PyPI - service_packages - Versions diffs - 4.0.22__py3-none-any.whl - Mend

service_packages 4.0.22__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

auth/__init__.py +4 -0
auth/api/__init__.py +18 -0
auth/api/account_controller.py +120 -0
auth/api/e2e_controller.py +16 -0
auth/api/permission_controller.py +50 -0
auth/api/role_controller.py +50 -0
auth/api/user_controller.py +55 -0
auth/factories.py +19 -0
auth/fixtures.yaml +3 -0
auth/guards.py +9 -0
auth/loaders.py +30 -0
auth/middleware.py +43 -0
auth/models/__init__.py +16 -0
auth/models/auth_code_model.py +10 -0
auth/models/permission_model.py +8 -0
auth/models/role_model.py +14 -0
auth/models/role_permission_model.py +10 -0
auth/models/user_model.py +18 -0
auth/models/user_role_model.py +10 -0
auth/plugin.py +50 -0
auth/services/__init__.py +45 -0
auth/services/auth_service.py +309 -0
auth/services/permission_service.py +18 -0
auth/services/role_service.py +21 -0
auth/services/user_service.py +21 -0
core/cli.py +10 -0
core/database.py +16 -0
core/mail.py +31 -0
core/openapi.py +26 -0
core/settings.py +46 -0
core/storage.py +54 -0
service_packages-4.0.22.dist-info/METADATA +63 -0
service_packages-4.0.22.dist-info/RECORD +35 -0
service_packages-4.0.22.dist-info/WHEEL +4 -0
service_packages-4.0.22.dist-info/licenses/LICENSE.txt +19 -0

auth/__init__.py ADDED Viewed

@@ -0,0 +1,4 @@
+from .api import auth_router
+from .plugin import AuthPlugin
+__all__ = ["auth_router", "AuthPlugin"]

auth/api/__init__.py ADDED Viewed

@@ -0,0 +1,18 @@
+from litestar import Router
+from .account_controller import AccountController
+from .permission_controller import PermissionController
+from .role_controller import RoleController
+from .user_controller import UserController
+auth_router = Router(
+    path="/api/auth",
+    route_handlers=[
+        UserController,
+        RoleController,
+        PermissionController,
+        AccountController,
+    ],
+)
+__all__ = ["auth_router"]

auth/api/account_controller.py ADDED Viewed

@@ -0,0 +1,120 @@
+from typing import Any
+from uuid import UUID
+from litestar import Controller, Request, get, post
+from litestar.datastructures import State
+from litestar.di import Provide
+from litestar.exceptions import HTTPException
+from litestar.status_codes import HTTP_400_BAD_REQUEST
+import msgspec
+from auth.services import (
+    AuthService,
+    AccountDTO,
+    LoginRequestDTO,
+    LogoutRequestDTO,
+    SignUpRequestDTO,
+    UserNotEnabledError,
+    provide_auth_service,
+    provide_user_service,
+    InvalidEmailError,
+    InvalidPasswordError,
+)
+from auth.services.auth_service import AccountUserDTO
+class SignUpRequestScheme(msgspec.Struct):
+    email: str
+    password: str
+class SignUpResponseScheme(msgspec.Struct):
+    message: str
+class LoginResponseScheme(AccountDTO): ...
+class ActivateAccountResponseScheme(AccountDTO): ...
+class LoginRequestScheme(msgspec.Struct):
+    email: str
+    password: str
+class ActivateAccountRequestScheme(msgspec.Struct):
+    code: str
+class AccountMeResponseScheme(msgspec.Struct):
+    session_id: UUID
+    user: AccountUserDTO
+class AccountController(Controller):
+    path = "/account"
+    dependencies = {
+        "user_service": Provide(provide_user_service),
+        "auth_service": Provide(provide_auth_service),
+    }
+    @get("/me")
+    async def account(self, request: Request[AccountDTO, Any, State]) -> AccountMeResponseScheme:
+        return AccountMeResponseScheme(session_id=request.user.session_id, user=request.user.user)
+    @post("/login", exclude_from_auth=True)
+    async def login(self, request: Request, data: LoginRequestScheme, auth_service: AuthService) -> LoginResponseScheme:
+        device = request.headers.get("User-Agent")
+        try:
+            login_user = await auth_service.login(
+                LoginRequestDTO(
+                    email=data.email,
+                    password=data.password,
+                    device=device,
+                )
+            )
+        except UserNotEnabledError:
+            raise HTTPException(f"User {data.email} is not enabled", status_code=HTTP_400_BAD_REQUEST)
+        except InvalidEmailError:
+            raise HTTPException(f"User with email {data.email} not found", status_code=HTTP_400_BAD_REQUEST)
+        except InvalidPasswordError:
+            raise HTTPException("Invalid password", status_code=HTTP_400_BAD_REQUEST)
+        return LoginResponseScheme(
+            token=login_user.token,
+            session_id=login_user.session_id,
+            user=login_user.user,
+        )
+    @post("/signup", exclude_from_auth=True)
+    async def sign_up(self, data: SignUpRequestScheme, auth_service: AuthService) -> SignUpResponseScheme:
+        await auth_service.signup(SignUpRequestDTO(email=data.email, password=data.password))
+        return SignUpResponseScheme(message="success")
+    @post("/logout")
+    async def logout(self, auth_service: AuthService, request: Request[AccountDTO, Any, State]) -> None:
+        await auth_service.logout(
+            LogoutRequestDTO(
+                user_id=request.user.user.id,
+                session_id=request.user.session_id,
+                device=request.headers.get("User-Agent"),
+            )
+        )
+    @post("/activate", exclude_from_auth=True)
+    async def activate(
+        self,
+        data: ActivateAccountRequestScheme,
+        auth_service: AuthService,
+        request: Request,
+    ) -> ActivateAccountResponseScheme:
+        device = request.headers.get("User-Agent")
+        activated_account = await auth_service.verify_user_email(data.code, device)
+        return ActivateAccountResponseScheme(
+            token=activated_account.token,
+            session_id=activated_account.session_id,
+            user=activated_account.user,
+        )

auth/api/e2e_controller.py ADDED Viewed

@@ -0,0 +1,16 @@
+from litestar import Controller, get
+import msgspec
+from auth.guards import is_debug_guard
+class E2EActivateCodeSchemeResponse(msgspec.Struct):
+    code: str
+class E2EController(Controller):
+    guards = [is_debug_guard]
+    path = "e2e"
+    @get('/activate-code')
+    async def get_activate_code(self) -> E2EActivateCodeSchemeResponse:
+        return E2EActivateCodeSchemeResponse(code='super code')

auth/api/permission_controller.py ADDED Viewed

@@ -0,0 +1,50 @@
+from typing import Annotated
+from advanced_alchemy.extensions.litestar.dto import SQLAlchemyDTO, SQLAlchemyDTOConfig
+from advanced_alchemy.extensions.litestar.providers import create_service_dependencies
+from advanced_alchemy.filters import FilterTypes
+from advanced_alchemy.service import OffsetPagination
+from litestar import delete, get, post
+from litestar.controller import Controller
+from litestar.params import Dependency
+import msgspec
+from ..models import PermissionModel
+from ..services import PermissionService
+class PermissionCreateRequest(msgspec.Struct):
+    name: str
+class PermissionDTO(SQLAlchemyDTO[PermissionModel]):
+    config = SQLAlchemyDTOConfig()
+class PermissionController(Controller):
+    dependencies = create_service_dependencies(
+        PermissionService,
+        key="service",
+        filters={
+            "created_at": True,
+            "updated_at": True,
+        },
+    )
+    return_dto = PermissionDTO
+    @get(operation_id="ListPermissions", path="/permissions")
+    async def list_permissions(
+        self,
+        service: PermissionService,
+        filters: Annotated[list[FilterTypes], Dependency(skip_validation=True)],
+    ) -> OffsetPagination[PermissionModel]:
+        results, total = await service.list_and_count(*filters)
+        return service.to_schema(data=results, total=total, filters=filters)
+    @post(operation_id="CreatePermission", path="/permissions")
+    async def create_permission(self, service: PermissionService, data: PermissionCreateRequest) -> PermissionModel:
+        return await service.create(PermissionModel(**msgspec.to_builtins(data)), auto_commit=True)
+    @delete(operation_id="DeletePermission", path="/permissions/{item_id:str}")
+    async def delete_permission(self, service: PermissionService, item_id: str) -> None:
+        await service.delete(item_id, auto_commit=True)

auth/api/role_controller.py ADDED Viewed

@@ -0,0 +1,50 @@
+from typing import Annotated
+from advanced_alchemy.extensions.litestar.dto import SQLAlchemyDTO, SQLAlchemyDTOConfig
+from advanced_alchemy.extensions.litestar.providers import create_service_dependencies
+from advanced_alchemy.filters import FilterTypes
+from advanced_alchemy.service import OffsetPagination
+from litestar import delete, get, post
+from litestar.controller import Controller
+from litestar.params import Dependency
+import msgspec
+from ..models import RoleModel
+from ..services import RoleService
+class RoleCreateRequest(msgspec.Struct):
+    name: str
+class RoleDTO(SQLAlchemyDTO[RoleModel]):
+    config = SQLAlchemyDTOConfig()
+class RoleController(Controller):
+    dependencies = create_service_dependencies(
+        RoleService,
+        key="service",
+        filters={
+            "created_at": True,
+            "updated_at": True,
+        },
+    )
+    return_dto = RoleDTO
+    @get(operation_id="ListRoles", path="/roles")
+    async def list_roles(
+        self,
+        service: RoleService,
+        filters: Annotated[list[FilterTypes], Dependency(skip_validation=True)],
+    ) -> OffsetPagination[RoleModel]:
+        results, total = await service.list_and_count(*filters)
+        return service.to_schema(data=results, total=total, filters=filters)
+    @post(operation_id="CreateRole", path="/roles")
+    async def create_role(self, service: RoleService, data: RoleCreateRequest) -> RoleModel:
+        return await service.create(RoleModel(**msgspec.to_builtins(data)), auto_commit=True)
+    @delete(operation_id="DeleteRole", path="/roles/{item_id:str}")
+    async def delete_role(self, service: RoleService, item_id: str) -> None:
+        await service.delete(item_id, auto_commit=True)

auth/api/user_controller.py ADDED Viewed

@@ -0,0 +1,55 @@
+from typing import Annotated
+from advanced_alchemy.extensions.litestar.dto import SQLAlchemyDTO, SQLAlchemyDTOConfig
+from advanced_alchemy.extensions.litestar.providers import create_service_dependencies
+from advanced_alchemy.filters import FilterTypes
+from advanced_alchemy.service import OffsetPagination
+from litestar import delete, get, post
+from litestar.controller import Controller
+from litestar.params import Dependency
+import msgspec
+from ..models import UserModel
+from ..services import UserService
+class UserCreateRequest(msgspec.Struct):
+    email: str
+    password: str
+    is_email_verified: bool
+    is_enabled: bool
+class UserDTO(SQLAlchemyDTO[UserModel]):
+    config = SQLAlchemyDTOConfig(exclude={"password"})
+class UserController(Controller):
+    dependencies = create_service_dependencies(
+        UserService,
+        key="service",
+        filters={
+            "created_at": True,
+            "updated_at": True,
+            "sort_field": "email",
+            "search": "email",
+        },
+    )
+    return_dto = UserDTO
+    @get(operation_id="ListUsers", path="/users")
+    async def list_users(
+        self,
+        service: UserService,
+        filters: Annotated[list[FilterTypes], Dependency(skip_validation=True)],
+    ) -> OffsetPagination[UserModel]:
+        results, total = await service.list_and_count(*filters)
+        return service.to_schema(data=results, total=total, filters=filters)
+    @post(operation_id="CreateUser", path="/users")
+    async def create_user(self, service: UserService, data: UserCreateRequest) -> UserModel:
+        return await service.create(UserModel(**msgspec.to_builtins(data)), auto_commit=True)
+    @delete(operation_id="DeleteUser", path="/users/{item_id:str}")
+    async def delete_user(self, service: UserService, item_id: str) -> None:
+        await service.delete(item_id, auto_commit=True)

auth/factories.py ADDED Viewed

@@ -0,0 +1,19 @@
+from faker import Faker
+from polyfactory.factories.sqlalchemy_factory import SQLAlchemyFactory
+from polyfactory.fields import Use
+from .models import PermissionModel, RoleModel, UserModel
+faker = Faker()
+class UserFactory(SQLAlchemyFactory[UserModel]):
+    email = Use(faker.unique.email)
+class RoleFactory(SQLAlchemyFactory[RoleModel]):
+    name = Use(faker.unique.word)
+class PermissionFactory(SQLAlchemyFactory[PermissionModel]):
+    name = Use(faker.unique.word)

auth/fixtures.yaml ADDED Viewed

@@ -0,0 +1,3 @@
+users:
+  - email: admin@mail.com
+    password: password

auth/guards.py ADDED Viewed

@@ -0,0 +1,9 @@
+from litestar.connection import ASGIConnection
+from litestar.exceptions import HTTPException
+from litestar.handlers.base import BaseRouteHandler
+from litestar.status_codes import HTTP_403_FORBIDDEN
+def is_debug_guard(connection: ASGIConnection, _: BaseRouteHandler) -> None:
+    if not connection.app.debug:
+        raise HTTPException(detail="only in debug mode", status_code=HTTP_403_FORBIDDEN)

auth/loaders.py ADDED Viewed

@@ -0,0 +1,30 @@
+from typing import Any
+from auth.models import UserModel
+from auth.services import AuthService, PermissionService, RoleService, UserService
+class AuthLoader:
+    def __init__(
+        self,
+        user_service: UserService,
+        role_service: RoleService,
+        permission_service: PermissionService,
+    ):
+        self.user_service = user_service
+        self.role_service = role_service
+        self.permission_service = permission_service
+    async def load(self, data: dict[str, Any]):
+        await self.user_service.create_many(
+            [
+                UserModel(
+                    email=user["email"],
+                    password=AuthService.hash_password(user["password"]),
+                    is_enabled=True,
+                    is_email_verified=True,
+                )
+                for user in data.get("users", [])
+            ],
+            auto_commit=True,
+        )

auth/middleware.py ADDED Viewed

@@ -0,0 +1,43 @@
+from litestar.connection import ASGIConnection
+from litestar.exceptions import NotAuthorizedException
+from litestar.middleware import (
+    AbstractAuthenticationMiddleware,
+    AuthenticationResult,
+)
+from core.storage import Storage
+from .services import provide_auth_service, provide_user_service
+from .services.auth_service import TOKEN_PREFIX, AuthService
+class JWTAuthMiddleware(AbstractAuthenticationMiddleware):
+    async def authenticate_request(self, connection: ASGIConnection) -> AuthenticationResult:
+        auth_header = connection.headers.get("Authorization")
+        if not auth_header:
+            raise NotAuthorizedException()
+        token = auth_header.replace(f"{TOKEN_PREFIX} ", "")
+        auth_service: AuthService = await self._get_auth_service(connection)
+        return AuthenticationResult(
+            user=await auth_service.check_token(token, connection.headers.get("User-Agent")),
+            auth=token,
+        )
+    @staticmethod
+    async def _get_auth_service(connection: ASGIConnection) -> AuthService:
+        storage: Storage = await connection.app.dependencies.get("storage")()
+        db_session = await connection.app.dependencies.get("db_session")(
+            state=connection.app.state,
+            scope=connection.scope,
+        )
+        mail_client = await connection.app.dependencies.get("mail_client")()
+        user_service = await provide_user_service(db_session=db_session)
+        async for auth_service in provide_auth_service(
+            db_session=db_session,
+            mail_client=mail_client,
+            storage=storage,
+            user_service=user_service,
+        ):
+            return auth_service

auth/models/__init__.py ADDED Viewed

@@ -0,0 +1,16 @@
+from .role_permission_model import RolePermissionModel
+from .user_role_model import UserRoleModel
+from .auth_code_model import AuthCodeModel
+from .permission_model import PermissionModel
+from .role_model import RoleModel
+from .user_model import UserModel
+__all__ = [
+    "AuthCodeModel",
+    "RoleModel",
+    "PermissionModel",
+    "RolePermissionModel",
+    "UserModel",
+    "UserRoleModel",
+]

auth/models/auth_code_model.py ADDED Viewed

@@ -0,0 +1,10 @@
+from advanced_alchemy.base import UUIDAuditBase
+from sqlalchemy import ForeignKey
+from sqlalchemy.orm import Mapped, mapped_column
+class AuthCodeModel(UUIDAuditBase):
+    __tablename__ = "auth_codes"
+    code: Mapped[str] = mapped_column()
+    user_id = mapped_column(ForeignKey("users.id", ondelete="CASCADE"), unique=True)

auth/models/permission_model.py ADDED Viewed

@@ -0,0 +1,8 @@
+from advanced_alchemy.base import UUIDAuditBase
+from sqlalchemy.orm import Mapped, mapped_column
+class PermissionModel(UUIDAuditBase):
+    __tablename__ = "permissions"
+    name: Mapped[str] = mapped_column(unique=True)

auth/models/role_model.py ADDED Viewed

@@ -0,0 +1,14 @@
+from advanced_alchemy.base import UUIDAuditBase
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+class RoleModel(UUIDAuditBase):
+    __tablename__ = "roles"
+    name: Mapped[str] = mapped_column(unique=True)
+    users = relationship(
+        "UserModel",
+        secondary="users_roles",
+        back_populates="roles",
+        lazy="selectin",
+    )

auth/models/role_permission_model.py ADDED Viewed

@@ -0,0 +1,10 @@
+from advanced_alchemy.base import UUIDAuditBase
+from sqlalchemy import ForeignKey
+from sqlalchemy.orm import Mapped, mapped_column
+class RolePermissionModel(UUIDAuditBase):
+    __tablename__ = "roles_permissions"
+    role_id: Mapped[int] = mapped_column(ForeignKey("roles.id"), primary_key=True)
+    permission_id: Mapped[int] = mapped_column(ForeignKey("permissions.id"), primary_key=True)

auth/models/user_model.py ADDED Viewed

@@ -0,0 +1,18 @@
+from advanced_alchemy.base import UUIDAuditBase
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+class UserModel(UUIDAuditBase):
+    __tablename__ = "users"
+    email: Mapped[str] = mapped_column(unique=True)
+    password: Mapped[str]
+    is_email_verified: Mapped[bool]
+    is_enabled: Mapped[bool]
+    roles = relationship(
+        "RoleModel",
+        secondary="users_roles",
+        back_populates="users",
+        lazy="selectin",
+    )

auth/models/user_role_model.py ADDED Viewed

@@ -0,0 +1,10 @@
+from advanced_alchemy.base import UUIDAuditBase
+from sqlalchemy import ForeignKey
+from sqlalchemy.orm import Mapped, mapped_column
+class UserRoleModel(UUIDAuditBase):
+    __tablename__ = "users_roles"
+    role_id: Mapped[int] = mapped_column(ForeignKey("roles.id"), primary_key=True)
+    user_id: Mapped[int] = mapped_column(ForeignKey("users.id"), primary_key=True)

auth/plugin.py ADDED Viewed

@@ -0,0 +1,50 @@
+from pathlib import Path
+import click
+from click import Group
+from litestar.plugins import CLIPlugin
+import yaml
+from core.cli import coro
+from core.database import session_maker
+from core.mail import MailClient
+from core.settings import settings
+from .loaders import AuthLoader
+from .services import provide_permission_service, provide_role_service, provide_user_service
+class AuthPlugin(CLIPlugin):
+    def on_cli_init(self, cli: Group) -> None:
+        @cli.group(help="Manage auth, load data with ``load`` command")
+        @click.version_option(prog_name="auth")
+        def auth(): ...
+        @auth.command(help="load auth data")
+        @coro
+        async def load():
+            async with session_maker() as session:
+                click.echo("Loading auth data... ")
+                loader = AuthLoader(
+                    user_service=await provide_user_service(session),
+                    role_service=await provide_role_service(session),
+                    permission_service=await provide_permission_service(session),
+                )
+                with open(f"{Path(__file__).parent.resolve()}/fixtures.yaml") as f:
+                    data = yaml.safe_load(f)
+                    await loader.load(data)
+        @auth.command(help="load auth data")
+        @coro
+        async def clear():
+            async with session_maker() as session:
+                user_service = await provide_user_service(session)
+                await user_service.delete_where()
+                click.echo("Clear auth data")
+        @auth.command(help="Send test mail")
+        @click.argument("recipient")
+        def send_mail(recipient):
+            mail_controller = MailClient(settings.mail_config)
+            mail_controller.send([recipient], "test", "test")

auth/services/__init__.py ADDED Viewed

@@ -0,0 +1,45 @@
+from .auth_service import (
+    API_KEY_HEADER,
+    TOKEN_PREFIX,
+    AccountDTO,
+    AuthService,
+    DecodeTokenError,
+    InvalidEmailError,
+    InvalidPasswordError,
+    LoginRequestDTO,
+    LogoutRequestDTO,
+    SignUpRequestDTO,
+    UserNotEnabledError,
+    UserEmailNotVerifiedError,
+    WrongAuthCodeError,
+    provide_auth_service,
+)
+from .permission_service import PermissionService, provide_permission_service
+from .role_service import RoleService, provide_role_service
+from .user_service import UserService, provide_user_service
+__all__ = [
+    "UserService",
+    "AuthService",
+    "PermissionService",
+    "RoleService",
+    "AccountDTO",
+    "LogoutRequestDTO",
+    "LoginRequestDTO",
+    "SignUpRequestDTO",
+    # providers
+    "provide_user_service",
+    "provide_auth_service",
+    "provide_permission_service",
+    "provide_role_service",
+    # errors
+    "InvalidPasswordError",
+    "UserNotEnabledError",
+    "UserEmailNotVerifiedError",
+    "InvalidEmailError",
+    "DecodeTokenError",
+    "WrongAuthCodeError",
+    # constants
+    "API_KEY_HEADER",
+    "TOKEN_PREFIX",
+]

auth/services/auth_service.py ADDED Viewed

@@ -0,0 +1,309 @@
+import random
+from typing import Any, AsyncGenerator, List
+from uuid import UUID, uuid4
+import advanced_alchemy
+from advanced_alchemy.repository import SQLAlchemyAsyncRepository
+import bcrypt
+import jwt
+from litestar.exceptions import NotAuthorizedException
+import msgspec
+from nats.js.errors import KeyNotFoundError
+from sqlalchemy.ext.asyncio import AsyncSession
+from core.mail import MailClient
+from core.settings import settings
+from core.storage import Storage
+from ..models import AuthCodeModel, UserModel
+from .user_service import UserService
+__all__ = [
+    "UserService",
+    "AuthService",
+    "LoginRequestDTO",
+    "LogoutRequestDTO",
+    "SignUpRequestDTO",
+    "AccountCacheDTO",
+    "AccountCacheSessionDTO",
+    "provide_auth_service",
+    "InvalidPasswordError",
+    "InvalidEmailError",
+    "DecodeTokenError",
+    "UserNotEnabledError",
+    "UserEmailNotVerifiedError",
+    "API_KEY_HEADER",
+    "TOKEN_PREFIX",
+    "AccountDTO",
+    "WrongAuthCodeError",
+]
+API_KEY_HEADER = "Authorization"
+TOKEN_PREFIX = "Bearer"
+class InvalidPasswordError(Exception):
+    pass
+class InvalidEmailError(Exception):
+    pass
+class UserNotEnabledError(Exception):
+    pass
+class UserEmailNotVerifiedError(Exception):
+    pass
+class DecodeTokenError(Exception):
+    pass
+class WrongAuthCodeError(Exception):
+    pass
+class AccountRoleDTO(msgspec.Struct):
+    id: UUID
+    name: str
+class AccountUserDTO(msgspec.Struct):
+    id: UUID
+    email: str
+    is_email_verified: bool
+    is_enabled: bool
+    roles: list[AccountRoleDTO] = msgspec.field(default_factory=list)
+class AccountDTO(msgspec.Struct):
+    token: str
+    session_id: UUID
+    user: AccountUserDTO
+class TokenAccountDataDTO(msgspec.Struct):
+    session_id: UUID
+    user: AccountUserDTO
+class LoginRequestDTO(msgspec.Struct):
+    email: str
+    password: str
+    device: str
+class LogoutRequestDTO(msgspec.Struct):
+    user_id: UUID
+    session_id: UUID
+    device: str
+class SignUpRequestDTO(msgspec.Struct):
+    email: str
+    password: str
+class AccountCacheSessionDTO(msgspec.Struct):
+    device: str
+    session_id: UUID
+class AccountCacheDTO(msgspec.Struct):
+    sessions: list[AccountCacheSessionDTO]
+    user: AccountUserDTO
+class LoginResponseDTO(AccountDTO): ...
+class ActivateUserResponseDTO(AccountDTO): ...
+class AuthCodeRepository(SQLAlchemyAsyncRepository[AuthCodeModel]):
+    model_type = AuthCodeModel
+class AuthService:
+    def __init__(
+        self,
+        session: AsyncSession,
+        mail_client: MailClient,
+        storage: Storage,
+        user_service: UserService,
+    ):
+        self.session = session
+        self.mail_client = mail_client
+        self.storage = storage
+        self.user_service = user_service
+        self.auth_code_repository = AuthCodeRepository(session=session)
+    async def signup(self, user: SignUpRequestDTO) -> AuthCodeModel:
+        signup_user = await self.user_service.create(
+            UserModel(
+                email=user.email,
+                password=self.hash_password(user.password),
+                is_email_verified=False,
+                is_enabled=True,
+            ),
+            auto_commit=True,
+        )
+        auth_code = await self.auth_code_repository.add(
+            AuthCodeModel(
+                user_id=signup_user.id,
+                code=self.generate_activate_code(),
+            ),
+            auto_commit=True,
+        )
+        self.mail_client.send([user.email], "Sign up", auth_code.code)
+        return auth_code
+    async def verify_user_email(self, code: str, device: str) -> LoginResponseDTO:
+        auth_code = await self.auth_code_repository.get_one_or_none(AuthCodeModel.code == code)
+        if not auth_code:
+            raise WrongAuthCodeError
+        user = await self.user_service.update(
+            UserModel(id=auth_code.user_id, is_enabled=True, is_email_verified=True),
+            auto_commit=True,
+        )
+        return await self._add_account_session(user, device)
+    async def login(self, login_data: LoginRequestDTO) -> LoginResponseDTO:
+        try:
+            login_user = await self.user_service.get_one(UserModel.email == login_data.email)
+        except advanced_alchemy.exceptions.NotFoundError:
+            raise InvalidEmailError(f"Email {login_data.email} not found")
+        if not login_user.is_enabled:
+            raise UserNotEnabledError(f"User {login_data.email} not enabled")
+        if not login_user.is_email_verified:
+            raise UserEmailNotVerifiedError(f"User {login_data.email} not verified")
+        if not self._check_password(login_data.password, login_user.password):
+            raise InvalidPasswordError
+        return await self._add_account_session(login_user, login_data.device)
+    async def _add_account_session(self, user: UserModel, device: str) -> LoginResponseDTO:
+        login_session = AccountCacheSessionDTO(
+            session_id=uuid4(),
+            device=device,
+        )
+        account_user = AccountUserDTO(
+            id=user.id,
+            email=user.email,
+            is_email_verified=user.is_email_verified,
+            is_enabled=user.is_enabled,
+            roles=[AccountRoleDTO(id=role.id, name=role.name) for role in user.roles],
+        )
+        try:
+            cached_account = await self.storage.get("sessions", str(user.id), model_type=AccountCacheDTO)
+            cached_account.sessions.append(login_session)
+        except KeyNotFoundError:
+            cached_account = AccountCacheDTO(user=account_user, sessions=[login_session])
+        jwt_token = self.encode_token(
+            TokenAccountDataDTO(
+                session_id=login_session.session_id,
+                user=account_user,
+            )
+        )
+        await self.storage.save("sessions", str(cached_account.user.id), cached_account)
+        return LoginResponseDTO(
+            token=jwt_token,
+            session_id=login_session.session_id,
+            user=account_user,
+        )
+    async def start_reset_password(self, user_id: UUID):
+        raise NotImplementedError()
+    async def logout(self, logout_request: LogoutRequestDTO) -> None:
+        cached_user = await self.storage.get("sessions", str(logout_request.user_id), model_type=AccountCacheDTO)
+        cached_user.sessions = [
+            session
+            for session in cached_user.sessions
+            if not (session.session_id == logout_request.session_id and session.device == logout_request.device)
+        ]
+        await self.storage.save("sessions", str(logout_request.user_id), cached_user)
+    async def check_token(self, token: str, user_agent: str) -> AccountDTO:
+        try:
+            account = await self.get_account(token)
+        except DecodeTokenError:
+            raise NotAuthorizedException("Decode token fail")
+        await self.check_session(account, user_agent)
+        return account
+    async def check_session(self, account: AccountDTO, device: str):
+        try:
+            cached_account = await self.storage.get("sessions", str(account.user.id), model_type=AccountCacheDTO)
+            for session in cached_account.sessions:
+                if session.session_id == account.session_id:
+                    if session.device != device:
+                        raise NotAuthorizedException("Wrong device")
+                    return
+            raise NotAuthorizedException("Session not found")
+        except KeyNotFoundError:
+            raise NotAuthorizedException()
+    @staticmethod
+    def _check_password(password: str, hashed_password: str) -> bool:
+        return bcrypt.checkpw(password.encode("utf-8"), hashed_password.encode("utf-8"))
+    @staticmethod
+    def hash_password(password: str) -> str:
+        return bcrypt.hashpw(password.encode("utf8"), bcrypt.gensalt()).decode("utf8")
+    async def get_account(self, token: str) -> AccountDTO:
+        try:
+            account_data = self.decode_token(token)
+            token_account_data = msgspec.convert(account_data, type=TokenAccountDataDTO)
+            return AccountDTO(
+                token=token,
+                session_id=token_account_data.session_id,
+                user=token_account_data.user,
+            )
+        except Exception:
+            raise DecodeTokenError
+    @staticmethod
+    def encode_token(token_account_data: TokenAccountDataDTO) -> str:
+        return jwt.encode(msgspec.to_builtins(token_account_data), settings.jwt_secret, algorithm="HS256")
+    @staticmethod
+    def decode_token(token: str) -> dict[str, Any]:
+        try:
+            return jwt.decode(token, settings.jwt_secret, algorithms=["HS256"])
+        except jwt.exceptions.InvalidSignatureError:
+            raise DecodeTokenError
+    @staticmethod
+    def generate_activate_code() -> str:
+        return "".join(str(random.randint(0, 9)) for _ in range(8))
+async def provide_auth_service(
+    db_session: AsyncSession,
+    mail_client: MailClient,
+    storage: Storage,
+    user_service: UserService,
+) -> AsyncGenerator[AuthService, None]:
+    yield AuthService(
+        session=db_session,
+        mail_client=mail_client,
+        storage=storage,
+        user_service=user_service,
+    )

auth/services/permission_service.py ADDED Viewed

@@ -0,0 +1,18 @@
+from advanced_alchemy.repository import SQLAlchemyAsyncRepository
+from advanced_alchemy.service import SQLAlchemyAsyncRepositoryService
+from sqlalchemy.ext.asyncio import AsyncSession
+from ..models import PermissionModel
+__all__ = ["PermissionService", "provide_permission_service"]
+class PermissionService(SQLAlchemyAsyncRepositoryService):
+    class Repository(SQLAlchemyAsyncRepository[PermissionModel]):
+        model_type = PermissionModel
+    repository_type = Repository
+async def provide_permission_service(db_session: AsyncSession) -> PermissionService:
+    return PermissionService(session=db_session)

auth/services/role_service.py ADDED Viewed

@@ -0,0 +1,21 @@
+from advanced_alchemy.repository import SQLAlchemyAsyncRepository
+from advanced_alchemy.service import SQLAlchemyAsyncRepositoryService
+from sqlalchemy.ext.asyncio import AsyncSession
+from ..models import RoleModel
+__all__ = [
+    "RoleService",
+    "provide_role_service",
+]
+class RoleService(SQLAlchemyAsyncRepositoryService):
+    class Repository(SQLAlchemyAsyncRepository[RoleModel]):
+        model_type = RoleModel
+    repository_type = Repository
+async def provide_role_service(db_session: AsyncSession) -> RoleService:
+    return RoleService(session=db_session)

auth/services/user_service.py ADDED Viewed

@@ -0,0 +1,21 @@
+from advanced_alchemy.repository import SQLAlchemyAsyncRepository
+from advanced_alchemy.service import SQLAlchemyAsyncRepositoryService
+from sqlalchemy.ext.asyncio import AsyncSession
+from ..models import UserModel
+__all__ = [
+    "UserService",
+    "provide_user_service",
+]
+class UserService(SQLAlchemyAsyncRepositoryService):
+    class Repository(SQLAlchemyAsyncRepository[UserModel]):
+        model_type = UserModel
+    repository_type = Repository
+async def provide_user_service(db_session: AsyncSession) -> UserService:
+    return UserService(session=db_session)

core/cli.py ADDED Viewed

@@ -0,0 +1,10 @@
+import asyncio
+from functools import wraps
+def coro(f):
+    @wraps(f)
+    def wrapper(*args, **kwargs):
+        return asyncio.run(f(*args, **kwargs))
+    return wrapper

core/database.py ADDED Viewed

@@ -0,0 +1,16 @@
+from advanced_alchemy.base import UUIDAuditBase
+from litestar.plugins.sqlalchemy import SQLAlchemyAsyncConfig, SQLAlchemyPlugin
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
+from .settings import settings
+config = SQLAlchemyAsyncConfig(
+    connection_string=settings.db_url,
+    metadata=UUIDAuditBase.metadata,
+    create_all=settings.db_create_all,
+)
+sqlalchemy_plugin = SQLAlchemyPlugin(config=config)
+engine = create_async_engine(settings.db_url, echo=False)
+session_maker = async_sessionmaker(engine, expire_on_commit=False, class_=AsyncSession)

core/mail.py ADDED Viewed

@@ -0,0 +1,31 @@
+from email.message import EmailMessage
+import smtplib
+from .settings import MailSettings, settings
+class MailClient:
+    def __init__(self, config: MailSettings):
+        self.settings = config
+    def send(self, recipients: list[str], subject: str, body: str):
+        msg = EmailMessage()
+        msg.set_content(body)
+        server = smtplib.SMTP(self.settings.host, self.settings.port, timeout=5)
+        server.starttls()
+        server.login(self.settings.login, self.settings.password)
+        msg = EmailMessage()
+        msg["Subject"] = subject
+        msg.set_content(body)
+        msg["From"] = self.settings.login
+        for recipient in recipients:
+            msg["To"] = recipient
+            server.send_message(msg)
+        server.quit()
+async def provide_mail_client():
+    return MailClient(settings.mail_config)

core/openapi.py ADDED Viewed

@@ -0,0 +1,26 @@
+from litestar.openapi import OpenAPIConfig
+from litestar.openapi.plugins import ScalarRenderPlugin
+from litestar.openapi.spec import Components, SecurityScheme
+from .settings import settings
+openapi_config = OpenAPIConfig(
+    components=[
+        Components(
+            security_schemes={
+                "JWT": SecurityScheme(
+                    type="http",
+                    scheme="Bearer",
+                    name="Authorization",
+                    security_scheme_in="cookie",
+                    bearer_format="JWT",
+                    description="Authorization",
+                )
+            }
+        )
+    ],
+    title=settings.open_api_config.title,
+    version=settings.open_api_config.version,
+    path=settings.open_api_config.path,
+    render_plugins=[ScalarRenderPlugin()],
+)

core/settings.py ADDED Viewed

@@ -0,0 +1,46 @@
+from pydantic import Field
+from pydantic_settings import BaseSettings
+class StorageSettings(BaseSettings):
+    url: str = Field(default="nats://localhost:4222")
+    buckets: list[str] = Field()
+    class Config:
+        env_prefix = "STORAGE_"
+class MailSettings(BaseSettings):
+    host: str = Field(default="smtp.yandex.com")
+    port: int = Field(default=587)
+    login: str = Field(default="info@service-laboratory.online")
+    password: str = Field(default="superPassword")
+    class Config:
+        env_prefix = "MAIL_"
+class OpenApiSettings(BaseSettings):
+    title: str = Field(deafult="title")
+    version: str = Field(deafult="0.1.2")
+    path: str = Field(deafult="/api/docs")
+    class Config:
+        env_prefix = "OPEN_API_"
+class Settings(BaseSettings):
+    debug: bool = Field(default=False)
+    jwt_secret: str = Field(default="secret_for_jwt")
+    # database config
+    db_url: str = Field(default="postgresql+asyncpg://user:password@localhost:5432/db")
+    db_create_all: bool = Field(default=False)
+    # services config
+    open_api_config: OpenApiSettings = Field(default_factory=OpenApiSettings)
+    mail_config: MailSettings = Field(default_factory=MailSettings)
+    storage_config: StorageSettings = Field(default_factory=StorageSettings)
+settings = Settings()

core/storage.py ADDED Viewed

@@ -0,0 +1,54 @@
+from typing import TypeVar
+from faststream import FastStream
+from faststream.nats import NatsBroker
+from litestar import Litestar
+import msgspec
+from .settings import StorageSettings, settings
+T = TypeVar("T")
+class Storage:
+    def __init__(self, config: StorageSettings):
+        self.broker = NatsBroker(servers=config.url)
+        self.app = FastStream(self.broker)
+        self.settings = config
+        self.buckets = {}
+        self.is_connected = False
+    async def connect(self):
+        if not self.is_connected:
+            await self.broker.connect()
+            for bucket in self.settings.buckets:
+                await self.init_bucket(bucket)
+            self.is_connected = True
+    async def init_bucket(self, name: str):
+        self.buckets[name] = await self.broker.key_value(name)
+    async def save(self, bucket: str, key: str, data: msgspec.Struct):
+        await self.buckets[bucket].put(key, msgspec.json.encode(data))
+    async def get(self, bucket: str, key: str, model_type: T) -> T:
+        data = await self.buckets[bucket].get(key)
+        return msgspec.json.decode(data.value, type=model_type)
+    async def delete(self, bucket: str, key: str):
+        await self.buckets[bucket].delete(key)
+    async def disconnect(self):
+        await self.broker.stop()
+        self.is_connected = False
+async def provide_storage() -> Storage:
+    storage = Storage(settings.storage_config)
+    await storage.connect()
+    return storage
+async def close_storage(app: Litestar) -> None:
+    storage: Storage = await app.dependencies.get("storage")()
+    await storage.disconnect()

service_packages-4.0.22.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,63 @@
+Metadata-Version: 2.4
+Name: service_packages
+Version: 4.0.22
+Summary: Service laboratory packages
+Author-email: Alexei Rysev <alexeirysev@gmail.com>
+Maintainer-email: Alexei Rysev <alexeirysev@gmail.com>
+License: Copyright (c) 2018 The Python Packaging Authority
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+License-File: LICENSE.txt
+Keywords: development,prototype,setuptools
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Software Development :: Build Tools
+Requires-Python: >=3.12
+Requires-Dist: advanced-alchemy==1.4.4
+Requires-Dist: asyncpg>=0.30.0
+Requires-Dist: bcrypt>=5.0.0
+Requires-Dist: faststream[nats]>=0.6.3
+Requires-Dist: litestar[standard]>=2.15.2
+Requires-Dist: pydantic-settings>=2.8.1
+Requires-Dist: pydantic>=2.11.3
+Requires-Dist: pyjwt>=2.10.1
+Requires-Dist: pytest-asyncio>=0.24.0
+Requires-Dist: pytest-cov>=7.0.0
+Requires-Dist: pytest-html>=4.1.1
+Requires-Dist: pytest>=8.4.2
+Requires-Dist: pyyaml>=6.0.3
+Requires-Dist: sqlalchemy>=2.0.40
+Requires-Dist: timer-context>=1.1.1
+Requires-Dist: uvicorn>=0.34.1
+Provides-Extra: dev
+Requires-Dist: check-manifest; extra == 'dev'
+Provides-Extra: test
+Requires-Dist: coverage; extra == 'test'
+Requires-Dist: pytest-asyncio==0.24.0; extra == 'test'
+Requires-Dist: pytest>=8.2.1; extra == 'test'
+Description-Content-Type: text/markdown
+# service laboratory package
+- auth module

service_packages-4.0.22.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,35 @@
+auth/__init__.py,sha256=a9OT6y15U8RGLH5CQRkb4irAOdZAjoTzC6-pCW1ArG8,101
+auth/factories.py,sha256=aBAd50v_wfFVsBw70J78C0CCfxmjRI0tzYw5UtSWlOM,475
+auth/fixtures.yaml,sha256=K4b2cfy7lsshSqATMte_HYCACqSVzOyZTQkW4BuQzKQ,55
+auth/guards.py,sha256=hjpjDYr19I57VM-kQ2Kh5M81Pxr5yUIoiwkfth75gnY,399
+auth/loaders.py,sha256=GiiHdKqNGNyUIYbWSHFMTQZfOjX_lP9oP4JGuvg2lSI,906
+auth/middleware.py,sha256=-fYkpWcjWWGNr0FCWWoiv6d571flCqCvqDzDJo_bXuU,1677
+auth/plugin.py,sha256=tYsX_HdDumN1IBrUewsQRLC7xvVK74d2tu87V9MpERE,1780
+auth/api/__init__.py,sha256=5b8giem7j-uIRZQleEtW3kM4yuMj3xPay0j6ussw0_c,430
+auth/api/account_controller.py,sha256=4xXKeNDJLSoDn7OGv2VKCopMru4s1e7yncjgmSEEj_Y,3756
+auth/api/e2e_controller.py,sha256=EcvStn8i-Qtj563nifEFXOyUIqHqU7_O5uJQx--ntWs,406
+auth/api/permission_controller.py,sha256=c0Tm4Df054_1DT_vGaHzlRY4OT2WGWhSqVAAKF5LAPM,1865
+auth/api/role_controller.py,sha256=vjH9KaDWTAFFRhHAxW3h17iOib2KgAohkHJm9BC7z_8,1721
+auth/api/user_controller.py,sha256=hGlK81Bop0TUSWO4n1x5eEi1OgOkq7DF3HFMTQ-9mjk,1875
+auth/models/__init__.py,sha256=Kg2UEpg_8k3mIJH5TpLTwh6om92BajUTdOX1TGgJa3Q,397
+auth/models/auth_code_model.py,sha256=tqyhGKfsZxtnKxPw08yi7RZPpwjurNQXnSKYPY50sjQ,328
+auth/models/permission_model.py,sha256=ZRRkU62yXWYGZQZEwjcXiA1RBlSv3H0KtG-aWv2gE78,223
+auth/models/role_model.py,sha256=jnRWHc1TQCLSWpd_bVRyYoowy4NboEkEbjzpAvzFJ1k,368
+auth/models/role_permission_model.py,sha256=qFGiuhrWWSFGaiXZ3oF2gZz2KZrFiOp9r5IxgVeCTCY,394
+auth/models/user_model.py,sha256=mo7prCyxJmw-E0USACdzyt-gVGWnDczEOOuyF3zBg04,461
+auth/models/user_role_model.py,sha256=bq82Ml1evYnz87QTGkHK3CTAIadqBW462MEHK6cBqUU,370
+auth/services/__init__.py,sha256=BofpESzGDllOtdB64gf5A04YDv6ZX2hdFay0SVBKebU,1095
+auth/services/auth_service.py,sha256=gCKU5OnWJ7ra_rMJhQWN6ZYQXRF-VOCZzZKFko8peWY,9178
+auth/services/permission_service.py,sha256=k6xb_decsFH_PVj1PBOaB75Xht2qusqRHMP9FjnJWXU,619
+auth/services/role_service.py,sha256=dNU2Dm3rwoPoytWSxWMPtSOp9gxGQzwbeWvRXxhLe0w,576
+auth/services/user_service.py,sha256=VxEBUckhUpiFXcM1-53rFTYyH0hwMtup6CAgedzS4iw,576
+core/cli.py,sha256=bblQvTjmn5wiYsDSBdyqwN9xnsuRwJrlFenjStHJJ5s,173
+core/database.py,sha256=QUsr9TDVfjnIPAHq8UtnWmRVfQz228KYZis6fSjDVzw,599
+core/mail.py,sha256=50LWGDhN8w2JNZJQMdKsefoCWxmGEdCVEIbl5Q6kMEs,844
+core/openapi.py,sha256=IsmcepeUgIT7Rk9qY2jCDkurOGeJmf0bmnJhDnvye_k,805
+core/settings.py,sha256=CbRF-uUFF6DCKtpvFGyICzEL61rQ6iiwyq309S1DjN0,1300
+core/storage.py,sha256=EMANUfmr14foq7Oq1qkBRWfynNFayQjLDzPa3T0UCSY,1617
+service_packages-4.0.22.dist-info/METADATA,sha256=M3ZwU87zy8pmJ8OSroqFEksdLLTLs1texJhNqzcN8PI,2785
+service_packages-4.0.22.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+service_packages-4.0.22.dist-info/licenses/LICENSE.txt,sha256=2bm9uFabQZ3Ykb_SaSU_uUbAj2-htc6WJQmS_65qD00,1073
+service_packages-4.0.22.dist-info/RECORD,,

service_packages-4.0.22.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.28.0
+Root-Is-Purelib: true
+Tag: py3-none-any

service_packages-4.0.22.dist-info/licenses/LICENSE.txt ADDED Viewed

@@ -0,0 +1,19 @@
+Copyright (c) 2018 The Python Packaging Authority
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.