o 沪g@sddlmZddlmZddlmZmZmZddlmZm Z m Z m Z ddl m Z ddlmZddlmZmZer@Gdd d e ZGd d d Zd#ddZd$ddZd%ddZd&ddZd'ddZd(ddZd)d d!Zd"S)*) annotations)Mapping)datetime timedeltatimezone) TYPE_CHECKINGAny TypedDictcast)config)StreamlitAuthError)AttrDictsecrets_singletonc@seZdZUded<ded<dS)ProviderTokenPayloadstrproviderintexpN)__name__ __module__ __qualname____annotations__rrO/var/www/html/chatdoc2/venv/lib/python3.10/site-packages/streamlit/auth_util.pyrs  rc@s8eZdZdZddZddZddZdd Zd d Zd S) AuthCachezBSimple cache implementation for storing info required for Authlib.cCs i|_dSNcacheselfrrr__init__#s zAuthCache.__init__cCs |j|Sr)rgetrkeyrrrr!&s z AuthCache.getcCs||j|<dSrr)rr#value expires_inrrrset+sz AuthCache.setcCs|jSrrrrrrget_dict.szAuthCache.get_dictcCs|j|ddSr)rpopr"rrrdelete1szAuthCache.deleteN) rrr__doc__r r!r&r'r)rrrrr s rreturnboolc CsPzddl}|j}ttt|d}|dkrWdSWdSttfy'YdSw)zCheck if Authlib is installed.rN.)FT)authlib __version__tuplemaprsplit ImportErrorModuleNotFoundError)r1authlib_versionauthlib_version_tuplerrris_authlib_installed5sr:rcCs0td}trtd}|r|d|}|S)zEGet the cookie signing secret from the configuration or secrets.toml.zserver.cookieSecretauth cookie_secret)r get_optionrload_if_toml_existsr!)signing_secret auth_sectionrrrget_signing_secretDs   rAr cCs&ti} trtttd}|S)Nr;)r rr>r r!)r@rrrget_secrets_auth_sectionNs rBrcCshzddlm}Wn tytddwddi}|ttjtddd }| ||t }| d S) zAReturns a signed JWT token with the provider and expiration time.r)jwtcTo use authentication features, you need to install Authlib>=1.3.2, e.g. via `pip install Authlib`.NalgHS256r0)minutes)rrzlatin-1) authlib.joserCr6r rnowrutcrencoderAdecode)rrCheaderpayloadprovider_tokenrrrencode_provider_tokenWs  rPrOc Csz ddlm}m}m}Wn tytddwddiddid}z|j|t|d}|Wn|yE}ztd |dd}~wwt d |S) z-Decode the JWT token and validate the claims.r) JoseError JWTClaimsrCrDN essentialT)rr)claims_optionszError decoding provider token: r) rHrQrRrCr6r rLrAvalidater )rOrQrRrC claim_optionsrNerrrdecode_provider_tokenjs(   rXdict[str, Any]cCsli}|dr|d|d<|dr|d|d<|dr&|d|d<|dr4|d|d<|S)zKGenerate a default provider section for the 'auth' section of secrets.toml. client_id client_secretserver_metadata_url client_kwargs)r!to_dict)r@default_provider_sectionrrr!generate_default_provider_sections     r`Nonecststdtd}|durtdd|vrtdd|vr%td||dur6|dkr6t|durJ|dkrBtd td |d ttsWtd |d gd}fdd|D}|r}|dkrrtd|dtd |d|ddS)zVValidate the general auth credentials and auth credentials for the given provider.zTo use authentication features you need to configure credentials for at least one authentication provider in `.streamlit/secrets.toml`.r;N redirect_urizAuthentication credentials in `.streamlit/secrets.toml` are missing the "redirect_uri" key. Please check your configuration.r<zAuthentication credentials in `.streamlit/secrets.toml` are missing the "cookie_secret" key. Please check your configuration.defaultzAuthentication credentials in `.streamlit/secrets.toml` are missing for the default authentication provider. Please check your configuration.zeAuthentication credentials in `.streamlit/secrets.toml` are missing for the authentication provider "z#". Please check your configuration.zYAuthentication credentials in `.streamlit/secrets.toml` for the authentication provider "z6" must be valid TOML. Please check your configuration.)rZr[r\csg|]}|vr|qSrr).0r#provider_sectionrr sz-validate_auth_credentials..zAuthentication credentials in `.streamlit/secrets.toml` for the default authentication provider are missing the following keys: z". Please check your configuration.z"" are missing the following keys: )rr>r r!r` isinstancer)rr@ required_keys missing_keysrrervalidate_auth_credentialssj   rkN)r+r,)r+r)r+r )rrr+r)rOrr+r)r+rY)rrr+ra) __future__rcollections.abcrrrrtypingrrr r streamlitr streamlit.errorsr streamlit.runtime.secretsr rrrr:rArBrPrXr`rkrrrrs"