plain 0.1.0__py3-none-any.whl

plain/internal/files/uploadhandler.py

@@ -0,0 +1,254 @@
+"""
+Base file upload handler classes, and the built-in concrete subclasses
+"""
+import os
+from io import BytesIO
+
+from plain.internal.files.uploadedfile import (
+    InMemoryUploadedFile,
+    TemporaryUploadedFile,
+)
+from plain.runtime import settings
+from plain.utils.module_loading import import_string
+
+__all__ = [
+    "UploadFileException",
+    "StopUpload",
+    "SkipFile",
+    "FileUploadHandler",
+    "TemporaryFileUploadHandler",
+    "MemoryFileUploadHandler",
+    "load_handler",
+    "StopFutureHandlers",
+]
+
+
+class UploadFileException(Exception):
+    """
+    Any error having to do with uploading files.
+    """
+
+    pass
+
+
+class StopUpload(UploadFileException):
+    """
+    This exception is raised when an upload must abort.
+    """
+
+    def __init__(self, connection_reset=False):
+        """
+        If ``connection_reset`` is ``True``, Plain knows will halt the upload
+        without consuming the rest of the upload. This will cause the browser to
+        show a "connection reset" error.
+        """
+        self.connection_reset = connection_reset
+
+    def __str__(self):
+        if self.connection_reset:
+            return "StopUpload: Halt current upload."
+        else:
+            return "StopUpload: Consume request data, then halt."
+
+
+class SkipFile(UploadFileException):
+    """
+    This exception is raised by an upload handler that wants to skip a given file.
+    """
+
+    pass
+
+
+class StopFutureHandlers(UploadFileException):
+    """
+    Upload handlers that have handled a file and do not want future handlers to
+    run should raise this exception instead of returning None.
+    """
+
+    pass
+
+
+class FileUploadHandler:
+    """
+    Base class for streaming upload handlers.
+    """
+
+    chunk_size = 64 * 2**10  # : The default chunk size is 64 KB.
+
+    def __init__(self, request=None):
+        self.file_name = None
+        self.content_type = None
+        self.content_length = None
+        self.charset = None
+        self.content_type_extra = None
+        self.request = request
+
+    def handle_raw_input(
+        self, input_data, META, content_length, boundary, encoding=None
+    ):
+        """
+        Handle the raw input from the client.
+
+        Parameters:
+
+            :input_data:
+                An object that supports reading via .read().
+            :META:
+                ``request.META``.
+            :content_length:
+                The (integer) value of the Content-Length header from the
+                client.
+            :boundary: The boundary from the Content-Type header. Be sure to
+                prepend two '--'.
+        """
+        pass
+
+    def new_file(
+        self,
+        field_name,
+        file_name,
+        content_type,
+        content_length,
+        charset=None,
+        content_type_extra=None,
+    ):
+        """
+        Signal that a new file has been started.
+
+        Warning: As with any data from the client, you should not trust
+        content_length (and sometimes won't even get it).
+        """
+        self.field_name = field_name
+        self.file_name = file_name
+        self.content_type = content_type
+        self.content_length = content_length
+        self.charset = charset
+        self.content_type_extra = content_type_extra
+
+    def receive_data_chunk(self, raw_data, start):
+        """
+        Receive data from the streamed upload parser. ``start`` is the position
+        in the file of the chunk.
+        """
+        raise NotImplementedError(
+            "subclasses of FileUploadHandler must provide a receive_data_chunk() method"
+        )
+
+    def file_complete(self, file_size):
+        """
+        Signal that a file has completed. File size corresponds to the actual
+        size accumulated by all the chunks.
+
+        Subclasses should return a valid ``UploadedFile`` object.
+        """
+        raise NotImplementedError(
+            "subclasses of FileUploadHandler must provide a file_complete() method"
+        )
+
+    def upload_complete(self):
+        """
+        Signal that the upload is complete. Subclasses should perform cleanup
+        that is necessary for this handler.
+        """
+        pass
+
+    def upload_interrupted(self):
+        """
+        Signal that the upload was interrupted. Subclasses should perform
+        cleanup that is necessary for this handler.
+        """
+        pass
+
+
+class TemporaryFileUploadHandler(FileUploadHandler):
+    """
+    Upload handler that streams data into a temporary file.
+    """
+
+    def new_file(self, *args, **kwargs):
+        """
+        Create the file object to append to as data is coming in.
+        """
+        super().new_file(*args, **kwargs)
+        self.file = TemporaryUploadedFile(
+            self.file_name, self.content_type, 0, self.charset, self.content_type_extra
+        )
+
+    def receive_data_chunk(self, raw_data, start):
+        self.file.write(raw_data)
+
+    def file_complete(self, file_size):
+        self.file.seek(0)
+        self.file.size = file_size
+        return self.file
+
+    def upload_interrupted(self):
+        if hasattr(self, "file"):
+            temp_location = self.file.temporary_file_path()
+            try:
+                self.file.close()
+                os.remove(temp_location)
+            except FileNotFoundError:
+                pass
+
+
+class MemoryFileUploadHandler(FileUploadHandler):
+    """
+    File upload handler to stream uploads into memory (used for small files).
+    """
+
+    def handle_raw_input(
+        self, input_data, META, content_length, boundary, encoding=None
+    ):
+        """
+        Use the content_length to signal whether or not this handler should be
+        used.
+        """
+        # Check the content-length header to see if we should
+        # If the post is too large, we cannot use the Memory handler.
+        self.activated = content_length <= settings.FILE_UPLOAD_MAX_MEMORY_SIZE
+
+    def new_file(self, *args, **kwargs):
+        super().new_file(*args, **kwargs)
+        if self.activated:
+            self.file = BytesIO()
+            raise StopFutureHandlers()
+
+    def receive_data_chunk(self, raw_data, start):
+        """Add the data to the BytesIO file."""
+        if self.activated:
+            self.file.write(raw_data)
+        else:
+            return raw_data
+
+    def file_complete(self, file_size):
+        """Return a file object if this handler is activated."""
+        if not self.activated:
+            return
+
+        self.file.seek(0)
+        return InMemoryUploadedFile(
+            file=self.file,
+            field_name=self.field_name,
+            name=self.file_name,
+            content_type=self.content_type,
+            size=file_size,
+            charset=self.charset,
+            content_type_extra=self.content_type_extra,
+        )
+
+
+def load_handler(path, *args, **kwargs):
+    """
+    Given a path to a handler, return an instance of that handler.
+
+    E.g.::
+        >>> from plain.http import HttpRequest
+        >>> request = HttpRequest()
+        >>> load_handler(
+        ...     'plain.internal.files.uploadhandler.TemporaryFileUploadHandler',
+        ...     request,
+        ... )
+        <TemporaryFileUploadHandler object at 0x...>
+    """
+    return import_string(path)(*args, **kwargs)

plain/internal/files/utils.py

@@ -0,0 +1,78 @@
+import os
+import pathlib
+
+from plain.exceptions import SuspiciousFileOperation
+
+
+def validate_file_name(name, allow_relative_path=False):
+    # Remove potentially dangerous names
+    if os.path.basename(name) in {"", ".", ".."}:
+        raise SuspiciousFileOperation("Could not derive file name from '%s'" % name)
+
+    if allow_relative_path:
+        # Use PurePosixPath() because this branch is checked only in
+        # FileField.generate_filename() where all file paths are expected to be
+        # Unix style (with forward slashes).
+        path = pathlib.PurePosixPath(name)
+        if path.is_absolute() or ".." in path.parts:
+            raise SuspiciousFileOperation(
+                "Detected path traversal attempt in '%s'" % name
+            )
+    elif name != os.path.basename(name):
+        raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
+
+    return name
+
+
+class FileProxyMixin:
+    """
+    A mixin class used to forward file methods to an underlying file
+    object.  The internal file object has to be called "file"::
+
+        class FileProxy(FileProxyMixin):
+            def __init__(self, file):
+                self.file = file
+    """
+
+    encoding = property(lambda self: self.file.encoding)
+    fileno = property(lambda self: self.file.fileno)
+    flush = property(lambda self: self.file.flush)
+    isatty = property(lambda self: self.file.isatty)
+    newlines = property(lambda self: self.file.newlines)
+    read = property(lambda self: self.file.read)
+    readinto = property(lambda self: self.file.readinto)
+    readline = property(lambda self: self.file.readline)
+    readlines = property(lambda self: self.file.readlines)
+    seek = property(lambda self: self.file.seek)
+    tell = property(lambda self: self.file.tell)
+    truncate = property(lambda self: self.file.truncate)
+    write = property(lambda self: self.file.write)
+    writelines = property(lambda self: self.file.writelines)
+
+    @property
+    def closed(self):
+        return not self.file or self.file.closed
+
+    def readable(self):
+        if self.closed:
+            return False
+        if hasattr(self.file, "readable"):
+            return self.file.readable()
+        return True
+
+    def writable(self):
+        if self.closed:
+            return False
+        if hasattr(self.file, "writable"):
+            return self.file.writable()
+        return "w" in getattr(self.file, "mode", "")
+
+    def seekable(self):
+        if self.closed:
+            return False
+        if hasattr(self.file, "seekable"):
+            return self.file.seekable()
+        return True
+
+    def __iter__(self):
+        return iter(self.file)

plain/internal/handlers/base.py

@@ -0,0 +1,133 @@
+import logging
+import types
+
+from plain.exceptions import ImproperlyConfigured
+from plain.logs import log_response
+from plain.runtime import settings
+from plain.signals import request_finished
+from plain.urls import get_resolver, set_urlconf
+from plain.utils.module_loading import import_string
+
+from .exception import convert_exception_to_response
+
+logger = logging.getLogger("plain.request")
+
+
+class BaseHandler:
+    _view_middleware = None
+    _middleware_chain = None
+
+    def load_middleware(self):
+        """
+        Populate middleware lists from settings.MIDDLEWARE.
+
+        Must be called after the environment is fixed (see __call__ in subclasses).
+        """
+        self._view_middleware = []
+
+        get_response = self._get_response
+        handler = convert_exception_to_response(get_response)
+        for middleware_path in reversed(settings.MIDDLEWARE):
+            middleware = import_string(middleware_path)
+            mw_instance = middleware(handler)
+
+            if mw_instance is None:
+                raise ImproperlyConfigured(
+                    "Middleware factory %s returned None." % middleware_path
+                )
+
+            if hasattr(mw_instance, "process_view"):
+                self._view_middleware.insert(
+                    0,
+                    mw_instance.process_view,
+                )
+
+            handler = convert_exception_to_response(mw_instance)
+
+        # We only assign to this when initialization is complete as it is used
+        # as a flag for initialization being complete.
+        self._middleware_chain = handler
+
+    def get_response(self, request):
+        """Return a Response object for the given HttpRequest."""
+        # Setup default url resolver for this thread
+        set_urlconf(settings.ROOT_URLCONF)
+        response = self._middleware_chain(request)
+        response._resource_closers.append(request.close)
+        if response.status_code >= 400:
+            log_response(
+                "%s: %s",
+                response.reason_phrase,
+                request.path,
+                response=response,
+                request=request,
+            )
+        return response
+
+    def _get_response(self, request):
+        """
+        Resolve and call the view, then apply view, exception, and
+        template_response middleware. This method is everything that happens
+        inside the request/response middleware.
+        """
+        response = None
+        callback, callback_args, callback_kwargs = self.resolve_request(request)
+
+        # Apply view middleware
+        for middleware_method in self._view_middleware:
+            response = middleware_method(
+                request, callback, callback_args, callback_kwargs
+            )
+            if response:
+                break
+
+        if response is None:
+            response = callback(request, *callback_args, **callback_kwargs)
+
+        # Complain if the view returned None (a common error).
+        self.check_response(response, callback)
+
+        return response
+
+    def resolve_request(self, request):
+        """
+        Retrieve/set the urlconf for the request. Return the view resolved,
+        with its args and kwargs.
+        """
+        # Work out the resolver.
+        if hasattr(request, "urlconf"):
+            urlconf = request.urlconf
+            set_urlconf(urlconf)
+            resolver = get_resolver(urlconf)
+        else:
+            resolver = get_resolver()
+        # Resolve the view, and assign the match object back to the request.
+        resolver_match = resolver.resolve(request.path_info)
+        request.resolver_match = resolver_match
+        return resolver_match
+
+    def check_response(self, response, callback, name=None):
+        """
+        Raise an error if the view returned None or an uncalled coroutine.
+        """
+        if not name:
+            if isinstance(callback, types.FunctionType):  # FBV
+                name = f"The view {callback.__module__}.{callback.__name__}"
+            else:  # CBV
+                name = "The view {}.{}.__call__".format(
+                    callback.__module__,
+                    callback.__class__.__name__,
+                )
+        if response is None:
+            raise ValueError(
+                "%s didn't return a Response object. It returned None "
+                "instead." % name
+            )
+
+
+def reset_urlconf(sender, **kwargs):
+    """Reset the URLconf after each request is finished."""
+    set_urlconf(None)
+
+
+request_finished.connect(reset_urlconf)

plain/internal/handlers/exception.py

@@ -0,0 +1,145 @@
+import logging
+from functools import wraps
+
+from plain import signals
+from plain.exceptions import (
+    BadRequest,
+    PermissionDenied,
+    RequestDataTooBig,
+    SuspiciousOperation,
+    TooManyFieldsSent,
+    TooManyFilesSent,
+)
+from plain.http import Http404, ResponseServerError
+from plain.http.multipartparser import MultiPartParserError
+from plain.logs import log_response
+from plain.runtime import settings
+from plain.utils.module_loading import import_string
+from plain.views.errors import ErrorView
+
+
+def convert_exception_to_response(get_response):
+    """
+    Wrap the given get_response callable in exception-to-response conversion.
+
+    All exceptions will be converted. All known 4xx exceptions (Http404,
+    PermissionDenied, MultiPartParserError, SuspiciousOperation) will be
+    converted to the appropriate response, and all other exceptions will be
+    converted to 500 responses.
+
+    This decorator is automatically applied to all middleware to ensure that
+    no middleware leaks an exception and that the next middleware in the stack
+    can rely on getting a response instead of an exception.
+    """
+
+    @wraps(get_response)
+    def inner(request):
+        try:
+            response = get_response(request)
+        except Exception as exc:
+            response = response_for_exception(request, exc)
+        return response
+
+    return inner
+
+
+def response_for_exception(request, exc):
+    if isinstance(exc, Http404):
+        response = get_exception_response(request, 404)
+
+    elif isinstance(exc, PermissionDenied):
+        response = get_exception_response(request, 403)
+        log_response(
+            "Forbidden (Permission denied): %s",
+            request.path,
+            response=response,
+            request=request,
+            exception=exc,
+        )
+
+    elif isinstance(exc, MultiPartParserError):
+        response = get_exception_response(request, 400)
+        log_response(
+            "Bad request (Unable to parse request body): %s",
+            request.path,
+            response=response,
+            request=request,
+            exception=exc,
+        )
+
+    elif isinstance(exc, BadRequest):
+        response = get_exception_response(request, 400)
+        log_response(
+            "%s: %s",
+            str(exc),
+            request.path,
+            response=response,
+            request=request,
+            exception=exc,
+        )
+    elif isinstance(exc, SuspiciousOperation):
+        if isinstance(exc, RequestDataTooBig | TooManyFieldsSent | TooManyFilesSent):
+            # POST data can't be accessed again, otherwise the original
+            # exception would be raised.
+            request._mark_post_parse_error()
+
+        # The request logger receives events for any problematic request
+        # The security logger receives events for all SuspiciousOperations
+        security_logger = logging.getLogger(
+            "plain.security.%s" % exc.__class__.__name__
+        )
+        security_logger.error(
+            str(exc),
+            exc_info=exc,
+            extra={"status_code": 400, "request": request},
+        )
+        response = get_exception_response(request, 400)
+
+    else:
+        signals.got_request_exception.send(sender=None, request=request)
+        response = get_exception_response(request, 500)
+        log_response(
+            "%s: %s",
+            response.reason_phrase,
+            request.path,
+            response=response,
+            request=request,
+            exception=exc,
+        )
+
+    # Force a TemplateResponse to be rendered.
+    if not getattr(response, "is_rendered", True) and callable(
+        getattr(response, "render", None)
+    ):
+        response = response.render()
+
+    return response
+
+
+def get_exception_response(request, status_code):
+    try:
+        return get_error_view(status_code)(request)
+    except Exception:
+        signals.got_request_exception.send(sender=None, request=request)
+        return handle_uncaught_exception()
+
+
+def handle_uncaught_exception():
+    """
+    Processing for any otherwise uncaught exceptions (those that will
+    generate HTTP 500 responses).
+    """
+    return ResponseServerError()
+
+
+def get_error_view(status_code):
+    views_by_status = settings.HTTP_ERROR_VIEWS
+    if status_code in views_by_status:
+        view = views_by_status[status_code]
+        if isinstance(view, str):
+            # Import the view if it's a string
+            view = import_string(view)
+        return view.as_view()
+
+    # Create a standard view for any other status code
+    return ErrorView.as_view(status_code=status_code)