the37lab-authlib 0.1.1751369506__tar.gz → 0.1.1756371198__tar.gz

{the37lab_authlib-0.1.1751369506 → the37lab_authlib-0.1.1756371198}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1751369506
+Version: 0.1.1756371198
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -42,6 +42,9 @@ A Python authentication library that provides JWT, OAuth2, and API token authent
   - [API Token Override for Testing](#api-token-override-for-testing)
     - [Usage](#usage)
     - [Warning](#warning)
+  - [User Override for Testing](#user-override-for-testing)
+    - [Usage](#usage-1)
+    - [Warning](#warning-1)
 
 ## Installation
 
@@ -233,3 +236,15 @@ For testing purposes, you can bypass the database and provide a static mapping o
   Replace `MYAPP` with your environment prefix.
 
 **Warning:** This method is intended only for testing and development. Do not use this approach in production environments.
+
+## User Override for Testing
+
+For testing purposes, you can force all authentication to return a specific user by setting the `{PREFIX}USER_OVERRIDE` environment variable:
+
+```bash
+export MYAPP_USER_OVERRIDE="testuser"
+```
+
+If set, all requests will be authenticated as the specified user, regardless of any tokens or credentials provided. This cannot be combined with `api_tokens` or `db_dsn`.
+
+**Warning:** This method is intended only for testing and development. Do not use this approach in production environments.

{the37lab_authlib-0.1.1751369506 → the37lab_authlib-0.1.1756371198}/README.md

@@ -25,6 +25,9 @@ A Python authentication library that provides JWT, OAuth2, and API token authent
   - [API Token Override for Testing](#api-token-override-for-testing)
     - [Usage](#usage)
     - [Warning](#warning)
+  - [User Override for Testing](#user-override-for-testing)
+    - [Usage](#usage-1)
+    - [Warning](#warning-1)
 
 ## Installation
 
@@ -216,3 +219,15 @@ For testing purposes, you can bypass the database and provide a static mapping o
   Replace `MYAPP` with your environment prefix.
 
 **Warning:** This method is intended only for testing and development. Do not use this approach in production environments.
+
+## User Override for Testing
+
+For testing purposes, you can force all authentication to return a specific user by setting the `{PREFIX}USER_OVERRIDE` environment variable:
+
+```bash
+export MYAPP_USER_OVERRIDE="testuser"
+```
+
+If set, all requests will be authenticated as the specified user, regardless of any tokens or credentials provided. This cannot be combined with `api_tokens` or `db_dsn`.
+
+**Warning:** This method is intended only for testing and development. Do not use this approach in production environments.

{the37lab_authlib-0.1.1751369506 → the37lab_authlib-0.1.1756371198}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "the37lab_authlib"
-version = "0.1.1751369506"
+version = "0.1.1756371198"
 description = "Python SDK for the Authlib"
 authors = [{name = "the37lab", email = "info@the37lab.com"}]
 dependencies = ["flask", "psycopg2-binary", "pyjwt", "python-dotenv", "requests", "authlib", "bcrypt"]

{the37lab_authlib-0.1.1751369506 → the37lab_authlib-0.1.1756371198}/src/the37lab_authlib/auth.py

@@ -11,12 +11,22 @@ import bcrypt
 import logging
 import os
 from functools import wraps
+from isodate import parse_duration
+import threading
+import time
 
 logging.basicConfig(level=logging.DEBUG)
 logger = logging.getLogger(__name__)
 
 class AuthManager:
-    def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer', environment_prefix=None, api_tokens=None):
+    def __init__(self, app=None, db_dsn=None, jwt_secret=None, oauth_config=None, id_type='integer', environment_prefix=None, api_tokens=None, cache_ttl=10):
+        self.user_override = None
+        self._user_cache = {}
+        self._cache_ttl = cache_ttl or 10  # 10 seconds
+        self._last_used_updates = {}  # Track pending updates
+        self._update_lock = threading.Lock()
+        self._update_thread = None
+        self._shutdown_event = threading.Event()
         if environment_prefix:
             prefix = environment_prefix.upper() + '_'
             db_dsn = os.getenv(f'{prefix}DATABASE_URL')
@@ -36,6 +46,15 @@ class AuthManager:
                     if ':' in entry:
                         key, user = entry.split(':', 1)
                         api_tokens[key.strip()] = user.strip()
+            user_override_env = os.getenv(f'{prefix}USER_OVERRIDE')
+            if user_override_env:
+                self.user_override = user_override_env
+        else:
+            prefix = ''
+            
+        self.expiry_time = parse_duration(os.getenv(f'{prefix}JWT_TOKEN_EXPIRY_TIME', 'PT1H'))
+        if self.user_override and (api_tokens or db_dsn):
+            raise ValueError('Cannot set user_override together with api_tokens or db_dsn')
         if api_tokens and db_dsn:
             raise ValueError('Cannot set both api_tokens and db_dsn')
         self.api_tokens = api_tokens or None
@@ -54,6 +73,9 @@ class AuthManager:
         
         if app:
             self.init_app(app)
+        
+        # Start the background update thread
+        self._start_update_thread()
 
     def _extract_token_from_header(self):
         auth = request.authorization
@@ -85,17 +107,34 @@ class AuthManager:
             }
         try:
             parsed = ApiToken.parse_token(api_token)
+            
+            # Check cache first
+            cache_key = f"api_token_{parsed['id']}"
+            current_time = datetime.utcnow()
+            
+            if cache_key in self._user_cache:
+                cached_data, cache_time = self._user_cache[cache_key]
+                if (current_time - cache_time).total_seconds() < self._cache_ttl:
+                    logger.debug(f"Returning cached API token data for ID: {parsed['id']}")
+                    return cached_data.copy()  # Return a copy to avoid modifying cache
+            
+            # Cache miss or expired, fetch from database
             with self.db.get_cursor() as cur:
                 # First get the API token record
                 cur.execute("""
-                    SELECT t.*, u.* FROM api_tokens t
+                    SELECT t.*, u.*, r.name as role_name FROM api_tokens t
                     JOIN users u ON t.user_id = u.id
+                    LEFT JOIN user_roles ur ON ur.user_id = u.id
+                    LEFT JOIN roles r ON ur.role_id = r.id
                     WHERE t.id = %s
                 """, (parsed['id'],))
-                result = cur.fetchone()
-                if not result:
+                results = cur.fetchall()
+                if not results:
                     raise AuthError('Invalid API token')
 
+                # Get the first row for token/user data (all rows will have same token/user data)
+                result = results[0]
+                
                 # Verify the nonce
                 if not bcrypt.checkpw(parsed['nonce'].encode('utf-8'), result['token'].encode('utf-8')):
                     raise AuthError('Invalid API token')
@@ -104,33 +143,40 @@ class AuthManager:
                 if result['expires_at'] and result['expires_at'] < datetime.utcnow():
                     raise AuthError('API token has expired')
 
-                # Update last used timestamp
-                cur.execute("""
-                    UPDATE api_tokens 
-                    SET last_used_at = %s
-                    WHERE id = %s
-                """, (datetime.utcnow(), parsed['id']))
+                # Schedule last used timestamp update (asynchronous with 10s delay)
+                self._schedule_last_used_update(parsed['id'])
 
-                # Fetch roles
-                cur.execute("""
-                    SELECT r.name FROM roles r
-                    JOIN user_roles ur ON ur.role_id = r.id
-                    WHERE ur.user_id = %s
-                """, (result['user_id'],))
-                roles = [row['name'] for row in cur.fetchall()]
+                # Extract roles from results
+                roles = [row['role_name'] for row in results if row['role_name'] is not None]
 
                 # Construct user object
-                return {
+                user_data = {
                     'id': result['user_id'],
                     'username': result['username'],
                     'email': result['email'],
                     'real_name': result['real_name'],
                     'roles': roles
                 }
+
+            # Cache the result
+            self._user_cache[cache_key] = (user_data.copy(), current_time)
+            
+            # Clean up expired cache entries
+            self._cleanup_cache()
+            
+            return user_data
         except ValueError:
             raise AuthError('Invalid token format')
 
     def _authenticate_request(self):
+        if self.user_override:
+            return {
+                'id': self.user_override,
+                'username': self.user_override,
+                'email': '',
+                'real_name': self.user_override,
+                'roles': []
+            }
         auth_header = request.headers.get('Authorization')
         api_token = request.headers.get('X-API-Token')
 
@@ -422,21 +468,42 @@ class AuthManager:
             logger.debug(f"Token payload: {payload}")
             user_id = int(payload['sub'])  # Convert string ID back to integer
             
+            # Check cache first
+            cache_key = f"user_{user_id}"
+            current_time = datetime.utcnow()
+            
+            if cache_key in self._user_cache:
+                cached_data, cache_time = self._user_cache[cache_key]
+                if (current_time - cache_time).total_seconds() < self._cache_ttl:
+                    logger.debug(f"Returning cached user data for ID: {user_id}")
+                    return cached_data.copy()  # Return a copy to avoid modifying cache
+            
+            # Cache miss or expired, fetch from database
             with self.db.get_cursor() as cur:
-                cur.execute("SELECT * FROM users WHERE id = %s", (user_id,))
-                user = cur.fetchone()
-                if not user:
-                    logger.error(f"User not found for ID: {user_id}")
-                    raise AuthError('User not found', 404)
-                # Fetch roles
                 cur.execute("""
-                    SELECT r.name FROM roles r
-                    JOIN user_roles ur ON ur.role_id = r.id
-                    WHERE ur.user_id = %s
+                    SELECT u.*, r.name as role_name FROM users u
+                    LEFT JOIN user_roles ur ON ur.user_id = u.id
+                    LEFT JOIN roles r ON ur.role_id = r.id
+                    WHERE u.id = %s
                 """, (user_id,))
-                roles = [row['name'] for row in cur.fetchall()]
+                results = cur.fetchall()
+                if not results:
+                    logger.error(f"User not found for ID: {user_id}")
+                    raise AuthError('User not found', 404)
+                
+                # Get the first row for user data (all rows will have same user data)
+                user = results[0]
+                
+                # Extract roles from results
+                roles = [row['role_name'] for row in results if row['role_name'] is not None]
                 user['roles'] = roles
 
+            # Cache the result
+            self._user_cache[cache_key] = (user.copy(), current_time)
+            
+            # Clean up expired cache entries
+            self._cleanup_cache()
+            
             return user
         except jwt.InvalidTokenError as e:
             logger.error(f"Invalid token error: {str(e)}")
@@ -445,6 +512,78 @@ class AuthManager:
             logger.error(f"Unexpected error during token validation: {str(e)}")
             raise AuthError(str(e), 500)
 
+    def _cleanup_cache(self):
+        """Remove expired cache entries."""
+        current_time = datetime.utcnow()
+        expired_keys = [
+            key for key, (_, cache_time) in self._user_cache.items()
+            if (current_time - cache_time).total_seconds() >= self._cache_ttl
+        ]
+        for key in expired_keys:
+            del self._user_cache[key]
+
+    def _start_update_thread(self):
+        """Start the background thread for processing last_used_at updates."""
+        if self._update_thread is None or not self._update_thread.is_alive():
+            self._update_thread = threading.Thread(target=self._update_worker, daemon=True)
+            self._update_thread.start()
+            logger.debug("Started background update thread")
+
+    def _schedule_last_used_update(self, token_id):
+        """Schedule a last_used_at update for an API token with 10s delay."""
+        with self._update_lock:
+            self._last_used_updates[token_id] = time.time()
+            logger.debug(f"Scheduled last_used update for token {token_id}")
+
+    def _update_worker(self):
+        """Background worker that processes last_used_at updates."""
+        while not self._shutdown_event.is_set():
+            try:
+                current_time = time.time()
+                tokens_to_update = []
+                
+                # Collect tokens that need updating (older than 10 seconds)
+                with self._update_lock:
+                    for token_id, schedule_time in list(self._last_used_updates.items()):
+                        if current_time - schedule_time >= 10:  # 10 second delay
+                            tokens_to_update.append(token_id)
+                            del self._last_used_updates[token_id]
+                
+                # Perform batch update
+                if tokens_to_update:
+                    self._perform_batch_update(tokens_to_update)
+                
+                # Sleep for a short interval
+                time.sleep(10)
+                
+            except Exception as e:
+                logger.error(f"Error in update worker: {e}")
+                time.sleep(5)  # Wait longer on error
+
+    def _perform_batch_update(self, token_ids):
+        """Perform batch update of last_used_at for multiple tokens."""
+        try:
+            with self.db.get_cursor() as cur:
+                # Update all tokens in a single query
+                placeholders = ','.join(['%s'] * len(token_ids))
+                cur.execute(f"""
+                    UPDATE api_tokens 
+                    SET last_used_at = %s
+                    WHERE id IN ({placeholders})
+                """, [datetime.utcnow()] + token_ids)
+                
+                logger.debug(f"Updated last_used_at for {len(token_ids)} tokens: {token_ids}")
+                
+        except Exception as e:
+            logger.error(f"Error performing batch update: {e}")
+
+    def shutdown(self):
+        """Shutdown the background update thread."""
+        self._shutdown_event.set()
+        if self._update_thread and self._update_thread.is_alive():
+            self._update_thread.join(timeout=5)
+            logger.debug("Background update thread shutdown complete")
+
     def get_current_user(self):
         return self._authenticate_request()
 
@@ -473,12 +612,12 @@ class AuthManager:
     def _create_token(self, user):
         payload = {
             'sub': str(user['id']),
-            'exp': datetime.utcnow() + timedelta(hours=1),
+            'exp': datetime.utcnow() + self.expiry_time,
             'iat': datetime.utcnow()
         }
         logger.debug(f"Creating token with payload: {payload}")
         token = jwt.encode(payload, self.jwt_secret, algorithm='HS256')
-        logger.debug(f"Created token: {token}")
+        logger.info(f"Created token: {token}")
         return token
 
     def _create_refresh_token(self, user):

{the37lab_authlib-0.1.1751369506 → the37lab_authlib-0.1.1756371198}/src/the37lab_authlib/db.py

@@ -1,15 +1,28 @@
 import psycopg2
 from psycopg2.extras import RealDictCursor
+from psycopg2 import pool
 from contextlib import contextmanager
 from .models import UUIDGenerator, IntegerGenerator
 
 class Database:
-    def __init__(self, dsn, id_type='uuid'):
+    def __init__(self, dsn, id_type='uuid', min_conn=1, max_conn=10):
         self.dsn = dsn
         self.id_generator = UUIDGenerator() if id_type == 'uuid' else IntegerGenerator()
         self.id_type = id_type
+        self.min_conn = min_conn
+        self.max_conn = max_conn
+        self._pool = None
+        self._init_pool()
         self._init_db()
 
+    def _init_pool(self):
+        self._pool = pool.ThreadedConnectionPool(
+            self.min_conn,
+            self.max_conn,
+            self.dsn,
+            cursor_factory=RealDictCursor
+        )
+
     def _init_db(self):
         with self.get_connection() as conn:
             with conn.cursor() as cur:
@@ -54,7 +67,7 @@ class Database:
 
     @contextmanager
     def get_connection(self):
-        conn = psycopg2.connect(self.dsn, cursor_factory=RealDictCursor)
+        conn = self._pool.getconn()
         try:
             yield conn
             conn.commit()
@@ -62,7 +75,7 @@ class Database:
             conn.rollback()
             raise
         finally:
-            conn.close()
+            self._pool.putconn(conn)
 
     @contextmanager
     def get_cursor(self):
@@ -71,4 +84,8 @@ class Database:
                 yield cur
 
     def get_id_generator(self):
-        return self.id_generator 
+        return self.id_generator
+
+    def close(self):
+        if self._pool:
+            self._pool.closeall() 

{the37lab_authlib-0.1.1751369506 → the37lab_authlib-0.1.1756371198}/src/the37lab_authlib.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: the37lab_authlib
-Version: 0.1.1751369506
+Version: 0.1.1756371198
 Summary: Python SDK for the Authlib
 Author-email: the37lab <info@the37lab.com>
 Classifier: Programming Language :: Python :: 3
@@ -42,6 +42,9 @@ A Python authentication library that provides JWT, OAuth2, and API token authent
   - [API Token Override for Testing](#api-token-override-for-testing)
     - [Usage](#usage)
     - [Warning](#warning)
+  - [User Override for Testing](#user-override-for-testing)
+    - [Usage](#usage-1)
+    - [Warning](#warning-1)
 
 ## Installation
 
@@ -233,3 +236,15 @@ For testing purposes, you can bypass the database and provide a static mapping o
   Replace `MYAPP` with your environment prefix.
 
 **Warning:** This method is intended only for testing and development. Do not use this approach in production environments.
+
+## User Override for Testing
+
+For testing purposes, you can force all authentication to return a specific user by setting the `{PREFIX}USER_OVERRIDE` environment variable:
+
+```bash
+export MYAPP_USER_OVERRIDE="testuser"
+```
+
+If set, all requests will be authenticated as the specified user, regardless of any tokens or credentials provided. This cannot be combined with `api_tokens` or `db_dsn`.
+
+**Warning:** This method is intended only for testing and development. Do not use this approach in production environments.