mdb-engine 0.1.6__py3-none-any.whl → 0.2.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- mdb_engine/__init__.py +104 -11
- mdb_engine/auth/ARCHITECTURE.md +112 -0
- mdb_engine/auth/README.md +648 -11
- mdb_engine/auth/__init__.py +136 -29
- mdb_engine/auth/audit.py +592 -0
- mdb_engine/auth/base.py +252 -0
- mdb_engine/auth/casbin_factory.py +264 -69
- mdb_engine/auth/config_helpers.py +7 -6
- mdb_engine/auth/cookie_utils.py +3 -7
- mdb_engine/auth/csrf.py +373 -0
- mdb_engine/auth/decorators.py +3 -10
- mdb_engine/auth/dependencies.py +47 -50
- mdb_engine/auth/helpers.py +3 -3
- mdb_engine/auth/integration.py +53 -80
- mdb_engine/auth/jwt.py +2 -6
- mdb_engine/auth/middleware.py +77 -34
- mdb_engine/auth/oso_factory.py +18 -38
- mdb_engine/auth/provider.py +270 -171
- mdb_engine/auth/rate_limiter.py +504 -0
- mdb_engine/auth/restrictions.py +8 -24
- mdb_engine/auth/session_manager.py +14 -29
- mdb_engine/auth/shared_middleware.py +600 -0
- mdb_engine/auth/shared_users.py +759 -0
- mdb_engine/auth/token_store.py +14 -28
- mdb_engine/auth/users.py +54 -113
- mdb_engine/auth/utils.py +213 -15
- mdb_engine/cli/commands/generate.py +545 -9
- mdb_engine/cli/commands/validate.py +3 -7
- mdb_engine/cli/utils.py +3 -3
- mdb_engine/config.py +7 -21
- mdb_engine/constants.py +65 -0
- mdb_engine/core/README.md +117 -6
- mdb_engine/core/__init__.py +39 -7
- mdb_engine/core/app_registration.py +22 -41
- mdb_engine/core/app_secrets.py +290 -0
- mdb_engine/core/connection.py +18 -9
- mdb_engine/core/encryption.py +223 -0
- mdb_engine/core/engine.py +1057 -93
- mdb_engine/core/index_management.py +12 -16
- mdb_engine/core/manifest.py +459 -150
- mdb_engine/core/ray_integration.py +435 -0
- mdb_engine/core/seeding.py +10 -18
- mdb_engine/core/service_initialization.py +12 -23
- mdb_engine/core/types.py +2 -5
- mdb_engine/database/README.md +140 -17
- mdb_engine/database/__init__.py +17 -6
- mdb_engine/database/abstraction.py +25 -37
- mdb_engine/database/connection.py +11 -18
- mdb_engine/database/query_validator.py +367 -0
- mdb_engine/database/resource_limiter.py +204 -0
- mdb_engine/database/scoped_wrapper.py +713 -196
- mdb_engine/dependencies.py +426 -0
- mdb_engine/di/__init__.py +34 -0
- mdb_engine/di/container.py +248 -0
- mdb_engine/di/providers.py +205 -0
- mdb_engine/di/scopes.py +139 -0
- mdb_engine/embeddings/README.md +54 -24
- mdb_engine/embeddings/__init__.py +31 -24
- mdb_engine/embeddings/dependencies.py +37 -154
- mdb_engine/embeddings/service.py +11 -25
- mdb_engine/exceptions.py +92 -0
- mdb_engine/indexes/README.md +30 -13
- mdb_engine/indexes/__init__.py +1 -0
- mdb_engine/indexes/helpers.py +1 -1
- mdb_engine/indexes/manager.py +50 -114
- mdb_engine/memory/README.md +2 -2
- mdb_engine/memory/__init__.py +1 -2
- mdb_engine/memory/service.py +30 -87
- mdb_engine/observability/README.md +4 -2
- mdb_engine/observability/__init__.py +26 -9
- mdb_engine/observability/health.py +8 -9
- mdb_engine/observability/metrics.py +32 -12
- mdb_engine/repositories/__init__.py +34 -0
- mdb_engine/repositories/base.py +325 -0
- mdb_engine/repositories/mongo.py +233 -0
- mdb_engine/repositories/unit_of_work.py +166 -0
- mdb_engine/routing/README.md +1 -1
- mdb_engine/routing/__init__.py +1 -3
- mdb_engine/routing/websockets.py +25 -60
- mdb_engine-0.2.0.dist-info/METADATA +313 -0
- mdb_engine-0.2.0.dist-info/RECORD +96 -0
- mdb_engine-0.1.6.dist-info/METADATA +0 -213
- mdb_engine-0.1.6.dist-info/RECORD +0 -75
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/WHEEL +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/entry_points.txt +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/licenses/LICENSE +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/top_level.txt +0 -0
mdb_engine/auth/__init__.py
CHANGED
|
@@ -6,50 +6,130 @@ Provides authentication, authorization, and access control for the MongoDB Engin
|
|
|
6
6
|
This module is part of MDB_ENGINE - MongoDB Engine.
|
|
7
7
|
"""
|
|
8
8
|
|
|
9
|
+
# Audit logging
|
|
10
|
+
from .audit import AuthAction, AuthAuditLog
|
|
11
|
+
|
|
12
|
+
# Base classes
|
|
13
|
+
from .base import AuthorizationError, BaseAuthorizationProvider
|
|
14
|
+
|
|
9
15
|
# Casbin Factory
|
|
10
|
-
from .casbin_factory import (
|
|
11
|
-
|
|
16
|
+
from .casbin_factory import (
|
|
17
|
+
create_casbin_enforcer,
|
|
18
|
+
get_casbin_model,
|
|
19
|
+
initialize_casbin_from_manifest,
|
|
20
|
+
)
|
|
21
|
+
|
|
12
22
|
# Cookie utilities
|
|
13
|
-
from .cookie_utils import (
|
|
14
|
-
|
|
23
|
+
from .cookie_utils import (
|
|
24
|
+
clear_auth_cookies,
|
|
25
|
+
get_secure_cookie_settings,
|
|
26
|
+
set_auth_cookies,
|
|
27
|
+
)
|
|
28
|
+
|
|
29
|
+
# CSRF protection
|
|
30
|
+
from .csrf import (
|
|
31
|
+
CSRFMiddleware,
|
|
32
|
+
create_csrf_middleware,
|
|
33
|
+
generate_csrf_token,
|
|
34
|
+
get_csrf_token,
|
|
35
|
+
validate_csrf_token,
|
|
36
|
+
)
|
|
37
|
+
|
|
15
38
|
# Decorators
|
|
16
|
-
from .decorators import
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
39
|
+
from .decorators import auto_token_setup, rate_limit_auth, require_auth, token_security
|
|
40
|
+
from .dependencies import (
|
|
41
|
+
SECRET_KEY,
|
|
42
|
+
_validate_next_url,
|
|
43
|
+
get_authz_provider,
|
|
44
|
+
get_current_user,
|
|
45
|
+
get_current_user_from_request,
|
|
46
|
+
get_current_user_or_redirect,
|
|
47
|
+
get_refresh_token,
|
|
48
|
+
get_session_manager,
|
|
49
|
+
get_token_blacklist,
|
|
50
|
+
refresh_access_token,
|
|
51
|
+
require_admin,
|
|
52
|
+
require_admin_or_developer,
|
|
53
|
+
require_permission,
|
|
54
|
+
)
|
|
24
55
|
from .helpers import initialize_token_management
|
|
56
|
+
|
|
25
57
|
# Integration
|
|
26
58
|
from .integration import get_auth_config, setup_auth_from_manifest
|
|
27
|
-
from .jwt import (
|
|
28
|
-
|
|
59
|
+
from .jwt import (
|
|
60
|
+
decode_jwt_token,
|
|
61
|
+
encode_jwt_token,
|
|
62
|
+
extract_token_metadata,
|
|
63
|
+
generate_token_pair,
|
|
64
|
+
)
|
|
65
|
+
|
|
29
66
|
# Middleware
|
|
30
67
|
from .middleware import SecurityMiddleware, create_security_middleware
|
|
31
|
-
from .provider import
|
|
32
|
-
|
|
68
|
+
from .provider import AUTHZ_CACHE_TTL, AuthorizationProvider, CasbinAdapter, OsoAdapter
|
|
69
|
+
|
|
70
|
+
# Rate limiting
|
|
71
|
+
from .rate_limiter import (
|
|
72
|
+
AuthRateLimitMiddleware,
|
|
73
|
+
InMemoryRateLimitStore,
|
|
74
|
+
MongoDBRateLimitStore,
|
|
75
|
+
RateLimit,
|
|
76
|
+
create_rate_limit_middleware,
|
|
77
|
+
rate_limit,
|
|
78
|
+
)
|
|
33
79
|
from .restrictions import block_demo_users, is_demo_user, require_non_demo_user
|
|
34
80
|
from .session_manager import SessionManager
|
|
35
|
-
from .
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
81
|
+
from .shared_middleware import (
|
|
82
|
+
SharedAuthMiddleware,
|
|
83
|
+
create_shared_auth_middleware,
|
|
84
|
+
create_shared_auth_middleware_lazy,
|
|
85
|
+
)
|
|
86
|
+
|
|
87
|
+
# Shared auth (multi-app SSO)
|
|
88
|
+
from .shared_users import JWTKeyError, JWTSecretError, SharedUserPool
|
|
89
|
+
from .token_lifecycle import (
|
|
90
|
+
get_time_until_expiry,
|
|
91
|
+
get_token_age,
|
|
92
|
+
get_token_expiry_time,
|
|
93
|
+
get_token_info,
|
|
94
|
+
is_token_expiring_soon,
|
|
95
|
+
should_refresh_token,
|
|
96
|
+
validate_token_version,
|
|
97
|
+
)
|
|
98
|
+
|
|
39
99
|
# Token management
|
|
40
100
|
from .token_store import TokenBlacklist
|
|
41
|
-
from .users import (
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
101
|
+
from .users import (
|
|
102
|
+
authenticate_app_user,
|
|
103
|
+
create_app_session,
|
|
104
|
+
create_app_user,
|
|
105
|
+
ensure_demo_users_exist,
|
|
106
|
+
ensure_demo_users_for_actor,
|
|
107
|
+
get_app_user,
|
|
108
|
+
get_app_user_role,
|
|
109
|
+
get_or_create_anonymous_user,
|
|
110
|
+
get_or_create_demo_user,
|
|
111
|
+
get_or_create_demo_user_for_request,
|
|
112
|
+
sync_app_user_to_casbin,
|
|
113
|
+
)
|
|
114
|
+
|
|
47
115
|
# Utilities
|
|
48
|
-
from .utils import (
|
|
49
|
-
|
|
116
|
+
from .utils import (
|
|
117
|
+
calculate_password_entropy,
|
|
118
|
+
check_password_breach,
|
|
119
|
+
get_device_info,
|
|
120
|
+
is_common_password,
|
|
121
|
+
login_user,
|
|
122
|
+
logout_user,
|
|
123
|
+
register_user,
|
|
124
|
+
validate_password_strength,
|
|
125
|
+
validate_password_strength_async,
|
|
126
|
+
)
|
|
50
127
|
|
|
51
128
|
__all__ = [
|
|
52
|
-
#
|
|
129
|
+
# Base classes
|
|
130
|
+
"BaseAuthorizationProvider",
|
|
131
|
+
"AuthorizationError",
|
|
132
|
+
# Provider (Protocol for backward compatibility)
|
|
53
133
|
"AuthorizationProvider",
|
|
54
134
|
"CasbinAdapter",
|
|
55
135
|
"OsoAdapter",
|
|
@@ -105,6 +185,10 @@ __all__ = [
|
|
|
105
185
|
"register_user",
|
|
106
186
|
"logout_user",
|
|
107
187
|
"validate_password_strength",
|
|
188
|
+
"validate_password_strength_async",
|
|
189
|
+
"calculate_password_entropy",
|
|
190
|
+
"is_common_password",
|
|
191
|
+
"check_password_breach",
|
|
108
192
|
"get_device_info",
|
|
109
193
|
# Decorators
|
|
110
194
|
"require_auth",
|
|
@@ -125,4 +209,27 @@ __all__ = [
|
|
|
125
209
|
"get_casbin_model",
|
|
126
210
|
"create_casbin_enforcer",
|
|
127
211
|
"initialize_casbin_from_manifest",
|
|
212
|
+
# Shared auth (multi-app SSO)
|
|
213
|
+
"SharedUserPool",
|
|
214
|
+
"JWTSecretError",
|
|
215
|
+
"JWTKeyError",
|
|
216
|
+
"SharedAuthMiddleware",
|
|
217
|
+
"create_shared_auth_middleware",
|
|
218
|
+
"create_shared_auth_middleware_lazy",
|
|
219
|
+
# Rate limiting
|
|
220
|
+
"AuthRateLimitMiddleware",
|
|
221
|
+
"RateLimit",
|
|
222
|
+
"InMemoryRateLimitStore",
|
|
223
|
+
"MongoDBRateLimitStore",
|
|
224
|
+
"create_rate_limit_middleware",
|
|
225
|
+
"rate_limit",
|
|
226
|
+
# Audit logging
|
|
227
|
+
"AuthAuditLog",
|
|
228
|
+
"AuthAction",
|
|
229
|
+
# CSRF protection
|
|
230
|
+
"CSRFMiddleware",
|
|
231
|
+
"create_csrf_middleware",
|
|
232
|
+
"generate_csrf_token",
|
|
233
|
+
"validate_csrf_token",
|
|
234
|
+
"get_csrf_token",
|
|
128
235
|
]
|