Dev : The new Updates and features

Author: Jones-peter

README.md

@@ -1,6 +1,13 @@
 from jsweb.app import *
 from jsweb.server import *
-from jsweb.template import *
 from jsweb.response import *
+from jsweb.auth import login_required, login_user, logout_user, get_current_user
+from jsweb.security import generate_password_hash, check_password_hash
+from jsweb.forms import *
+from jsweb.validators import *
+from jsweb.blueprints import Blueprint
 
-__VERSION__ = "0.1.0"
+# Make url_for easily accessible
+from .response import url_for
+
+__VERSION__ = "0.2.0"

images/jsweb_logo.png

@@ -1,75 +1,107 @@
-from jsweb.database import init_db
-from jsweb.routing import Router
-from jsweb.request import Request
-from jsweb.static import serve_static
-# Assuming you have a response module as suggested
-from jsweb.response import Response, HTMLResponse
-
+import secrets
+import os
+from .routing import Router
+from .request import Request
+from .response import Response, HTMLResponse, configure_template_env
+from .auth import init_auth, get_current_user
+from .middleware import StaticFilesMiddleware, DBSessionMiddleware, CSRFMiddleware
+from .blueprints import Blueprint
 
 class JsWebApp:
     """
     The main application class for the JsWeb framework.
-
-    It is responsible for routing requests and is configurable.
-    Database schema management should be handled by a separate CLI command.
     """
-    def __init__(self, static_url="/static", static_dir="static", template_dir="templates", db_url=None):
+    def __init__(self, config):
         self.router = Router()
         self.template_filters = {}
-        if db_url:
-            init_db(db_url)
-        # Make static and template paths configurable
-        self.static_url = static_url
-        self.static_dir = static_dir
-        self.template_dir = template_dir
-
-    def route(self, path, methods=None):
-        """A decorator to register a view function for a given URL path."""
-        if methods is None:
-            methods = ["GET"]
-        return self.router.route(path, methods)
+        self.config = config
+        self._init_from_config()  # Initial setup
 
-    def filter(self, name):
-        """
-        A decorator to register a custom filter for use in templates.
-        The filter is registered with this specific app instance.
-        """
+    def _init_from_config(self):
+        """Initializes components that depend on the config."""
+        if hasattr(self.config, "TEMPLATE_FOLDER") and hasattr(self.config, "BASE_DIR"):
+            template_path = os.path.join(self.config.BASE_DIR, self.config.TEMPLATE_FOLDER)
+            configure_template_env(template_path)
+
+        if hasattr(self.config, "SECRET_KEY"):
+            init_auth(self.config.SECRET_KEY, self._get_actual_user_loader())
+
+    def _get_actual_user_loader(self):
+        if hasattr(self, '_user_loader_callback') and self._user_loader_callback:
+            return self._user_loader_callback
+        return self.user_loader
 
+    def user_loader(self, user_id: int):
+        try:
+            from models import User
+            return User.query.get(user_id)
+        except (ImportError, AttributeError):
+            return None
+
+    def route(self, path, methods=None, endpoint=None):
+        return self.router.route(path, methods, endpoint)
+
+    def register_blueprint(self, blueprint: Blueprint):
+        """Registers a blueprint with the application."""
+        for path, handler, methods, endpoint in blueprint.routes:
+            full_path = path
+            if blueprint.url_prefix:
+                full_path = f"{blueprint.url_prefix.rstrip('/')}/{path.lstrip('/')}"
+            
+            # Create a prefixed endpoint, e.g., "auth.login"
+            full_endpoint = f"{blueprint.name}.{endpoint}"
+            self.router.add_route(full_path, handler, methods, endpoint=full_endpoint)
+
+    def filter(self, name):
         def decorator(func):
             self.template_filters[name] = func
             return func
-
         return decorator
 
-    def __call__(self, environ, start_response):
-        """The main WSGI entry point."""
-        req = Request(environ)
-
-        # Handle static files using the configured path
-        if req.path.startswith(self.static_url):
-            content, status, headers = serve_static(req.path, self.static_url, self.static_dir)
-            start_response(status, headers)
-            # Ensure content is bytes
-            return [content if isinstance(content, bytes) else content.encode("utf-8")]
+    def _wsgi_app_handler(self, environ, start_response):
+        req = environ['jsweb.request']
 
-        # Resolve and handle dynamic routes
-        handler = self.router.resolve(req.path, req.method)
+        handler, params = self.router.resolve(req.path, req.method)
         if handler:
-            response = handler(req)
+            response = handler(req, **params)
 
-            # If a handler returns a raw string, wrap it in a default response object
             if isinstance(response, str):
                 response = HTMLResponse(response)
 
-            # If it's not a Response object, it's an error
             if not isinstance(response, Response):
                 raise TypeError(f"View function did not return a Response object (got {type(response).__name__})")
 
-            # Convert our Response object to what the WSGI server needs
+            if hasattr(req, 'new_csrf_token_generated') and req.new_csrf_token_generated:
+                response.set_cookie("csrf_token", req.csrf_token, httponly=False, samesite='Lax')
+
             body_bytes, status, headers = response.to_wsgi()
             start_response(status, headers)
             return [body_bytes]
 
-        # Handle 404 Not Found
         start_response("404 Not Found", [("Content-Type", "text/html")])
-        return [b"<h1>404 Not Found</h1>"]
+        return [b"<h1>404 Not Found</h1>"]
+
+    def __call__(self, environ, start_response):
+        # Create the Request object ONCE and pass the app instance to it.
+        req = Request(environ, self)
+        environ['jsweb.request'] = req
+
+        csrf_token = req.cookies.get("csrf_token")
+        req.new_csrf_token_generated = False
+        if not csrf_token:
+            csrf_token = secrets.token_hex(32)
+            req.new_csrf_token_generated = True
+        req.csrf_token = csrf_token
+
+        if hasattr(self.config, "SECRET_KEY"):
+            req.user = get_current_user(req)
+
+        static_url = getattr(self.config, "STATIC_URL", "/static")
+        static_dir = getattr(self.config, "STATIC_DIR", "static")
+        
+        handler = self._wsgi_app_handler
+        handler = DBSessionMiddleware(handler)
+        handler = StaticFilesMiddleware(handler, static_url, static_dir)
+        handler = CSRFMiddleware(handler)
+
+        return handler(environ, start_response)

jsweb/__init__.py

@@ -0,0 +1,49 @@
+from functools import wraps
+from itsdangerous import URLSafeTimedSerializer, SignatureExpired, BadTimeSignature
+from .response import redirect, url_for
+
+# This will be initialized by the JsWebApp instance
+_serializer = None
+_user_loader = None
+
+def init_auth(secret_key, user_loader_func):
+    """Initializes the authentication system."""
+    global _serializer, _user_loader
+    _serializer = URLSafeTimedSerializer(secret_key)
+    _user_loader = user_loader_func
+
+def login_user(response, user):
+    """Logs a user in by creating a secure session cookie."""
+    session_token = _serializer.dumps(user.id)
+    response.set_cookie("session", session_token, httponly=True)
+
+def logout_user(response):
+    """Logs a user out by deleting the session cookie."""
+    response.delete_cookie("session")
+
+def get_current_user(request):
+    """Gets the currently logged-in user from the session cookie."""
+    session_token = request.cookies.get("session")
+    if not session_token:
+        return None
+
+    try:
+        # The max_age check (e.g., 30 days) is handled by the serializer
+        user_id = _serializer.loads(session_token, max_age=2592000)
+        return _user_loader(user_id)
+    except (SignatureExpired, BadTimeSignature):
+        return None
+
+def login_required(handler):
+    """
+    A decorator to protect routes from unauthenticated access.
+    If the user is not logged in, it redirects to the URL for the 'auth.login' endpoint.
+    """
+    @wraps(handler)
+    def decorated_function(request, *args, **kwargs):
+        if not request.user:
+            # Use url_for to dynamically find the login page
+            login_url = url_for(request, 'auth.login')
+            return redirect(login_url)
+        return handler(request, *args, **kwargs)
+    return decorated_function

jsweb/app.py

@@ -0,0 +1,30 @@
+class Blueprint:
+    """
+    A self-contained, reusable component of a JsWeb application.
+    Blueprints have their own routes which are later registered with the main app.
+    """
+    def __init__(self, name, url_prefix=None):
+        """
+        Initializes a new Blueprint.
+
+        Args:
+            name (str): The name of the blueprint.
+            url_prefix (str, optional): A prefix to be added to all routes in this blueprint.
+        """
+        self.name = name
+        self.url_prefix = url_prefix
+        self.routes = []
+
+    def route(self, path, methods=None, endpoint=None):
+        """
+        A decorator to register a view function for a given path within the blueprint.
+        """
+        if methods is None:
+            methods = ["GET"]
+        
+        def decorator(handler):
+            # If no endpoint is provided, use the function name as the default.
+            route_endpoint = endpoint or handler.__name__
+            self.routes.append((path, handler, methods, route_endpoint))
+            return handler
+        return decorator