k3nny
f12d89f3da
Implement comprehensive authentication system with support for
Basic Auth, Flask-Login, and OAuth2 providers.
Features:
- Pluggable architecture via factory pattern
- Multiple authentication providers:
* None: No authentication (development/testing)
* Basic Auth: HTTP Basic with bcrypt support
* Flask-Login: Session-based with multiple users
* OAuth2: Google, GitHub, GitLab, and generic providers
- Decorator-based route protection (@auth.require_auth)
- User authorization by domain or email (OAuth)
- bcrypt password hashing support
- Comprehensive documentation and examples
Components:
- libtisbackup/auth/__init__.py: Factory function and exports
- libtisbackup/auth/base.py: Base provider interface
- libtisbackup/auth/basic_auth.py: HTTP Basic Auth implementation
- libtisbackup/auth/flask_login_auth.py: Flask-Login implementation
- libtisbackup/auth/oauth_auth.py: OAuth2 implementation
- libtisbackup/auth/example_integration.py: Integration examples
- libtisbackup/auth/README.md: API reference and examples
Documentation:
- AUTHENTICATION.md: Complete authentication guide
* Setup instructions for each provider
* Configuration examples
* Security best practices
* Troubleshooting guide
* Migration guide
- samples/auth-config-examples.ini: Configuration templates
Dependencies:
- Add optional dependencies in pyproject.toml:
* auth-basic: bcrypt>=4.0.0
* auth-login: flask-login>=0.6.0, bcrypt>=4.0.0
* auth-oauth: authlib>=1.3.0, requests>=2.32.0
* auth-all: All auth providers
Installation:
```bash
# Install specific provider
uv sync --extra auth-basic
# Install all providers
uv sync --extra auth-all
```
Usage:
```python
from libtisbackup.auth import get_auth_provider
# Initialize
auth = get_auth_provider("basic", {
"username": "admin",
"password": "$2b$12$...",
"use_bcrypt": True
})
auth.init_app(app)
# Protect routes
@app.route("/")
@auth.require_auth
def index():
user = auth.get_current_user()
return f"Hello {user['username']}"
```
Security features:
- bcrypt password hashing (work factor 12)
- OAuth domain/user restrictions
- Session-based authentication
- Clear separation of concerns
- Environment variable support for secrets
OAuth providers supported:
- Google (OpenID Connect)
- GitHub
- GitLab
- Generic OAuth2 provider
Breaking change: None - new feature, backward compatible
Users can continue without authentication (type=none)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
53 lines
1.3 KiB
Python
53 lines
1.3 KiB
Python
#!/usr/bin/python3
|
|
# -*- coding: utf-8 -*-
|
|
"""
|
|
TISBackup Authentication Module
|
|
|
|
Provides pluggable authentication providers for Flask routes.
|
|
Supports: Basic Auth, Flask-Login, OAuth2
|
|
"""
|
|
|
|
from .base import AuthProvider
|
|
from .basic_auth import BasicAuthProvider
|
|
from .flask_login_auth import FlaskLoginProvider
|
|
from .oauth_auth import OAuthProvider
|
|
|
|
__all__ = [
|
|
"AuthProvider",
|
|
"BasicAuthProvider",
|
|
"FlaskLoginProvider",
|
|
"OAuthProvider",
|
|
"get_auth_provider",
|
|
]
|
|
|
|
|
|
def get_auth_provider(auth_type, config=None):
|
|
"""Factory function to get authentication provider.
|
|
|
|
Args:
|
|
auth_type: Type of auth ('basic', 'flask-login', 'oauth', or 'none')
|
|
config: Configuration dict for the provider
|
|
|
|
Returns:
|
|
AuthProvider instance
|
|
|
|
Raises:
|
|
ValueError: If auth_type is not supported
|
|
"""
|
|
providers = {
|
|
"none": AuthProvider,
|
|
"basic": BasicAuthProvider,
|
|
"flask-login": FlaskLoginProvider,
|
|
"oauth": OAuthProvider,
|
|
}
|
|
|
|
auth_type = auth_type.lower()
|
|
if auth_type not in providers:
|
|
raise ValueError(
|
|
f"Unsupported auth type: {auth_type}. "
|
|
f"Supported types: {', '.join(providers.keys())}"
|
|
)
|
|
|
|
provider_class = providers[auth_type]
|
|
return provider_class(config or {})
|