solara-enterprise 1.45.0__py3-none-any.whl

solara_enterprise/__init__.py

@@ -0,0 +1,3 @@
+"Enterprise features for Solara"
+
+__version__ = "1.45.0"

solara_enterprise/auth/__init__.py

@@ -0,0 +1,13 @@
+from typing import Dict, Optional, cast
+
+from solara.lab import Reactive
+
+from .components import Avatar, AvatarMenu
+from .utils import get_login_url, get_logout_url
+
+__all__ = ["user", "get_login_url", "get_logout_url", "Avatar", "AvatarMenu"]
+
+# the current way of generating a key is based in the default value
+# which may collide after a hot reload, since solara itself is not reloaded
+# if we give a fixed key, we can avoid this
+user = Reactive(cast(Optional[Dict], None), key="solara-enterprise.auth.user")

solara_enterprise/auth/components.py

@@ -0,0 +1,118 @@
+from typing import Optional, Union
+
+import reacton.ipyvuetify as v
+import solara
+
+from .. import auth, license
+
+
+@solara.component
+def AvatarMenu(image_url: Optional[str] = None, size: Union[int, str] = 40, color: str = "primary", children=[]):
+    """Show a menu with the user's avatar and a list of items.
+
+    By default the menu shows a logout button.
+
+    ## Example
+
+    ```solara
+    import solara
+    from solara_enterprise import auth
+
+    @solara.component
+    def Page():
+        if not auth.user.value:
+            solara.Info("Login to see your avatar")
+            solara.Button("Login", icon_name="mdi-login", href=auth.get_login_url())
+        else:
+            auth.AvatarMenu()  # this shows the user's picture
+            solara.Button("Logout", icon_name="mdi-logout", href=auth.get_logout_url())
+    ```
+
+    Note that a common use case is to put the avatar in the [AppBar](/documentation/components/layout/app_bar).
+    ```solara
+    import solara
+    from solara_enterprise import auth
+
+    @solara.component
+    def Page():
+        solara.Title("Avatar in the app bar demo")
+        if not auth.user.value:
+            solara.Info("Login to see your avatar (see the button in the app bar)")
+            with solara.AppBar():
+                solara.Button(icon_name="mdi-login", href=auth.get_login_url(), icon=True)
+        else:
+            with solara.AppBar(): # this shows the user's picture in the app bar
+                with auth.AvatarMenu():
+                    solara.Button("Logout", icon_name="mdi-logout", href=auth.get_logout_url(), text=True)
+                    solara.Button("Fake user settings", icon_name="mdi-account-cog", text=True)
+            solara.Info("Logout via the appbar")
+    ```
+
+    ## Arguments
+
+     * image_url: if not given, the picture from the user's profile will be used (OAuth only)
+     * size: size of the avatar (in pixels)
+     * color: color of the avatar (if no picture is available)
+     * children: list of elements to show in the menu
+
+    """
+    license.check("auth")
+
+    with v.Html(tag="div", v_on="x.on") as activator:
+        Avatar(image_url=image_url, size=size, color=color)
+        v.Icon(children=["mdi-menu-down"])
+
+    if not children:
+        children = [solara.Button("logout", icon_name="mdi-logout", href=auth.get_logout_url(), text=True)]
+
+    with v.Menu(v_slots=[{"name": "activator", "children": activator, "variable": "x"}], offset_y=True) as menu:
+        with v.List():
+            for child in children:
+                with v.ListItem(children=[child]):
+                    pass
+    return menu
+
+
+@solara.component
+def Avatar(image_url: Optional[str] = None, size: Union[int, str] = 40, color: str = "primary"):
+    """Display an avatar with the user's picture or a default icon.
+
+    ## Example
+
+    ```solara
+    import solara
+    from solara_enterprise import auth
+
+    @solara.component
+    def Page():
+        if not auth.user.value:
+            solara.Info("Login to see your avatar")
+            solara.Button("Login", icon_name="mdi-login", href=auth.get_login_url())
+        else:
+            auth.Avatar()  # this shows the user's picture
+            solara.Button("Logout", icon_name="mdi-logout", href=auth.get_logout_url())
+    ```
+
+    ## Arguments
+
+     * image_url: if not given, the picture from the user's profile will be used (OAuth only)
+     * size: size of the avatar (in pixels)
+     * color: color of the avatar (if no picture is available)
+    """
+    license.check("auth")
+    user = auth.user.value
+    if user:
+        user_info = user.get("userinfo", {})
+        src = image_url
+        if src is None:
+            src = user_info.get("picture")
+        if src:
+            with v.Avatar(size=size, class_="ma-2"):
+                v.Img(src=src)
+        else:
+            with v.Avatar(size=size, color=color):
+                v.Icon(children=["mdi-account"])
+    else:
+        with v.Avatar(size=size, color=color):
+            with solara.Tooltip("No user"):
+                v.Icon(children=["mdi-error"])

solara_enterprise/auth/flask.py

@@ -0,0 +1,119 @@
+import json
+import logging
+from typing import Dict, Optional
+
+from authlib.integrations.flask_client import OAuth
+from flask import redirect, request, session
+from solara.server import settings
+
+from .. import license
+
+logger = logging.getLogger("solara.enterprise.auth.starlette")
+
+
+oauth: Optional[OAuth] = None
+_app = None
+
+
+def init_flask(app):
+    global _app
+    _app = app
+    init()
+
+
+def init():
+    global oauth
+    assert _app is not None
+    _app.secret_key = settings.oauth.client_secret
+    if settings.oauth.client_id:
+        api_base_url = settings.oauth.api_base_url
+        if not api_base_url.startswith("https://") and not api_base_url.startswith("http://"):
+            api_base_url = f"https://{api_base_url}"
+
+        oauth = OAuth(_app)
+        oauth.register(
+            name="oauth1",
+            client_id=settings.oauth.client_id,
+            client_secret=settings.oauth.client_secret,
+            api_base_url=api_base_url,
+            server_metadata_url=f"{api_base_url}/.well-known/openid-configuration",
+            client_kwargs={"scope": settings.oauth.scope},
+        )
+
+
+def check_oauth():
+    assert oauth is not None
+    assert oauth.oauth1 is not None
+    if oauth.oauth1.client_id != settings.oauth.client_id:
+        init()
+
+
+def authorize():
+    check_oauth()
+    assert oauth is not None
+    assert oauth.oauth1 is not None
+
+    org_url = session.pop("redirect_uri", settings.main.base_url + "/")
+
+    token = oauth.oauth1.authorize_access_token()
+    # workaround: if token is set in the session in one piece, it is not saved, so we
+    # split it up
+    token.pop("id_token", None)
+    user = token.pop("userinfo", None)
+    session["token"] = json.dumps(token)
+    session["user"] = json.dumps(user)
+
+    return redirect(org_url)
+
+
+def logout():
+    redirect_uri = request.args.get("redirect_uri", "/")
+    # ideally, we only remove these:
+    session.pop("token", None)
+    session.pop("user", None)
+    session.pop("client_id", None)
+    # but authlib sometimes leaves some stuff in the session on failed logins
+    # so we clear it all
+    return redirect(redirect_uri)
+
+
+def login(redirect_uri: Optional[str] = None):
+    license.check("auth")
+    check_oauth()
+    assert oauth is not None
+    assert oauth.oauth1 is not None
+    if "redirect_uri" in request.args:
+        # we arrived here via the auth.get_login_url() call, which means the
+        # redirect_uri is in the query params
+        session["redirect_uri"] = request.args["redirect_uri"]
+    else:
+        # otherwise we assume we got here via the solara.server.starlette method
+        # where it detect we the OAuth.private=True setting, leading to a redirect
+        session["redirect_uri"] = str(request.url)
+    session["client_id"] = settings.oauth.client_id
+    callback_url = str(settings.main.base_url) + "_solara/auth/authorize"
+    result = oauth.oauth1.authorize_redirect(callback_url)
+    return result
+
+
+def allowed():
+    if settings.oauth.private:
+        user = session.get("user")
+        if not user:
+            return False
+        else:
+            client_id = session.get("client_id")
+            if client_id != settings.oauth.client_id:
+                return False
+    return True
+
+
+def get_user() -> Optional[Dict]:
+    user = session.get("user")
+    if user:
+        user = json.loads(session["token"])
+        user["userinfo"] = json.loads(session["user"])
+        client_id = session.get("client_id")
+        if client_id != settings.oauth.client_id:
+            user = None
+    return user

solara_enterprise/auth/middleware.py

@@ -0,0 +1,127 @@
+import json
+import sys
+import typing
+from base64 import b64decode, b64encode
+
+import itsdangerous
+from itsdangerous.exc import BadSignature
+from starlette.datastructures import MutableHeaders, Secret
+from starlette.middleware.sessions import SessionMiddleware
+from starlette.requests import HTTPConnection
+from starlette.types import ASGIApp, Message, Receive, Scope, Send
+
+if sys.version_info >= (3, 8):  # pragma: no cover
+    from typing import Literal
+else:  # pragma: no cover
+    from typing_extensions import Literal
+
+
+# mutable mapping that keeps track of whether it has been modified
+class ModifiedDict(dict):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.modified = False
+
+    def __setitem__(self, key, value):
+        super().__setitem__(key, value)
+        self.modified = True
+
+    def __delitem__(self, key):
+        super().__delitem__(key)
+        self.modified = True
+
+    def clear(self):
+        super().clear()
+        self.modified = True
+
+    def pop(self, key, default=None):
+        value = super().pop(key, default)
+        self.modified = True
+        return value
+
+    def popitem(self):
+        value = super().popitem()
+        self.modified = True
+        return value
+
+    def setdefault(self, key, default=None):
+        value = super().setdefault(key, default)
+        self.modified = True
+        return value
+
+    def update(self, *args, **kwargs):
+        super().update(*args, **kwargs)
+        self.modified = True
+
+
+class MutateDetectSessionMiddleware(SessionMiddleware):
+    def __init__(
+        self,
+        app: ASGIApp,
+        secret_key: typing.Union[str, Secret],
+        session_cookie: str = "session",
+        max_age: typing.Optional[int] = 14 * 24 * 60 * 60,  # 14 days, in seconds
+        path: str = "/",
+        same_site: Literal["lax", "strict", "none"] = "lax",
+        https_only: bool = False,
+    ) -> None:
+        self.app = app
+        self.signer = itsdangerous.TimestampSigner(str(secret_key))
+        self.session_cookie = session_cookie
+        self.max_age = max_age
+        self.path = path
+        self.security_flags = "httponly; samesite=" + same_site
+        if https_only:  # Secure flag can be used with HTTPS only
+            self.security_flags += "; secure"
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        if scope["type"] not in ("http", "websocket"):  # pragma: no cover
+            await self.app(scope, receive, send)
+            return
+
+        connection = HTTPConnection(scope)
+        initial_session_was_empty = True
+
+        if self.session_cookie in connection.cookies:
+            data = connection.cookies[self.session_cookie].encode("utf-8")
+            try:
+                data = self.signer.unsign(data, max_age=self.max_age)
+                scope["session"] = ModifiedDict(json.loads(b64decode(data)))
+                initial_session_was_empty = False
+            except BadSignature:
+                scope["session"] = ModifiedDict()
+        else:
+            scope["session"] = ModifiedDict()
+
+        async def send_wrapper(message: Message) -> None:
+            if message["type"] == "http.response.start":
+                if scope["session"]:
+                    # this deviates for starlette, we only update the cookie if the session has been modified
+                    # this avoids race conditions where the session is modified by another request
+                    if scope["session"].modified:
+                        # We have session data to persist.
+                        data = b64encode(json.dumps(scope["session"]).encode("utf-8"))
+                        data = self.signer.sign(data)
+                        headers = MutableHeaders(scope=message)
+                        header_value = "{session_cookie}={data}; path={path}; {max_age}{security_flags}".format(  # noqa E501
+                            session_cookie=self.session_cookie,
+                            data=data.decode("utf-8"),
+                            path=self.path,
+                            max_age=f"Max-Age={self.max_age}; " if self.max_age else "",
+                            security_flags=self.security_flags,
+                        )
+                        headers.append("Set-Cookie", header_value)
+                elif not initial_session_was_empty:
+                    # The session has been cleared.
+                    headers = MutableHeaders(scope=message)
+                    header_value = "{session_cookie}={data}; path={path}; {expires}{security_flags}".format(  # noqa E501
+                        session_cookie=self.session_cookie,
+                        data="null",
+                        path=self.path,
+                        expires="expires=Thu, 01 Jan 1970 00:00:00 GMT; ",
+                        security_flags=self.security_flags,
+                    )
+                    headers.append("Set-Cookie", header_value)
+            await send(message)
+
+        await self.app(scope, receive, send_wrapper)

solara_enterprise/auth/starlette.py

@@ -0,0 +1,118 @@
+import json
+import logging
+from typing import Dict, Optional
+
+from authlib.integrations.starlette_client import OAuth
+from solara.server import settings
+from starlette.authentication import (
+    AuthCredentials,
+    AuthenticationBackend,
+    SimpleUser,
+    UnauthenticatedUser,
+)
+from starlette.requests import HTTPConnection, Request
+from starlette.responses import RedirectResponse
+
+from .. import license
+
+logger = logging.getLogger("solara.enterprise.auth.starlette")
+
+
+oauth: Optional[OAuth] = None
+
+
+def init():
+    global oauth
+    if settings.oauth.client_id:
+        api_base_url = settings.oauth.api_base_url
+        if not api_base_url.startswith("https://") and not api_base_url.startswith("http://"):
+            api_base_url = f"https://{api_base_url}"
+        oauth = OAuth()
+        oauth.register(
+            name="oauth1",
+            client_id=settings.oauth.client_id,
+            client_secret=settings.oauth.client_secret,
+            api_base_url=api_base_url,
+            server_metadata_url=f"{api_base_url}/.well-known/openid-configuration",
+            client_kwargs={"scope": settings.oauth.scope},
+        )
+
+
+def check_oauth():
+    assert oauth is not None
+    assert oauth.oauth1 is not None
+    if oauth.oauth1.client_id != settings.oauth.client_id:
+        init()
+
+
+init()
+
+
+async def authorize(request: Request):
+    check_oauth()
+    assert oauth is not None
+    assert oauth.oauth1 is not None
+
+    org_url = request.session.pop("redirect_uri", settings.main.base_url + "/")
+
+    token = await oauth.oauth1.authorize_access_token(request)
+    # workaround: if token is set in the session in one piece, it is not saved, so we
+    # split it up
+    token.pop("id_token", None)
+    user = token.pop("userinfo", None)
+    request.session["token"] = json.dumps(token)
+    request.session["user"] = json.dumps(user)
+
+    return RedirectResponse(org_url)
+
+
+async def logout(request: Request):
+    redirect_uri = request.query_params.get("redirect_uri", "/")
+    # ideally, we only remove these:
+    request.session.pop("token", None)
+    request.session.pop("user", None)
+    request.session.pop("client_id", None)
+    # but authlib sometimes leaves some stuff in the session on failed logins
+    # so we clear it all
+    request.session.clear()
+    return RedirectResponse(redirect_uri)
+
+
+async def login(request: Request, redirect_uri: Optional[str] = None):
+    license.check("auth")
+    check_oauth()
+    assert oauth is not None
+    assert oauth.oauth1 is not None
+    if "redirect_uri" in request.query_params:
+        # we arrived here via the auth.get_login_url() call, which means the
+        # redirect_uri is in the query params
+        request.session["redirect_uri"] = request.query_params["redirect_uri"]
+    else:
+        # otherwise we assume we got here via the solara.server.starlette method
+        # where it detect we the OAuth.required=True setting, leading to a redirect
+        request.session["redirect_uri"] = str(request.url.path)
+    request.session["client_id"] = settings.oauth.client_id
+    result = await oauth.oauth1.authorize_redirect(request, str(settings.main.base_url) + "_solara/auth/authorize")
+    return result
+
+
+def get_user(request: HTTPConnection) -> Optional[Dict]:
+    user = request.session.get("user")
+    if user:
+        user = json.loads(request.session["token"])
+        user["userinfo"] = json.loads(request.session["user"])
+        client_id = request.session.get("client_id")
+        if client_id != settings.oauth.client_id:
+            user = None
+    return user
+
+
+# only provides request.user.is_authenticated
+class AuthBackend(AuthenticationBackend):
+    async def authenticate(self, conn: HTTPConnection):
+        user = get_user(conn)
+        if user is None:
+            return AuthCredentials(), UnauthenticatedUser()
+        else:
+            username = "noname"
+            return AuthCredentials(["authenticated"]), SimpleUser(username)

solara_enterprise/auth/utils.py

@@ -0,0 +1,36 @@
+import logging
+import urllib.parse
+from typing import Optional
+
+from solara.routing import router_context
+from solara.server import settings
+
+logger = logging.getLogger("solara-enterprise.auth")
+
+
+def get_logout_url(return_to_path: Optional[str] = None):
+    if return_to_path is None:
+        router = router_context.get()
+        return_to_path = router.path
+    if return_to_path.startswith("/"):
+        return_to_path = return_to_path[1:]
+    assert settings.main.base_url is not None
+    return_to_app = urllib.parse.quote(settings.main.base_url + return_to_path)
+    return_to = urllib.parse.quote(settings.main.base_url + f"_solara/auth/logout?redirect_uri={return_to_app}")
+    client_id = settings.oauth.client_id
+    url = f"https://{settings.oauth.api_base_url}/{settings.oauth.logout_path}"
+    if settings.oauth.logout_path.startswith("http"):
+        url = settings.oauth.logout_path
+    return f"{url}?returnTo={return_to}&redirect_uri={return_to}&post_logout_redirect_uri={return_to}&client_id={client_id}"
+
+
+def get_login_url(return_to_path: Optional[str] = None):
+    if return_to_path is None:
+        router = router_context.get()
+        return_to_path = router.path
+    if return_to_path.startswith("/"):
+        return_to_path = return_to_path[1:]
+    assert settings.main.base_url is not None
+    redirect_uri = urllib.parse.quote(settings.main.base_url + return_to_path)
+    root = settings.main.root_path or ""
+    return f"{root}/_solara/auth/login?redirect_uri={redirect_uri}"

solara_enterprise/cache/__init__.py

@@ -0,0 +1,3 @@
+from .. import license
+
+license.check("cache")

solara_enterprise/cache/base.py

@@ -0,0 +1,64 @@
+import hashlib
+import pickle
+import sys
+from typing import Any, Callable, MutableMapping
+
+
+def make_key(object):
+    """Generates a key by pickling the object, and generating an md5 hash of the pickled object.
+
+    Primitive objects such as short (<100 length) strings and ints are not pickled, and are used as is.
+    """
+    if isinstance(object, str) and len(object) < 100:
+        return object.encode("utf-8")
+    elif isinstance(object, int):
+        return str(object).encode("utf-8")
+    else:
+        bytes = pickle.dumps(object)
+        if sys.version_info[:2] < (3, 9):
+            return hashlib.md5(bytes).digest()
+        else:
+            return hashlib.md5(bytes, usedforsecurity=False).digest()  # type: ignore
+
+
+class Base(MutableMapping):
+    def __init__(self, wrapper_dict, clear=False, prefix=b"", make_key: Callable[[Any], bytes] = make_key):
+        assert wrapper_dict is not None
+        self._wrapper_dict = wrapper_dict
+        self._make_key = make_key
+        self.prefix = prefix
+        if clear:
+            self.clear()
+
+    def generate_key(self, key) -> bytes:
+        return self.prefix + bytes(self._make_key(key))
+
+    def __getitem__(self, key):
+        if isinstance(key, bytes) and key.startswith(self.prefix):
+            wrapper_key = key
+        else:
+            wrapper_key = self.generate_key(key)
+        return pickle.loads(self._wrapper_dict[wrapper_key])  # type: ignore
+
+    def __setitem__(self, key, value):
+        if isinstance(key, bytes) and key.startswith(self.prefix):
+            wrapper_key = key
+        else:
+            wrapper_key = self.generate_key(key)
+        self._wrapper_dict[wrapper_key] = pickle.dumps(value)
+
+    def __delitem__(self, key):
+        if isinstance(key, bytes) and key.startswith(self.prefix):
+            wrapper_key = key
+        else:
+            wrapper_key = self.generate_key(key)
+        del self._wrapper_dict[wrapper_key]
+
+    def __iter__(self):
+        return iter(self.keys())
+
+    def __len__(self):
+        return len(self.keys())
+
+    def keys(self):
+        return self._wrapper_dict.keys()

solara_enterprise/cache/disk.py

@@ -0,0 +1,44 @@
+import logging
+import shutil
+from typing import MutableMapping
+
+import diskcache
+import solara.settings
+import solara.util
+
+logger = logging.getLogger("solara-enterprise.cache.disk")
+
+
+class Disk(MutableMapping):
+    def __init__(
+        self,
+        clear=False,
+        max_size=solara.settings.cache.disk_max_size,
+        path=solara.settings.cache.path,
+    ):
+        # same as solara.cache.Memory
+        eviction_policy = "least-recently-used"
+        max_size = solara.util.parse_size(max_size)
+        if clear:
+            try:
+                logger.debug("Clearing disk cache: %s", path)
+                shutil.rmtree(path)
+            except OSError:  # Windows wonkiness
+                logger.exception(f"Error clearing disk cache: {path}")
+
+        self.diskcache = diskcache.Cache(path, size_limit=max_size, eviction_policy=eviction_policy)
+
+    def __getitem__(self, key):
+        return self.diskcache[key]
+
+    def __setitem__(self, key, value):
+        self.diskcache[key] = value
+
+    def __delitem__(self, key):
+        del self.diskcache[key]
+
+    def __iter__(self):
+        return iter(self.diskcache)
+
+    def __len__(self):
+        return len(self.diskcache)

solara_enterprise/cache/memory_size.py

@@ -0,0 +1,29 @@
+import logging
+import pickle
+from typing import Any, Callable, MutableMapping
+
+import solara.settings
+import solara.util
+from cachetools import LRUCache
+
+from solara_enterprise.cache.base import Base, make_key
+
+logger = logging.getLogger("solara-enterprise.cache.memory")
+
+
+def sizeof(obj):
+    size = len(pickle.dumps(obj))
+    logger.debug("size of %s: %s", obj, size)
+    return size
+
+
+class MemorySize(Base):
+    def __init__(
+        self,
+        max_size=solara.settings.cache.memory_max_size,
+        make_key: Callable[[Any], bytes] = make_key,
+        sizeof: Callable[[Any], int] = sizeof,
+    ):
+        maxsize = solara.util.parse_size(max_size)
+        _wrapper_dict: MutableMapping[bytes, bytes] = LRUCache(maxsize=maxsize, getsizeof=sizeof)
+        super().__init__(_wrapper_dict, make_key=make_key)