mindroot 8.9.0__py3-none-any.whl → 8.11.0__py3-none-any.whl

{mindroot-8.9.0.dist-info → mindroot-8.11.0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.8.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

mindroot/coreplugins/google_auth/README.md

@@ -1,76 +0,0 @@
-# Google OAuth Authentication Plugin
-
-This plugin adds Google Sign-In functionality to MindRoot, allowing users to authenticate using their Google accounts.
-
-## Setup Instructions
-
-### 1. Create Google OAuth Credentials
-
-1. Go to the [Google Cloud Console](https://console.cloud.google.com/)
-2. Create a new project or select an existing one
-3. Enable the Google+ API for your project
-4. Go to "Credentials" in the left sidebar
-5. Click "Create Credentials" > "OAuth client ID"
-6. Select "Web application" as the application type
-7. Add your redirect URI (e.g., `http://localhost:8000/google_auth/callback` for local development)
-8. Save your Client ID and Client Secret
-
-### 2. Configure Environment Variables
-
-Add the following to your `.env` file in the MindRoot root directory:
-
-```bash
-# Google OAuth Configuration
-GOOGLE_CLIENT_ID=your-client-id-here
-GOOGLE_CLIENT_SECRET=your-client-secret-here
-GOOGLE_REDIRECT_URI=http://localhost:8000/google_auth/callback
-```
-
-For production, update `GOOGLE_REDIRECT_URI` to your actual domain:
-```bash
-GOOGLE_REDIRECT_URI=https://yourdomain.com/google_auth/callback
-```
-
-### 3. Update Google OAuth Authorized Redirect URIs
-
-Make sure to add your redirect URI to the authorized redirect URIs in your Google OAuth client settings.
-
-## How It Works
-
-1. Users click "Sign in with Google" on the login page
-2. They are redirected to Google's OAuth consent screen
-3. After authorization, Google redirects back to `/google_auth/callback`
-4. The plugin:
-   - Verifies the OAuth response
-   - Creates a new user account if needed (username: `google_[partial_google_id]`)
-   - Sets the same JWT token used by the regular login system
-   - Redirects to the home page
-
-## User Data
-
-When a user signs in with Google:
-- A new user account is created with a generated username
-- Their Google email is stored
-- Email is automatically verified if Google has verified it
-- Additional Google profile info is stored in `google_info.json`
-
-## Security Notes
-
-- State tokens are used to prevent CSRF attacks
-- Google ID tokens are verified server-side
-- Users get the same JWT tokens as regular login
-- Passwords for OAuth users are randomly generated and not used
-
-## Troubleshooting
-
-1. **"Google OAuth not configured" error**: Make sure you've set the environment variables
-2. **Redirect URI mismatch**: Ensure the redirect URI in your `.env` matches exactly what's configured in Google Cloud Console
-3. **Invalid state token**: This is a security feature - just try signing in again
-
-## Integration with Existing System
-
-The plugin integrates seamlessly with MindRoot's existing authentication:
-- Uses the same JWT token system
-- Compatible with existing middleware
-- Users can access all the same features
-- Admin can manage Google-authenticated users like any other users

mindroot/coreplugins/google_auth/__init__.py

@@ -1 +0,0 @@
-from .mod import *

mindroot/coreplugins/google_auth/inject/login.jinja2

@@ -1,69 +0,0 @@
-{% block head_extra %}
-<style>
-    .google-signin-btn {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        width: 100%;
-        padding: 0.5rem;
-        margin-top: 1rem;
-        background-color: #4285f4;
-        color: white;
-        border: none;
-        border-radius: 4px;
-        cursor: pointer;
-        text-decoration: none;
-        font-size: 14px;
-        transition: background-color 0.3s;
-    }
-    
-    .google-signin-btn:hover {
-        background-color: #357ae8;
-    }
-    
-    .google-signin-btn svg {
-        width: 18px;
-        height: 18px;
-        margin-right: 8px;
-    }
-    
-    .divider {
-        text-align: center;
-        margin: 1rem 0;
-        position: relative;
-    }
-    
-    .divider::before {
-        content: '';
-        position: absolute;
-        top: 50%;
-        left: 0;
-        right: 0;
-        height: 1px;
-        background-color: #555;
-    }
-    
-    .divider span {
-        background-color: #2a2a2a;
-        padding: 0 10px;
-        position: relative;
-        color: #888;
-        font-size: 14px;
-    }
-</style>
-{% endblock %}
-
-{% block content %}
-<div class="divider">
-    <span>OR</span>
-</div>
-<a href="/google_auth/login" class="google-signin-btn">
-    <svg viewBox="0 0 24 24" fill="currentColor">
-        <path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/>
-        <path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/>
-        <path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/>
-        <path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/>
-    </svg>
-    Sign in with Google
-</a>
-{% endblock %}

mindroot/coreplugins/google_auth/mod.py

@@ -1 +0,0 @@
-# Google Auth plugin - provides Google OAuth2 authentication

mindroot/coreplugins/google_auth/router.py

@@ -1,170 +0,0 @@
-from fastapi import APIRouter, Request, HTTPException
-from fastapi.responses import RedirectResponse, HTMLResponse
-from lib.route_decorators import public_route
-from lib.providers.services import service_manager
-from mindroot.coreplugins.jwt_auth.middleware import create_access_token
-from mindroot.coreplugins.user_service.models import UserCreate
-from google.auth.transport import requests
-from google.oauth2 import id_token
-import google_auth_oauthlib.flow
-import os
-import secrets
-import json
-from typing import Optional
-
-router = APIRouter()
-
-# OAuth 2.0 configuration
-CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID')
-CLIENT_SECRET = os.environ.get('GOOGLE_CLIENT_SECRET')
-REDIRECT_URI = os.environ.get('GOOGLE_REDIRECT_URI', 'http://localhost:8000/google_auth/callback')
-
-# OAuth2 flow configuration
-CLIENT_CONFIG = {
-    "web": {
-        "client_id": CLIENT_ID,
-        "client_secret": CLIENT_SECRET,
-        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-        "token_uri": "https://oauth2.googleapis.com/token",
-        "redirect_uris": [REDIRECT_URI]
-    }
-}
-
-SCOPES = ['openid', 'email', 'profile']
-
-# Store state tokens temporarily (in production, use Redis or similar)
-state_tokens = {}
-
-@router.get("/google_auth/login")
-@public_route()
-async def google_login(request: Request):
-    """Initiate Google OAuth2 login flow"""
-    if not CLIENT_ID or not CLIENT_SECRET:
-        raise HTTPException(status_code=500, detail="Google OAuth not configured")
-    
-    # Create flow instance
-    flow = google_auth_oauthlib.flow.Flow.from_client_config(
-        CLIENT_CONFIG,
-        scopes=SCOPES
-    )
-    flow.redirect_uri = REDIRECT_URI
-    
-    # Generate state token for CSRF protection
-    state = secrets.token_urlsafe(32)
-    authorization_url, _ = flow.authorization_url(
-        access_type='offline',
-        state=state,
-        prompt='select_account'
-    )
-    
-    # Store state token
-    state_tokens[state] = True
-    
-    return RedirectResponse(url=authorization_url)
-
-@router.get("/google_auth/callback")
-@public_route()
-async def google_callback(request: Request, code: str, state: str):
-    """Handle Google OAuth2 callback"""
-    # Verify state token
-    if state not in state_tokens:
-        return RedirectResponse(url="/login?error=Invalid+state+token")
-    
-    # Remove used state token
-    del state_tokens[state]
-    
-    try:
-        # Create flow instance
-        flow = google_auth_oauthlib.flow.Flow.from_client_config(
-            CLIENT_CONFIG,
-            scopes=SCOPES,
-            state=state
-        )
-        flow.redirect_uri = REDIRECT_URI
-        
-        # Exchange authorization code for tokens
-        flow.fetch_token(code=code)
-        
-        # Get user info from ID token
-        credentials = flow.credentials
-        request_session = requests.Request()
-        id_info = id_token.verify_oauth2_token(
-            credentials.id_token,
-            request_session,
-            CLIENT_ID
-        )
-        
-        # Extract user information
-        google_id = id_info['sub']
-        email = id_info['email']
-        name = id_info.get('name', email.split('@')[0])
-        email_verified = id_info.get('email_verified', False)
-        
-        # Create username from email or name
-        username = f"google_{google_id[:8]}"
-        
-        # Check if user exists
-        existing_user = await service_manager.get_user_data(username)
-        
-        if not existing_user:
-            # Create new user
-            user_data = UserCreate(
-                username=username,
-                email=email,
-                password=secrets.token_urlsafe(32)  # Random password for OAuth users
-            )
-            
-            # Create user with email already verified if Google verified it
-            await service_manager.create_user(
-                user_data,
-                roles=["user"],
-                skip_verification=email_verified
-            )
-            
-            # Update user metadata with Google info
-            user_dir = os.path.join("data/users", username)
-            google_info = {
-                "google_id": google_id,
-                "name": name,
-                "picture": id_info.get('picture', ''),
-                "locale": id_info.get('locale', ''),
-                "auth_method": "google_oauth"
-            }
-            with open(os.path.join(user_dir, "google_info.json"), 'w') as f:
-                json.dump(google_info, f, indent=2)
-        
-        # Create JWT token
-        user_data = await service_manager.get_user_data(username)
-        access_token = create_access_token(data={"sub": username, **user_data.dict()})
-        
-        # Create response with redirect
-        response = RedirectResponse(url="/", status_code=303)
-        
-        # Set cookie
-        response.set_cookie(
-            key="access_token",
-            value=access_token,
-            max_age=604800,  # 1 week
-            httponly=True,
-            samesite="Lax"
-        )
-        
-        return response
-        
-    except Exception as e:
-        print(f"Google OAuth error: {e}")
-        import traceback
-        traceback.print_exc()
-        return RedirectResponse(
-            url="/login?error=Google+authentication+failed",
-            status_code=303
-        )
-
-@router.get("/google_auth/config_check")
-@public_route()
-async def config_check():
-    """Check if Google OAuth is configured"""
-    return {
-        "configured": bool(CLIENT_ID and CLIENT_SECRET),
-        "redirect_uri": REDIRECT_URI
-    }