simple-module-auth 0.0.1__py3-none-any.whl

auth/__init__.py

@@ -0,0 +1 @@
+"""Auth module — shared contracts (UserContext, deps)."""

auth/contracts/__init__.py

@@ -0,0 +1,5 @@
+"""Auth contracts — public types for other modules."""
+
+from auth.contracts.schemas import UserContext
+
+__all__ = ["UserContext"]

auth/contracts/schemas.py

@@ -0,0 +1,75 @@
+"""Auth data types shared with other modules."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    # Runtime import would be circular: auth -> users -> auth.
+    # Only imported for type-hints, never at runtime.
+    from users.models import User
+
+
+@dataclass
+class UserContext:
+    """Authenticated user information for downstream handlers."""
+
+    id: str
+    email: str
+    name: str
+    roles: list[str] = field(default_factory=list)
+    tenant_id: str | None = None
+
+    @classmethod
+    def from_user(cls, user: User | Any) -> UserContext:
+        """Build a UserContext from a users.models.User with eagerly-loaded roles.
+
+        Duck-typed to avoid importing users.models at runtime — any object
+        exposing .id, .email, .full_name, .roles[*].name, .tenant_id works.
+        The caller is responsible for eager-loading roles (selectinload).
+        """
+        return cls(
+            id=str(user.id),
+            email=user.email,
+            name=user.full_name or user.email,
+            roles=[r.name for r in user.roles],
+            tenant_id=user.tenant_id,
+        )
+
+    def to_session_dict(self) -> dict[str, Any]:
+        """Serialize to a JSON-safe dict for the signed session cookie.
+
+        The inverse of :meth:`from_session_dict`. Adding a new field to
+        ``UserContext`` requires updating both methods here — not the
+        AuthMiddleware cache helper, which stays schema-agnostic."""
+        return {
+            "id": self.id,
+            "email": self.email,
+            "name": self.name,
+            "roles": list(self.roles),
+            "tenant_id": self.tenant_id,
+        }
+
+    @classmethod
+    def from_session_dict(cls, payload: Any) -> UserContext | None:
+        """Rebuild from :meth:`to_session_dict` output. Returns ``None`` on any
+        shape mismatch so callers can fall through to a fresh DB load."""
+        if not isinstance(payload, dict):
+            return None
+        try:
+            return cls(
+                id=str(payload["id"]),
+                email=str(payload["email"]),
+                name=str(payload["name"]),
+                roles=list(payload.get("roles") or []),
+                tenant_id=payload.get("tenant_id"),
+            )
+        except (KeyError, TypeError, ValueError):
+            return None
+
+    def has_role(self, role: str) -> bool:
+        return role in self.roles
+
+    def has_any_role(self, roles: list[str]) -> bool:
+        return bool(set(self.roles) & set(roles))

auth/deps.py

@@ -0,0 +1,60 @@
+"""FastAPI auth dependencies — get_current_user, require_permission."""
+
+from __future__ import annotations
+
+from typing import Annotated
+
+from fastapi import Depends, HTTPException, Request
+from simple_module_hosting.i18n_deps import TranslatorDep
+
+from auth.contracts.schemas import UserContext
+
+_ADMIN_ROLE = "admin"
+
+
+async def get_current_user(request: Request, t: TranslatorDep) -> UserContext:
+    """Extract the authenticated user from request state.
+
+    The auth middleware must set ``request.state.user`` before this runs.
+    """
+    user = getattr(request.state, "user", None)
+    if user is None:
+        raise HTTPException(status_code=401, detail=t.t("auth.errors.not_authenticated"))
+    return user
+
+
+CurrentUser = Annotated[UserContext, Depends(get_current_user)]
+
+
+def require_permission(*permissions: str):
+    """Create a dependency that checks if the user has required permissions.
+
+    Usage::
+
+        @router.post("/", dependencies=[Depends(require_permission("products.create"))])
+        async def create_product(...): ...
+    """
+
+    async def check(
+        request: Request,
+        t: TranslatorDep,
+        user: UserContext = Depends(get_current_user),
+    ):
+        # Admin role bypasses permission checks
+        if _ADMIN_ROLE in user.roles:
+            return
+
+        # Get permission registry from app state
+        perm_registry = request.app.state.sm.permissions
+        user_perms = perm_registry.get_permissions_for_roles(user.roles)
+
+        if not any(p in user_perms for p in permissions):
+            raise HTTPException(
+                status_code=403,
+                detail=t.t(
+                    "auth.errors.missing_permission",
+                    permissions=", ".join(permissions),
+                ),
+            )
+
+    return Depends(check)

auth/locales/en.json

@@ -0,0 +1,6 @@
+{
+  "errors": {
+    "not_authenticated": "Not authenticated",
+    "missing_permission": "Missing required permission: {permissions}"
+  }
+}

auth/locales/es.json

@@ -0,0 +1,6 @@
+{
+  "errors": {
+    "not_authenticated": "No autenticado",
+    "missing_permission": "Falta el permiso requerido: {permissions}"
+  }
+}

auth/module.py

@@ -0,0 +1,26 @@
+"""Auth module — shared contracts (UserContext, deps).
+
+Intentionally minimal: this module owns the PUBLIC interface (UserContext,
+get_current_user, CurrentUser, require_permission) that every other module
+imports. Keeping it stable prevents churn when auth internals change.
+
+All authentication logic (middleware, login, signup, OAuth) lives in the
+users module.
+"""
+
+from __future__ import annotations
+
+import importlib.resources
+from pathlib import Path
+
+from simple_module_core.module import ModuleBase, ModuleMeta
+
+
+class AuthModule(ModuleBase):
+    meta = ModuleMeta(
+        name="Auth",
+        route_prefix="/auth",
+    )
+
+    def locale_dirs(self) -> dict[str, Path]:
+        return {"auth": Path(str(importlib.resources.files(__package__) / "locales"))}

auth/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "@simple-module-py/auth",
+  "version": "0.1.0",
+  "private": true,
+  "description": "Frontend assets for the Auth module",
+  "peerDependencies": {
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "@inertiajs/react": "^2.0.0",
+    "@simple-module-py/ui": "*"
+  },
+  "devDependencies": {
+    "@simple-module-py/tsconfig": "*"
+  },
+  "dependencies": {}
+}

simple_module_auth-0.0.1.dist-info/METADATA

@@ -0,0 +1,71 @@
+Metadata-Version: 2.4
+Name: simple_module_auth
+Version: 0.0.1
+Summary: Session-cookie authentication primitives — middleware, login/logout, redirect helpers for simple_module
+Project-URL: Homepage, https://github.com/antosubash/simple_module_python
+Project-URL: Repository, https://github.com/antosubash/simple_module_python
+Project-URL: Issues, https://github.com/antosubash/simple_module_python/issues
+Project-URL: Changelog, https://github.com/antosubash/simple_module_python/blob/main/CHANGELOG.md
+Author-email: Anto Subash <antosubash@live.com>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: authentication,cookie,fastapi,session,simple-module
+Classifier: Development Status :: 3 - Alpha
+Classifier: Framework :: FastAPI
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: itsdangerous>=2.2
+Requires-Dist: simple-module-core==0.0.1
+Requires-Dist: simple-module-db==0.0.1
+Description-Content-Type: text/markdown
+
+# simple_module_auth
+
+Session-cookie authentication primitives for [simple_module](https://github.com/antosubash/simple_module_python) apps. Provides the `SessionMiddleware` wiring, login/logout helpers, and login-redirect handling used by the `simple_module_users` module.
+
+**Heads up:** for most apps you don't install this directly — `simple_module_users` pulls it in and builds the email+password auth flow on top of these primitives.
+
+## Install
+
+```bash
+pip install simple_module_auth
+```
+
+## What it provides
+
+- Starlette `SessionMiddleware` configuration reading `SM_SECRET_KEY` and `SM_SESSION_COOKIE_*` env vars.
+- `current_user_id` FastAPI dependency reading the signed session cookie.
+- Redirect-to-login helpers for unauthenticated requests on Inertia routes.
+- Login-required decorator / dependency for protecting routes without pulling in the heavier `simple_module_users` package.
+
+## Usage
+
+```python
+from fastapi import APIRouter, Depends
+from simple_module_auth import require_login
+
+router = APIRouter()
+
+
+@router.get("/me")
+async def me(user_id: int = Depends(require_login)):
+    return {"user_id": user_id}
+```
+
+Routes that need more than just "logged in" (e.g. role/permission checks) should use `simple_module_permissions` instead.
+
+## Depends on
+
+- `simple_module_core`, `simple_module_db`
+- `itsdangerous`
+
+## License
+
+MIT — see [LICENSE](https://github.com/antosubash/simple_module_python/blob/main/LICENSE).

simple_module_auth-0.0.1.dist-info/RECORD

@@ -0,0 +1,14 @@
+auth/__init__.py,sha256=KNm7tP262uKG-dHYqVa_oIH_gSObAPH-vFL6hGGYsAw,60
+auth/deps.py,sha256=ouFGjKZd9IOQo5oxLQ9UBSTkzgt_zoOhiEjOpNI_vXs,1805
+auth/module.py,sha256=huMTDc_IeS8eiRQhnu-mvPcXY7xQ52GcdmqWdUFNJEA,767
+auth/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+auth/contracts/__init__.py,sha256=7vR0kgDkcs9HDP7Gcrfmq8UCuWniErIxLUPyRnz-qlU,132
+auth/contracts/schemas.py,sha256=Fi1-xqTaoWv3EEM9Oz-6Qst3PqVBrF7gp-_iXW1jjgo,2562
+auth/locales/en.json,sha256=3a-d-xk1u4wUC6CZFWl3UhvTu7CTjZ0st9K_05FbY_o,139
+auth/locales/es.json,sha256=9oeoOjEHrbkkgWSks4xSl4E1ePuEl-DHPsmjfntb9OM,135
+auth/package.json,sha256=rSy_-0JLlNthQ25ru8_yk1b1-uBmki0wNiP426eWt_4,371
+simple_module_auth-0.0.1.dist-info/METADATA,sha256=q4cnkxA4G7IB_B7Gqr4iqn2hkWjcQ9x7sk_nC2CEfZc,2748
+simple_module_auth-0.0.1.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+simple_module_auth-0.0.1.dist-info/entry_points.txt,sha256=LpawiTLI4tijzuCnX4Judo1zha8cp87_Mx3_24qg4ZA,46
+simple_module_auth-0.0.1.dist-info/licenses/LICENSE,sha256=Yn66lhLklsF5p7pa85_ksQrJ79Q-FgOaUAHevLBjer4,1068
+simple_module_auth-0.0.1.dist-info/RECORD,,

simple_module_auth-0.0.1.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

simple_module_auth-0.0.1.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[simple_module]
+auth = auth.module:AuthModule

simple_module_auth-0.0.1.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Anto Subash
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.