ragbits-chat 1.4.0.dev202512151244__py3-none-any.whl → 1.4.0.dev202601010248__py3-none-any.whl

ragbits/chat/auth/base.py

@@ -7,14 +7,13 @@ from pydantic import BaseModel
 from ragbits.core.options import Options
 from ragbits.core.utils.config_handling import ConfigurableComponent
 
-from .types import JWTToken, OAuth2Credentials, User, UserCredentials
+from .types import OAuth2Credentials, User, UserCredentials
 
 
 class AuthOptions(Options):
     """Options for authentication backends."""
 
-    jwt_algorithm: str = "HS256"
-    token_expiry_minutes: int = 24 * 60
+    pass
 
 
 class AuthenticationResponse(BaseModel):
@@ -22,7 +21,7 @@ class AuthenticationResponse(BaseModel):
 
     success: bool
     user: User | None = None
-    jwt_token: JWTToken | None = None
+    session_id: str | None = None
     error_message: str | None = None
 
 
@@ -60,26 +59,25 @@ class AuthenticationBackend(ConfigurableComponent[AuthOptions], ABC):
         pass
 
     @abstractmethod
-    async def validate_token(self, token: str) -> AuthenticationResponse:
+    async def validate_session(self, session_id: str) -> AuthenticationResponse:
         """
-        Validate a JWT jwt_token.
+        Validate a session.
 
         Args:
-            token: The JWT jwt_token to validate
+            session_id: The session ID to validate
 
         Returns:
             AuthenticationResult with user if valid
         """
-        # Default implementation for backward compatibility
         pass
 
     @abstractmethod
-    async def revoke_token(self, token: str) -> bool:
+    async def revoke_session(self, session_id: str) -> bool:
         """
         Revoke/logout a session.
 
         Args:
-            token: The jwt_token to revoke
+            session_id: The session ID to revoke
 
         Returns:
             True if successfully revoked

ragbits/chat/auth/oauth2_providers.py

@@ -0,0 +1,108 @@
+"""OAuth2 provider implementations for various authentication services."""
+
+from abc import ABC, abstractmethod
+from typing import Any
+
+from ragbits.chat.auth.types import User
+
+
+class OAuth2Provider(ABC):
+    """Abstract base class for OAuth2 providers."""
+
+    @property
+    @abstractmethod
+    def name(self) -> str:
+        """Provider name (e.g., 'discord')."""
+        pass
+
+    @property
+    @abstractmethod
+    def display_name(self) -> str:
+        """Human-readable provider name (e.g., 'Discord')."""
+        pass
+
+    @property
+    @abstractmethod
+    def authorize_url(self) -> str:
+        """OAuth2 authorization endpoint."""
+        pass
+
+    @property
+    @abstractmethod
+    def token_url(self) -> str:
+        """OAuth2 token exchange endpoint."""
+        pass
+
+    @property
+    @abstractmethod
+    def user_info_url(self) -> str:
+        """User info endpoint."""
+        pass
+
+    @property
+    @abstractmethod
+    def scope(self) -> str:
+        """OAuth2 scopes to request."""
+        pass
+
+    @abstractmethod
+    def create_user_from_data(self, user_data: dict[str, Any]) -> User:
+        """
+        Create a User object from provider-specific user data.
+
+        Args:
+            user_data: Raw user data from the provider
+
+        Returns:
+            User object
+        """
+        pass
+
+
+class DiscordOAuth2Provider(OAuth2Provider):
+    """Discord OAuth2 provider implementation."""
+
+    @property
+    def name(self) -> str:
+        """Return the provider name."""
+        return "discord"
+
+    @property
+    def display_name(self) -> str:
+        """Return the human-readable provider name."""
+        return "Discord"
+
+    @property
+    def authorize_url(self) -> str:
+        """Return the OAuth2 authorization URL."""
+        return "https://discord.com/api/oauth2/authorize"
+
+    @property
+    def token_url(self) -> str:
+        """Return the OAuth2 token exchange URL."""
+        return "https://discord.com/api/oauth2/token"
+
+    @property
+    def user_info_url(self) -> str:
+        """Return the user info API URL."""
+        return "https://discord.com/api/users/@me"
+
+    @property
+    def scope(self) -> str:
+        """Return the OAuth2 scope to request."""
+        return "identify email"
+
+    def create_user_from_data(self, user_data: dict[str, Any]) -> User:  # noqa: PLR6301
+        """Create User object from Discord data."""
+        return User(
+            user_id=f"discord_{user_data['id']}",
+            username=user_data.get("username", ""),
+            email=user_data.get("email"),
+            full_name=user_data.get("global_name"),
+            roles=["user"],
+            metadata={
+                "provider": "discord",
+                "avatar": user_data.get("avatar"),
+                "discriminator": user_data.get("discriminator"),
+            },
+        )

ragbits/chat/auth/provider_config.py

@@ -0,0 +1,81 @@
+"""OAuth2 provider visual configuration (icons, colors, etc.)."""
+
+from typing import Any
+
+
+class OAuth2ProviderVisualConfig:
+    """Visual configuration for OAuth2 providers (brand colors, icons, etc.)."""
+
+    def __init__(
+        self,
+        name: str,
+        display_name: str,
+        color: str,
+        button_color: str | None = None,
+        text_color: str = "#FFFFFF",
+        icon_svg: str | None = None,
+    ):
+        """
+        Initialize provider visual configuration.
+
+        Args:
+            name: Provider identifier (e.g., 'google', 'discord')
+            display_name: Human-readable provider name
+            color: Brand color for the provider
+            button_color: Optional button background color (defaults to color)
+            text_color: Button text color (defaults to white)
+            icon_svg: Optional SVG icon as string
+        """
+        self.name = name
+        self.display_name = display_name
+        self.color = color
+        self.button_color = button_color or color
+        self.text_color = text_color
+        self.icon_svg = icon_svg
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert to dictionary for API serialization."""
+        return {
+            "name": self.name,
+            "display_name": self.display_name,
+            "color": self.color,
+            "button_color": self.button_color,
+            "text_color": self.text_color,
+            "icon_svg": self.icon_svg,
+        }
+
+
+# Provider visual configurations
+PROVIDER_CONFIGS: dict[str, OAuth2ProviderVisualConfig] = {
+    "discord": OAuth2ProviderVisualConfig(
+        name="discord",
+        display_name="Discord",
+        color="#5865F2",
+        icon_svg='<svg width="20" height="20" viewBox="0 0 71 55" fill="none" xmlns="http://www.w3.org/2000/svg"><g clipPath="url(#clip0)"><path d="M60.1045 4.8978C55.5792 2.8214 50.7265 1.2916 45.6527 0.41542C45.5603 0.39851 45.468 0.440769 45.4204 0.525289C44.7963 1.6353 44.105 3.0834 43.6209 4.2216C38.1637 3.4046 32.7345 3.4046 27.3892 4.2216C26.905 3.0581 26.1886 1.6353 25.5617 0.525289C25.5141 0.443589 25.4218 0.40133 25.3294 0.41542C20.2584 1.2888 15.4057 2.8186 10.8776 4.8978C10.8384 4.9147 10.8048 4.9429 10.7825 4.9795C1.57795 18.7309 -0.943561 32.1443 0.293408 45.3914C0.299005 45.4562 0.335386 45.5182 0.385761 45.5576C6.45866 50.0174 12.3413 52.7249 18.1147 54.5195C18.2071 54.5477 18.305 54.5139 18.3638 54.4378C19.7295 52.5728 20.9469 50.6063 21.9907 48.5383C22.0523 48.4172 21.9935 48.2735 21.8676 48.2256C19.9366 47.4931 18.0979 46.6 16.3292 45.5858C16.1893 45.5041 16.1781 45.304 16.3068 45.2082C16.679 44.9293 17.0513 44.6391 17.4067 44.3461C17.471 44.2926 17.5606 44.2813 17.6362 44.3151C29.2558 49.6202 41.8354 49.6202 53.3179 44.3151C53.3935 44.2785 53.4831 44.2898 53.5502 44.3433C53.9057 44.6363 54.2779 44.9293 54.6529 45.2082C54.7816 45.304 54.7732 45.5041 54.6333 45.5858C52.8646 46.6197 51.0259 47.4931 49.0921 48.2228C48.9662 48.2707 48.9102 48.4172 48.9718 48.5383C50.038 50.6034 51.2554 52.5699 52.5959 54.435C52.6519 54.5139 52.7526 54.5477 52.845 54.5195C58.6464 52.7249 64.529 50.0174 70.6019 45.5576C70.6551 45.5182 70.6887 45.459 70.6943 45.3942C72.1747 30.0791 68.2147 16.7757 60.1968 4.9823C60.1772 4.9429 60.1437 4.9147 60.1045 4.8978ZM23.7259 37.3253C20.2276 37.3253 17.3451 34.1136 17.3451 30.1693C17.3451 26.225 20.1717 23.0133 23.7259 23.0133C27.308 23.0133 30.1626 26.2532 30.1066 30.1693C30.1066 34.1136 27.28 37.3253 23.7259 37.3253ZM47.3178 37.3253C43.8196 37.3253 40.9371 34.1136 40.9371 30.1693C40.9371 26.225 43.7636 23.0133 47.3178 23.0133C50.9 23.0133 53.7545 26.2532 53.6986 30.1693C53.6986 34.1136 50.9 37.3253 47.3178 37.3253Z" fill="currentColor"/></g><defs><clipPath id="clip0"><rect width="71" height="55" fill="white"/></clipPath></defs></svg>',  # noqa: E501
+    )
+}
+
+
+def get_provider_visual_config(provider_name: str) -> OAuth2ProviderVisualConfig:
+    """
+    Get visual configuration for a provider.
+
+    Args:
+        provider_name: Provider identifier
+
+    Returns:
+        Visual configuration for the provider, or default config if not found
+    """
+    config = PROVIDER_CONFIGS.get(provider_name.lower())
+    if config:
+        return config
+
+    # Return default configuration for unknown providers
+    capitalized_name = provider_name.capitalize()
+    return OAuth2ProviderVisualConfig(
+        name=provider_name,
+        display_name=capitalized_name,
+        color="#6B7280",
+        text_color="#FFFFFF",
+        icon_svg='<svg width="20" height="20" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 18c-4.41 0-8-3.59-8-8s3.59-8 8-8 8 3.59 8 8-3.59 8-8 8zm-1-13h2v6h-2zm0 8h2v2h-2z" fill="currentColor"/></svg>',  # noqa: E501
+    )

ragbits/chat/auth/session_store.py

@@ -0,0 +1,178 @@
+"""Session storage implementations."""
+
+import asyncio
+import logging
+import secrets
+from datetime import datetime, timezone
+
+from ragbits.chat.auth.types import Session, SessionStore
+
+logger = logging.getLogger(__name__)
+
+# Minimum length for session ID truncation in logs (for readability while maintaining some privacy)
+SESSION_ID_LOG_LENGTH = 8
+
+
+class InMemorySessionStore(SessionStore):
+    """In-memory session store implementation."""
+
+    def __init__(self) -> None:
+        """Initialize the in-memory session store."""
+        self.sessions: dict[str, Session] = {}
+        self.lock = asyncio.Lock()
+
+    async def create_session(self, session: Session) -> str:
+        """
+        Create a new session.
+
+        Args:
+            session: Session object to store
+
+        Returns:
+            Session ID
+        """
+        session_id = secrets.token_urlsafe(32)
+        session.session_id = session_id
+
+        async with self.lock:
+            self.sessions[session_id] = session
+
+        logger.debug("Created session for user: %s", session.user.username)
+        return session_id
+
+    async def get_session(self, session_id: str) -> Session | None:
+        """
+        Retrieve a session by ID.
+
+        Args:
+            session_id: Session ID to retrieve
+
+        Returns:
+            Session object if found and not expired, None otherwise
+        """
+        async with self.lock:
+            session = self.sessions.get(session_id)
+
+        if not session:
+            logger.debug(
+                "Session not found: %s...",
+                session_id[:SESSION_ID_LOG_LENGTH] if len(session_id) >= SESSION_ID_LOG_LENGTH else session_id,
+            )
+            return None
+
+        # Check if session is expired
+        if datetime.now(timezone.utc) > session.expires_at:
+            # Session expired, delete it
+            logger.debug(
+                "Session expired, removing: %s...",
+                session_id[:SESSION_ID_LOG_LENGTH] if len(session_id) >= SESSION_ID_LOG_LENGTH else session_id,
+            )
+            await self.delete_session(session_id)
+            return None
+
+        return session
+
+    async def delete_session(self, session_id: str) -> bool:
+        """
+        Delete a session.
+
+        Args:
+            session_id: Session ID to delete
+
+        Returns:
+            True if session was deleted, False if not found
+        """
+        async with self.lock:
+            if session_id in self.sessions:
+                del self.sessions[session_id]
+                logger.debug(
+                    "Session deleted: %s...",
+                    session_id[:SESSION_ID_LOG_LENGTH] if len(session_id) >= SESSION_ID_LOG_LENGTH else session_id,
+                )
+                return True
+
+        logger.debug(
+            "Session not found for deletion: %s...",
+            session_id[:SESSION_ID_LOG_LENGTH] if len(session_id) >= SESSION_ID_LOG_LENGTH else session_id,
+        )
+        return False
+
+    def cleanup_expired_sessions(self) -> int:
+        """
+        Remove expired sessions from storage.
+
+        This method is synchronous for compatibility with background task schedulers.
+        It acquires the lock internally and skips cleanup if the lock is held.
+
+        Returns:
+            Number of sessions removed
+
+        Example:
+            To schedule periodic cleanup, you can use APScheduler or a similar library:
+
+            ```python
+            from apscheduler.schedulers.asyncio import AsyncIOScheduler
+            from ragbits.chat.auth.session_store import InMemorySessionStore
+
+            session_store = InMemorySessionStore()
+            scheduler = AsyncIOScheduler()
+
+            # Run cleanup every hour
+            scheduler.add_job(
+                session_store.cleanup_expired_sessions,
+                "interval",
+                hours=1,
+                id="cleanup_sessions",
+            )
+            scheduler.start()
+            ```
+
+            Or using FastAPI's lifespan with asyncio:
+
+            ```python
+            import asyncio
+            from contextlib import asynccontextmanager
+            from fastapi import FastAPI
+
+
+            @asynccontextmanager
+            async def lifespan(app: FastAPI):
+                async def cleanup_task():
+                    while True:
+                        await asyncio.sleep(3600)  # Run every hour
+                        removed = session_store.cleanup_expired_sessions()
+                        if removed > 0:
+                            print(f"Cleaned up {removed} expired sessions")
+
+                task = asyncio.create_task(cleanup_task())
+
+        Yield:
+                task.cancel()
+            ```
+        """
+        now = datetime.now(timezone.utc)
+        sessions_to_remove = []
+
+        # Note: This is a synchronous method for background task compatibility
+        # In production, consider using an async background task instead
+        try:
+            # Try to acquire lock without blocking if we're in an async context
+            if self.lock.locked():
+                logger.debug("Session cleanup skipped: lock is held")
+                return 0  # Skip cleanup if lock is held
+
+            # Synchronous cleanup - safe for background threads
+            for session_id, session in list(self.sessions.items()):
+                if now > session.expires_at:
+                    sessions_to_remove.append(session_id)
+
+            for session_id in sessions_to_remove:
+                self.sessions.pop(session_id, None)
+
+            if sessions_to_remove:
+                logger.info("Cleaned up %d expired sessions", len(sessions_to_remove))
+
+            return len(sessions_to_remove)
+        except Exception as e:
+            logger.exception("Error during session cleanup: %s", str(e))
+            return 0

ragbits/chat/auth/types.py

@@ -1,3 +1,4 @@
+from abc import ABC, abstractmethod
 from datetime import datetime
 from typing import Any
 
@@ -23,51 +24,87 @@ class UserCredentials(BaseModel):
 
 
 class OAuth2Credentials(BaseModel):
-    """Represents OAuth2 authentication data."""
+    """Represents OAuth2 authentication data from Discord."""
 
     access_token: str
     token_type: str = "bearer"
-    refresh_token: str | None = None
-    expires_at: datetime | None = None
-    scope: str | None = None
 
 
-class JWTToken(BaseModel):
-    """Represents a JWT authentication jwt_token."""
-
-    access_token: str
-    token_type: str = "bearer"
-    expires_in: int  # seconds until expiration
-    refresh_token: str | None = None
-    user: User
-
-
-class CredentialsLoginRequest(BaseModel):
-    """
-    Request body for user login
-    """
-
-    username: str = Field(..., description="Username")
-    password: str = Field(..., description="Password")
-
-
-LoginRequest = CredentialsLoginRequest
+LoginRequest = UserCredentials
 
 
 class LoginResponse(BaseModel):
     """
-    Response body for successful login
+    Response body for login with session-based authentication.
+
+    The session ID is set as an HTTP-only cookie by the backend.
+    Frontend only receives user information.
     """
 
     success: bool = Field(..., description="Whether login was successful")
     user: User | None = Field(None, description="User information")
     error_message: str | None = Field(None, description="Error message if login failed")
-    jwt_token: JWTToken | None = Field(..., description="Access jwt_token")
 
 
-class LogoutRequest(BaseModel):
+class OAuth2AuthorizeResponse(BaseModel):
     """
-    Request body for user logout
+    Response for OAuth2 authorization URL request
     """
 
-    token: str = Field(..., description="Session ID to logout")
+    authorize_url: str = Field(..., description="URL to redirect user to for OAuth2 authorization")
+    state: str = Field(..., description="State parameter for CSRF protection")
+
+
+class Session(BaseModel):
+    """Represents a user session."""
+
+    session_id: str
+    user: User
+    provider: str
+    oauth_token: str  # Provider's OAuth token
+    token_type: str
+    created_at: datetime
+    expires_at: datetime
+
+
+class SessionStore(ABC):
+    """Abstract base class for session storage."""
+
+    @abstractmethod
+    async def create_session(self, session: Session) -> str:
+        """
+        Create a new session.
+
+        Args:
+            session: Session object to store
+
+        Returns:
+            Session ID
+        """
+        pass
+
+    @abstractmethod
+    async def get_session(self, session_id: str) -> Session | None:
+        """
+        Retrieve a session by ID.
+
+        Args:
+            session_id: Session ID to retrieve
+
+        Returns:
+            Session object if found, None otherwise
+        """
+        pass
+
+    @abstractmethod
+    async def delete_session(self, session_id: str) -> bool:
+        """
+        Delete a session.
+
+        Args:
+            session_id: Session ID to delete
+
+        Returns:
+            True if session was deleted, False if not found
+        """
+        pass

ragbits/chat/interface/types.py

@@ -858,6 +858,18 @@ class AuthType(str, Enum):
     """Defines the available authentication types."""
 
     CREDENTIALS = "credentials"
+    OAUTH2 = "oauth2"
+
+
+class OAuth2ProviderConfig(BaseModel):
+    """Configuration for an OAuth2 provider including visual configuration."""
+
+    name: str = Field(..., description="Provider name (e.g., 'discord')")
+    display_name: str | None = Field(None, description="Display name for the provider (e.g., 'Discord')")
+    color: str | None = Field(None, description="Brand color for the provider (e.g., '#5865F2')")
+    button_color: str | None = Field(None, description="Button background color (defaults to color)")
+    text_color: str | None = Field(None, description="Button text color (defaults to white)")
+    icon_svg: str | None = Field(None, description="SVG icon as string")
 
 
 class AuthenticationConfig(BaseModel):
@@ -865,6 +877,9 @@ class AuthenticationConfig(BaseModel):
 
     enabled: bool = Field(default=False, description="Enable/disable authentication")
     auth_types: list[AuthType] = Field(default=[], description="List of available authentication types")
+    oauth2_providers: list[OAuth2ProviderConfig] = Field(
+        default_factory=list, description="List of available OAuth2 providers"
+    )
 
 
 class ConfigResponse(BaseModel):

ragbits/chat/providers/model_provider.py

@@ -42,12 +42,11 @@ class RagbitsChatModelProvider:
 
         try:
             from ragbits.chat.auth.types import (
-                CredentialsLoginRequest,
-                JWTToken,
                 LoginRequest,
                 LoginResponse,
-                LogoutRequest,
+                OAuth2AuthorizeResponse,
                 User,
+                UserCredentials,
             )
             from ragbits.chat.interface.forms import UserSettings
             from ragbits.chat.interface.types import (
@@ -73,6 +72,7 @@ class RagbitsChatModelProvider:
                 MessageIdContent,
                 MessageRole,
                 MessageUsage,
+                OAuth2ProviderConfig,
                 Reference,
                 StateUpdate,
                 TextContent,
@@ -123,17 +123,17 @@ class RagbitsChatModelProvider:
                 # API response models
                 "ConfigResponse": ConfigResponse,
                 "FeedbackResponse": FeedbackResponse,
+                "OAuth2AuthorizeResponse": OAuth2AuthorizeResponse,
+                "OAuth2ProviderConfig": OAuth2ProviderConfig,
                 # API request models
                 "ChatRequest": ChatMessageRequest,
                 "FeedbackRequest": FeedbackRequest,
                 # Auth
                 "AuthType": AuthType,
                 "AuthenticationConfig": AuthenticationConfig,
-                "CredentialsLoginRequest": CredentialsLoginRequest,
-                "JWTToken": JWTToken,
+                "UserCredentials": UserCredentials,
                 "LoginRequest": LoginRequest,
                 "LoginResponse": LoginResponse,
-                "LogoutRequest": LogoutRequest,
                 "User": User,
             }
 
@@ -169,7 +169,6 @@ class RagbitsChatModelProvider:
                 "ServerState",
                 "FeedbackItem",
                 "Image",
-                "JWTToken",
                 "User",
                 "MessageUsage",
                 "Task",
@@ -192,16 +191,19 @@ class RagbitsChatModelProvider:
                 "UserSettings",
                 "FeedbackConfig",
                 "AuthenticationConfig",
+                "OAuth2ProviderConfig",
             ],
             "responses": [
                 "FeedbackResponse",
                 "ConfigResponse",
                 "LoginResponse",
+                "OAuth2AuthorizeResponse",
             ],
             "requests": [
                 "ChatRequest",
                 "FeedbackRequest",
-                "CredentialsLoginRequest",
+                "UserCredentials",
+                "OAuth2Credentials",
                 "LoginRequest",
                 "LogoutRequest",
             ],

ragbits/chat/ui-build/assets/AuthGuard-Bq7UOJ7y.js

@@ -0,0 +1 @@
+import{r as h,j as t,aW as i,aE as p,c as b,bo as f,bp as l,bq as d,br as j,bs as S}from"./index-BZLU40Mk.js";import{a as r}from"./authStore-BfGlL8rp.js";import{u as m}from"./useInitializeUserStore-DyHP7g8x.js";const v=h.createContext(null);function y({children:e}){const[a]=h.useState(()=>r);return t.jsx(v.Provider,{value:a,children:e})}function A(){const{logout:e,login:a,setHydrated:c}=i(r,x=>x),u=m(),n=p(),s=b("/api/user"),g=f();return h.useEffect(()=>{(async()=>{try{const o=await s.call();o?(a(o),u(o.user_id),g.pathname==="/login"&&n("/")):e()}catch(o){console.error("Failed to check session:",o),e(),n("/login")}finally{c()}})()},[]),null}function z({children:e}){const a=f(),c=i(r,s=>s.isAuthenticated),u=i(r,s=>s.hasHydrated),n=i(r,s=>s.logout);return u?a.pathname==="/login"?t.jsx(l,{baseUrl:d,auth:{credentials:"include"},children:e}):c?t.jsx(y,{children:t.jsx(l,{baseUrl:d,auth:{onUnauthorized:n,credentials:"include"},children:e})}):t.jsx(S,{to:"/login",replace:!0}):t.jsxs(l,{baseUrl:d,auth:{credentials:"include"},children:[t.jsx(A,{}),t.jsx(j,{})]})}export{z as default};