python3-commons 0.12.7__py3-none-any.whl → 0.13.0__py3-none-any.whl

python3_commons/auth.py

@@ -1,13 +1,10 @@
 import logging
-from collections.abc import Callable, Coroutine, MutableMapping, Sequence
+from collections.abc import Sequence
 from http import HTTPStatus
-from typing import Annotated, Any, TypeVar
+from typing import TypeVar
 
 import aiohttp
 import msgspec
-from fastapi import Depends, HTTPException
-from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
-from jose import JWTError, jwt
 
 from python3_commons.conf import oidc_settings
 
@@ -23,7 +20,6 @@ class TokenData(msgspec.Struct):
 
 T = TypeVar('T', bound=TokenData)
 OIDC_CONFIG_URL = f'{oidc_settings.authority_url}/.well-known/openid-configuration'
-bearer_security = HTTPBearer(auto_error=oidc_settings.enabled)
 
 
 async def fetch_openid_config() -> dict:
@@ -32,9 +28,9 @@ async def fetch_openid_config() -> dict:
     """
     async with aiohttp.ClientSession() as session, session.get(OIDC_CONFIG_URL) as response:
         if response.status != HTTPStatus.OK:
-            raise HTTPException(
-                status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail='Failed to fetch OpenID configuration'
-            )
+            msg = 'Failed to fetch OpenID configuration'
+
+            raise RuntimeError(msg)
 
         return await response.json()
 
@@ -45,44 +41,8 @@ async def fetch_jwks(jwks_uri: str) -> dict:
     """
     async with aiohttp.ClientSession() as session, session.get(jwks_uri) as response:
         if response.status != HTTPStatus.OK:
-            raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail='Failed to fetch JWKS')
-
-        return await response.json()
-
-
-def get_token_verifier[T](
-    token_cls: type[T],
-    jwks: MutableMapping,
-) -> Callable[[HTTPAuthorizationCredentials], Coroutine[Any, Any, T | None]]:
-    async def get_verified_token(
-        authorization: Annotated[HTTPAuthorizationCredentials, Depends(bearer_security)],
-    ) -> T | None:
-        """
-        Verify the JWT access token using OIDC authority JWKS.
-        """
-        if not oidc_settings.enabled:
-            return None
+            msg = 'Failed to fetch JWKS'
 
-        token = authorization.credentials
+            raise RuntimeError(msg)
 
-        try:
-            if not jwks:
-                openid_config = await fetch_openid_config()
-                _jwks = await fetch_jwks(openid_config['jwks_uri'])
-                jwks.clear()
-                jwks.update(_jwks)
-
-            if oidc_settings.client_id:
-                payload = jwt.decode(token, jwks, algorithms=['RS256'], audience=oidc_settings.client_id)
-            else:
-                payload = jwt.decode(token, jwks, algorithms=['RS256'])
-
-            token_data = token_cls(**payload)
-        except jwt.ExpiredSignatureError as e:
-            raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED, detail='Token has expired') from e
-        except JWTError as e:
-            raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED, detail=f'Token is invalid: {e!s}') from e
-
-        return token_data
-
-    return get_verified_token
+        return await response.json()

python3_commons/db/models/__init__.py

@@ -1,8 +1,4 @@
-from python3_commons.db.models.auth import ApiKey as ApiKey
-from python3_commons.db.models.auth import User as User
 from python3_commons.db.models.auth import UserGroup as UserGroup
-from python3_commons.db.models.rbac import RBACApiKeyRole as RBACApiKeyRole
 from python3_commons.db.models.rbac import RBACPermission as RBACPermission
 from python3_commons.db.models.rbac import RBACRole as RBACRole
 from python3_commons.db.models.rbac import RBACRolePermission as RBACRolePermission
-from python3_commons.db.models.rbac import RBACUserRole as RBACUserRole

python3_commons/db/models/auth.py

@@ -1,35 +1,11 @@
-import uuid
-from datetime import datetime
-
-from fastapi_users_db_sqlalchemy import GUID, SQLAlchemyBaseUserTableUUID
-from sqlalchemy import BIGINT, DateTime, ForeignKey, String
+from sqlalchemy import String
 from sqlalchemy.orm import Mapped, mapped_column
 
 from python3_commons.db import Base
-from python3_commons.db.models.common import BaseDBModel, BaseDBUUIDModel
+from python3_commons.db.models.common import BaseDBModel
 
 
 class UserGroup(BaseDBModel, Base):
     __tablename__ = 'user_groups'
 
     name: Mapped[str] = mapped_column(String, nullable=False)
-
-
-class User(SQLAlchemyBaseUserTableUUID, Base):
-    __tablename__ = 'users'
-
-    username: Mapped[str] = mapped_column(String, unique=True, index=True, nullable=False)
-    group_id: Mapped[int | None] = mapped_column(BIGINT, ForeignKey('user_groups.id'))
-
-
-class ApiKey(BaseDBUUIDModel, Base):
-    __tablename__ = 'api_keys'
-
-    user_id: Mapped[uuid.UUID | None] = mapped_column(
-        GUID,
-        ForeignKey('users.id', name='fk_api_key_user', ondelete='RESTRICT'),
-        index=True,
-    )
-    partner_name: Mapped[str] = mapped_column(String, unique=True)
-    key: Mapped[str] = mapped_column(String, unique=True)
-    expires_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))

python3_commons/db/models/rbac.py

@@ -1,8 +1,6 @@
 import uuid
-from datetime import datetime
 
-from fastapi_users_db_sqlalchemy import GUID
-from sqlalchemy import CheckConstraint, DateTime, ForeignKey, PrimaryKeyConstraint, String
+from sqlalchemy import CheckConstraint, ForeignKey, PrimaryKeyConstraint, String
 from sqlalchemy.dialects.postgresql import UUID
 from sqlalchemy.orm import Mapped, mapped_column
 
@@ -40,52 +38,3 @@ class RBACRolePermission(Base):
     )
 
     __table_args__ = (PrimaryKeyConstraint('role_uid', 'permission_uid', name='pk_rbac_role_permissions'),)
-
-
-class RBACUserRole(Base):
-    __tablename__ = 'rbac_user_roles'
-
-    user_id: Mapped[uuid.UUID | None] = mapped_column(
-        GUID,
-        ForeignKey('users.id', name='fk_rbac_user_roles_user', ondelete='CASCADE'),
-        index=True,
-    )
-    role_uid: Mapped[uuid.UUID | None] = mapped_column(
-        UUID,
-        ForeignKey('rbac_roles.uid', name='fk_rbac_user_roles_role', ondelete='CASCADE'),
-        index=True,
-    )
-    starts_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), nullable=False)
-    expires_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
-
-    __table_args__ = (PrimaryKeyConstraint('user_id', 'role_uid', name='pk_rbac_user_roles'),)
-
-
-class RBACApiKeyRole(Base):
-    __tablename__ = 'rbac_api_key_roles'
-
-    api_key_uid: Mapped[uuid.UUID | None] = mapped_column(
-        UUID,
-        ForeignKey('api_keys.uid', name='fk_rbac_api_key_roles_user', ondelete='CASCADE'),
-        index=True,
-    )
-    role_uid: Mapped[uuid.UUID | None] = mapped_column(
-        UUID,
-        ForeignKey('rbac_roles.uid', name='fk_rbac_api_key_roles_role', ondelete='CASCADE'),
-        index=True,
-    )
-    starts_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), nullable=False)
-    expires_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
-
-    __table_args__ = (PrimaryKeyConstraint('api_key_uid', 'role_uid', name='pk_rbac_api_key_roles'),)
-
-
-# class RBACRoleRelation(Base):
-#     __tablename__ = 'rbac_role_relations'
-#
-#     parent_uid: Mapped[uuid.UUID] = mapped_column(UUID)
-#     child_uid: Mapped[uuid.UUID] = mapped_column(UUID)
-#
-#     __table_args__ = (
-#         PrimaryKeyConstraint('parent_uid', 'child_uid', name='pk_rbac_role_relations'),
-#     )

{python3_commons-0.12.7.dist-info → python3_commons-0.13.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python3-commons
-Version: 0.12.7
+Version: 0.13.0
 Summary: Re-usable Python3 code
 Author-email: Oleg Korsak <kamikaze.is.waiting.you@gmail.com>
 License-Expression: GPL-3.0
@@ -15,14 +15,10 @@ License-File: AUTHORS.rst
 Requires-Dist: aiobotocore~=2.25.0
 Requires-Dist: aiohttp[speedups]<3.15.0,>=3.12.0
 Requires-Dist: asyncpg~=0.30.0
-Requires-Dist: fastapi-users-db-sqlalchemy~=7.0.0
-Requires-Dist: fastapi-users[sqlalchemy]~=15.0.1
 Requires-Dist: lxml~=6.0.2
 Requires-Dist: msgpack~=1.1.2
 Requires-Dist: msgspec~=0.19.0
-Requires-Dist: pydantic[email]~=2.12.3
 Requires-Dist: pydantic-settings~=2.11.0
-Requires-Dist: python-jose==3.5.0
 Requires-Dist: SQLAlchemy[asyncio]~=2.0.44
 Requires-Dist: valkey[libvalkey]~=6.1.1
 Requires-Dist: zeep~=4.3.2

{python3_commons-0.12.7.dist-info → python3_commons-0.13.0.dist-info}/RECORD

@@ -1,19 +1,18 @@
 python3_commons/__init__.py,sha256=0KgaYU46H_IMKn-BuasoRN3C4Hi45KlkHHoPbU9cwiA,189
 python3_commons/api_client.py,sha256=0PE8iYW5zq7n89veC6afSkwj_fzD_nldBc5wdXyg5jo,5266
 python3_commons/audit.py,sha256=vPwGR0s7RoDpxhK1Q2N44T1pdannxmSgpqcA5hn5bPE,6078
-python3_commons/auth.py,sha256=uJRxsmeQpJxfUs1bAbshb3wn58OdD2UjVcXAYB3hnQc,2948
+python3_commons/auth.py,sha256=DJVOTFtJ8TuyMXNoMK3xtXsHx50FBdvOvo2BuQVjLJY,1239
 python3_commons/cache.py,sha256=-3CvGo1FH5H8N_gUClEcvWgz5VWU5YlgQa48PXfdmMY,7728
 python3_commons/conf.py,sha256=77nqTBL5bAk8iOEdtdHWjYx8wLKtHBj6TCylSo3BWQk,2392
 python3_commons/fs.py,sha256=dn8ZcwsQf9xcAEg6neoxLN6IzJbWpprfm8wV8S55BL0,337
 python3_commons/helpers.py,sha256=RpbHU04MXQ-b2GC0RZlmkcpu33KCU4Mq8-qa2hbNbgA,4027
 python3_commons/object_storage.py,sha256=dhTCHz_SbttB9e4wkzp3jxs-fASFa2L-F-PdkG5bedI,6584
-python3_commons/permissions.py,sha256=n6q4mSlBkiIeQMNFydQoXCkyu-TovAEzYK_Cvg2rU6g,1527
 python3_commons/db/__init__.py,sha256=gizEDoNNWMWyaLSpb01qXmyViKPaz1XRrk_fOZ9AveU,2918
 python3_commons/db/helpers.py,sha256=n56yYCE0fvzvU7nL1936NfZhbaQmvfumzRsGimBlNV4,1776
-python3_commons/db/models/__init__.py,sha256=zjZCf0DNDkqmPZ49quJ6KZohtKH87viI_ijDG3E0PVE,554
-python3_commons/db/models/auth.py,sha256=NMHirujigpaRR0Bhhe2gzy8Q8PPABuaA-D8ZY7aaqeE,1177
+python3_commons/db/models/__init__.py,sha256=4BFR7bydZdUC4l6gEa49_fZTp4pQ5x7ndgHUBEdGwXk,290
+python3_commons/db/models/auth.py,sha256=3RndBuvARojVXO7RdvJ37A0OUvHTD39gpZ3MnKXGS-c,308
 python3_commons/db/models/common.py,sha256=nRLQVi7Y0SsXo3qMIwQX6GuDO9kHnlma4O_mYXQVtHQ,1512
-python3_commons/db/models/rbac.py,sha256=BIB7nJXQkCes0XA-fg-oCHP6YU0_rXIm29O73j4pNUg,3160
+python3_commons/db/models/rbac.py,sha256=Kvd5GNlGjaNZDlRGP_h9tb3LPHGlnY8IvfhVkFmO5Js,1333
 python3_commons/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 python3_commons/log/filters.py,sha256=fuyjXZAUm-i2MNrxvFYag8F8Rr27x8W8MdV3ke6miSs,175
 python3_commons/log/formatters.py,sha256=p2AtZD4Axp3Em0e9gWzW8U_yOR5entD7xn7Edvc-IuM,719
@@ -22,9 +21,9 @@ python3_commons/serializers/common.py,sha256=VkA7C6wODvHk0QBXVX_x2JieDstihx3U__U
 python3_commons/serializers/json.py,sha256=UPkC3ps13x2C_NxwVV-K7Ewp4VjkVHSSUkJVw5k7Wiw,712
 python3_commons/serializers/msgpack.py,sha256=mKQwfjPHh3BiXYCZLAhBsEhys8DxKHMZJIq-gDgqGDM,1451
 python3_commons/serializers/msgspec.py,sha256=CAqlaZnDh-jiT6B_TsxXF9AojROMcV3bBd0Kp8ZFAzY,2952
-python3_commons-0.12.7.dist-info/licenses/AUTHORS.rst,sha256=3R9JnfjfjH5RoPWOeqKFJgxVShSSfzQPIrEr1nxIo9Q,90
-python3_commons-0.12.7.dist-info/licenses/LICENSE,sha256=xxILuojHm4fKQOrMHPSslbyy6WuKAN2RiG74HbrYfzM,34575
-python3_commons-0.12.7.dist-info/METADATA,sha256=2ON8QthJBRbW4Hu4RCMDyiGyKgilT3sTV7j-yv_uXfw,1149
-python3_commons-0.12.7.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-python3_commons-0.12.7.dist-info/top_level.txt,sha256=lJI6sCBf68eUHzupCnn2dzG10lH3jJKTWM_hrN1cQ7M,16
-python3_commons-0.12.7.dist-info/RECORD,,
+python3_commons-0.13.0.dist-info/licenses/AUTHORS.rst,sha256=3R9JnfjfjH5RoPWOeqKFJgxVShSSfzQPIrEr1nxIo9Q,90
+python3_commons-0.13.0.dist-info/licenses/LICENSE,sha256=xxILuojHm4fKQOrMHPSslbyy6WuKAN2RiG74HbrYfzM,34575
+python3_commons-0.13.0.dist-info/METADATA,sha256=oidcq4MnqJtRwOS2vQuOcWdiZIbWxUd8HJmA45dHOF4,977
+python3_commons-0.13.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+python3_commons-0.13.0.dist-info/top_level.txt,sha256=lJI6sCBf68eUHzupCnn2dzG10lH3jJKTWM_hrN1cQ7M,16
+python3_commons-0.13.0.dist-info/RECORD,,

python3_commons/permissions.py

@@ -1,46 +0,0 @@
-import logging
-from uuid import UUID
-
-import sqlalchemy as sa
-from sqlalchemy import and_, exists, func
-from sqlalchemy.ext.asyncio import AsyncSession
-
-from python3_commons.db.models import RBACApiKeyRole, RBACPermission, RBACRolePermission, RBACUserRole
-
-logger = logging.getLogger(__name__)
-
-
-async def has_api_key_permission(session: AsyncSession, api_key_uid: UUID, permission: str) -> bool:
-    query = sa.select(
-        exists().where(
-            and_(
-                RBACApiKeyRole.api_key_uid == api_key_uid,
-                (RBACApiKeyRole.expires_at.is_(None) | (RBACApiKeyRole.expires_at > func.now())),
-                RBACApiKeyRole.role_uid == RBACRolePermission.role_uid,
-                RBACRolePermission.permission_uid == RBACPermission.uid,
-                RBACPermission.name == permission,
-            )
-        )
-    )
-
-    cursor = await session.execute(query)
-
-    return bool(cursor.scalar())
-
-
-async def has_user_permission(session: AsyncSession, user_id: UUID, permission: str) -> bool:
-    query = sa.select(
-        exists().where(
-            and_(
-                RBACUserRole.user_id == user_id,
-                (RBACUserRole.expires_at.is_(None) | (RBACUserRole.expires_at > func.now())),
-                RBACUserRole.role_uid == RBACRolePermission.role_uid,
-                RBACRolePermission.permission_uid == RBACPermission.uid,
-                RBACPermission.name == permission,
-            )
-        )
-    )
-
-    cursor = await session.execute(query)
-
-    return bool(cursor.scalar())