dash-devtools 1.0.0__py3-none-any.whl

dash_devtools/validators/migration.py

@@ -0,0 +1,292 @@
+"""
+UI 框架驗證器
+
+檢查項目：
+1. Shoelace 元件正確使用
+2. 禁止使用 Emoji 作為圖示（應用 sl-icon）
+3. 重複 class 屬性
+4. Shoelace CSS 變數正確使用
+5. 不完整 HTML 標籤
+"""
+
+import re
+from pathlib import Path
+
+
+# 常見 Emoji 圖示（這些應該用 sl-icon 取代）
+ICON_EMOJI_PATTERNS = [
+    # 工具與操作
+    r'[\U0001F527\U0001F528\U0001F529]',  # 🔧🔨🔩 wrench/hammer
+    r'[\U0001F504\U0001F503]',  # 🔄🔃 refresh
+    r'[\U0001F50D\U0001F50E]',  # 🔍🔎 search
+    r'[\u2699\uFE0F]?',  # ⚙️ gear
+    r'[\U0001F5D1\uFE0F]?',  # 🗑️ trash
+    r'[\u270F\uFE0F]?',  # ✏️ pencil
+    r'[\u2795]',  # ➕ plus
+    r'[\u2796]',  # ➖ minus
+    # 狀態指示
+    r'[\u2705]',  # ✅ check mark
+    r'[\u274C]',  # ❌ cross mark
+    r'[\u26A0\uFE0F]?',  # ⚠️ warning
+    r'[\U0001F6A8]',  # 🚨 alert
+    r'[\u2139\uFE0F]?',  # ℹ️ info
+    # 物件與符號
+    r'[\U0001F3E2]',  # 🏢 building
+    r'[\U0001F4CB]',  # 📋 clipboard
+    r'[\U0001F4C5\U0001F4C6]',  # 📅📆 calendar
+    r'[\U0001F464\U0001F465]',  # 👤👥 person/people
+    r'[\U0001F512\U0001F513]',  # 🔒🔓 lock
+    r'[\U0001F510]',  # 🔐 key lock
+    r'[\u231B]',  # ⏳ hourglass
+    r'[\u23F3]',  # ⏳ hourglass flowing
+    # 數字圓圈（應用 sl-icon 的 1-circle 等）
+    r'[1-9]\uFE0F?\u20E3',  # 1️⃣ 2️⃣ etc
+]
+
+
+class MigrationValidator:
+    """UI 框架驗證器"""
+
+    name = 'migration'
+
+    def __init__(self, project_path):
+        self.project_path = Path(project_path)
+        self.project_name = self.project_path.name
+        self.src_path = self.project_path / 'src'
+        self.result = {
+            'name': self.name,
+            'passed': True,
+            'errors': [],
+            'warnings': [],
+            'checks': {}
+        }
+
+    def run(self):
+        """執行所有驗證"""
+        if not self.project_path.exists():
+            self.result['passed'] = False
+            self.result['errors'].append(f'專案路徑不存在: {self.project_path}')
+            return self.result
+
+        # 判斷專案類型
+        is_angular = (self.project_path / 'angular.json').exists()
+
+        if is_angular:
+            # Angular 專案使用 PrimeNG，跳過 Shoelace 檢查
+            self.result['checks']['framework'] = 'Angular + PrimeNG'
+        else:
+            # 非 Angular 專案應使用 Shoelace
+            self.check_shoelace_usage()
+            self.check_emoji_icons()
+
+        # 通用檢查
+        self.check_duplicate_classes()
+        self.check_incomplete_html_tags()
+        self.check_empty_buttons()
+        self.check_empty_event_handlers()
+
+        return self.result
+
+    def check_shoelace_usage(self):
+        """檢查 Shoelace 是否正確使用"""
+        # 檢查 index.html 是否有 Shoelace CDN
+        index_html = self.project_path / 'index.html'
+        has_shoelace_css = False
+        has_shoelace_js = False
+
+        if index_html.exists():
+            content = index_html.read_text(encoding='utf-8')
+            has_shoelace_css = 'shoelace' in content and '.css' in content
+            has_shoelace_js = 'shoelace' in content and '.js' in content
+
+        # 檢查 package.json
+        pkg_path = self.project_path / 'package.json'
+        has_shoelace_dep = False
+
+        if pkg_path.exists():
+            content = pkg_path.read_text(encoding='utf-8')
+            has_shoelace_dep = '@shoelace-style/shoelace' in content
+
+        self.result['checks']['shoelace_usage'] = {
+            'has_css': has_shoelace_css,
+            'has_js': has_shoelace_js,
+            'has_dependency': has_shoelace_dep
+        }
+
+        # Shoelace 是預期的框架，缺少才是問題
+        if not has_shoelace_css and not has_shoelace_dep:
+            self.result['warnings'].append('未偵測到 Shoelace（非 Angular 專案建議使用）')
+
+    def check_emoji_icons(self):
+        """檢查 Emoji 圖示（應用 sl-icon 取代）"""
+        if not self.src_path.exists():
+            return
+
+        total_count = 0
+        file_issues = {}
+
+        # 合併所有 emoji 模式
+        combined_pattern = '|'.join(ICON_EMOJI_PATTERNS)
+
+        for ext in ['*.js', '*.html']:
+            for file_path in self.src_path.rglob(ext):
+                try:
+                    content = file_path.read_text(encoding='utf-8')
+                    # 排除 console.log 中的 emoji（允許 log 用 emoji）
+                    # 只檢查 HTML 樣板字串中的 emoji
+                    template_content = self._extract_template_strings(content)
+
+                    matches = re.findall(combined_pattern, template_content)
+                    if matches:
+                        rel_path = str(file_path.relative_to(self.project_path))
+                        file_issues[rel_path] = len(matches)
+                        total_count += len(matches)
+                except Exception:
+                    pass
+
+        self.result['checks']['emoji_icons'] = {
+            'count': total_count,
+            'files': file_issues
+        }
+
+        if total_count > 0:
+            self.result['warnings'].append(
+                f'Emoji 圖示: {total_count} 個（建議改用 sl-icon）'
+            )
+
+    def _extract_template_strings(self, content):
+        """提取 HTML 樣板字串內容"""
+        # 匹配 `...` 樣板字串
+        template_matches = re.findall(r'`[^`]*`', content, re.DOTALL)
+        return '\n'.join(template_matches)
+
+    def check_duplicate_classes(self):
+        """檢查重複 class 屬性"""
+        if not self.src_path.exists():
+            return
+
+        pattern = r'class="[^"]*"\s+class="'
+        total_count = 0
+        file_issues = {}
+
+        for file_path in self.src_path.rglob('*.js'):
+            try:
+                content = file_path.read_text(encoding='utf-8')
+                matches = re.findall(pattern, content)
+                if matches:
+                    rel_path = str(file_path.relative_to(self.project_path))
+                    file_issues[rel_path] = len(matches)
+                    total_count += len(matches)
+            except Exception:
+                pass
+
+        self.result['checks']['duplicate_classes'] = {
+            'count': total_count,
+            'files': file_issues
+        }
+
+        if total_count > 0:
+            self.result['passed'] = False
+            self.result['errors'].append(f'重複 class: {total_count} 個')
+
+    def check_incomplete_html_tags(self):
+        """檢查不完整的 HTML 標籤"""
+        if not self.src_path.exists():
+            return
+
+        tags_to_check = ['select', 'textarea', 'table', 'ul', 'ol']
+        issues = []
+
+        for file_path in self.src_path.rglob('*.js'):
+            try:
+                content = file_path.read_text(encoding='utf-8')
+                rel_path = str(file_path.relative_to(self.project_path))
+
+                for tag in tags_to_check:
+                    open_count = len(re.findall(rf'<{tag}[^>]*>', content))
+                    close_count = len(re.findall(rf'</{tag}>', content))
+
+                    if open_count > close_count:
+                        diff = open_count - close_count
+                        issues.append({
+                            'file': rel_path,
+                            'tag': tag,
+                            'missing': diff
+                        })
+            except Exception:
+                pass
+
+        self.result['checks']['incomplete_html'] = {
+            'count': len(issues),
+            'issues': issues
+        }
+
+        if issues:
+            self.result['passed'] = False
+            for issue in issues[:5]:
+                self.result['errors'].append(
+                    f"HTML 標籤不完整: {issue['file']} 缺少 {issue['missing']} 個 </{issue['tag']}>"
+                )
+
+    def check_empty_buttons(self):
+        """檢查空白按鈕內容"""
+        if not self.src_path.exists():
+            return
+
+        pattern = r'<button[^>]*>\s*\n?\s*</button>'
+        issues = []
+
+        for file_path in self.src_path.rglob('*.js'):
+            try:
+                content = file_path.read_text(encoding='utf-8')
+                matches = re.findall(pattern, content)
+                if matches:
+                    rel_path = str(file_path.relative_to(self.project_path))
+                    issues.append({
+                        'file': rel_path,
+                        'count': len(matches)
+                    })
+            except Exception:
+                pass
+
+        self.result['checks']['empty_buttons'] = {
+            'count': sum(i['count'] for i in issues),
+            'files': issues
+        }
+
+        if issues:
+            total = sum(i['count'] for i in issues)
+            self.result['warnings'].append(f'空白按鈕: {total} 個')
+
+    def check_empty_event_handlers(self):
+        """檢查空白事件處理器"""
+        if not self.src_path.exists():
+            return
+
+        pattern = r"addEventListener\s*\(\s*['\"]['\"]"
+        issues = []
+
+        for file_path in self.src_path.rglob('*.js'):
+            try:
+                content = file_path.read_text(encoding='utf-8')
+                matches = re.findall(pattern, content)
+                if matches:
+                    rel_path = str(file_path.relative_to(self.project_path))
+                    issues.append({
+                        'file': rel_path,
+                        'count': len(matches)
+                    })
+            except Exception:
+                pass
+
+        self.result['checks']['empty_event_handlers'] = {
+            'count': sum(i['count'] for i in issues) if issues else 0,
+            'files': issues
+        }
+
+        if issues:
+            self.result['passed'] = False
+            for issue in issues:
+                self.result['errors'].append(
+                    f"空白事件處理器: {issue['file']} 有 {issue['count']} 個"
+                )

dash_devtools/validators/performance.py

@@ -0,0 +1,167 @@
+"""
+效能驗證器
+
+檢查項目：
+1. Bundle 大小限制
+2. 圖片優化
+3. 未使用的依賴
+4. CSS 編譯狀態
+"""
+
+import json
+import subprocess
+from pathlib import Path
+
+
+class PerformanceValidator:
+    """效能驗證器"""
+
+    name = 'performance'
+
+    # 限制設定
+    LIMITS = {
+        'max_css_kb': 200,        # CSS 最大 200KB
+        'min_css_kb': 30,         # CSS 最小 30KB (確保 Tailwind 編譯)
+        'max_js_kb': 500,         # JS 最大 500KB
+        'max_image_kb': 500,      # 圖片最大 500KB
+    }
+
+    def __init__(self, project_path):
+        self.project_path = Path(project_path)
+        self.project_name = self.project_path.name
+        self.dist_path = self.project_path / 'dist'
+        self.result = {
+            'name': self.name,
+            'passed': True,
+            'errors': [],
+            'warnings': [],
+            'checks': {}
+        }
+
+    def run(self):
+        """執行所有驗證"""
+        if not self.project_path.exists():
+            self.result['passed'] = False
+            self.result['errors'].append(f'專案路徑不存在: {self.project_path}')
+            return self.result
+
+        self.check_bundle_size()
+        self.check_image_sizes()
+        self.check_unused_dependencies()
+
+        return self.result
+
+    def check_bundle_size(self):
+        """檢查 Bundle 大小"""
+        if not self.dist_path.exists():
+            self.result['warnings'].append('dist 目錄不存在，跳過 bundle 檢查')
+            return
+
+        css_files = list(self.dist_path.rglob('*.css'))
+        js_files = list(self.dist_path.rglob('*.js'))
+
+        # CSS 檢查
+        total_css_size = sum(f.stat().st_size for f in css_files)
+        css_kb = total_css_size / 1024
+
+        self.result['checks']['css_bundle'] = {
+            'size_kb': round(css_kb, 1),
+            'files': len(css_files)
+        }
+
+        if css_kb < self.LIMITS['min_css_kb']:
+            self.result['warnings'].append(
+                f'CSS 過小 ({css_kb:.1f} KB)，可能 Tailwind 未正確編譯'
+            )
+        elif css_kb > self.LIMITS['max_css_kb']:
+            self.result['warnings'].append(
+                f'CSS 過大 ({css_kb:.1f} KB)，考慮優化'
+            )
+
+        # JS 檢查
+        total_js_size = sum(f.stat().st_size for f in js_files)
+        js_kb = total_js_size / 1024
+
+        self.result['checks']['js_bundle'] = {
+            'size_kb': round(js_kb, 1),
+            'files': len(js_files)
+        }
+
+        if js_kb > self.LIMITS['max_js_kb']:
+            self.result['warnings'].append(
+                f'JS 過大 ({js_kb:.1f} KB)，考慮 code splitting'
+            )
+
+    def check_image_sizes(self):
+        """檢查圖片大小"""
+        public_path = self.project_path / 'public'
+        src_path = self.project_path / 'src'
+
+        large_images = []
+        extensions = ['*.png', '*.jpg', '*.jpeg', '*.gif', '*.webp', '*.svg']
+
+        for path in [public_path, src_path]:
+            if not path.exists():
+                continue
+            for ext in extensions:
+                for img in path.rglob(ext):
+                    size_kb = img.stat().st_size / 1024
+                    if size_kb > self.LIMITS['max_image_kb']:
+                        large_images.append({
+                            'file': str(img.relative_to(self.project_path)),
+                            'size_kb': round(size_kb, 1)
+                        })
+
+        self.result['checks']['images'] = {
+            'large_count': len(large_images),
+            'files': large_images
+        }
+
+        if large_images:
+            for img in large_images[:3]:
+                self.result['warnings'].append(
+                    f"圖片過大: {img['file']} ({img['size_kb']} KB)"
+                )
+
+    def check_unused_dependencies(self):
+        """檢查未使用的依賴"""
+        pkg_path = self.project_path / 'package.json'
+        if not pkg_path.exists():
+            return
+
+        try:
+            pkg = json.loads(pkg_path.read_text(encoding='utf-8'))
+            deps = list(pkg.get('dependencies', {}).keys())
+
+            # 簡單檢查：搜尋 src 中是否有 import
+            src_path = self.project_path / 'src'
+            if not src_path.exists():
+                return
+
+            all_content = ''
+            for f in src_path.rglob('*.js'):
+                try:
+                    all_content += f.read_text(encoding='utf-8')
+                except Exception:
+                    pass
+
+            unused = []
+            for dep in deps:
+                # 跳過一些特殊依賴
+                if dep.startswith('@types/') or dep in ['vite', 'tailwindcss', 'daisyui']:
+                    continue
+                if dep not in all_content and f"'{dep}'" not in all_content:
+                    unused.append(dep)
+
+            self.result['checks']['unused_deps'] = {
+                'count': len(unused),
+                'packages': unused[:10]  # 只顯示前 10 個
+            }
+
+            if unused:
+                self.result['warnings'].append(
+                    f'可能未使用的依賴: {", ".join(unused[:5])}'
+                )
+
+        except Exception:
+            pass

dash_devtools/validators/security.py

@@ -0,0 +1,205 @@
+"""
+安全性驗證器
+
+檢查項目：
+1. API Key / Token 外洩
+2. 密碼硬編碼
+3. .env 檔案提交
+4. 敏感資料暴露
+"""
+
+import re
+from pathlib import Path
+
+
+class SecurityValidator:
+    """安全性驗證器"""
+
+    name = 'security'
+
+    # 敏感資料正則表達式
+    SENSITIVE_PATTERNS = [
+        (r'(?i)(api[_-]?key|apikey)\s*[=:]\s*["\']?[a-zA-Z0-9_-]{20,}', 'API Key'),
+        (r'(?i)(secret|token)\s*[=:]\s*["\']?[a-zA-Z0-9_-]{20,}', 'Secret/Token'),
+        (r'(?i)password\s*[=:]\s*["\'][^"\']+["\']', '密碼'),
+        (r'sk-[a-zA-Z0-9]{48}', 'OpenAI API Key'),
+        (r'sk_live_[a-zA-Z0-9]{24,}', 'Stripe Live Key'),
+        (r'ghp_[a-zA-Z0-9]{36}', 'GitHub Token'),
+        # Clerk 只檢查 secret key (sk_)，publishable key (pk_) 是公開的
+        (r'CLERK_SECRET_KEY\s*=\s*["\']?sk_[a-zA-Z0-9_-]{20,}', 'Clerk Secret Key'),
+    ]
+
+    # 敏感檔案
+    SENSITIVE_FILES = [
+        '.env',
+        '.env.local',
+        '.env.production',
+        'credentials.json',
+        'service-account.json',
+        'private.key',
+        '*.pem',
+    ]
+
+    # 忽略目錄
+    IGNORE_DIRS = [
+        'node_modules', '.git', 'dist', 'build', '.next', '__pycache__',
+        '.angular', 'venv', '.venv', '.cache', 'coverage'
+    ]
+
+    def __init__(self, project_path):
+        self.project_path = Path(project_path)
+        self.project_name = self.project_path.name
+        self.result = {
+            'name': self.name,
+            'passed': True,
+            'errors': [],
+            'warnings': [],
+            'checks': {}
+        }
+
+    def run(self):
+        """執行所有驗證"""
+        if not self.project_path.exists():
+            self.result['passed'] = False
+            self.result['errors'].append(f'專案路徑不存在: {self.project_path}')
+            return self.result
+
+        self.check_sensitive_files()
+        self.check_hardcoded_secrets()
+        self.check_gitignore()
+
+        return self.result
+
+    def check_sensitive_files(self):
+        """檢查敏感檔案是否被追蹤"""
+        issues = []
+
+        # 找出所有巢狀的 git repo (要跳過)
+        nested_repos = []
+        for git_dir in self.project_path.rglob('.git'):
+            if git_dir.parent != self.project_path:
+                nested_repos.append(str(git_dir.parent))
+
+        for pattern in self.SENSITIVE_FILES:
+            if '*' in pattern:
+                files = list(self.project_path.rglob(pattern))
+            else:
+                files = [self.project_path / pattern]
+
+            for f in files:
+                if f.exists() and f.is_file():
+                    # 跳過巢狀 git repo
+                    if any(str(f).startswith(repo) for repo in nested_repos):
+                        continue
+                    # 跳過忽略目錄
+                    if any(ignore in str(f) for ignore in self.IGNORE_DIRS):
+                        continue
+                    # 檢查是否在 .gitignore 中
+                    if not self._is_gitignored(f):
+                        issues.append(str(f.relative_to(self.project_path)))
+
+        self.result['checks']['sensitive_files'] = {
+            'count': len(issues),
+            'files': issues
+        }
+
+        if issues:
+            self.result['passed'] = False
+            for f in issues:
+                self.result['errors'].append(f'敏感檔案未忽略: {f}')
+
+    def check_hardcoded_secrets(self):
+        """檢查硬編碼的敏感資料"""
+        issues = []
+
+        for file_path in self._get_source_files():
+            try:
+                content = file_path.read_text(encoding='utf-8')
+                rel_path = str(file_path.relative_to(self.project_path))
+
+                for pattern, desc in self.SENSITIVE_PATTERNS:
+                    matches = re.findall(pattern, content)
+                    if matches:
+                        issues.append({
+                            'file': rel_path,
+                            'type': desc,
+                            'count': len(matches)
+                        })
+            except Exception:
+                pass
+
+        self.result['checks']['hardcoded_secrets'] = {
+            'count': len(issues),
+            'issues': issues
+        }
+
+        if issues:
+            self.result['passed'] = False
+            for issue in issues:
+                self.result['errors'].append(
+                    f"發現 {issue['type']} 在 {issue['file']}"
+                )
+
+    def check_gitignore(self):
+        """檢查 .gitignore 設定"""
+        gitignore = self.project_path / '.gitignore'
+        required_patterns = ['.env', 'node_modules', '*.log']
+        missing = []
+
+        if gitignore.exists():
+            content = gitignore.read_text(encoding='utf-8')
+            for pattern in required_patterns:
+                if pattern not in content:
+                    missing.append(pattern)
+        else:
+            missing = required_patterns
+
+        self.result['checks']['gitignore'] = {
+            'exists': gitignore.exists(),
+            'missing_patterns': missing
+        }
+
+        if missing:
+            for pattern in missing:
+                self.result['warnings'].append(f'.gitignore 缺少: {pattern}')
+
+    def _get_source_files(self):
+        """取得所有原始碼檔案"""
+        extensions = ['*.js', '*.ts', '*.jsx', '*.tsx', '*.py', '*.json', '*.yaml', '*.yml']
+        files = []
+
+        # 找出所有巢狀的 git repo (要跳過)
+        nested_repos = []
+        for git_dir in self.project_path.rglob('.git'):
+            if git_dir.parent != self.project_path:
+                nested_repos.append(str(git_dir.parent))
+
+        for ext in extensions:
+            for f in self.project_path.rglob(ext):
+                # 跳過忽略目錄
+                if any(ignore in str(f) for ignore in self.IGNORE_DIRS):
+                    continue
+                # 跳過巢狀 git repo
+                if any(str(f).startswith(repo) for repo in nested_repos):
+                    continue
+                files.append(f)
+
+        return files
+
+    def _is_gitignored(self, file_path):
+        """檢查檔案是否在 .gitignore 中"""
+        gitignore = self.project_path / '.gitignore'
+        if not gitignore.exists():
+            return False
+
+        content = gitignore.read_text(encoding='utf-8')
+        rel_path = str(file_path.relative_to(self.project_path))
+
+        for line in content.splitlines():
+            line = line.strip()
+            if not line or line.startswith('#'):
+                continue
+            if line in rel_path or rel_path.startswith(line):
+                return True
+
+        return False