def setup_app(): get_schema = OpenAPIHandler( metadata=Metadata( title="Pet Store", description=__doc__, version="0.0.0", ), security_schemes=[HTTPSecurityScheme("Bearer", "bearer")], default_security_scheme="Bearer", ) get_schema = annotate(no_auth=True)(get_schema) get_docs = annotate(no_auth=True)(OpenAPIUIHandler()) return App( components=[ DatabaseComponent(), categories.CategoryManagerComponent(), tags.TagManagerComponent(), pets.PetManagerComponent(), ], middleware=[ ResponseRendererMiddleware(), auth_middleware, ], routes=[ Include("/v1/categories", categories.routes), Include("/v1/pets", pets.routes), Include("/v1/tags", tags.routes), Route("/_docs", get_docs), Route("/_schema", get_schema), ], )
def test_middleware_token_validation_raises_error_on_token_exp(app_settings): def test_handler(jwt_identity: JWTIdentity): if jwt_identity is None: return "No user token present" return jwt_identity.id jwt = JWT(key="keepthissafe", alg="HS256") iat = dt.datetime.now() + dt.timedelta(seconds=-10) exp = iat + dt.timedelta(seconds=5) payload = {"sub": "1234567890", "name": "John Doe", "iat": iat, "exp": exp} token = jwt.encode(payload) routes = [Route("/auth-required", method="GET", handler=test_handler)] components = [ SettingsComponent(app_settings), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/auth-required", headers={"Authorization": f"Bearer {token}"}) assert 401 == response.status_code content = response.json() assert "error_message" in content assert content.get("status") == 401
def test_middleware_white_listing(app_settings, testing_token): def test_handler(jwt_identity: JWTIdentity): if jwt_identity is None: return "No user token present" return jwt_identity.id routes = [Route("/whitelisted", method="GET", handler=test_handler)] components = [ SettingsComponent({ **app_settings, "JWT_AUTH_WHITELIST": ["test_handler"] }), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/whitelisted", headers={"Authorization": f"Bearer {testing_token}"}) unauthenticated = client.get("/whitelisted") assert 200 == response.status_code assert "1234567890" in response.data assert 200 == unauthenticated.status_code assert "No user token present" in unauthenticated.data
def setup_app(): setup_logging() cookie_store = CookieStore(**settings.strict_get("sessions")) get_schema = OpenAPIHandler( Metadata( title="Chat", description="A simple chat app.", version="0.0.0", ), ) get_docs = OpenAPIUIHandler() app = App( components=[ AccountManagerComponent(), ChatHandlerFactoryComponent(), ChatroomListenerComponent(), ChatroomRegistryComponent(), CurrentAccountComponent(), PasswordHasherComponent(), RedisComponent(), SQLAlchemyEngineComponent(), SQLAlchemySessionComponent(), SessionComponent(cookie_store), SettingsComponent(settings), TemplatesComponent(path_to("templates")), ], middleware=[ RequestIdMiddleware(), SessionMiddleware(cookie_store), ResponseRendererMiddleware(), WebsocketsMiddleware(), SQLAlchemyMiddleware(), ], routes=[ Route("/_schema", get_schema), Route("/_docs", get_docs), Route("/", index), Route("/login", login), Route("/register", register), Include("/v1", [ Include("/accounts", accounts.routes, namespace="accounts"), Include("/chat", chat.routes, namespace="chat"), Include("/sessions", sessions.routes, namespace="sessions"), ], namespace="v1"), ], ) decorated_app = WhiteNoise(app, **settings.strict_get("whitenoise")) return decorated_app, app
def test_response_renderer_handles_invalid_response_tuples(): # Given that I have a handler that returns an invalid response tuple def handler(): return "200 OK", # And an instance of the response renderer middleware renderer = ResponseRendererMiddleware() # When I pass the handler to the renderer # Then a RuntimeError should be raised with pytest.raises(RuntimeError): renderer(handler)(app, None)
def test_apps_session_cookies_expire(): # Given that I have an app with a cookie store that immediately expires session cookies cookie_store = CookieStore(b"secret", cookie_ttl=0) def set_username(username: str, session: Session) -> None: session["username"] = username def get_username(session: Session) -> Optional[str]: return session.get("username") app = App( components=[ SessionComponent(cookie_store), ], middleware=[ SessionMiddleware(cookie_store), ResponseRendererMiddleware(), ], routes=[ Route("/set-username/{username}", set_username), Route("/get-username", get_username), ], ) # And a client for that app client = testing.TestClient(app) # When I make a request to a handler that stores session data response = client.get(app.reverse_uri("set_username", username="******")) # Then I should get back a successful response assert response.status_code == 200 # And the response should contain my session cookie cookie = cookies.SimpleCookie() for data in response.headers.get_all("set-cookie"): cookie.load(data.replace("SameSite=Strict", "")) assert "__sess__" in cookie # When I make another request with that same cookie session_cookie = cookie.output(attrs=[], header="") response = client.get(app.reverse_uri("get_username"), headers={ "cookie": session_cookie, }) # Then I should get back nothing assert response.json() is None
def test_middleware_raises_401_error(app_settings): def test_handler(): return "Handler called" routes = [Route("/auth-required", method="GET", handler=test_handler)] components = [ SettingsComponent(app_settings), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/auth-required") assert 401 == response.status_code
def test_claims_required_attaches_values(app_settings): @claims_required({"admin": True}) def test_handler(): return "Handler called" routes = [Route("/claims", method="GET", handler=test_handler)] components = [SettingsComponent(app_settings)] middleware = [ResponseRendererMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/claims") assert 200 == response.status_code assert "admin" in test_handler.claims assert test_handler.claims.get("admin") is True assert "Handler called" in response.data
def test_JWT_claims_options_raises_error(app_settings, testing_token): def test_handler(jwt_identity: JWTIdentity): if jwt_identity is None: return "No user token present" return jwt_identity.id jwt = JWT(key=app_settings.get("JWT_SECRET_KEY"), alg="HS256") mod_token = jwt.encode({ **jwt.decode(testing_token), **{ "iss": "https://molten.com" } }) routes = [Route("/claim_options", method="GET", handler=test_handler)] components = [ SettingsComponent({ **app_settings, "JWT_CLAIMS_OPTIONS": { "iss": { "essential": True, "values": ["https://example.com", "https://example.org"], } }, }), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) missing_claim_response = client.get( "/claim_options", headers={"Authorization": f"Bearer {testing_token}"}) wrong_claim_value_response = client.get( "/claim_options", headers={"Authorization": f"Bearer {mod_token}"}) assert 401 == missing_claim_response.status_code assert 401 == wrong_claim_value_response.status_code
def test_middleware_anonymous_user_support(app_settings): @allow_anonymous def test_handler(): return "Handler called" routes = [Route("/auth-maybe", method="GET", handler=test_handler)] components = [ SettingsComponent(app_settings), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/auth-maybe") assert 200 == response.status_code assert "Handler called" in response.data
def test_claims_required_raises_error(app_settings, testing_token): @claims_required({"admin": True}) def test_handler(): return "Handler called" routes = [Route("/claims", method="GET", handler=test_handler)] components = [ SettingsComponent(app_settings), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/claims", headers={"Authorization": f"Bearer {testing_token}"}) assert 403 == response.status_code
def create_app(middleware=None, components=None, settings=None): if settings is None: settings = Settings({ 'database_engine_dsn': os.environ['SQLALCHEMY_URI'], 'identity_server': os.environ['IDENTITY_SERVER'], 'secret_key': os.environ['SECRET_KEY'], }) if middleware is None: middleware = [ ResponseRendererMiddleware(), SQLAlchemyMiddleware(), auth_middleware, ] if components is None: components = [ SettingsComponent(settings), SQLAlchemyEngineComponent(), SQLAlchemySessionComponent(), RequestSessionComponent(), AuthProviderComponent(), ManagerComponent(ChoreInstanceManager), ManagerComponent(ChoreDefinitionManager), UserProviderComponent(), ] app = App( routes=[ Route('/login', login, method='POST', name='login'), Include( '/api', routes, namespace='api', ) ], middleware=middleware, components=components, ) return app
def test_ws_middleware_validates_origin(): # Given that I have an app instance whose ws middleware validates the incoming origin app = App( middleware=[ ResponseRendererMiddleware(), WebsocketsMiddleware(re.compile("example.com")), ], routes=[Route("/echo", echo)], ) # And a ws client for that app client = WebsocketsTestClient(app) # When I try to connect to its echo endopoint with an invalid origin # Then an error should occur with pytest.raises(ValueError): client.connect("/echo") # When I try to connect to its echo endopoint with a valid origin with client.connect("/echo", headers={"origin": "example.com"}) as sock: # Then my connection should succeed assert sock
def test_middleware_token_validation_passes(app_settings, testing_token): def test_handler(jwt_identity: JWTIdentity): if jwt_identity is None: return "No user token present" return jwt_identity.id routes = [Route("/auth-required", method="GET", handler=test_handler)] components = [ SettingsComponent(app_settings), JWTComponent(), JWTIdentityComponent(), ] middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()] app = App(routes=routes, components=components, middleware=middleware) client = testing.TestClient(app) response = client.get("/auth-required", headers={"Authorization": f"Bearer {testing_token}"}) assert 200 == response.status_code assert "1234567890" in response.data
def setup_app(): setup_logging() get_docs = OpenAPIUIHandler() get_schema = OpenAPIHandler( metadata=Metadata( title="Pets", description="", version="0.0.0", ), ) app = App( components=[ ManagerComponent(PetManager), SQLAlchemyEngineComponent(), SQLAlchemySessionComponent(), SettingsComponent(settings), TemplatesComponent(path_to("templates")), ], middleware=[ RequestIdMiddleware(), ResponseRendererMiddleware(), SQLAlchemyMiddleware(), ], routes=[ Route("/_docs", get_docs), Route("/_schema", get_schema), Route("/", index), Include("/v1/pets", pets.routes, namespace="pets"), ], ) decorated_app = WhiteNoise(app, **settings.strict_get("whitenoise")) return decorated_app, app
from molten import App, JSONRenderer, QueryParam, ResponseRendererMiddleware, Route from molten.contrib.sessions import CookieStore, Session, SessionComponent, SessionMiddleware cookie_store = CookieStore(b"ubersecret") def set_username(username: QueryParam, session: Session) -> str: session["username"] = username return username def get_username(session: Session) -> Optional[str]: return session.get("username") app = App( components=[ SessionComponent(cookie_store), ], middleware=[ SessionMiddleware(cookie_store), ResponseRendererMiddleware([ JSONRenderer(), ]), ], routes=[ Route("/get-username", get_username), Route("/set-username", set_username), ], )
mime_type = "text/plaint" def can_render_response(self, accept: str) -> bool: return accept.startswith("text/plain") def render(self, status: str, response_data: Any) -> Response: content = json.dumps(response_data, default=self.default) return Response(status, content=content, headers={"content-type": "text/plain"}) components: List[Component] = [DBComponent(), TodoManagerComponent()] middleware: List[Middleware] = [CORSMiddleware(), ResponseRendererMiddleware()] renderers: List[ResponseRenderer] = [JSONRenderer(), PlainTextRenderer()] routes: List[Union[Route, Include]] = [ Include( "/v1/todos", [ Route("/", options_todos, method="OPTIONS"), Route("/", list_todos), Route("/", create_todo, method="POST"), Route("/", delete_all, method="DELETE"), Route("/{todo_id}", options_todo, method="OPTIONS"), Route("/{todo_id}", get_todo), Route("/{todo_id}", delete_todo, method="DELETE"), Route("/{todo_id}", update_todo, method="PATCH"),
title="runcible", description="A development API to be used in vuejs courses and tutorials.", version="0.0.0", )) get_docs = OpenAPIUIHandler() components = [ SettingsComponent(SETTINGS), SQLAlchemyEngineComponent(), SQLAlchemySessionComponent(), TodoManagerComponent(), UserManagerComponent(), ] middleware = [ResponseRendererMiddleware(), SQLAlchemyMiddleware()] renderers = [ExtJSONRenderer()] routes = ([ Route("/", welcome, "GET"), Route("/_schema", get_schema, "GET"), Route("/_docs", get_docs, "GET"), Route("/ping", lambda: {"message": "pong"}, "GET", name="ping"), ] + [todo_routes] # noqa: W503 + [user_routes] # noqa: W503 ) class ExtApp(App): def handle_404(self, request: Request) -> Tuple[str, APIResponse]:
""" Open API """ get_schema = OpenAPIHandler(metadata=Metadata( title="Emeeting API", description="An API for managing your room meetings.", version="0.0.1", )) get_docs = OpenAPIUIHandler() """ Add middlewares """ middlewares = [prometheus_middleware, ResponseRendererMiddleware()] """ Include or add routes """ routes = [ Route("/", get_docs), Route("/schema", get_schema), Route("/metrics", expose_metrics), Include("/v1/rooms", routes=room.routes), Include("/v1/meetings", routes=meeting.routes), ] """ Start application """
return "hello" @annotate(supports_ws=True) def echo(ws: Websocket): while not ws.closed: message = ws.receive() if isinstance(message, CloseMessage): return ws.send(message) app = App( middleware=[ ResponseRendererMiddleware(), WebsocketsMiddleware(), ], routes=[ Route("/", index), Route("/echo", echo), ] ) client = WebsocketsTestClient(app) def test_ws_routes_return_bad_request_if_upgrade_is_not_requested(): # Given that I have a ws endpoint # When I make a standard HTTP request to that endpoint