fastlifeweb 0.20.1__py3-none-any.whl → 0.22.0__py3-none-any.whl

fastlife/config/exceptions.py

@@ -11,7 +11,6 @@ from .configurator import VENUSIAN_CATEGORY, Configurator
 def exception_handler(
     exception: type[Exception],
     *,
-    template: str | None = None,
     status_code: int | None = None,
 ) -> Callable[..., Any]:
     """
@@ -34,7 +33,6 @@ def exception_handler(
             config.add_exception_handler(
                 exception,
                 wrapped,
-                template=template,
                 **({} if status_code is None else {"status_code": status_code}),
             )
 

fastlife/config/resources.py

@@ -170,8 +170,7 @@ def resource_view(
     `collection_head`, `collection_options`, `get`, `post`, `put`, `patch`, `delete`,
     `head` or `options`.
 
-    :param permission: a permission to validate by the
-        :attr:`fastlife.config.settings.Settings.check_permission` function.
+    :param permission: a permission to validate by the security policy.
     :param status_code: returned status_code
     :param summary: OpenAPI summary for the route.
     :param description:OpenAPI description for the route.

fastlife/config/views.py

@@ -31,7 +31,6 @@ def view_config(
     path: str,
     *,
     permission: str | None = None,
-    template: str | None = None,
     status_code: int | None = None,
     methods: list[str] | None = None,
 ) -> Callable[..., Any]:
@@ -46,9 +45,9 @@ def view_config(
     :param path: path of the route, use `{curly_brace}` to inject FastAPI Path
         parameters.
     :param template: the template rendered by the
-        {class}`fastlife.services.templates.AbstractTemplateRenderer`.
+        {class}`fastlife.service.templates.AbstractTemplateRenderer`.
     :param permission: a permission to validate by the
-        {class}`Security Policy <fastlife.security.policy.AbstractSecurityPolicy>`.
+        {class}`Security Policy <fastlife.service.security_policy.AbstractSecurityPolicy>`.
     :param status_code: customize response status code.
     :param methods: restrict route to a list of http methods.
 
@@ -72,7 +71,6 @@ def view_config(
                 permission=permission,
                 status_code=status_code,
                 methods=methods,
-                template=template,
             )
 
         venusian.attach(wrapped, callback, category=VENUSIAN_CATEGORY)  # type: ignore

fastlife/domain/__init__.py

@@ -0,0 +1 @@
+"""Framework core domain."""

fastlife/domain/model/__init__.py

@@ -0,0 +1 @@
+"""Core Domain Classes."""

fastlife/domain/model/asgi.py

@@ -0,0 +1,3 @@
+from starlette.types import ASGIApp, Message, Receive, Scope, Send
+
+__all__ = ["ASGIApp", "Message", "Receive", "Scope", "Send"]

fastlife/domain/model/csrf.py

@@ -0,0 +1,19 @@
+"""Models relative to the security."""
+
+import secrets
+
+from pydantic import BaseModel
+
+
+def create_csrf_token() -> str:
+    """A helper that create a csrf token."""
+    return secrets.token_urlsafe(5)
+
+
+class CSRFToken(BaseModel):
+    """Represent the CSRF Token"""
+
+    name: str
+    """Name of the token while serialized."""
+    value: str
+    """Value that must match between parts, cookie and posted form."""

fastlife/{request → domain/model}/form.py

@@ -1,13 +1,10 @@
 """HTTP Form serialization."""
 
-from collections.abc import Callable, Mapping
+from collections.abc import Mapping
 from typing import Any, Generic, TypeVar, get_origin
 
-from fastapi import Depends
 from pydantic import BaseModel, ValidationError
 
-from fastlife import Registry
-from fastlife.request.form_data import MappingFormData
 from fastlife.shared_utils.infer import is_union
 
 T = TypeVar("T", bound=BaseModel)
@@ -17,14 +14,16 @@ T = TypeVar("T", bound=BaseModel)
 class FormModel(Generic[T]):
     prefix: str
     model: T
-    errors: Mapping[str, str]
+    fatal_error: str
+    errors: dict[str, str]
     is_valid: bool
 
     def __init__(
-        self, prefix: str, model: T, errors: Mapping[str, Any], is_valid: bool = False
+        self, prefix: str, model: T, errors: dict[str, Any], is_valid: bool = False
     ) -> None:
         self.prefix = prefix
         self.model = model
+        self.fatal_error = ""
         self.errors = errors
         self.is_valid = is_valid
 
@@ -32,6 +31,14 @@ class FormModel(Generic[T]):
     def default(cls, prefix: str, pydantic_type: type[T]) -> "FormModel[T]":
         return cls(prefix, pydantic_type.model_construct(), {})
 
+    def set_fatal_error(self, value: str) -> None:
+        self.fatal_error = value
+        self.is_valid = False
+
+    def add_error(self, field: str, value: str) -> None:
+        self.errors[f"{self.prefix}.{field}"] = value
+        self.is_valid = False
+
     def edit(self, pydantic_type: T) -> None:
         """
         Load the form with the given model and consider it as valid for the user.
@@ -86,19 +93,3 @@ class FormModel(Generic[T]):
                     errors[loc] = error["msg"]
             model = pydantic_type.model_construct(**data.get(prefix, {}))
             return cls(prefix, model, errors)
-
-
-def form_model(
-    cls: type[T], name: str | None = None
-) -> Callable[[Mapping[str, Any]], FormModel[T]]:
-    """
-    Build a model, a class of type T based on Pydandic Base Model from a form payload.
-    """
-
-    def to_model(data: MappingFormData, registry: Registry) -> FormModel[T]:
-        prefix = name or registry.settings.form_data_model_prefix
-        if not data:
-            return FormModel[T].default(prefix, cls)
-        return FormModel[T].from_payload(prefix, cls, data)
-
-    return Depends(to_model)

fastlife/{request → domain/model}/request.py

@@ -1,20 +1,20 @@
 """HTTP Request representation in a python object."""
 
-from typing import TYPE_CHECKING, Annotated, Any, Generic
+from typing import TYPE_CHECKING, Any, Generic
 
-from fastapi import Request as FastAPIRequest
-from fastapi.params import Depends
+from starlette.requests import Request as BaseRequest
 
-from fastlife.config.registry import DefaultRegistry, TRegistry
+from fastlife.domain.model.csrf import CSRFToken, create_csrf_token
+from fastlife.service.registry import TRegistry
 
 if TYPE_CHECKING:
-    from fastlife.security.policy import (  # coverage: ignore
+    from fastlife.service.security_policy import (  # coverage: ignore
         AbstractSecurityPolicy,
         HasPermission,
     )
 
 
-class GenericRequest(FastAPIRequest, Generic[TRegistry]):
+class GenericRequest(BaseRequest, Generic[TRegistry]):
     """HTTP Request representation."""
 
     registry: TRegistry
@@ -25,11 +25,29 @@ class GenericRequest(FastAPIRequest, Generic[TRegistry]):
     security_policy: "AbstractSecurityPolicy[Any, TRegistry] | None"
     """Request locale used for the i18n of the response."""
 
-    def __init__(self, registry: TRegistry, request: FastAPIRequest) -> None:
+    renderer_globals: dict[str, Any]
+
+    def __init__(self, registry: TRegistry, request: BaseRequest) -> None:
         super().__init__(request.scope, request.receive)
         self.registry = registry
         self.locale_name = registry.locale_negociator(self)
         self.security_policy = None  # build it from the ? registry
+        self.renderer_globals = {}
+        self._csrf_token: CSRFToken | None = None
+
+    @property
+    def csrf_token(self) -> CSRFToken:
+        if self._csrf_token is None:
+            name = self.registry.settings.csrf_token_name
+            value = self.cookies.get(name) or create_csrf_token()
+            self._csrf_token = CSRFToken(name=name, value=value)
+        return self._csrf_token
+
+    def add_renderer_globals(self, **kwargs: Any) -> None:
+        """
+        Add global variables to the template renderer context for the current request.
+        """
+        self.renderer_globals.update(kwargs)
 
     async def has_permission(
         self, permission: str
@@ -45,29 +63,7 @@ class GenericRequest(FastAPIRequest, Generic[TRegistry]):
         if self.security_policy is None:
             raise RuntimeError(
                 f"Request {self.url.path} require a security policy, "
-                "explicit fastlife.security.policy.InsecurePolicy is required."
+                "explicit fastlife.service.security_policy.InsecurePolicy is required."
             )
 
         return await self.security_policy.has_permission(permission)
-
-
-def get_request(request: FastAPIRequest) -> GenericRequest[Any]:
-    return request  # type: ignore
-
-
-Request = Annotated[GenericRequest[DefaultRegistry], Depends(get_request)]
-"""A request that is associated to the default registry."""
-# FastAPI handle its Request objects using a lenient_issubclass,
-# basically a issubclass(Request), doe to the Generic[T], it does not work.
-
-
-AnyRequest = Annotated[GenericRequest[Any], Depends(get_request)]
-"""A request version that is associated to the any registry."""
-
-
-def get_registry(request: Request) -> DefaultRegistry:
-    return request.registry
-
-
-Registry = Annotated[DefaultRegistry, Depends(get_registry)]
-"""FastAPI dependency to access to the registry."""

fastlife/domain/model/security_policy.py

@@ -0,0 +1,105 @@
+"""Security policy."""
+
+import logging
+from collections.abc import Callable, Coroutine
+from typing import Any, Literal, TypeVar
+
+from fastapi import HTTPException
+from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN
+
+CheckPermissionHook = Callable[..., Coroutine[Any, Any, None]] | Callable[..., None]
+CheckPermission = Callable[[str], CheckPermissionHook]
+
+TUser = TypeVar("TUser")
+
+log = logging.getLogger(__name__)
+
+
+class Unauthorized(HTTPException):
+    """An exception raised to stop a request exectution and return an HTTP Error."""
+
+    def __init__(
+        self,
+        status_code: int = HTTP_401_UNAUTHORIZED,
+        detail: str = "Unauthorized",
+        headers: dict[str, str] | None = None,
+    ) -> None:
+        super().__init__(status_code, detail, headers)
+
+
+class Forbidden(HTTPException):
+    """An exception raised to stop a request exectution and return an HTTP Error."""
+
+    def __init__(
+        self,
+        status_code: int = HTTP_403_FORBIDDEN,
+        detail: str = "Forbidden",
+        headers: dict[str, str] | None = None,
+    ) -> None:
+        super().__init__(status_code, detail, headers)
+
+
+class BoolMeta(type):
+    def __bool__(cls) -> bool:
+        return cls.kind == "allowed"  # type: ignore
+
+    def __repr__(cls) -> str:
+        return cls.reason  # type: ignore
+
+
+class HasPermission(int, metaclass=BoolMeta):
+    """
+    A type used to know if a permission is allowed or not.
+
+    It behave has a boolean, but 3 possibilities exists defind has 3 sub-types
+    {class}`Allowed` {class}`Unauthenticated` or {class}`Denied`.
+
+    In many cases Unauthenticated call may redirect to a login page,
+    where authenticated user are not redirected. they have an error message,
+    or the frontend may use the information to adapt its interface.
+    """
+
+    kind: Literal["allowed", "unauthenticated", "denied"]
+    """
+    Identified basic information of the response.
+    It distinguished unauthenticated and denied to eventually raised 401 over 403 error.
+    """
+    reason: str
+    """A human explanation of the response."""
+
+    def __new__(cls, reason: str) -> "HasPermission":
+        instance = super().__new__(cls)
+        instance.reason = reason
+        return instance
+
+    def __repr__(self) -> str:
+        return self.reason
+
+    def __bool__(self) -> bool:
+        return self.kind == "allowed"
+
+
+class Allowed(HasPermission):
+    """Represent a permission check result that is allowed."""
+
+    kind = "allowed"
+    reason = "Allowed"
+
+
+class Unauthenticated(HasPermission):
+    """
+    Represent a permission check result that is not allowed due to
+    missing authentication mechanism.
+    """
+
+    kind = "unauthenticated"
+    reason = "Authentication required"
+
+
+class Denied(HasPermission):
+    """
+    Represent a permission check result that is not allowed due to lack of permission.
+    """
+
+    kind = "denied"
+    reason = "Access denied to this resource"

fastlife/{templates/inline.py → domain/model/template.py}

@@ -20,3 +20,11 @@ class InlineTemplate(BaseModel):
 
     template: ClassVar[str]
     """The template string to render."""
+    renderer: ClassVar[str]
+    """Template render engine to use."""
+
+
+class JinjaXTemplate(InlineTemplate):
+    """Template that render JinjaX"""
+
+    renderer = ".jinja"

fastlife/domain/model/types.py

@@ -0,0 +1,17 @@
+"""Types that are serialized over HTTP and forms."""
+
+from decimal import Decimal
+from typing import Any
+from uuid import UUID
+
+from pydantic.networks import EmailStr
+
+Builtins = str | int | str | float | Decimal | UUID | EmailStr
+"""Builtins types."""
+
+
+AnyLiteral = Any
+"""
+Something like Literal[...] or Literal[...] which does not exists
+or Idon't know where it is hidden.
+"""

fastlife/middlewares/base.py

@@ -2,7 +2,7 @@
 
 import abc
 
-from starlette.types import Receive, Scope, Send
+from fastlife.domain.model.asgi import Receive, Scope, Send
 
 
 class AbstractMiddleware(abc.ABC):

fastlife/middlewares/reverse_proxy/x_forwarded.py

@@ -1,8 +1,7 @@
 import logging
 from collections.abc import Sequence
 
-from starlette.types import ASGIApp, Receive, Scope, Send
-
+from fastlife.domain.model.asgi import ASGIApp, Receive, Scope, Send
 from fastlife.middlewares.base import AbstractMiddleware
 
 log = logging.getLogger(__name__)

fastlife/middlewares/session/__init__.py

@@ -15,9 +15,9 @@ from fastlife import Configurator, configure
 from fastlife.shared_utils.resolver import resolve
 
 from .middleware import SessionMiddleware
-from .serializer import AbsractSessionSerializer, SignedSessionSerializer
+from .serializer import AbsractSessionSerializer
 
-__all__ = ["SessionMiddleware", "AbsractSessionSerializer", "SignedSessionSerializer"]
+__all__ = ["AbsractSessionSerializer", "SessionMiddleware"]
 
 
 @configure

fastlife/middlewares/session/middleware.py

@@ -5,11 +5,11 @@ from typing import Literal
 
 from starlette.datastructures import MutableHeaders
 from starlette.requests import HTTPConnection
-from starlette.types import ASGIApp, Message, Receive, Scope, Send
 
+from fastlife.domain.model.asgi import ASGIApp, Message, Receive, Scope, Send
 from fastlife.middlewares.base import AbstractMiddleware
 
-from .serializer import AbsractSessionSerializer, SignedSessionSerializer
+from .serializer import AbsractSessionSerializer
 
 
 class SessionMiddleware(AbstractMiddleware):
@@ -17,6 +17,7 @@ class SessionMiddleware(AbstractMiddleware):
 
     def __init__(
         self,
+        *,
         app: ASGIApp,
         cookie_name: str,
         secret_key: str,
@@ -25,7 +26,7 @@ class SessionMiddleware(AbstractMiddleware):
         cookie_same_site: Literal["lax", "strict", "none"] = "lax",
         cookie_secure: bool = False,
         cookie_domain: str = "",
-        serializer: type[AbsractSessionSerializer] = SignedSessionSerializer,
+        serializer: type[AbsractSessionSerializer],
     ) -> None:
         self.app = app
         self.max_age = int(duration.total_seconds())

fastlife/middlewares/session/serializer.py

@@ -1,13 +1,9 @@
 """Serialize session."""
 
 import abc
-import json
-from base64 import b64decode, b64encode
 from collections.abc import Mapping
 from typing import Any
 
-import itsdangerous
-
 
 class AbsractSessionSerializer(abc.ABC):
     """Session serializer base class"""
@@ -24,43 +20,3 @@ class AbsractSessionSerializer(abc.ABC):
     def deserialize(self, data: bytes) -> tuple[Mapping[str, Any], bool]:
         """Derialize the session raw bytes content and return it as a mapping."""
         ...
-
-
-class SignedSessionSerializer(AbsractSessionSerializer):
-    """
-    The default fastlife session serializer.
-
-    It's based on the itsdangerous package to sign the session with a secret key.
-
-    :param secret_key: a secret used to sign the session payload.
-
-    :param max_age: session lifetime in seconds.
-    """
-
-    def __init__(self, secret_key: str, max_age: int) -> None:
-        self.signer = itsdangerous.TimestampSigner(secret_key)
-        self.max_age = max_age
-
-    def serialize(self, data: Mapping[str, Any]) -> bytes:
-        """Serialize and sign the session."""
-        dump = json.dumps(data).encode("utf-8")
-        encoded = b64encode(dump)
-        signed = self.signer.sign(encoded)
-        return signed
-
-    def deserialize(self, data: bytes) -> tuple[Mapping[str, Any], bool]:
-        """Deserialize the session.
-
-        If the signature is incorect, the session restart from the begining.
-        No exception raised.
-        """
-        try:
-            data = self.signer.unsign(data, max_age=self.max_age)
-            # We can't deserialize something wrong since the serialize
-            # is signing the content.
-            # If the signature key is compromise and we have invalid payload,
-            # raising exceptions here is fine, it's dangerous afterall.
-            session = json.loads(b64decode(data))
-        except itsdangerous.BadSignature:
-            return {}, True
-        return session, False

fastlife/{services/policy.py → service/check_permission.py}

@@ -26,7 +26,7 @@ def check_permission(permission_name: str) -> CheckPermissionHook:
         if request.security_policy is None:
             raise RuntimeError(
                 f"Request {request.url.path} require a security policy, "
-                "explicit fastlife.security.policy.InsecurePolicy is required"
+                "explicit fastlife.service.security_policy.InsecurePolicy is required"
             )
         allowed = await request.security_policy.has_permission(permission_name)
         match allowed.kind:

fastlife/{security → service}/csrf.py

@@ -6,7 +6,7 @@ Fast life did not reinvent the wheel on CSRF Protection.
 It use the good old method. A CSRF token is saved in a cookie.
 Forms post the CSRF token, and the token in the cookies and the form must match
 to process the request, otherwise an exception
-{class}`fastlife.security.csrf.CSRFAttack` is raised.
+{class}`fastlife.service.csrf.CSRFAttack` is raised.
 
 The cookie named is configurabllefia the settings
 :attr:`fastlife.config.settings.Settings.csrf_token_name`
@@ -18,11 +18,10 @@ no way to prevent to set the cookie in the request.
 
 """
 
-import secrets
 from collections.abc import Callable, Coroutine
 from typing import Any
 
-from fastlife.request import Request
+from fastlife.adapters.fastapi.request import Request
 
 
 class CSRFAttack(Exception):
@@ -31,11 +30,6 @@ class CSRFAttack(Exception):
     """
 
 
-def create_csrf_token() -> str:
-    """A helper that create a csrf token."""
-    return secrets.token_urlsafe(5)
-
-
 def check_csrf() -> Callable[[Request], Coroutine[Any, Any, bool]]:
     """
     A global application dependency, that is always active.
@@ -56,15 +50,11 @@ def check_csrf() -> Callable[[Request], Coroutine[Any, Any, bool]]:
             != "application/x-www-form-urlencoded"
         ):
             return True
-        csrf_token_name = request.registry.settings.csrf_token_name
-
-        cookie = request.cookies.get(csrf_token_name)
-        if not cookie:
-            raise CSRFAttack("CSRF token did not match")
 
+        token = request.csrf_token
         form_data = await request.form()
-        value = form_data.get(csrf_token_name)
-        if value != cookie:
+        value = form_data.get(token.name)
+        if value != token.value:
             raise CSRFAttack("CSRF token did not match")
 
         return True

fastlife/{services → service}/locale_negociator.py

@@ -1,20 +1,17 @@
 """Find the localization gor the given request."""
 
 from collections.abc import Callable
-from typing import TYPE_CHECKING, Any
+from typing import Any
 
-from fastlife.config.settings import Settings
+from fastlife.settings import Settings
 
 LocaleName = str
 """The LocaleName is a locale such as en, fr that will be consume for translations."""
 
-if TYPE_CHECKING:
-    from fastlife.request.request import GenericRequest  # coverage: ignore
+from fastlife.adapters.fastapi.request import GenericRequest  # coverage: ignore
 
-    LocaleNegociator = Callable[[GenericRequest[Any]], LocaleName]  # coverage: ignore
-    """Interface to implement to negociate a locale"""  # coverage: ignore
-else:
-    LocaleNegociator = Any
+LocaleNegociator = Callable[[GenericRequest[Any]], LocaleName]  # coverage: ignore
+"""Interface to implement to negociate a locale"""  # coverage: ignore
 
 
 def default_negociator(settings: Settings) -> LocaleNegociator:

fastlife/{config → service}/registry.py

@@ -1,15 +1,14 @@
 from collections.abc import Mapping
 from typing import TYPE_CHECKING, Generic, TypeVar
 
-from fastlife.services.locale_negociator import LocaleNegociator, default_negociator
-from fastlife.services.translations import LocalizerFactory
-
 if TYPE_CHECKING:
-    from fastlife.services.templates import (  # coverage: ignore
+    from fastlife.service.locale_negociator import LocaleNegociator  # coverage: ignore
+    from fastlife.service.templates import (  # coverage: ignore
         AbstractTemplateRendererFactory,  # coverage: ignore
     )  # coverage: ignore
+    from fastlife.service.translations import LocalizerFactory  # coverage: ignore
 
-from .settings import Settings
+from fastlife.settings import Settings
 
 TSettings = TypeVar("TSettings", bound=Settings, covariant=True)
 """
@@ -24,11 +23,18 @@ class GenericRegistry(Generic[TSettings]):
     """
 
     settings: Settings
+    """Application settings."""
     renderers: Mapping[str, "AbstractTemplateRendererFactory"]
-    locale_negociator: LocaleNegociator
-    localizer: LocalizerFactory
+    """Registered template engine."""
+    locale_negociator: "LocaleNegociator"
+    """Used to fine the best language for the response."""
+    localizer: "LocalizerFactory"
+    """Used to localized message."""
 
     def __init__(self, settings: Settings) -> None:
+        from fastlife.service.locale_negociator import default_negociator
+        from fastlife.service.translations import LocalizerFactory
+
         self.settings = settings
         self.locale_negociator = default_negociator(self.settings)
         self.renderers = {}