fix: point app.yaml to Ruturaj2506/demo-auth fork

.do/app.yaml

@@ -0,0 +1,79 @@
+# DigitalOcean App Platform spec
+# Docs: https://docs.digitalocean.com/products/app-platform/reference/app-spec/
+#
+# Repo: https://github.com/Ruturaj2506/demo-auth
+#
+# HOW TO DEPLOY:
+#   1. Go to https://cloud.digitalocean.com/apps → "Create App"
+#   2. Connect GitHub → select Ruturaj2506/demo-auth → branch: main
+#   3. DO auto-detects this file — click "Deploy"
+#   5. App URL printed once build finishes (~3-5 min)
+
+name: adaptiveauth
+
+# ── Backend (FastAPI) ─────────────────────────────────────────────────────────
+services:
+  - name: api
+    dockerfile_path: Dockerfile
+    source_dir: /
+    github:
+      repo: Ruturaj2506/demo-auth
+      branch: main
+      deploy_on_push: true
+    http_port: 8000
+    instance_count: 1
+    instance_size_slug: basic-xxs   # cheapest tier (~$5/mo, free with student credits)
+    health_check:
+      http_path: /health
+      initial_delay_seconds: 15
+      period_seconds: 30
+    envs:
+      # Injected automatically by DO when you add a managed DB below
+      - key: DATABASE_URL
+        scope: RUN_TIME
+        value: ${adaptiveauth-db.DATABASE_URL}
+
+      # CHANGE THIS — generate a strong key: python -c "import secrets; print(secrets.token_hex(32))"
+      - key: SECRET_KEY
+        scope: RUN_TIME
+        type: SECRET
+        value: "REPLACE_WITH_YOUR_STRONG_SECRET_KEY"
+
+      - key: ADAPTIVEAUTH_RISK_DEVICE_WEIGHT
+        scope: RUN_TIME
+        value: "0.21"
+      - key: ADAPTIVEAUTH_RISK_LOCATION_WEIGHT
+        scope: RUN_TIME
+        value: "97.68"
+      - key: ADAPTIVEAUTH_RISK_TIME_WEIGHT
+        scope: RUN_TIME
+        value: "0.02"
+      - key: ADAPTIVEAUTH_RISK_VELOCITY_WEIGHT
+        scope: RUN_TIME
+        value: "2.08"
+      - key: ADAPTIVEAUTH_RISK_BEHAVIOR_WEIGHT
+        scope: RUN_TIME
+        value: "0.01"
+
+      # Optional — fill in if you want email alerts / OTP via email
+      - key: ADAPTIVEAUTH_MAIL_USERNAME
+        scope: RUN_TIME
+        value: ""
+      - key: ADAPTIVEAUTH_MAIL_PASSWORD
+        scope: RUN_TIME
+        type: SECRET
+        value: ""
+      - key: ADAPTIVEAUTH_MAIL_FROM
+        scope: RUN_TIME
+        value: ""
+      - key: ADAPTIVEAUTH_MAIL_SERVER
+        scope: RUN_TIME
+        value: ""
+
+# ── Managed PostgreSQL Database ───────────────────────────────────────────────
+databases:
+  - name: adaptiveauth-db
+    engine: PG              # PostgreSQL 16
+    version: "16"
+    size: db-s-dev-database # smallest/free-eligible dev database
+    num_nodes: 1

.dockerignore

@@ -0,0 +1,64 @@
+# Python
+__pycache__/
+*.py[cod]
+*.pyo
+*.pyd
+*.egg
+*.egg-info/
+dist/
+build/
+.eggs/
+*.whl
+
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Environment secrets — never bake these into the image
+.env
+*.env
+
+# Database files — use managed PostgreSQL in production
+*.db
+*.sqlite
+*.sqlite3
+
+# Tests and dev tools
+test_*.py
+*_test.py
+pytest.ini
+.pytest_cache/
+.coverage
+htmlcov/
+.mypy_cache/
+.ruff_cache/
+
+# IDE
+.vscode/
+.idea/
+*.code-workspace
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+
+# Docs (not needed at runtime)
+README.md
+HOW_TO_TEST.md
+LICENSE
+*.md
+
+# Temp / JSON test files
+openapi_temp.json
+openapi_test.json
+run_example.py
+start_server.*
+
+# Model source (already copied into image)
+# (included intentionally — XGBoost weights are needed at runtime)

.env.example

@@ -0,0 +1,40 @@
+# ──────────────────────────────────────────────────────────────────────────────
+# AdaptiveAuth — Environment Variables
+# Copy this file to .env and fill in your values (never commit .env to git!)
+# ──────────────────────────────────────────────────────────────────────────────
+
+# ── Database ──────────────────────────────────────────────────────────────────
+# For local dev, SQLite is fine:
+DATABASE_URL=sqlite:///./adaptiveauth.db
+# For production (DigitalOcean Managed Postgres — value injected automatically by App Platform):
+# DATABASE_URL=postgresql://user:password@host:port/dbname
+
+# ── Security ──────────────────────────────────────────────────────────────────
+# Generate with: python -c "import secrets; print(secrets.token_hex(32))"
+SECRET_KEY=REPLACE_WITH_A_STRONG_RANDOM_SECRET_KEY_AT_LEAST_32_CHARS
+ADAPTIVEAUTH_ALGORITHM=HS256
+ADAPTIVEAUTH_ACCESS_TOKEN_EXPIRE_MINUTES=30
+ADAPTIVEAUTH_REFRESH_TOKEN_EXPIRE_DAYS=7
+
+# ── Risk Weights (AI-learned from XGBoost model) ──────────────────────────────
+ADAPTIVEAUTH_RISK_DEVICE_WEIGHT=0.21
+ADAPTIVEAUTH_RISK_LOCATION_WEIGHT=97.68
+ADAPTIVEAUTH_RISK_TIME_WEIGHT=0.02
+ADAPTIVEAUTH_RISK_VELOCITY_WEIGHT=2.08
+ADAPTIVEAUTH_RISK_BEHAVIOR_WEIGHT=0.01
+
+# ── Risk Thresholds ───────────────────────────────────────────────────────────
+ADAPTIVEAUTH_RISK_LOW_THRESHOLD=25.0
+ADAPTIVEAUTH_RISK_MEDIUM_THRESHOLD=50.0
+ADAPTIVEAUTH_RISK_HIGH_THRESHOLD=75.0
+
+# ── Email (optional — needed for OTP/alerts) ──────────────────────────────────
+ADAPTIVEAUTH_MAIL_USERNAME=your@email.com
+ADAPTIVEAUTH_MAIL_PASSWORD=your_app_password
+ADAPTIVEAUTH_MAIL_FROM=your@email.com
+ADAPTIVEAUTH_MAIL_SERVER=smtp.gmail.com
+ADAPTIVEAUTH_MAIL_PORT=587
+
+# ── CORS ─────────────────────────────────────────────────────────────────────
+# Replace * with your frontend domain in production
+# ADAPTIVEAUTH_CORS_ORIGINS=["https://your-app.ondigitalocean.app"]

Dockerfile

@@ -0,0 +1,42 @@
+# ── Stage 1: build dependencies ──────────────────────────────────────────────
+FROM python:3.11-slim AS builder
+
+WORKDIR /app
+
+# Install build tools needed for some wheels (psycopg2, cryptography, etc.)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        build-essential \
+        libpq-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir --user -r requirements.txt
+
+# ── Stage 2: slim runtime image ───────────────────────────────────────────────
+FROM python:3.11-slim
+
+# Runtime lib for psycopg2
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        libpq5 \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Copy installed packages from builder
+COPY --from=builder /root/.local /root/.local
+
+# Copy application source
+COPY . .
+
+ENV PATH=/root/.local/bin:$PATH \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PORT=8000
+
+EXPOSE 8000
+
+# Non-root user for security
+RUN adduser --disabled-password --gecos "" appuser && chown -R appuser /app
+USER appuser
+
+CMD ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port $PORT --workers 2"]

Procfile

@@ -0,0 +1 @@
+web: uvicorn main:app --host 0.0.0.0 --port $PORT --workers 2

adaptiveauth/config.py

@@ -77,13 +77,18 @@ class AdaptiveAuthSettings(BaseSettings):
 
 
 class RiskFactorWeights(BaseSettings):
-    """Configuration for risk factor weights in risk assessment."""
+    """Configuration for risk factor weights in risk assessment.
     
-    DEVICE_WEIGHT: float = Field(default=25.0, description="Weight for device factor")
-    LOCATION_WEIGHT: float = Field(default=25.0, description="Weight for location factor")
-    TIME_WEIGHT: float = Field(default=15.0, description="Weight for time factor")
-    VELOCITY_WEIGHT: float = Field(default=20.0, description="Weight for velocity factor")
-    BEHAVIOR_WEIGHT: float = Field(default=15.0, description="Weight for behavior factor")
+    Weights are learned from the trained XGBoost model (rba_xgb_model.json).
+    Trained on Kaggle RBA dataset (1.6M rows), ROC-AUC: 1.0.
+    Updated: 2026-02-20
+    """
+    
+    DEVICE_WEIGHT: float = Field(default=0.21, description="Weight for device factor (AI-learned)")
+    LOCATION_WEIGHT: float = Field(default=97.68, description="Weight for location/IP factor (AI-learned)")
+    TIME_WEIGHT: float = Field(default=0.02, description="Weight for time factor (AI-learned)")
+    VELOCITY_WEIGHT: float = Field(default=2.08, description="Weight for velocity factor (AI-learned)")
+    BEHAVIOR_WEIGHT: float = Field(default=0.01, description="Weight for behavior factor (AI-learned)")
     
     class Config:
         env_prefix = "ADAPTIVEAUTH_RISK_"

adaptiveauth/models/feature_importances.json

@@ -0,0 +1,19 @@
+{
+  "is_attack_ip": 0.967225193977356,
+  "ip_failure_count": 0.019231485202908516,
+  "country_freq": 0.00756910489872098,
+  "asn_risk": 0.0019815003033727407,
+  "is_bot": 0.0013159684604033828,
+  "ip_attempt_count": 0.0009205246460624039,
+  "device_type": 0.0007694000960327685,
+  "user_recent_failures": 0.0006265112315304577,
+  "login_hour": 9.224589302903041e-05,
+  "rtt_zscore": 5.906149817747064e-05,
+  "user_success_rate": 5.211737152421847e-05,
+  "is_new_country": 5.003463229513727e-05,
+  "is_new_browser": 4.279694985598326e-05,
+  "login_day": 2.7936024707742035e-05,
+  "is_late_night": 2.1642506908392534e-05,
+  "is_weekend": 1.440843607269926e-05,
+  "is_unknown_device": 0.0
+}

adaptiveauth/models/feature_names.json

@@ -0,0 +1,19 @@
+[
+  "device_type",
+  "is_bot",
+  "is_unknown_device",
+  "is_new_browser",
+  "is_attack_ip",
+  "is_new_country",
+  "country_freq",
+  "asn_risk",
+  "login_hour",
+  "login_day",
+  "is_late_night",
+  "is_weekend",
+  "user_recent_failures",
+  "ip_attempt_count",
+  "ip_failure_count",
+  "rtt_zscore",
+  "user_success_rate"
+]

adaptiveauth/models/learned_weights.json

@@ -0,0 +1,7 @@
+{
+  "device": 0.20999999344348907,
+  "location": 97.68000030517578,
+  "time": 0.019999999552965164,
+  "velocity": 2.0799999237060547,
+  "behavior": 0.009999999776482582
+}

adaptiveauth/models/model_meta.json

@@ -0,0 +1,23 @@
+{
+  "trained_at": "2026-02-20T20:25:07.626832",
+  "dataset": "kaggle:dasgroup/rba-dataset",
+  "rows_train": 1600000,
+  "rows_test": 400000,
+  "roc_auc": 1.0,
+  "n_features": 17,
+  "old_weights": {
+    "device": 25.0,
+    "location": 25.0,
+    "time": 15.0,
+    "velocity": 20.0,
+    "behavior": 15.0
+  },
+  "weights_applied_at": "2026-02-21T00:00:00.000000",
+  "learned_weights": {
+    "device": 0.20999999344348907,
+    "location": 97.68000030517578,
+    "time": 0.019999999552965164,
+    "velocity": 2.0799999237060547,
+    "behavior": 0.009999999776482582
+  }
+}

requirements.txt

@@ -1,5 +1,6 @@
 # AdaptiveAuth Framework - Production Dependencies
 fastapi>=0.104.0
+psycopg2-binary>=2.9.9
 uvicorn[standard]>=0.24.0
 sqlalchemy>=2.0.0
 pydantic>=2.0.0