PyPI - mdb-engine - Versions diffs - 0.1.6__py3-none-any.whl → 0.2.0__py3-none-any.whl - Mend

mdb-engine 0.1.6py3-none-any.whl → 0.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

mdb_engine/__init__.py +104 -11
mdb_engine/auth/ARCHITECTURE.md +112 -0
mdb_engine/auth/README.md +648 -11
mdb_engine/auth/__init__.py +136 -29
mdb_engine/auth/audit.py +592 -0
mdb_engine/auth/base.py +252 -0
mdb_engine/auth/casbin_factory.py +264 -69
mdb_engine/auth/config_helpers.py +7 -6
mdb_engine/auth/cookie_utils.py +3 -7
mdb_engine/auth/csrf.py +373 -0
mdb_engine/auth/decorators.py +3 -10
mdb_engine/auth/dependencies.py +47 -50
mdb_engine/auth/helpers.py +3 -3
mdb_engine/auth/integration.py +53 -80
mdb_engine/auth/jwt.py +2 -6
mdb_engine/auth/middleware.py +77 -34
mdb_engine/auth/oso_factory.py +18 -38
mdb_engine/auth/provider.py +270 -171
mdb_engine/auth/rate_limiter.py +504 -0
mdb_engine/auth/restrictions.py +8 -24
mdb_engine/auth/session_manager.py +14 -29
mdb_engine/auth/shared_middleware.py +600 -0
mdb_engine/auth/shared_users.py +759 -0
mdb_engine/auth/token_store.py +14 -28
mdb_engine/auth/users.py +54 -113
mdb_engine/auth/utils.py +213 -15
mdb_engine/cli/commands/generate.py +545 -9
mdb_engine/cli/commands/validate.py +3 -7
mdb_engine/cli/utils.py +3 -3
mdb_engine/config.py +7 -21
mdb_engine/constants.py +65 -0
mdb_engine/core/README.md +117 -6
mdb_engine/core/__init__.py +39 -7
mdb_engine/core/app_registration.py +22 -41
mdb_engine/core/app_secrets.py +290 -0
mdb_engine/core/connection.py +18 -9
mdb_engine/core/encryption.py +223 -0
mdb_engine/core/engine.py +1057 -93
mdb_engine/core/index_management.py +12 -16
mdb_engine/core/manifest.py +459 -150
mdb_engine/core/ray_integration.py +435 -0
mdb_engine/core/seeding.py +10 -18
mdb_engine/core/service_initialization.py +12 -23
mdb_engine/core/types.py +2 -5
mdb_engine/database/README.md +140 -17
mdb_engine/database/__init__.py +17 -6
mdb_engine/database/abstraction.py +25 -37
mdb_engine/database/connection.py +11 -18
mdb_engine/database/query_validator.py +367 -0
mdb_engine/database/resource_limiter.py +204 -0
mdb_engine/database/scoped_wrapper.py +713 -196
mdb_engine/dependencies.py +426 -0
mdb_engine/di/__init__.py +34 -0
mdb_engine/di/container.py +248 -0
mdb_engine/di/providers.py +205 -0
mdb_engine/di/scopes.py +139 -0
mdb_engine/embeddings/README.md +54 -24
mdb_engine/embeddings/__init__.py +31 -24
mdb_engine/embeddings/dependencies.py +37 -154
mdb_engine/embeddings/service.py +11 -25
mdb_engine/exceptions.py +92 -0
mdb_engine/indexes/README.md +30 -13
mdb_engine/indexes/__init__.py +1 -0
mdb_engine/indexes/helpers.py +1 -1
mdb_engine/indexes/manager.py +50 -114
mdb_engine/memory/README.md +2 -2
mdb_engine/memory/__init__.py +1 -2
mdb_engine/memory/service.py +30 -87
mdb_engine/observability/README.md +4 -2
mdb_engine/observability/__init__.py +26 -9
mdb_engine/observability/health.py +8 -9
mdb_engine/observability/metrics.py +32 -12
mdb_engine/repositories/__init__.py +34 -0
mdb_engine/repositories/base.py +325 -0
mdb_engine/repositories/mongo.py +233 -0
mdb_engine/repositories/unit_of_work.py +166 -0
mdb_engine/routing/README.md +1 -1
mdb_engine/routing/__init__.py +1 -3
mdb_engine/routing/websockets.py +25 -60
mdb_engine-0.2.0.dist-info/METADATA +313 -0
mdb_engine-0.2.0.dist-info/RECORD +96 -0
mdb_engine-0.1.6.dist-info/METADATA +0 -213
mdb_engine-0.1.6.dist-info/RECORD +0 -75
{mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/WHEEL +0 -0
{mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/entry_points.txt +0 -0
{mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/licenses/LICENSE +0 -0
{mdb_engine-0.1.6.dist-info → mdb_engine-0.2.0.dist-info}/top_level.txt +0 -0

mdb_engine/auth/rate_limiter.py ADDED Viewed

@@ -0,0 +1,504 @@
+"""
+Rate Limiting for Authentication Endpoints
+Provides rate limiting middleware to protect auth endpoints from brute-force attacks.
+Supports both in-memory storage (single instance) and MongoDB-backed storage (distributed).
+This module is part of MDB_ENGINE - MongoDB Engine.
+Features:
+    - Sliding window rate limiting algorithm
+    - Per-endpoint configurable limits via manifest
+    - IP + optional email-based tracking
+    - In-memory (default) or MongoDB storage
+    - 429 Too Many Requests with Retry-After header
+Usage:
+    # Via middleware (recommended for shared auth)
+    app.add_middleware(
+        AuthRateLimitMiddleware,
+        limits={
+            "/login": RateLimit(max_attempts=5, window_seconds=300),
+            "/register": RateLimit(max_attempts=3, window_seconds=3600),
+        }
+    )
+    # Via decorator (for specific endpoints)
+    @app.post("/login")
+    @rate_limit(max_attempts=5, window_seconds=300)
+    async def login(request: Request):
+        ...
+"""
+import logging
+import time
+from collections import defaultdict
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+from functools import wraps
+from typing import Any, Callable, Dict, List, Optional, Tuple
+from pymongo.errors import OperationFailure
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import JSONResponse, Response
+logger = logging.getLogger(__name__)
+@dataclass
+class RateLimit:
+    """Rate limit configuration for an endpoint."""
+    max_attempts: int = 5
+    window_seconds: int = 300  # 5 minutes
+    def to_dict(self) -> Dict[str, int]:
+        return {
+            "max_attempts": self.max_attempts,
+            "window_seconds": self.window_seconds,
+        }
+# Default rate limits for auth endpoints
+DEFAULT_AUTH_RATE_LIMITS: Dict[str, RateLimit] = {
+    "/login": RateLimit(max_attempts=5, window_seconds=300),
+    "/register": RateLimit(max_attempts=3, window_seconds=3600),
+    "/logout": RateLimit(max_attempts=10, window_seconds=60),
+}
+class InMemoryRateLimitStore:
+    """
+    In-memory rate limit storage using sliding window algorithm.
+    Suitable for single-instance deployments. For distributed systems,
+    use MongoDBRateLimitStore instead.
+    """
+    def __init__(self):
+        # Structure: {identifier: [(timestamp, count), ...]}
+        self._storage: Dict[str, List[Tuple[float, int]]] = defaultdict(list)
+    async def record_attempt(
+        self,
+        identifier: str,
+        window_seconds: int,
+    ) -> int:
+        """
+        Record an attempt and return current count in window.
+        Args:
+            identifier: Unique identifier (e.g., "login:192.168.1.1:user@example.com")
+            window_seconds: Time window in seconds
+        Returns:
+            Number of attempts in the current window (including this one)
+        """
+        now = time.time()
+        cutoff = now - window_seconds
+        # Clean old entries and count current
+        entries = self._storage[identifier]
+        entries[:] = [(ts, c) for ts, c in entries if ts > cutoff]
+        # Add new attempt
+        entries.append((now, 1))
+        # Return total count
+        return sum(c for _, c in entries)
+    async def get_count(
+        self,
+        identifier: str,
+        window_seconds: int,
+    ) -> int:
+        """Get current attempt count without recording."""
+        now = time.time()
+        cutoff = now - window_seconds
+        entries = self._storage.get(identifier, [])
+        return sum(c for ts, c in entries if ts > cutoff)
+    async def reset(self, identifier: str) -> None:
+        """Reset rate limit for an identifier (e.g., after successful login)."""
+        self._storage.pop(identifier, None)
+    def cleanup(self, max_age_seconds: int = 7200) -> int:
+        """
+        Clean up old entries to prevent memory growth.
+        Args:
+            max_age_seconds: Remove entries older than this (default: 2 hours)
+        Returns:
+            Number of identifiers cleaned up
+        """
+        now = time.time()
+        cutoff = now - max_age_seconds
+        cleaned = 0
+        identifiers_to_remove = []
+        for identifier, entries in self._storage.items():
+            entries[:] = [(ts, c) for ts, c in entries if ts > cutoff]
+            if not entries:
+                identifiers_to_remove.append(identifier)
+        for identifier in identifiers_to_remove:
+            del self._storage[identifier]
+            cleaned += 1
+        return cleaned
+class MongoDBRateLimitStore:
+    """
+    MongoDB-backed rate limit storage for distributed deployments.
+    Uses TTL indexes for automatic cleanup.
+    """
+    COLLECTION = "_mdb_engine_rate_limits"
+    def __init__(self, db):
+        """
+        Initialize MongoDB rate limit store.
+        Args:
+            db: MongoDB database instance (Motor AsyncIOMotorDatabase)
+        """
+        self._db = db
+        self._collection = db[self.COLLECTION]
+        self._indexes_created = False
+    async def ensure_indexes(self) -> None:
+        """Create necessary indexes."""
+        if self._indexes_created:
+            return
+        try:
+            # Compound index for lookups
+            await self._collection.create_index(
+                [("identifier", 1), ("timestamp", -1)], name="identifier_timestamp_idx"
+            )
+            # TTL index for cleanup
+            await self._collection.create_index(
+                "expires_at", expireAfterSeconds=0, name="expires_at_ttl_idx"
+            )
+            self._indexes_created = True
+            logger.info("Rate limit indexes ensured")
+        except OperationFailure as e:
+            logger.warning(f"Failed to create rate limit indexes: {e}")
+    async def record_attempt(
+        self,
+        identifier: str,
+        window_seconds: int,
+    ) -> int:
+        """Record an attempt and return current count in window."""
+        await self.ensure_indexes()
+        now = datetime.utcnow()
+        expires_at = now + timedelta(seconds=window_seconds)
+        cutoff = now - timedelta(seconds=window_seconds)
+        # Insert attempt
+        await self._collection.insert_one(
+            {
+                "identifier": identifier,
+                "timestamp": now,
+                "expires_at": expires_at,
+            }
+        )
+        # Count attempts in window
+        count = await self._collection.count_documents(
+            {
+                "identifier": identifier,
+                "timestamp": {"$gte": cutoff},
+            }
+        )
+        return count
+    async def get_count(
+        self,
+        identifier: str,
+        window_seconds: int,
+    ) -> int:
+        """Get current attempt count without recording."""
+        await self.ensure_indexes()
+        cutoff = datetime.utcnow() - timedelta(seconds=window_seconds)
+        count = await self._collection.count_documents(
+            {
+                "identifier": identifier,
+                "timestamp": {"$gte": cutoff},
+            }
+        )
+        return count
+    async def reset(self, identifier: str) -> None:
+        """Reset rate limit for an identifier."""
+        await self._collection.delete_many({"identifier": identifier})
+# Global in-memory store (shared across middleware instances in same process)
+_default_store = InMemoryRateLimitStore()
+class AuthRateLimitMiddleware(BaseHTTPMiddleware):
+    """
+    ASGI middleware for rate limiting authentication endpoints.
+    Automatically protects /login, /register, and other auth endpoints
+    from brute-force attacks.
+    Features:
+    - Configurable per-endpoint limits
+    - IP + email tracking for login attempts
+    - 429 responses with Retry-After header
+    - Skips rate limiting for non-auth endpoints
+    Usage:
+        # Basic usage with defaults
+        app.add_middleware(AuthRateLimitMiddleware)
+        # Custom limits
+        app.add_middleware(
+            AuthRateLimitMiddleware,
+            limits={"/login": RateLimit(max_attempts=3, window_seconds=60)}
+        )
+        # With MongoDB storage for distributed deployments
+        app.add_middleware(
+            AuthRateLimitMiddleware,
+            store=MongoDBRateLimitStore(db)
+        )
+    """
+    def __init__(
+        self,
+        app: Callable,
+        limits: Optional[Dict[str, RateLimit]] = None,
+        store: Optional[InMemoryRateLimitStore] = None,
+        include_email_in_key: bool = True,
+    ):
+        """
+        Initialize rate limit middleware.
+        Args:
+            app: ASGI application
+            limits: Dict of path -> RateLimit config. Defaults to DEFAULT_AUTH_RATE_LIMITS.
+            store: Rate limit storage backend. Defaults to in-memory store.
+            include_email_in_key: Include email in rate limit key for more granular limits.
+        """
+        super().__init__(app)
+        self._limits = limits or DEFAULT_AUTH_RATE_LIMITS
+        self._store = store or _default_store
+        self._include_email_in_key = include_email_in_key
+        logger.info(
+            f"AuthRateLimitMiddleware initialized with limits for: {list(self._limits.keys())}"
+        )
+    async def dispatch(
+        self,
+        request: Request,
+        call_next: Callable[[Request], Response],
+    ) -> Response:
+        """Process request through rate limiter."""
+        path = request.url.path
+        method = request.method
+        # Only rate limit POST requests to configured endpoints
+        if method != "POST" or path not in self._limits:
+            return await call_next(request)
+        limit = self._limits[path]
+        identifier = await self._build_identifier(request, path)
+        # Check current count (before recording this attempt)
+        current_count = await self._store.get_count(identifier, limit.window_seconds)
+        if current_count >= limit.max_attempts:
+            logger.warning(
+                f"Rate limit exceeded: {identifier} "
+                f"({current_count}/{limit.max_attempts} in {limit.window_seconds}s)"
+            )
+            return self._rate_limit_response(limit.window_seconds)
+        # Record this attempt
+        await self._store.record_attempt(identifier, limit.window_seconds)
+        # Process request
+        response = await call_next(request)
+        # Reset on successful login (2xx response)
+        if response.status_code < 300 and path == "/login":
+            await self._store.reset(identifier)
+        return response
+    async def _build_identifier(self, request: Request, path: str) -> str:
+        """Build rate limit identifier from request."""
+        parts = [path]
+        # Add client IP
+        client_ip = self._get_client_ip(request)
+        parts.append(client_ip)
+        # Optionally add email for more granular rate limiting
+        if self._include_email_in_key:
+            email = await self._extract_email(request)
+            if email:
+                parts.append(email)
+        return ":".join(parts)
+    def _get_client_ip(self, request: Request) -> str:
+        """Get client IP, respecting proxy headers."""
+        # Check X-Forwarded-For header (set by proxies/load balancers)
+        forwarded_for = request.headers.get("X-Forwarded-For")
+        if forwarded_for:
+            # Take the first IP (original client)
+            return forwarded_for.split(",")[0].strip()
+        # Check X-Real-IP header
+        real_ip = request.headers.get("X-Real-IP")
+        if real_ip:
+            return real_ip.strip()
+        # Fall back to direct client IP
+        if request.client:
+            return request.client.host
+        return "unknown"
+    async def _extract_email(self, request: Request) -> Optional[str]:
+        """Try to extract email from request body."""
+        try:
+            # Only try to read body for JSON requests
+            content_type = request.headers.get("content-type", "")
+            if "application/json" in content_type:
+                # Note: This consumes the body, so we need to be careful
+                # In practice, this is called before the body is read by the route
+                body = await request.body()
+                if body:
+                    import json
+                    data = json.loads(body)
+                    return data.get("email")
+        except (ValueError, UnicodeDecodeError, KeyError):
+            pass
+        return None
+    @staticmethod
+    def _rate_limit_response(retry_after: int) -> JSONResponse:
+        """Return 429 Too Many Requests response."""
+        return JSONResponse(
+            status_code=429,
+            content={
+                "detail": f"Too many attempts. Please try again in {retry_after} seconds.",
+                "error": "rate_limit_exceeded",
+                "retry_after": retry_after,
+            },
+            headers={"Retry-After": str(retry_after)},
+        )
+def create_rate_limit_middleware(
+    manifest_auth: Dict[str, Any],
+    store: Optional[InMemoryRateLimitStore] = None,
+) -> type:
+    """
+    Factory function to create rate limit middleware from manifest config.
+    Args:
+        manifest_auth: Auth section from manifest
+        store: Optional storage backend
+    Returns:
+        Configured middleware class
+    Manifest format:
+        {
+            "auth": {
+                "rate_limits": {
+                    "/login": {"max_attempts": 5, "window_seconds": 300},
+                    "/register": {"max_attempts": 3, "window_seconds": 3600}
+                }
+            }
+        }
+    """
+    rate_limits_config = manifest_auth.get("rate_limits", {})
+    limits: Dict[str, RateLimit] = {}
+    for path, config in rate_limits_config.items():
+        limits[path] = RateLimit(
+            max_attempts=config.get("max_attempts", 5),
+            window_seconds=config.get("window_seconds", 300),
+        )
+    # Use defaults if no config provided
+    if not limits:
+        limits = DEFAULT_AUTH_RATE_LIMITS.copy()
+    class ConfiguredRateLimitMiddleware(AuthRateLimitMiddleware):
+        def __init__(self, app: Callable):
+            super().__init__(app, limits=limits, store=store)
+    return ConfiguredRateLimitMiddleware
+def rate_limit(
+    max_attempts: int = 5,
+    window_seconds: int = 300,
+    key_func: Optional[Callable[[Request], str]] = None,
+):
+    """
+    Decorator for rate limiting individual endpoints.
+    Usage:
+        @app.post("/login")
+        @rate_limit(max_attempts=5, window_seconds=300)
+        async def login(request: Request):
+            ...
+    Args:
+        max_attempts: Maximum attempts in window
+        window_seconds: Time window in seconds
+        key_func: Optional function to generate rate limit key from request
+    """
+    def decorator(func: Callable) -> Callable:
+        @wraps(func)
+        async def wrapper(request: Request, *args, **kwargs):
+            # Build identifier
+            if key_func:
+                identifier = key_func(request)
+            else:
+                client_ip = request.client.host if request.client else "unknown"
+                identifier = f"{func.__name__}:{client_ip}"
+            # Check rate limit
+            count = await _default_store.record_attempt(identifier, window_seconds)
+            if count > max_attempts:
+                logger.warning(f"Rate limit exceeded: {identifier} ({count}/{max_attempts})")
+                return JSONResponse(
+                    status_code=429,
+                    content={
+                        "detail": f"Too many attempts. Try again in {window_seconds} seconds.",
+                        "error": "rate_limit_exceeded",
+                    },
+                    headers={"Retry-After": str(window_seconds)},
+                )
+            return await func(request, *args, **kwargs)
+        return wrapper
+    return decorator

mdb_engine/auth/restrictions.py CHANGED Viewed

@@ -27,9 +27,7 @@ from .users import get_app_user
 logger = logging.getLogger(__name__)
-def is_demo_user(
-    user: Optional[Dict[str, Any]] = None, email: Optional[str] = None
-) -> bool:
+def is_demo_user(user: Optional[Dict[str, Any]] = None, email: Optional[str] = None) -> bool:
     """
     Check if a user is a demo user.
@@ -85,9 +83,7 @@ async def _get_sub_auth_user(
         if not (config and users_config.get("enabled", False)):
             return None
-        app_user = await get_app_user(
-            request, slug_id, db, config, allow_demo_fallback=False
-        )
+        app_user = await get_app_user(request, slug_id, db, config, allow_demo_fallback=False)
         if not app_user:
             return None
@@ -119,9 +115,7 @@ async def _get_authenticated_user(
     # Try sub-auth if platform auth didn't work
     if get_app_db_func and get_app_config_func:
-        return await _get_sub_auth_user(
-            request, slug_id, get_app_config_func, get_app_db_func
-        )
+        return await _get_sub_auth_user(request, slug_id, get_app_config_func, get_app_db_func)
     return None
@@ -158,9 +152,7 @@ def _validate_dependencies(
 async def require_non_demo_user(
     request: Request,
-    get_app_config_func: Optional[
-        Callable[[Request, str, Dict], Awaitable[Dict]]
-    ] = None,
+    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
     get_app_db_func: Optional[Callable[[Request], Awaitable[Any]]] = None,
 ) -> Dict[str, Any]:
     """
@@ -189,9 +181,7 @@ async def require_non_demo_user(
     if get_app_db_func and get_app_config_func:
         _validate_dependencies(get_app_config_func, get_app_db_func)
-    user = await _get_authenticated_user(
-        request, slug_id, get_app_config_func, get_app_db_func
-    )
+    user = await _get_authenticated_user(request, slug_id, get_app_config_func, get_app_db_func)
     # Check if user is demo
     if user and is_demo_user(user):
@@ -215,9 +205,7 @@ async def require_non_demo_user(
 async def block_demo_users(
     request: Request,
-    get_app_config_func: Optional[
-        Callable[[Request, str, Dict], Awaitable[Dict]]
-    ] = None,
+    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
     get_app_db_func: Optional[Callable[[Request], Awaitable[Any]]] = None,
 ):
     """
@@ -253,15 +241,11 @@ async def block_demo_users(
     # Check sub-auth if platform auth didn't work
     if not user and get_app_db_func and get_app_config_func and slug_id:
-        user = await _get_sub_auth_user(
-            request, slug_id, get_app_config_func, get_app_db_func
-        )
+        user = await _get_sub_auth_user(request, slug_id, get_app_config_func, get_app_db_func)
     # Block if demo user (only if user exists)
     if user and is_demo_user(user):
-        logger.info(
-            f"Demo user '{user.get('email')}' blocked from accessing: {request.url.path}"
-        )
+        logger.info(f"Demo user '{user.get('email')}' blocked from accessing: {request.url.path}")
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
             detail="Demo users cannot access this endpoint. Demo mode is read-only.",

mdb_engine/auth/session_manager.py CHANGED Viewed

@@ -13,8 +13,11 @@ from typing import Any, Dict, List, Optional
 from bson.objectid import ObjectId
 try:
-    from pymongo.errors import (ConnectionFailure, OperationFailure,
-                                ServerSelectionTimeoutError)
+    from pymongo.errors import (
+        ConnectionFailure,
+        OperationFailure,
+        ServerSelectionTimeoutError,
+    )
 except ImportError:
     ConnectionFailure = Exception
     OperationFailure = Exception
@@ -120,9 +123,7 @@ class SessionManager:
                 # Remove oldest inactive session
                 await self.cleanup_inactive_sessions(user_id)
                 # Check again
-                active_sessions = await self.get_user_sessions(
-                    user_id, active_only=True
-                )
+                active_sessions = await self.get_user_sessions(user_id, active_only=True)
                 if len(active_sessions) >= self.max_sessions:
                     # Force remove oldest session
                     if active_sessions:
@@ -168,9 +169,7 @@ class SessionManager:
             ValueError,
             TypeError,
         ) as e:
-            logger.error(
-                f"Error creating session for user {user_id}: {e}", exc_info=True
-            )
+            logger.error(f"Error creating session for user {user_id}: {e}", exc_info=True)
             return None
     async def update_session_activity(
@@ -205,14 +204,10 @@ class SessionManager:
             ValueError,
             TypeError,
         ) as e:
-            logger.error(
-                f"Error updating session activity for {refresh_jti}: {e}", exc_info=True
-            )
+            logger.error(f"Error updating session activity for {refresh_jti}: {e}", exc_info=True)
             return False
-    async def get_session_by_refresh_token(
-        self, refresh_jti: str
-    ) -> Optional[Dict[str, Any]]:
+    async def get_session_by_refresh_token(self, refresh_jti: str) -> Optional[Dict[str, Any]]:
         """
         Get session by refresh token JWT ID.
@@ -223,9 +218,7 @@ class SessionManager:
             Session document or None if not found
         """
         try:
-            session = await self.collection.find_one(
-                {"refresh_jti": refresh_jti, "active": True}
-            )
+            session = await self.collection.find_one({"refresh_jti": refresh_jti, "active": True})
             return session
         except (
             OperationFailure,
@@ -267,9 +260,7 @@ class SessionManager:
             stored_fingerprint = session.get("session_fingerprint")
             if not stored_fingerprint:
-                strict_mode = (
-                    strict if strict is not None else self.fingerprinting_strict
-                )
+                strict_mode = strict if strict is not None else self.fingerprinting_strict
                 return not strict_mode
             return stored_fingerprint == current_fingerprint
@@ -313,9 +304,7 @@ class SessionManager:
             if active_only:
                 query["active"] = True
-            sessions = (
-                await self.collection.find(query).sort("last_seen", -1).to_list(None)
-            )
+            sessions = await self.collection.find(query).sort("last_seen", -1).to_list(None)
             return sessions
         except (
             OperationFailure,
@@ -324,9 +313,7 @@ class SessionManager:
             ValueError,
             TypeError,
         ) as e:
-            logger.error(
-                f"Error getting sessions for user {user_id}: {e}", exc_info=True
-            )
+            logger.error(f"Error getting sessions for user {user_id}: {e}", exc_info=True)
             return []
     async def revoke_session(self, session_id: Any) -> bool:
@@ -400,9 +387,7 @@ class SessionManager:
             ValueError,
             TypeError,
         ) as e:
-            logger.error(
-                f"Error revoking sessions for user {user_id}: {e}", exc_info=True
-            )
+            logger.error(f"Error revoking sessions for user {user_id}: {e}", exc_info=True)
             return 0
     async def cleanup_inactive_sessions(self, user_id: Optional[str] = None) -> int:

mdb-engine 0.1.6__py3-none-any.whl → 0.2.0__py3-none-any.whl

mdb-engine 0.1.6py3-none-any.whl → 0.2.0py3-none-any.whl