paskia 0.8.0__py3-none-any.whl → 0.9.0__py3-none-any.whl

paskia/fastapi/__main__.py

@@ -1,16 +1,31 @@
 import argparse
 import asyncio
-import ipaddress
+import json
 import logging
 import os
 from urllib.parse import urlparse
 
-import uvicorn
+from fastapi_vue.hostutil import parse_endpoint
+from uvicorn import Config, Server
 
+from paskia import globals as _globals
+from paskia.bootstrap import bootstrap_if_needed
+from paskia.config import PaskiaConfig
+from paskia.db.background import flush
+from paskia.fastapi import app as fastapi_app
+from paskia.fastapi import reset as reset_cmd
+from paskia.util import startupbox
 from paskia.util.hostutil import normalize_origin
 
-DEFAULT_HOST = "localhost"
-DEFAULT_SERVE_PORT = 4401
+DEFAULT_PORT = 4401
+
+EPILOG = """\
+Examples:
+  paskia                      # localhost:4401
+  paskia :8080                # All interfaces, port 8080
+  paskia unix:/tmp/paskia.sock
+  paskia reset [user]         # Generate passkey reset link
+"""
 
 
 def is_subdomain(sub: str, domain: str) -> bool:
@@ -34,80 +49,6 @@ def validate_auth_host(auth_host: str, rp_id: str) -> None:
         )
 
 
-def parse_endpoint(
-    value: str | None, default_port: int
-) -> tuple[str | None, int | None, str | None, bool]:
-    """Parse an endpoint using stdlib (urllib.parse, ipaddress).
-
-    Returns (host, port, uds_path). If uds_path is not None, host/port are None.
-
-    Supported forms:
-    - host[:port]
-    - :port (uses default host)
-    - [ipv6][:port] (bracketed for port usage)
-    - ipv6 (unbracketed, no port allowed -> default port)
-    - unix:/path/to/socket.sock
-    - None -> defaults (localhost:4401)
-
-    Notes:
-    - For IPv6 with an explicit port you MUST use brackets (e.g. [::1]:8080)
-    - Unbracketed IPv6 like ::1 implies the default port.
-    """
-    if not value:
-        return DEFAULT_HOST, default_port, None, False
-
-    # Port only (numeric) -> localhost:port
-    if value.isdigit():
-        try:
-            port_only = int(value)
-        except ValueError:  # pragma: no cover (isdigit guards)
-            raise SystemExit(f"Invalid port '{value}'")
-        return DEFAULT_HOST, port_only, None, False
-
-    # Leading colon :port -> bind all interfaces (0.0.0.0 + ::)
-    if value.startswith(":") and value != ":":
-        port_part = value[1:]
-        if not port_part.isdigit():
-            raise SystemExit(f"Invalid port in '{value}'")
-        return None, int(port_part), None, True
-
-    # UNIX domain socket
-    if value.startswith("unix:"):
-        uds_path = value[5:] or None
-        if uds_path is None:
-            raise SystemExit("unix: path must not be empty")
-        return None, None, uds_path, False
-
-    # Unbracketed IPv6 (cannot safely contain a port) -> detect by multiple colons
-    if value.count(":") > 1 and not value.startswith("["):
-        try:
-            ipaddress.IPv6Address(value)
-        except ValueError as e:  # pragma: no cover
-            raise SystemExit(f"Invalid IPv6 address '{value}': {e}")
-        return value, default_port, None, False
-
-    # Use urllib.parse for everything else (host[:port], :port, [ipv6][:port])
-    parsed = urlparse(f"//{value}")  # // prefix lets urlparse treat it as netloc
-    host = parsed.hostname
-    port = parsed.port
-
-    # Host may be None if empty (e.g. ':5500')
-    if not host:
-        host = DEFAULT_HOST
-    if port is None:
-        port = default_port
-
-    # Validate IP literals (optional; hostname passes through)
-    try:
-        # Strip brackets if somehow present (urlparse removes them already)
-        ipaddress.ip_address(host)
-    except ValueError:
-        # Not an IP address -> treat as hostname; no action
-        pass
-
-    return host, port, None, False
-
-
 def add_common_options(p: argparse.ArgumentParser) -> None:
     p.add_argument(
         "--rp-id", default="localhost", help="Relying Party ID (default: localhost)"
@@ -134,45 +75,44 @@ def main():
     logging.basicConfig(level=logging.INFO, format="%(message)s", force=True)
 
     parser = argparse.ArgumentParser(
-        prog="paskia", description="Paskia authentication server"
+        prog="paskia",
+        description="Paskia authentication server",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog=EPILOG,
     )
-    sub = parser.add_subparsers(dest="command", required=True)
 
-    # serve subcommand
-    serve = sub.add_parser(
-        "serve", help="Run the server (production style, no auto-reload)"
-    )
-    serve.add_argument(
+    # Primary argument: either host:port or "reset" subcommand
+    parser.add_argument(
         "hostport",
         nargs="?",
         help=(
             "Endpoint (default: localhost:4401). Forms: host[:port] | :port | "
-            "[ipv6][:port] | ipv6 | unix:/path.sock"
-        ),
-    )
-    add_common_options(serve)
-
-    # reset subcommand
-    reset = sub.add_parser(
-        "reset",
-        help=(
-            "Create a credential reset link for a user. Provide part of the display name or UUID. "
-            "If omitted, targets the master admin (first Administration role user in an auth:admin org)."
+            "[ipv6][:port] | ipv6 | unix:/path.sock | 'reset' for credential reset"
         ),
     )
-    reset.add_argument(
-        "query",
+    parser.add_argument(
+        "reset_query",
         nargs="?",
-        help="User UUID (full) or case-insensitive substring of display name. If omitted, master admin is used.",
+        help="For 'reset' command: user UUID or substring of display name",
     )
-    add_common_options(reset)
+    add_common_options(parser)
 
     args = parser.parse_args()
 
-    if args.command == "serve":
-        host, port, uds, all_ifaces = parse_endpoint(args.hostport, DEFAULT_SERVE_PORT)
+    # Detect "reset" subcommand (first positional is "reset")
+    is_reset = args.hostport == "reset"
+
+    if is_reset:
+        endpoints = []
     else:
-        host = port = uds = all_ifaces = None  # type: ignore
+        # Parse endpoint using fastapi_vue.hostutil
+        endpoints = parse_endpoint(args.hostport, DEFAULT_PORT)
+
+    # Extract host/port/uds from first endpoint for config display and site_url
+    ep = endpoints[0] if endpoints else {}
+    host = ep.get("host")
+    port = ep.get("port")
+    uds = ep.get("uds")
 
     # Collect and normalize origins, handle auth_host
     origins = [normalize_origin(o) for o in (getattr(args, "origins", None) or [])]
@@ -193,8 +133,13 @@ def main():
     origins = [x for x in origins if not (x in seen or seen.add(x))]
 
     # Compute site_url and site_path for reset links
-    # Priority: auth_host > first origin with localhost > http://localhost:port
-    if args.auth_host:
+    # Priority: PASKIA_SITE_URL (explicit) > auth_host > first origin with localhost > http://localhost:port
+    explicit_site_url = os.environ.get("PASKIA_SITE_URL")
+    if explicit_site_url:
+        # Explicit site URL from devserver or deployment config
+        site_url = explicit_site_url.rstrip("/")
+        site_path = "/" if args.auth_host else "/auth/"
+    elif args.auth_host:
         site_url = args.auth_host.rstrip("/")
         site_path = "/"
     elif origins:
@@ -215,8 +160,6 @@ def main():
         site_path = "/auth/"
 
     # Build runtime configuration
-    from paskia.config import PaskiaConfig
-
     config = PaskiaConfig(
         rp_id=args.rp_id,
         rp_name=args.rp_name or None,
@@ -230,8 +173,6 @@ def main():
     )
 
     # Export configuration via single JSON env variable for worker processes
-    import json
-
     config_json = {
         "rp_id": config.rp_id,
         "rp_name": config.rp_name,
@@ -242,93 +183,52 @@ def main():
     }
     os.environ["PASKIA_CONFIG"] = json.dumps(config_json)
 
-    # Initialize globals (without bootstrap yet)
-    from paskia import globals as _globals  # local import
+    startupbox.print_startup_config(config)
+
+    devmode = bool(os.environ.get("FASTAPI_VUE_FRONTEND_URL"))
 
-    asyncio.run(
-        _globals.init(
+    run_kwargs: dict = {
+        "log_level": "info",
+    }
+
+    if devmode:
+        # Security: dev mode must run on localhost:4402 to prevent
+        # accidental public exposure of the Vite dev server
+        if host != "localhost" or port != 4402:
+            raise SystemExit(f"Dev mode requires localhost:4402, got {host}:{port}")
+        run_kwargs["reload"] = True
+        run_kwargs["reload_dirs"] = ["paskia"]
+        # Suppress uvicorn startup messages in dev mode
+        run_kwargs["log_level"] = "warning"
+
+    async def async_main():
+        await _globals.init(
             rp_id=config.rp_id,
             rp_name=config.rp_name,
             origins=config.origins,
             bootstrap=False,
         )
-    )
-
-    # Print startup configuration
-    from paskia.util import startupbox
-
-    startupbox.print_startup_config(config)
-
-    # Bootstrap after startup box is printed
-    from paskia.bootstrap import bootstrap_if_needed
-
-    asyncio.run(bootstrap_if_needed())
-
-    # Handle recover-admin command (no server start)
-    if args.command == "reset":
-        from paskia.fastapi import reset as reset_cmd  # local import
-
-        exit_code = reset_cmd.run(getattr(args, "query", None))
-        raise SystemExit(exit_code)
-
-    if args.command == "serve":
-        run_kwargs: dict = {
-            "log_level": "info",
-        }
-
-        # Dev mode: enable reload when PASKIA_DEVMODE is set
-        devmode = bool(os.environ.get("PASKIA_DEVMODE"))
-        if devmode:
-            # Security: dev mode must run on localhost:4402 to prevent
-            # accidental public exposure of the Vite dev server
-            if host != "localhost" or port != 4402:
-                raise SystemExit(f"Dev mode requires localhost:4402, got {host}:{port}")
-            run_kwargs["reload"] = True
-            run_kwargs["reload_dirs"] = ["paskia"]
-            # Suppress uvicorn startup messages in dev mode
-            run_kwargs["log_level"] = "warning"
-
-        if uds:
-            run_kwargs["uds"] = uds
-        else:
-            if not all_ifaces:
-                run_kwargs["host"] = host
-                run_kwargs["port"] = port
-
-        if all_ifaces and not uds:
-            # Dev mode with all interfaces: use simple single-server approach
-            if devmode:
-                run_kwargs["host"] = "::"
-                run_kwargs["port"] = port
-                uvicorn.run("paskia.fastapi:app", **run_kwargs)
-            else:
-                # Production: run separate servers for IPv4 and IPv6
-                from uvicorn import Config, Server  # noqa: E402 local import
-
-                from paskia.fastapi import (
-                    app as fastapi_app,  # noqa: E402 local import
-                )
-
-                async def serve_both():
-                    servers = []
-                    assert port is not None
-                    for h in ("0.0.0.0", "::"):
-                        try:
-                            cfg = Config(
-                                app=fastapi_app,
-                                host=h,
-                                port=port,
-                                log_level="info",
-                            )
-                            servers.append(Server(cfg))
-                        except Exception as e:  # pragma: no cover
-                            logging.warning(f"Failed to configure server for {h}: {e}")
-                    tasks = [asyncio.create_task(s.serve()) for s in servers]
-                    await asyncio.gather(*tasks)
-
-                asyncio.run(serve_both())
+        await bootstrap_if_needed()
+        await flush()
+
+        if is_reset:
+            exit_code = reset_cmd.run(args.reset_query)
+            raise SystemExit(exit_code)
+
+        if len(endpoints) > 1:
+            async with asyncio.TaskGroup() as tg:
+                for ep in endpoints:
+                    tg.create_task(
+                        Server(Config(app=fastapi_app, **run_kwargs, **ep)).serve()
+                    )
         else:
-            uvicorn.run("paskia.fastapi:app", **run_kwargs)
+            server = Server(Config(app=fastapi_app, **run_kwargs, **endpoints[0]))
+            await server.serve()
+
+    try:
+        asyncio.run(async_main())
+    except KeyboardInterrupt:
+        pass
 
 
 if __name__ == "__main__":