pypomes-jwt 1.0.4__tar.gz → 1.4.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/PKG-INFO +6 -4
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/pyproject.toml +6 -4
- pypomes_jwt-1.4.1/src/pypomes_jwt/__init__.py +23 -0
- pypomes_jwt-1.4.1/src/pypomes_jwt/jwt_config.py +87 -0
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/src/pypomes_jwt/jwt_pomes.py +136 -197
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/src/pypomes_jwt/jwt_registry.py +176 -187
- pypomes_jwt-1.0.4/src/pypomes_jwt/__init__.py +0 -33
- pypomes_jwt-1.0.4/src/pypomes_jwt/jwt_constants.py +0 -71
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/.gitignore +0 -0
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/LICENSE +0 -0
- {pypomes_jwt-1.0.4 → pypomes_jwt-1.4.1}/README.md +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_jwt
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.4.1
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (JWT module)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
|
|
@@ -10,7 +10,9 @@ Classifier: License :: OSI Approved :: MIT License
|
|
|
10
10
|
Classifier: Operating System :: OS Independent
|
|
11
11
|
Classifier: Programming Language :: Python :: 3
|
|
12
12
|
Requires-Python: >=3.12
|
|
13
|
-
Requires-Dist: cryptography>=
|
|
13
|
+
Requires-Dist: cryptography>=46.0.3
|
|
14
|
+
Requires-Dist: flask>=3.1.2
|
|
14
15
|
Requires-Dist: pyjwt>=2.10.1
|
|
15
|
-
Requires-Dist: pypomes-core>=
|
|
16
|
-
Requires-Dist: pypomes-
|
|
16
|
+
Requires-Dist: pypomes-core>=2.8.6
|
|
17
|
+
Requires-Dist: pypomes-crypto>=0.4.9
|
|
18
|
+
Requires-Dist: pypomes-db>=2.8.1
|
|
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
|
|
|
6
6
|
|
|
7
7
|
[project]
|
|
8
8
|
name = "pypomes_jwt"
|
|
9
|
-
version = "1.
|
|
9
|
+
version = "1.4.1"
|
|
10
10
|
authors = [
|
|
11
11
|
{ name="GT Nunes", email="wisecoder01@gmail.com" }
|
|
12
12
|
]
|
|
@@ -19,10 +19,12 @@ classifiers = [
|
|
|
19
19
|
"Operating System :: OS Independent"
|
|
20
20
|
]
|
|
21
21
|
dependencies = [
|
|
22
|
+
"cryptography>=46.0.3",
|
|
23
|
+
"Flask>=3.1.2",
|
|
22
24
|
"PyJWT>=2.10.1",
|
|
23
|
-
"
|
|
24
|
-
"
|
|
25
|
-
"pypomes_db>=2.
|
|
25
|
+
"pypomes_core>=2.8.6",
|
|
26
|
+
"pypomes_crypto>=0.4.9",
|
|
27
|
+
"pypomes_db>=2.8.1"
|
|
26
28
|
]
|
|
27
29
|
|
|
28
30
|
[project.urls]
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
from .jwt_config import (
|
|
2
|
+
JwtConfig, JwtDbConfig, JwtAlgorithm
|
|
3
|
+
)
|
|
4
|
+
from .jwt_pomes import (
|
|
5
|
+
jwt_needed, jwt_verify_request,
|
|
6
|
+
jwt_assert_account, jwt_set_account, jwt_remove_account,
|
|
7
|
+
jwt_issue_token, jwt_issue_tokens, jwt_refresh_tokens,
|
|
8
|
+
jwt_validate_token, jwt_revoke_token
|
|
9
|
+
)
|
|
10
|
+
|
|
11
|
+
__all__ = [
|
|
12
|
+
# jwt_config
|
|
13
|
+
"JwtConfig", "JwtDbConfig", "JwtAlgorithm",
|
|
14
|
+
# jwt_pomes
|
|
15
|
+
"jwt_needed", "jwt_verify_request",
|
|
16
|
+
"jwt_assert_account", "jwt_set_account", "jwt_remove_account",
|
|
17
|
+
"jwt_issue_token", "jwt_issue_tokens", "jwt_refresh_tokens",
|
|
18
|
+
"jwt_validate_token", "jwt_revoke_token"
|
|
19
|
+
]
|
|
20
|
+
|
|
21
|
+
from importlib.metadata import version
|
|
22
|
+
__version__ = version("pypomes_jwt")
|
|
23
|
+
__version_info__ = tuple(int(i) for i in __version__.split(".") if i.isdigit())
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
from cryptography.hazmat.primitives import serialization
|
|
2
|
+
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
3
|
+
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey
|
|
4
|
+
from enum import Enum, StrEnum
|
|
5
|
+
from pypomes_core import (
|
|
6
|
+
APP_PREFIX,
|
|
7
|
+
env_get_str, env_get_bytes, env_get_int, env_get_enum
|
|
8
|
+
)
|
|
9
|
+
from secrets import token_bytes
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class JwtAlgorithm(StrEnum):
|
|
13
|
+
"""
|
|
14
|
+
Supported decoding algorithms.
|
|
15
|
+
"""
|
|
16
|
+
HS256 = "HS256"
|
|
17
|
+
HS512 = "HS512"
|
|
18
|
+
RS256 = "RS256"
|
|
19
|
+
RS512 = "RS512"
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
# recommended: allow the encode and decode keys to be generated anew when app starts
|
|
23
|
+
_encoding_key: bytes = env_get_bytes(key=f"{APP_PREFIX}_JWT_ENCODING_KEY",
|
|
24
|
+
encoding="base64")
|
|
25
|
+
_decoding_key: bytes = env_get_bytes(key=f"{APP_PREFIX}_JWT_DECODING_KEY")
|
|
26
|
+
# default algorithm may cause encode and decode keys to be overriden
|
|
27
|
+
_default_algorithm: JwtAlgorithm = env_get_enum(key=f"{APP_PREFIX}_JWT_DEFAULT_ALGORITHM",
|
|
28
|
+
enum_class=JwtAlgorithm,
|
|
29
|
+
def_value=JwtAlgorithm.RS256)
|
|
30
|
+
if _default_algorithm in [JwtAlgorithm.HS256, JwtAlgorithm.HS512]:
|
|
31
|
+
if not _encoding_key:
|
|
32
|
+
_encoding_key = token_bytes(nbytes=32)
|
|
33
|
+
_decoding_key = _encoding_key
|
|
34
|
+
elif not _encoding_key or not _decoding_key:
|
|
35
|
+
__priv_key: RSAPrivateKey = rsa.generate_private_key(public_exponent=65537,
|
|
36
|
+
key_size=2048
|
|
37
|
+
if _default_algorithm == JwtAlgorithm.RS256 else 4096)
|
|
38
|
+
_encoding_key = __priv_key.private_bytes(encoding=serialization.Encoding.PEM,
|
|
39
|
+
format=serialization.PrivateFormat.PKCS8,
|
|
40
|
+
encryption_algorithm=serialization.NoEncryption())
|
|
41
|
+
__pub_key: RSAPublicKey = __priv_key.public_key()
|
|
42
|
+
_decoding_key = __pub_key.public_bytes(encoding=serialization.Encoding.PEM,
|
|
43
|
+
format=serialization.PublicFormat.SubjectPublicKeyInfo)
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
# HAZARD: instances uses must be '.value' qualified, as this is not a subclass of either 'StrEnum' or 'IntEnum'
|
|
47
|
+
class JwtConfig(Enum):
|
|
48
|
+
"""
|
|
49
|
+
Parameters for JWT token issuance.
|
|
50
|
+
"""
|
|
51
|
+
# recommended: between 5 min and 1 hour (set to 5 min)
|
|
52
|
+
ACCESS_MAX_AGE: int = env_get_int(key=f"{APP_PREFIX}_JWT_ACCESS_MAX_AGE",
|
|
53
|
+
def_value=300)
|
|
54
|
+
ACCOUNT_LIMIT: int = env_get_int(key=f"{APP_PREFIX}_JWT_ACCOUNT_LIMIT",
|
|
55
|
+
def_value=5)
|
|
56
|
+
DEFAULT_ALGORITHM: JwtAlgorithm = _default_algorithm
|
|
57
|
+
ENCODING_KEY: bytes = _encoding_key
|
|
58
|
+
DECODING_KEY: bytes = _decoding_key
|
|
59
|
+
# recommended: at least 2 hours (set to 24 hours)
|
|
60
|
+
REFRESH_MAX_AGE: int = env_get_int(key=f"{APP_PREFIX}_JWT_REFRESH_MAX_AGE",
|
|
61
|
+
def_value=86400)
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
del _decoding_key
|
|
65
|
+
del _encoding_key
|
|
66
|
+
del _default_algorithm
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
# database access is not be necessary, if only handling externally provided JWT tokens
|
|
70
|
+
class JwtDbConfig(StrEnum):
|
|
71
|
+
"""
|
|
72
|
+
Parameters for JWT database connection.
|
|
73
|
+
"""
|
|
74
|
+
ENGINE = env_get_str(key=f"{APP_PREFIX}_JWT_DB_ENGINE",
|
|
75
|
+
def_value="")
|
|
76
|
+
TABLE = env_get_str(key=f"{APP_PREFIX}_JWT_DB_TABLE",
|
|
77
|
+
def_value="")
|
|
78
|
+
COL_ACCOUNT = env_get_str(key=f"{APP_PREFIX}_JWT_DB_COL_ACCOUNT",
|
|
79
|
+
def_value="")
|
|
80
|
+
COL_ALGORITHM = env_get_str(key=f"{APP_PREFIX}_JWT_DB_COL_ALGORITHM",
|
|
81
|
+
def_value="")
|
|
82
|
+
COL_DECODER = env_get_str(key=f"{APP_PREFIX}_JWT_DB_COL_DECODER",
|
|
83
|
+
def_value="")
|
|
84
|
+
COL_KID = env_get_str(key=f"{APP_PREFIX}_JWT_DB_COL_KID",
|
|
85
|
+
def_value="")
|
|
86
|
+
COL_TOKEN = env_get_str(key=f"{APP_PREFIX}_JWT_DB_COL_TOKEN",
|
|
87
|
+
def_value="")
|