mdb-engine 0.1.6__py3-none-any.whl → 0.1.7__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- mdb_engine/__init__.py +38 -6
- mdb_engine/auth/README.md +534 -11
- mdb_engine/auth/__init__.py +129 -28
- mdb_engine/auth/audit.py +592 -0
- mdb_engine/auth/casbin_factory.py +10 -14
- mdb_engine/auth/config_helpers.py +7 -6
- mdb_engine/auth/cookie_utils.py +3 -7
- mdb_engine/auth/csrf.py +373 -0
- mdb_engine/auth/decorators.py +3 -10
- mdb_engine/auth/dependencies.py +37 -45
- mdb_engine/auth/helpers.py +3 -3
- mdb_engine/auth/integration.py +30 -73
- mdb_engine/auth/jwt.py +2 -6
- mdb_engine/auth/middleware.py +77 -34
- mdb_engine/auth/oso_factory.py +16 -36
- mdb_engine/auth/provider.py +17 -38
- mdb_engine/auth/rate_limiter.py +504 -0
- mdb_engine/auth/restrictions.py +8 -24
- mdb_engine/auth/session_manager.py +14 -29
- mdb_engine/auth/shared_middleware.py +600 -0
- mdb_engine/auth/shared_users.py +759 -0
- mdb_engine/auth/token_store.py +14 -28
- mdb_engine/auth/users.py +54 -113
- mdb_engine/auth/utils.py +213 -15
- mdb_engine/cli/commands/generate.py +545 -9
- mdb_engine/cli/commands/validate.py +3 -7
- mdb_engine/cli/utils.py +3 -3
- mdb_engine/config.py +7 -21
- mdb_engine/constants.py +65 -0
- mdb_engine/core/README.md +117 -6
- mdb_engine/core/__init__.py +39 -7
- mdb_engine/core/app_registration.py +22 -41
- mdb_engine/core/app_secrets.py +290 -0
- mdb_engine/core/connection.py +18 -9
- mdb_engine/core/encryption.py +223 -0
- mdb_engine/core/engine.py +758 -95
- mdb_engine/core/index_management.py +12 -16
- mdb_engine/core/manifest.py +424 -135
- mdb_engine/core/ray_integration.py +435 -0
- mdb_engine/core/seeding.py +10 -18
- mdb_engine/core/service_initialization.py +12 -23
- mdb_engine/core/types.py +2 -5
- mdb_engine/database/README.md +112 -16
- mdb_engine/database/__init__.py +17 -6
- mdb_engine/database/abstraction.py +25 -37
- mdb_engine/database/connection.py +11 -18
- mdb_engine/database/query_validator.py +367 -0
- mdb_engine/database/resource_limiter.py +204 -0
- mdb_engine/database/scoped_wrapper.py +713 -196
- mdb_engine/embeddings/__init__.py +17 -9
- mdb_engine/embeddings/dependencies.py +1 -3
- mdb_engine/embeddings/service.py +11 -25
- mdb_engine/exceptions.py +92 -0
- mdb_engine/indexes/README.md +30 -13
- mdb_engine/indexes/__init__.py +1 -0
- mdb_engine/indexes/helpers.py +1 -1
- mdb_engine/indexes/manager.py +50 -114
- mdb_engine/memory/README.md +2 -2
- mdb_engine/memory/__init__.py +1 -2
- mdb_engine/memory/service.py +30 -87
- mdb_engine/observability/README.md +4 -2
- mdb_engine/observability/__init__.py +26 -9
- mdb_engine/observability/health.py +8 -9
- mdb_engine/observability/metrics.py +32 -12
- mdb_engine/routing/README.md +1 -1
- mdb_engine/routing/__init__.py +1 -3
- mdb_engine/routing/websockets.py +25 -60
- mdb_engine-0.1.7.dist-info/METADATA +285 -0
- mdb_engine-0.1.7.dist-info/RECORD +85 -0
- mdb_engine-0.1.6.dist-info/METADATA +0 -213
- mdb_engine-0.1.6.dist-info/RECORD +0 -75
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.1.7.dist-info}/WHEEL +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.1.7.dist-info}/entry_points.txt +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.1.7.dist-info}/licenses/LICENSE +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.1.7.dist-info}/top_level.txt +0 -0
mdb_engine/auth/__init__.py
CHANGED
|
@@ -6,47 +6,121 @@ Provides authentication, authorization, and access control for the MongoDB Engin
|
|
|
6
6
|
This module is part of MDB_ENGINE - MongoDB Engine.
|
|
7
7
|
"""
|
|
8
8
|
|
|
9
|
+
# Audit logging
|
|
10
|
+
from .audit import AuthAction, AuthAuditLog
|
|
11
|
+
|
|
9
12
|
# Casbin Factory
|
|
10
|
-
from .casbin_factory import (
|
|
11
|
-
|
|
13
|
+
from .casbin_factory import (
|
|
14
|
+
create_casbin_enforcer,
|
|
15
|
+
get_casbin_model,
|
|
16
|
+
initialize_casbin_from_manifest,
|
|
17
|
+
)
|
|
18
|
+
|
|
12
19
|
# Cookie utilities
|
|
13
|
-
from .cookie_utils import (
|
|
14
|
-
|
|
20
|
+
from .cookie_utils import (
|
|
21
|
+
clear_auth_cookies,
|
|
22
|
+
get_secure_cookie_settings,
|
|
23
|
+
set_auth_cookies,
|
|
24
|
+
)
|
|
25
|
+
|
|
26
|
+
# CSRF protection
|
|
27
|
+
from .csrf import (
|
|
28
|
+
CSRFMiddleware,
|
|
29
|
+
create_csrf_middleware,
|
|
30
|
+
generate_csrf_token,
|
|
31
|
+
get_csrf_token,
|
|
32
|
+
validate_csrf_token,
|
|
33
|
+
)
|
|
34
|
+
|
|
15
35
|
# Decorators
|
|
16
|
-
from .decorators import
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
36
|
+
from .decorators import auto_token_setup, rate_limit_auth, require_auth, token_security
|
|
37
|
+
from .dependencies import (
|
|
38
|
+
SECRET_KEY,
|
|
39
|
+
_validate_next_url,
|
|
40
|
+
get_authz_provider,
|
|
41
|
+
get_current_user,
|
|
42
|
+
get_current_user_from_request,
|
|
43
|
+
get_current_user_or_redirect,
|
|
44
|
+
get_refresh_token,
|
|
45
|
+
get_session_manager,
|
|
46
|
+
get_token_blacklist,
|
|
47
|
+
refresh_access_token,
|
|
48
|
+
require_admin,
|
|
49
|
+
require_admin_or_developer,
|
|
50
|
+
require_permission,
|
|
51
|
+
)
|
|
24
52
|
from .helpers import initialize_token_management
|
|
53
|
+
|
|
25
54
|
# Integration
|
|
26
55
|
from .integration import get_auth_config, setup_auth_from_manifest
|
|
27
|
-
from .jwt import (
|
|
28
|
-
|
|
56
|
+
from .jwt import (
|
|
57
|
+
decode_jwt_token,
|
|
58
|
+
encode_jwt_token,
|
|
59
|
+
extract_token_metadata,
|
|
60
|
+
generate_token_pair,
|
|
61
|
+
)
|
|
62
|
+
|
|
29
63
|
# Middleware
|
|
30
64
|
from .middleware import SecurityMiddleware, create_security_middleware
|
|
31
|
-
from .provider import
|
|
32
|
-
|
|
65
|
+
from .provider import AUTHZ_CACHE_TTL, AuthorizationProvider, CasbinAdapter, OsoAdapter
|
|
66
|
+
|
|
67
|
+
# Rate limiting
|
|
68
|
+
from .rate_limiter import (
|
|
69
|
+
AuthRateLimitMiddleware,
|
|
70
|
+
InMemoryRateLimitStore,
|
|
71
|
+
MongoDBRateLimitStore,
|
|
72
|
+
RateLimit,
|
|
73
|
+
create_rate_limit_middleware,
|
|
74
|
+
rate_limit,
|
|
75
|
+
)
|
|
33
76
|
from .restrictions import block_demo_users, is_demo_user, require_non_demo_user
|
|
34
77
|
from .session_manager import SessionManager
|
|
35
|
-
from .
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
78
|
+
from .shared_middleware import (
|
|
79
|
+
SharedAuthMiddleware,
|
|
80
|
+
create_shared_auth_middleware,
|
|
81
|
+
create_shared_auth_middleware_lazy,
|
|
82
|
+
)
|
|
83
|
+
|
|
84
|
+
# Shared auth (multi-app SSO)
|
|
85
|
+
from .shared_users import JWTKeyError, JWTSecretError, SharedUserPool
|
|
86
|
+
from .token_lifecycle import (
|
|
87
|
+
get_time_until_expiry,
|
|
88
|
+
get_token_age,
|
|
89
|
+
get_token_expiry_time,
|
|
90
|
+
get_token_info,
|
|
91
|
+
is_token_expiring_soon,
|
|
92
|
+
should_refresh_token,
|
|
93
|
+
validate_token_version,
|
|
94
|
+
)
|
|
95
|
+
|
|
39
96
|
# Token management
|
|
40
97
|
from .token_store import TokenBlacklist
|
|
41
|
-
from .users import (
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
98
|
+
from .users import (
|
|
99
|
+
authenticate_app_user,
|
|
100
|
+
create_app_session,
|
|
101
|
+
create_app_user,
|
|
102
|
+
ensure_demo_users_exist,
|
|
103
|
+
ensure_demo_users_for_actor,
|
|
104
|
+
get_app_user,
|
|
105
|
+
get_app_user_role,
|
|
106
|
+
get_or_create_anonymous_user,
|
|
107
|
+
get_or_create_demo_user,
|
|
108
|
+
get_or_create_demo_user_for_request,
|
|
109
|
+
sync_app_user_to_casbin,
|
|
110
|
+
)
|
|
111
|
+
|
|
47
112
|
# Utilities
|
|
48
|
-
from .utils import (
|
|
49
|
-
|
|
113
|
+
from .utils import (
|
|
114
|
+
calculate_password_entropy,
|
|
115
|
+
check_password_breach,
|
|
116
|
+
get_device_info,
|
|
117
|
+
is_common_password,
|
|
118
|
+
login_user,
|
|
119
|
+
logout_user,
|
|
120
|
+
register_user,
|
|
121
|
+
validate_password_strength,
|
|
122
|
+
validate_password_strength_async,
|
|
123
|
+
)
|
|
50
124
|
|
|
51
125
|
__all__ = [
|
|
52
126
|
# Provider
|
|
@@ -105,6 +179,10 @@ __all__ = [
|
|
|
105
179
|
"register_user",
|
|
106
180
|
"logout_user",
|
|
107
181
|
"validate_password_strength",
|
|
182
|
+
"validate_password_strength_async",
|
|
183
|
+
"calculate_password_entropy",
|
|
184
|
+
"is_common_password",
|
|
185
|
+
"check_password_breach",
|
|
108
186
|
"get_device_info",
|
|
109
187
|
# Decorators
|
|
110
188
|
"require_auth",
|
|
@@ -125,4 +203,27 @@ __all__ = [
|
|
|
125
203
|
"get_casbin_model",
|
|
126
204
|
"create_casbin_enforcer",
|
|
127
205
|
"initialize_casbin_from_manifest",
|
|
206
|
+
# Shared auth (multi-app SSO)
|
|
207
|
+
"SharedUserPool",
|
|
208
|
+
"JWTSecretError",
|
|
209
|
+
"JWTKeyError",
|
|
210
|
+
"SharedAuthMiddleware",
|
|
211
|
+
"create_shared_auth_middleware",
|
|
212
|
+
"create_shared_auth_middleware_lazy",
|
|
213
|
+
# Rate limiting
|
|
214
|
+
"AuthRateLimitMiddleware",
|
|
215
|
+
"RateLimit",
|
|
216
|
+
"InMemoryRateLimitStore",
|
|
217
|
+
"MongoDBRateLimitStore",
|
|
218
|
+
"create_rate_limit_middleware",
|
|
219
|
+
"rate_limit",
|
|
220
|
+
# Audit logging
|
|
221
|
+
"AuthAuditLog",
|
|
222
|
+
"AuthAction",
|
|
223
|
+
# CSRF protection
|
|
224
|
+
"CSRFMiddleware",
|
|
225
|
+
"create_csrf_middleware",
|
|
226
|
+
"generate_csrf_token",
|
|
227
|
+
"validate_csrf_token",
|
|
228
|
+
"get_csrf_token",
|
|
128
229
|
]
|