fast-clean-architecture 1.0.0__py3-none-any.whl → 1.1.2__py3-none-any.whl

fast_clean_architecture/generators/component_generator.py

@@ -1,46 +1,71 @@
 """Component generator for creating individual component files."""
 
+import functools
 import os
 import re
-import functools
-import logging
+from datetime import datetime
 from pathlib import Path
-from typing import Dict, Any, Optional, Union, List
+from typing import (
+    Any,
+    Callable,
+    Dict,
+    Generic,
+    List,
+    Optional,
+    Set,
+    Tuple,
+    TypeVar,
+    Union,
+)
 
 import jinja2
 from jinja2 import TemplateSyntaxError
-from jinja2.exceptions import SecurityError
+from jinja2.exceptions import SecurityError as JinjaSecurityError
 from jinja2.sandbox import SandboxedEnvironment
 from rich.console import Console
 
+from ..config import Config
+from ..error_tracking import track_error, track_exception
+from ..exceptions import (
+    ComponentError,
+    FileConflictError,
+    SecurityError,
+    TemplateError,
+    ValidationError,
+    create_secure_error,
+)
+from ..logging_config import get_logger
+from ..metrics import PerformanceTracker, measure_execution_time
+from ..protocols import (
+    ComponentGeneratorProtocol,
+    ComponentValidationStrategy,
+    SecurePathHandler,
+    TemplateValidatorProtocol,
+)
 from ..templates import TEMPLATES_DIR
 from ..utils import (
+    ensure_directory,
     get_template_variables,
+    sanitize_error_message,
+    sanitize_name,
+    secure_file_operation,
     to_pascal_case,
     to_snake_case,
-    ensure_directory,
-    sanitize_name,
-    validate_python_identifier,
     validate_name,
-    secure_file_operation,
-    create_secure_error,
-    sanitize_error_message,
-)
-from ..exceptions import (
-    TemplateError,
-    ValidationError,
-    FileConflictError,
-    ComponentError,
+    validate_python_identifier,
 )
-from ..config import Config
 from .template_validator import TemplateValidatorFactory
 
-# Set up logger for security events
-logger = logging.getLogger(__name__)
+# Set up structured logger
+logger = get_logger(__name__)
 
 
-class ComponentGenerator:
-    """Generator for creating individual component files from templates."""
+class ComponentGenerator(ComponentGeneratorProtocol):
+    """Generator for creating individual component files from templates.
+
+    This class implements the ComponentGeneratorProtocol to ensure type safety
+    and provides enhanced security through protocol-based design patterns.
+    """
 
     # Mapping of component types to their template files
     TEMPLATE_MAPPING = {
@@ -59,9 +84,24 @@ class ComponentGenerator:
     # Infrastructure repositories use a different template
     INFRASTRUCTURE_REPOSITORY_TEMPLATE = "infrastructure_repository.py.j2"
 
-    def __init__(self, config: Config, console: Optional[Console] = None):
+    def __init__(
+        self,
+        config: Config,
+        template_validator: Optional[TemplateValidatorProtocol] = None,
+        path_handler: Optional[SecurePathHandler[Union[str, Path]]] = None,
+        console: Optional[Console] = None,
+    ):
+        """Initialize ComponentGenerator with dependency injection.
+
+        Args:
+            config: Configuration object
+            template_validator: Template validator (injected dependency)
+            path_handler: Secure path handler (injected dependency)
+            console: Console for output
+        """
         self.config = config
         self.console = console or Console()
+
         # Use SandboxedEnvironment for security
         self.template_env = SandboxedEnvironment(
             loader=jinja2.FileSystemLoader(TEMPLATES_DIR),
@@ -73,19 +113,38 @@ class ComponentGenerator:
         # Define allowed filters and functions
         self._setup_sandbox_security()
 
-        # Initialize template validator with simplified validation config
-        from .validation_config import ValidationConfig
+        # Use injected template validator or create default
+        if template_validator is not None:
+            self.template_validator = template_validator
+        else:
+            # Fallback to factory creation for backward compatibility
+            from .validation_config import ValidationConfig
+
+            validation_config = ValidationConfig(
+                sandbox_mode=True,
+                max_template_size_bytes=64 * 1024,  # 64KB limit
+                render_timeout_seconds=10,
+                max_variable_nesting_depth=10,
+            )
+            self.template_validator = TemplateValidatorFactory().create(
+                self.template_env, validation_config
+            )
 
-        validation_config = ValidationConfig(
-            sandbox_mode=True,
-            max_template_size_bytes=64 * 1024,  # 64KB limit
-            render_timeout_seconds=10,
-            max_variable_nesting_depth=10,
-        )
-        self.template_validator = TemplateValidatorFactory().create(
-            self.template_env, validation_config
-        )
+        # Use injected path handler or create default
+        if path_handler is not None:
+            self.path_handler: SecurePathHandler[Union[str, Path]] = path_handler
+        else:
+            # Fallback to default creation for backward compatibility
+            self.path_handler = SecurePathHandler[Union[str, Path]](
+                max_path_length=4096,
+                allowed_extensions=[".py", ".j2", ".yaml", ".yml", ".json"],
+            )
 
+        # Initialize component validation strategies
+        self._validation_strategies = self._setup_validation_strategies()
+
+    @measure_execution_time("create_component")
+    @track_exception(operation="create_component")  # type: ignore[misc]
     def create_component(
         self,
         base_path: Path,
@@ -97,7 +156,27 @@ class ComponentGenerator:
         dry_run: bool = False,
         force: bool = False,
     ) -> Path:
-        """Create a single component file."""
+        """Create a single component file with enhanced type safety.
+
+        This method implements the ComponentGeneratorProtocol interface
+        and uses secure path handling for enhanced security.
+        """
+        # Log component creation start
+        logger.info(
+            "Starting component creation",
+            operation="create_component",
+            system_name=system_name,
+            module_name=module_name,
+            layer=layer,
+            component_type=component_type,
+            component_name=component_name,
+            dry_run=dry_run,
+            force=force,
+        )
+
+        # Validate and secure the base path using type-safe path handler
+        secure_base_path = Path(self.path_handler.process(base_path))
+
         # Validate inputs
         self._validate_component_inputs(
             system_name, module_name, layer, component_type, component_name
@@ -108,26 +187,36 @@ class ComponentGenerator:
         if not validate_python_identifier(sanitized_name):
             raise ValidationError(f"Invalid component name: {component_name}")
 
-        # Determine file path and name
+        # Determine file path and name with secure base path
         file_path, file_name = self._get_component_file_path(
-            base_path, system_name, module_name, layer, component_type, sanitized_name
+            secure_base_path,
+            system_name,
+            module_name,
+            layer,
+            component_type,
+            sanitized_name,
         )
 
-        # Check for conflicts
-        if file_path.exists() and not force:
+        # Additional security validation for the final file path
+        secure_file_path = Path(self.path_handler.process(file_path))
+
+        # Check for conflicts using secure file path
+        if secure_file_path.exists() and not force:
             raise FileConflictError(
-                f"Component file already exists: {file_path}. Use --force to overwrite."
+                f"Component file already exists: {secure_file_path}. Use --force to overwrite."
             )
 
         if dry_run:
-            self.console.print(f"[yellow]DRY RUN:[/yellow] Would create {file_path}")
-            return file_path
+            self.console.print(
+                f"[yellow]DRY RUN:[/yellow] Would create {secure_file_path}"
+            )
+            return secure_file_path
 
         # Validate file system permissions and space
-        self._validate_file_system(file_path)
+        self._validate_file_system(secure_file_path)
 
         # Ensure directory exists
-        ensure_directory(file_path.parent)
+        ensure_directory(secure_file_path.parent)
 
         # Generate template variables
         template_vars = get_template_variables(
@@ -148,49 +237,97 @@ class ComponentGenerator:
         if custom_template:
             template_name = custom_template
 
-        # Render and write file
-        content = self._render_template(template_name, template_vars)
+        # Render and write file with performance tracking
+        with PerformanceTracker(
+            "template_rendering",
+            template_name=template_name,
+            component_type=component_type,
+        ):
+            content = self._render_template(template_name, template_vars)
 
-        # Write file with atomic operations and error handling
+        # Write file with atomic operations and error handling using secure path
         backup_path = None
-        lock_file = file_path.with_suffix(f"{file_path.suffix}.lock")
+        lock_file = secure_file_path.with_suffix(f"{secure_file_path.suffix}.lock")
 
         try:
             # Use file locking to prevent race conditions
-            import fcntl
             import tempfile
 
+            import portalocker
+
             # Create lock file for atomic operations
             with open(lock_file, "w") as lock:
                 try:
-                    fcntl.flock(lock.fileno(), fcntl.LOCK_EX | fcntl.LOCK_NB)
-                except (IOError, OSError):
+                    portalocker.lock(lock, portalocker.LOCK_EX | portalocker.LOCK_NB)
+                except portalocker.LockException:
                     raise ValidationError(
-                        f"File {file_path} is locked by another process"
+                        f"File {secure_file_path} is locked by another process"
                     )
 
                 # Create backup if file exists (within lock)
-                if file_path.exists():
-                    backup_path = file_path.with_suffix(f"{file_path.suffix}.backup")
+                if secure_file_path.exists():
+                    backup_path = secure_file_path.with_suffix(
+                        f"{secure_file_path.suffix}.backup"
+                    )
                     # Use atomic copy to prevent corruption
-                    with open(file_path, "rb") as src, open(backup_path, "wb") as dst:
+                    with (
+                        open(secure_file_path, "rb") as src,
+                        open(backup_path, "wb") as dst,
+                    ):
                         dst.write(src.read())
 
                 # Atomic write operation to prevent TOCTOU vulnerabilities
-                self._atomic_write_file(file_path, content)
+                self._atomic_write_file(secure_file_path, content)
 
                 # Clean up backup on success
                 if backup_path and backup_path.exists():
                     backup_path.unlink()
 
+                # Success - print message and log
+                self.console.print(f"[green]✓[/green] Created {secure_file_path}")
+                logger.info(
+                    "Component created successfully",
+                    operation="create_component",
+                    file_path=str(secure_file_path),
+                    component_name=component_name,
+                    component_type=component_type,
+                    layer=layer,
+                )
+                # secure_file_path is already guaranteed to be a Path object
+                # Return will happen after finally block
+
         except Exception as e:
+            # Log the error with context
+            logger.error(
+                "Component creation failed",
+                operation="create_component",
+                error=str(e),
+                error_type=type(e).__name__,
+                component_name=component_name,
+                component_type=component_type,
+                file_path=(
+                    str(secure_file_path) if "secure_file_path" in locals() else None
+                ),
+            )
+
             # Rollback on failure
             if backup_path and backup_path.exists():
                 try:
-                    if file_path.exists():
-                        file_path.unlink()
-                    backup_path.rename(file_path)
+                    if secure_file_path.exists():
+                        secure_file_path.unlink()
+                    backup_path.rename(secure_file_path)
+                    logger.info(
+                        "Rollback completed successfully",
+                        operation="rollback",
+                        file_path=str(secure_file_path),
+                    )
                 except Exception as rollback_error:
+                    logger.error(
+                        "Rollback failed",
+                        operation="rollback",
+                        error=str(rollback_error),
+                        file_path=str(secure_file_path),
+                    )
                     self.console.print(
                         f"[red]Error during rollback: {rollback_error}[/red]"
                     )
@@ -203,14 +340,11 @@ class ComponentGenerator:
             if lock_file.exists():
                 try:
                     lock_file.unlink()
-                except Exception:
+                except (OSError, FileNotFoundError):
                     pass  # Ignore cleanup errors
 
-        self.console.print(f"[green]✓[/green] Created {file_path}")
-        # Ensure we're returning a valid Path object
-        if not isinstance(file_path, Path):
-            file_path = Path(file_path)
-        return file_path
+        # Return the secure file path after successful completion
+        return secure_file_path
 
     def _atomic_write_file(self, file_path: Path, content: str) -> None:
         """Write file atomically to prevent corruption and TOCTOU vulnerabilities.
@@ -225,19 +359,14 @@ class ComponentGenerator:
         file_path = file_path.resolve()
 
         # Use secure file operation with locking
-        return secure_file_operation(
-            file_path, self._perform_atomic_write, file_path, content
-        )
+        secure_file_operation(file_path, self._perform_atomic_write, file_path, content)
 
     def _perform_atomic_write(self, file_path: Path, content: str) -> None:
         """Perform the actual atomic write operation."""
-        import tempfile
         import os
+        import tempfile
 
-        # Validate file_path and ensure it's a proper Path object
-        if not isinstance(file_path, Path):
-            file_path = Path(file_path)
-
+        # file_path is already guaranteed to be a Path object by type annotation
         # Ensure we have a valid parent directory
         parent_dir = file_path.parent
         if parent_dir is None or str(parent_dir) == ".":
@@ -263,12 +392,11 @@ class ComponentGenerator:
                 temp_file.write(content)
                 temp_file.flush()
                 os.fsync(temp_file.fileno())  # Ensure data is written to disk
-            temp_fd = None  # File descriptor is now closed
+            # File descriptor is now closed by context manager
 
             # Atomically move temporary file to target location
             temp_path_obj = Path(temp_path)
             temp_path_obj.replace(file_path)
-            temp_path = None  # Successfully moved, don't clean up
 
             # Verify file was written correctly
             if not file_path.exists() or file_path.stat().st_size == 0:
@@ -288,28 +416,24 @@ class ComponentGenerator:
                 )
             else:
                 raise create_secure_error("file_write", "write file", str(e))
-        finally:
-            # Clean up on failure
-            if temp_fd is not None:
-                try:
-                    os.close(temp_fd)
-                except OSError:
-                    pass
+        except Exception:
+            # Clean up temporary file on any other failure
             if temp_path and Path(temp_path).exists():
                 try:
                     Path(temp_path).unlink()
                 except OSError:
                     pass
+            raise
 
     def create_multiple_components(
         self,
         base_path: Path,
         system_name: str,
         module_name: str,
-        components_spec: Dict[str, Dict[str, list]],
+        components_spec: Dict[str, Dict[str, List[str]]],
         dry_run: bool = False,
         force: bool = False,
-    ) -> list[Path]:
+    ) -> List[Path]:
         """Create multiple components from specification.
 
         Args:
@@ -380,7 +504,7 @@ class ComponentGenerator:
         layer_components = {
             "domain": ["entities", "repositories", "value_objects"],
             "application": ["services", "commands", "queries"],
-            "infrastructure": ["models", "repositories", "external", "internal"],
+            "infrastructure": ["models", "repositories", "external"],
             "presentation": ["api", "schemas"],
         }
 
@@ -401,7 +525,7 @@ class ComponentGenerator:
         layer: str,
         component_type: str,
         component_name: str,
-    ) -> tuple[Path, str]:
+    ) -> Tuple[Path, str]:
         """Get the file path and name for a component."""
         # Determine file name based on component type
         file_name = self._get_component_file_name(component_type, component_name)
@@ -432,7 +556,6 @@ class ComponentGenerator:
             "queries": f"{snake_name}.py",
             "models": f"{snake_name}_model.py",
             "external": f"{snake_name}_client.py",
-            "internal": f"{snake_name}.py",
             "api": f"{snake_name}_router.py",
             "schemas": f"{snake_name}_schemas.py",
         }
@@ -463,8 +586,8 @@ class ComponentGenerator:
 
     def _validate_file_system(self, file_path: Path) -> None:
         """Validate file system security and basic requirements."""
-        import shutil
         import os
+        import shutil
 
         try:
             # Prevent symlink attacks by checking the entire path
@@ -533,7 +656,14 @@ class ComponentGenerator:
             while current_path != current_path.parent:
                 if current_path.exists() and current_path.is_symlink():
                     # Instead of hardcoded allowlist, use more sophisticated validation
-                    symlink_target = current_path.readlink()
+                    # Use os.readlink for Python 3.8 compatibility
+                    import os
+
+                    try:
+                        symlink_target = Path(os.readlink(current_path))
+                    except (OSError, AttributeError):
+                        # If readlink fails, treat as unsafe
+                        raise ValidationError(f"Cannot resolve symlink: {current_path}")
 
                     # Check if symlink points outside the project or to dangerous locations
                     if symlink_target.is_absolute():
@@ -597,7 +727,7 @@ class ComponentGenerator:
         safe_patterns = [
             # Unix/Linux system symlinks
             ("/var", "/private/var"),  # macOS /var -> /private/var
-            ("/tmp", "/private/tmp"),  # macOS /tmp -> /private/tmp
+            ("/tmp", "/private/tmp"),  # macOS /tmp -> /private/tmp  # nosec B108
             ("/etc", "/private/etc"),  # macOS /etc -> /private/etc
             # Other common system symlinks
             ("/usr/bin", "/bin"),
@@ -668,8 +798,8 @@ class ComponentGenerator:
     @functools.lru_cache(maxsize=128)
     def _is_temp_path_cached(self, path_str: str) -> bool:
         """Cached implementation of temporary path detection."""
-        import tempfile
         import os
+        import tempfile
 
         path = Path(path_str)
 
@@ -679,8 +809,15 @@ class ComponentGenerator:
 
             # Check if path is relative to system temp directory
             try:
-                if path.resolve().is_relative_to(system_temp):
+                # Use compatibility method for Python 3.8
+                resolved_path = path.resolve()
+                # Check if path is under system temp using relative_to
+                try:
+                    resolved_path.relative_to(system_temp)
                     return True
+                except ValueError:
+                    # Path is not relative to system temp
+                    pass
             except (AttributeError, ValueError):
                 # Fallback for older Python versions or path resolution issues
                 if str(path.resolve()).startswith(str(system_temp)):
@@ -725,10 +862,10 @@ class ComponentGenerator:
 
         # Check for common temp directory patterns
         temp_patterns = [
-            "/tmp/",
+            "/tmp/",  # nosec B108
             "/temp/",
             "/temporary/",
-            "/var/tmp/",
+            "/var/tmp/",  # nosec B108
             "/var/temp/",
             "/private/var/folders/",  # macOS temp
             "appdata/local/temp/",  # Windows temp
@@ -818,8 +955,8 @@ class ComponentGenerator:
             raise ValidationError(
                 f"Template variable nesting too deep (max depth: 10, current: {depth})"
             )
-        sanitized_vars = {}
-        suspicious_patterns_found = []
+        sanitized_vars: Dict[str, Any] = {}
+        suspicious_patterns_found: List[str] = []
 
         for key, value in template_vars.items():
             if isinstance(value, str):
@@ -834,7 +971,7 @@ class ComponentGenerator:
                 sanitized_vars[key] = value
             elif isinstance(value, (list, tuple)):
                 # Recursively sanitize list/tuple items
-                sanitized_list = []
+                sanitized_list: List[Any] = []
                 for item in value:
                     if isinstance(item, dict):
                         sanitized_list.append(
@@ -860,21 +997,21 @@ class ComponentGenerator:
 
         return sanitized_vars
 
-    def _sanitize_string_value(self, value: str) -> str:
+    def _sanitize_string_value(self, value: Any) -> str:
         """Enhanced sanitization for string values to prevent various injection attacks."""
+        import unicodedata
+        import urllib.parse
+
         if not isinstance(value, str):
             value = str(value)
 
         # URL decode to catch encoded injection attempts
-        import urllib.parse
-
         try:
             decoded_value = urllib.parse.unquote(value)
-        except Exception:
+        except (ValueError, UnicodeDecodeError):
             decoded_value = value
 
         # Unicode normalization to prevent Unicode-based attacks
-        import unicodedata
 
         normalized_value = unicodedata.normalize("NFKC", decoded_value)
 
@@ -908,8 +1045,8 @@ class ComponentGenerator:
         # Remove control characters and dangerous Unicode categories
         sanitized = re.sub(r"[\x00-\x1f\x7f-\x9f]", "", sanitized)
 
-        # Remove potentially dangerous characters
-        sanitized = re.sub(r'[<>"\'\\\/`$]', "", sanitized)
+        # Remove potentially dangerous characters (but preserve forward slashes for URLs)
+        sanitized = re.sub(r'[<>"\'\\`$]', "", sanitized)
 
         # Limit length to prevent DoS
         if len(sanitized) > 1000:
@@ -1037,3 +1174,170 @@ class ComponentGenerator:
             raise TemplateError(f"Error rendering template {template_name}: {e}")
         except Exception as e:
             raise TemplateError(f"Unexpected error rendering template: {e}")
+
+    def validate_component(self, component: Dict[str, Any]) -> bool:
+        """Validate component configuration and structure.
+
+        This method implements the ComponentGeneratorProtocol interface
+        and provides comprehensive validation using type-safe strategies.
+
+        Args:
+            component: Component configuration dictionary
+
+        Returns:
+            True if component is valid
+
+        Raises:
+            ValidationError: If component is invalid
+        """
+        if not isinstance(component, dict):
+            raise ValidationError(
+                f"Component must be a dictionary, got {type(component)}"
+            )
+
+        # Extract component type for validation strategy selection
+        component_type = component.get("type", "unknown")
+
+        # Use appropriate validation strategy
+        if component_type in self._validation_strategies:
+            strategy = self._validation_strategies[component_type]
+            return strategy.validate(component)
+
+        # Fallback to basic validation
+        required_fields = ["name", "type"]
+        for field in required_fields:
+            if field not in component:
+                raise ValidationError(f"Missing required field '{field}' in component")
+
+        # Validate component name
+        try:
+            validate_name(component["name"])
+        except (ValueError, TypeError) as e:
+            raise ValidationError(f"Invalid component name: {e}")
+        except SecurityError:
+            # Re-raise SecurityError as-is for proper handling
+            raise
+
+        return True
+
+    def _setup_validation_strategies(
+        self,
+    ) -> Dict[str, ComponentValidationStrategy[str]]:
+        """Setup type-safe validation strategies for different component types.
+
+        Returns:
+            Dictionary mapping component types to their validation strategies
+        """
+        strategies = {}
+
+        # Entity validation strategy
+        entity_rules = {
+            "required_fields": ["name", "type"],
+            "field_types": {
+                "name": str,
+                "type": str,
+                "attributes": (list, type(None)),
+                "methods": (list, type(None)),
+            },
+        }
+        strategies["entity"] = ComponentValidationStrategy("entity", entity_rules)
+
+        # Service validation strategy
+        service_rules = {
+            "required_fields": ["name", "type"],
+            "field_types": {
+                "name": str,
+                "type": str,
+                "dependencies": (list, type(None)),
+                "methods": (list, type(None)),
+            },
+        }
+        strategies["service"] = ComponentValidationStrategy("service", service_rules)
+
+        # Repository validation strategy
+        repository_rules = {
+            "required_fields": ["name", "type"],
+            "field_types": {
+                "name": str,
+                "type": str,
+                "entity_type": (str, type(None)),
+                "methods": (list, type(None)),
+            },
+        }
+        strategies["repository"] = ComponentValidationStrategy(
+            "repository", repository_rules
+        )
+
+        # Add more strategies for other component types
+        for component_type in [
+            "value_object",
+            "command",
+            "query",
+            "model",
+            "external",
+            "api",
+            "schema",
+        ]:
+            basic_rules = {
+                "required_fields": ["name", "type"],
+                "field_types": {
+                    "name": str,
+                    "type": str,
+                },
+            }
+            strategies[component_type] = ComponentValidationStrategy(
+                component_type, basic_rules
+            )
+
+        return strategies
+
+    def create_component_with_validation(
+        self,
+        component_config: Dict[str, Any],
+        base_path: Path,
+        dry_run: bool = False,
+        force: bool = False,
+    ) -> Path:
+        """Create a component with enhanced type-safe validation.
+
+        This method provides an alternative interface that uses the new
+        validation strategies and secure path handling.
+
+        Args:
+            component_config: Component configuration dictionary
+            base_path: Base directory for component creation
+            dry_run: If True, only simulate the operation
+            force: If True, overwrite existing files
+
+        Returns:
+            Path to the created component file
+
+        Raises:
+            ValidationError: If component configuration is invalid
+            SecurityError: If security constraints are violated
+        """
+        # Validate component configuration
+        self.validate_component(component_config)
+
+        # Validate and secure the base path
+        secure_base_path = Path(self.path_handler.process(base_path))
+
+        # Extract component details
+        system_name = component_config.get("system_name", "default")
+        module_name = component_config.get("module_name", "default")
+        layer = component_config.get("layer", "domain")
+        component_type = component_config["type"]
+        component_name = component_config["name"]
+
+        # Use the existing create_component method with validated inputs
+        result = self.create_component(
+            base_path=secure_base_path,
+            system_name=system_name,
+            module_name=module_name,
+            layer=layer,
+            component_type=component_type,
+            component_name=component_name,
+            dry_run=dry_run,
+            force=force,
+        )
+        return Path(result)