Nexom 1.0.3__py3-none-any.whl → 1.0.5__py3-none-any.whl

nexom/app/__init__.py

@@ -16,7 +16,7 @@ from .response import (
 )
 
 # ---- Routing ----
-from .path import Path, Static, Pathlib
+from .path import Path, Static, Router
 
 # ---- Cookie ----
 from .cookie import Cookie, RequestCookies

nexom/app/auth.py

@@ -8,24 +8,36 @@ import time
 import hashlib
 import hmac
 import json
+import sqlite3
 from urllib.request import Request as UrlRequest, urlopen
 from urllib.error import URLError, HTTPError
 
 from .request import Request
 from .response import JsonResponse
 from .db import DatabaseManager
-from .path import Path, Pathlib
+from .path import Path, Router
 from ..core.log import AuthLogger
 
 from ..core.error import (
     NexomError,
-    AuthMissingFieldError,
-    AuthInvalidCredentialsError,
-    AuthUserDisabledError,
-    AuthTokenInvalidError,
+    AuthMissingFieldError,          # A01
+    AuthUserIdAlreadyExistsError,   # A02
+    AuthInvalidCredentialsError,    # A03
+    AuthUserDisabledError,          # A04
+    AuthTokenMissingError,          # A05
+    AuthTokenInvalidError,          # A06
+    AuthTokenExpiredError,          # A07
+    AuthTokenRevokedError,          # A08
+    AuthServiceUnavailableError,    # A09
+    _status_for_auth_error,
+
+    DBError,
+    DBMConnectionInvalidError,
+    DBOperationalError,
+    DBIntegrityError,
+    DBProgrammingError,
 )
 
-
 # --------------------
 # utils
 # --------------------
@@ -33,20 +45,32 @@ from ..core.error import (
 def _now() -> int:
     return int(time.time())
 
+
 def _rand(nbytes: int = 24) -> str:
     return secrets.token_urlsafe(nbytes)
 
+
 def _make_salt(nbytes: int = 16) -> str:
     return secrets.token_hex(nbytes)
 
+
 def _hash_password(password: str, salt_hex: str) -> str:
     salt = bytes.fromhex(salt_hex)
     dk = hashlib.pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 200_000)
     return dk.hex()
 
+
 def _token_hash(token: str) -> str:
     return hashlib.sha256(token.encode("utf-8")).hexdigest()
 
+
+# --------------------
+# variables (internal)
+# --------------------
+
+KEY_NAME = "_nxt"
+
+
 # --------------------
 # models (internal)
 # --------------------
@@ -61,6 +85,7 @@ class Session:
     revoked_at: int | None
     user_agent: str | None
 
+
 # --------------------
 # AuthService (API only)
 # --------------------
@@ -70,15 +95,23 @@ class AuthService:
     Auth API service (JSON only).
     """
 
-    def __init__(self, db_path: str, log_path: str, *, ttl_sec: int = 60 * 60 * 24 * 7, prefix: str = "") -> None:
+    def __init__(
+        self,
+        db_path: str,
+        log_path: str,
+        *,
+        ttl_sec: int = 60 * 60 * 24 * 7,
+        prefix: str = "",
+    ) -> None:
         self.dbm = AuthDBM(db_path)
         self.ttl_sec = ttl_sec
 
         p = prefix.strip("/")
+
         def _p(x: str) -> str:
             return f"{p}/{x}".strip("/") if p else x
 
-        self.routing = Pathlib(
+        self.routing = Router(
             Path(_p("signup"), self.signup, "AuthSignup"),
             Path(_p("login"), self.login, "AuthLogin"),
             Path(_p("logout"), self.logout, "AuthLogout"),
@@ -92,8 +125,12 @@ class AuthService:
         try:
             route = self.routing.get(req.path)
             return route.call_handler(req)
+
         except NexomError as e:
-            return JsonResponse({"ok": False, "error": e.code}, status=400)
+            # error code -> proper HTTP status
+            status = _status_for_auth_error(e.code)
+            return JsonResponse({"ok": False, "error": e.code}, status=status)
+
         except Exception:
             return JsonResponse({"ok": False, "error": "InternalError"}, status=500)
 
@@ -101,38 +138,43 @@ class AuthService:
 
     def signup(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
         if request.method != "POST":
-            return JsonResponse({"ok": False}, status=405)
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
 
         data = request.json() or {}
-        self.dbm.signup(
-            user_id=str(data.get("user_id") or "").strip(),
-            public_name=str(data.get("public_name") or "").strip(),
-            password=str(data.get("password") or ""),
-        )
+        user_id = str(data.get("user_id") or "").strip()
+        public_name = str(data.get("public_name") or "").strip()
+        password = str(data.get("password") or "")
+
+        self.dbm.signup(user_id=user_id, public_name=public_name, password=password)
         return JsonResponse({"ok": True}, status=201)
 
     def login(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
         if request.method != "POST":
-            return JsonResponse({"ok": False}, status=405)
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
 
         data = request.json() or {}
+        user_id = str(data.get("user_id") or "").strip()
+        password = str(data.get("password") or "")
+
         sess = self.dbm.login(
-            str(data.get("user_id") or "").strip(),
-            str(data.get("password") or ""),
+            user_id,
+            password,
             user_agent=request.headers.get("user-agent"),
             ttl_sec=self.ttl_sec,
         )
 
-        return JsonResponse({
-            "ok": True,
-            "user_id": sess.user_id,
-            "token": sess.token,
-            "expires_at": sess.expires_at,
-        })
+        return JsonResponse(
+            {
+                "ok": True,
+                "user_id": sess.user_id,
+                "token": sess.token,
+                "expires_at": sess.expires_at,
+            }
+        )
 
     def logout(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
         if request.method != "POST":
-            return JsonResponse({"ok": False}, status=405)
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
 
         token = str((request.json() or {}).get("token") or "")
         if token:
@@ -141,18 +183,22 @@ class AuthService:
 
     def verify(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
         if request.method != "POST":
-            return JsonResponse({"ok": False}, status=405)
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
 
         token = str((request.json() or {}).get("token") or "")
         sess = self.dbm.verify(token)
         if not sess:
-            return JsonResponse({"active": False})
+            return JsonResponse({"active": False}, status=200)
+
+        return JsonResponse(
+            {
+                "active": True,
+                "user_id": sess.user_id,
+                "expires_at": sess.expires_at,
+            },
+            status=200,
+        )
 
-        return JsonResponse({
-            "active": True,
-            "user_id": sess.user_id,
-            "expires_at": sess.expires_at,
-        })
 
 # --------------------
 # AuthClient (App側)
@@ -170,48 +216,97 @@ class AuthClient:
         self.timeout = timeout
 
     def _post(self, url: str, body: dict) -> dict:
-        payload = json.dumps(body).encode("utf-8")
+        payload = json.dumps(body, ensure_ascii=False).encode("utf-8")
         req = UrlRequest(
             url,
             data=payload,
-            headers={"Content-Type": "application/json"},
+            headers={
+                "Content-Type": "application/json; charset=utf-8",
+                "Accept": "application/json",
+            },
             method="POST",
         )
+
         try:
             with urlopen(req, timeout=self.timeout) as r:
-                data = json.loads(r.read().decode("utf-8"))
-        except (HTTPError, URLError, json.JSONDecodeError) as e:
-            print(str(e))
-            raise AuthTokenInvalidError()
-        return data
-
-    def signup(self, *, user_id: str, public_name: str, password: str) -> bool:
-        return bool(self._post(self.signup_url, {
-            "user_id": user_id,
-            "public_name": public_name,
-            "password": password,
-        }).get("ok"))
+                raw = r.read()
+                text = raw.decode("utf-8", errors="replace")
+                return json.loads(text) if text else {}
+
+        except HTTPError as e:
+            try:
+                raw = e.read()
+                text = raw.decode("utf-8", errors="replace")
+                return json.loads(text) if text else {"ok": False, "error": f"HTTP_{e.code}"}
+            except Exception:
+                return {"ok": False, "error": f"HTTP_{e.code}"}
+
+        except (URLError, TimeoutError):
+            raise AuthServiceUnavailableError()
+
+        except json.JSONDecodeError:
+            raise AuthServiceUnavailableError()
+
+    def signup(self, *, user_id: str, public_name: str, password: str) -> None:
+        d = self._post(
+            self.signup_url,
+            {"user_id": user_id, "public_name": public_name, "password": password},
+        )
+        if d.get("ok"):
+            return 
+        self._raise_from_error_code(str(d.get("error") or ""))
 
     def login(self, *, user_id: str, password: str) -> tuple[str, str, int]:
         d = self._post(self.login_url, {"user_id": user_id, "password": password})
-        return d["token"], d["user_id"], d["expires_at"]
+        if not d.get("ok"):
+            self._raise_from_error_code(str(d.get("error") or ""))
+
+        return str(d["token"]), str(d["user_id"]), int(d["expires_at"])
 
     def verify_token(self, *, token: str) -> tuple[bool, Optional[str], Optional[int]]:
         d = self._post(self.verify_url, {"token": token})
-        if not d.get("active"):
-            return False, None, None
-        return True, d["user_id"], d["expires_at"]
 
-    def logout(self, *, token: str) -> bool:
-        return bool(self._post(self.logout_url, {"token": token}).get("ok"))
+        if d.get("active") is True:
+            return True, str(d["user_id"]), int(d["expires_at"])
+
+        # active False は正常系扱い
+        return False, None, None
+
+    def logout(self, *, token: str) -> None:
+        d = self._post(self.logout_url, {"token": token})
+        if d.get("ok"):
+            return
+        self._raise_from_error_code(str(d.get("error") or ""))
+
+    def _raise_from_error_code(self, code: str) -> None:
+        if code == "A01":
+            raise AuthMissingFieldError("unknown")
+        if code == "A02":
+            raise AuthUserIdAlreadyExistsError()
+        if code == "A03":
+            raise AuthInvalidCredentialsError()
+        if code == "A04":
+            raise AuthUserDisabledError()
+        if code == "A05":
+            raise AuthTokenMissingError()
+        if code == "A06":
+            raise AuthTokenInvalidError()
+        if code == "A07":
+            raise AuthTokenExpiredError()
+        if code == "A08":
+            raise AuthTokenRevokedError()
+        if code == "A09":
+            raise AuthServiceUnavailableError()
+    
+        # 想定外レスポンス
+        raise AuthServiceUnavailableError()
+
 
 # --------------------
 # DB
 # --------------------
 
 class AuthDBM(DatabaseManager):
-
-    # override
     def _init(self) -> None:
         self.execute_many(
             [
@@ -241,7 +336,7 @@ class AuthDBM(DatabaseManager):
                     );
                     """,
                     (),
-                )
+                ),
             ]
         )
 
@@ -254,18 +349,30 @@ class AuthDBM(DatabaseManager):
             raise AuthMissingFieldError("password")
 
         salt = _make_salt()
-        self.execute(
-            "INSERT INTO users VALUES(?,?,?,?,?,?,?)",
-            _rand(),
-            user_id,
-            public_name,
-            _hash_password(password, salt),
-            salt,
-            None,
-            1,
-        )
+        uid = _rand()
+
+        try:
+            self.execute(
+                "INSERT INTO users VALUES(?,?,?,?,?,?,?)",
+                uid,
+                user_id,
+                public_name,
+                _hash_password(password, salt),
+                salt,
+                None,
+                1,
+            )
+        except DBIntegrityError:
+            raise AuthUserIdAlreadyExistsError()
+        except Exception as e:
+            raise AuthServiceUnavailableError()
 
     def login(self, user_id: str, password: str, *, user_agent: str | None, ttl_sec: int) -> Session:
+        if not user_id:
+            raise AuthMissingFieldError("user_id")
+        if not password:
+            raise AuthMissingFieldError("password")
+
         rows = self.execute(
             "SELECT uid, user_id, password_hash, password_salt, is_active FROM users WHERE user_id=?",
             user_id,
@@ -276,15 +383,17 @@ class AuthDBM(DatabaseManager):
         uid, uid_text, pw_hash, salt, active = rows[0]
         if not active:
             raise AuthUserDisabledError()
-        if not hmac.compare_digest(_hash_password(password, salt), pw_hash):
+
+        if not hmac.compare_digest(_hash_password(password, str(salt)), str(pw_hash)):
             raise AuthInvalidCredentialsError()
 
         token = _rand()
         exp = _now() + ttl_sec
+        sid = _rand()
 
         self.execute(
             "INSERT INTO sessions VALUES(?,?,?,?,?,?)",
-            _rand(),
+            sid,
             uid,
             _token_hash(token),
             exp,
@@ -292,9 +401,12 @@ class AuthDBM(DatabaseManager):
             user_agent,
         )
 
-        return Session("", uid, uid_text, token, exp, None, user_agent)
+        return Session(sid, uid, uid_text, token, exp, None, user_agent)
 
     def logout(self, token: str) -> None:
+        if not token:
+            raise AuthMissingFieldError("token")
+
         self.execute(
             "UPDATE sessions SET revoked_at=? WHERE token_hash=?",
             _now(),
@@ -308,7 +420,8 @@ class AuthDBM(DatabaseManager):
         rows = self.execute(
             """
             SELECT s.sid, s.uid, u.user_id, s.expires_at, s.revoked_at, s.user_agent
-            FROM sessions s JOIN users u ON u.uid=s.uid
+            FROM sessions s
+            JOIN users u ON u.uid=s.uid
             WHERE s.token_hash=?
             """,
             _token_hash(token),
@@ -317,7 +430,7 @@ class AuthDBM(DatabaseManager):
             return None
 
         sid, uid, user_id, exp, rev, ua = rows[0]
-        if rev or exp <= _now():
+        if rev or int(exp) <= _now():
             return None
 
-        return Session(sid, uid, user_id, token, exp, None, ua)
+        return Session(str(sid), str(uid), str(user_id), str(token), int(exp), None, ua)

nexom/app/db.py

@@ -1,9 +1,35 @@
 from __future__ import annotations
 
 from typing import Any, Iterable
-from sqlite3 import connect, Connection, Cursor, Error
-
-from ..core.error import DBMConnectionInvalidError, DBError
+from sqlite3 import (
+    connect, 
+    Connection, 
+    Cursor, 
+
+    Error,
+    OperationalError,
+    IntegrityError,
+    ProgrammingError
+)
+
+from ..core.error import (
+    DBError,
+
+    DBMConnectionInvalidError, 
+    DBOperationalError,
+    DBIntegrityError,
+    DBProgrammingError
+)
+
+def _call_error_handler(e: Error):
+    if isinstance(e, OperationalError):
+        raise DBOperationalError(str(e))
+    elif isinstance(e, ProgrammingError):
+        raise DBProgrammingError(str(e))
+    elif isinstance(e, IntegrityError):
+        raise DBIntegrityError(str(e))
+    else:
+        raise DBMConnectionInvalidError(str(e))
 
 
 class DatabaseManager:
@@ -39,7 +65,7 @@ class DatabaseManager:
 
             self.commit()
         except Error as e:
-            raise DBMConnectionInvalidError(str(e))
+            _call_error_handler(e)
 
     def rip_connection(self) -> None:
         if self._conn is None:
@@ -70,7 +96,8 @@ class DatabaseManager:
 
         except Error as e:
             self._conn.rollback()
-            raise DBError(str(e))
+            _call_error_handler(e)
+
 
     def execute_many(self, sql_inserts: Iterable[ list[ tuple[str, tuple] ] ]) -> None:
         if self._conn is None or self._cursor is None:
@@ -85,4 +112,5 @@ class DatabaseManager:
 
         except Error as e:
             self._conn.rollback()
-            raise DBError(str(e))
+            _call_error_handler(e)
+        

nexom/app/path.py

@@ -148,7 +148,7 @@ class Static(Path):
 # Pathlib
 # ====================
 
-class Pathlib(list[Path]):
+class Router(list[Path]):
     """Collection of Path objects with middleware support."""
 
     def __init__(self, *paths: Path) -> None:

nexom/app/response.py

@@ -111,7 +111,7 @@ class JsonResponse(Response):
             cookie=cookie,
             content_type=content_type,
             charset=charset,
-            include_charset=False,  # ここは自前で付けたからFalse
+            include_charset=False,
         )
 
 class Redirect(Response):
@@ -119,11 +119,20 @@ class Redirect(Response):
     HTTP redirect response (302).
     """
 
-    def __init__(self, location: str) -> None:
+    def __init__(
+        self,
+        location: str,
+        headers: Iterable[Header] | None = None,
+        cookie: str | None = None,
+    ) -> None:
+        extra = list(headers) if headers else []
+        res_headers = [("Location", location), *extra]
+
         super().__init__(
             body=b"",
             status=302,
-            headers=[("Location", location)],
+            headers=res_headers,
+            cookie=cookie,
         )
 
 

nexom/app/template.py

@@ -3,7 +3,6 @@ from __future__ import annotations
 import re
 from dataclasses import dataclass
 from pathlib import Path
-from typing import Any
 
 from ..core.object_html_render import HTMLDoc, HTMLDocLib, ObjectHTML
 from ..core.error import TemplateNotFoundError, TemplateInvalidNameError, TemplatesNotDirError
@@ -26,13 +25,12 @@ class _TemplateAccessor:
         templates.layout.base(title="x")    -> templates.render("layout.base", title="x")
     """
 
-    def __init__(self, templates: ObjectHTMLTemplates, name: str) -> None:  # type: ignore[name-defined]
+    def __init__(self, templates: "ObjectHTMLTemplates", name: str) -> None:
         self._templates = templates
         self._name = name
 
-    def __getattr__(self, part: str) -> _TemplateAccessor:
+    def __getattr__(self, part: str) -> "_TemplateAccessor":
         if not _SEG_RE.match(part):
-            # Attribute access only supports valid segments by design.
             raise AttributeError(part)
         return _TemplateAccessor(self._templates, f"{self._name}.{part}")
 
@@ -54,43 +52,49 @@ class ObjectHTMLTemplates:
         templates.a.b(**kwargs) -> render("a.b", **kwargs)
     """
 
-    def __init__(self, base_dir: str) -> None:
+    def __init__(self, base_dir: str, reload: bool = False) -> None:
         self.base_dir = str(base_dir)
         self._base_path = Path(self.base_dir).resolve()
+        self.reload = reload
 
         if not self._base_path.exists() or not self._base_path.is_dir():
             raise TemplatesNotDirError(self.base_dir)
 
-        lib = HTMLDocLib()
-        for entry in self._scan_templates(self._base_path):
-            html_text = entry.path.read_text(encoding="utf-8")
-            lib.append(HTMLDoc(entry.name, html_text))
-
-        self._engine = ObjectHTML(lib=lib)
+        self._rebuild_engine()
 
     def __getattr__(self, name: str) -> _TemplateAccessor:
-        # Called only when normal attribute lookup fails.
         if not _SEG_RE.match(name):
             raise AttributeError(name)
         return _TemplateAccessor(self, name)
 
     def render(self, name: str, **kwargs: str) -> str:
-        doc = self._engine.lib.get(name)
-        if not doc:
+        if self.reload:
+            self._rebuild_engine()
+
+        if not self._engine.lib.get(name):
             raise TemplateNotFoundError(name)
+
         return self._engine.render(name, **kwargs)
 
+    # -------------------------
+    # internal
+    # -------------------------
+
+    def _rebuild_engine(self) -> None:
+        lib = HTMLDocLib()
+        for entry in self._scan_templates(self._base_path):
+            html_text = entry.path.read_text(encoding="utf-8")
+            lib.append(HTMLDoc(entry.name, html_text))
+        self._engine = ObjectHTML(lib=lib)
+
     def _scan_templates(self, root: Path) -> list[TemplateEntry]:
         entries: list[TemplateEntry] = []
-
         for path in root.rglob("*.html"):
             if not path.is_file():
                 continue
-
             rel = path.relative_to(root)
             name = self._path_to_template_name(rel)
             entries.append(TemplateEntry(name=name, path=path))
-
         return entries
 
     def _path_to_template_name(self, rel_path: Path) -> str:

nexom/assets/app/pages/_templates.py

@@ -2,6 +2,6 @@ from __future__ import annotations
 
 from nexom.app.template import ObjectHTMLTemplates
 
-from __app_name__.config import TEMPLATES_DIR
+from __app_name__.config import TEMPLATES_DIR, RELOAD
 
-templates = ObjectHTMLTemplates(base_dir=TEMPLATES_DIR)
+templates = ObjectHTMLTemplates(base_dir=TEMPLATES_DIR, reload=RELOAD)

nexom/assets/app/router.py

@@ -1,11 +1,11 @@
 from __future__ import annotations
 
-from nexom.app.path import Get, Static, Pathlib
+from nexom.app.path import Get, Static, Router
 
 from .config import APP_DIR
 from .pages import default, document
 
-routing = Pathlib(
+routing = Router(
     Get("", default.main, "DefaultPage"),
     Get("doc/", document.main, "DocumentPage"),
     Static("static/", APP_DIR + "/static", "StaticFiles"),