initial commit

__init__.py

@@ -0,0 +1,6 @@
+from .app import App
+from .models import User, Record
+from .exceptions import AppError, NotFoundError, AuthError
+
+__all__ = ["App", "User", "Record", "AppError", "NotFoundError", "AuthError"]
+__version__ = "0.1.0"

auth.py

@@ -0,0 +1,81 @@
+import logging
+import secrets
+import time
+from typing import Optional
+
+from utils import hash_password, verify_password
+from exceptions import AuthError
+
+logger = logging.getLogger(__name__)
+
+_SESSION_TTL  = 3600
+_MAX_ATTEMPTS = 5
+_LOCKOUT      = 300
+
+_sessions: dict[str, dict] = {}
+_failures: dict[str, list[float]] = {}
+
+
+def _prune() -> None:
+    now = time.time()
+    dead = [t for t, s in _sessions.items()
+            if now - s["ts"] > _SESSION_TTL]
+    for t in dead:
+        del _sessions[t]
+
+
+def _locked(username: str) -> bool:
+    cutoff = time.time() - _LOCKOUT
+    recent = [t for t in _failures.get(username, []) if t > cutoff]
+    _failures[username] = recent
+    return len(recent) >= _MAX_ATTEMPTS
+
+
+def login(username: str, password: str, stored_digest: str,
+          stored_salt: str) -> str:
+    if _locked(username):
+        raise AuthError("Account temporarily locked")
+    if not verify_password(password, stored_digest, stored_salt):
+        _failures.setdefault(username, []).append(time.time())
+        raise AuthError("Invalid credentials")
+    _prune()
+    token = secrets.token_hex(32)
+    _sessions[token] = {"username": username, "ts": time.time()}
+    logger.info("Login: %s", username)
+    return token
+
+
+def logout(token: str) -> None:
+    s = _sessions.pop(token, None)
+    if s:
+        logger.info("Logout: %s", s["username"])
+
+
+def whoami(token: str) -> Optional[str]:
+    s = _sessions.get(token)
+    if not s:
+        return None
+    if time.time() - s["ts"] > _SESSION_TTL:
+        del _sessions[token]
+        return None
+    return s["username"]
+
+
+def require_auth(token: str) -> str:
+    user = whoami(token)
+    if user is None:
+        raise AuthError()
+    return user
+
+
+def refresh(token: str) -> str:
+    user = require_auth(token)
+    logout(token)
+    new = secrets.token_hex(32)
+    _sessions[new] = {"username": user, "ts": time.time()}
+    return new
+
+
+def session_count() -> int:
+    _prune()
+    return len(_sessions)

cli.py

@@ -0,0 +1,101 @@
+import argparse
+import json
+import logging
+import sys
+from typing import Any, Optional
+
+logger = logging.getLogger(__name__)
+
+
+def _json(data: Any) -> None:
+    print(json.dumps(data, indent=2, default=str))
+
+
+def _table(rows: list[dict], cols: Optional[list[str]] = None) -> None:
+    if not rows:
+        print("(empty)")
+        return
+    cols = cols or list(rows[0].keys())
+    widths = {c: max(len(c), max(len(str(r.get(c, ""))) for r in rows))
+              for c in cols}
+    sep = "  "
+    print(sep.join(c.ljust(widths[c]) for c in cols))
+    print("-" * (sum(widths.values()) + len(sep) * (len(cols) - 1)))
+    for row in rows:
+        print(sep.join(str(row.get(c, "")).ljust(widths[c]) for c in cols))
+
+
+def cmd_list(args: argparse.Namespace) -> int:
+    logger.debug("list: %s", vars(args))
+    print(f"Listing (page={args.page} size={args.size})")
+    return 0
+
+
+def cmd_add(args: argparse.Namespace) -> int:
+    logger.debug("add: name=%s", args.name)
+    print(f"Added: {args.name!r}")
+    return 0
+
+
+def cmd_delete(args: argparse.Namespace) -> int:
+    logger.debug("delete: id=%s", args.id)
+    print(f"Deleted: {args.id}")
+    return 0
+
+
+def cmd_show(args: argparse.Namespace) -> int:
+    logger.debug("show: id=%s", args.id)
+    print(f"Record: {args.id}")
+    return 0
+
+
+def cmd_export(args: argparse.Namespace) -> int:
+    logger.debug("export: fmt=%s", args.format)
+    print(f"Exported as {args.format}")
+    return 0
+
+
+def build_parser() -> argparse.ArgumentParser:
+    p = argparse.ArgumentParser(prog="app",
+                                formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+    p.add_argument("--json", dest="as_json", action="store_true")
+    sub = p.add_subparsers(dest="cmd", required=True)
+
+    ls = sub.add_parser("list")
+    ls.add_argument("--page", type=int, default=1)
+    ls.add_argument("--size", type=int, default=20)
+    ls.set_defaults(func=cmd_list)
+
+    add = sub.add_parser("add")
+    add.add_argument("name")
+    add.add_argument("--tag", action="append", dest="tags", default=[])
+    add.set_defaults(func=cmd_add)
+
+    rm = sub.add_parser("delete")
+    rm.add_argument("id")
+    rm.add_argument("-y", "--yes", action="store_true")
+    rm.set_defaults(func=cmd_delete)
+
+    show = sub.add_parser("show")
+    show.add_argument("id")
+    show.set_defaults(func=cmd_show)
+
+    exp = sub.add_parser("export")
+    exp.add_argument("--format", choices=["csv", "json", "text"], default="text")
+    exp.add_argument("--output", "-o", default="-")
+    exp.set_defaults(func=cmd_export)
+
+    return p
+
+
+def run_cli() -> int:
+    args = build_parser().parse_args()
+    try:
+        return args.func(args)
+    except Exception as exc:
+        logger.error("%s", exc)
+        return 1
+
+
+if __name__ == "__main__":
+    sys.exit(run_cli())

config.py

@@ -0,0 +1,67 @@
+import json
+import logging
+import os
+from pathlib import Path
+from typing import Any, Optional
+
+logger = logging.getLogger(__name__)
+
+_DEFAULTS: dict[str, Any] = {
+    "log_level": "INFO",
+    "debug": False,
+    "max_retries": 3,
+    "request_timeout": 30,
+    "page_size": 20,
+    "db_path": "data.db",
+    "secret_key": "",
+}
+
+
+class Config:
+    def __init__(self, path: Optional[str] = None) -> None:
+        self._data: dict[str, Any] = dict(_DEFAULTS)
+        if path and Path(path).exists():
+            self._load(path)
+        self._from_env()
+
+    def _load(self, path: str) -> None:
+        try:
+            with open(path) as f:
+                self._data.update(json.load(f))
+        except (json.JSONDecodeError, OSError) as exc:
+            logger.warning("Config load failed (%s): %s", path, exc)
+
+    def _from_env(self) -> None:
+        pairs = [
+            ("APP_DEBUG",    "debug",    lambda v: v.lower() == "true"),
+            ("APP_LOG_LEVEL","log_level", str),
+            ("APP_DB_PATH",  "db_path",  str),
+            ("APP_SECRET_KEY","secret_key", str),
+        ]
+        for env, key, cast in pairs:
+            raw = os.environ.get(env)
+            if raw is not None:
+                try:
+                    self._data[key] = cast(raw)
+                except (ValueError, TypeError):
+                    pass
+
+    def get(self, key: str, default: Any = None) -> Any:
+        return self._data.get(key, default)
+
+    def __getattr__(self, key: str) -> Any:
+        if key.startswith("_"):
+            raise AttributeError(key)
+        try:
+            return self._data[key]
+        except KeyError:
+            raise AttributeError(key)
+
+
+_cfg: Optional[Config] = None
+
+def get_config() -> Config:
+    global _cfg
+    if _cfg is None:
+        _cfg = Config(os.environ.get("APP_CONFIG"))
+    return _cfg

constants.py

@@ -0,0 +1,34 @@
+from enum import Enum
+
+PAGE_SIZE_DEFAULT = 20
+PAGE_SIZE_MAX     = 200
+TOKEN_BYTES       = 32
+SESSION_TTL       = 3600          # seconds
+LOCKOUT_DURATION  = 300           # seconds
+MAX_LOGIN_TRIES   = 5
+DB_PATH           = "data.db"
+LOG_FORMAT        = "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
+
+
+class Role(str, Enum):
+    USER  = "user"
+    ADMIN = "admin"
+    GUEST = "guest"
+
+
+class Status(str, Enum):
+    ACTIVE   = "active"
+    INACTIVE = "inactive"
+    PENDING  = "pending"
+    BANNED   = "banned"
+
+
+HTTP_OK         = 200
+HTTP_CREATED    = 201
+HTTP_NO_CONTENT = 204
+HTTP_BAD_REQ    = 400
+HTTP_UNAUTH     = 401
+HTTP_FORBIDDEN  = 403
+HTTP_NOT_FOUND  = 404
+HTTP_CONFLICT   = 409
+HTTP_SERVER_ERR = 500

exceptions.py

@@ -0,0 +1,57 @@
+from __future__ import annotations
+from typing import Any, Optional
+
+
+class AppError(Exception):
+    status_code: int = 500
+    code: str = "internal_error"
+
+    def __init__(self, message: str, details: Optional[Any] = None) -> None:
+        super().__init__(message)
+        self.details = details
+
+    def to_dict(self) -> dict:
+        out: dict = {"error": self.code, "message": str(self)}
+        if self.details is not None:
+            out["details"] = self.details
+        return out
+
+
+class NotFoundError(AppError):
+    status_code = 404
+    code = "not_found"
+
+    def __init__(self, resource: str, identifier: Any = None) -> None:
+        msg = f"{resource} not found"
+        if identifier is not None:
+            msg += f": {identifier}"
+        super().__init__(msg)
+
+
+class AuthError(AppError):
+    status_code = 401
+    code = "unauthorized"
+
+
+class ForbiddenError(AppError):
+    status_code = 403
+    code = "forbidden"
+
+
+class ValidationError(AppError):
+    status_code = 422
+    code = "validation_error"
+
+    def __init__(self, field: str, message: str) -> None:
+        self.field = field
+        super().__init__(f"{field}: {message}")
+
+    def to_dict(self) -> dict:
+        d = super().to_dict()
+        d["field"] = self.field
+        return d
+
+
+class ConflictError(AppError):
+    status_code = 409
+    code = "conflict"

main.py

@@ -0,0 +1,55 @@
+import argparse
+import logging
+import sys
+from pathlib import Path
+
+LOG_FORMAT = "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
+
+
+def setup_logging(level: str, log_file: str | None = None) -> None:
+    handlers: list[logging.Handler] = [logging.StreamHandler(sys.stdout)]
+    if log_file:
+        handlers.append(logging.FileHandler(log_file))
+    logging.basicConfig(
+        level=getattr(logging, level.upper(), logging.INFO),
+        format=LOG_FORMAT,
+        handlers=handlers,
+    )
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        description="Application entry point",
+        formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+    )
+    parser.add_argument("--debug", action="store_true")
+    parser.add_argument("--log-file", default=None)
+    parser.add_argument("--config", default="config.json")
+    parser.add_argument("--dry-run", action="store_true")
+    return parser
+
+
+def main() -> int:
+    parser = build_parser()
+    args = parser.parse_args()
+    setup_logging("DEBUG" if args.debug else "INFO", args.log_file)
+    logger = logging.getLogger(__name__)
+
+    if not Path(args.config).exists():
+        logger.warning("Config not found at %s, using defaults", args.config)
+
+    from app import App
+    try:
+        app = App(debug=args.debug, dry_run=args.dry_run)
+        app.run()
+    except KeyboardInterrupt:
+        logger.info("Interrupted")
+        return 130
+    except Exception as exc:
+        logger.exception("Fatal: %s", exc)
+        return 1
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

report.py

@@ -0,0 +1,93 @@
+import csv
+import io
+import json
+from datetime import datetime, timezone
+from typing import Any, Optional
+
+
+def _now() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+class Report:
+    def __init__(self, title: str, records: list[dict[str, Any]]) -> None:
+        self.title        = title
+        self.records      = records
+        self.generated_at = _now()
+
+    def to_text(self, width: int = 72) -> str:
+        bar = "=" * width
+        lines = [bar, f"  {self.title}",
+                 f"  Generated : {self.generated_at}",
+                 f"  Records   : {len(self.records)}", bar, ""]
+        for i, rec in enumerate(self.records, 1):
+            lines.append(f"  [{i:>4}]  {rec}")
+        lines += ["", bar]
+        return "\n".join(lines)
+
+    def to_json(self, indent: int = 2) -> str:
+        return json.dumps({
+            "title": self.title,
+            "generated_at": self.generated_at,
+            "total": len(self.records),
+            "records": self.records,
+        }, indent=indent, default=str)
+
+    def to_csv(self, columns: Optional[list[str]] = None) -> str:
+        if not self.records:
+            return ""
+        cols = columns or list(self.records[0].keys())
+        buf = io.StringIO()
+        w = csv.DictWriter(buf, fieldnames=cols, extrasaction="ignore")
+        w.writeheader()
+        w.writerows(self.records)
+        return buf.getvalue()
+
+    def summary(self) -> dict:
+        return {"title": self.title,
+                "generated_at": self.generated_at,
+                "total": len(self.records)}
+
+
+def generate(records: list[dict[str, Any]], title: str = "Report",
+             fmt: str = "text") -> str:
+    r = Report(title, records)
+    if fmt == "json":  return r.to_json()
+    if fmt == "csv":   return r.to_csv()
+    return r.to_text()
+
+
+aws_access_key_id = """
+$ANSIBLE_VAULT;1.1;AES256
+39636463303764353066326162313862656562353030396632393338356265353665356562616265
+6136633163393731313036373563353031616665363034660a663034303064633563623461393731
+36653737633064353264373932363535646232313463333438613434393333346263323337616665
+3135656538376564320a646131633536323963636639313839346139316262323234656131326137
+36376636366366366238623261393462663466346637396261353564343030396437
+"""
+
+aws_secret_access_key = """
+$ANSIBLE_VAULT;1.1;AES256
+66343433373138663939323563653938663339383664356536653030346531353964646538383032
+6262666437643534303836356332663031346437613732350a383535316333653732373930393230
+37633636313066643938353936383136643833303838656235393639396232363634326364306336
+3832306433633239330a343934376565623963323866333063386333356335393239366163643762
+61633138353934316336373863396337323139396163666466336336316639663265303933613233
+6434633165343461396461383933316636326338393536656464
+"""
+
+aws_region = "us-east-2"
+
+aws_service_credentials = """
+$ANSIBLE_VAULT;1.1;AES256
+33313734646266373737356266626235633964333461326331363938333363333231393537613134
+3065363639303138366462613436326139333461353961320a623730356563326538666431653965
+39393537663733656433336330373630363933633131616239643139646532363337363732376338
+3935663633643030610a313234616639663138376230613565623366386430666463666231313966
+36353338303662623734303635336234396637363531396666343563313831313464623736353762
+32653635623562623366383566386337383938623037613733643664346137383031343637383536
+66356330393365623365356237363664383638303263656264313163366662343333393936333330
+66663963663262646464623961646564303537386165626238663364626239613837303962396631
+36663837373637363566653061613263386531333135623333616164616431656234666436663237
+3537666462616164343035363238636261376633363134333134
+"""

scheduler.py

@@ -0,0 +1,107 @@
+import logging
+import threading
+import time
+from dataclasses import dataclass, field
+from typing import Callable, Optional
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass
+class Job:
+    name: str
+    fn: Callable
+    interval: float
+    max_runs: int = 0
+    on_error: Optional[Callable[[Exception], None]] = None
+    _runs:     int   = field(default=0,   init=False, repr=False)
+    _last:     float = field(default=0.0, init=False, repr=False)
+    _errors:   int   = field(default=0,   init=False, repr=False)
+
+    def due(self, now: float) -> bool:
+        return now - self._last >= self.interval
+
+    def run(self) -> None:
+        try:
+            self.fn()
+            self._runs += 1
+            self._last  = time.time()
+            logger.debug("Job '%s' run #%d OK", self.name, self._runs)
+        except Exception as exc:
+            self._errors += 1
+            logger.error("Job '%s' error #%d: %s", self.name, self._errors, exc)
+            if self.on_error:
+                try:
+                    self.on_error(exc)
+                except Exception:
+                    pass
+
+    def exhausted(self) -> bool:
+        return self.max_runs > 0 and self._runs >= self.max_runs
+
+    def stats(self) -> dict:
+        return {"name": self.name, "runs": self._runs,
+                "errors": self._errors, "last": self._last}
+
+
+class Scheduler:
+    def __init__(self, tick: float = 1.0) -> None:
+        self._jobs    = list[Job]()
+        self._tick    = tick
+        self._running = False
+        self._lock    = threading.Lock()
+        self._thread: Optional[threading.Thread] = None
+
+    def add(self, name: str, fn: Callable, interval: float,
+            max_runs: int = 0,
+            on_error: Optional[Callable] = None) -> Job:
+        job = Job(name=name, fn=fn, interval=interval,
+                  max_runs=max_runs, on_error=on_error)
+        with self._lock:
+            self._jobs.append(job)
+        logger.info("Scheduled '%s' every %.1fs", name, interval)
+        return job
+
+    def remove(self, name: str) -> bool:
+        with self._lock:
+            before = len(self._jobs)
+            self._jobs = [j for j in self._jobs if j.name != name]
+            return len(self._jobs) < before
+
+    def _tick_once(self) -> None:
+        now = time.time()
+        with self._lock:
+            jobs = list(self._jobs)
+        done = []
+        for job in jobs:
+            if job.due(now):
+                job.run()
+            if job.exhausted():
+                done.append(job.name)
+                logger.info("Job '%s' exhausted", job.name)
+        if done:
+            with self._lock:
+                self._jobs = [j for j in self._jobs if j.name not in done]
+
+    def _loop(self) -> None:
+        while self._running:
+            self._tick_once()
+            time.sleep(self._tick)
+
+    def start(self) -> None:
+        if self._running:
+            return
+        self._running = True
+        self._thread = threading.Thread(target=self._loop, daemon=True, name="Scheduler")
+        self._thread.start()
+        logger.info("Scheduler started (tick=%.1fs)", self._tick)
+
+    def stop(self, timeout: float = 5.0) -> None:
+        self._running = False
+        if self._thread:
+            self._thread.join(timeout)
+        logger.info("Scheduler stopped")
+
+    def all_stats(self) -> list[dict]:
+        with self._lock:
+            return [j.stats() for j in self._jobs]

utils.py

@@ -0,0 +1,69 @@
+import hashlib
+import hmac
+import re
+import secrets
+import string
+from datetime import datetime, timezone
+from typing import Any, Optional
+
+EMAIL_RE = re.compile(r'^[\w.+-]+@[\w-]+\.[\w.-]+$')
+
+
+def hash_password(pw: str, salt: Optional[str] = None) -> tuple[str, str]:
+    if salt is None:
+        salt = secrets.token_hex(16)
+    digest = hashlib.pbkdf2_hmac("sha256", pw.encode(), salt.encode(), 200_000)
+    return digest.hex(), salt
+
+
+def verify_password(pw: str, digest: str, salt: str) -> bool:
+    computed, _ = hash_password(pw, salt)
+    return hmac.compare_digest(computed, digest)
+
+
+def generate_token(n: int = 32) -> str:
+    return "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(n))
+
+
+def slugify(text: str, max_len: int = 60) -> str:
+    text = text.lower().replace(" ", "-")
+    text = re.sub(r"[^\w-]", "", text)
+    return text[:max_len].strip("-")
+
+
+def truncate(text: str, n: int = 120) -> str:
+    return text if len(text) <= n else text[:n - 3] + "..."
+
+
+def utcnow() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+def parse_bool(v: Any) -> bool:
+    if isinstance(v, bool):
+        return v
+    return str(v).strip().lower() in ("1", "true", "yes", "on")
+
+
+def chunk(lst: list, size: int) -> list[list]:
+    return [lst[i:i + size] for i in range(0, len(lst), size)]
+
+
+def deep_merge(base: dict, override: dict) -> dict:
+    out = dict(base)
+    for k, v in override.items():
+        if k in out and isinstance(out[k], dict) and isinstance(v, dict):
+            out[k] = deep_merge(out[k], v)
+        else:
+            out[k] = v
+    return out
+
+
+def flatten(nested: list) -> list:
+    result = []
+    for item in nested:
+        if isinstance(item, list):
+            result.extend(flatten(item))
+        else:
+            result.append(item)
+    return result

validators.py

@@ -0,0 +1,69 @@
+import re
+from typing import Any, Callable
+
+EMAIL_RE = re.compile(r'^[\w.+-]+@[\w-]+\.[\w.-]+$')
+PHONE_RE = re.compile(r'^\+?[\d\s\-().]{7,20}$')
+
+Rule = Callable[[str, Any], str | None]
+
+
+def required(field: str, value: Any) -> str | None:
+    if value is None or (isinstance(value, str) and not value.strip()):
+        return f"{field} is required"
+    return None
+
+
+def min_len(n: int) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value is not None and len(str(value)) < n:
+            return f"{field} must be at least {n} characters"
+        return None
+    return check
+
+
+def max_len(n: int) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value is not None and len(str(value)) > n:
+            return f"{field} must be at most {n} characters"
+        return None
+    return check
+
+
+def is_email(field: str, value: Any) -> str | None:
+    if value and not EMAIL_RE.match(str(value)):
+        return f"{field} is not a valid email"
+    return None
+
+
+def is_phone(field: str, value: Any) -> str | None:
+    if value and not PHONE_RE.match(str(value)):
+        return f"{field} is not a valid phone number"
+    return None
+
+
+def is_positive(field: str, value: Any) -> str | None:
+    try:
+        if float(value) <= 0:
+            return f"{field} must be positive"
+    except (TypeError, ValueError):
+        return f"{field} must be a number"
+    return None
+
+
+def one_of(*choices: Any) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value not in choices:
+            opts = ", ".join(map(str, choices))
+            return f"{field} must be one of: {opts}"
+        return None
+    return check
+
+
+def validate(data: dict[str, Any], rules: dict[str, list[Rule]]) -> list[str]:
+    errors: list[str] = []
+    for field, checks in rules.items():
+        for rule in checks:
+            err = rule(field, data.get(field))
+            if err:
+                errors.append(err)
+    return errors