clear-skies 1.19.22__py3-none-any.whl → 2.0.23__py3-none-any.whl

clearskies/secrets/exceptions/__init__.py

@@ -1 +1,7 @@
-from .not_found import NotFound
+from clearskies.secrets.exceptions.not_found_error import NotFoundError
+from clearskies.secrets.exceptions.permissions_error import PermissionsError
+
+__all__ = [
+    "NotFoundError",
+    "PermissionsError",
+]

clearskies/secrets/exceptions/not_found_error.py

@@ -0,0 +1,2 @@
+class NotFoundError(Exception):
+    pass

clearskies/secrets/exceptions/permissions_error.py

@@ -0,0 +1,2 @@
+class PermissionsError(Exception):
+    pass

clearskies/secrets/secrets.py

@@ -1,38 +1,39 @@
+from __future__ import annotations
+
 from abc import ABC
+from typing import Any
 
+import clearskies.configurable
+from clearskies.di.injectable_properties import InjectableProperties
 
-class Secrets:
-    def create(self, path, value):
-        raise NotImplementedError(
-            "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
-        )
 
-    def get(self, path, silent_if_not_found=False):
+class Secrets(ABC, clearskies.configurable.Configurable, InjectableProperties):
+    def create(self, path: str, value: str) -> bool:
         raise NotImplementedError(
             "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
         )
 
-    def get_dynamic_secret(self, path):
+    def get(self, path: str, silent_if_not_found: bool = False) -> str:
         raise NotImplementedError(
             "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
         )
 
-    def list_secrets(self, path):
+    def list_secrets(self, path: str) -> list[Any]:
         raise NotImplementedError(
             "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
         )
 
-    def update(self, path, value):
+    def update(self, path: str, value: Any) -> None:
         raise NotImplementedError(
             "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
         )
 
-    def upsert(self, path, value):
+    def upsert(self, path: str, value: Any) -> None:
         raise NotImplementedError(
             "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
         )
 
-    def list_sub_folders(self, path, value):
+    def list_sub_folders(self, path: str) -> list[Any]:
         raise NotImplementedError(
             "It looks like you tried to use the secret system in clearskies, but didn't specify a secret manager."
         )

clearskies/security_header.py

@@ -0,0 +1,17 @@
+from __future__ import annotations
+
+from clearskies import configurable
+
+
+class SecurityHeader(configurable.Configurable):
+    """
+    Attach all the various security headers to endpoints.
+
+    The security header classes can be attached directly to both endpoints and endpoint groups and
+    are used to set all the various security headers.
+    """
+
+    is_cors = False
+
+    def set_headers_for_input_output(self, input_output):
+        raise NotImplementedError()

clearskies/security_headers/__init__.py

@@ -1,11 +1,11 @@
-from .cache_control import cache_control
-from .cors import cors
-from .csp import csp
-from .hsts import hsts
+from clearskies.security_headers.cache_control import CacheControl
+from clearskies.security_headers.cors import Cors
+from clearskies.security_headers.csp import Csp
+from clearskies.security_headers.hsts import Hsts
 
 __all__ = [
-    "cache_control",
-    "cors",
-    "csp",
-    "hsts",
+    "CacheControl",
+    "Cors",
+    "Csp",
+    "Hsts",
 ]

clearskies/security_headers/cache_control.py

@@ -1,76 +1,63 @@
-from .base import Base
-from ..binding_config import BindingConfig
+from __future__ import annotations
 
-numbers = [
-    "max_age",
-    "stale_if_error",
-    "stale_while_revalidate",
-    "s_maxage",
-]
-bools = [
-    "immutable",
-    "must_understand",
-    "no_cache",
-    "no_store",
-    "no_transform",
-    "private",
-    "public",
-    "s_maxage",
-]
+from clearskies import configs, decorators
+from clearskies.security_header import SecurityHeader
 
 
-class CacheControl(Base):
-    max_age = None
-    no_cache = None
-    no_store = None
-    no_transform = None
-    s_maxage = None
-    must_understand = None
-    private = None
-    public = None
-    immutable = None
-    stale_while_revalidate = None
-    stale_if_error = None
+class CacheControl(SecurityHeader):
+    max_age = configs.Integer()
+    s_maxage = configs.Integer()
+    stale_while_revalidate = configs.Integer()
+    stale_if_error = configs.Integer()
+    immutable = configs.Boolean(default=False)
+    must_understand = configs.Boolean(default=False)
+    no_cache = configs.Boolean(default=False)
+    no_store = configs.Boolean(default=False)
+    no_transform = configs.Boolean(default=False)
+    private = configs.Boolean(default=False)
+    public = configs.Boolean(default=False)
 
-    def __init__(self, environment):
-        super().__init__(environment)
+    numbers: list[str] = [
+        "max_age",
+        "stale_if_error",
+        "stale_while_revalidate",
+        "s_maxage",
+    ]
+    bools: list[str] = [
+        "immutable",
+        "must_understand",
+        "no_cache",
+        "no_store",
+        "no_transform",
+        "private",
+        "public",
+    ]
 
-    def configure(
+    @decorators.parameters_to_properties
+    def __init__(
         self,
-        no_cache=None,
-        no_store=None,
-        no_transform=None,
-        max_age=None,
-        s_maxage=None,
-        must_revalidate=None,
-        proxy_revalidate=None,
-        must_understand=None,
-        private=None,
-        public=None,
-        immutable=None,
-        stale_while_revalidate=None,
-        stale_if_error=None,
+        max_age: int | None = None,
+        s_maxage: int | None = None,
+        stale_while_revalidate: int | None = None,
+        stale_if_error: int | None = None,
+        immutable: bool = False,
+        must_understand: bool = False,
+        no_cache: bool = False,
+        no_store: bool = False,
+        no_transform: bool = False,
+        private: bool = False,
+        public: bool = False,
     ):
-        self.max_age = max_age
-        self.no_cache = no_cache
-        self.no_store = no_store
-        self.no_transform = no_transform
-        self.s_maxage = s_maxage
-        self.must_understand = must_understand
-        self.private = private
-        self.public = public
-        self.immutable = immutable
-        self.stale_while_revalidate = stale_while_revalidate
-        self.stale_if_error = stale_if_error
+        self.finalize_and_validate_configuration()
 
     def set_headers_for_input_output(self, input_output):
         parts = []
-        for variable_name in bools:
+        for variable_name in self.bools:
             value = getattr(self, variable_name)
             if not value:
                 continue
             parts.append(variable_name.replace("_", "-"))
-        for variable_name in numbers:
+        for variable_name in self.numbers:
             value = getattr(self, variable_name)
             if value is None:
                 continue
@@ -78,53 +65,4 @@ class CacheControl(Base):
             parts.append(f"{key_name}={value}")
         if not parts:
             return
-        input_output.set_header("cache-control", ", ".join(parts))
-
-
-# Use an explicity param list, even though long, so that Python can provide some input checking directly
-def cache_control(
-    self,
-    no_cache=None,
-    no_store=None,
-    no_transform=None,
-    max_age=None,
-    s_maxage=None,
-    must_revalidate=None,
-    proxy_revalidate=None,
-    must_understand=None,
-    private=None,
-    public=None,
-    immutable=None,
-    stale_while_revalidate=None,
-    stale_if_error=None,
-):
-    for variable_name in numbers:
-        value = locals()[variable_name]
-        if value is not None and type(value) != int:
-            actual_type = type(value)
-            raise ValueError(
-                f"Invalid configuration value for cache control: {variable_name} should be an integer but instead is '{actual_type}'"
-            )
-    for variable_name in bools:
-        value = locals()[variable_name]
-        if value is not None and type(value) != bool:
-            actual_type = type(value)
-            raise ValueError(
-                f"Invalid configuration value for cache control: {variable_name} should be True/False but instead is of type '{actual_type}'"
-            )
-    return BindingConfig(
-        CacheControl,
-        no_cache=no_cache,
-        no_store=no_store,
-        no_transform=no_transform,
-        max_age=max_age,
-        s_maxage=s_maxage,
-        must_revalidate=must_revalidate,
-        proxy_revalidate=proxy_revalidate,
-        must_understand=must_understand,
-        private=private,
-        public=public,
-        immutable=immutable,
-        stale_while_revalidate=stale_while_revalidate,
-        stale_if_error=stale_if_error,
-    )
+        input_output.response_headers.add("cache-control", ", ".join(parts))

clearskies/security_headers/cors.py

@@ -1,105 +1,51 @@
-from .base import Base
-from ..binding_config import BindingConfig
+from __future__ import annotations
 
-lists = [
-    "headers",
-    "expose_headers",
-    "methods",
-]
+from clearskies import configs, decorators
+from clearskies.security_header import SecurityHeader
 
 
-class CORS(Base):
-    origin = None
-    methods = None
-    headers = None
-    max_age = None
-    credentials = None
-    expose_headers = None
+class Cors(SecurityHeader):
+    origin = configs.String()
+    methods = configs.StringList(default=[])
+    headers = configs.StringList(default=[])
+    max_age = configs.Integer(default=5)
+    credentials = configs.Boolean(default=False)
+    expose_headers = configs.StringList(default=[])
     is_cors = True
 
-    def __init__(self, environment):
-        super().__init__(environment)
+    @decorators.parameters_to_properties
+    def __init__(
+        self,
+        credentials: bool = False,
+        expose_headers: list[str] = [],
+        headers: list[str] = [],
+        max_age: int = 5,
+        methods: list[str] = [],
+        origin: str = "",
+    ):
+        self.finalize_and_validate_configuration()
 
-    def configure(self, origin=None, methods=None, headers=None, max_age=None, credentials=None, expose_headers=None):
-        self.origin = origin
-        self.max_age = max_age
-        self.credentials = credentials
-        self.expose_headers = ", ".join(expose_headers) if type(expose_headers) == list else expose_headers
-        self.set_methods(methods)
-        self.set_headers(headers)
+    def set_headers(self, headers: list[str]):
+        self.headers = headers
 
-    def set_headers(self, headers):
-        if type(headers) == list:
-            headers = ", ".join(headers)
-        self.headers = headers if headers is not None else ""
+    def add_header(self, header: str):
+        self.headers = [*self.headers, header]
 
-    def add_header(self, header):
-        if not self.headers:
-            self.headers = header
-        elif header not in self.headers:
-            self.headers += ", " + header
+    def set_methods(self, methods: list[str]):
+        self.methods = methods
 
-    def set_methods(self, methods):
-        if type(methods) == list:
-            methods = ", ".join(methods)
-        self.methods = methods if methods is not None else ""
-
-    def add_method(self, method):
-        if not self.methods:
-            self.methods = method
-        elif method not in self.methods:
-            self.methods += ", " + method
+    def add_method(self, method: str):
+        self.methods = [*self.methods, method]
 
     def set_headers_for_input_output(self, input_output):
-        for key in ["origin", "methods", "headers"]:
-            if not getattr(self, key):
+        for key in ["expose_headers", "methods", "headers"]:
+            value = getattr(self, key)
+            if not value:
                 continue
-            input_output.set_header(f"access-control-allow-{key}".replace("_", "-"), getattr(self, key))
+            input_output.response_headers.add(f"access-control-allow-{key}".replace("_", "-"), ", ".join(value))
         if self.credentials:
-            input_output.set_header("access-control-allow-credentials", "true")
-        for key in ["max_age", "expose_headers"]:
-            if not getattr(self, key):
-                continue
-            input_output.set_header(f"access-control-{key}".replace("_", "-"), str(getattr(self, key)))
-
-
-def cors(origin=None, methods=None, headers=None, max_age=None, credentials=None, expose_headers=None):
-    # I didn't auto-pull into kwargs so that the allowed values are clearly defined.
-    # however, checking and processing will be easier with a dict
-    kwargs = {
-        "origin": origin,
-        "methods": methods,
-        "headers": headers,
-        "max_age": max_age,
-        "credentials": credentials,
-        "expose_headers": expose_headers,
-    }
-    allowed_types = {
-        "origin": str,
-        "max_age": int,
-        "credentials": bool,
-    }
-    for key in lists:
-        value = kwargs[key]
-        if value is None:
-            continue
-        actual_type = type(value)
-        if actual_type == list:
-            if not all([type(item) == str for item in value]):
-                raise ValueError(
-                    f"Invalid configuration value for CORS: {key} should be a list of strings, but another kind of value was found"
-                )
-            kwargs[key] = ", ".join(value)
-        elif actual_type != str:
-            raise ValueError(
-                f"Invalid configuration value for CORS: {key} should be a string or list of strings but instead is '{actual_type}'"
-            )
-    for key, allowed_type in allowed_types.items():
-        if kwargs[key] is None:
-            continue
-        actual_type = type(kwargs[key])
-        if actual_type != allowed_type:
-            raise ValueError(
-                f"Invalid configuration value for CORS: {key} should be a {allowed_type} but instead is '{actual_type}'"
-            )
-    return BindingConfig(CORS, **kwargs)
+            input_output.response_headers.add("access-control-allow-credentials", "true")
+        if self.max_age:
+            input_output.response_headers.add("access-control-max-age", str(self.max_age))
+        if self.origin:
+            input_output.response_headers.add("access-control-allow-origin", str(self.origin))

clearskies/security_headers/csp.py

@@ -1,169 +1,95 @@
-from .base import Base
-from ..binding_config import BindingConfig
+from __future__ import annotations
 
-directives = [
-    "default_src",
-    "script_src",
-    "style_src",
-    "img_src",
-    "connect_src",
-    "font_src",
-    "object_src",
-    "media_src",
-    "frame_src",
-    "sandbox",
-    "report_uri",
-    "child_src",
-    "form_action",
-    "frame_ancestors",
-    "plugin_types",
-    "base_uri",
-    "report_to",
-    "worker_src",
-    "manifest_src",
-    "prefetch_src",
-    "navigate_to",
-]
+from clearskies import configs, decorators
+from clearskies.security_header import SecurityHeader
 
 
-class CSP(Base):
+class Csp(SecurityHeader):
     header_name = "content-security-policy"
-    default_src = None
-    script_src = None
-    style_src = None
-    img_src = None
-    connect_src = None
-    font_src = None
-    object_src = None
-    media_src = None
-    frame_src = None
-    sandbox = None
-    report_uri = None
-    child_src = None
-    form_action = None
-    frame_ancestors = None
-    plugin_types = None
-    base_uri = None
-    report_to = None
-    worker_src = None
-    manifest_src = None
-    prefetch_src = None
-    navigate_to = None
+    default_src = configs.String()
+    script_src = configs.String()
+    style_src = configs.String()
+    img_src = configs.String()
+    connect_src = configs.String()
+    font_src = configs.String()
+    object_src = configs.String()
+    media_src = configs.String()
+    frame_src = configs.String()
+    sandbox = configs.String()
+    report_uri = configs.String()
+    child_src = configs.String()
+    form_action = configs.String()
+    frame_ancestors = configs.String()
+    plugin_types = configs.String()
+    base_uri = configs.String()
+    report_to = configs.String()
+    worker_src = configs.String()
+    manifest_src = configs.String()
+    prefetch_src = configs.String()
+    navigate_to = configs.String()
 
-    def __init__(self, environment):
-        super().__init__(environment)
+    directives = [
+        "default_src",
+        "script_src",
+        "style_src",
+        "img_src",
+        "connect_src",
+        "font_src",
+        "object_src",
+        "media_src",
+        "frame_src",
+        "sandbox",
+        "report_uri",
+        "child_src",
+        "form_action",
+        "frame_ancestors",
+        "plugin_types",
+        "base_uri",
+        "report_to",
+        "worker_src",
+        "manifest_src",
+        "prefetch_src",
+        "navigate_to",
+    ]
 
-    def configure(
+    @decorators.parameters_to_properties
+    def __init__(
         self,
-        default_src=None,
-        script_src=None,
-        style_src=None,
-        img_src=None,
-        connect_src=None,
-        font_src=None,
-        object_src=None,
-        media_src=None,
-        frame_src=None,
-        sandbox=None,
-        report_uri=None,
-        child_src=None,
-        form_action=None,
-        frame_ancestors=None,
-        plugin_types=None,
-        base_uri=None,
-        report_to=None,
-        worker_src=None,
-        manifest_src=None,
-        prefetch_src=None,
-        navigate_to=None,
+        default_src: str = "",
+        script_src: str = "",
+        style_src: str = "",
+        img_src: str = "",
+        connect_src: str = "",
+        font_src: str = "",
+        object_src: str = "",
+        media_src: str = "",
+        frame_src: str = "",
+        sandbox: str = "",
+        report_uri: str = "",
+        child_src: str = "",
+        form_action: str = "",
+        frame_ancestors: str = "",
+        plugin_types: str = "",
+        base_uri: str = "",
+        report_to: str = "",
+        worker_src: str = "",
+        manifest_src: str = "",
+        prefetch_src: str = "",
+        navigate_to: str = "",
     ):
-        self.default_src = default_src
-        self.script_src = script_src
-        self.style_src = style_src
-        self.img_src = img_src
-        self.connect_src = connect_src
-        self.font_src = font_src
-        self.object_src = object_src
-        self.media_src = media_src
-        self.frame_src = frame_src
-        self.sandbox = sandbox
-        self.report_uri = report_uri
-        self.child_src = child_src
-        self.form_action = form_action
-        self.frame_ancestors = frame_ancestors
-        self.plugin_types = plugin_types
-        self.base_uri = base_uri
-        self.report_to = report_to
-        self.worker_src = worker_src
-        self.manifest_src = manifest_src
-        self.prefetch_src = prefetch_src
-        self.navigate_to = navigate_to
+        self.finalize_and_validate_configuration()
 
     def set_headers_for_input_output(self, input_output):
         parts = []
-        for variable_name in directives:
+        for variable_name in self.directives:
             value = getattr(self, variable_name)
             if not value:
                 continue
+            if value.lower().strip() == "self":
+                value = "'self'"
             header_key_name = variable_name.replace("_", "-")
             parts.append(f"{header_key_name} {value}")
         if not parts:
             return
         header_value = "; ".join(parts)
-        input_output.set_header(self.header_name, header_value)
-
-
-def csp(
-    default_src=None,
-    script_src=None,
-    style_src=None,
-    img_src=None,
-    connect_src=None,
-    font_src=None,
-    object_src=None,
-    media_src=None,
-    frame_src=None,
-    sandbox=None,
-    report_uri=None,
-    child_src=None,
-    form_action=None,
-    frame_ancestors=None,
-    plugin_types=None,
-    base_uri=None,
-    report_to=None,
-    worker_src=None,
-    manifest_src=None,
-    prefetch_src=None,
-    navigate_to=None,
-):
-    for variable_name in directives:
-        value = locals()[variable_name]
-        if value is not None and type(value) != str:
-            actual_type = type(value)
-            raise ValueError(
-                f"Invalid configuration value for CSP: {variable_name} should be a string but instead is '{actual_type}'"
-            )
-    return BindingConfig(
-        CSP,
-        default_src=default_src,
-        script_src=script_src,
-        style_src=style_src,
-        img_src=img_src,
-        connect_src=connect_src,
-        font_src=font_src,
-        object_src=object_src,
-        media_src=media_src,
-        frame_src=frame_src,
-        sandbox=sandbox,
-        report_uri=report_uri,
-        child_src=child_src,
-        form_action=form_action,
-        frame_ancestors=frame_ancestors,
-        plugin_types=plugin_types,
-        base_uri=base_uri,
-        report_to=report_to,
-        worker_src=worker_src,
-        manifest_src=manifest_src,
-        prefetch_src=prefetch_src,
-        navigate_to=navigate_to,
-    )
+        input_output.response_headers.add(self.header_name, header_value)