oauth2fast-fastapi 0.1.1__py3-none-any.whl

oauth2fast_fastapi/__init__.py

@@ -0,0 +1,21 @@
+"""
+OAuth2Fast-FastAPI - Fast and secure OAuth2 authentication for FastAPI
+"""
+
+from .__version__ import __version__
+from .database import engine
+from .dependencies import get_auth_session, get_current_user, get_current_verified_user
+from .models.user_model import User
+from .routers.base_router import router
+from .settings import settings
+
+__all__ = [
+    "__version__",
+    "engine",
+    "get_auth_session",
+    "get_current_user",
+    "get_current_verified_user",
+    "User",
+    "router",
+    "settings",
+]

oauth2fast_fastapi/__version__.py

@@ -0,0 +1 @@
+__version__ = "0.1.1"

oauth2fast_fastapi/database.py

@@ -0,0 +1,12 @@
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
+
+from .settings import settings
+
+DB_URL = f"postgresql+asyncpg://{settings.auth_db.username}:{settings.auth_db.password.get_secret_value()}@{settings.auth_db.hostname}:{settings.auth_db.port}/{settings.auth_db.name}"
+engine = create_async_engine(DB_URL, echo=False)
+
+
+# Sesion asíncrona
+async_session = async_sessionmaker(
+    bind=engine, class_=AsyncSession, expire_on_commit=False
+)

oauth2fast_fastapi/dependencies.py

@@ -0,0 +1,90 @@
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlmodel import select
+
+from .database import async_session
+from .models.user_model import User
+from .schemas.token_schema import TokenData
+from .settings import settings
+from .utils.token_utils import verify_token
+
+
+# Dependency de Database para usar en endpoints
+async def get_auth_session():
+    async with async_session() as session:
+        yield session
+
+
+# Dependency de Auth Base
+oauth2_dependency = OAuth2PasswordBearer(
+    tokenUrl=f"{settings.auth_url_prefix.get_secret_value()}/token"
+)
+
+
+async def get_current_user(
+    token: str = Depends(oauth2_dependency),
+    session: AsyncSession = Depends(get_auth_session),
+) -> User:
+    """
+    Dependency to get the current authenticated user from JWT token.
+
+    Args:
+        token: JWT token from Authorization header
+        session: Database session
+
+    Returns:
+        Authenticated User object
+
+    Raises:
+        HTTPException: If token is invalid or user not found
+    """
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+
+    # Verify and decode token
+    payload = verify_token(token)
+    if payload is None:
+        raise credentials_exception
+
+    # Extract email from token
+    email: str | None = payload.get("sub")
+    if email is None:
+        raise credentials_exception
+
+    token_data = TokenData(email=email)
+
+    # Get user from database
+    result = await session.execute(select(User).where(User.email == token_data.email))
+    user = result.scalar_one_or_none()
+
+    if user is None:
+        raise credentials_exception
+
+    return user
+
+
+async def get_current_verified_user(
+    current_user: User = Depends(get_current_user),
+) -> User:
+    """
+    Dependency to get the current authenticated and verified user.
+
+    Args:
+        current_user: Current authenticated user
+
+    Returns:
+        Verified User object
+
+    Raises:
+        HTTPException: If user is not verified
+    """
+    if not current_user.is_verified:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Email not verified",
+        )
+    return current_user

oauth2fast_fastapi/mail/__init__.py

@@ -0,0 +1 @@
+from .service import send_verification_email as send_verification_email

oauth2fast_fastapi/mail/connection.py

@@ -0,0 +1,22 @@
+from pathlib import Path
+
+from fastapi_mail import ConnectionConfig
+
+from ..settings import settings
+
+BASE_DIR = Path(__file__).resolve().parent
+TEMPLATES_PATH = BASE_DIR / "templates"
+
+config = ConnectionConfig(
+    MAIL_USERNAME=settings.auth_mail_server.username,
+    MAIL_PASSWORD=settings.auth_mail_server.password,
+    MAIL_FROM=settings.auth_mail_server.from_direction,
+    MAIL_PORT=settings.auth_mail_server.port,
+    MAIL_SERVER=settings.auth_mail_server.server,
+    MAIL_FROM_NAME=settings.auth_mail_server.from_name,
+    MAIL_STARTTLS=False,
+    MAIL_SSL_TLS=True,
+    USE_CREDENTIALS=True,
+    VALIDATE_CERTS=True,
+    TEMPLATE_FOLDER=TEMPLATES_PATH,
+)

oauth2fast_fastapi/mail/service.py

@@ -0,0 +1,39 @@
+from fastapi import HTTPException, status
+from fastapi_mail import FastMail, MessageSchema, MessageType
+
+from ..settings import settings
+from .connection import config
+
+
+async def send_verification_email(email: str, verification_url: str) -> None:
+    """
+    Send verification email to user.
+
+    Args:
+        email: User's email address
+        verification_url: Complete URL for email verification
+
+    Raises:
+        HTTPException: If email sending fails
+    """
+    try:
+        message = MessageSchema(
+            subject=f"Verifica tu cuenta - {settings.project_name}",
+            recipients=[email],
+            template_body={
+                "email": email,
+                "project_name": settings.project_name,
+                "verification_url": verification_url,
+                "support_email": settings.auth_mail_server.from_direction,
+            },
+            subtype=MessageType.html,
+        )
+
+        fm = FastMail(config)
+        await fm.send_message(message, template_name="verification.html")
+
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Error sending verification email: {str(e)}",
+        ) from e

oauth2fast_fastapi/mail/templates/verification.html

@@ -0,0 +1,231 @@
+<!DOCTYPE html>
+<html lang="es">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Verifica tu cuenta - {{project_name}}</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            padding: 40px 20px;
+            line-height: 1.6;
+        }
+
+        .email-container {
+            max-width: 600px;
+            margin: 0 auto;
+            background: #ffffff;
+            border-radius: 16px;
+            overflow: hidden;
+            box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+        }
+
+        .header {
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            padding: 40px 30px;
+            text-align: center;
+        }
+
+        .header h1 {
+            color: #ffffff;
+            font-size: 28px;
+            font-weight: 700;
+            margin-bottom: 10px;
+        }
+
+        .header p {
+            color: rgba(255, 255, 255, 0.9);
+            font-size: 16px;
+        }
+
+        .content {
+            padding: 40px 30px;
+        }
+
+        .greeting {
+            font-size: 20px;
+            color: #2d3748;
+            margin-bottom: 20px;
+            font-weight: 600;
+        }
+
+        .message {
+            color: #4a5568;
+            font-size: 16px;
+            margin-bottom: 30px;
+            line-height: 1.8;
+        }
+
+        .verification-box {
+            background: linear-gradient(135deg, #f7fafc 0%, #edf2f7 100%);
+            border-radius: 12px;
+            padding: 30px;
+            text-align: center;
+            margin: 30px 0;
+            border: 2px solid #e2e8f0;
+        }
+
+        .verification-box p {
+            color: #4a5568;
+            margin-bottom: 20px;
+            font-size: 15px;
+        }
+
+        .verify-button {
+            display: inline-block;
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            color: #ffffff;
+            text-decoration: none;
+            padding: 16px 40px;
+            border-radius: 8px;
+            font-weight: 600;
+            font-size: 16px;
+            transition: transform 0.2s, box-shadow 0.2s;
+            box-shadow: 0 4px 15px rgba(102, 126, 234, 0.4);
+        }
+
+        .verify-button:hover {
+            transform: translateY(-2px);
+            box-shadow: 0 6px 20px rgba(102, 126, 234, 0.6);
+        }
+
+        .divider {
+            height: 1px;
+            background: linear-gradient(to right, transparent, #cbd5e0, transparent);
+            margin: 30px 0;
+        }
+
+        .alternative-text {
+            color: #718096;
+            font-size: 14px;
+            margin-top: 20px;
+            line-height: 1.6;
+        }
+
+        .link-box {
+            background: #f7fafc;
+            border: 1px dashed #cbd5e0;
+            border-radius: 8px;
+            padding: 15px;
+            margin-top: 15px;
+            word-break: break-all;
+        }
+
+        .link-box a {
+            color: #667eea;
+            text-decoration: none;
+            font-size: 13px;
+        }
+
+        .footer {
+            background: #f7fafc;
+            padding: 30px;
+            text-align: center;
+            color: #718096;
+            font-size: 14px;
+        }
+
+        .footer p {
+            margin-bottom: 10px;
+        }
+
+        .footer a {
+            color: #667eea;
+            text-decoration: none;
+        }
+
+        .security-note {
+            background: #fff5f5;
+            border-left: 4px solid #fc8181;
+            padding: 15px;
+            margin-top: 30px;
+            border-radius: 4px;
+        }
+
+        .security-note p {
+            color: #742a2a;
+            font-size: 14px;
+            margin: 0;
+        }
+
+        @media only screen and (max-width: 600px) {
+            body {
+                padding: 20px 10px;
+            }
+
+            .header h1 {
+                font-size: 24px;
+            }
+
+            .content {
+                padding: 30px 20px;
+            }
+
+            .verify-button {
+                padding: 14px 30px;
+                font-size: 15px;
+            }
+        }
+    </style>
+</head>
+
+<body>
+    <div class="email-container">
+        <div class="header">
+            <h1>🎉 ¡Bienvenido a {{project_name}}!</h1>
+            <p>Estamos emocionados de tenerte con nosotros</p>
+        </div>
+
+        <div class="content">
+            <p class="greeting">Hola {{email}},</p>
+
+            <p class="message">
+                Gracias por registrarte en <strong>{{project_name}}</strong>. Para completar tu registro y comenzar a
+                disfrutar de todos nuestros servicios, necesitamos verificar tu dirección de correo electrónico.
+            </p>
+
+            <div class="verification-box">
+                <p><strong>Verifica tu cuenta ahora</strong></p>
+                <a href="{{verification_url}}" class="verify-button">Verificar mi cuenta</a>
+            </div>
+
+            <p class="message">
+                Este enlace de verificación es válido por <strong>24 horas</strong>. Si no solicitaste esta cuenta,
+                puedes ignorar este correo de forma segura.
+            </p>
+
+            <div class="divider"></div>
+
+            <p class="alternative-text">
+                <strong>¿El botón no funciona?</strong><br>
+                Copia y pega el siguiente enlace en tu navegador:
+            </p>
+            <div class="link-box">
+                <a href="{{verification_url}}">{{verification_url}}</a>
+            </div>
+
+            <div class="security-note">
+                <p>
+                    <strong>⚠️ Nota de seguridad:</strong> Nunca compartas este enlace con nadie. Nuestro equipo nunca
+                    te pedirá tu contraseña por correo electrónico.
+                </p>
+            </div>
+        </div>
+
+        <div class="footer">
+            <p><strong>{{project_name}}</strong></p>
+            <p>Este es un correo automático, por favor no respondas a este mensaje.</p>
+            <p>Si necesitas ayuda, contáctanos en <a href="mailto:{{support_email}}">{{support_email}}</a></p>
+        </div>
+    </div>
+</body>
+
+</html>

oauth2fast_fastapi/mail/templates/welcome.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Bienvenido a ISO-Solautyc</title>
+</head>
+<body>
+    <h1>¡Hola, {{ name }}!</h1>
+    <p>Te damos la bienvenida a ISO-Solautyc. Gracias por registrarte.</p>
+    <p>Este es un correo de prueba enviado mediante FastAPI-Mail y pytest.</p>
+    <p>Saludos cordiales,<br>El equipo de ISO-Solautyc</p>
+</body>
+</html>

oauth2fast_fastapi/models/__init__.py

@@ -0,0 +1 @@
+from .bases import BaseModel as BaseModel

oauth2fast_fastapi/models/bases.py

@@ -0,0 +1,10 @@
+from sqlmodel import MetaData, SQLModel
+
+from .mixins import TimestampMixin
+
+metadata = MetaData()
+
+
+class BaseModel(TimestampMixin, SQLModel):
+    __abstract__ = True
+    metadata = metadata

oauth2fast_fastapi/models/mixins.py

@@ -0,0 +1,32 @@
+from datetime import UTC, datetime
+
+from sqlalchemy import DateTime, func
+from sqlmodel import Column
+
+
+class TimestampMixin:
+    """Mixin reutilizable para marcas de tiempo en UTC."""
+
+    created_at = Column(
+        DateTime(timezone=True),
+        nullable=False,
+        default=lambda: datetime.now(UTC),
+    )
+    updated_at = Column(
+        DateTime(timezone=True),
+        nullable=False,
+        default=lambda: datetime.now(UTC),
+        onupdate=func.now(),
+    )
+
+
+# class Example(TimestampMixin, SQLModel, table=True):
+#    """Ejemplo de modelo con timestamps automáticos."""
+#    id: int | None = Field(default=None, primary_key=True)
+#    name: str
+
+
+# Opcional: asegurar que updated_at se actualice también del lado de Python
+# @event.listens_for(Example, "before_update", propagate=True)
+# def receive_before_update(mapper, connection, target):
+#    target.updated_at = datetime.now(timezone.utc)

oauth2fast_fastapi/models/user_model.py

@@ -0,0 +1,21 @@
+from sqlmodel import (
+    BigInteger,
+    Column,
+    Field,
+)
+
+from .bases import BaseModel
+
+
+# Database model for User
+# This model represents a user registered in the database
+class User(BaseModel, table=True):
+    __tablename__ = "users"
+
+    id: int = Field(
+        default=None, sa_column=Column(BigInteger, index=True, primary_key=True)
+    )
+    name: str = Field(index=True)
+    email: str = Field(index=True, unique=True)
+    password: str = Field()
+    is_verified: bool = Field(default=False)

oauth2fast_fastapi/routers/base_router.py

@@ -0,0 +1,61 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlmodel import select
+
+from ..dependencies import get_auth_session
+from ..models.user_model import User
+from ..schemas.token_schema import Token
+from ..settings import settings
+from ..utils.password_utils import verify_password
+from ..utils.token_utils import create_access_token
+from .users_router import router as users_router
+
+# Ensure prefix starts with "/"
+prefix = settings.auth_url_prefix.get_secret_value()
+if not prefix.startswith("/"):
+    prefix = f"/{prefix}"
+
+router = APIRouter(
+    prefix=prefix,
+    tags=[prefix.strip("/").capitalize()],
+)
+
+# Include users router
+router.include_router(users_router)
+
+
+@router.post("/token", response_model=Token)
+async def login(
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    session: AsyncSession = Depends(get_auth_session),
+) -> Token:
+    """
+    OAuth2 compatible token login endpoint.
+
+    Args:
+        form_data: OAuth2 form with username (email) and password
+        session: Database session
+
+    Returns:
+        Token with access_token and token_type
+
+    Raises:
+        HTTPException: If credentials are invalid
+    """
+    # Get user by email (username in OAuth2 form)
+    result = await session.execute(select(User).where(User.email == form_data.username))
+    user = result.scalar_one_or_none()
+
+    # Verify user exists and password is correct
+    if not user or not verify_password(form_data.password, user.password):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect email or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    # Create access token
+    access_token = create_access_token(data={"sub": user.email})
+
+    return Token(access_token=access_token, token_type="bearer")