skrift 0.1.0a12__py3-none-any.whl

skrift/db/models/oauth_account.py

@@ -0,0 +1,50 @@
+"""OAuth account model for storing multiple OAuth identities per user."""
+
+from typing import TYPE_CHECKING, Any
+from uuid import UUID
+
+from sqlalchemy import ForeignKey, JSON, String, UniqueConstraint
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from skrift.db.base import Base
+
+if TYPE_CHECKING:
+    from skrift.db.models.user import User
+
+
+class OAuthAccount(Base):
+    """OAuth account model linking OAuth provider identities to users.
+
+    This allows a single user to have multiple OAuth provider accounts
+    linked to their profile, enabling login via different providers.
+
+    The provider_metadata column stores the full raw OAuth provider response,
+    which varies by provider:
+
+    - Discord: id, username, global_name, discriminator, avatar, email, verified, locale
+    - GitHub: id, login, name, email, avatar_url, bio, company, location, public_repos
+    - Google: id, email, name, picture, verified_email, locale, hd
+    - Twitter: id, username, name
+    - Microsoft: id, displayName, mail, userPrincipalName
+    - Facebook: id, name, email, picture.data.url
+    """
+
+    __tablename__ = "oauth_accounts"
+
+    provider: Mapped[str] = mapped_column(String(50), nullable=False)
+    provider_account_id: Mapped[str] = mapped_column(String(255), nullable=False)
+    provider_email: Mapped[str | None] = mapped_column(String(255), nullable=True)
+    provider_metadata: Mapped[dict[str, Any] | None] = mapped_column(
+        JSON, nullable=True, default=None
+    )
+    user_id: Mapped[UUID] = mapped_column(
+        ForeignKey("users.id", ondelete="CASCADE"), nullable=False
+    )
+
+    user: Mapped["User"] = relationship("User", back_populates="oauth_accounts")
+
+    __table_args__ = (
+        UniqueConstraint(
+            "provider", "provider_account_id", name="uq_oauth_provider_account"
+        ),
+    )

skrift/db/models/page.py

@@ -0,0 +1,26 @@
+from datetime import datetime
+from uuid import UUID
+
+from sqlalchemy import String, Text, Boolean, DateTime, ForeignKey
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from skrift.db.base import Base
+
+
+class Page(Base):
+    """Page model for content management."""
+
+    __tablename__ = "pages"
+
+    # Author relationship (optional - pages may not have an author)
+    user_id: Mapped[UUID | None] = mapped_column(ForeignKey("users.id"), nullable=True, index=True)
+    user: Mapped["User"] = relationship("User", back_populates="pages")
+
+    # Content fields
+    slug: Mapped[str] = mapped_column(String(255), nullable=False, unique=True, index=True)
+    title: Mapped[str] = mapped_column(String(500), nullable=False)
+    content: Mapped[str] = mapped_column(Text, nullable=False, default="")
+
+    # Publication fields
+    is_published: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False)
+    published_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True), nullable=True)

skrift/db/models/role.py

@@ -0,0 +1,56 @@
+"""Role and permission database models."""
+
+from typing import TYPE_CHECKING
+from uuid import UUID
+
+from sqlalchemy import Column, ForeignKey, String, Table, UniqueConstraint
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from skrift.db.base import Base
+
+if TYPE_CHECKING:
+    from skrift.db.models.user import User
+
+# Association table for many-to-many relationship between users and roles
+user_roles = Table(
+    "user_roles",
+    Base.metadata,
+    Column("user_id", ForeignKey("users.id", ondelete="CASCADE"), primary_key=True),
+    Column("role_id", ForeignKey("roles.id", ondelete="CASCADE"), primary_key=True),
+)
+
+
+class Role(Base):
+    """Role model for user authorization."""
+
+    __tablename__ = "roles"
+
+    name: Mapped[str] = mapped_column(String(50), unique=True, nullable=False)
+    display_name: Mapped[str | None] = mapped_column(String(100), nullable=True)
+    description: Mapped[str | None] = mapped_column(String(500), nullable=True)
+
+    # Relationships
+    users: Mapped[list["User"]] = relationship(
+        "User", secondary=user_roles, back_populates="roles"
+    )
+    permissions: Mapped[list["RolePermission"]] = relationship(
+        "RolePermission", back_populates="role", cascade="all, delete-orphan"
+    )
+
+
+class RolePermission(Base):
+    """Permission associated with a role."""
+
+    __tablename__ = "role_permissions"
+
+    role_id: Mapped[UUID] = mapped_column(
+        ForeignKey("roles.id", ondelete="CASCADE"), nullable=False
+    )
+    permission: Mapped[str] = mapped_column(String(100), nullable=False)
+
+    # Relationships
+    role: Mapped["Role"] = relationship("Role", back_populates="permissions")
+
+    __table_args__ = (
+        UniqueConstraint("role_id", "permission", name="uq_role_permission"),
+    )

skrift/db/models/setting.py

@@ -0,0 +1,13 @@
+from sqlalchemy import String, Text
+from sqlalchemy.orm import Mapped, mapped_column
+
+from skrift.db.base import Base
+
+
+class Setting(Base):
+    """Key-value setting storage for site configuration."""
+
+    __tablename__ = "settings"
+
+    key: Mapped[str] = mapped_column(String(255), nullable=False, unique=True, index=True)
+    value: Mapped[str | None] = mapped_column(Text, nullable=True)

skrift/db/models/user.py

@@ -0,0 +1,36 @@
+from datetime import datetime
+from typing import TYPE_CHECKING
+
+from sqlalchemy import String, Boolean, DateTime
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from skrift.db.base import Base
+
+if TYPE_CHECKING:
+    from skrift.db.models.oauth_account import OAuthAccount
+    from skrift.db.models.page import Page
+    from skrift.db.models.role import Role
+
+
+class User(Base):
+    """User model for OAuth authentication."""
+
+    __tablename__ = "users"
+
+    # Profile data from OAuth provider
+    email: Mapped[str | None] = mapped_column(String(255), nullable=True, unique=True)
+    name: Mapped[str | None] = mapped_column(String(255), nullable=True)
+    picture_url: Mapped[str | None] = mapped_column(String(512), nullable=True)
+
+    # Application fields
+    is_active: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False)
+    last_login_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True), nullable=True)
+
+    # Relationships
+    oauth_accounts: Mapped[list["OAuthAccount"]] = relationship(
+        "OAuthAccount", back_populates="user", cascade="all, delete-orphan"
+    )
+    pages: Mapped[list["Page"]] = relationship("Page", back_populates="user")
+    roles: Mapped[list["Role"]] = relationship(
+        "Role", secondary="user_roles", back_populates="users", lazy="selectin"
+    )

skrift/db/services/__init__.py

@@ -0,0 +1 @@
+"""Database service layer for business logic and CRUD operations."""

skrift/db/services/oauth_service.py

@@ -0,0 +1,195 @@
+"""OAuth service for accessing OAuth account data and provider metadata."""
+
+from typing import Any
+from uuid import UUID
+
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from skrift.db.models.oauth_account import OAuthAccount
+
+
+async def get_oauth_account_by_user_and_provider(
+    db_session: AsyncSession,
+    user_id: UUID,
+    provider: str,
+) -> OAuthAccount | None:
+    """Get a specific OAuth account for a user and provider.
+
+    Args:
+        db_session: Database session
+        user_id: User UUID
+        provider: OAuth provider name (e.g., 'discord', 'github')
+
+    Returns:
+        OAuthAccount or None if not found
+    """
+    result = await db_session.execute(
+        select(OAuthAccount).where(
+            OAuthAccount.user_id == user_id,
+            OAuthAccount.provider == provider,
+        )
+    )
+    return result.scalar_one_or_none()
+
+
+async def get_oauth_accounts_by_user(
+    db_session: AsyncSession,
+    user_id: UUID,
+) -> list[OAuthAccount]:
+    """Get all OAuth accounts linked to a user.
+
+    Args:
+        db_session: Database session
+        user_id: User UUID
+
+    Returns:
+        List of OAuthAccount objects
+    """
+    result = await db_session.execute(
+        select(OAuthAccount).where(OAuthAccount.user_id == user_id)
+    )
+    return list(result.scalars().all())
+
+
+async def get_provider_metadata(
+    db_session: AsyncSession,
+    user_id: UUID,
+    provider: str,
+) -> dict[str, Any] | None:
+    """Get the raw provider metadata for a user's OAuth account.
+
+    Args:
+        db_session: Database session
+        user_id: User UUID
+        provider: OAuth provider name
+
+    Returns:
+        Provider metadata dict or None if not found
+    """
+    oauth_account = await get_oauth_account_by_user_and_provider(
+        db_session, user_id, provider
+    )
+    if oauth_account:
+        return oauth_account.provider_metadata
+    return None
+
+
+def extract_metadata_field(
+    metadata: dict[str, Any] | None,
+    *keys: str,
+    default: Any = None,
+) -> Any:
+    """Safely extract a nested field from metadata.
+
+    Args:
+        metadata: Provider metadata dict
+        *keys: Sequence of keys for nested access (e.g., 'picture', 'data', 'url')
+        default: Default value if field not found
+
+    Returns:
+        Field value or default
+    """
+    if metadata is None:
+        return default
+
+    current = metadata
+    for key in keys:
+        if isinstance(current, dict) and key in current:
+            current = current[key]
+        else:
+            return default
+    return current
+
+
+async def get_provider_username(
+    db_session: AsyncSession,
+    user_id: UUID,
+    provider: str,
+) -> str | None:
+    """Get the username from a provider's metadata.
+
+    Provider-specific username fields:
+    - Discord: username
+    - GitHub: login
+    - Twitter: username
+    - Google: email (no username concept)
+    - Microsoft: userPrincipalName
+    - Facebook: name (no username concept)
+
+    Args:
+        db_session: Database session
+        user_id: User UUID
+        provider: OAuth provider name
+
+    Returns:
+        Username string or None
+    """
+    metadata = await get_provider_metadata(db_session, user_id, provider)
+    if metadata is None:
+        return None
+
+    # Provider-specific username extraction
+    username_fields = {
+        "discord": "username",
+        "github": "login",
+        "twitter": "username",
+        "microsoft": "userPrincipalName",
+    }
+
+    field = username_fields.get(provider)
+    if field:
+        return extract_metadata_field(metadata, field)
+
+    # Fallback for providers without usernames
+    return extract_metadata_field(metadata, "email") or extract_metadata_field(
+        metadata, "name"
+    )
+
+
+async def get_provider_avatar_url(
+    db_session: AsyncSession,
+    user_id: UUID,
+    provider: str,
+) -> str | None:
+    """Get the avatar URL from a provider's metadata.
+
+    Provider-specific avatar URL construction:
+    - Discord: Constructed from id + avatar hash
+    - GitHub: avatar_url
+    - Google: picture
+    - Microsoft: No direct URL (requires Graph API call)
+    - Facebook: picture.data.url
+    - Twitter: No avatar in basic userinfo
+
+    Args:
+        db_session: Database session
+        user_id: User UUID
+        provider: OAuth provider name
+
+    Returns:
+        Avatar URL string or None
+    """
+    metadata = await get_provider_metadata(db_session, user_id, provider)
+    if metadata is None:
+        return None
+
+    if provider == "discord":
+        # Discord avatar URL must be constructed
+        user_id_discord = extract_metadata_field(metadata, "id")
+        avatar_hash = extract_metadata_field(metadata, "avatar")
+        if user_id_discord and avatar_hash:
+            return f"https://cdn.discordapp.com/avatars/{user_id_discord}/{avatar_hash}.png"
+        return None
+
+    if provider == "github":
+        return extract_metadata_field(metadata, "avatar_url")
+
+    if provider == "google":
+        return extract_metadata_field(metadata, "picture")
+
+    if provider == "facebook":
+        return extract_metadata_field(metadata, "picture", "data", "url")
+
+    # Microsoft and Twitter don't provide direct avatar URLs
+    return None

skrift/db/services/page_service.py

@@ -0,0 +1,217 @@
+"""Page service for CRUD operations on pages."""
+
+from datetime import datetime
+from uuid import UUID
+
+from sqlalchemy import select, and_
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from skrift.db.models import Page
+
+
+async def list_pages(
+    db_session: AsyncSession,
+    published_only: bool = False,
+    user_id: UUID | None = None,
+    limit: int | None = None,
+    offset: int = 0,
+) -> list[Page]:
+    """List pages with optional filtering.
+
+    Args:
+        db_session: Database session
+        published_only: Only return published pages
+        user_id: Filter by user ID (author)
+        limit: Maximum number of results
+        offset: Number of results to skip
+
+    Returns:
+        List of Page objects
+    """
+    query = select(Page)
+
+    # Build filters
+    filters = []
+    if published_only:
+        filters.append(Page.is_published == True)
+    if user_id:
+        filters.append(Page.user_id == user_id)
+
+    if filters:
+        query = query.where(and_(*filters))
+
+    # Order by published date (newest first), then created date
+    query = query.order_by(Page.published_at.desc().nullslast(), Page.created_at.desc())
+
+    # Apply pagination
+    if offset:
+        query = query.offset(offset)
+    if limit:
+        query = query.limit(limit)
+
+    result = await db_session.execute(query)
+    return list(result.scalars().all())
+
+
+async def get_page_by_slug(
+    db_session: AsyncSession,
+    slug: str,
+    published_only: bool = False,
+) -> Page | None:
+    """Get a single page by slug.
+
+    Args:
+        db_session: Database session
+        slug: Page slug
+        published_only: Only return if published
+
+    Returns:
+        Page object or None if not found
+    """
+    query = select(Page).where(Page.slug == slug)
+
+    if published_only:
+        query = query.where(Page.is_published == True)
+
+    result = await db_session.execute(query)
+    return result.scalar_one_or_none()
+
+
+async def get_page_by_id(
+    db_session: AsyncSession,
+    page_id: UUID,
+) -> Page | None:
+    """Get a single page by ID.
+
+    Args:
+        db_session: Database session
+        page_id: Page UUID
+
+    Returns:
+        Page object or None if not found
+    """
+    result = await db_session.execute(select(Page).where(Page.id == page_id))
+    return result.scalar_one_or_none()
+
+
+async def create_page(
+    db_session: AsyncSession,
+    slug: str,
+    title: str,
+    content: str = "",
+    is_published: bool = False,
+    published_at: datetime | None = None,
+    user_id: UUID | None = None,
+) -> Page:
+    """Create a new page.
+
+    Args:
+        db_session: Database session
+        slug: Unique page slug
+        title: Page title
+        content: Page content (HTML or markdown)
+        is_published: Whether page is published
+        published_at: Publication timestamp
+        user_id: Author user ID (optional)
+
+    Returns:
+        Created Page object
+    """
+    page = Page(
+        slug=slug,
+        title=title,
+        content=content,
+        is_published=is_published,
+        published_at=published_at,
+        user_id=user_id,
+    )
+    db_session.add(page)
+    await db_session.commit()
+    await db_session.refresh(page)
+    return page
+
+
+async def update_page(
+    db_session: AsyncSession,
+    page_id: UUID,
+    slug: str | None = None,
+    title: str | None = None,
+    content: str | None = None,
+    is_published: bool | None = None,
+    published_at: datetime | None = None,
+) -> Page | None:
+    """Update an existing page.
+
+    Args:
+        db_session: Database session
+        page_id: Page UUID to update
+        slug: New slug (optional)
+        title: New title (optional)
+        content: New content (optional)
+        is_published: New published status (optional)
+        published_at: New publication timestamp (optional)
+
+    Returns:
+        Updated Page object or None if not found
+    """
+    page = await get_page_by_id(db_session, page_id)
+    if not page:
+        return None
+
+    if slug is not None:
+        page.slug = slug
+    if title is not None:
+        page.title = title
+    if content is not None:
+        page.content = content
+    if is_published is not None:
+        page.is_published = is_published
+    if published_at is not None:
+        page.published_at = published_at
+
+    await db_session.commit()
+    await db_session.refresh(page)
+    return page
+
+
+async def delete_page(
+    db_session: AsyncSession,
+    page_id: UUID,
+) -> bool:
+    """Delete a page.
+
+    Args:
+        db_session: Database session
+        page_id: Page UUID to delete
+
+    Returns:
+        True if deleted, False if not found
+    """
+    page = await get_page_by_id(db_session, page_id)
+    if not page:
+        return False
+
+    await db_session.delete(page)
+    await db_session.commit()
+    return True
+
+
+async def check_page_ownership(
+    db_session: AsyncSession,
+    page_id: UUID,
+    user_id: UUID,
+) -> bool:
+    """Check if a user owns a page.
+
+    Args:
+        db_session: Database session
+        page_id: Page UUID to check
+        user_id: User UUID to check ownership
+
+    Returns:
+        True if user owns the page, False otherwise
+    """
+    page = await get_page_by_id(db_session, page_id)
+    if not page:
+        return False
+    return page.user_id == user_id