easyapi-django 0.32__tar.gz → 0.34__tar.gz

{easyapi_django-0.32/easyapi_django.egg-info → easyapi_django-0.34}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: easyapi_django
-Version: 0.32
+Version: 0.34
 Summary: A simple rest api generator for django based on models
 Author-email: Stamatios Stamou Jr <bushier.outsets.0c@icloud.com>
 License: MIT
@@ -278,12 +278,14 @@ class TaskResource(BaseResource):
     cache_scope_fields = ['space_id', ('account', 'plan_id')]
 ```
 
-Lenient by default: if the request has authenticated context but a
-configured field is **missing** from the session payload, the framework
-logs a `WARNING` (logger `easyapi.base`) and **skips the scope fold** —
-the request still serves, the cache may be shared across scopes until
-the operator updates the session payload. Anonymous requests also skip
-the fold. `None`, `0` and `''` count as present (a real value).
+When a request has authenticated context but a configured scope field
+is **missing** from the session payload, the framework logs a `WARNING`
+(logger `easyapi.base`) and **disables cache for that request** — the
+response is neither read from nor written to Redis. Sharing a key
+across users when the scope can't be resolved would be a silent leak
+across whatever dimension the operator was trying to protect.
+Anonymous requests skip the fold cleanly (no warning, no leak).
+`None`, `0` and `''` count as present (a real value).
 
 Use `before_cache` for the rare case that needs context outside
 `self.user` / `self.account`:

{easyapi_django-0.32 → easyapi_django-0.34}/README.md

@@ -251,12 +251,14 @@ class TaskResource(BaseResource):
     cache_scope_fields = ['space_id', ('account', 'plan_id')]
 ```
 
-Lenient by default: if the request has authenticated context but a
-configured field is **missing** from the session payload, the framework
-logs a `WARNING` (logger `easyapi.base`) and **skips the scope fold** —
-the request still serves, the cache may be shared across scopes until
-the operator updates the session payload. Anonymous requests also skip
-the fold. `None`, `0` and `''` count as present (a real value).
+When a request has authenticated context but a configured scope field
+is **missing** from the session payload, the framework logs a `WARNING`
+(logger `easyapi.base`) and **disables cache for that request** — the
+response is neither read from nor written to Redis. Sharing a key
+across users when the scope can't be resolved would be a silent leak
+across whatever dimension the operator was trying to protect.
+Anonymous requests skip the fold cleanly (no warning, no leak).
+`None`, `0` and `''` count as present (a real value).
 
 Use `before_cache` for the rare case that needs context outside
 `self.user` / `self.account`:

{easyapi_django-0.32 → easyapi_django-0.34}/easyapi/base.py

@@ -375,16 +375,24 @@ class BaseResource(View):
     def _resolve_cache_scope(self):
         """Build the scope hash for the cache key.
 
-        Returns ``None`` when there is nothing to fold (no scope fields
-        configured, or no authenticated context to fold from). Raises
-        ``HTTPException(500)`` if a configured field is missing from the
-        session payload — vazamento silencioso seria pior que 500.
+        Three outcomes:
+
+        - ``None`` *with cache enabled*: no scope fields configured, or
+          fully anonymous request. Cache continues normally; the key
+          simply has no scope segment.
+        - ``str`` segment (``'scope=...'``): fold succeeded.
+        - ``None`` *with cache disabled*: scope was configured but the
+          required field is missing from the session payload. The
+          framework logs a ``WARNING`` and **disables cache for this
+          request** (``self.cache = False``) so the response is neither
+          read from nor written to Redis. Sharing a cache key across
+          users when the scope can't be resolved would be a silent
+          leak across whatever dimension the operator was protecting.
         """
         if not self.cache_scope_fields:
             return None
 
         # Fully anonymous request → nothing to scope by, skip silently.
-        # Strict mode applies the moment any auth context exists.
         if self.user is None and self.account is None:
             return None
 
@@ -395,18 +403,20 @@ class BaseResource(View):
             if container is None:
                 logger.warning(
                     "cache scope source %r missing from session for %s; "
-                    "skipping scope fold (cache may be shared across "
-                    "scopes — populate the session payload to fix)",
+                    "disabling cache for this request (populate the "
+                    "session payload to enable caching)",
                     source, self.__class__.__name__,
                 )
+                self.cache = False
                 return None
             if field not in container:
                 logger.warning(
                     "cache scope field %r missing from %s session payload "
-                    "for %s; skipping scope fold (cache may be shared "
-                    "across scopes — populate the session payload to fix)",
+                    "for %s; disabling cache for this request (populate "
+                    "the session payload to enable caching)",
                     field, source, self.__class__.__name__,
                 )
+                self.cache = False
                 return None
             parts.append(f'{source}.{field}={container[field]!r}')
 
@@ -597,6 +607,12 @@ class BaseResource(View):
 
         if type(response) in [dict, list]:
             response = await self.serialize(response)
+        elif self.cache and isinstance(response, JsonResponse):
+            # Handler returned a built JsonResponse — serialize() would
+            # short-circuit before save_cache, leaving the cache cold
+            # forever. Persist the response body directly so the next
+            # hit on this key is served by _serve_cache.
+            await self._save_response_cache(response)
 
         return response
 
@@ -734,6 +750,27 @@ class BaseResource(View):
             await redis.sadd(ns_key, self.cache_key)
             await redis.expire(ns_key, max(self.cache_ttl * 2, 86400))
 
+    async def _save_response_cache(self, response):
+        """Cache a pre-built JsonResponse's body.
+
+        Mirrors :meth:`save_cache` but skips JSON re-encoding — the
+        ``response.content`` is already JSON bytes. Used when a handler
+        returns ``JsonResponse(...)`` directly (a common pattern for
+        custom ``get_objs`` overrides) and ``serialize`` would otherwise
+        short-circuit before ``save_cache`` runs.
+        """
+        if not self.cache:
+            return
+        body = response.content
+        if isinstance(body, bytes):
+            body = body.decode('utf-8')
+        redis = get_redis()
+        await redis.setex(self.cache_key, self.cache_ttl, body)
+        if self.cache_namespace:
+            ns_key = f'{KEY_PREFIX}cache_ns:{self.cache_namespace}'
+            await redis.sadd(ns_key, self.cache_key)
+            await redis.expire(ns_key, max(self.cache_ttl * 2, 86400))
+
     async def invalidate_cache(self, namespaces):
         if not namespaces:
             return

easyapi_django-0.34/easyapi/redis_config.py

@@ -0,0 +1,106 @@
+import asyncio
+import os
+import weakref
+
+import redis.asyncio as aioredis
+
+REDIS_SERVER = os.environ['REDIS_SERVER']
+REDIS_DB = int(os.environ['REDIS_DB'])
+
+try:
+    from settings.env import REDIS_PREFIX
+except ImportError:
+    REDIS_PREFIX = os.environ.get('REDIS_PREFIX', '')
+
+KEY_PREFIX = f'{REDIS_PREFIX}:' if REDIS_PREFIX else ''
+
+
+# `redis.asyncio.Redis` ties its connection futures to the event loop
+# it was created on. ASGI servers + ``async_to_sync`` bridges spin up
+# multiple loops in the same process — a single process-global client
+# crashes those calls with ``RuntimeError: got Future attached to a
+# different loop``. We cache one client per loop in a WeakKeyDictionary
+# so entries auto-clean when the loop is GC'd.
+_clients = weakref.WeakKeyDictionary()
+
+# Fallback for callers without a running loop (rare; sync contexts that
+# manually drive the event loop). Created lazily.
+_loopless_client = None
+
+
+# Tests monkeypatch this attribute to inject a fake (e.g. fakeredis).
+# When set, ``get_redis()`` returns it unconditionally. None in
+# production, where per-loop caching takes over.
+_redis_client = None
+
+
+def get_redis():
+    global _loopless_client
+
+    # Test injection hook
+    if _redis_client is not None:
+        return _redis_client
+
+    try:
+        loop = asyncio.get_running_loop()
+    except RuntimeError:
+        if _loopless_client is None:
+            _loopless_client = aioredis.Redis(
+                host=REDIS_SERVER,
+                db=REDIS_DB,
+                decode_responses=True,
+            )
+        return _loopless_client
+
+    client = _clients.get(loop)
+    if client is None:
+        client = aioredis.Redis(
+            host=REDIS_SERVER,
+            db=REDIS_DB,
+            decode_responses=True,
+        )
+        try:
+            _clients[loop] = client
+        except TypeError:
+            # Custom loop without weakref support — fall back to
+            # returning a fresh client without caching.
+            pass
+    return client
+
+
+async def get_cache_stats():
+    redis = get_redis()
+    hits = int(await redis.get(f'{KEY_PREFIX}cache_stats:hits') or 0)
+    misses = int(await redis.get(f'{KEY_PREFIX}cache_stats:misses') or 0)
+    total = hits + misses
+    ratio = hits / total if total else 0.0
+
+    pattern = f'{KEY_PREFIX}cache_stats:hits:*'
+    by_model = {}
+    async for key in redis.scan_iter(match=pattern):
+        label = key.split(':hits:', 1)[1]
+        h = int(await redis.get(key) or 0)
+        m = int(await redis.get(f'{KEY_PREFIX}cache_stats:misses:{label}') or 0)
+        t = h + m
+        by_model[label] = {
+            'hits': h,
+            'misses': m,
+            'total': t,
+            'ratio': h / t if t else 0.0,
+        }
+
+    return {
+        'hits': hits,
+        'misses': misses,
+        'total': total,
+        'ratio': ratio,
+        'by_model': by_model,
+    }
+
+
+async def reset_cache_stats():
+    redis = get_redis()
+    pattern = f'{KEY_PREFIX}cache_stats:*'
+    keys = [k async for k in redis.scan_iter(match=pattern)]
+    if keys:
+        await redis.delete(*keys)

{easyapi_django-0.32 → easyapi_django-0.34/easyapi_django.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: easyapi_django
-Version: 0.32
+Version: 0.34
 Summary: A simple rest api generator for django based on models
 Author-email: Stamatios Stamou Jr <bushier.outsets.0c@icloud.com>
 License: MIT
@@ -278,12 +278,14 @@ class TaskResource(BaseResource):
     cache_scope_fields = ['space_id', ('account', 'plan_id')]
 ```
 
-Lenient by default: if the request has authenticated context but a
-configured field is **missing** from the session payload, the framework
-logs a `WARNING` (logger `easyapi.base`) and **skips the scope fold** —
-the request still serves, the cache may be shared across scopes until
-the operator updates the session payload. Anonymous requests also skip
-the fold. `None`, `0` and `''` count as present (a real value).
+When a request has authenticated context but a configured scope field
+is **missing** from the session payload, the framework logs a `WARNING`
+(logger `easyapi.base`) and **disables cache for that request** — the
+response is neither read from nor written to Redis. Sharing a key
+across users when the scope can't be resolved would be a silent leak
+across whatever dimension the operator was trying to protect.
+Anonymous requests skip the fold cleanly (no warning, no leak).
+`None`, `0` and `''` count as present (a real value).
 
 Use `before_cache` for the rare case that needs context outside
 `self.user` / `self.account`:

{easyapi_django-0.32 → easyapi_django-0.34}/pyproject.toml

@@ -11,7 +11,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "easyapi_django"
-version = "0.32"
+version = "0.34"
 authors = [
   { name="Stamatios Stamou Jr", email="bushier.outsets.0c@icloud.com" },
 ]

{easyapi_django-0.32 → easyapi_django-0.34}/tests/test_cache.py

@@ -92,6 +92,50 @@ def test_cache_namespaces_no_model_returns_empty():
     assert res._cache_namespaces() == []
 
 
+@pytest.mark.asyncio
+async def test_save_response_cache_persists_jsonresponse_body(fake_redis):
+    """Resources whose handler returns ``JsonResponse(...)`` directly
+    bypass ``serialize()``. Without ``_save_response_cache`` the body
+    was never written to Redis even with ``cache = True`` — cache miss
+    forever (the ``/api/me`` symptom)."""
+    from django.http import JsonResponse
+
+    res = CachedResource()
+    res.cache = True
+    res.cache_key = f'{KEY_PREFIX}cache:/me'
+    res.cache_namespace = 'list:testapp.space'
+
+    payload = {'id': 7, 'name': 'demo', 'email': 'a@b.com'}
+    response = JsonResponse(payload)
+
+    await res._save_response_cache(response)
+
+    redis = get_redis()
+    raw = await redis.get(res.cache_key)
+    assert raw is not None
+
+    import json as _json
+    assert _json.loads(raw) == payload
+
+    members = await redis.smembers(f'{KEY_PREFIX}cache_ns:list:testapp.space')
+    assert res.cache_key in members
+
+
+@pytest.mark.asyncio
+async def test_save_response_cache_skipped_when_cache_off(fake_redis):
+    from django.http import JsonResponse
+
+    res = CachedResource()
+    res.cache = False
+    res.cache_key = f'{KEY_PREFIX}cache:/me'
+    res.cache_namespace = 'list:testapp.space'
+
+    await res._save_response_cache(JsonResponse({'id': 1}))
+
+    redis = get_redis()
+    assert await redis.get(res.cache_key) is None
+
+
 @pytest.mark.asyncio
 async def test_save_cache_handles_datetime(fake_redis):
     from datetime import datetime

{easyapi_django-0.32 → easyapi_django-0.34}/tests/test_cache_scope.py

@@ -157,43 +157,66 @@ def test_multiple_dimensions_combine():
 # ── lenient semantics (warn + skip fold, never 500) ────────────────
 
 
-def test_missing_field_logs_warning_and_skips_fold(caplog):
-    """Missing scope field on authenticated request must not block the
-    request — silent leak between scopes is preferable to taking the
-    site down. Operators see a warning to fix the session payload."""
+def test_missing_field_disables_cache(caplog):
+    """Missing scope field on authenticated request must disable cache
+    for that request — a shared key across users would silently leak
+    data across whatever dimension the operator was trying to protect.
+    The 500 strict mode was too aggressive (took the site down); just
+    skipping the fold and writing to a shared key was too permissive."""
     import logging as _logging
 
     class _R(_Resource):
         cache_scope_fields = ['space_id']
     res = _make(_R, user={'id': 1})  # space_id NOT in user
+    assert res.cache is True  # configured
 
     with caplog.at_level(_logging.WARNING, logger='easyapi.base'):
         key = res._build_cache_key(_request(), None)
 
-    assert 'scope=' not in key  # fold skipped
+    # Fold skipped AND cache disabled for this request
+    assert 'scope=' not in key
+    assert res.cache is False, (
+        'cache must be disabled when scope is configured but unresolved'
+    )
+
     records = [r for r in caplog.records if r.name == 'easyapi.base']
-    assert records, 'expected a warning when scope field is missing'
+    assert records
     msg = records[0].getMessage()
     assert 'space_id' in msg
-    assert '_R' in msg or 'class' in msg.lower()
+    assert 'disabling cache' in msg
 
 
-def test_missing_account_source_logs_warning_and_skips_fold(caplog):
+def test_missing_account_source_disables_cache(caplog):
     import logging as _logging
 
     class _R(_Resource):
         cache_scope_fields = [('account', 'plan_id')]
     res = _make(_R, user={'id': 1}, account=None)
+    assert res.cache is True
 
     with caplog.at_level(_logging.WARNING, logger='easyapi.base'):
         key = res._build_cache_key(_request(), None)
 
     assert 'scope=' not in key
+    assert res.cache is False
     records = [r for r in caplog.records if r.name == 'easyapi.base']
     assert records
     assert 'account' in records[0].getMessage()
 
 
+def test_resolved_scope_keeps_cache_enabled():
+    """Sanity: when scope resolves cleanly, cache stays enabled."""
+    class _R(_Resource):
+        cache_scope_fields = ['space_id']
+    res = _make(_R, user={'id': 1, 'space_id': 7})
+    assert res.cache is True
+
+    key = res._build_cache_key(_request(), None)
+
+    assert 'scope=' in key
+    assert res.cache is True
+
+
 # ── coexistence with session_cache ─────────────────────────────────
 
 

{easyapi_django-0.32 → easyapi_django-0.34}/tests/test_redis_config.py

@@ -21,6 +21,41 @@ def test_get_redis_returns_singleton(fake_redis):
     assert a is b
 
 
+def test_get_redis_caches_per_loop(monkeypatch):
+    """Without the test injection hook, get_redis must hand a separate
+    client to each event loop — otherwise asyncio raises 'Future
+    attached to a different loop' under ASGI + async_to_sync."""
+    import asyncio
+
+    monkeypatch.setattr(redis_config, '_redis_client', None)
+    redis_config._clients.clear()
+
+    async def grab():
+        return get_redis()
+
+    loop_a = asyncio.new_event_loop()
+    loop_b = asyncio.new_event_loop()
+    try:
+        client_a = loop_a.run_until_complete(grab())
+        client_b = loop_b.run_until_complete(grab())
+        # Same loop reused → same client; different loops → different clients.
+        client_a_again = loop_a.run_until_complete(grab())
+        assert client_a is client_a_again
+        assert client_a is not client_b
+    finally:
+        loop_a.close()
+        loop_b.close()
+
+
+def test_get_redis_test_hook_overrides_per_loop_cache(fake_redis):
+    """The conftest fixture monkeypatches ``_redis_client``; that hook
+    must short-circuit the per-loop logic so tests get the fakeredis
+    instance regardless of which loop they run in."""
+    a = get_redis()
+    b = get_redis()
+    assert a is b is fake_redis
+
+
 @pytest.mark.asyncio
 async def test_cache_stats_empty(fake_redis):
     await reset_cache_stats()

easyapi_django-0.32/easyapi/redis_config.py

@@ -1,64 +0,0 @@
-import os
-
-import redis.asyncio as aioredis
-
-REDIS_SERVER = os.environ['REDIS_SERVER']
-REDIS_DB = int(os.environ['REDIS_DB'])
-
-try:
-    from settings.env import REDIS_PREFIX
-except ImportError:
-    REDIS_PREFIX = os.environ.get('REDIS_PREFIX', '')
-
-KEY_PREFIX = f'{REDIS_PREFIX}:' if REDIS_PREFIX else ''
-
-_redis_client = None
-
-
-def get_redis():
-    global _redis_client
-    if _redis_client is None:
-        _redis_client = aioredis.Redis(
-            host=REDIS_SERVER,
-            db=REDIS_DB,
-            decode_responses=True,
-        )
-    return _redis_client
-
-
-async def get_cache_stats():
-    redis = get_redis()
-    hits = int(await redis.get(f'{KEY_PREFIX}cache_stats:hits') or 0)
-    misses = int(await redis.get(f'{KEY_PREFIX}cache_stats:misses') or 0)
-    total = hits + misses
-    ratio = hits / total if total else 0.0
-
-    pattern = f'{KEY_PREFIX}cache_stats:hits:*'
-    by_model = {}
-    async for key in redis.scan_iter(match=pattern):
-        label = key.split(':hits:', 1)[1]
-        h = int(await redis.get(key) or 0)
-        m = int(await redis.get(f'{KEY_PREFIX}cache_stats:misses:{label}') or 0)
-        t = h + m
-        by_model[label] = {
-            'hits': h,
-            'misses': m,
-            'total': t,
-            'ratio': h / t if t else 0.0,
-        }
-
-    return {
-        'hits': hits,
-        'misses': misses,
-        'total': total,
-        'ratio': ratio,
-        'by_model': by_model,
-    }
-
-
-async def reset_cache_stats():
-    redis = get_redis()
-    pattern = f'{KEY_PREFIX}cache_stats:*'
-    keys = [k async for k in redis.scan_iter(match=pattern)]
-    if keys:
-        await redis.delete(*keys)