web2cli 0.2.0__py3-none-any.whl

web2cli/auth/manager.py

@@ -0,0 +1,166 @@
+"""Session management — create, get, remove, check.
+
+Handles cookie parsing, env var fallback, and persistence via store.
+"""
+
+import json
+import os
+from datetime import datetime, timezone
+from pathlib import Path
+
+from web2cli.auth.store import (
+    delete_session,
+    load_session,
+    save_session,
+    session_exists,
+)
+from web2cli.types import Session
+
+
+def parse_cookie_string(raw: str) -> dict[str, str]:
+    """Parse "k=v; k2=v2" into dict."""
+    cookies = {}
+    for pair in raw.split(";"):
+        pair = pair.strip()
+        if "=" in pair:
+            key, _, value = pair.partition("=")
+            cookies[key.strip()] = value.strip()
+    return cookies
+
+
+def parse_cookie_file(path: str) -> dict[str, str]:
+    """Load a JSON file as cookie dict."""
+    with open(path) as f:
+        data = json.load(f)
+    if not isinstance(data, dict):
+        raise ValueError(f"Cookie file must contain a JSON object, got {type(data).__name__}")
+    return {str(k): str(v) for k, v in data.items()}
+
+
+def create_session(
+    domain: str,
+    cookies: dict[str, str] | None = None,
+    token: str | None = None,
+) -> Session:
+    """Create and persist a session."""
+    now = datetime.now(timezone.utc).isoformat()
+
+    if cookies and token:
+        auth_type = "cookies+token"
+        data = {"cookies": cookies, "token": token}
+    elif cookies:
+        auth_type = "cookies"
+        data = {"cookies": cookies}
+    elif token:
+        auth_type = "token"
+        data = {"token": token}
+    else:
+        raise ValueError("Either cookies or token must be provided")
+
+    session = Session(
+        domain=domain,
+        auth_type=auth_type,
+        data=data,
+        created_at=now,
+        last_used=now,
+    )
+
+    save_session(domain, {
+        "domain": session.domain,
+        "auth_type": session.auth_type,
+        "data": session.data,
+        "created_at": session.created_at,
+        "last_used": session.last_used,
+    })
+
+    return session
+
+
+def get_session(domain: str, auth_spec: dict | None = None) -> Session | None:
+    """Retrieve session for a domain.
+
+    Checks env var first (from auth_spec), then stored session file.
+    """
+    # Env var fallback
+    if auth_spec:
+        env_cookies: dict[str, str] = {}
+        env_token: str | None = None
+        for method in auth_spec.get("methods", []):
+            env_var = method.get("env_var")
+            if env_var:
+                env_val = os.environ.get(env_var)
+                if env_val:
+                    method_type = str(method.get("type", "cookies")).lower()
+
+                    if method_type == "token":
+                        token = env_val.strip()
+                        if token:
+                            env_token = token
+                        continue
+
+                    # Default to cookies when method type is omitted.
+                    cookies = parse_cookie_string(env_val)
+                    env_cookies.update(cookies)
+
+        if env_cookies and env_token:
+            return Session(
+                domain=domain,
+                auth_type="cookies+token",
+                data={"cookies": env_cookies, "token": env_token},
+            )
+        if env_cookies:
+            return Session(
+                domain=domain,
+                auth_type="cookies",
+                data={"cookies": env_cookies},
+            )
+        if env_token:
+            return Session(
+                domain=domain,
+                auth_type="token",
+                data={"token": env_token},
+            )
+
+    # Stored session
+    raw = load_session(domain)
+    if raw is None:
+        return None
+
+    return Session(
+        domain=raw.get("domain", domain),
+        auth_type=raw.get("auth_type", "cookies"),
+        data=raw.get("data", {}),
+        created_at=raw.get("created_at", ""),
+        last_used=raw.get("last_used", ""),
+    )
+
+
+def remove_session(domain: str) -> bool:
+    """Remove stored session."""
+    return delete_session(domain)
+
+
+def check_session(domain: str) -> dict:
+    """Return session metadata (no secrets). For --status display."""
+    if not session_exists(domain):
+        return {"exists": False}
+
+    raw = load_session(domain)
+    if raw is None:
+        return {"exists": False, "error": "corrupt or unreadable"}
+
+    info = {
+        "exists": True,
+        "auth_type": raw.get("auth_type", "unknown"),
+        "created_at": raw.get("created_at", ""),
+        "last_used": raw.get("last_used", ""),
+    }
+
+    # Show cookie key names (not values) for verification
+    data = raw.get("data", {})
+    if "cookies" in data:
+        info["cookie_keys"] = list(data["cookies"].keys())
+    if "token" in data:
+        info["has_token"] = True
+
+    return info

web2cli/auth/store.py

@@ -0,0 +1,68 @@
+"""Encrypted session storage.
+
+Sessions are stored at ~/.web2cli/sessions/<domain>.json.enc
+using Fernet symmetric encryption derived from machine identity.
+"""
+
+import base64
+import hashlib
+import json
+import os
+from pathlib import Path
+
+from cryptography.fernet import Fernet, InvalidToken
+
+SESSIONS_DIR = Path.home() / ".web2cli" / "sessions"
+FIXED_SALT = b"web2cli-session-store-v1"
+
+
+def _get_encryption_key() -> bytes:
+    """Derive a Fernet key from hostname + username + fixed string.
+
+    This is NOT a high-security secret vault — it's obfuscation
+    to prevent casual reading of cookie values on disk.
+    """
+    identity = f"{os.uname().nodename}:{os.getlogin()}:web2cli"
+    dk = hashlib.pbkdf2_hmac("sha256", identity.encode(), FIXED_SALT, 100_000)
+    return base64.urlsafe_b64encode(dk)
+
+
+def _ensure_dir() -> None:
+    SESSIONS_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def save_session(domain: str, data: dict) -> None:
+    """Encrypt and persist session data for a domain."""
+    _ensure_dir()
+    fernet = Fernet(_get_encryption_key())
+    encrypted = fernet.encrypt(json.dumps(data).encode())
+    path = SESSIONS_DIR / f"{domain}.json.enc"
+    path.write_bytes(encrypted)
+    path.chmod(0o600)
+
+
+def load_session(domain: str) -> dict | None:
+    """Load and decrypt session for a domain. Returns None if missing/corrupt."""
+    path = SESSIONS_DIR / f"{domain}.json.enc"
+    if not path.exists():
+        return None
+    try:
+        fernet = Fernet(_get_encryption_key())
+        decrypted = fernet.decrypt(path.read_bytes())
+        return json.loads(decrypted)
+    except (InvalidToken, json.JSONDecodeError, OSError):
+        return None
+
+
+def delete_session(domain: str) -> bool:
+    """Remove session file. Returns True if deleted."""
+    path = SESSIONS_DIR / f"{domain}.json.enc"
+    if path.exists():
+        path.unlink()
+        return True
+    return False
+
+
+def session_exists(domain: str) -> bool:
+    """Check if a session file exists for a domain."""
+    return (SESSIONS_DIR / f"{domain}.json.enc").exists()