PyPI - mdb-engine - Versions diffs - 0.4.11__tar.gz → 0.4.12__tar.gz - Mend

mdb-engine 0.4.11tar.gz → 0.4.12tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

{mdb_engine-0.4.11/mdb_engine.egg-info → mdb_engine-0.4.12}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mdb-engine
-Version: 0.4.11
+Version: 0.4.12
 Summary: MongoDB Engine
 Home-page: https://github.com/ranfysvalle02/mdb-engine
 Author: Fabian Valle

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/__init__.py RENAMED Viewed

@@ -82,13 +82,11 @@ from .repositories import Entity, MongoRepository, Repository, UnitOfWork
 from .utils import clean_mongo_doc, clean_mongo_docs
 __version__ = (
-    "0.4.11"  # Automatic WebSocket support improvements
-    # - Improved CORS config merging with proper wildcard handling
-    # - WebSocket route verification after registration
-    # - Startup verification logging for CORS config and WebSocket routes
-    # - Enhanced CSRF middleware error messages with path and CORS status
-    # - Better logging throughout WebSocket registration process
-    # - All WebSocket multi-app SSO features now work automatically
+    "0.4.12"  # Fix CSRF middleware rejecting WebSocket connections
+    # - Skip CSRF middleware on child apps in multi-app setups (parent handles it)
+    # - Merge child app public routes into parent CSRF exempt list
+    # - WebSocket connections now work correctly in multi-app SSO setups
+    # - Security maintained: parent app CSRF middleware protects all routes
 )
 __all__ = [

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/engine.py RENAMED Viewed

@@ -1499,8 +1499,9 @@ class MongoDBEngine:
         # Add CSRF middleware (after auth - auto-enabled for shared mode)
         # CSRF protection is enabled by default for shared auth mode
+        # SKIP for sub-apps in multi-app setups - parent app handles CSRF
         csrf_config = auth_config.get("csrf_protection", True if auth_mode == "shared" else False)
-        if csrf_config:
+        if csrf_config and not is_sub_app:  # Don't add CSRF to child apps
             from ..auth.csrf import create_csrf_middleware
             csrf_middleware = create_csrf_middleware(
@@ -1508,6 +1509,11 @@ class MongoDBEngine:
             )
             app.add_middleware(csrf_middleware)
             logger.info(f"CSRFMiddleware added for '{slug}'")
+        elif csrf_config and is_sub_app:
+            logger.debug(
+                f"CSRFMiddleware skipped for child app '{slug}' - "
+                f"parent app handles CSRF protection for WebSocket routes"
+            )
         # Add security middleware (HSTS, headers)
         security_config = auth_config.get("security", {})
@@ -2127,17 +2133,33 @@ class MongoDBEngine:
                 "Path prefix validation failed:\n" + "\n".join(f"  - {e}" for e in errors)
             )
-        # Check if any app uses shared auth
+        # Check if any app uses shared auth and collect public routes for CSRF exemption
         has_shared_auth = False
+        all_public_routes = [
+            "/health",
+            "/docs",
+            "/openapi.json",
+            "/_mdb/routes",
+        ]  # Base exempt routes
         for app_config in apps:
             try:
                 manifest_path = app_config["manifest"]
+                path_prefix = app_config.get("path_prefix", f"/{app_config.get('slug')}")
                 with open(manifest_path) as f:
                     app_manifest_pre = json.load(f)
                 auth_config = app_manifest_pre.get("auth", {})
                 if auth_config.get("mode") == "shared":
                     has_shared_auth = True
-                    break
+                # Collect public routes with path prefix for CSRF exemption
+                child_public_routes = auth_config.get("public_routes", [])
+                for route in child_public_routes:
+                    # Add path prefix to make route absolute on parent app
+                    if route.startswith("/"):
+                        prefixed_route = f"{path_prefix.rstrip('/')}{route}"
+                    else:
+                        prefixed_route = f"{path_prefix.rstrip('/')}/{route}"
+                    if prefixed_route not in all_public_routes:
+                        all_public_routes.append(prefixed_route)
             except (FileNotFoundError, json.JSONDecodeError, KeyError) as e:
                 logger.warning(f"Could not check auth mode for app '{app_config.get('slug')}': {e}")
@@ -2812,10 +2834,11 @@ class MongoDBEngine:
             from ..auth.csrf import create_csrf_middleware
             # Create CSRF middleware with default config (will use parent app's CORS config)
-            # Exempt routes that don't need CSRF (health checks, etc.)
+            # Exempt routes that don't need CSRF (health checks, public routes from child apps)
+            # all_public_routes includes base routes + child app public routes with path prefixes
             parent_csrf_config = {
                 "csrf_protection": True,
-                "public_routes": ["/health", "/docs", "/openapi.json", "/_mdb/routes"],
+                "public_routes": all_public_routes,
             }
             csrf_middleware = create_csrf_middleware(parent_csrf_config)
             parent_app.add_middleware(csrf_middleware)

{mdb_engine-0.4.11 → mdb_engine-0.4.12/mdb_engine.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mdb-engine
-Version: 0.4.11
+Version: 0.4.12
 Summary: MongoDB Engine
 Home-page: https://github.com/ranfysvalle02/mdb-engine
 Author: Fabian Valle

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "mdb-engine"
-version = "0.4.11"
+version = "0.4.12"
 description = "MongoDB Engine"
 readme = "README.md"
 requires-python = ">=3.10"

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/setup.py RENAMED Viewed

@@ -14,7 +14,7 @@ if readme_file.exists():
 setup(
     name="mdb-engine",
-    version="0.4.11",
+    version="0.4.12",
     description="MongoDB Engine",
     long_description=long_description,
     long_description_content_type="text/markdown",

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/LICENSE RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/MANIFEST.in RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/ARCHITECTURE.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/audit.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/base.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/casbin_factory.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/casbin_models.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/config_defaults.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/config_helpers.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/cookie_utils.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/csrf.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/decorators.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/dependencies.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/helpers.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/integration.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/jwt.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/middleware.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/oso_factory.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/provider.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/rate_limiter.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/restrictions.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/session_manager.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/shared_middleware.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/shared_users.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/token_lifecycle.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/token_store.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/users.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/auth/utils.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/commands/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/commands/generate.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/commands/migrate.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/commands/show.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/commands/validate.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/main.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/cli/utils.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/config.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/constants.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/app_registration.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/app_secrets.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/connection.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/encryption.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/index_management.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/manifest.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/ray_integration.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/seeding.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/service_initialization.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/core/types.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/abstraction.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/connection.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/query_validator.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/resource_limiter.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/database/scoped_wrapper.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/dependencies.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/di/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/di/container.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/di/providers.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/di/scopes.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/embeddings/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/embeddings/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/embeddings/dependencies.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/embeddings/service.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/exceptions.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/indexes/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/indexes/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/indexes/helpers.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/indexes/manager.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/memory/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/memory/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/memory/service.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/observability/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/observability/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/observability/health.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/observability/logging.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/observability/metrics.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/repositories/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/repositories/base.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/repositories/mongo.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/repositories/unit_of_work.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/routing/README.md RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/routing/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/routing/websockets.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/utils/__init__.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine/utils/mongo.py RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine.egg-info/entry_points.txt RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine.egg-info/requires.txt RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/mdb_engine.egg-info/top_level.txt RENAMED Viewed

File without changes

{mdb_engine-0.4.11 → mdb_engine-0.4.12}/setup.cfg RENAMED Viewed

File without changes

mdb-engine 0.4.11__tar.gz → 0.4.12__tar.gz

mdb-engine 0.4.11tar.gz → 0.4.12tar.gz