skrift 0.1.0a1__py3-none-any.whl

skrift/setup/middleware.py

@@ -0,0 +1,89 @@
+"""Setup wizard middleware for redirecting users to the setup wizard."""
+
+from litestar.response import Redirect
+from litestar.types import ASGIApp, Receive, Scope, Send
+
+# Paths that should be accessible during setup
+SETUP_ALLOWED_PATHS = (
+    "/setup",
+    "/static",
+    "/auth",  # Needed for OAuth callbacks during admin creation
+)
+
+
+class SetupMiddleware:
+    """ASGI middleware to redirect users to setup wizard if not configured."""
+
+    def __init__(self, app: ASGIApp, setup_complete: bool = False, use_app_state: bool = False) -> None:
+        """Initialize the middleware.
+
+        Args:
+            app: The ASGI application
+            setup_complete: Whether setup has been completed (static mode)
+            use_app_state: Whether to check app.state.setup_complete at runtime
+        """
+        self.app = app
+        self._setup_complete = setup_complete
+        self._use_app_state = use_app_state
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        """Process the request."""
+        if scope["type"] != "http":
+            await self.app(scope, receive, send)
+            return
+
+        path = scope["path"]
+
+        # Check setup complete status - either from app state (dynamic) or instance var (static)
+        setup_complete = self._setup_complete
+        if self._use_app_state and "app" in scope:
+            litestar_app = scope["app"]
+            setup_complete = getattr(litestar_app.state, "setup_complete", self._setup_complete)
+
+        # If setup is complete, block access to /setup
+        if setup_complete:
+            if path.startswith("/setup"):
+                # Redirect setup routes to home after setup is complete
+                response = Redirect(path="/")
+                await response(scope, receive, send)
+                return
+            await self.app(scope, receive, send)
+            return
+
+        # Setup not complete - check if path is allowed
+        if any(path.startswith(allowed) for allowed in SETUP_ALLOWED_PATHS):
+            await self.app(scope, receive, send)
+            return
+
+        # Redirect to setup wizard
+        response = Redirect(path="/setup")
+        await response(scope, receive, send)
+
+
+def create_setup_middleware_factory(setup_complete: bool):
+    """Create a middleware factory for the setup middleware (static mode).
+
+    Args:
+        setup_complete: Whether setup has been completed
+
+    Returns:
+        Middleware factory function
+    """
+
+    def factory(app: ASGIApp) -> SetupMiddleware:
+        return SetupMiddleware(app, setup_complete=setup_complete)
+
+    return factory
+
+
+def create_dynamic_setup_middleware_factory():
+    """Create a middleware factory that checks app state at runtime.
+
+    Returns:
+        Middleware factory function
+    """
+
+    def factory(app: ASGIApp) -> SetupMiddleware:
+        return SetupMiddleware(app, setup_complete=False, use_app_state=True)
+
+    return factory

skrift/setup/providers.py

@@ -0,0 +1,163 @@
+"""OAuth provider definitions and configuration for the setup wizard."""
+
+from dataclasses import dataclass
+
+
+@dataclass
+class OAuthProviderInfo:
+    """Information about an OAuth provider."""
+
+    name: str
+    auth_url: str
+    token_url: str
+    userinfo_url: str
+    scopes: list[str]
+    console_url: str
+    fields: list[dict]
+    instructions: str
+    icon: str = ""
+
+
+OAUTH_PROVIDERS = {
+    "google": OAuthProviderInfo(
+        name="Google",
+        auth_url="https://accounts.google.com/o/oauth2/v2/auth",
+        token_url="https://oauth2.googleapis.com/token",
+        userinfo_url="https://www.googleapis.com/oauth2/v2/userinfo",
+        scopes=["openid", "email", "profile"],
+        console_url="https://console.cloud.google.com/apis/credentials",
+        fields=[
+            {"key": "client_id", "label": "Client ID", "type": "text"},
+            {"key": "client_secret", "label": "Client Secret", "type": "password"},
+        ],
+        instructions="""
+1. Go to the Google Cloud Console
+2. Create a new project or select an existing one
+3. Enable the Google+ API
+4. Go to Credentials → Create Credentials → OAuth Client ID
+5. Choose "Web application"
+6. Add the redirect URI shown below
+7. Copy the Client ID and Client Secret
+        """.strip(),
+        icon="google",
+    ),
+    "github": OAuthProviderInfo(
+        name="GitHub",
+        auth_url="https://github.com/login/oauth/authorize",
+        token_url="https://github.com/login/oauth/access_token",
+        userinfo_url="https://api.github.com/user",
+        scopes=["read:user", "user:email"],
+        console_url="https://github.com/settings/developers",
+        fields=[
+            {"key": "client_id", "label": "Client ID", "type": "text"},
+            {"key": "client_secret", "label": "Client Secret", "type": "password"},
+        ],
+        instructions="""
+1. Go to GitHub Settings → Developer settings → OAuth Apps
+2. Click "New OAuth App"
+3. Fill in the application details
+4. Add the redirect URI shown below as the callback URL
+5. Copy the Client ID and generate a Client Secret
+        """.strip(),
+        icon="github",
+    ),
+    "microsoft": OAuthProviderInfo(
+        name="Microsoft",
+        auth_url="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize",
+        token_url="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token",
+        userinfo_url="https://graph.microsoft.com/v1.0/me",
+        scopes=["openid", "email", "profile"],
+        console_url="https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade",
+        fields=[
+            {"key": "client_id", "label": "Client (Application) ID", "type": "text"},
+            {"key": "client_secret", "label": "Client Secret", "type": "password"},
+            {
+                "key": "tenant_id",
+                "label": "Tenant ID",
+                "type": "text",
+                "placeholder": "common",
+                "optional": True,
+            },
+        ],
+        instructions="""
+1. Go to Azure Portal → App registrations
+2. Click "New registration"
+3. Enter a name and select the account types you want to support
+4. Add the redirect URI shown below (Web platform)
+5. Under Certificates & secrets, create a new client secret
+6. Copy the Application (client) ID and secret value
+7. For Tenant ID: use "common" for any Microsoft account, or your specific tenant ID
+        """.strip(),
+        icon="microsoft",
+    ),
+    "discord": OAuthProviderInfo(
+        name="Discord",
+        auth_url="https://discord.com/api/oauth2/authorize",
+        token_url="https://discord.com/api/oauth2/token",
+        userinfo_url="https://discord.com/api/users/@me",
+        scopes=["identify", "email"],
+        console_url="https://discord.com/developers/applications",
+        fields=[
+            {"key": "client_id", "label": "Client ID", "type": "text"},
+            {"key": "client_secret", "label": "Client Secret", "type": "password"},
+        ],
+        instructions="""
+1. Go to Discord Developer Portal
+2. Create a new application
+3. Go to OAuth2 → General
+4. Add the redirect URI shown below
+5. Copy the Client ID and Client Secret
+        """.strip(),
+        icon="discord",
+    ),
+    "facebook": OAuthProviderInfo(
+        name="Facebook",
+        auth_url="https://www.facebook.com/v18.0/dialog/oauth",
+        token_url="https://graph.facebook.com/v18.0/oauth/access_token",
+        userinfo_url="https://graph.facebook.com/me?fields=id,name,email,picture",
+        scopes=["email", "public_profile"],
+        console_url="https://developers.facebook.com/apps/",
+        fields=[
+            {"key": "client_id", "label": "App ID", "type": "text"},
+            {"key": "client_secret", "label": "App Secret", "type": "password"},
+        ],
+        instructions="""
+1. Go to Meta for Developers
+2. Create a new app (Consumer type)
+3. Add Facebook Login product
+4. Go to Settings → Basic to find App ID and Secret
+5. Add the redirect URI shown below in Facebook Login settings
+        """.strip(),
+        icon="facebook",
+    ),
+    "twitter": OAuthProviderInfo(
+        name="X (Twitter)",
+        auth_url="https://twitter.com/i/oauth2/authorize",
+        token_url="https://api.twitter.com/2/oauth2/token",
+        userinfo_url="https://api.twitter.com/2/users/me",
+        scopes=["users.read", "tweet.read"],
+        console_url="https://developer.twitter.com/en/portal/dashboard",
+        fields=[
+            {"key": "client_id", "label": "Client ID", "type": "text"},
+            {"key": "client_secret", "label": "Client Secret", "type": "password"},
+        ],
+        instructions="""
+1. Go to X Developer Portal
+2. Create a new project and app
+3. Enable OAuth 2.0 in User authentication settings
+4. Add the redirect URI shown below
+5. Copy the Client ID and Client Secret (OAuth 2.0)
+        """.strip(),
+        icon="twitter",
+    ),
+}
+
+
+def get_provider_info(provider: str) -> OAuthProviderInfo | None:
+    """Get provider info by key."""
+    return OAUTH_PROVIDERS.get(provider)
+
+
+def get_all_providers() -> dict[str, OAuthProviderInfo]:
+    """Get all available OAuth providers."""
+    return OAUTH_PROVIDERS.copy()

skrift/setup/state.py

@@ -0,0 +1,134 @@
+"""Setup state detection for the Skrift setup wizard.
+
+This module implements a two-tier detection strategy:
+1. Pre-database check: Can we connect to a database?
+2. Post-database check: Is setup complete (check for setup_completed_at setting)?
+"""
+
+import os
+from enum import Enum
+from pathlib import Path
+
+from sqlalchemy import text
+from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
+
+from skrift.db.services.setting_service import SETUP_COMPLETED_AT_KEY, get_setting
+
+
+class SetupStep(Enum):
+    """Wizard steps."""
+
+    DATABASE = "database"
+    AUTH = "auth"
+    SITE = "site"
+    ADMIN = "admin"
+    COMPLETE = "complete"
+
+
+def app_yaml_exists() -> bool:
+    """Check if app.yaml exists in the current working directory."""
+    return (Path.cwd() / "app.yaml").exists()
+
+
+def get_database_url_from_yaml() -> str | None:
+    """Try to get the database URL from app.yaml, returning None if not configured.
+
+    If the URL is an env var reference that isn't set, falls back to checking
+    for local SQLite database files.
+    """
+    import yaml
+
+    config_path = Path.cwd() / "app.yaml"
+    if not config_path.exists():
+        return None
+
+    try:
+        with open(config_path, "r") as f:
+            config = yaml.safe_load(f)
+
+        if not config or "db" not in config:
+            return None
+
+        db_url = config["db"].get("url")
+        if not db_url:
+            return None
+
+        # If it's an env var reference, try to resolve it
+        if db_url.startswith("$"):
+            env_var = db_url[1:]
+            resolved = os.environ.get(env_var)
+            if resolved:
+                return resolved
+
+            # Fallback: check for local SQLite database files
+            for db_file in ["./app.db", "./data.db", "./skrift.db"]:
+                if Path(db_file).exists():
+                    return f"sqlite+aiosqlite:///{db_file}"
+
+            return None
+
+        return db_url
+    except Exception:
+        return None
+
+
+async def can_connect_to_database() -> tuple[bool, str | None]:
+    """Test if we can connect to the database.
+
+    Returns:
+        Tuple of (success, error_message)
+    """
+    db_url = get_database_url_from_yaml()
+    if not db_url:
+        return False, "Database URL not configured"
+
+    try:
+        engine = create_async_engine(db_url)
+        async with engine.connect() as conn:
+            await conn.execute(text("SELECT 1"))
+        await engine.dispose()
+        return True, None
+    except Exception as e:
+        return False, str(e)
+
+
+async def is_setup_complete(db_session: AsyncSession) -> bool:
+    """Check if setup has been completed by looking for the setup_completed_at setting."""
+    try:
+        value = await get_setting(db_session, SETUP_COMPLETED_AT_KEY)
+        return value is not None
+    except Exception:
+        # Table might not exist yet
+        return False
+
+
+async def get_setup_step(db_session: AsyncSession | None = None) -> SetupStep:
+    """Determine which setup step the user should be on.
+
+    Args:
+        db_session: Database session if available
+
+    Returns:
+        The appropriate setup step
+    """
+    # Pre-database check
+    if not app_yaml_exists():
+        return SetupStep.DATABASE
+
+    db_url = get_database_url_from_yaml()
+    if not db_url:
+        return SetupStep.DATABASE
+
+    can_connect, _ = await can_connect_to_database()
+    if not can_connect:
+        return SetupStep.DATABASE
+
+    # Post-database check - need a session
+    if db_session is None:
+        return SetupStep.DATABASE
+
+    if not await is_setup_complete(db_session):
+        # Check wizard progress stored in session (handled by controller)
+        return SetupStep.AUTH
+
+    return SetupStep.COMPLETE