sweatstack 0.59.0__py3-none-any.whl → 0.61.0__py3-none-any.whl

sweatstack/fastapi/session.py

@@ -0,0 +1,102 @@
+"""Session encryption and cookie helpers."""
+
+import json
+import logging
+from typing import Any
+
+from cryptography.fernet import Fernet, InvalidToken
+from fastapi import Response
+
+from .config import get_config
+
+SESSION_COOKIE_NAME = "sweatstack_session"
+STATE_COOKIE_NAME = "sweatstack_oauth_state"
+
+
+def _get_fernet_instances() -> list[Fernet]:
+    """Get Fernet instances for encryption/decryption."""
+    config = get_config()
+    secrets = config.session_secret
+    if not isinstance(secrets, list):
+        secrets = [secrets]
+    return [Fernet(secret.get_secret_value().encode()) for secret in secrets]
+
+
+def encrypt_session(data: dict[str, Any]) -> str:
+    """Encrypt session data.
+
+    Uses the first configured key for encryption.
+    """
+    fernets = _get_fernet_instances()
+    json_data = json.dumps(data)
+    return fernets[0].encrypt(json_data.encode()).decode()
+
+
+def decrypt_session(encrypted: str | None) -> dict[str, Any] | None:
+    """Decrypt session data.
+
+    Tries all configured keys for decryption (supports key rotation).
+    Returns None if decryption fails or data is missing.
+    """
+    if not encrypted:
+        return None
+
+    fernets = _get_fernet_instances()
+
+    for fernet in fernets:
+        try:
+            decrypted = fernet.decrypt(encrypted.encode())
+            return json.loads(decrypted)
+        except InvalidToken:
+            continue
+        except Exception as e:
+            logging.warning(f"Session decryption error: {e}")
+            return None
+
+    # All keys failed
+    return None
+
+
+def set_session_cookie(response: Response, session_data: dict[str, Any]) -> None:
+    """Set the encrypted session cookie on the response."""
+    config = get_config()
+    encrypted = encrypt_session(session_data)
+    response.set_cookie(
+        key=SESSION_COOKIE_NAME,
+        value=encrypted,
+        httponly=True,
+        secure=config.cookie_secure,
+        samesite="lax",
+        max_age=config.cookie_max_age,
+        path="/",
+    )
+
+
+def clear_session_cookie(response: Response) -> None:
+    """Clear the session cookie."""
+    response.delete_cookie(
+        key=SESSION_COOKIE_NAME,
+        path="/",
+    )
+
+
+def set_state_cookie(response: Response, state: str) -> None:
+    """Set the OAuth state cookie (short-lived, 5 minutes)."""
+    config = get_config()
+    response.set_cookie(
+        key=STATE_COOKIE_NAME,
+        value=state,
+        httponly=True,
+        secure=config.cookie_secure,
+        samesite="lax",
+        max_age=300,  # 5 minutes
+        path="/",
+    )
+
+
+def clear_state_cookie(response: Response) -> None:
+    """Clear the OAuth state cookie."""
+    response.delete_cookie(
+        key=STATE_COOKIE_NAME,
+        path="/",
+    )

{sweatstack-0.59.0.dist-info → sweatstack-0.61.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sweatstack
-Version: 0.59.0
+Version: 0.61.0
 Summary: The official Python client for SweatStack
 Author-email: Aart Goossens <aart@gssns.io>
 Requires-Python: >=3.9
@@ -10,6 +10,9 @@ Requires-Dist: pandas>=2.2.3
 Requires-Dist: platformdirs>=4.0.0
 Requires-Dist: pyarrow>=18.0.0
 Requires-Dist: pydantic>=2.10.5
+Provides-Extra: fastapi
+Requires-Dist: cryptography>=41.0.0; extra == 'fastapi'
+Requires-Dist: fastapi[standard]>=0.100.0; extra == 'fastapi'
 Provides-Extra: jupyter
 Requires-Dist: ipython>=8.31.0; extra == 'jupyter'
 Requires-Dist: jupyterlab>=4.3.4; extra == 'jupyter'

{sweatstack-0.59.0.dist-info → sweatstack-0.61.0.dist-info}/RECORD

@@ -1,6 +1,6 @@
 sweatstack/__init__.py,sha256=tiVfgKlswRPaDMEy0gA7u8rveqEYZTA_kyB9lJ3J6Sc,21
 sweatstack/cli.py,sha256=N1NWOgEZR2yaJvIXxo9qvp_jFlypZYb0nujpbVNYQ6A,720
-sweatstack/client.py,sha256=dTx7Cqpd56NH32-Ndc6vo1WnzsN1C9BfpFrchV9NTdQ,66366
+sweatstack/client.py,sha256=0SipHY_USSMnxEb3PdmQ4ogUZTB81nC-eAJjthwqy6g,68175
 sweatstack/constants.py,sha256=fGO6ksOv5HeISv9lHRoYm4besW1GTveXS8YD3K0ljg0,41
 sweatstack/ipython_init.py,sha256=OtBB9dQvyLXklD4kA2x1swaVtU9u73fG4V4-zz4YRAg,139
 sweatstack/jupyterlab_oauth2_startup.py,sha256=YcjXvzeZ459vL_dCkFi1IxX_RNAu80ZX9rwa0OXJfTM,1023
@@ -11,7 +11,13 @@ sweatstack/streamlit.py,sha256=wnabWhife9eMAdkECPjRKkzE82KZoi_H8YzucZl_m9s,19604
 sweatstack/sweatshell.py,sha256=MYLNcWbOdceqKJ3S0Pe8dwHXEeYsGJNjQoYUXpMTftA,333
 sweatstack/utils.py,sha256=AwHRdC1ziOZ5o9RBIB21Uxm-DoClVRAJSVvgsmSmvps,1801
 sweatstack/Sweat Stack examples/Getting started.ipynb,sha256=k2hiSffWecoQ0VxjdpDcgFzBXDQiYEebhnAYlu8cgX8,6335204
-sweatstack-0.59.0.dist-info/METADATA,sha256=811kowZZQ5K40LdVRA5JeLk95TBj5MHY6UGWn91g4Kg,852
-sweatstack-0.59.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-sweatstack-0.59.0.dist-info/entry_points.txt,sha256=kCzOUQI3dqbTpEYqtgYDeiKFaqaA7BMlV6D24BMzCFU,208
-sweatstack-0.59.0.dist-info/RECORD,,
+sweatstack/fastapi/__init__.py,sha256=J20u-R3ABLP0vGLl3m_H76nTvpoMHtpKpyH8vufb9kM,2465
+sweatstack/fastapi/config.py,sha256=S9Y5G5YprSugICtkCdVEUBwdbGsg2MuzdPx8QJaP8XA,7850
+sweatstack/fastapi/dependencies.py,sha256=6QrWCcYJJXI0-Tn2A4hKimVMCa45rRUAu-gijtgAq4k,8739
+sweatstack/fastapi/models.py,sha256=2VNKITN7LKacQxxVgYJjDaZ6Xq2eYBtvkQbq7H6bLlY,3386
+sweatstack/fastapi/routes.py,sha256=Y-g8DMM2gG_8ETnLN7ZfUqBT8AkwIG9WFbEqJtyyKcM,10058
+sweatstack/fastapi/session.py,sha256=BtRPCmIEaToJPwFyZ0fqWGlmnDHuWKy8nri9dJrPXaA,2717
+sweatstack-0.61.0.dist-info/METADATA,sha256=RGfVVMy3zO08wiJw98gF-9IW_8gjuYsJ3Kg58BAJyi4,994
+sweatstack-0.61.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+sweatstack-0.61.0.dist-info/entry_points.txt,sha256=kCzOUQI3dqbTpEYqtgYDeiKFaqaA7BMlV6D24BMzCFU,208
+sweatstack-0.61.0.dist-info/RECORD,,