the37lab-authlib 0.1.1749238112__tar.gz

the37lab_authlib-0.1.1749238112/PKG-INFO

@@ -0,0 +1,115 @@
+Metadata-Version: 2.4
+Name: the37lab_authlib
+Version: 0.1.1749238112
+Summary: Python SDK for the Authlib
+Author-email: the37lab <info@the37lab.com>
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: Other/Proprietary License
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: flask
+Requires-Dist: psycopg2-binary
+Requires-Dist: pyjwt
+Requires-Dist: python-dotenv
+Requires-Dist: requests
+Requires-Dist: authlib
+Requires-Dist: bcrypt
+
+# AuthLib
+
+A Python authentication library that provides JWT, OAuth2, and API token authentication with PostgreSQL backend.
+
+## Table of Contents
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+- [Configuration](#configuration)
+- [API Endpoints](#api-endpoints)
+- [Development](#development)
+
+## Installation
+
+```bash
+pip install -e .
+```
+
+## Quick Start
+
+```python
+from flask import Flask
+from authlib import AuthManager
+
+app = Flask(__name__)
+
+auth = AuthManager(
+    app=app,
+    db_dsn="postgresql://user:pass@localhost/dbname",
+    jwt_secret="your-secret-key",
+    oauth_config={
+        "google": {
+            "client_id": "your-client-id",
+            "client_secret": "your-client-secret"
+        }
+    }
+)
+
+@app.route("/protected")
+@auth.require_auth(roles=["admin"])
+def protected_route():
+    return "Protected content"
+```
+
+## Configuration
+
+### Required Parameters
+- `app`: Flask application instance
+- `db_dsn`: PostgreSQL connection string
+- `jwt_secret`: Secret key for JWT signing
+
+### Optional Parameters
+- `oauth_config`: Dictionary of OAuth provider configurations
+- `token_expiry`: JWT token expiry time in seconds (default: 3600)
+- `refresh_token_expiry`: Refresh token expiry time in seconds (default: 2592000)
+
+## API Endpoints
+
+### Authentication
+- `POST /v1/users/login` - Login with username/password
+- `POST /v1/users/login/oauth` - Get OAuth redirect URL
+- `GET /v1/users/login/oauth2callback` - OAuth callback
+- `POST /v1/users/token-refresh` - Refresh JWT token
+
+### User Management
+- `POST /v1/users/register` - Register new user
+- `GET /v1/users/login/profile` - Get user profile
+- `GET /v1/users/roles` - Get available roles
+
+### API Tokens
+- `POST /v1/users/{user}/api-tokens` - Create API token
+- `GET /v1/users/{user}/api-tokens` - List API tokens
+- `DELETE /v1/users/{user}/api-tokens/{token_id}` - Delete API token
+
+## Development
+
+### Setup
+1. Clone the repository
+2. Create virtual environment:
+```bash
+python -m venv venv
+venv\Scripts\activate
+```
+3. Install dependencies:
+```bash
+pip install -e ".[dev]"
+```
+
+### Database Setup
+```bash
+createdb authlib
+python -m authlib.cli db init
+```
+
+### Running Tests
+```bash
+pytest
+```

the37lab_authlib-0.1.1749238112/README.md

@@ -0,0 +1,97 @@
+# AuthLib
+
+A Python authentication library that provides JWT, OAuth2, and API token authentication with PostgreSQL backend.
+
+## Table of Contents
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+- [Configuration](#configuration)
+- [API Endpoints](#api-endpoints)
+- [Development](#development)
+
+## Installation
+
+```bash
+pip install -e .
+```
+
+## Quick Start
+
+```python
+from flask import Flask
+from authlib import AuthManager
+
+app = Flask(__name__)
+
+auth = AuthManager(
+    app=app,
+    db_dsn="postgresql://user:pass@localhost/dbname",
+    jwt_secret="your-secret-key",
+    oauth_config={
+        "google": {
+            "client_id": "your-client-id",
+            "client_secret": "your-client-secret"
+        }
+    }
+)
+
+@app.route("/protected")
+@auth.require_auth(roles=["admin"])
+def protected_route():
+    return "Protected content"
+```
+
+## Configuration
+
+### Required Parameters
+- `app`: Flask application instance
+- `db_dsn`: PostgreSQL connection string
+- `jwt_secret`: Secret key for JWT signing
+
+### Optional Parameters
+- `oauth_config`: Dictionary of OAuth provider configurations
+- `token_expiry`: JWT token expiry time in seconds (default: 3600)
+- `refresh_token_expiry`: Refresh token expiry time in seconds (default: 2592000)
+
+## API Endpoints
+
+### Authentication
+- `POST /v1/users/login` - Login with username/password
+- `POST /v1/users/login/oauth` - Get OAuth redirect URL
+- `GET /v1/users/login/oauth2callback` - OAuth callback
+- `POST /v1/users/token-refresh` - Refresh JWT token
+
+### User Management
+- `POST /v1/users/register` - Register new user
+- `GET /v1/users/login/profile` - Get user profile
+- `GET /v1/users/roles` - Get available roles
+
+### API Tokens
+- `POST /v1/users/{user}/api-tokens` - Create API token
+- `GET /v1/users/{user}/api-tokens` - List API tokens
+- `DELETE /v1/users/{user}/api-tokens/{token_id}` - Delete API token
+
+## Development
+
+### Setup
+1. Clone the repository
+2. Create virtual environment:
+```bash
+python -m venv venv
+venv\Scripts\activate
+```
+3. Install dependencies:
+```bash
+pip install -e ".[dev]"
+```
+
+### Database Setup
+```bash
+createdb authlib
+python -m authlib.cli db init
+```
+
+### Running Tests
+```bash
+pytest
+```

the37lab_authlib-0.1.1749238112/pyproject.toml

@@ -0,0 +1,17 @@
+[build-system]
+requires = ["setuptools", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "the37lab_authlib"
+version = "0.1.1749238112"
+description = "Python SDK for the Authlib"
+authors = [{name = "the37lab", email = "info@the37lab.com"}]
+dependencies = ["flask", "psycopg2-binary", "pyjwt", "python-dotenv", "requests", "authlib", "bcrypt"]
+requires-python = ">=3.9"
+readme = "README.md"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "License :: Other/Proprietary License",
+    "Operating System :: OS Independent",
+]

the37lab_authlib-0.1.1749238112/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

the37lab_authlib-0.1.1749238112/src/the37lab_authlib/__init__.py

@@ -0,0 +1,5 @@
+from .auth import AuthManager
+from .decorators import require_auth
+
+__version__ = "0.1.0"
+__all__ = ["AuthManager", "require_auth"] 

the37lab_authlib-0.1.1749238112/src/the37lab_authlib/auth.py

@@ -0,0 +1,513 @@
+import inspect
+from flask import Blueprint, request, jsonify, current_app, url_for, redirect
+import jwt
+from datetime import datetime, timedelta
+from .db import Database
+from .models import User, Role, ApiToken
+from .exceptions import AuthError
+import uuid
+import requests
+import bcrypt
+import logging
+import os
+from functools import wraps
+
+logging.basicConfig(level=logging.DEBUG)
+logger = logging.getLogger(__name__)
+
+def handle_auth_errors(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        try:
+            return f(*args, **kwargs)
+        except AuthError as e:
+            response = jsonify(e.to_dict())
+            response.status_code = e.status_code
+            return response
+    return decorated
+
+class AuthManager:
+    def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer'):
+        self.db = Database(db_dsn, id_type=id_type) if db_dsn else None
+        self.jwt_secret = jwt_secret
+        logger.debug(f"Initializing AuthManager with JWT secret: {jwt_secret[:5]}..." if jwt_secret else "No JWT secret provided")
+        self.oauth_config = oauth_config or {}
+        
+        if app:
+            self.init_app(app)
+
+    def _extract_token_from_header(self):
+        auth_header = request.headers.get('Authorization')
+        if not auth_header:
+            raise AuthError('No authorization header', 401)
+
+        try:
+            scheme, token = auth_header.split()
+            if scheme.lower() != 'bearer':
+                raise AuthError('Invalid authorization scheme', 401)
+
+            if not token:
+                raise AuthError('No token provided', 401)
+
+            return token
+        except ValueError:
+            raise AuthError('Invalid authorization header format', 401)
+
+    def _validate_api_token(self, api_token):
+        try:
+            parsed = ApiToken.parse_token(api_token)
+            with self.db.get_cursor() as cur:
+                # First get the API token record
+                cur.execute("""
+                    SELECT t.*, u.* FROM api_tokens t
+                    JOIN users u ON t.user_id = u.id
+                    WHERE t.id = %s
+                """, (parsed['id'],))
+                result = cur.fetchone()
+                if not result:
+                    raise AuthError('Invalid API token')
+
+                # Verify the nonce
+                if not bcrypt.checkpw(parsed['nonce'].encode('utf-8'), result['token'].encode('utf-8')):
+                    raise AuthError('Invalid API token')
+
+                # Check if token is expired
+                if result['expires_at'] and result['expires_at'] < datetime.utcnow():
+                    raise AuthError('API token has expired')
+
+                # Update last used timestamp
+                cur.execute("""
+                    UPDATE api_tokens 
+                    SET last_used_at = %s
+                    WHERE id = %s
+                """, (datetime.utcnow(), parsed['id']))
+
+                # Fetch roles
+                cur.execute("""
+                    SELECT r.name FROM roles r
+                    JOIN user_roles ur ON ur.role_id = r.id
+                    WHERE ur.user_id = %s
+                """, (result['user_id'],))
+                roles = [row['name'] for row in cur.fetchall()]
+
+                # Construct user object
+                return {
+                    'id': result['user_id'],
+                    'username': result['username'],
+                    'email': result['email'],
+                    'real_name': result['real_name'],
+                    'roles': roles
+                }
+        except ValueError:
+            raise AuthError('Invalid token format')
+
+    def _authenticate_request(self):
+        auth_header = request.headers.get('Authorization')
+        api_token = request.headers.get('X-API-Token')
+
+        if auth_header and auth_header.startswith('Bearer '):
+            # JWT authentication
+            token = self._extract_token_from_header()
+            return self.validate_token(token)
+        elif api_token:
+            # API token authentication
+            return self._validate_api_token(api_token)
+        else:
+            raise AuthError('No authentication provided', 401)
+
+    def require_auth(self, f):
+        @wraps(f)
+        def decorated(*args, **kwargs):
+            user = self._authenticate_request()
+            sig = inspect.signature(f)
+            if 'requesting_user' in sig.parameters:
+                kwargs['requesting_user'] = user
+
+            return f(*args, **kwargs)
+        return decorated
+
+    def init_app(self, app):
+        app.auth_manager = self
+        app.register_blueprint(self.create_blueprint())
+
+    def create_blueprint(self):
+        bp = Blueprint('auth', __name__, url_prefix='/v1/users')
+
+        @bp.route('/login', methods=['POST'])
+        @handle_auth_errors
+        def login():
+            data = request.get_json()
+            username = data.get('username')
+            password = data.get('password')
+            
+            if not username or not password:
+                raise AuthError('Username and password required', 400)
+            
+            with self.db.get_cursor() as cur:
+                cur.execute("SELECT * FROM users WHERE username = %s", (username,))
+                user = cur.fetchone()
+                
+                if not user or not self._verify_password(password, user['password_hash']):
+                    raise AuthError('Invalid username or password', 401)
+                
+                # Fetch roles
+                cur.execute("""
+                    SELECT r.name FROM roles r
+                    JOIN user_roles ur ON ur.role_id = r.id
+                    WHERE ur.user_id = %s
+                """, (user['id'],))
+                roles = [row['name'] for row in cur.fetchall()]
+                user['roles'] = roles
+                
+                token = self._create_token(user)
+                refresh_token = self._create_refresh_token(user)
+                
+                return jsonify({
+                    'token': token,
+                    'refresh_token': refresh_token,
+                    'user': user
+                })
+
+        @bp.route('/login/oauth', methods=['POST'])
+        @handle_auth_errors
+        def oauth_login():
+            provider = request.json.get('provider')
+            if provider not in self.oauth_config:
+                raise AuthError('Invalid OAuth provider', 400)
+
+            redirect_uri = url_for('auth.oauth_callback', _external=True)
+            return jsonify({
+                'redirect_url': self._get_oauth_url(provider, redirect_uri)
+            })
+
+        @bp.route('/login/oauth2callback')
+        @handle_auth_errors
+        def oauth_callback():
+            code = request.args.get('code')
+            provider = request.args.get('state')
+            
+            if not code or not provider:
+                raise AuthError('Invalid OAuth callback', 400)
+
+            user_info = self._get_oauth_user_info(provider, code)
+            token = self._create_token(user_info)
+            refresh_token = self._create_refresh_token(user_info)
+            
+            # Redirect to frontend with tokens
+            frontend_url = os.getenv('FRONTEND_URL', 'http://localhost:5173')
+            return redirect(f"{frontend_url}/oauth-callback?token={token}&refresh_token={refresh_token}")
+
+        @bp.route('/login/profile')
+        @handle_auth_errors
+        def profile():
+            token = request.headers.get('Authorization', '').split(' ')[-1]
+            user = self.validate_token(token)
+            return jsonify(user)
+
+        @bp.route('/api-tokens', methods=['GET'])
+        @handle_auth_errors
+        @self.require_auth
+        def get_tokens(requesting_user):
+            tokens = self.get_user_api_tokens(requesting_user['id'])
+            return jsonify(tokens)
+
+        @bp.route('/api-tokens', methods=['POST'])
+        @handle_auth_errors
+        @self.require_auth
+        def create_token(requesting_user):
+            name = request.json.get('name')
+            expires_in_days = request.json.get('expires_in_days')
+            if not name:
+                raise AuthError('Token name is required', 400)
+            api_token = self.create_api_token(requesting_user['id'], name, expires_in_days)
+            return jsonify({
+                'id': api_token.id,
+                'name': api_token.name,
+                'token': api_token.get_full_token(),
+                'created_at': api_token.created_at,
+                'expires_at': api_token.expires_at
+            })
+
+        @bp.route('/token-refresh', methods=['POST'])
+        @handle_auth_errors
+        def refresh_token():
+            refresh_token = request.json.get('refresh_token')
+            if not refresh_token:
+                raise AuthError('No refresh token provided', 400)
+
+            try:
+                payload = jwt.decode(refresh_token, self.jwt_secret, algorithms=['HS256'])
+                user_id = payload['sub']
+                
+                with self.db.get_cursor() as cur:
+                    cur.execute("SELECT * FROM users WHERE id = %s", (user_id,))
+                    user = cur.fetchone()
+
+                if not user:
+                    raise AuthError('User not found', 404)
+
+                return jsonify({
+                    'token': self._create_token(user),
+                    'refresh_token': self._create_refresh_token(user)
+                })
+            except jwt.InvalidTokenError:
+                raise AuthError('Invalid refresh token', 401)
+
+        @bp.route('/api-tokens', methods=['POST'])
+        @handle_auth_errors
+        @self.require_auth
+        def create_api_token(requesting_user):
+            name = request.json.get('name')
+            if not name:
+                raise AuthError('Token name required', 400)
+
+            token = self.create_api_token(requesting_user['id'], name)
+            return jsonify({'token': token.token})
+
+        @bp.route('/api-tokens/validate', methods=['GET'])
+        @handle_auth_errors
+        @self.require_auth
+        def validate_api_token(requesting_user):
+            token = request.json.get('token')
+            if not token:
+                raise AuthError('No API token provided', 401)
+            token = ApiToken.parse_token_id(token)
+
+            with self.db.get_cursor() as cur:
+                cur.execute("""
+                    SELECT * FROM api_tokens 
+                    WHERE user_id = %s AND id = %s
+                """, (requesting_user['id'], token))
+                api_token = cur.fetchone()
+
+            if not api_token:
+                raise AuthError('Invalid API token', 401)
+
+            # Check if token is expired
+            if api_token['expires_at'] and api_token['expires_at'] < datetime.utcnow():
+                raise AuthError('API token has expired', 401)
+
+            # Update last used timestamp
+            with self.db.get_cursor() as cur:
+                cur.execute("""
+                    UPDATE api_tokens 
+                    SET last_used_at = %s
+                    WHERE id = %s
+                """, (datetime.utcnow(), api_token['id']))
+
+            return jsonify({'valid': True})
+
+        @bp.route('/api-tokens', methods=['DELETE'])
+        @handle_auth_errors
+        @self.require_auth
+        def delete_api_token(requesting_user):
+            token = request.json.get('token')
+            if not token:
+                raise AuthError('Token required', 400)
+            token = ApiToken.parse_token_id(token)
+
+            with self.db.get_cursor() as cur:
+                cur.execute("""
+                    DELETE FROM api_tokens 
+                    WHERE user_id = %s AND id = %s
+                    RETURNING id
+                """, (requesting_user['id'], token))
+                deleted_id = cur.fetchone()
+                if not deleted_id:
+                    raise ValueError('Token not found or already deleted')
+
+            return jsonify({'deleted': True})
+
+        @bp.route('/register', methods=['POST'])
+        @handle_auth_errors
+        def register():
+            data = request.get_json()
+            
+            # Hash the password
+            password = data.get('password')
+            if not password:
+                raise AuthError('Password is required', 400)
+            
+            salt = bcrypt.gensalt()
+            password_hash = bcrypt.hashpw(password.encode('utf-8'), salt)
+            
+            user = User(
+                username=data['username'],
+                email=data['email'],
+                real_name=data['real_name'],
+                roles=data.get('roles', []),
+                id_generator=self.db.get_id_generator()
+            )
+
+            with self.db.get_cursor() as cur:
+                if user.id is None:
+                    cur.execute("""
+                        INSERT INTO users (username, email, real_name, password_hash, created_at, updated_at)
+                        VALUES (%s, %s, %s, %s, %s, %s)
+                        RETURNING id
+                    """, (user.username, user.email, user.real_name, password_hash.decode('utf-8'),
+                          user.created_at, user.updated_at))
+                    user.id = cur.fetchone()['id']
+                else:
+                    cur.execute("""
+                        INSERT INTO users (id, username, email, real_name, password_hash, created_at, updated_at)
+                        VALUES (%s, %s, %s, %s, %s, %s, %s)
+                    """, (user.id, user.username, user.email, user.real_name, password_hash.decode('utf-8'),
+                          user.created_at, user.updated_at))
+
+            return jsonify({'id': user.id}), 201
+
+        @bp.route('/roles', methods=['GET'])
+        @handle_auth_errors
+        def get_roles():
+            with self.db.get_cursor() as cur:
+                cur.execute("SELECT * FROM roles")
+                roles = cur.fetchall()
+            return jsonify(roles)
+
+        return bp
+
+    def validate_token(self, token):
+        try:
+            logger.debug(f"Validating token: {token}")
+            payload = jwt.decode(token, self.jwt_secret, algorithms=['HS256'])
+            logger.debug(f"Token payload: {payload}")
+            user_id = int(payload['sub'])  # Convert string ID back to integer
+            
+            with self.db.get_cursor() as cur:
+                cur.execute("SELECT * FROM users WHERE id = %s", (user_id,))
+                user = cur.fetchone()
+                if not user:
+                    logger.error(f"User not found for ID: {user_id}")
+                    raise AuthError('User not found', 404)
+                # Fetch roles
+                cur.execute("""
+                    SELECT r.name FROM roles r
+                    JOIN user_roles ur ON ur.role_id = r.id
+                    WHERE ur.user_id = %s
+                """, (user_id,))
+                roles = [row['name'] for row in cur.fetchall()]
+                user['roles'] = roles
+
+            return user
+        except jwt.InvalidTokenError as e:
+            logger.error(f"Invalid token error: {str(e)}")
+            raise AuthError('Invalid token', 401)
+        except Exception as e:
+            logger.error(f"Unexpected error during token validation: {str(e)}")
+            raise AuthError(str(e), 500)
+
+    def get_current_user(self):
+        return self._authenticate_request()
+
+    def get_user_api_tokens(self, user_id):
+        """Get all API tokens for a user."""
+        with self.db.get_cursor() as cur:
+            cur.execute("""
+                SELECT id, name, created_at, expires_at, last_used_at
+                FROM api_tokens 
+                WHERE user_id = %s
+                ORDER BY created_at DESC
+            """, (user_id,))
+            return cur.fetchall()
+
+    def create_api_token(self, user_id, name, expires_in_days=None):
+        """Create a new API token for a user."""
+        token = ApiToken(user_id, name, expires_in_days)
+        
+        with self.db.get_cursor() as cur:
+            cur.execute("""
+                INSERT INTO api_tokens (id, user_id, name, token, created_at, expires_at)
+                VALUES (%s, %s, %s, %s, %s, %s)
+            """, (token.id, token.user_id, token.name, token.token, token.created_at, token.expires_at))
+            return token
+
+    def _create_token(self, user):
+        payload = {
+            'sub': str(user['id']),
+            'exp': datetime.utcnow() + timedelta(hours=1),
+            'iat': datetime.utcnow()
+        }
+        logger.debug(f"Creating token with payload: {payload}")
+        token = jwt.encode(payload, self.jwt_secret, algorithm='HS256')
+        logger.debug(f"Created token: {token}")
+        return token
+
+    def _create_refresh_token(self, user):
+        payload = {
+            'sub': str(user['id']),
+            'exp': datetime.utcnow() + timedelta(days=30),
+            'iat': datetime.utcnow()
+        }
+        return jwt.encode(payload, self.jwt_secret, algorithm='HS256')
+
+    def _verify_password(self, password, password_hash):
+        return bcrypt.checkpw(password.encode('utf-8'), password_hash.encode('utf-8'))
+
+    def _get_oauth_url(self, provider, redirect_uri):
+        if provider == 'google':
+            client_id = self.oauth_config['google']['client_id']
+            scope = 'openid email profile'
+            state = provider  # Pass provider as state for callback
+            return f'https://accounts.google.com/o/oauth2/v2/auth?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope={scope}&state={state}'
+        raise AuthError('Invalid OAuth provider')
+
+    def _get_oauth_user_info(self, provider, code):
+        if provider == 'google':
+            client_id = self.oauth_config['google']['client_id']
+            client_secret = self.oauth_config['google']['client_secret']
+            redirect_uri = url_for('auth.oauth_callback', _external=True)
+
+            # Exchange code for tokens
+            token_url = 'https://oauth2.googleapis.com/token'
+            token_data = {
+                'client_id': client_id,
+                'client_secret': client_secret,
+                'code': code,
+                'grant_type': 'authorization_code',
+                'redirect_uri': redirect_uri
+            }
+            token_response = requests.post(token_url, data=token_data)
+            token_response.raise_for_status()
+            tokens = token_response.json()
+
+            # Get user info
+            userinfo_url = 'https://www.googleapis.com/oauth2/v3/userinfo'
+            userinfo_response = requests.get(
+                userinfo_url,
+                headers={'Authorization': f"Bearer {tokens['access_token']}"}
+            )
+            userinfo_response.raise_for_status()
+            userinfo = userinfo_response.json()
+
+            # Create or update user
+            with self.db.get_cursor() as cur:
+                cur.execute("SELECT * FROM users WHERE email = %s", (userinfo['email'],))
+                user = cur.fetchone()
+
+                if not user:
+                    # Create new user
+                    user = User(
+                        username=userinfo['email'],
+                        email=userinfo['email'],
+                        real_name=userinfo.get('name', userinfo['email']),
+                        id_generator=self.db.get_id_generator()
+                    )
+                    cur.execute("""
+                        INSERT INTO users (id, username, email, real_name, created_at, updated_at)
+                        VALUES (%s, %s, %s, %s, %s, %s)
+                    """, (user.id, user.username, user.email, user.real_name, 
+                          user.created_at, user.updated_at))
+                    user = {'id': user.id, 'username': user.username, 'email': user.email, 
+                           'real_name': user.real_name, 'roles': []}
+                else:
+                    # Update existing user
+                    cur.execute("""
+                        UPDATE users 
+                        SET real_name = %s, updated_at = %s
+                        WHERE email = %s
+                    """, (userinfo.get('name', userinfo['email']), datetime.utcnow(), userinfo['email']))
+                    user['real_name'] = userinfo.get('name', userinfo['email'])
+
+            return user
+        raise AuthError('Invalid OAuth provider') 

the37lab_authlib-0.1.1749238112/src/the37lab_authlib/db.py

@@ -0,0 +1,74 @@
+import psycopg2
+from psycopg2.extras import RealDictCursor
+from contextlib import contextmanager
+from .models import UUIDGenerator, IntegerGenerator
+
+class Database:
+    def __init__(self, dsn, id_type='uuid'):
+        self.dsn = dsn
+        self.id_generator = UUIDGenerator() if id_type == 'uuid' else IntegerGenerator()
+        self.id_type = id_type
+        self._init_db()
+
+    def _init_db(self):
+        with self.get_connection() as conn:
+            with conn.cursor() as cur:
+                # Create users table with configurable ID type
+                cur.execute(f"""
+                    CREATE TABLE IF NOT EXISTS users (
+                        id {self._get_id_type()} PRIMARY KEY,
+                        username VARCHAR(255) UNIQUE NOT NULL,
+                        email VARCHAR(255) UNIQUE NOT NULL,
+                        real_name VARCHAR(255) NOT NULL,
+                        password_hash VARCHAR(255),
+                        created_at TIMESTAMP NOT NULL,
+                        updated_at TIMESTAMP NOT NULL
+                    );
+
+                    CREATE TABLE IF NOT EXISTS roles (
+                        id {self._get_id_type()} PRIMARY KEY,
+                        name VARCHAR(255) UNIQUE NOT NULL,
+                        description TEXT,
+                        created_at TIMESTAMP NOT NULL
+                    );
+
+                    CREATE TABLE IF NOT EXISTS user_roles (
+                        user_id {self._get_id_type()} REFERENCES users(id),
+                        role_id {self._get_id_type()} REFERENCES roles(id),
+                        PRIMARY KEY (user_id, role_id)
+                    );
+
+                    CREATE TABLE IF NOT EXISTS api_tokens (
+                        id VARCHAR(8) PRIMARY KEY,
+                        user_id INTEGER REFERENCES users(id),
+                        name VARCHAR(255) NOT NULL,
+                        token VARCHAR(255) NOT NULL,
+                        created_at TIMESTAMP NOT NULL,
+                        expires_at TIMESTAMP,
+                        last_used_at TIMESTAMP
+                    );
+                """)
+
+    def _get_id_type(self):
+        return 'UUID' if self.id_type == 'uuid' else 'SERIAL'
+
+    @contextmanager
+    def get_connection(self):
+        conn = psycopg2.connect(self.dsn, cursor_factory=RealDictCursor)
+        try:
+            yield conn
+            conn.commit()
+        except Exception:
+            conn.rollback()
+            raise
+        finally:
+            conn.close()
+
+    @contextmanager
+    def get_cursor(self):
+        with self.get_connection() as conn:
+            with conn.cursor() as cur:
+                yield cur
+
+    def get_id_generator(self):
+        return self.id_generator 

the37lab_authlib-0.1.1749238112/src/the37lab_authlib/decorators.py

@@ -0,0 +1,31 @@
+from functools import wraps
+from flask import request, current_app, jsonify
+from .exceptions import AuthError
+
+def require_auth(roles=None):
+    def decorator(f):
+        @wraps(f)
+        def decorated(*args, **kwargs):
+            try:
+                # Get the require_auth decorator from AuthManager
+                user = current_app.auth_manager.get_current_user()
+                if not user:
+                    raise AuthError('User not authenticated', 401)
+
+                auth_decorator = current_app.auth_manager.require_auth
+                
+                # Apply the AuthManager's decorator and get the result
+                decorated_func = auth_decorator(f)
+                
+                # Check roles if specified
+                if roles and not any(role in user['roles'] for role in roles):
+                    raise AuthError('Insufficient permissions', 403)
+                    
+                # Now execute the function
+                return decorated_func(*args, **kwargs)
+            except AuthError as e:
+                response = jsonify(e.to_dict())
+                response.status_code = e.status_code
+                return response
+        return decorated
+    return decorator 

the37lab_authlib-0.1.1749238112/src/the37lab_authlib/exceptions.py

@@ -0,0 +1,11 @@
+class AuthError(Exception):
+    def __init__(self, message, status_code=401):
+        self.message = message
+        self.status_code = status_code
+        super().__init__(self.message)
+
+    def to_dict(self):
+        return {
+            'error': self.message,
+            'status_code': self.status_code
+        } 

the37lab_authlib-0.1.1749238112/src/the37lab_authlib/models.py

@@ -0,0 +1,95 @@
+from datetime import datetime, timedelta
+import uuid
+import bcrypt
+import secrets
+import string
+from abc import ABC, abstractmethod
+
+def generate_random_string(length, alphabet=string.ascii_letters + string.digits):
+    """Generate a random string of specified length using the given alphabet."""
+    return ''.join(secrets.choice(alphabet) for _ in range(length))
+
+class IDGenerator(ABC):
+    @abstractmethod
+    def generate(self):
+        pass
+
+class UUIDGenerator(IDGenerator):
+    def generate(self):
+        return str(uuid.uuid4())
+
+class IntegerGenerator(IDGenerator):
+    def generate(self):
+        return None  # Let the database handle ID generation with SERIAL
+
+class User:
+    def __init__(self, username, email, real_name, roles=None, id_generator=None):
+        self.id = id_generator.generate() if id_generator else str(uuid.uuid4())
+        if self.id is None:  # Let database handle ID generation
+            self.id = None
+        self.username = username
+        self.email = email
+        self.real_name = real_name
+        self.roles = roles or []
+        self.created_at = datetime.utcnow()
+        self.updated_at = datetime.utcnow()
+
+class Role:
+    def __init__(self, name, description=None, id_generator=None):
+        self.id = id_generator.generate() if id_generator else str(uuid.uuid4())
+        self.name = name
+        self.description = description
+        self.created_at = datetime.utcnow()
+
+class ApiToken:
+    def __init__(self, user_id, name, expires_in_days=None):
+        self.id = generate_random_string(8)  # 8 character ID
+        self.user_id = user_id
+        self.name = name
+        self.nonce = generate_random_string(32)  # 32 character nonce
+        self.token = self._hash_nonce(self.nonce)  # Hash the nonce
+        self.created_at = datetime.utcnow()
+        self.expires_at = datetime.utcnow() + timedelta(days=expires_in_days) if expires_in_days else None
+        self.last_used_at = None
+
+    def _hash_nonce(self, nonce):
+        """Hash the nonce using bcrypt."""
+        salt = bcrypt.gensalt()
+        return bcrypt.hashpw(nonce.encode('utf-8'), salt).decode('utf-8')
+
+    def get_full_token(self):
+        """Get the full token string in the format api_IDNONCE."""
+        return f"api_{self.id}{self.nonce}"
+
+    @staticmethod
+    def parse_token(token_string):
+        """Parse a token string into its components."""
+        if not token_string.startswith('api_'):
+            raise ValueError('Invalid token format')
+        
+        token_string = token_string[4:]  # Remove 'api_' prefix
+        if len(token_string) != 40:  # 8 (id) + 32 (nonce)
+            raise ValueError('Invalid token length')
+        
+        return {
+            'id': token_string[:8],
+            'nonce': token_string[8:]
+        }
+
+    @staticmethod
+    def parse_token_id(token_string):
+        if len(token_string) == 8:
+            return token_string
+        if not token_string.startswith('api_'):
+            raise ValueError('Invalid token format')
+        return token_string[4:][:8]
+
+    def verify_token(self, token_string):
+        """Verify if a token string matches this token."""
+        try:
+            parsed = self.parse_token(token_string)
+            if parsed['id'] != self.id:
+                return False
+            return bcrypt.checkpw(parsed['nonce'].encode('utf-8'), self.token.encode('utf-8'))
+        except ValueError:
+            return False 

the37lab_authlib-0.1.1749238112/src/the37lab_authlib.egg-info/PKG-INFO

@@ -0,0 +1,115 @@
+Metadata-Version: 2.4
+Name: the37lab_authlib
+Version: 0.1.1749238112
+Summary: Python SDK for the Authlib
+Author-email: the37lab <info@the37lab.com>
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: Other/Proprietary License
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: flask
+Requires-Dist: psycopg2-binary
+Requires-Dist: pyjwt
+Requires-Dist: python-dotenv
+Requires-Dist: requests
+Requires-Dist: authlib
+Requires-Dist: bcrypt
+
+# AuthLib
+
+A Python authentication library that provides JWT, OAuth2, and API token authentication with PostgreSQL backend.
+
+## Table of Contents
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+- [Configuration](#configuration)
+- [API Endpoints](#api-endpoints)
+- [Development](#development)
+
+## Installation
+
+```bash
+pip install -e .
+```
+
+## Quick Start
+
+```python
+from flask import Flask
+from authlib import AuthManager
+
+app = Flask(__name__)
+
+auth = AuthManager(
+    app=app,
+    db_dsn="postgresql://user:pass@localhost/dbname",
+    jwt_secret="your-secret-key",
+    oauth_config={
+        "google": {
+            "client_id": "your-client-id",
+            "client_secret": "your-client-secret"
+        }
+    }
+)
+
+@app.route("/protected")
+@auth.require_auth(roles=["admin"])
+def protected_route():
+    return "Protected content"
+```
+
+## Configuration
+
+### Required Parameters
+- `app`: Flask application instance
+- `db_dsn`: PostgreSQL connection string
+- `jwt_secret`: Secret key for JWT signing
+
+### Optional Parameters
+- `oauth_config`: Dictionary of OAuth provider configurations
+- `token_expiry`: JWT token expiry time in seconds (default: 3600)
+- `refresh_token_expiry`: Refresh token expiry time in seconds (default: 2592000)
+
+## API Endpoints
+
+### Authentication
+- `POST /v1/users/login` - Login with username/password
+- `POST /v1/users/login/oauth` - Get OAuth redirect URL
+- `GET /v1/users/login/oauth2callback` - OAuth callback
+- `POST /v1/users/token-refresh` - Refresh JWT token
+
+### User Management
+- `POST /v1/users/register` - Register new user
+- `GET /v1/users/login/profile` - Get user profile
+- `GET /v1/users/roles` - Get available roles
+
+### API Tokens
+- `POST /v1/users/{user}/api-tokens` - Create API token
+- `GET /v1/users/{user}/api-tokens` - List API tokens
+- `DELETE /v1/users/{user}/api-tokens/{token_id}` - Delete API token
+
+## Development
+
+### Setup
+1. Clone the repository
+2. Create virtual environment:
+```bash
+python -m venv venv
+venv\Scripts\activate
+```
+3. Install dependencies:
+```bash
+pip install -e ".[dev]"
+```
+
+### Database Setup
+```bash
+createdb authlib
+python -m authlib.cli db init
+```
+
+### Running Tests
+```bash
+pytest
+```

the37lab_authlib-0.1.1749238112/src/the37lab_authlib.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+README.md
+pyproject.toml
+src/the37lab_authlib/__init__.py
+src/the37lab_authlib/auth.py
+src/the37lab_authlib/db.py
+src/the37lab_authlib/decorators.py
+src/the37lab_authlib/exceptions.py
+src/the37lab_authlib/models.py
+src/the37lab_authlib.egg-info/PKG-INFO
+src/the37lab_authlib.egg-info/SOURCES.txt
+src/the37lab_authlib.egg-info/dependency_links.txt
+src/the37lab_authlib.egg-info/requires.txt
+src/the37lab_authlib.egg-info/top_level.txt

the37lab_authlib-0.1.1749238112/src/the37lab_authlib.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

the37lab_authlib-0.1.1749238112/src/the37lab_authlib.egg-info/requires.txt

@@ -0,0 +1,7 @@
+flask
+psycopg2-binary
+pyjwt
+python-dotenv
+requests
+authlib
+bcrypt

the37lab_authlib-0.1.1749238112/src/the37lab_authlib.egg-info/top_level.txt

@@ -0,0 +1 @@
+the37lab_authlib