arthexis 0.1.9__py3-none-any.whl → 0.1.26__py3-none-any.whl

core/environment.py

@@ -1,43 +1,60 @@
-from __future__ import annotations
-
-import os
-
-from django.conf import settings
-from django.contrib import admin
-from django.template.response import TemplateResponse
-from django.urls import path
-from django.utils.translation import gettext_lazy as _
-
-
-def _environment_view(request):
-    env_vars = sorted(os.environ.items())
-    django_settings = sorted(
-        [(name, getattr(settings, name)) for name in dir(settings) if name.isupper()]
-    )
-    context = admin.site.each_context(request)
-    context.update(
-        {
-            "title": _("Environment"),
-            "env_vars": env_vars,
-            "django_settings": django_settings,
-        }
-    )
-    return TemplateResponse(request, "admin/environment.html", context)
-
-
-def patch_admin_environment_view() -> None:
-    """Add custom admin view for environment information."""
-    original_get_urls = admin.site.get_urls
-
-    def get_urls():
-        urls = original_get_urls()
-        custom = [
-            path(
-                "environment/",
-                admin.site.admin_view(_environment_view),
-                name="environment",
-            ),
-        ]
-        return custom + urls
-
-    admin.site.get_urls = get_urls
+from __future__ import annotations
+
+import os
+from django.conf import settings
+from django.contrib import admin
+from django.template.response import TemplateResponse
+from django.urls import path
+from django.utils.translation import gettext_lazy as _
+
+
+def _get_django_settings():
+    return sorted(
+        [(name, getattr(settings, name)) for name in dir(settings) if name.isupper()]
+    )
+
+
+def _environment_view(request):
+    env_vars = sorted(os.environ.items())
+    context = admin.site.each_context(request)
+    context.update(
+        {
+            "title": _("Environment"),
+            "env_vars": env_vars,
+            "environment_tasks": [],
+        }
+    )
+    return TemplateResponse(request, "admin/environment.html", context)
+
+def _config_view(request):
+    context = admin.site.each_context(request)
+    context.update(
+        {
+            "title": _("Django Config"),
+            "django_settings": _get_django_settings(),
+        }
+    )
+    return TemplateResponse(request, "admin/config.html", context)
+
+
+def patch_admin_environment_view() -> None:
+    """Register the Environment and Config admin views on the main admin site."""
+    original_get_urls = admin.site.get_urls
+
+    def get_urls():
+        urls = original_get_urls()
+        custom = [
+            path(
+                "environment/",
+                admin.site.admin_view(_environment_view),
+                name="environment",
+            ),
+            path(
+                "config/",
+                admin.site.admin_view(_config_view),
+                name="config",
+            ),
+        ]
+        return custom + urls
+
+    admin.site.get_urls = get_urls

core/fields.py

@@ -1,75 +1,168 @@
-from django.db import models
-from django.db.models.fields import DeferredAttribute
-
-
-class _BaseSigilDescriptor(DeferredAttribute):
-    def __set__(self, instance, value):
-        instance.__dict__[self.field.attname] = value
-
-
-class _CheckSigilDescriptor(_BaseSigilDescriptor):
-    def __get__(self, instance, cls=None):
-        value = super().__get__(instance, cls)
-        if instance is None:
-            return value
-        if getattr(instance, f"{self.field.name}_resolve_sigils", False):
-            return instance.resolve_sigils(self.field.name)
-        return value
-
-
-class _AutoSigilDescriptor(_BaseSigilDescriptor):
-    def __get__(self, instance, cls=None):
-        value = super().__get__(instance, cls)
-        if instance is None:
-            return value
-        return instance.resolve_sigils(self.field.name)
-
-
-class _SigilBaseField:
-    def value_from_object(self, obj):
-        return obj.__dict__.get(self.attname)
-
-    def pre_save(self, model_instance, add):
-        # ``models.Field.pre_save`` uses ``getattr`` which would resolve the
-        # sigil descriptor. Persist the raw database value instead so env-based
-        # placeholders remain intact when editing through admin forms.
-        return self.value_from_object(model_instance)
-
-
-class SigilCheckFieldMixin(_SigilBaseField):
-    descriptor_class = _CheckSigilDescriptor
-
-    def contribute_to_class(self, cls, name, private_only=False):
-        super().contribute_to_class(cls, name, private_only=private_only)
-        extra_name = f"{name}_resolve_sigils"
-        if not any(f.name == extra_name for f in cls._meta.fields):
-            cls.add_to_class(
-                extra_name,
-                models.BooleanField(
-                    default=False,
-                    verbose_name="Resolve [SIGILS] in templates",
-                ),
-            )
-
-
-class SigilAutoFieldMixin(_SigilBaseField):
-    descriptor_class = _AutoSigilDescriptor
-
-    def contribute_to_class(self, cls, name, private_only=False):
-        super().contribute_to_class(cls, name, private_only=private_only)
-
-
-class SigilShortCheckField(SigilCheckFieldMixin, models.CharField):
-    pass
-
-
-class SigilLongCheckField(SigilCheckFieldMixin, models.TextField):
-    pass
-
-
-class SigilShortAutoField(SigilAutoFieldMixin, models.CharField):
-    pass
-
-
-class SigilLongAutoField(SigilAutoFieldMixin, models.TextField):
-    pass
+from dataclasses import dataclass
+import re
+import sqlite3
+
+from django.db import models
+from django.db.models.fields import DeferredAttribute
+from django.utils.translation import gettext_lazy as _
+
+
+class _BaseSigilDescriptor(DeferredAttribute):
+    def __set__(self, instance, value):
+        instance.__dict__[self.field.attname] = value
+
+
+class _CheckSigilDescriptor(_BaseSigilDescriptor):
+    def __get__(self, instance, cls=None):
+        value = super().__get__(instance, cls)
+        if instance is None:
+            return value
+        if getattr(instance, f"{self.field.name}_resolve_sigils", False):
+            return instance.resolve_sigils(self.field.name)
+        return value
+
+
+class _AutoSigilDescriptor(_BaseSigilDescriptor):
+    def __get__(self, instance, cls=None):
+        value = super().__get__(instance, cls)
+        if instance is None:
+            return value
+        return instance.resolve_sigils(self.field.name)
+
+
+class _SigilBaseField:
+    def value_from_object(self, obj):
+        return obj.__dict__.get(self.attname)
+
+    def pre_save(self, model_instance, add):
+        # ``models.Field.pre_save`` uses ``getattr`` which would resolve the
+        # sigil descriptor. Persist the raw database value instead so env-based
+        # placeholders remain intact when editing through admin forms.
+        return self.value_from_object(model_instance)
+
+
+class SigilCheckFieldMixin(_SigilBaseField):
+    descriptor_class = _CheckSigilDescriptor
+
+    def contribute_to_class(self, cls, name, private_only=False):
+        super().contribute_to_class(cls, name, private_only=private_only)
+        extra_name = f"{name}_resolve_sigils"
+        if not any(f.name == extra_name for f in cls._meta.fields):
+            cls.add_to_class(
+                extra_name,
+                models.BooleanField(
+                    default=False,
+                    verbose_name="Resolve [SIGILS] in templates",
+                ),
+            )
+
+
+class SigilAutoFieldMixin(_SigilBaseField):
+    descriptor_class = _AutoSigilDescriptor
+
+    def contribute_to_class(self, cls, name, private_only=False):
+        super().contribute_to_class(cls, name, private_only=private_only)
+
+
+class SigilShortCheckField(SigilCheckFieldMixin, models.CharField):
+    pass
+
+
+class SigilLongCheckField(SigilCheckFieldMixin, models.TextField):
+    pass
+
+
+class SigilShortAutoField(SigilAutoFieldMixin, models.CharField):
+    pass
+
+
+class SigilLongAutoField(SigilAutoFieldMixin, models.TextField):
+    pass
+
+
+class ConditionEvaluationError(Exception):
+    """Raised when a condition expression cannot be evaluated."""
+
+
+@dataclass
+class ConditionCheckResult:
+    """Represents the outcome of evaluating a condition field."""
+
+    passed: bool
+    resolved: str
+    error: str | None = None
+
+
+_COMMENT_PATTERN = re.compile(r"(--|/\*)")
+_FORBIDDEN_KEYWORDS = re.compile(
+    r"\b(ATTACH|DETACH|ALTER|ANALYZE|CREATE|DROP|INSERT|UPDATE|DELETE|REPLACE|"
+    r"VACUUM|TRIGGER|TABLE|INDEX|VIEW|PRAGMA|BEGIN|COMMIT|ROLLBACK|SAVEPOINT|WITH)\b",
+    re.IGNORECASE,
+)
+
+
+def _evaluate_sql_condition(expression: str) -> bool:
+    """Evaluate a SQL expression in an isolated SQLite connection."""
+
+    if ";" in expression:
+        raise ConditionEvaluationError(
+            _("Semicolons are not allowed in conditions."),
+        )
+    if _COMMENT_PATTERN.search(expression):
+        raise ConditionEvaluationError(
+            _("SQL comments are not allowed in conditions."),
+        )
+    match = _FORBIDDEN_KEYWORDS.search(expression)
+    if match:
+        raise ConditionEvaluationError(
+            _("Disallowed keyword in condition: %(keyword)s")
+            % {"keyword": match.group(1)},
+        )
+
+    try:
+        conn = sqlite3.connect(":memory:")
+        try:
+            conn.execute("PRAGMA trusted_schema = OFF")
+            conn.execute("PRAGMA foreign_keys = OFF")
+            try:
+                conn.enable_load_extension(False)
+            except AttributeError:
+                # ``enable_load_extension`` is not available on some platforms.
+                pass
+            cursor = conn.execute(
+                f"SELECT CASE WHEN ({expression}) THEN 1 ELSE 0 END"
+            )
+            row = cursor.fetchone()
+            return bool(row[0]) if row else False
+        finally:
+            conn.close()
+    except sqlite3.Error as exc:  # pragma: no cover - exact error message varies
+        raise ConditionEvaluationError(str(exc)) from exc
+
+
+class ConditionTextField(models.TextField):
+    """Field storing a conditional SQL expression resolved through [sigils]."""
+
+    def evaluate(self, instance) -> ConditionCheckResult:
+        """Evaluate the stored expression for ``instance``."""
+
+        value = self.value_from_object(instance)
+        if hasattr(instance, "resolve_sigils"):
+            resolved = instance.resolve_sigils(self.name)
+        else:
+            resolved = value
+
+        if resolved is None:
+            resolved_text = ""
+        else:
+            resolved_text = str(resolved)
+
+        resolved_text = resolved_text.strip()
+        if not resolved_text:
+            return ConditionCheckResult(True, resolved_text)
+
+        try:
+            passed = _evaluate_sql_condition(resolved_text)
+            return ConditionCheckResult(passed, resolved_text)
+        except ConditionEvaluationError as exc:
+            return ConditionCheckResult(False, resolved_text, str(exc))

core/form_fields.py

@@ -0,0 +1,75 @@
+"""Custom form fields for the Arthexis admin."""
+
+from __future__ import annotations
+
+import base64
+from typing import Any
+
+from django.core.exceptions import ValidationError
+from django.forms.fields import FileField
+from django.forms.widgets import FILE_INPUT_CONTRADICTION
+from django.utils.translation import gettext_lazy as _
+
+from .widgets import AdminBase64FileWidget
+
+
+class Base64FileField(FileField):
+    """Form field storing uploaded files as base64 encoded strings.
+
+    The field behaves like :class:`~django.forms.FileField` from the user's
+    perspective. Uploaded files are converted to base64 and returned as text so
+    they can be stored in ``TextField`` columns. When no new file is uploaded the
+    initial base64 value is preserved, while clearing the field stores an empty
+    string.
+    """
+
+    widget = AdminBase64FileWidget
+    default_error_messages = {
+        **FileField.default_error_messages,
+        "contradiction": _(
+            "Please either submit a file or check the clear checkbox, not both."
+        ),
+    }
+
+    def __init__(
+        self,
+        *,
+        download_name: str | None = None,
+        content_type: str = "application/octet-stream",
+        **kwargs: Any,
+    ) -> None:
+        widget = kwargs.pop("widget", None) or self.widget()
+        if download_name:
+            widget.download_name = download_name
+        if content_type:
+            widget.content_type = content_type
+        super().__init__(widget=widget, **kwargs)
+
+    def to_python(self, data: Any) -> str | None:
+        """Convert uploaded data to a base64 string."""
+
+        if isinstance(data, str):
+            return data
+        uploaded = super().to_python(data)
+        if uploaded is None:
+            return None
+        content = uploaded.read()
+        if hasattr(uploaded, "seek"):
+            uploaded.seek(0)
+        return base64.b64encode(content).decode("ascii")
+
+    def clean(self, data: Any, initial: str | None = None) -> str:
+        if data is FILE_INPUT_CONTRADICTION:
+            raise ValidationError(
+                self.error_messages["contradiction"], code="contradiction"
+            )
+        cleaned = super().clean(data, initial)
+        if cleaned in {None, False}:
+            return ""
+        return cleaned
+
+    def bound_data(self, data: Any, initial: str | None) -> str | None:
+        return initial
+
+    def has_changed(self, initial: str | None, data: Any) -> bool:
+        return not self.disabled and data is not None

core/github_helper.py

@@ -1,25 +1,188 @@
-"""Helpers for reporting exceptions to GitHub."""
-
-from __future__ import annotations
-
-import logging
-from typing import Any
-
-from celery import shared_task
-
-
-logger = logging.getLogger(__name__)
-
-
-@shared_task
-def report_exception_to_github(payload: dict[str, Any]) -> None:
-    """Send exception context to the GitHub issue helper.
-
-    The task is intentionally light-weight in this repository. Deployments can
-    replace it with an implementation that forwards ``payload`` to the
-    automation responsible for creating GitHub issues.
-    """
-
-    logger.info(
-        "Queued GitHub issue report for %s", payload.get("fingerprint", "<unknown>")
-    )
+"""Helpers for reporting exceptions to GitHub and managing repositories."""
+
+from __future__ import annotations
+
+import logging
+import os
+from collections.abc import Mapping
+from typing import TYPE_CHECKING, Any
+
+from celery import shared_task
+import requests
+
+
+if TYPE_CHECKING:  # pragma: no cover - typing only
+    from .models import Package
+
+
+logger = logging.getLogger(__name__)
+
+
+GITHUB_API_ROOT = "https://api.github.com"
+REQUEST_TIMEOUT = 10
+
+
+class GitHubRepositoryError(RuntimeError):
+    """Raised when a GitHub repository operation fails."""
+
+
+
+@shared_task
+def report_exception_to_github(payload: dict[str, Any]) -> None:
+    """Send exception context to the GitHub issue helper.
+
+    The task is intentionally light-weight in this repository. Deployments can
+    replace it with an implementation that forwards ``payload`` to the
+    automation responsible for creating GitHub issues.
+    """
+
+    logger.info(
+        "Queued GitHub issue report for %s", payload.get("fingerprint", "<unknown>")
+    )
+
+
+def _resolve_github_token(package: Package | None) -> str:
+    """Return the GitHub token for ``package``.
+
+    Preference is given to the release manager associated with the package.
+    When unavailable, fall back to the ``GITHUB_TOKEN`` environment variable.
+    """
+
+    if package:
+        manager = getattr(package, "release_manager", None)
+        if manager:
+            token = getattr(manager, "github_token", "")
+            if token:
+                cleaned = str(token).strip()
+                if cleaned:
+                    return cleaned
+
+    token = os.environ.get("GITHUB_TOKEN", "")
+    cleaned_env = token.strip() if isinstance(token, str) else str(token).strip()
+    if not cleaned_env:
+        raise GitHubRepositoryError("GitHub token is not configured")
+    return cleaned_env
+
+
+def _build_headers(token: str) -> Mapping[str, str]:
+    return {
+        "Accept": "application/vnd.github+json",
+        "Authorization": f"token {token}",
+        "User-Agent": "arthexis-admin",
+    }
+
+
+def _build_payload(repo: str, *, private: bool, description: str | None) -> dict[str, Any]:
+    payload: dict[str, Any] = {"name": repo, "private": private}
+    if description:
+        payload["description"] = description
+    return payload
+
+
+def _extract_error_message(response: requests.Response) -> str:
+    try:
+        data = response.json()
+    except ValueError:
+        data = {}
+
+    message = data.get("message") or response.text or "GitHub repository request failed"
+    errors = data.get("errors")
+    details: list[str] = []
+    if isinstance(errors, list):
+        for entry in errors:
+            if isinstance(entry, str):
+                details.append(entry)
+            elif isinstance(entry, Mapping):
+                text = entry.get("message") or entry.get("code")
+                if text:
+                    details.append(str(text))
+
+    if details:
+        message = f"{message} ({'; '.join(details)})"
+
+    return message
+
+
+def _safe_json(response: requests.Response) -> dict[str, Any]:
+    try:
+        data = response.json()
+    except ValueError:
+        data = {}
+    return data
+
+
+def create_repository_for_package(
+    package: Package,
+    *,
+    owner: str,
+    repo: str,
+    private: bool = False,
+    description: str | None = None,
+) -> str:
+    """Create a GitHub repository and return its canonical URL.
+
+    The helper attempts to create the repository under ``owner`` when provided.
+    If the authenticated token lacks access to the organization, the helper
+    falls back to creating the repository for the authenticated user. On
+    success, the GitHub HTML URL for the repository is returned.
+    """
+
+    token = _resolve_github_token(package)
+    headers = _build_headers(token)
+    payload = _build_payload(repo, private=private, description=description)
+
+    endpoints: list[str] = []
+    owner = owner.strip()
+    if owner:
+        endpoints.append(f"{GITHUB_API_ROOT}/orgs/{owner}/repos")
+    endpoints.append(f"{GITHUB_API_ROOT}/user/repos")
+
+    last_error: str | None = None
+
+    for index, endpoint in enumerate(endpoints):
+        try:
+            response = requests.post(
+                endpoint,
+                json=payload,
+                headers=headers,
+                timeout=REQUEST_TIMEOUT,
+            )
+        except requests.RequestException as exc:  # pragma: no cover - network failure
+            logger.exception(
+                "GitHub repository creation request failed for %s/%s", owner, repo
+            )
+            raise GitHubRepositoryError(str(exc)) from exc
+
+        if 200 <= response.status_code < 300:
+            data = _safe_json(response)
+            html_url = data.get("html_url")
+            if html_url:
+                return html_url
+
+            resolved_owner = (
+                data.get("owner", {}).get("login")
+                if isinstance(data.get("owner"), Mapping)
+                else owner
+            )
+            resolved_owner = (resolved_owner or owner).strip("/")
+            return f"https://github.com/{resolved_owner}/{repo}"
+
+        message = _extract_error_message(response)
+        logger.error(
+            "GitHub repository creation failed for %s/%s (%s): %s",
+            owner or "<user>",
+            repo,
+            response.status_code,
+            message,
+        )
+        last_error = message
+
+        # If we're attempting to create within an organization and receive a
+        # not found or forbidden error, fall back to creating for the
+        # authenticated user.
+        if index == 0 and owner and response.status_code in {403, 404}:
+            continue
+
+        break
+
+    raise GitHubRepositoryError(last_error or "GitHub repository creation failed")