+    """
+    def get_platform_name -> str {
+        return "google";
+    }
+}

{jac_scale-0.1.1 → jac_scale-0.1.2}/jac_scale/impl/serve.impl.jac RENAMED Viewed

@@ -558,7 +558,7 @@ impl JacAPIServer.create_function_callback(
             ) {
                 token = authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -685,7 +685,7 @@ impl JacAPIServer.create_walker_callback(
             ) {
                 token = authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -783,7 +783,7 @@ impl JacAPIServer.refresh_token(token: (str | None) = None) -> TransportResponse
     if token.startswith('Bearer ') {
         token = token[7:];
     }
-    new_token = self.refresh_jwt_token(token);
+    new_token = self.user_manager.refresh_jwt_token(token);
     if (not new_token) {
         return TransportResponse.fail(
             code='UNAUTHORIZED',
@@ -809,7 +809,7 @@ impl JacAPIServer.create_user(username: str, password: str) -> TransportResponse
                 meta=Meta(extra={'http_status': 400})
             );
         }
-        res['token'] = self.create_jwt_token(username);
+        res['token'] = self.user_manager.create_jwt_token(username);
         return TransportResponse.success(
             data=res, meta=Meta(extra={'http_status': 201})
         );
@@ -837,7 +837,7 @@ impl JacAPIServer.update_username(
     ) {
         token = Authorization[7:];
     }
-    token_username = self.validate_jwt_token(token) if token else None;
+    token_username = self.user_manager.validate_jwt_token(token) if token else None;
     if not token_username {
         return TransportResponse.fail(
             code='UNAUTHORIZED',
@@ -869,7 +869,7 @@ impl JacAPIServer.update_username(
         );
     }
     # Generate new JWT token with updated username
-    result['token'] = self.create_jwt_token(new_username);
+    result['token'] = self.user_manager.create_jwt_token(new_username);
     return TransportResponse.success(
         data=result, meta=Meta(extra={'http_status': 200})
     );
@@ -891,7 +891,7 @@ impl JacAPIServer.update_password(
     ) {
         token = Authorization[7:];
     }
-    token_username = self.validate_jwt_token(token) if token else None;
+    token_username = self.user_manager.validate_jwt_token(token) if token else None;
     if not token_username {
         return TransportResponse.fail(
             code='UNAUTHORIZED',
@@ -1066,7 +1066,7 @@ impl JacAPIServer.login(username: str, password: str) -> TransportResponse {
             meta=Meta(extra={'http_status': 401})
         );
     }
-    result['token'] = self.create_jwt_token(username);
+    result['token'] = self.user_manager.create_jwt_token(username);
     return TransportResponse.success(
         data=dict[(str, JsonValue)](result), meta=Meta(extra={'http_status': 200})
     );
@@ -1109,219 +1109,6 @@ impl JacAPIServer.postinit -> None {
         }
         self.server.app.add_middleware(CustomHeadersMiddleware);
     }
-    self.SUPPORTED_PLATFORMS: dict = {};
-    # Load SSO config fresh (not from cached global) to support env var overrides at runtime
-    sso_config = get_scale_config().get_sso_config();
-    for platform in Platforms {
-        key = platform.lower();
-        platform_config = sso_config.get(key, {});
-        client_id = platform_config.get('client_id', '');
-        client_secret = platform_config.get('client_secret', '');
-        if not client_id or not client_secret {
-            continue;
-        }
-        self.SUPPORTED_PLATFORMS[platform.value] = {
-            "client_id": client_id,
-            "client_secret": client_secret
-        };
-    }
-}
-impl JacAPIServer.refresh_jwt_token(token: str) -> (str | None) {
-    try {
-        decoded = jwt.decode(
-            token, JWT_SECRET, algorithms=[JWT_ALGORITHM], options={"verify_exp": True}
-        );
-        username = decoded.get('username');
-        if not username {
-            return None;
-        }
-        return JacAPIServer.create_jwt_token(username);
-    } except Exception {
-        return None;
-    }
-}
-impl JacAPIServer.validate_jwt_token(token: str) -> (str | None) {
-    try {
-        decoded = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM]);
-        return decoded['username'];
-    } except Exception {
-        return None;
-    }
-}
-impl JacAPIServer.create_jwt_token(username: str) -> str {
-    now = datetime.now(UTC);
-    payload: dict[(str, Any)] = {
-        'username': username,
-        'exp': (now + timedelta(days=JWT_EXP_DELTA_DAYS)),
-        'iat': now.timestamp()
-    };
-    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM);
-}
-impl JacAPIServer.get_sso(platform: str, operation: str) -> (GoogleSSO | None) {
-    if (platform not in self.SUPPORTED_PLATFORMS) {
-        return None;
-    }
-    credentials = self.SUPPORTED_PLATFORMS[platform];
-    redirect_uri = f"{SSO_HOST}/{platform}/{operation}/callback";
-    if (platform == Platforms.GOOGLE.value) {
-        return GoogleSSO(
-            client_id=credentials['client_id'],
-            client_secret=credentials['client_secret'],
-            redirect_uri=redirect_uri,
-            allow_insecure_http=True
-        );
-    }
-    return None;
-}
-impl JacAPIServer.sso_initiate(
-    platform: str, operation: str
-) -> (Response | TransportResponse) {
-    import from jaclang.runtimelib.transport { TransportResponse, Meta }
-    if (platform not in [p.value for p in Platforms]) {
-        return TransportResponse.fail(
-            code='INVALID_PLATFORM',
-            message=f"Invalid platform '{platform}'. Supported platforms: {', '.join(
-                [p.value for p in Platforms]
-            )}",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    if (platform not in self.SUPPORTED_PLATFORMS) {
-        return TransportResponse.fail(
-            code='SSO_NOT_CONFIGURED',
-            message=f"SSO for platform '{platform}' is not configured. Please set SSO_{platform.upper()}_CLIENT_ID and SSO_{platform.upper()}_CLIENT_SECRET environment variables.",
-            meta=Meta(extra={'http_status': 501})
-        );
-    }
-    if (operation not in [o.value for o in Operations]) {
-        return TransportResponse.fail(
-            code='INVALID_OPERATION',
-            message=f"Invalid operation '{operation}'. Must be 'login' or 'register'",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    sso = self.get_sso(platform, operation);
-    if not sso {
-        return TransportResponse.fail(
-            code='SSO_INIT_FAILED',
-            message=f"Failed to initialize SSO for platform '{platform}'",
-            meta=Meta(extra={'http_status': 500})
-        );
-    }
-    with sso {
-        return await sso.get_login_redirect();
-    }
-}
-impl JacAPIServer.sso_callback(
-    request: Request, platform: str, operation: str
-) -> TransportResponse {
-    import from jaclang.runtimelib.transport { TransportResponse, Meta }
-    if (platform not in [p.value for p in Platforms]) {
-        return TransportResponse.fail(
-            code='INVALID_PLATFORM',
-            message=f"Invalid platform '{platform}'. Supported platforms: {', '.join(
-                [p.value for p in Platforms]
-            )}",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    if (platform not in self.SUPPORTED_PLATFORMS) {
-        return TransportResponse.fail(
-            code='SSO_NOT_CONFIGURED',
-            message=f"SSO for platform '{platform}' is not configured. Please set SSO_{platform.upper()}_CLIENT_ID and SSO_{platform.upper()}_CLIENT_SECRET environment variables.",
-            meta=Meta(extra={'http_status': 501})
-        );
-    }
-    if (operation not in [o.value for o in Operations]) {
-        return TransportResponse.fail(
-            code='INVALID_OPERATION',
-            message=f"Invalid operation '{operation}'. Must be 'login' or 'register'",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    sso = self.get_sso(platform, operation);
-    if not sso {
-        return TransportResponse.fail(
-            code='SSO_INIT_FAILED',
-            message=f"Failed to initialize SSO for platform '{platform}'",
-            meta=Meta(extra={'http_status': 500})
-        );
-    }
-    try {
-        with sso {
-            user_info = await sso.verify_and_process(request);
-            email = user_info.email;
-            if not email {
-                return TransportResponse.fail(
-                    code='EMAIL_MISSING',
-                    message=f"Email not provided by {platform}",
-                    meta=Meta(extra={'http_status': 400})
-                );
-            }
-            if (operation == Operations.LOGIN.value) {
-                user = self.user_manager.get_user(email);
-                if not user {
-                    return TransportResponse.fail(
-                        code='USER_NOT_FOUND',
-                        message='User not found. Please register first.',
-                        meta=Meta(extra={'http_status': 404})
-                    );
-                }
-                token = self.create_jwt_token(email);
-                return TransportResponse.success(
-                    data={
-                        'message': 'Login successful',
-                        'email': email,
-                        'token': token,
-                        'platform': platform,
-                        'user': dict[(str, JsonValue)](user)
-                    },
-                    meta=Meta(extra={'http_status': 200})
-                );
-            } elif (operation == Operations.REGISTER.value) {
-                existing_user = self.user_manager.get_user(email);
-                if existing_user {
-                    return TransportResponse.fail(
-                        code='USER_EXISTS',
-                        message='User already exists. Please login instead.',
-                        meta=Meta(extra={'http_status': 400})
-                    );
-                }
-                random_password = generate_random_password();
-                result = self.user_manager.create_user(email, random_password);
-                if ('error' in result) {
-                    return TransportResponse.fail(
-                        code='USER_CREATION_FAILED',
-                        message=result.get('error', 'User creation failed'),
-                        meta=Meta(extra={'http_status': 400})
-                    );
-                }
-                token = self.create_jwt_token(email);
-                result['token'] = token;
-                result['platform'] = platform;
-                return TransportResponse.success(
-                    data=result, meta=Meta(extra={'http_status': 201})
-                );
-            }
-        }
-    } except Exception as e {
-        return TransportResponse.fail(
-            code='AUTHENTICATION_FAILED',
-            message=f"Authentication failed: {str(e)}",
-            meta=Meta(extra={'http_status': 500})
-        );
-    }
 }
 impl JacAPIServer.register_sso_endpoints -> None {
@@ -1329,7 +1116,7 @@ impl JacAPIServer.register_sso_endpoints -> None {
         JEndPoint(
             method=HTTPMethod.GET,
             path='/sso/{platform}/{operation}',
-            callback=self.sso_initiate,
+            callback=self.user_manager.sso_initiate,
             parameters=[
                 APIParameter(
                     name='platform',
@@ -1358,7 +1145,7 @@ impl JacAPIServer.register_sso_endpoints -> None {
         JEndPoint(
             method=HTTPMethod.GET,
             path='/sso/{platform}/{operation}/callback',
-            callback=self.sso_callback,
+            callback=self.user_manager.sso_callback,
             parameters=[
                 APIParameter(
                     name='platform',
@@ -1455,7 +1242,7 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
             ) {
                 token = Authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -1604,7 +1391,7 @@ impl JacAPIServer.register_dynamic_function_endpoint -> None {
             ) {
                 token = Authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',

jac-scale 0.1.1__tar.gz → 0.1.2__tar.gz

jac-scale 0.1.1tar.gz → 0.1.2tar.gz