api-mocker 0.5.0__py3-none-any.whl → 0.5.1__py3-none-any.whl

api_mocker/auth_system.py

@@ -18,13 +18,31 @@ import time
 from typing import Any, Dict, List, Optional, Union, Callable
 from dataclasses import dataclass, field
 from enum import Enum
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 import json
 import base64
 import hmac
 import pyotp
 import qrcode
 from io import BytesIO
+import bcrypt  # Replaces passlib
+from pydantic import BaseModel, EmailStr, Field, validator
+import os
+
+# Pydantic Models
+class UserCreate(BaseModel):
+    username: str = Field(..., min_length=3, max_length=50)
+    email: EmailStr
+    password: str = Field(..., min_length=8)
+
+class UserLogin(BaseModel):
+    email: EmailStr
+    password: str
+
+class TokenSchema(BaseModel):
+    access_token: str
+    refresh_token: str
+    token_type: str
 
 
 class AuthProvider(Enum):
@@ -198,7 +216,7 @@ class JWTManager:
     def create_token(self, user_id: str, token_type: TokenType, 
                     expires_in: int = 3600, **kwargs) -> str:
         """Create a JWT token"""
-        now = datetime.utcnow()
+        now = datetime.now(timezone.utc)
         payload = {
             "user_id": user_id,
             "token_type": token_type.value,
@@ -259,10 +277,15 @@ class AdvancedAuthSystem:
     """Main authentication system"""
     
     def __init__(self, secret_key: str = None):
-        self.secret_key = secret_key or secrets.token_hex(32)
+        # Use simple environment variable check for secret key or generate safe random one
+        self.secret_key = secret_key or os.getenv("API_MOCKER_SECRET_KEY") or secrets.token_hex(32)
+        if not secret_key and not os.getenv("API_MOCKER_SECRET_KEY"):
+            print("WARNING: Using random secret key. Sessions will be invalidated on restart.")
+            
         self.jwt_manager = JWTManager(self.secret_key)
         self.mfa_handler = MFAHandler()
         self.password_validator = PasswordValidator()
+        # Removed pwd_context (passlib)
         
         # Storage
         self.users: Dict[str, User] = {}
@@ -277,24 +300,27 @@ class AdvancedAuthSystem:
         self.lockout_duration = 300  # 5 minutes
     
     def hash_password(self, password: str) -> str:
-        """Hash a password using PBKDF2"""
-        salt = secrets.token_hex(16)
-        pwd_hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt.encode(), 100000)
-        return f"{salt}:{pwd_hash.hex()}"
+        """Hash a password using bcrypt"""
+        salt = bcrypt.gensalt()
+        hashed = bcrypt.hashpw(password.encode('utf-8'), salt)
+        return hashed.decode('utf-8')
     
     def verify_password(self, password: str, password_hash: str) -> bool:
         """Verify a password against its hash"""
         try:
-            salt, hash_hex = password_hash.split(':')
-            pwd_hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt.encode(), 100000)
-            return hmac.compare_digest(hash_hex, pwd_hash.hex())
+            return bcrypt.checkpw(password.encode('utf-8'), password_hash.encode('utf-8'))
         except ValueError:
             return False
     
     def register_user(self, username: str, email: str, password: str,
                      roles: List[UserRole] = None) -> Dict[str, Any]:
         """Register a new user"""
-        # Validate password
+        try:
+            user_data = UserCreate(username=username, email=email, password=password)
+        except Exception as e:
+            return {"success": False, "error": str(e)}
+
+        # Validate password strength logic (keep existing validator for complexity rules)
         password_validation = self.password_validator.validate(password)
         if not password_validation["is_valid"]:
             return {
@@ -330,6 +356,13 @@ class AdvancedAuthSystem:
     def authenticate_user(self, email: str, password: str, 
                           ip_address: str = None, user_agent: str = None) -> Dict[str, Any]:
         """Authenticate a user with email and password"""
+        # Validate input using Pydantic model
+        try:
+            # validators will check email format
+            login_data = UserLogin(email=email, password=password)
+        except Exception as e:
+            return {"success": False, "error": str(e)}
+
         # Check rate limiting
         if self._is_rate_limited(email):
             return {"success": False, "error": "Too many login attempts"}

api_mocker/cli.py

@@ -60,6 +60,47 @@ def start(
         
         server.start(host=host, port=port)
 
+@app.command()
+def list_routes(
+    config: str = typer.Option(..., "--config", "-c", help="Path to mock server config file"),
+):
+    """List all configured routes."""
+    try:
+        server = MockServer(config_path=config)
+        # Assuming server.engine.router gets populated on init or we need to load manually
+        # server.app is FastAPI, we can inspect routes there if loaded.
+        # But MockServer logic loads config in __init__?
+        # Let's check MockServer implementation in server.py if needed.
+        # Assuming server._load_config() is called in __init__.
+        
+        table = Table(title="Configured Routes")
+        table.add_column("Method", style="cyan")
+        table.add_column("Path", style="green")
+        table.add_column("Auth", style="red")
+        
+        # We might need to access the config directly if server doesn't expose routes easily without starting
+        # But server.engine.router.routes should exist.
+        # Let's just read the file directly for now to be safe and simple, 
+        # as MockServer might require starting to register FastAPI routes fully.
+        # Actually server.engine.router.routes is populated in _apply_config
+        
+        # Re-implementing config read for visibility
+        with open(config, 'r') as f:
+             if config.endswith('.yaml') or config.endswith('.yml'):
+                 conf_data = yaml.safe_load(f)
+             else:
+                 conf_data = json.load(f)
+        
+        for route in conf_data.get("routes", []):
+            auth_str = "Yes" if route.get("auth", False) else "No"
+            table.add_row(route.get("method", "GET"), route.get("path"), auth_str)
+            
+        console.print(table)
+            
+    except Exception as e:
+        console.print(f"[red]✗[/red] Failed to list routes: {e}")
+        raise typer.Exit(1)
+
 @app.command()
 def import_spec(
     file_path: str = typer.Argument(..., help="Path to OpenAPI/Postman file"),
@@ -618,7 +659,7 @@ def advanced(
             
             config = AuthConfig(
                 enabled=True,
-                secret_key="your-secret-key-change-this",
+                secret_key=os.getenv("API_MOCKER_SECRET_KEY", "your-secret-key-change-this"),
                 algorithm="HS256",
                 token_expiry_hours=24
             )

api_mocker/core.py

@@ -10,11 +10,13 @@ import uuid
 class RouteConfig:
     path: str
     method: str
-    response: Union[Dict, Callable, str]
+    response: Any
     status_code: int = 200
-    headers: Optional[Dict[str, str]] = None
+    headers: Dict = None
     delay: float = 0
     dynamic: bool = False
+    weight: int = 100
+    auth_required: bool = False
 
 class DynamicResponseGenerator:
     """Generates realistic fake data for API responses."""
@@ -208,7 +210,7 @@ class CoreEngine:
     def add_middleware(self, middleware_func: Callable):
         self.middleware.append(middleware_func)
     
-    def process_request(self, path: str, method: str, headers: Dict, body: Any = None) -> Dict:
+    def process_request(self, path: str, method: str, headers: Dict, body: Any = None, query_params: Dict = None) -> Dict:
         # Apply middleware
         for middleware in self.middleware:
             path, method, headers, body = middleware(path, method, headers, body)
@@ -218,8 +220,20 @@ class CoreEngine:
         if not route:
             return {"status_code": 404, "body": {"error": "Route not found"}}
         
+        # Check Authentication
+        if route.auth_required:
+            from .auth_system import auth_system
+            auth_header = headers.get("authorization") or headers.get("Authorization")
+            if not auth_header or not auth_header.startswith("Bearer "):
+                return {"status_code": 401, "body": {"error": "Missing or invalid token"}}
+            
+            token = auth_header.split(" ")[1]
+            validation = auth_system.verify_token(token)
+            if not validation["valid"]:
+                return {"status_code": 401, "body": {"error": validation.get("error", "Invalid token")}}
+        
         # Generate response
-        response = self._generate_response(route, path, method, headers, body)
+        response = self._generate_response(route, path, method, headers, body, query_params)
         
         # Apply delay if specified
         if route.delay > 0:
@@ -228,10 +242,16 @@ class CoreEngine:
         
         return response
     
-    def _generate_response(self, route: RouteConfig, path: str, method: str, headers: Dict, body: Any) -> Dict:
+    def _generate_response(self, route: RouteConfig, path: str, method: str, headers: Dict, body: Any, query_params: Dict = None) -> Dict:
         if callable(route.response):
+            # Check if the callable accepts query_params
+            import inspect
+            sig = inspect.signature(route.response)
+            if 'query_params' in sig.parameters:
+                return route.response(path, method, headers, body, self, query_params)
             return route.response(path, method, headers, body, self)
         elif isinstance(route.response, str):
             return {"status_code": route.status_code, "body": route.response}
         else:
-            return {"status_code": route.status_code, "body": route.response} 
+            return {"status_code": route.status_code, "body": route.response}
+ 

api_mocker/database_integration.py

@@ -173,8 +173,9 @@ class SQLiteManager:
         query = f"DELETE FROM {table_name} WHERE {where_clause}"
         return await self.execute_update(query, params)
     
+    
     def _build_where_clause(self, conditions: List[QueryCondition]) -> Tuple[str, Tuple]:
-        """Build WHERE clause from conditions"""
+        """Build WHERE clause from conditions, returning parameterized query and params"""
         if not conditions:
             return "1=1", ()
         
@@ -182,22 +183,43 @@ class SQLiteManager:
         params = []
         
         for i, condition in enumerate(conditions):
+            # Only add logical operator if it's not the first condition
             if i > 0:
-                clauses.append(condition.logical_operator)
+                # Validate logical operator to prevent injection
+                op = condition.logical_operator.upper()
+                if op not in ["AND", "OR"]:
+                    op = "AND"
+                clauses.append(op)
             
-            if condition.operator == QueryOperator.EQ:
-                clauses.append(f"{condition.field} = ?")
-                params.append(condition.value)
-            elif condition.operator == QueryOperator.NE:
-                clauses.append(f"{condition.field} != ?")
-                params.append(condition.value)
-            elif condition.operator == QueryOperator.LIKE:
-                clauses.append(f"{condition.field} LIKE ?")
+            # Map operators to SQL
+            op_map = {
+                QueryOperator.EQ: "=",
+                QueryOperator.NE: "!=",
+                QueryOperator.GT: ">",
+                QueryOperator.GTE: ">=",
+                QueryOperator.LT: "<",
+                QueryOperator.LTE: "<=",
+                QueryOperator.LIKE: "LIKE"
+            }
+            
+            if condition.operator in op_map:
+                clauses.append(f"{condition.field} {op_map[condition.operator]} ?")
                 params.append(condition.value)
             elif condition.operator == QueryOperator.IN:
-                placeholders = ",".join(["?" for _ in condition.value])
-                clauses.append(f"{condition.field} IN ({placeholders})")
-                params.extend(condition.value)
+                # Handle IN operator safely
+                if not condition.value:
+                    clauses.append("1=0") # Empty list matches nothing
+                else:
+                    placeholders = ",".join(["?" for _ in condition.value])
+                    clauses.append(f"{condition.field} IN ({placeholders})")
+                    params.extend(condition.value)
+            elif condition.operator == QueryOperator.NOT_IN:
+                if not condition.value:
+                     clauses.append("1=1") # NOT IN empty list is always true
+                else:
+                    placeholders = ",".join(["?" for _ in condition.value])
+                    clauses.append(f"{condition.field} NOT IN ({placeholders})")
+                    params.extend(condition.value)
             elif condition.operator == QueryOperator.IS_NULL:
                 clauses.append(f"{condition.field} IS NULL")
             elif condition.operator == QueryOperator.IS_NOT_NULL:

api_mocker/graphql_mock.py

@@ -468,9 +468,18 @@ class GraphQLMockServer:
             return {key: self._substitute_variables(value, variables) for key, value in data.items()}
         elif isinstance(data, list):
             return [self._substitute_variables(item, variables) for item in data]
-        elif isinstance(data, str) and data.startswith('{{') and data.endswith('}}'):
-            var_name = data[2:-2]
-            return variables.get(var_name, data)
+        elif isinstance(data, str):
+            # Handle full replacement (preserving type if variable is not string)
+            if data.startswith('{{') and data.endswith('}}'):
+                 var_name = data[2:-2]
+                 if var_name in variables:
+                     return variables[var_name]
+            
+            # Handle partial replacement (string interpolation)
+            if '{{' in data and '}}' in data:
+                for key, value in variables.items():
+                    data = data.replace(f"{{{{{key}}}}}", str(value))
+            return data
         else:
             return data
     

api_mocker/ml_integration.py

@@ -117,7 +117,7 @@ class FeatureExtractor:
         features['has_path_params'] = 1 if '{' in request_data.get('path', '') else 0
         
         # Header features
-        headers = request_data.get('headers', {})
+        headers = {k.lower(): v for k, v in request_data.get('headers', {}).items()}
         features['header_count'] = len(headers)
         features['has_auth_header'] = 1 if 'authorization' in headers else 0
         features['has_content_type'] = 1 if 'content-type' in headers else 0
@@ -225,7 +225,14 @@ class MLModelManager:
             
             # Evaluate
             y_pred = model.model.predict(X_test_scaled)
-            accuracy = accuracy_score(y_test, y_pred)
+            
+            if model.model_type == MLModelType.REGRESSION:
+                 from sklearn.metrics import r2_score
+                 # R2 score can be negative, but it runs.
+                 # For very simple/random data, it might be poor.
+                 accuracy = r2_score(y_test, y_pred)
+            else:
+                 accuracy = accuracy_score(y_test, y_pred)
             
             # Update model
             model.accuracy = accuracy

api_mocker/mock_responses.py

@@ -89,6 +89,7 @@ class MockAPIResponse:
     
     def matches_request(self, request_path: str, request_method: str, 
                        request_headers: Dict[str, str] = None,
+                       body: Any = None,
                        **kwargs) -> bool:
         """
         Check if this response matches the given request.
@@ -97,19 +98,21 @@ class MockAPIResponse:
             request_path: The request path
             request_method: The HTTP method
             request_headers: Request headers
-            request_body: Request body
+            body: Request body
             
         Returns:
             bool: True if response matches request
         """
+        # Handle case where body is passed in kwargs (for backward compatibility)
+        if body is None and 'request_body' in kwargs:
+            body = kwargs['request_body']
         # Basic path and method matching
         if not self._path_matches(request_path) or self.method.value != request_method:
             return False
         
         # Check conditions if any
         if self.conditions:
-            request_body = kwargs.get('body')
-            return self._check_conditions(request_headers, request_body)
+            return self._check_conditions(request_headers, body)
         
         return True
     
@@ -258,31 +261,21 @@ class MockAPIResponse:
     
     def _generate_templated_response(self, context: Dict[str, Any] = None) -> Any:
         """Generate templated response with variable substitution"""
-        if isinstance(self.body, dict):
-            # Handle dictionary body with template variables
-            result = {}
-            vars_dict = {**self.template_vars, **(context or {})}
-            
-            for key, value in self.body.items():
-                if isinstance(value, str):
-                    # Replace template variables in string values
-                    for var_key, var_value in vars_dict.items():
-                        value = value.replace(f'{{{{{var_key}}}}}', str(var_value))
-                result[key] = value
-            return result
-        elif isinstance(self.body, str):
-            template = self.body
-            vars_dict = {**self.template_vars, **(context or {})}
-            
-            for key, value in vars_dict.items():
-                template = template.replace(f'{{{{{key}}}}}', str(value))
-            
-            try:
-                return json.loads(template)
-            except json.JSONDecodeError:
-                return template
-        
-        return self.body
+        vars_dict = {**self.template_vars, **(context or {})}
+        return self._recursive_replace(self.body, vars_dict)
+
+    def _recursive_replace(self, obj: Any, vars_dict: Dict[str, Any]) -> Any:
+        """Recursively replace template variables in object"""
+        if isinstance(obj, dict):
+            return {k: self._recursive_replace(v, vars_dict) for k, v in obj.items()}
+        elif isinstance(obj, list):
+            return [self._recursive_replace(item, vars_dict) for item in obj]
+        elif isinstance(obj, str):
+            for var_key, var_value in vars_dict.items():
+                obj = obj.replace(f'{{{{{var_key}}}}}', str(var_value))
+            return obj
+        else:
+            return obj
     
     def to_dict(self) -> Dict[str, Any]:
         """Convert response to dictionary for serialization"""

api_mocker/resources.py

@@ -0,0 +1,176 @@
+from typing import Dict, Any, List, Optional
+import math
+from .core import CoreEngine
+
+class ResourceHandler:
+    """
+    Generic handler for stateful REST resources.
+    Uses CoreEngine's StateManager for persistence.
+    """
+    
+    def __init__(self, resource_name: str, id_field: str = "id"):
+        self.resource_name = resource_name
+        self.id_field = id_field
+
+    def _get_collection(self, engine: CoreEngine) -> List[Dict]:
+        """Get the full collection from state manager."""
+        collection = engine.state_manager.get_data(self.resource_name)
+        if collection is None:
+            collection = []
+            engine.state_manager.set_data(self.resource_name, collection)
+        return collection
+
+    def _save_collection(self, engine: CoreEngine, collection: List[Dict]):
+        """Save the collection to state manager."""
+        engine.state_manager.set_data(self.resource_name, collection)
+
+    def list(self, path: str, method: str, headers: Dict, body: Any, engine: CoreEngine, query_params: Dict = None) -> Dict:
+        """
+        Handle GET /resource
+        Supports: search (q=), filtering (?field=value), pagination (page, limit), sorting (sort)
+        """
+        collection = self._get_collection(engine)
+        query_params = query_params or {}
+        
+        # 1. Filtering & Search
+        filtered = []
+        search_query = query_params.get('q')
+        
+        for item in collection:
+            matches = True
+            
+            # Simple Filter Matching
+            for key, value in query_params.items():
+                if key in ['page', 'limit', 'sort', 'q']:
+                    continue
+                if str(item.get(key, '')) != value:
+                    matches = False
+                    break
+            
+            # Search Query (naive text match across all string fields)
+            if matches and search_query:
+                text_match = False
+                for v in item.values():
+                    if isinstance(v, str) and search_query.lower() in v.lower():
+                        text_match = True
+                        break
+                if not text_match:
+                    matches = False
+            
+            if matches:
+                filtered.append(item)
+        
+        # 2. Sorting
+        sort_param = query_params.get('sort')
+        if sort_param:
+            reverse = False
+            if sort_param.endswith('_desc'):
+                key = sort_param[:-5]
+                reverse = True
+            elif sort_param.endswith('_asc'):
+                key = sort_param[:-4]
+            else:
+                key = sort_param
+            
+            # Basic sort ability
+            filtered.sort(key=lambda x: str(x.get(key, '')), reverse=reverse)
+
+        # 3. Pagination
+        page = int(query_params.get('page', 1))
+        limit = int(query_params.get('limit', 10))
+        total = len(filtered)
+        total_pages = math.ceil(total / limit)
+        
+        start = (page - 1) * limit
+        end = start + limit
+        paginated_items = filtered[start:end]
+        
+        return {
+            "status_code": 200,
+            "body": {
+                "data": paginated_items,
+                "meta": {
+                    "total": total,
+                    "page": page,
+                    "limit": limit,
+                    "total_pages": total_pages
+                }
+            }
+        }
+
+    def create(self, path: str, method: str, headers: Dict, body: Any, engine: CoreEngine, query_params: Dict = None) -> Dict:
+        """Handle POST /resource"""
+        collection = self._get_collection(engine)
+        
+        new_item = body if isinstance(body, dict) else {}
+        
+        # Auto-generate ID if missing
+        if self.id_field not in new_item:
+            new_id = engine.state_manager.get_next_id(self.resource_name)
+            new_item[self.id_field] = str(new_id) # Using string IDs for consistency
+        
+        import time
+        new_item['created_at'] = time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime())
+        
+        collection.append(new_item)
+        self._save_collection(engine, collection)
+        
+        return {
+            "status_code": 201,
+            "body": new_item
+        }
+
+    def get(self, path: str, method: str, headers: Dict, body: Any, engine: CoreEngine, query_params: Dict = None) -> Dict:
+        """Handle GET /resource/{id}"""
+        # We need to extract ID from the path.
+        # Since we don't have direct access to resolved path params here easily without hacky parsing of 'path',
+        # we rely on the router having done it.
+        # Caveat: CoreEngine doesn't pass path_params.
+        # Workaround: Re-parse the ID from the end of the path.
+        # Assumption: standard REST path /resource/{id}
+        
+        # Try to get from router params first if I updated CoreEngine? I didn't update CoreEngine to pass path_params.
+        # Let's just grab the last segment.
+        resource_id = path.rstrip('/').split('/')[-1]
+        
+        collection = self._get_collection(engine)
+        for item in collection:
+            if str(item.get(self.id_field)) == resource_id:
+                return {"status_code": 200, "body": item}
+        
+        return {"status_code": 404, "body": {"error": f"{self.resource_name} not found"}}
+
+    def update(self, path: str, method: str, headers: Dict, body: Any, engine: CoreEngine, query_params: Dict = None) -> Dict:
+        """Handle PUT/PATCH /resource/{id}"""
+        resource_id = path.rstrip('/').split('/')[-1]
+        collection = self._get_collection(engine)
+        
+        for i, item in enumerate(collection):
+            if str(item.get(self.id_field)) == resource_id:
+                # Merge updates
+                updated_item = item.copy()
+                if isinstance(body, dict):
+                    updated_item.update(body)
+                
+                # Protect ID ?? Usually yes, but this is a mock.
+                updated_item[self.id_field] = item[self.id_field] 
+                
+                collection[i] = updated_item
+                self._save_collection(engine, collection)
+                return {"status_code": 200, "body": updated_item}
+                
+        return {"status_code": 404, "body": {"error": f"{self.resource_name} not found"}}
+
+    def delete(self, path: str, method: str, headers: Dict, body: Any, engine: CoreEngine, query_params: Dict = None) -> Dict:
+        """Handle DELETE /resource/{id}"""
+        resource_id = path.rstrip('/').split('/')[-1]
+        collection = self._get_collection(engine)
+        
+        initial_len = len(collection)
+        collection = [item for item in collection if str(item.get(self.id_field)) != resource_id]
+        
+        if len(collection) < initial_len:
+            self._save_collection(engine, collection)
+            return {"status_code": 204, "body": None}
+            
+        return {"status_code": 404, "body": {"error": f"{self.resource_name} not found"}}