k3nny/TISbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
210 Commits 3 Branches 0 Tags 8.6 MiB
master
Commit Graph

15 Commits

Author SHA1 Message Date
k3nny
f12d89f3da feat(auth): add pluggable authentication system for Flask routes 
Implement comprehensive authentication system with support for
Basic Auth, Flask-Login, and OAuth2 providers.

Features:
- Pluggable architecture via factory pattern
- Multiple authentication providers:
  * None: No authentication (development/testing)
  * Basic Auth: HTTP Basic with bcrypt support
  * Flask-Login: Session-based with multiple users
  * OAuth2: Google, GitHub, GitLab, and generic providers
- Decorator-based route protection (@auth.require_auth)
- User authorization by domain or email (OAuth)
- bcrypt password hashing support
- Comprehensive documentation and examples

Components:
- libtisbackup/auth/__init__.py: Factory function and exports
- libtisbackup/auth/base.py: Base provider interface
- libtisbackup/auth/basic_auth.py: HTTP Basic Auth implementation
- libtisbackup/auth/flask_login_auth.py: Flask-Login implementation
- libtisbackup/auth/oauth_auth.py: OAuth2 implementation
- libtisbackup/auth/example_integration.py: Integration examples
- libtisbackup/auth/README.md: API reference and examples

Documentation:
- AUTHENTICATION.md: Complete authentication guide
  * Setup instructions for each provider
  * Configuration examples
  * Security best practices
  * Troubleshooting guide
  * Migration guide
- samples/auth-config-examples.ini: Configuration templates

Dependencies:
- Add optional dependencies in pyproject.toml:
  * auth-basic: bcrypt>=4.0.0
  * auth-login: flask-login>=0.6.0, bcrypt>=4.0.0
  * auth-oauth: authlib>=1.3.0, requests>=2.32.0
  * auth-all: All auth providers

Installation:
```bash
# Install specific provider
uv sync --extra auth-basic

# Install all providers
uv sync --extra auth-all
```

Usage:
```python
from libtisbackup.auth import get_auth_provider

# Initialize
auth = get_auth_provider("basic", {
    "username": "admin",
    "password": "$2b$12$...",
    "use_bcrypt": True
})
auth.init_app(app)

# Protect routes
@app.route("/")
@auth.require_auth
def index():
    user = auth.get_current_user()
    return f"Hello {user['username']}"
```

Security features:
- bcrypt password hashing (work factor 12)
- OAuth domain/user restrictions
- Session-based authentication
- Clear separation of concerns
- Environment variable support for secrets

OAuth providers supported:
- Google (OpenID Connect)
- GitHub
- GitLab
- Generic OAuth2 provider

Breaking change: None - new feature, backward compatible
Users can continue without authentication (type=none)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-05 02:02:46 +02:00
k3nny
7fcc5afc64 EOF & whitespace 2024-11-29 00:54:09 +01:00
htouvet
bc4b9811ed migrate to Python3 (from alejeune) 2022-04-25 10:02:43 +02:00
Vincent MAUGER
82ca9dfa35 changement du path btrfs 2020-11-20 14:13:25 +01:00
agauvrit
f9df4effd3 add all_json API entrypoint and read_all_configs method 2020-11-20 14:11:16 +01:00
root
7b0799dc17 renamed conf file 2017-03-29 18:58:45 +02:00
ssamson-tis
f624d28f28 faire le backup xen-metadata avec une clef ssh plutôt qu'avec le mdp 2016-04-14 14:25:39 +02:00
ssamson-tis
b95d07705f - switch root_dir_samba 2015-12-23 16:06:49 +01:00
ssamson-tis
fb67af6340 - add backup Samba4 example 2015-12-23 15:30:01 +01:00
ssamson-tis
78e09a1d23 Tool to simply migrate from rsync+ssh to rsync+btrfs+ssh 2015-07-28 10:48:18 +02:00
ssamson-tis
efa6d44d0d Remove duplicate tisbackup-config.ini 2015-07-10 16:58:43 +02:00
ssamson-tis
a555b5d55c Remove old uwsgi references 2015-07-08 17:37:21 +02:00
ssamson-tis
d554c478f2 Bugfix: - vmdk imports 
- stats logs with rsync
 2015-03-25 12:27:57 +01:00
ssamson-tis
3439115500 Mise à jour des exemples de configuration 2014-07-25 15:05:47 +02:00
ssamson-tis
bd05ae8f25 Fist commit 2013-05-23 10:19:43 +02:00