PyPI - maquinaweb-shared-auth - Versions diffs - 0.1.2__tar.gz → 0.1.4__tar.gz - Mend

maquinaweb-shared-auth 0.1.2tar.gz → 0.1.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of maquinaweb-shared-auth might be problematic. Click here for more details.

Files changed (23) hide show

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: maquinaweb-shared-auth
-Version: 0.1.2
+Version: 0.1.4
 Summary: Models read-only para autenticação compartilhada entre projetos Django.
 Author-email: Seu Nome <seuemail@dominio.com>
 License: MIT
@@ -521,7 +521,7 @@ class RascunhoDetailSerializer(OrganizationUserSerializerMixin, serializers.Mode
         ]
         read_only_fields = ['organization', 'user', 'created_at', 'updated_at']
-# views.py
+# views
 class RascunhoViewSet(viewsets.ModelViewSet):
     queryset = Rascunho.objects.all()

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/README.md RENAMED Viewed

@@ -500,7 +500,7 @@ class RascunhoDetailSerializer(OrganizationUserSerializerMixin, serializers.Mode
         ]
         read_only_fields = ['organization', 'user', 'created_at', 'updated_at']
-# views.py
+# views
 class RascunhoViewSet(viewsets.ModelViewSet):
     queryset = Rascunho.objects.all()

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/maquinaweb_shared_auth.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: maquinaweb-shared-auth
-Version: 0.1.2
+Version: 0.1.4
 Summary: Models read-only para autenticação compartilhada entre projetos Django.
 Author-email: Seu Nome <seuemail@dominio.com>
 License: MIT
@@ -521,7 +521,7 @@ class RascunhoDetailSerializer(OrganizationUserSerializerMixin, serializers.Mode
         ]
         read_only_fields = ['organization', 'user', 'created_at', 'updated_at']
-# views.py
+# views
 class RascunhoViewSet(viewsets.ModelViewSet):
     queryset = Rascunho.objects.all()

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/maquinaweb_shared_auth.egg-info/SOURCES.txt RENAMED Viewed

@@ -7,10 +7,15 @@ maquinaweb_shared_auth.egg-info/dependency_links.txt
 maquinaweb_shared_auth.egg-info/requires.txt
 maquinaweb_shared_auth.egg-info/top_level.txt
 shared_auth/__init__.py
+shared_auth/authentication.py
 shared_auth/conf.py
+shared_auth/decorators.py
 shared_auth/exceptions.py
 shared_auth/fields.py
 shared_auth/managers.py
+shared_auth/middleware.py
 shared_auth/mixins.py
 shared_auth/models.py
+shared_auth/permissions.py
+shared_auth/router.py
 shared_auth/serializers.py

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "maquinaweb-shared-auth"
-version = "0.1.2"
+version = "0.1.4"
 description = "Models read-only para autenticação compartilhada entre projetos Django."
 readme = "README.md"
 requires-python = ">=3.13"

maquinaweb_shared_auth-0.1.4/shared_auth/authentication.py ADDED Viewed

@@ -0,0 +1,48 @@
+"""
+Backend de autenticação usando tokens do banco compartilhado
+"""
+from rest_framework.authentication import TokenAuthentication
+from rest_framework import exceptions
+from django.utils.translation import gettext_lazy as _
+from .models import SharedToken, SharedUser
+class SharedTokenAuthentication(TokenAuthentication):
+    """
+    Autentica usando tokens do banco de dados compartilhado
+    Usage em settings.py:
+        REST_FRAMEWORK = {
+            'DEFAULT_AUTHENTICATION_CLASSES': [
+                'shared_auth.authentication.SharedTokenAuthentication',
+            ]
+        }
+    """
+    model = SharedToken
+    def authenticate_credentials(self, key):
+        """
+        Valida o token no banco de dados compartilhado
+        """
+        try:
+            token = (
+                SharedToken.objects.using("auth_db").select_related("user").get(key=key)
+            )
+        except SharedToken.DoesNotExist:
+            raise exceptions.AuthenticationFailed(_("Token inválido."))
+        # Buscar usuário completo
+        try:
+            user = SharedUser.objects.using("auth_db").get(pk=token.user_id)
+        except SharedUser.DoesNotExist:
+            raise exceptions.AuthenticationFailed(_("Usuário não encontrado."))
+        if not user.is_active:
+            raise exceptions.AuthenticationFailed(_("Usuário inativo ou deletado."))
+        if user.deleted_at is not None:
+            raise exceptions.AuthenticationFailed(_("Usuário deletado."))
+        return (user, token)

maquinaweb_shared_auth-0.1.4/shared_auth/decorators.py ADDED Viewed

@@ -0,0 +1,122 @@
+"""
+Decorators para views funcionais
+"""
+from functools import wraps
+from django.http import JsonResponse
+from .models import SharedToken, SharedUser, SharedOrganization
+def require_auth(view_func):
+    """
+    Decorator que requer autenticação
+    Usage:
+        @require_auth
+        def my_view(request):
+            return JsonResponse({'user': request.user.email})
+    """
+    @wraps(view_func)
+    def wrapped_view(request, *args, **kwargs):
+        # Extrair token
+        token = _get_token_from_request(request)
+        if not token:
+            return JsonResponse({"error": "Token não fornecido"}, status=401)
+        # Validar token
+        try:
+            token_obj = SharedToken.objects.using("auth_db").get(key=token)
+            user = SharedUser.objects.using("auth_db").get(pk=token_obj.user_id)
+            if not user.is_active or user.deleted_at is not None:
+                return JsonResponse({"error": "Usuário inativo"}, status=401)
+            request.user = user
+            request.auth = token_obj
+        except (SharedToken.DoesNotExist, SharedUser.DoesNotExist):
+            return JsonResponse({"error": "Token inválido"}, status=401)
+        return view_func(request, *args, **kwargs)
+    return wrapped_view
+def require_organization(view_func):
+    """
+    Decorator que requer organização ativa
+    """
+    @wraps(view_func)
+    @require_auth
+    def wrapped_view(request, *args, **kwargs):
+        if (
+            not hasattr(request.user, "logged_organization_id")
+            or not request.user.logged_organization_id
+        ):
+            return JsonResponse({"error": "Organização não definida"}, status=403)
+        # Buscar organização
+        try:
+            org = SharedOrganization.objects.using("auth_db").get(
+                pk=request.user.logged_organization_id
+            )
+            if not org.is_active():
+                return JsonResponse({"error": "Organização inativa"}, status=403)
+            request.organization = org
+        except SharedOrganization.DoesNotExist:
+            return JsonResponse({"error": "Organização não encontrada"}, status=404)
+        return view_func(request, *args, **kwargs)
+    return wrapped_view
+def require_same_organization(view_func):
+    """
+    Decorator que verifica se objeto pertence à mesma organização
+    O objeto deve estar em kwargs['pk'] ou kwargs['id']
+    """
+    @wraps(view_func)
+    @require_organization
+    def wrapped_view(request, *args, **kwargs):
+        obj_id = kwargs.get("pk") or kwargs.get("id")
+        if not obj_id:
+            return view_func(request, *args, **kwargs)
+        # Aqui você precisa buscar o objeto e verificar
+        # Exemplo genérico - adapte conforme seu model
+        from django.apps import apps
+        # Tentar identificar o model pelo path
+        # Esta é uma implementação básica
+        # Em produção, você pode passar o model como parâmetro
+        return view_func(request, *args, **kwargs)
+    return wrapped_view
+def _get_token_from_request(request):
+    """Helper para extrair token"""
+    auth_header = request.META.get("HTTP_AUTHORIZATION", "")
+    if auth_header.startswith("Token "):
+        return auth_header.split(" ")[1]
+    token = request.META.get("HTTP_X_AUTH_TOKEN")
+    if token:
+        return token
+    token = request.COOKIES.get("auth_token")
+    if token:
+        return token
+    return None

maquinaweb_shared_auth-0.1.4/shared_auth/middleware.py ADDED Viewed

@@ -0,0 +1,207 @@
+"""
+Middlewares para autenticação compartilhada
+"""
+from django.utils.deprecation import MiddlewareMixin
+from django.http import JsonResponse
+from . import SharedMember
+from .authentication import SharedTokenAuthentication
+from .models import SharedToken, SharedUser, SharedOrganization
+class SharedAuthMiddleware(MiddlewareMixin):
+    """
+    Middleware que autentica usuário baseado no token do header
+    Usage em settings.py:
+        MIDDLEWARE = [
+            ...
+            'shared_auth.middleware.SharedAuthMiddleware',
+        ]
+    O middleware busca o token em:
+    - Header: Authorization: Token <token>
+    - Header: X-Auth-Token: <token>
+    - Cookie: auth_token
+    """
+    def process_request(self, request):
+        # Caminhos que não precisam de autenticação
+        exempt_paths = getattr(
+            request,
+            "auth_exempt_paths",
+            [
+                "/api/auth/login/",
+                "/api/auth/register/",
+                "/health/",
+                "/static/",
+            ],
+        )
+        if any(request.path.startswith(path) for path in exempt_paths):
+            return None
+        # Extrair token
+        token = self._get_token_from_request(request)
+        if not token:
+            request.user = None
+            request.auth = None
+            return None
+        # Validar token e buscar usuário
+        try:
+            token_obj = SharedToken.objects.using("auth_db").get(key=token)
+            user = SharedUser.objects.using("auth_db").get(pk=token_obj.user_id)
+            if not user.is_active or user.deleted_at is not None:
+                request.user = None
+                request.auth = None
+                return None
+            # Adicionar ao request
+            request.user = user
+            request.auth = token_obj
+        except (SharedToken.DoesNotExist, SharedUser.DoesNotExist):
+            request.user = None
+            request.auth = None
+        return None
+    def _get_token_from_request(self, request):
+        """Extrai token do request"""
+        # Header: Authorization: Token <token>
+        auth_header = request.META.get("HTTP_AUTHORIZATION", "")
+        if auth_header.startswith("Token "):
+            return auth_header.split(" ")[1]
+        # Header: X-Auth-Token
+        token = request.META.get("HTTP_X_AUTH_TOKEN")
+        if token:
+            return token
+        # Cookie
+        token = request.COOKIES.get("auth_token")
+        if token:
+            return token
+        return None
+class RequireAuthMiddleware(MiddlewareMixin):
+    """
+    Middleware que FORÇA autenticação em todas as rotas
+    Retorna 401 se não estiver autenticado
+    Usage em settings.py:
+        MIDDLEWARE = [
+            'shared_auth.middleware.SharedAuthMiddleware',
+            'shared_auth.middleware.RequireAuthMiddleware',
+        ]
+    """
+    def process_request(self, request):
+        # Caminhos públicos
+        public_paths = getattr(
+            request,
+            "public_paths",
+            [
+                "/api/auth/",
+                "/health/",
+                "/docs/",
+                "/static/",
+            ],
+        )
+        if any(request.path.startswith(path) for path in public_paths):
+            return None
+        # Verificar se está autenticado
+        if not hasattr(request, "user") or request.user is None:
+            return JsonResponse(
+                {
+                    "error": "Autenticação necessária",
+                    "detail": "Token não fornecido ou inválido",
+                },
+                status=401,
+            )
+        return None
+class OrganizationMiddleware(MiddlewareMixin):
+    """
+    Middleware que adiciona organização logada ao request
+    Adiciona:
+    - request.organization (objeto SharedOrganization)
+    """
+    def process_request(self, request) -> None:
+        ip = request.META.get("HTTP_X_FORWARDED_FOR")
+        if ip:
+            ip = ip.split(",")[0]
+        else:
+            ip = request.META.get("REMOTE_ADDR")
+        organization_id = self._determine_organization_id(request)
+        user = self._authenticate_user(request)
+        if organization_id and user:
+            organization_id = self._validate_organization_membership(
+                user, organization_id
+            )
+            if not organization_id:
+                return
+        request.organization_id = organization_id
+        request.organization = SharedOrganization.objects.get_or_fail(organization_id)
+    @staticmethod
+    def _authenticate_user(request):
+        data = SharedTokenAuthentication().authenticate(request)
+        return data[0] if data else None
+    def _determine_organization_id(self, request):
+        org_id = self._get_organization_from_header(request)
+        if org_id:
+            return org_id
+        return self._get_organization_from_user(request)
+    @staticmethod
+    def _get_organization_from_header(request):
+        if header_value := request.headers.get("X-Organization"):
+            try:
+                return int(header_value)
+            except (ValueError, TypeError):
+                pass
+        return None
+    @staticmethod
+    def _get_organization_from_user(request):
+        if not request.user.is_authenticated:
+            return None
+        if (
+            hasattr(request.user, "logged_organization")
+            and request.user.logged_organization
+        ):
+            return request.user.logged_organization.id
+        return None
+    @staticmethod
+    def _validate_organization_membership(
+        user, organization_id
+    ):
+        try:
+            member = get_member(user, organization_id)
+            if not member and not user.is_superuser:
+                return None
+            return organization_id
+        except Exception:
+            return None
+def get_member(user, organization_id):
+    return SharedMember.objects.filter(user_id=user.pk, organization_id=organization_id).first()

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/shared_auth/mixins.py RENAMED Viewed

@@ -3,6 +3,10 @@ Mixins para facilitar a criação de models com referências ao sistema de auth
 """
 from django.db import models
+from rest_framework import viewsets, status
+from rest_framework.response import Response
+from shared_auth.managers import BaseAuthManager
 class OrganizationMixin(models.Model):
@@ -26,7 +30,7 @@ class OrganizationMixin(models.Model):
     organization_id = models.IntegerField(
         db_index=True, help_text="ID da organização no sistema de autenticação"
     )
+    objects = BaseAuthManager()
     class Meta:
         abstract = True
         indexes = [
@@ -89,7 +93,7 @@ class UserMixin(models.Model):
     user_id = models.IntegerField(
         db_index=True, help_text="ID do usuário no sistema de autenticação"
     )
+    objects = BaseAuthManager()
     class Meta:
         abstract = True
         indexes = [
@@ -188,6 +192,62 @@ class OrganizationUserMixin(OrganizationMixin, UserMixin):
             .exists()
         )
+class LoggedOrganizationMixin(viewsets.ModelViewSet):
+    """
+    Mixin para ViewSets que dependem de uma organização logada.
+    Integra com a lib maquinaweb-shared-auth.
+    """
+    def get_organization_id(self):
+        """Obtém o ID da organização logada via maquinaweb-shared-auth"""
+        return self.request.organization_id
+    def get_user(self):
+        """Obtém o usuário atual autenticado"""
+        return self.request.user
+    def check_logged_organization(self):
+        """Verifica se há uma organização logada"""
+        return self.get_organization_id() is not None
+    def require_logged_organization(self):
+        """Retorna erro se não houver organização logada"""
+        if not self.check_logged_organization():
+            return Response(
+                {
+                    "detail": "Nenhuma organização logada. Defina uma organização antes de continuar."
+                },
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        return None
+    def get_queryset(self):
+        """Filtra os objetos pela organização logada, se aplicável"""
+        queryset = super().get_queryset()
+        response = self.require_logged_organization()
+        if response:
+            return queryset.none()
+        organization_id = self.get_organization_id()
+        if hasattr(queryset.model, "organization_id"):
+            return queryset.filter(organization_id=organization_id)
+        elif hasattr(queryset.model, "organization"):
+            return queryset.filter(organization_id=organization_id)
+        return queryset
+    def perform_create(self, serializer):
+        """Define a organização automaticamente ao criar um objeto"""
+        response = self.require_logged_organization()
+        if response:
+            return response
+        organization_id = self.get_organization_id()
+        if "organization" in serializer.fields:
+            serializer.save(organization_id=organization_id)
+        else:
+            serializer.save()
 class TimestampedMixin(models.Model):
     """

{maquinaweb_shared_auth-0.1.2 → maquinaweb_shared_auth-0.1.4}/shared_auth/models.py RENAMED Viewed

@@ -12,6 +12,41 @@ from .managers import (
 )
+class SharedToken(models.Model):
+    """
+    Model READ-ONLY da tabela authtoken_token
+    Usado para validar tokens em outros sistemas
+    """
+    key = models.CharField(max_length=40, primary_key=True)
+    user_id = models.IntegerField()
+    created = models.DateTimeField()
+    objects = models.Manager()
+    class Meta:
+        managed = False
+        db_table = "authtoken_token"
+        app_label = "shared_auth"
+    def __str__(self):
+        return self.key
+    @property
+    def user(self):
+        """Acessa usuário do token"""
+        if not hasattr(self, "_cached_user"):
+            self._cached_user = SharedUser.objects.using("auth_db").get_or_fail(
+                self.user_id
+            )
+        return self._cached_user
+    def is_valid(self):
+        """Verifica se token ainda é válido"""
+        # Implementar lógica de expiração se necessário
+        return True
 class SharedOrganization(models.Model):
     """
     Model READ-ONLY da tabela organization

maquinaweb_shared_auth-0.1.4/shared_auth/permissions.py ADDED Viewed

@@ -0,0 +1,86 @@
+"""
+Permissões customizadas para DRF
+"""
+from rest_framework import permissions
+class IsAuthenticated(permissions.BasePermission):
+    """
+    Verifica se usuário está autenticado via SharedToken
+    """
+    message = "Autenticação necessária."
+    def has_permission(self, request, view):
+        return bool(
+            request.user and hasattr(request.user, "pk") and request.user.is_active
+        )
+class HasActiveOrganization(permissions.BasePermission):
+    """
+    Verifica se usuário tem organização ativa
+    """
+    message = "Organização ativa necessária."
+    def has_permission(self, request, view):
+        if not request.user or not hasattr(request.user, "logged_organization_id"):
+            return False
+        if not request.user.logged_organization_id:
+            return False
+        # Verificar se organização está ativa
+        from .models import SharedOrganization
+        try:
+            org = SharedOrganization.objects.using("auth_db").get(
+                pk=request.user.logged_organization_id
+            )
+            return org.is_active()
+        except SharedOrganization.DoesNotExist:
+            return False
+class IsSameOrganization(permissions.BasePermission):
+    """
+    Verifica se o objeto pertence à mesma organização do usuário
+    O model deve ter organization_id
+    """
+    message = "Você não tem permissão para acessar este recurso."
+    def has_object_permission(self, request, view, obj):
+        if not hasattr(request.user, "logged_organization_id"):
+            return False
+        if not hasattr(obj, "organization_id"):
+            return True  # Se objeto não tem org, permite
+        return obj.organization_id == request.user.logged_organization_id
+class IsOwnerOrSameOrganization(permissions.BasePermission):
+    """
+    Verifica se é o dono do objeto OU da mesma organização
+    O model deve ter user_id e/ou organization_id
+    """
+    message = "Você não tem permissão para acessar este recurso."
+    def has_object_permission(self, request, view, obj):
+        # Verificar se é o dono
+        if hasattr(obj, "user_id") and obj.user_id == request.user.pk:
+            return True
+        # Verificar se é da mesma organização
+        if hasattr(obj, "organization_id") and hasattr(
+            request.user, "logged_organization_id"
+        ):
+            return obj.organization_id == request.user.logged_organization_id
+        return False

maquinaweb_shared_auth-0.1.4/shared_auth/router.py ADDED Viewed

@@ -0,0 +1,22 @@
+class SharedAuthRouter:
+    """
+    Direciona queries dos models compartilhados para o banco correto
+    """
+    route_app_labels = {"shared_auth"}
+    def db_for_read(self, model, **hints):
+        if model._meta.app_label in self.route_app_labels:
+            return "auth_db"
+        return None
+    def db_for_write(self, model, **hints):
+        if model._meta.app_label in self.route_app_labels:
+            return None
+        return None
+    def allow_migrate(self, db, app_label, model_name=None, **hints):
+        """Bloqueia migrations"""
+        if app_label in self.route_app_labels:
+            return False
+        return None