{"id":19188356,"url":"https://github.com/zx80/flask-simple-auth","last_synced_at":"2025-05-08T02:49:25.105Z","repository":{"id":48304326,"uuid":"340837766","full_name":"zx80/flask-simple-auth","owner":"zx80","description":"FlaskSimpleAuth: The Secure Flask Framework","archived":false,"fork":false,"pushed_at":"2025-04-08T09:30:02.000Z","size":4609,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-08T02:49:14.175Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://zx80.github.io/flask-simple-auth/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zx80.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-21T06:52:58.000Z","updated_at":"2025-04-08T09:29:26.000Z","dependencies_parsed_at":"2023-10-01T15:55:18.567Z","dependency_job_id":"44794160-ced9-4579-80f6-8d3326fa689a","html_url":"https://github.com/zx80/flask-simple-auth","commit_stats":{"total_commits":1429,"total_committers":1,"mean_commits":1429.0,"dds":0.0,"last_synced_commit":"e5b989efab087a2a415cbaa6f79cd9166fd3f2d4"},"previous_names":[],"tags_count":128,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zx80%2Fflask-simple-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zx80%2Fflask-simple-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zx80%2Fflask-simple-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zx80%2Fflask-simple-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zx80","download_url":"https://codeload.github.com/zx80/flask-simple-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252989944,"owners_count":21836665,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T11:24:28.106Z","updated_at":"2025-05-08T02:49:25.091Z","avatar_url":"https://github.com/zx80.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# FlaskSimpleAuth: The Secure Flask Framework\n\nFlaskSimpleAuth is a [Flask](https://flask.palletsprojects.com/) wrapper to add\na declarative security layer to routes with authentification, authorization and\nparameter management.\n\n![Status](https://github.com/zx80/flask-simple-auth/actions/workflows/fsa.yml/badge.svg?branch=main\u0026style=flat)\n![Tests](https://img.shields.io/badge/tests-105%20✓-success)\n![Coverage](https://img.shields.io/badge/coverage-100%25-success)\n![Issues](https://img.shields.io/github/issues/zx80/flask-simple-auth?style=flat)\n![Python](https://img.shields.io/badge/python-3-informational)\n![Version](https://img.shields.io/pypi/v/FlaskSimpleAuth)\n![Badges](https://img.shields.io/badge/badges-8-informational)\n![License](https://img.shields.io/pypi/l/flasksimpleauth?style=flat)\n\nWith FlaskSimpleAuth, application and security concerns are separated:\n\n- the **application** focusses on *what* to do, and *declares* its security\n  requirements.\n- the **configuration** declares *how* the authentification and authorization\n  constraints are checked by providing settings and hook functions.\n- the **framework** *implements* and *enforces* the security on the application\n  routes, with safe defaults so that security cannot be overlooked.\n\nThe following Flask application provides two routes:\n\n- `GET /store` allows any authenticated *user* in group *employee* to\n  access the store list.\n- `POST /store/\u003csid\u003e` allows an authenticated *user* who is a *manager* of\n  *store* number *sid* to add a quantity of product to the store inventory.\n\n```python\n# File \"app.py\"\nfrom FlaskSimpleAuth import Flask\n\napp = Flask(\"acme\")\napp.config.from_envvar(\"ACME_CONFIG\")\n\n@app.get(\"/store\", authz=\"employee\")\ndef get_store(pattern: str = \"%\"):\n    # return the list of stores matching optional parameter pattern\n    return ..., 200\n\n@app.post(\"/store/\u003csid\u003e/product\", authz=(\"store\", \"sid\", \"manager\"))\ndef post_store_sid_product(sid: int, product: str, quantity: int):\n    # product is added in quantity to store sid\n    return ..., 201\n```\n\nIn this code, there is *no* clue about how users are authenticated, as this is\nset from the configuration.\nOnly authorizations are declared on the route with the mandatory ``authz``\nparameter.\nHow these are checked is also set from the configuration.\nHTTP or JSON parameters are automatically converted to the expected type,\nwith features on par with [FastAPI](https://fastapi.tiangolo.com/).\n\nAuthentication and authorizations are provided to the framework with callback functions.\nFor our example, we will need to retrieve the salted hashed password for a user,\nto check whether a user belongs to a group, and\nto tell whether a user can access a given store in a particular role:\n\n```python\n# File \"auth.py\"\ndef get_user_pass(user: str) -\u003e str|None:\n    return ...  # hashed password retrieved from somewhere\n\ndef user_is_employee(user: str) -\u003e bool:\n    return ...  # whether user belongs to group employee\n\ndef store_perms(user: str, sid: int, role: str) -\u003e bool|None:\n    return ...  # whether user can access store sid in role\n```\n\nHere is an example of configuration for the above application:\nUsers are identified either with a JWT token or with a basic authentification.\n\n```python\n# File \"acme.conf\"\nimport os\nimport auth\n\nFSA_MODE = \"dev\"\nFSA_AUTH = [\"token\", \"basic\"]\nFSA_TOKEN_TYPE = \"jwt\"\nFSA_TOKEN_SECRET = os.environ[\"ACME_SECRET\"]\nFSA_GET_USER_PASS = auth.get_user_pass\nFSA_GROUP_CHECK = { \"employee\": auth.user_is_employee }\nFSA_OBJECT_PERMS = { \"store\": auth.store_perms }\n```\n\nThe framework will ensure that routes are only called by authenticated users\nwho have the right authorizations.\nSecure and reasonable defaults are provided.\nMost features can be adjusted or extended to particular needs through numerous\ndirectives and hooks.\nAuthentication and authorization callback invocations are cached for efficiency.\nAlso, [pydantic](https://docs.pydantic.dev/), dataclass and generic type\nparameters are supported out of the box.\n\n## More\n\n- [documentation](https://zx80.github.io/flask-simple-auth/)\n  including a [tutorial](https://zx80.github.io/flask-simple-auth/TUTORIAL)\n  and convenient [recipes](https://zx80.github.io/flask-simple-auth/RECIPES),\n  [sources](https://github.com/zx80/flask-simple-auth) and\n  [issues](https://github.com/zx80/flask-simple-auth/issues) are hosted on\n  [GitHub](https://github.com/).\n- install [package](https://pypi.org/project/FlaskSimpleAuth/) from\n  [PyPI](https://pypi.org/).\n\n## License\n\nThis code is [Public Domain](https://creativecommons.org/publicdomain/zero/1.0/).\n\nAll software has bug, this is software, hence…\nBeware that you may lose your hairs or your friends because of it.\nIf you like it, feel free to send a postcard to the author.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzx80%2Fflask-simple-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzx80%2Fflask-simple-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzx80%2Fflask-simple-auth/lists"}