Upload 447 files

d613ffd verified 7 days ago

31.4 kB

	"""
	╔══════════════════════════════════════════════════════════════════════════════╗
	║ ║
	║ AUTHENTICATION PLUGIN for NoahsKI ║
	║ Email Verification System ║
	║ ║
	║ Features: ║
	║ ✓ Email Registration & Verification ║
	║ ✓ Verification Code via Email ║
	║ ✓ Session Management ║
	║ ✓ User Data Storage (JSON) ║
	║ ✓ Password Hashing (bcrypt) ║
	║ ✓ Token-based Authentication ║
	║ ║
	╚══════════════════════════════════════════════════════════════════════════════╝
	"""

	import os
	import json
	import time
	import secrets
	import hashlib
	import smtplib
	import tempfile
	from email.mime.text import MIMEText
	from email.mime.multipart import MIMEMultipart
	from pathlib import Path
	from typing import Dict, Optional, Tuple
	from dataclasses import dataclass, asdict
	from datetime import datetime, timedelta
	import logging

	logger = logging.getLogger(__name__)


	# ═══════════════════════════════════════════════════════════════════════════════
	# CONFIGURATION
	# ═══════════════════════════════════════════════════════════════════════════════

	class AuthConfig:
	"""Authentication plugin configuration"""

	# Detect Hugging Face Spaces
	IS_HF_SPACE = os.getenv('SPACE_ID') is not None

	# Paths (HF Spaces compatible)
	if IS_HF_SPACE:
	BASE_DATA_DIR = Path(tempfile.gettempdir()) / 'noahski_data'
	else:
	BASE_DATA_DIR = Path('noahski_data')

	DATA_DIR = BASE_DATA_DIR / 'auth'
	USERS_FILE = DATA_DIR / 'users.json'
	SESSIONS_FILE = DATA_DIR / 'sessions.json'
	VERIFICATION_FILE = DATA_DIR / 'verifications.json'

	# Email Settings (SMTP)
	SMTP_SERVER = os.getenv('SMTP_SERVER', 'smtp.gmail.com')
	SMTP_PORT = int(os.getenv('SMTP_PORT', 587))
	SMTP_USER = os.getenv('SMTP_USER', 'your-email@gmail.com')
	SMTP_PASSWORD = os.getenv('SMTP_PASSWORD', 'your-app-password')
	FROM_EMAIL = os.getenv('FROM_EMAIL', 'noreply@noahski.ai')
	FROM_NAME = os.getenv('FROM_NAME', 'NoahsKI')

	# Security
	VERIFICATION_CODE_LENGTH = 6
	VERIFICATION_EXPIRY_MINUTES = 15
	SESSION_EXPIRY_HOURS = 24
	MAX_LOGIN_ATTEMPTS = 5
	LOCKOUT_DURATION_MINUTES = 30

	# Token
	TOKEN_LENGTH = 32


	# ═══════════════════════════════════════════════════════════════════════════════
	# DATA CLASSES
	# ═══════════════════════════════════════════════════════════════════════════════

	@dataclass
	class User:
	"""User data structure"""
	email: str
	password_hash: str
	created_at: float
	verified: bool = False
	last_login: Optional[float] = None
	login_attempts: int = 0
	locked_until: Optional[float] = None
	username: Optional[str] = None

	def to_dict(self) -> Dict:
	return asdict(self)

	@staticmethod
	def from_dict(data: Dict) -> 'User':
	return User(**data)


	@dataclass
	class Session:
	"""Session data structure"""
	token: str
	email: str
	created_at: float
	expires_at: float
	ip_address: Optional[str] = None
	user_agent: Optional[str] = None

	def is_valid(self) -> bool:
	return time.time() < self.expires_at

	def to_dict(self) -> Dict:
	return asdict(self)

	@staticmethod
	def from_dict(data: Dict) -> 'Session':
	return Session(**data)


	@dataclass
	class VerificationCode:
	"""Email verification code"""
	email: str
	code: str
	created_at: float
	expires_at: float
	attempts: int = 0

	def is_valid(self) -> bool:
	return time.time() < self.expires_at and self.attempts < 3

	def to_dict(self) -> Dict:
	return asdict(self)

	@staticmethod
	def from_dict(data: Dict) -> 'VerificationCode':
	return VerificationCode(**data)


	# ═══════════════════════════════════════════════════════════════════════════════
	# EMAIL SERVICE
	# ═══════════════════════════════════════════════════════════════════════════════

	class EmailService:
	"""Handle email sending"""

	def __init__(self):
	self.smtp_server = AuthConfig.SMTP_SERVER
	self.smtp_port = AuthConfig.SMTP_PORT
	self.smtp_user = AuthConfig.SMTP_USER
	self.smtp_password = AuthConfig.SMTP_PASSWORD
	self.from_email = AuthConfig.FROM_EMAIL
	self.from_name = AuthConfig.FROM_NAME

	def send_verification_email(self, to_email: str, code: str) -> bool:
	"""Send verification code email"""
	try:
	subject = f"🔐 Dein NoahsKI Verifizierungscode"

	html_body = f"""
	<!DOCTYPE html>
	<html>
	<head>
	<style>
	body {{ font-family: Arial, sans-serif; background-color: #f4f4f4; padding: 20px; }}
	.container {{ background-color: white; padding: 30px; border-radius: 10px; max-width: 600px; margin: 0 auto; }}
	.code {{ font-size: 32px; font-weight: bold; color: #4CAF50; text-align: center; padding: 20px; background-color: #f0f0f0; border-radius: 5px; letter-spacing: 5px; }}
	.header {{ color: #333; text-align: center; }}
	.footer {{ color: #666; font-size: 12px; text-align: center; margin-top: 30px; }}
	</style>
	</head>
	<body>
	<div class="container">
	<h1 class="header">🚀 Willkommen bei NoahsKI!</h1>
	<p>Danke für deine Registrierung. Hier ist dein Verifizierungscode:</p>

	<div class="code">{code}</div>

	<p>Dieser Code ist <strong>15 Minuten</strong> gültig.</p>

	<p><strong>⚠️ Wichtig:</strong> Falls du diese Email nicht angefordert hast, ignoriere sie einfach.</p>

	<div class="footer">
	<p>© 2026 NoahsKI - Dein KI-Assistent</p>
	<p>Diese Email wurde automatisch generiert.</p>
	</div>
	</div>
	</body>
	</html>
	"""

	plain_body = f"""
	🚀 Willkommen bei NoahsKI!

	Danke für deine Registrierung. Hier ist dein Verifizierungscode:

	{code}

	Dieser Code ist 15 Minuten gültig.

	⚠️ Falls du diese Email nicht angefordert hast, ignoriere sie einfach.

	© 2026 NoahsKI
	"""

	return self._send_email(to_email, subject, html_body, plain_body)

	except Exception as e:
	logger.error(f"Failed to send verification email: {e}")
	return False

	def send_welcome_email(self, to_email: str, username: str = None) -> bool:
	"""Send welcome email after successful verification"""
	try:
	subject = "🎉 Account erfolgreich verifiziert!"
	name = username or to_email.split('@')[0]

	html_body = f"""
	<!DOCTYPE html>
	<html>
	<head>
	<style>
	body {{ font-family: Arial, sans-serif; background-color: #f4f4f4; padding: 20px; }}
	.container {{ background-color: white; padding: 30px; border-radius: 10px; max-width: 600px; margin: 0 auto; }}
	.header {{ color: #4CAF50; text-align: center; }}
	.feature {{ padding: 10px 0; }}
	.footer {{ color: #666; font-size: 12px; text-align: center; margin-top: 30px; }}
	</style>
	</head>
	<body>
	<div class="container">
	<h1 class="header">🎉 Willkommen bei NoahsKI, {name}!</h1>

	<p>Dein Account wurde erfolgreich verifiziert und ist jetzt aktiv!</p>

	<h3>Was du jetzt tun kannst:</h3>
	<div class="feature">✅ Mit NoahsKI chatten</div>
	<div class="feature">🎨 Bilder generieren</div>
	<div class="feature">🌐 Web-Recherche nutzen</div>
	<div class="feature">📚 Autonomes Learning System</div>
	<div class="feature">💡 Code-Generierung</div>

	<p style="margin-top: 30px;">Viel Spaß mit NoahsKI!</p>

	<div class="footer">
	<p>© 2026 NoahsKI - Dein KI-Assistent</p>
	</div>
	</div>
	</body>
	</html>
	"""

	plain_body = f"""
	🎉 Willkommen bei NoahsKI, {name}!

	Dein Account wurde erfolgreich verifiziert und ist jetzt aktiv!

	Was du jetzt tun kannst:
	✅ Mit NoahsKI chatten
	🎨 Bilder generieren
	🌐 Web-Recherche nutzen
	📚 Autonomes Learning System
	💡 Code-Generierung

	Viel Spaß mit NoahsKI!

	© 2026 NoahsKI
	"""

	return self._send_email(to_email, subject, html_body, plain_body)

	except Exception as e:
	logger.error(f"Failed to send welcome email: {e}")
	return False

	def _send_email(self, to_email: str, subject: str, html_body: str, plain_body: str) -> bool:
	"""Internal method to send email via SMTP"""
	try:
	# Create message
	msg = MIMEMultipart('alternative')
	msg['Subject'] = subject
	msg['From'] = f"{self.from_name} <{self.from_email}>"
	msg['To'] = to_email

	# Attach both plain and HTML versions
	part1 = MIMEText(plain_body, 'plain', 'utf-8')
	part2 = MIMEText(html_body, 'html', 'utf-8')
	msg.attach(part1)
	msg.attach(part2)

	# Send email
	with smtplib.SMTP(self.smtp_server, self.smtp_port) as server:
	server.starttls()
	server.login(self.smtp_user, self.smtp_password)
	server.send_message(msg)

	logger.info(f"✓ Email sent to {to_email}")
	return True

	except Exception as e:
	logger.error(f"SMTP error: {e}")
	return False


	# ═══════════════════════════════════════════════════════════════════════════════
	# AUTH PLUGIN MAIN CLASS
	# ═══════════════════════════════════════════════════════════════════════════════

	class AuthPlugin:
	"""Main authentication plugin"""

	def __init__(self):
	logger.info("🔐 Initializing Authentication Plugin...")

	# Create directories
	AuthConfig.DATA_DIR.mkdir(parents=True, exist_ok=True)

	# Initialize services
	self.email_service = EmailService()

	# Load data
	self.users: Dict[str, User] = self._load_users()
	self.sessions: Dict[str, Session] = self._load_sessions()
	self.verifications: Dict[str, VerificationCode] = self._load_verifications()

	logger.info(f"✅ Auth Plugin initialized ({len(self.users)} users)")

	# ─────────────────────────────────────────────────────────────────────────
	# DATA PERSISTENCE
	# ─────────────────────────────────────────────────────────────────────────

	def _load_users(self) -> Dict[str, User]:
	"""Load users from JSON"""
	try:
	if AuthConfig.USERS_FILE.exists():
	with open(AuthConfig.USERS_FILE, 'r', encoding='utf-8') as f:
	data = json.load(f)
	return {email: User.from_dict(u) for email, u in data.items()}
	except Exception as e:
	logger.error(f"Failed to load users: {e}")
	return {}

	def _save_users(self):
	"""Save users to JSON"""
	try:
	# Ensure directory exists
	AuthConfig.DATA_DIR.mkdir(parents=True, exist_ok=True)
	data = {email: u.to_dict() for email, u in self.users.items()}
	with open(AuthConfig.USERS_FILE, 'w', encoding='utf-8') as f:
	json.dump(data, f, indent=2, ensure_ascii=False)
	except Exception as e:
	logger.warning(f"⚠️ Failed to save users: {e}")

	def _load_sessions(self) -> Dict[str, Session]:
	"""Load sessions from JSON"""
	try:
	if AuthConfig.SESSIONS_FILE.exists():
	with open(AuthConfig.SESSIONS_FILE, 'r', encoding='utf-8') as f:
	data = json.load(f)
	sessions = {token: Session.from_dict(s) for token, s in data.items()}
	# Clean expired sessions
	return {t: s for t, s in sessions.items() if s.is_valid()}
	except Exception as e:
	logger.error(f"Failed to load sessions: {e}")
	return {}

	def _save_sessions(self):
	"""Save sessions to JSON"""
	try:
	# Ensure directory exists
	AuthConfig.DATA_DIR.mkdir(parents=True, exist_ok=True)
	# Only save valid sessions
	valid_sessions = {t: s for t, s in self.sessions.items() if s.is_valid()}
	data = {token: s.to_dict() for token, s in valid_sessions.items()}
	with open(AuthConfig.SESSIONS_FILE, 'w', encoding='utf-8') as f:
	json.dump(data, f, indent=2, ensure_ascii=False)
	except Exception as e:
	logger.warning(f"⚠️ Failed to save sessions: {e}")

	def _load_verifications(self) -> Dict[str, VerificationCode]:
	"""Load verification codes from JSON"""
	try:
	if AuthConfig.VERIFICATION_FILE.exists():
	with open(AuthConfig.VERIFICATION_FILE, 'r', encoding='utf-8') as f:
	data = json.load(f)
	codes = {email: VerificationCode.from_dict(v) for email, v in data.items()}
	# Clean expired codes
	return {e: v for e, v in codes.items() if v.is_valid()}
	except Exception as e:
	logger.error(f"Failed to load verifications: {e}")
	return {}

	def _save_verifications(self):
	"""Save verification codes to JSON"""
	try:
	# Ensure directory exists
	AuthConfig.DATA_DIR.mkdir(parents=True, exist_ok=True)
	# Only save valid codes
	valid_codes = {e: v for e, v in self.verifications.items() if v.is_valid()}
	data = {email: v.to_dict() for email, v in valid_codes.items()}
	with open(AuthConfig.VERIFICATION_FILE, 'w', encoding='utf-8') as f:
	json.dump(data, f, indent=2, ensure_ascii=False)
	except Exception as e:
	logger.warning(f"⚠️ Failed to save verifications: {e}")

	# ─────────────────────────────────────────────────────────────────────────
	# PASSWORD HASHING
	# ─────────────────────────────────────────────────────────────────────────

	def _hash_password(self, password: str) -> str:
	"""Hash password with salt"""
	salt = secrets.token_hex(16)
	pwd_hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt.encode(), 100000)
	return f"{salt}${pwd_hash.hex()}"

	def _verify_password(self, password: str, password_hash: str) -> bool:
	"""Verify password against hash"""
	try:
	salt, pwd_hash = password_hash.split('$')
	computed_hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt.encode(), 100000)
	return computed_hash.hex() == pwd_hash
	except:
	return False

	# ─────────────────────────────────────────────────────────────────────────
	# VERIFICATION CODE GENERATION
	# ─────────────────────────────────────────────────────────────────────────

	def _generate_verification_code(self) -> str:
	"""Generate 6-digit verification code"""
	return ''.join([str(secrets.randbelow(10)) for _ in range(AuthConfig.VERIFICATION_CODE_LENGTH)])

	# ─────────────────────────────────────────────────────────────────────────
	# PUBLIC API METHODS
	# ─────────────────────────────────────────────────────────────────────────

	def register(self, email: str, password: str, username: str = None) -> Tuple[bool, str]:
	"""
	Register new user and send verification email

	Returns: (success, message)
	"""
	try:
	# Validate email format
	if '@' not in email or '.' not in email.split('@')[1]:
	return False, "Ungültige Email-Adresse"

	# Check if user exists
	if email in self.users:
	return False, "Email bereits registriert"

	# Validate password
	if len(password) < 8:
	return False, "Passwort muss mindestens 8 Zeichen lang sein"

	# Create user (unverified)
	user = User(
	email=email,
	password_hash=self._hash_password(password),
	created_at=time.time(),
	verified=False,
	username=username
	)

	self.users[email] = user
	self._save_users()

	# Generate verification code
	code = self._generate_verification_code()
	expires_at = time.time() + (AuthConfig.VERIFICATION_EXPIRY_MINUTES * 60)

	verification = VerificationCode(
	email=email,
	code=code,
	created_at=time.time(),
	expires_at=expires_at
	)

	self.verifications[email] = verification
	self._save_verifications()

	# Send verification email
	email_sent = self.email_service.send_verification_email(email, code)

	if email_sent:
	logger.info(f"✓ User registered: {email}")
	return True, f"Registrierung erfolgreich! Verifizierungscode wurde an {email} gesendet."
	else:
	return True, "Registrierung erfolgreich, aber Email konnte nicht gesendet werden. Bitte kontaktiere den Support."

	except Exception as e:
	logger.error(f"Registration error: {e}")
	return False, f"Fehler bei der Registrierung: {str(e)}"

	def verify_email(self, email: str, code: str) -> Tuple[bool, str]:
	"""
	Verify email with code

	Returns: (success, message)
	"""
	try:
	# Check if verification exists
	if email not in self.verifications:
	return False, "Kein Verifizierungscode gefunden"

	verification = self.verifications[email]

	# Check if expired
	if not verification.is_valid():
	return False, "Verifizierungscode abgelaufen oder zu viele Versuche"

	# Increment attempts
	verification.attempts += 1
	self._save_verifications()

	# Check code
	if verification.code != code:
	return False, f"Falscher Code (Versuch {verification.attempts}/3)"

	# Mark user as verified
	if email in self.users:
	self.users[email].verified = True
	self._save_users()

	# Remove verification code
	del self.verifications[email]
	self._save_verifications()

	# Send welcome email
	self.email_service.send_welcome_email(email, self.users[email].username)

	logger.info(f"✓ Email verified: {email}")
	return True, "Email erfolgreich verifiziert! Du kannst dich jetzt anmelden."
	else:
	return False, "User nicht gefunden"

	except Exception as e:
	logger.error(f"Verification error: {e}")
	return False, f"Fehler bei der Verifizierung: {str(e)}"

	def resend_verification(self, email: str) -> Tuple[bool, str]:
	"""Resend verification code"""
	try:
	if email not in self.users:
	return False, "Email nicht registriert"

	if self.users[email].verified:
	return False, "Email bereits verifiziert"

	# Generate new code
	code = self._generate_verification_code()
	expires_at = time.time() + (AuthConfig.VERIFICATION_EXPIRY_MINUTES * 60)

	verification = VerificationCode(
	email=email,
	code=code,
	created_at=time.time(),
	expires_at=expires_at
	)

	self.verifications[email] = verification
	self._save_verifications()

	# Send email
	email_sent = self.email_service.send_verification_email(email, code)

	if email_sent:
	return True, "Neuer Verifizierungscode wurde gesendet"
	else:
	return False, "Email konnte nicht gesendet werden"

	except Exception as e:
	logger.error(f"Resend error: {e}")
	return False, f"Fehler: {str(e)}"

	def login(self, email: str, password: str, ip_address: str = None, user_agent: str = None) -> Tuple[bool, str, Optional[str]]:
	"""
	Login user

	Returns: (success, message, token)
	"""
	try:
	# Check if user exists
	if email not in self.users:
	return False, "Email oder Passwort falsch", None

	user = self.users[email]

	# Check if account is locked
	if user.locked_until and time.time() < user.locked_until:
	remaining = int((user.locked_until - time.time()) / 60)
	return False, f"Account gesperrt. Versuche es in {remaining} Minuten erneut.", None

	# Check if verified
	if not user.verified:
	return False, "Email noch nicht verifiziert", None

	# Verify password
	if not self._verify_password(password, user.password_hash):
	user.login_attempts += 1

	# Lock account after max attempts
	if user.login_attempts >= AuthConfig.MAX_LOGIN_ATTEMPTS:
	user.locked_until = time.time() + (AuthConfig.LOCKOUT_DURATION_MINUTES * 60)
	self._save_users()
	return False, f"Zu viele fehlgeschlagene Versuche. Account für {AuthConfig.LOCKOUT_DURATION_MINUTES} Minuten gesperrt.", None

	self._save_users()
	remaining = AuthConfig.MAX_LOGIN_ATTEMPTS - user.login_attempts
	return False, f"Email oder Passwort falsch ({remaining} Versuche übrig)", None

	# Reset login attempts on successful login
	user.login_attempts = 0
	user.last_login = time.time()
	user.locked_until = None
	self._save_users()

	# Create session
	token = secrets.token_urlsafe(AuthConfig.TOKEN_LENGTH)
	expires_at = time.time() + (AuthConfig.SESSION_EXPIRY_HOURS * 3600)

	session = Session(
	token=token,
	email=email,
	created_at=time.time(),
	expires_at=expires_at,
	ip_address=ip_address,
	user_agent=user_agent
	)

	self.sessions[token] = session
	self._save_sessions()

	logger.info(f"✓ User logged in: {email}")
	return True, "Login erfolgreich", token

	except Exception as e:
	logger.error(f"Login error: {e}")
	return False, f"Fehler beim Login: {str(e)}", None

	def logout(self, token: str) -> Tuple[bool, str]:
	"""Logout user"""
	try:
	if token in self.sessions:
	email = self.sessions[token].email
	del self.sessions[token]
	self._save_sessions()
	logger.info(f"✓ User logged out: {email}")
	return True, "Logout erfolgreich"
	else:
	return False, "Session nicht gefunden"
	except Exception as e:
	logger.error(f"Logout error: {e}")
	return False, f"Fehler beim Logout: {str(e)}"

	def validate_token(self, token: str) -> Tuple[bool, Optional[str]]:
	"""
	Validate session token

	Returns: (valid, email)
	"""
	if token in self.sessions:
	session = self.sessions[token]
	if session.is_valid():
	return True, session.email
	else:
	# Clean up expired session
	del self.sessions[token]
	self._save_sessions()

	return False, None

	def get_user_info(self, email: str) -> Optional[Dict]:
	"""Get user information (without sensitive data)"""
	if email in self.users:
	user = self.users[email]
	return {
	'email': user.email,
	'username': user.username,
	'created_at': user.created_at,
	'verified': user.verified,
	'last_login': user.last_login
	}
	return None

	def get_stats(self) -> Dict:
	"""Get authentication statistics"""
	return {
	'total_users': len(self.users),
	'verified_users': sum(1 for u in self.users.values() if u.verified),
	'active_sessions': len([s for s in self.sessions.values() if s.is_valid()]),
	'pending_verifications': len([v for v in self.verifications.values() if v.is_valid()])
	}


	# ═══════════════════════════════════════════════════════════════════════════════
	# PLUGIN METADATA
	# ═══════════════════════════════════════════════════════════════════════════════

	PLUGIN_INFO = {
	'name': 'auth_plugin',
	'version': '1.0.0',
	'author': 'NoahsKI Team',
	'description': 'Email-based authentication with verification',
	'endpoints': [
	'/auth/register',
	'/auth/verify',
	'/auth/resend',
	'/auth/login',
	'/auth/logout',
	'/auth/validate',
	'/auth/user',
	'/auth/stats'
	]
	}

	__all__ = ['AuthPlugin', 'AuthConfig', 'PLUGIN_INFO']