PyPI - plain - Versions diffs - 0.78.2__tar.gz → 0.79.0__tar.gz - Mend

plain 0.78.2tar.gz → 0.79.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of plain might be problematic. Click here for more details.

Files changed (210) hide show

{plain-0.78.2 → plain-0.79.0}/.gitignore RENAMED Viewed

@@ -1,5 +1,5 @@
 .venv
-.env
+/.env
 *.egg-info
 *.py[co]
 __pycache__

{plain-0.78.2 → plain-0.79.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain
-Version: 0.78.2
+Version: 0.79.0
 Summary: A web framework for building products with Python.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

{plain-0.78.2 → plain-0.79.0}/plain/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,44 @@
 # plain changelog
+## [0.79.0](https://github.com/dropseed/plain/releases/plain@0.79.0) (2025-10-22)
+### What's changed
+- Response objects now have an `exception` attribute that stores the exception that caused 5xx errors ([0a243ba89c](https://github.com/dropseed/plain/commit/0a243ba89c))
+- Middleware classes now use an abstract base class `HttpMiddleware` with a `process_request()` method ([b960eed6c6](https://github.com/dropseed/plain/commit/b960eed6c6))
+- CSRF middleware now raises `PermissionDenied` instead of rendering a custom `CsrfFailureView` ([d4b93e59b3](https://github.com/dropseed/plain/commit/d4b93e59b3))
+- The `HTTP_ERROR_VIEWS` setting has been removed ([7a4e3a31f4](https://github.com/dropseed/plain/commit/7a4e3a31f4))
+- Standalone `plain-changelog` and `plain-upgrade` executables have been removed in favor of the built-in commands ([07c3a4c540](https://github.com/dropseed/plain/commit/07c3a4c540))
+- Standalone `plain-build` executable has been removed ([99301ea797](https://github.com/dropseed/plain/commit/99301ea797))
+- Removed automatic logging of all HTTP 400+ status codes for cleaner logs ([c2769d7281](https://github.com/dropseed/plain/commit/c2769d7281))
+### Upgrade instructions
+- If you have custom middleware, inherit from `HttpMiddleware` and rename your `__call__()` method to `process_request()`:
+    ```python
+    # Before:
+    class MyMiddleware:
+        def __init__(self, get_response):
+            self.get_response = get_response
+        def __call__(self, request):
+            response = self.get_response(request)
+            return response
+    # After:
+    from plain.http import HttpMiddleware
+    class MyMiddleware(HttpMiddleware):
+        def process_request(self, request):
+            response = self.get_response(request)
+            return response
+    ```
+- Remove any custom `HTTP_ERROR_VIEWS` setting from your configuration - error views are now controlled entirely by exception handlers
+- If you were calling `plain-changelog` or `plain-upgrade` as standalone commands, use `plain changelog` or `plain upgrade` instead
+- If you were calling `plain-build` as a standalone command, use `plain build` instead
 ## [0.78.2](https://github.com/dropseed/plain/releases/plain@0.78.2) (2025-10-20)
 ### What's changed

{plain-0.78.2 → plain-0.79.0}/plain/cli/changelog.py RENAMED Viewed

@@ -7,6 +7,7 @@ from pathlib import Path
 import click
 from .output import style_markdown
+from .runtime import without_runtime_setup
 def parse_version(version_str: str) -> tuple[int, ...]:
@@ -42,6 +43,7 @@ def compare_versions(v1: str, v2: str) -> int:
         return 0
+@without_runtime_setup
 @click.command("changelog")
 @click.argument("package_label")
 @click.option("--from", "from_version", help="Show entries from this version onwards")

{plain-0.78.2 → plain-0.79.0}/plain/cli/upgrade.py RENAMED Viewed

@@ -6,10 +6,12 @@ from pathlib import Path
 import click
 from .agent.prompt import prompt_agent
+from .runtime import without_runtime_setup
 LOCK_FILE = Path("uv.lock")
+@without_runtime_setup
 @click.command()
 @click.argument("packages", nargs=-1)
 @click.option(
@@ -144,7 +146,7 @@ def build_prompt(before_after: dict[str, tuple[str | None, str | None]]) -> str:
             "## Instructions",
             "",
             "1. **Process each package systematically:**",
-            "   - For each package, run: `uv run plain-changelog {package} --from {before} --to {after}`",
+            "   - For each package, run: `uv run plain changelog {package} --from {before} --to {after}`",
             "   - Read the 'Upgrade instructions' section carefully",
             "   - If it says 'No changes required', skip to the next package",
             "   - Apply any required code changes as specified",

{plain-0.78.2 → plain-0.79.0}/plain/csrf/middleware.py RENAMED Viewed

@@ -1,24 +1,19 @@
 from __future__ import annotations
-import logging
 import re
 from collections.abc import Callable
 from typing import TYPE_CHECKING
 from urllib.parse import urlparse
-from plain.logs.utils import log_response
+from plain.exceptions import PermissionDenied
+from plain.http import HttpMiddleware
 from plain.runtime import settings
-from .views import CsrfFailureView
 if TYPE_CHECKING:
-    from plain.http import Response
-    from plain.http.request import Request
-logger = logging.getLogger("plain.security.csrf")
+    from plain.http import Request, Response
-class CsrfViewMiddleware:
+class CsrfViewMiddleware(HttpMiddleware):
     """
     Modern CSRF protection middleware using Sec-Fetch-Site headers and origin validation.
     Based on Filippo Valsorda's 2025 research (https://words.filippo.io/csrf/).
@@ -28,20 +23,20 @@ class CsrfViewMiddleware:
     """
     def __init__(self, get_response: Callable[[Request], Response]):
-        self.get_response = get_response
+        super().__init__(get_response)
         # Compile CSRF exempt patterns once for performance
         self.csrf_exempt_patterns: list[re.Pattern[str]] = [
             re.compile(r) for r in settings.CSRF_EXEMPT_PATHS
         ]
-    def __call__(self, request: Request) -> Response:
+    def process_request(self, request: Request) -> Response:
         allowed, reason = self.should_allow_request(request)
-        if allowed:
-            return self.get_response(request)
-        else:
-            return self.reject(request, reason)
+        if not allowed:
+            raise PermissionDenied(reason)
+        return self.get_response(request)
     def should_allow_request(self, request: Request) -> tuple[bool, str]:
         # 1. Allow safe methods (GET, HEAD, OPTIONS)
@@ -127,17 +122,3 @@ class CsrfViewMiddleware:
             False,
             f"Cross-origin request detected - Origin {origin} does not match Host",
         )
-    def reject(self, request: Request, reason: str) -> Response:
-        """Reject a request with a 403 Forbidden response."""
-        response = CsrfFailureView.as_view()(request, reason=reason)
-        log_response(
-            "Forbidden (%s): %s",
-            reason,
-            request.path,
-            response=response,
-            request=request,
-            logger=logger,
-        )
-        return response

{plain-0.78.2 → plain-0.79.0}/plain/http/__init__.py RENAMED Viewed

@@ -1,12 +1,13 @@
-from plain.http.cookie import parse_cookie
-from plain.http.request import (
+from .cookie import parse_cookie
+from .middleware import HttpMiddleware
+from .request import (
     QueryDict,
     RawPostDataException,
     Request,
     RequestHeaders,
     UnreadablePostError,
 )
-from plain.http.response import (
+from .response import (
     BadHeaderError,
     FileResponse,
     Http404,
@@ -25,6 +26,7 @@ from plain.http.response import (
 )
 __all__ = [
+    "HttpMiddleware",
     "parse_cookie",
     "Request",
     "RequestHeaders",

plain-0.79.0/plain/http/middleware.py ADDED Viewed

@@ -0,0 +1,32 @@
+from __future__ import annotations
+from abc import ABC, abstractmethod
+from collections.abc import Callable
+from typing import TYPE_CHECKING
+if TYPE_CHECKING:
+    from plain.http import Request, Response
+class HttpMiddleware(ABC):
+    """
+    Abstract base class for HTTP middleware.
+    Subclasses must implement process_request() to handle the request/response cycle.
+    Example:
+        class MyMiddleware(HttpMiddleware):
+            def process_request(self, request: Request) -> Response:
+                # Pre-processing
+                response = self.get_response(request)
+                # Post-processing
+                return response
+    """
+    def __init__(self, get_response: Callable[[Request], Response]):
+        self.get_response = get_response
+    @abstractmethod
+    def process_request(self, request: Request) -> Response:
+        """Process the request and return a response. Must be implemented by subclasses."""
+        ...

{plain-0.78.2 → plain-0.79.0}/plain/http/response.py RENAMED Viewed

@@ -148,6 +148,8 @@ class ResponseBase:
             if not 100 <= self.status_code <= 599:
                 raise ValueError("HTTP status code must be an integer from 100 to 599.")
         self._reason_phrase = reason
+        # Exception that caused this response, if any (primarily for 500 errors)
+        self.exception: Exception | None = None
     @property
     def reason_phrase(self) -> str:

{plain-0.78.2 → plain-0.79.0}/plain/internal/handlers/base.py RENAMED Viewed

@@ -1,6 +1,5 @@
 from __future__ import annotations
-import logging
 import types
 from typing import TYPE_CHECKING
@@ -8,7 +7,6 @@ from opentelemetry import baggage, trace
 from opentelemetry.semconv.attributes import http_attributes, url_attributes
 from plain.exceptions import ImproperlyConfigured
-from plain.logs.utils import log_response
 from plain.runtime import settings
 from plain.urls import get_resolver
 from plain.utils.module_loading import import_string
@@ -21,8 +19,6 @@ if TYPE_CHECKING:
     from plain.http import Request, Response, ResponseBase
     from plain.urls import ResolverMatch
-logger = logging.getLogger("plain.request")
 # These middleware classes are always used by Plain.
 BUILTIN_BEFORE_MIDDLEWARE = [
@@ -66,7 +62,7 @@ class BaseHandler:
                     f"Middleware factory {middleware_path} returned None."
                 )
-            handler = convert_exception_to_response(mw_instance)
+            handler = convert_exception_to_response(mw_instance.process_request)
         # We only assign to this when initialization is complete as it is used
         # as a flag for initialization being complete.
@@ -117,14 +113,9 @@ class BaseHandler:
                 else trace.StatusCode.ERROR
             )
-            if response.status_code >= 400:
-                log_response(
-                    "%s: %s",
-                    response.reason_phrase,
-                    request.path,
-                    response=response,
-                    request=request,
-                )
+            if response.exception:
+                span.record_exception(response.exception)
             return response
     def _get_response(self, request: Request) -> ResponseBase:

{plain-0.78.2 → plain-0.79.0}/plain/internal/handlers/exception.py RENAMED Viewed

@@ -4,7 +4,6 @@ import logging
 from functools import wraps
 from typing import TYPE_CHECKING
-from plain import signals
 from plain.exceptions import (
     BadRequest,
     PermissionDenied,
@@ -15,9 +14,7 @@ from plain.exceptions import (
 )
 from plain.http import Http404, ResponseServerError
 from plain.http.multipartparser import MultiPartParserError
-from plain.logs.utils import log_response
 from plain.runtime import settings
-from plain.utils.module_loading import import_string
 from plain.views.errors import ErrorView
 if TYPE_CHECKING:
@@ -26,6 +23,9 @@ if TYPE_CHECKING:
     from plain.http import Request, Response
+request_logger = logging.getLogger("plain.request")
 def convert_exception_to_response(
     get_response: Callable[[Request], Response],
 ) -> Callable[[Request], Response]:
@@ -63,37 +63,34 @@ def response_for_exception(request: Request, exc: Exception) -> Response:
         response = get_exception_response(
             request=request, status_code=403, exception=exc
         )
-        log_response(
+        request_logger.warning(
             "Forbidden (Permission denied): %s",
             request.path,
-            response=response,
-            request=request,
-            exception=exc,
+            extra={"status_code": response.status_code, "request": request},
+            exc_info=exc,
         )
     elif isinstance(exc, MultiPartParserError):
         response = get_exception_response(
             request=request, status_code=400, exception=None
         )
-        log_response(
+        request_logger.warning(
             "Bad request (Unable to parse request body): %s",
             request.path,
-            response=response,
-            request=request,
-            exception=exc,
+            extra={"status_code": response.status_code, "request": request},
+            exc_info=exc,
         )
     elif isinstance(exc, BadRequest):
         response = get_exception_response(
             request=request, status_code=400, exception=exc
         )
-        log_response(
+        request_logger.warning(
             "%s: %s",
             str(exc),
             request.path,
-            response=response,
-            request=request,
-            exception=exc,
+            extra={"status_code": response.status_code, "request": request},
+            exc_info=exc,
         )
     elif isinstance(exc, SuspiciousOperation):
         if isinstance(exc, RequestDataTooBig | TooManyFieldsSent | TooManyFilesSent):
@@ -106,25 +103,23 @@ def response_for_exception(request: Request, exc: Exception) -> Response:
         security_logger = logging.getLogger(f"plain.security.{exc.__class__.__name__}")
         security_logger.error(
             str(exc),
-            exc_info=exc,
             extra={"status_code": 400, "request": request},
+            exc_info=exc,
         )
         response = get_exception_response(
             request=request, status_code=400, exception=None
         )
     else:
-        signals.got_request_exception.send(sender=None, request=request)
         response = get_exception_response(
             request=request, status_code=500, exception=None
         )
-        log_response(
+        request_logger.error(
             "%s: %s",
             response.reason_phrase,
             request.path,
-            response=response,
-            request=request,
-            exception=exc,
+            extra={"status_code": response.status_code, "request": request},
+            exc_info=exc,
         )
     return response
@@ -134,29 +129,18 @@ def get_exception_response(
     *, request: Request, status_code: int, exception: Exception | None
 ) -> Response:
     try:
-        view_class = get_error_view(status_code=status_code, exception=exception)
-        return view_class(request)
-    except Exception:
-        signals.got_request_exception.send(sender=None, request=request)
+        view_class = ErrorView.as_view(status_code=status_code, exception=exception)
+        response = view_class(request)
+        if response.status_code >= 500 and exception is not None:
+            # Attach the exception to the response for logging/observability
+            response.exception = exception
+        return response
+    except Exception as e:
         # In development mode, re-raise the exception to get a full stack trace
         if settings.DEBUG:
             raise
         # If we can't load the view, return a 500 response
-        return ResponseServerError()
-def get_error_view(
-    *, status_code: int, exception: Exception | None
-) -> Callable[[Request], Response]:
-    views_by_status = settings.HTTP_ERROR_VIEWS
-    if status_code in views_by_status:
-        view = views_by_status[status_code]
-        if isinstance(view, str):
-            # Import the view if it's a string
-            view = import_string(view)
-        return view.as_view()
-    # Create a standard view for any other status code
-    return ErrorView.as_view(status_code=status_code, exception=exception)
+        response = ResponseServerError()
+        response.exception = e
+        return response

{plain-0.78.2 → plain-0.79.0}/plain/internal/middleware/headers.py RENAMED Viewed

@@ -2,19 +2,15 @@ from __future__ import annotations
 from typing import TYPE_CHECKING
+from plain.http import HttpMiddleware
 from plain.runtime import settings
 if TYPE_CHECKING:
-    from collections.abc import Callable
     from plain.http import Request, Response
-class DefaultHeadersMiddleware:
-    def __init__(self, get_response: Callable[[Request], Response]) -> None:
-        self.get_response = get_response
-    def __call__(self, request: Request) -> Response:
+class DefaultHeadersMiddleware(HttpMiddleware):
+    def process_request(self, request: Request) -> Response:
         response = self.get_response(request)
         for header, value in settings.DEFAULT_RESPONSE_HEADERS.items():

{plain-0.78.2 → plain-0.79.0}/plain/internal/middleware/hosts.py RENAMED Viewed

@@ -4,13 +4,11 @@ import ipaddress
 import logging
 from typing import TYPE_CHECKING
-from plain.http import Request, ResponseBadRequest
+from plain.http import HttpMiddleware, Request, ResponseBadRequest
 from plain.runtime import settings
 from plain.utils.regex_helper import _lazy_re_compile
 if TYPE_CHECKING:
-    from collections.abc import Callable
     from plain.http import Response
 logger = logging.getLogger(__name__)
@@ -20,7 +18,7 @@ host_validation_re = _lazy_re_compile(
 )
-class HostValidationMiddleware:
+class HostValidationMiddleware(HttpMiddleware):
     """
     Middleware to validate the Host header against ALLOWED_HOSTS.
@@ -29,10 +27,7 @@ class HostValidationMiddleware:
     host is not allowed.
     """
-    def __init__(self, get_response: Callable[[Request], Response]) -> None:
-        self.get_response = get_response
-    def __call__(self, request: Request) -> Response:
+    def process_request(self, request: Request) -> Response:
         if not is_host_valid(request):
             host = request.host
             msg = f"Invalid HTTP_HOST header: {host!r}."

{plain-0.78.2 → plain-0.79.0}/plain/internal/middleware/https.py RENAMED Viewed

@@ -2,7 +2,7 @@ from __future__ import annotations
 from typing import TYPE_CHECKING
-from plain.http import ResponseRedirect
+from plain.http import HttpMiddleware, ResponseRedirect
 from plain.runtime import settings
 if TYPE_CHECKING:
@@ -11,14 +11,14 @@ if TYPE_CHECKING:
     from plain.http import Request, Response
-class HttpsRedirectMiddleware:
-    def __init__(self, get_response: Callable[[Request], Response]) -> None:
-        self.get_response = get_response
+class HttpsRedirectMiddleware(HttpMiddleware):
+    def __init__(self, get_response: Callable[[Request], Response]):
+        super().__init__(get_response)
         # Settings for HTTPS
         self.https_redirect_enabled = settings.HTTPS_REDIRECT_ENABLED
-    def __call__(self, request: Request) -> Response:
+    def process_request(self, request: Request) -> Response:
         """
         Perform a blanket HTTP→HTTPS redirect when enabled.
         """

{plain-0.78.2 → plain-0.79.0}/plain/internal/middleware/slash.py RENAMED Viewed

@@ -2,23 +2,18 @@ from __future__ import annotations
 from typing import TYPE_CHECKING
-from plain.http import ResponseRedirect
+from plain.http import HttpMiddleware, ResponseRedirect
 from plain.runtime import settings
 from plain.urls import Resolver404, get_resolver
 from plain.utils.http import escape_leading_slashes
 if TYPE_CHECKING:
-    from collections.abc import Callable
     from plain.http import Request, Response
     from plain.urls import ResolverMatch
-class RedirectSlashMiddleware:
-    def __init__(self, get_response: Callable[[Request], Response]) -> None:
-        self.get_response = get_response
-    def __call__(self, request: Request) -> Response:
+class RedirectSlashMiddleware(HttpMiddleware):
+    def process_request(self, request: Request) -> Response:
         """
         Rewrite the URL based on settings.APPEND_SLASH
         """

{plain-0.78.2 → plain-0.79.0}/plain/runtime/global_settings.py RENAMED Viewed

@@ -111,9 +111,6 @@ DATA_UPLOAD_MAX_NUMBER_FILES = 100
 # (i.e. "/tmp" on *nix systems).
 FILE_UPLOAD_TEMP_DIR = None
-# User-defined overrides for error views by status code
-HTTP_ERROR_VIEWS: dict[int, type] = {}
 # MARK: Middleware
 # List of middleware to use. Order is important; in the request phase, these

{plain-0.78.2 → plain-0.79.0}/plain/signals/__init__.py RENAMED Viewed

@@ -2,4 +2,3 @@ from plain.signals.dispatch import Signal
 request_started = Signal()
 request_finished = Signal()
-got_request_exception = Signal()

{plain-0.78.2 → plain-0.79.0}/plain/test/client.py RENAMED Viewed

@@ -1,7 +1,6 @@
 from __future__ import annotations
 import json
-import sys
 from http import HTTPStatus
 from http.cookies import SimpleCookie
 from io import BytesIO, IOBase
@@ -14,7 +13,7 @@ from plain.internal.handlers.base import BaseHandler
 from plain.internal.handlers.wsgi import WSGIRequest
 from plain.json import PlainJSONEncoder
 from plain.runtime import settings
-from plain.signals import got_request_exception, request_started
+from plain.signals import request_started
 from plain.urls import get_resolver
 from plain.utils.encoding import force_bytes
 from plain.utils.functional import SimpleLazyObject
@@ -55,7 +54,6 @@ class ClientResponse:
         response: ResponseBase,
         client: Client,
         request: dict[str, Any],
-        exc_info: tuple[Any, Any, Any] | None,
     ):
         # Store wrapped response in __dict__ directly to avoid __setattr__ recursion
         object.__setattr__(self, "_response", response)
@@ -66,7 +64,6 @@ class ClientResponse:
         self.wsgi_request: WSGIRequest
         self.redirect_chain: list[tuple[str, int]]
         self.resolver_match: SimpleLazyObject | ResolverMatch
-        self.exc_info = exc_info
         # Optional: set by plain.auth if available
         # self.user: Model
@@ -530,7 +527,6 @@ class Client:
         self._request_factory = RequestFactory(headers=headers, **defaults)
         self.handler = ClientHandler()
         self.raise_request_exception = raise_request_exception
-        self.exc_info: tuple[Any, Any, Any] | None = None
         self.extra: dict[str, Any] | None = None
         self.headers: dict[str, str] | None = None
@@ -553,25 +549,20 @@ class Client:
         """
         environ = self._request_factory._base_environ(**request)
-        # Capture exceptions created by the handler.
-        exception_uid = f"request-exception-{id(request)}"
-        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
-        try:
-            response = self.handler(environ)
-        finally:
-            # signals.template_rendered.disconnect(dispatch_uid=signal_uid)
-            got_request_exception.disconnect(dispatch_uid=exception_uid)
+        # Make the request
+        response = self.handler(environ)
         # Wrap the response in ClientResponse for test-specific attributes
         client_response = ClientResponse(
             response=response,
             client=self,
             request=request,
-            exc_info=self.exc_info,
         )
-        # Check for signaled exceptions and potentially re-raise
-        self.check_exception()
+        # Re-raise the exception if configured to do so
+        # Only 5xx errors have response.exception set
+        if client_response.exception and self.raise_request_exception:
+            raise client_response.exception
         # If the request had a user, make it available on the response.
         try:
@@ -901,18 +892,6 @@ class Client:
         return response
-    def store_exc_info(self, **kwargs: Any) -> None:
-        """Store exceptions when they are generated by a view."""
-        self.exc_info = sys.exc_info()
-    def check_exception(self) -> None:
-        """Check for signaled exceptions and potentially re-raise."""
-        if self.exc_info:
-            _, exc_value, _ = self.exc_info
-            self.exc_info = None
-            if self.raise_request_exception:
-                raise exc_value
     @property
     def session(self) -> Any:
         """Return the current session variables."""

plain 0.78.2__tar.gz → 0.79.0__tar.gz

Potentially problematic release.

plain 0.78.2tar.gz → 0.79.0tar.gz