Spaces:
Sleeping
Sleeping
| """ | |
| Auth Service - Authentication layer for API Gateway | |
| Provides plug-and-play authentication with: | |
| - Google OAuth integration | |
| - JWT token management | |
| - Request middleware for auth validation | |
| - URL-based route configuration | |
| Usage: | |
| # In app.py startup | |
| from services.auth_service import register_auth_service | |
| register_auth_service( | |
| required_urls=["/api/*", "/admin/*"], | |
| public_urls=["/", "/health", "/auth/*"], | |
| jwt_secret=os.getenv("JWT_SECRET"), | |
| google_client_id=os.getenv("GOOGLE_CLIENT_ID") | |
| ) | |
| # In routers | |
| from fastapi import Request | |
| @router.get("/protected") | |
| async def protected_route(request: Request): | |
| user = request.state.user # Populated by AuthMiddleware | |
| return {"user_id": user.id} | |
| """ | |
| from services.auth_service.config import AuthServiceConfig | |
| from services.auth_service.middleware import AuthMiddleware | |
| from services.auth_service.google_provider import ( | |
| GoogleAuthService, | |
| GoogleUserInfo, | |
| verify_google_token, | |
| GoogleAuthError, | |
| InvalidTokenError as GoogleInvalidTokenError, | |
| ) | |
| from services.auth_service.jwt_provider import ( | |
| JWTService, | |
| TokenPayload, | |
| create_access_token, | |
| verify_access_token, | |
| JWTError, | |
| TokenExpiredError, | |
| InvalidTokenError, | |
| ) | |
| def register_auth_service( | |
| required_urls: list = None, | |
| optional_urls: list = None, | |
| public_urls: list = None, | |
| jwt_secret: str = None, | |
| jwt_algorithm: str = "HS256", | |
| jwt_expiry_hours: int = 24, | |
| google_client_id: str = None, | |
| admin_emails: list = None, | |
| ) -> None: | |
| """ | |
| Register the auth service with application configuration. | |
| Args: | |
| required_urls: URLs that REQUIRE authentication | |
| optional_urls: URLs where authentication is optional | |
| public_urls: URLs that don't need authentication | |
| jwt_secret: Secret key for JWT signing | |
| jwt_algorithm: JWT algorithm (default: HS256) | |
| jwt_expiry_hours: Token expiry in hours (default: 24) | |
| google_client_id: Google OAuth Client ID | |
| admin_emails: List of admin email addresses | |
| """ | |
| AuthServiceConfig.register( | |
| required_urls=required_urls or [], | |
| optional_urls=optional_urls or [], | |
| public_urls=public_urls or [], | |
| jwt_secret=jwt_secret, | |
| jwt_algorithm=jwt_algorithm, | |
| jwt_expiry_hours=jwt_expiry_hours, | |
| google_client_id=google_client_id, | |
| admin_emails=admin_emails or [], | |
| ) | |
| __all__ = [ | |
| # Registration | |
| 'register_auth_service', | |
| 'AuthServiceConfig', | |
| 'AuthMiddleware', | |
| # Google OAuth | |
| 'GoogleAuthService', | |
| 'GoogleUserInfo', | |
| 'verify_google_token', | |
| 'GoogleAuthError', | |
| 'GoogleInvalidTokenError', | |
| # JWT | |
| 'JWTService', | |
| 'TokenPayload', | |
| 'create_access_token', | |
| 'verify_access_token', | |
| 'JWTError', | |
| 'TokenExpiredError', | |
| 'InvalidTokenError', | |
| ] | |