Merge pull request #116 from eadwinCode/auth_example

Added auth example

Author: eadwinCode

examples/03-auth-with-guards/README.md

@@ -0,0 +1,16 @@
+# Auth With Guards
+Example of ellar authentication and authorization with guards
+
+## Requirements
+Python >= 3.7
+Poetry
+
+## Project setup
+```
+poetry install
+```
+
+### Development Server
+```
+ellar runserver --reload
+```

examples/03-auth-with-guards/auth_project/__init__.py

@@ -0,0 +1,30 @@
+"""
+Define endpoints routes in python class-based fashion
+example:
+
+@Controller("/dogs", tag="Dogs", description="Dogs Resources")
+class MyController(ControllerBase):
+    @get('/')
+    def index(self):
+        return {'detail': "Welcome Dog's Resources"}
+"""
+from ellar.common import Body, Controller, ControllerBase, UseGuards, get, post
+
+from .guards import AllowAnyGuard
+from .schemas import UserCredentials
+from .services import AuthService
+
+
+@Controller("/auth")
+class AuthController(ControllerBase):
+    def __init__(self, auth_service: AuthService) -> None:
+        self.auth_service = auth_service
+
+    @post("/sign-in")
+    @UseGuards(AllowAnyGuard)
+    async def sign_in(self, payload: UserCredentials = Body()):
+        return await self.auth_service.sign_in(payload)
+
+    @get("/profile")
+    def get_profile(self):
+        return self.context.user

examples/03-auth-with-guards/auth_project/auth/__init__.py

@@ -0,0 +1,37 @@
+import typing as t
+
+from ellar.auth import UserIdentity
+from ellar.common import GuardCanActivate, IExecutionContext
+from ellar.common.serializer.guard import (
+    HTTPAuthorizationCredentials,
+    HTTPBasicCredentials,
+)
+from ellar.core.guards import GuardHttpBearerAuth
+from ellar.di import injectable
+from ellar_jwt import JWTService
+
+if t.TYPE_CHECKING:
+    from ellar.core import HTTPConnection
+
+
+@injectable
+class AuthGuard(GuardHttpBearerAuth):
+    def __init__(self, jwt_service: JWTService) -> None:
+        self.jwt_service = jwt_service
+
+    async def authentication_handler(
+        self,
+        connection: "HTTPConnection",
+        credentials: t.Union[HTTPBasicCredentials, HTTPAuthorizationCredentials],
+    ) -> t.Optional[t.Any]:
+        try:
+            data = await self.jwt_service.decode_async(credentials.credentials)
+            return UserIdentity(auth_type="bearer", **dict(data))
+        except Exception:
+            self.raise_exception()
+
+
+@injectable
+class AllowAnyGuard(GuardCanActivate):
+    async def can_activate(self, context: IExecutionContext) -> bool:
+        return True

examples/03-auth-with-guards/auth_project/auth/constants.py

@@ -0,0 +1,39 @@
+"""
+@Module(
+    controllers=[MyController],
+    providers=[
+        YourService,
+        ProviderConfig(IService, use_class=AService),
+        ProviderConfig(IFoo, use_value=FooService()),
+    ],
+    routers=(routerA, routerB)
+    statics='statics',
+    template='template_folder',
+    # base_directory -> default is the `auth` folder
+)
+class MyModule(ModuleBase):
+    def register_providers(self, container: Container) -> None:
+        # for more complicated provider registrations
+        pass
+
+"""
+from ellar.common import Module
+from ellar.core import ModuleBase
+from ellar.di import Container
+
+from .controllers import AuthController
+from .services import AuthService
+
+
+@Module(
+    controllers=[AuthController],
+    providers=[AuthService],
+    routers=[],
+)
+class AuthModule(ModuleBase):
+    """
+    Auth Module
+    """
+
+    def register_providers(self, container: Container) -> None:
+        """for more complicated provider registrations, use container.register_instance(...)"""

examples/03-auth-with-guards/auth_project/auth/controllers.py

@@ -0,0 +1,24 @@
+"""
+Define Serializers/DTOs
+Example:
+
+class ASampleDTO(Serializer):
+    name: str
+    age: t.Optional[int] = None
+
+for dataclasses, Inherit from DataclassSerializer
+
+@dataclass
+class ASampleDTO(DataclassSerializer):
+    name: str
+    age: t.Optional[int] = None
+"""
+from dataclasses import dataclass
+
+from ellar.common import DataclassSerializer
+
+
+@dataclass
+class UserCredentials(DataclassSerializer):
+    username: str
+    password: str

examples/03-auth-with-guards/auth_project/auth/guards.py

@@ -0,0 +1,34 @@
+"""
+Create a provider and declare its scope
+
+@injectable
+class AProvider
+    pass
+
+@injectable(scope=transient_scope)
+class BProvider
+    pass
+"""
+import typing as t
+
+from ellar.di import injectable
+from ellar_jwt import JWTService
+from starlette import status
+from starlette.exceptions import HTTPException
+
+from ..users.services import UserService
+from .schemas import UserCredentials
+
+
+@injectable
+class AuthService:
+    def __init__(self, user_service: UserService, jwt_service: JWTService):
+        self.user_service = user_service
+        self.jwt_service = jwt_service
+
+    async def sign_in(self, credentials: UserCredentials) -> t.Dict:
+        user = await self.user_service.find_one(credentials.username)
+        if user.password != credentials.password:
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
+
+        return {"access_token": await self.jwt_service.sign_async(user.dict())}