Nexom 1.0.4__tar.gz → 1.0.6__tar.gz

{nexom-1.0.4/src/Nexom.egg-info → nexom-1.0.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Nexom
-Version: 1.0.4
+Version: 1.0.6
 Summary: Lightweight Python Web Framework (WSGI)
 Author: TouriAida
 License: MIT License
@@ -69,11 +69,12 @@ pip install
 ```
 **プロジェクトのビルド**
 
-プロジェクトディレクトリ上で、以下のコマンドを実行してください(名前は自由)
+プロジェクトディレクトリ上で、以下のコマンドを実行してください
+
 もしNginxもしくはApacheを使用する場合 --gateway オプションにどちらか入力してください
 
 ```
-$ python -m nexom start-project
+$ python -m nexom start-project # --gateway nginx or apache
 ```
 
 以下の構成でプロジェクトが生成されます。
@@ -117,7 +118,7 @@ $ python -m nexom run
 ブラウザからアクセスできるようになります。
 デフォルトのポートは8080です。
 
-[https://localhost:8080](https://localhost:8080)
+[http://localhost:8080](http://localhost:8080)
 
 ポートなどの設定は `config.py` から変更してください。
 
@@ -191,4 +192,4 @@ sudo systemd start banana-project@banana2
 sudo systemd start banana-project@banana3
 ```
 
-2026 1/25
+2026 1/28

{nexom-1.0.4 → nexom-1.0.6}/README.md

@@ -32,11 +32,12 @@ pip install
 ```
 **プロジェクトのビルド**
 
-プロジェクトディレクトリ上で、以下のコマンドを実行してください(名前は自由)
+プロジェクトディレクトリ上で、以下のコマンドを実行してください
+
 もしNginxもしくはApacheを使用する場合 --gateway オプションにどちらか入力してください
 
 ```
-$ python -m nexom start-project
+$ python -m nexom start-project # --gateway nginx or apache
 ```
 
 以下の構成でプロジェクトが生成されます。
@@ -80,7 +81,7 @@ $ python -m nexom run
 ブラウザからアクセスできるようになります。
 デフォルトのポートは8080です。
 
-[https://localhost:8080](https://localhost:8080)
+[http://localhost:8080](http://localhost:8080)
 
 ポートなどの設定は `config.py` から変更してください。
 
@@ -154,4 +155,4 @@ sudo systemd start banana-project@banana2
 sudo systemd start banana-project@banana3
 ```
 
-2026 1/25
+2026 1/28

{nexom-1.0.4 → nexom-1.0.6}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "Nexom"
-version = "1.0.4"
+version = "1.0.6"
 description = "Lightweight Python Web Framework (WSGI)"
 readme = "README.md"
 requires-python = ">=3.10"

{nexom-1.0.4 → nexom-1.0.6/src/Nexom.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Nexom
-Version: 1.0.4
+Version: 1.0.6
 Summary: Lightweight Python Web Framework (WSGI)
 Author: TouriAida
 License: MIT License
@@ -69,11 +69,12 @@ pip install
 ```
 **プロジェクトのビルド**
 
-プロジェクトディレクトリ上で、以下のコマンドを実行してください(名前は自由)
+プロジェクトディレクトリ上で、以下のコマンドを実行してください
+
 もしNginxもしくはApacheを使用する場合 --gateway オプションにどちらか入力してください
 
 ```
-$ python -m nexom start-project
+$ python -m nexom start-project # --gateway nginx or apache
 ```
 
 以下の構成でプロジェクトが生成されます。
@@ -117,7 +118,7 @@ $ python -m nexom run
 ブラウザからアクセスできるようになります。
 デフォルトのポートは8080です。
 
-[https://localhost:8080](https://localhost:8080)
+[http://localhost:8080](http://localhost:8080)
 
 ポートなどの設定は `config.py` から変更してください。
 
@@ -191,4 +192,4 @@ sudo systemd start banana-project@banana2
 sudo systemd start banana-project@banana3
 ```
 
-2026 1/25
+2026 1/28

{nexom-1.0.4 → nexom-1.0.6}/src/Nexom.egg-info/SOURCES.txt

@@ -32,6 +32,7 @@ src/nexom/assets/app/pages/default.py
 src/nexom/assets/app/pages/document.py
 src/nexom/assets/app/pages/__pycache__/__init__.cpython-313.pyc
 src/nexom/assets/app/static/dog.jpeg
+src/nexom/assets/app/static/github.png
 src/nexom/assets/app/static/style.css
 src/nexom/assets/app/templates/base.html
 src/nexom/assets/app/templates/default.html

{nexom-1.0.4 → nexom-1.0.6}/src/nexom/__init__.py

@@ -16,4 +16,4 @@ __all__ = [
     "__version__",
 ]
 
-__version__ = "0.1.2"
+__version__ = "1.0.6"

{nexom-1.0.4 → nexom-1.0.6}/src/nexom/app/__init__.py

@@ -16,7 +16,7 @@ from .response import (
 )
 
 # ---- Routing ----
-from .path import Path, Static, Pathlib
+from .path import Path, Static, Router
 
 # ---- Cookie ----
 from .cookie import Cookie, RequestCookies

nexom-1.0.6/src/nexom/app/auth.py

@@ -0,0 +1,451 @@
+# src/nexom/app/auth.py
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Optional
+import secrets
+import time
+import hashlib
+import hmac
+import json
+import sqlite3
+from urllib.request import Request as UrlRequest, urlopen
+from urllib.error import URLError, HTTPError
+
+from .request import Request
+from .response import JsonResponse
+from .db import DatabaseManager
+from .path import Path, Router
+from ..core.log import AuthLogger
+
+from ..core.error import (
+    NexomError,
+    AuthMissingFieldError,          # A01
+    AuthUserIdAlreadyExistsError,   # A02
+    AuthInvalidCredentialsError,    # A03
+    AuthUserDisabledError,          # A04
+    AuthTokenMissingError,          # A05
+    AuthTokenInvalidError,          # A06
+    AuthTokenExpiredError,          # A07
+    AuthTokenRevokedError,          # A08
+    AuthServiceUnavailableError,    # A09
+    _status_for_auth_error,
+
+    DBError,
+    DBMConnectionInvalidError,
+    DBOperationalError,
+    DBIntegrityError,
+    DBProgrammingError,
+)
+
+# --------------------
+# utils
+# --------------------
+
+def _now() -> int:
+    return int(time.time())
+
+
+def _rand(nbytes: int = 24) -> str:
+    return secrets.token_urlsafe(nbytes)
+
+
+def _make_salt(nbytes: int = 16) -> str:
+    return secrets.token_hex(nbytes)
+
+
+def _hash_password(password: str, salt_hex: str) -> str:
+    salt = bytes.fromhex(salt_hex)
+    dk = hashlib.pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 200_000)
+    return dk.hex()
+
+
+def _token_hash(token: str) -> str:
+    return hashlib.sha256(token.encode("utf-8")).hexdigest()
+
+
+# --------------------
+# variables (internal)
+# --------------------
+
+KEY_NAME = "_nxt"
+
+
+# --------------------
+# models (internal)
+# --------------------
+
+@dataclass
+class LocalSession:
+    sid: str
+    uid: str
+    user_id: str
+    public_name: str
+    token: str
+    expires_at: int
+    revoked_at: int | None
+    user_agent: str | None
+
+@dataclass
+class Session:
+    pid: str
+    user_id: str
+    public_name: str
+    token: str
+    expires_at: int
+    user_agent: str | None
+
+
+# --------------------
+# AuthService (API only)
+# --------------------
+
+class AuthService:
+    """
+    Auth API service (JSON only).
+    """
+
+    def __init__(
+        self,
+        db_path: str,
+        log_path: str,
+        *,
+        ttl_sec: int = 60 * 60 * 24 * 7,
+        prefix: str = "",
+    ) -> None:
+        self.dbm = AuthDBM(db_path)
+        self.ttl_sec = ttl_sec
+
+        p = prefix.strip("/")
+
+        def _p(x: str) -> str:
+            return f"{p}/{x}".strip("/") if p else x
+
+        self.routing = Router(
+            Path(_p("signup"), self.signup, "AuthSignup"),
+            Path(_p("login"), self.login, "AuthLogin"),
+            Path(_p("logout"), self.logout, "AuthLogout"),
+            Path(_p("verify"), self.verify, "AuthVerify"),
+        )
+
+        self.logger = AuthLogger(log_path)
+
+    def handler(self, environ: dict) -> JsonResponse:
+        req = Request(environ)
+        try:
+            route = self.routing.get(req.path)
+            return route.call_handler(req)
+
+        except NexomError as e:
+            # error code -> proper HTTP status
+            status = _status_for_auth_error(e.code)
+            return JsonResponse({"ok": False, "error": e.code}, status=status)
+
+        except Exception as e:
+            return JsonResponse({"ok": False, "error": "InternalError"}, status=500)
+
+    # ---- handlers ----
+
+    def signup(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
+
+        data = request.json() or {}
+        user_id = str(data.get("user_id") or "").strip()
+        public_name = str(data.get("public_name") or "").strip()
+        password = str(data.get("password") or "")
+
+        self.dbm.signup(user_id=user_id, public_name=public_name, password=password)
+        return JsonResponse({"ok": True}, status=201)
+
+    def login(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
+
+        data = request.json() or {}
+        user_id = str(data.get("user_id") or "").strip()
+        password = str(data.get("password") or "")
+
+        lsess = self.dbm.login(
+            user_id,
+            password,
+            user_agent=request.headers.get("user-agent"),
+            ttl_sec=self.ttl_sec,
+        )
+
+        return JsonResponse(
+            {
+                "ok": True,
+                "pid":lsess.uid,
+                "user_id": lsess.user_id,
+                "public_name":lsess.public_name,
+                "token": lsess.token,
+                "expires_at": lsess.expires_at,
+                "user_agent": lsess.user_agent
+            }
+        )
+
+    def logout(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
+
+        token = str((request.json() or {}).get("token") or "")
+        if token:
+            self.dbm.logout(token)
+        return JsonResponse({"ok": True})
+
+    def verify(self, request: Request, args: dict[str, Optional[str]]) -> JsonResponse:
+        if request.method != "POST":
+            return JsonResponse({"ok": False, "error": "MethodNotAllowed"}, status=405)
+
+        token = str((request.json() or {}).get("token") or "")
+        lsess = self.dbm.verify(token)
+        if not lsess:
+            return JsonResponse({"active": False}, status=200)
+
+        return JsonResponse(
+            {
+                "active": True,
+                "pid":lsess.uid,
+                "user_id": lsess.user_id,
+                "public_name":lsess.public_name,
+                "expires_at": lsess.expires_at,
+                "user_agent": lsess.user_agent
+            },
+            status=200,
+        )
+
+
+# --------------------
+# AuthClient (App側)
+# --------------------
+
+class AuthClient:
+    """AuthService を HTTP で叩くクライアント"""
+
+    def __init__(self, auth_url: str, *, timeout: float = 3.0) -> None:
+        base = auth_url.rstrip("/")
+        self.signup_url = base + "/signup"
+        self.login_url = base + "/login"
+        self.logout_url = base + "/logout"
+        self.verify_url = base + "/verify"
+        self.timeout = timeout
+
+    def _post(self, url: str, body: dict) -> dict:
+        payload = json.dumps(body, ensure_ascii=False).encode("utf-8")
+        req = UrlRequest(
+            url,
+            data=payload,
+            headers={
+                "Content-Type": "application/json; charset=utf-8",
+                "Accept": "application/json",
+            },
+            method="POST",
+        )
+
+        try:
+            with urlopen(req, timeout=self.timeout) as r:
+                raw = r.read()
+                text = raw.decode("utf-8", errors="replace")
+                return json.loads(text) if text else {}
+
+        except HTTPError as e:
+            try:
+                raw = e.read()
+                text = raw.decode("utf-8", errors="replace")
+                return json.loads(text) if text else {"ok": False, "error": f"HTTP_{e.code}"}
+            except Exception:
+                return {"ok": False, "error": f"HTTP_{e.code}"}
+
+        except (URLError, TimeoutError):
+            raise AuthServiceUnavailableError()
+
+        except json.JSONDecodeError:
+            raise AuthServiceUnavailableError()
+
+    def signup(self, *, user_id: str, public_name: str, password: str) -> None:
+        d = self._post(
+            self.signup_url,
+            {"user_id": user_id, "public_name": public_name, "password": password},
+        )
+        if d.get("ok"):
+            return 
+        self._raise_from_error_code(str(d.get("error") or ""))
+
+    def login(self, *, user_id: str, password: str) -> Session:
+        d = self._post(self.login_url, {"user_id": user_id, "password": password})
+        if not d.get("ok"):
+            self._raise_from_error_code(str(d.get("error") or ""))
+
+        return Session(str(d["pid"]), str(d["user_id"]), str(d["public_name"]), str(d["token"]), int(d["expires_at"]), str(d["user_agent"]))
+
+    def verify_token(self, token: str) -> Session | None:
+        d = self._post(self.verify_url, {"token": token})
+
+        if d.get("active") is True:
+            return Session(str(d["pid"]), str(d["user_id"]), str(d["public_name"]), token, int(d["expires_at"]), str(d["user_agent"]))
+
+        return None
+
+    def logout(self, *, token: str) -> None:
+        d = self._post(self.logout_url, {"token": token})
+        if d.get("ok"):
+            return
+        self._raise_from_error_code(str(d.get("error") or ""))
+
+    def _raise_from_error_code(self, code: str) -> None:
+        if code == "A01":
+            raise AuthMissingFieldError("unknown")
+        if code == "A02":
+            raise AuthUserIdAlreadyExistsError()
+        if code == "A03":
+            raise AuthInvalidCredentialsError()
+        if code == "A04":
+            raise AuthUserDisabledError()
+        if code == "A05":
+            raise AuthTokenMissingError()
+        if code == "A06":
+            raise AuthTokenInvalidError()
+        if code == "A07":
+            raise AuthTokenExpiredError()
+        if code == "A08":
+            raise AuthTokenRevokedError()
+        if code == "A09":
+            raise AuthServiceUnavailableError()
+    
+        # 想定外レスポンス
+        raise AuthServiceUnavailableError()
+
+
+# --------------------
+# DB
+# --------------------
+
+class AuthDBM(DatabaseManager):
+    def _init(self) -> None:
+        self.execute_many(
+            [
+                (
+                    """
+                    CREATE TABLE IF NOT EXISTS users (
+                        uid TEXT PRIMARY KEY,
+                        user_id TEXT UNIQUE NOT NULL,
+                        public_name TEXT NOT NULL,
+                        password_hash TEXT NOT NULL,
+                        password_salt TEXT NOT NULL,
+                        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                        is_active INTEGER NOT NULL DEFAULT 1
+                    );
+                    """,
+                    (),
+                ),
+                (
+                    """
+                    CREATE TABLE IF NOT EXISTS sessions (
+                        sid TEXT PRIMARY KEY,
+                        uid TEXT NOT NULL REFERENCES users(uid),
+                        token_hash TEXT UNIQUE NOT NULL,
+                        expires_at INTEGER NOT NULL,
+                        revoked_at INTEGER,
+                        user_agent TEXT
+                    );
+                    """,
+                    (),
+                ),
+            ]
+        )
+
+    def signup(self, user_id: str, public_name: str, password: str) -> None:
+        if not user_id:
+            raise AuthMissingFieldError("user_id")
+        if not public_name:
+            raise AuthMissingFieldError("public_name")
+        if not password:
+            raise AuthMissingFieldError("password")
+
+        salt = _make_salt()
+        uid = _rand()
+
+        try:
+            self.execute(
+                "INSERT INTO users VALUES(?,?,?,?,?,?,?)",
+                uid,
+                user_id,
+                public_name,
+                _hash_password(password, salt),
+                salt,
+                None,
+                1,
+            )
+        except DBIntegrityError:
+            raise AuthUserIdAlreadyExistsError()
+        except Exception as e:
+            raise AuthServiceUnavailableError()
+
+    def login(self, user_id: str, password: str, *, user_agent: str | None, ttl_sec: int) -> LocalSession:
+        if not user_id:
+            raise AuthMissingFieldError("user_id")
+        if not password:
+            raise AuthMissingFieldError("password")
+
+        rows = self.execute(
+            "SELECT uid, user_id, public_name, password_hash, password_salt, is_active FROM users WHERE user_id=?",
+            user_id,
+        )
+        if not rows:
+            raise AuthInvalidCredentialsError()
+
+        uid, user_id, public_name, pw_hash, salt, active = rows[0]
+        if not active:
+            raise AuthUserDisabledError()
+
+        if not hmac.compare_digest(_hash_password(password, str(salt)), str(pw_hash)):
+            raise AuthInvalidCredentialsError()
+
+        token = _rand()
+        exp = _now() + ttl_sec
+        sid = _rand()
+
+        self.execute(
+            "INSERT INTO sessions VALUES(?,?,?,?,?,?)",
+            sid,
+            uid,
+            _token_hash(token),
+            exp,
+            None,
+            user_agent,
+        )
+
+        return LocalSession(sid, uid, user_id, public_name, token, exp, None, user_agent)
+
+    def logout(self, token: str) -> None:
+        if not token:
+            raise AuthMissingFieldError("token")
+
+        self.execute(
+            "UPDATE sessions SET revoked_at=? WHERE token_hash=?",
+            _now(),
+            _token_hash(token),
+        )
+
+    def verify(self, token: str | None) -> LocalSession | None:
+        if not token:
+            return None
+
+        rows = self.execute(
+            """
+            SELECT s.sid, s.uid, u.user_id, u.public_name, s.expires_at, s.revoked_at, s.user_agent
+            FROM sessions s
+            JOIN users u ON u.uid=s.uid
+            WHERE s.token_hash=?
+            """,
+            _token_hash(token),
+        )
+        if not rows:
+            return None
+
+        sid, uid, user_id, public_name, exp, rev, ua = rows[0]
+        if rev or int(exp) <= _now():
+            return None
+
+        return LocalSession(str(sid), str(uid), str(user_id), str(public_name), str(token), int(exp), None, ua)

{nexom-1.0.4 → nexom-1.0.6}/src/nexom/app/db.py

@@ -1,9 +1,35 @@
 from __future__ import annotations
 
 from typing import Any, Iterable
-from sqlite3 import connect, Connection, Cursor, Error
-
-from ..core.error import DBMConnectionInvalidError, DBError
+from sqlite3 import (
+    connect, 
+    Connection, 
+    Cursor, 
+
+    Error,
+    OperationalError,
+    IntegrityError,
+    ProgrammingError
+)
+
+from ..core.error import (
+    DBError,
+
+    DBMConnectionInvalidError, 
+    DBOperationalError,
+    DBIntegrityError,
+    DBProgrammingError
+)
+
+def _call_error_handler(e: Error):
+    if isinstance(e, OperationalError):
+        raise DBOperationalError(str(e))
+    elif isinstance(e, ProgrammingError):
+        raise DBProgrammingError(str(e))
+    elif isinstance(e, IntegrityError):
+        raise DBIntegrityError(str(e))
+    else:
+        raise DBMConnectionInvalidError(str(e))
 
 
 class DatabaseManager:
@@ -39,7 +65,7 @@ class DatabaseManager:
 
             self.commit()
         except Error as e:
-            raise DBMConnectionInvalidError(str(e))
+            _call_error_handler(e)
 
     def rip_connection(self) -> None:
         if self._conn is None:
@@ -70,7 +96,8 @@ class DatabaseManager:
 
         except Error as e:
             self._conn.rollback()
-            raise DBError(str(e))
+            _call_error_handler(e)
+
 
     def execute_many(self, sql_inserts: Iterable[ list[ tuple[str, tuple] ] ]) -> None:
         if self._conn is None or self._cursor is None:
@@ -85,4 +112,5 @@ class DatabaseManager:
 
         except Error as e:
             self._conn.rollback()
-            raise DBError(str(e))
+            _call_error_handler(e)
+        

{nexom-1.0.4 → nexom-1.0.6}/src/nexom/app/path.py

@@ -84,7 +84,7 @@ class Path:
             return res
 
         except TypeError as e:
-            # handler の引数不足だけは明示的に
+            # handler の引数不足
             if re.search(r"takes \d+ positional arguments? but \d+ were given", str(e)):
                 raise PathHandlerMissingArgError()
             raise
@@ -148,7 +148,7 @@ class Static(Path):
 # Pathlib
 # ====================
 
-class Pathlib(list[Path]):
+class Router(list[Path]):
     """Collection of Path objects with middleware support."""
 
     def __init__(self, *paths: Path) -> None: