PyPI - zrb - Versions diffs - 0.0.51__py3-none-any.whl → 0.0.53__py3-none-any.whl - Mend

zrb 0.0.51py3-none-any.whl → 0.0.53py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/component/access_token_util.py ADDED Viewed

@@ -0,0 +1,17 @@
+from config import (
+    app_auth_access_token_type, app_auth_jwt_token_algorithm,
+    app_auth_jwt_token_secret_key
+)
+from module.auth.core import AccessTokenUtil, JWTAccessTokenUtil
+def init_token_util() -> AccessTokenUtil:
+    if app_auth_access_token_type.lower() == 'jwt':
+        return JWTAccessTokenUtil(
+            secret_key=app_auth_jwt_token_secret_key,
+            algorithm=app_auth_jwt_token_algorithm
+        )
+    raise ValueError(f'Invalid auth token type: {app_auth_access_token_type}')
+access_token_util = init_token_util()

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/component/bearer_token_scheme.py ADDED Viewed

@@ -0,0 +1,5 @@
+from fastapi.security import OAuth2PasswordBearer
+bearer_token_scheme = OAuth2PasswordBearer(
+    tokenUrl='/api/v1/auth/login-oauth', auto_error=False
+)

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/component/model/user_model.py CHANGED Viewed

@@ -1,7 +1,10 @@
-from config import app_auth_token_expire_seconds, app_auth_admin_active
+from config import (
+    app_auth_admin_active, app_auth_access_token_expire_seconds,
+    app_auth_refresh_token_expire_seconds
+)
 from module.auth.component.repo.user_repo import user_repo
 from module.auth.entity.user.model import UserModel
-from module.auth.component import token_util
+from module.auth.component import access_token_util, refresh_token_util
 from module.auth.component.user import (
     admin_user, admin_user_password, guest_user
 )
@@ -11,8 +14,10 @@ from module.auth.component.model.permission_model import permission_model
 user_model: UserModel = UserModel(
     repo=user_repo,
     permission_model=permission_model,
-    token_util=token_util,
-    expire_seconds=app_auth_token_expire_seconds,
+    access_token_util=access_token_util,
+    access_token_expire_seconds=app_auth_access_token_expire_seconds,
+    refresh_token_util=refresh_token_util,
+    refresh_token_expire_seconds=app_auth_refresh_token_expire_seconds,
     guest_user=guest_user,
     admin_user=admin_user if app_auth_admin_active else None,
     admin_user_password=admin_user_password

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/component/refresh_token_util.py ADDED Viewed

@@ -0,0 +1,17 @@
+from config import (
+    app_auth_refresh_token_type, app_auth_jwt_token_algorithm,
+    app_auth_jwt_token_secret_key
+)
+from module.auth.core import RefreshTokenUtil, JWTRefreshTokenUtil
+def init_token_util() -> RefreshTokenUtil:
+    if app_auth_refresh_token_type.lower() == 'jwt':
+        return JWTRefreshTokenUtil(
+            secret_key=app_auth_jwt_token_secret_key,
+            algorithm=app_auth_jwt_token_algorithm
+        )
+    raise ValueError(f'Invalid auth token type: {app_auth_refresh_token_type}')
+refresh_token_util = init_token_util()

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/core/__init__.py CHANGED Viewed

@@ -4,18 +4,23 @@ from module.auth.core.password_hasher.password_hasher import PasswordHasher
 from module.auth.core.password_hasher.bcrypt_password_hasher import (
     BcryptPasswordHasher
 )
-from module.auth.core.token_scheme.token_sheme import TokenScheme
-from module.auth.core.token_scheme.oauth2_bearer_token_scheme import (
-    create_oauth2_bearer_token_scheme
+from module.auth.core.access_token.scheme import (
+    AccessTokenScheme, create_oauth2_bearer_access_token_scheme
+)
+from module.auth.core.access_token.util import (
+    AccessTokenUtil, JWTAccessTokenUtil
+)
+from module.auth.core.refresh_token.util import (
+    RefreshTokenUtil, JWTRefreshTokenUtil
 )
-from module.auth.core.token_util.token_util import TokenUtil
-from module.auth.core.token_util.jwt_token_util import JWTTokenUtil
 assert Authorizer
 assert RPCAuthorizer
 assert PasswordHasher
 assert BcryptPasswordHasher
-assert TokenScheme
-assert create_oauth2_bearer_token_scheme
-assert TokenUtil
-assert JWTTokenUtil
+assert AccessTokenScheme
+assert create_oauth2_bearer_access_token_scheme
+assert AccessTokenUtil
+assert JWTAccessTokenUtil
+assert RefreshTokenUtil
+assert JWTRefreshTokenUtil

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/core/{token_scheme/oauth2_bearer_token_scheme.py → access_token/scheme.py} RENAMED Viewed

@@ -1,19 +1,20 @@
-from typing import Optional
+from typing import Callable, Optional
 from starlette.requests import Request
 from fastapi import Depends
 from fastapi.security import OAuth2PasswordBearer
-from module.auth.core.token_util.token_util import TokenUtil
-from module.auth.core.token_scheme.token_sheme import TokenScheme
-from module.auth.schema.token import TokenData
+from module.auth.schema.token import AccessTokenData
 from module.auth.schema.user import User
+from module.auth.core.access_token.util import AccessTokenUtil
+AccessTokenScheme = Callable[[Request], AccessTokenData]
-def create_oauth2_bearer_token_scheme(
+def create_oauth2_bearer_access_token_scheme(
     guest_user: User,
-    token_util: TokenUtil,
+    access_token_util: AccessTokenUtil,
     token_url: str,
     token_cookie_key: str
-) -> TokenScheme:
+) -> AccessTokenScheme:
     oauth2_scheme = OAuth2PasswordBearer(
         tokenUrl=token_url, auto_error=False
@@ -22,17 +23,16 @@ def create_oauth2_bearer_token_scheme(
     async def oauth2_bearer_token_scheme(
         request: Request,
         token: Optional[str] = Depends(oauth2_scheme)
-    ) -> TokenData:
+    ) -> AccessTokenData:
         token: Optional[str] = await oauth2_scheme(request)
         if token is None:
             request.cookies.get(token_cookie_key, None)
         if token is None:
-            return TokenData(
+            return AccessTokenData(
                 user_id=guest_user.id,
                 username=guest_user.username,
-                permission_names=[],
                 expire_seconds=300
             )
-        return token_util.decode(token)
+        return access_token_util.decode(token, parse_expired_token=False)
     return oauth2_bearer_token_scheme

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/core/access_token/util.py ADDED Viewed

@@ -0,0 +1,69 @@
+from typing import Any, Mapping
+from abc import ABC, abstractmethod
+from core.error import HTTPAPIException
+from module.auth.schema.token import AccessTokenData
+from datetime import datetime, timedelta
+from jose import jwt
+import jsons
+class AccessTokenUtil(ABC):
+    @abstractmethod
+    def encode(self, token_data: AccessTokenData) -> str:
+        pass
+    @abstractmethod
+    def decode(
+        self, token_str: str, parse_expired_token: bool = False
+    ) -> AccessTokenData:
+        pass
+class JWTAccessTokenUtil(AccessTokenUtil):
+    def __init__(self, secret_key: str, algorithm: str = 'HS256'):
+        self.secret_key = secret_key
+        self.algorithm = algorithm
+    def encode(self, data: AccessTokenData) -> str:
+        expire_time = datetime.utcnow() + timedelta(
+            seconds=data.expire_seconds
+        )
+        sub = jsons.dumps(data.dict())
+        data_dict = {'sub': sub, 'exp': expire_time}
+        encoded_jwt = jwt.encode(
+            data_dict, self.secret_key, algorithm=self.algorithm
+        )
+        return encoded_jwt
+    def decode(
+        self, token: str, parse_expired_token: bool = False
+    ) -> AccessTokenData:
+        try:
+            decoded_data = jwt.decode(
+                token,
+                self.secret_key,
+                algorithms=[self.algorithm],
+                options=self._get_decode_options(parse_expired_token)
+            )
+            sub = jsons.loads(decoded_data['sub'])
+            token_data = AccessTokenData.parse_obj(sub)
+            if not parse_expired_token:
+                expire_time = decoded_data['exp']
+                token_data.expire_seconds = ((
+                    datetime.fromtimestamp(expire_time) - datetime.utcnow()
+                ).total_seconds())
+                if token_data.expire_seconds < 0:
+                    raise HTTPAPIException(422, 'Expired token')
+            return token_data
+        except jwt.JWTError:
+            raise HTTPAPIException(422, 'Invalid token')
+    def _get_decode_options(
+        self, parse_expired_token: bool
+    ) -> Mapping[str, Any]:
+        if parse_expired_token:
+            return {'verify_exp': False}
+        return {}

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/core/authorizer/rpc_authorizer.py CHANGED Viewed

@@ -27,10 +27,12 @@ class RPCAuthorizer(Authorizer):
         )
     async def is_having_permission(
-        self, user_id: str, *permission_names: str
+        self, user_id: str, *permission_name: str
     ) -> bool:
         permission_map = await self.rpc_caller.call(
-            self.is_user_authorized_rpc_name, user_id, *permission_names
+            self.is_user_authorized_rpc_name,
+            id=user_id,
+            permission_name=permission_name
         )
         for permission in permission_map:
             if not permission_map[permission]:

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/core/{token_util/jwt_token_util.py → refresh_token/util.py} RENAMED Viewed

@@ -1,18 +1,30 @@
+from abc import ABC, abstractmethod
 from core.error import HTTPAPIException
-from module.auth.schema.token import TokenData
-from module.auth.core.token_util.token_util import TokenUtil
+from module.auth.schema.token import RefreshTokenData
 from datetime import datetime, timedelta
 from jose import jwt
 import jsons
-class JWTTokenUtil(TokenUtil):
+class RefreshTokenUtil(ABC):
+    @abstractmethod
+    def encode(self, token_data: RefreshTokenData) -> str:
+        pass
+    @abstractmethod
+    def decode(self, token_str: str) -> RefreshTokenData:
+        pass
+class JWTRefreshTokenUtil(RefreshTokenUtil):
     def __init__(self, secret_key: str, algorithm: str = 'HS256'):
         self.secret_key = secret_key
         self.algorithm = algorithm
-    def encode(self, data: TokenData) -> str:
+    def encode(self, data: RefreshTokenData) -> str:
         expire_time = datetime.utcnow() + timedelta(
             seconds=data.expire_seconds
         )
@@ -23,13 +35,13 @@ class JWTTokenUtil(TokenUtil):
         )
         return encoded_jwt
-    def decode(self, token: str) -> TokenData:
+    def decode(self, token: str) -> RefreshTokenData:
         try:
             decoded_data = jwt.decode(
                 token, self.secret_key, algorithms=[self.algorithm]
             )
             sub = jsons.loads(decoded_data['sub'])
-            token_data = TokenData.parse_obj(sub)
+            token_data = RefreshTokenData.parse_obj(sub)
             expire_time = decoded_data['exp']
             token_data.expire_seconds = ((
                 datetime.fromtimestamp(expire_time) - datetime.utcnow()

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/entity/group/api.py CHANGED Viewed

@@ -7,8 +7,8 @@ from module.auth.core import Authorizer
 from module.auth.schema.group import (
     Group, GroupData, GroupResult
 )
-from module.auth.schema.token import TokenData
-from module.auth.component import token_scheme
+from module.auth.schema.token import AccessTokenData
+from module.auth.component import access_token_scheme
 def register_api(
@@ -25,7 +25,7 @@ def register_api(
     )
     async def get_groups(
         keyword: str = '', limit: int = 100, offset: int = 0,
-        user_token_data: TokenData = Depends(token_scheme),
+        user_token_data: AccessTokenData = Depends(access_token_scheme),
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:permission:get'
@@ -48,7 +48,7 @@ def register_api(
         '/api/v1/auth/groups/{id}', response_model=Group
     )
     async def get_group_by_id(
-        id: str, user_token_data: TokenData = Depends(token_scheme)
+        id: str, user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:group:get_by_id'
@@ -67,7 +67,8 @@ def register_api(
         '/api/v1/auth/groups', response_model=Group
     )
     async def insert_group(
-        data: GroupData, user_token_data: TokenData = Depends(token_scheme)
+        data: GroupData,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:group:insert'
@@ -87,7 +88,7 @@ def register_api(
     )
     async def update_group(
         id: str, data: GroupData,
-        user_token_data: TokenData = Depends(token_scheme)
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:group:update'
@@ -106,7 +107,8 @@ def register_api(
         '/api/v1/auth/groups/{id}', response_model=Group
     )
     async def delete_group(
-        id: str, user_token_data: TokenData = Depends(token_scheme)
+        id: str,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:group:delete'

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/entity/group/rpc.py CHANGED Viewed

@@ -5,7 +5,7 @@ from core.rpc import Caller, Server
 from core.repo import SearchFilter
 from module.auth.component.model.group_model import group_model
 from module.auth.schema.group import GroupData
-from module.auth.schema.token import TokenData
+from module.auth.schema.token import AccessTokenData
 def register_rpc(
@@ -46,7 +46,7 @@ def register_rpc(
         data: Mapping[str, Any],
         user_token_data: Mapping[str, Any]
     ) -> Mapping[str, Any]:
-        user_token_data: TokenData = TokenData(**user_token_data)
+        user_token_data: AccessTokenData = AccessTokenData(**user_token_data)
         data['created_by'] = user_token_data.user_id
         data['updated_by'] = user_token_data.user_id
         row = await group_model.insert(
@@ -60,7 +60,7 @@ def register_rpc(
         data: Mapping[str, Any],
         user_token_data: Mapping[str, Any]
     ) -> Mapping[str, Any]:
-        user_token_data: TokenData = TokenData(**user_token_data)
+        user_token_data: AccessTokenData = AccessTokenData(**user_token_data)
         data['updated_by'] = user_token_data.user_id
         row = await group_model.update(
             id=id, data=GroupData(**data)
@@ -72,6 +72,6 @@ def register_rpc(
         id: str,
         user_token_data: Mapping[str, Any]
     ) -> Mapping[str, Any]:
-        user_token_data = TokenData(**user_token_data)
+        user_token_data = AccessTokenData(**user_token_data)
         row = await group_model.delete(id=id)
         return row.dict()

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/entity/permission/api.py CHANGED Viewed

@@ -7,8 +7,8 @@ from module.auth.core import Authorizer
 from module.auth.schema.permission import (
     Permission, PermissionData, PermissionResult
 )
-from module.auth.schema.token import TokenData
-from module.auth.component import token_scheme
+from module.auth.schema.token import AccessTokenData
+from module.auth.component import access_token_scheme
 def register_api(
@@ -25,7 +25,7 @@ def register_api(
     )
     async def get_permissions(
         keyword: str = '', limit: int = 100, offset: int = 0,
-        user_token_data: TokenData = Depends(token_scheme)
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:permission:get'
@@ -48,7 +48,8 @@ def register_api(
         '/api/v1/auth/permissions/{id}', response_model=Permission
     )
     async def get_permission_by_id(
-        id: str, user_token_data: TokenData = Depends(token_scheme)
+        id: str,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:permission:get_by_id'
@@ -68,7 +69,7 @@ def register_api(
     )
     async def insert_permission(
         data: PermissionData,
-        user_token_data: TokenData = Depends(token_scheme)
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:permission:insert'
@@ -88,7 +89,7 @@ def register_api(
     )
     async def update_permission(
         id: str, data: PermissionData,
-        user_token_data: TokenData = Depends(token_scheme)
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:permission:update'
@@ -107,7 +108,8 @@ def register_api(
         '/api/v1/auth/permissions/{id}', response_model=Permission
     )
     async def delete_permission(
-        id: str, user_token_data: TokenData = Depends(token_scheme)
+        id: str,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:permission:delete'

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/entity/permission/rpc.py CHANGED Viewed

@@ -5,7 +5,7 @@ from core.rpc import Caller, Server
 from core.repo import SearchFilter
 from module.auth.component.model.permission_model import permission_model
 from module.auth.schema.permission import PermissionData
-from module.auth.schema.token import TokenData
+from module.auth.schema.token import AccessTokenData
 def register_rpc(
@@ -52,7 +52,7 @@ def register_rpc(
         data: Mapping[str, Any],
         user_token_data: Mapping[str, Any]
     ) -> Mapping[str, Any]:
-        user_token_data = TokenData(**user_token_data)
+        user_token_data = AccessTokenData(**user_token_data)
         data['created_by'] = user_token_data.user_id
         data['updated_by'] = user_token_data.user_id
         row = await permission_model.insert(
@@ -66,7 +66,7 @@ def register_rpc(
         data: Mapping[str, Any],
         user_token_data: Mapping[str, Any]
     ) -> Mapping[str, Any]:
-        user_token_data = TokenData(**user_token_data)
+        user_token_data = AccessTokenData(**user_token_data)
         data['updated_by'] = user_token_data.user_id
         row = await permission_model.update(
             id=id, data=PermissionData(**data)
@@ -78,6 +78,6 @@ def register_rpc(
         id: str,
         user_token_data: Mapping[str, Any]
     ) -> Mapping[str, Any]:
-        user_token_data = TokenData(**user_token_data)
+        user_token_data = AccessTokenData(**user_token_data)
         row = await permission_model.delete(id=id)
         return row.dict()

zrb/builtin/generator/fastapp/template/src/kebab-app-name/src/module/auth/entity/user/api.py CHANGED Viewed

@@ -9,8 +9,9 @@ from module.auth.core import Authorizer
 from module.auth.schema.user import (
     User, UserData, UserResult, UserLogin
 )
-from module.auth.schema.token import TokenData, TokenResponse
-from module.auth.component import token_scheme
+from module.auth.schema.token import AccessTokenData, TokenResponse
+from module.auth.schema.request import RefreshTokenRequest, IsAuthorizedRequest
+from module.auth.component import access_token_scheme, bearer_token_scheme
 def register_auth_api(
@@ -38,32 +39,39 @@ def register_auth_api(
     async def _create_token(data: UserLogin) -> TokenResponse:
         try:
-            token = await rpc_caller.call(
+            token_response_dict = await rpc_caller.call(
                 'auth_create_token', login_data=data.dict()
             )
-            return TokenResponse(access_token=token, token_type='bearer')
+            return TokenResponse(**token_response_dict)
         except Exception as e:
             raise HTTPAPIException(error=e)
     @app.post('/api/v1/auth/refresh-token', response_model=TokenResponse)
-    async def refresh_token(token: str) -> TokenResponse:
+    async def refresh_token(
+        data: RefreshTokenRequest,
+        refresh_token: str = Depends(bearer_token_scheme)
+    ) -> TokenResponse:
         try:
-            token = await rpc_caller.call(
-                'auth_refresh_token', token=token
+            token_response_dict = await rpc_caller.call(
+                'auth_refresh_token',
+                refresh_token=refresh_token,
+                access_token=data.access_token
             )
-            return TokenResponse(access_token=token, token_type='bearer')
+            return TokenResponse(**token_response_dict)
         except Exception as e:
             raise HTTPAPIException(error=e)
     @app.post('/api/v1/auth/is-authorized', response_model=Mapping[str, bool])
     async def is_authorized(
-        permission_names: List[str],
-        user_token_data: TokenData = Depends(token_scheme)
+        data: IsAuthorizedRequest,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ) -> Mapping[str, str]:
         try:
             user_id = user_token_data.user_id
             return await rpc_caller.call(
-                'auth_is_user_authorized', id=user_id, *permission_names
+                'auth_is_user_authorized',
+                id=user_id,
+                permission_name=data.permission_names
             )
         except Exception as e:
             raise HTTPAPIException(error=e)
@@ -83,7 +91,7 @@ def register_api(
     )
     async def get_users(
         keyword: str = '', limit: int = 100, offset: int = 0,
-        user_token_data: TokenData = Depends(token_scheme)
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:user:get'
@@ -106,7 +114,8 @@ def register_api(
         '/api/v1/auth/users/{id}', response_model=User
     )
     async def get_user_by_id(
-        id: str, user_token_data: TokenData = Depends(token_scheme)
+        id: str,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:user:get_by_id'
@@ -125,7 +134,8 @@ def register_api(
         '/api/v1/auth/users', response_model=User
     )
     async def insert_user(
-        data: UserData, user_token_data: TokenData = Depends(token_scheme)
+        data: UserData,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:user:insert'
@@ -145,7 +155,7 @@ def register_api(
     )
     async def update_user(
         id: str, data: UserData,
-        user_token_data: TokenData = Depends(token_scheme)
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:user:update'
@@ -164,7 +174,8 @@ def register_api(
         '/api/v1/auth/users/{id}', response_model=User
     )
     async def delete_user(
-        id: str, user_token_data: TokenData = Depends(token_scheme)
+        id: str,
+        user_token_data: AccessTokenData = Depends(access_token_scheme)
     ):
         if not await authorizer.is_having_permission(
             user_token_data.user_id, 'auth:user:delete'

zrb 0.0.51__py3-none-any.whl → 0.0.53__py3-none-any.whl

zrb 0.0.51py3-none-any.whl → 0.0.53py3-none-any.whl