appmesh 1.4.6__py3-none-any.whl → 1.4.8__py3-none-any.whl

appmesh/http_client.py

@@ -8,9 +8,9 @@ from datetime import datetime
 from enum import Enum, unique
 from http import HTTPStatus
 from typing import Optional, Tuple, Union
+from urllib import parse
 import aniso8601
 import requests
-import urllib
 from .app import App
 from .app_run import AppRun
 from .app_output import AppOutput
@@ -131,6 +131,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         rest_ssl_client_cert=(DEFAULT_SSL_CLIENT_CERT_PATH, DEFAULT_SSL_CLIENT_KEY_PATH) if os.path.exists(DEFAULT_SSL_CLIENT_CERT_PATH) else None,
         rest_timeout=(60, 300),
         jwt_token=None,
+        oauth2_config=None,
     ):
         """Initialize an App Mesh HTTP client for interacting with the App Mesh server via secure HTTPS.
 
@@ -143,24 +144,68 @@ class AppMeshClient(metaclass=abc.ABCMeta):
                 - `str`: Path to a custom CA certificate or directory for verification. This option allows custom CA configuration,
                 which may be necessary in environments requiring specific CA chains that differ from the default system CAs.
 
-            rest_ssl_client_cert (Union[tuple, str], optional): Specifies a client certificate for mutual TLS authentication:
-                - If a `str`, provides the path to a PEM file with both client certificate and private key.
-                - If a `tuple`, contains two paths as (`cert`, `key`), where `cert` is the certificate file and `key` is the private key file.
+            ssl_client_cert (Union[str, Tuple[str, str]], optional): Path to the SSL client certificate and key. Can be:
+                - `str`: A path to a single PEM file containing both the client certificate and private key.
+                - `tuple`: A pair of paths (`cert_file`, `key_file`), where `cert_file` is the client certificate file path and `key_file` is the private key file path.
 
             rest_timeout (tuple, optional): HTTP connection timeouts for API requests, as `(connect_timeout, read_timeout)`.
                 The default is `(60, 300)`, where `60` seconds is the maximum time to establish a connection and `300` seconds for the maximum read duration.
 
             jwt_token (str, optional): JWT token for API authentication, used in headers to authorize requests where required.
 
+            oauth2 (Dict[str, Any], optional): Keycloak configuration for oauth2 authentication:
+                - auth_server_url: Keycloak server URL (e.g. "https://keycloak.example.com")
+                - realm: Keycloak realm
+                - client_id: Keycloak client ID
+                - client_secret: Keycloak client secret (optional)
         """
 
-        self.server_url = rest_url
+        self.session = requests.Session()
+        self.auth_server_url = rest_url
         self._jwt_token = jwt_token
         self.ssl_verify = rest_ssl_verify
         self.ssl_client_cert = rest_ssl_client_cert
         self.rest_timeout = rest_timeout
         self._forward_to = None
 
+        # Keycloak integration
+        self._keycloak_client = None
+        if oauth2_config:
+            from .keycloak import KeycloakClient  # lazy import
+
+            self._keycloak_client = KeycloakClient(
+                auth_server_url=oauth2_config.get("auth_server_url"),
+                realm=oauth2_config.get("realm"),
+                client_id=oauth2_config.get("client_id"),
+                client_secret=oauth2_config.get("client_secret"),
+                ssl_verify=oauth2_config.get("ssl_verify", self.ssl_verify),
+                timeout=oauth2_config.get("timeout", (30, 60)),
+            )
+
+    def close(self):
+        """Close the session and release resources."""
+        if hasattr(self, "session") and self.session:
+            self.session.close()
+            self.session = None
+        if self._keycloak_client and hasattr(self._keycloak_client, "close"):
+            self._keycloak_client.close()
+            self._keycloak_client = None
+
+    def __enter__(self):
+        """Support for context manager protocol."""
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        """Support for context manager protocol, ensuring resources are released."""
+        self.close()
+
+    def __del__(self):
+        """Ensure resources are properly released when the object is garbage collected."""
+        try:
+            self.close()
+        except Exception:
+            pass  # Avoid exceptions during garbage collection
+
     @property
     def jwt_token(self) -> str:
         """Get the current JWT (JSON Web Token) used for authentication.
@@ -266,6 +311,12 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             str: JWT token.
         """
+        # Keycloak authentication if configured
+        if self._keycloak_client:
+            self.jwt_token = self._keycloak_client.authenticate(user_name, user_pwd)
+            return self.jwt_token
+
+        # Standard App Mesh authentication
         self.jwt_token = None
         resp = self._request_http(
             AppMeshClient.Method.POST,
@@ -293,7 +344,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             username (str): Username to validate
             challenge (str): Challenge string from server
             code (str): TOTP code to validate
-            timeout (Union[int, str], optional): Token expiry timeout. 
+            timeout (Union[int, str], optional): Token expiry timeout.
                 Accepts ISO 8601 duration format (e.g., 'P1Y2M3DT4H5M6S', 'P1W') or seconds.
                 Defaults to DURATION_ONE_WEEK_ISO.
 
@@ -325,11 +376,11 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             bool: logoff success or failure.
         """
-        resp = self._request_http(AppMeshClient.Method.POST, path="/appmesh/self/logoff")
-        if resp.status_code != HTTPStatus.OK:
-            raise Exception(resp.text)
-        self.jwt_token = None
-        return resp.status_code == HTTPStatus.OK
+        if self.jwt_token:
+            resp = self._request_http(AppMeshClient.Method.POST, path="/appmesh/self/logoff")
+            self.jwt_token = None
+            return resp.status_code == HTTPStatus.OK
+        return True
 
     def authentication(self, token: str, permission: Optional[str] = None, audience: Optional[str] = None) -> bool:
         """Deprecated: Use authenticate() instead."""
@@ -370,6 +421,12 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             str: The new JWT token if renew success, the old token will be blocked.
         """
+        # Refresh the Keycloak token
+        if self._keycloak_client:
+            self.jwt_token = self._keycloak_client.refresh_tokens()
+            return self.jwt_token
+
+        # Refresh the App Mesh token
         assert self.jwt_token
         resp = self._request_http(
             AppMeshClient.Method.POST,
@@ -445,13 +502,13 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             dict: eextract parameters
         """
         parsed_info = {}
-        parsed_uri = urllib.parse.urlparse(totp_uri)
+        parsed_uri = parse.urlparse(totp_uri)
 
         # Extract label from the path
         parsed_info["label"] = parsed_uri.path[1:]  # Remove the leading slash
 
         # Extract parameters from the query string
-        query_params = urllib.parse.parse_qs(parsed_uri.query)
+        query_params = parse.parse_qs(parsed_uri.query)
         for key, value in query_params.items():
             parsed_info[key] = value[0]
         return parsed_info
@@ -953,7 +1010,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
 
         with open(file=local_file, mode="rb") as fp:
             encoder = MultipartEncoder(fields={"filename": os.path.basename(remote_file), "file": ("filename", fp, "application/octet-stream")})
-            header = {"File-Path": urllib.parse.quote(remote_file), "Content-Type": encoder.content_type}
+            header = {"File-Path": parse.quote(remote_file), "Content-Type": encoder.content_type}
 
             # Include file attributes (permissions, owner, group) if requested
             if apply_file_attributes:
@@ -1043,12 +1100,15 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             while len(run.proc_uid) > 0:
                 app_out = self.get_app_output(app_name=run.app_name, stdout_position=last_output_position, stdout_index=0, process_uuid=run.proc_uid, timeout=interval)
                 if app_out.output and stdout_print:
-                    print(app_out.output, end="")
+                    print(app_out.output, end="", flush=True)
                 if app_out.out_position is not None:
                     last_output_position = app_out.out_position
                 if app_out.exit_code is not None:
                     # success
-                    self.delete_app(run.app_name)
+                    try:
+                        self.delete_app(run.app_name)
+                    except Exception:
+                        pass
                     return app_out.exit_code
                 if app_out.status_code != HTTPStatus.OK:
                     # failed
@@ -1120,7 +1180,14 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             requests.Response: HTTP response
         """
-        rest_url = urllib.parse.urljoin(self.server_url, path)
+        # Try to refresh token via Keycloak if using Keycloak and token needs refreshing
+        if self._keycloak_client and self.jwt_token and not self._keycloak_client.validate_token():
+            try:
+                self.jwt_token = self._keycloak_client.get_active_token()
+            except Exception as e:
+                print(f"Token refresh failed: {str(e)}")
+
+        rest_url = parse.urljoin(self.auth_server_url, path)
 
         header = {} if header is None else header
         if self.jwt_token:
@@ -1129,20 +1196,29 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             if ":" in self.forward_to:
                 header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to
             else:
-                header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to + ":" + str(urllib.parse.urlsplit(self.server_url).port)
+                header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to + ":" + str(parse.urlsplit(self.auth_server_url).port)
         header[self.HTTP_HEADER_KEY_USER_AGENT] = self.HTTP_USER_AGENT
 
-        if method is AppMeshClient.Method.GET:
-            return requests.get(url=rest_url, params=query, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
-        elif method is AppMeshClient.Method.POST:
-            return requests.post(
-                url=rest_url, params=query, headers=header, data=json.dumps(body) if type(body) in (dict, list) else body, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout
-            )
-        elif method is AppMeshClient.Method.POST_STREAM:
-            return requests.post(url=rest_url, params=query, headers=header, data=body, cert=self.ssl_client_cert, verify=self.ssl_verify, stream=True, timeout=self.rest_timeout)
-        elif method is AppMeshClient.Method.DELETE:
-            return requests.delete(url=rest_url, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
-        elif method is AppMeshClient.Method.PUT:
-            return requests.put(url=rest_url, params=query, headers=header, json=body, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
-        else:
-            raise Exception("Invalid http method", method)
+        try:
+            if method is AppMeshClient.Method.GET:
+                return self.session.get(url=rest_url, params=query, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
+            elif method is AppMeshClient.Method.POST:
+                return self.session.post(
+                    url=rest_url,
+                    params=query,
+                    headers=header,
+                    data=json.dumps(body) if type(body) in (dict, list) else body,
+                    cert=self.ssl_client_cert,
+                    verify=self.ssl_verify,
+                    timeout=self.rest_timeout,
+                )
+            elif method is AppMeshClient.Method.POST_STREAM:
+                return self.session.post(url=rest_url, params=query, headers=header, data=body, cert=self.ssl_client_cert, verify=self.ssl_verify, stream=True, timeout=self.rest_timeout)
+            elif method is AppMeshClient.Method.DELETE:
+                return self.session.delete(url=rest_url, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
+            elif method is AppMeshClient.Method.PUT:
+                return self.session.put(url=rest_url, params=query, headers=header, json=body, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
+            else:
+                raise Exception("Invalid http method", method)
+        except requests.exceptions.RequestException as e:
+            raise Exception(f"HTTP request failed: {str(e)}")

appmesh/keycloak.py

@@ -0,0 +1,248 @@
+# Keycloak authentication client for App Mesh Python SDK
+
+import base64
+import json
+import time
+from typing import Dict, Optional, Tuple, Any
+import requests
+
+
+class KeycloakClient:
+    """
+    Client for authenticating with Keycloak and obtaining tokens for App Mesh.
+
+    This class handles the OAuth2/OIDC workflow with Keycloak, including:
+    - Direct authentication with username/password
+    - Token refresh
+    - Token validation
+    """
+
+    def __init__(
+        self,
+        auth_server_url: str,
+        realm: str,
+        client_id: str,
+        client_secret: Optional[str] = None,
+        ssl_verify: bool = True,
+        timeout: Tuple[int, int] = (10, 60),
+        token_refresh_threshold: int = 30,
+    ):
+        """Initialize Keycloak client.
+
+        Args:
+            auth_server_url (str): Keycloak server URL (e.g. https://keycloak.example.com/auth)
+            realm (str): Keycloak realm name
+            client_id (str): Client ID registered in Keycloak
+            client_secret (Optional[str], optional): Client secret if using confidential client. Defaults to None.
+            ssl_verify (bool, optional): Verify SSL certificates. Defaults to True.
+            timeout (Tuple[int, int], optional): Connection and read timeouts. Defaults to (10, 60).
+            token_refresh_threshold (int, optional): Seconds before token expiry to trigger refresh. Defaults to 30.
+        """
+        self.auth_server_url = auth_server_url.rstrip("/")
+        self.realm = realm
+        self.client_id = client_id
+        self.client_secret = client_secret
+        self.ssl_verify = ssl_verify
+        self.timeout = timeout
+        self.token_refresh_threshold = token_refresh_threshold
+
+        # Token storage
+        self.access_token = None
+        self.refresh_token = None
+        self.token_expires_at = 0
+
+        # Construct the token endpoint URL
+        self.token_endpoint = f"{self.auth_server_url}/realms/{self.realm}/protocol/openid-connect/token"
+        self.userinfo_endpoint = f"{self.auth_server_url}/realms/{self.realm}/protocol/openid-connect/userinfo"
+
+        # Create a session for connection pooling
+        self.session = requests.Session()
+
+    def __enter__(self):
+        """Support for context manager protocol."""
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        """Clean up resources when exiting context."""
+        self.close()
+
+    def __del__(self):
+        """Ensure resources are properly released when the object is garbage collected."""
+        try:
+            self.close()
+        except Exception:
+            pass  # Avoid exceptions during garbage collection
+
+    def authenticate(self, username: str, password: str) -> str:
+        """Authenticate with username and password.
+
+        Args:
+            username (str): Username
+            password (str): Password
+
+        Returns:
+            str: Access token
+
+        Raises:
+            Exception: If authentication fails
+        """
+        data = {
+            "client_id": self.client_id,
+            "grant_type": "password",
+            "username": username,
+            "password": password,
+        }
+
+        if self.client_secret:
+            data["client_secret"] = self.client_secret
+
+        try:
+            response = self.session.post(self.token_endpoint, data=data, verify=self.ssl_verify, timeout=self.timeout)
+
+            if response.status_code != 200:
+                raise Exception(f"Authentication failed: {response.text}")
+
+            token_data = response.json()
+            self._update_token_data(token_data)
+            return self.access_token
+
+        except requests.RequestException as e:
+            raise Exception(f"Failed to connect to Keycloak: {str(e)}")
+
+    def refresh_tokens(self) -> str:
+        """Refresh the access token using the refresh token.
+
+        Returns:
+            str: New access token
+
+        Raises:
+            Exception: If refresh fails
+        """
+        if not self.refresh_token:
+            raise Exception("No refresh token available")
+
+        data = {
+            "client_id": self.client_id,
+            "grant_type": "refresh_token",
+            "refresh_token": self.refresh_token,
+        }
+
+        if self.client_secret:
+            data["client_secret"] = self.client_secret
+
+        try:
+            response = self.session.post(self.token_endpoint, data=data, verify=self.ssl_verify, timeout=self.timeout)
+
+            if response.status_code != 200:
+                raise Exception(f"Token refresh failed: {response.text}")
+
+            token_data = response.json()
+            self._update_token_data(token_data)
+            return self.access_token
+
+        except requests.RequestException as e:
+            raise Exception(f"Failed to connect to Keycloak: {str(e)}")
+
+    def validate_token(self) -> bool:
+        """Check if the current token is valid and not expired.
+
+        Returns:
+            bool: True if valid, False otherwise
+        """
+        if not self.access_token:
+            return False
+
+        # Check if the token is expired based on our local expiry time
+        if time.time() > self.token_expires_at:
+            return False
+
+        return True
+
+    def get_active_token(self) -> str:
+        """Get a valid access token, refreshing if necessary.
+
+        Returns:
+            str: Valid access token
+
+        Raises:
+            Exception: If no valid token can be obtained
+        """
+        if self.validate_token():
+            return self.access_token
+
+        if self.refresh_token:
+            try:
+                return self.refresh_tokens()
+            except Exception:
+                pass
+
+        raise Exception("No valid token available and unable to refresh")
+
+    def get_user_info(self) -> Dict[str, Any]:
+        """Get information about the authenticated user.
+
+        Returns:
+            Dict[str, Any]: User information
+
+        Raises:
+            Exception: If request fails
+        """
+        if not self.access_token:
+            raise Exception("Not authenticated")
+
+        headers = {"Authorization": f"Bearer {self.access_token}"}
+
+        try:
+            response = self.session.get(self.userinfo_endpoint, headers=headers, verify=self.ssl_verify, timeout=self.timeout)
+
+            if response.status_code != 200:
+                raise Exception(f"Failed to get user info: {response.text}")
+
+            return response.json()
+
+        except requests.RequestException as e:
+            raise Exception(f"Failed to connect to Keycloak: {str(e)}")
+
+    def _update_token_data(self, token_data: Dict[str, Any]) -> None:
+        """Update the stored token data.
+
+        Args:
+            token_data (Dict[str, Any]): Token data from Keycloak
+        """
+        self.access_token = token_data["access_token"]
+        self.refresh_token = token_data.get("refresh_token")
+
+        # Calculate token expiration time with configurable buffer
+        expires_in = token_data.get("expires_in", 300)
+        self.token_expires_at = time.time() + expires_in - self.token_refresh_threshold
+
+    def close(self) -> None:
+        """Close the session and release resources."""
+        if hasattr(self, "session") and self.session:
+            self.session.close()
+            self.session = None
+
+    @staticmethod
+    def decode_token(token: str) -> Dict[str, Any]:
+        """Decode a JWT token without verification.
+
+        Args:
+            token (str): JWT token
+
+        Returns:
+            Dict[str, Any]: Decoded token payload
+        """
+        parts = token.split(".")
+        if len(parts) != 3:
+            raise Exception("Invalid token format")
+
+        # Decode the payload (second part)
+        payload = parts[1]
+        # Add padding if necessary
+        payload += "=" * (4 - len(payload) % 4) if len(payload) % 4 else ""
+
+        try:
+            decoded = base64.b64decode(payload)
+            return json.loads(decoded)
+        except Exception as e:
+            raise Exception(f"Failed to decode token: {str(e)}")

appmesh/tcp_transport.py

@@ -31,9 +31,9 @@ class TCPTransport:
                 **Note**: Unlike HTTP requests, TCP connections cannot automatically retrieve intermediate or public CA certificates.
                 When `rest_ssl_verify` is a path, it explicitly identifies a CA issuer to ensure certificate validation.
 
-            ssl_client_cert (Union[str, Tuple[str, str]], optional): Path to the SSL client certificate and key. If a `str`,
-                it should be the path to a PEM file containing both the client certificate and private key. If a `tuple`, it should
-                be a pair of paths: (`cert`, `key`), where `cert` is the client certificate file and `key` is the private key file.
+            ssl_client_cert (Union[str, Tuple[str, str]], optional): Path to the SSL client certificate and key. Can be:
+                - `str`: A path to a single PEM file containing both the client certificate and private key.
+                - `tuple`: A pair of paths (`cert_file`, `key_file`), where `cert_file` is the client certificate file path and `key_file` is the private key file path.
 
             tcp_address (Tuple[str, int], optional): Address and port for establishing a TCP connection to the server.
                 Defaults to `("localhost", 6059)`.
@@ -83,21 +83,31 @@ class TCPTransport:
 
         if self.ssl_client_cert is not None:
             # Load client-side certificate and private key
-            context.load_cert_chain(certfile=self.ssl_client_cert[0], keyfile=self.ssl_client_cert[1])
+            if isinstance(self.ssl_client_cert, tuple) and len(self.ssl_client_cert) == 2:
+                context.load_cert_chain(certfile=self.ssl_client_cert[0], keyfile=self.ssl_client_cert[1])
+            elif isinstance(self.ssl_client_cert, str):
+                # Handle case where cert and key are in the same file
+                context.load_cert_chain(certfile=self.ssl_client_cert)
+            else:
+                raise ValueError("ssl_client_cert must be a string filepath or a tuple of (cert_file, key_file)")
 
         # Create a TCP socket
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         sock.setblocking(True)
         sock.settimeout(30)  # Connection timeout set to 30 seconds
-        # Wrap the socket with SSL/TLS
-        ssl_socket = context.wrap_socket(sock, server_hostname=self.tcp_address[0])
-        # Connect to the server
-        ssl_socket.connect(self.tcp_address)
-        # Disable Nagle's algorithm
-        ssl_socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
-        # After connecting, set separate timeout for recv/send
-        # ssl_socket.settimeout(20)  # 20 seconds for recv/send
-        self._socket = ssl_socket
+        try:
+            # Wrap the socket with SSL/TLS
+            ssl_socket = context.wrap_socket(sock, server_hostname=self.tcp_address[0])
+            # Connect to the server
+            ssl_socket.connect(self.tcp_address)
+            # Disable Nagle's algorithm
+            ssl_socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
+            # After connecting, set separate timeout for recv/send
+            # ssl_socket.settimeout(20)  # 20 seconds for recv/send
+            self._socket = ssl_socket
+        except (socket.error, ssl.SSLError) as e:
+            sock.close()
+            raise RuntimeError(f"Failed to connect to {self.tcp_address}: {e}")
 
     def close(self) -> None:
         """Close socket connection"""
@@ -115,23 +125,37 @@ class TCPTransport:
 
     def send_message(self, data) -> None:
         """Send a message with a prefixed header indicating its length"""
-        length = len(data)
-        # Pack the header into 8 bytes using big-endian format
-        self._socket.sendall(struct.pack("!II", self.TCP_MESSAGE_MAGIC, length))
-        if length > 0:
-            self._socket.sendall(data)
+        if self._socket is None:
+            raise RuntimeError("Cannot send message: not connected")
+
+        try:
+            length = len(data)
+            # Pack the header into 8 bytes using big-endian format
+            self._socket.sendall(struct.pack("!II", self.TCP_MESSAGE_MAGIC, length))
+            if length > 0:
+                self._socket.sendall(data)
+        except (socket.error, ssl.SSLError) as e:
+            self.close()
+            raise RuntimeError(f"Error sending message: {e}")
 
     def receive_message(self) -> Optional[bytearray]:
         """Receive a message with a prefixed header indicating its length and validate it"""
-        # Unpack the data (big-endian format)
-        magic, length = struct.unpack("!II", self._recvall(self.TCP_MESSAGE_HEADER_LENGTH))
-        if magic != self.TCP_MESSAGE_MAGIC:
-            raise ValueError(f"Invalid message: incorrect magic number 0x{magic:X}.")
-        if length > self.TCP_MAX_BLOCK_SIZE:
-            raise ValueError(f"Message size {length} exceeds the maximum allowed size of {self.TCP_MAX_BLOCK_SIZE} bytes.")
-        if length > 0:
-            return self._recvall(length)
-        return None
+        if self._socket is None:
+            raise RuntimeError("Cannot receive message: not connected")
+
+        try:
+            # Unpack the data (big-endian format)
+            magic, length = struct.unpack("!II", self._recvall(self.TCP_MESSAGE_HEADER_LENGTH))
+            if magic != self.TCP_MESSAGE_MAGIC:
+                raise ValueError(f"Invalid message: incorrect magic number 0x{magic:X}.")
+            if length > self.TCP_MAX_BLOCK_SIZE:
+                raise ValueError(f"Message size {length} exceeds the maximum allowed size of {self.TCP_MAX_BLOCK_SIZE} bytes.")
+            if length > 0:
+                return self._recvall(length)
+            return None
+        except (socket.error, ssl.SSLError) as e:
+            self.close()
+            raise RuntimeError(f"Error receiving message: {e}")
 
     def _recvall(self, length: int) -> bytearray:
         """socket recv data with fixed length
@@ -156,11 +180,14 @@ class TCPTransport:
 
         while bytes_received < length:
             # Use recv_into to read directly into our buffer
-            chunk_size = self._socket.recv_into(view[bytes_received:], length - bytes_received)
+            try:
+                chunk_size = self._socket.recv_into(view[bytes_received:], length - bytes_received)
 
-            if chunk_size == 0:
-                raise EOFError("Connection closed by peer")
+                if chunk_size == 0:
+                    raise EOFError("Connection closed by peer")
 
-            bytes_received += chunk_size
+                bytes_received += chunk_size
+            except socket.timeout:
+                raise socket.timeout(f"Socket operation timed out after receiving {bytes_received}/{length} bytes")
 
         return buffer

{appmesh-1.4.6.dist-info → appmesh-1.4.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: appmesh
-Version: 1.4.6
+Version: 1.4.8
 Summary: Client SDK for App Mesh
 Home-page: https://github.com/laoshanxi/app-mesh
 Author: laoshanxi
@@ -28,13 +28,14 @@ Dynamic: requires-dist
 Dynamic: requires-python
 Dynamic: summary
 
-[![language.badge]][language.url] [![standard.badge]][standard.url] [![release.badge]][release.url] [![pypi.badge]][pypi.url] [![unittest.badge]][unittest.url] [![docker.badge]][docker.url] [![cockpit.badge]][cockpit.url]
+[![language.badge]][language.url] [![standard.badge]][standard.url] [![unittest.badge]][unittest.url] [![docker.badge]][docker.url] [![cockpit.badge]][cockpit.url]
 [![Documentation Status](https://readthedocs.org/projects/app-mesh/badge/?version=latest)](https://app-mesh.readthedocs.io/en/latest/?badge=latest) [![Join the chat at https://gitter.im/app-mesh/community](https://badges.gitter.im/app-mesh/community.svg)](https://gitter.im/app-mesh/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 <a href="https://scan.coverity.com/projects/laoshanxi-app-mesh">
   <img alt="Coverity Scan Build Status"
        src="https://img.shields.io/coverity/scan/21528.svg"/>
 </a>
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/laoshanxi/app-mesh/badge)](https://api.securityscorecards.dev/projects/github.com/laoshanxi/app-mesh)
+[![release.badge]][release.url] [![pypi.badge]][pypi.url] [![npm.badge]][npm.url]
 
 # App Mesh: Advanced Application Management Platform
 
@@ -148,7 +149,7 @@ Refer to the [Installation doc](https://app-mesh.readthedocs.io/en/latest/Instal
 [standard.url]:   https://en.wikipedia.org/wiki/C%2B%2B#Standardization
 [standard.badge]: https://img.shields.io/badge/C%2B%2B-11%2F14%2F17-blue.svg
 [release.url]:    https://github.com/laoshanxi/app-mesh/releases
-[release.badge]:  https://img.shields.io/github/v/release/laoshanxi/app-mesh.svg
+[release.badge]:  https://img.shields.io/github/v/release/laoshanxi/app-mesh?label=Github%20package
 [docker.url]:     https://hub.docker.com/repository/docker/laoshanxi/appmesh
 [docker.badge]:   https://img.shields.io/docker/pulls/laoshanxi/appmesh.svg
 [cockpit.url]:    https://github.com/laoshanxi/app-mesh-ui
@@ -157,3 +158,5 @@ Refer to the [Installation doc](https://app-mesh.readthedocs.io/en/latest/Instal
 [unittest.badge]: https://img.shields.io/badge/UnitTest-Catch2-blue?logo=appveyor
 [pypi.badge]: https://img.shields.io/pypi/v/appmesh?label=PyPI%3Aappmesh
 [pypi.url]: https://pypi.org/project/appmesh/
+[npm.badge]: https://img.shields.io/npm/v/appmesh?label=npm%3Aappmesh
+[npm.url]: https://www.npmjs.com/package/appmesh

{appmesh-1.4.6.dist-info → appmesh-1.4.8.dist-info}/RECORD

@@ -3,11 +3,12 @@ appmesh/app.py,sha256=9Q-SOOej-MH13BU5Dv2iTa-p-sECCJQp6ZX9DjWWmwE,10526
 appmesh/app_output.py,sha256=JK_TMKgjvaw4n_ys_vmN5S4MyWVZpmD7NlKz_UyMIM8,1015
 appmesh/app_run.py,sha256=9ISKGZ3k3kkbQvSsPfRfkOLqD9xhbqNOM7ork9F4w9c,1712
 appmesh/appmesh_client.py,sha256=0ltkqHZUq094gKneYmC0bEZCP0X9kHTp9fccKdWFWP0,339
-appmesh/http_client.py,sha256=qM0es3dM4PM95ymNqdTAuIvTD9-Xy6jPKhDW-Sn7ehg,45180
+appmesh/http_client.py,sha256=S90Ldndx3wfUYE2Ln31fnKKBNXbDROQd3FAzFTEdZtA,48314
+appmesh/keycloak.py,sha256=BJZ35FPO0C2wDeDhCcd6cE4ba9BF4UZ-4o5QelmbGHg,8036
 appmesh/tcp_client.py,sha256=RkHl5s8jE333BJOgxJqJ_fvjbdRQza7ciV49vLT6YO4,10923
 appmesh/tcp_messages.py,sha256=w1Kehz_aX4X2CYAUsy9mFVJRhxnLQwwc6L58W4YkQqs,969
-appmesh/tcp_transport.py,sha256=UMGby2oKV4k7lyXZUMSOe2Je34fb1w7nTkxEpatKLKg,7256
-appmesh-1.4.6.dist-info/METADATA,sha256=x8wWJAFfIPR3PU4nGmmZDezdmmeoCLFmkE-nrOM1lPY,11501
-appmesh-1.4.6.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-appmesh-1.4.6.dist-info/top_level.txt,sha256=-y0MNQOGJxUzLdHZ6E_Rfv5_LNCkV-GTmOBME_b6pg8,8
-appmesh-1.4.6.dist-info/RECORD,,
+appmesh/tcp_transport.py,sha256=-XDTQbsKL3yCbguHeW2jNqXpYgnCyHsH4rwcaJ46AS8,8645
+appmesh-1.4.8.dist-info/METADATA,sha256=_Lmle-Icw-PkTf5yUvx3wHgaH0usfqAcVD2eePzjYS8,11663
+appmesh-1.4.8.dist-info/WHEEL,sha256=52BFRY2Up02UkjOa29eZOS2VxUrpPORXg1pkohGGUS8,91
+appmesh-1.4.8.dist-info/top_level.txt,sha256=-y0MNQOGJxUzLdHZ6E_Rfv5_LNCkV-GTmOBME_b6pg8,8
+appmesh-1.4.8.dist-info/RECORD,,

{appmesh-1.4.6.dist-info → appmesh-1.4.8.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.8.0)
+Generator: setuptools (76.0.0)
 Root-Is-Purelib: true
 Tag: py3-none-any