plain 0.17.0__tar.gz → 0.19.0__tar.gz

{plain-0.17.0 → plain-0.19.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain
-Version: 0.17.0
+Version: 0.19.0
 Summary: A web framework for building products with Python.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

{plain-0.17.0 → plain-0.19.0}/plain/assets/views.py

@@ -28,8 +28,11 @@ class AssetView(View):
     This class could be subclassed to further tweak the responses or behavior.
     """
 
+    def get_url_path(self):
+        return self.url_kwargs["path"]
+
     def get(self):
-        url_path = self.url_kwargs["path"]
+        url_path = self.get_url_path()
 
         # Make a trailing slash work, but we don't expect it
         url_path = url_path.rstrip("/")

{plain-0.17.0 → plain-0.19.0}/plain/cli/cli.py

@@ -1,9 +1,9 @@
 import importlib
-import json
 import os
 import shutil
 import subprocess
 import sys
+import tomllib
 import traceback
 from importlib.metadata import entry_points
 from importlib.util import find_spec
@@ -292,22 +292,23 @@ def compile(keep_original, fingerprint, compress):
         result = entry_point.load()()
         print()
 
-    # TODO also look in [tool.plain.compile.run]
-
-    # Run a "compile" script from package.json automatically
-    package_json = Path("package.json")
-    if package_json.exists():
-        with package_json.open() as f:
-            package = json.load(f)
-
-        if package.get("scripts", {}).get("compile"):
-            click.secho("Running `npm run compile`", bold=True)
-            result = subprocess.run(["npm", "run", "compile"])
+    pyproject_path = plain.runtime.APP_PATH.parent / "pyproject.toml"
+    if pyproject_path.exists():
+        with pyproject_path.open("rb") as f:
+            pyproject = tomllib.load(f)
+
+        for name, data in (
+            pyproject.get("tool", {})
+            .get("plain", {})
+            .get("compile", {})
+            .get("run", {})
+            .items()
+        ):
+            click.secho(f"Running {name} from pyproject.toml", bold=True)
+            result = subprocess.run(data["cmd"], shell=True)
             print()
             if result.returncode:
-                click.secho(
-                    f"Error in `npm run compile` (exit {result.returncode})", fg="red"
-                )
+                click.secho(f"Error in {name} (exit {result.returncode})", fg="red")
                 sys.exit(result.returncode)
 
     # Compile our assets

{plain-0.17.0 → plain-0.19.0}/plain/csrf/middleware.py

@@ -180,6 +180,9 @@ class CsrfViewMiddleware:
                 # saved anyways.
                 request.META["CSRF_COOKIE"] = csrf_secret
 
+        if csrf_response := self._get_csrf_response(request):
+            return csrf_response
+
         response = self.get_response(request)
 
         if request.META.get("CSRF_COOKIE_NEEDS_UPDATE"):
@@ -395,23 +398,16 @@ class CsrfViewMiddleware:
             reason = self._bad_token_message("incorrect", token_source)
             raise RejectRequest(reason)
 
-    def process_view(self, request, callback, callback_args, callback_kwargs):
+    def _get_csrf_response(self, request):
         # Wait until request.META["CSRF_COOKIE"] has been manipulated before
         # bailing out, so that get_token still works
-        if getattr(callback, "csrf_exempt", False):
+        if getattr(request, "csrf_exempt", True):
             return None
 
         # Assume that anything not defined as 'safe' by RFC 9110 needs protection
         if request.method in ("GET", "HEAD", "OPTIONS", "TRACE"):
             return None
 
-        if getattr(request, "_dont_enforce_csrf_checks", False):
-            # Mechanism to turn off CSRF checks for test suite. It comes after
-            # the creation of CSRF cookies, so that everything else continues
-            # to work exactly the same (e.g. cookies are sent, etc.), but
-            # before any branches that call the _reject method.
-            return None
-
         # Reject the request if the Origin header doesn't match an allowed
         # value.
         if "HTTP_ORIGIN" in request.META:

plain-0.19.0/plain/csrf/views.py

@@ -0,0 +1,31 @@
+from plain.views import TemplateView
+
+
+class CsrfFailureView(TemplateView):
+    template_name = "403.html"
+
+    def get_response(self):
+        response = super().get_response()
+        response.status_code = 403
+        return response
+
+    def post(self):
+        return self.get()
+
+    def put(self):
+        return self.get()
+
+    def patch(self):
+        return self.get()
+
+    def delete(self):
+        return self.get()
+
+    def head(self):
+        return self.get()
+
+    def options(self):
+        return self.get()
+
+    def trace(self):
+        return self.get()

{plain-0.17.0 → plain-0.19.0}/plain/internal/handlers/base.py

@@ -23,7 +23,6 @@ BUILTIN_MIDDLEWARE = [
 
 
 class BaseHandler:
-    _view_middleware = None
     _middleware_chain = None
 
     def load_middleware(self):
@@ -32,8 +31,6 @@ class BaseHandler:
 
         Must be called after the environment is fixed (see __call__ in subclasses).
         """
-        self._view_middleware = []
-
         get_response = self._get_response
         handler = convert_exception_to_response(get_response)
 
@@ -48,12 +45,6 @@ class BaseHandler:
                     f"Middleware factory {middleware_path} returned None."
                 )
 
-            if hasattr(mw_instance, "process_view"):
-                self._view_middleware.insert(
-                    0,
-                    mw_instance.process_view,
-                )
-
             handler = convert_exception_to_response(mw_instance)
 
         # We only assign to this when initialization is complete as it is used
@@ -82,19 +73,9 @@ class BaseHandler:
         template_response middleware. This method is everything that happens
         inside the request/response middleware.
         """
-        response = None
         callback, callback_args, callback_kwargs = self.resolve_request(request)
 
-        # Apply view middleware
-        for middleware_method in self._view_middleware:
-            response = middleware_method(
-                request, callback, callback_args, callback_kwargs
-            )
-            if response:
-                break
-
-        if response is None:
-            response = callback(request, *callback_args, **callback_kwargs)
+        response = callback(request, *callback_args, **callback_kwargs)
 
         # Complain if the view returned None (a common error).
         self.check_response(response, callback)

{plain-0.17.0 → plain-0.19.0}/plain/test/client.py

@@ -177,7 +177,7 @@ class ClientHandler(BaseHandler):
         # CsrfViewMiddleware.  This makes life easier, and is probably
         # required for backwards compatibility with external tests against
         # admin views.
-        request._dont_enforce_csrf_checks = not self.enforce_csrf_checks
+        request.csrf_exempt = not self.enforce_csrf_checks
 
         # Request goes through middleware.
         response = self.get_response(request)

plain-0.19.0/plain/utils/decorators.py

@@ -0,0 +1,10 @@
+"Functions that help with dynamically creating decorators for views."
+
+
+class classonlymethod(classmethod):
+    def __get__(self, instance, cls=None):
+        if instance is not None:
+            raise AttributeError(
+                "This method is available only on the class, not on instances."
+            )
+        return super().__get__(instance, cls)

{plain-0.17.0 → plain-0.19.0}/plain/views/base.py

@@ -19,6 +19,18 @@ class View:
     url_args: tuple
     url_kwargs: dict
 
+    # By default, any of these are allowed if a method is defined for it.
+    allowed_http_methods = [
+        "get",
+        "post",
+        "put",
+        "patch",
+        "delete",
+        "head",
+        "options",
+        "trace",
+    ]
+
     def __init__(self, *args, **kwargs) -> None:
         # Views can customize their init, which receives
         # the args and kwargs from as_view()
@@ -42,9 +54,6 @@ class View:
             except ResponseException as e:
                 return e.response
 
-        # Copy possible attributes set by decorators, e.g. @csrf_exempt, from
-        # the dispatch method.
-        view.__dict__.update(cls.get_response.__dict__)
         view.view_class = cls
 
         return view
@@ -57,7 +66,7 @@ class View:
 
         handler = getattr(self, self.request.method.lower(), None)
 
-        if not handler:
+        if not handler or self.request.method.lower() not in self.allowed_http_methods:
             logger.warning(
                 "Method Not Allowed (%s): %s",
                 self.request.method,
@@ -100,14 +109,4 @@ class View:
         return response
 
     def _allowed_methods(self) -> list[str]:
-        known_http_method_names = [
-            "get",
-            "post",
-            "put",
-            "patch",
-            "delete",
-            "head",
-            "options",
-            "trace",
-        ]
-        return [m.upper() for m in known_http_method_names if hasattr(self, m)]
+        return [m.upper() for m in self.allowed_http_methods if hasattr(self, m)]

plain-0.19.0/plain/views/csrf.py

@@ -0,0 +1,4 @@
+class CsrfExemptViewMixin:
+    def setup(self, *args, **kwargs):
+        super().setup(*args, **kwargs)
+        self.request.csrf_exempt = True

{plain-0.17.0 → plain-0.19.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "plain"
-version = "0.17.0"
+version = "0.19.0"
 description = "A web framework for building products with Python."
 authors = [{name = "Dave Gaeddert", email = "dave.gaeddert@dropseed.dev"}]
 readme = "README.md"

plain-0.17.0/plain/csrf/views.py

@@ -1,10 +0,0 @@
-from plain.views import TemplateView
-
-
-class CsrfFailureView(TemplateView):
-    template_name = "403.html"
-
-    def get(self):
-        response = super().get()
-        response.status_code = 403
-        return response

plain-0.17.0/plain/utils/decorators.py

@@ -1,90 +0,0 @@
-"Functions that help with dynamically creating decorators for views."
-
-from functools import partial, update_wrapper, wraps
-
-
-class classonlymethod(classmethod):
-    def __get__(self, instance, cls=None):
-        if instance is not None:
-            raise AttributeError(
-                "This method is available only on the class, not on instances."
-            )
-        return super().__get__(instance, cls)
-
-
-def _update_method_wrapper(_wrapper, decorator):
-    # _multi_decorate()'s bound_method isn't available in this scope. Cheat by
-    # using it on a dummy function.
-    @decorator
-    def dummy(*args, **kwargs):
-        pass
-
-    update_wrapper(_wrapper, dummy)
-
-
-def _multi_decorate(decorators, method):
-    """
-    Decorate `method` with one or more function decorators. `decorators` can be
-    a single decorator or an iterable of decorators.
-    """
-    if hasattr(decorators, "__iter__"):
-        # Apply a list/tuple of decorators if 'decorators' is one. Decorator
-        # functions are applied so that the call order is the same as the
-        # order in which they appear in the iterable.
-        decorators = decorators[::-1]
-    else:
-        decorators = [decorators]
-
-    def _wrapper(self, *args, **kwargs):
-        # bound_method has the signature that 'decorator' expects i.e. no
-        # 'self' argument, but it's a closure over self so it can call
-        # 'func'. Also, wrap method.__get__() in a function because new
-        # attributes can't be set on bound method objects, only on functions.
-        bound_method = wraps(method)(partial(method.__get__(self, type(self))))
-        for dec in decorators:
-            bound_method = dec(bound_method)
-        return bound_method(*args, **kwargs)
-
-    # Copy any attributes that a decorator adds to the function it decorates.
-    for dec in decorators:
-        _update_method_wrapper(_wrapper, dec)
-    # Preserve any existing attributes of 'method', including the name.
-    update_wrapper(_wrapper, method)
-    return _wrapper
-
-
-def method_decorator(decorator, name=""):
-    """
-    Convert a function decorator into a method decorator
-    """
-
-    # 'obj' can be a class or a function. If 'obj' is a function at the time it
-    # is passed to _dec,  it will eventually be a method of the class it is
-    # defined on. If 'obj' is a class, the 'name' is required to be the name
-    # of the method that will be decorated.
-    def _dec(obj):
-        if not isinstance(obj, type):
-            return _multi_decorate(decorator, obj)
-        if not (name and hasattr(obj, name)):
-            raise ValueError(
-                "The keyword argument `name` must be the name of a method "
-                f"of the decorated class: {obj}. Got '{name}' instead."
-            )
-        method = getattr(obj, name)
-        if not callable(method):
-            raise TypeError(
-                f"Cannot decorate '{name}' as it isn't a callable attribute of "
-                f"{obj} ({method})."
-            )
-        _wrapper = _multi_decorate(decorator, method)
-        setattr(obj, name, _wrapper)
-        return obj
-
-    # Don't worry about making _dec look similar to a list/tuple as it's rather
-    # meaningless.
-    if not hasattr(decorator, "__iter__"):
-        update_wrapper(_dec, decorator)
-    # Change the name to aid debugging.
-    obj = decorator if hasattr(decorator, "__name__") else decorator.__class__
-    _dec.__name__ = f"method_decorator({obj.__name__})"
-    return _dec

plain-0.17.0/plain/views/csrf.py

@@ -1,24 +0,0 @@
-from functools import wraps
-
-from plain.utils.decorators import method_decorator
-
-
-def csrf_exempt(view_func):
-    """Mark a view function as being exempt from the CSRF view protection."""
-
-    # view_func.csrf_exempt = True would also work, but decorators are nicer
-    # if they don't have side effects, so return a new function.
-    @wraps(view_func)
-    def wrapper_view(*args, **kwargs):
-        return view_func(*args, **kwargs)
-
-    wrapper_view.csrf_exempt = True
-    return wrapper_view
-
-
-@method_decorator(csrf_exempt, name="get_response")
-class CsrfExemptViewMixin:
-    """CsrfExemptViewMixin needs to come before View in the class definition"""
-
-    def get_response(self):
-        return super().get_response()