Separate mypy linter rule

Author: mosquito

.github/workflows/pythonpackage.yml

@@ -7,6 +7,32 @@ on:
     branches: [ master ]
 
 jobs:
+  mypy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup python3.10
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.10"
+
+      - name: Install poetry
+        run: python -m pip install poetry
+
+      - name: Install dependencies
+        run: poetry install
+        env:
+          FORCE_COLOR: yes
+
+      - name: Run mypy
+        run: poetry run mypy jwt_rsa
+        env:
+          FORCE_COLOR: yes
+
   tests:
     runs-on: ubuntu-latest
     strategy:

jwt_rsa/cli.py

@@ -2,9 +2,8 @@
 from argparse import ArgumentParser
 from pathlib import Path
 
-from jwt_rsa.types import AlgorithmType
-
 from . import convert, issue, key_tester, keygen, pubkey, verify
+from .token import ALGORITHMS
 
 
 parser = ArgumentParser()
@@ -20,7 +19,7 @@
     "--kid", dest="kid", type=str, default="", help="Key ID, will be generated if missing",
 )
 keygen_parser.add_argument(
-    "-a", "--algorithm", choices=AlgorithmType.__args__,
+    "-a", "--algorithm", choices=ALGORITHMS,
     help="Key ID, will be generated if missing", default="RS512",
 )
 keygen_parser.add_argument("-u", "--use", dest="use", type=str, default="sig", choices=["sig", "enc"])

jwt_rsa/issue.py

@@ -69,7 +69,7 @@
 
 
 def main(arguments: SimpleNamespace) -> None:
-    jwt = JWT(private_key=load_private_key(arguments.private_key))
+    jwt = JWT(load_private_key(arguments.private_key))
 
     whoami = pwd.getpwuid(os.getuid())
 

jwt_rsa/rsa.py

@@ -1,7 +1,7 @@
 import base64
 import json
 from pathlib import Path
-from typing import NamedTuple, Optional, TypedDict, Union, overload
+from typing import NamedTuple, Optional, TypedDict, overload
 
 from cryptography.hazmat.backends import default_backend
 
@@ -11,6 +11,11 @@
 
 
 class KeyPair(NamedTuple):
+    private: RSAPrivateKey
+    public: RSAPublicKey
+
+
+class JWKKeyPair(NamedTuple):
     private: Optional[RSAPrivateKey]
     public: RSAPublicKey
 
@@ -80,8 +85,8 @@ def load_jwk_private_key(jwk: RSAJWKPrivateKey) -> RSAPrivateKey:
     return private_numbers.private_key(default_backend())
 
 
-def load_jwk(jwk: Union[RSAJWKPublicKey, RSAJWKPrivateKey, str]) -> KeyPair:
-    jwk_dict: Union[RSAJWKPublicKey, RSAJWKPrivateKey]
+def load_jwk(jwk: RSAJWKPublicKey | RSAJWKPrivateKey | str) -> JWKKeyPair:
+    jwk_dict: RSAJWKPublicKey | RSAJWKPrivateKey
 
     if isinstance(jwk, str):
         jwk_dict = json.loads(jwk)
@@ -92,10 +97,10 @@ def load_jwk(jwk: Union[RSAJWKPublicKey, RSAJWKPrivateKey, str]) -> KeyPair:
         private_key = load_jwk_private_key(jwk_dict)    # type: ignore
         public_key = private_key.public_key()
     else:  # Public key
-        public_key = load_jwk_public_key(jwk_dict)   # type: ignore
+        public_key = load_jwk_public_key(jwk_dict)
         private_key = None
 
-    return KeyPair(private=private_key, public=public_key)
+    return JWKKeyPair(private=private_key, public=public_key)
 
 
 def int_to_base64url(value: int) -> str:
@@ -111,19 +116,19 @@ def rsa_to_jwk(
 
 
 @overload
-def rsa_to_jwk(    # type: ignore[overload-cannot-match]
+def rsa_to_jwk(
     key: RSAPrivateKey, *, kid: str = "", alg: AlgorithmType = "RS256", use: str = "sig",
 ) -> RSAJWKPrivateKey: ...
 
 
 def rsa_to_jwk(
-    key: Union[RSAPrivateKey, RSAPublicKey],
+    key: RSAPrivateKey | RSAPublicKey,
     *,
     kid: str = "",
     alg: AlgorithmType = "RS256",
     use: str = "sig",
     kty: str = "RSA",
-) -> Union[RSAJWKPublicKey, RSAJWKPrivateKey]:
+) -> RSAJWKPublicKey | RSAJWKPrivateKey:
     if isinstance(key, RSAPublicKey):
         public_numbers = key.public_numbers()
         private_numbers = None
@@ -161,12 +166,14 @@ def rsa_to_jwk(
     )
 
 
-def load_private_key(data: Union[str, RSAJWKPrivateKey, Path]) -> RSAPrivateKey:
+def load_private_key(data: str | RSAJWKPrivateKey | Path) -> RSAPrivateKey:
     if isinstance(data, Path):
         data = data.read_text()
     if isinstance(data, str):
         if data.startswith("-----BEGIN "):
-            return serialization.load_pem_private_key(data.encode(), None, default_backend())
+            result = serialization.load_pem_private_key(data.encode(), None, default_backend())
+            assert isinstance(result, RSAPrivateKey)
+            return result
         if data.strip().startswith("{"):
             return load_jwk_private_key(json.loads(data))
     if isinstance(data, dict):
@@ -177,12 +184,14 @@ def load_private_key(data: Union[str, RSAJWKPrivateKey, Path]) -> RSAPrivateKey:
     return key
 
 
-def load_public_key(data: Union[str, RSAJWKPublicKey, Path]) -> RSAPublicKey:
+def load_public_key(data: str | RSAJWKPublicKey | Path) -> RSAPublicKey:
     if isinstance(data, Path):
         data = data.read_text()
     if isinstance(data, str):
         if data.startswith("-----BEGIN "):
-            return serialization.load_pem_public_key(data.encode(), default_backend())
+            result = serialization.load_pem_public_key(data.encode(), default_backend())
+            assert isinstance(result, RSAPublicKey)
+            return result
         if data.strip().startswith("{"):
             return load_jwk_public_key(json.loads(data))
     if isinstance(data, dict):

jwt_rsa/token.py

@@ -2,34 +2,25 @@
 from dataclasses import dataclass, field
 from datetime import datetime, timedelta
 from operator import add, sub
-from typing import (
-    TYPE_CHECKING, Any, Callable, Dict, Optional, Sequence, TypeVar, Union, overload,
-)
+from types import EllipsisType
+from typing import Any, Callable, Dict, Optional, Sequence, TypeVar, overload
 
 from jwt import PyJWT
 
-from .types import AlgorithmType, RSAPrivateKey, RSAPublicKey
-
-
-if TYPE_CHECKING:
-    # pylama:ignore=E0602
-    DateType = Union[timedelta, datetime, float, int, ellipsis]
-else:
-    DateType = Union[timedelta, datetime, float, int, type(Ellipsis)]
-
+from .types import AlgorithmType, RSAPrivateKey, RSAPublicKey, DateType
 
 R = TypeVar("R")
 DAY = 86400
 DEFAULT_EXPIRATION = timedelta(days=31).total_seconds()
 NBF_DELTA = 20
-ALGORITHMS = tuple(AlgorithmType.__args__)
+ALGORITHMS: Sequence[AlgorithmType] = ("RS256", "RS384", "RS512")
 
 
 def date_to_timestamp(
-    value: DateType,
+    value: DateType | EllipsisType,
     default: Callable[[], R],
     timedelta_func: Callable[[float, float], int] = add,
-) -> Union[int, float, R]:
+) -> int | float | R:
     if isinstance(value, timedelta):
         return timedelta_func(time.time(), value.total_seconds())
     elif isinstance(value, datetime):
@@ -46,8 +37,8 @@ def date_to_timestamp(
 class JWTDecoder:
     jwt: PyJWT = field(repr=False, compare=False)
     public_key: RSAPublicKey = field(repr=False, compare=True)
-    expires: Union[int, float]
-    nbf_delta: Union[int, float]
+    expires: int | float
+    nbf_delta: int | float
     algorithm: AlgorithmType
     algorithms: Sequence[AlgorithmType]
 
@@ -79,7 +70,7 @@ def __init__(self, key: RSAPrivateKey, *, options: Optional[Dict[str, Any]] = No
         super(JWTDecoder, self).__setattr__('private_key', key)
         super().__init__(key.public_key(), options=options, **kwargs)
 
-    def encode(self, expired: DateType = ..., nbf: DateType = ..., **claims: Any) -> str:
+    def encode(self, expired: DateType | EllipsisType = ..., nbf: DateType | EllipsisType = ..., **claims: Any) -> str:
         claims.setdefault('exp', int(date_to_timestamp(expired, lambda: time.time() + self.expires)))
         claims.setdefault('nbf', int(date_to_timestamp(nbf, lambda: time.time() - self.nbf_delta, timedelta_func=sub)))
         return self.jwt.encode(claims, self.private_key, algorithm=self.algorithm)
@@ -97,7 +88,7 @@ def JWT(
 
 
 @overload
-def JWT(    # type: ignore[overload-cannot-match]
+def JWT(
     key: RSAPublicKey, *,
     options: dict[str, Any] | None = None,
     expires: int | float = DEFAULT_EXPIRATION,
@@ -108,15 +99,15 @@ def JWT(    # type: ignore[overload-cannot-match]
 
 
 def JWT(
-    key: Union[RSAPrivateKey, RSAPublicKey],
+    key: RSAPrivateKey | RSAPublicKey,
     *,
     options: dict[str, Any] | None = None,
     expires: int | float = DEFAULT_EXPIRATION,
     nbf_delta: int | float = NBF_DELTA,
     algorithm: AlgorithmType = "RS512",
     algorithms: Sequence[AlgorithmType] = ALGORITHMS,
-) -> Union[JWTSigner, JWTDecoder]:
-    kwargs = dict(
+) -> JWTSigner | JWTDecoder:
+    kwargs: dict[str, Any] = dict(
         expires=expires,
         nbf_delta=nbf_delta,
         algorithm=algorithm,

jwt_rsa/types.py

@@ -1,3 +1,4 @@
+from datetime import timedelta, datetime
 from typing import Literal
 
 from cryptography.hazmat.primitives import serialization
@@ -11,10 +12,11 @@
 
 
 AlgorithmType = Literal["RS256", "RS384", "RS512"]
-
+DateType = timedelta | datetime | float | int
 
 __all__ = (
     "AlgorithmType",
+    "DateType",
     "RSAPrivateKey",
     "RSAPublicKey",
     "serialization",

jwt_rsa/verify.py

@@ -3,16 +3,18 @@
 from types import SimpleNamespace
 
 from .rsa import generate_rsa, load_private_key, load_public_key
-from .token import JWT
+from .token import JWT, JWTSigner, JWTDecoder
 
 
 def main(arguments: SimpleNamespace) -> None:
+    jwt: JWTSigner | JWTDecoder
     if arguments.private_key:
-        jwt = JWT(private_key=load_private_key(arguments.private_key))
+        jwt = JWT(load_private_key(arguments.private_key))
     elif arguments.public_key:
-        jwt = JWT(public_key=load_public_key(arguments.public_key))
+        jwt = JWT(load_public_key(arguments.public_key))
     elif not arguments.verify:
-        jwt = JWT(*generate_rsa(1024))
+        key_pair = generate_rsa(1024)
+        jwt = JWT(key_pair.private)
     else:
         print("Either private or public key must be provided", file=sys.stderr)
         exit(1)

pyproject.toml

@@ -46,7 +46,7 @@ requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"
 
 [tool.pylama]
-linters = "pycodestyle,pyflakes,mccabe,mccabe,mypy"
+linters = "pycodestyle,pyflakes,mccabe,mccabe"
 
 [tool.pylama.linter.pycodestyle]
 max_line_length = 119