o tBh[@sddlZddlZddlZddlmZmZddlmZddlm Z m Z m Z m Z zddl Z Wn ey5YnwedZGdddeZGdd d eZGd d d eZGd d d eZdS)N)ABCabstractmethod) b64encode)AnyCallableDictOptionalzgql.transport.appsyncc @sXeZdZdZdedefddZe d deedeeee fdeee ffd d Z dS) AppSyncAuthenticationzAWS authentication abstract base class All AWS authentication class should have a :meth:`get_headers ` method which defines the headers used in the authentication process.urlreturncCsF|}ttj|dd}|dddd}|d|dS) z :return: a url with base64 encoded headers used to establish a websocket connection to the appsync-realtime-api. ),:) separatorshttps://zwss:// appsync-apiappsync-realtime-apiz?header=z &payload=e30=) get_headersrjsondumpsencodedecodereplace)selfr headersencoded_headersurl_baserq/var/www/html/riverr-enterprise-integrations-main/venv/lib/python3.10/site-packages/gql/transport/appsync_auth.py get_auth_urls z"AppSyncAuthentication.get_auth_urlNdatarcCst)N)NotImplementedErrorrrrrrrr)sz!AppSyncAuthentication.get_headersNN) __name__ __module__ __qualname____doc__strrrrrrrrrrrr s r c @XeZdZdZdededdfddZ d deed eeeefdeeeffd d Z dS) AppSyncApiKeyAuthenticationz)AWS authentication class using an API keyhostapi_keyr NcC|dd|_||_dS)z :param host: the host, something like: XXXXXXXXXXXXXXXXXXXXXXXXXX.appsync-api.REGION.amazonaws.com :param api_key: the API key rrN)r_hostr+)rr*r+rrr__init__3 z$AppSyncApiKeyAuthentication.__init__rrcC|j|jdS)N)r*z x-api-key)r-r+r!rrrr<z'AppSyncApiKeyAuthentication.get_headersr" r#r$r%r&r'r.rrrrrrrrr)0s  r)c @r() AppSyncJWTAuthenticationzAWS authentication class using a JWT access token. It can be used either for: - Amazon Cognito user pools - OpenID Connect (OIDC) r*jwtr NcCr,)z :param host: the host, something like: XXXXXXXXXXXXXXXXXXXXXXXXXX.appsync-api.REGION.amazonaws.com :param jwt: the JWT Access Token rrN)rr-r4)rr*r4rrrr.Jr/z!AppSyncJWTAuthentication.__init__rrcCr0)N)r* Authorization)r-r4r!rrrrSr1z$AppSyncJWTAuthentication.get_headersr"r2rrrrr3Bs  r3c@seZdZdZ     ddedeededdeeeeefgdfd ed d ed d dfddZ ddZ ddeedeeeefd eeeffddZ dS)AppSyncIAMAuthenticationaAWS authentication class using IAM. .. note:: There is no need for you to use this class directly, you could instead intantiate the :class:`gql.transport.appsync.AppSyncWebsocketsTransport` without an auth argument. During initialization, this class will use botocore to attempt to find your IAM credentials, either from environment variables or from your AWS credentials file. Nr* region_namesignerzbotocore.auth.BaseSignerrequest_creatorzbotocore.awsrequest.AWSRequest credentialsz botocore.credentials.Credentialssessionzbotocore.session.Sessionr c Csddlm}ddlm}ddlm} |dd|_|r|n| |_|r%|n|j |_ d|_ |p3| |_ |r9|n||j |j |j |_|rJ||_dS||_dS) zInitialize itself, saving the found credentials used to sign the headers later. if no credentials are found, then a NoCredentialsError is raised. r) SigV4Auth)create_request_object) get_sessionrrappsyncN) botocore.authr<botocore.awsrequestr=botocore.sessionr>rr-_sessionget_credentials _credentials _service_name_detect_region_name _region_name_signer_request_creator) rr*r7r8r9r:r;r<r=r>rrrr.fs"   z!AppSyncIAMAuthentication.__init__cCstddlm}td|j}|r|d}td|ntd|j d|j }|dur8t d||S)a_Try to detect the correct region_name. First try to extract the region_name from the host. If that does not work, then try to get the region_name from the aws configuration (~/.aws/config file) or the AWS_DEFAULT_REGION environment variable. If no region_name was found, then raise a NoRegionError exception.r) NoRegionErrorz8appsync-api\.((?![0-9]+$)(?!-)[a-zA-Z0-9-]{,63}(?s