o RhrI@sddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z m Z m Z mZmZmZddlmZddlmZddlmZmZeeZe rQddlZe Gdd d Ze Gd d d Ze Gd d d Zed&dddefddZ dddeefddZ!dddeddfddZ"d&dddeddfddZ#dddefddZ$d&dddedefd d!Z%de fd"d#Z&d&dedeeeeffd$d%Z'dS)'N) dataclass) TYPE_CHECKINGDictListOptionalTupleUnion) constants)whoami) experimental get_tokenc@szeZdZUdZeed<eed<eed<eed<eed<dZeeed<dZ eeed <dZ eeed <dZ eeed <dS) OAuthOrgInfoab Information about an organization linked to a user logged in with OAuth. Attributes: sub (`str`): Unique identifier for the org. OpenID Connect field. name (`str`): The org's full name. OpenID Connect field. preferred_username (`str`): The org's username. OpenID Connect field. picture (`str`): The org's profile picture URL. OpenID Connect field. is_enterprise (`bool`): Whether the org is an enterprise org. Hugging Face field. can_pay (`Optional[bool]`, *optional*): Whether the org has a payment method set up. Hugging Face field. role_in_org (`Optional[str]`, *optional*): The user's role in the org. Hugging Face field. pending_sso (`Optional[bool]`, *optional*): Indicates if the user granted the OAuth app access to the org but didn't complete SSO. Hugging Face field. missing_mfa (`Optional[bool]`, *optional*): Indicates if the user granted the OAuth app access to the org but didn't complete MFA. Hugging Face field. subnamepreferred_usernamepicture is_enterpriseNcan_pay role_in_org pending_sso missing_mfa) __name__ __module__ __qualname____doc__str__annotations__boolrrrrrrrX/home/air/sanwanet/backup_V2/venv/lib/python3.10/site-packages/huggingface_hub/_oauth.pyrs rc@seZdZUdZeed<eed<eed<eeed<eeed<eed<eed<eeed <eed <eeed <eee ed <d S) OAuthUserInfoa Information about a user logged in with OAuth. Attributes: sub (`str`): Unique identifier for the user, even in case of rename. OpenID Connect field. name (`str`): The user's full name. OpenID Connect field. preferred_username (`str`): The user's username. OpenID Connect field. email_verified (`Optional[bool]`, *optional*): Indicates if the user's email is verified. OpenID Connect field. email (`Optional[str]`, *optional*): The user's email address. OpenID Connect field. picture (`str`): The user's profile picture URL. OpenID Connect field. profile (`str`): The user's profile URL. OpenID Connect field. website (`Optional[str]`, *optional*): The user's website URL. OpenID Connect field. is_pro (`bool`): Whether the user is a pro user. Hugging Face field. can_pay (`Optional[bool]`, *optional*): Whether the user has a payment method set up. Hugging Face field. orgs (`Optional[List[OrgInfo]]`, *optional*): List of organizations the user is part of. Hugging Face field. rrremail_verifiedemailrprofilewebsiteis_prororgsN) rrrrrrrrrrrrrr r!;s     r!c@s@eZdZUdZeed<ejed<eed<eeed<eed<dS) OAuthInfoa Information about the OAuth login. Attributes: access_token (`str`): The access token. access_token_expires_at (`datetime.datetime`): The expiration date of the access token. user_info ([`OAuthUserInfo`]): The user information. state (`str`, *optional*): State passed to the OAuth provider in the original request to the OAuth provider. scope (`str`): Granted scope. access_tokenaccess_token_expires_at user_infostatescopeN) rrrrrrdatetimer!rrrrr r(fs    r(/appzfastapi.FastAPI route_prefixc Cszddlm}Wnty}ztd|d}~wwtjpdd}|j|t| ddd | d }t d durJt d t||d dSt dt||d dS)a Add OAuth endpoints to a FastAPI app to enable OAuth login with Hugging Face. How to use: - Call this method on your FastAPI app to add the OAuth endpoints. - Inside your route handlers, call `parse_huggingface_oauth(request)` to retrieve the OAuth info. - If user is logged in, an [`OAuthInfo`] object is returned with the user's info. If not, `None` is returned. - In your app, make sure to add links to `/oauth/huggingface/login` and `/oauth/huggingface/logout` for the user to log in and out. Example: ```py from huggingface_hub import attach_huggingface_oauth, parse_huggingface_oauth # Create a FastAPI app app = FastAPI() # Add OAuth endpoints to the FastAPI app attach_huggingface_oauth(app) # Add a route that greets the user if they are logged in @app.get("/") def greet_json(request: Request): # Retrieve the OAuth info from the request oauth_info = parse_huggingface_oauth(request) # e.g. OAuthInfo dataclass if oauth_info is None: return {"msg": "Not logged in!"} return {"msg": f"Hello, {oauth_info.user_info.preferred_username}!"} ``` r)SessionMiddlewarezCannot initialize OAuth to due a missing library. Please run `pip install huggingface_hub[oauth]` or add `huggingface_hub[oauth]` to your requirements.txt file in order to install the required dependencies.Nz-v1noneT) secret_key same_site https_onlyr/SPACE_IDz3OAuth is enabled in the Space. Adding OAuth routes.r1z:App is not running in a Space. Adding mocked OAuth routes.)starlette.middleware.sessionsr2 ImportErrorr OAUTH_CLIENT_SECRETadd_middlewarehashlibsha256encode hexdigeststriposgetenvloggerinfo_add_oauth_routes_add_mocked_oauth_routes)r0r1r2esession_secretrrr attach_huggingface_oauths.%   rKrequestzfastapi.Requestreturnc Csd|jvr tddStd|jd}|di}|dg}|r+dd|Dnd}t|d |d |d |d |d |d|d|d|d|d|d }t|dtj|d||d|ddS)a Returns the information from a logged in user as a [`OAuthInfo`] object. For flexibility and future-proofing, this method is very lax in its parsing and does not raise errors. Missing fields are set to `None` without a warning. Return `None`, if the user is not logged in (no info in session cookie). See [`attach_huggingface_oauth`] for an example on how to use this method. oauth_infozNo OAuth info in session.Nz Parsing OAuth info from session.userinfor'cSs\g|]*}t|d|d|d|d|d|d|d|d|dd qS) rrrr isEnterprisecanPay roleInOrg pendingSSO missingMFA) rrrrrrrrr)rget).0orgrrr s z+parse_huggingface_oauth..rrrr"r#rr$r%isProrQ) rrrr"r#rr$r%r&rr'r) expires_atr,r-)r)r*r+r,r-)sessionrEdebugrUr!r(r. fromtimestamp)rL oauth_data user_data orgs_datar'r+rrr parse_huggingface_oauthsB      rac s`zddl}ddlmddlm}ddlmWnty)}ztd|d}~wwd}tj dur8t | dtj durDt | d tj durPt | d tjdur\t | d |jd tj tj d tj itjddt|\}}|d|jdffdd }||d|jdffdd } ||d|jdffdd } dS)zIAdd OAuth routes to the FastAPI app (login, callback handler and logout).rN)MismatchingStateError)OAuthRedirectResponseCannot initialize OAuth to due a missing library. Please run `pip install huggingface_hub[oauth]` or add `huggingface_hub[oauth]` to your requirements.txt file.zOAuth is required but '{}' environment variable is not set. Make sure you've enabled OAuth in your Space by setting `hf_oauth: true` in the Space metadata.OAUTH_CLIENT_IDr< OAUTH_SCOPESOPENID_PROVIDER_URL huggingfacer-z!/.well-known/openid-configuration)r client_id client_secret client_kwargsserver_metadata_urlrLrMcst|}j||IdHS)z)Endpoint that redirects to HF OAuth page.N)_generate_redirect_urirjauthorize_redirectrL redirect_uri)oauthrr oauth_login(sz&_add_oauth_routes..oauth_logincsz j|IdH}WnVybt|jdd}|jd}d|di}|r.||d<dtj|}|tj kr\t j d}|durMt ddd | d }||YS|YSwtd ||jd <t|S) )Endpoint that handles the OAuth callback.N _nb_redirectsr _target_urlr ? SPACE_HOSTzoApp is not running in a Space (SPACE_HOST environment variable is not set). Cannot redirect to non-iframe view.https://r/z@Successfully logged in with OAuth. Storing user info in session.rN)rjauthorize_access_tokenint query_paramsrUurllibparse urlencoder OAUTH_MAX_REDIRECTSrCenviron RuntimeErrorrstriprEr\r[_get_redirect_target)rLrN nb_redirects target_urlr}rrhosthost_urlrbre login_urirsrr oauth_redirect_callback.s2         z2_add_oauth_routes..oauth_redirect_callbackcs&td|jddt|S)zGEndpoint that logs out the user (e.g. delete info from cookie session).z7Logged out with OAuth. Removing user info from session.rNN)rEr\r[poprrLrdrr oauth_logoutSs  z'_add_oauth_routes..oauth_logout)fastapi'authlib.integrations.base_client.errorsrb%authlib.integrations.starlette_clientrcfastapi.responsesrer;r rg ValueErrorformatr<rhriregister_get_oauth_urisrURequest) r0r1rrcrImsg callback_uri logout_urirtrrrrr rGsL       $rGc szddl}ddlmddlmWnty#}ztd|d}~wwtdtt |\}}| |d|j dffd d }| d|j dffd d }| |d|j dffd d }dS)zAdd fake oauth routes if app is run locally and OAuth is enabled. Using OAuth will have the same behavior as in a Space but instead of authenticating with HF, a mocked user profile is added to the session. rNrd)URLrfzOAuth is not supported outside of a Space environment. To help you debug your app locally, the oauth endpoints are mocked to return your profile and token. To make it work, your machine must be logged in to Huggingface.rLrMcs&t|}dtjd|iS)z.Fake endpoint that redirects to HF OAuth page.rxrw)ror~rrrq)rerrr rttsz-_add_mocked_oauth_routes..oauth_logincs|jd<t|S)rurN)r[rr)remocked_oauth_inforr r{s  z9_add_mocked_oauth_routes..oauth_redirect_callbackcs2|jdddjdi|j}|ddS)z=Endpoint that logs out the user (e.g. delete cookie session).rNNr/i.)url status_coder)r[rinclude_query_paramsr})rL logout_url)rerrr rs z._add_mocked_oauth_routes..oauth_logout) rrrestarlette.datastructuresrr;warningswarn_get_mocked_oauth_inforrUr) r0r1rrIrrrtrrr)rerrrr rH[s.  rHcCs^d|jvr |jd}n dtj|j}|dj|d}t|}|jdr-| dd}|S)Nrwz/?r)rwz .hf.spacezhttp://rz) r}r~rrurl_forrrnetlocendswithreplace)rLtargetrrredirect_uri_as_strrrr ros    rodefault_targetcCs|jd|S)Nrw)r}rU)rLrrrr rsrcCst}|dur tdt}|ddkrtd|ddddd ttdd |d |d d |d |ddddddddd dS)Na Your machine must be logged in to HF to debug an OAuth app locally. Please run `huggingface-cli login` or set `HF_TOKEN` as environment variable with one of your access token. You can generate a new token in your settings page (https://huggingface.co/settings/tokens).typeuserzYour machine is not logged in with a personal account. Please use a personal access token. You can generate a new token in your settings page (https://huggingface.co/settings/tokens).beareripFOOBARzopenid profilehf_oauth__refresh_token 0123456789fullnamerzhttps://huggingface.co/ avatarUrlr3z$00000000-0000-0000-0000-000000000000i daaaaaaaaaaaaaaaaaaaidzhttps://huggingface.co) rrrr$rr%aud auth_timenonceiatexpiss)r) token_type expires_inid_tokenr- refresh_tokenrZrO)r rr r|time)tokenrrrr rs>  rcCs4|d}|r d|}|d|d|dfS)Nr/z/oauth/huggingface/loginz/oauth/huggingface/callbackz/oauth/huggingface/logout)rBr9rrr rs  r)r/)(r.r>loggingrCr urllib.parser~r dataclassesrtypingrrrrrrr3r hf_apir utilsr r getLoggerrrErrr!r(rrKrarGrHrorrrrrrr s<     $*B>[."+