PoorWSGI 2.7.0__tar.gz → 2.8.1__tar.gz

poorwsgi-2.8.1/CONTRIBUTION.rst

@@ -0,0 +1,113 @@
+Contributing to the Project
+===========================
+
+Thank you for your interest in contributing to the PoorWSGI project! Every contribution is welcome. This document will guide you through the process of reporting a bug, suggesting an enhancement, or directly contributing code.
+
+Reporting Bugs
+--------------
+If you encounter a bug, please ensure that you:
+
+1.  Search the existing `issues <https://github.com/PoorHttp/PoorWSGI/issues>`_ to ensure the bug has not already been reported.
+2.  If you cannot find the bug, create a new issue.
+3.  In the description, provide as much information as possible:
+
+    *   The version of PoorWSGI you are using.
+    *   The Python version and operating system.
+    *   A short but descriptive summary of the bug.
+    *   Steps to reproduce the bug.
+    *   What you expected to happen and what actually happened.
+
+Suggesting Enhancements
+-----------------------
+Do you have an idea for a new feature or improvement?
+
+1.  Create a new issue and describe your suggestion.
+2.  Explain why this feature would be useful and how it should work.
+
+Development and Code Contribution
+---------------------------------
+If you want to contribute code, please follow these steps. The project is developed using a **Test-Driven Development (TDD)** approach. This means that for every new feature or bug fix, a failing test should be written first, followed by the code that makes the test pass.
+
+1. Setting Up the Development Environment
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+First, prepare your local development environment.
+
+.. code-block:: bash
+
+    # 1. Fork the repository and clone it
+    git clone https://github.com/YOUR-USERNAME/PoorWSGI.git
+    cd PoorWSGI
+
+    # 2. Create and activate a virtual environment
+    python3 -m venv .venv
+    source .venv/bin/activate
+
+    # 3. Install the project in editable mode and the development dependencies
+    python -m pip install --upgrade pip
+    pip install -e .
+    pip install -U pre-commit flake8 setuptools pytest pytest-doctestplus pytest-pylint pytest-mypy ruff isort
+    pip install -U openapi-core uwsgi simplejson WSocket requests websocket-client
+    pip install -U types-simplejson types-requests types-PyYAML
+
+    # 4. Activate pre-commit hooks for automatic code checking
+    pre-commit install
+
+2. Code Style and Automatic Checks (pre-commit)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To maintain a consistent style and code quality, the project **requires the use of `pre-commit`**. This tool automatically runs a set of checks (called "hooks") before each commit. These checks include formatting, linting, and other code analyses. The configuration is defined in the `.pre-commit-config.yaml` file.
+
+Thanks to `pre-commit`, you don't have to run all the tools manually. If a commit fails due to a check, `pre-commit` will often fix the code for you automatically. In that case, you just need to add the modified files again (`git add`) and repeat the commit.
+
+If you still wish to run the checks manually during development (outside of a commit), you can use the following commands:
+
+.. code-block:: bash
+
+    # Manually run all pre-commit hooks on all files
+    pre-commit run --all-files
+
+    # Alternatively, individual tools:
+    ruff format .      # Formatting
+    ruff check .       # Linting
+    pylint poorwsgi/   # In-depth analysis
+    isort .            # Sorting imports
+
+3. Running Tests
+~~~~~~~~~~~~~~~~
+
+As mentioned, TDD is a key part of development. All tests must pass before you submit a Pull Request.
+
+*   `tests/`: Contains unit tests.
+*   `tests_integrity/`: Contains integration tests, which may run real servers from the `examples/` directory.
+
+You can run the tests using `pytest`:
+
+.. code-block:: bash
+
+    # Run all tests (unit and integration)
+    pytest -v
+
+    # Run only unit tests
+    pytest -v tests/
+
+    # Run integration tests
+    pytest -v tests_integrity/
+
+4. Submitting Changes (Pull Request)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+1.  Create a new branch for your changes: `git checkout -b feature/my-new-feature`.
+2.  Make your code changes and write tests for them.
+3.  Ensure that all local tests pass (`pytest -v`).
+4.  Create a commit. At this point, `pre-commit` will automatically check and possibly fix your code. If it fails, make the necessary adjustments and repeat the commit.
+
+    .. code-block:: bash
+
+        git add .
+        git commit -m "A brief description of the changes"
+
+5.  Push the changes to your fork: `git push origin feature/my-new-feature`.
+6.  Open a `Pull Request <https://github.com/PoorHttp/PoorWSGI/pulls>`_ to the `main` branch of the main repository.
+
+Your Pull Request will be reviewed by automated tests (CI) and one of the project maintainers. Thank you for your help!

{poorwsgi-2.7.0 → poorwsgi-2.8.1}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: PoorWSGI
-Version: 2.7.0
+Version: 2.8.1
 Summary: Poor WSGI connector for Python
 Home-page: http://poorhttp.zeropage.cz/poorwsgi
 Author: Ondřej Tůma
@@ -16,7 +16,6 @@ Keywords: web wsgi development
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Web Environment
 Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
 Classifier: Natural Language :: English
 Classifier: Natural Language :: Czech
 Classifier: Operating System :: MacOS :: MacOS X
@@ -27,10 +26,26 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
 Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Requires-Python: >=3.8
+Requires-Python: >=3.11
 Description-Content-Type: text/x-rst
+License-File: doc/licence.txt
 Provides-Extra: jsongeneratorresponse
 Requires-Dist: simplejson; extra == "jsongeneratorresponse"
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license
+Dynamic: license-file
+Dynamic: maintainer
+Dynamic: maintainer-email
+Dynamic: project-url
+Dynamic: provides-extra
+Dynamic: requires-python
+Dynamic: summary
 
 .. image:: https://img.shields.io/pypi/v/PoorWSGI.svg
     :target: https://pypi.python.org/pypi/poorwsgi/
@@ -44,9 +59,13 @@ Requires-Dist: simplejson; extra == "jsongeneratorresponse"
     :target: https://pypi.python.org/pypi/poorwsgi/
     :alt: Development Status
 
-.. image:: https://img.shields.io/travis/PoorHTTP/PoorWSGI.svg
-    :target: https://travis-ci.org/PoorHttp/PoorWSGI
-    :alt: Build Status
+.. image:: https://img.shields.io/github/actions/workflow/status/PoorHTTP/PoorWSGI/python-package.yml?branch=master
+    :target: https://github.com/PoorHttp/PoorWSGI/actions/workflows/python-package.yml
+    :alt: GitHub Build Workflow Status
+
+.. image:: https://img.shields.io/github/actions/workflow/status/PoorHTTP/PoorWSGI/codeql-analysis.yml?branch=master&label=CodeQL
+    :target: https://github.com/PoorHttp/PoorWSGI/actions/workflows/codeql-analysis.yml
+    :alt: GitHub CodeQL Workflow Status
 
 .. image:: https://img.shields.io/pypi/l/PoorWSGI.svg
     :target: https://pypi.python.org/pypi/poorwsgi/
@@ -55,8 +74,8 @@ Requires-Dist: simplejson; extra == "jsongeneratorresponse"
 Poor WSGI for Python
 ====================
 
-Poor WSGI for Python is light WGI connector with uri routing between WSGI server
-and your application. The simplest way to run and test it looks like that:
+Poor WSGI for Python is a lightweight WSGI connector with URI routing between the WSGI server
+and your application. The simplest way to run and test it looks like this:
 
 .. code-block:: python
 
@@ -73,7 +92,7 @@ and your application. The simplest way to run and test it looks like that:
         httpd = make_server('127.0.0.1', 8080, app)
         httpd.serve_forever()
 
-You can use python wsgiref.simple_server for test it:
+You can use Python's wsgiref.simple_server to test it:
 
 .. code-block::
 

{poorwsgi-2.7.0 → poorwsgi-2.8.1}/PoorWSGI.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: PoorWSGI
-Version: 2.7.0
+Version: 2.8.1
 Summary: Poor WSGI connector for Python
 Home-page: http://poorhttp.zeropage.cz/poorwsgi
 Author: Ondřej Tůma
@@ -16,7 +16,6 @@ Keywords: web wsgi development
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Web Environment
 Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
 Classifier: Natural Language :: English
 Classifier: Natural Language :: Czech
 Classifier: Operating System :: MacOS :: MacOS X
@@ -27,10 +26,26 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
 Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Requires-Python: >=3.8
+Requires-Python: >=3.11
 Description-Content-Type: text/x-rst
+License-File: doc/licence.txt
 Provides-Extra: jsongeneratorresponse
 Requires-Dist: simplejson; extra == "jsongeneratorresponse"
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license
+Dynamic: license-file
+Dynamic: maintainer
+Dynamic: maintainer-email
+Dynamic: project-url
+Dynamic: provides-extra
+Dynamic: requires-python
+Dynamic: summary
 
 .. image:: https://img.shields.io/pypi/v/PoorWSGI.svg
     :target: https://pypi.python.org/pypi/poorwsgi/
@@ -44,9 +59,13 @@ Requires-Dist: simplejson; extra == "jsongeneratorresponse"
     :target: https://pypi.python.org/pypi/poorwsgi/
     :alt: Development Status
 
-.. image:: https://img.shields.io/travis/PoorHTTP/PoorWSGI.svg
-    :target: https://travis-ci.org/PoorHttp/PoorWSGI
-    :alt: Build Status
+.. image:: https://img.shields.io/github/actions/workflow/status/PoorHTTP/PoorWSGI/python-package.yml?branch=master
+    :target: https://github.com/PoorHttp/PoorWSGI/actions/workflows/python-package.yml
+    :alt: GitHub Build Workflow Status
+
+.. image:: https://img.shields.io/github/actions/workflow/status/PoorHTTP/PoorWSGI/codeql-analysis.yml?branch=master&label=CodeQL
+    :target: https://github.com/PoorHttp/PoorWSGI/actions/workflows/codeql-analysis.yml
+    :alt: GitHub CodeQL Workflow Status
 
 .. image:: https://img.shields.io/pypi/l/PoorWSGI.svg
     :target: https://pypi.python.org/pypi/poorwsgi/
@@ -55,8 +74,8 @@ Requires-Dist: simplejson; extra == "jsongeneratorresponse"
 Poor WSGI for Python
 ====================
 
-Poor WSGI for Python is light WGI connector with uri routing between WSGI server
-and your application. The simplest way to run and test it looks like that:
+Poor WSGI for Python is a lightweight WSGI connector with URI routing between the WSGI server
+and your application. The simplest way to run and test it looks like this:
 
 .. code-block:: python
 
@@ -73,7 +92,7 @@ and your application. The simplest way to run and test it looks like that:
         httpd = make_server('127.0.0.1', 8080, app)
         httpd.serve_forever()
 
-You can use python wsgiref.simple_server for test it:
+You can use Python's wsgiref.simple_server to test it:
 
 .. code-block::
 

{poorwsgi-2.7.0 → poorwsgi-2.8.1}/PoorWSGI.egg-info/SOURCES.txt

@@ -1,6 +1,7 @@
 CONTRIBUTION.rst
 MANIFEST.in
 README.rst
+pyproject.toml
 setup.py
 PoorWSGI.egg-info/PKG-INFO
 PoorWSGI.egg-info/SOURCES.txt
@@ -24,17 +25,22 @@ doc/licence.txt
 doc/small-logo.png
 doc/style.css
 doc/web.css
+examples/aes_session.py
 examples/http_digest.py
 examples/large_file.py
 examples/metrics.py
 examples/openapi.json
 examples/openapi3.py
+examples/poor_session.py
 examples/put_file.py
+examples/response_closed.py
+examples/session.py
 examples/simple.py
 examples/simple_json.py
 examples/test.digest
 examples/websocket.py
 poorwsgi/__init__.py
+poorwsgi/aes_session.py
 poorwsgi/digest.py
 poorwsgi/fieldstorage.py
 poorwsgi/headers.py
@@ -46,8 +52,14 @@ poorwsgi/results.py
 poorwsgi/session.py
 poorwsgi/state.py
 poorwsgi/wsgi.py
+tests/test_aes_session.py
+tests/test_application_error.py
 tests/test_digest.py
+tests/test_fieldstorage.py
 tests/test_header.py
+tests/test_headers.py
 tests/test_request.py
 tests/test_responses.py
+tests/test_results.py
+tests/test_route_validation.py
 tests/test_session.py

{poorwsgi-2.7.0 → poorwsgi-2.8.1}/README.rst

@@ -10,9 +10,13 @@
     :target: https://pypi.python.org/pypi/poorwsgi/
     :alt: Development Status
 
-.. image:: https://img.shields.io/travis/PoorHTTP/PoorWSGI.svg
-    :target: https://travis-ci.org/PoorHttp/PoorWSGI
-    :alt: Build Status
+.. image:: https://img.shields.io/github/actions/workflow/status/PoorHTTP/PoorWSGI/python-package.yml?branch=master
+    :target: https://github.com/PoorHttp/PoorWSGI/actions/workflows/python-package.yml
+    :alt: GitHub Build Workflow Status
+
+.. image:: https://img.shields.io/github/actions/workflow/status/PoorHTTP/PoorWSGI/codeql-analysis.yml?branch=master&label=CodeQL
+    :target: https://github.com/PoorHttp/PoorWSGI/actions/workflows/codeql-analysis.yml
+    :alt: GitHub CodeQL Workflow Status
 
 .. image:: https://img.shields.io/pypi/l/PoorWSGI.svg
     :target: https://pypi.python.org/pypi/poorwsgi/
@@ -21,8 +25,8 @@
 Poor WSGI for Python
 ====================
 
-Poor WSGI for Python is light WGI connector with uri routing between WSGI server
-and your application. The simplest way to run and test it looks like that:
+Poor WSGI for Python is a lightweight WSGI connector with URI routing between the WSGI server
+and your application. The simplest way to run and test it looks like this:
 
 .. code-block:: python
 
@@ -39,7 +43,7 @@ and your application. The simplest way to run and test it looks like that:
         httpd = make_server('127.0.0.1', 8080, app)
         httpd.serve_forever()
 
-You can use python wsgiref.simple_server for test it:
+You can use Python's wsgiref.simple_server to test it:
 
 .. code-block::
 

{poorwsgi-2.7.0 → poorwsgi-2.8.1}/doc/ChangeLog

@@ -1,3 +1,48 @@
+==== 2.8.1 ====
+    * Session, PoorSession, AESSession: validate same_site argument
+        - Accepted values are 'Strict', 'Lax', 'None', or False
+        - ValueError is raised for any other value
+        - ValueError is raised when same_site='None' and secure=False
+          (browsers reject SameSite=None without the Secure flag)
+        - Type annotation corrected from Union[str, bool] to
+          Union[str, Literal[False]]
+    * Updated docstrings and documentation to document valid same_site
+      values, the Secure requirement for 'None', and raised exceptions
+    * Fix Session.destroy() with max_age: Max-Age=-1 was overwritten by
+      the subsequent write() call; _destroyed flag now prevents that
+    * Unit tests for session.py and aes_session.py: 100% coverage
+        - get_token, check_token, NoCompress
+        - Session.destroy() with max_age and secure
+        - Session.header() with a headers argument
+        - PoorSession and AESSession: str key, empty cookie, short
+          signature/payload, non-dict data
+    * Consolidate tool configuration into pyproject.toml
+        - ruff.toml and .isort.cfg removed
+        - pytest testpaths and coverage source configured
+
+==== 2.8.0 ====
+    * Fix I/O operation on closed file/buffer error in Response classes (#21)
+    * Validate route filter definitions to reject spaces with clear error
+      messages (#25)
+    * Bad PATH_INFO encoding exception handling (#37, #38)
+    * Updated openapi3.py example to openapi-core 0.23+ API (Spec replaced
+      by OpenAPI)
+    * Drop Python 3.9 and 3.10 support, require Python >= 3.11
+    * Session base class - plain cookie wrapper for server-side session IDs or
+      JWTs; PoorSession inherits from Session
+    * PoorSession cookie encryption - ! existing cookies are invalidated !
+        - Self-contained encrypted session cookie using shake_256 XOF keystream
+          (1024 B) and byte-substitution (no external dependencies)
+        - HMAC-SHA256 authentication (Encrypt-then-MAC); tampered or forged
+          cookies are rejected
+        - Domain-separated key derivation for keystream, MAC and permutation
+        - Users will be logged out after upgrading from a previous version
+    * AESSession - stronger self-contained session cookie (requires pyaes)
+        - AES-256-CTR encryption with a fresh random 16-byte nonce per write
+          (prevents CTR nonce-reuse attacks)
+        - HMAC-SHA256 authentication with domain-separated keys (Encrypt-then-MAC)
+        - Inherits from Session; same interface as PoorSession
+
 ==== 2.7.0 ====
     * Reserved Request.db attribute for usage
     * Right HTTPException type annotation

{poorwsgi-2.7.0 → poorwsgi-2.8.1}/doc/_poorwsgi_api.html

@@ -7,6 +7,7 @@
 {% set api = api + load_module('headers') %}
 {% set api = api + load_module('fieldstorage') %}
 {% set api = api + load_module('session') %}
+{% set api = api + load_module('aes_session') %}
 {% set api = api + load_module('digest') %}
 {% set api = api + load_module('results') %}
 {% set api = api + load_module('state') %}

poorwsgi-2.8.1/doc/about.rst

@@ -0,0 +1,111 @@
+About PoorWSGI
+==============
+PoorWSGI for Python is a lightweight WSGI connector with URI routing between the WSGI
+server and your application. It has a request object similar to mod_python,
+which is passed to all URI or HTTP state handlers. The simplest way to run and
+test it with wsgiref.simple_server looks like this:
+
+.. code:: python
+
+    from wsgiref.simple_server import make_server
+    from poorwsgi import Application
+
+    app = Application('test')
+
+    @app.route('/test')
+    def root_uri(req):
+        return 'Hello world'
+
+    if __name__ == '__main__':
+        httpd = make_server('127.0.0.1', 8080, app)
+        httpd.serve_forever()
+
+.. code:: sh
+
+    ~$ python simple.py
+
+It has basic error pages like 403, 404, 405, 500, or 501. A 500 internal server
+error will have debug output if poor_Debug is set. Additionally, there is a special debug page
+on the ``/debug-info`` URI, which is also available when poor_Debug is set.
+
+.. code:: sh
+
+    ~$ poor_Debug=On python simple.py
+
+PoorWSGI has some functions that you can use as a real HTTP server, which can
+send files with the correct MIME type from disk, or generate directory listings.
+See the Configuration section for more info.
+
+.. code:: sh
+
+    ~$ poor_DocumentRoot=./web poor_DocumentIndex=On python simple.py
+
+The Story
+=========
+Once upon a time, there was a King. Or there was a Prince. Oh, maybe, there wasn't a
+prince, but probably there was a Programmer, hmm, okay, a programmer. And this
+programmer knew Apache's mod_python. Yes, it was a very, very bad paragon, but
+before Python, he was programming in PHP. So mod_python was a big movement in the
+right direction at that time.
+
+He was finding out how he could write and host Python applications on a server.
+And as he knew some closed-source framework that worked correctly, he wrote
+another similar one for his own use. That is the basis of Poor Publisher. But WSGI was
+coming, so he had an idea to write a new backend for his applications. That
+is the basis of Poor HTTP and PoorWSGI.
+
+Sometimes, Poor HTTP and PoorWSGI were one project. It was a better way, but
+that wasn't the right way. After some time, he divided these two projects into
+PoorWSGI and Poor HTTP projects. But there was a flawed concept in the PoorWSGI
+framework, which wasn't a framework in fact. So he looked for other projects and
+saw how nice it could be to create a WSGI application for the user. That is when
+PoorWSGI was rewritten into library-type code, and the application became a
+callable class with some nice routing methods and decorators.
+
+This is the story of one programmer and his WSGI framework, which is not a
+framework in fact, because it only handles URI requests with some mod_python
+compatibility layer. As you can see, there are several ways this project can
+evolve. Its author, the programmer, uses it on his projects, and it would be
+very nice if there were more programmers than just him who used this little
+project. Let's call it a WSGI connector.
+
+If you have any questions, proposals, bug fixes, text corrections, or any
+other matters, please send me an email to *mcbig at zeropage.cz*, or you can
+create an issue on GitHub: https://github.com/PoorHttp/PoorWSGI/issues.
+Thank you so much.
+
+ChangeLog
+=========
+For release history or differences between releases, you can use git diff, diff
+log, the git2cl tool, or consult the ChangeLog from the source code or on the Git
+repository's web page. See:
+
+    https://github.com/PoorHttp/PoorWSGI/blob/master/doc/ChangeLog
+
+Examples
+========
+These are published application test files. You can download them, study them,
+test them, or use them as you wish. See:
+
+**http_digest.py**
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/http_digest.py
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/test.digest
+
+**large_file.py**
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/large_file.py
+
+**put_file.py**
+
+    Example of uploading a file via the PUT method, similar to WebDAV.
+
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/put_file.py
+
+**openapi3.py**
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/openapi3.py
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/openapi.json
+
+**simple.py**
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/simple.py
+
+**websocket.py**
+    https://github.com/PoorHttp/PoorWSGI/blob/master/examples/websocket.py