Fixed formatting

Reviewed-on: sh-edraft.de/sh_cpl#177

.gitea/workflows/build-dev.yaml

@@ -0,0 +1,76 @@
+name: Build on push
+run-name: Build on push
+on:
+  push:
+    branches:
+      - dev
+
+jobs:
+  prepare:
+    uses: ./.gitea/workflows/prepare.yaml
+    with:
+      version_suffix: 'dev'
+    secrets: inherit
+
+  api:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, application, auth, core, dependency ]
+    with:
+      working_directory: src/cpl-api
+    secrets: inherit
+
+  application:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core, dependency ]
+    with:
+      working_directory: src/cpl-application
+    secrets: inherit
+
+  auth:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core, dependency,  database ]
+    with:
+      working_directory: src/cpl-auth
+    secrets: inherit
+
+  core:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [prepare]
+    with:
+      working_directory: src/cpl-core
+    secrets: inherit
+
+  database:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core, dependency ]
+    with:
+      working_directory: src/cpl-database
+    secrets: inherit
+
+  dependency:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core ]
+    with:
+      working_directory: src/cpl-dependency
+    secrets: inherit
+
+  mail:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core, dependency ]
+    with:
+      working_directory: src/cpl-mail
+    secrets: inherit
+
+  query:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [prepare]
+    with:
+      working_directory: src/cpl-query
+    secrets: inherit
+
+  translation:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core, dependency ]
+    with:
+      working_directory: src/cpl-translation
+    secrets: inherit

.gitea/workflows/build.yaml

@@ -0,0 +1,39 @@
+name: Build on push
+run-name: Build on push
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  prepare:
+    uses: ./.gitea/workflows/prepare.yaml
+    secrets: inherit
+
+  core:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [prepare]
+    with:
+      working_directory: src/cpl-core
+    secrets: inherit
+
+  query:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [prepare]
+    with:
+      working_directory: src/cpl-query
+    secrets: inherit
+
+  translation:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core ]
+    with:
+      working_directory: src/cpl-translation
+    secrets: inherit
+
+  mail:
+    uses: ./.gitea/workflows/package.yaml
+    needs: [ prepare, core ]
+    with:
+      working_directory: src/cpl-mail
+    secrets: inherit

.gitea/workflows/package.yaml

@@ -0,0 +1,65 @@
+name: Build Package
+run-name: Build Python Package
+
+on:
+  workflow_call:
+    inputs:
+      version_suffix:
+        description: 'Suffix for version (z.B. "dev", "alpha", "beta")'
+        required: false
+        type: string
+      working_directory:
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: [ runner ]
+    container: git.sh-edraft.de/sh-edraft.de/act-runner:latest
+    defaults:
+      run:
+        working-directory: ${{ inputs.working_directory }}
+    steps:
+      - name: Clone Repository
+        uses: https://github.com/actions/checkout@v3
+        with:
+          token: ${{ secrets.CI_ACCESS_TOKEN }}
+
+      - name: Download build version artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: version
+
+      - name: Set version
+        run: |
+          sed -i -E "s/^version = \".*\"/version = \"$(cat /workspace/sh-edraft.de/cpl/version.txt)\"/" pyproject.toml
+          echo "Set version to $(cat /workspace/sh-edraft.de/cpl/version.txt)"
+          cat pyproject.toml
+
+      - name: Set pip conf
+        run: |
+          cat > .pip.conf <<'EOF'
+          [global]
+          extra-index-url = https://git.sh-edraft.de/api/packages/sh-edraft.de/pypi/simple/
+          EOF
+
+      - name: Install Dependencies
+        run: |
+          export PIP_CONFIG_FILE=".pip.conf"
+          pip install build
+
+      - name: Build Package
+        run: |
+          python -m build --outdir dist
+
+      - name: Login to registry git.sh-edraft.de
+        uses: https://github.com/docker/login-action@v1
+        with:
+          registry: git.sh-edraft.de
+          username: ${{ secrets.CI_USERNAME }}
+          password: ${{ secrets.CI_ACCESS_TOKEN }}
+
+      - name: Push image
+        run: |
+          pip install twine
+          python -m twine upload --repository-url https://git.sh-edraft.de/api/packages/sh-edraft.de/pypi -u ${{ secrets.CI_USERNAME }} -p ${{ secrets.CI_ACCESS_TOKEN }} ./dist/*

.gitea/workflows/prepare.yaml

@@ -0,0 +1,54 @@
+name: Prepare Build
+run-name: Prepare Build Version
+
+on:
+  workflow_call:
+    inputs:
+      version_suffix:
+        description: 'Suffix for version (z.B. "dev", "alpha", "beta")'
+        required: false
+        type: string
+
+jobs:
+  prepare:
+    runs-on: [ runner ]
+    container: git.sh-edraft.de/sh-edraft.de/act-runner:latest
+    steps:
+      - name: Clone Repository
+        uses: https://github.com/actions/checkout@v3
+        with:
+          token: ${{ secrets.CI_ACCESS_TOKEN }}
+
+      - name: Get Date and Build Number
+        run: |
+          git fetch --tags
+          git tag
+          DATE=$(date +'%Y.%m.%d')
+          TAG_COUNT=$(git tag -l "${DATE}.*" | wc -l)
+          BUILD_NUMBER=$(($TAG_COUNT + 1))
+          
+          VERSION_SUFFIX=${{ inputs.version_suffix }}
+          if [ -n "$VERSION_SUFFIX" ] && [ "$VERSION_SUFFIX" = "dev" ]; then
+            BUILD_VERSION="${DATE}.dev${BUILD_NUMBER}"
+          elif [ -n "$VERSION_SUFFIX" ]; then
+            BUILD_VERSION="${DATE}.${BUILD_NUMBER}${VERSION_SUFFIX}"
+          else
+            BUILD_VERSION="${DATE}.${BUILD_NUMBER}"
+          fi
+          
+          echo "$BUILD_VERSION" > version.txt
+          echo "VERSION $BUILD_VERSION"
+
+      - name: Create Git Tag for Build
+        run: |
+          git config user.name "ci"
+          git config user.email "dev@sh-edraft.de"
+          echo "tag $(cat version.txt)"
+          git tag $(cat version.txt)
+          git push origin --tags
+
+      - name: Upload build version artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: version
+          path: version.txt

.gitea/workflows/test_before_merge.yaml

@@ -0,0 +1,26 @@
+name: Test before pr merge
+run-name: Test before pr merge
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+      - ready_for_review
+
+jobs:
+  test-lint:
+    runs-on: [ runner ]
+    container: git.sh-edraft.de/sh-edraft.de/act-runner:latest
+    steps:
+      - name: Clone Repository
+        uses: https://github.com/actions/checkout@v3
+        with:
+          token: ${{ secrets.CI_ACCESS_TOKEN }}
+
+      - name: Installing black
+        run: python3.12 -m pip install black
+
+      - name: Checking black
+        run: python3.12 -m black src --check

.gitignore

@@ -106,10 +106,15 @@ celerybeat.pid
 .venv
 env/
 venv/
+venv_*/
 ENV/
 env.bak/
 venv.bak/
 
+# Custom Environments
+cpl-env/
+.secret
+
 # Spyder project settings
 .spyderproject
 .spyproject
@@ -129,5 +134,8 @@ dmypy.json
 .pyre/
 
 # IDE
-.vscode/
 .idea/
+PythonImportHelper-v2-Completion.json
+
+# cpl unittest stuff
+unittests/test_*_playground

.pip.conf

@@ -0,0 +1,2 @@
+[global]
+extra-index-url = https://git.sh-edraft.de/api/packages/sh-edraft.de/pypi/simple/

LICENSE

@@ -1,4 +1,4 @@
-MIT License Copyright (c) <year> <copyright holders>
+MIT License Copyright (c) 2020 - 2023 sh-edraft.de
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,2 +0,0 @@
-# sh_common_py_lib
-

cpl.json

@@ -1,56 +0,0 @@
-{
-  "ProjectSettings": {
-    "Name": "sh_cpl",
-    "Version": {
-      "Major": "2021",
-      "Minor": "04",
-      "Micro": "01-15"
-    },
-    "Author": "Sven Heidemann",
-    "AuthorEmail": "sven.heidemann@sh-edraft.de",
-    "Description": "sh-edraft Common Python library",
-    "LongDescription": "sh-edraft Common Python library",
-    "URL": "https://www.sh-edraft.de",
-    "CopyrightDate": "2020 - 2021",
-    "CopyrightName": "sh-edraft.de",
-    "LicenseName": "MIT",
-    "LicenseDescription": "MIT, see LICENSE for more details.",
-    "Dependencies": [
-      "colorama==0.4.4",
-      "mysql-connector==2.2.9",
-      "psutil==5.8.0",
-      "packaging==20.9",
-      "pyfiglet==0.8.post1",
-      "pynput==1.7.3",
-      "SQLAlchemy==1.4.0",
-      "setuptools==54.1.2",
-      "tabulate==0.8.9",
-      "termcolor==1.1.0",
-      "watchdog==2.0.2",
-      "wheel==0.36.2"
-    ],
-    "PythonVersion": ">=3.8",
-    "PythonPath": {},
-    "Classifiers": []
-  },
-  "BuildSettings": {
-    "SourcePath": "src",
-    "OutputPath": "dist",
-    "Main": "cpl_cli.main",
-    "EntryPoint": "cpl",
-    "IncludePackageData": true,
-    "Included": [
-      "*/templates"
-    ],
-    "Excluded": [
-      "*/__pycache__",
-      "*/logs",
-      "*/tests"
-    ],
-    "PackageData": {
-      "cpl_cli": [
-        "*.json"
-      ]
-    }
-  }
-}

docs/cli.txt

@@ -1,19 +0,0 @@
-prefix: cpl
-commands:
-    build
-
-    generate:
-        abc             | a
-        class           | c
-        configmodel     | cm
-        enum            | e
-        service         | s
-
-    help
-    new
-        console
-
-    start
-    publish
-    update
-    version

docs/install.txt

@@ -1,2 +0,0 @@
-python setup.py install             # for install
-python setup.py sdist bdist_wheel   # for build

docs/pip.txt

@@ -1,11 +0,0 @@
-upload:
-    prod:
-        twine upload --repository-url https://pip.sh-edraft.de dist/publish/setup/*
-        twine upload -r pip.sh-edraft.de dist/publish/setup/*
-
-    dev:
-        twine upload --repository-url https://pip-dev.sh-edraft.de dist/publish/setup/*
-        twine upload -r pip-dev.sh-edraft.de dist/publish/setup/*
-
-install:
-    pip install --extra-index-url https://pip.sh-edraft.de/ sh_cpl

install.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Find and combine requirements from src/cpl-*/requirements.txt,
+# filtering out lines whose *package name* starts with "cpl-".
+# Works with pinned versions, extras, markers, editable installs, and VCS refs.
+
+shopt -s nullglob
+
+req_files=(src/cpl-*/requirements.txt)
+if ((${#req_files[@]} == 0)); then
+  echo "No requirements files found at src/cpl-*/requirements.txt" >&2
+  exit 1
+fi
+
+tmp_combined="$(mktemp)"
+trap 'rm -f "$tmp_combined"' EXIT
+
+# Concatenate, trim comments/whitespace, filter out cpl-* packages, dedupe.
+# We keep non-package options/flags/constraints as-is.
+awk '
+  function trim(s){ sub(/^[[:space:]]+/,"",s); sub(/[[:space:]]+$/,"",s); return s }
+
+  {
+    line=$0
+    # drop full-line comments and strip inline comments
+    if (line ~ /^[[:space:]]*#/) next
+    sub(/#[^!].*$/,"",line)  # strip trailing comment (simple heuristic)
+    line=trim(line)
+    if (line == "") next
+
+    # Determine the package *name* even for "-e", extras, pins, markers, or VCS "@"
+    e = line
+    sub(/^-e[[:space:]]+/,"",e)           # remove editable prefix
+    # Tokenize up to the first of these separators: space, [ < > = ! ~ ; @
+    token = e
+    sub(/\[.*/,"",token)                  # remove extras quickly
+    n = split(token, a, /[<>=!~;@[:space:]]/)
+    name = tolower(a[1])
+
+    # If the first token (name) starts with "cpl-", skip this requirement
+    if (name ~ /^cpl-/) next
+
+    print line
+  }
+' "${req_files[@]}" | sort -u > "$tmp_combined"
+
+if ! [ -s "$tmp_combined" ]; then
+  echo "Nothing to install after filtering out cpl-* packages." >&2
+  exit 0
+fi
+
+echo "Installing dependencies (excluding cpl-*) from:"
+printf '  - %s\n' "${req_files[@]}"
+echo
+echo "Final set to install:"
+cat "$tmp_combined"
+echo
+
+# Use python -m pip for reliability; change to python3 if needed.
+python -m pip install -r "$tmp_combined"

pyproject.toml

@@ -0,0 +1,2 @@
+[tool.black]
+line-length = 120

src/cpl-api/cpl/api/__init__.py

@@ -0,0 +1,26 @@
+from cpl.dependency.service_collection import ServiceCollection as _ServiceCollection
+
+
+def add_api(collection: _ServiceCollection):
+    try:
+        from cpl.database import mysql
+
+        collection.add_module(mysql)
+    except ImportError as e:
+        from cpl.core.errors import dependency_error
+
+        dependency_error("cpl-database", e)
+
+    try:
+        from cpl import auth
+        from cpl.auth import permission
+
+        collection.add_module(auth)
+        collection.add_module(permission)
+    except ImportError as e:
+        from cpl.core.errors import dependency_error
+
+        dependency_error("cpl-auth", e)
+
+
+_ServiceCollection.with_module(add_api, __name__)

src/cpl-api/cpl/api/abc/asgi_middleware_abc.py

@@ -0,0 +1,15 @@
+from abc import ABC, abstractmethod
+
+from starlette.types import Scope, Receive, Send
+
+
+class ASGIMiddleware(ABC):
+    @abstractmethod
+    def __init__(self, app):
+        self._app = app
+
+    def _call_next(self, scope: Scope, receive: Receive, send: Send):
+        return self._app(scope, receive, send)
+
+    @abstractmethod
+    async def __call__(self, scope: Scope, receive: Receive, send: Send): ...

src/cpl-api/cpl/api/api_logger.py

@@ -0,0 +1,7 @@
+from cpl.core.log.logger import Logger
+
+
+class APILogger(Logger):
+
+    def __init__(self, source: str):
+        Logger.__init__(self, source, "api")

src/cpl-api/cpl/api/api_settings.py

@@ -0,0 +1,13 @@
+from typing import Optional
+
+from cpl.core.configuration import ConfigurationModelABC
+
+
+class ApiSettings(ConfigurationModelABC):
+
+    def __init__(self, src: Optional[dict] = None):
+        super().__init__(src)
+
+        self.option("host", str, "0.0.0.0")
+        self.option("port", int, 5000)
+        self.option("allowed_origins", list[str])

src/cpl-api/cpl/api/error.py

@@ -0,0 +1,37 @@
+from http.client import HTTPException
+
+from starlette.responses import JSONResponse
+from starlette.types import Scope, Receive, Send
+
+
+class APIError(HTTPException):
+    status_code = 500
+
+    @classmethod
+    async def asgi_response(cls, scope: Scope, receive: Receive, send: Send):
+        r = JSONResponse({"error": cls.__name__}, status_code=cls.status_code)
+        return await r(scope, receive, send)
+
+    @classmethod
+    def response(cls):
+        return JSONResponse({"error": cls.__name__}, status_code=cls.status_code)
+
+
+class Unauthorized(APIError):
+    status_code = 401
+
+
+class Forbidden(APIError):
+    status_code = 403
+
+
+class NotFound(APIError):
+    status_code = 404
+
+
+class AlreadyExists(APIError):
+    status_code = 409
+
+
+class EndpointNotImplemented(APIError):
+    status_code = 501

src/cpl-api/cpl/api/middleware/authentication.py

@@ -0,0 +1,76 @@
+from keycloak import KeycloakAuthenticationError
+from starlette.types import Scope, Receive, Send
+
+from cpl.api.abc.asgi_middleware_abc import ASGIMiddleware
+from cpl.api.api_logger import APILogger
+from cpl.api.error import Unauthorized
+from cpl.api.middleware.request import get_request
+from cpl.api.router import Router
+from cpl.auth.keycloak import KeycloakClient
+from cpl.auth.schema import AuthUserDao, AuthUser
+from cpl.dependency import ServiceProviderABC
+
+_logger = APILogger(__name__)
+
+
+class AuthenticationMiddleware(ASGIMiddleware):
+
+    @ServiceProviderABC.inject
+    def __init__(self, app, keycloak: KeycloakClient, user_dao: AuthUserDao):
+        ASGIMiddleware.__init__(self, app)
+
+        self._keycloak = keycloak
+        self._user_dao = user_dao
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send):
+        request = get_request()
+        url = request.url.path
+
+        if url not in Router.get_auth_required_routes():
+            _logger.trace(f"No authentication required for {url}")
+            return await self._app(scope, receive, send)
+
+        if not request.headers.get("Authorization"):
+            _logger.debug(f"Unauthorized access to {url}, missing Authorization header")
+            return await Unauthorized(f"Missing header Authorization").asgi_response(scope, receive, send)
+
+        auth_header = request.headers.get("Authorization", None)
+        if not auth_header or not auth_header.startswith("Bearer "):
+            return await Unauthorized("Invalid Authorization header").asgi_response(scope, receive, send)
+
+        token = auth_header.split("Bearer ")[1]
+        if not await self._verify_login(token):
+            _logger.debug(f"Unauthorized access to {url}, invalid token")
+            return await Unauthorized("Invalid token").asgi_response(scope, receive, send)
+
+        # check user exists in db, if not create
+        keycloak_id = self._keycloak.get_user_id(token)
+        if keycloak_id is None:
+            return await Unauthorized("Failed to get user id from token").asgi_response(scope, receive, send)
+
+        user = await self._get_or_crate_user(keycloak_id)
+        if user.deleted:
+            _logger.debug(f"Unauthorized access to {url}, user is deleted")
+            return await Unauthorized("User is deleted").asgi_response(scope, receive, send)
+
+        return await self._call_next(scope, receive, send)
+
+    async def _get_or_crate_user(self, keycloak_id: str) -> AuthUser:
+        existing = await self._user_dao.find_by_keycloak_id(keycloak_id)
+        if existing is not None:
+            return existing
+
+        user = AuthUser(0, keycloak_id)
+        uid = await self._user_dao.create(user)
+        return await self._user_dao.get_by_id(uid)
+
+    async def _verify_login(self, token: str) -> bool:
+        try:
+            token_info = self._keycloak.introspect(token)
+            return token_info.get("active", False)
+        except KeycloakAuthenticationError as e:
+            _logger.debug(f"Keycloak authentication error: {e}")
+            return False
+        except Exception as e:
+            _logger.error(f"Unexpected error during token verification: {e}")
+            return False

src/cpl-api/cpl/api/middleware/logging.py

@@ -0,0 +1,87 @@
+import time
+
+from starlette.requests import Request
+from starlette.types import Receive, Scope, Send
+
+from cpl.api.abc.asgi_middleware_abc import ASGIMiddleware
+from cpl.api.api_logger import APILogger
+from cpl.api.middleware.request import get_request
+
+_logger = APILogger(__name__)
+
+
+class LoggingMiddleware(ASGIMiddleware):
+
+    def __init__(self, app):
+        ASGIMiddleware.__init__(self, app)
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send):
+        if scope["type"] != "http":
+            await self._call_next(scope, receive, send)
+            return
+
+        request = get_request()
+        await self._log_request(request)
+        start_time = time.time()
+
+        response_body = b""
+        status_code = 500
+
+        async def send_wrapper(message):
+            nonlocal response_body, status_code
+            if message["type"] == "http.response.start":
+                status_code = message["status"]
+            if message["type"] == "http.response.body":
+                response_body += message.get("body", b"")
+            await send(message)
+
+        await self._call_next(scope, receive, send_wrapper)
+
+        duration = (time.time() - start_time) * 1000
+        await self._log_after_request(request, status_code, duration)
+
+    @staticmethod
+    def _filter_relevant_headers(headers: dict) -> dict:
+        relevant_keys = {
+            "content-type",
+            "host",
+            "connection",
+            "user-agent",
+            "origin",
+            "referer",
+            "accept",
+        }
+        return {key: value for key, value in headers.items() if key in relevant_keys}
+
+    @classmethod
+    async def _log_request(cls, request: Request):
+        _logger.debug(
+            f"Request {getattr(request.state, 'request_id', '-')}: {request.method}@{request.url.path} from {request.client.host}"
+        )
+
+        from cpl.core.ctx.user_context import get_user
+
+        user = get_user()
+
+        request_info = {
+            "headers": cls._filter_relevant_headers(dict(request.headers)),
+            "args": dict(request.query_params),
+            "form-data": (
+                await request.form()
+                if request.headers.get("content-type") == "application/x-www-form-urlencoded"
+                else None
+            ),
+            "payload": (await request.json() if request.headers.get("content-length") == "0" else None),
+            "user": f"{user.id}-{user.keycloak_id}" if user else None,
+            "files": (
+                {key: file.filename for key, file in (await request.form()).items()} if await request.form() else None
+            ),
+        }
+
+        _logger.trace(f"Request {getattr(request.state, 'request_id', '-')}: {request_info}")
+
+    @staticmethod
+    async def _log_after_request(request: Request, status_code: int, duration: float):
+        _logger.info(
+            f"Request finished {getattr(request.state, 'request_id', '-')}: {status_code}-{request.method}@{request.url.path} from {request.client.host} in {duration:.2f}ms"
+        )

src/cpl-api/cpl/api/middleware/request.py

@@ -0,0 +1,54 @@
+import time
+from contextvars import ContextVar
+from typing import Optional, Union
+from uuid import uuid4
+
+from starlette.requests import Request
+from starlette.types import Scope, Receive, Send
+from starlette.websockets import WebSocket
+
+from cpl.api.abc.asgi_middleware_abc import ASGIMiddleware
+from cpl.api.api_logger import APILogger
+from cpl.api.typing import TRequest
+
+_request_context: ContextVar[Union[TRequest, None]] = ContextVar("request", default=None)
+
+_logger = APILogger(__name__)
+
+
+class RequestMiddleware(ASGIMiddleware):
+
+    def __init__(self, app):
+        ASGIMiddleware.__init__(self, app)
+        self._ctx_token = None
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send):
+        request = Request(scope, receive, send)
+        await self.set_request_data(request)
+
+        try:
+            await self._app(scope, receive, send)
+        finally:
+            await self.clean_request_data()
+
+    async def set_request_data(self, request: TRequest):
+        request.state.request_id = uuid4()
+        request.state.start_time = time.time()
+        _logger.trace(f"Set new current request: {request.state.request_id}")
+
+        self._ctx_token = _request_context.set(request)
+
+    async def clean_request_data(self):
+        request = get_request()
+        if request is None:
+            return
+
+        if self._ctx_token is None:
+            return
+
+        _logger.trace(f"Clearing current request: {request.state.request_id}")
+        _request_context.reset(self._ctx_token)
+
+
+def get_request() -> Optional[Union[TRequest, WebSocket]]:
+    return _request_context.get()

src/cpl-api/cpl/api/router.py

@@ -0,0 +1,84 @@
+from starlette.routing import Route
+
+
+class Router:
+    _registered_routes: list[Route] = []
+    _auth_required: list[str] = []
+
+    @classmethod
+    def get_routes(cls) -> list[Route]:
+        return cls._registered_routes
+
+    @classmethod
+    def get_auth_required_routes(cls) -> list[str]:
+        return cls._auth_required
+
+    @classmethod
+    def authenticate(cls):
+        """
+        Decorator to mark a route as requiring authentication.
+        Usage:
+            @Route.authenticate()
+            @Route.get("/example")
+            async def example_endpoint(request: TRequest):
+                ...
+        """
+
+        def inner(fn):
+            route_path = getattr(fn, "_route_path", None)
+            if route_path and route_path not in cls._auth_required:
+                cls._auth_required.append(route_path)
+            return fn
+
+        return inner
+
+    @classmethod
+    def route(cls, path=None, **kwargs):
+        def inner(fn):
+            cls._registered_routes.append(Route(path, fn, **kwargs))
+            setattr(fn, "_route_path", path)
+            return fn
+
+        return inner
+
+    @classmethod
+    def get(cls, path=None, **kwargs):
+        return cls.route(path, methods=["GET"], **kwargs)
+
+    @classmethod
+    def post(cls, path=None, **kwargs):
+        return cls.route(path, methods=["POST"], **kwargs)
+
+    @classmethod
+    def head(cls, path=None, **kwargs):
+        return cls.route(path, methods=["HEAD"], **kwargs)
+
+    @classmethod
+    def put(cls, path=None, **kwargs):
+        return cls.route(path, methods=["PUT"], **kwargs)
+
+    @classmethod
+    def delete(cls, path=None, **kwargs):
+        return cls.route(path, methods=["DELETE"], **kwargs)
+
+    @classmethod
+    def override(cls):
+        """
+        Decorator to override an existing route with the same path.
+        Usage:
+            @Route.override()
+            @Route.get("/example")
+            async def example_endpoint(request: TRequest):
+                ...
+        """
+
+        def inner(fn):
+            route_path = getattr(fn, "_route_path", None)
+
+            routes = list(filter(lambda x: x.path == route_path, cls._registered_routes))
+            for route in routes[:-1]:
+                cls._registered_routes.remove(route)
+
+            return fn
+
+        return inner

src/cpl-api/cpl/api/typing.py

@@ -0,0 +1,13 @@
+from typing import Union, Literal, Callable
+from urllib.request import Request
+
+from starlette.middleware import Middleware
+from starlette.types import ASGIApp
+from starlette.websockets import WebSocket
+
+TRequest = Union[Request, WebSocket]
+HTTPMethods = Literal["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]
+PartialMiddleware = Union[
+    Middleware,
+    Callable[[ASGIApp], ASGIApp],
+]

src/cpl-api/cpl/api/web_app.py

@@ -0,0 +1,183 @@
+import os
+from typing import Mapping, Any, Callable
+
+import uvicorn
+from starlette.applications import Starlette
+from starlette.middleware import Middleware
+from starlette.middleware.cors import CORSMiddleware
+from starlette.requests import Request
+from starlette.responses import JSONResponse
+from starlette.routing import Route
+from starlette.types import ExceptionHandler
+
+from cpl import api, auth
+from cpl.api.api_logger import APILogger
+from cpl.api.api_settings import ApiSettings
+from cpl.api.error import APIError
+from cpl.api.middleware.authentication import AuthenticationMiddleware
+from cpl.api.middleware.logging import LoggingMiddleware
+from cpl.api.middleware.request import RequestMiddleware
+from cpl.api.router import Router
+from cpl.api.typing import HTTPMethods, PartialMiddleware
+from cpl.application.abc.application_abc import ApplicationABC
+from cpl.core.configuration import Configuration
+from cpl.dependency.service_provider_abc import ServiceProviderABC
+
+_logger = APILogger("API")
+
+
+class WebApp(ApplicationABC):
+    def __init__(self, services: ServiceProviderABC):
+        super().__init__(services, [auth, api])
+        self._app: Starlette | None = None
+
+        self._api_settings = Configuration.get(ApiSettings)
+
+        self._routes: list[Route] = []
+        self._middleware: list[Middleware] = [
+            Middleware(RequestMiddleware),
+            Middleware(LoggingMiddleware),
+        ]
+        self._exception_handlers: Mapping[Any, ExceptionHandler] = {
+            Exception: self._handle_exception,
+            APIError: self._handle_exception,
+        }
+
+    @staticmethod
+    async def _handle_exception(request: Request, exc: Exception):
+        if isinstance(exc, APIError):
+            _logger.error(exc)
+            return JSONResponse({"error": str(exc)}, status_code=exc.status_code)
+
+        if hasattr(request.state, "request_id"):
+            _logger.error(f"Request {request.state.request_id}", exc)
+        else:
+            _logger.error("Request unknown", exc)
+
+        return JSONResponse({"error": str(exc)}, status_code=500)
+
+    def _get_allowed_origins(self):
+        origins = self._api_settings.allowed_origins
+
+        if origins is None or origins == "":
+            _logger.warning("No allowed origins specified, allowing all origins")
+            return ["*"]
+
+        _logger.debug(f"Allowed origins: {origins}")
+        return origins.split(",")
+
+    def with_database(self):
+        self.with_migrations()
+        self.with_seeders()
+
+    def with_app(self, app: Starlette):
+        assert app is not None, "app must not be None"
+        assert isinstance(app, Starlette), "app must be an instance of Starlette"
+        self._app = app
+        return self
+
+    def _check_for_app(self):
+        if self._app is not None:
+            raise ValueError("App is already set, cannot add routes or middleware")
+
+    def with_routes_directory(self, directory: str) -> "WebApp":
+        self._check_for_app()
+        assert directory is not None, "directory must not be None"
+
+        base = directory.replace("/", ".").replace("\\", ".")
+
+        for filename in os.listdir(directory):
+            if not filename.endswith(".py") or filename == "__init__.py":
+                continue
+
+            __import__(f"{base}.{filename[:-3]}")
+
+        return self
+
+    def with_routes(self, routes: list[Route]) -> "WebApp":
+        self._check_for_app()
+        assert self._routes is not None, "routes must not be None"
+        assert all(isinstance(route, Route) for route in routes), "all routes must be of type starlette.routing.Route"
+        self._routes.extend(routes)
+        return self
+
+    def with_route(self, path: str, fn: Callable[[Request], Any], method: HTTPMethods, **kwargs) -> "WebApp":
+        self._check_for_app()
+        assert path is not None, "path must not be None"
+        assert fn is not None, "fn must not be None"
+        assert method in [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE",
+            "PATCH",
+            "OPTIONS",
+            "HEAD",
+        ], "method must be a valid HTTP method"
+        self._routes.append(Route(path, fn, methods=[method], **kwargs))
+        return self
+
+    def with_middleware(self, middleware: PartialMiddleware) -> "WebApp":
+        self._check_for_app()
+
+        if isinstance(middleware, Middleware):
+            self._middleware.append(middleware)
+        elif callable(middleware):
+            self._middleware.append(Middleware(middleware))
+        else:
+            raise ValueError("middleware must be of type starlette.middleware.Middleware or a callable")
+
+        return self
+
+    def with_authentication(self):
+        self.with_middleware(AuthenticationMiddleware)
+        return self
+
+    def with_authorization(self):
+        pass
+
+    async def main(self):
+        _logger.debug(f"Preparing API")
+        if self._app is None:
+            routes = [
+                Route(
+                    path=route.path,
+                    endpoint=self._services.inject(route.endpoint),
+                    methods=route.methods,
+                    name=route.name,
+                )
+                for route in self._routes + Router.get_routes()
+            ]
+
+            app = Starlette(
+                routes=routes,
+                middleware=[
+                    *self._middleware,
+                    Middleware(
+                        CORSMiddleware,
+                        allow_origins=self._get_allowed_origins(),
+                        allow_methods=["*"],
+                        allow_headers=["*"],
+                    ),
+                ],
+                exception_handlers=self._exception_handlers,
+            )
+        else:
+            app = self._app
+
+        _logger.info(f"Start API on {self._api_settings.host}:{self._api_settings.port}")
+        # uvicorn.run(
+        #     app,
+        #     host=self._api_settings.host,
+        #     port=self._api_settings.port,
+        #     log_config=None,
+        #     loop="asyncio"
+        # )
+
+        config = uvicorn.Config(
+            app, host=self._api_settings.host, port=self._api_settings.port, log_config=None, loop="asyncio"
+        )
+        server = uvicorn.Server(config)
+        await server.serve()
+
+        _logger.info("Shutdown API")

src/cpl-api/pyproject.toml

@@ -0,0 +1,30 @@
+[build-system]
+requires = ["setuptools>=70.1.0", "wheel>=0.43.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "cpl-api"
+version = "2024.7.0"
+description = "CPL api"
+readme ="CPL api package"
+requires-python = ">=3.12"
+license = { text = "MIT" }
+authors = [
+    { name = "Sven Heidemann", email = "sven.heidemann@sh-edraft.de" }
+]
+keywords = ["cpl", "api", "backend", "shared", "library"]
+
+dynamic = ["dependencies", "optional-dependencies"]
+
+[project.urls]
+Homepage = "https://www.sh-edraft.de"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["cpl*"]
+
+[tool.setuptools.dynamic]
+dependencies = { file = ["requirements.txt"] }
+optional-dependencies.dev = { file = ["requirements.dev.txt"] }
+
+

src/cpl-api/requirements.dev.txt

@@ -0,0 +1 @@
+black==25.1.0

src/cpl-api/requirements.txt

@@ -0,0 +1,7 @@
+cpl-auth
+cpl-application
+cpl-core
+cpl-dependency
+starlette==0.48.0
+python-multipart==0.0.20
+uvicorn==0.35.0

src/cpl-application/cpl/application/__init__.py

@@ -0,0 +1 @@
+from .application_builder import ApplicationBuilder

src/cpl-application/cpl/application/abc/__init__.py

@@ -0,0 +1,4 @@
+from .application_abc import ApplicationABC
+from .application_extension_abc import ApplicationExtensionABC
+from .startup_abc import StartupABC
+from .startup_extension_abc import StartupExtensionABC

src/cpl-application/cpl/application/abc/application_abc.py

@@ -0,0 +1,93 @@
+from abc import ABC, abstractmethod
+from typing import Callable, Self
+
+from cpl.application.host import Host
+from cpl.core.console.console import Console
+from cpl.core.log import LogSettings
+from cpl.core.log.log_level import LogLevel
+from cpl.core.log.logger_abc import LoggerABC
+from cpl.dependency.service_provider_abc import ServiceProviderABC
+
+
+def __not_implemented__(package: str, func: Callable):
+    raise NotImplementedError(f"Package {package} is required to use {func.__name__} method")
+
+
+class ApplicationABC(ABC):
+    r"""ABC for the Application class
+
+    Parameters:
+        services: :class:`cpl.dependency.service_provider_abc.ServiceProviderABC`
+            Contains instances of prepared objects
+    """
+
+    @abstractmethod
+    def __init__(self, services: ServiceProviderABC, required_modules: list[str | object] = None):
+        self._services = services
+        self._required_modules = (
+            [x.__name__ if not isinstance(x, str) else x for x in required_modules] if required_modules else []
+        )
+
+    @property
+    def required_modules(self) -> list[str]:
+        return self._required_modules
+
+    @classmethod
+    def extend(cls, name: str | Callable, func: Callable[[Self], Self]):
+        r"""Extend the Application with a custom method
+
+        Parameters:
+            name: :class:`str`
+                Name of the method
+            func: :class:`Callable[[Self], Self]`
+                Function that takes the Application as a parameter and returns it
+        """
+        if callable(name):
+            name = name.__name__
+
+        setattr(cls, name, func)
+        return cls
+
+    def with_logging(self, level: LogLevel = None):
+        if level is None:
+            from cpl.core.configuration.configuration import Configuration
+
+            settings = Configuration.get(LogSettings)
+            level = settings.level if settings else LogLevel.info
+
+        logger = self._services.get_service(LoggerABC)
+        logger.set_level(level)
+
+    def with_permissions(self, *args, **kwargs):
+        __not_implemented__("cpl-auth", self.with_permissions)
+
+    def with_migrations(self, *args, **kwargs):
+        __not_implemented__("cpl-database", self.with_migrations)
+
+    def with_seeders(self, *args, **kwargs):
+        __not_implemented__("cpl-database", self.with_seeders)
+
+    def with_extension(self, func: Callable[[Self, ...], None], *args, **kwargs):
+        r"""Extend the Application with a custom method
+
+        Parameters:
+            func: :class:`Callable[[Self], Self]`
+                Function that takes the Application as a parameter and returns it
+        """
+        assert func is not None, "func must not be None"
+        assert callable(func), "func must be callable"
+
+        func(self, *args, **kwargs)
+
+    def run(self):
+        r"""Entry point
+
+        Called by custom Application.main
+        """
+        try:
+            Host.run(self.main)
+        except KeyboardInterrupt:
+            pass
+
+    @abstractmethod
+    def main(self): ...

src/cpl-application/cpl/application/abc/application_extension_abc.py

@@ -0,0 +1,10 @@
+from abc import ABC, abstractmethod
+
+from cpl.dependency import ServiceProviderABC
+
+
+class ApplicationExtensionABC(ABC):
+
+    @staticmethod
+    @abstractmethod
+    def run(services: ServiceProviderABC): ...

src/cpl-application/cpl/application/abc/startup_abc.py

@@ -0,0 +1,21 @@
+from abc import ABC, abstractmethod
+
+from cpl.dependency.service_collection import ServiceCollection
+
+
+class StartupABC(ABC):
+    r"""ABC for the startup class"""
+
+    @staticmethod
+    @abstractmethod
+    def configure_configuration():
+        r"""Creates configuration of application"""
+
+    @staticmethod
+    @abstractmethod
+    def configure_services(service: ServiceCollection):
+        r"""Creates service provider
+
+        Parameter:
+            services: :class:`cpl.dependency.service_collection`
+        """

src/cpl-application/cpl/application/abc/startup_extension_abc.py

@@ -0,0 +1,20 @@
+from abc import ABC, abstractmethod
+
+from cpl.dependency import ServiceCollection
+
+
+class StartupExtensionABC(ABC):
+    r"""ABC for startup extension classes"""
+
+    @staticmethod
+    @abstractmethod
+    def configure_configuration():
+        r"""Creates configuration of application"""
+
+    @staticmethod
+    @abstractmethod
+    def configure_services(services: ServiceCollection):
+        r"""Creates service provider
+        Parameter:
+            services: :class:`cpl.dependency.service_collection`
+        """

src/cpl-application/cpl/application/application_builder.py

@@ -0,0 +1,80 @@
+import asyncio
+from typing import Type, Optional, TypeVar, Generic
+
+from cpl.application.abc.application_abc import ApplicationABC
+from cpl.application.abc.application_extension_abc import ApplicationExtensionABC
+from cpl.application.abc.startup_abc import StartupABC
+from cpl.application.abc.startup_extension_abc import StartupExtensionABC
+from cpl.application.host import Host
+from cpl.core.errors import dependency_error
+from cpl.dependency.service_collection import ServiceCollection
+
+TApp = TypeVar("TApp", bound=ApplicationABC)
+
+
+class ApplicationBuilder(Generic[TApp]):
+
+    def __init__(self, app: Type[ApplicationABC]):
+        assert app is not None, "app must not be None"
+        assert issubclass(app, ApplicationABC), "app must be an subclass of ApplicationABC or its subclass"
+
+        self._app = app if app is not None else ApplicationABC
+
+        self._services = ServiceCollection()
+
+        self._startup: Optional[StartupABC] = None
+        self._app_extensions: list[Type[ApplicationExtensionABC]] = []
+        self._startup_extensions: list[Type[StartupExtensionABC]] = []
+
+        self._async_loop = asyncio.get_event_loop()
+
+    @property
+    def services(self) -> ServiceCollection:
+        return self._services
+
+    @property
+    def service_provider(self):
+        return self._services.build()
+
+    def validate_app_required_modules(self, app: ApplicationABC):
+        for module in app.required_modules:
+            if module in self._services.loaded_modules:
+                continue
+
+            dependency_error(
+                module,
+                ImportError(
+                    f"Required module '{module}' for application '{app.__class__.__name__}' is not loaded. Load using 'add_module({module})' method."
+                ),
+            )
+
+    def with_startup(self, startup: Type[StartupABC]) -> "ApplicationBuilder":
+        self._startup = startup
+        return self
+
+    def with_extension(
+        self,
+        extension: Type[ApplicationExtensionABC | StartupExtensionABC],
+    ) -> "ApplicationBuilder":
+        if (issubclass(extension, ApplicationExtensionABC)) and extension not in self._app_extensions:
+            self._app_extensions.append(extension)
+        elif (issubclass(extension, StartupExtensionABC)) and extension not in self._startup_extensions:
+            self._startup_extensions.append(extension)
+
+        return self
+
+    def build(self) -> TApp:
+        for extension in self._startup_extensions:
+            Host.run(extension.configure_configuration)
+            Host.run(extension.configure_services, self._services)
+
+        if self._startup is not None:
+            Host.run(self._startup.configure_configuration)
+            Host.run(self._startup.configure_services, self._services)
+
+        for extension in self._app_extensions:
+            Host.run(extension.run, self.service_provider)
+
+        app = self._app(self.service_provider)
+        self.validate_app_required_modules(app)
+        return app

src/cpl-application/cpl/application/host.py

@@ -0,0 +1,17 @@
+import asyncio
+from typing import Callable
+
+
+class Host:
+    _loop = asyncio.get_event_loop()
+
+    @classmethod
+    def get_loop(cls):
+        return cls._loop
+
+    @classmethod
+    def run(cls, func: Callable, *args, **kwargs):
+        if asyncio.iscoroutinefunction(func):
+            return cls._loop.run_until_complete(func(*args, **kwargs))
+
+        return func(*args, **kwargs)

src/cpl-application/pyproject.toml

@@ -0,0 +1,30 @@
+[build-system]
+requires = ["setuptools>=70.1.0", "wheel>=0.43.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "cpl-application"
+version = "2024.7.0"
+description = "CPL application"
+readme ="CPL application package"
+requires-python = ">=3.12"
+license = { text = "MIT" }
+authors = [
+    { name = "Sven Heidemann", email = "sven.heidemann@sh-edraft.de" }
+]
+keywords = ["cpl", "application", "backend", "shared", "library"]
+
+dynamic = ["dependencies", "optional-dependencies"]
+
+[project.urls]
+Homepage = "https://www.sh-edraft.de"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["cpl*"]
+
+[tool.setuptools.dynamic]
+dependencies = { file = ["requirements.txt"] }
+optional-dependencies.dev = { file = ["requirements.dev.txt"] }
+
+

src/cpl-application/requirements.dev.txt

@@ -0,0 +1 @@
+black==25.1.0

src/cpl-application/requirements.txt

@@ -0,0 +1,2 @@
+cpl-core
+cpl-dependency

src/cpl-auth/cpl/auth/__init__.py

@@ -0,0 +1,84 @@
+from enum import Enum
+from typing import Type
+
+from cpl.application.abc import ApplicationABC as _ApplicationABC
+from cpl.auth import permission as _permission
+from cpl.auth.keycloak.keycloak_admin import KeycloakAdmin as _KeycloakAdmin
+from cpl.auth.keycloak.keycloak_client import KeycloakClient as _KeycloakClient
+from cpl.dependency.service_collection import ServiceCollection as _ServiceCollection
+from .auth_logger import AuthLogger
+from .keycloak_settings import KeycloakSettings
+from .permission_seeder import PermissionSeeder
+
+
+def _with_permissions(self: _ApplicationABC, *permissions: Type[Enum]) -> _ApplicationABC:
+    from cpl.auth.permission.permissions_registry import PermissionsRegistry
+
+    for perm in permissions:
+        PermissionsRegistry.with_enum(perm)
+    return self
+
+
+def _add_daos(collection: _ServiceCollection):
+    from .schema._administration.auth_user_dao import AuthUserDao
+    from .schema._administration.api_key_dao import ApiKeyDao
+    from .schema._permission.api_key_permission_dao import ApiKeyPermissionDao
+    from .schema._permission.permission_dao import PermissionDao
+    from .schema._permission.role_dao import RoleDao
+    from .schema._permission.role_permission_dao import RolePermissionDao
+    from .schema._permission.role_user_dao import RoleUserDao
+
+    collection.add_singleton(AuthUserDao)
+    collection.add_singleton(ApiKeyDao)
+    collection.add_singleton(ApiKeyPermissionDao)
+    collection.add_singleton(PermissionDao)
+    collection.add_singleton(RoleDao)
+    collection.add_singleton(RolePermissionDao)
+    collection.add_singleton(RoleUserDao)
+
+
+def add_auth(collection: _ServiceCollection):
+    import os
+
+    try:
+        from cpl.database.service.migration_service import MigrationService
+        from cpl.database.model.server_type import ServerType, ServerTypes
+
+        collection.add_singleton(_KeycloakClient)
+        collection.add_singleton(_KeycloakAdmin)
+
+        _add_daos(collection)
+
+        provider = collection.build()
+        migration_service: MigrationService = provider.get_service(MigrationService)
+        if ServerType.server_type == ServerTypes.POSTGRES:
+            migration_service.with_directory(
+                os.path.join(os.path.dirname(os.path.realpath(__file__)), "scripts/postgres")
+            )
+        elif ServerType.server_type == ServerTypes.MYSQL:
+            migration_service.with_directory(os.path.join(os.path.dirname(os.path.realpath(__file__)), "scripts/mysql"))
+    except ImportError as e:
+        from cpl.core.console import Console
+
+        Console.error("cpl-database is not installed", str(e))
+
+
+def add_permission(collection: _ServiceCollection):
+    from .permission_seeder import PermissionSeeder
+    from .permission.permissions_registry import PermissionsRegistry
+    from .permission.permissions import Permissions
+
+    try:
+        from cpl.database.abc.data_seeder_abc import DataSeederABC
+
+        collection.add_singleton(DataSeederABC, PermissionSeeder)
+        PermissionsRegistry.with_enum(Permissions)
+    except ImportError as e:
+        from cpl.core.console import Console
+
+        Console.error("cpl-database is not installed", str(e))
+
+
+_ServiceCollection.with_module(add_auth, __name__)
+_ServiceCollection.with_module(add_permission, _permission.__name__)
+_ApplicationABC.extend(_ApplicationABC.with_permissions, _with_permissions)

src/cpl-auth/cpl/auth/auth_logger.py

@@ -0,0 +1,8 @@
+from cpl.core.log import Logger
+from cpl.core.typing import Source
+
+
+class AuthLogger(Logger):
+
+    def __init__(self, source: Source):
+        Logger.__init__(self, source, "auth")

src/cpl-auth/cpl/auth/keycloak/__init__.py

@@ -0,0 +1,3 @@
+from .keycloak_admin import KeycloakAdmin
+from .keycloak_client import KeycloakClient
+from .keycloak_user import KeycloakUser

src/cpl-auth/cpl/auth/keycloak/keycloak_admin.py

@@ -0,0 +1,24 @@
+from keycloak import KeycloakAdmin as _KeycloakAdmin, KeycloakOpenIDConnection
+
+from cpl.auth.auth_logger import AuthLogger
+from cpl.auth.keycloak_settings import KeycloakSettings
+
+_logger = AuthLogger("keycloak")
+
+
+class KeycloakAdmin(_KeycloakAdmin):
+
+    def __init__(self, settings: KeycloakSettings):
+        _logger.info("Initializing Keycloak admin")
+        _connection = KeycloakOpenIDConnection(
+            server_url=settings.url,
+            client_id=settings.client_id,
+            realm_name=settings.realm,
+            client_secret_key=settings.client_secret,
+        )
+        _KeycloakAdmin.__init__(
+            self,
+            connection=_connection,
+        )
+
+        self.__connection = _connection

src/cpl-auth/cpl/auth/keycloak/keycloak_client.py

@@ -0,0 +1,25 @@
+from typing import Optional
+
+from keycloak import KeycloakOpenID
+
+from cpl.auth.auth_logger import AuthLogger
+from cpl.auth.keycloak_settings import KeycloakSettings
+
+_logger = AuthLogger("keycloak")
+
+
+class KeycloakClient(KeycloakOpenID):
+
+    def __init__(self, settings: KeycloakSettings):
+        KeycloakOpenID.__init__(
+            self,
+            server_url=settings.url,
+            client_id=settings.client_id,
+            realm_name=settings.realm,
+            client_secret_key=settings.client_secret,
+        )
+        _logger.info("Initializing Keycloak client")
+
+    def get_user_id(self, token: str) -> Optional[str]:
+        info = self.introspect(token)
+        return info.get("sub", None)

src/cpl-auth/cpl/auth/keycloak/keycloak_user.py

@@ -0,0 +1,36 @@
+from cpl.core.utils.get_value import get_value
+from cpl.dependency import ServiceProviderABC
+
+
+class KeycloakUser:
+
+    def __init__(self, source: dict):
+        self._username = get_value(source, "preferred_username", str)
+        self._email = get_value(source, "email", str)
+        self._email_verified = get_value(source, "email_verified", bool)
+        self._name = get_value(source, "name", str)
+
+    @property
+    def username(self) -> str:
+        return self._username
+
+    @property
+    def email(self) -> str:
+        return self._email
+
+    @property
+    def email_verified(self) -> bool:
+        return self._email_verified
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    # Attrs from keycloak
+
+    @property
+    def id(self) -> str:
+        from cpl.auth import KeycloakAdmin
+
+        keycloak_admin: KeycloakAdmin = ServiceProviderABC.get_global_service(KeycloakAdmin)
+        return keycloak_admin.get_user_id(self._username)

src/cpl-auth/cpl/auth/keycloak_settings.py

@@ -0,0 +1,17 @@
+from typing import Optional
+
+from cpl.core.configuration.configuration_model_abc import ConfigurationModelABC
+
+
+class KeycloakSettings(ConfigurationModelABC):
+
+    def __init__(
+        self,
+        src: Optional[dict] = None,
+    ):
+        ConfigurationModelABC.__init__(self, src, "KEYCLOAK")
+
+        self.option("url", str, required=True)
+        self.option("client_id", str, required=True)
+        self.option("realm", str, required=True)
+        self.option("client_secret", str, required=True)

src/cpl-auth/cpl/auth/permission/permissions.py

@@ -0,0 +1,36 @@
+from enum import Enum
+
+
+class Permissions(Enum):
+    """ """
+
+    """
+        Administration
+    """
+    # administrator
+    administrator = "administrator"
+
+    # api keys
+    api_keys = "api_keys"
+    api_keys_create = "api_keys.create"
+    api_keys_update = "api_keys.update"
+    api_keys_delete = "api_keys.delete"
+
+    # users
+    users = "users"
+    users_create = "users.create"
+    users_update = "users.update"
+    users_delete = "users.delete"
+
+    # settings
+    settings = "settings"
+    settings_update = "settings.update"
+
+    """
+        Permissions
+    """
+    # roles
+    roles = "roles"
+    roles_create = "roles.create"
+    roles_update = "roles.update"
+    roles_delete = "roles.delete"

src/cpl-auth/cpl/auth/permission/permissions_registry.py

@@ -0,0 +1,24 @@
+from enum import Enum
+from typing import Type
+
+
+class PermissionsRegistry:
+    _permissions: dict[str, str] = {}
+
+    @classmethod
+    def get(cls):
+        return cls._permissions.keys()
+
+    @classmethod
+    def descriptions(cls):
+        return {x: cls._permissions[x] for x in cls._permissions if cls._permissions[x] is not None}
+
+    @classmethod
+    def set(cls, permission: str, description: str = None):
+        cls._permissions[permission] = description
+
+    @classmethod
+    def with_enum(cls, e: Type[Enum]):
+        perms = [x.value for x in e]
+        for perm in perms:
+            cls.set(str(perm))

src/cpl-auth/cpl/auth/permission_seeder.py

@@ -0,0 +1,120 @@
+from cpl.auth.permission.permissions import Permissions
+from cpl.auth.permission.permissions_registry import PermissionsRegistry
+from cpl.auth.schema import (
+    Permission,
+    Role,
+    RolePermission,
+    ApiKey,
+    ApiKeyPermission,
+    PermissionDao,
+    RoleDao,
+    RolePermissionDao,
+    ApiKeyDao,
+    ApiKeyPermissionDao,
+)
+from cpl.core.utils.get_value import get_value
+from cpl.database.abc.data_seeder_abc import DataSeederABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class PermissionSeeder(DataSeederABC):
+    def __init__(
+        self,
+        permission_dao: PermissionDao,
+        role_dao: RoleDao,
+        role_permission_dao: RolePermissionDao,
+        api_key_dao: ApiKeyDao,
+        api_key_permission_dao: ApiKeyPermissionDao,
+    ):
+        DataSeederABC.__init__(self)
+        self._permission_dao = permission_dao
+        self._role_dao = role_dao
+        self._role_permission_dao = role_permission_dao
+        self._api_key_dao = api_key_dao
+        self._api_key_permission_dao = api_key_permission_dao
+
+    async def seed(self):
+        permissions = await self._permission_dao.get_all()
+        possible_permissions = [permission for permission in PermissionsRegistry.get()]
+
+        if len(permissions) == len(possible_permissions):
+            _logger.info("Permissions already existing")
+            await self._update_missing_descriptions()
+            return
+
+        to_delete = []
+        for permission in permissions:
+            if permission.name in possible_permissions:
+                continue
+
+            to_delete.append(permission)
+
+        await self._permission_dao.delete_many(to_delete, hard_delete=True)
+
+        _logger.warning("Permissions incomplete")
+        permission_names = [permission.name for permission in permissions]
+        await self._permission_dao.create_many(
+            [
+                Permission(
+                    0,
+                    permission,
+                    get_value(PermissionsRegistry.descriptions(), permission, str),
+                )
+                for permission in possible_permissions
+                if permission not in permission_names
+            ]
+        )
+        await self._update_missing_descriptions()
+
+        await self._add_missing_to_role()
+        await self._add_missing_to_api_key()
+
+    async def _add_missing_to_role(self):
+        admin_role = await self._role_dao.find_single_by([{Role.id: 1}, {Role.name: "admin"}])
+        if admin_role is None:
+            return
+
+        admin_permissions = await self._role_permission_dao.get_by_role_id(admin_role.id, with_deleted=True)
+        to_assign = [
+            RolePermission(0, admin_role.id, permission.id)
+            for permission in await self._permission_dao.get_all()
+            if permission.id not in [x.permission_id for x in admin_permissions]
+        ]
+        await self._role_permission_dao.create_many(to_assign)
+
+    async def _add_missing_to_api_key(self):
+        admin_api_key = await self._api_key_dao.find_single_by([{ApiKey.id: 1}, {ApiKey.identifier: "admin"}])
+        if admin_api_key is None:
+            return
+
+        admin_permissions = await self._api_key_permission_dao.find_by_api_key_id(admin_api_key.id, with_deleted=True)
+        to_assign = [
+            ApiKeyPermission(0, admin_api_key.id, permission.id)
+            for permission in await self._permission_dao.get_all()
+            if permission.id not in [x.permission_id for x in admin_permissions]
+        ]
+        await self._api_key_permission_dao.create_many(to_assign)
+
+    async def _update_missing_descriptions(self):
+        permissions = {
+            permission.name: permission
+            for permission in await self._permission_dao.find_by([{Permission.description: None}])
+        }
+        to_update = []
+
+        if len(permissions) == 0:
+            return
+
+        for key in PermissionsRegistry.descriptions():
+            if key.value not in permissions:
+                continue
+
+            permissions[key.value].description = PermissionsRegistry.descriptions()[key]
+            to_update.append(permissions[key.value])
+
+        if len(to_update) == 0:
+            return
+
+        await self._permission_dao.update_many(to_update)

src/cpl-auth/cpl/auth/schema/__init__.py

@@ -0,0 +1,15 @@
+from ._administration.api_key import ApiKey
+from ._administration.api_key_dao import ApiKeyDao
+from ._administration.auth_user import AuthUser
+from ._administration.auth_user_dao import AuthUserDao
+
+from ._permission.api_key_permission import ApiKeyPermission
+from ._permission.api_key_permission_dao import ApiKeyPermissionDao
+from ._permission.permission import Permission
+from ._permission.permission_dao import PermissionDao
+from ._permission.role import Role
+from ._permission.role_dao import RoleDao
+from ._permission.role_permission import RolePermission
+from ._permission.role_permission_dao import RolePermissionDao
+from ._permission.role_user import RoleUser
+from ._permission.role_user_dao import RoleUserDao

src/cpl-auth/cpl/auth/schema/_administration/api_key.py

@@ -0,0 +1,66 @@
+import secrets
+from datetime import datetime
+from typing import Optional, Union
+
+from async_property import async_property
+
+from cpl.auth.permission.permissions import Permissions
+from cpl.core.environment.environment import Environment
+from cpl.core.log.logger import Logger
+from cpl.core.typing import Id, SerialId
+from cpl.core.utils.credential_manager import CredentialManager
+from cpl.database.abc.db_model_abc import DbModelABC
+from cpl.dependency.service_provider_abc import ServiceProviderABC
+
+_logger = Logger(__name__)
+
+
+class ApiKey(DbModelABC):
+
+    def __init__(
+        self,
+        id: SerialId,
+        identifier: str,
+        key: Union[str, bytes],
+        deleted: bool = False,
+        editor_id: Optional[Id] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbModelABC.__init__(self, id, deleted, editor_id, created, updated)
+        self._identifier = identifier
+        self._key = key
+
+    @property
+    def identifier(self) -> str:
+        return self._identifier
+
+    @property
+    def key(self) -> str:
+        return self._key
+
+    @property
+    def plain_key(self) -> str:
+        return CredentialManager.decrypt(self.key)
+
+    @async_property
+    async def permissions(self):
+        from cpl.auth.schema._permission.api_key_permission_dao import ApiKeyPermissionDao
+
+        apiKeyPermissionDao = ServiceProviderABC.get_global_provider().get_service(ApiKeyPermissionDao)
+
+        return [await x.permission for x in await apiKeyPermissionDao.find_by_api_key_id(self.id)]
+
+    async def has_permission(self, permission: Permissions) -> bool:
+        return permission.value in [x.name for x in await self.permissions]
+
+    def set_new_api_key(self):
+        self._key = self.new_key()
+
+    @staticmethod
+    def new_key() -> str:
+        return CredentialManager.encrypt(f"api_{secrets.token_urlsafe(Environment.get("API_KEY_LENGTH", int, 64))}")
+
+    @classmethod
+    def new(cls, identifier: str) -> "ApiKey":
+        return ApiKey(0, identifier, cls.new_key())

src/cpl-auth/cpl/auth/schema/_administration/api_key_dao.py

@@ -0,0 +1,32 @@
+from typing import Optional
+
+from cpl.auth.schema._administration.api_key import ApiKey
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class ApiKeyDao(DbModelDaoABC[ApiKey]):
+
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, ApiKey, TableManager.get("api_keys"))
+
+        self.attribute(ApiKey.identifier, str)
+        self.attribute(ApiKey.key, str, "keystring")
+
+    async def get_by_identifier(self, ident: str) -> ApiKey:
+        result = await self._db.select_map(f"SELECT * FROM {self._table_name} WHERE Identifier = '{ident}'")
+        return self.to_object(result[0])
+
+    async def get_by_key(self, key: str) -> ApiKey:
+        result = await self._db.select_map(f"SELECT * FROM {self._table_name} WHERE Keystring = '{key}'")
+        return self.to_object(result[0])
+
+    async def find_by_key(self, key: str) -> Optional[ApiKey]:
+        result = await self._db.select_map(f"SELECT * FROM {self._table_name} WHERE Keystring = '{key}'")
+        if not result or len(result) == 0:
+            return None
+
+        return self.to_object(result[0])

src/cpl-auth/cpl/auth/schema/_administration/auth_user.py

@@ -0,0 +1,89 @@
+import uuid
+from datetime import datetime
+from typing import Optional
+
+from async_property import async_property
+from keycloak import KeycloakGetError
+
+from cpl.auth.keycloak import KeycloakAdmin
+from cpl.auth.auth_logger import AuthLogger
+from cpl.auth.permission.permissions import Permissions
+from cpl.core.typing import SerialId
+from cpl.database.abc import DbModelABC
+from cpl.dependency import ServiceProviderABC
+
+_logger = AuthLogger(__name__)
+
+
+class AuthUser(DbModelABC):
+    def __init__(
+        self,
+        id: SerialId,
+        keycloak_id: str,
+        deleted: bool = False,
+        editor_id: Optional[SerialId] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbModelABC.__init__(self, id, deleted, editor_id, created, updated)
+        self._keycloak_id = keycloak_id
+
+    @property
+    def keycloak_id(self) -> str:
+        return self._keycloak_id
+
+    @property
+    def username(self):
+        if self._keycloak_id == str(uuid.UUID(int=0)):
+            return "ANONYMOUS"
+
+        try:
+            keycloak_admin: KeycloakAdmin = ServiceProviderABC.get_global_service(KeycloakAdmin)
+            return keycloak_admin.get_user(self._keycloak_id).get("username")
+        except KeycloakGetError as e:
+            return "UNKNOWN"
+        except Exception as e:
+            _logger.error(f"Failed to get user {self._keycloak_id} from Keycloak", e)
+            return "UNKNOWN"
+
+    @property
+    def email(self):
+        if self._keycloak_id == str(uuid.UUID(int=0)):
+            return "ANONYMOUS"
+
+        try:
+            keycloak_admin: KeycloakAdmin = ServiceProviderABC.get_global_service(KeycloakAdmin)
+            return keycloak_admin.get_user(self._keycloak_id).get("email")
+        except KeycloakGetError as e:
+            return "UNKNOWN"
+        except Exception as e:
+            _logger.error(f"Failed to get user {self._keycloak_id} from Keycloak", e)
+            return "UNKNOWN"
+
+    @async_property
+    async def roles(self):
+        from cpl.auth.schema._permission.role_user_dao import RoleUserDao
+
+        role_user_dao: RoleUserDao = ServiceProviderABC.get_global_service(RoleUserDao)
+        return [await x.role for x in await role_user_dao.get_by_user_id(self.id)]
+
+    @async_property
+    async def permissions(self):
+        from cpl.auth.schema._administration.auth_user_dao import AuthUserDao
+
+        auth_user_dao: AuthUserDao = ServiceProviderABC.get_global_service(AuthUserDao)
+        return await auth_user_dao.get_permissions(self.id)
+
+    async def has_permission(self, permission: Permissions) -> bool:
+        from cpl.auth.schema._administration.auth_user_dao import AuthUserDao
+
+        auth_user_dao: AuthUserDao = ServiceProviderABC.get_global_service(AuthUserDao)
+        return await auth_user_dao.has_permission(self.id, permission)
+
+    async def anonymize(self):
+        from cpl.auth.schema._administration.auth_user_dao import AuthUserDao
+
+        auth_user_dao: AuthUserDao = ServiceProviderABC.get_global_service(AuthUserDao)
+
+        self._keycloak_id = str(uuid.UUID(int=0))
+        await auth_user_dao.update(self)

src/cpl-auth/cpl/auth/schema/_administration/auth_user_dao.py

@@ -0,0 +1,72 @@
+from typing import Optional, Union
+
+from cpl.auth.permission.permissions import Permissions
+from cpl.auth.schema._administration.auth_user import AuthUser
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+from cpl.database.external_data_temp_table_builder import ExternalDataTempTableBuilder
+from cpl.dependency import ServiceProviderABC
+
+_logger = DBLogger(__name__)
+
+
+class AuthUserDao(DbModelDaoABC[AuthUser]):
+
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, AuthUser, TableManager.get("auth_users"))
+
+        self.attribute(AuthUser.keycloak_id, str, db_name="keycloakId")
+
+        async def get_users():
+            return [(x.id, x.username, x.email) for x in await self.get_all()]
+
+        self.use_external_fields(
+            ExternalDataTempTableBuilder()
+            .with_table_name(self._table_name)
+            .with_field("id", "int", True)
+            .with_field("username", "text")
+            .with_field("email", "text")
+            .with_value_getter(get_users)
+        )
+
+    async def get_by_keycloak_id(self, keycloak_id: str) -> AuthUser:
+        return await self.get_single_by({AuthUser.keycloak_id: keycloak_id})
+
+    async def find_by_keycloak_id(self, keycloak_id: str) -> Optional[AuthUser]:
+        return await self.find_single_by({AuthUser.keycloak_id: keycloak_id})
+
+    async def has_permission(self, user_id: int, permission: Union[Permissions, str]) -> bool:
+        from cpl.auth.schema._permission.permission_dao import PermissionDao
+
+        permission_dao: PermissionDao = ServiceProviderABC.get_global_service(PermissionDao)
+        p = await permission_dao.get_by_name(permission if isinstance(permission, str) else permission.value)
+        result = await self._db.select_map(
+            f"""
+            SELECT COUNT(*)
+            FROM permission.role_users ru
+            JOIN permission.role_permissions rp ON ru.roleId = rp.roleId
+            WHERE ru.userId = {user_id}
+            AND rp.permissionId = {p.id}
+            AND ru.deleted = FALSE
+            AND rp.deleted = FALSE;
+        """
+        )
+        if result is None or len(result) == 0:
+            return False
+
+        return result[0]["count"] > 0
+
+    async def get_permissions(self, user_id: int) -> list[Permissions]:
+        result = await self._db.select_map(
+            f"""
+            SELECT p.*
+            FROM permission.permissions p
+            JOIN permission.role_permissions rp ON p.id = rp.permissionId
+            JOIN permission.role_users ru ON rp.roleId = ru.roleId
+            WHERE ru.userId = {user_id}
+            AND rp.deleted = FALSE
+            AND ru.deleted = FALSE;
+            """
+        )
+        return [Permissions(p["name"]) for p in result]

src/cpl-auth/cpl/auth/schema/_permission/api_key_permission.py

@@ -0,0 +1,46 @@
+from datetime import datetime
+from typing import Optional
+
+from async_property import async_property
+
+from cpl.core.typing import SerialId
+from cpl.database.abc import DbJoinModelABC
+from cpl.dependency import ServiceProviderABC
+
+
+class ApiKeyPermission(DbJoinModelABC):
+    def __init__(
+        self,
+        id: SerialId,
+        api_key_id: SerialId,
+        permission_id: SerialId,
+        deleted: bool = False,
+        editor_id: Optional[SerialId] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbJoinModelABC.__init__(self, api_key_id, permission_id, id, deleted, editor_id, created, updated)
+        self._api_key_id = api_key_id
+        self._permission_id = permission_id
+
+    @property
+    def api_key_id(self) -> int:
+        return self._api_key_id
+
+    @async_property
+    async def api_key(self):
+        from cpl.auth.schema._administration.api_key_dao import ApiKeyDao
+
+        api_key_dao: ApiKeyDao = ServiceProviderABC.get_global_service(ApiKeyDao)
+        return await api_key_dao.get_by_id(self._api_key_id)
+
+    @property
+    def permission_id(self) -> int:
+        return self._permission_id
+
+    @async_property
+    async def permission(self):
+        from cpl.auth.schema._permission.permission_dao import PermissionDao
+
+        permission_dao: PermissionDao = ServiceProviderABC.get_global_service(PermissionDao)
+        return await permission_dao.get_by_id(self._permission_id)

src/cpl-auth/cpl/auth/schema/_permission/api_key_permission_dao.py

@@ -0,0 +1,29 @@
+from cpl.auth.schema._permission.api_key_permission import ApiKeyPermission
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class ApiKeyPermissionDao(DbModelDaoABC[ApiKeyPermission]):
+
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, ApiKeyPermission, TableManager.get("api_key_permissions"))
+
+        self.attribute(ApiKeyPermission.api_key_id, int)
+        self.attribute(ApiKeyPermission.permission_id, int)
+
+    async def find_by_api_key_id(self, api_key_id: int, with_deleted=False) -> list[ApiKeyPermission]:
+        f = [{ApiKeyPermission.api_key_id: api_key_id}]
+        if not with_deleted:
+            f.append({ApiKeyPermission.deleted: False})
+
+        return await self.find_by(f)
+
+    async def find_by_permission_id(self, permission_id: int, with_deleted=False) -> list[ApiKeyPermission]:
+        f = [{ApiKeyPermission.permission_id: permission_id}]
+        if not with_deleted:
+            f.append({ApiKeyPermission.deleted: False})
+
+        return await self.find_by(f)

src/cpl-auth/cpl/auth/schema/_permission/permission.py

@@ -0,0 +1,37 @@
+from datetime import datetime
+from typing import Optional
+
+from cpl.core.typing import SerialId
+from cpl.database.abc import DbModelABC
+
+
+class Permission(DbModelABC):
+    def __init__(
+        self,
+        id: SerialId,
+        name: str,
+        description: str,
+        deleted: bool = False,
+        editor_id: Optional[SerialId] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbModelABC.__init__(self, id, deleted, editor_id, created, updated)
+        self._name = name
+        self._description = description
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @name.setter
+    def name(self, value: str):
+        self._name = value
+
+    @property
+    def description(self) -> str:
+        return self._description
+
+    @description.setter
+    def description(self, value: str):
+        self._description = value

src/cpl-auth/cpl/auth/schema/_permission/permission_dao.py

@@ -0,0 +1,21 @@
+from typing import Optional
+
+from cpl.auth.schema._permission.permission import Permission
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class PermissionDao(DbModelDaoABC[Permission]):
+
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, Permission, TableManager.get("permissions"))
+
+        self.attribute(Permission.name, str)
+        self.attribute(Permission.description, Optional[str])
+
+    async def get_by_name(self, name: str) -> Permission:
+        result = await self._db.select_map(f"SELECT * FROM {self._table_name} WHERE Name = '{name}'")
+        return self.to_object(result[0])

src/cpl-auth/cpl/auth/schema/_permission/role.py

@@ -0,0 +1,66 @@
+from datetime import datetime
+from typing import Optional
+
+from async_property import async_property
+
+from cpl.auth.permission.permissions import Permissions
+from cpl.core.typing import SerialId
+from cpl.database.abc import DbModelABC
+from cpl.dependency import ServiceProviderABC
+
+
+class Role(DbModelABC):
+    def __init__(
+        self,
+        id: SerialId,
+        name: str,
+        description: str,
+        deleted: bool = False,
+        editor_id: Optional[SerialId] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbModelABC.__init__(self, id, deleted, editor_id, created, updated)
+        self._name = name
+        self._description = description
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @name.setter
+    def name(self, value: str):
+        self._name = value
+
+    @property
+    def description(self) -> str:
+        return self._description
+
+    @description.setter
+    def description(self, value: str):
+        self._description = value
+
+    @async_property
+    async def permissions(self):
+        from cpl.auth.schema._permission.role_permission_dao import RolePermissionDao
+
+        role_permission_dao: RolePermissionDao = ServiceProviderABC.get_global_service(RolePermissionDao)
+        return [await x.permission for x in await role_permission_dao.get_by_role_id(self.id)]
+
+    @async_property
+    async def users(self):
+        from cpl.auth.schema._permission.role_user_dao import RoleUserDao
+
+        role_user_dao: RoleUserDao = ServiceProviderABC.get_global_service(RoleUserDao)
+        return [await x.user for x in await role_user_dao.get_by_role_id(self.id)]
+
+    async def has_permission(self, permission: Permissions) -> bool:
+        from cpl.auth.schema._permission.permission_dao import PermissionDao
+        from cpl.auth.schema._permission.role_permission_dao import RolePermissionDao
+
+        permission_dao: PermissionDao = ServiceProviderABC.get_global_service(PermissionDao)
+        role_permission_dao: RolePermissionDao = ServiceProviderABC.get_global_service(RolePermissionDao)
+
+        p = await permission_dao.get_by_name(permission.value)
+
+        return p.id in [x.id for x in await role_permission_dao.get_by_role_id(self.id)]

src/cpl-auth/cpl/auth/schema/_permission/role_dao.py

@@ -0,0 +1,17 @@
+from cpl.auth.schema._permission.role import Role
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class RoleDao(DbModelDaoABC[Role]):
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, Role, TableManager.get("roles"))
+        self.attribute(Role.name, str)
+        self.attribute(Role.description, str)
+
+    async def get_by_name(self, name: str) -> Role:
+        result = await self._db.select_map(f"SELECT * FROM {self._table_name} WHERE Name = '{name}'")
+        return self.to_object(result[0])

src/cpl-auth/cpl/auth/schema/_permission/role_permission.py

@@ -0,0 +1,46 @@
+from datetime import datetime
+from typing import Optional
+
+from async_property import async_property
+
+from cpl.core.typing import SerialId
+from cpl.database.abc import DbModelABC
+from cpl.dependency import ServiceProviderABC
+
+
+class RolePermission(DbModelABC):
+    def __init__(
+        self,
+        id: SerialId,
+        role_id: SerialId,
+        permission_id: SerialId,
+        deleted: bool = False,
+        editor_id: Optional[SerialId] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbModelABC.__init__(self, id, deleted, editor_id, created, updated)
+        self._role_id = role_id
+        self._permission_id = permission_id
+
+    @property
+    def role_id(self) -> int:
+        return self._role_id
+
+    @async_property
+    async def role(self):
+        from cpl.auth.schema._permission.role_dao import RoleDao
+
+        role_dao: RoleDao = ServiceProviderABC.get_global_service(RoleDao)
+        return await role_dao.get_by_id(self._role_id)
+
+    @property
+    def permission_id(self) -> int:
+        return self._permission_id
+
+    @async_property
+    async def permission(self):
+        from cpl.auth.schema._permission.permission_dao import PermissionDao
+
+        permission_dao: PermissionDao = ServiceProviderABC.get_global_service(PermissionDao)
+        return await permission_dao.get_by_id(self._permission_id)

src/cpl-auth/cpl/auth/schema/_permission/role_permission_dao.py

@@ -0,0 +1,29 @@
+from cpl.auth.schema._permission.role_permission import RolePermission
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class RolePermissionDao(DbModelDaoABC[RolePermission]):
+
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, RolePermission, TableManager.get("role_permissions"))
+
+        self.attribute(RolePermission.role_id, int)
+        self.attribute(RolePermission.permission_id, int)
+
+    async def get_by_role_id(self, role_id: int, with_deleted=False) -> list[RolePermission]:
+        f = [{RolePermission.role_id: role_id}]
+        if not with_deleted:
+            f.append({RolePermission.deleted: False})
+
+        return await self.find_by(f)
+
+    async def get_by_permission_id(self, permission_id: int, with_deleted=False) -> list[RolePermission]:
+        f = [{RolePermission.permission_id: permission_id}]
+        if not with_deleted:
+            f.append({RolePermission.deleted: False})
+
+        return await self.find_by(f)

src/cpl-auth/cpl/auth/schema/_permission/role_user.py

@@ -0,0 +1,46 @@
+from datetime import datetime
+from typing import Optional
+
+from async_property import async_property
+
+from cpl.core.typing import SerialId
+from cpl.database.abc import DbJoinModelABC
+from cpl.dependency import ServiceProviderABC
+
+
+class RoleUser(DbJoinModelABC):
+    def __init__(
+        self,
+        id: SerialId,
+        user_id: SerialId,
+        role_id: SerialId,
+        deleted: bool = False,
+        editor_id: Optional[SerialId] = None,
+        created: Optional[datetime] = None,
+        updated: Optional[datetime] = None,
+    ):
+        DbJoinModelABC.__init__(self, id, user_id, role_id, deleted, editor_id, created, updated)
+        self._user_id = user_id
+        self._role_id = role_id
+
+    @property
+    def user_id(self) -> int:
+        return self._user_id
+
+    @async_property
+    async def user(self):
+        from cpl.auth.schema._administration.auth_user_dao import AuthUserDao
+
+        auth_user_dao: AuthUserDao = ServiceProviderABC.get_global_service(AuthUserDao)
+        return await auth_user_dao.get_by_id(self._user_id)
+
+    @property
+    def role_id(self) -> int:
+        return self._role_id
+
+    @async_property
+    async def role(self):
+        from cpl.auth.schema._permission.role_dao import RoleDao
+
+        role_dao: RoleDao = ServiceProviderABC.get_global_service(RoleDao)
+        return await role_dao.get_by_id(self._role_id)

src/cpl-auth/cpl/auth/schema/_permission/role_user_dao.py

@@ -0,0 +1,29 @@
+from cpl.auth.schema._permission.role_user import RoleUser
+from cpl.database import TableManager
+from cpl.database.abc import DbModelDaoABC
+from cpl.database.db_logger import DBLogger
+
+_logger = DBLogger(__name__)
+
+
+class RoleUserDao(DbModelDaoABC[RoleUser]):
+
+    def __init__(self):
+        DbModelDaoABC.__init__(self, __name__, RoleUser, TableManager.get("role_users"))
+
+        self.attribute(RoleUser.role_id, int)
+        self.attribute(RoleUser.user_id, int)
+
+    async def get_by_role_id(self, rid: int, with_deleted=False) -> list[RoleUser]:
+        f = [{RoleUser.role_id: rid}]
+        if not with_deleted:
+            f.append({RoleUser.deleted: False})
+
+        return await self.find_by(f)
+
+    async def get_by_user_id(self, uid: int, with_deleted=False) -> list[RoleUser]:
+        f = [{RoleUser.user_id: uid}]
+        if not with_deleted:
+            f.append({RoleUser.deleted: False})
+
+        return await self.find_by(f)

src/cpl-auth/cpl/auth/scripts/mysql/1-users.sql

@@ -0,0 +1,44 @@
+CREATE TABLE IF NOT EXISTS administration_auth_users
+(
+    id         INT AUTO_INCREMENT PRIMARY KEY,
+    keycloakId CHAR(36)  NOT NULL,
+    -- for history
+    deleted    BOOL      NOT NULL DEFAULT FALSE,
+    editorId   INT       NULL,
+    created    TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated    TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+
+    CONSTRAINT UC_KeycloakId UNIQUE (keycloakId),
+    CONSTRAINT FK_EditorId FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS administration_auth_users_history
+(
+    id INT NOT NULL,
+    keycloakId CHAR(36)  NOT NULL,
+    -- for history
+    deleted    BOOL      NOT NULL,
+    editorId   INT       NULL,
+    created    TIMESTAMP NOT NULL,
+    updated    TIMESTAMP NOT NULL
+);
+
+CREATE TRIGGER TR_administration_auth_usersUpdate
+    AFTER UPDATE
+    ON administration_auth_users
+    FOR EACH ROW
+BEGIN
+    INSERT INTO administration_auth_users_history
+        (id, keycloakId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.keycloakId, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_administration_auth_usersDelete
+    AFTER DELETE
+    ON administration_auth_users
+    FOR EACH ROW
+BEGIN
+    INSERT INTO administration_auth_users_history
+        (id, keycloakId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.keycloakId, 1, OLD.editorId, OLD.created, NOW());
+END;

src/cpl-auth/cpl/auth/scripts/mysql/2-api-key.sql

@@ -0,0 +1,46 @@
+CREATE TABLE IF NOT EXISTS administration_api_keys
+(
+    id         INT AUTO_INCREMENT PRIMARY KEY,
+    identifier VARCHAR(255) NOT NULL,
+    keyString  VARCHAR(255) NOT NULL,
+    deleted    BOOL         NOT NULL DEFAULT FALSE,
+    editorId   INT          NULL,
+    created    TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated    TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+
+    CONSTRAINT UC_Identifier_Key UNIQUE (identifier, keyString),
+    CONSTRAINT UC_Key UNIQUE (keyString),
+    CONSTRAINT FK_ApiKeys_Editor FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS administration_api_keys_history
+(
+    id INT NOT NULL,
+    identifier VARCHAR(255) NOT NULL,
+    keyString  VARCHAR(255) NOT NULL,
+    deleted    BOOL         NOT NULL,
+    editorId   INT          NULL,
+    created    TIMESTAMP    NOT NULL,
+    updated    TIMESTAMP    NOT NULL
+);
+
+
+CREATE TRIGGER TR_ApiKeysUpdate
+    AFTER UPDATE
+    ON administration_api_keys
+    FOR EACH ROW
+BEGIN
+    INSERT INTO administration_api_keys_history
+        (id, identifier, keyString, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.identifier, OLD.keyString, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_ApiKeysDelete
+    AFTER DELETE
+    ON administration_api_keys
+    FOR EACH ROW
+BEGIN
+    INSERT INTO administration_api_keys_history
+        (id, identifier, keyString, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.identifier, OLD.keyString, 1, OLD.editorId, OLD.created, NOW());
+END;

src/cpl-auth/cpl/auth/scripts/mysql/3-roles-permissions.sql

@@ -0,0 +1,179 @@
+CREATE TABLE IF NOT EXISTS permission_permissions
+(
+    id          INT AUTO_INCREMENT PRIMARY KEY,
+    name        VARCHAR(255) NOT NULL,
+    description TEXT         NULL,
+    deleted     BOOL         NOT NULL DEFAULT FALSE,
+    editorId    INT          NULL,
+    created     TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated     TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    CONSTRAINT UQ_PermissionName UNIQUE (name),
+    CONSTRAINT FK_Permissions_Editor FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS permission_permissions_history
+(
+    id INT NOT NULL,
+    name        VARCHAR(255) NOT NULL,
+    description TEXT         NULL,
+    deleted     BOOL         NOT NULL,
+    editorId    INT          NULL,
+    created     TIMESTAMP    NOT NULL,
+    updated     TIMESTAMP    NOT NULL
+);
+
+CREATE TRIGGER TR_PermissionsUpdate
+    AFTER UPDATE
+    ON permission_permissions
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_permissions_history
+        (id, name, description, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.name, OLD.description, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_PermissionsDelete
+    AFTER DELETE
+    ON permission_permissions
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_permissions_history
+        (id, name, description, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.name, OLD.description, 1, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TABLE IF NOT EXISTS permission_roles
+(
+    id          INT AUTO_INCREMENT PRIMARY KEY,
+    name        VARCHAR(255) NOT NULL,
+    description TEXT         NULL,
+    deleted     BOOL         NOT NULL DEFAULT FALSE,
+    editorId    INT          NULL,
+    created     TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated     TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    CONSTRAINT UQ_RoleName UNIQUE (name),
+    CONSTRAINT FK_Roles_Editor FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS permission_roles_history
+(
+    id INT NOT NULL,
+    name        VARCHAR(255) NOT NULL,
+    description TEXT         NULL,
+    deleted     BOOL         NOT NULL,
+    editorId    INT          NULL,
+    created     TIMESTAMP    NOT NULL,
+    updated     TIMESTAMP    NOT NULL
+);
+
+CREATE TRIGGER TR_RolesUpdate
+    AFTER UPDATE
+    ON permission_roles
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_roles_history
+        (id, name, description, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.name, OLD.description, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_RolesDelete
+    AFTER DELETE
+    ON permission_roles
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_roles_history
+        (id, name, description, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.name, OLD.description, 1, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TABLE IF NOT EXISTS permission_role_permissions
+(
+    id           INT AUTO_INCREMENT PRIMARY KEY,
+    RoleId       INT       NOT NULL,
+    permissionId INT       NOT NULL,
+    deleted      BOOL      NOT NULL DEFAULT FALSE,
+    editorId     INT       NULL,
+    created      TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated      TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    CONSTRAINT UQ_RolePermission UNIQUE (RoleId, permissionId),
+    CONSTRAINT FK_RolePermissions_Role FOREIGN KEY (RoleId) REFERENCES permission_roles (id) ON DELETE CASCADE,
+    CONSTRAINT FK_RolePermissions_Permission FOREIGN KEY (permissionId) REFERENCES permission_permissions (id) ON DELETE CASCADE,
+    CONSTRAINT FK_RolePermissions_Editor FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS permission_role_permissions_history
+(
+    id INT NOT NULL,
+    RoleId       INT       NOT NULL,
+    permissionId INT       NOT NULL,
+    deleted      BOOL      NOT NULL,
+    editorId     INT       NULL,
+    created      TIMESTAMP NOT NULL,
+    updated      TIMESTAMP NOT NULL
+);
+
+CREATE TRIGGER TR_RolePermissionsUpdate
+    AFTER UPDATE
+    ON permission_role_permissions
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_role_permissions_history
+        (id, RoleId, permissionId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.RoleId, OLD.permissionId, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_RolePermissionsDelete
+    AFTER DELETE
+    ON permission_role_permissions
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_role_permissions_history
+        (id, RoleId, permissionId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.RoleId, OLD.permissionId, 1, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TABLE IF NOT EXISTS permission_role_auth_users
+(
+    id       INT AUTO_INCREMENT PRIMARY KEY,
+    RoleId   INT       NOT NULL,
+    UserId   INT       NOT NULL,
+    deleted  BOOL      NOT NULL DEFAULT FALSE,
+    editorId INT       NULL,
+    created  TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated  TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    CONSTRAINT UQ_RoleUser UNIQUE (RoleId, UserId),
+    CONSTRAINT FK_Roleauth_users_Role FOREIGN KEY (RoleId) REFERENCES permission_roles (id) ON DELETE CASCADE,
+    CONSTRAINT FK_Roleauth_users_User FOREIGN KEY (UserId) REFERENCES administration_auth_users (id) ON DELETE CASCADE,
+    CONSTRAINT FK_Roleauth_users_Editor FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS permission_role_auth_users_history
+(
+    id INT NOT NULL,
+    RoleId   INT       NOT NULL,
+    UserId   INT       NOT NULL,
+    deleted  BOOL      NOT NULL,
+    editorId INT       NULL,
+    created  TIMESTAMP NOT NULL,
+    updated  TIMESTAMP NOT NULL
+);
+
+CREATE TRIGGER TR_Roleauth_usersUpdate
+    AFTER UPDATE
+    ON permission_role_auth_users
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_role_auth_users_history
+        (id, RoleId, UserId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.RoleId, OLD.UserId, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_Roleauth_usersDelete
+    AFTER DELETE
+    ON permission_role_auth_users
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_role_auth_users_history
+        (id, RoleId, UserId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.RoleId, OLD.UserId, 1, OLD.editorId, OLD.created, NOW());
+END;

src/cpl-auth/cpl/auth/scripts/mysql/4-api-key-permissions.sql

@@ -0,0 +1,46 @@
+CREATE TABLE IF NOT EXISTS permission_api_key_permissions
+(
+    id           INT AUTO_INCREMENT PRIMARY KEY,
+    apiKeyId     INT       NOT NULL,
+    permissionId INT       NOT NULL,
+    deleted      BOOL      NOT NULL DEFAULT FALSE,
+    editorId     INT       NULL,
+    created      TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated      TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    CONSTRAINT UQ_ApiKeyPermission UNIQUE (apiKeyId, permissionId),
+    CONSTRAINT FK_ApiKeyPermissions_ApiKey FOREIGN KEY (apiKeyId) REFERENCES administration_api_keys (id) ON DELETE CASCADE,
+    CONSTRAINT FK_ApiKeyPermissions_Permission FOREIGN KEY (permissionId) REFERENCES permission_permissions (id) ON DELETE CASCADE,
+    CONSTRAINT FK_ApiKeyPermissions_Editor FOREIGN KEY (editorId) REFERENCES administration_auth_users (id)
+);
+
+CREATE TABLE IF NOT EXISTS permission_api_key_permissions_history
+(
+    id INT NOT NULL,
+    apiKeyId     INT       NOT NULL,
+    permissionId INT       NOT NULL,
+    deleted      BOOL      NOT NULL,
+    editorId     INT       NULL,
+    created      TIMESTAMP NOT NULL,
+    updated      TIMESTAMP NOT NULL
+);
+
+CREATE TRIGGER TR_ApiKeyPermissionsUpdate
+    AFTER UPDATE
+    ON permission_api_key_permissions
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_api_key_permissions_history
+        (id, apiKeyId, permissionId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.apiKeyId, OLD.permissionId, OLD.deleted, OLD.editorId, OLD.created, NOW());
+END;
+
+CREATE TRIGGER TR_ApiKeyPermissionsDelete
+    AFTER DELETE
+    ON permission_api_key_permissions
+    FOR EACH ROW
+BEGIN
+    INSERT INTO permission_api_key_permissions_history
+        (id, apiKeyId, permissionId, deleted, editorId, created, updated)
+    VALUES (OLD.id, OLD.apiKeyId, OLD.permissionId, 1, OLD.editorId, OLD.created, NOW());
+END;
+

src/cpl-auth/cpl/auth/scripts/postgres/1-users.sql

@@ -0,0 +1,26 @@
+CREATE SCHEMA IF NOT EXISTS administration;
+
+CREATE TABLE IF NOT EXISTS administration.auth_users
+(
+    id         SERIAL PRIMARY KEY,
+    keycloakId UUID        NOT NULL,
+    -- for history
+    deleted    BOOLEAN     NOT NULL DEFAULT FALSE,
+    editorId   INT         NULL REFERENCES administration.auth_users (id),
+    created    timestamptz NOT NULL DEFAULT NOW(),
+    updated    timestamptz NOT NULL DEFAULT NOW(),
+
+    CONSTRAINT UC_KeycloakId UNIQUE (keycloakId)
+);
+
+CREATE TABLE IF NOT EXISTS administration.auth_users_history
+(
+    LIKE administration.auth_users
+);
+
+CREATE TRIGGER users_history_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON administration.auth_users
+    FOR EACH ROW
+EXECUTE FUNCTION public.history_trigger_function();
+

src/cpl-auth/cpl/auth/scripts/postgres/2-api-key.sql

@@ -0,0 +1,28 @@
+CREATE SCHEMA IF NOT EXISTS administration;
+
+CREATE TABLE IF NOT EXISTS administration.api_keys
+(
+    id         SERIAL PRIMARY KEY,
+    identifier VARCHAR(255) NOT NULL,
+    keyString  VARCHAR(255) NOT NULL,
+    -- for history
+    deleted    BOOLEAN      NOT NULL DEFAULT FALSE,
+    editorId   INT          NULL REFERENCES administration.auth_users (id),
+    created    timestamptz  NOT NULL DEFAULT NOW(),
+    updated    timestamptz  NOT NULL DEFAULT NOW(),
+
+    CONSTRAINT UC_Identifier_Key UNIQUE (identifier, keyString),
+    CONSTRAINT UC_Key UNIQUE (keyString)
+);
+
+CREATE TABLE IF NOT EXISTS administration.api_keys_history
+(
+    LIKE administration.api_keys
+);
+
+CREATE TRIGGER api_keys_history_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON administration.api_keys
+    FOR EACH ROW
+EXECUTE FUNCTION public.history_trigger_function();
+

src/cpl-auth/cpl/auth/scripts/postgres/3-roles-permissions.sql

@@ -0,0 +1,105 @@
+CREATE SCHEMA IF NOT EXISTS permission;
+
+-- Permissions
+CREATE TABLE permission.permissions
+(
+    id          SERIAL PRIMARY KEY,
+    name        VARCHAR(255) NOT NULL,
+    description TEXT         NULL,
+
+    -- for history
+    deleted     BOOLEAN      NOT NULL DEFAULT FALSE,
+    editorId    INT          NULL REFERENCES administration.auth_users (id),
+    created     timestamptz  NOT NULL DEFAULT NOW(),
+    updated     timestamptz  NOT NULL DEFAULT NOW(),
+    CONSTRAINT UQ_PermissionName UNIQUE (name)
+);
+
+CREATE TABLE permission.permissions_history
+(
+    LIKE permission.permissions
+);
+
+CREATE TRIGGER versioning_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON permission.permissions
+    FOR EACH ROW
+EXECUTE PROCEDURE public.history_trigger_function();
+
+-- Roles
+CREATE TABLE permission.roles
+(
+    id          SERIAL PRIMARY KEY,
+    name        VARCHAR(255) NOT NULL,
+    description TEXT         NULL,
+
+    -- for history
+    deleted     BOOLEAN      NOT NULL DEFAULT FALSE,
+    editorId    INT          NULL REFERENCES administration.auth_users (id),
+    created     timestamptz  NOT NULL DEFAULT NOW(),
+    updated     timestamptz  NOT NULL DEFAULT NOW(),
+    CONSTRAINT UQ_RoleName UNIQUE (name)
+);
+
+CREATE TABLE permission.roles_history
+(
+    LIKE permission.roles
+);
+
+CREATE TRIGGER versioning_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON permission.roles
+    FOR EACH ROW
+EXECUTE PROCEDURE public.history_trigger_function();
+
+-- Role permissions
+CREATE TABLE permission.role_permissions
+(
+    id           SERIAL PRIMARY KEY,
+    RoleId       INT         NOT NULL REFERENCES permission.roles (id) ON DELETE CASCADE,
+    permissionId INT         NOT NULL REFERENCES permission.permissions (id) ON DELETE CASCADE,
+
+    -- for history
+    deleted      BOOLEAN     NOT NULL DEFAULT FALSE,
+    editorId     INT         NULL REFERENCES administration.auth_users (id),
+    created      timestamptz NOT NULL DEFAULT NOW(),
+    updated      timestamptz NOT NULL DEFAULT NOW(),
+    CONSTRAINT UQ_RolePermission UNIQUE (RoleId, permissionId)
+);
+
+CREATE TABLE permission.role_permissions_history
+(
+    LIKE permission.role_permissions
+);
+
+CREATE TRIGGER versioning_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON permission.role_permissions
+    FOR EACH ROW
+EXECUTE PROCEDURE public.history_trigger_function();
+
+-- Role user
+CREATE TABLE permission.role_users
+(
+    id       SERIAL PRIMARY KEY,
+    RoleId   INT         NOT NULL REFERENCES permission.roles (id) ON DELETE CASCADE,
+    UserId   INT         NOT NULL REFERENCES administration.auth_users (id) ON DELETE CASCADE,
+
+    -- for history
+    deleted  BOOLEAN     NOT NULL DEFAULT FALSE,
+    editorId INT         NULL REFERENCES administration.auth_users (id),
+    created  timestamptz NOT NULL DEFAULT NOW(),
+    updated  timestamptz NOT NULL DEFAULT NOW(),
+    CONSTRAINT UQ_RoleUser UNIQUE (RoleId, UserId)
+);
+
+CREATE TABLE permission.role_users_history
+(
+    LIKE permission.role_users
+);
+
+CREATE TRIGGER versioning_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON permission.role_users
+    FOR EACH ROW
+EXECUTE PROCEDURE public.history_trigger_function();

src/cpl-auth/cpl/auth/scripts/postgres/4-api-key-permissions.sql

@@ -0,0 +1,24 @@
+CREATE TABLE permission.api_key_permissions
+(
+    id           SERIAL PRIMARY KEY,
+    apiKeyId     INT         NOT NULL REFERENCES administration.api_keys (id) ON DELETE CASCADE,
+    permissionId INT         NOT NULL REFERENCES permission.permissions (id) ON DELETE CASCADE,
+
+    -- for history
+    deleted      BOOLEAN     NOT NULL DEFAULT FALSE,
+    editorId     INT         NULL REFERENCES administration.auth_users (id),
+    created      timestamptz NOT NULL DEFAULT NOW(),
+    updated      timestamptz NOT NULL DEFAULT NOW(),
+    CONSTRAINT UQ_ApiKeyPermission UNIQUE (apiKeyId, permissionId)
+);
+
+CREATE TABLE permission.api_key_permissions_history
+(
+    LIKE permission.api_key_permissions
+);
+
+CREATE TRIGGER versioning_trigger
+    BEFORE INSERT OR UPDATE OR DELETE
+    ON permission.api_key_permissions
+    FOR EACH ROW
+EXECUTE PROCEDURE public.history_trigger_function();

src/cpl-auth/pyproject.toml

@@ -0,0 +1,30 @@
+[build-system]
+requires = ["setuptools>=70.1.0", "wheel>=0.43.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "cpl-auth"
+version = "2024.7.0"
+description = "CPL auth"
+readme ="CPL auth package"
+requires-python = ">=3.12"
+license = { text = "MIT" }
+authors = [
+    { name = "Sven Heidemann", email = "sven.heidemann@sh-edraft.de" }
+]
+keywords = ["cpl", "auth", "backend", "shared", "library"]
+
+dynamic = ["dependencies", "optional-dependencies"]
+
+[project.urls]
+Homepage = "https://www.sh-edraft.de"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["cpl*"]
+
+[tool.setuptools.dynamic]
+dependencies = { file = ["requirements.txt"] }
+optional-dependencies.dev = { file = ["requirements.dev.txt"] }
+
+

src/cpl-auth/requirements.dev.txt

@@ -0,0 +1 @@
+black==25.1.0

src/cpl-auth/requirements.txt

@@ -0,0 +1,4 @@
+cpl-core
+cpl-dependency
+cpl-database
+python-keycloak==5.8.1

src/cpl-core/cpl/core/configuration/__init__.py

@@ -0,0 +1,2 @@
+from .configuration import Configuration
+from .configuration_model_abc import ConfigurationModelABC

src/cpl-core/cpl/core/configuration/configuration.py

@@ -0,0 +1,137 @@
+import inspect
+import json
+import os
+import sys
+from inspect import isclass
+from typing import Any
+
+from cpl.core.configuration.configuration_model_abc import ConfigurationModelABC
+from cpl.core.console.console import Console
+from cpl.core.console.foreground_color_enum import ForegroundColorEnum
+from cpl.core.typing import D, T
+
+
+class Configuration:
+    _config = {}
+
+    @staticmethod
+    def _print_info(message: str):
+        r"""Prints an info message
+
+        Parameter:
+            name: :class:`str`
+                Info name
+            message: :class:`str`
+                Info message
+        """
+        Console.set_foreground_color(ForegroundColorEnum.green)
+        Console.write_line(f"[CONFIG] {message}")
+        Console.set_foreground_color(ForegroundColorEnum.default)
+
+    @staticmethod
+    def _print_warn(message: str):
+        r"""Prints a warning
+
+        Parameter:
+            name: :class:`str`
+                Warning name
+            message: :class:`str`
+                Warning message
+        """
+        Console.set_foreground_color(ForegroundColorEnum.yellow)
+        Console.write_line(f"[CONFIG] {message}")
+        Console.set_foreground_color(ForegroundColorEnum.default)
+
+    @staticmethod
+    def _print_error(message: str):
+        r"""Prints an error
+
+        Parameter:
+            name: :class:`str`
+                Error name
+            message: :class:`str`
+                Error message
+        """
+        Console.set_foreground_color(ForegroundColorEnum.red)
+        Console.write_line(f"[CONFIG] {message}")
+        Console.set_foreground_color(ForegroundColorEnum.default)
+
+    @classmethod
+    def _load_json_file(cls, file: str, output: bool) -> dict:
+        r"""Reads the json file
+
+        Parameter:
+            file: :class:`str`
+                Name of the file
+            output: :class:`bool`
+                Specifies whether an output should take place
+
+        Returns:
+            Object of :class:`dict`
+        """
+        try:
+            # open config file, create if not exists
+            with open(file, encoding="utf-8") as cfg:
+                # load json
+                json_cfg = json.load(cfg)
+                if output:
+                    cls._print_info(f"Loaded config file: {file}")
+
+                return json_cfg
+        except Exception as e:
+            cls._print_error(f"Cannot load config file: {file}! -> {e}")
+            return {}
+
+    @classmethod
+    def add_json_file(cls, name: str, optional: bool = None, output: bool = True, path: str = None):
+        if os.path.isabs(name):
+            file_path = name
+        else:
+            from cpl.core.environment import Environment
+
+            path_root = Environment.get_cwd()
+            if path is not None:
+                path_root = path
+
+            if str(path_root).endswith("/") and not name.startswith("/"):
+                file_path = f"{path_root}{name}"
+            else:
+                file_path = f"{path_root}/{name}"
+
+        if not os.path.isfile(file_path):
+            if optional is not True:
+                if output:
+                    cls._print_error(f"File not found: {file_path}")
+
+                sys.exit()
+
+            if output:
+                cls._print_warn(f"Not Loaded config file: {file_path}")
+
+            return None
+
+        config_from_file = cls._load_json_file(file_path, output)
+        for sub in ConfigurationModelABC.__subclasses__():
+            for key, value in config_from_file.items():
+                if sub.__name__ != key and sub.__name__.replace("Settings", "") != key:
+                    continue
+
+                cls.set(sub, sub(value))
+
+    @classmethod
+    def set(cls, key: Any, value: T):
+        if inspect.isclass(key):
+            key = key.__name__
+
+        cls._config[key] = value
+
+    @classmethod
+    def get(cls, key: Any, default: D = None) -> T | D:
+        key_name = key.__name__ if inspect.isclass(key) else key
+
+        result = cls._config.get(key_name, default)
+        if isclass(key) and issubclass(key, ConfigurationModelABC) and result == default:
+            result = key()
+            cls.set(key, result)
+
+        return result

src/cpl-core/cpl/core/configuration/configuration_model_abc.py

@@ -0,0 +1,82 @@
+from abc import ABC, abstractmethod
+from typing import Optional, Type, Any
+
+from cpl.core.typing import T
+from cpl.core.utils.cast import cast
+from cpl.core.utils.get_value import get_value
+from cpl.core.utils.string import String
+
+
+class ConfigurationModelABC(ABC):
+    r"""
+    ABC for configuration model classes
+    """
+
+    @abstractmethod
+    def __init__(
+        self,
+        src: Optional[dict] = None,
+        env_prefix: Optional[str] = None,
+        readonly: bool = True,
+    ):
+        ABC.__init__(self)
+
+        self._src = src or {}
+        self._options: dict[str, Any] = {}
+
+        self._env_prefix = env_prefix
+        self._readonly = readonly
+
+    def __setattr__(self, attr: str, value: Any):
+        if hasattr(self, "_readonly") and self._readonly:
+            raise AttributeError(f"Cannot set attribute: {attr}. {type(self).__name__} is read-only")
+
+        super().__setattr__(attr, value)
+
+    def __getattr__(self, attr: str) -> Any:
+        options = super().__getattribute__("_options")
+        if attr in options:
+            return options[attr]
+
+        return super().__getattribute__(attr)
+
+    def option(self, field: str, cast_type: Type[T], default=None, required=False, from_env=True):
+        value = None
+
+        field_variants = [
+            field,
+            String.first_to_upper(field),
+            String.first_to_lower(field),
+            String.to_camel_case(field),
+            String.to_snake_case(field),
+            String.to_pascal_case(field),
+        ]
+
+        value = None
+        for variant in field_variants:
+            if variant in self._src:
+                value = self._src[variant]
+                break
+
+        if value is None and from_env:
+            from cpl.core.environment import Environment
+
+            env_field = field.upper()
+            if self._env_prefix:
+                env_field = f"{self._env_prefix}_{env_field}"
+
+            value = cast(Environment.get(env_field, str), cast_type)
+
+        if value is None and required:
+            raise ValueError(f"{type(self).__name__}.{field} is required")
+        elif value is None:
+            self._options[field] = default
+            return
+
+        self._options[field] = cast(value, cast_type)
+
+    def get(self, field: str, default=None) -> Optional[T]:
+        return get_value(self._src, field, self._options[field].type, default)
+
+    def to_dict(self) -> dict:
+        return {field: self.get(field) for field in self._options.keys()}

src/cpl-core/cpl/core/console/__init__.py

@@ -0,0 +1,4 @@
+from .background_color_enum import BackgroundColorEnum
+from .console import Console
+from ._call import ConsoleCall
+from .foreground_color_enum import ForegroundColorEnum

src/cpl-core/cpl/core/console/_call.py

@@ -1,14 +1,17 @@
-from collections import Callable
+from collections.abc import Callable
 
 
 class ConsoleCall:
+    r"""Represents a console call, for hold back when spinner is active
+
+    Parameter:
+        function: :class:`Callable`
+            Function to call
+        args: :class:`list`
+            List of arguments
+    """
 
     def __init__(self, function: Callable, *args):
-        """
-        Represents a console call, for hold back when spinner is active
-        :param function:
-        :param args:
-        """
         self._func = function
         self._args = args
 

src/cpl-core/cpl/core/console/_spinner.py

@@ -0,0 +1,95 @@
+import os
+import sys
+import multiprocessing
+import time
+from multiprocessing import Process
+
+from termcolor import colored
+
+from cpl.core.console.background_color_enum import BackgroundColorEnum
+from cpl.core.console.foreground_color_enum import ForegroundColorEnum
+
+
+class Spinner(Process):
+    r"""Process to show spinner in terminal
+
+    Parameter:
+        msg_len: :class:`int`
+            Length of the message
+        foreground_color: :class:`cpl.core.console.foreground_color.ForegroundColorEnum`
+            Foreground color of the spinner
+        background_color: :class:`cpl.core.console.background_color.BackgroundColorEnum`
+            Background color of the spinner
+    """
+
+    def __init__(self, msg_len: int, foreground_color: ForegroundColorEnum, background_color: BackgroundColorEnum):
+        Process.__init__(self)
+
+        self._msg_len = msg_len
+        self._foreground_color = foreground_color
+        self._background_color = background_color
+
+        self._is_spinning = True
+        self._exit = False
+
+    @staticmethod
+    def _spinner():
+        r"""Selects active spinner char"""
+        while True:
+            for cursor in "|/-\\":
+                yield cursor
+
+    def _get_color_args(self) -> list[str]:
+        r"""Creates color arguments"""
+        color_args = []
+        if self._foreground_color is not None:
+            color_args.append(str(self._foreground_color.value))
+
+        if self._background_color is not None:
+            color_args.append(str(self._background_color.value))
+
+        return color_args
+
+    def run(self) -> None:
+        r"""Entry point of process, shows the spinner"""
+        columns = 0
+        if sys.platform == "win32":
+            columns = os.get_terminal_size().columns
+        else:
+            values = os.popen("stty size", "r").read().split()
+            term_rows, term_columns = values if len(values) == 2 else (0, 0)
+            columns = int(term_columns)
+
+        end_msg = "done"
+
+        padding = columns - self._msg_len - len(end_msg)
+        if padding > 0:
+            print(f'{"" : >{padding}}', end="")
+        else:
+            print("", end="")
+
+        spinner = self._spinner()
+        while self._is_spinning:
+            print(colored(f"{next(spinner): >{len(end_msg)}}", *self._get_color_args()), end="")
+            time.sleep(0.1)
+            back = ""
+            for i in range(0, len(end_msg)):
+                back += "\b"
+
+            print(back, end="")
+            sys.stdout.flush()
+
+        if not self._exit:
+            print(colored(end_msg, *self._get_color_args()), end="")
+
+    def stop(self):
+        r"""Stops the spinner"""
+        self._is_spinning = False
+        super().terminate()
+        time.sleep(0.1)
+
+    def exit(self):
+        r"""Stops the spinner"""
+        self._is_spinning = False
+        self._exit = True
+        time.sleep(0.1)

src/cpl-core/cpl/core/console/background_color_enum.py

@@ -0,0 +1,13 @@
+from enum import Enum
+
+
+class BackgroundColorEnum(Enum):
+    default = "on_default"
+    grey = "on_grey"
+    red = "on_red"
+    green = "on_green"
+    yellow = "on_yellow"
+    blue = "on_blue"
+    magenta = "on_magenta"
+    cyan = "on_cyan"
+    white = "on_white"

src/cpl-core/cpl/core/console/console.py

@@ -0,0 +1,578 @@
+import os
+import sys
+import time
+from collections.abc import Callable
+from typing import Union, Optional
+
+from art import text2art
+import colorama
+from tabulate import tabulate
+from termcolor import colored
+
+from cpl.core.console.background_color_enum import BackgroundColorEnum
+from cpl.core.console._call import ConsoleCall
+from cpl.core.console.foreground_color_enum import ForegroundColorEnum
+from cpl.core.console._spinner import Spinner
+
+
+class Console:
+    r"""Useful functions for handling with input and output"""
+
+    colorama.init()
+    _is_first_write = True
+
+    _background_color: BackgroundColorEnum = BackgroundColorEnum.default
+    _foreground_color: ForegroundColorEnum = ForegroundColorEnum.default
+    _x: Optional[int] = None
+    _y: Optional[int] = None
+    _disabled: bool = False
+
+    _hold_back = False
+    _hold_back_calls: list[ConsoleCall] = []
+
+    _select_menu_items: list[str] = []
+    _is_first_select_menu_output = True
+    _selected_menu_item_index: int = 0
+    _selected_menu_item_char: str = ""
+    _selected_menu_option_foreground_color: ForegroundColorEnum = ForegroundColorEnum.default
+    _selected_menu_option_background_color: BackgroundColorEnum = BackgroundColorEnum.default
+    _selected_menu_cursor_foreground_color: ForegroundColorEnum = ForegroundColorEnum.default
+    _selected_menu_cursor_background_color: BackgroundColorEnum = BackgroundColorEnum.default
+
+    """Properties"""
+
+    @classmethod
+    @property
+    def background_color(cls) -> str:
+        return str(cls._background_color.value)
+
+    @classmethod
+    @property
+    def foreground_color(cls) -> str:
+        return str(cls._foreground_color.value)
+
+    """Settings"""
+
+    @classmethod
+    def set_hold_back(cls, value: bool):
+        cls._hold_back = value
+
+    @classmethod
+    def set_background_color(cls, color: Union[BackgroundColorEnum, str]):
+        r"""Sets the background color
+
+        Parameter:
+            color: Union[:class:`cpl.core.console.background_color_enum.BackgroundColorEnum`, :class:`str`]
+                Background color of the console
+        """
+        if type(color) is str:
+            cls._background_color = BackgroundColorEnum[color]
+        else:
+            cls._background_color = color
+
+    @classmethod
+    def set_foreground_color(cls, color: Union[ForegroundColorEnum, str]):
+        r"""Sets the foreground color
+
+        Parameter:
+            color: Union[:class:`cpl.core.console.background_color_enum.BackgroundColorEnum`, :class:`str`]
+                Foreground color of the console
+        """
+        if type(color) is str:
+            cls._foreground_color = ForegroundColorEnum[color]
+        else:
+            cls._foreground_color = color
+
+    @classmethod
+    def reset_cursor_position(cls):
+        r"""Resets cursor position"""
+        cls._x = None
+        cls._y = None
+
+    @classmethod
+    def set_cursor_position(cls, x: int, y: int):
+        r"""Sets cursor position
+
+        Parameter:
+            x: :class:`int`
+                X coordinate
+            y: :class:`int`
+                Y coordinate
+        """
+        cls._x = x
+        cls._y = y
+
+    """Useful protected functions"""
+
+    @classmethod
+    def _output(cls, string: str, x: int = None, y: int = None, end: str = None):
+        r"""Prints given output with given format
+
+        Parameter:
+            string: :class:`str`
+                Message to print
+            x: :class:`int`
+                X coordinate
+            y: :class:`int`
+                Y coordinate
+            end: :class:`str`
+                End character of the message (could be \n)
+        """
+        if cls._is_first_write:
+            cls._is_first_write = False
+
+        if end is None:
+            end = "\n"
+
+        args = []
+        colored_args = []
+        if x is not None and y is not None:
+            args.append(f"\033[{y};{x}H")
+        elif cls._x is not None and cls._y is not None:
+            args.append(f"\033[{cls._y};{cls._x}H")
+
+        colored_args.append(string)
+        if (
+            cls._foreground_color != ForegroundColorEnum.default
+            and cls._background_color == BackgroundColorEnum.default
+        ):
+            colored_args.append(cls._foreground_color.value)
+        elif (
+            cls._foreground_color == ForegroundColorEnum.default
+            and cls._background_color != BackgroundColorEnum.default
+        ):
+            colored_args.append(cls._background_color.value)
+        elif (
+            cls._foreground_color != ForegroundColorEnum.default
+            and cls._background_color != BackgroundColorEnum.default
+        ):
+            colored_args.append(cls._foreground_color.value)
+            colored_args.append(cls._background_color.value)
+
+        args.append(colored(*colored_args))
+        print(*args, end=end)
+
+    @classmethod
+    def _show_select_menu(cls):
+        r"""Shows the select menu"""
+        if not cls._is_first_select_menu_output:
+            for _ in range(0, len(cls._select_menu_items) + 1):
+                sys.stdout.write("\x1b[1A\x1b[2K")
+        else:
+            cls._is_first_select_menu_output = False
+
+        for i in range(0, len(cls._select_menu_items)):
+            Console.set_foreground_color(cls._selected_menu_cursor_foreground_color)
+            Console.set_background_color(cls._selected_menu_cursor_background_color)
+            placeholder = ""
+            for _ in cls._selected_menu_item_char:
+                placeholder += " "
+
+            Console.write_line(
+                f"{cls._selected_menu_item_char if cls._selected_menu_item_index == i else placeholder} "
+            )
+            Console.set_foreground_color(cls._selected_menu_option_foreground_color)
+            Console.set_background_color(cls._selected_menu_option_background_color)
+            Console.write(f"{cls._select_menu_items[i]}")
+
+        Console.write_line()
+
+    @classmethod
+    def _select_menu_key_press(cls, key):
+        r"""Event function when key press is detected
+
+        Parameter:
+            key: :class:`pynput.keyboard.Key`
+                Pressed key
+        """
+        from pynput.keyboard import Key
+
+        if key == Key.down:
+            if cls._selected_menu_item_index == len(cls._select_menu_items) - 1:
+                return
+            cls._selected_menu_item_index += 1
+            cls._show_select_menu()
+
+        elif key == Key.up:
+            if cls._selected_menu_item_index == 0:
+                return
+            cls._selected_menu_item_index -= 1
+            cls._show_select_menu()
+
+        elif key == Key.enter:
+            return False
+
+    """ Useful public functions"""
+
+    @classmethod
+    def banner(cls, string: str):
+        r"""Prints the string as a banner
+
+        Parameter:
+            string: :class:`str`
+                Message to print as banner
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.banner, string))
+            return
+
+        cls.write_line(text2art(string))
+
+    @classmethod
+    def color_reset(cls):
+        r"""Resets the color settings"""
+        cls._background_color = BackgroundColorEnum.default
+        cls._foreground_color = ForegroundColorEnum.default
+
+    @classmethod
+    def clear(cls):
+        r"""Clears the console"""
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.clear))
+            return
+
+        os.system("cls" if os.name == "nt" else "clear")
+
+    @classmethod
+    def close(cls):
+        r"""Closes the application"""
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.close))
+            return
+
+        Console.color_reset()
+        Console.write("\n\n\nPress any key to continue...")
+        Console.read()
+        sys.exit()
+
+    @classmethod
+    def disable(cls):
+        r"""Disables console interaction"""
+        cls._disabled = True
+
+    @classmethod
+    def error(cls, string: str, tb: str = None):
+        r"""Prints an error with traceback
+
+        Parameter:
+            string: :class:`str`
+                Error message
+            tb: :class:`str`
+                Error traceback
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.error, string, tb))
+            return
+
+        cls.set_foreground_color("red")
+        if tb is not None:
+            cls.write_line(f"{string} -> {tb}")
+        else:
+            cls.write_line(string)
+        cls.set_foreground_color("default")
+
+    @classmethod
+    def enable(cls):
+        r"""Enables console interaction"""
+        cls._disabled = False
+
+    @classmethod
+    def read(cls, output: str = None) -> str:
+        r"""Reads in line
+
+        Parameter:
+            output: :class:`str`
+                String to print before input
+
+        Returns:
+            input()
+        """
+        if output is not None and not cls._hold_back:
+            cls.write_line(output)
+
+        return input()
+
+    @classmethod
+    def read_line(cls, output: str = None) -> str:
+        r"""Reads in next line
+
+        Parameter:
+            output: :class:`str`
+                String to print before input
+
+        Returns:
+            input()
+        """
+        if cls._disabled and not cls._hold_back:
+            return ""
+
+        if output is not None:
+            cls.write_line(output)
+
+        cls._output("\n", end="")
+
+        return input()
+
+    @classmethod
+    def table(cls, header: list[str], values: list[list[str]]):
+        r"""Prints a table with header and values
+
+        Parameter:
+            header: List[:class:`str`]
+                Header of the table
+            values: List[List[:class:`str`]]
+                Values of the table
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.table, header, values))
+            return
+
+        table = tabulate(values, headers=header)
+
+        Console.write_line(table)
+        Console.write("\n")
+
+    @classmethod
+    def select(
+        cls,
+        char: str,
+        message: str,
+        options: list[str],
+        header_foreground_color: Union[str, ForegroundColorEnum] = ForegroundColorEnum.default,
+        header_background_color: Union[str, BackgroundColorEnum] = BackgroundColorEnum.default,
+        option_foreground_color: Union[str, ForegroundColorEnum] = ForegroundColorEnum.default,
+        option_background_color: Union[str, BackgroundColorEnum] = BackgroundColorEnum.default,
+        cursor_foreground_color: Union[str, ForegroundColorEnum] = ForegroundColorEnum.default,
+        cursor_background_color: Union[str, BackgroundColorEnum] = BackgroundColorEnum.default,
+    ) -> str:
+        r"""Prints select menu
+
+        Parameter:
+            char: :class:`str`
+                Character to show which element is selected
+            message: :class:`str`
+                Message or header of the selection
+            options: List[:class:`str`]
+                Selectable options
+            header_foreground_color: Union[:class:`str`, :class:`cpl.core.console.foreground_color_enum.ForegroundColorEnum`]
+                Foreground color of the header
+            header_background_color: Union[:class:`str`, :class:`cpl.core.console.background_color_enum.BackgroundColorEnum`]
+                Background color of the header
+            option_foreground_color: Union[:class:`str`, :class:`cpl.core.console.foreground_color_enum.ForegroundColorEnum`]
+                Foreground color of the options
+            option_background_color: Union[:class:`str`, :class:`cpl.core.console.background_color_enum.BackgroundColorEnum`]
+                Background color of the options
+            cursor_foreground_color: Union[:class:`str`, :class:`cpl.core.console.foreground_color_enum.ForegroundColorEnum`]
+                Foreground color of the cursor
+            cursor_background_color: Union[:class:`str`, :class:`cpl.core.console.background_color_enum.BackgroundColorEnum`]
+                Background color of the cursor
+
+        Returns:
+            Selected option as :class:`str`
+        """
+        cls._selected_menu_item_char = char
+        cls.options = options
+        cls._select_menu_items = cls.options
+
+        if option_foreground_color is not None:
+            cls._selected_menu_option_foreground_color = option_foreground_color
+        if option_background_color is not None:
+            cls._selected_menu_option_background_color = option_background_color
+
+        if cursor_foreground_color is not None:
+            cls._selected_menu_cursor_foreground_color = cursor_foreground_color
+        if cursor_background_color is not None:
+            cls._selected_menu_cursor_background_color = cursor_background_color
+
+        Console.set_foreground_color(header_foreground_color)
+        Console.set_background_color(header_background_color)
+        Console.write_line(message, "\n")
+        cls._show_select_menu()
+
+        from pynput import keyboard
+
+        with keyboard.Listener(on_press=cls._select_menu_key_press, suppress=False) as listener:
+            listener.join()
+
+        Console.color_reset()
+        return cls._select_menu_items[cls._selected_menu_item_index]
+
+    @classmethod
+    def spinner(
+        cls,
+        message: str,
+        call: Callable,
+        *args,
+        text_foreground_color: Union[str, ForegroundColorEnum] = None,
+        spinner_foreground_color: Union[str, ForegroundColorEnum] = None,
+        text_background_color: Union[str, BackgroundColorEnum] = None,
+        spinner_background_color: Union[str, BackgroundColorEnum] = None,
+        **kwargs,
+    ) -> any:
+        r"""Shows spinner and calls given function, when function has ended the spinner stops
+
+        Parameter:
+            message: :class:`str`
+                Message of the spinner
+            call: :class:`Callable`
+                Function to call
+            args: :class:`list`
+                Arguments of the function
+            text_foreground_color: Union[:class:`str`, :class:`cpl.core.console.foreground_color_enum.ForegroundColorEnum`]
+                Foreground color of the text
+            spinner_foreground_color: Union[:class:`str`, :class:`cpl.core.console.foreground_color_enum.ForegroundColorEnum`]
+                Foreground color of the spinner
+            text_background_color: Union[:class:`str`, :class:`cpl.core.console.background_color_enum.BackgroundColorEnum`]
+                Background color of the text
+            spinner_background_color: Union[:class:`str`, :class:`cpl.core.console.background_color_enum.BackgroundColorEnum`]
+                Background color of the spinner
+            kwargs: :class:`dict`
+                Keyword arguments of the call
+
+        Returns:
+            Return value of call
+        """
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.spinner, message, call, *args))
+            return
+
+        if text_foreground_color is not None:
+            cls.set_foreground_color(text_foreground_color)
+
+        if text_background_color is not None:
+            cls.set_background_color(text_background_color)
+
+        if type(spinner_foreground_color) is str:
+            spinner_foreground_color = ForegroundColorEnum[spinner_foreground_color]
+
+        if type(spinner_background_color) is str:
+            spinner_background_color = BackgroundColorEnum[spinner_background_color]
+
+        cls.write_line(message)
+        cls.set_hold_back(True)
+        spinner = None
+        if not cls._disabled:
+            spinner = Spinner(len(message), spinner_foreground_color, spinner_background_color)
+            spinner.start()
+
+        return_value = None
+        try:
+            return_value = call(*args, **kwargs)
+        except KeyboardInterrupt:
+            if spinner is not None:
+                spinner.exit()
+            cls.close()
+
+        if spinner is not None:
+            spinner.stop()
+        cls.set_hold_back(False)
+
+        cls.set_foreground_color(ForegroundColorEnum.default)
+        cls.set_background_color(BackgroundColorEnum.default)
+
+        for call in cls._hold_back_calls:
+            call.function(*call.args)
+
+        cls._hold_back_calls = []
+
+        time.sleep(0.1)
+
+        return return_value
+
+    @classmethod
+    def write(cls, *args, end=""):
+        r"""Prints in active line
+
+        Parameter:
+            args: :class:`list`
+                Elements to print
+            end: :class:`str`
+                Last character to print
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.write, *args))
+            return
+
+        string = " ".join(map(str, args))
+        cls._output(string, end=end)
+
+    @classmethod
+    def write_at(cls, x: int, y: int, *args):
+        r"""Prints at given position
+
+        Parameter:
+            x: :class:`int`
+                X coordinate
+            y: :class:`int`
+                Y coordinate
+            args: :class:`list`
+                Elements to print
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.write_at, x, y, *args))
+            return
+
+        string = " ".join(map(str, args))
+        cls._output(string, x, y, end="")
+
+    @classmethod
+    def write_line(cls, *args):
+        r"""Prints to new line
+
+        Parameter:
+            args: :class:`list`
+                Elements to print
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.write_line, *args))
+            return
+
+        string = " ".join(map(str, args))
+        if not cls._is_first_write:
+            cls._output("")
+        cls._output(string, end="")
+
+    @classmethod
+    def write_line_at(cls, x: int, y: int, *args):
+        r"""Prints new line at given position
+
+        Parameter:
+            x: :class:`int`
+                X coordinate
+            y: :class:`int`
+                Y coordinate
+            args: :class:`list`
+                Elements to print
+        """
+        if cls._disabled:
+            return
+
+        if cls._hold_back:
+            cls._hold_back_calls.append(ConsoleCall(cls.write_line_at, x, y, *args))
+            return
+
+        string = " ".join(map(str, args))
+        if not cls._is_first_write:
+            cls._output("", end="")
+        cls._output(string, x, y, end="")

src/cpl-core/cpl/core/console/foreground_color_enum.py

@@ -0,0 +1,13 @@
+from enum import Enum
+
+
+class ForegroundColorEnum(Enum):
+    default = "default"
+    grey = "grey"
+    red = "red"
+    green = "green"
+    yellow = "yellow"
+    blue = "blue"
+    magenta = "magenta"
+    cyan = "cyan"
+    white = "white"

src/cpl-core/cpl/core/ctx/__init__.py

@@ -0,0 +1 @@
+from .user_context import set_user, get_user

src/cpl-core/cpl/core/ctx/user_context.py

@@ -0,0 +1,18 @@
+from contextvars import ContextVar
+from typing import Optional
+
+from cpl.auth.auth_logger import AuthLogger
+from cpl.auth.schema._administration.auth_user import AuthUser
+
+_user_context: ContextVar[Optional[AuthUser]] = ContextVar("user", default=None)
+
+_logger = AuthLogger(__name__)
+
+
+def set_user(user_id: Optional[AuthUser]):
+    _logger.trace("Setting user context", user_id)
+    _user_context.set(user_id)
+
+
+def get_user() -> Optional[AuthUser]:
+    return _user_context.get()

src/cpl-core/cpl/core/environment/__init__.py

@@ -0,0 +1,2 @@
+from .environment_enum import EnvironmentEnum
+from .environment import Environment

src/cpl-core/cpl/core/environment/environment.py

@@ -0,0 +1,68 @@
+import os
+from socket import gethostname
+from typing import Type
+
+from cpl.core.environment.environment_enum import EnvironmentEnum
+from cpl.core.typing import T, D
+from cpl.core.utils.get_value import get_value
+
+
+class Environment:
+    r"""Represents environment of the application
+
+    Parameter:
+        name: :class:`cpl.core.environment.environment_name_enum.EnvironmentNameEnum`
+    """
+
+    @classmethod
+    def get_environment(cls):
+        return cls.get("ENVIRONMENT", str, EnvironmentEnum.production.value)
+
+    @classmethod
+    def set_environment(cls, environment: str):
+        assert environment is not None and environment != "", "environment must not be None or empty"
+        assert environment.lower() in [
+            e.value for e in EnvironmentEnum
+        ], f"environment must be one of {[e.value for e in EnvironmentEnum]}"
+        cls.set("ENVIRONMENT", environment.lower())
+
+    @classmethod
+    def get_app_name(cls) -> str:
+        return cls.get("APP_NAME", str)
+
+    @classmethod
+    def set_app_name(cls, app_name: str):
+        cls.set("APP_NAME", app_name)
+
+    @staticmethod
+    def get_host_name() -> str:
+        return gethostname()
+
+    @staticmethod
+    def get_cwd() -> str:
+        return os.getcwd()
+
+    @staticmethod
+    def set_cwd(working_directory: str):
+        assert working_directory is not None and working_directory != "", "working_directory must not be None or empty"
+
+        os.chdir(working_directory)
+
+    @staticmethod
+    def set(key: str, value: T):
+        assert key is not None and key != "", "key must not be None or empty"
+
+        os.environ[key] = str(value)
+
+    @staticmethod
+    def get(key: str, cast_type: Type[T], default: D = None) -> T | D:
+        """
+        Get an environment variable and cast it to a specified type.
+        :param str key: The name of the environment variable.
+        :param Type[T] cast_type: A callable to cast the variable's value.
+        :param T default: The default value to return if the variable is not found. Defaults to None.The default value to return if the variable is not found. Defaults to None.
+        :return: The casted value, or None if the variable is not found.
+        :rtype: T | D
+        """
+
+        return get_value(dict(os.environ), key, cast_type, default)

src/cpl-core/cpl/core/environment/environment_enum.py

@@ -0,0 +1,8 @@
+from enum import Enum
+
+
+class EnvironmentEnum(Enum):
+    production = "production"
+    staging = "staging"
+    testing = "testing"
+    development = "development"

src/cpl-core/cpl/core/errors.py

@@ -0,0 +1,15 @@
+import traceback
+
+from cpl.core.console import Console
+
+
+def dependency_error(package_name: str, e: ImportError) -> None:
+    Console.error(f"'{package_name}' is required to use this feature. Please install it and try again.")
+    tb = traceback.format_exc()
+    if not tb.startswith("NoneType: None"):
+        Console.write_line("->", tb)
+
+    elif e is not None:
+        Console.write_line("->", str(e))
+
+    exit(1)

src/cpl-core/cpl/core/log/__init__.py

@@ -0,0 +1,4 @@
+from .logger import Logger
+from .logger_abc import LoggerABC
+from .log_level import LogLevel
+from .log_settings import LogSettings

src/cpl-core/cpl/core/log/log_level.py

@@ -0,0 +1,11 @@
+from enum import Enum
+
+
+class LogLevel(Enum):
+    off = "OFF"  # Nothing
+    trace = "TRC"  # Detailed app information's
+    debug = "DEB"  # Detailed app state
+    info = "INF"  # Normal information's
+    warning = "WAR"  # Error that can later be fatal
+    error = "ERR"  # Non fatal error
+    fatal = "FAT"  # Error that cause exit

src/cpl-core/cpl/core/log/log_settings.py

@@ -0,0 +1,18 @@
+from typing import Optional
+
+from cpl.core.configuration.configuration_model_abc import ConfigurationModelABC
+from cpl.core.log.log_level import LogLevel
+
+
+class LogSettings(ConfigurationModelABC):
+
+    def __init__(
+        self,
+        src: Optional[dict] = None,
+    ):
+        ConfigurationModelABC.__init__(self, src, "LOG")
+
+        self.option("path", str, default="logs")
+        self.option("filename", str, default="app.log")
+        self.option("console", LogLevel, default=LogLevel.info)
+        self.option("level", LogLevel, default=LogLevel.info)