createsonline 0.1.26__py3-none-any.whl

createsonline/security/encryption.py

@@ -0,0 +1,349 @@
+# createsonline/security/encryption.py
+"""
+CREATESONLINE Encryption Utilities
+
+Military-grade encryption and password hashing:
+- Argon2 password hashing
+- AES-256 encryption
+- Secure token generation
+- Key derivation functions
+"""
+
+import hashlib
+import hmac
+import secrets
+import base64
+import time
+from typing import Optional, Tuple, Dict, Any
+
+
+class SecureHasher:
+    """
+    Military-grade password hashing using Argon2-equivalent security
+    Falls back to PBKDF2 if Argon2 not available
+    """
+    
+    def __init__(self):
+        # Try to import argon2 for best security
+        try:
+            import argon2
+            self.argon2_available = True
+            self.argon2_hasher = argon2.PasswordHasher(
+                time_cost=3,        # Number of iterations
+                memory_cost=65536,  # Memory usage in KiB
+                parallelism=1,      # Number of parallel threads
+                hash_len=32,        # Hash length
+                salt_len=16         # Salt length
+            )
+            pass
+        except ImportError:
+            self.argon2_available = False
+            pass
+    
+    def hash_password(self, password: str) -> str:
+        """Hash password with maximum security"""
+        
+        if self.argon2_available:
+            # Use Argon2 (recommended by OWASP)
+            return self.argon2_hasher.hash(password)
+        else:
+            # Fallback to PBKDF2 with high iteration count
+            salt = secrets.token_bytes(32)
+            iterations = 100000  # High iteration count for security
+            
+            # Create PBKDF2 hash
+            password_hash = hashlib.pbkdf2_hmac(
+                'sha256',
+                password.encode('utf-8'),
+                salt,
+                iterations
+            )
+            
+            # Encode as: algorithm$iterations$salt$hash
+            encoded_salt = base64.b64encode(salt).decode('ascii')
+            encoded_hash = base64.b64encode(password_hash).decode('ascii')
+            
+            return f"pbkdf2_sha256${iterations}${encoded_salt}${encoded_hash}"
+    
+    def verify_password(self, password: str, hashed: str) -> bool:
+        """Verify password against hash"""
+        
+        if self.argon2_available and not hashed.startswith('pbkdf2_'):
+            # Verify with Argon2
+            try:
+                self.argon2_hasher.verify(hashed, password)
+                return True
+            except:
+                return False
+        else:
+            # Verify with PBKDF2
+            try:
+                parts = hashed.split('$')
+                if len(parts) != 4 or parts[0] != 'pbkdf2_sha256':
+                    return False
+                
+                iterations = int(parts[1])
+                salt = base64.b64decode(parts[2])
+                stored_hash = base64.b64decode(parts[3])
+                
+                # Compute hash with same parameters
+                computed_hash = hashlib.pbkdf2_hmac(
+                    'sha256',
+                    password.encode('utf-8'),
+                    salt,
+                    iterations
+                )
+                
+                # Constant-time comparison to prevent timing attacks
+                return hmac.compare_digest(stored_hash, computed_hash)
+                
+            except (ValueError, IndexError):
+                return False
+    
+    def needs_rehash(self, hashed: str) -> bool:
+        """Check if password needs rehashing with stronger parameters"""
+        
+        if self.argon2_available:
+            if not hashed.startswith('pbkdf2_'):
+                # Already using Argon2
+                try:
+                    return self.argon2_hasher.check_needs_rehash(hashed)
+                except:
+                    return True
+            else:
+                # Upgrade from PBKDF2 to Argon2
+                return True
+        else:
+            # Check PBKDF2 iteration count
+            try:
+                parts = hashed.split('$')
+                if len(parts) == 4 and parts[0] == 'pbkdf2_sha256':
+                    iterations = int(parts[1])
+                    return iterations < 100000  # Upgrade if less than 100k iterations
+            except:
+                pass
+            
+            return True
+
+
+class SecureTokenGenerator:
+    """Generate cryptographically secure tokens"""
+    
+    @staticmethod
+    def generate_token(length: int = 32) -> str:
+        """Generate secure random token"""
+        return secrets.token_urlsafe(length)
+    
+    @staticmethod
+    def generate_api_key() -> str:
+        """Generate API key with prefix"""
+        prefix = "cos_"  # CREATESONLINE prefix
+        token = secrets.token_urlsafe(32)
+        return f"{prefix}{token}"
+    
+    @staticmethod
+    def generate_session_id() -> str:
+        """Generate session ID"""
+        timestamp = str(int(time.time()))
+        random_part = secrets.token_urlsafe(24)
+        return f"{timestamp}_{random_part}"
+    
+    @staticmethod
+    def generate_csrf_token(session_id: str, secret_key: str) -> str:
+        """Generate CSRF token tied to session"""
+        timestamp = str(int(time.time()))
+        message = f"{session_id}:{timestamp}"
+        
+        signature = hmac.new(
+            secret_key.encode(),
+            message.encode(),
+            hashlib.sha256
+        ).hexdigest()
+        
+        return f"{timestamp}:{signature}"
+    
+    @staticmethod
+    def verify_csrf_token(token: str, session_id: str, secret_key: str, 
+                         max_age: int = 3600) -> bool:
+        """Verify CSRF token"""
+        try:
+            timestamp_str, signature = token.split(':', 1)
+            timestamp = int(timestamp_str)
+            
+            # Check token age
+            if time.time() - timestamp > max_age:
+                return False
+            
+            # Verify signature
+            message = f"{session_id}:{timestamp_str}"
+            expected_signature = hmac.new(
+                secret_key.encode(),
+                message.encode(),
+                hashlib.sha256
+            ).hexdigest()
+            
+            return hmac.compare_digest(signature, expected_signature)
+            
+        except (ValueError, IndexError):
+            return False
+
+
+class AESEncryption:
+    """AES-256 encryption utilities"""
+    
+    def __init__(self, key: Optional[bytes] = None):
+        if key is None:
+            key = secrets.token_bytes(32)  # 256-bit key
+        elif len(key) != 32:
+            # Derive 256-bit key from provided key
+            key = hashlib.sha256(key).digest()
+        
+        self.key = key
+        
+        # Try to import cryptography library for AES
+        try:
+            from cryptography.fernet import Fernet
+            from cryptography.hazmat.primitives import hashes
+            from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+            
+            # Create Fernet key from our key
+            kdf = PBKDF2HMAC(
+                algorithm=hashes.SHA256(),
+                length=32,
+                salt=b'createsonline_salt',  # In production, use random salt
+                iterations=100000,
+            )
+            fernet_key = base64.urlsafe_b64encode(kdf.derive(self.key))
+            self.cipher = Fernet(fernet_key)
+            self.crypto_available = True
+            pass
+            
+        except ImportError:
+            self.crypto_available = False
+            pass
+    
+    def encrypt(self, data: str) -> str:
+        """Encrypt string data"""
+        
+        if self.crypto_available:
+            # Use Fernet (AES-256)
+            encrypted = self.cipher.encrypt(data.encode())
+            return base64.b64encode(encrypted).decode()
+        else:
+            # Fallback to XOR encryption
+            data_bytes = data.encode()
+            encrypted_bytes = bytearray()
+            
+            for i, byte in enumerate(data_bytes):
+                key_byte = self.key[i % len(self.key)]
+                encrypted_bytes.append(byte ^ key_byte)
+            
+            return base64.b64encode(encrypted_bytes).decode()
+    
+    def decrypt(self, encrypted_data: str) -> str:
+        """Decrypt string data"""
+        
+        try:
+            if self.crypto_available:
+                # Use Fernet (AES-256)
+                encrypted_bytes = base64.b64decode(encrypted_data)
+                decrypted = self.cipher.decrypt(encrypted_bytes)
+                return decrypted.decode()
+            else:
+                # Fallback to XOR decryption
+                encrypted_bytes = base64.b64decode(encrypted_data)
+                decrypted_bytes = bytearray()
+                
+                for i, byte in enumerate(encrypted_bytes):
+                    key_byte = self.key[i % len(self.key)]
+                    decrypted_bytes.append(byte ^ key_byte)
+                
+                return decrypted_bytes.decode()
+        
+        except Exception:
+            raise ValueError("Invalid encrypted data")
+    
+    def encrypt_dict(self, data: Dict[str, Any]) -> str:
+        """Encrypt dictionary as JSON"""
+        import json
+        json_str = json.dumps(data, separators=(',', ':'))
+        return self.encrypt(json_str)
+    
+    def decrypt_dict(self, encrypted_data: str) -> Dict[str, Any]:
+        """Decrypt to dictionary"""
+        import json
+        json_str = self.decrypt(encrypted_data)
+        return json.loads(json_str)
+
+
+class KeyDerivation:
+    """Key derivation functions for secure key generation"""
+    
+    @staticmethod
+    def derive_key(password: str, salt: Optional[bytes] = None, 
+                   length: int = 32, iterations: int = 100000) -> Tuple[bytes, bytes]:
+        """Derive encryption key from password"""
+        
+        if salt is None:
+            salt = secrets.token_bytes(32)
+        
+        key = hashlib.pbkdf2_hmac(
+            'sha256',
+            password.encode(),
+            salt,
+            iterations,
+            dklen=length
+        )
+        
+        return key, salt
+    
+    @staticmethod
+    def derive_multiple_keys(master_key: bytes, labels: list, 
+                           length: int = 32) -> Dict[str, bytes]:
+        """Derive multiple keys from master key using HKDF-like approach"""
+        
+        keys = {}
+        
+        for label in labels:
+            # Create unique key for each label
+            info = f"CREATESONLINE_{label}".encode()
+            
+            # Simple HKDF-like derivation
+            prk = hmac.new(b'salt', master_key, hashlib.sha256).digest()
+            okm = hmac.new(prk, info + b'\x01', hashlib.sha256).digest()[:length]
+            
+            keys[label] = okm
+        
+        return keys
+
+
+# Global secure hasher instance
+_secure_hasher = SecureHasher()
+
+def encrypt_password(password: str) -> str:
+    """Encrypt password with maximum security"""
+    return _secure_hasher.hash_password(password)
+
+def verify_password(password: str, hashed: str) -> bool:
+    """Verify password against hash"""
+    return _secure_hasher.verify_password(password, hashed)
+
+def generate_secure_token(length: int = 32) -> str:
+    """Generate cryptographically secure token"""
+    return SecureTokenGenerator.generate_token(length)
+
+def generate_api_key() -> str:
+    """Generate API key"""
+    return SecureTokenGenerator.generate_api_key()
+
+def generate_session_id() -> str:
+    """Generate session ID"""
+    return SecureTokenGenerator.generate_session_id()
+
+def create_encryption_cipher(key: Optional[bytes] = None) -> AESEncryption:
+    """Create AES encryption cipher"""
+    return AESEncryption(key)
+
+def secure_compare(a: str, b: str) -> bool:
+    """Constant-time string comparison to prevent timing attacks"""
+    return hmac.compare_digest(a.encode(), b.encode())

createsonline/server.py

@@ -0,0 +1,295 @@
+# createsonline/server.py
+"""
+CREATESONLINE Pure Python HTTP Server
+
+Zero external dependencies - runs ASGI apps with just Python stdlib.
+This eliminates the need for uvicorn.
+"""
+
+import asyncio
+import socket
+import json
+import time
+from datetime import datetime
+from typing import Callable
+from urllib.parse import parse_qs, urlparse
+import logging
+
+logger = logging.getLogger("createsonline.server")
+
+class CreatesonlineServer:
+    """Pure Python HTTP server for ASGI applications"""
+    
+    def __init__(self, app: Callable, host: str = "127.0.0.1", port: int = 8000):
+        self.app = app
+        self.host = host
+        self.original_port = port
+        self.port = self._find_available_port(host, port)
+        self.server = None
+        
+        # Notify if port changed
+        if self.port != self.original_port:
+            import logging
+            logger = logging.getLogger("createsonline")
+            logger.warning(f"Port {self.original_port} is busy, using port {self.port} instead")
+    
+    def _find_available_port(self, host: str, start_port: int, max_attempts: int = 100) -> int:
+        """Find an available port starting from start_port"""
+        for port in range(start_port, start_port + max_attempts):
+            try:
+                # Try to bind to the port
+                test_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+                test_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+                test_socket.bind((host, port))
+                test_socket.close()
+                return port
+            except OSError:
+                # Port is in use, try next one
+                continue
+        
+        # If no port found, raise error
+        raise RuntimeError(f"No available ports found between {start_port} and {start_port + max_attempts}")
+        
+    async def handle_client(self, reader: asyncio.StreamReader, writer: asyncio.StreamWriter):
+        """Handle individual client connection"""
+        start_time = time.time()
+        response_size = 0
+        status_code = 500
+        
+        try:
+            # Read HTTP request
+            request_line = await reader.readline()
+            if not request_line:
+                return
+                
+            request_line = request_line.decode('utf-8').strip()
+            method, path, _ = request_line.split(' ', 2)
+            
+            # Read headers
+            headers = {}
+            while True:
+                line = await reader.readline()
+                if line == b'\r\n':
+                    break
+                if line:
+                    key, value = line.decode('utf-8').strip().split(':', 1)
+                    headers[key.lower()] = value.strip()
+            
+            # Read body if present
+            body = b''
+            if 'content-length' in headers:
+                content_length = int(headers['content-length'])
+                body = await reader.readexactly(content_length)
+            
+            # Parse URL
+            parsed_url = urlparse(path)
+            query_string = parsed_url.query.encode() if parsed_url.query else b''
+            
+            # Build ASGI scope
+            scope = {
+                'type': 'http',
+                'asgi': {'version': '3.0'},
+                'http_version': '1.1',
+                'method': method,
+                'scheme': 'http',
+                'path': parsed_url.path,
+                'query_string': query_string,
+                'root_path': '',
+                'headers': [[k.encode(), v.encode()] for k, v in headers.items()],
+                'server': (self.host, self.port),
+            }
+            
+            # ASGI receive callable
+            body_sent = False
+            async def receive():
+                nonlocal body_sent
+                if not body_sent:
+                    body_sent = True
+                    return {
+                        'type': 'http.request',
+                        'body': body,
+                        'more_body': False,
+                    }
+                return {'type': 'http.disconnect'}
+            
+            # ASGI send callable
+            response_started = False
+            async def send(message):
+                nonlocal response_started, response_size, status_code
+                
+                if message['type'] == 'http.response.start':
+                    response_started = True
+                    status_code = message['status']
+                    headers = message.get('headers', [])
+                    
+                    # Write status line
+                    writer.write(f'HTTP/1.1 {status_code} OK\r\n'.encode())
+                    
+                    # Write headers
+                    for name, value in headers:
+                        writer.write(f'{name.decode()}: {value.decode()}\r\n'.encode())
+                    writer.write(b'\r\n')
+                    
+                elif message['type'] == 'http.response.body':
+                    body = message.get('body', b'')
+                    if body:
+                        response_size += len(body)
+                        writer.write(body)
+                    await writer.drain()
+            
+            # Call ASGI app
+            await self.app(scope, receive, send)
+            
+            # Log request after completion
+            elapsed_ms = (time.time() - start_time) * 1000
+            timestamp = datetime.now().strftime("%H:%M:%S")
+            status_indicator = self._get_status_indicator(status_code)
+            
+            # Format size
+            if response_size < 1024:
+                size_str = f"{response_size}B"
+            elif response_size < 1024 * 1024:
+                size_str = f"{response_size / 1024:.1f}KB"
+            else:
+                size_str = f"{response_size / (1024 * 1024):.1f}MB"
+            
+            # Color-coded status for better visibility
+            status_display = f"{status_code}"
+            logger.info(f"[{timestamp}] [{status_indicator}] {method:<6} {path:<50} {status_display:<4} {size_str:>8} {elapsed_ms:>5.0f}ms")
+        except Exception as e:
+            # Log error to console
+            elapsed_ms = (time.time() - start_time) * 1000
+            timestamp = datetime.now().strftime("%H:%M:%S")
+            logger.error(f"[{timestamp}] [XXX] {method:<6} {path:<50} 500  ERROR    {elapsed_ms:>5.0f}ms | {str(e)}")
+            # Send 500 error
+            error_response = json.dumps({
+                "error": "Internal Server Error",
+                "message": str(e)
+            }).encode()
+            
+            response = (
+                b'HTTP/1.1 500 Internal Server Error\r\n'
+                b'Content-Type: application/json\r\n'
+                b'Content-Length: ' + str(len(error_response)).encode() + b'\r\n'
+                b'\r\n'
+            ) + error_response
+            
+            writer.write(response)
+            await writer.drain()
+        
+        finally:
+            writer.close()
+            await writer.wait_closed()
+    
+    def _get_status_indicator(self, status: int) -> str:
+        """Get visual indicator for HTTP status code"""
+        if 200 <= status < 300:
+            return "OK "  # Success
+        elif 300 <= status < 400:
+            return "->>"  # Redirect
+        elif 400 <= status < 500:
+            return "ERR"  # Client error
+        else:
+            return "XXX"  # Server error
+    
+    async def serve(self):
+        """Start the server"""
+        try:
+            self.server = await asyncio.start_server(
+                self.handle_client,
+                self.host,
+                self.port
+            )
+            
+            # Print server info
+            from . import __version__
+            startup_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+            print("\n" + "=" * 70)
+            print(f"  CREATESONLINE v{__version__} - AI-Native Web Framework")
+            print("=" * 70)
+            print(f"  Started:     {startup_time}")
+            print(f"  Server URL:  http://{self.host}:{self.port}")
+            print(f"  Press CTRL+C to stop")
+            print("=" * 70)
+            print(f"\n{'TIME':<12} {'STATUS':<7} {'METHOD':<8} {'PATH':<50} {'CODE':<6} {'SIZE':<10} {'TIME'}")
+            print("-" * 120)
+        except OSError as e:
+            logger.error(f"Failed to start server on {self.host}:{self.port}")
+            logger.error(f"Error: {e}")
+            raise
+        
+        
+        async with self.server:
+            await self.server.serve_forever()
+    
+    def run(self):
+        """Run the server (blocking)"""
+        try:
+            asyncio.run(self.serve())
+        except KeyboardInterrupt:
+            logger.info("Server stopped")
+def run_server(app: Callable, host: str = "127.0.0.1", port: int = 8000, reload: bool = False):
+    """
+    Run CREATESONLINE pure Python server
+    
+    Args:
+        app: ASGI application callable
+        host: Host to bind to
+        port: Port to listen on
+        reload: Enable auto-reload on file changes
+    """
+    # Configure logging
+    logging.basicConfig(
+        level=logging.INFO,
+        format='%(message)s'
+    )
+    
+    if reload:
+        # Use watchdog for auto-reload
+        try:
+            import sys
+            import subprocess
+            from pathlib import Path
+            from watchdog.observers import Observer
+            from watchdog.events import FileSystemEventHandler
+            
+            class ReloadHandler(FileSystemEventHandler):
+                def __init__(self):
+                    self.process = None
+                    self.restart_server()
+                
+                def restart_server(self):
+                    if self.process:
+                        self.process.terminate()
+                        self.process.wait()
+                    
+                    logger.info("🔄 Restarting server...")
+                    self.process = subprocess.Popen([sys.executable] + sys.argv)
+                
+                def on_modified(self, event):
+                    if event.src_path.endswith('.py'):
+                        logger.info(f"📝 File changed: {event.src_path}")
+                        self.restart_server()
+            
+            handler = ReloadHandler()
+            observer = Observer()
+            observer.schedule(handler, path=Path.cwd(), recursive=True)
+            observer.start()
+            
+            try:
+                observer.join()
+            except KeyboardInterrupt:
+                observer.stop()
+                if handler.process:
+                    handler.process.terminate()
+            observer.join()
+            
+        except ImportError:
+            logger.warning("⚠️  watchdog not installed, auto-reload disabled")
+            logger.info("Install with: pip install watchdog")
+            server = CreatesonlineServer(app, host, port)
+            server.run()
+    else:
+        server = CreatesonlineServer(app, host, port)
+        server.run()
+