the37lab-authlib 0.1.1750156111__tar.gz → 0.1.1750836881__tar.gz

{the37lab_authlib-0.1.1750156111 → the37lab_authlib-0.1.1750836881}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1750156111
+Version: 0.1.1750836881
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -72,6 +72,12 @@ def protected_route():
     return "Protected content"
 ```
 
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check.
+
 ## Configuration
 
 ### Required Parameters
@@ -101,50 +107,52 @@ def protected_route():
 ## API Endpoints
 
 ### Authentication
-- `POST /v1/users/login` - Login with username/password
+- `POST /api/v1/users/login` - Login with username/password
   - **Request:** `{ "username": "string", "password": "string" }`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt", "user": { ... } }`
-- `POST /v1/users/login/oauth` - Get OAuth redirect URL
+- `POST /api/v1/users/login/oauth` - Get OAuth redirect URL
   - **Request:** `{ "provider": "google|github|..." }`
   - **Response:** `{ "redirect_url": "string" }`
-- `GET /v1/users/login/oauth2callback` - OAuth callback
+- `GET /api/v1/users/login/oauth2callback` - OAuth callback
   - **Query Params:** `code`, `state`, `provider`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt", "user": { ... } }`
-- `POST /v1/users/token-refresh` - Refresh JWT token
+- `POST /api/v1/users/token-refresh` - Refresh JWT token
   - **Request:** `{ "refresh_token": "jwt" }`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt" }`
 
 ### User Management
-- `POST /v1/users/register` - Register new user
+- `POST /api/v1/users/register` - Register new user
   - **Request:** `{ "username": "string", "password": "string", "email": "string", ... }`
   - **Response:** `{ "user": { ... }, "token": "jwt", "refresh_token": "jwt" }`
-- `GET /v1/users/login/profile` - Get user profile
+- `GET /api/v1/users/login/profile` - Get user profile
   - **Auth:** Bearer JWT
   - **Response:** `{ "user": { ... } }`
-- `GET /v1/users/roles` - Get available roles
+- `GET /api/v1/users/roles` - Get available roles
   - **Response:** `[ "admin", "user", ... ]`
 
 ### API Tokens
-- `POST /v1/users/{user}/api-tokens` - Create API token
+- `POST /api/v1/users/{user}/api-tokens` - Create API token
   - **Request:** `{ "name": "string", "scopes": [ ... ] }`
   - **Response:** `{ "token": "string", "id": "uuid", ... }`
-- `GET /v1/users/{user}/api-tokens` - List API tokens
+- `GET /api/v1/users/{user}/api-tokens` - List API tokens
   - **Response:** `[ { "id": "uuid", "name": "string", ... } ]`
-- `DELETE /v1/users/{user}/api-tokens/{token_id}` - Delete API token
+- `DELETE /api/v1/users/{user}/api-tokens/{token_id}` - Delete API token
   - **Response:** `{ "success": true }`
 
 ## Authentication Flow
 
 1. **Login:**
-   - User submits credentials to `/v1/users/login`.
+   - User submits credentials to `/api/v1/users/login`.
    - Receives JWT and refresh token.
 2. **Token Refresh:**
-   - Use `/v1/users/token-refresh` with refresh token to get new JWT.
+   - Use `/api/v1/users/token-refresh` with refresh token to get new JWT.
 3. **OAuth:**
-   - Get redirect URL from `/v1/users/login/oauth`.
-   - Complete OAuth flow via `/v1/users/login/oauth2callback`.
+   - Get redirect URL from `/api/v1/users/login/oauth`.
+   - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@auth.require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 
 ## User Object
 

{the37lab_authlib-0.1.1750156111 → the37lab_authlib-0.1.1750836881}/README.md

@@ -55,6 +55,12 @@ def protected_route():
     return "Protected content"
 ```
 
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check.
+
 ## Configuration
 
 ### Required Parameters
@@ -84,50 +90,52 @@ def protected_route():
 ## API Endpoints
 
 ### Authentication
-- `POST /v1/users/login` - Login with username/password
+- `POST /api/v1/users/login` - Login with username/password
   - **Request:** `{ "username": "string", "password": "string" }`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt", "user": { ... } }`
-- `POST /v1/users/login/oauth` - Get OAuth redirect URL
+- `POST /api/v1/users/login/oauth` - Get OAuth redirect URL
   - **Request:** `{ "provider": "google|github|..." }`
   - **Response:** `{ "redirect_url": "string" }`
-- `GET /v1/users/login/oauth2callback` - OAuth callback
+- `GET /api/v1/users/login/oauth2callback` - OAuth callback
   - **Query Params:** `code`, `state`, `provider`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt", "user": { ... } }`
-- `POST /v1/users/token-refresh` - Refresh JWT token
+- `POST /api/v1/users/token-refresh` - Refresh JWT token
   - **Request:** `{ "refresh_token": "jwt" }`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt" }`
 
 ### User Management
-- `POST /v1/users/register` - Register new user
+- `POST /api/v1/users/register` - Register new user
   - **Request:** `{ "username": "string", "password": "string", "email": "string", ... }`
   - **Response:** `{ "user": { ... }, "token": "jwt", "refresh_token": "jwt" }`
-- `GET /v1/users/login/profile` - Get user profile
+- `GET /api/v1/users/login/profile` - Get user profile
   - **Auth:** Bearer JWT
   - **Response:** `{ "user": { ... } }`
-- `GET /v1/users/roles` - Get available roles
+- `GET /api/v1/users/roles` - Get available roles
   - **Response:** `[ "admin", "user", ... ]`
 
 ### API Tokens
-- `POST /v1/users/{user}/api-tokens` - Create API token
+- `POST /api/v1/users/{user}/api-tokens` - Create API token
   - **Request:** `{ "name": "string", "scopes": [ ... ] }`
   - **Response:** `{ "token": "string", "id": "uuid", ... }`
-- `GET /v1/users/{user}/api-tokens` - List API tokens
+- `GET /api/v1/users/{user}/api-tokens` - List API tokens
   - **Response:** `[ { "id": "uuid", "name": "string", ... } ]`
-- `DELETE /v1/users/{user}/api-tokens/{token_id}` - Delete API token
+- `DELETE /api/v1/users/{user}/api-tokens/{token_id}` - Delete API token
   - **Response:** `{ "success": true }`
 
 ## Authentication Flow
 
 1. **Login:**
-   - User submits credentials to `/v1/users/login`.
+   - User submits credentials to `/api/v1/users/login`.
    - Receives JWT and refresh token.
 2. **Token Refresh:**
-   - Use `/v1/users/token-refresh` with refresh token to get new JWT.
+   - Use `/api/v1/users/token-refresh` with refresh token to get new JWT.
 3. **OAuth:**
-   - Get redirect URL from `/v1/users/login/oauth`.
-   - Complete OAuth flow via `/v1/users/login/oauth2callback`.
+   - Get redirect URL from `/api/v1/users/login/oauth`.
+   - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@auth.require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 
 ## User Object
 

{the37lab_authlib-0.1.1750156111 → the37lab_authlib-0.1.1750836881}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "the37lab_authlib"
-version = "0.1.1750156111"
+version = "0.1.1750836881"
 description = "Python SDK for the Authlib"
 authors = [{name = "the37lab", email = "info@the37lab.com"}]
 dependencies = ["flask", "psycopg2-binary", "pyjwt", "python-dotenv", "requests", "authlib", "bcrypt"]

{the37lab_authlib-0.1.1750156111 → the37lab_authlib-0.1.1750836881}/src/the37lab_authlib/auth.py

@@ -1,5 +1,5 @@
 import inspect
-from flask import Blueprint, request, jsonify, current_app, url_for, redirect
+from flask import Blueprint, request, jsonify, current_app, url_for, redirect, g
 import jwt
 from datetime import datetime, timedelta
 from .db import Database
@@ -15,17 +15,6 @@ from functools import wraps
 logging.basicConfig(level=logging.DEBUG)
 logger = logging.getLogger(__name__)
 
-def handle_auth_errors(f):
-    @wraps(f)
-    def decorated(*args, **kwargs):
-        try:
-            return f(*args, **kwargs)
-        except AuthError as e:
-            response = jsonify(e.to_dict())
-            response.status_code = e.status_code
-            return response
-    return decorated
-
 class AuthManager:
     def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer'):
         logger.info("INITIALIZING AUTHMANAGER {} - {} - {}".format(db_dsn, jwt_secret, not app))
@@ -130,10 +119,29 @@ class AuthManager:
         app.register_blueprint(self.create_blueprint())
 
     def create_blueprint(self):
-        bp = Blueprint('auth', __name__, url_prefix='/v1/users')
+        bp = Blueprint('auth', __name__, url_prefix='/api/v1/users')
+
+        public_endpoints = {
+            'auth.login',
+            'auth.oauth_login',
+            'auth.oauth_callback',
+            'auth.refresh_token',
+            'auth.register',
+            'auth.get_roles'
+        }
+
+        @bp.errorhandler(AuthError)
+        def handle_auth_error(err):
+            response = jsonify(err.to_dict())
+            response.status_code = err.status_code
+            return response
+
+        @bp.before_request
+        def load_user():
+            if request.endpoint not in public_endpoints:
+                g.requesting_user = self._authenticate_request()
 
         @bp.route('/login', methods=['POST'])
-        @handle_auth_errors
         def login():
             data = request.get_json()
             username = data.get('username')
@@ -168,7 +176,6 @@ class AuthManager:
                 })
 
         @bp.route('/login/oauth', methods=['POST'])
-        @handle_auth_errors
         def oauth_login():
             provider = request.json.get('provider')
             if provider not in self.oauth_config:
@@ -180,7 +187,6 @@ class AuthManager:
             })
 
         @bp.route('/login/oauth2callback')
-        @handle_auth_errors
         def oauth_callback():
             code = request.args.get('code')
             provider = request.args.get('state')
@@ -197,28 +203,22 @@ class AuthManager:
             return redirect(f"{frontend_url}/oauth-callback?token={token}&refresh_token={refresh_token}")
 
         @bp.route('/login/profile')
-        @handle_auth_errors
         def profile():
-            token = request.headers.get('Authorization', '').split(' ')[-1]
-            user = self.validate_token(token)
+            user = g.requesting_user
             return jsonify(user)
 
         @bp.route('/api-tokens', methods=['GET'])
-        @handle_auth_errors
-        @self.require_auth
-        def get_tokens(requesting_user):
-            tokens = self.get_user_api_tokens(requesting_user['id'])
+        def get_tokens():
+            tokens = self.get_user_api_tokens(g.requesting_user['id'])
             return jsonify(tokens)
 
         @bp.route('/api-tokens', methods=['POST'])
-        @handle_auth_errors
-        @self.require_auth
-        def create_token(requesting_user):
+        def create_token():
             name = request.json.get('name')
             expires_in_days = request.json.get('expires_in_days')
             if not name:
                 raise AuthError('Token name is required', 400)
-            api_token = self.create_api_token(requesting_user['id'], name, expires_in_days)
+            api_token = self.create_api_token(g.requesting_user['id'], name, expires_in_days)
             return jsonify({
                 'id': api_token.id,
                 'name': api_token.name,
@@ -228,7 +228,6 @@ class AuthManager:
             })
 
         @bp.route('/token-refresh', methods=['POST'])
-        @handle_auth_errors
         def refresh_token():
             refresh_token = request.json.get('refresh_token')
             if not refresh_token:
@@ -253,20 +252,16 @@ class AuthManager:
                 raise AuthError('Invalid refresh token', 401)
 
         @bp.route('/api-tokens', methods=['POST'])
-        @handle_auth_errors
-        @self.require_auth
-        def create_api_token(requesting_user):
+        def create_api_token():
             name = request.json.get('name')
             if not name:
                 raise AuthError('Token name required', 400)
 
-            token = self.create_api_token(requesting_user['id'], name)
+            token = self.create_api_token(g.requesting_user['id'], name)
             return jsonify({'token': token.token})
 
         @bp.route('/api-tokens/validate', methods=['GET'])
-        @handle_auth_errors
-        @self.require_auth
-        def validate_api_token(requesting_user):
+        def validate_api_token():
             token = request.json.get('token')
             if not token:
                 raise AuthError('No API token provided', 401)
@@ -276,7 +271,7 @@ class AuthManager:
                 cur.execute("""
                     SELECT * FROM api_tokens 
                     WHERE user_id = %s AND id = %s
-                """, (requesting_user['id'], token))
+                """, (g.requesting_user['id'], token))
                 api_token = cur.fetchone()
 
             if not api_token:
@@ -297,9 +292,7 @@ class AuthManager:
             return jsonify({'valid': True})
 
         @bp.route('/api-tokens', methods=['DELETE'])
-        @handle_auth_errors
-        @self.require_auth
-        def delete_api_token(requesting_user):
+        def delete_api_token():
             token = request.json.get('token')
             if not token:
                 raise AuthError('Token required', 400)
@@ -310,7 +303,7 @@ class AuthManager:
                     DELETE FROM api_tokens 
                     WHERE user_id = %s AND id = %s
                     RETURNING id
-                """, (requesting_user['id'], token))
+                """, (g.requesting_user['id'], token))
                 deleted_id = cur.fetchone()
                 if not deleted_id:
                     raise ValueError('Token not found or already deleted')
@@ -318,7 +311,6 @@ class AuthManager:
             return jsonify({'deleted': True})
 
         @bp.route('/register', methods=['POST'])
-        @handle_auth_errors
         def register():
             data = request.get_json()
             
@@ -357,7 +349,6 @@ class AuthManager:
             return jsonify({'id': user.id}), 201
 
         @bp.route('/roles', methods=['GET'])
-        @handle_auth_errors
         def get_roles():
             with self.db.get_cursor() as cur:
                 cur.execute("SELECT * FROM roles")

{the37lab_authlib-0.1.1750156111 → the37lab_authlib-0.1.1750836881}/src/the37lab_authlib.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1750156111
+Version: 0.1.1750836881
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -72,6 +72,12 @@ def protected_route():
     return "Protected content"
 ```
 
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check.
+
 ## Configuration
 
 ### Required Parameters
@@ -101,50 +107,52 @@ def protected_route():
 ## API Endpoints
 
 ### Authentication
-- `POST /v1/users/login` - Login with username/password
+- `POST /api/v1/users/login` - Login with username/password
   - **Request:** `{ "username": "string", "password": "string" }`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt", "user": { ... } }`
-- `POST /v1/users/login/oauth` - Get OAuth redirect URL
+- `POST /api/v1/users/login/oauth` - Get OAuth redirect URL
   - **Request:** `{ "provider": "google|github|..." }`
   - **Response:** `{ "redirect_url": "string" }`
-- `GET /v1/users/login/oauth2callback` - OAuth callback
+- `GET /api/v1/users/login/oauth2callback` - OAuth callback
   - **Query Params:** `code`, `state`, `provider`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt", "user": { ... } }`
-- `POST /v1/users/token-refresh` - Refresh JWT token
+- `POST /api/v1/users/token-refresh` - Refresh JWT token
   - **Request:** `{ "refresh_token": "jwt" }`
   - **Response:** `{ "token": "jwt", "refresh_token": "jwt" }`
 
 ### User Management
-- `POST /v1/users/register` - Register new user
+- `POST /api/v1/users/register` - Register new user
   - **Request:** `{ "username": "string", "password": "string", "email": "string", ... }`
   - **Response:** `{ "user": { ... }, "token": "jwt", "refresh_token": "jwt" }`
-- `GET /v1/users/login/profile` - Get user profile
+- `GET /api/v1/users/login/profile` - Get user profile
   - **Auth:** Bearer JWT
   - **Response:** `{ "user": { ... } }`
-- `GET /v1/users/roles` - Get available roles
+- `GET /api/v1/users/roles` - Get available roles
   - **Response:** `[ "admin", "user", ... ]`
 
 ### API Tokens
-- `POST /v1/users/{user}/api-tokens` - Create API token
+- `POST /api/v1/users/{user}/api-tokens` - Create API token
   - **Request:** `{ "name": "string", "scopes": [ ... ] }`
   - **Response:** `{ "token": "string", "id": "uuid", ... }`
-- `GET /v1/users/{user}/api-tokens` - List API tokens
+- `GET /api/v1/users/{user}/api-tokens` - List API tokens
   - **Response:** `[ { "id": "uuid", "name": "string", ... } ]`
-- `DELETE /v1/users/{user}/api-tokens/{token_id}` - Delete API token
+- `DELETE /api/v1/users/{user}/api-tokens/{token_id}` - Delete API token
   - **Response:** `{ "success": true }`
 
 ## Authentication Flow
 
 1. **Login:**
-   - User submits credentials to `/v1/users/login`.
+   - User submits credentials to `/api/v1/users/login`.
    - Receives JWT and refresh token.
 2. **Token Refresh:**
-   - Use `/v1/users/token-refresh` with refresh token to get new JWT.
+   - Use `/api/v1/users/token-refresh` with refresh token to get new JWT.
 3. **OAuth:**
-   - Get redirect URL from `/v1/users/login/oauth`.
-   - Complete OAuth flow via `/v1/users/login/oauth2callback`.
+   - Get redirect URL from `/api/v1/users/login/oauth`.
+   - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@auth.require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 
 ## User Object