pyview-web 0.0.6a0__tar.gz → 0.0.8a0__tar.gz

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pyview-web
-Version: 0.0.6a0
+Version: 0.0.8a0
 Summary: LiveView in Python
 Home-page: https://pyview.rocks
 License: MIT
@@ -22,10 +22,8 @@ Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Topic :: Internet
 Classifier: Topic :: Internet :: WWW/HTTP
@@ -79,7 +77,7 @@ class CountContext(TypedDict):
 
 
 class CountLiveView(LiveView[CountContext]):
-    async def mount(self, socket: LiveViewSocket[CountContext]):
+    async def mount(self, socket: LiveViewSocket[CountContext], _session):
         socket.context = {"count": 0}
 
     async def handle_event(self, event, payload, socket: LiveViewSocket[CountContext]):

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/pyproject.toml

@@ -5,7 +5,7 @@ packages = [
   { include = "pyview" },
 ]
 
-version = "0.0.6a"
+version = "0.0.8a"
 description = "LiveView in Python"
 authors = ["Larry Ogrodnek <ogrodnek@gmail.com>"]
 license = "MIT"

pyview_web-0.0.8a0/pyview/auth/__init__.py

@@ -0,0 +1,2 @@
+from .required import requires
+from .provider import AuthProvider, AllowAllAuthProvider, AuthProviderFactory

pyview_web-0.0.8a0/pyview/auth/provider.py

@@ -0,0 +1,32 @@
+from typing import Protocol, TypeVar, Callable
+from starlette.websockets import WebSocket
+from pyview import LiveView
+
+_CallableType = TypeVar("_CallableType", bound=Callable)
+
+
+class AuthProvider(Protocol):
+    async def has_required_auth(self, websocket: WebSocket) -> bool:
+        ...
+
+    def wrap(self, func: _CallableType) -> _CallableType:
+        ...
+
+
+class AllowAllAuthProvider(AuthProvider):
+    async def has_required_auth(self, websocket: WebSocket) -> bool:
+        return True
+
+    def wrap(self, func: _CallableType) -> _CallableType:
+        return func
+
+
+class AuthProviderFactory:
+    @classmethod
+    def get(cls, lv: type[LiveView]) -> AuthProvider:
+        return getattr(lv, "__pyview_auth_provider__", AllowAllAuthProvider())
+
+    @classmethod
+    def set(cls, lv: type[LiveView], auth_provider: AuthProvider) -> type[LiveView]:
+        setattr(lv, "__pyview_auth_provider__", auth_provider)
+        return lv

pyview_web-0.0.8a0/pyview/auth/required.py

@@ -0,0 +1,33 @@
+import typing
+from dataclasses import dataclass
+from starlette.websockets import WebSocket
+from starlette.authentication import requires as starlette_requires, has_required_scope
+from .provider import AuthProvider, AuthProviderFactory
+from pyview import LiveView
+
+_CallableType = typing.TypeVar("_CallableType", bound=typing.Callable)
+
+
+@dataclass
+class RequiredScopeAuthProvider(AuthProvider):
+    scopes: typing.Sequence[str]
+    status_code: int = 403
+    redirect: typing.Optional[str] = None
+
+    def wrap(self, func: _CallableType) -> _CallableType:
+        return starlette_requires(self.scopes, self.status_code, self.redirect)(func)
+
+    def has_required_auth(self, websocket: WebSocket) -> bool:
+        return has_required_scope(websocket, self.scopes)
+
+
+def requires(
+    scopes: typing.Union[str, typing.Sequence[str]],
+    status_code: int = 403,
+    redirect: typing.Optional[str] = None,
+) -> typing.Callable[[type[LiveView]], type[LiveView]]:
+    def decorator(cls: type[LiveView]) -> type[LiveView]:
+        scopes_list = [scopes] if isinstance(scopes, str) else list(scopes)
+        return AuthProviderFactory.set(cls, RequiredScopeAuthProvider(scopes_list, status_code, redirect))
+
+    return decorator

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/pyview/csrf.py

@@ -1,15 +1,14 @@
 from itsdangerous import BadData, SignatureExpired, URLSafeTimedSerializer
-import secrets
 from typing import Optional
 import hmac
-import os
+from pyview.secret import get_secret
 
 
 def generate_csrf_token(value: str, salt: Optional[str] = None) -> str:
     """
     Generate a CSRF token.
     """
-    s = URLSafeTimedSerializer(_get_secret(), salt=salt or "pyview-csrf-token")
+    s = URLSafeTimedSerializer(get_secret(), salt=salt or "pyview-csrf-token")
     return s.dumps(value)  # type: ignore
 
 
@@ -17,27 +16,10 @@ def validate_csrf_token(data: str, expected: str, salt: Optional[str] = None) ->
     """
     Validate a CSRF token.
     """
-    s = URLSafeTimedSerializer(_get_secret(), salt=salt or "pyview-csrf-token")
+    s = URLSafeTimedSerializer(get_secret(), salt=salt or "pyview-csrf-token")
     try:
         token = s.loads(data, max_age=3600)
         return hmac.compare_digest(token, expected)
     except (BadData, SignatureExpired) as e:
         print(e)
         return False
-
-
-_SECRET = None
-
-
-def _get_secret() -> str:
-    """
-    Get the secret key from the environment, or generate a new one.
-    """
-    global _SECRET
-    if _SECRET is None:
-        secret = os.environ.get("PYVIEW_SECRET")
-        if secret is None:
-            secret = secrets.token_urlsafe(16)
-        _SECRET = secret
-
-    return _SECRET

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/pyview/live_view.py

@@ -1,4 +1,4 @@
-from typing import TypeVar, Generic, Optional, Union
+from typing import TypeVar, Generic, Optional, Union, Any
 from .live_socket import LiveViewSocket, UnconnectedSocket
 from pyview.template import LiveTemplate, template_file, RenderedContent, LiveRender
 import inspect
@@ -7,13 +7,14 @@ from pyview.events import InfoEvent
 T = TypeVar("T")
 
 AnySocket = Union[LiveViewSocket[T], UnconnectedSocket[T]]
+Session = dict[str, Any]
 
 
 class LiveView(Generic[T]):
     def __init__(self):
         pass
 
-    async def mount(self, socket: AnySocket):
+    async def mount(self, socket: AnySocket, session: Session):
         pass
 
     async def handle_event(self, event, payload, socket: LiveViewSocket[T]):

pyview_web-0.0.8a0/pyview/pyview.py

@@ -0,0 +1,70 @@
+from starlette.applications import Starlette
+from fastapi import WebSocket
+from fastapi.responses import HTMLResponse
+from starlette.middleware.gzip import GZipMiddleware
+from starlette.routing import Route
+from starlette.requests import Request
+import uuid
+from urllib.parse import parse_qs
+
+from pyview.live_socket import UnconnectedSocket
+from pyview.csrf import generate_csrf_token
+from pyview.session import serialize_session
+from pyview.auth import AuthProviderFactory
+from .ws_handler import LiveSocketHandler
+from .live_view import LiveView
+from .live_routes import LiveViewLookup
+from .template import RootTemplate, RootTemplateContext, defaultRootTemplate
+
+
+class PyView(Starlette):
+    rootTemplate: RootTemplate
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.rootTemplate = defaultRootTemplate()
+        self.view_lookup = LiveViewLookup()
+        self.live_handler = LiveSocketHandler(self.view_lookup)
+
+        async def live_websocket_endpoint(websocket: WebSocket):
+            await self.live_handler.handle(websocket)
+
+        self.add_websocket_route("/live/websocket", live_websocket_endpoint)
+        self.add_middleware(GZipMiddleware)
+
+    def add_live_view(self, path: str, view: type[LiveView]):
+        async def lv(request: Request):
+            return await liveview_container(
+                self.rootTemplate, self.view_lookup, request
+            )
+
+        self.view_lookup.add(path, view)
+        auth = AuthProviderFactory.get(view)
+        self.routes.append(Route(path, auth.wrap(lv), methods=["GET"]))
+
+
+async def liveview_container(
+    template: RootTemplate, view_lookup: LiveViewLookup, request: Request
+):
+    url = request.url
+    path = url.path
+    lv: LiveView = view_lookup.get(path)
+    s = UnconnectedSocket()
+
+    session = request.session if "session" in request.scope else {}
+
+    await lv.mount(s, session)
+    await lv.handle_params(url, parse_qs(url.query), s)
+    r = await lv.render(s.context)
+
+    id = str(uuid.uuid4())
+
+    context: RootTemplateContext = {
+        "id": id,
+        "content": r.text(),
+        "title": s.live_title,
+        "csrf_token": generate_csrf_token("lv:phx-" + id),
+        "session": serialize_session(session),
+    }
+
+    return HTMLResponse(template(context))

pyview_web-0.0.8a0/pyview/secret.py

@@ -0,0 +1,18 @@
+import os
+import secrets
+
+_SECRET = None
+
+
+def get_secret() -> str:
+    """
+    Get the secret key from the environment, or generate a new one.
+    """
+    global _SECRET
+    if _SECRET is None:
+        secret = os.environ.get("PYVIEW_SECRET")
+        if secret is None:
+            secret = secrets.token_urlsafe(16)
+        _SECRET = secret
+
+    return _SECRET

pyview_web-0.0.8a0/pyview/session.py

@@ -0,0 +1,13 @@
+from typing import Any, cast
+from itsdangerous import URLSafeSerializer
+from pyview.secret import get_secret
+
+
+def serialize_session(session: dict[str, Any]) -> str:
+    s = URLSafeSerializer(get_secret(), salt="pyview-session")
+    return cast(str, s.dumps(session))
+
+
+def deserialize_session(ser: str) -> dict[str, Any]:
+    s = URLSafeSerializer(get_secret(), salt="pyview-session")
+    return cast(dict[str, Any], s.loads(ser))

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/pyview/template/__init__.py

@@ -1,2 +1,3 @@
 from pyview.vendor.ibis import Template
 from .live_template import LiveTemplate, template_file, RenderedContent, LiveRender
+from .root_template import RootTemplate, RootTemplateContext, defaultRootTemplate

pyview_web-0.0.8a0/pyview/template/root_template.py

@@ -0,0 +1,71 @@
+from typing import Callable, Optional, TypedDict
+from markupsafe import Markup
+
+
+class RootTemplateContext(TypedDict):
+    id: str
+    content: str
+    title: Optional[str]
+    csrf_token: str
+    session: Optional[str]
+
+
+RootTemplate = Callable[[RootTemplateContext], str]
+ContentWrapper = Callable[[RootTemplateContext, Markup], Markup]
+
+
+def defaultRootTemplate(
+    css: Optional[Markup] = None, content_wrapper: Optional[ContentWrapper] = None
+) -> RootTemplate:
+    content_wrapper = content_wrapper or (lambda c, m: m)
+
+    def template(context: RootTemplateContext) -> str:
+        return _defaultRootTemplate(context, css or Markup(""), content_wrapper)
+
+    return template
+
+
+def _defaultRootTemplate(
+    context: RootTemplateContext, css: Markup, contentWrapper: ContentWrapper
+) -> str:
+    suffix = " | LiveView"
+    render_title = (context["title"] + suffix) if context.get("title", None) is not None else "LiveView"  # type: ignore
+    main_content = contentWrapper(
+        context,
+        Markup(
+            f"""
+      <div
+        data-phx-main="true"
+        data-phx-session="{context['session']}"
+        data-phx-static=""
+        id="phx-{context['id']}"
+        >
+        {context['content']}
+    </div>"""
+        ),
+    )
+
+    return (
+        Markup(
+            f"""
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+      <title data-suffix="{suffix}">{render_title}</title>
+      <meta name="csrf-token" content="{context['csrf_token']}" />
+      <meta charset="utf-8">
+      <meta http-equiv="X-UA-Compatible" content="IE=edge">
+      <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+      <script defer type="text/javascript" src="/static/assets/app.js"></script>
+      {css}
+    </head>
+    <body>"""
+        )
+        + main_content
+        + Markup(
+            """
+    </body>
+</html>
+"""
+        )
+    )

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/pyview/ws_handler.py

@@ -5,6 +5,12 @@ from urllib.parse import urlparse, parse_qs
 from pyview.live_socket import LiveViewSocket
 from pyview.live_routes import LiveViewLookup
 from pyview.csrf import validate_csrf_token
+from pyview.session import deserialize_session
+from pyview.auth import AuthProviderFactory
+
+
+class AuthException(Exception):
+    pass
 
 
 class LiveSocketHandler:
@@ -13,6 +19,10 @@ class LiveSocketHandler:
         self.manager = ConnectionManager()
         self.sessions = 0
 
+    async def check_auth(self, websocket: WebSocket, lv):
+        if not await AuthProviderFactory.get(lv).has_required_auth(websocket):
+            raise AuthException()
+
     async def handle(self, websocket: WebSocket):
         await self.manager.connect(websocket)
 
@@ -24,14 +34,19 @@ class LiveSocketHandler:
             data = await websocket.receive_text()
             [joinRef, mesageRef, topic, event, payload] = json.loads(data)
             if event == "phx_join":
+                if not validate_csrf_token(payload["params"]["_csrf_token"], topic):
+                    raise AuthException("Invalid CSRF token")
+
                 url = urlparse(payload["url"])
                 lv = self.routes.get(url.path)
+                await self.check_auth(websocket, lv)
                 socket = LiveViewSocket(websocket, topic, lv)
 
-                if not validate_csrf_token(payload["params"]["_csrf_token"], topic):
-                    raise Exception("Invalid CSRF token")
+                session = {}
+                if "session" in payload:
+                    session = deserialize_session(payload["session"])
 
-                await lv.mount(socket)
+                await lv.mount(socket, session)
                 await lv.handle_params(url, parse_qs(url.query), socket)
 
                 rendered = await _render(socket)
@@ -48,10 +63,12 @@ class LiveSocketHandler:
                 await self.handle_connected(socket)
 
         except WebSocketDisconnect:
-            self.manager.disconnect(websocket)
             if socket:
                 await socket.close()
             self.sessions -= 1
+        except AuthException:
+            await websocket.close()
+            self.sessions -= 1
 
     async def handle_connected(self, socket: LiveViewSocket):
         while True:
@@ -66,9 +83,7 @@ class LiveSocketHandler:
                     "phx_reply",
                     {"response": {}, "status": "ok"},
                 ]
-                await self.manager.send_personal_message(
-                    json.dumps(resp), socket.websocket
-                )
+                await self.manager.send_personal_message(json.dumps(resp), socket.websocket)
                 continue
 
             if event == "event":
@@ -86,9 +101,7 @@ class LiveSocketHandler:
                     "phx_reply",
                     {"response": {"diff": rendered}, "status": "ok"},
                 ]
-                await self.manager.send_personal_message(
-                    json.dumps(resp), socket.websocket
-                )
+                await self.manager.send_personal_message(json.dumps(resp), socket.websocket)
                 continue
 
             if event == "live_patch":
@@ -105,9 +118,7 @@ class LiveSocketHandler:
                     "phx_reply",
                     {"response": {"diff": rendered}, "status": "ok"},
                 ]
-                await self.manager.send_personal_message(
-                    json.dumps(resp), socket.websocket
-                )
+                await self.manager.send_personal_message(json.dumps(resp), socket.websocket)
                 continue
 
 
@@ -123,18 +134,10 @@ async def _render(socket: LiveViewSocket):
 
 class ConnectionManager:
     def __init__(self):
-        self.active_connections: list[WebSocket] = []
+        pass
 
     async def connect(self, websocket: WebSocket):
         await websocket.accept()
-        self.active_connections.append(websocket)
-
-    def disconnect(self, websocket: WebSocket):
-        self.active_connections.remove(websocket)
 
     async def send_personal_message(self, message: str, websocket: WebSocket):
         await websocket.send_text(message)
-
-    async def broadcast(self, message: str):
-        for connection in self.active_connections:
-            await connection.send_text(message)

{pyview_web-0.0.6a0 → pyview_web-0.0.8a0}/readme.md

@@ -32,7 +32,7 @@ class CountContext(TypedDict):
 
 
 class CountLiveView(LiveView[CountContext]):
-    async def mount(self, socket: LiveViewSocket[CountContext]):
+    async def mount(self, socket: LiveViewSocket[CountContext], _session):
         socket.context = {"count": 0}
 
     async def handle_event(self, event, payload, socket: LiveViewSocket[CountContext]):

pyview_web-0.0.6a0/pyview/pyview.py

@@ -1,119 +0,0 @@
-from starlette.applications import Starlette
-from fastapi import WebSocket
-from fastapi.responses import HTMLResponse
-from starlette.middleware.gzip import GZipMiddleware
-from starlette.routing import Route
-import uuid
-from urllib.parse import parse_qs
-
-from pyview.live_socket import UnconnectedSocket
-from pyview.csrf import generate_csrf_token
-from .ws_handler import LiveSocketHandler
-from .live_view import LiveView
-from .live_routes import LiveViewLookup
-from typing import Callable, Optional, TypedDict
-
-
-class RootTemplateContext(TypedDict):
-    id: str
-    content: str
-    title: Optional[str]
-    css: Optional[str]
-    csrf_token: str
-
-
-RootTemplate = Callable[[RootTemplateContext], str]
-
-
-class PyView(Starlette):
-    rootTemplate: RootTemplate
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.rootTemplate = defaultRootTemplate("")
-        self.view_lookup = LiveViewLookup()
-        self.live_handler = LiveSocketHandler(self.view_lookup)
-
-        async def live_websocket_endpoint(websocket: WebSocket):
-            await self.live_handler.handle(websocket)
-
-        self.add_websocket_route("/live/websocket", live_websocket_endpoint)
-        self.add_middleware(GZipMiddleware)
-
-    def add_live_view(self, path: str, view: Callable[[], LiveView]):
-        async def lv(request):
-            return await liveview_container(
-                self.rootTemplate, self.view_lookup, request
-            )
-
-        self.view_lookup.add(path, view)
-        self.routes.append(Route(path, lv, methods=["GET"]))
-
-
-async def liveview_container(
-    template: RootTemplate, view_lookup: LiveViewLookup, request
-):
-    url = request.url
-    path = url.path
-    lv: LiveView = view_lookup.get(path)
-    s = UnconnectedSocket()
-    await lv.mount(s)
-    await lv.handle_params(url, parse_qs(url.query), s)
-    r = await lv.render(s.context)
-
-    id = str(uuid.uuid4())
-
-    context: RootTemplateContext = {
-        "id": id,
-        "content": r.text(),
-        "title": s.live_title,
-        "csrf_token": generate_csrf_token("lv:phx-" + id),
-        "css": None,
-    }
-
-    return HTMLResponse(template(context))
-
-
-def defaultRootTemplate(css: str) -> RootTemplate:
-    def template(context: RootTemplateContext) -> str:
-        context["css"] = css
-        return _defaultRootTemplate(context)
-
-    return template
-
-
-def _defaultRootTemplate(context: RootTemplateContext) -> str:
-    suffix = " | LiveView"
-    render_title = (
-        (context["title"] + suffix)  # type: ignore
-        if context.get("title", None) is not None
-        else "LiveView"
-    )
-    css = context["css"] if context.get("css", None) is not None else ""
-    return f"""
-<!DOCTYPE html>
-<html lang="en">
-    <head>
-      <title data-suffix="{suffix}">{render_title}</title>
-      <meta name="csrf-token" content="{context['csrf_token']}" />
-      <meta charset="utf-8">
-      <meta http-equiv="X-UA-Compatible" content="IE=edge">
-      <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-      <script defer type="text/javascript" src="/static/assets/app.js"></script>
-      {css}
-    </head>
-    <body>
-    <div>
-      <a href="/">Home</a>
-      <div
-        data-phx-main="true"
-        data-phx-session=""
-        data-phx-static=""
-        id="phx-{context['id']}"
-        >
-        {context['content']}
-    </div>
-    </div>
-    </body>
-</html>
-"""