arcade-mcp/libs/arcade-serve/arcade_serve/core/auth.py
Sam Partee b6b4cd0a4c
🏗️ Restructure: Multi-Package Architecture + uv Migration (#412)
### Overview
Major restructuring from monolithic `arcade-ai` package to modular
library architecture with standardized uv-based dependency management.

![arcade-ai Monorepo
(2)](https://github.com/user-attachments/assets/25f102b0-bb87-4a04-9701-d227d05664b1)

### New Package Structure
- **`arcade-tdk`** - Lightweight toolkit development kit (core
decorators, auth)
- **`arcade-core`** - Core execution engine and catalog functionality  
- **`arcade-serve`** - FastAPI/MCP server components
- **`arcade-ai`** - Meta package that includes CLI functionality.
Optionally include evals via the `evals` extra. Optionally include all
packages via the `all` extra.

### Key Benefits
- **Lighter Dependencies**: Toolkits now depend only on `arcade-tdk` (~2
deps) vs full `arcade-ai` (~30+ deps)
- **Faster Builds**: uv provides 10-100x faster dependency resolution
and installation
- **Better Modularity**: Clear separation of concerns, consumers import
only what they need
- **Standard Tooling**: Eliminates custom poetry scripts, uses standard
Python packaging

### Migration Impact
- All 20 toolkits converted from poetry → uv with `arcade-tdk`
dependencies plus `arcade-ai[evals]` and `arcade-serve` dev
dependencies. When developing locally, devs should install toolkits via
`make install-local`.
- Modern Python 3.10+ type hints throughout
- Standardized build system with hatchling backend
- Enhanced Makefile with robust toolkit management commands
- Removed `arcade dev` CLI command
- Reduce the number of files created by `arcade new` and add an option
to not generate a tests and evals folder.

This foundation enables faster development cycles and cleaner dependency
chains for the growing toolkit ecosystem.

### Todo After this PR is merged
- [ ] Post-merge workflow(s) (release & publish containers, etc)
- [ ] Release order plan. @EricGustin suggests releasing in the
following order:
    1. `arcade-core` version 0.1.0
    2. `arcade-serve` version 0.1.0 and `arcade-tdk` version 0.1.0
    3. `arcade-ai` version 2.0.0
4. Patch release for all toolkits (all changes in toolkits are internal
refactors)
- [ ] [Update docs](https://github.com/ArcadeAI/docs/pull/318)

---------

Co-authored-by: Eric Gustin <eric@arcade.dev>
Co-authored-by: Eric Gustin <34000337+EricGustin@users.noreply.github.com>
2025-06-11 16:48:17 -07:00

45 lines
1.2 KiB
Python

import logging
from dataclasses import dataclass
from enum import Enum
import jwt
SUPPORTED_TOKEN_VER = "1" # noqa: S105 Possible hardcoded password assigned (false positive)
logger = logging.getLogger(__name__)
@dataclass
class TokenValidationResult:
valid: bool
error: str | None = None
class SigningAlgorithm(str, Enum):
HS256 = "HS256"
def validate_engine_token(worker_secret: str, token: str) -> TokenValidationResult:
try:
payload = jwt.decode(
token,
worker_secret,
algorithms=[SigningAlgorithm.HS256],
verify=True,
audience="worker",
)
except jwt.InvalidSignatureError as e:
logger.warning(
"Invalid signature. Is the Arcade Engine configured with the Worker secret '%s'?",
worker_secret,
)
return TokenValidationResult(valid=False, error=str(e))
except jwt.InvalidTokenError as e:
return TokenValidationResult(valid=False, error=str(e))
token_ver = payload.get("ver")
if token_ver != SUPPORTED_TOKEN_VER:
return TokenValidationResult(valid=False, error=f"Unsupported token version: {token_ver}")
return TokenValidationResult(valid=True)