use flit to package management

.gitignore

@@ -30,6 +30,7 @@ var/
 
 # coverage
 .coverage
+htmlcov/
 
 # testing py
 test.py

CHANGELOG.md

@@ -0,0 +1,34 @@
+## 0.3.0
+* **(Deprecated)** environment variable support
+* Change name function **load_end()** -> **load_config()**
+* Change name function **get_jwt_identity()** -> **get_jwt_subject()**
+* Change name identity claims to standard claims sub *(Thanks to @rassie for suggestion)*
+* Additional headers in claims
+* Get additional headers claims from request or parsing token directly
+* Leeway exp claim decode token
+* Dynamic token expires time
+* Change name **blacklist** -> **denylist**
+* Denylist custom check refresh and access tokens
+* Issuer claim
+* Audience claim
+* Jwt decode algorithms
+* Dynamic algorithm create token
+* Token multiple location
+* Support RSA encryption *(Thanks to @jet10000 for make issues)*
+* Custom header name and type
+* Custom error message key and status code
+* JWT in cookies *(Thanks to @m4nuC for make issues)*
+* Add Additional claims
+* Add Documentation *(#9 by @paulussimanjuntak)*
+
+## 0.2.0
+
+* Call create_token and get_jti function must be from dependency injection
+* Improve blacklist loader
+* Can load env from pydantic
+* Add docs on readme how to use without dependency injection and example on multiple files
+* Fix raise jwt exception PR #1 by @ironslob 
+
+## 0.1.0
+
+* Initial release.

docs/configuration/general.md

@@ -15,7 +15,7 @@
     Defaults to `None`
 
 `authjwt_algorithm`
-:   Which algorithm to sign the JWT with. <a href="https://pyjwt.readthedocs.io/en/latest/algorithms.html">See here</a>
+:   Which algorithm to sign the JWT with. <a href="https://pyjwt.readthedocs.io/en/latest/algorithms.html" class="external-link">See here</a>
     for the options. Defaults to `HS256`
 
 `authjwt_decode_algorithms`

docs/contributing.md

@@ -0,0 +1,51 @@
+## Sharing feedback
+
+This project is still quite new and therefore having your feedback will really help to
+prioritize relevant feature developments :rocket:. If you want to contribute thankss a lot :smile:, you can
+open an <a href="https://github.com/IndominusByte/fastapi-jwt-auth/issues/new">issue</a> on Github.
+
+## Developing
+
+If you already cloned the repository and you know that you need to deep dive in the code, here are some guidelines to set up your environment.
+
+## Docs
+
+The documentation uses <a href="https://www.mkdocs.org/" class="external-link" target="_blank">MkDocs</a>.
+
+All the documentation is in Markdown format in the directory `./docs`.
+
+Many of the sections in  the User Guide have blocks of code.
+
+In fact, those blocks of code are not written inside the Markdown, they are Python files in the `./examples/` directory.
+
+And those Python files are included/injected in the documentation when generating the site.
+
+### Docs for tests
+
+Most of the tests actually run against the example source files in the documentation.
+
+This helps making sure that:
+
+* The documentation is up to date.
+* The documentation examples can be run as is.
+* Most of the features are covered by the documentation, ensured by test coverage.
+
+During local development, there is a script that builds the site and checks for any changes, live-reloading:
+
+```bash
+$ bash scripts/docs-live.sh
+```
+
+It will serve the documentation on `http://0.0.0.0:5000`.
+
+That way, you can edit the documentation/source files and see the changes live.
+
+## Tests
+
+There is a script that you can run locally to test all the code and generate coverage reports in HTML:
+
+```bash
+bash scripts/tests.sh
+```
+
+This command generates a directory `./htmlcov/`, if you open the file `./htmlcov/index.html` in your browser, you can explore interactively the regions of code that are covered by the tests, and notice if there is any region missing.

docs/css/custom.css

@@ -0,0 +1,13 @@
+a.external-link::after {
+    /* \00A0 is a non-breaking space
+        to make the mark be on the same line as the link
+    */
+    content: "\00A0[↪]";
+}
+
+a.internal-link::after {
+    /* \00A0 is a non-breaking space
+        to make the mark be on the same line as the link
+    */
+    content: "\00A0↪";
+}

docs/release-notes.md

@@ -0,0 +1 @@
+{!../CHANGELOG.md!}

docs/usage/jwt_in_cookies.md → docs/usage/jwt-in-cookies.md

@@ -23,7 +23,7 @@ Now in order to access a protected endpoint, you will need to add a custom heade
 
 To break this down, if an attacker attempts to perform a CSRF attack they will send the JWT *(via cookie)* to protected endpoint, but without the random string in the request headers, they won't be able to access the endpoint. They cannot access the random string unless they can run javascript on your website *likely via an XSS attack*, and if they are able to perform an XSS attack, they will not be able to steal the actual access and refresh JWT, as javascript is still not able to access those httponly cookies.
 
-No system is secure. If an attacker can perform an XSS attack they can still access protected endpoints from people who visit your site. However, it is better than if they were able to steal the access and refresh tokens from local/session storage, and use them whenever they wanted.
+No system is safe. If an attacker can perform an XSS attack they can still access protected endpoints from people who visit your site. However, it is better than if they were able to steal the access and refresh tokens from local/session storage, and use them whenever they wanted.
 
 Here is an example of using cookies with CSRF protection:
 

fastapi_jwt_auth/__init__.py

@@ -1,3 +1,5 @@
-from .auth_jwt import AuthJWT
+"""FastAPI extension that provides JWT Auth support (secure, easy to use and lightweight)"""
 
 __version__ = "0.3.0"
+
+from .auth_jwt import AuthJWT

mkdocs.yml

@@ -15,6 +15,12 @@ markdown_extensions:
       permalink: true
   - pymdownx.highlight:
       linenums_style: pymdownx.inline
+  - pymdownx.magiclink:
+      user: IndominusByte
+      repo: fastapi-jwt-auth
+      repo_url_shorthand: true
+  - pymdownx.emoji:
+      emoji_index: !!python/name:pymdownx.emoji.twemoji
   - attr_list
   - def_list
   - admonition
@@ -30,10 +36,15 @@ nav:
     - Refresh Tokens: usage/refresh.md
     - Freshness Tokens: usage/freshness.md
     - Revoking Tokens: usage/revoking.md
-    - JWT in Cookies: usage/jwt_in_cookies.md
+    - JWT in Cookies: usage/jwt-in-cookies.md
   - Configuration Options:
     - General Options: configuration/general.md
     - Headers Options: configuration/headers.md
     - Denylist Options: configuration/denylist.md
     - Cookies Options: configuration/cookies.md
     - CSRF Options: configuration/csrf.md
+  - Development - Contributing: contributing.md
+  - Release Notes: release-notes.md
+
+extra_css:
+  - 'css/custom.css'

pyproject.toml

@@ -0,0 +1,49 @@
+[build-system]
+requires = ["flit_core >=2,<4"]
+build-backend = "flit_core.buildapi"
+
+[tool.flit.metadata]
+module = "fastapi_jwt_auth"
+author = "Nyoman Pradipta Dewantara"
+author-email = "nyomanpradipta120@gmail.com"
+home-page = "https://github.com/IndominusByte/fastapi-jwt-auth"
+
+classifiers = [
+  "Environment :: Web Environment",
+  "Intended Audience :: Developers",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.6",
+  "Programming Language :: Python :: 3.7",
+  "Programming Language :: Python :: 3.8",
+  "License :: OSI Approved :: MIT License",
+  "Operating System :: OS Independent",
+  "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
+  "Topic :: Software Development :: Libraries :: Python Modules"
+]
+
+requires = [
+  "fastapi>=0.61.0",
+  "PyJWT>=1.7.1,<2.0.0"
+]
+
+description-file = "README.md"
+requires-python = ">=3.6"
+
+[tool.flit.metadata.requires-extra]
+test = [
+  "pytest==6.0.1",
+  "pytest-cov==2.10.0"
+]
+
+doc = [
+  "mkdocs >=1.1.2,<2.0.0",
+  "mkdocs-material >=5.5.0,<6.0.0",
+  "markdown-include >=0.5.1,<0.6.0"
+]
+
+dev = [
+  "cryptography>=2.6,<4.0.0",
+  "uvicorn >=0.11.5,<0.12.0"
+]
+
+asymmetric = ["cryptography>=2.6,<4.0.0"]

scripts/docs-live.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+mkdocs serve -a 0.0.0.0:5000

scripts/tests.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+pytest --cov=tests --cov-report=term-missing --cov-report=html -v