turboapi 0.3.24__cp313-cp313-win_amd64.whl → 0.3.29__cp313-cp313-win_amd64.whl

turboapi/async_limiter.py

@@ -0,0 +1,86 @@
+"""
+Async Limiter - Semaphore-based rate limiting for async tasks
+
+Prevents event loop overload by limiting concurrent async tasks.
+"""
+
+import asyncio
+from typing import Any, Coroutine
+
+
+class AsyncLimiter:
+    """Semaphore-based limiter for async tasks
+    
+    Limits the number of concurrent async tasks to prevent event loop overload.
+    This is critical for maintaining stable performance under high load.
+    
+    Args:
+        max_concurrent: Maximum number of concurrent tasks (default: 512)
+    
+    Example:
+        limiter = AsyncLimiter(max_concurrent=512)
+        result = await limiter(some_coroutine())
+    """
+    
+    def __init__(self, max_concurrent: int = 512):
+        self.semaphore = asyncio.Semaphore(max_concurrent)
+        self.max_concurrent = max_concurrent
+        self._active_tasks = 0
+    
+    async def __call__(self, coro: Coroutine) -> Any:
+        """Execute coroutine with semaphore gating
+        
+        Args:
+            coro: Coroutine to execute
+            
+        Returns:
+            Result of the coroutine
+        """
+        async with self.semaphore:
+            self._active_tasks += 1
+            try:
+                return await coro
+            finally:
+                self._active_tasks -= 1
+    
+    @property
+    def active_tasks(self) -> int:
+        """Get current number of active tasks"""
+        return self._active_tasks
+    
+    @property
+    def available_slots(self) -> int:
+        """Get number of available slots"""
+        return self.max_concurrent - self._active_tasks
+
+
+# Global limiter instance per event loop
+_limiters = {}
+
+
+def get_limiter(max_concurrent: int = 512) -> AsyncLimiter:
+    """Get or create limiter for current event loop
+    
+    Args:
+        max_concurrent: Maximum concurrent tasks
+        
+    Returns:
+        AsyncLimiter instance for current event loop
+    """
+    try:
+        loop = asyncio.get_running_loop()
+        loop_id = id(loop)
+        
+        if loop_id not in _limiters:
+            _limiters[loop_id] = AsyncLimiter(max_concurrent)
+        
+        return _limiters[loop_id]
+    except RuntimeError:
+        # No running loop, create standalone limiter
+        return AsyncLimiter(max_concurrent)
+
+
+def reset_limiters():
+    """Reset all limiters (useful for testing)"""
+    global _limiters
+    _limiters = {}

turboapi/async_pool.py

@@ -0,0 +1,141 @@
+"""
+Per-thread asyncio event loop management for Python 3.13+ free-threading.
+
+This module provides thread-local event loop management to enable true
+parallel execution of async handlers across multiple threads.
+"""
+
+import asyncio
+import threading
+from typing import Dict, Optional
+import sys
+
+
+class EventLoopPool:
+    """
+    Manages per-thread asyncio event loops for parallel async execution.
+    
+    In Python 3.13+ with free-threading, we can run multiple event loops
+    in parallel across different threads without GIL contention.
+    """
+    
+    _loops: Dict[int, asyncio.AbstractEventLoop] = {}
+    _lock = threading.Lock()
+    _initialized = False
+    
+    @classmethod
+    def initialize(cls, num_threads: Optional[int] = None) -> None:
+        """
+        Initialize the event loop pool with the specified number of threads.
+        
+        Args:
+            num_threads: Number of threads to create event loops for.
+                        If None, uses number of CPU cores.
+        """
+        if cls._initialized:
+            return
+        
+        with cls._lock:
+            if cls._initialized:
+                return
+            
+            if num_threads is None:
+                import os
+                num_threads = os.cpu_count() or 4
+            
+            print(f"🔄 Initializing EventLoopPool with {num_threads} threads")
+            cls._initialized = True
+    
+    @classmethod
+    def get_loop_for_thread(cls) -> asyncio.AbstractEventLoop:
+        """
+        Get or create an event loop for the current thread.
+        
+        Returns:
+            The event loop for the current thread.
+        """
+        thread_id = threading.get_ident()
+        
+        # Fast path: loop already exists
+        if thread_id in cls._loops:
+            return cls._loops[thread_id]
+        
+        # Slow path: create new loop
+        with cls._lock:
+            # Double-check after acquiring lock
+            if thread_id in cls._loops:
+                return cls._loops[thread_id]
+            
+            # Create new event loop for this thread
+            loop = asyncio.new_event_loop()
+            asyncio.set_event_loop(loop)
+            cls._loops[thread_id] = loop
+            
+            print(f"✅ Created event loop for thread {thread_id}")
+            return loop
+    
+    @classmethod
+    def get_running_loop(cls) -> Optional[asyncio.AbstractEventLoop]:
+        """
+        Get the running event loop for the current thread, if any.
+        
+        Returns:
+            The running event loop, or None if no loop is running.
+        """
+        try:
+            return asyncio.get_running_loop()
+        except RuntimeError:
+            return None
+    
+    @classmethod
+    def cleanup(cls) -> None:
+        """Clean up all event loops (call on shutdown)."""
+        with cls._lock:
+            for thread_id, loop in cls._loops.items():
+                if loop.is_running():
+                    loop.stop()
+                loop.close()
+            cls._loops.clear()
+            cls._initialized = False
+    
+    @classmethod
+    def stats(cls) -> Dict[str, int]:
+        """Get statistics about the event loop pool."""
+        with cls._lock:
+            return {
+                "total_loops": len(cls._loops),
+                "active_threads": len([l for l in cls._loops.values() if l.is_running()]),
+            }
+
+
+def ensure_event_loop() -> asyncio.AbstractEventLoop:
+    """
+    Ensure an event loop exists for the current thread.
+    
+    This is the primary function to call from Rust to get an event loop.
+    
+    Returns:
+        The event loop for the current thread.
+    """
+    # Try to get running loop first (fast path)
+    try:
+        return asyncio.get_running_loop()
+    except RuntimeError:
+        pass
+    
+    # Get or create thread-local loop
+    return EventLoopPool.get_loop_for_thread()
+
+
+# Python 3.13+ free-threading detection
+def is_free_threading_enabled() -> bool:
+    """Check if Python 3.13+ free-threading is enabled."""
+    return hasattr(sys, '_is_gil_enabled') and not sys._is_gil_enabled()
+
+
+# Initialize on import
+if is_free_threading_enabled():
+    print("🚀 Python 3.13+ free-threading detected - enabling parallel event loops!")
+    EventLoopPool.initialize()
+else:
+    print("⚠️  Free-threading not enabled - async performance may be limited")

turboapi/middleware.py

@@ -1,7 +1,19 @@
 """
-Middleware system for TurboAPI.
+FastAPI-compatible Middleware system for TurboAPI.
+
+Includes:
+- CORS (Cross-Origin Resource Sharing)
+- Trusted Host (HTTP Host Header attack prevention)
+- GZip Compression
+- HTTPS Redirect
+- Session Management
+- Custom Middleware Support
 """
 
+from typing import List, Optional, Callable, Awaitable, Pattern
+import gzip
+import re
+import time
 from .models import Request, Response
 
 
@@ -25,40 +37,306 @@ class Middleware:
 
 
 class CORSMiddleware(Middleware):
-    """CORS middleware."""
+    """
+    CORS (Cross-Origin Resource Sharing) middleware.
+    
+    FastAPI-compatible implementation.
+    
+    Usage:
+        app.add_middleware(
+            CORSMiddleware,
+            allow_origins=["http://localhost:8080"],
+            allow_credentials=True,
+            allow_methods=["*"],
+            allow_headers=["*"],
+        )
+    """
 
     def __init__(
         self,
-        allow_origins: list = None,
-        allow_methods: list = None,
-        allow_headers: list = None,
-        allow_credentials: bool = False
+        allow_origins: List[str] = None,
+        allow_methods: List[str] = None,
+        allow_headers: List[str] = None,
+        allow_credentials: bool = False,
+        allow_origin_regex: Optional[str] = None,
+        expose_headers: List[str] = None,
+        max_age: int = 600,
     ):
         self.allow_origins = allow_origins or ["*"]
-        self.allow_methods = allow_methods or ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
+        self.allow_methods = allow_methods or ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"]
         self.allow_headers = allow_headers or ["*"]
         self.allow_credentials = allow_credentials
+        self.allow_origin_regex = re.compile(allow_origin_regex) if allow_origin_regex else None
+        self.expose_headers = expose_headers or []
+        self.max_age = max_age
+
+    def before_request(self, request: Request) -> None:
+        """Handle preflight OPTIONS requests."""
+        if request.method == "OPTIONS":
+            # Preflight request
+            pass
 
     def after_request(self, request: Request, response: Response) -> Response:
         """Add CORS headers to response."""
-        response.set_header("Access-Control-Allow-Origin", ",".join(self.allow_origins))
-        response.set_header("Access-Control-Allow-Methods", ",".join(self.allow_methods))
-        response.set_header("Access-Control-Allow-Headers", ",".join(self.allow_headers))
-
+        origin = request.headers.get("origin", "")
+        
+        # Check if origin is allowed
+        if self.allow_origin_regex and self.allow_origin_regex.match(origin):
+            response.set_header("Access-Control-Allow-Origin", origin)
+        elif "*" in self.allow_origins:
+            response.set_header("Access-Control-Allow-Origin", "*")
+        elif origin in self.allow_origins:
+            response.set_header("Access-Control-Allow-Origin", origin)
+        
+        response.set_header("Access-Control-Allow-Methods", ", ".join(self.allow_methods))
+        response.set_header("Access-Control-Allow-Headers", ", ".join(self.allow_headers))
+        
+        if self.expose_headers:
+            response.set_header("Access-Control-Expose-Headers", ", ".join(self.expose_headers))
+        
         if self.allow_credentials:
             response.set_header("Access-Control-Allow-Credentials", "true")
+        
+        response.set_header("Access-Control-Max-Age", str(self.max_age))
+        
+        return response
 
+
+class TrustedHostMiddleware(Middleware):
+    """
+    Trusted Host middleware - prevents HTTP Host Header attacks.
+    
+    FastAPI-compatible implementation.
+    
+    Usage:
+        app.add_middleware(
+            TrustedHostMiddleware,
+            allowed_hosts=["example.com", "*.example.com"]
+        )
+    """
+    
+    def __init__(
+        self,
+        allowed_hosts: List[str] = None,
+        www_redirect: bool = True,
+    ):
+        if allowed_hosts is None:
+            allowed_hosts = ["*"]
+        
+        self.allowed_hosts = allowed_hosts
+        self.www_redirect = www_redirect
+        
+        # Compile regex patterns for wildcard hosts
+        self.allowed_host_patterns = []
+        for host in allowed_hosts:
+            if host == "*":
+                self.allowed_host_patterns.append(re.compile(".*"))
+            else:
+                # Convert wildcard to regex
+                pattern = host.replace(".", r"\.").replace("*", ".*")
+                self.allowed_host_patterns.append(re.compile(f"^{pattern}$"))
+    
+    def before_request(self, request: Request) -> None:
+        """Validate Host header."""
+        host = request.headers.get("host", "").split(":")[0]
+        
+        # Check if host is allowed
+        if not any(pattern.match(host) for pattern in self.allowed_host_patterns):
+            raise Exception(f"Invalid host header: {host}")
+
+
+class GZipMiddleware(Middleware):
+    """
+    GZip compression middleware.
+    
+    FastAPI-compatible implementation.
+    
+    Usage:
+        app.add_middleware(GZipMiddleware, minimum_size=1000)
+    """
+    
+    def __init__(
+        self,
+        minimum_size: int = 500,
+        compresslevel: int = 9,
+    ):
+        self.minimum_size = minimum_size
+        self.compresslevel = compresslevel
+    
+    def after_request(self, request: Request, response: Response) -> Response:
+        """Compress response if client accepts gzip."""
+        accept_encoding = request.headers.get("accept-encoding", "")
+        
+        if "gzip" not in accept_encoding.lower():
+            return response
+        
+        # Check if response is large enough to compress
+        if hasattr(response, 'content'):
+            content = response.content
+            if isinstance(content, str):
+                content = content.encode('utf-8')
+            
+            if len(content) < self.minimum_size:
+                return response
+            
+            # Compress content
+            compressed = gzip.compress(content, compresslevel=self.compresslevel)
+            response.content = compressed
+            response.set_header("Content-Encoding", "gzip")
+            response.set_header("Content-Length", str(len(compressed)))
+            response.set_header("Vary", "Accept-Encoding")
+        
         return response
 
 
+class HTTPSRedirectMiddleware(Middleware):
+    """
+    HTTPS redirect middleware - redirects HTTP to HTTPS.
+    
+    FastAPI-compatible implementation.
+    
+    Usage:
+        app.add_middleware(HTTPSRedirectMiddleware)
+    """
+    
+    def before_request(self, request: Request) -> None:
+        """Redirect HTTP to HTTPS."""
+        # Check if request is HTTP
+        scheme = request.headers.get("x-forwarded-proto", "http")
+        if scheme == "http":
+            # Redirect to HTTPS
+            https_url = f"https://{request.headers.get('host', '')}{request.path}"
+            if request.query_string:
+                https_url += f"?{request.query_string}"
+            
+            raise HTTPSRedirect(https_url)
+
+
+class HTTPSRedirect(Exception):
+    """Exception to trigger HTTPS redirect."""
+    def __init__(self, url: str):
+        self.url = url
+
+
+class SessionMiddleware(Middleware):
+    """
+    Session management middleware.
+    
+    Usage:
+        app.add_middleware(
+            SessionMiddleware,
+            secret_key="your-secret-key-here",
+            session_cookie="session"
+        )
+    """
+    
+    def __init__(
+        self,
+        secret_key: str,
+        session_cookie: str = "session",
+        max_age: int = 14 * 24 * 60 * 60,  # 14 days
+        same_site: str = "lax",
+        https_only: bool = False,
+    ):
+        self.secret_key = secret_key
+        self.session_cookie = session_cookie
+        self.max_age = max_age
+        self.same_site = same_site
+        self.https_only = https_only
+    
+    def before_request(self, request: Request) -> None:
+        """Load session from cookie."""
+        # TODO: Implement session loading
+        request.session = {}
+    
+    def after_request(self, request: Request, response: Response) -> Response:
+        """Save session to cookie."""
+        # TODO: Implement session saving
+        return response
+
+
+class RateLimitMiddleware(Middleware):
+    """
+    Rate limiting middleware.
+    
+    Usage:
+        app.add_middleware(
+            RateLimitMiddleware,
+            requests_per_minute=60
+        )
+    """
+    
+    def __init__(
+        self,
+        requests_per_minute: int = 60,
+        burst: int = 10,
+    ):
+        self.requests_per_minute = requests_per_minute
+        self.burst = burst
+        self.requests = {}  # IP -> [(timestamp, count)]
+    
+    def before_request(self, request: Request) -> None:
+        """Check rate limit."""
+        client_ip = request.headers.get("x-forwarded-for", "unknown").split(",")[0].strip()
+        now = time.time()
+        
+        # Clean old requests
+        if client_ip in self.requests:
+            self.requests[client_ip] = [
+                (ts, count) for ts, count in self.requests[client_ip]
+                if now - ts < 60
+            ]
+        
+        # Count requests in last minute
+        if client_ip not in self.requests:
+            self.requests[client_ip] = []
+        
+        request_count = sum(count for _, count in self.requests[client_ip])
+        
+        if request_count >= self.requests_per_minute:
+            raise Exception("Rate limit exceeded")
+        
+        # Add this request
+        self.requests[client_ip].append((now, 1))
+
+
 class LoggingMiddleware(Middleware):
-    """Request logging middleware."""
+    """
+    Request logging middleware.
+    
+    Usage:
+        app.add_middleware(LoggingMiddleware)
+    """
 
     def before_request(self, request: Request) -> None:
         """Log incoming request."""
+        request._start_time = time.time()
         print(f"[REQUEST] {request.method} {request.path}")
 
     def after_request(self, request: Request, response: Response) -> Response:
-        """Log response."""
-        print(f"[RESPONSE] {request.method} {request.path} -> {response.status_code}")
+        """Log response with timing."""
+        duration = time.time() - getattr(request, '_start_time', time.time())
+        print(f"[RESPONSE] {request.method} {request.path} -> {response.status_code} ({duration*1000:.2f}ms)")
         return response
+
+
+class CustomMiddleware(Middleware):
+    """
+    Custom middleware wrapper for function-based middleware.
+    
+    Usage:
+        @app.middleware("http")
+        async def add_process_time_header(request, call_next):
+            start_time = time.time()
+            response = await call_next(request)
+            process_time = time.time() - start_time
+            response.headers["X-Process-Time"] = str(process_time)
+            return response
+    """
+    
+    def __init__(self, func: Callable):
+        self.func = func
+    
+    async def __call__(self, request: Request, call_next: Callable) -> Response:
+        """Execute custom middleware function."""
+        return await self.func(request, call_next)

turboapi/request_handler.py

@@ -191,38 +191,37 @@ def create_enhanced_handler(original_handler, route_definition):
             # Filter kwargs to only pass expected parameters
             filtered_kwargs = {
                 k: v for k, v in kwargs.items() 
+                if k in sig.parameters
             }
             
             # Call original handler
-            # v0.3.21: Async handlers are now supported via Rust's tokio runtime!
-            # The Rust layer (server.rs) will detect coroutines and await them properly
-            # using pyo3-async-runtimes, giving us native async performance
-            result = original_handler(**filtered_kwargs)
-            
-            # Check if result is a coroutine - if so, return it directly for Rust to await
-            import inspect
-            if inspect.iscoroutine(result):
-                # Return coroutine directly - Rust will await it using tokio
-                return result
+            if inspect.iscoroutinefunction(original_handler):
+                # For async handlers (future support)
+                result = original_handler(**filtered_kwargs)
+            else:
+                result = original_handler(**filtered_kwargs)
             
-            # Sync result - normalize and return as JSON string
+            # Normalize response
             content, status_code = ResponseHandler.normalize_response(result)
             
-            # Return JSON string directly for Rust to use
-            import json
-            return json.dumps(content)
+            return ResponseHandler.format_json_response(content, status_code)
+            
         except ValueError as e:
             # Validation or parsing error (400 Bad Request)
-            import json
-            return json.dumps({"error": "Bad Request", "detail": str(e)})
+            return ResponseHandler.format_json_response(
+                {"error": "Bad Request", "detail": str(e)},
+                400
+            )
         except Exception as e:
             # Unexpected error (500 Internal Server Error)
             import traceback
-            import json
-            return json.dumps({
-                "error": "Internal Server Error",
-                "detail": str(e),
-                "traceback": traceback.format_exc()
-            })
+            return ResponseHandler.format_json_response(
+                {
+                    "error": "Internal Server Error",
+                    "detail": str(e),
+                    "traceback": traceback.format_exc()
+                },
+                500
+            )
     
     return enhanced_handler

turboapi/rust_integration.py

@@ -12,7 +12,7 @@ from .request_handler import create_enhanced_handler, ResponseHandler
 from .version_check import CHECK_MARK, CROSS_MARK, ROCKET
 
 try:
-    from turboapi import _rust as turbonet
+    import turbonet
     RUST_CORE_AVAILABLE = True
 except ImportError:
     RUST_CORE_AVAILABLE = False
@@ -175,6 +175,7 @@ class RustIntegratedTurboAPI(TurboAPI):
                             
                             # Add query parameters
                             call_args.update(query_params)
+                            
                             # Always add body and headers for enhanced handler
                             call_args['body'] = body if body else b''
                             call_args['headers'] = headers
@@ -186,7 +187,7 @@ class RustIntegratedTurboAPI(TurboAPI):
                             # {"content": ..., "status_code": ..., "content_type": ...}
                             # But Rust expects a plain dict that it will JSON serialize
                             # So just return the content directly
-                            if isinstance(result, dict) and 'content' in result:
+                            if isinstance(result, dict) and 'content' in result and 'status_code' in result:
                                 # Return just the content - Rust will handle status codes later
                                 # For now, just return the content as a dict
                                 return result['content']
@@ -205,15 +206,13 @@ class RustIntegratedTurboAPI(TurboAPI):
 
                     return rust_handler  # noqa: B023
 
-                # Create and register the handler
-                handler_func = create_rust_handler(enhanced_handler, route)
-                rust_handler = handler_func
-
-                # Register with Rust server
+                # Register the ORIGINAL handler directly with Rust
+                # Rust will call it with call0() (no arguments)
+                # The original handler doesn't expect any arguments
                 self.rust_server.add_route(
                     route.method.value,
                     route.path,
-                    rust_handler
+                    route.handler  # Pass original handler, not wrapper!
                 )
 
                 print(f"{CHECK_MARK} Registered {route.method.value} {route.path} with Rust server")