reyserver 1.1.58__py3-none-any.whl → 1.1.59__py3-none-any.whl

reyserver/rauth.py

@@ -9,14 +9,18 @@
 """
 
 
-from typing import Any, Literal
+from typing import Any, TypedDict, NotRequired, Literal
 from datetime import datetime as Datetime
+from re import PatternError
 from fastapi import APIRouter, Request
+from fastapi.params import Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from reydb import rorm, DatabaseEngine, DatabaseEngineAsync
-from reykit.rdata import encode_jwt, is_hash_bcrypt
+from reykit.rdata import encode_jwt, decode_jwt, is_hash_bcrypt
+from reykit.rre import search_batch
 from reykit.rtime import now
 
-from .rbase import ServerConfig, Bind, exit_api
+from .rbase import Bind, exit_api
 
 
 __all__ = (
@@ -30,6 +34,34 @@ __all__ = (
 )
 
 
+UserInfo = TypedDict(
+        'UserInfo',
+        {
+            'create_time': float,
+            'udpate_time': float,
+            'user_id': int,
+            'user_name': str,
+            'role_names': list[str],
+            'perm_names': list[str],
+            'perm_apis': list[str],
+            'email': str | None,
+            'phone': str | None,
+            'avatar': int | None,
+            'password': NotRequired[str]
+        }
+    )
+Token = TypedDict(
+    'Token',
+    {
+        'sub': int,
+        'iat': int,
+        'nbf': int,
+        'exp': int,
+        'user': UserInfo
+    }
+)
+
+
 class DatabaseORMTableUser(rorm.Table):
     """
     Database `user` table ORM model.
@@ -202,40 +234,50 @@ def build_auth_db(engine: DatabaseEngine | DatabaseEngineAsync) -> None:
 auth_router = APIRouter()
 
 
-@auth_router.post('/sessions')
-async def create_sessions(
-    account: str = Bind.i.body,
-    password: str = Bind.i.body,
-    account_type: Literal['name', 'email', 'phone'] = Bind.Body('name'),
-    conn: Bind.Conn = Bind.conn.auth
-) -> dict:
+async def get_user_info(
+    conn: Bind.Conn,
+    account: str,
+    account_type: Literal['name', 'email', 'phone'],
+    filter_invalid: bool = True
+) -> UserInfo | None:
     """
-    Create session.
+    Get user information.
 
     Parameters
     ----------
-    account : User account, name or email or phone.
-    password : User password.
+    conn: Asyncronous database connection.
+    account : User account.
     account_type : User account type.
+        - `Literal['name']`: User name.
+        - `Literal['email']`: User Email.
+        - `Literal['phone']`: User phone mumber.
+    filter_invalid : Whether filter invalid user.
 
     Returns
     -------
-    JSON with `token`.
+    User information or null.
     """
 
-    # Parameter.
-    key = ServerConfig.server.api_auth_key
-    sess_seconds = ServerConfig.server.api_auth_sess_seconds
-
-    # Check.
+    # Parameters.
+    if filter_invalid:
+        sql_where = (
+            '    WHERE (\n'
+            f'        `{account_type}` = :account\n'
+            '        AND `is_valid` = 1\n'
+            '    )\n'
+        )
+    else:
+        sql_where = '    WHERE `{account_type}` = :account\n'
+
+    # Get.
     sql = (
         'SELECT ANY_VALUE(`create_time`) AS `create_time`,\n'
+        '    ANY_VALUE(`phone`) AS `phone`,\n'
         '    ANY_VALUE(`update_time`) AS `update_time`,\n'
         '    ANY_VALUE(`user`.`user_id`) AS `user_id`,\n'
         '    ANY_VALUE(`user`.`name`) AS `user_name`,\n'
         '    ANY_VALUE(`password`) AS `password`,\n'
         '    ANY_VALUE(`email`) AS `email`,\n'
-        '    ANY_VALUE(`phone`) AS `phone`,\n'
         '    ANY_VALUE(`avatar`) AS `avatar`,\n'
         "    GROUP_CONCAT(DISTINCT `role`.`name` SEPARATOR ';') AS `role_names`,\n"
         "    GROUP_CONCAT(DISTINCT `perm`.`name` SEPARATOR ';') AS `perm_names`,\n"
@@ -243,8 +285,7 @@ async def create_sessions(
         'FROM (\n'
         '    SELECT `create_time`, `update_time`, `user_id`, `password`, `name`, `email`, `phone`, `avatar`\n'
         '    FROM `test`.`user`\n'
-        f'    WHERE `{account_type}` = :account\n'
-        '    LIMIT 1\n'
+        f'{sql_where}'
         ') as `user`\n'
         'LEFT JOIN (\n'
         '    SELECT `user_id`, `role_id`\n'
@@ -262,7 +303,7 @@ async def create_sessions(
         ') as `role_perm`\n'
         'ON `role_perm`.`role_id` = `role`.`role_id`\n'
         'LEFT JOIN (\n'
-        "    SELECT `perm_id`, `name`, CONCAT(`method`, ':', `path`) as `api`\n"
+        "    SELECT `perm_id`, `name`, `api`\n"
         '    FROM `test`.`perm`\n'
         ') AS `perm`\n'
         'ON `role_perm`.`perm_id` = `perm`.`perm_id`\n'
@@ -273,34 +314,136 @@ async def create_sessions(
         account=account
     )
 
-    # Check.
+    # Extract.
     if result.empty:
+        info = None
+    else:
+        row: dict[str, Datetime | Any] = result.to_row()
+        info: UserInfo = {
+            'create_time': row['create_time'].timestamp(),
+            'udpate_time': row['update_time'].timestamp(),
+            'user_id': row['user_id'],
+            'user_name': row['user_name'],
+            'role_names': row['role_names'].split(';'),
+            'perm_names': row['perm_names'].split(';'),
+            'perm_apis': row['perm_apis'].split(';'),
+            'email': row['email'],
+            'phone': row['phone'],
+            'avatar': row['avatar'],
+            'password': row['password']
+        }
+
+    return info
+
+
+@auth_router.post('/sessions')
+async def create_sessions(
+    account: str = Bind.i.body,
+    password: str = Bind.i.body,
+    account_type: Literal['name', 'email', 'phone'] = Bind.Body('name'),
+    conn: Bind.Conn = Bind.conn.auth,
+    server: Bind.Server = Bind.server
+) -> dict:
+    """
+    Create session.
+
+    Parameters
+    ----------
+    account : User account.
+    password : User password.
+    account_type : User account type.
+        - `Literal['name']`: User name.
+        - `Literal['email']`: User Email.
+        - `Literal['phone']`: User phone mumber.
+
+    Returns
+    -------
+    JSON with `token`.
+    """
+
+    # Parameter.
+    key = server.api_auth_key
+    sess_seconds = server.api_auth_sess_seconds
+
+    # User information.
+    info = await get_user_info(conn, account, account_type)
+
+    # Check.
+    if info is None:
         exit_api(401)
-    json: dict[str, Datetime | Any] = result.to_row()
-    if not is_hash_bcrypt(password, json['password']):
+    password_hash = info.pop('password')
+    if not is_hash_bcrypt(password, password_hash):
         exit_api(401)
 
     # JWT.
     now_timestamp_s = now('timestamp_s')
-    json['sub'] = json.pop('user_id')
-    json['iat'] = now_timestamp_s
-    json['nbf'] = now_timestamp_s
-    json['exp'] = now_timestamp_s + sess_seconds
-    json['role_names'] = json['role_names'].split(';')
-    json['perm_names'] = json['perm_names'].split(';')
-    perm_apis: list[str] = json['perm_apis'].split(';')
-    perm_api_dict = {}
-    for perm_api in perm_apis:
-        method, path = perm_api.split(':', 1)
-        paths: list = perm_api_dict.setdefault(method, [])
-        paths.append(path)
-    json['perm_apis'] = perm_api_dict
-    json['create_time'] = json['create_time'].timestamp()
-    json['update_time'] = json['update_time'].timestamp()
-    token = encode_jwt(json, key)
-    data = {'token': token}
-
-    return data
-
-
-def has_auth(request: Request) -> bool: ...
+    user_id = info.pop('user_id')
+    data: Token = {
+        'sub': str(user_id),
+        'iat': now_timestamp_s,
+        'nbf': now_timestamp_s,
+        'exp': now_timestamp_s + sess_seconds,
+        'user': info
+    }
+    token = encode_jwt(data, key)
+    response = {'token': token}
+
+    return response
+
+
+bearer = HTTPBearer(
+    scheme_name='RBACBearer',
+    description='Global authentication of based on RBAC model and Bearer framework.',
+    bearerFormat='JWT standard.',
+    auto_error=False
+)
+
+
+async def depend_auth(
+    request: Request,
+    server: Bind.Server = Bind.server,
+    auth: HTTPAuthorizationCredentials | None = Depends(bearer)
+) -> None:
+    """
+    Dependencie function of authentication.
+
+    Parameters
+    ----------
+    request : Request.
+    server : Server.
+    auth : Authentication.
+    """
+
+    # Check.
+    api_path = f'{request.method} {request.url.path}'
+    if (
+        not server.is_started_auth
+        or api_path == 'POST /sessions'
+    ):
+        return
+    if auth is None:
+        exit_api(401)
+
+    # Parameter.
+    key = server.api_auth_key
+    token = auth.credentials
+
+    # Decode.
+    token = decode_jwt(token, key)
+    if token is None:
+        exit_api(401)
+    token: Token
+    request.state.token = token
+
+    # Check.
+    perm_apis = token['user']['perm_apis']
+    perm_apis = [
+        f'^{pattern}$'
+        for pattern in perm_apis
+    ]
+    try:
+        result = search_batch(api_path, *perm_apis)
+    except PatternError:
+        exit_api(403)
+    if result is None:
+        exit_api(403)

reyserver/rbase.py

@@ -9,8 +9,9 @@
 """
 
 
-from typing import NoReturn, overload
+from typing import Type, NoReturn, overload
 from http import HTTPStatus
+from fastapi import FastAPI
 from fastapi import HTTPException, Request, UploadFile as File
 from fastapi.params import (
     Depends,
@@ -24,14 +25,13 @@ from fastapi.params import (
 )
 from reydb.rconn import DatabaseConnectionAsync
 from reydb.rorm import DatabaseORMModel, DatabaseORMSessionAsync
-from reykit.rbase import Base, Exit, StaticMeta, ConfigMeta, Singleton, throw
+from reykit.rbase import Base, Exit, StaticMeta, Singleton, throw
 
 from . import rserver
 
 
 __all__ = (
     'ServerBase',
-    'ServerConfig',
     'ServerExit',
     'ServerExitAPI',
     'exit_api',
@@ -50,15 +50,6 @@ class ServerBase(Base):
     """
 
 
-class ServerConfig(ServerBase, metaclass=ConfigMeta):
-    """
-    Config type.
-    """
-
-    server: 'rserver.Server'
-    'Server instance.'
-
-
 class ServerExit(ServerBase, Exit):
     """
     Server exit type.
@@ -116,13 +107,13 @@ class ServerBindInstanceDatabaseSuper(ServerBase):
         """
 
 
-        async def depend_func():
+        async def depend_func(server: Bind.Server = Bind.server):
             """
             Dependencie function of asynchronous database.
             """
 
             # Parameter.
-            engine = ServerConfig.server.db[name]
+            engine = server.db[name]
 
             # Context.
             match self:
@@ -320,6 +311,26 @@ class ServerBindInstance(ServerBase, Singleton):
         return forms
 
 
+async def depend_server(request: Request) -> 'rserver.Server':
+    """
+    Dependencie function of now Server instance.
+
+    Parameters
+    ----------
+    request : Request.
+
+    Returns
+    -------
+    Server.
+    """
+
+    # Get.
+    app: FastAPI = request.app
+    server = app.extra['server']
+
+    return server
+
+
 class ServerBind(ServerBase, metaclass=StaticMeta):
     """
     Server API bind parameter type.
@@ -338,6 +349,8 @@ class ServerBind(ServerBase, metaclass=StaticMeta):
     JSON = DatabaseORMModel
     Conn = DatabaseConnectionAsync
     Sess = DatabaseORMSessionAsync
+    Server = Type['rserver.Server']
+    server = Depends(depend_server)
     i = ServerBindInstance()
     conn = ServerBindInstanceDatabaseConnection()
     sess = ServerBindInstanceDatabaseSession()

reyserver/rfile.py

@@ -14,7 +14,7 @@ from fastapi.responses import FileResponse
 from reydb import rorm, DatabaseEngine, DatabaseEngineAsync
 from reykit.ros import FileStore, get_md5
 
-from .rbase import ServerConfig, Bind, exit_api
+from .rbase import Bind, exit_api
 
 
 __all__ = (
@@ -212,7 +212,8 @@ async def upload_file(
     file: Bind.File = Bind.i.forms,
     name: str = Bind.i.forms_n,
     note: str = Bind.i.forms_n,
-    sess: Bind.Sess = Bind.sess.file
+    sess: Bind.Sess = Bind.sess.file,
+    server: Bind.Server = Bind.server
 ) -> DatabaseORMTableInfo:
     """
     Upload file.
@@ -229,7 +230,7 @@ async def upload_file(
     """
 
     # Handle parameter.
-    file_store = FileStore(ServerConfig.server.api_file_dir)
+    file_store = FileStore(server.api_file_dir)
     file_bytes = await file.read()
     file_md5 = get_md5(file_bytes)
     file_size = len(file_bytes)

reyserver/rserver.py

@@ -16,6 +16,7 @@ from contextlib import asynccontextmanager, _AsyncGeneratorContextManager
 from uvicorn import run as uvicorn_run
 from starlette.middleware.base import _StreamingResponse
 from fastapi import FastAPI, Request
+from fastapi.params import Depends
 from fastapi.staticfiles import StaticFiles
 from fastapi.middleware.gzip import GZipMiddleware
 from fastapi.middleware.httpsredirect import HTTPSRedirectMiddleware
@@ -23,7 +24,7 @@ from reydb import rorm, DatabaseAsync, DatabaseEngineAsync
 from reykit.rbase import CoroutineFunctionSimple, Singleton, throw
 from reykit.rrand import randchar
 
-from .rbase import ServerBase, ServerConfig, Bind
+from .rbase import ServerBase, Bind
 from . import radmin
 
 
@@ -68,6 +69,8 @@ class Server(ServerBase, Singleton):
         debug : Whether use development mode debug server.
         """
 
+        from .rauth import depend_auth
+
         # Parameter.
         if type(ssl_cert) != type(ssl_key):
             throw(AssertionError, ssl_cert, ssl_key)
@@ -76,13 +79,14 @@ class Server(ServerBase, Singleton):
         elif iscoroutinefunction(depend):
             depend = (depend,)
         depend = [
+            Bind.Depend(depend_auth)
+        ] + [
             Bind.Depend(task)
             for task in depend
         ]
         lifespan = self.__create_lifespan(before, after, db_warm)
 
         # Build.
-        ServerConfig.server = self
         self.db = db
         self.ssl_cert = ssl_cert
         self.ssl_key = ssl_key
@@ -91,7 +95,8 @@ class Server(ServerBase, Singleton):
         self.app = FastAPI(
             dependencies=depend,
             lifespan=lifespan,
-            debug=debug
+            debug=debug,
+            server=self
         )
 
         if public is not None:
@@ -107,6 +112,8 @@ class Server(ServerBase, Singleton):
         self.__add_default_middleware()
 
         # API.
+        self.is_started_auth: bool = False
+        'Whether start authentication.'
         self.api_auth_key: str
         'Authentication API JWT encryption key.'
         self.api_auth_sess_seconds: int
@@ -185,7 +192,7 @@ class Server(ServerBase, Singleton):
 
         # Add.
         @self.wrap_middleware
-        async def foo(
+        async def middleware(
             request: Request,
             call_next: Callable[[Request], Coroutine[None, None, _StreamingResponse]]
         ) -> _StreamingResponse:
@@ -262,6 +269,16 @@ class Server(ServerBase, Singleton):
                 setattr(self.app, key, value)
 
 
+    def add_api_base(self) -> None:
+        """
+        Add base API.
+        """
+        from fastapi import Request
+        @self.app.get('/test')
+        async def test(request: Request) -> str:
+            return 'test'
+
+
     def add_api_admin(self) -> None:
         """
         Add admin API.
@@ -315,13 +332,14 @@ class Server(ServerBase, Singleton):
         """
 
         from .rauth import (
-            build_auth_db,
-            auth_router,
             DatabaseORMTableUser,
             DatabaseORMTableRole,
             DatabaseORMTablePerm,
             DatabaseORMTableUserRole,
-            DatabaseORMTableRolePerm
+            DatabaseORMTableRolePerm,
+            build_auth_db,
+            auth_router,
+            depend_auth
         )
 
         # Parameter.
@@ -338,6 +356,7 @@ class Server(ServerBase, Singleton):
         self.api_auth_key = key
         self.api_auth_sess_seconds = sess_seconds
         self.app.include_router(auth_router, tags=['auth'])
+        self.is_started_auth = True
 
         ## Admin.
         self.add_admin_model(DatabaseORMTableUser, engine, category='auth', name='User', column_list=['user_id', 'name'])

{reyserver-1.1.58.dist-info → reyserver-1.1.59.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: reyserver
-Version: 1.1.58
+Version: 1.1.59
 Summary: Backend server method set.
 Project-URL: homepage, https://github.com/reyxbo/reyserver/
 Author-email: Rey <reyxbo@163.com>

reyserver-1.1.59.dist-info/RECORD

@@ -0,0 +1,12 @@
+reyserver/__init__.py,sha256=Oq-lOcQInzhgKt1_4OB2jNx0OO2d9qZg9iZqUx6YRr8,398
+reyserver/radmin.py,sha256=Hwy8QsiQOyK2YP7abcS22IbRKB7sgcDGPHQ2-mHtf-8,3269
+reyserver/rall.py,sha256=MI1NnqUpq22CK9w3XPPBS0K8lNuf0BnbI0pn4MGMx38,293
+reyserver/rauth.py,sha256=irnwf1_OSOjB9fB7VBWY5RvpetPX2ydivMt_teXmDVs,15079
+reyserver/rbase.py,sha256=kzSbo6yoPlWquR6XiseTKi5hEbllaG3qVmmwnnKKac0,6898
+reyserver/rclient.py,sha256=Ffm66YuWupzEtQ6RqEm2KCc6jSF8JeMB7Xq6pzRFZ6M,5073
+reyserver/rfile.py,sha256=0wS-ohsAOGcSCg07U66wpqJlxnCLWN6gkEQJK4qavWQ,8877
+reyserver/rserver.py,sha256=mjc-SeE2RZZwB5Z1nUSMo_VMign3VcftIK1Kv7XIne8,11484
+reyserver-1.1.59.dist-info/METADATA,sha256=oJNACNqqErBtx9jcDkkGRQoTyDaFT-T5tnfbEkVm-6E,1666
+reyserver-1.1.59.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+reyserver-1.1.59.dist-info/licenses/LICENSE,sha256=UYLPqp7BvPiH8yEZduJqmmyEl6hlM3lKrFIefiD4rvk,1059
+reyserver-1.1.59.dist-info/RECORD,,

reyserver-1.1.58.dist-info/RECORD

@@ -1,12 +0,0 @@
-reyserver/__init__.py,sha256=Oq-lOcQInzhgKt1_4OB2jNx0OO2d9qZg9iZqUx6YRr8,398
-reyserver/radmin.py,sha256=Hwy8QsiQOyK2YP7abcS22IbRKB7sgcDGPHQ2-mHtf-8,3269
-reyserver/rall.py,sha256=MI1NnqUpq22CK9w3XPPBS0K8lNuf0BnbI0pn4MGMx38,293
-reyserver/rauth.py,sha256=5zQwi7eGjhHD2BHGQDQclLCn3HHg646Q4Cp2Bt6i3uc,11701
-reyserver/rbase.py,sha256=_bP_suBPF7dLd4RNKn96-X4ZAEx3vAjMS6vnheCokU4,6617
-reyserver/rclient.py,sha256=Ffm66YuWupzEtQ6RqEm2KCc6jSF8JeMB7Xq6pzRFZ6M,5073
-reyserver/rfile.py,sha256=CH2uJbBNmBH9ISDirn1LWL5wsjGW5xjB9ZIrdc5UzL0,8864
-reyserver/rserver.py,sha256=9-bhgVn_XZ6bvBl4GLdGkUs4UR1TSG08WC3F6ETQo7M,10986
-reyserver-1.1.58.dist-info/METADATA,sha256=l98QLYqG9iBeisPA5SgdMpu-aEZll2tWYnG4u7lCgfM,1666
-reyserver-1.1.58.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-reyserver-1.1.58.dist-info/licenses/LICENSE,sha256=UYLPqp7BvPiH8yEZduJqmmyEl6hlM3lKrFIefiD4rvk,1059
-reyserver-1.1.58.dist-info/RECORD,,