plain 0.68.0__py3-none-any.whl → 0.103.0__py3-none-any.whl

plain/internal/handlers/wsgi.py

@@ -1,13 +1,23 @@
-import uuid
+from __future__ import annotations
+
+import codecs
 from functools import cached_property
 from io import IOBase
+from typing import TYPE_CHECKING
 from urllib.parse import quote
 
 from plain import signals
-from plain.http import HttpRequest, QueryDict, parse_cookie
+from plain.http import FileResponse, QueryDict, Request, parse_cookie
 from plain.internal.handlers import base
+from plain.utils.http import parse_header_parameters
 from plain.utils.regex_helper import _lazy_re_compile
 
+if TYPE_CHECKING:
+    from collections.abc import Callable, Iterable
+    from typing import Any
+
+    from plain.http import ResponseBase
+
 _slashes_re = _lazy_re_compile(rb"/+")
 
 
@@ -19,13 +29,13 @@ class LimitedStream(IOBase):
     See https://github.com/pallets/werkzeug/blob/dbf78f67/src/werkzeug/wsgi.py#L828
     """
 
-    def __init__(self, stream, limit):
+    def __init__(self, stream: Any, limit: int) -> None:
         self._read = stream.read
         self._readline = stream.readline
         self._pos = 0
         self.limit = limit
 
-    def read(self, size=-1, /):
+    def read(self, size: int = -1, /) -> bytes:
         _pos = self._pos
         limit = self.limit
         if _pos >= limit:
@@ -38,12 +48,12 @@ class LimitedStream(IOBase):
         self._pos += len(data)
         return data
 
-    def readline(self, size=-1, /):
+    def readline(self, size: int | None = -1, /) -> bytes:
         _pos = self._pos
         limit = self.limit
         if _pos >= limit:
             return b""
-        if size == -1 or size is None:
+        if size is None or size == -1:
             size = limit - _pos
         else:
             size = min(size, limit - _pos)
@@ -52,13 +62,13 @@ class LimitedStream(IOBase):
         return line
 
 
-class WSGIRequest(HttpRequest):
-    non_picklable_attrs = HttpRequest.non_picklable_attrs | frozenset(["environ"])
-    meta_non_picklable_attrs = frozenset(["wsgi.errors", "wsgi.input"])
+class WSGIRequest(Request):
+    non_picklable_attrs = Request.non_picklable_attrs | frozenset(["environ"])
 
-    def __init__(self, environ):
-        # A unique ID we can use to trace this request
-        self.unique_id = str(uuid.uuid4())
+    method: str  # Always set from environ, overrides Request.method: str | None
+
+    def __init__(self, environ: dict[str, Any]) -> None:
+        super().__init__()
 
         script_name = get_script_name(environ)
         # If PATH_INFO is empty (e.g. accessing the SCRIPT_NAME URL without a
@@ -72,64 +82,62 @@ class WSGIRequest(HttpRequest):
         self.path = "{}/{}".format(
             script_name.rstrip("/"), path_info.replace("/", "", 1)
         )
-        self.meta = environ
-        self.meta["PATH_INFO"] = path_info
-        self.meta["SCRIPT_NAME"] = script_name
+        self.environ = environ
+        self.environ["PATH_INFO"] = path_info
+        self.environ["SCRIPT_NAME"] = script_name
         self.method = environ["REQUEST_METHOD"].upper()
-        # Set content_type, content_params, and encoding.
-        self._set_content_type_params(environ)
+
+        # Set content_type, content_params, and encoding
+        self.content_type, self.content_params = parse_header_parameters(
+            environ.get("CONTENT_TYPE", "")
+        )
+        if "charset" in self.content_params:
+            try:
+                codecs.lookup(self.content_params["charset"])
+            except LookupError:
+                pass
+            else:
+                self.encoding = self.content_params["charset"]
+
         try:
-            content_length = int(environ.get("CONTENT_LENGTH"))
+            content_length = int(environ.get("CONTENT_LENGTH") or 0)
         except (ValueError, TypeError):
             content_length = 0
         self._stream = LimitedStream(self.environ["wsgi.input"], content_length)
         self._read_started = False
-        self.resolver_match = None
 
-    def __getstate__(self):
+    def __getstate__(self) -> dict[str, Any]:
         state = super().__getstate__()
-        for attr in self.meta_non_picklable_attrs:
-            if attr in state["meta"]:
-                del state["meta"][attr]
+        for attr in frozenset(["wsgi.errors", "wsgi.input"]):
+            if attr in state["environ"]:
+                del state["environ"][attr]
         return state
 
-    def _get_scheme(self):
-        return self.environ.get("wsgi.url_scheme")
+    def _get_scheme(self) -> str:
+        return self.environ.get("wsgi.url_scheme", "http")
 
     @cached_property
-    def query_params(self):
+    def query_params(self) -> QueryDict:
         # The WSGI spec says 'QUERY_STRING' may be absent.
         raw_query_string = get_bytes_from_wsgi(self.environ, "QUERY_STRING", "")
-        return QueryDict(raw_query_string, encoding=self._encoding)
-
-    def _get_data(self):
-        if not hasattr(self, "_data"):
-            self._load_data_and_files()
-        return self._data
-
-    def _set_data(self, data):
-        self._data = data
+        return QueryDict(raw_query_string, encoding=self.encoding)
 
     @cached_property
-    def cookies(self):
+    def cookies(self) -> dict[str, str]:
         raw_cookie = get_str_from_wsgi(self.environ, "HTTP_COOKIE", "")
         return parse_cookie(raw_cookie)
 
-    @property
-    def files(self):
-        if not hasattr(self, "_files"):
-            self._load_data_and_files()
-        return self._files
-
-    data = property(_get_data, _set_data)
-
 
 class WSGIHandler(base.BaseHandler):
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
         super().__init__(*args, **kwargs)
         self.load_middleware()
 
-    def __call__(self, environ, start_response):
+    def __call__(
+        self,
+        environ: dict[str, Any],
+        start_response: Callable[[str, list[tuple[str, str]]], Any],
+    ) -> ResponseBase | Iterable[bytes]:
         signals.request_started.send(sender=self.__class__, environ=environ)
         request = WSGIRequest(environ)
         response = self.get_response(request)
@@ -138,12 +146,15 @@ class WSGIHandler(base.BaseHandler):
 
         status = "%d %s" % (response.status_code, response.reason_phrase)  # noqa: UP031
         response_headers = [
-            *response.headers.items(),
+            # Filter out None values (used to opt-out of default headers)
+            *((k, v) for k, v in response.headers.items() if v is not None),
             *(("Set-Cookie", c.output(header="")) for c in response.cookies.values()),
         ]
         start_response(status, response_headers)
-        if getattr(response, "file_to_stream", None) is not None and environ.get(
-            "wsgi.file_wrapper"
+        if (
+            isinstance(response, FileResponse)
+            and response.file_to_stream is not None
+            and environ.get("wsgi.file_wrapper")
         ):
             # If `wsgi.file_wrapper` is used the WSGI server does not call
             # .close on the response, but on the file wrapper. Patch it to use
@@ -155,11 +166,11 @@ class WSGIHandler(base.BaseHandler):
         return response
 
 
-def get_path_info(environ):
+def get_path_info(environ: dict[str, Any]) -> str:
     """Return the HTTP request's PATH_INFO as a string."""
     path_info = get_bytes_from_wsgi(environ, "PATH_INFO", "/")
 
-    def repercent_broken_unicode(path):
+    def repercent_broken_unicode(path: bytes) -> bytes:
         """
         As per RFC 3987 Section 3.2, step three of converting a URI into an IRI,
         repercent-encode any octet produced that is not part of a strictly legal
@@ -179,7 +190,7 @@ def get_path_info(environ):
     return repercent_broken_unicode(path_info).decode()
 
 
-def get_script_name(environ):
+def get_script_name(environ: dict[str, Any]) -> str:
     """
     Return the equivalent of the HTTP request's SCRIPT_NAME environment
     variable. If Apache mod_rewrite is used, return what would have been
@@ -208,7 +219,7 @@ def get_script_name(environ):
     return script_name.decode()
 
 
-def get_bytes_from_wsgi(environ, key, default):
+def get_bytes_from_wsgi(environ: dict[str, Any], key: str, default: str) -> bytes:
     """
     Get a value from the WSGI environ dictionary as bytes.
 
@@ -221,7 +232,7 @@ def get_bytes_from_wsgi(environ, key, default):
     return value.encode("iso-8859-1")
 
 
-def get_str_from_wsgi(environ, key, default):
+def get_str_from_wsgi(environ: dict[str, Any], key: str, default: str) -> str:
     """
     Get a value from the WSGI environ dictionary as str.
 

plain/internal/middleware/headers.py

@@ -1,21 +1,47 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from plain.http import HttpMiddleware
 from plain.runtime import settings
 
+if TYPE_CHECKING:
+    from plain.http import Request, Response
+
+
+class DefaultHeadersMiddleware(HttpMiddleware):
+    """
+    Applies default response headers from settings.DEFAULT_RESPONSE_HEADERS.
 
-class DefaultHeadersMiddleware:
-    def __init__(self, get_response):
-        self.get_response = get_response
+    This middleware runs after the view executes and applies default headers
+    to the response using setdefault(), which means:
+    - Headers already set by the view won't be overridden
+    - Headers not set by the view will use the default value
 
-    def __call__(self, request):
+    View Customization Patterns:
+    - Use default: Don't set the header (middleware applies it)
+    - Override: Set the header to a different value
+    - Remove: Set the header to None (not serialized in the response)
+    - Extend: Read from settings.DEFAULT_RESPONSE_HEADERS, modify, then set
+
+    Format Strings:
+    Header values can include {request.attribute} placeholders for dynamic
+    content. Example: 'nonce-{request.csp_nonce}' will be formatted with
+    the request's csp_nonce value. Headers without placeholders are used as-is.
+    """
+
+    def process_request(self, request: Request) -> Response:
+        # Get the response from the view (and any inner middleware)
         response = self.get_response(request)
 
+        # Apply default headers to the response
         for header, value in settings.DEFAULT_RESPONSE_HEADERS.items():
-            # Since we don't have a good way to *remote* default response headers,
-            # use allow users to set them to an empty string to indicate they should be removed.
-            if header in response.headers and response.headers[header] == "":
-                del response.headers[header]
-                continue
-
-            response.headers.setdefault(header, value)
+            if header not in response.headers:
+                # Header not set - apply default
+                if "{" in value:
+                    response.headers[header] = value.format(request=request)
+                else:
+                    response.headers[header] = value
 
         # Add the Content-Length header to non-streaming responses if not
         # already set.

plain/internal/middleware/hosts.py

@@ -1,10 +1,16 @@
+from __future__ import annotations
+
 import ipaddress
 import logging
+from typing import TYPE_CHECKING
 
-from plain.http import HttpRequest, ResponseBadRequest
+from plain.http import HttpMiddleware, Request, Response
 from plain.runtime import settings
 from plain.utils.regex_helper import _lazy_re_compile
 
+if TYPE_CHECKING:
+    from plain.http import Response
+
 logger = logging.getLogger(__name__)
 
 host_validation_re = _lazy_re_compile(
@@ -12,7 +18,7 @@ host_validation_re = _lazy_re_compile(
 )
 
 
-class HostValidationMiddleware:
+class HostValidationMiddleware(HttpMiddleware):
     """
     Middleware to validate the Host header against ALLOWED_HOSTS.
 
@@ -21,10 +27,7 @@ class HostValidationMiddleware:
     host is not allowed.
     """
 
-    def __init__(self, get_response):
-        self.get_response = get_response
-
-    def __call__(self, request):
+    def process_request(self, request: Request) -> Response:
         if not is_host_valid(request):
             host = request.host
             msg = f"Invalid HTTP_HOST header: {host!r}."
@@ -42,12 +45,12 @@ class HostValidationMiddleware:
                 extra={"status_code": 400, "request": request},
             )
 
-            return ResponseBadRequest()
+            return Response(status_code=400)
 
         return self.get_response(request)
 
 
-def is_host_valid(request: HttpRequest) -> bool:
+def is_host_valid(request: Request) -> bool:
     """
     Check if the host is valid according to ALLOWED_HOSTS settings.
     """

plain/internal/middleware/https.py

@@ -1,15 +1,24 @@
-from plain.http import ResponseRedirect
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from plain.http import HttpMiddleware, RedirectResponse
 from plain.runtime import settings
 
+if TYPE_CHECKING:
+    from collections.abc import Callable
+
+    from plain.http import Request, Response
+
 
-class HttpsRedirectMiddleware:
-    def __init__(self, get_response):
-        self.get_response = get_response
+class HttpsRedirectMiddleware(HttpMiddleware):
+    def __init__(self, get_response: Callable[[Request], Response]):
+        super().__init__(get_response)
 
         # Settings for HTTPS
         self.https_redirect_enabled = settings.HTTPS_REDIRECT_ENABLED
 
-    def __call__(self, request):
+    def process_request(self, request: Request) -> Response:
         """
         Perform a blanket HTTP→HTTPS redirect when enabled.
         """
@@ -19,8 +28,9 @@ class HttpsRedirectMiddleware:
 
         return self.get_response(request)
 
-    def maybe_https_redirect(self, request):
+    def maybe_https_redirect(self, request: Request) -> Response | None:
         if self.https_redirect_enabled and not request.is_https():
-            return ResponseRedirect(
+            return RedirectResponse(
                 f"https://{request.host}{request.get_full_path()}", status_code=301
             )
+        return None

plain/internal/middleware/slash.py

@@ -1,14 +1,19 @@
-from plain.http import ResponseRedirect
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from plain.http import HttpMiddleware, RedirectResponse
 from plain.runtime import settings
 from plain.urls import Resolver404, get_resolver
 from plain.utils.http import escape_leading_slashes
 
+if TYPE_CHECKING:
+    from plain.http import Request, Response
+    from plain.urls import ResolverMatch
 
-class RedirectSlashMiddleware:
-    def __init__(self, get_response):
-        self.get_response = get_response
 
-    def __call__(self, request):
+class RedirectSlashMiddleware(HttpMiddleware):
+    def process_request(self, request: Request) -> Response:
         """
         Rewrite the URL based on settings.APPEND_SLASH
         """
@@ -22,14 +27,14 @@ class RedirectSlashMiddleware:
         # If the given URL is "Not Found", then check if we should redirect to
         # a path with a slash appended.
         if response.status_code == 404 and self.should_redirect_with_slash(request):
-            return ResponseRedirect(
+            return RedirectResponse(
                 self.get_full_path_with_slash(request), status_code=301
             )
 
         return response
 
     @staticmethod
-    def _is_valid_path(path):
+    def _is_valid_path(path: str) -> ResolverMatch | bool:
         """
         Return the ResolverMatch if the given path resolves against the default URL
         resolver, False otherwise. This is a convenience method to make working
@@ -40,7 +45,7 @@ class RedirectSlashMiddleware:
         except Resolver404:
             return False
 
-    def should_redirect_with_slash(self, request):
+    def should_redirect_with_slash(self, request: Request) -> ResolverMatch | bool:
         """
         Return True if settings.APPEND_SLASH is True and appending a slash to
         the request path turns an invalid path into a valid one.
@@ -50,7 +55,7 @@ class RedirectSlashMiddleware:
                 return self._is_valid_path(f"{request.path_info}/")
         return False
 
-    def get_full_path_with_slash(self, request):
+    def get_full_path_with_slash(self, request: Request) -> str:
         """
         Return the full path of the request with a trailing slash appended.
 

plain/internal/reloader.py

@@ -0,0 +1,77 @@
+from __future__ import annotations
+
+import os
+import os.path
+import re
+import sys
+import threading
+from collections.abc import Callable
+
+import watchfiles
+
+COMPILED_EXT_RE = re.compile(r"py[co]$")
+
+
+class Reloader(threading.Thread):
+    """File change reloader using watchfiles for cross-platform native file watching."""
+
+    def __init__(self, callback: Callable[[str], None], watch_html: bool) -> None:
+        super().__init__()
+        self.daemon = True
+        self._callback = callback
+        self._watch_html = watch_html
+
+    def get_watch_paths(self) -> set[str]:
+        """Get all directories to watch for changes."""
+        paths = set()
+
+        # Get directories from loaded Python modules
+        for module in tuple(sys.modules.values()):
+            if not hasattr(module, "__file__") or not module.__file__:
+                continue
+            # Convert .pyc/.pyo to .py and get directory
+            file_path = COMPILED_EXT_RE.sub("py", module.__file__)
+            dir_path = os.path.dirname(os.path.abspath(file_path))
+            if os.path.isdir(dir_path):
+                paths.add(dir_path)
+
+        # Add current working directory for .env files
+        cwd = os.getcwd()
+        if os.path.isdir(cwd):
+            paths.add(cwd)
+
+        return paths
+
+    def run(self) -> None:
+        """Watch for file changes and trigger callback."""
+        watch_paths = self.get_watch_paths()
+
+        for changes in watchfiles.watch(*watch_paths, rust_timeout=1000):
+            for change_type, file_path in changes:
+                should_reload = False
+                filename = os.path.basename(file_path)
+
+                # Python files: reload on modify/add
+                if change_type in (watchfiles.Change.modified, watchfiles.Change.added):
+                    if file_path.endswith(".py"):
+                        should_reload = True
+
+                # .env files: reload on modify/add/delete
+                if change_type in (
+                    watchfiles.Change.modified,
+                    watchfiles.Change.added,
+                    watchfiles.Change.deleted,
+                ):
+                    if filename.startswith(".env"):
+                        should_reload = True
+
+                # HTML files: only reload on add/delete (Jinja auto-reloads modifications)
+                if self._watch_html and change_type in (
+                    watchfiles.Change.added,
+                    watchfiles.Change.deleted,
+                ):
+                    if file_path.endswith(".html"):
+                        should_reload = True
+
+                if should_reload:
+                    self._callback(file_path)

plain/json.py

@@ -2,6 +2,7 @@ import datetime
 import decimal
 import json
 import uuid
+from typing import Any
 
 from plain.utils.duration import duration_iso_string
 from plain.utils.functional import Promise
@@ -14,7 +15,7 @@ class PlainJSONEncoder(json.JSONEncoder):
     UUIDs.
     """
 
-    def default(self, o):
+    def default(self, o: Any) -> Any:
         # See "Date Time String Format" in the ECMA-262 specification.
         if isinstance(o, datetime.datetime):
             r = o.isoformat()