xenfra 0.2.6__py3-none-any.whl → 0.2.8__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- xenfra/main.py +4 -1
- xenfra/utils/security.py +34 -54
- {xenfra-0.2.6.dist-info → xenfra-0.2.8.dist-info}/METADATA +1 -1
- {xenfra-0.2.6.dist-info → xenfra-0.2.8.dist-info}/RECORD +6 -6
- {xenfra-0.2.6.dist-info → xenfra-0.2.8.dist-info}/WHEEL +0 -0
- {xenfra-0.2.6.dist-info → xenfra-0.2.8.dist-info}/entry_points.txt +0 -0
xenfra/main.py
CHANGED
|
@@ -17,9 +17,12 @@ from .commands.security_cmd import security
|
|
|
17
17
|
|
|
18
18
|
console = Console()
|
|
19
19
|
|
|
20
|
+
# Production-ready: API URL is hardcoded as https://api.xenfra.tech
|
|
21
|
+
# No configuration needed - works out of the box after pip install
|
|
22
|
+
|
|
20
23
|
|
|
21
24
|
@click.group()
|
|
22
|
-
@click.version_option(version="0.2.
|
|
25
|
+
@click.version_option(version="0.2.5")
|
|
23
26
|
def cli():
|
|
24
27
|
"""
|
|
25
28
|
Xenfra CLI: Deploy Python apps to DigitalOcean with zero configuration.
|
xenfra/utils/security.py
CHANGED
|
@@ -44,22 +44,15 @@ class SecurityConfig:
|
|
|
44
44
|
|
|
45
45
|
def __init__(self):
|
|
46
46
|
"""Initialize security configuration from environment."""
|
|
47
|
-
#
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
# Security settings (can be overridden by environment variables)
|
|
51
|
-
self.enforce_https = os.getenv("XENFRA_ENFORCE_HTTPS", "false").lower() == "true"
|
|
52
|
-
self.enforce_whitelist = os.getenv("XENFRA_ENFORCE_WHITELIST", "false").lower() == "true"
|
|
53
|
-
self.enable_cert_pinning = (
|
|
54
|
-
os.getenv("XENFRA_ENABLE_CERT_PINNING", "false").lower() == "true"
|
|
55
|
-
)
|
|
56
|
-
self.warn_on_http = os.getenv("XENFRA_WARN_ON_HTTP", "true").lower() == "true"
|
|
47
|
+
# PRODUCTION-ONLY: Default to production settings
|
|
48
|
+
# Environment variable only used for self-hosted instances
|
|
49
|
+
self.environment = "production"
|
|
57
50
|
|
|
58
|
-
#
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
51
|
+
# Security settings - ALWAYS enforced for production safety
|
|
52
|
+
self.enforce_https = True # Always require HTTPS
|
|
53
|
+
self.enforce_whitelist = False # Allow self-hosted instances
|
|
54
|
+
self.enable_cert_pinning = False # Disabled (see future-enhancements.md #3)
|
|
55
|
+
self.warn_on_http = True # Always warn on HTTP
|
|
63
56
|
|
|
64
57
|
def is_production(self) -> bool:
|
|
65
58
|
"""Check if running in production environment."""
|
|
@@ -243,25 +236,19 @@ def validate_and_get_api_url(url: str = None) -> str:
|
|
|
243
236
|
Comprehensive API URL validation (combines all 4 solutions).
|
|
244
237
|
|
|
245
238
|
Args:
|
|
246
|
-
url: Optional URL override (
|
|
239
|
+
url: Optional URL override (only for self-hosted instances)
|
|
247
240
|
|
|
248
241
|
Returns:
|
|
249
|
-
Validated API URL
|
|
242
|
+
Validated API URL (defaults to https://api.xenfra.tech)
|
|
250
243
|
|
|
251
244
|
Raises:
|
|
252
245
|
ValueError: If URL fails validation
|
|
253
246
|
click.Abort: If user cancels security prompts
|
|
254
247
|
"""
|
|
255
|
-
#
|
|
248
|
+
# PRODUCTION DEFAULT: Use hardcoded production URL
|
|
249
|
+
# Only check environment variable for self-hosted overrides
|
|
256
250
|
if url is None:
|
|
257
|
-
url = os.getenv("XENFRA_API_URL")
|
|
258
|
-
|
|
259
|
-
# Use production URL in production environment
|
|
260
|
-
if url is None and security_config.is_production():
|
|
261
|
-
url = PRODUCTION_API_URL
|
|
262
|
-
# Use localhost in development
|
|
263
|
-
elif url is None:
|
|
264
|
-
url = "http://localhost:8000"
|
|
251
|
+
url = os.getenv("XENFRA_API_URL", PRODUCTION_API_URL)
|
|
265
252
|
|
|
266
253
|
try:
|
|
267
254
|
# Solution 1: Validate URL format
|
|
@@ -316,41 +303,34 @@ def display_security_info():
|
|
|
316
303
|
|
|
317
304
|
# Environment variable documentation
|
|
318
305
|
"""
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
- Controls default security settings
|
|
323
|
-
- production: All security features enabled
|
|
324
|
-
- development: Permissive mode (localhost allowed)
|
|
306
|
+
PRODUCTION-FIRST DESIGN:
|
|
307
|
+
The CLI defaults to production (api.xenfra.tech) with HTTPS enforcement.
|
|
308
|
+
No configuration needed for normal users.
|
|
325
309
|
|
|
326
|
-
|
|
327
|
-
- Require HTTPS for all connections (except localhost)
|
|
328
|
-
- Default: false (dev), true (production)
|
|
329
|
-
|
|
330
|
-
XENFRA_ENFORCE_WHITELIST=true|false
|
|
331
|
-
- Block connections to non-whitelisted domains
|
|
332
|
-
- Default: false (dev), true (production)
|
|
310
|
+
Environment variables (for developers/self-hosted only):
|
|
333
311
|
|
|
334
|
-
|
|
335
|
-
-
|
|
336
|
-
-
|
|
312
|
+
XENFRA_ENV=development
|
|
313
|
+
- Enables local development mode
|
|
314
|
+
- Allows HTTP, relaxes security
|
|
315
|
+
- Default: production (safe by default)
|
|
337
316
|
|
|
338
|
-
|
|
339
|
-
-
|
|
340
|
-
- Default:
|
|
317
|
+
XENFRA_API_URL=https://your-instance.com
|
|
318
|
+
- Override API URL for self-hosted instances
|
|
319
|
+
- Default: https://api.xenfra.tech
|
|
341
320
|
|
|
342
|
-
|
|
343
|
-
-
|
|
344
|
-
-
|
|
321
|
+
XENFRA_ENFORCE_HTTPS=true|false
|
|
322
|
+
- Require HTTPS for all connections
|
|
323
|
+
- Default: true (production), false (development)
|
|
345
324
|
|
|
346
325
|
Example usage:
|
|
347
326
|
|
|
348
|
-
#
|
|
349
|
-
|
|
327
|
+
# Production users (zero config):
|
|
328
|
+
xenfra auth login
|
|
329
|
+
xenfra deploy
|
|
350
330
|
|
|
351
|
-
#
|
|
352
|
-
|
|
331
|
+
# Local development:
|
|
332
|
+
XENFRA_ENV=development xenfra auth login
|
|
353
333
|
|
|
354
|
-
#
|
|
355
|
-
|
|
334
|
+
# Self-hosted instance:
|
|
335
|
+
XENFRA_API_URL=https://xenfra.mycompany.com xenfra login
|
|
356
336
|
"""
|
|
@@ -5,14 +5,14 @@ xenfra/commands/deployments.py,sha256=-185BevHVrUT-LAU2k_uZNpKJPCcwpCDEHOFPfD0Wm
|
|
|
5
5
|
xenfra/commands/intelligence.py,sha256=w8GxwGu63KQ5fwhPpTNTDeW1Xg5g3aFzzIBuP_CeRQo,13541
|
|
6
6
|
xenfra/commands/projects.py,sha256=O2tG--iDWN5oCcHOv1jp88kl9bAK61oGRCLJ60M0b7E,6492
|
|
7
7
|
xenfra/commands/security_cmd.py,sha256=MJxbjQksKrtRn21FSAhTY3ESn_S_tUCGfdNRWL7kNsc,7094
|
|
8
|
-
xenfra/main.py,sha256=
|
|
8
|
+
xenfra/main.py,sha256=GJvPsEDifQok1uX_PY8WH_p2eq9OZ-lCiapoExIO0HU,1926
|
|
9
9
|
xenfra/utils/__init__.py,sha256=57o8j7Tibrhyid84zTFLHjFmRP5sCnNbtLEfpRqIpMk,42
|
|
10
10
|
xenfra/utils/auth.py,sha256=oDxDiIWC9851fu_gL-7TVJ60uJT3sZ_DvMIy69SUAEM,8308
|
|
11
11
|
xenfra/utils/codebase.py,sha256=vx-1pMpnefPJ_Xy1UoH7wgHJ2c5ZAsVX1g1IXAfkI28,4018
|
|
12
12
|
xenfra/utils/config.py,sha256=6A6WAggaH2Rco4RJydALxcKteOzXLCKDV0ZxjHhAJHk,11584
|
|
13
|
-
xenfra/utils/security.py,sha256=
|
|
13
|
+
xenfra/utils/security.py,sha256=V0CqA47ZYt-8AesWb7FPRzzygqEY_g2WF1Duvs5BZ_Y,11143
|
|
14
14
|
xenfra/utils/validation.py,sha256=6mGC5CqAbx-CBp06omWLBpKjnEWXsEzlYWq71wjDeX8,6678
|
|
15
|
-
xenfra-0.2.
|
|
16
|
-
xenfra-0.2.
|
|
17
|
-
xenfra-0.2.
|
|
18
|
-
xenfra-0.2.
|
|
15
|
+
xenfra-0.2.8.dist-info/WHEEL,sha256=ZyFSCYkV2BrxH6-HRVRg3R9Fo7MALzer9KiPYqNxSbo,79
|
|
16
|
+
xenfra-0.2.8.dist-info/entry_points.txt,sha256=a_2cGhYK__X6eW05Ba8uB6RIM_61c2sHtXsPY8N0mic,45
|
|
17
|
+
xenfra-0.2.8.dist-info/METADATA,sha256=IGNwf_5QKQpwjo2zlmKeAlLwXtI4Y0s97Ox1dZ5GOsI,3751
|
|
18
|
+
xenfra-0.2.8.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|