square-authentication 1.0.0__tar.gz

square_authentication-1.0.0/PKG-INFO

@@ -0,0 +1,40 @@
+Metadata-Version: 2.1
+Name: square_authentication
+Version: 1.0.0
+Summary: authentication layer for my personal server.
+Home-page: https://github.com/thepmsquare/square_authentication
+Author: thePmSquare
+Author-email: thepmsquare@gmail.com
+License: UNKNOWN
+Platform: UNKNOWN
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Description-Content-Type: text/markdown
+
+# square_authentication
+
+## about
+
+authentication layer for my personal server.
+
+## Installation
+
+```shell
+pip install square_authentication
+```
+
+## env
+
+- python>=3.12.0
+
+## changelog
+
+### v1.0.0
+
+- initial implementation.
+
+## Feedback is appreciated. Thank you!
+

square_authentication-1.0.0/README.md

@@ -0,0 +1,23 @@
+# square_authentication
+
+## about
+
+authentication layer for my personal server.
+
+## Installation
+
+```shell
+pip install square_authentication
+```
+
+## env
+
+- python>=3.12.0
+
+## changelog
+
+### v1.0.0
+
+- initial implementation.
+
+## Feedback is appreciated. Thank you!

square_authentication-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

square_authentication-1.0.0/setup.py

@@ -0,0 +1,39 @@
+from setuptools import find_packages, setup
+
+package_name = "square_authentication"
+
+setup(
+    name=package_name,
+    version="1.0.0",
+    packages=find_packages(),
+    package_data={
+        package_name: ["data/*"],
+    },
+    install_requires=[
+        "uvicorn>=0.24.0.post1",
+        "fastapi>=0.104.1",
+        "pydantic>=2.5.3",
+        "bcrypt>=4.1.2",
+        "pyjwt>=2.8.0",
+        "requests>=2.32.3",
+        "cryptography>=42.0.7",
+        "square_commons>=0.0.1",
+        "square_logger>=1.0.0",
+        "square_database_helper>=0.0.5",
+        "square_database_structure>=0.0.11",
+    ],
+    extras_require={},
+    author="thePmSquare",
+    author_email="thepmsquare@gmail.com",
+    description="authentication layer for my personal server.",
+    long_description=open("README.md", "r").read(),
+    long_description_content_type="text/markdown",
+    url=f"https://github.com/thepmsquare/{package_name}",
+    classifiers=[
+        "Development Status :: 3 - Alpha",
+        "Intended Audience :: Developers",
+        "License :: OSI Approved :: MIT License",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.9",
+    ],
+)

square_authentication-1.0.0/square_authentication/configuration.py

@@ -0,0 +1,82 @@
+import os
+import sys
+
+from square_commons import ConfigReader
+from square_logger.main import SquareLogger
+
+try:
+    config_file_path = (
+            os.path.dirname(os.path.abspath(__file__))
+            + os.sep
+            + "data"
+            + os.sep
+            + "config.ini"
+    )
+    ldict_configuration = ConfigReader(config_file_path).read_configuration()
+
+    # get all vars and typecast
+    # ===========================================
+    # general
+    config_str_module_name = ldict_configuration["GENERAL"]["MODULE_NAME"]
+    # ===========================================
+
+    # ===========================================
+    # environment
+    config_str_host_ip = ldict_configuration["ENVIRONMENT"]["HOST_IP"]
+    config_int_host_port = int(ldict_configuration["ENVIRONMENT"]["HOST_PORT"])
+    config_str_log_file_name = ldict_configuration["ENVIRONMENT"]["LOG_FILE_NAME"]
+    config_str_secret_key_for_access_token = ldict_configuration["ENVIRONMENT"][
+        "SECRET_KEY_FOR_ACCESS_TOKEN"
+    ]
+    config_str_secret_key_for_refresh_token = ldict_configuration["ENVIRONMENT"][
+        "SECRET_KEY_FOR_REFRESH_TOKEN"
+    ]
+    config_int_access_token_valid_minutes = int(
+        ldict_configuration["ENVIRONMENT"]["ACCESS_TOKEN_VALID_MINUTES"]
+    )
+    config_int_refresh_token_valid_minutes = int(
+        ldict_configuration["ENVIRONMENT"]["REFRESH_TOKEN_VALID_MINUTES"]
+    )
+    config_str_ssl_crt_file_path = ldict_configuration["ENVIRONMENT"][
+        "SSL_CRT_FILE_PATH"
+    ]
+    config_str_ssl_key_file_path = ldict_configuration["ENVIRONMENT"][
+        "SSL_KEY_FILE_PATH"
+    ]
+    # ===========================================
+
+    # ===========================================
+    # square_logger
+    config_int_log_level = int(ldict_configuration["SQUARE_LOGGER"]["LOG_LEVEL"])
+    config_str_log_path = ldict_configuration["SQUARE_LOGGER"]["LOG_PATH"]
+    config_int_log_backup_count = int(
+        ldict_configuration["SQUARE_LOGGER"]["LOG_BACKUP_COUNT"]
+    )
+    # ===========================================
+
+    # ===========================================
+    # square_database_helper
+
+    config_str_square_database_protocol = ldict_configuration["SQUARE_DATABASE_HELPER"][
+        "SQUARE_DATABASE_PROTOCOL"
+    ]
+    config_str_square_database_ip = ldict_configuration["SQUARE_DATABASE_HELPER"][
+        "SQUARE_DATABASE_IP"
+    ]
+    config_int_square_database_port = int(
+        ldict_configuration["SQUARE_DATABASE_HELPER"]["SQUARE_DATABASE_PORT"]
+    )
+    # ===========================================
+    # Initialize logger
+    global_object_square_logger = SquareLogger(
+        pstr_log_file_name=config_str_log_file_name,
+        pint_log_level=config_int_log_level,
+        pstr_log_path=config_str_log_path,
+        pint_log_backup_count=config_int_log_backup_count,
+    )
+except Exception as e:
+    print(
+        "\033[91mMissing or incorrect config.ini file.\n"
+        "Error details: " + str(e) + "\033[0m"
+    )
+    sys.exit()

square_authentication-1.0.0/square_authentication/data/config.ini

@@ -0,0 +1,42 @@
+[GENERAL]
+MODULE_NAME = square_authentication
+
+[ENVIRONMENT]
+HOST_IP = 0.0.0.0
+HOST_PORT = 10011
+
+LOG_FILE_NAME = square_authentication
+
+SECRET_KEY_FOR_ACCESS_TOKEN = dummy_access
+SECRET_KEY_FOR_REFRESH_TOKEN = dummy_refresh
+
+ACCESS_TOKEN_VALID_MINUTES = 1440
+REFRESH_TOKEN_VALID_MINUTES = 10080
+
+# absolute path (mandatory only for http)
+SSL_CRT_FILE_PATH = ssl.crt
+SSL_KEY_FILE_PATH = ssl.key
+
+[SQUARE_LOGGER]
+
+# | Log Level | Value |
+# | --------- | ----- |
+# | CRITICAL  | 50    |
+# | ERROR     | 40    |
+# | WARNING   | 30    |
+# | INFO      | 20    |
+# | DEBUG     | 10    |
+# | NOTSET    | 0     |
+
+LOG_LEVEL = 20
+# absolute or relative path
+LOG_PATH = logs
+# number of backup log files to keep during rotation
+# if backupCount is zero, rollover never occurs.
+LOG_BACKUP_COUNT = 3
+
+[SQUARE_DATABASE_HELPER]
+
+SQUARE_DATABASE_PROTOCOL = http
+SQUARE_DATABASE_IP = localhost
+SQUARE_DATABASE_PORT = 10010

square_authentication-1.0.0/square_authentication/main.py

@@ -0,0 +1,59 @@
+import os.path
+
+from fastapi import FastAPI, status
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import JSONResponse
+from uvicorn import run
+
+from square_authentication.configuration import (
+    config_int_host_port,
+    config_str_host_ip,
+    global_object_square_logger,
+    config_str_module_name,
+    config_str_ssl_key_file_path,
+    config_str_ssl_crt_file_path,
+)
+from square_authentication.routes import core, utility
+
+app = FastAPI()
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(core.router)
+app.include_router(utility.router)
+
+
+@app.get("/")
+@global_object_square_logger.async_auto_logger
+async def root():
+    return JSONResponse(
+        status_code=status.HTTP_200_OK, content={"text": config_str_module_name}
+    )
+
+
+if __name__ == "__main__":
+    try:
+        if os.path.exists(config_str_ssl_key_file_path) and os.path.exists(
+                config_str_ssl_crt_file_path
+        ):
+            run(
+                app,
+                host=config_str_host_ip,
+                port=config_int_host_port,
+                ssl_certfile=config_str_ssl_crt_file_path,
+                ssl_keyfile=config_str_ssl_key_file_path,
+            )
+        else:
+            run(
+                app,
+                host=config_str_host_ip,
+                port=config_int_host_port,
+            )
+
+    except Exception as exc:
+        global_object_square_logger.logger.critical(exc, exc_info=True)

square_authentication-1.0.0/square_authentication/routes/core.py

@@ -0,0 +1,464 @@
+from datetime import datetime, timedelta, timezone
+from typing import Annotated, Union
+
+import bcrypt
+import jwt
+from fastapi import APIRouter, status, Header
+from fastapi.responses import JSONResponse
+from requests.exceptions import HTTPError
+from square_database_helper.main import SquareDatabaseHelper
+from square_database_structure.square.authentication.enums import UserLogEventEnum
+from square_database_structure.square.authentication.tables import (
+    local_string_database_name,
+    local_string_schema_name,
+    User,
+    UserLog,
+    UserCredential,
+    UserProfile,
+    UserSession,
+)
+
+from square_authentication.configuration import (
+    global_object_square_logger,
+    config_str_secret_key_for_access_token,
+    config_int_access_token_valid_minutes,
+    config_int_refresh_token_valid_minutes,
+    config_str_secret_key_for_refresh_token,
+    config_str_square_database_ip,
+    config_int_square_database_port,
+    config_str_square_database_protocol,
+)
+from square_authentication.utils.token import get_jwt_payload
+
+router = APIRouter(
+    tags=["core"],
+)
+
+global_object_square_database_helper = SquareDatabaseHelper(
+    param_str_square_database_ip=config_str_square_database_ip,
+    param_int_square_database_port=config_int_square_database_port,
+    param_str_square_database_protocol=config_str_square_database_protocol,
+)
+
+
+@router.get("/register_username/")
+@global_object_square_logger.async_auto_logger
+async def register_username(username: str, password: str):
+    local_str_user_id = None
+    try:
+        # ======================================================================================
+        # entry in user table
+        local_list_response_user = global_object_square_database_helper.insert_rows(
+            data=[{}],
+            database_name=local_string_database_name,
+            schema_name=local_string_schema_name,
+            table_name=User.__tablename__,
+        )
+        local_str_user_id = local_list_response_user[0][User.user_id.name]
+        # ======================================================================================
+
+        # ======================================================================================
+        # entry in user log
+        local_list_response_user_log = global_object_square_database_helper.insert_rows(
+            data=[
+                {
+                    UserLog.user_id.name: local_str_user_id,
+                    UserLog.user_log_event.name: UserLogEventEnum.CREATED.value,
+                }
+            ],
+            database_name=local_string_database_name,
+            schema_name=local_string_schema_name,
+            table_name=UserLog.__tablename__,
+        )
+        # ======================================================================================
+
+        # ======================================================================================
+        # entry in user profile
+        local_list_response_user_profile = (
+            global_object_square_database_helper.insert_rows(
+                data=[{UserProfile.user_id.name: local_str_user_id}],
+                database_name=local_string_database_name,
+                schema_name=local_string_schema_name,
+                table_name=UserProfile.__tablename__,
+            )
+        )
+
+        # ======================================================================================
+
+        # ======================================================================================
+        # entry in credential table
+
+        # hash password
+        local_str_hashed_password = bcrypt.hashpw(
+            password.encode("utf-8"), bcrypt.gensalt()
+        ).decode("utf-8")
+
+        # create access token
+        local_dict_access_token_payload = {
+            "user_id": local_str_user_id,
+            "exp": datetime.now(timezone.utc)
+                   + timedelta(minutes=config_int_access_token_valid_minutes),
+        }
+        local_str_access_token = jwt.encode(
+            local_dict_access_token_payload, config_str_secret_key_for_access_token
+        )
+
+        # create refresh token
+        local_object_refresh_token_expiry_time = datetime.now(timezone.utc) + timedelta(
+            minutes=config_int_refresh_token_valid_minutes
+        )
+
+        local_dict_refresh_token_payload = {
+            "user_id": local_str_user_id,
+            "exp": local_object_refresh_token_expiry_time,
+        }
+        local_str_refresh_token = jwt.encode(
+            local_dict_refresh_token_payload, config_str_secret_key_for_refresh_token
+        )
+        try:
+            local_list_response_authentication_username = global_object_square_database_helper.insert_rows(
+                data=[
+                    {
+                        UserCredential.user_id.name: local_str_user_id,
+                        UserCredential.user_credential_username.name: username,
+                        UserCredential.user_credential_hashed_password.name: local_str_hashed_password,
+                    }
+                ],
+                database_name=local_string_database_name,
+                schema_name=local_string_schema_name,
+                table_name=UserCredential.__tablename__,
+            )
+        except HTTPError as http_error:
+            if http_error.response.status_code == 400:
+                return JSONResponse(
+                    status_code=status.HTTP_409_CONFLICT,
+                    content=f"an account with the username {username} already exists.",
+                )
+            else:
+                raise http_error
+        # ======================================================================================
+
+        # ======================================================================================
+        # entry in user session table
+        local_list_response_user_session = global_object_square_database_helper.insert_rows(
+            data=[
+                {
+                    UserSession.user_id.name: local_str_user_id,
+                    UserSession.user_session_refresh_token.name: local_str_refresh_token,
+                    UserSession.user_session_expiry_time.name: local_object_refresh_token_expiry_time.strftime(
+                        "%Y-%m-%d %H:%M:%S.%f+00"
+                    ),
+                }
+            ],
+            database_name=local_string_database_name,
+            schema_name=local_string_schema_name,
+            table_name=UserSession.__tablename__,
+        )
+        # ======================================================================================
+        return JSONResponse(
+            status_code=status.HTTP_200_OK,
+            content={
+                "user_id": local_str_user_id,
+                "access_token": local_str_access_token,
+                "refresh_token": local_str_refresh_token,
+            },
+        )
+    except Exception as e:
+        global_object_square_logger.logger.error(e, exc_info=True)
+        if local_str_user_id:
+            global_object_square_database_helper.delete_rows(
+                database_name=local_string_database_name,
+                schema_name=local_string_schema_name,
+                table_name=User.__tablename__,
+                filters={User.user_id.name: local_str_user_id},
+            )
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+        )
+
+
+@router.get("/login_username/")
+@global_object_square_logger.async_auto_logger
+async def login_username(username: str, password: str):
+    try:
+        # ======================================================================================
+        # get entry from authentication_username table
+        local_list_authentication_user_response = (
+            global_object_square_database_helper.get_rows(
+                database_name=local_string_database_name,
+                schema_name=local_string_schema_name,
+                table_name=UserCredential.__tablename__,
+                filters={UserCredential.user_credential_username.name: username},
+            )
+        )
+        # ======================================================================================
+
+        # ======================================================================================
+        # validate username
+        # ======================================================================================
+        if len(local_list_authentication_user_response) != 1:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST, content="incorrect username."
+            )
+        # ======================================================================================
+        # validate password
+        # ======================================================================================
+        else:
+            if not (
+                    bcrypt.checkpw(
+                        password.encode("utf-8"),
+                        local_list_authentication_user_response[0][
+                            UserCredential.user_credential_hashed_password.name
+                        ].encode("utf-8"),
+                    )
+            ):
+                return JSONResponse(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    content="incorrect password.",
+                )
+
+            # ======================================================================================
+            # return new access token and refresh token
+            # ======================================================================================
+            else:
+                local_str_user_id = local_list_authentication_user_response[0][
+                    UserCredential.user_id.name
+                ]
+                # create access token
+                local_dict_access_token_payload = {
+                    "user_id": local_str_user_id,
+                    "exp": datetime.now(timezone.utc)
+                           + timedelta(minutes=config_int_access_token_valid_minutes),
+                }
+                local_str_access_token = jwt.encode(
+                    local_dict_access_token_payload,
+                    config_str_secret_key_for_access_token,
+                )
+
+                # create refresh token
+                local_object_refresh_token_expiry_time = datetime.now(
+                    timezone.utc
+                ) + timedelta(minutes=config_int_refresh_token_valid_minutes)
+
+                local_dict_refresh_token_payload = {
+                    "user_id": local_str_user_id,
+                    "exp": local_object_refresh_token_expiry_time,
+                }
+                local_str_refresh_token = jwt.encode(
+                    local_dict_refresh_token_payload,
+                    config_str_secret_key_for_refresh_token,
+                )
+                # ======================================================================================
+                # entry in user session table
+                local_list_response_user_session = global_object_square_database_helper.insert_rows(
+                    data=[
+                        {
+                            UserSession.user_id.name: local_str_user_id,
+                            UserSession.user_session_refresh_token.name: local_str_refresh_token,
+                            UserSession.user_session_expiry_time.name: local_object_refresh_token_expiry_time.strftime(
+                                "%Y-%m-%d %H:%M:%S.%f+00"
+                            ),
+                        }
+                    ],
+                    database_name=local_string_database_name,
+                    schema_name=local_string_schema_name,
+                    table_name=UserSession.__tablename__,
+                )
+                # ======================================================================================
+                return JSONResponse(
+                    status_code=status.HTTP_200_OK,
+                    content={
+                        "user_id": local_str_user_id,
+                        "access_token": local_str_access_token,
+                        "refresh_token": local_str_refresh_token,
+                    },
+                )
+        # ======================================================================================
+
+    except Exception as e:
+        global_object_square_logger.logger.error(e, exc_info=True)
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+        )
+
+
+@router.get("/generate_access_token/")
+@global_object_square_logger.async_auto_logger
+async def generate_access_token(
+        user_id: str, refresh_token: Annotated[Union[str, None], Header()]
+):
+    try:
+        # ======================================================================================
+        # validate user_id
+        local_list_user_response = global_object_square_database_helper.get_rows(
+            database_name=local_string_database_name,
+            schema_name=local_string_schema_name,
+            table_name=User.__tablename__,
+            filters={User.user_id.name: user_id},
+        )
+
+        if len(local_list_user_response) != 1:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=f"incorrect user_id: {user_id}.",
+            )
+        # ======================================================================================
+
+        # ======================================================================================
+        # validate refresh token
+
+        # validating if a session refresh token exists in the database.
+        local_list_user_session_response = (
+            global_object_square_database_helper.get_rows(
+                database_name=local_string_database_name,
+                schema_name=local_string_schema_name,
+                table_name=UserSession.__tablename__,
+                filters={
+                    UserSession.user_id.name: user_id,
+                    UserSession.user_session_refresh_token.name: refresh_token,
+                },
+            )
+        )
+
+        if len(local_list_user_session_response) != 1:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=f"incorrect refresh token: {refresh_token} for user_id: {user_id}."
+                        f"for user_id: {user_id}.",
+            )
+        # validating if the refresh token is valid, active and of the same user.
+        try:
+            local_dict_refresh_token_payload = get_jwt_payload(
+                refresh_token, config_str_secret_key_for_refresh_token
+            )
+        except Exception as error:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=str(error),
+            )
+
+        if local_dict_refresh_token_payload["user_id"] != user_id:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=f"refresh token and user_id mismatch.",
+            )
+
+        # ======================================================================================
+        # ======================================================================================
+        # create and send access token
+        local_dict_access_token_payload = {
+            "user_id": user_id,
+            "exp": datetime.now(timezone.utc)
+                   + timedelta(minutes=config_int_access_token_valid_minutes),
+        }
+        local_str_access_token = jwt.encode(
+            local_dict_access_token_payload, config_str_secret_key_for_access_token
+        )
+
+        return JSONResponse(
+            status_code=status.HTTP_200_OK,
+            content={"access_token": local_str_access_token},
+        )
+        # ======================================================================================
+
+    except Exception as e:
+        global_object_square_logger.logger.error(e, exc_info=True)
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+        )
+
+
+@router.delete("/logout/")
+@global_object_square_logger.async_auto_logger
+async def logout(
+        user_id: str,
+        access_token: Annotated[Union[str, None], Header()],
+        refresh_token: Annotated[Union[str, None], Header()],
+):
+    try:
+        # ======================================================================================
+        # validate user_id
+        local_list_user_response = global_object_square_database_helper.get_rows(
+            database_name=local_string_database_name,
+            schema_name=local_string_schema_name,
+            table_name=User.__tablename__,
+            filters={User.user_id.name: user_id},
+        )
+
+        if len(local_list_user_response) != 1:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=f"incorrect user_id: {user_id}.",
+            )
+        # ======================================================================================
+
+        # ======================================================================================
+        # validate refresh token
+
+        # validating if a session refresh token exists in the database.
+        local_list_user_session_response = (
+            global_object_square_database_helper.get_rows(
+                database_name=local_string_database_name,
+                schema_name=local_string_schema_name,
+                table_name=UserSession.__tablename__,
+                filters={
+                    UserSession.user_id.name: user_id,
+                    UserSession.user_session_refresh_token.name: refresh_token,
+                },
+            )
+        )
+
+        if len(local_list_user_session_response) != 1:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=f"incorrect refresh token: {refresh_token} for user_id: {user_id}."
+                        f"for user_id: {user_id}.",
+            )
+        # not validating if the refresh token is valid, active and of the same user.
+        # ======================================================================================
+
+        # ======================================================================================
+        # validate access token
+        # validating if the access token is valid, active and of the same user.
+        try:
+            local_dict_access_token_payload = get_jwt_payload(
+                access_token, config_str_secret_key_for_access_token
+            )
+        except Exception as error:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=str(error),
+            )
+        if local_dict_access_token_payload["user_id"] != user_id:
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=f"access token and user_id mismatch.",
+            )
+
+        # ======================================================================================
+
+        # NOTE: if both access token and refresh token have expired for a user,
+        # it can be assumed that user session only needs to be removed from the front end.
+
+        # ======================================================================================
+        # delete session for user
+        global_object_square_database_helper.delete_rows(
+            database_name=local_string_database_name,
+            schema_name=local_string_schema_name,
+            table_name=UserSession.__tablename__,
+            filters={
+                UserSession.user_id.name: user_id,
+                UserSession.user_session_refresh_token.name: refresh_token,
+            },
+        )
+
+        return JSONResponse(
+            status_code=status.HTTP_200_OK, content="Log out successful."
+        )
+        # ======================================================================================
+
+    except Exception as e:
+        global_object_square_logger.logger.error(e, exc_info=True)
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+        )

square_authentication-1.0.0/square_authentication/routes/utility.py

@@ -0,0 +1,3 @@
+from fastapi import APIRouter
+
+router = APIRouter(tags=["utility"], )

square_authentication-1.0.0/square_authentication/utils/__init__.py

@@ -0,0 +1 @@
+

square_authentication-1.0.0/square_authentication/utils/encryption.py

@@ -0,0 +1,54 @@
+import base64
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import padding
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+
+def encrypt(key, plaintext):
+    # Ensure the key length is 16, 24, or 32 bytes for AES
+    key = key.ljust(32)[:32].encode('utf-8')
+
+    # IV should be random but static in this context for deterministic output
+    iv = b'1234567890123456'
+
+    # Create a Cipher object
+    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+    encryptor = cipher.encryptor()
+
+    # Pad the plaintext to be a multiple of the block size
+    padder = padding.PKCS7(algorithms.AES.block_size).padder()
+    padded_plaintext = padder.update(plaintext.encode('utf-8')) + padder.finalize()
+
+    # Encrypt the padded plaintext
+    ciphertext = encryptor.update(padded_plaintext) + encryptor.finalize()
+
+    # Combine IV and ciphertext and encode in Base64
+    encoded_ciphertext = base64.b64encode(iv + ciphertext).decode('utf-8')
+
+    return encoded_ciphertext
+
+
+def decrypt(key, encoded_ciphertext):
+    # Ensure the key length is 16, 24, or 32 bytes for AES
+    key = key.ljust(32)[:32].encode('utf-8')
+
+    # Decode the Base64 encoded ciphertext
+    ciphertext = base64.b64decode(encoded_ciphertext)
+
+    # Extract the IV (first 16 bytes)
+    iv = ciphertext[:16]
+    ciphertext = ciphertext[16:]
+
+    # Create a Cipher object
+    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+    decryptor = cipher.decryptor()
+
+    # Decrypt the ciphertext
+    padded_plaintext = decryptor.update(ciphertext) + decryptor.finalize()
+
+    # Unpad the plaintext
+    unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
+    plaintext = unpadder.update(padded_plaintext) + unpadder.finalize()
+
+    return plaintext.decode('utf-8')

square_authentication-1.0.0/square_authentication/utils/token.py

@@ -0,0 +1,17 @@
+import jwt
+from jwt.exceptions import ExpiredSignatureError, DecodeError, InvalidTokenError
+
+
+def get_jwt_payload(token, secret_key):
+    try:
+        # Decode the token and verify the signature
+        payload = jwt.decode(token, secret_key, algorithms=["HS256"])
+        return payload
+    except ExpiredSignatureError:
+        raise Exception("The token has expired.")
+    except DecodeError:
+        raise Exception("The token is invalid.")
+    except InvalidTokenError:
+        raise Exception("The token is invalid.")
+    except Exception:
+        raise

square_authentication-1.0.0/square_authentication.egg-info/PKG-INFO

@@ -0,0 +1,40 @@
+Metadata-Version: 2.1
+Name: square-authentication
+Version: 1.0.0
+Summary: authentication layer for my personal server.
+Home-page: https://github.com/thepmsquare/square_authentication
+Author: thePmSquare
+Author-email: thepmsquare@gmail.com
+License: UNKNOWN
+Platform: UNKNOWN
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Description-Content-Type: text/markdown
+
+# square_authentication
+
+## about
+
+authentication layer for my personal server.
+
+## Installation
+
+```shell
+pip install square_authentication
+```
+
+## env
+
+- python>=3.12.0
+
+## changelog
+
+### v1.0.0
+
+- initial implementation.
+
+## Feedback is appreciated. Thank you!
+

square_authentication-1.0.0/square_authentication.egg-info/SOURCES.txt

@@ -0,0 +1,17 @@
+README.md
+setup.py
+square_authentication/__init__.py
+square_authentication/configuration.py
+square_authentication/main.py
+square_authentication.egg-info/PKG-INFO
+square_authentication.egg-info/SOURCES.txt
+square_authentication.egg-info/dependency_links.txt
+square_authentication.egg-info/requires.txt
+square_authentication.egg-info/top_level.txt
+square_authentication/data/config.ini
+square_authentication/routes/__init__.py
+square_authentication/routes/core.py
+square_authentication/routes/utility.py
+square_authentication/utils/__init__.py
+square_authentication/utils/encryption.py
+square_authentication/utils/token.py

square_authentication-1.0.0/square_authentication.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

square_authentication-1.0.0/square_authentication.egg-info/requires.txt

@@ -0,0 +1,11 @@
+uvicorn>=0.24.0.post1
+fastapi>=0.104.1
+pydantic>=2.5.3
+bcrypt>=4.1.2
+pyjwt>=2.8.0
+requests>=2.32.3
+cryptography>=42.0.7
+square_commons>=0.0.1
+square_logger>=1.0.0
+square_database_helper>=0.0.5
+square_database_structure>=0.0.11

square_authentication-1.0.0/square_authentication.egg-info/top_level.txt

@@ -0,0 +1 @@
+square_authentication