secureapi 0.1.0__tar.gz

secureapi-0.1.0/LICENSE

@@ -0,0 +1,5 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge...

secureapi-0.1.0/PKG-INFO

@@ -0,0 +1,21 @@
+Metadata-Version: 2.4
+Name: secureapi
+Version: 0.1.0
+Summary: A package for secure API access control.
+Author-email: Your Name <your.email@example.com>
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pyyaml
+Provides-Extra: django
+Requires-Dist: django; extra == "django"
+Requires-Dist: djangorestframework; extra == "django"
+Provides-Extra: fastapi
+Requires-Dist: fastapi; extra == "fastapi"
+Provides-Extra: flask
+Requires-Dist: flask; extra == "flask"
+Dynamic: license-file
+
+# secureapi
+
+Secure API access control library.

secureapi-0.1.0/README.md

@@ -0,0 +1,3 @@
+# secureapi
+
+Secure API access control library.

secureapi-0.1.0/pyproject.toml

@@ -0,0 +1,25 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "secureapi"
+version = "0.1.0"
+description = "A package for secure API access control."
+authors = [
+    { name="Your Name", email="your.email@example.com" }
+]
+readme = "README.md"
+requires-python = ">=3.8"
+dependencies = [
+    "pyyaml",
+]
+
+[project.optional-dependencies]
+django = ["django", "djangorestframework"]
+fastapi = ["fastapi"]
+flask = ["flask"]
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["secureapi*"]

secureapi-0.1.0/secureapi/__init__.py

@@ -0,0 +1 @@
+# secureapi package

secureapi-0.1.0/secureapi/config/loader.py

@@ -0,0 +1,17 @@
+from secureapi.core.engine import SecureEngine
+from secureapi.core.policy import PolicyLoader
+
+
+_engine = None
+
+def get_engine():
+    global _engine
+
+    if _engine is None:
+        _engine = SecureEngine(
+            policy_loader=PolicyLoader(),
+            role_resolver=default_role_resolver,
+            resource_resolver=default_resource_resolver,
+        )
+
+    return _engine

secureapi-0.1.0/secureapi/core/context.py

@@ -0,0 +1,7 @@
+class RequestContext:
+    def __init__(self, user, resource, action, resource_id, tenant_id):
+        self.user = user
+        self.resource = resource
+        self.action = action
+        self.resource_id = resource_id
+        self.tenant_id = tenant_id

secureapi-0.1.0/secureapi/core/engine.py

@@ -0,0 +1,36 @@
+class SecureEngine:
+    def __init__(self, policy_loader, role_resolver, resource_resolver):
+        self.policy_loader = policy_loader
+        self.role_resolver = role_resolver
+        self.resource_resolver = resource_resolver
+
+    def authorize(self, context):
+        user = context.user
+        resource = context.resource
+        action = context.action
+        resource_id = context.resource_id
+        tenant_id = context.tenant_id
+
+        # Step 1: Get role
+        role = self.role_resolver(user, tenant_id)
+
+        # Step 2: Get policy
+        allowed_roles = self.policy_loader(resource, action)
+
+        if role not in allowed_roles:
+            raise Exception(f"Role '{role}' not allowed")
+
+        # Step 3: Fetch object
+        obj = self.resource_resolver(resource, resource_id)
+
+        # Step 4: Tenant check
+        if hasattr(obj, "tenant_id") and obj.tenant_id != tenant_id:
+            raise Exception("Cross-tenant access denied")
+
+        # Step 5: Ownership check
+        if "owner" in allowed_roles:
+            if hasattr(obj, "created_by_id"):
+                if obj.created_by_id != user.id and role != "admin":
+                    raise Exception("Not owner")
+
+        return True

secureapi-0.1.0/secureapi/core/exceptions.py

@@ -0,0 +1 @@
+"""Custom exceptions used by the core engine."""

secureapi-0.1.0/secureapi/core/policy.py

@@ -0,0 +1,9 @@
+import yaml
+
+class PolicyLoader:
+    def __init__(self, path="secureapi.yaml"):
+        with open(path) as f:
+            self.policies = yaml.safe_load(f)
+
+    def __call__(self, resource, action):
+        return self.policies.get(resource, {}).get(action, [])

secureapi-0.1.0/secureapi/core/validator.py

@@ -0,0 +1 @@
+"""Validation utilities for secure API rules."""

secureapi-0.1.0/secureapi/integrations/django/middleware.py

@@ -0,0 +1 @@
+"""Django middleware integration."""

secureapi-0.1.0/secureapi/integrations/django/permission.py

@@ -0,0 +1,41 @@
+from rest_framework.permissions import BasePermission
+from secureapi.core.engine import SecureEngine
+from secureapi.core.context import RequestContext
+from secureapi.config.loader import get_engine
+
+
+class SecurePermission(BasePermission):
+    def has_permission(self, request, view):
+        return True  # allow, actual check in object level
+
+    def has_object_permission(self, request, view, obj):
+        engine = get_engine()
+
+        resource = view.basename  # e.g., "form"
+        action = self.map_method(request.method)
+
+        context = RequestContext(
+            user=request.user,
+            resource=resource,
+            action=action,
+            resource_id=obj.id,
+            tenant_id=self.get_tenant(request),
+        )
+
+        try:
+            engine.authorize(context)
+            return True
+        except Exception as e:
+            return False
+
+    def map_method(self, method):
+        return {
+            "GET": "read",
+            "POST": "create",
+            "PUT": "update",
+            "PATCH": "update",
+            "DELETE": "delete",
+        }.get(method, "read")
+
+    def get_tenant(self, request):
+        return request.headers.get("X-Tenant-ID")

secureapi-0.1.0/secureapi/integrations/fastapi/dependency.py

@@ -0,0 +1,23 @@
+from fastapi import Depends, HTTPException
+from secureapi.core.context import RequestContext
+from secureapi.config.loader import get_engine
+
+
+def secure_dependency(resource, action):
+    def wrapper(user=Depends(get_current_user), tenant_id=None, resource_id=None):
+        engine = get_engine()
+
+        context = RequestContext(
+            user=user,
+            resource=resource,
+            action=action,
+            resource_id=resource_id,
+            tenant_id=tenant_id,
+        )
+
+        try:
+            engine.authorize(context)
+        except Exception as e:
+            raise HTTPException(status_code=403, detail=str(e))
+
+    return wrapper

secureapi-0.1.0/secureapi/integrations/flask/decorator.py

@@ -0,0 +1,32 @@
+from functools import wraps
+from flask import request, jsonify
+from secureapi.core.context import RequestContext
+from secureapi.config.loader import get_engine
+
+
+def secure_endpoint(resource, action):
+    def decorator(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            engine = get_engine()
+
+            user = request.user
+            tenant_id = request.headers.get("X-Tenant-ID")
+            resource_id = kwargs.get(f"{resource}_id")
+
+            context = RequestContext(
+                user=user,
+                resource=resource,
+                action=action,
+                resource_id=resource_id,
+                tenant_id=tenant_id,
+            )
+
+            try:
+                engine.authorize(context)
+            except Exception as e:
+                return jsonify({"error": str(e)}), 403
+
+            return func(*args, **kwargs)
+        return wrapper
+    return decorator

secureapi-0.1.0/secureapi/utils/helpers.py

@@ -0,0 +1 @@
+"""General helper utilities."""

secureapi-0.1.0/secureapi.egg-info/PKG-INFO

@@ -0,0 +1,21 @@
+Metadata-Version: 2.4
+Name: secureapi
+Version: 0.1.0
+Summary: A package for secure API access control.
+Author-email: Your Name <your.email@example.com>
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pyyaml
+Provides-Extra: django
+Requires-Dist: django; extra == "django"
+Requires-Dist: djangorestframework; extra == "django"
+Provides-Extra: fastapi
+Requires-Dist: fastapi; extra == "fastapi"
+Provides-Extra: flask
+Requires-Dist: flask; extra == "flask"
+Dynamic: license-file
+
+# secureapi
+
+Secure API access control library.

secureapi-0.1.0/secureapi.egg-info/SOURCES.txt

@@ -0,0 +1,27 @@
+LICENSE
+README.md
+pyproject.toml
+secureapi/__init__.py
+secureapi.egg-info/PKG-INFO
+secureapi.egg-info/SOURCES.txt
+secureapi.egg-info/dependency_links.txt
+secureapi.egg-info/requires.txt
+secureapi.egg-info/top_level.txt
+secureapi/config/__init__.py
+secureapi/config/loader.py
+secureapi/core/__init__.py
+secureapi/core/context.py
+secureapi/core/engine.py
+secureapi/core/exceptions.py
+secureapi/core/policy.py
+secureapi/core/validator.py
+secureapi/integrations/__init__.py
+secureapi/integrations/django/__init__.py
+secureapi/integrations/django/middleware.py
+secureapi/integrations/django/permission.py
+secureapi/integrations/fastapi/__init__.py
+secureapi/integrations/fastapi/dependency.py
+secureapi/integrations/flask/__init__.py
+secureapi/integrations/flask/decorator.py
+secureapi/utils/__init__.py
+secureapi/utils/helpers.py

secureapi-0.1.0/secureapi.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

secureapi-0.1.0/secureapi.egg-info/requires.txt

@@ -0,0 +1,11 @@
+pyyaml
+
+[django]
+django
+djangorestframework
+
+[fastapi]
+fastapi
+
+[flask]
+flask

secureapi-0.1.0/secureapi.egg-info/top_level.txt

@@ -0,0 +1 @@
+secureapi

secureapi-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+