nlbone 0.7.15__py3-none-any.whl → 0.7.16__py3-none-any.whl

nlbone/adapters/auth/auth_service.py

@@ -3,23 +3,57 @@ import requests
 from nlbone.config.settings import get_settings
 from nlbone.core.ports.auth import AuthService as BaseAuthService
 from nlbone.utils.http import normalize_https_base
+from nlbone.utils.cache import cached
 
 
 class AuthService(BaseAuthService):
     def __init__(self):
         s = get_settings()
-        self._base_url = normalize_https_base(s.AUTH_SERVICE_URL.unicode_string())
+        self.client_id = s.KEYCLOAK_CLIENT_ID
+        self.client_secret = s.CLIENT_SECRET.get_secret_value().strip()
+        self._base_url = normalize_https_base(s.AUTH_SERVICE_URL.unicode_string(), enforce_https=False)
         self._timeout = float(s.HTTP_TIMEOUT_SECONDS)
-        self._client =  requests.session()
+        self._client = requests.session()
 
-    def has_access(self, token: str, permissions: list[str]) -> bool: ...
-    def verify_token(self, token: str) -> dict | None:
+    def has_access(self, token: str, permissions: list[str]) -> bool:
+        ...
+
+    @cached(ttl=15 * 60)
+    def verify_token(self, token: str) -> dict:
         url = f"{self._base_url}/introspect"
         result = self._client.post(url, data={
             "token": token
         })
-        return result.json()
-    def get_client_token(self) -> dict | None: ...
-    def is_client_token(self, token: str, allowed_clients: set[str] | None = None) -> bool: ...
-    def client_has_access(self, token: str, perms: list[str], allowed_clients: set[str] | None = None) -> bool: ...
-    def get_permissions(self, token: str) -> list[str]: ...
+        if result.status_code == 200:
+            return result.json()
+        return None
+
+    def get_client_id(self, token: str):
+        data = self.verify_token(token)
+        if data:
+            return data["sub"] if data["sub"].startswith('service-account') else None
+        return None
+
+    def get_client_token(self) -> dict | None:
+        url = f"{self._base_url}/introspect"
+        result = self._client.post(url, data={
+            "client_id": self.client_id,
+            "client_secret": self.client_secret,
+            "grant_type": "client_credentials"
+        })
+        if result.status_code == 200:
+            return result.json()
+        return None
+
+    def is_client_token(self, token: str, allowed_clients: set[str] | None = None) -> bool:
+        ...
+
+    def client_has_access(self, token: str, permissions: list[str], allowed_clients: set[str] | None = None) -> bool:
+        data = self.verify_token(token)
+        if not data:
+            return False
+        has_access = [perm in data.get("allowed_permissions", []) for perm in permissions]
+        return all(has_access)
+
+    def get_permissions(self, token: str) -> list[str]:
+        ...

nlbone/adapters/auth/token_provider.py

@@ -31,7 +31,7 @@ class ClientTokenProvider:
             access_token = data.get("access_token")
             if not access_token:
                 raise RuntimeError("Keycloak: missing access_token")
-            expires_in = int(data.get("expires_in", 60))
+            expires_in = int(data.get("expires_in", 15 * 60))
             self._token = access_token
             self._expires_at = time.time() + max(1, expires_in)
             return self._token

nlbone/config/settings.py

@@ -3,7 +3,7 @@ from functools import lru_cache
 from pathlib import Path
 from typing import Literal
 
-from pydantic import AnyHttpUrl, Field, SecretStr
+from pydantic import AnyHttpUrl, Field, SecretStr, AliasChoices
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
 
@@ -63,6 +63,8 @@ class Settings(BaseSettings):
     PRICING_API_SECRET: str = ''
 
     AUTH_SERVICE_URL:  AnyHttpUrl = Field(default="https://auth.numberland.ir")
+    CLIENT_ID: str = Field(default="", validation_alias=AliasChoices("KEYCLOAK_CLIENT_ID"))
+    CLIENT_SECRET: SecretStr = Field(default="", validation_alias=AliasChoices("KEYCLOAK_CLIENT_SECRET"))
 
     # ---------------------------
     # Database

nlbone/container.py

@@ -5,6 +5,8 @@ from typing import Dict, Optional
 from dependency_injector import containers, providers
 from pydantic_settings import BaseSettings
 
+from nlbone.adapters.auth.auth_service import AuthService as AuthService_IMP
+from nlbone.core.ports.auth import AuthService
 from nlbone.adapters.auth.keycloak import KeycloakAuthService
 from nlbone.adapters.auth.token_provider import ClientTokenProvider
 from nlbone.adapters.cache.async_redis import AsyncRedisCache
@@ -28,7 +30,7 @@ class Container(containers.DeclarativeContainer):
     # event_bus: providers.Singleton[EventBusPort] = providers.Singleton(InMemoryEventBus)
 
     # --- Services ---
-    auth: providers.Singleton[KeycloakAuthService] = providers.Singleton(KeycloakAuthService)
+    auth: providers.Singleton[AuthService] = providers.Singleton(AuthService_IMP)
     token_provider = providers.Singleton(ClientTokenProvider, auth=auth, skew_seconds=30)
     file_service: providers.Singleton[FileServicePort] = providers.Singleton(
         UploadchiClient, token_provider=token_provider

nlbone/interfaces/api/dependencies/client_credential.py

@@ -0,0 +1,44 @@
+import asyncio
+import functools
+from typing import Callable
+
+from makefun import wraps as mf_wraps
+
+from nlbone.adapters.auth.auth_service import AuthService
+from nlbone.interfaces.api.exceptions import UnauthorizedException, ForbiddenException
+from nlbone.utils.context import current_request
+
+
+def current_client_id() -> str:
+    request = current_request()
+    if client_id := AuthService().get_client_id(request.state.token):
+        return str(client_id)
+    raise UnauthorizedException()
+
+
+def client_has_access_func(*, permissions=None):
+    request = current_request()
+    if not AuthService().client_has_access(request.state.token, permissions=permissions):
+        raise ForbiddenException(f"Forbidden {permissions}")
+    return True
+
+
+def client_has_access(*, permissions=None):
+    def deco(func: Callable):
+        is_async_func = asyncio.iscoroutinefunction(func)
+
+        if is_async_func:
+            @mf_wraps(func)
+            async def aw(*args, **kwargs):
+                client_has_access_func(permissions=permissions)
+                return await func(*args, **kwargs)
+
+            return aw
+
+        @mf_wraps(func)
+        def sw(*args, **kwargs):
+            client_has_access_func(permissions=permissions)
+            return func(*args, **kwargs)
+
+        return sw
+    return deco

nlbone/utils/cache.py

@@ -5,8 +5,7 @@ from typing import Any, Callable, Iterable, Optional, Mapping
 import hashlib
 from makefun import wraps as mf_wraps
 
-from nlbone.interfaces.api.additional_filed import AdditionalFieldsRequest
-from nlbone.interfaces.api.pagination import PaginateRequest
+
 from nlbone.utils.cache_registry import get_cache
 
 try:
@@ -31,6 +30,9 @@ PRIMITIVES = (str, int, float, bool, type(None))
 
 
 def to_jsonable(obj):
+    from nlbone.interfaces.api.additional_filed import AdditionalFieldsRequest
+    from nlbone.interfaces.api.pagination import PaginateRequest
+
     if isinstance(obj, PRIMITIVES):
         return obj
 
@@ -147,6 +149,8 @@ def cached(
             @mf_wraps(func)
             async def aw(*args, **kwargs):
                 cache = (cache_resolver or get_cache)()
+                if not cache:
+                    return await func(*args, **kwargs)
                 k = _key_from_template(key, func, args, kwargs)
                 tg = _format_tags(tags, func, args, kwargs)
 
@@ -177,6 +181,8 @@ def cached(
         @mf_wraps(func)
         def sw(*args, **kwargs):
             cache = (cache_resolver or get_cache)()
+            if not cache:
+                return func(*args, **kwargs)
             k = _key_from_template(key, func, args, kwargs)
             tg = _format_tags(tags, func, args, kwargs)
 

nlbone/utils/cache_registry.py

@@ -21,6 +21,4 @@ def set_context_cache_resolver(fn: Optional[Callable[[], T]]) -> None:
 
 def get_cache() -> T:
     fn = _ctx_resolver.get() or _global_resolver
-    if fn is None:
-        raise RuntimeError("Cache resolver not configured. Call set_cache_resolver(...) first.")
     return fn()

{nlbone-0.7.15.dist-info → nlbone-0.7.16.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nlbone
-Version: 0.7.15
+Version: 0.7.16
 Summary: Backbone package for interfaces and infrastructure in Python projects
 Author-email: Amir Hosein Kahkbazzadeh <a.khakbazzadeh@gmail.com>
 License: MIT

{nlbone-0.7.15.dist-info → nlbone-0.7.16.dist-info}/RECORD

@@ -1,12 +1,12 @@
 nlbone/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-nlbone/container.py,sha256=I3Ev5L-CvfOquR4cyueIiplRriZ-_q_QlH_Xne9lA0k,2698
+nlbone/container.py,sha256=2UQ1YDA6Y24u6FlOPiMRlZSBcj1hcCPrjqyLc7_0IQ0,2810
 nlbone/types.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nlbone/adapters/__init__.py,sha256=NzUmk4XPyp3GJOw7VSE86xkQMZLtG3MrOoXLeoB551M,41
 nlbone/adapters/snowflake.py,sha256=lmq7vi6HdX9hEuTW6BlTEAy91wmrA4Bx3tvGoagHTW4,2315
 nlbone/adapters/auth/__init__.py,sha256=hkDHvsFhw_UiOHG9ZSMqjiAhK4wumEforitveSZswVw,42
-nlbone/adapters/auth/auth_service.py,sha256=HoRaEOcab5DFmHi4yAudtwJDhaofRyqMVvnq65a3sqg,1062
+nlbone/adapters/auth/auth_service.py,sha256=kwHyp2trsXeToyE5pb2CBLfyFLjwR_E8CsGgrOlrPT8,2090
 nlbone/adapters/auth/keycloak.py,sha256=IhEriaFl5mjIGT6ZUCU9qROd678ARchvWgd4UJ6zH7s,4925
-nlbone/adapters/auth/token_provider.py,sha256=vL2Hk6HXnBbpk40Tq1wpqak5QQ7KEQf3nRquT0N8V4Q,1433
+nlbone/adapters/auth/token_provider.py,sha256=EcZ7nSXxPZJZGaWnyo3QDvrEbGdeXXWnhHnP1-kMniY,1438
 nlbone/adapters/cache/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nlbone/adapters/cache/async_redis.py,sha256=vvu5w4ANx0BVRHL95RAMGsD8CcaC-tSBMbCius2cuNc,6212
 nlbone/adapters/cache/memory.py,sha256=y8M4erHQXApiSMAqG6Qk4pxEb60hRdu1szPv6iqvO9c,3738
@@ -43,7 +43,7 @@ nlbone/adapters/ticketing/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJW
 nlbone/adapters/ticketing/client.py,sha256=GAr0_4DVqVCDV7tT2gkxRyKIsvLwJRlT-xx8fsfOVJE,1303
 nlbone/config/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nlbone/config/logging.py,sha256=Ot6Ctf7EQZlW8YNB-uBdleqI6wixn5fH0Eo6QRgNkQk,4358
-nlbone/config/settings.py,sha256=BABYoUBWXazg09bO4QNZDc2Dxg1onCx0hO72ETC4Yb0,4540
+nlbone/config/settings.py,sha256=iP7ZtZUGNFwj5A8qGuqa0k6RSM8Z_sIpWI07zi3gIRM,4752
 nlbone/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nlbone/core/application/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nlbone/core/application/base_worker.py,sha256=5brIToSd-vi6tw0ukhHnUZGZhOLq1SQ-NRRy-kp6D24,1193
@@ -78,6 +78,7 @@ nlbone/interfaces/api/additional_filed/default_field_rules/image_field_rules.py,
 nlbone/interfaces/api/dependencies/__init__.py,sha256=rnYRrFVZCfICQrp_PVFlzNg3BeC57yM08wn2DbOHCfk,359
 nlbone/interfaces/api/dependencies/async_auth.py,sha256=FBa73JUE2D82k2P1k4daN4IdvZbrbCwREqPJKfYc-4Q,1710
 nlbone/interfaces/api/dependencies/auth.py,sha256=dKq3TIJN4CqKZcRIlMV3rz3v8sFgh9Rz_slIP2VNcvs,3083
+nlbone/interfaces/api/dependencies/client_credential.py,sha256=kRmkWgqRoybXm-Mreiu-c0ve1oz7PlPzcsRTdyxjG94,1308
 nlbone/interfaces/api/dependencies/db.py,sha256=-UD39J_86UU7ZJs2ZncpdND0yhAG0NeeeALrgSDuuFw,466
 nlbone/interfaces/api/dependencies/uow.py,sha256=QfLEvLYLNWZJQN1k-0q0hBVtUld3D75P4j39q_RjcnE,1181
 nlbone/interfaces/api/middleware/__init__.py,sha256=zbX2vaEAfxRMIYwO2MVY_2O6bqG5H9o7HqGpX14U3Is,158
@@ -98,17 +99,17 @@ nlbone/interfaces/jobs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3
 nlbone/interfaces/jobs/dispatch_outbox.py,sha256=yLZSC3nvkgxT2LL4Pq_DYzCyf_tZB-FknrjjgN89GFg,809
 nlbone/interfaces/jobs/sync_tokens.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 nlbone/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-nlbone/utils/cache.py,sha256=3iJdPH896yF9iJfs_rGD-98CPamPOVCjn2LX0aGxFEA,7038
+nlbone/utils/cache.py,sha256=BJoWbDicwTS1CF9m8sBKIEgfG-OszoQEEsMqrCHwNL0,7204
 nlbone/utils/cache_keys.py,sha256=Y2YSellHTbUOcoaNbl1jaD4r485VU_e4KXsfBWhYTBo,1075
-nlbone/utils/cache_registry.py,sha256=w28sEfUQZAhzCCqVH5TflWQY3nyDXyEcFWt8hkuHRHw,823
+nlbone/utils/cache_registry.py,sha256=3FWYyhujW8oPBiVUPzk1CqJ3jJfxs9729Sbb1pQ5Fag,707
 nlbone/utils/context.py,sha256=MmclJ24BG2uvSTg1IK7J-Da9BhVFDQ5ag4Ggs2FF1_w,1600
 nlbone/utils/crypto.py,sha256=PX0Tlf2nqXcGbuv16J26MoUPzo2c4xcD4sZBXxhBXgQ,746
 nlbone/utils/http.py,sha256=MPDEyaC16AKsL0YH6sWCPp8NC2TgzEHpWERYK5HcaYQ,1001
 nlbone/utils/normalize_mobile.py,sha256=sGH4tV9gX-6eVKozviNWJhm1DN1J28Nj-ERldCYkS_E,732
 nlbone/utils/redactor.py,sha256=-V4HrHmHwPi3Kez587Ek1uJlgK35qGSrwBOvcbw8Jas,1279
 nlbone/utils/time.py,sha256=DjjyQ9GLsfXoT6NK8RDW2rOlJg3e6sF04Jw6PBUrSvg,1268
-nlbone-0.7.15.dist-info/METADATA,sha256=4vijLQahgvuIahwx3IeCaXnAb2i9QzbRfpaTUQh779Q,2295
-nlbone-0.7.15.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-nlbone-0.7.15.dist-info/entry_points.txt,sha256=CpIL45t5nbhl1dGQPhfIIDfqqak3teK0SxPGBBr7YCk,59
-nlbone-0.7.15.dist-info/licenses/LICENSE,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-nlbone-0.7.15.dist-info/RECORD,,
+nlbone-0.7.16.dist-info/METADATA,sha256=nI-Pv5HnUjZhrgj0UpnnRQEe6oj8yG59STiPRYrs1UA,2295
+nlbone-0.7.16.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+nlbone-0.7.16.dist-info/entry_points.txt,sha256=CpIL45t5nbhl1dGQPhfIIDfqqak3teK0SxPGBBr7YCk,59
+nlbone-0.7.16.dist-info/licenses/LICENSE,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+nlbone-0.7.16.dist-info/RECORD,,