Nexom 1.0.7__tar.gz → 1.0.8__tar.gz

{nexom-1.0.7/src/Nexom.egg-info → nexom-1.0.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Nexom
-Version: 1.0.7
+Version: 1.0.8
 Summary: Lightweight Python Web Framework (WSGI)
 Author: TouriAida
 License: MIT License

{nexom-1.0.7 → nexom-1.0.8}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "Nexom"
-version = "1.0.7"
+version = "1.0.8"
 description = "Lightweight Python Web Framework (WSGI)"
 readme = "README.md"
 requires-python = ">=3.10"

{nexom-1.0.7 → nexom-1.0.8/src/Nexom.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: Nexom
-Version: 1.0.7
+Version: 1.0.8
 Summary: Lightweight Python Web Framework (WSGI)
 Author: TouriAida
 License: MIT License

{nexom-1.0.7 → nexom-1.0.8}/src/nexom/app/auth.py

@@ -133,8 +133,7 @@ class AuthService:
     def handler(self, environ: dict) -> JsonResponse:
         req = Request(environ)
         try:
-            route = self.routing.get(req.path)
-            return route.call_handler(req)
+            return self.routing.handle(req)
 
         except NexomError as e:
             # error code -> proper HTTP status

nexom-1.0.8/src/nexom/app/middleware.py

@@ -0,0 +1,135 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Callable, Protocol, TypeAlias, Any
+
+from .request import Request
+from .response import Response
+
+
+Handler: TypeAlias = Callable[[Request, dict[str, str | None]], Response]
+
+
+class Middleware(Protocol):
+    """
+    Middleware interface.
+
+    A middleware receives the request, route args, and next handler.
+    It must return a Response.
+    """
+
+    def __call__(self, request: Request, args: dict[str, str | None], next_: Handler) -> Response:
+        ...
+
+
+@dataclass(frozen=True)
+class MiddlewareChain:
+    """
+    Build and execute a middleware chain.
+    """
+    middlewares: tuple[Middleware, ...]
+
+    def wrap(self, handler: Handler) -> Handler:
+        """
+        Wrap the given handler with middlewares (outer -> inner).
+        """
+        def wrapped(request: Request, args: dict[str, str | None]) -> Response:
+            # Build chain lazily per call (safe and simple)
+            def call_at(i: int, req: Request, a: dict[str, str | None]) -> Response:
+                if i >= len(self.middlewares):
+                    return handler(req, a)
+
+                mw = self.middlewares[i]
+
+                def next_(r: Request, aa: dict[str, str | None]) -> Response:
+                    return call_at(i + 1, r, aa)
+
+                return mw(req, a, next_)
+
+            return call_at(0, request, args)
+
+        return wrapped
+    
+
+class CORSMiddleware:
+    def __init__(
+        self,
+        allowed_origins: list[str] | None = None,   # None or ["*"] = allow all
+        allowed_methods: list[str] | None = None,
+        allowed_headers: list[str] | None = None,
+        access_control_allow_credentials: bool = False,
+        max_age: int | None = 600,
+    ) -> None:
+        self.allowed_origins = allowed_origins or ["*"]
+        self.allowed_methods = [m.upper() for m in (allowed_methods or ["GET", "POST", "PUT", "DELETE", "OPTIONS"])]
+        self.allowed_headers = allowed_headers or ["Content-Type", "Authorization"]
+        self.allow_credentials = access_control_allow_credentials
+        self.max_age = max_age
+
+    def _is_allowed_origin(self, origin: str) -> bool:
+        return "*" in self.allowed_origins or origin in self.allowed_origins
+
+    def _append_vary_origin(self, res: Response) -> None:
+        # append_header が単純 append なので、重複しないように軽くケア
+        for k, v in getattr(res, "headers", []):
+            if k.lower() == "vary":
+                # 既に Vary があるなら Origin が含まれてるかだけチェック
+                if "origin" in [p.strip().lower() for p in v.split(",")]:
+                    return
+                res.append_header("Vary", v + ", Origin")
+                return
+        res.append_header("Vary", "Origin")
+
+    def __call__(self, request: Request, args: dict[str, str | None], next_: Handler) -> Response:
+        origin = request.headers.get("origin")
+        if not origin:
+            return next_(request, args)
+
+        if not self._is_allowed_origin(origin):
+            return next_(request, args)
+
+        # preflight 判定
+        acrm = request.headers.get("access-control-request-method")
+        is_preflight = request.method == "OPTIONS" and acrm is not None
+
+        if is_preflight:
+            # 204で十分（body無し）
+            res = Response(b"", status=204)
+        else:
+            res = next_(request, args)
+
+        # Allow-Origin（単一 or *）
+        if "*" in self.allowed_origins and not self.allow_credentials:
+            res.append_header("Access-Control-Allow-Origin", "*")
+        else:
+            # credentials=True なら必ず echo（*は禁止）
+            res.append_header("Access-Control-Allow-Origin", origin)
+            self._append_vary_origin(res)
+
+        # Allow-Credentials
+        if self.allow_credentials:
+            res.append_header("Access-Control-Allow-Credentials", "true")
+
+        # Allow-Methods
+        if self.allowed_methods == ["*"]:
+            req_method = request.headers.get("access-control-request-method")
+            res.append_header("Access-Control-Allow-Methods", req_method or "GET, POST, PUT, DELETE, OPTIONS")
+        else:
+            res.append_header("Access-Control-Allow-Methods", ", ".join(self.allowed_methods))
+        
+        # Allow-Headers
+        if self.allowed_headers == ["*"]:
+            req_headers = request.headers.get("access-control-request-headers")
+            # ブラウザが要求してきたヘッダをそのまま許可
+            if req_headers:
+                res.append_header("Access-Control-Allow-Headers", req_headers)
+            else:
+                res.append_header("Access-Control-Allow-Headers", "Content-Type, Authorization")
+        else:
+            res.append_header("Access-Control-Allow-Headers", ", ".join(self.allowed_headers))
+
+
+        if self.max_age is not None:
+            res.append_header("Access-Control-Max-Age", str(self.max_age))
+
+        return res

{nexom-1.0.7 → nexom-1.0.8}/src/nexom/app/path.py

@@ -192,4 +192,10 @@ class Router(list[Path]):
 
         if self.raise_if_not_exist:
             raise PathNotFoundError(request_path)
-        return None
+        return None
+
+    def handle(self, request: Request) -> Response:
+        path = self.get(request.path, method=request.method)
+        if path is None:
+            raise PathNotFoundError(request.path)
+        return path.call_handler(request, tuple(self.middlewares))

{nexom-1.0.7 → nexom-1.0.8}/src/nexom/app/response.py

@@ -62,6 +62,9 @@ class Response:
         """
         yield self.body
 
+    def append_header(self, key: str, value: str) -> None:
+        self.headers.append((key, value))
+
 class HtmlResponse(Response):
     def __init__(
         self,

{nexom-1.0.7 → nexom-1.0.8}/src/nexom/assets/app/templates/default.html

@@ -2,7 +2,7 @@
 <Insert main>
     <div class="thumbnail-container">
         <div class="message-card">
-            <h1>Welcome Nexom v1.0.7 Deeeeeeeev</h1>
+            <h1>Welcome Nexom v1.0.8 Deeeeeeeev</h1>
             <p>How are you? I'm fine! Thank you!</p>
         </div>
         <div class="accounts-card">

{nexom-1.0.7 → nexom-1.0.8}/src/nexom/assets/app/wsgi.py

@@ -39,8 +39,7 @@ def app(environ: dict, start_response: Callable) -> Iterable[bytes]:
         path = req.path
         method = req.method
 
-        p = routing.get(path, method=method)
-        res = p.call_handler(req)
+        res = routing.handle(req)
 
     except PathNotFoundError as e:
         logger.warn(str(e))

nexom-1.0.7/src/nexom/app/middleware.py

@@ -1,51 +0,0 @@
-from __future__ import annotations
-
-from dataclasses import dataclass
-from typing import Callable, Protocol, TypeAlias, Any
-
-from .request import Request
-from .response import Response
-
-
-Handler: TypeAlias = Callable[[Request, dict[str, str | None]], Response]
-
-
-class Middleware(Protocol):
-    """
-    Middleware interface.
-
-    A middleware receives the request, route args, and next handler.
-    It must return a Response.
-    """
-
-    def __call__(self, request: Request, args: dict[str, str | None], next_: Handler) -> Response:
-        ...
-
-
-@dataclass(frozen=True)
-class MiddlewareChain:
-    """
-    Build and execute a middleware chain.
-    """
-    middlewares: tuple[Middleware, ...]
-
-    def wrap(self, handler: Handler) -> Handler:
-        """
-        Wrap the given handler with middlewares (outer -> inner).
-        """
-        def wrapped(request: Request, args: dict[str, str | None]) -> Response:
-            # Build chain lazily per call (safe and simple)
-            def call_at(i: int, req: Request, a: dict[str, str | None]) -> Response:
-                if i >= len(self.middlewares):
-                    return handler(req, a)
-
-                mw = self.middlewares[i]
-
-                def next_(r: Request, aa: dict[str, str | None]) -> Response:
-                    return call_at(i + 1, r, aa)
-
-                return mw(req, a, next_)
-
-            return call_at(0, request, args)
-
-        return wrapped