skrift 0.1.0a1__tar.gz → 0.1.0a2__tar.gz

{skrift-0.1.0a1 → skrift-0.1.0a2}/.gitignore

@@ -22,3 +22,4 @@ wheels/
 app.yaml
 app.bak.yaml
 app.yaml.backup.*
+site/

{skrift-0.1.0a1 → skrift-0.1.0a2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skrift
-Version: 0.1.0a1
+Version: 0.1.0a2
 Summary: A lightweight async Python CMS for crafting modern websites
 Requires-Python: >=3.13
 Requires-Dist: advanced-alchemy>=0.26.0
@@ -15,6 +15,8 @@ Requires-Dist: pyyaml>=6.0.0
 Requires-Dist: ruamel-yaml>=0.18.0
 Requires-Dist: sqlalchemy[asyncio]>=2.0.36
 Requires-Dist: uvicorn>=0.34.0
+Provides-Extra: docs
+Requires-Dist: zensical>=0.0.19; extra == 'docs'
 Description-Content-Type: text/markdown
 
 # Skrift

{skrift-0.1.0a1 → skrift-0.1.0a2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "skrift"
-version = "0.1.0a1"
+version = "0.1.0a2"
 description = "A lightweight async Python CMS for crafting modern websites"
 readme = "README.md"
 requires-python = ">=3.13"
@@ -30,6 +30,11 @@ package = true
 requires = ["hatchling"]
 build-backend = "hatchling.build"
 
+[dependency-groups]
+docs = [
+    "zensical>=0.0.19",
+]
+
 [tool.hatch.build]
 include = [
     "skrift/**/*.py",
@@ -45,6 +50,9 @@ exclude = [
     "*.db",
 ]
 
+[project.optional-dependencies]
+docs = ["zensical>=0.0.19"]
+
 [tool.ruff]
 line-length = 100
 target-version = "py313"

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/asgi.py

@@ -29,7 +29,7 @@ from litestar.static_files import create_static_files_router
 from litestar.template import TemplateConfig
 from litestar.types import ASGIApp, Receive, Scope, Send
 
-from skrift.config import get_settings, is_config_valid
+from skrift.config import get_config_path, get_settings, is_config_valid
 from skrift.db.base import Base
 from skrift.db.services.setting_service import (
     load_site_settings_cache,
@@ -45,7 +45,7 @@ from skrift.lib.exceptions import http_exception_handler, internal_server_error_
 
 def load_controllers() -> list:
     """Load controllers from app.yaml configuration."""
-    config_path = Path.cwd() / "app.yaml"
+    config_path = get_config_path()
 
     if not config_path.exists():
         return []
@@ -196,12 +196,7 @@ class AppDispatcher:
             await self.setup_app(scope, receive, send)
             return
 
-        # For /auth/* during setup, route to setup app (OAuth callbacks)
-        if path.startswith("/auth"):
-            await self.setup_app(scope, receive, send)
-            return
-
-        # Non-setup path: check if setup is complete in DB
+        # Check if setup is complete in DB
         if await self._is_setup_complete_in_db():
             # Setup complete - try to get/create main app
             main_app = await self._get_or_create_main_app()
@@ -215,8 +210,13 @@ class AppDispatcher:
                     f"Setup complete but cannot start application: {self._main_app_error}"
                 )
         else:
-            # Setup not complete - redirect to /setup
-            await self._redirect(send, "/setup")
+            # Setup not complete
+            # Route /auth/* to setup app for OAuth callbacks during setup
+            if path.startswith("/auth"):
+                await self.setup_app(scope, receive, send)
+            else:
+                # Redirect other paths to /setup
+                await self._redirect(send, "/setup")
 
     async def _is_setup_complete_in_db(self) -> bool:
         """Check if setup is complete in the database."""
@@ -270,6 +270,10 @@ def create_app() -> Litestar:
     This app has all routes for normal operation. It is used by the dispatcher
     after setup is complete.
     """
+    # CRITICAL: Check for dummy auth in production BEFORE anything else
+    from skrift.setup.providers import validate_no_dummy_auth_in_production
+    validate_no_dummy_auth_in_production()
+
     settings = get_settings()
 
     # Load controllers from app.yaml
@@ -404,7 +408,7 @@ def create_setup_app() -> Litestar:
 
     # Also try to get the raw db URL from config (before env var resolution)
     if not db_url:
-        config_path = Path.cwd() / "app.yaml"
+        config_path = get_config_path()
         if config_path.exists():
             try:
                 with open(config_path, "r") as f:
@@ -493,6 +497,10 @@ def create_dispatcher() -> ASGIApp:
     This is the main entry point. The dispatcher handles routing between
     setup and main apps, with lazy creation of the main app after setup completes.
     """
+    # CRITICAL: Check for dummy auth in production BEFORE anything else
+    from skrift.setup.providers import validate_no_dummy_auth_in_production
+    validate_no_dummy_auth_in_production()
+
     global _dispatcher
     from skrift.setup.state import get_database_url_from_yaml
 

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/config.py

@@ -16,6 +16,31 @@ load_dotenv(_env_file)
 # Pattern to match $VAR_NAME environment variable references
 ENV_VAR_PATTERN = re.compile(r"\$([A-Z_][A-Z0-9_]*)")
 
+# Environment configuration
+SKRIFT_ENV = "SKRIFT_ENV"
+DEFAULT_ENVIRONMENT = "production"
+
+
+def get_environment() -> str:
+    """Get the current environment name, normalized to lowercase.
+
+    Reads from SKRIFT_ENV environment variable. Defaults to "production".
+    """
+    env = os.environ.get(SKRIFT_ENV, DEFAULT_ENVIRONMENT)
+    return env.lower().strip()
+
+
+def get_config_path() -> Path:
+    """Get the path to the environment-specific config file.
+
+    Production -> app.yaml
+    Other envs -> app.{env}.yaml (e.g., app.dev.yaml)
+    """
+    env = get_environment()
+    if env == "production":
+        return Path.cwd() / "app.yaml"
+    return Path.cwd() / f"app.{env}.yaml"
+
 
 def interpolate_env_vars(value, strict: bool = True):
     """Recursively replace $VAR_NAME with os.environ values.
@@ -54,10 +79,10 @@ def load_app_config(interpolate: bool = True, strict: bool = True) -> dict:
     Returns:
         Parsed configuration dictionary
     """
-    config_path = Path.cwd() / "app.yaml"
+    config_path = get_config_path()
 
     if not config_path.exists():
-        raise FileNotFoundError(f"app.yaml not found at {config_path}")
+        raise FileNotFoundError(f"{config_path.name} not found at {config_path}")
 
     with open(config_path, "r") as f:
         config = yaml.safe_load(f)
@@ -69,7 +94,7 @@ def load_app_config(interpolate: bool = True, strict: bool = True) -> dict:
 
 def load_raw_app_config() -> dict | None:
     """Load app.yaml without any processing. Returns None if file doesn't exist."""
-    config_path = Path.cwd() / "app.yaml"
+    config_path = get_config_path()
 
     if not config_path.exists():
         return None
@@ -98,11 +123,40 @@ class OAuthProviderConfig(BaseModel):
     tenant_id: str | None = None
 
 
+class DummyProviderConfig(BaseModel):
+    """Dummy provider configuration (no credentials required)."""
+
+    pass
+
+
+# Union type for provider configs - dummy has no required fields
+ProviderConfig = OAuthProviderConfig | DummyProviderConfig
+
+
 class AuthConfig(BaseModel):
     """Authentication configuration."""
 
     redirect_base_url: str = "http://localhost:8000"
-    providers: dict[str, OAuthProviderConfig] = {}
+    providers: dict[str, ProviderConfig] = {}
+
+    @classmethod
+    def _parse_provider(cls, name: str, config: dict) -> ProviderConfig:
+        """Parse a provider config, using the appropriate model based on provider name."""
+        if name == "dummy":
+            return DummyProviderConfig(**config)
+        return OAuthProviderConfig(**config)
+
+    def __init__(self, **data):
+        # Convert raw provider dicts to appropriate config objects
+        if "providers" in data and isinstance(data["providers"], dict):
+            parsed_providers = {}
+            for name, config in data["providers"].items():
+                if isinstance(config, dict):
+                    parsed_providers[name] = self._parse_provider(name, config)
+                else:
+                    parsed_providers[name] = config
+            data["providers"] = parsed_providers
+        super().__init__(**data)
 
     def get_redirect_uri(self, provider: str) -> str:
         """Get the OAuth callback URL for a provider."""
@@ -137,7 +191,7 @@ def is_config_valid() -> tuple[bool, str | None]:
     try:
         config = load_raw_app_config()
         if config is None:
-            return False, "app.yaml not found"
+            return False, f"{get_config_path().name} not found"
 
         # Check database URL
         db_config = config.get("db", {})

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/controllers/auth.py

@@ -1,6 +1,7 @@
 """Authentication controller for OAuth login flows.
 
 Supports multiple OAuth providers: Google, GitHub, Microsoft, Discord, Facebook, X (Twitter).
+Also supports a development-only "dummy" provider for testing.
 """
 
 import base64
@@ -11,7 +12,7 @@ from typing import Annotated
 from urllib.parse import urlencode
 
 import httpx
-from litestar import Controller, Request, get
+from litestar import Controller, Request, get, post
 from litestar.exceptions import HTTPException, NotFoundException
 from litestar.params import Parameter
 from litestar.response import Redirect, Template as TemplateResponse
@@ -20,7 +21,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
 
 from skrift.config import get_settings
 from skrift.db.models.user import User
-from skrift.setup.providers import OAUTH_PROVIDERS, get_provider_info
+from skrift.setup.providers import DUMMY_PROVIDER_KEY, OAUTH_PROVIDERS, get_provider_info
 
 
 def get_auth_url(provider: str, settings, state: str, code_challenge: str | None = None) -> str:
@@ -227,8 +228,8 @@ class AuthController(Controller):
         self,
         request: Request,
         provider: str,
-    ) -> Redirect:
-        """Redirect to OAuth provider consent screen."""
+    ) -> Redirect | TemplateResponse:
+        """Redirect to OAuth provider consent screen, or show dummy login form."""
         settings = get_settings()
         provider_info = get_provider_info(provider)
 
@@ -238,6 +239,14 @@ class AuthController(Controller):
         if provider not in settings.auth.providers:
             raise NotFoundException(f"Provider {provider} not configured")
 
+        # Dummy provider shows local login form instead of redirecting to OAuth
+        if provider == DUMMY_PROVIDER_KEY:
+            flash = request.session.pop("flash", None)
+            return TemplateResponse(
+                "auth/dummy_login.html",
+                context={"flash": flash},
+            )
+
         # Generate CSRF state token
         state = secrets.token_urlsafe(32)
         request.session["oauth_state"] = state
@@ -348,22 +357,91 @@ class AuthController(Controller):
         flash = request.session.pop("flash", None)
         settings = get_settings()
 
-        # Get configured providers
+        # Get configured providers (excluding dummy from main list)
         configured_providers = list(settings.auth.providers.keys())
         providers = {
             key: OAUTH_PROVIDERS[key]
             for key in configured_providers
-            if key in OAUTH_PROVIDERS
+            if key in OAUTH_PROVIDERS and key != DUMMY_PROVIDER_KEY
         }
 
+        # Check if dummy provider is configured
+        has_dummy = DUMMY_PROVIDER_KEY in settings.auth.providers
+
         return TemplateResponse(
             "auth/login.html",
             context={
                 "flash": flash,
                 "providers": providers,
+                "has_dummy": has_dummy,
             },
         )
 
+    @post("/dummy-login")
+    async def dummy_login_submit(
+        self,
+        request: Request,
+        db_session: AsyncSession,
+    ) -> Redirect:
+        """Process dummy login form submission."""
+        settings = get_settings()
+
+        if DUMMY_PROVIDER_KEY not in settings.auth.providers:
+            raise NotFoundException("Dummy provider not configured")
+
+        # Parse form data from request
+        form_data = await request.form()
+        email = form_data.get("email", "").strip()
+        name = form_data.get("name", "").strip()
+
+        if not email:
+            request.session["flash"] = "Email is required"
+            return Redirect(path="/auth/dummy/login")
+
+        # Default name to email username if not provided
+        if not name:
+            name = email.split("@")[0]
+
+        # Generate deterministic oauth_id from email
+        oauth_id = f"dummy_{hashlib.sha256(email.encode()).hexdigest()[:16]}"
+
+        # Find or create user
+        result = await db_session.execute(
+            select(User).where(
+                User.oauth_id == oauth_id,
+                User.oauth_provider == DUMMY_PROVIDER_KEY,
+            )
+        )
+        user = result.scalar_one_or_none()
+
+        if user:
+            # Update existing user
+            user.name = name
+            user.email = email
+            user.last_login_at = datetime.now(UTC)
+        else:
+            # Create new user
+            user = User(
+                oauth_provider=DUMMY_PROVIDER_KEY,
+                oauth_id=oauth_id,
+                email=email,
+                name=name,
+                last_login_at=datetime.now(UTC),
+            )
+            db_session.add(user)
+            await db_session.flush()
+
+        await db_session.commit()
+
+        # Set session with user info
+        request.session["user_id"] = str(user.id)
+        request.session["user_name"] = user.name
+        request.session["user_email"] = user.email
+        request.session["user_picture_url"] = user.picture_url
+        request.session["flash"] = "Successfully logged in!"
+
+        return Redirect(path="/")
+
     @get("/logout")
     async def logout(self, request: Request) -> Redirect:
         """Clear session and redirect to home."""

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/setup/config_writer.py

@@ -7,6 +7,8 @@ from typing import Any
 
 from ruamel.yaml import YAML
 
+from skrift.config import get_config_path as _get_config_path
+
 # Default app.yaml structure
 DEFAULT_CONFIG = {
     "controllers": [
@@ -29,8 +31,8 @@ DEFAULT_CONFIG = {
 
 
 def get_config_path() -> Path:
-    """Get the path to app.yaml."""
-    return Path.cwd() / "app.yaml"
+    """Get the path to the current environment's config file."""
+    return _get_config_path()
 
 
 def backup_config() -> Path | None:

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/setup/providers.py

@@ -2,6 +2,8 @@
 
 from dataclasses import dataclass
 
+DUMMY_PROVIDER_KEY = "dummy"
+
 
 @dataclass
 class OAuthProviderInfo:
@@ -150,6 +152,17 @@ OAUTH_PROVIDERS = {
         """.strip(),
         icon="twitter",
     ),
+    DUMMY_PROVIDER_KEY: OAuthProviderInfo(
+        name="Dummy (Development Only)",
+        auth_url="",
+        token_url="",
+        userinfo_url="",
+        scopes=[],
+        console_url="",
+        fields=[],
+        instructions="Development-only provider. DO NOT use in production.",
+        icon="dummy",
+    ),
 }
 
 
@@ -159,5 +172,43 @@ def get_provider_info(provider: str) -> OAuthProviderInfo | None:
 
 
 def get_all_providers() -> dict[str, OAuthProviderInfo]:
-    """Get all available OAuth providers."""
-    return OAUTH_PROVIDERS.copy()
+    """Get all available OAuth providers (excluding dev-only providers)."""
+    return {k: v for k, v in OAUTH_PROVIDERS.items() if k != DUMMY_PROVIDER_KEY}
+
+
+def validate_no_dummy_auth_in_production() -> None:
+    """Exit process if dummy auth is configured in production."""
+    import os
+    import signal
+    import sys
+
+    from skrift.config import get_environment, load_raw_app_config
+
+    if get_environment() != "production":
+        return
+
+    config = load_raw_app_config()
+    if config is None:
+        return
+
+    providers = config.get("auth", {}).get("providers", {})
+    if DUMMY_PROVIDER_KEY in providers:
+        # Only print if we haven't already (use env var as cross-process flag)
+        if not os.environ.get("_SKRIFT_DUMMY_ERROR_PRINTED"):
+            os.environ["_SKRIFT_DUMMY_ERROR_PRINTED"] = "1"
+            sys.stderr.write(
+                "\n"
+                "======================================================================\n"
+                "SECURITY ERROR: Dummy auth provider is configured in production.\n"
+                "Remove 'dummy' from auth.providers in app.yaml.\n"
+                "Server will NOT start.\n"
+                "======================================================================\n\n"
+            )
+            sys.stderr.flush()
+
+        # Kill parent process (uvicorn reloader) to stop respawning
+        try:
+            os.kill(os.getppid(), signal.SIGTERM)
+        except (ProcessLookupError, PermissionError):
+            pass
+        os._exit(1)

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/setup/state.py

@@ -12,6 +12,7 @@ from pathlib import Path
 from sqlalchemy import text
 from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
 
+from skrift.config import get_config_path
 from skrift.db.services.setting_service import SETUP_COMPLETED_AT_KEY, get_setting
 
 
@@ -27,7 +28,7 @@ class SetupStep(Enum):
 
 def app_yaml_exists() -> bool:
     """Check if app.yaml exists in the current working directory."""
-    return (Path.cwd() / "app.yaml").exists()
+    return get_config_path().exists()
 
 
 def get_database_url_from_yaml() -> str | None:
@@ -38,7 +39,7 @@ def get_database_url_from_yaml() -> str | None:
     """
     import yaml
 
-    config_path = Path.cwd() / "app.yaml"
+    config_path = get_config_path()
     if not config_path.exists():
         return None
 

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/static/css/style.css

@@ -175,7 +175,7 @@ a {
     position: relative;
 }
 
-a:not([role="button"])::after {
+a:not([role="button"]):not(.oauth-btn)::after {
     content: '';
     position: absolute;
     left: 0;
@@ -188,11 +188,11 @@ a:not([role="button"])::after {
     transition: transform 500ms ease-out;
 }
 
-a:hover {
+a:not([role="button"]):not(.oauth-btn):hover {
     color: var(--color-primary-hover);
 }
 
-a:not([role="button"]):hover::after {
+a:not([role="button"]):not(.oauth-btn):hover::after {
     transform: scaleX(1);
     transform-origin: left;
 }

skrift-0.1.0a2/skrift/templates/auth/dummy_login.html

@@ -0,0 +1,102 @@
+{% extends "base.html" %}
+
+{% block title %}Dummy Login (Dev) - {{ site_name() }}{% endblock %}
+
+{% block head %}
+<style>
+    .login-container {
+        max-width: 400px;
+        margin: 2rem auto;
+    }
+
+    .warning-banner {
+        background: #fef3c7;
+        border: 1px solid #f59e0b;
+        color: #92400e;
+        padding: 1rem;
+        border-radius: 0.5rem;
+        margin-bottom: 1.5rem;
+        text-align: center;
+        font-weight: 600;
+    }
+
+    .form-group {
+        margin-bottom: 1rem;
+    }
+
+    .form-group label {
+        display: block;
+        margin-bottom: 0.5rem;
+        font-weight: 600;
+    }
+
+    .form-group input {
+        width: 100%;
+        padding: 0.75rem;
+        border: 1px solid var(--color-border, #ccc);
+        border-radius: 0.5rem;
+        font-size: 1rem;
+    }
+
+    .form-group small {
+        display: block;
+        margin-top: 0.25rem;
+        color: var(--color-text-muted, #666);
+    }
+
+    .submit-btn {
+        width: 100%;
+        padding: 1rem;
+        background: #6b7280;
+        color: white;
+        border: none;
+        border-radius: 0.5rem;
+        font-size: 1rem;
+        font-weight: 600;
+        cursor: pointer;
+        margin-top: 1rem;
+    }
+
+    .submit-btn:hover {
+        background: #4b5563;
+    }
+
+    .back-link {
+        display: block;
+        text-align: center;
+        margin-top: 1.5rem;
+        color: var(--color-text-muted, #666);
+    }
+</style>
+{% endblock %}
+
+{% block content %}
+<div class="login-container">
+    <article>
+        <header>
+            <h1>Dummy Login</h1>
+        </header>
+
+        <div class="warning-banner">
+            DEVELOPMENT ONLY - Not for production use
+        </div>
+
+        <form method="post" action="/auth/dummy-login">
+            <div class="form-group">
+                <label for="email">Email</label>
+                <input type="email" id="email" name="email" required placeholder="test@example.com">
+            </div>
+
+            <div class="form-group">
+                <label for="name">Name</label>
+                <input type="text" id="name" name="name" placeholder="Test User">
+                <small>Optional. Defaults to email username if not provided.</small>
+            </div>
+
+            <button type="submit" class="submit-btn">Login</button>
+        </form>
+
+        <a href="/auth/login" class="back-link">&larr; Back to login options</a>
+    </article>
+</div>
+{% endblock %}

{skrift-0.1.0a1 → skrift-0.1.0a2}/skrift/templates/auth/login.html

@@ -120,6 +120,20 @@
             <p>No authentication providers are configured. Please contact the site administrator.</p>
             {% endfor %}
         </div>
+
+        {% if has_dummy %}
+        <div style="margin-top: 1.5rem; padding-top: 1.5rem; border-top: 1px solid var(--color-border, #ccc);">
+            <p style="text-align: center; color: var(--color-text-muted, #666); font-size: 0.875rem; margin-bottom: 1rem;">
+                Development Only
+            </p>
+            <a href="/auth/dummy/login" class="oauth-btn" style="background: #6b7280; color: white;">
+                <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+                    <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 3c1.66 0 3 1.34 3 3s-1.34 3-3 3-3-1.34-3-3 1.34-3 3-3zm0 14.2c-2.5 0-4.71-1.28-6-3.22.03-1.99 4-3.08 6-3.08 1.99 0 5.97 1.09 6 3.08-1.29 1.94-3.5 3.22-6 3.22z"/>
+                </svg>
+                Dummy Login (Dev)
+            </a>
+        </div>
+        {% endif %}
     </article>
 </div>
 {% endblock %}