Metadata-Version: 2.4
Name: saastore-fastapi
Version: 0.1.0
Summary: FastAPI SDK adapter for saastore HMAC-signed identity headers
Project-URL: Homepage, https://saastore.ai
Author: saastore.ai
License: MIT
License-File: LICENSE
Keywords: auth,fastapi,hmac,identity,saastore
Classifier: Development Status :: 3 - Alpha
Classifier: Framework :: FastAPI
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.10
Requires-Dist: fastapi>=0.100
Provides-Extra: test
Requires-Dist: httpx>=0.25; extra == 'test'
Requires-Dist: pytest>=7; extra == 'test'
Description-Content-Type: text/markdown

# saastore-fastapi

FastAPI dependency that authenticates incoming requests via HMAC-signed
identity headers issued by the saastore edge proxy.

## Install

```bash
pip install saastore-fastapi
```

## Use

```python
from fastapi import Depends, FastAPI
from saastore_fastapi import SaastoreUser, saastore_user

app = FastAPI()

@app.get("/dashboard")
def dashboard(user: SaastoreUser = Depends(saastore_user)):
    return {"email": user.email, "plan": user.plan}
```

## Environment

| Variable | Required | Description |
|---|---|---|
| `SAASTORE_HMAC_SECRET` | Yes | Provided by saastore at container provision time. 64-character hex string. |

## What this rejects

- Missing identity headers — 401
- Bad signature — 401
- Timestamp more than 5 minutes off the container's clock — 401 (configurable freshness window in `verify.py`)
- `SAASTORE_HMAC_SECRET` env var unset — 500 (config error, not auth)

## Wire format

See `docs/superpowers/specs/2026-05-22-hosted-apps-poc-design.md` section 5 in the saastore monorepo. The canonical signature string is `user_id|email|plan|timestamp`, signed with HMAC-SHA256 and hex-encoded.

## Development

From the monorepo root:

```bash
cd sdks/saastore-fastapi
uv run --with fastapi --with httpx --with pytest pytest -v
```

## License

MIT
