the37lab-authlib 0.1.1750836881__py3-none-any.whl → 0.1.1750840354__py3-none-any.whl

the37lab_authlib/__init__.py

@@ -1,5 +1,5 @@
 from .auth import AuthManager
-from .decorators import require_auth
+from .decorators import require_auth, public_endpoint
 
 __version__ = "0.1.0"
-__all__ = ["AuthManager", "require_auth"] 
+__all__ = ["AuthManager", "require_auth", "public_endpoint"]

the37lab_authlib/auth.py

@@ -5,6 +5,7 @@ from datetime import datetime, timedelta
 from .db import Database
 from .models import User, Role, ApiToken
 from .exceptions import AuthError
+from .decorators import public_endpoint
 import uuid
 import requests
 import bcrypt
@@ -15,6 +16,17 @@ from functools import wraps
 logging.basicConfig(level=logging.DEBUG)
 logger = logging.getLogger(__name__)
 
+def handle_auth_errors(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        try:
+            return f(*args, **kwargs)
+        except AuthError as e:
+            response = jsonify(e.to_dict())
+            response.status_code = e.status_code
+            return response
+    return decorated
+
 class AuthManager:
     def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer'):
         logger.info("INITIALIZING AUTHMANAGER {} - {} - {}".format(db_dsn, jwt_secret, not app))
@@ -121,27 +133,21 @@ class AuthManager:
     def create_blueprint(self):
         bp = Blueprint('auth', __name__, url_prefix='/api/v1/users')
 
-        public_endpoints = {
-            'auth.login',
-            'auth.oauth_login',
-            'auth.oauth_callback',
-            'auth.refresh_token',
-            'auth.register',
-            'auth.get_roles'
-        }
-
-        @bp.errorhandler(AuthError)
-        def handle_auth_error(err):
-            response = jsonify(err.to_dict())
-            response.status_code = err.status_code
-            return response
-
         @bp.before_request
         def load_user():
-            if request.endpoint not in public_endpoints:
-                g.requesting_user = self._authenticate_request()
+            view = current_app.view_functions.get(request.endpoint)
+            if getattr(view, '_auth_public', False):
+                return
+            try:
+                g.current_user = self._authenticate_request()
+            except AuthError as e:
+                response = jsonify(e.to_dict())
+                response.status_code = e.status_code
+                return response
 
         @bp.route('/login', methods=['POST'])
+        @public_endpoint
+        @handle_auth_errors
         def login():
             data = request.get_json()
             username = data.get('username')
@@ -176,6 +182,8 @@ class AuthManager:
                 })
 
         @bp.route('/login/oauth', methods=['POST'])
+        @public_endpoint
+        @handle_auth_errors
         def oauth_login():
             provider = request.json.get('provider')
             if provider not in self.oauth_config:
@@ -187,6 +195,8 @@ class AuthManager:
             })
 
         @bp.route('/login/oauth2callback')
+        @public_endpoint
+        @handle_auth_errors
         def oauth_callback():
             code = request.args.get('code')
             provider = request.args.get('state')
@@ -203,22 +213,28 @@ class AuthManager:
             return redirect(f"{frontend_url}/oauth-callback?token={token}&refresh_token={refresh_token}")
 
         @bp.route('/login/profile')
+        @handle_auth_errors
         def profile():
-            user = g.requesting_user
+            token = request.headers.get('Authorization', '').split(' ')[-1]
+            user = self.validate_token(token)
             return jsonify(user)
 
         @bp.route('/api-tokens', methods=['GET'])
-        def get_tokens():
-            tokens = self.get_user_api_tokens(g.requesting_user['id'])
+        @handle_auth_errors
+        @self.require_auth
+        def get_tokens(requesting_user):
+            tokens = self.get_user_api_tokens(requesting_user['id'])
             return jsonify(tokens)
 
         @bp.route('/api-tokens', methods=['POST'])
-        def create_token():
+        @handle_auth_errors
+        @self.require_auth
+        def create_token(requesting_user):
             name = request.json.get('name')
             expires_in_days = request.json.get('expires_in_days')
             if not name:
                 raise AuthError('Token name is required', 400)
-            api_token = self.create_api_token(g.requesting_user['id'], name, expires_in_days)
+            api_token = self.create_api_token(requesting_user['id'], name, expires_in_days)
             return jsonify({
                 'id': api_token.id,
                 'name': api_token.name,
@@ -228,6 +244,8 @@ class AuthManager:
             })
 
         @bp.route('/token-refresh', methods=['POST'])
+        @public_endpoint
+        @handle_auth_errors
         def refresh_token():
             refresh_token = request.json.get('refresh_token')
             if not refresh_token:
@@ -252,16 +270,20 @@ class AuthManager:
                 raise AuthError('Invalid refresh token', 401)
 
         @bp.route('/api-tokens', methods=['POST'])
-        def create_api_token():
+        @handle_auth_errors
+        @self.require_auth
+        def create_api_token(requesting_user):
             name = request.json.get('name')
             if not name:
                 raise AuthError('Token name required', 400)
 
-            token = self.create_api_token(g.requesting_user['id'], name)
+            token = self.create_api_token(requesting_user['id'], name)
             return jsonify({'token': token.token})
 
         @bp.route('/api-tokens/validate', methods=['GET'])
-        def validate_api_token():
+        @handle_auth_errors
+        @self.require_auth
+        def validate_api_token(requesting_user):
             token = request.json.get('token')
             if not token:
                 raise AuthError('No API token provided', 401)
@@ -271,7 +293,7 @@ class AuthManager:
                 cur.execute("""
                     SELECT * FROM api_tokens 
                     WHERE user_id = %s AND id = %s
-                """, (g.requesting_user['id'], token))
+                """, (requesting_user['id'], token))
                 api_token = cur.fetchone()
 
             if not api_token:
@@ -292,7 +314,9 @@ class AuthManager:
             return jsonify({'valid': True})
 
         @bp.route('/api-tokens', methods=['DELETE'])
-        def delete_api_token():
+        @handle_auth_errors
+        @self.require_auth
+        def delete_api_token(requesting_user):
             token = request.json.get('token')
             if not token:
                 raise AuthError('Token required', 400)
@@ -303,7 +327,7 @@ class AuthManager:
                     DELETE FROM api_tokens 
                     WHERE user_id = %s AND id = %s
                     RETURNING id
-                """, (g.requesting_user['id'], token))
+                """, (requesting_user['id'], token))
                 deleted_id = cur.fetchone()
                 if not deleted_id:
                     raise ValueError('Token not found or already deleted')
@@ -311,6 +335,8 @@ class AuthManager:
             return jsonify({'deleted': True})
 
         @bp.route('/register', methods=['POST'])
+        @public_endpoint
+        @handle_auth_errors
         def register():
             data = request.get_json()
             
@@ -349,6 +375,8 @@ class AuthManager:
             return jsonify({'id': user.id}), 201
 
         @bp.route('/roles', methods=['GET'])
+        @public_endpoint
+        @handle_auth_errors
         def get_roles():
             with self.db.get_cursor() as cur:
                 cur.execute("SELECT * FROM roles")
@@ -388,6 +416,8 @@ class AuthManager:
             raise AuthError(str(e), 500)
 
     def get_current_user(self):
+        if hasattr(g, 'current_user'):
+            return g.current_user
         return self._authenticate_request()
 
     def get_user_api_tokens(self, user_id):
@@ -442,6 +472,7 @@ class AuthManager:
             return f'https://accounts.google.com/o/oauth2/v2/auth?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope={scope}&state={state}'
         raise AuthError('Invalid OAuth provider')
 
+
     def _get_oauth_user_info(self, provider, code):
         if provider == 'google':
             client_id = self.oauth_config['google']['client_id']
@@ -503,4 +534,4 @@ class AuthManager:
                     user['real_name'] = userinfo.get('name', userinfo['email'])
 
             return user
-        raise AuthError('Invalid OAuth provider') 
+        raise AuthError('Invalid OAuth provider') 

the37lab_authlib/decorators.py

@@ -2,6 +2,12 @@ from functools import wraps
 from flask import request, current_app, jsonify
 from .exceptions import AuthError
 
+
+def public_endpoint(f):
+    """Mark an endpoint as public (no authentication required)."""
+    f._auth_public = True
+    return f
+
 def require_auth(roles=None):
     def decorator(f):
         @wraps(f)
@@ -28,4 +34,4 @@ def require_auth(roles=None):
                 response.status_code = e.status_code
                 return response
         return decorated
-    return decorator 
+    return decorator

{the37lab_authlib-0.1.1750836881.dist-info → the37lab_authlib-0.1.1750840354.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1750836881
+Version: 0.1.1750840354
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -72,12 +72,6 @@ def protected_route():
     return "Protected content"
 ```
 
-`AuthManager`'s blueprint now registers a global error handler for
-`AuthError` and authenticates requests for all of its routes by default.
-Authenticated users are made available as `flask.g.requesting_user`.
-Only the login, OAuth, token refresh, registration and role listing
-endpoints are exempt from this check.
-
 ## Configuration
 
 ### Required Parameters
@@ -150,9 +144,7 @@ endpoints are exempt from this check.
    - Get redirect URL from `/api/v1/users/login/oauth`.
    - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - All routes inside the provided blueprint are authenticated by default.
-     The authenticated user can be accessed via `g.requesting_user`.
-     Use `@auth.require_auth()` to protect custom routes in your application.
+   - Use `@auth.require_auth()` decorator to protect Flask routes.
 
 ## User Object
 

the37lab_authlib-0.1.1750840354.dist-info/RECORD

@@ -0,0 +1,10 @@
+the37lab_authlib/__init__.py,sha256=YV1C1iaIs-8cD5dFe-VEC6dRhrT6mglgTdcveT6AMCQ,168
+the37lab_authlib/auth.py,sha256=dkmRfkJ03W8FsLO1OcT_erG0DzP7kMlpPdrw_jts0IE,21372
+the37lab_authlib/db.py,sha256=fTXxnfju0lmbFGPVbXpTMeDmJMeBgURVZTndyxyRyCc,2734
+the37lab_authlib/decorators.py,sha256=oBO3fbRo7H0rcXeUq6M8yK-5mgHKfaJEDG6XdNsxQPI,1351
+the37lab_authlib/exceptions.py,sha256=mdplK5sKNtagPAzSGq5NGsrQ4r-k03DKJBKx6myWwZc,317
+the37lab_authlib/models.py,sha256=-PlvQlHGIsSdrH0H9Cdh_vTPlltGV8G1Z1mmGQvAg9Y,3422
+the37lab_authlib-0.1.1750840354.dist-info/METADATA,sha256=01Z5Jknra_QYDGgu-_qNC9Rqz0sCafF2TdzI7LaVmgU,5641
+the37lab_authlib-0.1.1750840354.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+the37lab_authlib-0.1.1750840354.dist-info/top_level.txt,sha256=6Jmxw4UeLrhfJXgRKbXWY4OhxRSaMs0dKKhNCGWWSwc,17
+the37lab_authlib-0.1.1750840354.dist-info/RECORD,,

the37lab_authlib-0.1.1750836881.dist-info/RECORD

@@ -1,10 +0,0 @@
-the37lab_authlib/__init__.py,sha256=cFVTWL-0YIMqwOMVy1P8mOt_bQODJp-L9bfp2QQ8CTo,132
-the37lab_authlib/auth.py,sha256=tBs-THT_sJeolT9hxwOmtCcsHCMfVEQXtYdVJOCRdAs,20338
-the37lab_authlib/db.py,sha256=fTXxnfju0lmbFGPVbXpTMeDmJMeBgURVZTndyxyRyCc,2734
-the37lab_authlib/decorators.py,sha256=AEQfix31fHUZvhEZd4Ud8Zh2KBGjV6O_braiPL-BU7w,1219
-the37lab_authlib/exceptions.py,sha256=mdplK5sKNtagPAzSGq5NGsrQ4r-k03DKJBKx6myWwZc,317
-the37lab_authlib/models.py,sha256=-PlvQlHGIsSdrH0H9Cdh_vTPlltGV8G1Z1mmGQvAg9Y,3422
-the37lab_authlib-0.1.1750836881.dist-info/METADATA,sha256=Jdhr9dU1rR4pDX9m5VJooujmEOpAB0zAxCkmXKf0N_M,6113
-the37lab_authlib-0.1.1750836881.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-the37lab_authlib-0.1.1750836881.dist-info/top_level.txt,sha256=6Jmxw4UeLrhfJXgRKbXWY4OhxRSaMs0dKKhNCGWWSwc,17
-the37lab_authlib-0.1.1750836881.dist-info/RECORD,,