the37lab-authlib 0.1.1750952955__py3-none-any.whl → 0.1.1751369506__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of the37lab-authlib might be problematic. Click here for more details.
- the37lab_authlib/auth.py +35 -1
- {the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/METADATA +30 -1
- {the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/RECORD +5 -5
- {the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/WHEEL +0 -0
- {the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/top_level.txt +0 -0
the37lab_authlib/auth.py
CHANGED
|
@@ -16,7 +16,29 @@ logging.basicConfig(level=logging.DEBUG)
|
|
|
16
16
|
logger = logging.getLogger(__name__)
|
|
17
17
|
|
|
18
18
|
class AuthManager:
|
|
19
|
-
def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer'):
|
|
19
|
+
def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer', environment_prefix=None, api_tokens=None):
|
|
20
|
+
if environment_prefix:
|
|
21
|
+
prefix = environment_prefix.upper() + '_'
|
|
22
|
+
db_dsn = os.getenv(f'{prefix}DATABASE_URL')
|
|
23
|
+
jwt_secret = os.getenv(f'{prefix}JWT_SECRET')
|
|
24
|
+
google_client_id = os.getenv(f'{prefix}GOOGLE_CLIENT_ID')
|
|
25
|
+
google_client_secret = os.getenv(f'{prefix}GOOGLE_CLIENT_SECRET')
|
|
26
|
+
oauth_config = {}
|
|
27
|
+
if google_client_id and google_client_secret:
|
|
28
|
+
oauth_config['google'] = {
|
|
29
|
+
'client_id': google_client_id,
|
|
30
|
+
'client_secret': google_client_secret
|
|
31
|
+
}
|
|
32
|
+
api_tokens_env = os.getenv(f'{prefix}API_TOKENS')
|
|
33
|
+
if api_tokens_env:
|
|
34
|
+
api_tokens = {}
|
|
35
|
+
for entry in api_tokens_env.split(','):
|
|
36
|
+
if ':' in entry:
|
|
37
|
+
key, user = entry.split(':', 1)
|
|
38
|
+
api_tokens[key.strip()] = user.strip()
|
|
39
|
+
if api_tokens and db_dsn:
|
|
40
|
+
raise ValueError('Cannot set both api_tokens and db_dsn')
|
|
41
|
+
self.api_tokens = api_tokens or None
|
|
20
42
|
self.db = Database(db_dsn, id_type=id_type) if db_dsn else None
|
|
21
43
|
self.jwt_secret = jwt_secret
|
|
22
44
|
self.oauth_config = oauth_config or {}
|
|
@@ -49,6 +71,18 @@ class AuthManager:
|
|
|
49
71
|
return redirect_uri
|
|
50
72
|
|
|
51
73
|
def _validate_api_token(self, api_token):
|
|
74
|
+
if self.api_tokens is not None:
|
|
75
|
+
username = self.api_tokens.get(api_token)
|
|
76
|
+
if not username:
|
|
77
|
+
raise AuthError('Invalid API token')
|
|
78
|
+
# Return a minimal user dict
|
|
79
|
+
return {
|
|
80
|
+
'id': username,
|
|
81
|
+
'username': username,
|
|
82
|
+
'email': '',
|
|
83
|
+
'real_name': username,
|
|
84
|
+
'roles': []
|
|
85
|
+
}
|
|
52
86
|
try:
|
|
53
87
|
parsed = ApiToken.parse_token(api_token)
|
|
54
88
|
with self.db.get_cursor() as cur:
|
{the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: the37lab_authlib
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.1751369506
|
|
4
4
|
Summary: Python SDK for the Authlib
|
|
5
5
|
Author-email: the37lab <info@the37lab.com>
|
|
6
6
|
Classifier: Programming Language :: Python :: 3
|
|
@@ -39,6 +39,9 @@ A Python authentication library that provides JWT, OAuth2, and API token authent
|
|
|
39
39
|
- [Setup](#setup)
|
|
40
40
|
- [Database Setup](#database-setup)
|
|
41
41
|
- [Running Tests](#running-tests)
|
|
42
|
+
- [API Token Override for Testing](#api-token-override-for-testing)
|
|
43
|
+
- [Usage](#usage)
|
|
44
|
+
- [Warning](#warning)
|
|
42
45
|
|
|
43
46
|
## Installation
|
|
44
47
|
|
|
@@ -54,6 +57,7 @@ from authlib import AuthManager
|
|
|
54
57
|
|
|
55
58
|
app = Flask(__name__)
|
|
56
59
|
|
|
60
|
+
# Option 1: Explicit configuration
|
|
57
61
|
auth = AuthManager(
|
|
58
62
|
app=app,
|
|
59
63
|
db_dsn="postgresql://user:pass@localhost/dbname",
|
|
@@ -66,6 +70,11 @@ auth = AuthManager(
|
|
|
66
70
|
}
|
|
67
71
|
)
|
|
68
72
|
|
|
73
|
+
# Option 2: Use environment variables with a prefix (e.g., AMPA_)
|
|
74
|
+
# This will load:
|
|
75
|
+
# AMPA_DATABASE_URL, AMPA_JWT_SECRET, AMPA_GOOGLE_CLIENT_ID, AMPA_GOOGLE_CLIENT_SECRET
|
|
76
|
+
# auth = AuthManager(app=app, environment_prefix="AMPA")
|
|
77
|
+
|
|
69
78
|
@app.route("/protected")
|
|
70
79
|
@auth.require_auth(roles=["admin"])
|
|
71
80
|
def protected_route():
|
|
@@ -96,6 +105,7 @@ public using the `@auth.public_endpoint` decorator or
|
|
|
96
105
|
- `oauth_config`: Dictionary of OAuth provider configurations (see below)
|
|
97
106
|
- `token_expiry`: JWT token expiry time in seconds (default: 3600)
|
|
98
107
|
- `refresh_token_expiry`: Refresh token expiry time in seconds (default: 2592000)
|
|
108
|
+
- `environment_prefix`: If set, loads all configuration from environment variables with this prefix (e.g., `AMPA_DATABASE_URL`, `AMPA_JWT_SECRET`, `AMPA_GOOGLE_CLIENT_ID`, `AMPA_GOOGLE_CLIENT_SECRET`). Overrides other config if set.
|
|
99
109
|
|
|
100
110
|
#### Example `oauth_config`:
|
|
101
111
|
```python
|
|
@@ -204,3 +214,22 @@ python -m authlib.cli db init
|
|
|
204
214
|
```bash
|
|
205
215
|
pytest
|
|
206
216
|
```
|
|
217
|
+
|
|
218
|
+
## API Token Override for Testing
|
|
219
|
+
|
|
220
|
+
For testing purposes, you can bypass the database and provide a static mapping of API tokens to usernames using the `api_tokens` argument to `AuthManager` or the `{PREFIX}API_TOKENS` environment variable.
|
|
221
|
+
|
|
222
|
+
### Usage
|
|
223
|
+
|
|
224
|
+
- **Constructor argument:**
|
|
225
|
+
```python
|
|
226
|
+
AuthManager(api_tokens={"token1": "user1", "token2": "user2"})
|
|
227
|
+
```
|
|
228
|
+
- **Environment variable:**
|
|
229
|
+
Set `{PREFIX}API_TOKENS` to a comma-separated list of `token:username` pairs, e.g.:
|
|
230
|
+
```
|
|
231
|
+
export MYAPP_API_TOKENS="token1:user1,token2:user2"
|
|
232
|
+
```
|
|
233
|
+
Replace `MYAPP` with your environment prefix.
|
|
234
|
+
|
|
235
|
+
**Warning:** This method is intended only for testing and development. Do not use this approach in production environments.
|
{the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/RECORD
RENAMED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
the37lab_authlib/__init__.py,sha256=cFVTWL-0YIMqwOMVy1P8mOt_bQODJp-L9bfp2QQ8CTo,132
|
|
2
|
-
the37lab_authlib/auth.py,sha256=
|
|
2
|
+
the37lab_authlib/auth.py,sha256=1BDYWaxDFA_ND8hHg4V2r6mPkaG0c4TRcA9bJjL_A2o,22755
|
|
3
3
|
the37lab_authlib/db.py,sha256=fTXxnfju0lmbFGPVbXpTMeDmJMeBgURVZTndyxyRyCc,2734
|
|
4
4
|
the37lab_authlib/decorators.py,sha256=L-gJUUwDUT2JXTptQ6XEey1LkI5RprbqzEfArWI7F8Y,1305
|
|
5
5
|
the37lab_authlib/exceptions.py,sha256=mdplK5sKNtagPAzSGq5NGsrQ4r-k03DKJBKx6myWwZc,317
|
|
6
6
|
the37lab_authlib/models.py,sha256=-PlvQlHGIsSdrH0H9Cdh_vTPlltGV8G1Z1mmGQvAg9Y,3422
|
|
7
|
-
the37lab_authlib-0.1.
|
|
8
|
-
the37lab_authlib-0.1.
|
|
9
|
-
the37lab_authlib-0.1.
|
|
10
|
-
the37lab_authlib-0.1.
|
|
7
|
+
the37lab_authlib-0.1.1751369506.dist-info/METADATA,sha256=F0RyaxHbxv3FIwm_OP3EjykaJVIlwgllcRxnWOqNITo,7686
|
|
8
|
+
the37lab_authlib-0.1.1751369506.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
9
|
+
the37lab_authlib-0.1.1751369506.dist-info/top_level.txt,sha256=6Jmxw4UeLrhfJXgRKbXWY4OhxRSaMs0dKKhNCGWWSwc,17
|
|
10
|
+
the37lab_authlib-0.1.1751369506.dist-info/RECORD,,
|
{the37lab_authlib-0.1.1750952955.dist-info → the37lab_authlib-0.1.1751369506.dist-info}/WHEEL
RENAMED
|
File without changes
|
|
File without changes
|