guards

Guards for the accounts domain.

Account domain guards and authentication.

app.domain.accounts.guards.auth = OAuth2PasswordBearerAuth(token_secret='e1f161ee29eaca411f1873755d34bb1311b6a58ce0a8c686b7ade122f170b1a5', token_url='/api/access/login', retrieve_user_handler=<function current_user_from_token>, revoked_token_handler=None, guards=None, exclude=['/health', '/api/access/login', '/api/access/logout', '/api/access/signup', '/api/access/refresh', '/api/access/forgot-password', '/api/access/reset-password', '/api/email-verification/*', '/api/auth/oauth/*', '^/schema', '^/public/'], exclude_opt_key='exclude_from_auth', exclude_http_methods=['OPTIONS', 'HEAD'], scopes=None, route_handlers=None, dependencies=None, type_encoders=None, algorithm='HS256', auth_header='Authorization', default_token_expiration=datetime.timedelta(seconds=900), openapi_security_scheme_name='BearerToken', oauth_scopes=None, key='token', path='/', domain=None, secure=None, samesite='lax', description='OAUTH2 password bearer authentication and authorization.', authentication_middleware_class=<class 'litestar.security.jwt.middleware.JWTCookieAuthenticationMiddleware'>, token_cls=<class 'litestar.security.jwt.token.Token'>, accepted_audiences=None, accepted_issuers=None, require_claims=None, verify_expiry=True, verify_not_before=True, strict_audience=False)

OAuth2 JWT Authentication.

app.domain.accounts.guards.create_access_token(user_id: str, email: str, is_superuser: bool = False, is_verified: bool = False, auth_method: str = 'password', amr: list[str] | None = None) str[source]

Create a JWT access token.

Parameters:

  • user_id – User ID

  • email – User email

  • is_superuser – Whether user is superuser

  • is_verified – Whether user email is verified

  • auth_method – Authentication method used

  • amr – Authentication methods reference for the token

Returns:

JWT token string

async app.domain.accounts.guards.current_user_from_token(token: Token, connection: ASGIConnection[Any, Any, Any, Any]) m.User | None[source]

Lookup current user from local JWT token.

Fetches the user information from the database

Parameters:

  • token (str) – JWT Token Object

  • connection (ASGIConnection[Any, Any, Any, Any]) – ASGI connection.

Returns:

User record mapped to the JWT identifier

Return type:

User

app.domain.accounts.guards.provide_user(request: Request[m.User, Token, Any]) m.User[source]

Get the user from the connection.

Parameters:

request – current connection.

Returns:

User

app.domain.accounts.guards.requires_active_user(connection: ASGIConnection[Any, m.User, Token, Any], _: BaseRouteHandler) None[source]

Request requires active user.

Verifies the connection user is active.

Parameters:

  • connection (ASGIConnection) – Request/Connection object.

  • _ (BaseRouteHandler) – Route handler.

Raises:

PermissionDeniedException – Not authorized

app.domain.accounts.guards.requires_superuser(connection: ASGIConnection[Any, m.User, Token, Any], _: BaseRouteHandler) None[source]

Verify the connection user is a superuser.

Parameters:

  • connection (ASGIConnection) – Request/Connection object.

  • _ (BaseRouteHandler) – Route handler.

Raises:

PermissionDeniedException – Not authorized

app.domain.accounts.guards.requires_verified_user(connection: ASGIConnection[Any, m.User, Token, Any], _: BaseRouteHandler) None[source]

Verify the connection user is verified.

Parameters:

  • connection (ASGIConnection) – Request/Connection object.

  • _ (BaseRouteHandler) – Route handler.

Raises:

PermissionDeniedException – Not authorized