a
    ]¸DfG2  ã                   @  s<  U d Z ddlmZ ddlZe e¡ZddlZddlZddl	Z	ddl
ZddlZddlZddlZddlZddlZddlmZmZ ddlmZ ddlmZ dd	lmZ er°dd
lmZ dZdZeeef Zde d< ddœdd„Z!e "¡ e #¡ fddddœdd„Z$e "¡ e #¡ ddfdddddddœdd„Z%dddœd d!„Z&dddœd"d#„Z'e "¡ e #¡ fddddd$œd%d&„Z(e "¡ e #¡ fddd'dd(œd)d*„Z)G d+d,„ d,ej*ƒZ+G d-d.„ d.ej,ƒZ-d/dœd0d1„Z.d2dd3œd4d5„Z/ddd6d7œd8d9„Z0d:dd;œd<d=„Z1d:d>d?œd@dA„Z2ddddBœdCdD„Z3dEdFe "¡ fdddddGœdHdI„Z4e.ƒ \Z5Z6dS )Jzñ Utilities for generating and manipulating session IDs.

A session ID would typically be associated with each browser tab viewing
an application or plot. Each session has its own state separate from any
other sessions hosted by the server.

é    )ÚannotationsN)ÚTYPE_CHECKINGÚAnyé   )ÚID)Úsettingsé   )Úwarn)Ú	TypeAlias)Úcheck_session_id_signatureÚcheck_token_signatureÚgenerate_secret_keyÚgenerate_jwt_tokenÚgenerate_session_idÚget_session_idÚget_token_payloadZ__bk__zlib_r
   ÚTokenPayloadÚstr)Úreturnc                   C  s   t ƒ S )zª Generate a new securely-generated secret key appropriate for SHA-256
    HMAC signatures.

    This key could be used to sign Bokeh server session IDs, for example.
    )Ú_get_random_string© r   r   ú]/nfs/NAS7/SABIOD/METHODE/ermites/ermites_venv/lib/python3.9/site-packages/bokeh/util/token.pyr   E   s    r   zbytes | NoneÚboolr   )Ú
secret_keyÚsignedr   c                 C  s&   t ƒ }|rd |t|| ƒg¡}t|ƒS )a   Generate a random session ID.

    Typically, each browser tab connected to a Bokeh application has its own
    session ID. In production deployments of a Bokeh app, session IDs should be
    random and unguessable - otherwise users of the app could interfere with one
    another.
    Ú.)r   ÚjoinÚ
_signaturer   )r   r   Ú
session_idr   r   r   r   M   s    	r   i,  zTokenPayload | NoneÚint)r   r   r   Úextra_payloadÚ
expirationr   c           
      C  sœ   t  tjjtjjd ¡ ¡}| || dœ}|rld|v r>tdƒ‚t	j
|td d¡}tj|dd}t|ƒ|t< tt	 
|¡ƒ}	t|ƒ}|sŠ|	S |	d	 t|	|ƒ S )
av   Generates a JWT token given a session_id and additional payload.

    Args:
        session_id (str):
            The session id to add to the token

        secret_key (str, optional) :
            Secret key (default: value of BOKEH_SECRET_KEY environment variable)

        signed (bool, optional) :
            Whether to sign the session ID (default: value of BOKEH_SIGN_SESSIONS
            environment variable)

        extra_payload (dict, optional) :
            Extra key/value pairs to include in the Bokeh session token

        expiration (int, optional) :
            Expiration time

    Returns:
        str
    )Útz)r   Zsession_expiryr   z=extra_payload for session tokens may not contain 'session_id'©Úclsúutf-8é	   )Úlevelr   )ÚcalendarÚtimegmÚdtÚdatetimeÚnowÚtimezoneÚutcÚ	timetupleÚRuntimeErrorÚjsonÚdumpsÚ_BytesEncoderÚencodeÚzlibÚcompressÚ_base64_encodeÚ_TOKEN_ZLIB_KEYÚ_ensure_bytesr   )
r   r   r   r    r!   r,   ÚpayloadZextra_payload_strÚ
compressedÚtokenr   r   r   r   [   s    r   )r<   r   c                 C  s    t  t|  d¡d ƒ¡}|d S )z©Extracts the session id from a JWT token.

    Args:
        token (str):
            A JWT token containing the session_id and other data.

    Returns:
       str
    r   r   r   )r1   ÚloadsÚ_base64_decodeÚsplit)r<   Údecodedr   r   r   r   „   s    
r   c                 C  sV   t  t|  d¡d ƒ¡}t|v rLt t|t ƒ¡}|t= | t j|td¡ |d= |S )z¥Extract the payload from the token.

    Args:
        token (str):
            A JWT token containing the session_id and other data.

    Returns:
        dict
    r   r   r#   r   )	r1   r=   r>   r?   r8   r5   Ú
decompressÚupdateÚ_BytesDecoder)r<   r@   Údecompressedr   r   r   r   ‘   s    
r   )r<   r   r   r   c           
      C  sn   t |ƒ}|rj|  dd¡}t|ƒdkr(dS |d }|d }t||ƒ}t ||¡}t| ƒ}t|||ƒ}	|oh|	S dS )au  Check the signature of a token and the contained signature.

    The server uses this function to check whether a token and the
    contained session id was generated with the correct secret key.
    If signed sessions are disabled, this function always returns True.

    Args:
        token (str) :
            The token to check

        secret_key (str, optional) :
            Secret key (default: value of BOKEH_SECRET_KEY environment variable)

        signed (bool, optional) :
            Whether to check anything (default: value of BOKEH_SIGN_SESSIONS
            environment variable)

    Returns:
        bool

    r   r   r   Fr   T)r9   r?   Úlenr   ÚhmacÚcompare_digestr   r   )
r<   r   r   Ztoken_piecesZ
base_tokenZprovided_token_signatureZexpected_token_signatureZtoken_validr   Zsession_id_validr   r   r   r   £   s    
ÿr   zbool | None)r   r   r   r   c                 C  sN   t |ƒ}|rJ|  dd¡}t|ƒdkr(dS |d }t|d |ƒ}t ||¡S dS )zÿCheck the signature of a session ID, returning True if it's valid.

    The server uses this function to check whether a session ID was generated
    with the correct secret key. If signed sessions are disabled, this function
    always returns True.
    r   r   r   Fr   T)r9   r?   rE   r   rF   rG   )r   r   r   Z	id_piecesZprovided_id_signatureZexpected_id_signaturer   r   r   r   Í   s    	ÿr   c                      s$   e Zd Zdddœ‡ fdd„Z‡  ZS )r3   r   )Úor   c                   s$   t |tƒrtt|ƒdS tƒ  |¡S )N)Úbytes)Ú
isinstancerI   Údictr7   ÚsuperÚdefault)ÚselfrH   ©Ú	__class__r   r   rM   ë   s    
z_BytesEncoder.default)Ú__name__Ú
__module__Ú__qualname__rM   Ú__classcell__r   r   rO   r   r3   ê   s   r3   c                      s6   e Zd Zddddœ‡ fdd„Zdddœdd	„Z‡  ZS )
rC   r   ÚNone)ÚargsÚkwargsr   c                   s   t ƒ j|d| ji|¤Ž d S )NÚobject_hook)rL   Ú__init__Úbytes_object_hook)rN   rV   rW   rO   r   r   rY   ñ   s    z_BytesDecoder.__init__zdict[Any, Any])Úobjr   c                 C  s"   t | ¡ ƒdhkrt|d ƒS |S )NrI   )ÚsetÚkeysr>   )rN   r[   r   r   r   rZ   ô   s    z_BytesDecoder.bytes_object_hook)rQ   rR   rS   rY   rZ   rT   r   r   rO   r   rC   ð   s   rC   ztuple[Any, bool]c                  C  s^   dd l } z|  ¡ }d}||fW S  tyX   tdƒ t ¡ d u rHtdƒ d}| |f Y S 0 d S )Nr   TzjA secure pseudo-random number generator is not available on your system. Falling back to Mersenne Twister.z¡A secure pseudo-random number generator is not available and no BOKEH_SECRET_KEY has been set. Setting a secret key will mitigate the lack of a secure generator.F)ÚrandomÚSystemRandomÚNotImplementedErrorr	   r   r   )r^   Z	sysrandomÚusing_sysrandomr   r   r   Ú_get_sysrandomù   s    
rb   zstr | bytes | None)r   r   c                 C  s*   | d u rd S t | tƒr| S t | d¡S d S ©Nr%   )rJ   rI   Úcodecsr4   )r   r   r   r   r9     s
    
r9   rU   )ra   r   r   c                 C  s@   t |ƒ}| s<t ¡ › t ¡ › |› ¡ }t t |¡ ¡ ¡ d S ©N)	r9   r^   ÚgetstateÚtimer4   ÚseedÚhashlibÚsha256Údigest)ra   r   Údatar   r   r   Ú_reseed_if_needed  s    rm   zbytes | str)r@   r   c                 C  s(   t | ƒ}t t |¡d¡}t| d¡ƒS )NÚasciiú=)r9   rd   ÚdecodeÚbase64Úurlsafe_b64encoder   Úrstrip)r@   Zdecoded_as_bytesÚencodedr   r   r   r7   #  s    r7   rI   )rt   r   c                 C  s\   t | tƒrt | d¡n| }t|ƒd }|dkr>|dd|   }t|ƒd dksRJ ‚t |¡S )Nrn   é   r   ó   =)rJ   r   rd   r4   rE   rq   Úurlsafe_b64decode)rt   Zencoded_as_bytesÚmodr   r   r   r>   .  s    r>   )Úbase_idr   r   c                 C  s<   t |ƒ}t | d¡}|d us J ‚t ||tj¡}t| ¡ ƒS rc   )	r9   rd   r4   rF   Únewri   rj   r7   rk   )ry   r   Zbase_id_encodedZsignerr   r   r   r   8  s
    r   é,   Z>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789)ÚlengthÚallowed_charsr   r   c                   s.   t |ƒ}tt|ƒ d ‡ fdd„t| ƒD ƒ¡S )zÕ Return a securely generated random string.

    With the a-z, A-Z, 0-9 character set:
    Length 12 is a 71-bit value. log_2((26+26+10)^12) =~ 71
    Length 44 is a 261-bit value. log_2((26+26+10)^44) = 261

    Ú c                 3  s   | ]}t  ˆ ¡V  qd S re   )r^   Úchoice)Ú.0Ú_©r}   r   r   Ú	<genexpr>L  ó    z%_get_random_string.<locals>.<genexpr>)r9   rm   ra   r   Úrange)r|   r}   r   r   r‚   r   r   ?  s    
r   )7Ú__doc__Ú
__future__r   ÚloggingÚ	getLoggerrQ   Úlogrq   r(   rd   r+   r*   ri   rF   r1   rg   r5   Útypingr   r   Z
core.typesr   r   Úwarningsr	   Ztyping_extensionsr
   Ú__all__r8   rK   r   r   Ú__annotations__r   Zsecret_key_bytesZsign_sessionsr   r   r   r   r   r   ÚJSONEncoderr3   ÚJSONDecoderrC   rb   r9   rm   r7   r>   r   r   r^   ra   r   r   r   r   Ú<module>   sf   

ÿü)þ+þ		
ý