xi G UddlmZddlZddlZddlmZmZddlmZmZm Z ddl m Z m Z m Z mZmZddlmZddlmZddlmZdd lmZdd lmZmZeeZd ed <e r Gd deZdZd ed<dZ d ed<e!e Z"d ed<dZ#d ed<dZ$d ed<GddZ%d)dZ&d*dZ'd+dZ(d,dZ)d-dZ*d.dZ+d/d Z,d0d!Z- d1d"Z. d2d#Z/ d3d$Z0ejbd%Z2 d4d&Z3 d5d'Z4d6d(Z5y)7) annotationsN)CallableMapping)datetime timedeltatimezone) TYPE_CHECKINGAnyFinal TypedDictcast)urlparse)config)StreamlitAuthError) get_logger)AttrDictsecrets_singletonr _LOGGERc"eZdZUded<ded<y)ProviderTokenPayloadstrproviderintexpN)__name__ __module__ __qualname____annotations___/var/www/html/chatbot/card-advisor-bot/venv/lib/python3.12/site-packages/streamlit/auth_util.pyrr!s  r riMAX_COOKIE_BYTESz; Path=/; HttpOnlyCOOKIE_ATTRIBUTESCOOKIE_ATTR_SIZE2SIGNING_OVERHEAD_SAFETY_BUFFERSINGLE_BYTE_BASE64_SIZEc:eZdZdZddZd dZd d dZd dZd dZy) AuthCachezBSimple cache implementation for storing info required for Authlib.ci|_yNcacheselfs r!__init__zAuthCache.__init__4s %' r c8|jj|Sr,)r.getr0keys r!r3z AuthCache.get7szz~~c""r Nc"||j|<yr,r-)r0r5value expires_ins r!setz AuthCache.set<s 3r c|jSr,r-r/s r!get_dictzAuthCache.get_dict?s zzr c<|jj|dyr,)r.popr4s r!deletezAuthCache.deleteBs sD!r )returnNone)r5rr?r r,)r5rr7r r8z int | Noner?r@)r?dict[str, Any])r5rr?r@) rrr__doc__r1r3r9r;r>rr r!r*r*1sL(#  "r r*c ddl}|j}ttt|j d}|dkry y#t tf$rYywxYw)zCheck if Authlib is installed.rN.)FT)authlib __version__tuplemaprsplit ImportErrorModuleNotFoundError)rHauthlib_versionauthlib_version_tuples r!is_authlib_installedrQFsa !-- %c#/D/DS/I&J K 9 , -  , -s=AAActjd}tjr)tjd}|r|j d|}|S)zEGet the cookie signing secret from the configuration or secrets.toml.zserver.cookieSecretauth cookie_secret)r get_optionrload_if_toml_existsr3)signing_secret auth_sections r!get_signing_secretrYUsJ ++,ABN,,.(,,V4 )--o~NN r c ti}tjr)tdtjdti}|S)z+Get the 'auth' section of the secrets.toml.rrS)rrrVr r3)rXs r!get_secrets_auth_sectionr[_s;B ["id"] - expose_tokens = ["id", "access"] -> ["id", "access"] expose_tokensidaccesszHInvalid expose_tokens configuration. Only 'id' and 'access' are allowed.)r[r3 isinstancerlistr9r)rXr]restokens r!get_expose_tokens_configrdhs,-L $$_5M-%o M4 ('45es5z55  3x4"" V   J6sA8cd|vry|d}d|vr.|jdttjd} t |}|jS#t $rt d|dwxYw)zJGet the redirect_uri from auth_section - filling in port number if needed. redirect_uriNz{port}z server.portzInvalid redirect_uri: ". Please check your configuration.)replacerrrUr ValueErrorrgeturl)rXrfredirect_uri_parseds r!get_redirect_urirls\)$^4L<#++ c&++M:;  &|4  % % ''   $\N2T U   s AA2c ddlm}ddi}|t j t jtdzd }|j||t}|jd S#t$r tddwxYw) zAReturns a signed JWT token with the provider and expiration time.r)jwtcTo use authentication features, you need to install Authlib>=1.3.2, e.g. via `pip install Authlib`.NalgHS256rG)minutes)rrzlatin-1) authlib.josernrMrrnowrutcrencoderYdecode)rrnheaderpayloadprovider_tokens r!encode_provider_tokenr{s$ W F||HLL)Ia,@@G JJvw8J8LMN   ++  u  s A++Bc ddlm}m}m}ddiddid} |j |t|}|jtd |S#t$r t ddwxYw#|$r}t d |dd}~wwxYw) z-Decode the JWT token and validate the claims.r) JoseError JWTClaimsrnroN essentialT)rr)claims_optionszError decoding provider token: r) rsr}r~rnrMrrwrYvalidater )rzr}r~rn claim_optionsryes r!decode_provider_tokenrs::)$/k4=PQMR ZZ .0(   & 00!  u   R #B1#!FGTQRs" A,A'A$'B,A;;Bc i}|jdr|jd|d<|jdr|jd|d<|jdr|jd|d<|jdr6td|jdtij|d<|jdr|jd|d<|S)zKGenerate a default provider section for the 'auth' section of secrets.toml. client_id client_secretserver_metadata_url client_kwargsrr])r3r rto_dict)rXdefault_provider_sections r!!generate_default_provider_sectionrs! $0<0@0@0M -(4@4D4D_4U 1-.:F:J:J !;  !67(48  (((2,G5 ') !1(4@4D4D_4U 1 ##r ctj|}|||}t|dzt|ztz}|tkDr%t j d|t||||y|||y)a[Set a cookie, splitting into multiple cookies if necessary. Args: set_single_cookie_fn: Function to set a single cookie (cookie_name, value) create_signed_value_fn: Function to create a signed cookie value (cookie_name, value) cookie_name: Name of the cookie value: Dictionary value to serialize and store rEzNCookie size (%d bytes) exceeds browser limit. Splitting into multiple cookies.N)jsondumpslenr$r"rdebug_set_split_cookie)set_single_cookie_fncreate_signed_value_fn cookie_namer7serialized_cookie_value signed_valueactual_cookie_sizes r!set_cookie_with_chunksrs#jj/*+7NOL[)A-L0AADTT,, \    "  #   [*ABr c<d}|||}t|tz S)aCalculate the server's signing overhead by measuring the size difference. This empirically measures the overhead added by the signing function (e.g., Tornado's create_signed_value) by signing a minimal test value and computing the difference. Args: create_signed_value_fn: Function to create a signed cookie value cookie_name: Name of the cookie (affects overhead due to length prefix) Returns ------- The number of bytes added by signing (excluding the base64-encoded value) x)rr()rr test_valuesigneds r!_calculate_signing_overheadrs%"J #K N!N"$;; !STT-q0Q6J F 1c%j* -a!j.) e 6{a[&)4F }&=>3v; 4#}Aa!eW- Z34 LL* F r s chunks-(\d+)c||}||Stj|}||S t|jd}g}t|D]C}|d|dz}||}|t jd|dz|y|j|Edj|} | S#tt f$rt jd|YywxYw)aGet a cookie, reconstructing from chunks if it was split. If a count cookie exists, the main cookie contains the first chunk, and additional chunks are in cookie_name_1, cookie_name_2, etc. If no count cookie exists, the main cookie contains the entire value. Args: get_single_cookie_fn: Function to get a single cookie (cookie_name) -> bytes | None cookie_name: Name of the cookie Returns ------- Cookie value as bytes, or None if not found NrEz#Invalid chunk count for cookie '%s'rz Missing chunk %d for cookie '%s'r ) _chunks_regexmatchrgroupri TypeErrorr exceptionrrjoin) get_single_cookie_fnr cookie_valuer chunk_countrrr chunk_valuereconstructed_values r!get_cookie_with_chunksrSs$( 4L    -E }%++a.) F ; ##}Aa!eW- *:6     @!a% U k" #((6* !  "?MsB''%CCc||}|||ytj|}|y t|jd}t d|dzD]}||d|y#t t f$rYywxYw)aClear a cookie and any associated chunk cookies. The main cookie always exists. If there are chunks, also clear cookie_name_1, cookie_name_2, etc., and the count cookie. Args: get_single_cookie_fn: Function to get a single cookie (cookie_name) -> bytes | None clear_single_cookie_fn: Function to clear a single cookie (cookie_name) cookie_name: Name of the cookie NrEr)rrrrrrir)rclear_single_cookie_fnrrrrrs r!clear_cookie_and_chunksrs( 4L;'    -E } %++a.) q+/* 9A "k]!A3#7 8 9  "   s;A))A;:A;c8tjs tdtjd}| tdd|vr tdd|vr td|j|}d|vrtd |d ||d k(r t |}||d k(r td td |dt |t std|dgd}|Dcgc] }||vs| }}|r&|d k(rtd|dtd|d|dycc}w)z[Validate the general auth credentials and auth credentials for the given provider. zTo use authentication features you need to configure credentials for at least one authentication provider in `.streamlit/secrets.toml`.rSNrfzAuthentication credentials in `.streamlit/secrets.toml` are missing the "redirect_uri" key. Please check your configuration.rTzAuthentication credentials in `.streamlit/secrets.toml` are missing the "cookie_secret" key. Please check your configuration.rzAuth provider name "zI" contains an underscore. Please use a provider name without underscores.defaultzAuthentication credentials in `.streamlit/secrets.toml` are missing for the default authentication provider. Please check your configuration.zeAuthentication credentials in `.streamlit/secrets.toml` are missing for the authentication provider "z#". Please check your configuration.zYAuthentication credentials in `.streamlit/secrets.toml` for the authentication provider "z6" must be valid TOML. Please check your configuration.)rrrzAuthentication credentials in `.streamlit/secrets.toml` for the default authentication provider are missing the following keys: rgz"" are missing the following keys: )rrVrr3rr`r)rrXprovider_section required_keysr5 missing_keyss r!validate_auth_credentialsrs  0 0 2  O  %((0L  O  \)  D  l*  E  $''1 h "8*-> ?  H $9<\J y $Y !,,4:6   & 0 ((0z2" #  JM#0PCC?O4OCPLP y $S. BD  ! ((0z1Sn> @  Qs  D(D)r?bool)r?r)r?r)r?z list[str])rXrr?z str | None)rrr?r)rzrr?r)rXrr?rA) rCallable[[str, str], None]rCallable[[str, str], bytes]rrr7rAr?r@)rrrrr?r) rrrrrrr7rr?r@)rCallable[[str], bytes | None]rrr?z bytes | None)rrrzCallable[[str], None]rrr?r@)rrr?r@)6 __future__rrrecollections.abcrrrrrtypingr r r r r urllib.parser streamlitrstreamlit.errorsrstreamlit.loggerrstreamlit.runtime.secretsrrrrrrr"r#rr$r&r(r*rQrYr[rdrlr{rrrrrcompilerrrrrr r!rs# -22==!/'AH%%y %/5//0%0)+*!""""* 2(,,&1.$(#C4#C7#C#C  #C  #CL1711 1,<4<7<<  <  <~ +, -7---`  7  1      FH r