the37lab-authlib 0.1.1750840415__py3-none-any.whl → 0.1.1750952155__py3-none-any.whl

the37lab_authlib/db.py

@@ -1,74 +1,74 @@
-import psycopg2
-from psycopg2.extras import RealDictCursor
-from contextlib import contextmanager
-from .models import UUIDGenerator, IntegerGenerator
-
-class Database:
-    def __init__(self, dsn, id_type='uuid'):
-        self.dsn = dsn
-        self.id_generator = UUIDGenerator() if id_type == 'uuid' else IntegerGenerator()
-        self.id_type = id_type
-        self._init_db()
-
-    def _init_db(self):
-        with self.get_connection() as conn:
-            with conn.cursor() as cur:
-                # Create users table with configurable ID type
-                cur.execute(f"""
-                    CREATE TABLE IF NOT EXISTS users (
-                        id {self._get_id_type()} PRIMARY KEY,
-                        username VARCHAR(255) UNIQUE NOT NULL,
-                        email VARCHAR(255) UNIQUE NOT NULL,
-                        real_name VARCHAR(255) NOT NULL,
-                        password_hash VARCHAR(255),
-                        created_at TIMESTAMP NOT NULL,
-                        updated_at TIMESTAMP NOT NULL
-                    );
-
-                    CREATE TABLE IF NOT EXISTS roles (
-                        id {self._get_id_type()} PRIMARY KEY,
-                        name VARCHAR(255) UNIQUE NOT NULL,
-                        description TEXT,
-                        created_at TIMESTAMP NOT NULL
-                    );
-
-                    CREATE TABLE IF NOT EXISTS user_roles (
-                        user_id {self._get_id_type()} REFERENCES users(id),
-                        role_id {self._get_id_type()} REFERENCES roles(id),
-                        PRIMARY KEY (user_id, role_id)
-                    );
-
-                    CREATE TABLE IF NOT EXISTS api_tokens (
-                        id VARCHAR(8) PRIMARY KEY,
-                        user_id INTEGER REFERENCES users(id),
-                        name VARCHAR(255) NOT NULL,
-                        token VARCHAR(255) NOT NULL,
-                        created_at TIMESTAMP NOT NULL,
-                        expires_at TIMESTAMP,
-                        last_used_at TIMESTAMP
-                    );
-                """)
-
-    def _get_id_type(self):
-        return 'UUID' if self.id_type == 'uuid' else 'SERIAL'
-
-    @contextmanager
-    def get_connection(self):
-        conn = psycopg2.connect(self.dsn, cursor_factory=RealDictCursor)
-        try:
-            yield conn
-            conn.commit()
-        except Exception:
-            conn.rollback()
-            raise
-        finally:
-            conn.close()
-
-    @contextmanager
-    def get_cursor(self):
-        with self.get_connection() as conn:
-            with conn.cursor() as cur:
-                yield cur
-
-    def get_id_generator(self):
+import psycopg2
+from psycopg2.extras import RealDictCursor
+from contextlib import contextmanager
+from .models import UUIDGenerator, IntegerGenerator
+
+class Database:
+    def __init__(self, dsn, id_type='uuid'):
+        self.dsn = dsn
+        self.id_generator = UUIDGenerator() if id_type == 'uuid' else IntegerGenerator()
+        self.id_type = id_type
+        self._init_db()
+
+    def _init_db(self):
+        with self.get_connection() as conn:
+            with conn.cursor() as cur:
+                # Create users table with configurable ID type
+                cur.execute(f"""
+                    CREATE TABLE IF NOT EXISTS users (
+                        id {self._get_id_type()} PRIMARY KEY,
+                        username VARCHAR(255) UNIQUE NOT NULL,
+                        email VARCHAR(255) UNIQUE NOT NULL,
+                        real_name VARCHAR(255) NOT NULL,
+                        password_hash VARCHAR(255),
+                        created_at TIMESTAMP NOT NULL,
+                        updated_at TIMESTAMP NOT NULL
+                    );
+
+                    CREATE TABLE IF NOT EXISTS roles (
+                        id {self._get_id_type()} PRIMARY KEY,
+                        name VARCHAR(255) UNIQUE NOT NULL,
+                        description TEXT,
+                        created_at TIMESTAMP NOT NULL
+                    );
+
+                    CREATE TABLE IF NOT EXISTS user_roles (
+                        user_id {self._get_id_type()} REFERENCES users(id),
+                        role_id {self._get_id_type()} REFERENCES roles(id),
+                        PRIMARY KEY (user_id, role_id)
+                    );
+
+                    CREATE TABLE IF NOT EXISTS api_tokens (
+                        id VARCHAR(8) PRIMARY KEY,
+                        user_id INTEGER REFERENCES users(id),
+                        name VARCHAR(255) NOT NULL,
+                        token VARCHAR(255) NOT NULL,
+                        created_at TIMESTAMP NOT NULL,
+                        expires_at TIMESTAMP,
+                        last_used_at TIMESTAMP
+                    );
+                """)
+
+    def _get_id_type(self):
+        return 'UUID' if self.id_type == 'uuid' else 'SERIAL'
+
+    @contextmanager
+    def get_connection(self):
+        conn = psycopg2.connect(self.dsn, cursor_factory=RealDictCursor)
+        try:
+            yield conn
+            conn.commit()
+        except Exception:
+            conn.rollback()
+            raise
+        finally:
+            conn.close()
+
+    @contextmanager
+    def get_cursor(self):
+        with self.get_connection() as conn:
+            with conn.cursor() as cur:
+                yield cur
+
+    def get_id_generator(self):
         return self.id_generator 

the37lab_authlib/decorators.py

@@ -1,31 +1,33 @@
-from functools import wraps
-from flask import request, current_app, jsonify
-from .exceptions import AuthError
-
-def require_auth(roles=None):
-    def decorator(f):
-        @wraps(f)
-        def decorated(*args, **kwargs):
-            try:
-                # Get the require_auth decorator from AuthManager
-                user = current_app.auth_manager.get_current_user()
-                if not user:
-                    raise AuthError('User not authenticated', 401)
-
-                auth_decorator = current_app.auth_manager.require_auth
-                
-                # Apply the AuthManager's decorator and get the result
-                decorated_func = auth_decorator(f)
-                
-                # Check roles if specified
-                if roles and not any(role in user['roles'] for role in roles):
-                    raise AuthError('Insufficient permissions', 403)
-                    
-                # Now execute the function
-                return decorated_func(*args, **kwargs)
-            except AuthError as e:
-                response = jsonify(e.to_dict())
-                response.status_code = e.status_code
-                return response
-        return decorated
+from functools import wraps
+from flask import request, current_app, jsonify
+from .exceptions import AuthError
+
+def require_auth(roles=None):
+    def decorator(f):
+        @wraps(f)
+        def decorated(*args, **kwargs):
+            if request.method == 'OPTIONS':
+                return f(*args, **kwargs)
+            try:
+                # Get the require_auth decorator from AuthManager
+                user = current_app.auth_manager.get_current_user()
+                if not user:
+                    raise AuthError('User not authenticated', 401)
+
+                auth_decorator = current_app.auth_manager.require_auth
+                
+                # Apply the AuthManager's decorator and get the result
+                decorated_func = auth_decorator(f)
+                
+                # Check roles if specified
+                if roles and not any(role in user['roles'] for role in roles):
+                    raise AuthError('Insufficient permissions', 403)
+                    
+                # Now execute the function
+                return decorated_func(*args, **kwargs)
+            except AuthError as e:
+                response = jsonify(e.to_dict())
+                response.status_code = e.status_code
+                return response
+        return decorated
     return decorator 

the37lab_authlib/exceptions.py

@@ -1,11 +1,11 @@
-class AuthError(Exception):
-    def __init__(self, message, status_code=401):
-        self.message = message
-        self.status_code = status_code
-        super().__init__(self.message)
-
-    def to_dict(self):
-        return {
-            'error': self.message,
-            'status_code': self.status_code
+class AuthError(Exception):
+    def __init__(self, message, status_code=401):
+        self.message = message
+        self.status_code = status_code
+        super().__init__(self.message)
+
+    def to_dict(self):
+        return {
+            'error': self.message,
+            'status_code': self.status_code
         } 

the37lab_authlib/models.py

@@ -1,95 +1,95 @@
-from datetime import datetime, timedelta
-import uuid
-import bcrypt
-import secrets
-import string
-from abc import ABC, abstractmethod
-
-def generate_random_string(length, alphabet=string.ascii_letters + string.digits):
-    """Generate a random string of specified length using the given alphabet."""
-    return ''.join(secrets.choice(alphabet) for _ in range(length))
-
-class IDGenerator(ABC):
-    @abstractmethod
-    def generate(self):
-        pass
-
-class UUIDGenerator(IDGenerator):
-    def generate(self):
-        return str(uuid.uuid4())
-
-class IntegerGenerator(IDGenerator):
-    def generate(self):
-        return None  # Let the database handle ID generation with SERIAL
-
-class User:
-    def __init__(self, username, email, real_name, roles=None, id_generator=None):
-        self.id = id_generator.generate() if id_generator else str(uuid.uuid4())
-        if self.id is None:  # Let database handle ID generation
-            self.id = None
-        self.username = username
-        self.email = email
-        self.real_name = real_name
-        self.roles = roles or []
-        self.created_at = datetime.utcnow()
-        self.updated_at = datetime.utcnow()
-
-class Role:
-    def __init__(self, name, description=None, id_generator=None):
-        self.id = id_generator.generate() if id_generator else str(uuid.uuid4())
-        self.name = name
-        self.description = description
-        self.created_at = datetime.utcnow()
-
-class ApiToken:
-    def __init__(self, user_id, name, expires_in_days=None):
-        self.id = generate_random_string(8)  # 8 character ID
-        self.user_id = user_id
-        self.name = name
-        self.nonce = generate_random_string(32)  # 32 character nonce
-        self.token = self._hash_nonce(self.nonce)  # Hash the nonce
-        self.created_at = datetime.utcnow()
-        self.expires_at = datetime.utcnow() + timedelta(days=expires_in_days) if expires_in_days else None
-        self.last_used_at = None
-
-    def _hash_nonce(self, nonce):
-        """Hash the nonce using bcrypt."""
-        salt = bcrypt.gensalt()
-        return bcrypt.hashpw(nonce.encode('utf-8'), salt).decode('utf-8')
-
-    def get_full_token(self):
-        """Get the full token string in the format api_IDNONCE."""
-        return f"api_{self.id}{self.nonce}"
-
-    @staticmethod
-    def parse_token(token_string):
-        """Parse a token string into its components."""
-        if not token_string.startswith('api_'):
-            raise ValueError('Invalid token format')
-        
-        token_string = token_string[4:]  # Remove 'api_' prefix
-        if len(token_string) != 40:  # 8 (id) + 32 (nonce)
-            raise ValueError('Invalid token length')
-        
-        return {
-            'id': token_string[:8],
-            'nonce': token_string[8:]
-        }
-
-    @staticmethod
-    def parse_token_id(token_string):
-        if len(token_string) == 8:
-            return token_string
-        if not token_string.startswith('api_'):
-            raise ValueError('Invalid token format')
-        return token_string[4:][:8]
-
-    def verify_token(self, token_string):
-        """Verify if a token string matches this token."""
-        try:
-            parsed = self.parse_token(token_string)
-            if parsed['id'] != self.id:
-                return False
-            return bcrypt.checkpw(parsed['nonce'].encode('utf-8'), self.token.encode('utf-8'))
-        except ValueError:
+from datetime import datetime, timedelta
+import uuid
+import bcrypt
+import secrets
+import string
+from abc import ABC, abstractmethod
+
+def generate_random_string(length, alphabet=string.ascii_letters + string.digits):
+    """Generate a random string of specified length using the given alphabet."""
+    return ''.join(secrets.choice(alphabet) for _ in range(length))
+
+class IDGenerator(ABC):
+    @abstractmethod
+    def generate(self):
+        pass
+
+class UUIDGenerator(IDGenerator):
+    def generate(self):
+        return str(uuid.uuid4())
+
+class IntegerGenerator(IDGenerator):
+    def generate(self):
+        return None  # Let the database handle ID generation with SERIAL
+
+class User:
+    def __init__(self, username, email, real_name, roles=None, id_generator=None):
+        self.id = id_generator.generate() if id_generator else str(uuid.uuid4())
+        if self.id is None:  # Let database handle ID generation
+            self.id = None
+        self.username = username
+        self.email = email
+        self.real_name = real_name
+        self.roles = roles or []
+        self.created_at = datetime.utcnow()
+        self.updated_at = datetime.utcnow()
+
+class Role:
+    def __init__(self, name, description=None, id_generator=None):
+        self.id = id_generator.generate() if id_generator else str(uuid.uuid4())
+        self.name = name
+        self.description = description
+        self.created_at = datetime.utcnow()
+
+class ApiToken:
+    def __init__(self, user_id, name, expires_in_days=None):
+        self.id = generate_random_string(8)  # 8 character ID
+        self.user_id = user_id
+        self.name = name
+        self.nonce = generate_random_string(32)  # 32 character nonce
+        self.token = self._hash_nonce(self.nonce)  # Hash the nonce
+        self.created_at = datetime.utcnow()
+        self.expires_at = datetime.utcnow() + timedelta(days=expires_in_days) if expires_in_days else None
+        self.last_used_at = None
+
+    def _hash_nonce(self, nonce):
+        """Hash the nonce using bcrypt."""
+        salt = bcrypt.gensalt()
+        return bcrypt.hashpw(nonce.encode('utf-8'), salt).decode('utf-8')
+
+    def get_full_token(self):
+        """Get the full token string in the format api_IDNONCE."""
+        return f"api_{self.id}{self.nonce}"
+
+    @staticmethod
+    def parse_token(token_string):
+        """Parse a token string into its components."""
+        if not token_string.startswith('api_'):
+            raise ValueError('Invalid token format')
+        
+        token_string = token_string[4:]  # Remove 'api_' prefix
+        if len(token_string) != 40:  # 8 (id) + 32 (nonce)
+            raise ValueError('Invalid token length')
+        
+        return {
+            'id': token_string[:8],
+            'nonce': token_string[8:]
+        }
+
+    @staticmethod
+    def parse_token_id(token_string):
+        if len(token_string) == 8:
+            return token_string
+        if not token_string.startswith('api_'):
+            raise ValueError('Invalid token format')
+        return token_string[4:][:8]
+
+    def verify_token(self, token_string):
+        """Verify if a token string matches this token."""
+        try:
+            parsed = self.parse_token(token_string)
+            if parsed['id'] != self.id:
+                return False
+            return bcrypt.checkpw(parsed['nonce'].encode('utf-8'), self.token.encode('utf-8'))
+        except ValueError:
             return False 

{the37lab_authlib-0.1.1750840415.dist-info → the37lab_authlib-0.1.1750952155.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1750840415
+Version: 0.1.1750952155
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -50,7 +50,7 @@ pip install -e .
 
 ```python
 from flask import Flask
-from authlib import AuthManager, require_auth
+from authlib import AuthManager
 
 app = Flask(__name__)
 
@@ -67,11 +67,24 @@ auth = AuthManager(
 )
 
 @app.route("/protected")
-@require_auth(roles=["admin"])
+@auth.require_auth(roles=["admin"])
 def protected_route():
     return "Protected content"
+
+@app.route("/public")
+@auth.public_endpoint
+def custom_public_route():
+    return "Public content"
 ```
 
+`AuthManager`'s blueprint now registers a global error handler for
+`AuthError` and authenticates requests for all of its routes by default.
+Authenticated users are made available as `flask.g.requesting_user`.
+Only the login, OAuth, token refresh, registration and role listing
+endpoints are exempt from this check. Additional routes can be marked as
+public using the `@auth.public_endpoint` decorator or
+`auth.add_public_endpoint("auth.some_endpoint")`.
+
 ## Configuration
 
 ### Required Parameters
@@ -144,7 +157,9 @@ def protected_route():
    - Get redirect URL from `/api/v1/users/login/oauth`.
    - Complete OAuth flow via `/api/v1/users/login/oauth2callback`.
 4. **Protected Routes:**
-   - Use `@require_auth()` decorator to protect Flask routes.
+   - All routes inside the provided blueprint are authenticated by default.
+     The authenticated user can be accessed via `g.requesting_user`.
+     Use `@auth.require_auth()` to protect custom routes in your application.
 
 ## User Object
 

the37lab_authlib-0.1.1750952155.dist-info/RECORD

@@ -0,0 +1,10 @@
+the37lab_authlib/__init__.py,sha256=QxIyIyb-b2C91a9vSE05cFov-MFwprBnPLUTCz1rAGo,136
+the37lab_authlib/auth.py,sha256=e0GyYFX49z-2isQZLp3Z7DvAQNuFy6L_gKAiAMX-jI4,21629
+the37lab_authlib/db.py,sha256=iXA8kPAZ2SCZgXtrfNIoCnkDwm5W-Cl2MvT1X6ulwqY,2807
+the37lab_authlib/decorators.py,sha256=hCd6XSEREgeQ8XGJzlmKD-K8sQYbK7WgZCQKdY3m7ng,1337
+the37lab_authlib/exceptions.py,sha256=ONA64ktHAuj4w0ur4xUeWZQQmfZw9hHo4che1Bi-M3s,327
+the37lab_authlib/models.py,sha256=9-9ndGq-o9VGjHF8VvgMHvjhYOEapfOkocfjpqEFHY4,3516
+the37lab_authlib-0.1.1750952155.dist-info/METADATA,sha256=j8gkzba-uRv-uLr-eQhzm4ndR_SeOFgx4Yk5I5NEYoE,6352
+the37lab_authlib-0.1.1750952155.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+the37lab_authlib-0.1.1750952155.dist-info/top_level.txt,sha256=6Jmxw4UeLrhfJXgRKbXWY4OhxRSaMs0dKKhNCGWWSwc,17
+the37lab_authlib-0.1.1750952155.dist-info/RECORD,,

the37lab_authlib-0.1.1750840415.dist-info/RECORD

@@ -1,10 +0,0 @@
-the37lab_authlib/__init__.py,sha256=cFVTWL-0YIMqwOMVy1P8mOt_bQODJp-L9bfp2QQ8CTo,132
-the37lab_authlib/auth.py,sha256=dQkE6z9GZZpnl0nfqulcveho8W5lM95XUBLmtE-5JIc,20660
-the37lab_authlib/db.py,sha256=fTXxnfju0lmbFGPVbXpTMeDmJMeBgURVZTndyxyRyCc,2734
-the37lab_authlib/decorators.py,sha256=AEQfix31fHUZvhEZd4Ud8Zh2KBGjV6O_braiPL-BU7w,1219
-the37lab_authlib/exceptions.py,sha256=mdplK5sKNtagPAzSGq5NGsrQ4r-k03DKJBKx6myWwZc,317
-the37lab_authlib/models.py,sha256=-PlvQlHGIsSdrH0H9Cdh_vTPlltGV8G1Z1mmGQvAg9Y,3422
-the37lab_authlib-0.1.1750840415.dist-info/METADATA,sha256=VVfAVdbm_v4u0-7_f7V0mvcumU-iJZPzkUgRqgfP2c4,5645
-the37lab_authlib-0.1.1750840415.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-the37lab_authlib-0.1.1750840415.dist-info/top_level.txt,sha256=6Jmxw4UeLrhfJXgRKbXWY4OhxRSaMs0dKKhNCGWWSwc,17
-the37lab_authlib-0.1.1750840415.dist-info/RECORD,,