webscout 2025.10.14.1__py3-none-any.whl → 2025.10.16__py3-none-any.whl

webscout/auth/middleware.py

@@ -1,248 +0,0 @@
-# webscout/auth/middleware.py
-
-import secrets
-from datetime import datetime
-from typing import Optional, Tuple
-import logging
-
-from fastapi import Request, HTTPException, status
-from fastapi.security import APIKeyHeader
-from fastapi.responses import JSONResponse
-
-from .api_key_manager import APIKeyManager
-from .rate_limiter import RateLimiter
-from .models import APIKey
-from .schemas import ErrorResponse, RateLimitStatus
-
-logger = logging.getLogger(__name__)
-
-
-class AuthMiddleware:
-    """Authentication and rate limiting middleware."""
-    
-    def __init__(self, api_key_manager: APIKeyManager, rate_limiter: RateLimiter, auth_required: bool = True, rate_limit_enabled: bool = True):
-        self.api_key_manager = api_key_manager
-        self.rate_limiter = rate_limiter
-        self.api_key_header = APIKeyHeader(name="Authorization", auto_error=False)
-        self.auth_required = auth_required
-        self.rate_limit_enabled = rate_limit_enabled
-
-        # Paths that don't require authentication
-        self.public_paths = {
-            "/",
-            "/docs",
-            "/redoc",
-            "/openapi.json",
-            "/health",
-            "/v1/auth/generate-key"  # API key generation endpoint
-        }
-
-        # Paths that require authentication (when auth is enabled)
-        self.protected_path_prefixes = [
-            "/v1/chat/completions",
-            "/v1/images/generations",
-            "/v1/models",
-            "/v1/TTI/models"
-        ]
-    
-    def is_protected_path(self, path: str) -> bool:
-        """Check if a path requires authentication."""
-        if not self.auth_required:
-            return False  # No authentication required in no-auth mode
-
-        if path in self.public_paths:
-            return False
-
-        return any(path.startswith(prefix) for prefix in self.protected_path_prefixes)
-    
-    def extract_api_key(self, authorization_header: Optional[str]) -> Optional[str]:
-        """Extract API key from Authorization header."""
-        if not authorization_header:
-            return None
-        
-        # Support both "Bearer <key>" and direct key formats
-        if authorization_header.startswith("Bearer "):
-            return authorization_header[7:]
-        elif authorization_header.startswith("ws_"):
-            return authorization_header
-        else:
-            return None
-    
-    async def authenticate_request(self, request: Request) -> Tuple[bool, Optional[APIKey], Optional[dict]]:
-        """
-        Authenticate a request.
-        
-        Returns:
-            Tuple of (is_authenticated, api_key_object, error_response)
-        """
-        path = request.url.path
-        
-        # Check if path requires authentication
-        if not self.is_protected_path(path):
-            return True, None, None
-        
-        # Get authorization header
-        auth_header = request.headers.get("authorization")
-        api_key = self.extract_api_key(auth_header)
-        
-        if not api_key:
-            error_response = {
-                "error": "API key required",
-                "code": "missing_api_key",
-                "details": {
-                    "message": "Please provide a valid API key in the Authorization header",
-                    "format": "Authorization: Bearer <your-api-key>"
-                }
-            }
-            return False, None, error_response
-        
-        # Validate API key
-        is_valid, api_key_obj, error_msg = await self.api_key_manager.validate_api_key(api_key)
-        
-        if not is_valid:
-            error_response = {
-                "error": error_msg or "Invalid API key",
-                "code": "invalid_api_key",
-                "details": {
-                    "message": "The provided API key is invalid, expired, or inactive"
-                }
-            }
-            return False, None, error_response
-        
-        return True, api_key_obj, None
-    
-    async def check_rate_limit(self, api_key: Optional[APIKey], client_ip: str = "unknown") -> Tuple[bool, dict]:
-        """
-        Check rate limit for an API key or IP address.
-
-        Returns:
-            Tuple of (is_allowed, rate_limit_info)
-        """
-        if not self.rate_limit_enabled:
-            # Rate limiting disabled
-            return True, {
-                "allowed": True,
-                "limit": 999999,
-                "remaining": 999999,
-                "reset_at": None,
-                "retry_after": None
-            }
-
-        if api_key:
-            return await self.rate_limiter.check_rate_limit(api_key)
-        else:
-            # No-auth mode: use IP-based rate limiting
-            return await self.rate_limiter.check_ip_rate_limit(client_ip)
-    
-    async def process_request(self, request: Request) -> Tuple[bool, Optional[dict], Optional[dict]]:
-        """
-        Process a request through authentication and rate limiting.
-        
-        Returns:
-            Tuple of (is_allowed, error_response, rate_limit_headers)
-        """
-        # Authenticate request
-        is_authenticated, api_key_obj, auth_error = await self.authenticate_request(request)
-        
-        if not is_authenticated:
-            return False, auth_error, None
-        
-        # If no API key (public endpoint or no-auth mode), handle rate limiting
-        if not api_key_obj:
-            if not self.auth_required:
-                # No-auth mode: still check rate limiting by IP
-                client_ip = request.client.host if request.client else "unknown"
-                is_allowed, rate_limit_info = await self.check_rate_limit(None, client_ip)
-
-                if not is_allowed:
-                    error_response = {
-                        "error": "Rate limit exceeded",
-                        "code": "rate_limit_exceeded",
-                        "details": {
-                            "message": f"Rate limit of {rate_limit_info['limit']} requests per minute exceeded",
-                            "retry_after": rate_limit_info["retry_after"],
-                            "reset_at": rate_limit_info["reset_at"].isoformat() if rate_limit_info["reset_at"] else None
-                        }
-                    }
-                    rate_limit_headers = {
-                        "X-RateLimit-Limit": str(rate_limit_info["limit"]),
-                        "X-RateLimit-Remaining": str(rate_limit_info["remaining"]),
-                        "Retry-After": str(rate_limit_info["retry_after"])
-                    }
-                    if rate_limit_info["reset_at"]:
-                        rate_limit_headers["X-RateLimit-Reset"] = rate_limit_info["reset_at"].isoformat()
-                    return False, error_response, rate_limit_headers
-
-                # Store rate limit info for no-auth mode
-                request.state.rate_limit_info = rate_limit_info
-                rate_limit_headers = {
-                    "X-RateLimit-Limit": str(rate_limit_info["limit"]),
-                    "X-RateLimit-Remaining": str(rate_limit_info["remaining"])
-                }
-                if rate_limit_info["reset_at"]:
-                    rate_limit_headers["X-RateLimit-Reset"] = rate_limit_info["reset_at"].isoformat()
-                return True, None, rate_limit_headers
-            else:
-                return True, None, None
-
-        # Check rate limit for authenticated requests
-        client_ip = request.client.host if request.client else "unknown"
-        is_allowed, rate_limit_info = await self.check_rate_limit(api_key_obj, client_ip)
-        
-        # Prepare rate limit headers
-        rate_limit_headers = {
-            "X-RateLimit-Limit": str(rate_limit_info["limit"]),
-            "X-RateLimit-Remaining": str(rate_limit_info["remaining"]),
-            "X-RateLimit-Reset": rate_limit_info["reset_at"].isoformat()
-        }
-        
-        if not is_allowed:
-            error_response = {
-                "error": "Rate limit exceeded",
-                "code": "rate_limit_exceeded",
-                "details": {
-                    "message": f"Rate limit of {rate_limit_info['limit']} requests per minute exceeded",
-                    "retry_after": rate_limit_info["retry_after"],
-                    "reset_at": rate_limit_info["reset_at"].isoformat()
-                }
-            }
-            rate_limit_headers["Retry-After"] = str(rate_limit_info["retry_after"])
-            return False, error_response, rate_limit_headers
-        
-        # Store API key info in request state for use in endpoints
-        request.state.api_key = api_key_obj
-        request.state.rate_limit_info = rate_limit_info
-        
-        return True, None, rate_limit_headers
-    
-    def create_error_response(self, error_data: dict, status_code: int = 401, headers: Optional[dict] = None) -> JSONResponse:
-        """Create a standardized error response."""
-        response = JSONResponse(
-            status_code=status_code,
-            content=error_data
-        )
-        
-        if headers:
-            for key, value in headers.items():
-                response.headers[key] = value
-        
-        return response
-    
-    async def __call__(self, request: Request, call_next):
-        """Middleware callable for FastAPI."""
-        # Process request
-        is_allowed, error_response, rate_limit_headers = await self.process_request(request)
-        
-        if not is_allowed:
-            status_code = 429 if error_response.get("code") == "rate_limit_exceeded" else 401
-            return self.create_error_response(error_response, status_code, rate_limit_headers)
-        
-        # Continue with request
-        response = await call_next(request)
-        
-        # Add rate limit headers to response
-        if rate_limit_headers:
-            for key, value in rate_limit_headers.items():
-                response.headers[key] = value
-        
-        return response

webscout/auth/models.py

@@ -1,185 +0,0 @@
-# webscout/auth/models.py
-
-from datetime import datetime, timezone
-from typing import Optional, Dict, Any, List
-from dataclasses import dataclass, field
-import uuid
-import json
-
-
-@dataclass
-class User:
-    """User model for authentication system."""
-    id: str = field(default_factory=lambda: str(uuid.uuid4()))
-    username: str = ""
-    telegram_id: int = field(default_factory=lambda: 0)  # Required Telegram ID as number only
-
-    def validate_telegram_id(self) -> None:
-        """Ensure telegram_id is an integer."""
-        if not isinstance(self.telegram_id, int):
-            raise ValueError("telegram_id must be an integer.")
-    created_at: datetime = field(default_factory=lambda: datetime.now(timezone.utc))
-    updated_at: datetime = field(default_factory=lambda: datetime.now(timezone.utc))
-    is_active: bool = True
-    metadata: Dict[str, Any] = field(default_factory=dict)
-    
-    def to_dict(self) -> Dict[str, Any]:
-        """Convert user to dictionary for storage."""
-        return {
-            "id": self.id,
-            "username": self.username,
-            "telegram_id": self.telegram_id,
-            "created_at": self.created_at.isoformat(),
-            "updated_at": self.updated_at.isoformat(),
-            "is_active": self.is_active,
-            "metadata": self.metadata
-        }
-    
-    @classmethod
-    def from_dict(cls, data: Dict[str, Any]) -> "User":
-        """Create user from dictionary."""
-        return cls(
-            id=data.get("id", str(uuid.uuid4())),
-            username=data.get("username", ""),
-            telegram_id=int(data.get("telegram_id", 0)),
-            created_at=datetime.fromisoformat(data.get("created_at", datetime.now(timezone.utc).isoformat())),
-            updated_at=datetime.fromisoformat(data.get("updated_at", datetime.now(timezone.utc).isoformat())),
-            is_active=data.get("is_active", True),
-            metadata=data.get("metadata", {})
-        )
-
-
-@dataclass
-class APIKey:
-    """API Key model for authentication system."""
-    id: str = field(default_factory=lambda: str(uuid.uuid4()))
-    key: str = ""
-    user_id: str = ""
-    name: Optional[str] = None
-    created_at: datetime = field(default_factory=lambda: datetime.now(timezone.utc))
-    last_used_at: Optional[datetime] = None
-    expires_at: Optional[datetime] = None
-    is_active: bool = True
-    rate_limit: int = 10  # requests per minute
-    usage_count: int = 0
-    metadata: Dict[str, Any] = field(default_factory=dict)
-    
-    def to_dict(self) -> Dict[str, Any]:
-        """Convert API key to dictionary for storage."""
-        return {
-            "id": self.id,
-            "key": self.key,
-            "user_id": self.user_id,
-            "name": self.name,
-            "created_at": self.created_at.isoformat(),
-            "last_used_at": self.last_used_at.isoformat() if self.last_used_at else None,
-            "expires_at": self.expires_at.isoformat() if self.expires_at else None,
-            "is_active": self.is_active,
-            "rate_limit": self.rate_limit,
-            "usage_count": self.usage_count,
-            "metadata": self.metadata
-        }
-    
-    @classmethod
-    def from_dict(cls, data: Dict[str, Any]) -> "APIKey":
-        """Create API key from dictionary."""
-        return cls(
-            id=data.get("id", str(uuid.uuid4())),
-            key=data.get("key", ""),
-            user_id=data.get("user_id", ""),
-            name=data.get("name"),
-            created_at=datetime.fromisoformat(data.get("created_at", datetime.now(timezone.utc).isoformat())),
-            last_used_at=datetime.fromisoformat(data["last_used_at"]) if data.get("last_used_at") else None,
-            expires_at=datetime.fromisoformat(data["expires_at"]) if data.get("expires_at") else None,
-            is_active=data.get("is_active", True),
-            rate_limit=data.get("rate_limit", 10),
-            usage_count=data.get("usage_count", 0),
-            metadata=data.get("metadata", {})
-        )
-    
-    def is_expired(self) -> bool:
-        """Check if API key is expired."""
-        if not self.expires_at:
-            return False
-        return datetime.now(timezone.utc) > self.expires_at
-    
-    def is_valid(self) -> bool:
-        """Check if API key is valid (active and not expired)."""
-        return self.is_active and not self.is_expired()
-
-
-@dataclass
-class RateLimitEntry:
-    """Rate limit tracking entry."""
-    api_key_id: str
-    requests: List[datetime] = field(default_factory=list)
-    
-    def to_dict(self) -> Dict[str, Any]:
-        """Convert to dictionary for storage."""
-        return {
-            "api_key_id": self.api_key_id,
-            "requests": [req.isoformat() for req in self.requests]
-        }
-    
-    @classmethod
-    def from_dict(cls, data: Dict[str, Any]) -> "RateLimitEntry":
-        """Create from dictionary."""
-        return cls(
-            api_key_id=data.get("api_key_id", ""),
-            requests=[datetime.fromisoformat(req) for req in data.get("requests", [])]
-        )
-
-
-@dataclass
-class RequestLog:
-    """Request log entry for API usage tracking."""
-    id: str = field(default_factory=lambda: str(uuid.uuid4()))
-    request_id: str = ""
-    ip_address: str = ""
-    model_used: str = ""
-    question: str = ""
-    answer: str = ""
-    user_id: Optional[str] = None
-    api_key_id: Optional[str] = None
-    created_at: datetime = field(default_factory=lambda: datetime.now(timezone.utc))
-    response_time_ms: Optional[int] = None
-    status_code: int = 200
-    error_message: Optional[str] = None
-    metadata: Dict[str, Any] = field(default_factory=dict)
-    
-    def to_dict(self) -> Dict[str, Any]:
-        """Convert request log to dictionary for storage."""
-        return {
-            "id": self.id,
-            "request_id": self.request_id,
-            "ip_address": self.ip_address,
-            "model_used": self.model_used,
-            "question": self.question,
-            "answer": self.answer,
-            "user_id": self.user_id,
-            "api_key_id": self.api_key_id,
-            "created_at": self.created_at.isoformat(),
-            "response_time_ms": self.response_time_ms,
-            "status_code": self.status_code,
-            "error_message": self.error_message,
-            "metadata": self.metadata
-        }
-    
-    @classmethod
-    def from_dict(cls, data: Dict[str, Any]) -> "RequestLog":
-        """Create request log from dictionary."""
-        return cls(
-            id=data.get("id", str(uuid.uuid4())),
-            request_id=data.get("request_id", ""),
-            ip_address=data.get("ip_address", ""),
-            model_used=data.get("model_used", ""),
-            question=data.get("question", ""),
-            answer=data.get("answer", ""),
-            user_id=data.get("user_id"),
-            api_key_id=data.get("api_key_id"),
-            created_at=datetime.fromisoformat(data.get("created_at", datetime.now(timezone.utc).isoformat())),
-            response_time_ms=data.get("response_time_ms"),
-            status_code=data.get("status_code", 200),
-            error_message=data.get("error_message"),
-            metadata=data.get("metadata", {})
-        )

webscout/auth/rate_limiter.py

@@ -1,254 +0,0 @@
-# webscout/auth/rate_limiter.py
-
-import asyncio
-from datetime import datetime, timezone, timedelta
-from typing import Optional, Tuple
-import logging
-
-from .models import APIKey, RateLimitEntry
-from .database import DatabaseManager
-from .config import AppConfig
-
-logger = logging.getLogger(__name__)
-
-
-class RateLimiter:
-    """Rate limiter for API requests."""
-    
-    def __init__(self, database_manager: DatabaseManager):
-        self.db = database_manager
-        self.default_rate_limit = 10  # requests per minute
-        self.window_size = 60  # 1 minute in seconds
-    
-    async def check_rate_limit(self, api_key: APIKey) -> Tuple[bool, dict]:
-        """
-        Check if a request is allowed under the rate limit.
-        
-        Returns:
-            Tuple of (is_allowed, rate_limit_info)
-        """
-        now = datetime.now(timezone.utc)
-        window_start = now - timedelta(seconds=self.window_size)
-        
-        try:
-            # Get or create rate limit entry
-            entry = await self.db.get_rate_limit_entry(api_key.id)
-            
-            if not entry:
-                entry = RateLimitEntry(api_key_id=api_key.id, requests=[])
-            
-            # Clean old requests outside the window
-            entry.requests = [req for req in entry.requests if req > window_start]
-            
-            # Check if limit is exceeded
-            current_count = len(entry.requests)
-            limit = api_key.rate_limit or self.default_rate_limit
-            
-            if current_count >= limit:
-                # Rate limit exceeded
-                oldest_request = min(entry.requests) if entry.requests else now
-                reset_at = oldest_request + timedelta(seconds=self.window_size)
-                retry_after = int((reset_at - now).total_seconds())
-                
-                rate_limit_info = {
-                    "allowed": False,
-                    "limit": limit,
-                    "remaining": 0,
-                    "reset_at": reset_at,
-                    "retry_after": max(retry_after, 1)
-                }
-                
-                logger.warning(f"Rate limit exceeded for API key {api_key.id}: {current_count}/{limit}")
-                return False, rate_limit_info
-            
-            # Add current request
-            entry.requests.append(now)
-            
-            # Update database
-            await self.db.update_rate_limit_entry(entry)
-            
-            # Calculate next reset time
-            if entry.requests:
-                oldest_request = min(entry.requests)
-                reset_at = oldest_request + timedelta(seconds=self.window_size)
-            else:
-                reset_at = now + timedelta(seconds=self.window_size)
-            
-            rate_limit_info = {
-                "allowed": True,
-                "limit": limit,
-                "remaining": limit - len(entry.requests),
-                "reset_at": reset_at,
-                "retry_after": None
-            }
-            
-            return True, rate_limit_info
-            
-        except Exception as e:
-            logger.error(f"Error checking rate limit for API key {api_key.id}: {e}")
-            # In case of error, allow the request but log the issue
-            rate_limit_info = {
-                "allowed": True,
-                "limit": api_key.rate_limit or self.default_rate_limit,
-                "remaining": api_key.rate_limit or self.default_rate_limit,
-                "reset_at": now + timedelta(seconds=self.window_size),
-                "retry_after": None
-            }
-            return True, rate_limit_info
-    
-    async def reset_rate_limit(self, api_key_id: str) -> bool:
-        """Reset rate limit for an API key (admin function)."""
-        try:
-            entry = RateLimitEntry(api_key_id=api_key_id, requests=[])
-            await self.db.update_rate_limit_entry(entry)
-            logger.info(f"Reset rate limit for API key {api_key_id}")
-            return True
-        except Exception as e:
-            logger.error(f"Error resetting rate limit for API key {api_key_id}: {e}")
-            return False
-    
-    async def get_rate_limit_status(self, api_key: APIKey) -> dict:
-        """Get current rate limit status without making a request."""
-        now = datetime.now(timezone.utc)
-        window_start = now - timedelta(seconds=self.window_size)
-        
-        try:
-            entry = await self.db.get_rate_limit_entry(api_key.id)
-            
-            if not entry:
-                entry = RateLimitEntry(api_key_id=api_key.id, requests=[])
-            
-            # Clean old requests
-            entry.requests = [req for req in entry.requests if req > window_start]
-            
-            limit = api_key.rate_limit or self.default_rate_limit
-            current_count = len(entry.requests)
-            
-            # Calculate reset time
-            if entry.requests:
-                oldest_request = min(entry.requests)
-                reset_at = oldest_request + timedelta(seconds=self.window_size)
-            else:
-                reset_at = now + timedelta(seconds=self.window_size)
-            
-            return {
-                "limit": limit,
-                "remaining": max(0, limit - current_count),
-                "reset_at": reset_at,
-                "window_size": self.window_size
-            }
-            
-        except Exception as e:
-            logger.error(f"Error getting rate limit status for API key {api_key.id}: {e}")
-            return {
-                "limit": api_key.rate_limit or self.default_rate_limit,
-                "remaining": api_key.rate_limit or self.default_rate_limit,
-                "reset_at": now + timedelta(seconds=self.window_size),
-                "window_size": self.window_size
-            }
-    
-    async def cleanup_old_entries(self) -> int:
-        """Clean up old rate limit entries (maintenance function)."""
-        # Remove requests older than the window_size for all rate limit entries
-        try:
-            # Try to get all rate limit entries from the database
-            if hasattr(self.db, 'get_all_rate_limit_entries'):
-                entries = await self.db.get_all_rate_limit_entries()
-            else:
-                logger.warning("Database does not support get_all_rate_limit_entries; cleanup skipped.")
-                return 0
-
-            now = datetime.now(timezone.utc)
-            window_start = now - timedelta(seconds=self.window_size)
-            cleaned = 0
-
-            for entry in entries:
-                old_count = len(entry.requests)
-                entry.requests = [req for req in entry.requests if req > window_start]
-                if len(entry.requests) < old_count:
-                    await self.db.update_rate_limit_entry(entry)
-                    cleaned += 1
-            logger.info(f"Cleaned up {cleaned} old rate limit entries.")
-            return cleaned
-        except Exception as e:
-            logger.error(f"Error cleaning up old rate limit entries: {e}")
-            return 0
-
-    async def check_ip_rate_limit(self, client_ip: str) -> Tuple[bool, dict]:
-        """
-        Check rate limit for an IP address (used in no-auth mode).
-
-        Returns:
-            Tuple of (is_allowed, rate_limit_info)
-        """
-        now = datetime.now(timezone.utc)
-        window_start = now - timedelta(seconds=self.window_size)
-
-        # Create a pseudo API key for IP-based rate limiting
-        ip_key_id = f"ip_{client_ip}"
-        limit = AppConfig.default_rate_limit
-
-        try:
-            # Get or create rate limit entry for IP
-            entry = await self.db.get_rate_limit_entry(ip_key_id)
-
-            if not entry:
-                entry = RateLimitEntry(api_key_id=ip_key_id, requests=[])
-
-            # Clean old requests outside the window
-            entry.requests = [req for req in entry.requests if req > window_start]
-
-            # Check if limit is exceeded
-            current_count = len(entry.requests)
-
-            if current_count >= limit:
-                # Rate limit exceeded
-                oldest_request = min(entry.requests) if entry.requests else now
-                reset_at = oldest_request + timedelta(seconds=self.window_size)
-                retry_after = int((reset_at - now).total_seconds())
-
-                rate_limit_info = {
-                    "allowed": False,
-                    "limit": limit,
-                    "remaining": 0,
-                    "reset_at": reset_at,
-                    "retry_after": max(retry_after, 1)
-                }
-
-                logger.warning(f"Rate limit exceeded for IP {client_ip}: {current_count}/{limit}")
-                return False, rate_limit_info
-
-            # Add current request
-            entry.requests.append(now)
-
-            # Update database
-            await self.db.update_rate_limit_entry(entry)
-
-            # Calculate next reset time
-            if entry.requests:
-                oldest_request = min(entry.requests)
-                reset_at = oldest_request + timedelta(seconds=self.window_size)
-            else:
-                reset_at = now + timedelta(seconds=self.window_size)
-
-            rate_limit_info = {
-                "allowed": True,
-                "limit": limit,
-                "remaining": limit - len(entry.requests),
-                "reset_at": reset_at,
-                "retry_after": None
-            }
-
-            return True, rate_limit_info
-
-        except Exception as e:
-            logger.error(f"Error checking rate limit for IP {client_ip}: {e}")
-            # In case of error, allow the request but log the issue
-            rate_limit_info = {
-                "allowed": True,
-                "limit": limit,
-                "remaining": limit,
-                "reset_at": now + timedelta(seconds=self.window_size),
-                "retry_after": None
-            }
-            return True, rate_limit_info