PyPI - the37lab-authlib - Versions diffs - 0.1.1750187527__tar.gz → 0.1.1750836881__tar.gz - Mend

the37lab-authlib 0.1.1750187527tar.gz → 0.1.1750836881tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of the37lab-authlib might be problematic. Click here for more details.

Files changed (15) hide show

{the37lab_authlib-0.1.1750187527 → the37lab_authlib-0.1.1750836881}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1750187527
+Version: 0.1.1750836881
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -72,6 +72,12 @@ def protected_route():
     return "Protected content"
 ```
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check.
 ## Configuration
 ### Required Parameters
@@ -144,7 +150,9 @@ def protected_route():
    - Get redirect URL from `/api/v1/users/login/oauth`.
    - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@auth.require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 ## User Object

{the37lab_authlib-0.1.1750187527 → the37lab_authlib-0.1.1750836881}/README.md RENAMED Viewed

@@ -55,6 +55,12 @@ def protected_route():
     return "Protected content"
 ```
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check.
 ## Configuration
 ### Required Parameters
@@ -127,7 +133,9 @@ def protected_route():
    - Get redirect URL from `/api/v1/users/login/oauth`.
    - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@auth.require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 ## User Object

{the37lab_authlib-0.1.1750187527 → the37lab_authlib-0.1.1750836881}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "the37lab_authlib"
-version = "0.1.1750187527"
+version = "0.1.1750836881"
 description = "Python SDK for the Authlib"
 authors = [{name = "the37lab", email = "info@the37lab.com"}]
 dependencies = ["flask", "psycopg2-binary", "pyjwt", "python-dotenv", "requests", "authlib", "bcrypt"]

{the37lab_authlib-0.1.1750187527 → the37lab_authlib-0.1.1750836881}/src/the37lab_authlib/auth.py RENAMED Viewed

@@ -1,5 +1,5 @@
 import inspect
-from flask import Blueprint, request, jsonify, current_app, url_for, redirect
+from flask import Blueprint, request, jsonify, current_app, url_for, redirect, g
 import jwt
 from datetime import datetime, timedelta
 from .db import Database
@@ -15,17 +15,6 @@ from functools import wraps
 logging.basicConfig(level=logging.DEBUG)
 logger = logging.getLogger(__name__)
-def handle_auth_errors(f):
-    @wraps(f)
-    def decorated(*args, **kwargs):
-        try:
-            return f(*args, **kwargs)
-        except AuthError as e:
-            response = jsonify(e.to_dict())
-            response.status_code = e.status_code
-            return response
-    return decorated
 class AuthManager:
     def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer'):
         logger.info("INITIALIZING AUTHMANAGER {} - {} - {}".format(db_dsn, jwt_secret, not app))
@@ -132,8 +121,27 @@ class AuthManager:
     def create_blueprint(self):
         bp = Blueprint('auth', __name__, url_prefix='/api/v1/users')
+        public_endpoints = {
+            'auth.login',
+            'auth.oauth_login',
+            'auth.oauth_callback',
+            'auth.refresh_token',
+            'auth.register',
+            'auth.get_roles'
+        }
+        @bp.errorhandler(AuthError)
+        def handle_auth_error(err):
+            response = jsonify(err.to_dict())
+            response.status_code = err.status_code
+            return response
+        @bp.before_request
+        def load_user():
+            if request.endpoint not in public_endpoints:
+                g.requesting_user = self._authenticate_request()
         @bp.route('/login', methods=['POST'])
-        @handle_auth_errors
         def login():
             data = request.get_json()
             username = data.get('username')
@@ -168,7 +176,6 @@ class AuthManager:
                 })
         @bp.route('/login/oauth', methods=['POST'])
-        @handle_auth_errors
         def oauth_login():
             provider = request.json.get('provider')
             if provider not in self.oauth_config:
@@ -180,7 +187,6 @@ class AuthManager:
             })
         @bp.route('/login/oauth2callback')
-        @handle_auth_errors
         def oauth_callback():
             code = request.args.get('code')
             provider = request.args.get('state')
@@ -197,28 +203,22 @@ class AuthManager:
             return redirect(f"{frontend_url}/oauth-callback?token={token}&refresh_token={refresh_token}")
         @bp.route('/login/profile')
-        @handle_auth_errors
         def profile():
-            token = request.headers.get('Authorization', '').split(' ')[-1]
-            user = self.validate_token(token)
+            user = g.requesting_user
             return jsonify(user)
         @bp.route('/api-tokens', methods=['GET'])
-        @handle_auth_errors
-        @self.require_auth
-        def get_tokens(requesting_user):
-            tokens = self.get_user_api_tokens(requesting_user['id'])
+        def get_tokens():
+            tokens = self.get_user_api_tokens(g.requesting_user['id'])
             return jsonify(tokens)
         @bp.route('/api-tokens', methods=['POST'])
-        @handle_auth_errors
-        @self.require_auth
-        def create_token(requesting_user):
+        def create_token():
             name = request.json.get('name')
             expires_in_days = request.json.get('expires_in_days')
             if not name:
                 raise AuthError('Token name is required', 400)
-            api_token = self.create_api_token(requesting_user['id'], name, expires_in_days)
+            api_token = self.create_api_token(g.requesting_user['id'], name, expires_in_days)
             return jsonify({
                 'id': api_token.id,
                 'name': api_token.name,
@@ -228,7 +228,6 @@ class AuthManager:
             })
         @bp.route('/token-refresh', methods=['POST'])
-        @handle_auth_errors
         def refresh_token():
             refresh_token = request.json.get('refresh_token')
             if not refresh_token:
@@ -253,20 +252,16 @@ class AuthManager:
                 raise AuthError('Invalid refresh token', 401)
         @bp.route('/api-tokens', methods=['POST'])
-        @handle_auth_errors
-        @self.require_auth
-        def create_api_token(requesting_user):
+        def create_api_token():
             name = request.json.get('name')
             if not name:
                 raise AuthError('Token name required', 400)
-            token = self.create_api_token(requesting_user['id'], name)
+            token = self.create_api_token(g.requesting_user['id'], name)
             return jsonify({'token': token.token})
         @bp.route('/api-tokens/validate', methods=['GET'])
-        @handle_auth_errors
-        @self.require_auth
-        def validate_api_token(requesting_user):
+        def validate_api_token():
             token = request.json.get('token')
             if not token:
                 raise AuthError('No API token provided', 401)
@@ -276,7 +271,7 @@ class AuthManager:
                 cur.execute("""
                     SELECT * FROM api_tokens
                     WHERE user_id = %s AND id = %s
-                """, (requesting_user['id'], token))
+                """, (g.requesting_user['id'], token))
                 api_token = cur.fetchone()
             if not api_token:
@@ -297,9 +292,7 @@ class AuthManager:
             return jsonify({'valid': True})
         @bp.route('/api-tokens', methods=['DELETE'])
-        @handle_auth_errors
-        @self.require_auth
-        def delete_api_token(requesting_user):
+        def delete_api_token():
             token = request.json.get('token')
             if not token:
                 raise AuthError('Token required', 400)
@@ -310,7 +303,7 @@ class AuthManager:
                     DELETE FROM api_tokens
                     WHERE user_id = %s AND id = %s
                     RETURNING id
-                """, (requesting_user['id'], token))
+                """, (g.requesting_user['id'], token))
                 deleted_id = cur.fetchone()
                 if not deleted_id:
                     raise ValueError('Token not found or already deleted')
@@ -318,7 +311,6 @@ class AuthManager:
             return jsonify({'deleted': True})
         @bp.route('/register', methods=['POST'])
-        @handle_auth_errors
         def register():
             data = request.get_json()
@@ -357,7 +349,6 @@ class AuthManager:
             return jsonify({'id': user.id}), 201
         @bp.route('/roles', methods=['GET'])
-        @handle_auth_errors
         def get_roles():
             with self.db.get_cursor() as cur:
                 cur.execute("SELECT * FROM roles")

{the37lab_authlib-0.1.1750187527 → the37lab_authlib-0.1.1750836881}/src/the37lab_authlib.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1750187527
+Version: 0.1.1750836881
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -72,6 +72,12 @@ def protected_route():
     return "Protected content"
 ```
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check.
 ## Configuration
 ### Required Parameters
@@ -144,7 +150,9 @@ def protected_route():
    - Get redirect URL from `/api/v1/users/login/oauth`.
    - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@auth.require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 ## User Object