PyPI - fastlifeweb - Versions diffs - 0.1.1__tar.gz → 0.1.2__tar.gz - Mend

fastlifeweb 0.1.1tar.gz → 0.1.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

{fastlifeweb-0.1.1 → fastlifeweb-0.1.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fastlifeweb
-Version: 0.1.1
+Version: 0.1.2
 Summary: High-level web framework
 License: BSD-derived
 Author: Guillaume Gauvrit
@@ -19,6 +19,7 @@ Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Requires-Dist: beautifulsoup4[testing] (>=4.12.2,<5.0.0)
 Requires-Dist: behave (>=1.2.6,<2.0.0)
 Requires-Dist: fastapi (>=0.108.0,<0.109.0)
+Requires-Dist: itsdangerous (>=2.1.2,<3.0.0)
 Requires-Dist: jinja2 (>=3.1.2,<4.0.0)
 Requires-Dist: markupsafe (>=2.1.3,<3.0.0)
 Requires-Dist: pydantic (>=2.3.0,<3.0.0)

{fastlifeweb-0.1.1 → fastlifeweb-0.1.2}/pyproject.toml RENAMED Viewed

@@ -13,7 +13,7 @@ classifiers = [
   "Topic :: Software Development :: Libraries :: Python Modules",
   "Topic :: Internet :: WWW/HTTP",
 ]
-version = "0.1.1"
+version = "0.1.2"
 [tool.poetry.dependencies]
 python = "^3.11"
@@ -26,6 +26,7 @@ python-multipart = "^0.0.6"
 venusian = "^3.0.0"
 markupsafe = "^2.1.3"
 behave = "^1.2.6"
+itsdangerous = "^2.1.2"
 [tool.poetry.group.dev.dependencies]
 beautifulsoup4 = "^4.12.2"
@@ -69,6 +70,7 @@ testpaths = ["tests"]
 [tool.coverage.report]
 exclude_lines = [
   "# coverage: ignore",
+  "\\s+\\.\\.\\.$",
 ]
 [build-system]

fastlifeweb-0.1.2/src/fastlife/configurator/base.py ADDED Viewed

@@ -0,0 +1,9 @@
+import abc
+from starlette.types import Receive, Scope, Send
+class AbstractMiddleware(abc.ABC):
+    @abc.abstractmethod
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        ...

{fastlifeweb-0.1.1 → fastlifeweb-0.1.2}/src/fastlife/configurator/configurator.py RENAMED Viewed

@@ -7,13 +7,24 @@ import logging
 from enum import Enum
 from pathlib import Path
 from types import ModuleType
-from typing import TYPE_CHECKING, Any, Callable, Coroutine, List, Optional, Union
+from typing import (
+    TYPE_CHECKING,
+    Any,
+    Callable,
+    Coroutine,
+    List,
+    Optional,
+    Self,
+    Type,
+    Union,
+)
 import venusian  # type: ignore
 from fastapi import Depends, FastAPI, Response
 from fastapi.datastructures import Default
 from fastapi.staticfiles import StaticFiles
+from fastlife.configurator.base import AbstractMiddleware
 from fastlife.security.csrf import check_csrf
 from .settings import Settings
@@ -39,6 +50,7 @@ class Configurator:
         )
         self.scanner = venusian.Scanner(fastlife=self)
         self.include("fastlife.views")
+        self.include("fastlife.session")
     def get_app(self) -> FastAPI:
         return self._app
@@ -49,6 +61,12 @@ class Configurator:
         self.scanner.scan(module, categories=[VENUSIAN_CATEGORY])  # type: ignore
         return self
+    def add_middleware(
+        self, middleware_class: Type[AbstractMiddleware], **options: Any
+    ) -> Self:
+        self._app.add_middleware(middleware_class, **options)
+        return self
     def add_route(
         self,
         path: str,

{fastlifeweb-0.1.1 → fastlifeweb-0.1.2}/src/fastlife/configurator/settings.py RENAMED Viewed

@@ -1,3 +1,6 @@
+from datetime import timedelta
+from typing import Literal
 from pydantic import Field
 from pydantic_settings import BaseSettings, SettingsConfigDict
@@ -13,3 +16,13 @@ class Settings(BaseSettings):
     )
     form_data_model_prefix: str = Field(default="payload")
     csrf_token_name: str = Field(default="csrf_token")
+    session_secret_key: str = Field(default="")
+    session_cookie_name: str = Field(default="flsess")
+    session_cookie_path: str = Field(default="/")
+    session_duration: timedelta = Field(default=timedelta(days=14))
+    session_cookie_same_site: Literal["lax", "strict", "none"] = Field(default="lax")
+    session_cookie_secure: bool = Field(default=False)
+    session_serializer: str = Field(
+        default="fastlife.session.serializer:SignedSessionSerializer"
+    )

fastlifeweb-0.1.2/src/fastlife/session/__init__.py ADDED Viewed

@@ -0,0 +1,21 @@
+from fastlife import Configurator, configure
+from fastlife.shared_utils.resolver import resolve
+from .middleware import SessionMiddleware
+@configure
+def includeme(config: Configurator) -> None:
+    settings = config.registry.settings
+    session_serializer = resolve(settings.session_serializer)
+    if settings.session_secret_key:
+        config.add_middleware(
+            SessionMiddleware,
+            cookie_name=settings.session_cookie_name,
+            secret_key=settings.session_secret_key,
+            duration=settings.session_duration,
+            cookie_path=settings.session_cookie_path,
+            cookie_same_site=settings.session_cookie_same_site,
+            cookie_secure=settings.session_cookie_secure,
+            serializer=session_serializer,
+        )

fastlifeweb-0.1.2/src/fastlife/session/middleware.py ADDED Viewed

@@ -0,0 +1,70 @@
+from datetime import timedelta
+from typing import Literal, Type
+from starlette.datastructures import MutableHeaders
+from starlette.requests import HTTPConnection
+from starlette.types import ASGIApp, Message, Receive, Scope, Send
+from fastlife.configurator.base import AbstractMiddleware
+from .serializer import AbsractSessionSerializer, SignedSessionSerializer
+class SessionMiddleware(AbstractMiddleware):
+    def __init__(
+        self,
+        app: ASGIApp,
+        cookie_name: str,
+        secret_key: str,
+        duration: timedelta,
+        cookie_path: str = "/",
+        cookie_same_site: Literal["lax", "strict", "none"] = "lax",
+        cookie_secure: bool = False,
+        serializer: Type[AbsractSessionSerializer] = SignedSessionSerializer,
+    ) -> None:
+        self.app = app
+        self.serializer = serializer(secret_key, int(duration.total_seconds()))
+        self.cookie_name = cookie_name
+        self.max_age = int(duration.total_seconds())
+        self.path = cookie_path
+        self.security_flags = "httponly; samesite=" + cookie_same_site
+        if cookie_secure:
+            self.security_flags += "; secure"
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        if scope["type"] not in ("http", "websocket"):  # pragma: no cover
+            await self.app(scope, receive, send)
+            return
+        connection = HTTPConnection(scope)
+        reset_session = False
+        if self.cookie_name in connection.cookies:
+            data = connection.cookies[self.cookie_name].encode("utf-8")
+            scope["session"], reset_session = self.serializer.deserialize(data)
+        else:
+            scope["session"] = {}
+        async def send_wrapper(message: Message) -> None:
+            if message["type"] == "http.response.start":
+                if scope["session"]:
+                    # We have session data to persist.
+                    data = self.serializer.serialize(scope["session"]).decode("utf-8")
+                    headers = MutableHeaders(scope=message)
+                    header_value = (
+                        f"{self.cookie_name}={data}; path={self.path}; "
+                        f"Max-Age={self.max_age}; {self.security_flags}"
+                    )
+                    headers.append("set-cookie", header_value)
+                elif reset_session:
+                    # The session has been cleared.
+                    headers = MutableHeaders(scope=message)
+                    expires = "expires=Thu, 01 Jan 1970 00:00:00 GMT; "
+                    header_value = (
+                        f"{self.cookie_name}=; path={self.path}; "
+                        f"{expires}{self.security_flags}"
+                    )
+                    headers.append("set-cookie", header_value)
+            await send(message)
+        await self.app(scope, receive, send_wrapper)

fastlifeweb-0.1.2/src/fastlife/session/serializer.py ADDED Viewed

@@ -0,0 +1,39 @@
+import abc
+import json
+from base64 import b64decode, b64encode
+from typing import Any, Mapping, Tuple
+import itsdangerous
+class AbsractSessionSerializer(abc.ABC):
+    @abc.abstractmethod
+    def __init__(self, secret_key: str, max_age: int) -> None:
+        ...
+    @abc.abstractmethod
+    def serialize(self, data: Mapping[str, Any]) -> bytes:
+        ...
+    @abc.abstractmethod
+    def deserialize(self, data: bytes) -> Tuple[Mapping[str, Any], bool]:
+        ...
+class SignedSessionSerializer(AbsractSessionSerializer):
+    def __init__(self, secret_key: str, max_age: int) -> None:
+        self.signer = itsdangerous.TimestampSigner(secret_key)
+        self.max_age = max_age
+    def serialize(self, data: Mapping[str, Any]) -> bytes:
+        dump = json.dumps(data).encode("utf-8")
+        encoded = b64encode(dump)
+        signed = self.signer.sign(encoded)
+        return signed
+    def deserialize(self, data: bytes) -> Tuple[Mapping[str, Any], bool]:
+        try:
+            data = self.signer.unsign(data, max_age=self.max_age)
+        except itsdangerous.BadSignature:
+            return {}, True
+        return json.loads(b64decode(data)), False

{fastlifeweb-0.1.1 → fastlifeweb-0.1.2}/src/fastlife/testing/testclient.py RENAMED Viewed

@@ -1,5 +1,5 @@
 import re
-from typing import Any, Mapping
+from typing import Any, Literal, Mapping
 from urllib.parse import urlencode
 import bs4
@@ -30,13 +30,15 @@ class WebForm:
         assert self._form.find("button", string=re.compile(f".*{text}.*")) is not None
         return self
-    def submit(self) -> "WebResponse":
+    def submit(self, follow_redirects: bool = True) -> "WebResponse":
         target = (
             self._form.attrs.get("hx-post")
             or self._form.attrs.get("post")
             or self._origin
         )
-        return self._client.post(target, data=self._formdata)
+        return self._client.post(
+            target, data=self._formdata, follow_redirects=follow_redirects
+        )
 class WebResponse:
@@ -51,6 +53,10 @@ class WebResponse:
     def status_code(self) -> int:
         return self._response.status_code
+    @property
+    def is_redirect(self) -> int:
+        return 300 <= self._response.status_code < 400
     @property
     def content_type(self) -> str:
         return self._response.headers["content-type"]
@@ -133,25 +139,61 @@ class WebTestClient:
     def cookies(self, value: Cookies) -> None:
         self.testclient.cookies = value
-    def get(self, url: str) -> WebResponse:
-        resp = self.testclient.get(url, follow_redirects=False)
-        if "set-cookie" in resp.headers:
-            for name, cookie in resp.cookies.items():
-                self.testclient.cookies.set(name, cookie)
-        return WebResponse(
+    def request(
+        self,
+        method: Literal["GET", "POST"],  # I am a browser
+        url: str,
+        *,
+        content: str | None = None,
+        headers: Mapping[str, str] | None = None,
+        max_redirects: int = 0,
+    ) -> WebResponse:
+        rawresp = self.testclient.request(
+            method=method,
+            url=url,
+            headers=headers,
+            content=content,
+            follow_redirects=False,  # don't follow for cookie processing
+        )
+        # the wrapper client does not set cookies
+        # and does not set cookie while redirecting,
+        # so we reimplement it here
+        if "set-cookie" in rawresp.headers:
+            for name, cookie in rawresp.cookies.items():
+                self.cookies.set(name, cookie)
+        resp = WebResponse(
             self,
             url,
-            resp,
+            rawresp,
         )
+        if resp.is_redirect and max_redirects > 0:
+            if resp.status_code != 307:
+                method = "GET"
+                headers = None
+                content = None
+            return self.request(
+                method=method,
+                url=resp.headers["location"],
+                content=content,
+                headers=headers,
+                max_redirects=max_redirects - 1,
+            )
+        return resp
-    def post(self, url: str, data: Mapping[str, Any]) -> WebResponse:
-        return WebResponse(
-            self,
+    def get(self, url: str, follow_redirects: bool = False) -> WebResponse:
+        return self.request(
+            "GET",
+            url,
+            max_redirects=int(follow_redirects) * 10,
+        )
+    def post(
+        self, url: str, data: Mapping[str, Any], follow_redirects: bool = True
+    ) -> WebResponse:
+        return self.request(
+            "POST",
             url,
-            self.testclient.post(
-                url,
-                content=urlencode(data),
-                headers={"Content-Type": "application/x-www-form-urlencoded"},
-                follow_redirects=False,
-            ),
+            content=urlencode(data),
+            headers={"Content-Type": "application/x-www-form-urlencoded"},
+            max_redirects=int(follow_redirects) * 10,
         )