vega-framework 0.1.35__py3-none-any.whl → 0.2.1__py3-none-any.whl

vega/web/builtin_middlewares.py

@@ -0,0 +1,288 @@
+"""Built-in route middleware implementations for Vega Web Framework"""
+
+import time
+import logging
+from typing import Optional
+
+from .route_middleware import RouteMiddleware, MiddlewarePhase
+from .request import Request
+from .response import Response, JSONResponse
+from .exceptions import HTTPException, status
+
+
+class AuthMiddleware(RouteMiddleware):
+    """
+    Authentication middleware - validates Authorization header.
+
+    Executes BEFORE the handler.
+
+    Args:
+        header_name: Name of the header to check (default: "Authorization")
+        scheme: Expected auth scheme (default: "Bearer")
+
+    Example:
+        @router.get("/protected")
+        @middleware(AuthMiddleware())
+        async def protected_route():
+            return {"data": "secret"}
+    """
+
+    def __init__(self, header_name: str = "Authorization", scheme: str = "Bearer"):
+        super().__init__(phase=MiddlewarePhase.BEFORE)
+        self.header_name = header_name
+        self.scheme = scheme
+
+    async def before(self, request: Request) -> Optional[Response]:
+        """Check for valid authentication token"""
+        auth_header = request.headers.get(self.header_name.lower())
+
+        if not auth_header:
+            return JSONResponse(
+                content={"detail": "Missing authentication credentials"},
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                headers={"WWW-Authenticate": f"{self.scheme}"},
+            )
+
+        # Parse scheme and token
+        parts = auth_header.split()
+        if len(parts) != 2 or parts[0].lower() != self.scheme.lower():
+            return JSONResponse(
+                content={"detail": f"Invalid authentication scheme. Expected: {self.scheme}"},
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                headers={"WWW-Authenticate": f"{self.scheme}"},
+            )
+
+        token = parts[1]
+
+        # TODO: Validate token here (this is a simple example)
+        if token == "invalid":
+            return JSONResponse(
+                content={"detail": "Invalid or expired token"},
+                status_code=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        # Store user info in request state for handler to use
+        request.state.user_id = "user_from_token"
+        request.state.token = token
+
+        return None  # Continue to handler
+
+
+class TimingMiddleware(RouteMiddleware):
+    """
+    Request timing middleware - measures execution time.
+
+    Executes BOTH before and after the handler.
+
+    Example:
+        @router.get("/slow-operation")
+        @middleware(TimingMiddleware())
+        async def slow_operation():
+            await asyncio.sleep(1)
+            return {"status": "done"}
+    """
+
+    def __init__(self):
+        super().__init__(phase=MiddlewarePhase.BOTH)
+        self.logger = logging.getLogger("vega.web.timing")
+
+    async def before(self, request: Request) -> Optional[Response]:
+        """Record start time"""
+        request.state.start_time = time.time()
+        return None
+
+    async def after(self, request: Request, response: Response) -> Response:
+        """Calculate and log execution time"""
+        if hasattr(request.state, "start_time"):
+            duration = time.time() - request.state.start_time
+            self.logger.info(
+                f"{request.method} {request.url.path} completed in {duration:.3f}s"
+            )
+
+            # Add timing header to response
+            if hasattr(response, "headers"):
+                response.headers["X-Process-Time"] = f"{duration:.3f}"
+
+        return response
+
+
+class CacheControlMiddleware(RouteMiddleware):
+    """
+    Cache control middleware - adds cache headers to response.
+
+    Executes AFTER the handler.
+
+    Args:
+        max_age: Cache max age in seconds
+        public: Whether cache is public (default: True)
+
+    Example:
+        @router.get("/static-data")
+        @middleware(CacheControlMiddleware(max_age=3600))
+        async def get_static_data():
+            return {"data": "rarely changes"}
+    """
+
+    def __init__(self, max_age: int = 300, public: bool = True):
+        super().__init__(phase=MiddlewarePhase.AFTER)
+        self.max_age = max_age
+        self.public = public
+
+    async def after(self, request: Request, response: Response) -> Response:
+        """Add cache control headers"""
+        cache_type = "public" if self.public else "private"
+        cache_value = f"{cache_type}, max-age={self.max_age}"
+
+        if hasattr(response, "headers"):
+            response.headers["Cache-Control"] = cache_value
+
+        return response
+
+
+class CORSMiddleware(RouteMiddleware):
+    """
+    CORS middleware for specific routes.
+
+    Executes AFTER the handler to add CORS headers.
+
+    Args:
+        allow_origins: List of allowed origins or "*"
+        allow_methods: List of allowed methods
+        allow_headers: List of allowed headers
+
+    Example:
+        @router.get("/public-api/data")
+        @middleware(CORSMiddleware(allow_origins=["*"]))
+        async def public_data():
+            return {"data": "public"}
+    """
+
+    def __init__(
+        self,
+        allow_origins: list = None,
+        allow_methods: list = None,
+        allow_headers: list = None,
+    ):
+        super().__init__(phase=MiddlewarePhase.AFTER)
+        self.allow_origins = allow_origins or ["*"]
+        self.allow_methods = allow_methods or ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
+        self.allow_headers = allow_headers or ["*"]
+
+    async def after(self, request: Request, response: Response) -> Response:
+        """Add CORS headers to response"""
+        if hasattr(response, "headers"):
+            origin = request.headers.get("origin", "*")
+
+            if "*" in self.allow_origins or origin in self.allow_origins:
+                response.headers["Access-Control-Allow-Origin"] = origin
+                response.headers["Access-Control-Allow-Methods"] = ", ".join(
+                    self.allow_methods
+                )
+                response.headers["Access-Control-Allow-Headers"] = ", ".join(
+                    self.allow_headers
+                )
+
+        return response
+
+
+class RateLimitMiddleware(RouteMiddleware):
+    """
+    Simple rate limiting middleware.
+
+    Executes BEFORE the handler.
+
+    Args:
+        max_requests: Maximum requests allowed
+        window_seconds: Time window in seconds
+
+    Example:
+        @router.post("/expensive-operation")
+        @middleware(RateLimitMiddleware(max_requests=10, window_seconds=60))
+        async def expensive_op():
+            return {"status": "processing"}
+    """
+
+    def __init__(self, max_requests: int = 100, window_seconds: int = 60):
+        super().__init__(phase=MiddlewarePhase.BEFORE)
+        self.max_requests = max_requests
+        self.window_seconds = window_seconds
+        self.requests = {}  # IP -> [timestamps]
+
+    async def before(self, request: Request) -> Optional[Response]:
+        """Check rate limit"""
+        from datetime import datetime, timedelta
+
+        client_ip = request.client.host if request.client else "unknown"
+        now = datetime.now()
+
+        # Clean old entries
+        if client_ip in self.requests:
+            cutoff = now - timedelta(seconds=self.window_seconds)
+            self.requests[client_ip] = [
+                ts for ts in self.requests[client_ip] if ts > cutoff
+            ]
+
+        # Check limit
+        if client_ip in self.requests:
+            if len(self.requests[client_ip]) >= self.max_requests:
+                return JSONResponse(
+                    content={
+                        "detail": f"Rate limit exceeded. Max {self.max_requests} requests per {self.window_seconds}s"
+                    },
+                    status_code=status.HTTP_429_TOO_MANY_REQUESTS,
+                    headers={
+                        "Retry-After": str(self.window_seconds),
+                        "X-RateLimit-Limit": str(self.max_requests),
+                        "X-RateLimit-Remaining": "0",
+                    },
+                )
+
+        # Record request
+        if client_ip not in self.requests:
+            self.requests[client_ip] = []
+        self.requests[client_ip].append(now)
+
+        return None
+
+
+class LoggingMiddleware(RouteMiddleware):
+    """
+    Request/Response logging middleware.
+
+    Executes BOTH before and after.
+
+    Example:
+        @router.post("/important-action")
+        @middleware(LoggingMiddleware())
+        async def important_action():
+            return {"status": "done"}
+    """
+
+    def __init__(self, logger_name: str = "vega.web.routes"):
+        super().__init__(phase=MiddlewarePhase.BOTH)
+        self.logger = logging.getLogger(logger_name)
+
+    async def before(self, request: Request) -> Optional[Response]:
+        """Log incoming request"""
+        self.logger.info(
+            f"→ {request.method} {request.url.path} "
+            f"from {request.client.host if request.client else 'unknown'}"
+        )
+        return None
+
+    async def after(self, request: Request, response: Response) -> Response:
+        """Log response"""
+        self.logger.info(
+            f"← {request.method} {request.url.path} [{response.status_code}]"
+        )
+        return response
+
+
+__all__ = [
+    "AuthMiddleware",
+    "TimingMiddleware",
+    "CacheControlMiddleware",
+    "CORSMiddleware",
+    "RateLimitMiddleware",
+    "LoggingMiddleware",
+]

vega/web/exceptions.py

@@ -0,0 +1,151 @@
+"""HTTP exceptions and status codes for Vega Web Framework"""
+
+from typing import Any, Dict, Optional
+
+
+class HTTPException(Exception):
+    """
+    HTTP exception that can be raised to return an HTTP error response.
+
+    Compatible with FastAPI's HTTPException API for easy migration.
+
+    Args:
+        status_code: HTTP status code
+        detail: Error message or detail object
+        headers: Optional HTTP headers to include in the response
+
+    Example:
+        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(
+            status_code=401,
+            detail="Not authenticated",
+            headers={"WWW-Authenticate": "Bearer"}
+        )
+    """
+
+    def __init__(
+        self,
+        status_code: int,
+        detail: Any = None,
+        headers: Optional[Dict[str, str]] = None
+    ) -> None:
+        self.status_code = status_code
+        self.detail = detail
+        self.headers = headers
+        super().__init__(detail)
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}(status_code={self.status_code}, detail={self.detail})"
+
+
+class ValidationError(HTTPException):
+    """Raised when request validation fails (422)"""
+
+    def __init__(self, detail: Any = "Validation Error", headers: Optional[Dict[str, str]] = None):
+        super().__init__(status_code=422, detail=detail, headers=headers)
+
+
+class NotFoundError(HTTPException):
+    """Raised when resource is not found (404)"""
+
+    def __init__(self, detail: Any = "Not Found", headers: Optional[Dict[str, str]] = None):
+        super().__init__(status_code=404, detail=detail, headers=headers)
+
+
+class UnauthorizedError(HTTPException):
+    """Raised when authentication is required (401)"""
+
+    def __init__(self, detail: Any = "Unauthorized", headers: Optional[Dict[str, str]] = None):
+        super().__init__(status_code=401, detail=detail, headers=headers)
+
+
+class ForbiddenError(HTTPException):
+    """Raised when access is forbidden (403)"""
+
+    def __init__(self, detail: Any = "Forbidden", headers: Optional[Dict[str, str]] = None):
+        super().__init__(status_code=403, detail=detail, headers=headers)
+
+
+class BadRequestError(HTTPException):
+    """Raised for bad requests (400)"""
+
+    def __init__(self, detail: Any = "Bad Request", headers: Optional[Dict[str, str]] = None):
+        super().__init__(status_code=400, detail=detail, headers=headers)
+
+
+# HTTP Status codes - compatible with FastAPI's status module
+class status:
+    """HTTP status codes (compatible with fastapi.status)"""
+
+    # 1xx Informational
+    HTTP_100_CONTINUE = 100
+    HTTP_101_SWITCHING_PROTOCOLS = 101
+    HTTP_102_PROCESSING = 102
+    HTTP_103_EARLY_HINTS = 103
+
+    # 2xx Success
+    HTTP_200_OK = 200
+    HTTP_201_CREATED = 201
+    HTTP_202_ACCEPTED = 202
+    HTTP_203_NON_AUTHORITATIVE_INFORMATION = 203
+    HTTP_204_NO_CONTENT = 204
+    HTTP_205_RESET_CONTENT = 205
+    HTTP_206_PARTIAL_CONTENT = 206
+    HTTP_207_MULTI_STATUS = 207
+    HTTP_208_ALREADY_REPORTED = 208
+    HTTP_226_IM_USED = 226
+
+    # 3xx Redirection
+    HTTP_300_MULTIPLE_CHOICES = 300
+    HTTP_301_MOVED_PERMANENTLY = 301
+    HTTP_302_FOUND = 302
+    HTTP_303_SEE_OTHER = 303
+    HTTP_304_NOT_MODIFIED = 304
+    HTTP_305_USE_PROXY = 305
+    HTTP_306_RESERVED = 306
+    HTTP_307_TEMPORARY_REDIRECT = 307
+    HTTP_308_PERMANENT_REDIRECT = 308
+
+    # 4xx Client Error
+    HTTP_400_BAD_REQUEST = 400
+    HTTP_401_UNAUTHORIZED = 401
+    HTTP_402_PAYMENT_REQUIRED = 402
+    HTTP_403_FORBIDDEN = 403
+    HTTP_404_NOT_FOUND = 404
+    HTTP_405_METHOD_NOT_ALLOWED = 405
+    HTTP_406_NOT_ACCEPTABLE = 406
+    HTTP_407_PROXY_AUTHENTICATION_REQUIRED = 407
+    HTTP_408_REQUEST_TIMEOUT = 408
+    HTTP_409_CONFLICT = 409
+    HTTP_410_GONE = 410
+    HTTP_411_LENGTH_REQUIRED = 411
+    HTTP_412_PRECONDITION_FAILED = 412
+    HTTP_413_REQUEST_ENTITY_TOO_LARGE = 413
+    HTTP_414_REQUEST_URI_TOO_LONG = 414
+    HTTP_415_UNSUPPORTED_MEDIA_TYPE = 415
+    HTTP_416_REQUESTED_RANGE_NOT_SATISFIABLE = 416
+    HTTP_417_EXPECTATION_FAILED = 417
+    HTTP_418_IM_A_TEAPOT = 418
+    HTTP_421_MISDIRECTED_REQUEST = 421
+    HTTP_422_UNPROCESSABLE_ENTITY = 422
+    HTTP_423_LOCKED = 423
+    HTTP_424_FAILED_DEPENDENCY = 424
+    HTTP_425_TOO_EARLY = 425
+    HTTP_426_UPGRADE_REQUIRED = 426
+    HTTP_428_PRECONDITION_REQUIRED = 428
+    HTTP_429_TOO_MANY_REQUESTS = 429
+    HTTP_431_REQUEST_HEADER_FIELDS_TOO_LARGE = 431
+    HTTP_451_UNAVAILABLE_FOR_LEGAL_REASONS = 451
+
+    # 5xx Server Error
+    HTTP_500_INTERNAL_SERVER_ERROR = 500
+    HTTP_501_NOT_IMPLEMENTED = 501
+    HTTP_502_BAD_GATEWAY = 502
+    HTTP_503_SERVICE_UNAVAILABLE = 503
+    HTTP_504_GATEWAY_TIMEOUT = 504
+    HTTP_505_HTTP_VERSION_NOT_SUPPORTED = 505
+    HTTP_506_VARIANT_ALSO_NEGOTIATES = 506
+    HTTP_507_INSUFFICIENT_STORAGE = 507
+    HTTP_508_LOOP_DETECTED = 508
+    HTTP_510_NOT_EXTENDED = 510
+    HTTP_511_NETWORK_AUTHENTICATION_REQUIRED = 511

vega/web/middleware.py

@@ -0,0 +1,185 @@
+"""Middleware utilities for Vega Web Framework"""
+
+from typing import Callable
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import Response
+
+
+class VegaMiddleware(BaseHTTPMiddleware):
+    """
+    Base middleware class for Vega applications.
+
+    Extend this class to create custom middleware.
+
+    Example:
+        class LoggingMiddleware(VegaMiddleware):
+            async def dispatch(self, request: Request, call_next: Callable) -> Response:
+                print(f"Request: {request.method} {request.url.path}")
+                response = await call_next(request)
+                print(f"Response: {response.status_code}")
+                return response
+
+        app.add_middleware(LoggingMiddleware)
+    """
+
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        """
+        Process the request.
+
+        Args:
+            request: Incoming request
+            call_next: Function to call next middleware or endpoint
+
+        Returns:
+            Response object
+        """
+        return await call_next(request)
+
+
+class CORSMiddleware:
+    """
+    CORS (Cross-Origin Resource Sharing) middleware.
+
+    This is a re-export of Starlette's CORSMiddleware for convenience.
+
+    Example:
+        from vega.web import VegaApp
+        from vega.web.middleware import CORSMiddleware
+
+        app = VegaApp()
+        app.add_middleware(
+            CORSMiddleware,
+            allow_origins=["*"],
+            allow_credentials=True,
+            allow_methods=["*"],
+            allow_headers=["*"],
+        )
+    """
+
+    # This will be imported from Starlette
+    from starlette.middleware.cors import CORSMiddleware as _CORSMiddleware
+
+    def __new__(cls, *args, **kwargs):
+        return cls._CORSMiddleware(*args, **kwargs)
+
+
+class TrustedHostMiddleware:
+    """
+    Middleware to validate the Host header.
+
+    This is a re-export of Starlette's TrustedHostMiddleware.
+
+    Example:
+        app.add_middleware(
+            TrustedHostMiddleware,
+            allowed_hosts=["example.com", "*.example.com"]
+        )
+    """
+
+    from starlette.middleware.trustedhost import TrustedHostMiddleware as _TrustedHostMiddleware
+
+    def __new__(cls, *args, **kwargs):
+        return cls._TrustedHostMiddleware(*args, **kwargs)
+
+
+class GZipMiddleware:
+    """
+    Middleware to compress responses using GZip.
+
+    This is a re-export of Starlette's GZipMiddleware.
+
+    Example:
+        app.add_middleware(GZipMiddleware, minimum_size=1000)
+    """
+
+    from starlette.middleware.gzip import GZipMiddleware as _GZipMiddleware
+
+    def __new__(cls, *args, **kwargs):
+        return cls._GZipMiddleware(*args, **kwargs)
+
+
+class RateLimitMiddleware(VegaMiddleware):
+    """
+    Simple rate limiting middleware (example implementation).
+
+    Args:
+        requests_per_minute: Maximum requests per minute per IP
+
+    Example:
+        app.add_middleware(RateLimitMiddleware, requests_per_minute=60)
+    """
+
+    def __init__(self, app, requests_per_minute: int = 60):
+        super().__init__(app)
+        self.requests_per_minute = requests_per_minute
+        self.requests: dict = {}  # IP -> [timestamps]
+
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        """Check rate limit before processing request"""
+        from datetime import datetime, timedelta
+
+        client_ip = request.client.host if request.client else "unknown"
+        now = datetime.now()
+
+        # Clean old entries
+        if client_ip in self.requests:
+            cutoff = now - timedelta(minutes=1)
+            self.requests[client_ip] = [
+                ts for ts in self.requests[client_ip] if ts > cutoff
+            ]
+
+        # Check rate limit
+        if client_ip in self.requests:
+            if len(self.requests[client_ip]) >= self.requests_per_minute:
+                from ..response import JSONResponse
+                return JSONResponse(
+                    content={"detail": "Rate limit exceeded"},
+                    status_code=429,
+                )
+
+        # Record request
+        if client_ip not in self.requests:
+            self.requests[client_ip] = []
+        self.requests[client_ip].append(now)
+
+        return await call_next(request)
+
+
+class RequestLoggingMiddleware(VegaMiddleware):
+    """
+    Middleware to log all requests.
+
+    Example:
+        app.add_middleware(RequestLoggingMiddleware)
+    """
+
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        """Log request and response"""
+        import logging
+        import time
+
+        logger = logging.getLogger("vega.web")
+
+        start_time = time.time()
+        logger.info(f"→ {request.method} {request.url.path}")
+
+        response = await call_next(request)
+
+        process_time = time.time() - start_time
+        logger.info(
+            f"← {request.method} {request.url.path} "
+            f"[{response.status_code}] {process_time:.3f}s"
+        )
+
+        return response
+
+
+__all__ = [
+    "VegaMiddleware",
+    "CORSMiddleware",
+    "TrustedHostMiddleware",
+    "GZipMiddleware",
+    "RateLimitMiddleware",
+    "RequestLoggingMiddleware",
+]