appmesh 1.6.8__py3-none-any.whl → 1.6.10__py3-none-any.whl

appmesh/__init__.py

@@ -11,6 +11,7 @@ Example:
 
 import sys
 from types import ModuleType
+from typing import TYPE_CHECKING
 
 __all__ = ["App", "AppMeshClient", "AppMeshClientTCP", "AppMeshClientOAuth", "AppMeshServer", "AppMeshServerTCP"]
 
@@ -24,6 +25,17 @@ _LAZY_IMPORTS = {
 }
 
 
+if TYPE_CHECKING:
+    # Provide explicit imports for static analyzers and type checkers
+    # These imports are only executed during type checking and won't affect runtime.
+    from .app import App  # noqa: F401
+    from .client_http import AppMeshClient  # noqa: F401
+    from .client_tcp import AppMeshClientTCP  # noqa: F401
+    from .client_http_oauth import AppMeshClientOAuth  # noqa: F401
+    from .server_http import AppMeshServer  # noqa: F401
+    from .server_tcp import AppMeshServerTCP  # noqa: F401
+
+
 def _lazy_import(name):
     """Helper function for lazy importing."""
     if name in _LAZY_IMPORTS:

appmesh/client_http.py

@@ -7,7 +7,10 @@ import locale
 import logging
 import os
 import sys
+import threading
 import time
+import requests
+import http.cookiejar as cookiejar
 from datetime import datetime
 from enum import Enum, unique
 from http import HTTPStatus
@@ -16,7 +19,6 @@ from typing import Optional, Tuple, Union
 from urllib import parse
 import aniso8601
 import jwt
-import requests
 from .app import App
 from .app_run import AppRun
 from .app_output import AppOutput
@@ -74,7 +76,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         - wait_for_async_run()
         - run_app_sync()
         - run_task()
-        - cancle_task()
+        - cancel_task()
 
         # System Management
         - forward_to
@@ -127,6 +129,10 @@ class AppMeshClient(metaclass=abc.ABCMeta):
     HTTP_HEADER_KEY_USER_AGENT = "User-Agent"
     HTTP_HEADER_KEY_X_TARGET_HOST = "X-Target-Host"
     HTTP_HEADER_KEY_X_FILE_PATH = "X-File-Path"
+    HTTP_HEADER_JWT_set_cookie = "X-Set-Cookie"
+    HTTP_HEADER_NAME_CSRF_TOKEN = "X-CSRF-Token"
+    COOKIE_TOKEN = "appmesh_auth_token"
+    COOKIE_CSRF_TOKEN = "appmesh_csrf_token"
 
     @unique
     class Method(Enum):
@@ -191,7 +197,8 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         rest_ssl_verify=DEFAULT_SSL_CA_CERT_PATH if os.path.exists(DEFAULT_SSL_CA_CERT_PATH) else False,
         rest_ssl_client_cert=(DEFAULT_SSL_CLIENT_CERT_PATH, DEFAULT_SSL_CLIENT_KEY_PATH) if os.path.exists(DEFAULT_SSL_CLIENT_CERT_PATH) else None,
         rest_timeout=(60, 300),
-        jwt_token=None,
+        jwt_token: Optional[str] = None,
+        rest_cookie_file: Optional[str] = None,
         auto_refresh_token=False,
     ):
         """Initialize an App Mesh HTTP client for interacting with the App Mesh server via secure HTTPS.
@@ -213,13 +220,14 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             rest_timeout (tuple, optional): HTTP connection timeouts for API requests, as `(connect_timeout, read_timeout)`.
                 The default is `(60, 300)`, where `60` seconds is the maximum time to establish a connection and `300` seconds for the maximum read duration.
 
+            rest_cookie_file (str, optional): Path to a file for storing session cookies. If provided, cookies will be saved to and loaded from this file to maintain session state across client instances.
+
             jwt_token (str, optional): JWT token for API authentication, used in headers to authorize requests where required.
             auto_refresh_token (bool, optional): Enable automatic token refresh before expiration.
                 When enabled, a background timer will monitor token expiration and attempt to refresh
                 the token before it expires. This works with both native App Mesh tokens and Keycloak tokens.
         """
         self._ensure_logging_configured()
-        self.session = requests.Session()
         self.auth_server_url = rest_url
         self._jwt_token = jwt_token
         self.ssl_verify = rest_ssl_verify
@@ -227,6 +235,11 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         self.rest_timeout = rest_timeout
         self._forward_to = None
 
+        # Session and cookie management
+        self._lock = threading.Lock()
+        self.session = requests.Session()
+        self.cookie_file = self._load_cookies(rest_cookie_file)
+
         # Token auto-refresh
         self._token_refresh_timer = None
         self._auto_refresh_token = auto_refresh_token
@@ -241,6 +254,44 @@ class AppMeshClient(metaclass=abc.ABCMeta):
     def _get_access_token(self) -> str:
         return self.jwt_token
 
+    def _load_cookies(self, cookie_file: Optional[str]) -> str:
+        """Load cookies from the cookie file and return the file path ."""
+        if not cookie_file:
+            return ""
+
+        self.session.cookies = cookiejar.MozillaCookieJar(cookie_file)
+        if os.path.exists(cookie_file):
+            self.session.cookies.load(ignore_discard=True, ignore_expires=True)
+        else:
+            os.makedirs(os.path.dirname(cookie_file), exist_ok=True)
+            self.session.cookies.save(ignore_discard=True, ignore_expires=True)
+            if os.name == "posix":
+                os.chmod(cookie_file, 0o600)  # User read/write only
+        return cookie_file
+
+    @staticmethod
+    def _get_cookie_value(cookies, name, check_expiry=True) -> Optional[str]:
+        """Get cookie value by name, checking expiry if requested."""
+        # If it's a RequestsCookieJar, use .get() but check expiry manually if requested
+        if hasattr(cookies, "get") and not isinstance(cookies, list):
+            cookie = cookies.get(name)
+            if cookie is None:
+                return None
+            if check_expiry and getattr(cookie, "expires", None):
+                if cookie.expires < time.time():
+                    return None  # expired
+            return cookie.value if hasattr(cookie, "value") else cookie
+
+        # Otherwise, assume it's a MozillaCookieJar — iterate manually
+        for c in cookies:
+            if c.name == name:
+                if check_expiry and getattr(c, "expires", None):
+                    if c.expires < time.time():
+                        return None  # expired
+                return c.value
+
+        return None
+
     def _check_and_refresh_token(self):
         """Check and refresh token if needed, then schedule next check.
 
@@ -389,6 +440,8 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             - Refresh tokens before expiration
             - Validate token format before setting
         """
+        if self._jwt_token == token:
+            return  # No change
         self._jwt_token = token
 
         # handle refresh
@@ -398,6 +451,11 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             self._token_refresh_timer.cancel()
             self._token_refresh_timer = None
 
+        # handle session
+        with self._lock:
+            if self.cookie_file:
+                self.session.cookies.save(ignore_discard=True, ignore_expires=True)
+
     @property
     def forward_to(self) -> str:
         """Get the target host address for request forwarding in a cluster setup.
@@ -444,44 +502,6 @@ class AppMeshClient(metaclass=abc.ABCMeta):
 
         self._forward_to = host
 
-    def _normalize_totp_secret(self, secret: str) -> str:
-        """
-        Normalize a TOTP secret to a valid RFC 4648 Base32 format.
-        This includes:
-            - Removing all whitespace
-            - Uppercasing
-            - Replacing visually similar or Crockford-like digits:
-                '1' -> 'I', '0' -> 'O', '8' -> 'B', '9' -> 'G'
-            - Adding RFC 4648 padding
-        """
-        if not secret:
-            raise ValueError("Empty TOTP secret")
-
-        # Remove all whitespace and uppercase
-        secret = "".join(secret.split()).upper()
-
-        # Crockford/Base32-friendly replacements
-        replacements = {
-            "1": "I",
-            "0": "O",
-            "8": "B",
-            "9": "G",
-        }
-
-        for old, new in replacements.items():
-            secret = secret.replace(old, new)
-
-        # Validate that only RFC 4648 Base32 characters remain
-        valid_chars = set("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567")
-        if not set(secret).issubset(valid_chars):
-            raise ValueError("Invalid characters in TOTP secret")
-
-        # Add padding to make length a multiple of 8 (RFC 4648)
-        padding = (8 - (len(secret) % 8)) % 8
-        secret += "=" * padding
-
-        return secret
-
     ########################################
     # Security
     ########################################
@@ -514,6 +534,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
                 self.HTTP_HEADER_KEY_AUTH: "Basic " + base64.b64encode(f"{user_name}:{user_pwd}".encode()).decode(),
                 "X-Expire-Seconds": str(self._parse_duration(timeout_seconds)),
                 **({"X-Audience": audience} if audience else {}),
+                **({self.HTTP_HEADER_JWT_set_cookie: "true"} if self.cookie_file else {}),
                 # **({"X-Totp-Code": totp_code} if totp_code else {}),
             },
         )
@@ -648,20 +669,15 @@ class AppMeshClient(metaclass=abc.ABCMeta):
 
     def get_totp_secret(self) -> str:
         """
-        Generate TOTP secret for the current user and return a normalized secret.
+        Generate TOTP secret for the current user and return a secret.
 
         Returns:
-            str: Normalized TOTP secret string
+            str: TOTP secret string
         """
         resp = self._request_http(method=AppMeshClient.Method.POST, path="/appmesh/totp/secret")
         if resp.status_code == HTTPStatus.OK:
             totp_uri = base64.b64decode(resp.json()["mfa_uri"]).decode()
-            secret = self._parse_totp_uri(totp_uri).get("secret")
-            if not secret:
-                raise ValueError("TOTP secret missing in response")
-
-            # Normalize to standard Base32
-            return self._normalize_totp_secret(secret)
+            return self._parse_totp_uri(totp_uri).get("secret")
 
         raise Exception(resp.text)
 
@@ -1282,7 +1298,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
 
         return resp.text
 
-    def cancle_task(self, app_name: str) -> bool:
+    def cancel_task(self, app_name: str) -> bool:
         """Client cancle a running task to a App Mesh application.
 
         Args:
@@ -1442,9 +1458,13 @@ class AppMeshClient(metaclass=abc.ABCMeta):
 
         # Prepare headers
         header = {} if header is None else header
-        token = self._get_access_token()
-        if token:
-            header[self.HTTP_HEADER_KEY_AUTH] = f"Bearer {token}"
+
+        # JWT or Cookie token
+        if self.cookie_file and self._get_cookie_value(self.session.cookies, self.COOKIE_CSRF_TOKEN):
+            header[self.HTTP_HEADER_NAME_CSRF_TOKEN] = self._get_cookie_value(self.session.cookies, self.COOKIE_CSRF_TOKEN)
+        elif self._get_access_token():
+            header[self.HTTP_HEADER_KEY_AUTH] = f"Bearer {self._get_access_token()}"
+
         if self.forward_to and len(self.forward_to) > 0:
             if ":" in self.forward_to:
                 header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to

{appmesh-1.6.8.dist-info → appmesh-1.6.10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: appmesh
-Version: 1.6.8
+Version: 1.6.10
 Summary: Client SDK for App Mesh
 Home-page: https://github.com/laoshanxi/app-mesh
 Author: laoshanxi
@@ -145,7 +145,6 @@ Refer to the [Installation doc](https://app-mesh.readthedocs.io/en/latest/Instal
 - [log4cpp](http://log4cpp.sourceforge.net)
 - [Crypto++](https://www.cryptopp.com)
 - [ldap-cpp](https://github.com/AndreyBarmaley/ldap-cpp)
-- [OATH Toolkit](http://www.nongnu.org/oath-toolkit/liboath-api)
 
 [language.url]:   https://isocpp.org/
 [language.badge]: https://img.shields.io/badge/language-C++-blue.svg

{appmesh-1.6.8.dist-info → appmesh-1.6.10.dist-info}/RECORD

@@ -1,16 +1,16 @@
-appmesh/__init__.py,sha256=TY1y5B5cE57uhraEzCFOZRWuo9SY1R-fYNRan8hCZOM,1670
+appmesh/__init__.py,sha256=uJ5LOadwZW2nOXkSuPOy2S3WH9Bx0BUn5wUvPBeFzoc,2217
 appmesh/app.py,sha256=crD4DRFZJuHtZMfSsz7C-EwvjPmGZbFXYXvA_wCdvdI,10734
 appmesh/app_output.py,sha256=vfn322AyixblI8DbXds08h6L_ybObiaRSifsA1-Xcoo,1035
 appmesh/app_run.py,sha256=aYq852a29OThIi32Xtx5s0sTXZ97T0lHD5WXH8yfPoc,2018
 appmesh/appmesh_client.py,sha256=ywB2222PtJUffdfdxZcBfdhZs1KYyc7JvzMxwuK2qyI,378
-appmesh/client_http.py,sha256=l8eUmJxXIDjowPvPKIppCLfwlk2kjztU-FXoaOac_tc,59003
+appmesh/client_http.py,sha256=KD4AMcMbHqaLJWSrra0J03kMqWAiwYHiyusUc5kpr6o,60443
 appmesh/client_http_oauth.py,sha256=1d51o0JX_xtB8d2bEuM7_XJHcwMnhcjkbIq7GE1Zxm8,6120
 appmesh/client_tcp.py,sha256=aq6UUzytZA4ibE9WQMMWdo1uW8sHETEhJjsbM6IYSno,11457
 appmesh/server_http.py,sha256=rBIYO9rbR-r3x1Jcry440Sp--IM-OWKRaOhNpGdkxh8,4299
 appmesh/server_tcp.py,sha256=-CU5tw97WJmDcUNsNPWqpdZ0wxRzRD6kUP3XyNZUTHc,1444
 appmesh/tcp_messages.py,sha256=H9S_iCy0IuufY2v50_SUgRvcyQmJsySG65tBe_xb3Ko,1878
 appmesh/tcp_transport.py,sha256=0hRSp5fpL9wKB05JIyIRIuyBC8w1IdokryhMDHqtN4M,8946
-appmesh-1.6.8.dist-info/METADATA,sha256=bDxN-Vm4004kC7FdM52yMx-YcmNcFzexBDYBr3p6db4,11828
-appmesh-1.6.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-appmesh-1.6.8.dist-info/top_level.txt,sha256=-y0MNQOGJxUzLdHZ6E_Rfv5_LNCkV-GTmOBME_b6pg8,8
-appmesh-1.6.8.dist-info/RECORD,,
+appmesh-1.6.10.dist-info/METADATA,sha256=do80dYMa4qK9tg1qKDM4M0klzIgzfcEGlWo6w1OIBfg,11764
+appmesh-1.6.10.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+appmesh-1.6.10.dist-info/top_level.txt,sha256=-y0MNQOGJxUzLdHZ6E_Rfv5_LNCkV-GTmOBME_b6pg8,8
+appmesh-1.6.10.dist-info/RECORD,,