plotly-cloud 0.1.0__py3-none-any.whl

plotly_cloud/_devtool_publish_rpc.py

@@ -0,0 +1,294 @@
+"""RPC interface for Plotly Cloud publishing in dev tools."""
+
+import asyncio
+import importlib
+import os
+import tempfile
+from typing import Any
+
+import dash
+from typing_extensions import Literal, NotRequired, TypedDict
+
+from plotly_cloud._cloud_env import cloud_config
+from plotly_cloud._definitions import AppDeploymentConfig
+from plotly_cloud._deploy import (
+    MAX_ZIP_SIZE,
+    DeploymentClient,
+    create_deployment_zip,
+    format_app_url,
+    get_config_path,
+    load_deployment_config,
+    parse_gitignore,
+    save_deployment_config,
+    should_exclude_path,
+)
+from plotly_cloud._oauth import OAuthClient
+from plotly_cloud.exceptions import TokenError
+
+
+class PublishOperations:
+    check_auth = "initialize"
+
+
+class PublishOperation(TypedDict):
+    """RPC operation structure for dev tools publishing."""
+
+    operation: Literal["initialize", "authenticate", "auth_poll", "publish", "status"]
+    data: Any
+
+
+class RPCResponse(TypedDict):
+    """Standard RPC response structure."""
+
+    result: NotRequired[Any]
+    error: NotRequired[str]
+
+
+class PlotlyCloudPublishRPC:
+    """RPC handler for Plotly Cloud publishing operations in dev tools."""
+
+    def __init__(self) -> None:
+        """Initialize the RPC handler."""
+        client_id = cloud_config.get_oauth_client_id()
+        self.oauth_client = OAuthClient(client_id)
+        self._app_setup = None  # Fallback incase get_app fails.
+
+    def get_project_path(self):
+        app = None
+        try:
+            app = dash.det_app()  # type: ignore
+        except Exception:
+            app = self._app_setup
+
+        assert app
+        app_module = importlib.import_module(app.config.name)
+        return os.path.dirname(str(app_module.__file__))
+
+    def check_directory_size(self, project_path: str) -> tuple[int, bool, str]:
+        """Check if directory size would exceed limit.
+
+        Args:
+            project_path: Path to the project directory
+
+        Returns:
+            Tuple of (size_in_bytes, exceeds_limit, error_message)
+        """
+        exclude_patterns = parse_gitignore(project_path)
+        total_size = 0
+
+        for root, dirs, files in os.walk(project_path):
+            # Remove excluded directories from dirs list
+            dirs[:] = [d for d in dirs if not should_exclude_path(os.path.join(root, d), exclude_patterns)]
+
+            for file in files:
+                file_path = os.path.join(root, file)
+                relative_path = os.path.relpath(file_path, project_path)
+
+                # Ensure relative_path is a string
+                if isinstance(relative_path, bytes):
+                    relative_path = relative_path.decode("utf-8")
+
+                # Skip if file should be excluded
+                if should_exclude_path(relative_path, exclude_patterns):
+                    continue
+
+                try:
+                    total_size += os.path.getsize(file_path)
+                    # Early exit if we exceed the limit - no need to count further
+                    if total_size > MAX_ZIP_SIZE:
+                        max_size_mb = MAX_ZIP_SIZE / (1024 * 1024)
+                        error_msg = (
+                            f"This directory is greater than {max_size_mb:.0f}MB and cannot be published. "
+                            "Consider excluding large files in your .gitignore."
+                        )
+                        return (total_size, True, error_msg)
+                except (OSError, PermissionError):
+                    continue
+
+        # All files checked, under the limit
+        return (total_size, False, "")
+
+    def resolve_entrypoint_module(self) -> str:
+        """Resolve the entrypoint module for the current Dash app.
+
+        Returns:
+            Entrypoint module name (e.g., 'app' or 'src.app')
+        """
+        app = None
+        try:
+            app = dash.det_app()  # type: ignore
+        except Exception:
+            app = self._app_setup
+
+        if not app:
+            return "app"  # Default fallback
+
+        try:
+            # Get the module name and import it
+            module_name = app.config.name
+            app_module = importlib.import_module(module_name)
+
+            # Get the absolute path of the module file
+            module_file = str(app_module.__file__)
+
+            # Get the project path
+            project_path = self.get_project_path()
+
+            # Make it relative to the project path
+            rel_path = os.path.relpath(module_file, project_path)
+
+            # Remove .py extension and convert path separators to dots
+            entrypoint_module = str(rel_path).replace(".py", "").replace(os.sep, ".")
+
+            return entrypoint_module
+        except Exception:
+            return "app"  # Fallback
+
+    async def handle_operation(self, publish_operation: PublishOperation) -> RPCResponse:
+        """Handle a publish operation from dev tools.
+
+        Args:
+            publish_operation: The operation to perform with its data
+
+        Returns:
+            RPCResponse with data and optional error
+
+        Raises:
+            ValueError: If operation is not supported
+        """
+        operation_name = publish_operation["operation"]
+        data = publish_operation.get("data")
+
+        # Get the method by operation name (direct match)
+        if not hasattr(self, operation_name):
+            raise ValueError(f"Unsupported operation: {operation_name}")
+
+        try:
+            method = getattr(self, operation_name)
+            return await method(data)
+        except Exception as e:
+            return {"error": str(e)}
+
+    async def initialize(self, data: Any) -> RPCResponse:
+        is_authenticated = await self.oauth_client.is_authenticated()
+
+        try:
+            # Try to refresh the access token so it's still valid
+            await self.oauth_client.refresh_access_token()
+        except TokenError:
+            is_authenticated = False
+            self.oauth_client.clear_credentials()
+
+        project_path = self.get_project_path()
+
+        config_path = get_config_path(project_path, os.path.join(project_path, "plotly-cloud.toml"))
+        config = load_deployment_config(config_path)
+
+        app_id = config.get("app_id")
+        existing = app_id is not None
+        status = "new"
+        app_name = config.get("name", os.path.basename(project_path))
+        app_url = ""
+
+        if app_id is not None and is_authenticated:
+            async with DeploymentClient(self.oauth_client) as deploy_client:
+                status_data = await deploy_client.get_app_status(app_id)
+                status = status_data.get("status", "")
+                app_url = format_app_url(status_data.get("app_url", ""))
+
+        # Check directory size upfront
+        _, exceeds_limit, size_error = self.check_directory_size(project_path)
+
+        return {
+            "result": {
+                "authenticated": is_authenticated,
+                "existing": existing,
+                "status": status,
+                "app_name": app_name,
+                "app_path": project_path,
+                "app_id": app_id,
+                "app_url": app_url,
+                "size_error": size_error if exceeds_limit else None,
+            }
+        }
+
+    async def authenticate(self, data: Any) -> RPCResponse:
+        device_auth = await self.oauth_client.request_device_authorization()
+        return {"result": device_auth}
+
+    async def auth_poll(self, data: Any) -> RPCResponse:
+        device_code = data.get("device_code")
+        status_code, response = await self.oauth_client.check_authentication_status(device_code)
+        if status_code == 200:
+            await self.oauth_client._save_credentials(dict(response))
+            return {"result": {"success": True}}
+        else:
+            error = response.get("error", "unknown_error")
+            if error == "authorization_pending":
+                return {"result": {}}
+            elif error == "slow_down":
+                delay = 1 + data.get("delayed", 0)
+                return {"result": {"delay": delay}}
+            elif error == "expired_token":
+                return {"result": {"try_again": True}}
+            elif error == "access_denied":
+                return {"error": "Access denied by user"}
+            else:
+                return {"error": "Authentication Failed"}
+
+    async def status(self, data: Any) -> RPCResponse:
+        app_id = data.get("app_id")
+        async with DeploymentClient(self.oauth_client) as deploy_client:
+            status_data = await deploy_client.get_app_status(app_id)
+            app_url = format_app_url(status_data.get("app_url", ""))
+            return {"result": {"status": status_data.get("status", ""), "app_url": app_url}}
+
+    async def publish(self, data: Any) -> RPCResponse:
+        app_path = data.get("app_path")
+        app_id = data.get("app_id")
+        app_name = data.get("app_name")
+
+        config_path = get_config_path(app_path)
+
+        temp_file = tempfile.NamedTemporaryFile(suffix=".zip", delete=False)
+        zip_path = temp_file.name
+        temp_file.close()
+
+        await create_deployment_zip(app_path, zip_path)
+
+        # Resolve the entrypoint module
+        entrypoint_module = self.resolve_entrypoint_module()
+
+        async with DeploymentClient(self.oauth_client) as deploy_client:
+            if app_id:
+                # update app
+                app_data = await deploy_client.publish_app(app_id, zip_path, entrypoint_module)
+                config = load_deployment_config(config_path)
+
+                if config.get("app_url") != app_data.get("app_url"):
+                    config["app_url"] = app_data.get("app_url", "")
+                    save_deployment_config(config, config_path)
+
+                return {"result": {"app_id": app_id, "app_url": format_app_url(app_data.get("app_url"))}}
+            else:
+                # create new app
+                app_data = await deploy_client.create_app(app_name, zip_path, entrypoint_module)
+
+                config: AppDeploymentConfig = {
+                    "name": app_name,
+                    "app_id": app_data.get("id", ""),
+                    "app_url": app_data.get("app_url", ""),
+                }
+
+                save_deployment_config(config, config_path)
+
+                return {"result": {"app_id": app_data.get("id"), "app_url": format_app_url(app_data.get("app_url"))}}
+
+    async def wait_auth(self, data: Any):
+        # this just wait to circumvent setTimeout with window.open restriction.
+        await asyncio.sleep(2)
+        return {"result": {}}
+
+    async def logout(self, data: Any):
+        await self.oauth_client.logout()
+        return {"result": {}}

plotly_cloud/_oauth.py

@@ -0,0 +1,335 @@
+"""OAuth client implementation for Plotly Cloud CLI using WorkOS CLI Auth."""
+
+import asyncio
+import json
+import os
+import time
+import webbrowser
+from pathlib import Path
+from typing import Any, Dict, Optional, Tuple, Union
+
+import httpx
+from rich.console import Console
+from rich.live import Live
+from rich.panel import Panel
+from rich.spinner import Spinner
+from typing_extensions import TypedDict
+
+from .exceptions import (
+    CredentialError,
+    OAuthClientError,
+    TimeoutError,
+    TokenError,
+)
+
+console = Console()
+
+# WorkOS CLI Auth Configuration
+WORKOS_API_BASE_URL = "https://api.workos.com"
+WORKOS_ENDPOINTS = {
+    "DEVICE_AUTHORIZE": "/user_management/authorize/device",
+    "AUTHENTICATE": "/user_management/authenticate",
+    "REFRESH_TOKEN": "/user_management/authenticate",
+    "LOGOUT": "/user_management/sessions/logout",
+}
+
+# OAuth Configuration
+DEFAULT_AUTH_PROVIDER = "authkit"
+
+
+class AuthTokenResponse(TypedDict):
+    """Response from successful OAuth authentication."""
+
+    access_token: str
+    refresh_token: str
+    token_type: str
+    expires_in: int
+
+
+class AuthErrorResponse(TypedDict):
+    """Response from failed OAuth authentication."""
+
+    error: str
+    error_description: Optional[str]
+
+
+AuthResponse = Union[AuthTokenResponse, AuthErrorResponse]
+
+
+class OAuthClient:
+    """OAuth client for WorkOS CLI Auth using device authorization flow."""
+
+    def __init__(self, client_id: str):
+        self.client_id = client_id
+        self.credentials_path = self._get_credentials_path()
+
+    def _get_credentials_path(self) -> Path:
+        """Get cross-platform credentials file path."""
+        home = Path.home()
+        return home / ".plotly-cloud"
+
+    async def request_device_authorization(self, provider: str = DEFAULT_AUTH_PROVIDER) -> dict:
+        """Request device authorization from WorkOS CLI Auth."""
+        if not self.client_id:
+            raise OAuthClientError("client_id is required")
+
+        device_auth_data = {
+            "client_id": self.client_id,
+            "provider": provider,
+        }
+
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['DEVICE_AUTHORIZE']}",
+                data=device_auth_data,
+                headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+            )
+
+            if response.status_code != 200:
+                raise OAuthClientError("Device authorization failed", response.text)
+
+            return response.json()
+
+    async def check_authentication_status(
+        self,
+        device_code: str,
+        client: Optional[httpx.AsyncClient] = None,
+    ) -> Tuple[int, AuthResponse]:
+        """Check authentication status without terminal output or polling loop.
+
+        Args:
+            device_code: The device code from device authorization
+            client: Optional httpx client to use, creates new one if not provided
+
+        Returns:
+            Tuple of (status_code, response_data)
+        """
+        token_data = {
+            "client_id": self.client_id,
+            "device_code": device_code,
+            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+        }
+
+        if client:
+            response = await client.post(
+                f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['AUTHENTICATE']}",
+                data=token_data,
+                headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+            )
+        else:
+            async with httpx.AsyncClient() as new_client:
+                response = await new_client.post(
+                    f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['AUTHENTICATE']}",
+                    data=token_data,
+                    headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+                )
+
+        return response.status_code, response.json()
+
+    async def poll_for_authentication(
+        self, device_code: str, interval: int = 5, timeout: int = 300
+    ) -> AuthTokenResponse:
+        """Poll for authentication completion with exponential backoff."""
+        start_time = time.time()
+        current_interval = interval
+        max_interval = 30  # Maximum polling interval
+
+        spinner = Spinner("dots", text="⏳ Waiting for authorization...")
+
+        with Live(spinner, console=console, refresh_per_second=4):
+            async with httpx.AsyncClient() as client:
+                while time.time() - start_time < timeout:
+                    status_code, response_data = await self.check_authentication_status(device_code, client)
+
+                    if status_code == 200:
+                        return response_data  # type: ignore
+
+                    error = response_data.get("error", "unknown_error")
+
+                    if error == "authorization_pending":
+                        # Continue polling
+                        await asyncio.sleep(current_interval)
+                        # Implement exponential backoff
+                        current_interval = min(current_interval * 1.5, max_interval)
+                        continue
+                    elif error == "slow_down":
+                        # Slow down polling
+                        current_interval = min(current_interval * 2, max_interval)
+                        spinner.text = f"🐌 Slowing down polling to {current_interval}s..."
+                        await asyncio.sleep(current_interval)
+                        spinner.text = "⏳ Waiting for authorization..."
+                        continue
+                    elif error == "expired_token":
+                        raise TokenError("Device code expired. Please try again.")
+                    elif error == "access_denied":
+                        raise OAuthClientError("Access denied by user.")
+                    else:
+                        raise OAuthClientError("Authentication failed", error)
+
+        raise TimeoutError("Authentication timed out. Please try again.")
+
+    async def login(self, open_browser: bool = True, provider: str = DEFAULT_AUTH_PROVIDER) -> AuthTokenResponse:
+        """Perform CLI Auth device flow login."""
+
+        # Step 1: Request device authorization
+        device_auth = await self.request_device_authorization(provider)
+
+        device_code = device_auth["device_code"]
+        user_code = device_auth["user_code"]
+        verification_uri = device_auth["verification_uri"]
+        verification_uri_complete = device_auth["verification_uri_complete"]
+        expires_in = device_auth.get("expires_in", 300)
+        interval = device_auth.get("interval", 5)
+
+        # Step 2: Display user code and verification URI in a panel
+        panel_content = (
+            f"\n🌐 Verification URL: "
+            f"[underline blue]{verification_uri}[/underline blue]\n"
+            f"\n🔑 Device Code: [bold yellow]{user_code}[/bold yellow]\n"
+        )
+
+        if open_browser:
+            panel_title = "🔐 Logging in to Plotly Cloud..."
+            webbrowser.open(verification_uri_complete)
+        else:
+            panel_title = "📋 Please open the URL in your browser to authenticate"
+
+        console.print()
+        console.print(
+            Panel(
+                panel_content,
+                title=panel_title,
+                border_style="dim yellow",
+                title_align="left",
+            )
+        )
+        console.print()
+        console.print()
+
+        # Step 3: Poll for authentication completion
+        try:
+            tokens = await self.poll_for_authentication(device_code, interval, expires_in)
+        except (OAuthClientError, TokenError, TimeoutError) as e:
+            console.print(f"✗ Authentication failed: {e}")
+            raise
+
+        # Step 4: Save credentials
+        await self._save_credentials(dict(tokens))
+
+        return tokens
+
+    async def _save_credentials(self, credentials: Dict[str, Any]):
+        """Save credentials to file."""
+        try:
+            # Ensure parent directory exists
+            self.credentials_path.parent.mkdir(exist_ok=True)
+
+            # Write credentials
+            with open(self.credentials_path, "w") as f:
+                json.dump(credentials, f, indent=2)
+
+            # Set secure permissions (readable only by owner)
+            os.chmod(self.credentials_path, 0o600)
+
+        except Exception as e:
+            raise CredentialError("Failed to save credentials", str(e)) from e
+
+    async def load_credentials(self) -> Optional[Dict[str, Any]]:
+        """Load saved credentials."""
+        try:
+            if not self.credentials_path.exists():
+                return None
+
+            with open(self.credentials_path) as f:
+                return json.load(f)
+
+        except Exception as e:
+            console.print(f"✗ Failed to load credentials: {e}")
+            return None
+
+    async def logout(self):
+        """Logout and clear credentials."""
+        credentials = await self.load_credentials()
+
+        if credentials and "access_token" in credentials:
+            # Call WorkOS logout endpoint
+            try:
+                async with httpx.AsyncClient() as client:
+                    await client.post(
+                        f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['LOGOUT']}",
+                        headers={
+                            "Authorization": f"Bearer {credentials['access_token']}",
+                            "user-agent": "PlotlyCloudCLI",
+                        },
+                    )
+            except Exception as e:
+                console.print(f"⚠ Failed to logout from remote: {e}")
+                # Continue with local cleanup even if remote logout fails
+
+        # Clear local credentials
+        if self.clear_credentials():
+            console.print("Local credentials cleared")
+
+    def clear_credentials(self):
+        if self.credentials_path.exists():
+            self.credentials_path.unlink()
+            return True
+        return False
+
+    async def is_authenticated(self) -> bool:
+        """Check if user is authenticated."""
+        credentials = await self.load_credentials()
+        return credentials is not None and "access_token" in credentials
+
+    async def get_access_token(self) -> Optional[str]:
+        """Get current access token."""
+        credentials = await self.load_credentials()
+        if credentials:
+            return credentials.get("access_token")
+        return None
+
+    async def refresh_access_token(self) -> str:
+        """Refresh the access token using the refresh token.
+
+        Raises:
+            TokenError: If no refresh token available or refresh fails
+        """
+        credentials = await self.load_credentials()
+        if not credentials or "refresh_token" not in credentials:
+            raise TokenError("No refresh token available")
+
+        refresh_token = credentials["refresh_token"]
+
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['REFRESH_TOKEN']}",
+                data={
+                    "client_id": self.client_id,
+                    "grant_type": "refresh_token",
+                    "refresh_token": refresh_token,
+                },
+                headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+            )
+
+            if response.status_code == 200:
+                new_tokens = response.json()
+                # Update stored credentials with new tokens
+                credentials.update(new_tokens)
+                await self._save_credentials(credentials)
+                return new_tokens["access_token"]
+            else:
+                raise TokenError("Token refresh failed", response.text)
+
+    @property
+    def access_token(self) -> Optional[str]:
+        """Synchronous property to get access token for backward compatibility."""
+        # This is a simplified sync version for compatibility
+        # In practice, you should use get_access_token() async method
+        try:
+            if self.credentials_path.exists():
+                with open(self.credentials_path) as f:
+                    credentials = json.load(f)
+                return credentials.get("access_token")
+        except Exception:
+            pass
+        return None