plain 0.1.1__py3-none-any.whl → 0.2.0__py3-none-any.whl

plain/assets/views.py

@@ -0,0 +1,263 @@
+import functools
+import os
+from email.utils import formatdate, parsedate
+from io import BytesIO
+
+from plain.http import (
+    FileResponse,
+    Http404,
+    Response,
+    ResponseNotModified,
+    ResponseRedirect,
+    StreamingResponse,
+)
+from plain.runtime import settings
+from plain.urls import reverse
+from plain.views import View
+
+from .compile import FINGERPRINT_LENGTH
+from .finders import find_assets
+from .fingerprints import get_fingerprinted_url_path
+
+
+class AssetView(View):
+    """
+    Serve an asset file directly.
+
+    This class could be subclassed to further tweak the responses or behavior.
+    """
+
+    def get(self):
+        url_path = self.url_kwargs["path"]
+
+        # Make a trailing slash work, but we don't expect it
+        url_path = url_path.rstrip("/")
+
+        if settings.DEBUG and False:
+            absolute_path = self.get_debug_asset_path(url_path)
+        else:
+            absolute_path = self.get_asset_path(url_path)
+
+            if settings.ASSETS_REDIRECT_ORIGINAL:
+                if redirect_response := self.get_redirect_response(url_path):
+                    return redirect_response
+
+        self.check_asset_path(absolute_path)
+
+        if encoded_path := self.get_encoded_path(absolute_path):
+            absolute_path = encoded_path
+
+        if range_response := self.get_range_response(absolute_path):
+            return range_response
+
+        if not_modified_response := self.get_conditional_response(absolute_path):
+            return not_modified_response
+
+        response = FileResponse(
+            open(absolute_path, "rb"),
+            filename=os.path.basename(absolute_path),  # Used for Content-Type
+        )
+        response.headers = self.update_headers(response.headers, absolute_path)
+        return response
+
+    def get_asset_path(self, path):
+        """Get the path to the compiled asset"""
+        compiled_path = os.path.abspath(settings.ASSETS_COMPILED_PATH)
+        asset_path = os.path.join(compiled_path, path)
+
+        # Make sure we don't try to escape the compiled assests path
+        if not os.path.commonpath([compiled_path, asset_path]) == compiled_path:
+            raise Http404("Asset not found")
+
+        return asset_path
+
+    def get_debug_asset_path(self, path):
+        """Make a "live" check to find the uncompiled asset in the filesystem"""
+        if asset := find_assets().get(path):
+            return asset.absolute_path
+
+    def check_asset_path(self, path):
+        if not path:
+            raise Http404("Asset not found")
+
+        if not os.path.exists(path):
+            raise Http404("Asset not found")
+
+        if os.path.isdir(path):
+            raise Http404("Asset is a directory")
+
+    @functools.cache
+    def get_last_modified(self, path):
+        try:
+            mtime = os.path.getmtime(path)
+        except OSError:
+            mtime = None
+
+        if mtime:
+            return formatdate(mtime, usegmt=True)
+
+    @functools.cache
+    def get_etag(self, path):
+        try:
+            mtime = os.path.getmtime(path)
+        except OSError:
+            mtime = None
+
+        timestamp = int(mtime)
+        size = self.get_size(path)
+        return f'"{timestamp:x}-{size:x}"'
+
+    @functools.cache
+    def get_size(self, path):
+        return os.path.getsize(path)
+
+    def update_headers(self, headers, path):
+        headers.setdefault("Access-Control-Allow-Origin", "*")
+
+        # Always vary on Accept-Encoding
+        vary = headers.get("Vary")
+        if not vary:
+            headers["Vary"] = "Accept-Encoding"
+        elif vary == "*":
+            pass
+        elif "Accept-Encoding" not in vary:
+            headers["Vary"] = vary + ", Accept-Encoding"
+
+        # If the file is compressed, tell the browser
+        if path.endswith(".gz"):
+            headers.setdefault("Content-Encoding", "gzip")
+        elif path.endswith(".br"):
+            headers.setdefault("Content-Encoding", "br")
+
+        is_immutable = self.is_immutable(path)
+
+        if is_immutable:
+            max_age = 10 * 365 * 24 * 60 * 60  # 10 years
+            headers.setdefault("Cache-Control", f"max-age={max_age}, immutable")
+        elif settings.DEBUG:
+            # In development, cache for 1 second to avoid re-fetching the same file
+            headers.setdefault("Cache-Control", "max-age=0")
+        else:
+            # Tell the browser to cache the file for 60 seconds if nothing else
+            headers.setdefault("Cache-Control", "max-age=60")
+
+        if not is_immutable:
+            if last_modified := self.get_last_modified(path):
+                headers.setdefault("Last-Modified", last_modified)
+            if etag := self.get_etag(path):
+                headers.setdefault("ETag", etag)
+
+        return headers
+
+    def is_immutable(self, path):
+        """
+        Determine whether an asset looks like it is immutable.
+
+        Pattern matching based on fingerprinted filenames:
+        - main.{fingerprint}.css
+        - main.{fingerprint}.css.gz
+        """
+        base = os.path.basename(path)
+        extension = None
+        while extension != "":
+            base, extension = os.path.splitext(base)
+            if len(extension) == FINGERPRINT_LENGTH + 1 and extension[1:].isalnum():
+                return True
+
+        return False
+
+    def get_encoded_path(self, path):
+        """
+        If the client supports compression, return the path to the compressed file.
+        Otherwise, return the original path.
+        """
+        accept_encoding = self.request.headers.get("Accept-Encoding")
+        if not accept_encoding:
+            return
+
+        if "br" in accept_encoding:
+            br_path = path + ".br"
+            if os.path.exists(br_path):
+                return br_path
+
+        if "gzip" in accept_encoding:
+            gzip_path = path + ".gz"
+            if os.path.exists(gzip_path):
+                return gzip_path
+
+    def get_redirect_response(self, path):
+        """If the asset is not found, try to redirect to the fingerprinted path"""
+        fingerprinted_url_path = get_fingerprinted_url_path(path)
+
+        if not fingerprinted_url_path or fingerprinted_url_path == path:
+            # Don't need to redirect if there is no fingerprinted path,
+            # or we're already looking at it.
+            return
+
+        from .urls import default_namespace
+
+        return ResponseRedirect(
+            redirect_to=reverse(
+                f"{default_namespace}:asset", args=[fingerprinted_url_path]
+            ),
+            headers={
+                "Cache-Control": "max-age=60",  # Can cache this for a short time, but the fingerprinted path can change
+            },
+        )
+
+    def get_conditional_response(self, path):
+        """
+        Support conditional requests (HTTP 304 response) based on ETag and Last-Modified headers.
+        """
+        if self.request.headers.get("If-None-Match") == self.get_etag(path):
+            response = ResponseNotModified()
+            response.headers = self.update_headers(response.headers, path)
+            return response
+
+        if "If-Modified-Since" in self.request.headers:
+            if_modified_since = parsedate(self.request.headers["If-Modified-Since"])
+            last_modified = parsedate(self.get_last_modified(path))
+            if (
+                if_modified_since
+                and last_modified
+                and if_modified_since >= last_modified
+            ):
+                response = ResponseNotModified()
+                response.headers = self.update_headers(response.headers, path)
+                return response
+
+    def get_range_response(self, path):
+        """
+        Support range requests (HTTP 206 response).
+        """
+        range_header = self.request.headers.get("HTTP_RANGE")
+        if not range_header:
+            return None
+
+        file_size = self.get_size(path)
+
+        if not range_header.startswith("bytes="):
+            return Response(
+                status=416, headers=[("Content-Range", f"bytes */{file_size}")]
+            )
+
+        range_values = range_header.split("=")[1].split("-")
+        start = int(range_values[0]) if range_values[0] else 0
+        end = int(range_values[1]) if range_values[1] else float("inf")
+
+        if start >= file_size:
+            return Response(
+                status=416, headers=[("Content-Range", f"bytes */{file_size}")]
+            )
+
+        end = min(end, file_size - 1)
+
+        with open(path, "rb") as f:
+            f.seek(start)
+            content = f.read(end - start + 1)
+
+        response = StreamingResponse(BytesIO(content), status=206)
+        response.headers = self.update_headers(response.headers, path)
+        response.headers["Content-Range"] = f"bytes {start}-{end}/{file_size}"
+        response.headers["Content-Length"] = str(end - start + 1)
+        return response

plain/cli/cli.py

@@ -1,6 +1,7 @@
 import importlib
 import json
 import os
+import shutil
 import subprocess
 import sys
 import traceback
@@ -12,7 +13,9 @@ from click.core import Command, Context
 
 import plain.runtime
 from plain import preflight
+from plain.assets.compile import compile_assets
 from plain.packages import packages
+from plain.runtime import settings
 
 from .formatting import PlainContext
 from .packages import EntryPointGroup, InstalledPackagesGroup
@@ -270,16 +273,44 @@ def preflight_checks(package_label, deploy, fail_level, databases):
 
 
 @plain_cli.command()
-@click.pass_context
-def compile(ctx):
+@click.option(
+    "--keep-original/--no-keep-original",
+    "keep_original",
+    is_flag=True,
+    default=False,
+    help="Keep the original assets",
+)
+@click.option(
+    "--fingerprint/--no-fingerprint",
+    "fingerprint",
+    is_flag=True,
+    default=True,
+    help="Fingerprint the assets",
+)
+@click.option(
+    "--compress/--no-compress",
+    "compress",
+    is_flag=True,
+    default=True,
+    help="Compress the assets",
+)
+def compile(keep_original, fingerprint, compress):
     """Compile static assets"""
 
-    # TODO preflight for assets only?
+    if not keep_original and not fingerprint:
+        click.secho(
+            "You must either keep the original assets or fingerprint them.",
+            fg="red",
+            err=True,
+        )
+        sys.exit(1)
 
     # TODO make this an entrypoint instead
     # Compile our Tailwind CSS (including templates in plain itself)
     if find_spec("plain.tailwind") is not None:
+        click.secho("Compiling Tailwind CSS", bold=True)
         result = subprocess.run(["plain", "tailwind", "compile", "--minify"])
+        print()
         if result.returncode:
             click.secho(
                 f"Error compiling Tailwind CSS (exit {result.returncode})", fg="red"
@@ -295,15 +326,47 @@ def compile(ctx):
             package = json.load(f)
 
         if package.get("scripts", {}).get("compile"):
+            click.secho("Running `npm run compile`", bold=True)
             result = subprocess.run(["npm", "run", "compile"])
+            print()
             if result.returncode:
                 click.secho(
                     f"Error in `npm run compile` (exit {result.returncode})", fg="red"
                 )
                 sys.exit(result.returncode)
 
-    # Run the regular collectstatic
-    ctx.invoke(legacy_alias, legacy_args=["collectstatic", "--noinput"])
+    # Compile our assets
+    compiled_target_dir = settings.ASSETS_COMPILED_PATH
+    click.secho(f"Compiling assets to {compiled_target_dir}", bold=True)
+    if compiled_target_dir.exists():
+        click.secho("(clearing previously compiled assets)")
+        shutil.rmtree(compiled_target_dir)
+    compiled_target_dir.mkdir(parents=True, exist_ok=True)
+
+    total_files = 0
+    total_compiled = 0
+
+    for url_path, resolved_url_path, compiled_paths in compile_assets(
+        target_dir=compiled_target_dir,
+        keep_original=keep_original,
+        fingerprint=fingerprint,
+        compress=compress,
+    ):
+        if url_path == resolved_url_path:
+            click.secho(url_path, bold=True)
+        else:
+            click.secho(url_path, bold=True, nl=False)
+            click.secho(" → ", fg="yellow", nl=False)
+            click.echo(resolved_url_path)
+
+        print("\n".join(f"  {Path(p).relative_to(Path.cwd())}" for p in compiled_paths))
+
+        total_files += 1
+        total_compiled += len(compiled_paths)
+
+    click.secho(
+        f"Compiled {total_files} assets into {total_compiled} files", fg="green"
+    )
 
 
 @plain_cli.command()

plain/csrf/README.md

@@ -1,3 +1,15 @@
 # CSRF
 
 Cross-Site Request Forgery (CSRF) protection.
+
+## What is CSRF protection?
+
+TODO
+
+## Using CSRF in forms
+
+TODO
+
+## Using CSRF in JavaScript requests
+
+TODO

plain/packages/config.py

@@ -15,11 +15,11 @@ class PackageConfig:
     migrations_module = "migrations"
 
     def __init__(self, package_name, package_module):
-        # Full Python path to the application e.g. 'plain.staff.admin.admin'.
+        # Full Python path to the application e.g. 'plain.staff.admin'.
         self.name = package_name
 
-        # Root module for the application e.g. <module 'plain.staff.admin.admin'
-        # from 'admin/__init__.py'>.
+        # Root module for the application e.g. <module 'plain.staff.admin'
+        # from 'staff/__init__.py'>.
         self.module = package_module
 
         # Reference to the Packages registry that holds this PackageConfig. Set by the
@@ -43,8 +43,8 @@ class PackageConfig:
         if not hasattr(self, "path"):
             self.path = self._path_from_module(package_module)
 
-        # Module containing models e.g. <module 'plain.staff.admin.models'
-        # from 'admin/models.py'>. Set by import_models().
+        # Module containing models e.g. <module 'plain.staff.models'
+        # from 'staff/models.py'>. Set by import_models().
         # None if the application doesn't have a models module.
         self.models_module = None
 

plain/packages/registry.py

@@ -243,7 +243,7 @@ class Packages:
         """
         Check whether an application with this name exists in the registry.
 
-        package_name is the full name of the app e.g. 'plain.staff.admin'.
+        package_name is the full name of the app e.g. 'plain.staff'.
         """
         self.check_packages_ready()
         return any(ac.name == package_name for ac in self.package_configs.values())
@@ -363,12 +363,6 @@ class Packages:
         self.clear_cache()
         self.populate(installed)
 
-    def unset_installed_packages(self):
-        """Cancel a previous call to set_installed_packages()."""
-        self.package_configs = self.stored_package_configs.pop()
-        self.packages_ready = self.models_ready = self.ready = True
-        self.clear_cache()
-
     def clear_cache(self):
         """
         Clear all internal caches, for methods that alter the app registry.

plain/preflight/urls.py

@@ -100,16 +100,6 @@ def get_warning_for_invalid_pattern(pattern):
     ]
 
 
-@register
-def check_url_settings(package_configs, **kwargs):
-    errors = []
-    for name in ("ASSETS_URL",):
-        value = getattr(settings, name)
-        if value and not value.endswith("/"):
-            errors.append(E006(name))
-    return errors
-
-
 def E006(name):
     return Error(
         f"The {name} setting must end with a slash.",

plain/runtime/README.md

@@ -55,7 +55,6 @@ DEBUG = environ.get("DEBUG", "false").lower() in ("true", "1", "yes")
 
 MIDDLEWARE = [
     "plain.middleware.security.SecurityMiddleware",
-    "plain.assets.whitenoise.middleware.WhiteNoiseMiddleware",
     "plain.sessions.middleware.SessionMiddleware",
     "plain.middleware.common.CommonMiddleware",
     "plain.csrf.middleware.CsrfViewMiddleware",

plain/runtime/__init__.py

@@ -8,7 +8,7 @@ from dotenv import load_dotenv
 from .user_settings import LazySettings
 
 try:
-    __version__ = importlib.metadata.version("plainframework")
+    __version__ = importlib.metadata.version("plain")
 except importlib.metadata.PackageNotFoundError:
     __version__ = "dev"
 

plain/runtime/global_settings.py

@@ -112,7 +112,6 @@ SECURE_PROXY_SSL_HEADER = None
 # phase the middleware will be applied in reverse order.
 MIDDLEWARE = [
     "plain.middleware.security.SecurityMiddleware",
-    "plain.assets.whitenoise.middleware.WhiteNoiseMiddleware",
     "plain.middleware.common.CommonMiddleware",
     "plain.csrf.middleware.CsrfViewMiddleware",
     "plain.middleware.clickjacking.XFrameOptionsMiddleware",
@@ -151,22 +150,16 @@ LOGGING = {}
 # ASSETS #
 ###############
 
-ASSETS_BACKEND = "plain.assets.whitenoise.storage.CompressedManifestStaticFilesStorage"
-
-# List of finder classes that know how to find assets files in
-# various locations.
-ASSETS_FINDERS = [
-    "plain.assets.finders.FileSystemFinder",
-    "plain.assets.finders.PackageDirectoriesFinder",
-]
-
 # Absolute path to the directory assets files should be collected to.
 # Example: "/var/www/example.com/assets/"
-ASSETS_ROOT = PLAIN_TEMP_PATH / "assets_collected"
+ASSETS_COMPILED_PATH = PLAIN_TEMP_PATH / "assets" / "compiled"
+
+# Whether to redirect the original asset path to the fingerprinted path.
+ASSETS_REDIRECT_ORIGINAL = True
 
-# URL that handles the assets files served from ASSETS_ROOT.
-# Example: "http://example.com/assets/", "http://assets.example.com/"
-ASSETS_URL = "/assets/"
+# If assets are served by a CDN, use this URL to prefix asset paths.
+# Ex. "https://cdn.example.com/assets/"
+ASSETS_BASE_URL: str = ""
 
 ####################
 # PREFLIGHT CHECKS #

plain/runtime/user_settings.py

@@ -302,52 +302,3 @@ class Settings:
 
     def __repr__(self):
         return f'<{self.__class__.__name__} "{self.SETTINGS_MODULE}">'
-
-
-# Currently used for test settings override... nothing else
-class UserSettingsHolder:
-    """Holder for user configured settings."""
-
-    # SETTINGS_MODULE doesn't make much sense in the manually configured
-    # (standalone) case.
-    SETTINGS_MODULE = None
-
-    def __init__(self, default_settings):
-        """
-        Requests for configuration variables not in this class are satisfied
-        from the module specified in default_settings (if possible).
-        """
-        self.__dict__["_deleted"] = set()
-        self.default_settings = default_settings
-
-    def __getattr__(self, name):
-        if not name.isupper() or name in self._deleted:
-            raise AttributeError
-        return getattr(self.default_settings, name)
-
-    def __setattr__(self, name, value):
-        self._deleted.discard(name)
-        super().__setattr__(name, value)
-
-    def __delattr__(self, name):
-        self._deleted.add(name)
-        if hasattr(self, name):
-            super().__delattr__(name)
-
-    def __dir__(self):
-        return sorted(
-            s
-            for s in [*self.__dict__, *dir(self.default_settings)]
-            if s not in self._deleted
-        )
-
-    def is_overridden(self, setting):
-        deleted = setting in self._deleted
-        set_locally = setting in self.__dict__
-        set_on_default = getattr(
-            self.default_settings, "is_overridden", lambda s: False
-        )(setting)
-        return deleted or set_locally or set_on_default
-
-    def __repr__(self):
-        return f"<{self.__class__.__name__}>"

plain/templates/jinja/globals.py

@@ -1,4 +1,4 @@
-from plain.assets import get_asset_url
+from plain.assets.urls import get_asset_url
 from plain.paginator import Paginator
 from plain.utils import timezone
 

plain/test/__init__.py

@@ -1,16 +1,8 @@
 """Plain Unit Test framework."""
 
 from plain.test.client import Client, RequestFactory
-from plain.test.utils import (
-    ignore_warnings,
-    modify_settings,
-    override_settings,
-)
 
 __all__ = [
     "Client",
     "RequestFactory",
-    "ignore_warnings",
-    "modify_settings",
-    "override_settings",
 ]

plain/test/client.py

@@ -8,6 +8,7 @@ from http import HTTPStatus
 from http.cookies import SimpleCookie
 from importlib import import_module
 from io import BytesIO, IOBase
+from itertools import chain
 from urllib.parse import unquote_to_bytes, urljoin, urlparse, urlsplit
 
 from plain.http import HttpHeaders, HttpRequest, QueryDict
@@ -16,7 +17,6 @@ from plain.internal.handlers.wsgi import WSGIRequest
 from plain.json import PlainJSONEncoder
 from plain.runtime import settings
 from plain.signals import got_request_exception, request_started
-from plain.test.utils import ContextList
 from plain.urls import resolve
 from plain.utils.encoding import force_bytes
 from plain.utils.functional import SimpleLazyObject
@@ -40,6 +40,41 @@ CONTENT_TYPE_RE = _lazy_re_compile(r".*; charset=([\w-]+);?")
 JSON_CONTENT_TYPE_RE = _lazy_re_compile(r"^application\/(.+\+)?json")
 
 
+class ContextList(list):
+    """
+    A wrapper that provides direct key access to context items contained
+    in a list of context objects.
+    """
+
+    def __getitem__(self, key):
+        if isinstance(key, str):
+            for subcontext in self:
+                if key in subcontext:
+                    return subcontext[key]
+            raise KeyError(key)
+        else:
+            return super().__getitem__(key)
+
+    def get(self, key, default=None):
+        try:
+            return self.__getitem__(key)
+        except KeyError:
+            return default
+
+    def __contains__(self, key):
+        try:
+            self[key]
+        except KeyError:
+            return False
+        return True
+
+    def keys(self):
+        """
+        Flattened keys of subcontexts.
+        """
+        return set(chain.from_iterable(d for subcontext in self for d in subcontext))
+
+
 class RedirectCycleError(Exception):
     """The test client has been asked to follow a redirect loop."""
 
@@ -550,21 +585,6 @@ class ClientMixin:
         self.cookies[settings.SESSION_COOKIE_NAME] = session.session_key
         return session
 
-    def login(self, **credentials):
-        """
-        Set the Factory to appear as if it has successfully logged into a site.
-
-        Return True if login is possible or False if the provided credentials
-        are incorrect.
-        """
-        from plain.auth import authenticate
-
-        user = authenticate(**credentials)
-        if user:
-            self._login(user)
-            return True
-        return False
-
     def force_login(self, user):
         self._login(user)