moat-kv 0.70.24__py3-none-any.whl → 0.71.6__py3-none-any.whl

debian/moat-kv/usr/lib/python3/dist-packages/moat/kv/auth/password.py

@@ -1,234 +0,0 @@
-#
-"""
-Password-based auth method.
-
-Does not limit anything, allows everything.
-"""
-
-from __future__ import annotations
-
-import nacl.secret
-
-from ..client import Client, NoData
-from ..exceptions import AuthFailedError
-from ..model import Entry
-from ..server import StreamCommand
-from . import (
-    BaseClientAuth,
-    BaseClientAuthMaker,
-    BaseServerAuthMaker,
-    RootServerUser,
-    null_client_login,
-    null_server_login,
-)
-
-
-def load(typ: str, *, make: bool = False, server: bool):
-    if typ == "client":
-        if server:
-            return null_server_login
-        else:
-            return null_client_login
-    if typ != "user":
-        raise NotImplementedError("This module only handles users")
-    if server:
-        if make:
-            return ServerUserMaker
-        else:
-            return ServerUser
-    else:
-        if make:
-            return ClientUserMaker
-        else:
-            return ClientUser
-
-
-async def pack_pwd(client, password, length):
-    """Client side: encrypt password"""
-    secret = await client.dh_secret(length=length)
-    from hashlib import sha256
-
-    pwd = sha256(password).digest()
-    box = nacl.secret.SecretBox(secret)
-    pwd = box.encrypt(pwd)
-    return pwd
-
-
-async def unpack_pwd(client, password):
-    """Server side: extract password"""
-    box = nacl.secret.SecretBox(client.dh_key)
-    pwd = box.decrypt(password)
-    return pwd
-    # TODO check with Argon2
-
-
-class ServerUserMaker(BaseServerAuthMaker):
-    _name = None
-    _aux = None
-    password: str = None
-
-    @property
-    def ident(self):
-        return self._name
-
-    @classmethod
-    async def recv(cls, cmd, data):
-        self = cls()
-        self._name = data["ident"]
-        self._aux = data.get("aux")
-        pwd = data.get("password")
-        pwd = await unpack_pwd(cmd.client, pwd)
-
-        # TODO use Argon2 to re-hash this
-        self.password = pwd
-        return self
-
-    async def send(self, cmd):
-        return  # nothing to do, we don't share the hash
-
-    @classmethod
-    def load(cls, data):
-        self = super().load(data)
-        self._name = data.path[-1]
-        return self
-
-    def save(self):
-        res = super().save()
-        res["password"] = self.password
-        return res
-
-
-class ServerUser(RootServerUser):
-    @classmethod
-    def load(cls, data: Entry):
-        """Create a ServerUser object from existing stored data"""
-        self = super().load(data)
-        self._name = data.name
-        return self
-
-    async def auth(self, cmd: StreamCommand, data):
-        """Verify that @data authenticates this user."""
-        await super().auth(cmd, data)
-
-        pwd = await unpack_pwd(cmd.client, data.password)
-        if pwd != self.password:  # pylint: disable=no-member
-            # pylint: disable=no-member
-            raise AuthFailedError("Password hashes do not match", self._name)
-
-
-class ClientUserMaker(BaseClientAuthMaker):
-    gen_schema = dict(
-        type="object",
-        additionalProperties=True,
-        properties=dict(
-            name=dict(type="string", minLength=1, pattern="^[a-zA-Z][a-zA-Z0-9_]*$"),
-            password=dict(type="string", minLength=5),
-        ),
-        required=["name", "password"],
-    )
-    mod_schema = dict(
-        type="object",
-        additionalProperties=True,
-        properties=dict(password=dict(type="string", minLength=5)),
-        # required=[],
-    )
-    _name = None
-    _pass = None
-    _length = 1024
-
-    @property
-    def ident(self):
-        return self._name
-
-    # Overly-complicated methods of exchanging the user name
-
-    @classmethod
-    def build(cls, user, _initial=True):
-        self = super().build(user, _initial=_initial)
-        self._name = user["name"]
-        if "password" in user:
-            self._pass = user["password"].encode("utf-8")
-        return self
-
-    @classmethod
-    async def recv(cls, client: Client, ident: str, _kind: str = "user", _initial=True):
-        """Read a record representing a user from the server."""
-        m = await client._request(
-            action="auth_get",
-            typ=cls._auth_method,
-            kind=_kind,
-            ident=ident,
-            nchain=0 if _initial else 2,
-        )
-        # just to verify that the user exists
-        # There's no reason to send the password hash back
-        self = cls(_initial=_initial)
-        self._name = m.name
-        try:
-            self._chain = m.chain
-        except AttributeError:
-            pass
-        return self
-
-    async def send(self, client: Client, _kind="user", **msg):  # pylint: disable=unused-argument,arguments-differ
-        """Send a record representing this user to the server."""
-        if self._pass is not None:
-            msg["password"] = await pack_pwd(client, self._pass, self._length)
-
-        await client._request(
-            action="auth_set",
-            ident=self._name,
-            typ=type(self)._auth_method,
-            kind=_kind,
-            chain=self._chain,
-            **msg,
-        )
-
-    def export(self):
-        """Return the data required to re-create the user via :meth:`build`."""
-        res = super().export()
-        res["name"] = self._name
-        return res
-
-
-class ClientUser(BaseClientAuth):
-    schema = dict(
-        type="object",
-        additionalProperties=True,
-        properties=dict(
-            name=dict(type="string", minLength=1, pattern="^[a-zA-Z][a-zA-Z0-9_]*$"),
-            password=dict(type="string", minLength=5),
-        ),
-        required=["name", "password"],
-    )
-    _name = None
-    _pass = None
-    _length = 1024
-
-    @property
-    def ident(self):
-        return self._name
-
-    @classmethod
-    def build(cls, user):
-        self = super().build(user)
-        self._name = user["name"]
-        self._pass = user["password"].encode("utf-8")
-        return self
-
-    async def auth(self, client: Client, chroot=()):
-        """
-        Authorizes this user with the server.
-        """
-        try:
-            pw = await pack_pwd(client, self._pass, self._length)
-            await client._request(
-                action="auth",
-                typ=self._auth_method,
-                iter=False,
-                ident=self.ident,
-                password=pw,
-                **self.auth_data(),
-            )
-        except NoData:
-            pass

debian/moat-kv/usr/lib/python3/dist-packages/moat/kv/auth/root.py

@@ -1,58 +0,0 @@
-#
-"""
-Null auth method.
-
-Does not limit anything, allows everything.
-"""
-
-from __future__ import annotations
-
-from . import (
-    BaseClientAuth,
-    BaseClientAuthMaker,
-    BaseServerAuthMaker,
-    RootServerUser,
-    null_client_login,
-    null_server_login,
-)
-
-
-def load(typ: str, *, make: bool = False, server: bool):
-    if typ == "client":
-        if server:
-            return null_server_login
-        else:
-            return null_client_login
-    if typ != "user":
-        raise NotImplementedError("This module only handles users")
-    if server:
-        if make:
-            return ServerUserMaker
-        else:
-            return ServerUser
-    else:
-        if make:
-            return ClientUserMaker
-        else:
-            return ClientUser
-
-
-class ServerUserMaker(BaseServerAuthMaker):
-    schema = {"type": "object", "additionalProperties": False}
-
-
-class ServerUser(RootServerUser):
-    schema = {"type": "object", "additionalProperties": False}
-
-
-class ClientUserMaker(BaseClientAuthMaker):
-    gen_schema = {"type": "object", "additionalProperties": False}
-    mod_schema = {"type": "object", "additionalProperties": False}
-
-    @property
-    def ident(self):
-        return "*"
-
-
-class ClientUser(BaseClientAuth):
-    schema = {"type": "object", "additionalProperties": False}

debian/moat-kv/usr/lib/python3/dist-packages/moat/kv/backend/__init__.py

@@ -1,67 +0,0 @@
-from __future__ import annotations
-from abc import ABCMeta, abstractmethod
-from contextlib import asynccontextmanager
-
-import anyio
-
-__all__ = ["get_backend", "Backend"]
-
-
-class Backend(metaclass=ABCMeta):
-    def __init__(self, tg):
-        self._tg = tg
-        self._njobs = 0
-        self._ended = None
-
-    @abstractmethod
-    @asynccontextmanager
-    async def connect(self, *a, **k):
-        """
-        This async context manager returns a connection.
-        """
-
-    async def aclose(self):
-        """
-        Force-close the connection.
-        """
-        self._tg.cancel_scope.cancel()
-        if self._njobs > 0:
-            with anyio.move_on_after(2):
-                await self._ended.wait()
-
-    async def spawn(self, p, *a, **kw):
-        async def _run(p, a, kw, *, task_status):
-            if self._ended is None:
-                self._ended = anyio.Event()
-            self._njobs += 1
-            task_status.started()
-            try:
-                return await p(*a, **kw)
-            finally:
-                self._njobs -= 1
-                if not self._njobs:
-                    self._ended.set()
-                    self._ended = None
-
-        return await self._tg.start(_run, p, a, kw)
-
-    @abstractmethod
-    @asynccontextmanager
-    async def monitor(self, *topic):
-        """
-        Return an async iterator that listens to this topic.
-        """
-
-    @abstractmethod
-    async def send(self, *topic, payload):
-        """
-        Send this payload to this topic.
-        """
-
-
-def get_backend(name):
-    from importlib import import_module
-
-    if "." not in name:
-        name = "moat.kv.backend." + name
-    return import_module(name).connect

debian/moat-kv/usr/lib/python3/dist-packages/moat/kv/backend/mqtt.py

@@ -1,74 +0,0 @@
-from __future__ import annotations
-import logging
-from contextlib import asynccontextmanager
-
-import anyio
-from moat.mqtt.client import MQTTClient
-from moat.mqtt.codecs import NoopCodec
-from moat.util import NotGiven
-
-from . import Backend
-
-logger = logging.getLogger(__name__)
-
-# Simply setting connect=asyncserf.serf_client interferes with mocking
-# when testing.
-
-
-class MqttMessage:
-    def __init__(self, topic, payload):
-        self.topic = topic
-        self.payload = payload
-
-
-class MqttBackend(Backend):
-    client = None
-
-    @asynccontextmanager
-    async def connect(self, *a, **kw):
-        codec = kw.pop("codec", NotGiven)
-        C = MQTTClient(self._tg, codec=codec)
-        try:
-            await C.connect(*a, **kw)
-            self.client = C
-            yield self
-        finally:
-            self.client = None
-            with anyio.CancelScope(shield=True):
-                await self.aclose()
-                await C.disconnect()
-
-    @asynccontextmanager
-    async def monitor(self, *topic):
-        topic = "/".join(str(x) for x in topic)
-        logger.info("Monitor %s start", topic)
-        try:
-            async with self.client.subscription(topic) as sub:
-
-                async def sub_get(sub):
-                    async for msg in sub:
-                        yield MqttMessage(msg.topic.split("/"), msg.data)
-
-                yield sub_get(sub)
-        except anyio.get_cancelled_exc_class():
-            raise
-        except BaseException as exc:
-            logger.exception("Monitor %s end: %r", topic, exc)
-            raise
-        else:
-            logger.info("Monitor %s end", topic)
-
-    def send(self, *topic, payload):  # pylint: disable=invalid-overridden-method
-        """
-        Send this payload to this topic.
-        """
-        # client.publish is also async, pass-thru
-        return self.client.publish("/".join(str(x) for x in topic), message=payload)
-
-
-@asynccontextmanager
-async def connect(**kw):
-    async with anyio.create_task_group() as tg:
-        c = MqttBackend(tg)
-        async with c.connect(**kw):
-            yield c

debian/moat-kv/usr/lib/python3/dist-packages/moat/kv/backend/serf.py

@@ -1,45 +0,0 @@
-from __future__ import annotations
-from contextlib import asynccontextmanager
-
-import anyio
-import asyncserf
-
-from . import Backend
-
-# Simply setting connect=asyncserf.serf_client interferes with mocking
-# when testing.
-
-
-class SerfBackend(Backend):
-    client = None
-
-    @asynccontextmanager
-    async def connect(self, *a, **k):
-        async with asyncserf.serf_client(*a, **k) as c:
-            self.client = c
-            try:
-                yield self
-            finally:
-                with anyio.CancelScope(shield=True):
-                    await self.aclose()
-                self.client = None
-
-    def monitor(self, *topic):  # pylint: disable=invalid-overridden-method
-        topic = "user:" + ".".join(topic)
-        # self.client.stream is also async, pass thru
-        return self.client.stream(topic)
-
-    def send(self, *topic, payload):  # pylint: disable=invalid-overridden-method
-        """
-        Send this payload to this topic.
-        """
-        # self.client.event is also async, pass thru
-        return self.client.event(".".join(topic), payload=payload, coalesce=False)
-
-
-@asynccontextmanager
-async def connect(*a, **kw):
-    async with anyio.create_task_group() as tg:
-        c = SerfBackend(tg)
-        async with c.connect(*a, **kw):
-            yield c