mdb-engine 0.1.6__py3-none-any.whl → 0.4.12__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- mdb_engine/__init__.py +116 -11
- mdb_engine/auth/ARCHITECTURE.md +112 -0
- mdb_engine/auth/README.md +654 -11
- mdb_engine/auth/__init__.py +136 -29
- mdb_engine/auth/audit.py +592 -0
- mdb_engine/auth/base.py +252 -0
- mdb_engine/auth/casbin_factory.py +265 -70
- mdb_engine/auth/config_defaults.py +5 -5
- mdb_engine/auth/config_helpers.py +19 -18
- mdb_engine/auth/cookie_utils.py +12 -16
- mdb_engine/auth/csrf.py +483 -0
- mdb_engine/auth/decorators.py +10 -16
- mdb_engine/auth/dependencies.py +69 -71
- mdb_engine/auth/helpers.py +3 -3
- mdb_engine/auth/integration.py +61 -88
- mdb_engine/auth/jwt.py +11 -15
- mdb_engine/auth/middleware.py +79 -35
- mdb_engine/auth/oso_factory.py +21 -41
- mdb_engine/auth/provider.py +270 -171
- mdb_engine/auth/rate_limiter.py +505 -0
- mdb_engine/auth/restrictions.py +21 -36
- mdb_engine/auth/session_manager.py +24 -41
- mdb_engine/auth/shared_middleware.py +977 -0
- mdb_engine/auth/shared_users.py +775 -0
- mdb_engine/auth/token_lifecycle.py +10 -12
- mdb_engine/auth/token_store.py +17 -32
- mdb_engine/auth/users.py +99 -159
- mdb_engine/auth/utils.py +236 -42
- mdb_engine/cli/commands/generate.py +546 -10
- mdb_engine/cli/commands/validate.py +3 -7
- mdb_engine/cli/utils.py +7 -7
- mdb_engine/config.py +13 -28
- mdb_engine/constants.py +65 -0
- mdb_engine/core/README.md +117 -6
- mdb_engine/core/__init__.py +39 -7
- mdb_engine/core/app_registration.py +31 -50
- mdb_engine/core/app_secrets.py +289 -0
- mdb_engine/core/connection.py +20 -12
- mdb_engine/core/encryption.py +222 -0
- mdb_engine/core/engine.py +2862 -115
- mdb_engine/core/index_management.py +12 -16
- mdb_engine/core/manifest.py +628 -204
- mdb_engine/core/ray_integration.py +436 -0
- mdb_engine/core/seeding.py +13 -21
- mdb_engine/core/service_initialization.py +20 -30
- mdb_engine/core/types.py +40 -43
- mdb_engine/database/README.md +140 -17
- mdb_engine/database/__init__.py +17 -6
- mdb_engine/database/abstraction.py +37 -50
- mdb_engine/database/connection.py +51 -30
- mdb_engine/database/query_validator.py +367 -0
- mdb_engine/database/resource_limiter.py +204 -0
- mdb_engine/database/scoped_wrapper.py +747 -237
- mdb_engine/dependencies.py +427 -0
- mdb_engine/di/__init__.py +34 -0
- mdb_engine/di/container.py +247 -0
- mdb_engine/di/providers.py +206 -0
- mdb_engine/di/scopes.py +139 -0
- mdb_engine/embeddings/README.md +54 -24
- mdb_engine/embeddings/__init__.py +31 -24
- mdb_engine/embeddings/dependencies.py +38 -155
- mdb_engine/embeddings/service.py +78 -75
- mdb_engine/exceptions.py +104 -12
- mdb_engine/indexes/README.md +30 -13
- mdb_engine/indexes/__init__.py +1 -0
- mdb_engine/indexes/helpers.py +11 -11
- mdb_engine/indexes/manager.py +59 -123
- mdb_engine/memory/README.md +95 -4
- mdb_engine/memory/__init__.py +1 -2
- mdb_engine/memory/service.py +363 -1168
- mdb_engine/observability/README.md +4 -2
- mdb_engine/observability/__init__.py +26 -9
- mdb_engine/observability/health.py +17 -17
- mdb_engine/observability/logging.py +10 -10
- mdb_engine/observability/metrics.py +40 -19
- mdb_engine/repositories/__init__.py +34 -0
- mdb_engine/repositories/base.py +325 -0
- mdb_engine/repositories/mongo.py +233 -0
- mdb_engine/repositories/unit_of_work.py +166 -0
- mdb_engine/routing/README.md +1 -1
- mdb_engine/routing/__init__.py +1 -3
- mdb_engine/routing/websockets.py +41 -75
- mdb_engine/utils/__init__.py +3 -1
- mdb_engine/utils/mongo.py +117 -0
- mdb_engine-0.4.12.dist-info/METADATA +492 -0
- mdb_engine-0.4.12.dist-info/RECORD +97 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.4.12.dist-info}/WHEEL +1 -1
- mdb_engine-0.1.6.dist-info/METADATA +0 -213
- mdb_engine-0.1.6.dist-info/RECORD +0 -75
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.4.12.dist-info}/entry_points.txt +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.4.12.dist-info}/licenses/LICENSE +0 -0
- {mdb_engine-0.1.6.dist-info → mdb_engine-0.4.12.dist-info}/top_level.txt +0 -0
|
@@ -7,9 +7,9 @@ This module provides a single source of truth for all config defaults.
|
|
|
7
7
|
This module is part of MDB_ENGINE - MongoDB Engine.
|
|
8
8
|
"""
|
|
9
9
|
|
|
10
|
-
from typing import Any
|
|
10
|
+
from typing import Any
|
|
11
11
|
|
|
12
|
-
SECURITY_CONFIG_DEFAULTS:
|
|
12
|
+
SECURITY_CONFIG_DEFAULTS: dict[str, Any] = {
|
|
13
13
|
"password_policy": {
|
|
14
14
|
"allow_plain_text": False,
|
|
15
15
|
"min_length": 8,
|
|
@@ -35,7 +35,7 @@ SECURITY_CONFIG_DEFAULTS: Dict[str, Any] = {
|
|
|
35
35
|
"token_fingerprinting": {"enabled": True, "bind_to_device": True},
|
|
36
36
|
}
|
|
37
37
|
|
|
38
|
-
TOKEN_MANAGEMENT_DEFAULTS:
|
|
38
|
+
TOKEN_MANAGEMENT_DEFAULTS: dict[str, Any] = {
|
|
39
39
|
"enabled": True,
|
|
40
40
|
"access_token_ttl": 900,
|
|
41
41
|
"refresh_token_ttl": 604800,
|
|
@@ -45,7 +45,7 @@ TOKEN_MANAGEMENT_DEFAULTS: Dict[str, Any] = {
|
|
|
45
45
|
"auto_setup": True,
|
|
46
46
|
}
|
|
47
47
|
|
|
48
|
-
CORS_DEFAULTS:
|
|
48
|
+
CORS_DEFAULTS: dict[str, Any] = {
|
|
49
49
|
"enabled": False,
|
|
50
50
|
"allow_origins": ["*"],
|
|
51
51
|
"allow_credentials": False,
|
|
@@ -54,7 +54,7 @@ CORS_DEFAULTS: Dict[str, Any] = {
|
|
|
54
54
|
"max_age": 3600,
|
|
55
55
|
}
|
|
56
56
|
|
|
57
|
-
OBSERVABILITY_DEFAULTS:
|
|
57
|
+
OBSERVABILITY_DEFAULTS: dict[str, Any] = {
|
|
58
58
|
"health_checks": {"enabled": True, "endpoint": "/health", "interval_seconds": 30},
|
|
59
59
|
"metrics": {
|
|
60
60
|
"enabled": True,
|
|
@@ -8,20 +8,23 @@ This module is part of MDB_ENGINE - MongoDB Engine.
|
|
|
8
8
|
"""
|
|
9
9
|
|
|
10
10
|
import logging
|
|
11
|
-
from typing import Any
|
|
11
|
+
from typing import Any
|
|
12
12
|
|
|
13
13
|
from fastapi import Request
|
|
14
14
|
|
|
15
|
-
from .config_defaults import (
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
from .config_defaults import (
|
|
16
|
+
CORS_DEFAULTS,
|
|
17
|
+
OBSERVABILITY_DEFAULTS,
|
|
18
|
+
SECURITY_CONFIG_DEFAULTS,
|
|
19
|
+
TOKEN_MANAGEMENT_DEFAULTS,
|
|
20
|
+
)
|
|
18
21
|
|
|
19
22
|
logger = logging.getLogger(__name__)
|
|
20
23
|
|
|
21
24
|
|
|
22
25
|
def merge_config_with_defaults(
|
|
23
|
-
user_config:
|
|
24
|
-
) ->
|
|
26
|
+
user_config: dict[str, Any], defaults: dict[str, Any]
|
|
27
|
+
) -> dict[str, Any]:
|
|
25
28
|
"""
|
|
26
29
|
Deep merge user config with defaults.
|
|
27
30
|
|
|
@@ -52,7 +55,7 @@ def merge_config_with_defaults(
|
|
|
52
55
|
return merged
|
|
53
56
|
|
|
54
57
|
|
|
55
|
-
def get_security_config(request: Request) ->
|
|
58
|
+
def get_security_config(request: Request) -> dict[str, Any]:
|
|
56
59
|
"""
|
|
57
60
|
Get security configuration from app.state with defaults merged.
|
|
58
61
|
|
|
@@ -72,7 +75,7 @@ def get_security_config(request: Request) -> Dict[str, Any]:
|
|
|
72
75
|
return SECURITY_CONFIG_DEFAULTS.copy()
|
|
73
76
|
|
|
74
77
|
|
|
75
|
-
def get_password_policy(request: Request) ->
|
|
78
|
+
def get_password_policy(request: Request) -> dict[str, Any]:
|
|
76
79
|
"""
|
|
77
80
|
Get password policy configuration with defaults merged.
|
|
78
81
|
|
|
@@ -88,7 +91,7 @@ def get_password_policy(request: Request) -> Dict[str, Any]:
|
|
|
88
91
|
)
|
|
89
92
|
|
|
90
93
|
|
|
91
|
-
def get_session_fingerprinting_config(request: Request) ->
|
|
94
|
+
def get_session_fingerprinting_config(request: Request) -> dict[str, Any]:
|
|
92
95
|
"""
|
|
93
96
|
Get session fingerprinting configuration with defaults merged.
|
|
94
97
|
|
|
@@ -105,7 +108,7 @@ def get_session_fingerprinting_config(request: Request) -> Dict[str, Any]:
|
|
|
105
108
|
)
|
|
106
109
|
|
|
107
110
|
|
|
108
|
-
def get_account_lockout_config(request: Request) ->
|
|
111
|
+
def get_account_lockout_config(request: Request) -> dict[str, Any]:
|
|
109
112
|
"""
|
|
110
113
|
Get account lockout configuration with defaults merged.
|
|
111
114
|
|
|
@@ -121,7 +124,7 @@ def get_account_lockout_config(request: Request) -> Dict[str, Any]:
|
|
|
121
124
|
)
|
|
122
125
|
|
|
123
126
|
|
|
124
|
-
def get_ip_validation_config(request: Request) ->
|
|
127
|
+
def get_ip_validation_config(request: Request) -> dict[str, Any]:
|
|
125
128
|
"""
|
|
126
129
|
Get IP validation configuration with defaults merged.
|
|
127
130
|
|
|
@@ -132,12 +135,10 @@ def get_ip_validation_config(request: Request) -> Dict[str, Any]:
|
|
|
132
135
|
IP validation configuration dictionary
|
|
133
136
|
"""
|
|
134
137
|
security_config = get_security_config(request)
|
|
135
|
-
return security_config.get(
|
|
136
|
-
"ip_validation", SECURITY_CONFIG_DEFAULTS["ip_validation"].copy()
|
|
137
|
-
)
|
|
138
|
+
return security_config.get("ip_validation", SECURITY_CONFIG_DEFAULTS["ip_validation"].copy())
|
|
138
139
|
|
|
139
140
|
|
|
140
|
-
def get_token_fingerprinting_config(request: Request) ->
|
|
141
|
+
def get_token_fingerprinting_config(request: Request) -> dict[str, Any]:
|
|
141
142
|
"""
|
|
142
143
|
Get token fingerprinting configuration with defaults merged.
|
|
143
144
|
|
|
@@ -153,7 +154,7 @@ def get_token_fingerprinting_config(request: Request) -> Dict[str, Any]:
|
|
|
153
154
|
)
|
|
154
155
|
|
|
155
156
|
|
|
156
|
-
def get_token_management_config(request: Request) ->
|
|
157
|
+
def get_token_management_config(request: Request) -> dict[str, Any]:
|
|
157
158
|
"""
|
|
158
159
|
Get token management configuration from app.state with defaults merged.
|
|
159
160
|
|
|
@@ -173,7 +174,7 @@ def get_token_management_config(request: Request) -> Dict[str, Any]:
|
|
|
173
174
|
return TOKEN_MANAGEMENT_DEFAULTS.copy()
|
|
174
175
|
|
|
175
176
|
|
|
176
|
-
def get_cors_config(request: Request) ->
|
|
177
|
+
def get_cors_config(request: Request) -> dict[str, Any]:
|
|
177
178
|
"""
|
|
178
179
|
Get CORS configuration from app.state with defaults merged.
|
|
179
180
|
|
|
@@ -193,7 +194,7 @@ def get_cors_config(request: Request) -> Dict[str, Any]:
|
|
|
193
194
|
return CORS_DEFAULTS.copy()
|
|
194
195
|
|
|
195
196
|
|
|
196
|
-
def get_observability_config(request: Request) ->
|
|
197
|
+
def get_observability_config(request: Request) -> dict[str, Any]:
|
|
197
198
|
"""
|
|
198
199
|
Get observability configuration from app.state with defaults merged.
|
|
199
200
|
|
mdb_engine/auth/cookie_utils.py
CHANGED
|
@@ -8,7 +8,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
|
|
|
8
8
|
|
|
9
9
|
import logging
|
|
10
10
|
import os
|
|
11
|
-
from typing import Any
|
|
11
|
+
from typing import Any
|
|
12
12
|
|
|
13
13
|
from fastapi import Request
|
|
14
14
|
|
|
@@ -16,8 +16,8 @@ logger = logging.getLogger(__name__)
|
|
|
16
16
|
|
|
17
17
|
|
|
18
18
|
def get_secure_cookie_settings(
|
|
19
|
-
request: Request, config:
|
|
20
|
-
) ->
|
|
19
|
+
request: Request, config: dict[str, Any] | None = None
|
|
20
|
+
) -> dict[str, Any]:
|
|
21
21
|
"""
|
|
22
22
|
Get secure cookie settings based on manifest config and request environment.
|
|
23
23
|
|
|
@@ -51,8 +51,7 @@ def get_secure_cookie_settings(
|
|
|
51
51
|
# Auto-detect: secure if HTTPS or production environment
|
|
52
52
|
is_https = request.url.scheme == "https"
|
|
53
53
|
is_production = (
|
|
54
|
-
os.getenv("G_NOME_ENV") == "production"
|
|
55
|
-
or os.getenv("ENVIRONMENT") == "production"
|
|
54
|
+
os.getenv("G_NOME_ENV") == "production" or os.getenv("ENVIRONMENT") == "production"
|
|
56
55
|
)
|
|
57
56
|
secure = is_https or is_production
|
|
58
57
|
elif cookie_secure == "true":
|
|
@@ -63,8 +62,7 @@ def get_secure_cookie_settings(
|
|
|
63
62
|
# No config - use environment-based defaults
|
|
64
63
|
is_https = request.url.scheme == "https"
|
|
65
64
|
is_production = (
|
|
66
|
-
os.getenv("G_NOME_ENV") == "production"
|
|
67
|
-
or os.getenv("ENVIRONMENT") == "production"
|
|
65
|
+
os.getenv("G_NOME_ENV") == "production" or os.getenv("ENVIRONMENT") == "production"
|
|
68
66
|
)
|
|
69
67
|
secure = is_https or is_production
|
|
70
68
|
|
|
@@ -78,11 +76,11 @@ def get_secure_cookie_settings(
|
|
|
78
76
|
def set_auth_cookies(
|
|
79
77
|
response,
|
|
80
78
|
access_token: str,
|
|
81
|
-
refresh_token:
|
|
82
|
-
request:
|
|
83
|
-
config:
|
|
84
|
-
access_token_ttl:
|
|
85
|
-
refresh_token_ttl:
|
|
79
|
+
refresh_token: str | None = None,
|
|
80
|
+
request: Request | None = None,
|
|
81
|
+
config: dict[str, Any] | None = None,
|
|
82
|
+
access_token_ttl: int | None = None,
|
|
83
|
+
refresh_token_ttl: int | None = None,
|
|
86
84
|
):
|
|
87
85
|
"""
|
|
88
86
|
Set authentication cookies on a response with secure settings.
|
|
@@ -132,7 +130,7 @@ def set_auth_cookies(
|
|
|
132
130
|
)
|
|
133
131
|
|
|
134
132
|
|
|
135
|
-
def clear_auth_cookies(response, request:
|
|
133
|
+
def clear_auth_cookies(response, request: Request | None = None):
|
|
136
134
|
"""
|
|
137
135
|
Clear authentication cookies from response.
|
|
138
136
|
|
|
@@ -153,6 +151,4 @@ def clear_auth_cookies(response, request: Optional[Request] = None):
|
|
|
153
151
|
response.delete_cookie(key="token", httponly=True, secure=secure, samesite=samesite)
|
|
154
152
|
|
|
155
153
|
# Delete refresh token cookie
|
|
156
|
-
response.delete_cookie(
|
|
157
|
-
key="refresh_token", httponly=True, secure=secure, samesite=samesite
|
|
158
|
-
)
|
|
154
|
+
response.delete_cookie(key="refresh_token", httponly=True, secure=secure, samesite=samesite)
|