meerschaum 2.9.5__py3-none-any.whl → 3.0.0rc2__py3-none-any.whl

meerschaum/actions/show.py

@@ -45,6 +45,7 @@ def show(
         'tags'       : _show_tags,
         'schedules'  : _show_schedules,
         'venvs'      : _show_venvs,
+        'tokens'     : _show_tokens,
     }
     return choose_subaction(action, show_options, **kw)
 
@@ -113,11 +114,11 @@ def _show_help(**kw: Any) -> SuccessTuple:
 
 
 def _show_config(
-        action: Optional[List[str]] = None,
-        debug: bool = False,
-        nopretty: bool = False,
-        **kw: Any
-    ) -> SuccessTuple:
+    action: Optional[List[str]] = None,
+    debug: bool = False,
+    nopretty: bool = False,
+    **kw: Any
+) -> SuccessTuple:
     """
     Show the configuration dictionary.
     Sub-actions defined in the action list are recursive indices in the config dictionary.
@@ -789,34 +790,22 @@ def _show_tags(
     from meerschaum.utils.formatting import pipe_repr, UNICODE, ANSI
     from meerschaum.utils.pool import get_pool
     from meerschaum.config import get_config
+    from meerschaum.connectors.parse import parse_instance_keys
     rich_tree, rich_panel, rich_text, rich_console, rich_columns = (
         mrsm.attempt_import('rich.tree', 'rich.panel', 'rich.text', 'rich.console', 'rich.columns')
     )
-    panel = rich_panel.Panel.fit('Tags')
-    tree = rich_tree.Tree(panel)
     action = action or []
     tags = action + (tags or [])
-    pipes = mrsm.get_pipes(as_list=True, tags=tags, **kwargs)
-    if not pipes:
-        return False, f"No pipes were found with the given tags."
 
-    pool = get_pool(workers=workers)
     tag_prefix = get_config('formatting', 'pipes', 'unicode', 'icons', 'tag') if UNICODE else ''
     tag_style = get_config('formatting', 'pipes', 'ansi', 'styles', 'tags') if ANSI else None
 
-    tags_pipes = defaultdict(lambda: [])
-    gather_pipe_tags = lambda pipe: (pipe, (pipe.tags or []))
-
-    pipes_tags = dict(pool.map(gather_pipe_tags, pipes))
-
-    for pipe, tags in pipes_tags.items():
-        for tag in tags:
-            if action and tag not in action:
-                continue
-            tags_pipes[tag].append(pipe)
+    tags_pipes = mrsm.get_pipes(as_tags_dict=True, tags=tags, **kwargs)
+    if action:
+        tags_pipes = {tag: pipes for tag, pipes in tags_pipes.items() if tag in action}
 
     columns = []
-    sorted_tags = sorted([tag for tag in tags_pipes])
+    sorted_tags = sorted(list(tags_pipes))
     for tag in sorted_tags:
         _pipes = tags_pipes[tag]
         tag_text = (
@@ -904,9 +893,7 @@ def _show_schedules(
     return True, "Success"
         
 
-def _show_venvs(
-    **kwargs: Any    
-):
+def _show_venvs(**kwargs: Any) -> SuccessTuple:
     """
     Print the available virtual environments in the current MRSM_ROOT_DIR.
     """
@@ -921,12 +908,113 @@ def _show_venvs(
         for _venv in os.listdir(VIRTENV_RESOURCES_PATH)
         if venv_exists(_venv)
     ]
-    print_options(
-        venvs,
-        name = 'Venvs:',
-        **kwargs
+    print_options(venvs, name='Virtual Environments:', **kwargs)
+    return True, "Success"
+
+
+def _show_tokens(
+    action: Optional[List[str]] = None,
+    mrsm_instance: Optional[str] = None,
+    nopretty: bool = False,
+    debug: bool = False,
+    **kwargs: Any
+) -> SuccessTuple:
+    """
+    Print a table of the registered tokens on the instance.
+    """
+    import json
+    import uuid
+    from meerschaum.connectors.parse import parse_instance_keys
+    from meerschaum.utils.dtypes import value_is_null, json_serialize_value
+    from meerschaum.utils.misc import is_uuid
+    from meerschaum.utils.packages import import_rich
+    from meerschaum.utils.formatting import UNICODE, get_console
+    rich = import_rich()
+    rich_table, rich_json = mrsm.attempt_import('rich.table', 'rich.json')
+
+    conn = parse_instance_keys(mrsm_instance)
+
+    labels = [
+        label
+        for label in (action or [])
+        if not is_uuid(label)
+    ]
+    potential_token_ids = [
+        uuid.UUID(potential_id)
+        for potential_id in (action or [])
+        if is_uuid(potential_id)
+    ]
+
+    tokens = conn.get_tokens(
+        labels=(labels or None),
+        ids=(potential_token_ids or None),
+        debug=debug,
+    )
+
+    if nopretty:
+        for token in tokens:
+            print(json.dumps({
+                'id': str(token.id),
+                'label': token.label,
+                'scopes': token.scopes,
+                'expiration': (
+                    token.expiration.isoformat()
+                    if not value_is_null(token.expiration)
+                    else None
+                ),
+                'creation': (token.creation.isoformat() if not value_is_null(token.creation) else None),
+                'user': (token.user.username if token.user is not None else None),
+                'is_valid': token.is_valid,
+            }))
+        return True, "Success"
+
+    if len(tokens) == 1:
+        token = tokens[0]
+        tokens_json = json.dumps({
+            'id': str(token.id),
+            'label': token.label,
+            'scopes': token.scopes,
+            'creation': (token.creation.isoformat() if not value_is_null(token.creation) else None),
+            'expiration': (token.expiration.isoformat() if not value_is_null(token.expiration) else None),
+            'user': (token.user.username if token.user is not None else None),
+            'is_valid': token.is_valid,
+        }, default=json_serialize_value, indent=4)
+        get_console().print(rich_json.JSON(tokens_json))
+        
+        return True, "Success"
+
+    is_valid_true = (
+        "🟢"
+        if UNICODE
+        else "[+]"
     )
+    is_valid_false = (
+        "🔴"
+        if UNICODE
+        else "[-]"
+    )
+
+    table = rich_table.Table(title=f"Registered Tokens on instance '{conn}'")
+    table.add_column("ID")
+    table.add_column("Label")
+    table.add_column("User")
+    table.add_column("Expiration")
+    table.add_column("Valid")
+
+    for token in tokens:
+        table.add_row(
+            str(token.id),
+            token.label,
+            (token.user.username if token.user is not None else ""),
+            (
+                token.expiration.isoformat()
+                if not value_is_null(token.expiration)
+                else 'Does not expire'
+            ),
+            (is_valid_true if token.is_valid else is_valid_false),
+        )
 
+    mrsm.pprint(table)
     return True, "Success"
 
 

meerschaum/actions/stop.py

@@ -7,7 +7,8 @@ Stop running jobs that were started with `-d` or `start job`.
 """
 
 from __future__ import annotations
-from meerschaum.utils.typing import Optional, List, Dict, SuccessTuple, Any
+from meerschaum.utils.typing import Optional, List, SuccessTuple, Any
+
 
 def stop(action: Optional[List[str]] = None, **kw) -> SuccessTuple:
     """
@@ -111,6 +112,8 @@ def _stop_jobs(
         )
 
     if not jobs_to_stop:
+        if jobs:
+            return True, "The selected jobs are currently running."
         return False, "No running, paused or restarting jobs to stop."
 
     if not action:

meerschaum/actions/sync.py

@@ -287,7 +287,7 @@ def _sync_pipes(
     from meerschaum.utils.formatting._shell import progress
     from meerschaum.utils.formatting._shell import clear_screen
     from meerschaum.utils.formatting import print_pipes_results
-    from meerschaum.config.static import STATIC_CONFIG
+    from meerschaum._internal.static import STATIC_CONFIG
     from meerschaum.utils.misc import interval_str
 
     noninteractive_val = os.environ.get(STATIC_CONFIG['environment']['noninteractive'], None)

meerschaum/actions/tag.py

@@ -8,12 +8,12 @@ Functions for editing elements belong here.
 
 from __future__ import annotations
 import meerschaum as mrsm
-from meerschaum.utils.typing import List, Any, SuccessTuple, Optional, Dict
+from meerschaum.utils.typing import List, Any, SuccessTuple, Optional
 
 def tag(
-        action: Optional[List[str]] = None,
-        **kwargs: Any
-    ) -> SuccessTuple:
+    action: Optional[List[str]] = None,
+    **kwargs: Any
+) -> SuccessTuple:
     """
     Edit an existing element.
     """
@@ -25,10 +25,10 @@ def tag(
 
 
 def _tag_pipes(
-        action: Optional[List[str]] = None,
-        debug: bool = False,
-        **kwargs: Any
-    ) -> SuccessTuple:
+    action: Optional[List[str]] = None,
+    debug: bool = False,
+    **kwargs: Any
+) -> SuccessTuple:
     """
     Add or remove tags to registered pipes.
     Prefix a tag with a leading underscore to remove it.
@@ -68,6 +68,7 @@ def _tag_pipes(
                 pipe_was_edited = True
 
         if pipe_was_edited:
+            pipe.tags = pipe_tags
             edited_pipes.append(pipe)
 
     if not edited_pipes:

meerschaum/actions/verify.py

@@ -57,8 +57,11 @@ def _verify_packages(
     Verify the versions of packages.
     """
     from meerschaum.utils.packages import (
-        attempt_import, all_packages, is_installed, venv_contains_package,
-        _monkey_patch_get_distribution, manually_import_module,
+        attempt_import,
+        all_packages,
+        is_installed,
+        venv_contains_package,
+        manually_import_module,
     )
 
     venv_packages, base_packages, miss_packages = [], [], []
@@ -78,12 +81,6 @@ def _verify_packages(
         )
         _where_list.append(import_name)
 
-    if 'flask_compress' in venv_packages or 'dash' in venv_packages:
-        flask_compress = attempt_import('flask_compress', lazy=False, debug=debug)
-        _monkey_patch_get_distribution('flask-compress', flask_compress.__version__)
-        if 'flask_compress' in venv_packages:
-            venv_packages.remove('flask_compress')
-
     for import_name in base_packages:
         manually_import_module(import_name, debug=debug, venv=None)
     for import_name in venv_packages:

meerschaum/api/__init__.py

@@ -14,7 +14,7 @@ from fnmatch import fnmatch
 import meerschaum as mrsm
 from meerschaum.utils.typing import Dict, Any, Optional, PipesDict
 from meerschaum.config import get_config
-from meerschaum.config.static import STATIC_CONFIG, SERVER_ID
+from meerschaum._internal.static import STATIC_CONFIG, SERVER_ID
 from meerschaum.utils.packages import attempt_import
 from meerschaum.utils import get_pipes as _get_pipes
 from meerschaum.config._paths import API_UVICORN_CONFIG_PATH, API_UVICORN_RESOURCES_PATH
@@ -95,10 +95,12 @@ def get_uvicorn_config() -> Dict[str, Any]:
 
 debug = get_uvicorn_config().get('debug', False)
 no_dash = get_uvicorn_config().get('no_dash', False)
+no_webterm = get_uvicorn_config().get('no_webterm', False)
 no_auth = get_uvicorn_config().get('no_auth', False)
 private = get_uvicorn_config().get('private', False)
 production = get_uvicorn_config().get('production', False)
 _include_dash = (not no_dash)
+_include_webterm = (not no_webterm) and _include_dash
 docs_enabled = not production or sys_config.get('endpoints', {}).get('docs_in_production', True)
 
 default_instance_keys = None
@@ -210,8 +212,14 @@ def get_pipe(
     if location_key in ('[None]', 'None', 'null'):
         location_key = None
     instance_keys = str(get_api_connector(instance_keys))
+    if connector_keys == 'mrsm':
+        raise fastapi.HTTPException(
+            status_code=403,
+            detail="Unable to serve any pipes with connector keys `mrsm` over the API.",
+        )
+
     pipe = mrsm.Pipe(connector_keys, metric_key, location_key, mrsm_instance=instance_keys)
-    if is_pipe_registered(pipe, pipes(instance_keys)):
+    if is_pipe_registered(pipe, pipes(instance_keys, refresh=False)):
         return pipes(instance_keys, refresh=refresh)[connector_keys][metric_key][location_key]
     return pipe
 
@@ -291,7 +299,7 @@ def __getattr__(name: str):
     raise AttributeError(f"Could not import '{name}'.")
 
 ### Import everything else within the API.
-from meerschaum.api._oauth2 import manager
+from meerschaum.api._oauth2 import manager, ScopedAuth
 import meerschaum.api.routes as routes
 import meerschaum.api._events
 import meerschaum.api._websockets

meerschaum/api/_events.py

@@ -16,6 +16,8 @@ from meerschaum.api import (
     get_uvicorn_config,
     debug,
     no_dash,
+    _include_dash,
+    _include_webterm,
 )
 from meerschaum.utils.debug import dprint
 from meerschaum.connectors.poll import retry_connect
@@ -25,7 +27,7 @@ from meerschaum.jobs import (
     start_check_jobs_thread,
     stop_check_jobs_thread,
 )
-from meerschaum.config.static import STATIC_CONFIG
+from meerschaum._internal.static import STATIC_CONFIG
 
 TEMP_PREFIX: str = STATIC_CONFIG['api']['jobs']['temp_prefix']
 
@@ -35,8 +37,43 @@ async def startup():
     """
     Connect to the instance database and begin monitoring jobs.
     """
+    app.openapi_schema = app.openapi()
+
+    ### Remove the implicitly added HTTPBearer scheme if it exists.
+    if 'BearerAuth' in app.openapi_schema['components']['securitySchemes']:
+        del app.openapi_schema['components']['securitySchemes']['BearerAuth']
+    elif 'HTTPBearer' in app.openapi_schema['components']['securitySchemes']:
+        del app.openapi_schema['components']['securitySchemes']['HTTPBearer']
+    if 'LoginManager' in app.openapi_schema['components']['securitySchemes']:
+        del app.openapi_schema['components']['securitySchemes']['LoginManager']
+
+    scopes = STATIC_CONFIG['tokens']['scopes']
+    app.openapi_schema['components']['securitySchemes']['OAuth2PasswordBearer'] = {
+        'type': 'oauth2',
+        'flows': {
+            'password': {
+                'tokenUrl': STATIC_CONFIG['api']['endpoints']['login'],
+                'scopes': scopes,
+            },
+        },
+    }
+    app.openapi_schema['components']['securitySchemes']['APIKey'] = {
+        'type': 'http',
+        'scheme': 'bearer',
+        'bearerFormat': 'mrsm-key:{client_id}:{client_secret}',
+        'description': 'Authentication using a Meerschaum API Key.',
+    }
+    app.openapi_schema['security'] = [
+        {
+            'OAuth2PasswordBearer': [],
+        },
+        {
+            'APIKey': [],
+        }
+    ]
+
     try:
-        if not no_dash:
+        if _include_webterm:
             from meerschaum.api.dash.webterm import start_webterm
             start_webterm()
 

meerschaum/api/_oauth2.py

@@ -7,21 +7,34 @@ Define JWT authorization here.
 """
 
 import os
-from meerschaum.api import app, endpoints, CHECK_UPDATE
+import base64
+import functools
+import inspect
+from typing import List, Optional, Union
+
+from meerschaum.api import endpoints, CHECK_UPDATE, no_auth, debug
+from meerschaum.api._tokens import optional_token, get_token_from_authorization
+from meerschaum._internal.static import STATIC_CONFIG
 from meerschaum.utils.packages import attempt_import
-fastapi = attempt_import('fastapi', lazy=False, check_update=CHECK_UPDATE)
+from meerschaum.core import User, Token
+
+fastapi, starlette = attempt_import('fastapi', 'starlette', lazy=False, check_update=CHECK_UPDATE)
 fastapi_responses = attempt_import('fastapi.responses', lazy=False, check_update=CHECK_UPDATE)
 fastapi_login = attempt_import('fastapi_login', check_update=CHECK_UPDATE)
+from fastapi import Depends, HTTPException, Request
+from starlette import status
+
 
 class CustomOAuth2PasswordRequestForm:
     def __init__(
         self,
         grant_type: str = fastapi.Form(None, regex="password|client_credentials"),
-        username: str = fastapi.Form(...),
-        password: str = fastapi.Form(...),
-        scope: str = fastapi.Form(""),
-        client_id: str = fastapi.Form(None),
-        client_secret: str = fastapi.Form(None),
+        username: Optional[str] = fastapi.Form(None),
+        password: Optional[str] = fastapi.Form(None),
+        scope: str = fastapi.Form(" ".join(STATIC_CONFIG['tokens']['scopes'])),
+        client_id: Optional[str] = fastapi.Form(None),
+        client_secret: Optional[str] = fastapi.Form(None),
+        authorization: Optional[str] = fastapi.Header(None),
     ):
         self.grant_type = grant_type
         self.username = username
@@ -30,9 +43,106 @@ class CustomOAuth2PasswordRequestForm:
         self.client_id = client_id
         self.client_secret = client_secret
 
+        if (
+            not username
+            and not password
+            and not self.client_id
+            and not self.client_secret
+            and authorization
+        ):
+            try:
+                scheme, credentials = authorization.split()
+                if credentials.startswith('mrsm-key:'):
+                    credentials = credentials[len('mrsm-key:'):]
+                if scheme.lower() in ('basic', 'bearer'):
+                    decoded_credentials = base64.b64decode(credentials).decode('utf-8')
+                    _client_id, _client_secret = decoded_credentials.split(':', 1)
+                    self.client_id = _client_id
+                    self.client_secret = _client_secret
+                    self.grant_type = 'client_credentials'
+            except ValueError:
+                pass
+
+
+async def optional_user(request: Request) -> Optional[User]:
+    """
+    FastAPI dependency that returns a User if logged in, otherwise None.
+    """
+    if no_auth:
+        return None
+    return await manager(request)
+    try:
+        return await manager(request)
+    except HTTPException:
+        return None
+
+
+async def load_user_or_token(
+    request: Request,
+    users: bool = True,
+    tokens: bool = True,
+) -> Union[User, Token, None]:
+    """
+    Load the current user or token.
+    """
+    authorization = request.headers.get('authorization', request.headers.get('Authorization', None))
+    if not authorization:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated.",
+        )
+    authorization = authorization.replace('Basic ', '').replace('Bearer ', '')
+    if not authorization.startswith('mrsm-key:'):
+        if not users:
+            raise HTTPException(
+                status=status.HTTP_401_UNAUTHORIZED,
+                detail="Users not authenticated for this endpoint.",
+            )
+        return await manager(request)
+    if not tokens:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Tokens not authenticated for this endpoint.",
+        )
+    return get_token_from_authorization(authorization)
+
+
+def ScopedAuth(scopes: List[str]):
+    """
+    Dependency factory for authenticating with either a user session or a scoped token.
+    """
+    async def _authenticate(
+        user_or_token: Union[User, Token, None] = Depends(
+            load_user_or_token,
+        ),
+    ) -> Union[User, Token, None]:
+        if no_auth:
+            return None
+
+        if not user_or_token:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Not authenticated.",
+                headers={"WWW-Authenticate": "Basic"},
+            )
+
+        fresh_scopes = user_or_token.get_scopes(refresh=True, debug=debug)
+        if '*' in fresh_scopes:
+            return user_or_token
+
+        for scope in scopes:
+            if scope not in fresh_scopes:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail=f"Missing required scope: '{scope}'",
+                )
+        
+        return user_or_token
+    return _authenticate
+
 
 LoginManager = fastapi_login.LoginManager
-def generate_secret_key() -> str:
+def generate_secret_key() -> bytes:
     """
     Read or generate the secret keyfile.
     """

meerschaum/api/_tokens.py

@@ -0,0 +1,102 @@
+#! /usr/bin/env python3
+# vim:fenc=utf-8
+
+"""
+Define the authentication logic for Meerschaum Tokens.
+"""
+
+import base64
+import uuid
+from typing import Optional, Union, List
+from datetime import datetime, timezone
+
+from fastapi import Depends, HTTPException, Request
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from starlette import status
+
+import meerschaum as mrsm
+from meerschaum.api import (
+    get_api_connector,
+    debug,
+)
+from meerschaum.core import Token, User
+from meerschaum.core.User import verify_password
+
+
+http_bearer = HTTPBearer(auto_error=False, scheme_name="APIKey")
+
+
+def get_token_from_authorization(authorization: str) -> Token:
+    """
+    Helper function to decode and verify a token from credentials.
+    Raises HTTPException on failure.
+    """
+    if authorization.startswith('mrsm-key:'):
+        authorization = authorization[len('mrsm-key:'):]
+    try:
+        credential_string = base64.b64decode(authorization).decode('utf-8')
+        token_id_str, secret = credential_string.split(':', 1)
+        token_id = uuid.UUID(token_id_str)
+    except Exception:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid token format. Expected Base64-encoded 'token_id:secret'.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    conn = get_api_connector()
+    token = conn.get_token(token_id)
+
+    if not token or not token.is_valid:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or revoked token.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    if token.get_expiration_status(debug=debug):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Token has expired.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    if not verify_password(secret, token.secret_hash):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid secret.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    return token
+
+
+def get_current_token(
+    auth_creds: Optional[HTTPAuthorizationCredentials] = Depends(http_bearer),
+) -> Token:
+    """
+    FastAPI dependency to authenticate a request with a Meerschaum Token.
+    This dependency will fail if no token is provided.
+    """
+    if auth_creds is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return get_token_from_authorization(auth_creds.credentials)
+
+
+async def optional_token(
+    auth_creds: Optional[HTTPAuthorizationCredentials] = Depends(http_bearer),
+) -> Optional[Token]:
+    """
+    FastAPI dependency that returns a Token if provided, otherwise None.
+    """
+    if not auth_creds:
+        return None
+
+    try:
+        return get_token_from_authorization(auth_creds.credentials)
+    except HTTPException as e:
+        return None

meerschaum/api/dash/__init__.py

@@ -12,14 +12,11 @@ from meerschaum.utils.packages import (
     attempt_import,
     import_dcc,
     import_html,
-    _monkey_patch_get_distribution,
 )
 flask_compress = attempt_import('flask_compress', lazy=False)
-_monkey_patch_get_distribution('flask-compress', flask_compress.__version__)
 dash = attempt_import('dash', lazy=False)
 
 from meerschaum.utils.typing import List, Optional
-from meerschaum.config.static import _static_config
 from meerschaum.api import (
     app as fastapi_app,
     debug,

meerschaum/api/dash/callbacks/custom.py

@@ -36,9 +36,9 @@ def add_plugin_pages(debug: bool = False):
     """
     Allow users to add pages via the `@web_page` decorator.
     """
-    for plugin_name, pages_dicts in _plugin_endpoints_to_pages.items():
+    for page_group, pages_dicts in _plugin_endpoints_to_pages.items():
         if debug:
-            dprint(f"Adding pages from plugin '{plugin_name}'...")
+            dprint(f"Adding pages for group '{page_group}'...")
         for _endpoint, _page_dict in pages_dicts.items():
             page_layout = _page_dict['function']()
             if not _page_dict['skip_navbar']: