Metadata-Version: 2.4
Name: ia-auth-sessions
Version: 0.1.0
Summary: Industry-standard session-based authentication for FastAPI with secure cookies
Author: Fiberwise AI
License-Expression: MIT
Project-URL: Homepage, https://github.com/fiberwise-ai/ia_auth_sessions
Project-URL: Documentation, https://github.com/fiberwise-ai/ia_auth_sessions/blob/main/README.md
Project-URL: Repository, https://github.com/fiberwise-ai/ia_auth_sessions
Keywords: fastapi,authentication,sessions,cookies,security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Framework :: FastAPI
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: fastapi>=0.104.0
Requires-Dist: itsdangerous>=2.1.0
Requires-Dist: pwdlib[bcrypt]>=0.2.0
Requires-Dist: nexusql>=0.1.0
Requires-Dist: python-multipart>=0.0.6
Requires-Dist: pydantic>=2.0.0
Requires-Dist: pydantic-settings>=2.0.0
Requires-Dist: email-validator>=2.0.0
Requires-Dist: jinja2>=3.1.0
Provides-Extra: dev
Requires-Dist: pytest>=7.4.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
Requires-Dist: httpx>=0.24.0; extra == "dev"
Dynamic: license-file

# IA Auth Sessions

Standard session-based authentication for FastAPI applications using secure signed cookies.

## Features

- **Signed Cookies**: HMAC-SHA256 via `itsdangerous` prevents tampering
- **Bcrypt Password Hashing**: Industry standard with automatic salt generation via `pwdlib`
- **Python 3.13+ Ready**: Uses modern `pwdlib` instead of deprecated `passlib`
- **Secure Cookie Flags**: HttpOnly, Secure, SameSite protection
- **Session Management**: Create, validate, destroy, and auto-cleanup
- **Database Agnostic**: PostgreSQL and SQLite via NexusQL
- **WebSocket Support**: Authenticate WebSocket connections

## Available Routes

- `POST /auth/register` - Register new user
- `POST /auth/login` - Login and create session
- `POST /auth/logout` - Logout and destroy session
- `GET /auth/me` - Get current user info
- `POST /auth/logout-all` - Logout from all devices

## Installation

```bash
pip install ia-auth-sessions
```

For local development:
```bash
pip install -e ../ia_auth_sessions
```

## Publishing

See [PUBLISHING.md](PUBLISHING.md) for instructions on publishing to PyPI.

To test the build locally:
```bash
python test_publish.py --skip-tests
```

## Quick Start

```python
from fastapi import FastAPI, Depends
from ia_auth_sessions import SessionMiddleware, get_current_user
from ia_auth_sessions.routes import router as auth_router

app = FastAPI()

# Add middleware and routes
app.add_middleware(SessionMiddleware, secret_key="your-secret-key", ...)
app.include_router(auth_router)

# Protected route
@app.get("/protected")
async def protected(user: dict = Depends(get_current_user)):
    return {"message": f"Hello {user['username']}!"}
```

See [USAGE.md](USAGE.md) for complete setup instructions.

## Documentation

- **[USAGE.md](USAGE.md)** - Complete setup guide, examples, and API reference
- **[ARCHITECTURE_NOTES.md](ARCHITECTURE_NOTES.md)** - Design decisions and architecture

## Database Schema

Automatically creates:
- `users`: User accounts with bcrypt-hashed passwords
- `sessions`: Active sessions with metadata and expiry timestamps

## License

MIT
