Nexom 0.1.3__py3-none-any.whl → 1.0.1__py3-none-any.whl

nexom/__init__.py

@@ -7,8 +7,8 @@ WSGI-based web applications with minimal overhead.
 
 from __future__ import annotations
 
-from nexom.web.request import Request
-from nexom.web.response import Response
+from nexom.app.request import Request
+from nexom.app.response import Response
 
 __all__ = [
     "Request",

nexom/__main__.py

@@ -4,13 +4,18 @@ import argparse
 import sys
 from pathlib import Path
 
-from nexom.buildTools.build import server as build_server
-from nexom.buildTools.build import ServerBuildOptions
+from nexom.buildTools.build import (
+    create_app,
+    create_auth,
+    start_project,
+    AppBuildOptions,
+)
+from nexom.buildTools.run import run_project
 
 
 def main(argv: list[str] | None = None) -> None:
     parser = argparse.ArgumentParser(
-        prog="nexom",
+        prog="naxom",
         description="Nexom Web Framework CLI",
     )
     subparsers = parser.add_subparsers(dest="command", required=True)
@@ -18,21 +23,63 @@ def main(argv: list[str] | None = None) -> None:
     # test
     subparsers.add_parser("test", help="Test Nexom installation")
 
-    # build-server
-    p = subparsers.add_parser(
-        "build-server",
-        help="Create a Nexom server project",
+    # run
+    pr = subparsers.add_parser("run", help="Run WSGI apps found in the current project directory")
+    pr.add_argument("apps", nargs="*", help="App directory names to run (default: all detected apps)")
+    pr.add_argument("--root", default=".", help="Project root directory (default: .)")
+    pr.add_argument("--dry-run", action="store_true", help="Print commands only (do not start processes)")
+
+    # start-project
+    sp = subparsers.add_parser(
+        "start-project",
+        help="Initialize a Nexom project in the current directory (creates app/auth/data[/gateway])",
     )
-    p.add_argument("server_name", help="Server project name")
-    p.add_argument(
-        "--out",
-        default=".",
-        help="Output directory (default: current directory)",
+    sp.add_argument("--root", default=".", help="Project root directory (default: .)")
+    sp.add_argument("--main-name", default="app", help="Main app directory name (default: app)")
+    sp.add_argument("--auth-name", default="auth", help="Auth app directory name (default: auth)")
+    sp.add_argument(
+        "--gateway",
+        choices=["none", "nginx", "apache"],
+        default="none",
+        help="Create gateway/ and put a template config (default: none)",
     )
+    sp.add_argument("--domain", default="", help="Domain for gateway template (default: placeholder text)")
+
+    # ports etc (main)
+    sp.add_argument("--address", default="0.0.0.0", help="Bind address for main app (default: 0.0.0.0)")
+    sp.add_argument("--port", type=int, default=8080, help="Bind port for main app (default: 8080)")
+    sp.add_argument("--workers", type=int, default=4, help="Gunicorn workers for main app (default: 4)")
+    sp.add_argument("--reload", action="store_true", help="Enable auto-reload for main app (development)")
+
+    # ports etc (auth)
+    sp.add_argument("--auth-address", default="127.0.0.1", help="Bind address for auth app (default: 0.0.0.0)")
+    sp.add_argument("--auth-port", type=int, default=7070, help="Bind port for auth app (default: 7070)")
+    sp.add_argument("--auth-workers", type=int, default=4, help="Gunicorn workers for auth app (default: 4)")
+    sp.add_argument("--auth-reload", action="store_true", help="Enable auto-reload for auth app (development)")
+
+    # create-auth
+    pa = subparsers.add_parser("create-auth", help="Create a Nexom auth app project")
+    pa.add_argument("--out", default=".", help="Output directory (default: current directory)")
+    pa.add_argument("--address", default="0.0.0.0", help="Bind address (default: 0.0.0.0)")
+    pa.add_argument("--port", type=int, default=7070, help="Bind port (default: 7070)")
+    pa.add_argument("--workers", type=int, default=4, help="Gunicorn workers (default: 4)")
+    pa.add_argument("--reload", action="store_true", help="Enable auto-reload (development)")
+
+    # create-app
+    p = subparsers.add_parser("create-app", help="Create a Nexom app project")
+    p.add_argument("app_name", help="App project name")
+    p.add_argument("--out", default=".", help="Output directory (default: current directory)")
     p.add_argument("--address", default="0.0.0.0", help="Bind address (default: 0.0.0.0)")
     p.add_argument("--port", type=int, default=8080, help="Bind port (default: 8080)")
     p.add_argument("--workers", type=int, default=4, help="Gunicorn workers (default: 4)")
     p.add_argument("--reload", action="store_true", help="Enable auto-reload (development)")
+    p.add_argument(
+        "--gateway-config",
+        choices=["nginx", "apache"],
+        default="",
+        help="If gateway/ exists, write a config template for this app (nginx/apache)",
+    )
+    p.add_argument("--domain", default="", help="Domain for gateway template (default: placeholder text)")
 
     args = parser.parse_args(argv)
 
@@ -40,22 +87,69 @@ def main(argv: list[str] | None = None) -> None:
         print("Hello Nexom Web Framework!")
         return
 
-    if args.command == "build-server":
-        options = ServerBuildOptions(
+    if args.command == "run":
+        run_project(Path(args.root), list(args.apps), dry_run=bool(args.dry_run))
+        return
+
+    if args.command == "start-project":
+        main_opt = AppBuildOptions(
+            address=args.address,
+            port=args.port,
+            workers=args.workers,
+            reload=args.reload,
+        )
+        auth_opt = AppBuildOptions(
+            address=args.auth_address,
+            port=args.auth_port,
+            workers=args.auth_workers,
+            reload=args.auth_reload,
+        )
+        out = start_project(
+            project_root=Path(args.root),
+            main_name=args.main_name,
+            auth_name=args.auth_name,
+            main_options=main_opt,
+            auth_options=auth_opt,
+            gateway=args.gateway,
+            domain=args.domain,
+        )
+        print(f"Initialized Nexom project at: {out}")
+        return
+
+    if args.command == "create-app":
+        options = AppBuildOptions(
+            address=args.address,
+            port=args.port,
+            workers=args.workers,
+            reload=args.reload,
+        )
+        out_dir = create_app(
+            Path(args.out),
+            args.app_name,
+            options=options,
+            gateway_config=(args.gateway_config or None),
+            domain=args.domain,
+        )
+        print(f"Created Nexom app project at: {out_dir}")
+        return
+
+    if args.command == "create-auth":
+        options = AppBuildOptions(
             address=args.address,
             port=args.port,
             workers=args.workers,
             reload=args.reload,
         )
-        out_dir = build_server(Path(args.out), args.server_name, options=options)
-        print(f"Created Nexom server project at: {out_dir}")
+        out_dir = create_auth(Path(args.out), options=options)
+        print(f"Created Nexom auth app project at: {out_dir}")
         return
 
 
 if __name__ == "__main__":
     try:
         main()
+    except KeyboardInterrupt:
+        sys.exit(130)
     except Exception as e:
-        # CLI では stacktrace よりまずメッセージ優先（必要なら後で --verbose とか足す）
         print(f"Error: {e}", file=sys.stderr)
         sys.exit(1)

nexom/app/__init__.py

@@ -0,0 +1,62 @@
+"""
+Nexom application layer public API.
+
+This module exposes the stable interfaces intended for application developers.
+Internal implementation details should NOT be imported directly.
+"""
+
+# ---- Request / Response ----
+from .request import Request
+from .response import (
+    Response,
+    HtmlResponse,
+    JsonResponse,
+    Redirect,
+    ErrorResponse,
+)
+
+# ---- Routing ----
+from .path import Path, Static, Pathlib
+
+# ---- Cookie ----
+from .cookie import Cookie, RequestCookies
+
+# ---- Templates ----
+from .template import ObjectHTMLTemplates
+
+# ---- Auth ----
+from .auth import AuthService, AuthClient
+
+# ---- Middleware ----
+from .middleware import Middleware, MiddlewareChain
+
+
+__all__ = [
+    # request / response
+    "Request",
+    "Response",
+    "HtmlResponse",
+    "JsonResponse",
+    "Redirect",
+    "ErrorResponse",
+
+    # routing
+    "Path",
+    "Static",
+    "Pathlib",
+
+    # cookie
+    "Cookie",
+    "RequestCookies",
+
+    # templates
+    "ObjectHTMLTemplates",
+
+    # auth
+    "AuthService",
+    "AuthVerify",
+
+    # middleware
+    "Middleware",
+    "MiddlewareChain",
+]

nexom/app/auth.py

@@ -0,0 +1,322 @@
+# src/nexom/app/auth.py
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Optional, override
+import secrets
+import time
+import hashlib
+import hmac
+import json
+from urllib.request import Request as UrlRequest, urlopen
+from urllib.error import URLError, HTTPError
+
+from .request import Request
+from .response import JsonResponse
+from .db import DatabaseManager
+from .path import Path, Pathlib
+from ..core.log import AuthLogger
+
+from ..core.error import (
+    NexomError,
+    AuthMissingFieldError,
+    AuthInvalidCredentialsError,
+    AuthUserDisabledError,
+    AuthTokenInvalidError,
+)
+
+
+# --------------------
+# utils
+# --------------------
+
+def _now() -> int:
+    return int(time.time())
+
+def _rand(nbytes: int = 24) -> str:
+    return secrets.token_urlsafe(nbytes)
+
+def _make_salt(nbytes: int = 16) -> str:
+    return secrets.token_hex(nbytes)
+
+def _hash_password(password: str, salt_hex: str) -> str:
+    salt = bytes.fromhex(salt_hex)
+    dk = hashlib.pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 200_000)
+    return dk.hex()
+
+def _token_hash(token: str) -> str:
+    return hashlib.sha256(token.encode("utf-8")).hexdigest()
+
+# --------------------
+# models (internal)
+# --------------------
+
+@dataclass
+class Session:
+    sid: str
+    uid: str
+    user_id: str
+    token: str
+    expires_at: int
+    revoked_at: int | None
+    user_agent: str | None
+
+# --------------------
+# AuthService (API only)
+# --------------------
+
+class AuthService:
+    """
+    Auth API service (JSON only).
+    """
+
+    def __init__(self, db_path: str, log_path: str, *, ttl_sec: int = 60 * 60 * 24 * 7, prefix: str = "") -> None:
+        self.dbm = AuthDBM(db_path)
+        self.ttl_sec = ttl_sec
+
+        p = prefix.strip("/")
+        def _p(x: str) -> str:
+            return f"{p}/{x}".strip("/") if p else x
+
+        self.routing = Pathlib(
+            Path(_p("signup"), self.signup, "AuthSignup"),
+            Path(_p("login"), self.login, "AuthLogin"),
+            Path(_p("logout"), self.logout, "AuthLogout"),
+            Path(_p("verify"), self.verify, "AuthVerify"),
+        )
+
+        self.logger = AuthLogger(log_path)
+
+    def handler(self, environ: dict) -> JsonResponse:
+        req = Request(environ)
+        try:
+            route = self.routing.get(req.path)
+            return route.call_handler(req)
+        except NexomError as e:
+            return JsonResponse({"ok": False, "error": e.code}, status=400)
+        except Exception:
+            return JsonResponse({"ok": False, "error": "InternalError"}, status=500)
+
+    # ---- handlers ----
+
+    def signup(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False}, status=405)
+
+        data = request.json() or {}
+        self.dbm.signup(
+            user_id=str(data.get("user_id") or "").strip(),
+            public_name=str(data.get("public_name") or "").strip(),
+            password=str(data.get("password") or ""),
+        )
+        return JsonResponse({"ok": True}, status=201)
+
+    def login(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False}, status=405)
+
+        data = request.json() or {}
+        sess = self.dbm.login(
+            str(data.get("user_id") or "").strip(),
+            str(data.get("password") or ""),
+            user_agent=request.headers.get("user-agent"),
+            ttl_sec=self.ttl_sec,
+        )
+
+        return JsonResponse({
+            "ok": True,
+            "user_id": sess.user_id,
+            "token": sess.token,
+            "expires_at": sess.expires_at,
+        })
+
+    def logout(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False}, status=405)
+
+        token = str((request.json() or {}).get("token") or "")
+        if token:
+            self.dbm.logout(token)
+        return JsonResponse({"ok": True})
+
+    def verify(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False}, status=405)
+
+        token = str((request.json() or {}).get("token") or "")
+        sess = self.dbm.verify(token)
+        if not sess:
+            return JsonResponse({"active": False})
+
+        return JsonResponse({
+            "active": True,
+            "user_id": sess.user_id,
+            "expires_at": sess.expires_at,
+        })
+
+# --------------------
+# AuthClient (App側)
+# --------------------
+
+class AuthClient:
+    """AuthService を HTTP で叩くクライアント"""
+
+    def __init__(self, auth_url: str, *, timeout: float = 3.0) -> None:
+        base = auth_url.rstrip("/")
+        self.signup_url = base + "/signup"
+        self.login_url = base + "/login"
+        self.logout_url = base + "/logout"
+        self.verify_url = base + "/verify"
+        self.timeout = timeout
+
+    def _post(self, url: str, body: dict) -> dict:
+        payload = json.dumps(body).encode("utf-8")
+        req = UrlRequest(
+            url,
+            data=payload,
+            headers={"Content-Type": "application/json"},
+            method="POST",
+        )
+        try:
+            with urlopen(req, timeout=self.timeout) as r:
+                data = json.loads(r.read().decode("utf-8"))
+        except (HTTPError, URLError, json.JSONDecodeError) as e:
+            print(str(e))
+            raise AuthTokenInvalidError()
+        return data
+
+    def signup(self, *, user_id: str, public_name: str, password: str) -> bool:
+        return bool(self._post(self.signup_url, {
+            "user_id": user_id,
+            "public_name": public_name,
+            "password": password,
+        }).get("ok"))
+
+    def login(self, *, user_id: str, password: str) -> tuple[str, str, int]:
+        d = self._post(self.login_url, {"user_id": user_id, "password": password})
+        return d["token"], d["user_id"], d["expires_at"]
+
+    def verify_token(self, *, token: str) -> tuple[bool, Optional[str], Optional[int]]:
+        d = self._post(self.verify_url, {"token": token})
+        if not d.get("active"):
+            return False, None, None
+        return True, d["user_id"], d["expires_at"]
+
+    def logout(self, *, token: str) -> bool:
+        return bool(self._post(self.logout_url, {"token": token}).get("ok"))
+
+# --------------------
+# DB
+# --------------------
+
+class AuthDBM(DatabaseManager):
+    @override
+    def _init(self) -> None:
+        self.execute_many(
+            [
+                (
+                    """
+                    CREATE TABLE IF NOT EXISTS users (
+                        uid TEXT PRIMARY KEY,
+                        user_id TEXT UNIQUE NOT NULL,
+                        public_name TEXT NOT NULL,
+                        password_hash TEXT NOT NULL,
+                        password_salt TEXT NOT NULL,
+                        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                        is_active INTEGER NOT NULL DEFAULT 1
+                    );
+                    """,
+                    (),
+                ),
+                (
+                    """
+                    CREATE TABLE IF NOT EXISTS sessions (
+                        sid TEXT PRIMARY KEY,
+                        uid TEXT NOT NULL REFERENCES users(uid),
+                        token_hash TEXT UNIQUE NOT NULL,
+                        expires_at INTEGER NOT NULL,
+                        revoked_at INTEGER,
+                        user_agent TEXT
+                    );
+                    """,
+                    (),
+                )
+            ]
+        )
+
+    def signup(self, user_id: str, public_name: str, password: str) -> None:
+        if not user_id:
+            raise AuthMissingFieldError("user_id")
+        if not public_name:
+            raise AuthMissingFieldError("public_name")
+        if not password:
+            raise AuthMissingFieldError("password")
+
+        salt = _make_salt()
+        self.execute(
+            "INSERT INTO users VALUES(?,?,?,?,?,?,?)",
+            _rand(),
+            user_id,
+            public_name,
+            _hash_password(password, salt),
+            salt,
+            None,
+            1,
+        )
+
+    def login(self, user_id: str, password: str, *, user_agent: str | None, ttl_sec: int) -> Session:
+        rows = self.execute(
+            "SELECT uid, user_id, password_hash, password_salt, is_active FROM users WHERE user_id=?",
+            user_id,
+        )
+        if not rows:
+            raise AuthInvalidCredentialsError()
+
+        uid, uid_text, pw_hash, salt, active = rows[0]
+        if not active:
+            raise AuthUserDisabledError()
+        if not hmac.compare_digest(_hash_password(password, salt), pw_hash):
+            raise AuthInvalidCredentialsError()
+
+        token = _rand()
+        exp = _now() + ttl_sec
+
+        self.execute(
+            "INSERT INTO sessions VALUES(?,?,?,?,?,?)",
+            _rand(),
+            uid,
+            _token_hash(token),
+            exp,
+            None,
+            user_agent,
+        )
+
+        return Session("", uid, uid_text, token, exp, None, user_agent)
+
+    def logout(self, token: str) -> None:
+        self.execute(
+            "UPDATE sessions SET revoked_at=? WHERE token_hash=?",
+            _now(),
+            _token_hash(token),
+        )
+
+    def verify(self, token: str | None) -> Session | None:
+        if not token:
+            return None
+
+        rows = self.execute(
+            """
+            SELECT s.sid, s.uid, u.user_id, s.expires_at, s.revoked_at, s.user_agent
+            FROM sessions s JOIN users u ON u.uid=s.uid
+            WHERE s.token_hash=?
+            """,
+            _token_hash(token),
+        )
+        if not rows:
+            return None
+
+        sid, uid, user_id, exp, rev, ua = rows[0]
+        if rev or exp <= _now():
+            return None
+
+        return Session(sid, uid, user_id, token, exp, None, ua)

nexom/{web → app}/cookie.py

@@ -69,5 +69,7 @@ class RequestCookies(dict[str, str | None]):
         super().__init__(kwargs)
         self.default: str | None = None
 
-    def get(self, key: str) -> str | None:
-        return super().get(key, self.default)
+    def get(self, key: str, default: str | None = None) -> str | None:
+        if default is None:
+            default = self.default
+        return super().get(key, default)

nexom/app/db.py

@@ -0,0 +1,88 @@
+from __future__ import annotations
+
+from typing import Any, Iterable
+from sqlite3 import connect, Connection, Cursor, Error
+
+from ..core.error import DBMConnectionInvalidError, DBError
+
+
+class DatabaseManager:
+    def __init__(self, db_file: str, auto_commit: bool = True):
+        self.db_file: str = db_file
+        self.auto_commit: bool = auto_commit
+
+        self._conn: Connection | None = None
+        self._cursor: Cursor | None = None
+
+        self.start_connection(auto_commit=auto_commit)
+        self._init()
+
+    def _init(self) -> None:
+        "for override"
+        ...
+
+    def start_connection(self, auto_commit: bool = True) -> None:
+        try:
+            self.auto_commit = auto_commit
+            self._conn = connect(self.db_file)
+            self._cursor = self._conn.cursor()
+
+            # ---- SQLite safety / performance defaults ----
+            # foreign keys are OFF by default in SQLite
+            self._cursor.execute("PRAGMA foreign_keys = ON")
+            # better concurrency
+            self._cursor.execute("PRAGMA journal_mode = WAL")
+            # avoid immediate 'database is locked'
+            self._cursor.execute("PRAGMA busy_timeout = 3000")
+            # reasonable durability vs speed (WAL推奨とセット)
+            self._cursor.execute("PRAGMA synchronous = NORMAL")
+
+            self.commit()
+        except Error as e:
+            raise DBMConnectionInvalidError(str(e))
+
+    def rip_connection(self) -> None:
+        if self._conn is None:
+            raise DBMConnectionInvalidError()
+        self._conn.close()
+        self._conn = None
+        self._cursor = None
+
+    def commit(self) -> None:
+        if self._conn is None or self._cursor is None:
+            raise DBMConnectionInvalidError()
+        self._conn.commit()
+
+    # ---- new canonical names ----
+
+    def execute(self, sql: str, *args: Any) -> list[tuple] | None:
+        if self._conn is None or self._cursor is None:
+            raise DBMConnectionInvalidError()
+
+        try:
+            self._cursor.execute(sql, tuple(args))
+            if self.auto_commit:
+                self._conn.commit()
+
+            if sql.lstrip().upper().startswith("SELECT"):
+                return self._cursor.fetchall()
+            return None
+
+        except Error as e:
+            self._conn.rollback()
+            raise DBError(str(e))
+
+    def execute_many(self, sql_inserts: Iterable[ list[ tuple[str, tuple] ] ]) -> None:
+        if self._conn is None or self._cursor is None:
+            raise DBMConnectionInvalidError()
+
+        try:
+            for sql, values in sql_inserts:
+                self._cursor.execute(sql, values)
+
+            if self.auto_commit:
+                self._conn.commit()
+
+        except Error as e:
+            self._conn.rollback()
+            raise DBError(str(e))