PyPI - mdb-engine - Versions diffs - 0.1.6__py3-none-any.whl - Mend

mdb-engine 0.1.6__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

mdb_engine/README.md +144 -0
mdb_engine/__init__.py +37 -0
mdb_engine/auth/README.md +631 -0
mdb_engine/auth/__init__.py +128 -0
mdb_engine/auth/casbin_factory.py +199 -0
mdb_engine/auth/casbin_models.py +46 -0
mdb_engine/auth/config_defaults.py +71 -0
mdb_engine/auth/config_helpers.py +213 -0
mdb_engine/auth/cookie_utils.py +158 -0
mdb_engine/auth/decorators.py +350 -0
mdb_engine/auth/dependencies.py +747 -0
mdb_engine/auth/helpers.py +64 -0
mdb_engine/auth/integration.py +578 -0
mdb_engine/auth/jwt.py +225 -0
mdb_engine/auth/middleware.py +241 -0
mdb_engine/auth/oso_factory.py +323 -0
mdb_engine/auth/provider.py +570 -0
mdb_engine/auth/restrictions.py +271 -0
mdb_engine/auth/session_manager.py +477 -0
mdb_engine/auth/token_lifecycle.py +213 -0
mdb_engine/auth/token_store.py +289 -0
mdb_engine/auth/users.py +1516 -0
mdb_engine/auth/utils.py +614 -0
mdb_engine/cli/__init__.py +13 -0
mdb_engine/cli/commands/__init__.py +7 -0
mdb_engine/cli/commands/generate.py +105 -0
mdb_engine/cli/commands/migrate.py +83 -0
mdb_engine/cli/commands/show.py +70 -0
mdb_engine/cli/commands/validate.py +63 -0
mdb_engine/cli/main.py +41 -0
mdb_engine/cli/utils.py +92 -0
mdb_engine/config.py +217 -0
mdb_engine/constants.py +160 -0
mdb_engine/core/README.md +542 -0
mdb_engine/core/__init__.py +42 -0
mdb_engine/core/app_registration.py +392 -0
mdb_engine/core/connection.py +243 -0
mdb_engine/core/engine.py +749 -0
mdb_engine/core/index_management.py +162 -0
mdb_engine/core/manifest.py +2793 -0
mdb_engine/core/seeding.py +179 -0
mdb_engine/core/service_initialization.py +355 -0
mdb_engine/core/types.py +413 -0
mdb_engine/database/README.md +522 -0
mdb_engine/database/__init__.py +31 -0
mdb_engine/database/abstraction.py +635 -0
mdb_engine/database/connection.py +387 -0
mdb_engine/database/scoped_wrapper.py +1721 -0
mdb_engine/embeddings/README.md +184 -0
mdb_engine/embeddings/__init__.py +62 -0
mdb_engine/embeddings/dependencies.py +193 -0
mdb_engine/embeddings/service.py +759 -0
mdb_engine/exceptions.py +167 -0
mdb_engine/indexes/README.md +651 -0
mdb_engine/indexes/__init__.py +21 -0
mdb_engine/indexes/helpers.py +145 -0
mdb_engine/indexes/manager.py +895 -0
mdb_engine/memory/README.md +451 -0
mdb_engine/memory/__init__.py +30 -0
mdb_engine/memory/service.py +1285 -0
mdb_engine/observability/README.md +515 -0
mdb_engine/observability/__init__.py +42 -0
mdb_engine/observability/health.py +296 -0
mdb_engine/observability/logging.py +161 -0
mdb_engine/observability/metrics.py +297 -0
mdb_engine/routing/README.md +462 -0
mdb_engine/routing/__init__.py +73 -0
mdb_engine/routing/websockets.py +813 -0
mdb_engine/utils/__init__.py +7 -0
mdb_engine-0.1.6.dist-info/METADATA +213 -0
mdb_engine-0.1.6.dist-info/RECORD +75 -0
mdb_engine-0.1.6.dist-info/WHEEL +5 -0
mdb_engine-0.1.6.dist-info/entry_points.txt +2 -0
mdb_engine-0.1.6.dist-info/licenses/LICENSE +661 -0
mdb_engine-0.1.6.dist-info/top_level.txt +1 -0

mdb_engine/auth/token_store.py ADDED Viewed

@@ -0,0 +1,289 @@
+"""
+Token Blacklist Management
+Provides token blacklist functionality for revoking tokens before expiration.
+This module is part of MDB_ENGINE - MongoDB Engine.
+"""
+import logging
+from datetime import datetime, timedelta
+from typing import Optional
+try:
+    from pymongo.errors import (ConnectionFailure, OperationFailure,
+                                ServerSelectionTimeoutError)
+except ImportError:
+    ConnectionFailure = Exception
+    OperationFailure = Exception
+    ServerSelectionTimeoutError = Exception
+logger = logging.getLogger(__name__)
+class TokenBlacklist:
+    """
+    Manages token blacklist for revoked tokens.
+    Stores revoked tokens in MongoDB with TTL index for automatic cleanup.
+    Supports immediate revocation and scheduled revocation.
+    """
+    def __init__(self, db, collection_name: str = "token_blacklist"):
+        """
+        Initialize token blacklist manager.
+        Args:
+            db: MongoDB database instance (Motor AsyncIOMotorDatabase)
+            collection_name: Name of the blacklist collection (default: "token_blacklist")
+        """
+        self.db = db
+        self.collection = db[collection_name]
+        self._indexes_created = False
+    async def ensure_indexes(self):
+        """
+        Ensure required indexes exist for the blacklist collection.
+        Creates:
+        - Unique index on 'jti' (JWT ID) for fast lookups
+        - TTL index on 'expires_at' for automatic cleanup
+        """
+        if self._indexes_created:
+            return
+        try:
+            # Create unique index on jti
+            await self.collection.create_index(
+                "jti", unique=True, name="jti_unique_idx"
+            )
+            # Create TTL index on expires_at (auto-delete expired entries)
+            await self.collection.create_index(
+                "expires_at", expireAfterSeconds=0, name="expires_at_ttl_idx"
+            )
+            self._indexes_created = True
+            logger.info("Token blacklist indexes created successfully")
+        except (
+            OperationFailure,
+            ConnectionFailure,
+            ServerSelectionTimeoutError,
+            AttributeError,
+            TypeError,
+        ) as e:
+            logger.error(f"Error creating token blacklist indexes: {e}", exc_info=True)
+            # Don't raise - indexes might already exist
+    async def revoke_token(
+        self,
+        jti: str,
+        user_id: Optional[str] = None,
+        expires_at: Optional[datetime] = None,
+        reason: Optional[str] = None,
+    ) -> bool:
+        """
+        Revoke a token by adding it to the blacklist.
+        Args:
+            jti: JWT ID (unique token identifier)
+            user_id: Optional user ID for tracking
+            expires_at: Optional expiration time (defaults to token's exp claim if available)
+            reason: Optional reason for revocation (e.g., "logout", "password_change")
+        Returns:
+            True if token was successfully blacklisted, False otherwise
+        """
+        try:
+            await self.ensure_indexes()
+            # If expires_at not provided, use a default (e.g., 7 days from now)
+            if expires_at is None:
+                expires_at = datetime.utcnow() + timedelta(days=7)
+            blacklist_entry = {
+                "jti": jti,
+                "user_id": user_id,
+                "revoked_at": datetime.utcnow(),
+                "expires_at": expires_at,
+                "reason": reason or "manual_revocation",
+            }
+            # Use upsert to handle duplicate jti gracefully
+            await self.collection.update_one(
+                {"jti": jti}, {"$set": blacklist_entry}, upsert=True
+            )
+            logger.debug(f"Token {jti} added to blacklist (reason: {reason})")
+            return True
+        except (
+            OperationFailure,
+            ConnectionFailure,
+            ServerSelectionTimeoutError,
+            ValueError,
+            TypeError,
+        ) as e:
+            logger.error(f"Error revoking token {jti}: {e}", exc_info=True)
+            return False
+    async def is_revoked(self, jti: str) -> bool:
+        """
+        Check if a token is revoked (blacklisted).
+        Args:
+            jti: JWT ID to check
+        Returns:
+            True if token is blacklisted, False otherwise
+        """
+        try:
+            await self.ensure_indexes()
+            entry = await self.collection.find_one({"jti": jti})
+            if entry:
+                # Check if entry hasn't expired (TTL index should handle this, but double-check)
+                expires_at = entry.get("expires_at")
+                if expires_at and isinstance(expires_at, datetime):
+                    if datetime.utcnow() < expires_at:
+                        return True
+                elif expires_at is None:
+                    # No expiration means it's permanently blacklisted
+                    return True
+            return False
+        except (
+            OperationFailure,
+            ConnectionFailure,
+            ServerSelectionTimeoutError,
+            ValueError,
+            TypeError,
+        ) as e:
+            logger.error(
+                f"Error checking token revocation status for {jti}: {e}", exc_info=True
+            )
+            # On error, assume not revoked (fail open for availability)
+            return False
+    async def revoke_all_user_tokens(
+        self, user_id: str, reason: Optional[str] = None
+    ) -> int:
+        """
+        Revoke all tokens for a specific user.
+        Note: This doesn't add tokens to blacklist individually (would require
+        storing all jti values). Instead, it marks the user as having all tokens
+        revoked, which should be checked alongside individual token checks.
+        Args:
+            user_id: User ID whose tokens should be revoked
+            reason: Optional reason for revocation
+        Returns:
+            Number of tokens revoked (approximate)
+        """
+        try:
+            await self.ensure_indexes()
+            # Store a user-level revocation marker
+            revocation_marker = {
+                "user_id": user_id,
+                "revoked_at": datetime.utcnow(),
+                "reason": reason or "logout_all",
+                "expires_at": datetime.utcnow()
+                + timedelta(days=30),  # Keep for 30 days
+            }
+            # Use upsert to update or create marker
+            await self.collection.update_one(
+                {"user_id": user_id, "type": "user_revocation"},
+                {
+                    "$set": revocation_marker,
+                    "$setOnInsert": {"type": "user_revocation"},
+                },
+                upsert=True,
+            )
+            logger.info(f"All tokens revoked for user {user_id} (reason: {reason})")
+            # Return approximate count (we don't track exact count)
+            return 1
+        except (
+            OperationFailure,
+            ConnectionFailure,
+            ServerSelectionTimeoutError,
+            ValueError,
+            TypeError,
+        ) as e:
+            logger.error(
+                f"Error revoking all tokens for user {user_id}: {e}", exc_info=True
+            )
+            return 0
+    async def is_user_revoked(self, user_id: str) -> bool:
+        """
+        Check if all tokens for a user have been revoked.
+        Args:
+            user_id: User ID to check
+        Returns:
+            True if user has all tokens revoked, False otherwise
+        """
+        try:
+            await self.ensure_indexes()
+            marker = await self.collection.find_one(
+                {"user_id": user_id, "type": "user_revocation"}
+            )
+            if marker:
+                # Check if marker hasn't expired
+                expires_at = marker.get("expires_at")
+                if expires_at and isinstance(expires_at, datetime):
+                    if datetime.utcnow() < expires_at:
+                        return True
+                elif expires_at is None:
+                    return True
+            return False
+        except (
+            OperationFailure,
+            ConnectionFailure,
+            ServerSelectionTimeoutError,
+            ValueError,
+            TypeError,
+        ) as e:
+            logger.error(
+                f"Error checking user revocation status for {user_id}: {e}",
+                exc_info=True,
+            )
+            return False
+    async def clear_expired(self) -> int:
+        """
+        Manually clear expired blacklist entries.
+        Note: TTL index should handle this automatically, but this method
+        can be used for manual cleanup or verification.
+        Returns:
+            Number of entries deleted
+        """
+        try:
+            result = await self.collection.delete_many(
+                {"expires_at": {"$lt": datetime.utcnow()}}
+            )
+            deleted_count = result.deleted_count
+            if deleted_count > 0:
+                logger.info(f"Cleared {deleted_count} expired blacklist entries")
+            return deleted_count
+        except (
+            OperationFailure,
+            ConnectionFailure,
+            ServerSelectionTimeoutError,
+            ValueError,
+            TypeError,
+        ) as e:
+            logger.error(
+                f"Error clearing expired blacklist entries: {e}", exc_info=True
+            )
+            return 0