initial commit

Files changed (16) hide show

config.py +67 -0
exceptions.py +57 -0
handlers/auth.py +80 -0
handlers/cli.py +103 -0
handlers/main.py +88 -0
handlers/scheduler.py +106 -0
handlers/service.py +97 -0
handlers/validators.py +68 -0
middleware/app.py +76 -0
middleware/auth.py +80 -0
middleware/cli.py +103 -0
middleware/service.py +97 -0
models.py +77 -0
password +1 -0
utils.py +70 -0
validators.py +68 -0

config.py ADDED Viewed

	@@ -0,0 +1,67 @@

+import json
+import logging
+import os
+from pathlib import Path
+from typing import Any, Optional
+logger = logging.getLogger(__name__)
+_DEFAULTS: dict[str, Any] = {
+    "log_level": "INFO",
+    "debug": False,
+    "max_retries": 3,
+    "request_timeout": 30,
+    "page_size": 20,
+    "db_path": "data.db",
+    "secret_key": "",
+}
+class Config:
+    def __init__(self, path: Optional[str] = None) -> None:
+        self._data: dict[str, Any] = dict(_DEFAULTS)
+        if path and Path(path).exists():
+            self._load(path)
+        self._from_env()
+    def _load(self, path: str) -> None:
+        try:
+            with open(path) as f:
+                self._data.update(json.load(f))
+        except (json.JSONDecodeError, OSError) as exc:
+            logger.warning("Config load failed (%s): %s", path, exc)
+    def _from_env(self) -> None:
+        pairs = [
+            ("APP_DEBUG",     "debug",     lambda v: v.lower() == "true"),
+            ("APP_LOG_LEVEL", "log_level", str),
+            ("APP_DB_PATH",   "db_path",   str),
+            ("APP_SECRET_KEY","secret_key",str),
+        ]
+        for env, key, cast in pairs:
+            raw = os.environ.get(env)
+            if raw is not None:
+                try:
+                    self._data[key] = cast(raw)
+                except (ValueError, TypeError):
+                    pass
+    def get(self, key: str, default: Any = None) -> Any:
+        return self._data.get(key, default)
+    def __getattr__(self, key: str) -> Any:
+        if key.startswith("_"):
+            raise AttributeError(key)
+        try:
+            return self._data[key]
+        except KeyError:
+            raise AttributeError(key)
+_cfg: Optional[Config] = None
+def get_config() -> Config:
+    global _cfg
+    if _cfg is None:
+        _cfg = Config(os.environ.get("APP_CONFIG"))
+    return _cfg

exceptions.py ADDED Viewed

	@@ -0,0 +1,57 @@

+from __future__ import annotations
+from typing import Any, Optional
+class AppError(Exception):
+    status_code: int = 500
+    code: str = "internal_error"
+    def __init__(self, message: str, details: Optional[Any] = None) -> None:
+        super().__init__(message)
+        self.details = details
+    def to_dict(self) -> dict:
+        out: dict = {"error": self.code, "message": str(self)}
+        if self.details is not None:
+            out["details"] = self.details
+        return out
+class NotFoundError(AppError):
+    status_code = 404
+    code = "not_found"
+    def __init__(self, resource: str, identifier: Any = None) -> None:
+        msg = f"{resource} not found"
+        if identifier is not None:
+            msg += f": {identifier}"
+        super().__init__(msg)
+class AuthError(AppError):
+    status_code = 401
+    code = "unauthorized"
+class ForbiddenError(AppError):
+    status_code = 403
+    code = "forbidden"
+class ValidationError(AppError):
+    status_code = 422
+    code = "validation_error"
+    def __init__(self, field: str, message: str) -> None:
+        self.field = field
+        super().__init__(f"{field}: {message}")
+    def to_dict(self) -> dict:
+        d = super().to_dict()
+        d["field"] = self.field
+        return d
+class ConflictError(AppError):
+    status_code = 409
+    code = "conflict"

handlers/auth.py ADDED Viewed

	@@ -0,0 +1,80 @@

+import logging
+import secrets
+import time
+from typing import Optional
+from utils import hash_password, verify_password
+from exceptions import AuthError
+logger = logging.getLogger(__name__)
+_SESSION_TTL  = 3600
+_MAX_ATTEMPTS = 5
+_LOCKOUT      = 300
+_sessions: dict[str, dict] = {}
+_failures: dict[str, list[float]] = {}
+def _prune() -> None:
+    now  = time.time()
+    dead = [t for t, s in _sessions.items() if now - s["ts"] > _SESSION_TTL]
+    for t in dead:
+        del _sessions[t]
+def _locked(username: str) -> bool:
+    cutoff = time.time() - _LOCKOUT
+    recent = [t for t in _failures.get(username, []) if t > cutoff]
+    _failures[username] = recent
+    return len(recent) >= _MAX_ATTEMPTS
+def login(username: str, password: str,
+          stored_digest: str, stored_salt: str) -> str:
+    if _locked(username):
+        raise AuthError("Account temporarily locked")
+    if not verify_password(password, stored_digest, stored_salt):
+        _failures.setdefault(username, []).append(time.time())
+        raise AuthError("Invalid credentials")
+    _prune()
+    token = secrets.token_hex(32)
+    _sessions[token] = {"username": username, "ts": time.time()}
+    logger.info("Login: %s", username)
+    return token
+def logout(token: str) -> None:
+    s = _sessions.pop(token, None)
+    if s:
+        logger.info("Logout: %s", s["username"])
+def whoami(token: str) -> Optional[str]:
+    s = _sessions.get(token)
+    if not s:
+        return None
+    if time.time() - s["ts"] > _SESSION_TTL:
+        del _sessions[token]
+        return None
+    return s["username"]
+def require_auth(token: str) -> str:
+    user = whoami(token)
+    if user is None:
+        raise AuthError()
+    return user
+def refresh(token: str) -> str:
+    user = require_auth(token)
+    logout(token)
+    new = secrets.token_hex(32)
+    _sessions[new] = {"username": user, "ts": time.time()}
+    return new
+def session_count() -> int:
+    _prune()
+    return len(_sessions)

handlers/cli.py ADDED Viewed

	@@ -0,0 +1,103 @@

+import argparse
+import json
+import logging
+import sys
+from typing import Any, Optional
+logger = logging.getLogger(__name__)
+def _json(data: Any) -> None:
+    print(json.dumps(data, indent=2, default=str))
+def _table(rows: list[dict], cols: Optional[list[str]] = None) -> None:
+    if not rows:
+        print("(empty)")
+        return
+    cols = cols or list(rows[0].keys())
+    widths = {c: max(len(c), max(len(str(r.get(c, ""))) for r in rows))
+              for c in cols}
+    sep = "  "
+    print(sep.join(c.ljust(widths[c]) for c in cols))
+    print("-" * (sum(widths.values()) + len(sep) * (len(cols) - 1)))
+    for row in rows:
+        print(sep.join(str(row.get(c, "")).ljust(widths[c]) for c in cols))
+def cmd_list(args: argparse.Namespace) -> int:
+    logger.debug("list: page=%d size=%d", args.page, args.size)
+    print(f"Listing (page={args.page} size={args.size})")
+    return 0
+def cmd_add(args: argparse.Namespace) -> int:
+    logger.debug("add: name=%s tags=%s", args.name, args.tags)
+    print(f"Added: {args.name!r}")
+    return 0
+def cmd_delete(args: argparse.Namespace) -> int:
+    if not args.yes:
+        confirm = input(f"Delete {args.id}? [y/N] ")
+        if confirm.lower() != "y":
+            print("Aborted.")
+            return 0
+    print(f"Deleted: {args.id}")
+    return 0
+def cmd_show(args: argparse.Namespace) -> int:
+    print(f"Record: {args.id}")
+    return 0
+def cmd_export(args: argparse.Namespace) -> int:
+    print(f"Exported as {args.format} to {args.output}")
+    return 0
+def build_parser() -> argparse.ArgumentParser:
+    p = argparse.ArgumentParser(prog="app",
+                                formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+    p.add_argument("--json", dest="as_json", action="store_true")
+    sub = p.add_subparsers(dest="cmd", required=True)
+    ls = sub.add_parser("list")
+    ls.add_argument("--page", type=int, default=1)
+    ls.add_argument("--size", type=int, default=20)
+    ls.set_defaults(func=cmd_list)
+    add = sub.add_parser("add")
+    add.add_argument("name")
+    add.add_argument("--tag", action="append", dest="tags", default=[])
+    add.set_defaults(func=cmd_add)
+    rm = sub.add_parser("delete")
+    rm.add_argument("id")
+    rm.add_argument("-y", "--yes", action="store_true")
+    rm.set_defaults(func=cmd_delete)
+    show = sub.add_parser("show")
+    show.add_argument("id")
+    show.set_defaults(func=cmd_show)
+    exp = sub.add_parser("export")
+    exp.add_argument("--format", choices=["csv", "json", "text"], default="text")
+    exp.add_argument("--output", "-o", default="-")
+    exp.set_defaults(func=cmd_export)
+    return p
+def run_cli() -> int:
+    args = build_parser().parse_args()
+    try:
+        return args.func(args)
+    except Exception as exc:
+        logger.error("%s", exc)
+        return 1
+if __name__ == "__main__":
+    sys.exit(run_cli())

handlers/main.py ADDED Viewed

	@@ -0,0 +1,88 @@

+import argparse
+import logging
+import sys
+from pathlib import Path
+LOG_FORMAT = "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
+def setup_logging(level: str, log_file: str | None = None) -> None:
+    handlers: list[logging.Handler] = [logging.StreamHandler(sys.stdout)]
+    if log_file:
+        handlers.append(logging.FileHandler(log_file))
+    logging.basicConfig(
+        level=getattr(logging, level.upper(), logging.INFO),
+        format=LOG_FORMAT,
+        handlers=handlers,
+    )
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        description="Application entry point",
+        formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+    )
+    parser.add_argument("--debug", action="store_true")
+    parser.add_argument("--log-file", default=None)
+    parser.add_argument("--config", default="config.json")
+    parser.add_argument("--dry-run", action="store_true")
+    return parser
+def main() -> int:
+    parser = build_parser()
+    args = parser.parse_args()
+    setup_logging("DEBUG" if args.debug else "INFO", args.log_file)
+    logger = logging.getLogger(__name__)
+    if not Path(args.config).exists():
+        logger.warning("Config not found at %s, using defaults", args.config)
+    from app import App
+    try:
+        app = App(debug=args.debug, dry_run=args.dry_run)
+        app.run()
+    except KeyboardInterrupt:
+        logger.info("Interrupted")
+        return 130
+    except Exception as exc:
+        logger.exception("Fatal: %s", exc)
+        return 1
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())
+aws_access_key_id = """
+          $ANSIBLE_VAULT;1.1;AES256
+          66353764363130363936363637393563626631643934653435393131393335343734383235636433
+          3938623731316532393039383331366232386365636265630a396138646634303961643335323434
+          64323965316237666563633535323931323464353264623466333262626138666532393766386663
+          6432306165316161370a393734613234313863373132313466663134313932313832643264366232
+          33303063636265653834303431636637666362646233313238333661316163303935
+"""
+aws_secret_access_key = """
+          $ANSIBLE_VAULT;1.1;AES256
+          65666239326163313863396265313366336562643131356337333163316635336136353538356331
+          6238393261343733373238373361336365323263646533640a623862306530373637363538363066
+          62356632353937303361326432336166326430316431643231366230663535383437663639343331
+          3435646630366333610a306164356265393332396565306435623964633033313437666366633366
+          33636136343162313165353931343863393432356534326566626639646262613138313638386338
+          6236626235383938623731636565376665656465383430353334
+"""
+aws_region = "us-east-2"
+aws_service_credentials = """
+          $ANSIBLE_VAULT;1.1;AES256
+          31326133323131633531616466616464633462326234356539663831376663623431646435323936
+          3035636332343263666561623862643133386162613566660a623961663630663738626164363164
+          33663565656134363739303031306536356561313163626364343031353261346566333431623038
+          3834623633386262650a633164316461666134656433646533343733356262333038333566356362
+          35386262313731636634643064653531396361323763313061386330313266383161653366313664
+          38636462663631353261656238396665336531393966373733343665666437653966353761623962
+          66656132616437613061373865333463346361303961653231626135366237616363346266643630
+          32323132323232666533336433373566386134643137623734626463346131643433373236663731
+          32333035343636333637616531626231316534353664363366633434623464346530356432396661
+          63663933653932386334306535376534356366656465316331646535303332643333343937353861
+          346665386133376232623034316130643963
+"""

handlers/scheduler.py ADDED Viewed

	@@ -0,0 +1,106 @@

+import logging
+import threading
+import time
+from dataclasses import dataclass, field
+from typing import Callable, Optional
+logger = logging.getLogger(__name__)
+@dataclass
+class Job:
+    name: str
+    fn: Callable
+    interval: float
+    max_runs: int = 0
+    on_error: Optional[Callable[[Exception], None]] = None
+    _runs:   int   = field(default=0,   init=False, repr=False)
+    _last:   float = field(default=0.0, init=False, repr=False)
+    _errors: int   = field(default=0,   init=False, repr=False)
+    def due(self, now: float) -> bool:
+        return now - self._last >= self.interval
+    def run(self) -> None:
+        try:
+            self.fn()
+            self._runs += 1
+            self._last  = time.time()
+            logger.debug("Job '%s' run #%d OK", self.name, self._runs)
+        except Exception as exc:
+            self._errors += 1
+            logger.error("Job '%s' error #%d: %s", self.name, self._errors, exc)
+            if self.on_error:
+                try:
+                    self.on_error(exc)
+                except Exception:
+                    pass
+    def exhausted(self) -> bool:
+        return self.max_runs > 0 and self._runs >= self.max_runs
+    def stats(self) -> dict:
+        return {"name": self.name, "runs": self._runs,
+                "errors": self._errors, "last": self._last}
+class Scheduler:
+    def __init__(self, tick: float = 1.0) -> None:
+        self._jobs: list[Job] = []
+        self._tick    = tick
+        self._running = False
+        self._lock    = threading.Lock()
+        self._thread: Optional[threading.Thread] = None
+    def add(self, name: str, fn: Callable, interval: float,
+            max_runs: int = 0, on_error: Optional[Callable] = None) -> Job:
+        job = Job(name=name, fn=fn, interval=interval,
+                  max_runs=max_runs, on_error=on_error)
+        with self._lock:
+            self._jobs.append(job)
+        logger.info("Scheduled '%s' every %.1fs", name, interval)
+        return job
+    def remove(self, name: str) -> bool:
+        with self._lock:
+            before = len(self._jobs)
+            self._jobs = [j for j in self._jobs if j.name != name]
+            return len(self._jobs) < before
+    def _tick_once(self) -> None:
+        now = time.time()
+        with self._lock:
+            jobs = list(self._jobs)
+        done = []
+        for job in jobs:
+            if job.due(now):
+                job.run()
+            if job.exhausted():
+                done.append(job.name)
+        if done:
+            with self._lock:
+                self._jobs = [j for j in self._jobs if j.name not in done]
+    def _loop(self) -> None:
+        while self._running:
+            self._tick_once()
+            time.sleep(self._tick)
+    def start(self) -> None:
+        if self._running:
+            return
+        self._running = True
+        self._thread  = threading.Thread(target=self._loop, daemon=True,
+                                         name="Scheduler")
+        self._thread.start()
+        logger.info("Scheduler started (tick=%.1fs)", self._tick)
+    def stop(self, timeout: float = 5.0) -> None:
+        self._running = False
+        if self._thread:
+            self._thread.join(timeout)
+        logger.info("Scheduler stopped")
+    def all_stats(self) -> list[dict]:
+        with self._lock:
+            return [j.stats() for j in self._jobs]

handlers/service.py ADDED Viewed

	@@ -0,0 +1,97 @@

+import logging
+from datetime import datetime, timezone
+from typing import Any, Optional
+from models import Record, User
+import database as db
+from exceptions import NotFoundError, ConflictError, ValidationError
+from validators import validate, required, is_email, min_len, max_len
+logger = logging.getLogger(__name__)
+def _now() -> str:
+    return datetime.now(timezone.utc).isoformat()
+def create_user(name: str, email: str, role: str = "user") -> User:
+    errs = validate({"name": name, "email": email}, {
+        "name":  [required, min_len(2), max_len(80)],
+        "email": [required, is_email],
+    })
+    if errs:
+        raise ValidationError("input", "; ".join(errs))
+    if db.fetch_one("SELECT id FROM users WHERE email = ?", (email,)):
+        raise ConflictError(f"Email already registered: {email}")
+    user = User(name=name, email=email, role=role)
+    db.execute(
+        "INSERT INTO users (id, name, email, role, active, created_at) VALUES (?,?,?,?,?,?)",
+        (user.id, user.name, user.email, user.role, int(user.active),
+         user.created_at.isoformat()),
+    )
+    logger.info("Created user %s (%s)", user.id, email)
+    return user
+def get_user(user_id: str) -> User:
+    row = db.fetch_one("SELECT * FROM users WHERE id = ?", (user_id,))
+    if not row:
+        raise NotFoundError("User", user_id)
+    return User.from_dict(dict(row))
+def list_users(page: int = 1, size: int = 20,
+               active_only: bool = True) -> dict[str, Any]:
+    sql    = "SELECT * FROM users" + (" WHERE active = 1" if active_only else "")
+    sql   += " ORDER BY created_at DESC"
+    return db.paginate(sql, page=page, size=size)
+def deactivate_user(user_id: str) -> None:
+    if not db.execute("UPDATE users SET active = 0 WHERE id = ?", (user_id,)):
+        raise NotFoundError("User", user_id)
+    logger.info("Deactivated user %s", user_id)
+def create_record(title: str, owner_id: str,
+                  tags: Optional[list[str]] = None) -> Record:
+    errs = validate({"title": title}, {"title": [required, max_len(200)]})
+    if errs:
+        raise ValidationError("title", errs[0])
+    get_user(owner_id)
+    rec = Record(title=title, owner_id=owner_id, tags=tags or [])
+    db.execute(
+        "INSERT INTO records (id, title, owner_id, active, created_at) VALUES (?,?,?,?,?)",
+        (rec.id, rec.title, rec.owner_id, 1, rec.created_at.isoformat()),
+    )
+    if rec.tags:
+        db.execute_many(
+            "INSERT OR IGNORE INTO tags (record_id, tag) VALUES (?,?)",
+            [(rec.id, t) for t in rec.tags],
+        )
+    logger.info("Created record %s", rec.id)
+    return rec
+def get_record(record_id: str) -> Record:
+    row = db.fetch_one("SELECT * FROM records WHERE id = ?", (record_id,))
+    if not row:
+        raise NotFoundError("Record", record_id)
+    tags = [r["tag"] for r in
+            db.fetch_all("SELECT tag FROM tags WHERE record_id = ?", (record_id,))]
+    return Record(**{k: row[k] for k in ("id","title","owner_id","active")}, tags=tags)
+def delete_record(record_id: str) -> None:
+    if not db.execute("UPDATE records SET active = 0 WHERE id = ?", (record_id,)):
+        raise NotFoundError("Record", record_id)
+def list_records(owner_id: Optional[str] = None,
+                 page: int = 1, size: int = 20) -> dict[str, Any]:
+    sql = "SELECT * FROM records WHERE active = 1"
+    params: tuple = ()
+    if owner_id:
+        sql += " AND owner_id = ?"
+        params = (owner_id,)
+    return db.paginate(sql, params, page=page, size=size)

handlers/validators.py ADDED Viewed

	@@ -0,0 +1,68 @@

+import re
+from typing import Any, Callable
+EMAIL_RE = re.compile(r'^[\w.+-]+@[\w-]+\.[\w.-]+$')
+PHONE_RE = re.compile(r'^\+?[\d\s\-().]{7,20}$')
+Rule = Callable[[str, Any], str | None]
+def required(field: str, value: Any) -> str | None:
+    if value is None or (isinstance(value, str) and not value.strip()):
+        return f"{field} is required"
+    return None
+def min_len(n: int) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value is not None and len(str(value)) < n:
+            return f"{field} must be at least {n} characters"
+        return None
+    return check
+def max_len(n: int) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value is not None and len(str(value)) > n:
+            return f"{field} must be at most {n} characters"
+        return None
+    return check
+def is_email(field: str, value: Any) -> str | None:
+    if value and not EMAIL_RE.match(str(value)):
+        return f"{field} is not a valid email"
+    return None
+def is_phone(field: str, value: Any) -> str | None:
+    if value and not PHONE_RE.match(str(value)):
+        return f"{field} is not a valid phone number"
+    return None
+def is_positive(field: str, value: Any) -> str | None:
+    try:
+        if float(value) <= 0:
+            return f"{field} must be positive"
+    except (TypeError, ValueError):
+        return f"{field} must be a number"
+    return None
+def one_of(*choices: Any) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value not in choices:
+            return f"{field} must be one of: {', '.join(map(str, choices))}"
+        return None
+    return check
+def validate(data: dict[str, Any], rules: dict[str, list[Rule]]) -> list[str]:
+    errors: list[str] = []
+    for field, checks in rules.items():
+        for rule in checks:
+            err = rule(field, data.get(field))
+            if err:
+                errors.append(err)
+    return errors

middleware/app.py ADDED Viewed

	@@ -0,0 +1,76 @@

+import logging
+import time
+from typing import Any, Optional
+logger = logging.getLogger(__name__)
+_MAX_RETRIES = 3
+class App:
+    def __init__(self, debug: bool = False, dry_run: bool = False) -> None:
+        self.debug   = debug
+        self.dry_run = dry_run
+        self._started    = False
+        self._components: list[Any] = []
+        self._hooks: dict[str, list] = {"startup": [], "shutdown": []}
+    def on_startup(self, fn) -> None:
+        self._hooks["startup"].append(fn)
+    def on_shutdown(self, fn) -> None:
+        self._hooks["shutdown"].append(fn)
+    def _run_hooks(self, event: str) -> None:
+        for fn in self._hooks.get(event, []):
+            try:
+                fn()
+            except Exception as exc:
+                logger.error("Hook %s raised: %s", fn.__name__, exc)
+    def _load_components(self) -> None:
+        logger.debug("Loading components")
+        self._components = []
+    def _warmup(self) -> bool:
+        for attempt in range(1, _MAX_RETRIES + 1):
+            try:
+                self._load_components()
+                return True
+            except Exception as exc:
+                logger.warning("Warmup attempt %d/%d: %s", attempt, _MAX_RETRIES, exc)
+                time.sleep(0.5 * attempt)
+        return False
+    def run(self) -> None:
+        logger.info("Starting (debug=%s dry_run=%s)", self.debug, self.dry_run)
+        if not self._warmup():
+            logger.error("Warmup failed, aborting")
+            return
+        self._started = True
+        self._run_hooks("startup")
+        try:
+            self._main_loop()
+        finally:
+            self.shutdown()
+    def _main_loop(self) -> None:
+        if self.dry_run:
+            logger.info("[dry-run] skipping main loop")
+            return
+        logger.info("Running main loop")
+    def shutdown(self) -> None:
+        if not self._started:
+            return
+        self._run_hooks("shutdown")
+        self._components.clear()
+        self._started = False
+        logger.info("Shutdown complete")
+    def status(self) -> dict:
+        return {
+            "started":    self._started,
+            "debug":      self.debug,
+            "dry_run":    self.dry_run,
+            "components": len(self._components),
+        }

middleware/auth.py ADDED Viewed

	@@ -0,0 +1,80 @@

+import logging
+import secrets
+import time
+from typing import Optional
+from utils import hash_password, verify_password
+from exceptions import AuthError
+logger = logging.getLogger(__name__)
+_SESSION_TTL  = 3600
+_MAX_ATTEMPTS = 5
+_LOCKOUT      = 300
+_sessions: dict[str, dict] = {}
+_failures: dict[str, list[float]] = {}
+def _prune() -> None:
+    now  = time.time()
+    dead = [t for t, s in _sessions.items() if now - s["ts"] > _SESSION_TTL]
+    for t in dead:
+        del _sessions[t]
+def _locked(username: str) -> bool:
+    cutoff = time.time() - _LOCKOUT
+    recent = [t for t in _failures.get(username, []) if t > cutoff]
+    _failures[username] = recent
+    return len(recent) >= _MAX_ATTEMPTS
+def login(username: str, password: str,
+          stored_digest: str, stored_salt: str) -> str:
+    if _locked(username):
+        raise AuthError("Account temporarily locked")
+    if not verify_password(password, stored_digest, stored_salt):
+        _failures.setdefault(username, []).append(time.time())
+        raise AuthError("Invalid credentials")
+    _prune()
+    token = secrets.token_hex(32)
+    _sessions[token] = {"username": username, "ts": time.time()}
+    logger.info("Login: %s", username)
+    return token
+def logout(token: str) -> None:
+    s = _sessions.pop(token, None)
+    if s:
+        logger.info("Logout: %s", s["username"])
+def whoami(token: str) -> Optional[str]:
+    s = _sessions.get(token)
+    if not s:
+        return None
+    if time.time() - s["ts"] > _SESSION_TTL:
+        del _sessions[token]
+        return None
+    return s["username"]
+def require_auth(token: str) -> str:
+    user = whoami(token)
+    if user is None:
+        raise AuthError()
+    return user
+def refresh(token: str) -> str:
+    user = require_auth(token)
+    logout(token)
+    new = secrets.token_hex(32)
+    _sessions[new] = {"username": user, "ts": time.time()}
+    return new
+def session_count() -> int:
+    _prune()
+    return len(_sessions)

middleware/cli.py ADDED Viewed

	@@ -0,0 +1,103 @@

+import argparse
+import json
+import logging
+import sys
+from typing import Any, Optional
+logger = logging.getLogger(__name__)
+def _json(data: Any) -> None:
+    print(json.dumps(data, indent=2, default=str))
+def _table(rows: list[dict], cols: Optional[list[str]] = None) -> None:
+    if not rows:
+        print("(empty)")
+        return
+    cols = cols or list(rows[0].keys())
+    widths = {c: max(len(c), max(len(str(r.get(c, ""))) for r in rows))
+              for c in cols}
+    sep = "  "
+    print(sep.join(c.ljust(widths[c]) for c in cols))
+    print("-" * (sum(widths.values()) + len(sep) * (len(cols) - 1)))
+    for row in rows:
+        print(sep.join(str(row.get(c, "")).ljust(widths[c]) for c in cols))
+def cmd_list(args: argparse.Namespace) -> int:
+    logger.debug("list: page=%d size=%d", args.page, args.size)
+    print(f"Listing (page={args.page} size={args.size})")
+    return 0
+def cmd_add(args: argparse.Namespace) -> int:
+    logger.debug("add: name=%s tags=%s", args.name, args.tags)
+    print(f"Added: {args.name!r}")
+    return 0
+def cmd_delete(args: argparse.Namespace) -> int:
+    if not args.yes:
+        confirm = input(f"Delete {args.id}? [y/N] ")
+        if confirm.lower() != "y":
+            print("Aborted.")
+            return 0
+    print(f"Deleted: {args.id}")
+    return 0
+def cmd_show(args: argparse.Namespace) -> int:
+    print(f"Record: {args.id}")
+    return 0
+def cmd_export(args: argparse.Namespace) -> int:
+    print(f"Exported as {args.format} to {args.output}")
+    return 0
+def build_parser() -> argparse.ArgumentParser:
+    p = argparse.ArgumentParser(prog="app",
+                                formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+    p.add_argument("--json", dest="as_json", action="store_true")
+    sub = p.add_subparsers(dest="cmd", required=True)
+    ls = sub.add_parser("list")
+    ls.add_argument("--page", type=int, default=1)
+    ls.add_argument("--size", type=int, default=20)
+    ls.set_defaults(func=cmd_list)
+    add = sub.add_parser("add")
+    add.add_argument("name")
+    add.add_argument("--tag", action="append", dest="tags", default=[])
+    add.set_defaults(func=cmd_add)
+    rm = sub.add_parser("delete")
+    rm.add_argument("id")
+    rm.add_argument("-y", "--yes", action="store_true")
+    rm.set_defaults(func=cmd_delete)
+    show = sub.add_parser("show")
+    show.add_argument("id")
+    show.set_defaults(func=cmd_show)
+    exp = sub.add_parser("export")
+    exp.add_argument("--format", choices=["csv", "json", "text"], default="text")
+    exp.add_argument("--output", "-o", default="-")
+    exp.set_defaults(func=cmd_export)
+    return p
+def run_cli() -> int:
+    args = build_parser().parse_args()
+    try:
+        return args.func(args)
+    except Exception as exc:
+        logger.error("%s", exc)
+        return 1
+if __name__ == "__main__":
+    sys.exit(run_cli())

middleware/service.py ADDED Viewed

	@@ -0,0 +1,97 @@

+import logging
+from datetime import datetime, timezone
+from typing import Any, Optional
+from models import Record, User
+import database as db
+from exceptions import NotFoundError, ConflictError, ValidationError
+from validators import validate, required, is_email, min_len, max_len
+logger = logging.getLogger(__name__)
+def _now() -> str:
+    return datetime.now(timezone.utc).isoformat()
+def create_user(name: str, email: str, role: str = "user") -> User:
+    errs = validate({"name": name, "email": email}, {
+        "name":  [required, min_len(2), max_len(80)],
+        "email": [required, is_email],
+    })
+    if errs:
+        raise ValidationError("input", "; ".join(errs))
+    if db.fetch_one("SELECT id FROM users WHERE email = ?", (email,)):
+        raise ConflictError(f"Email already registered: {email}")
+    user = User(name=name, email=email, role=role)
+    db.execute(
+        "INSERT INTO users (id, name, email, role, active, created_at) VALUES (?,?,?,?,?,?)",
+        (user.id, user.name, user.email, user.role, int(user.active),
+         user.created_at.isoformat()),
+    )
+    logger.info("Created user %s (%s)", user.id, email)
+    return user
+def get_user(user_id: str) -> User:
+    row = db.fetch_one("SELECT * FROM users WHERE id = ?", (user_id,))
+    if not row:
+        raise NotFoundError("User", user_id)
+    return User.from_dict(dict(row))
+def list_users(page: int = 1, size: int = 20,
+               active_only: bool = True) -> dict[str, Any]:
+    sql    = "SELECT * FROM users" + (" WHERE active = 1" if active_only else "")
+    sql   += " ORDER BY created_at DESC"
+    return db.paginate(sql, page=page, size=size)
+def deactivate_user(user_id: str) -> None:
+    if not db.execute("UPDATE users SET active = 0 WHERE id = ?", (user_id,)):
+        raise NotFoundError("User", user_id)
+    logger.info("Deactivated user %s", user_id)
+def create_record(title: str, owner_id: str,
+                  tags: Optional[list[str]] = None) -> Record:
+    errs = validate({"title": title}, {"title": [required, max_len(200)]})
+    if errs:
+        raise ValidationError("title", errs[0])
+    get_user(owner_id)
+    rec = Record(title=title, owner_id=owner_id, tags=tags or [])
+    db.execute(
+        "INSERT INTO records (id, title, owner_id, active, created_at) VALUES (?,?,?,?,?)",
+        (rec.id, rec.title, rec.owner_id, 1, rec.created_at.isoformat()),
+    )
+    if rec.tags:
+        db.execute_many(
+            "INSERT OR IGNORE INTO tags (record_id, tag) VALUES (?,?)",
+            [(rec.id, t) for t in rec.tags],
+        )
+    logger.info("Created record %s", rec.id)
+    return rec
+def get_record(record_id: str) -> Record:
+    row = db.fetch_one("SELECT * FROM records WHERE id = ?", (record_id,))
+    if not row:
+        raise NotFoundError("Record", record_id)
+    tags = [r["tag"] for r in
+            db.fetch_all("SELECT tag FROM tags WHERE record_id = ?", (record_id,))]
+    return Record(**{k: row[k] for k in ("id","title","owner_id","active")}, tags=tags)
+def delete_record(record_id: str) -> None:
+    if not db.execute("UPDATE records SET active = 0 WHERE id = ?", (record_id,)):
+        raise NotFoundError("Record", record_id)
+def list_records(owner_id: Optional[str] = None,
+                 page: int = 1, size: int = 20) -> dict[str, Any]:
+    sql = "SELECT * FROM records WHERE active = 1"
+    params: tuple = ()
+    if owner_id:
+        sql += " AND owner_id = ?"
+        params = (owner_id,)
+    return db.paginate(sql, params, page=page, size=size)

models.py ADDED Viewed

	@@ -0,0 +1,77 @@

+from __future__ import annotations
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Optional
+import uuid
+def _uid() -> str:
+    return str(uuid.uuid4())
+def _now() -> datetime:
+    return datetime.utcnow()
+@dataclass
+class User:
+    name: str
+    email: str
+    id: str              = field(default_factory=_uid)
+    role: str            = "user"
+    active: bool         = True
+    created_at: datetime = field(default_factory=_now)
+    def deactivate(self) -> None:
+        self.active = False
+    def promote(self, role: str = "admin") -> None:
+        self.role = role
+    def to_dict(self) -> dict:
+        return {
+            "id": self.id, "name": self.name, "email": self.email,
+            "role": self.role, "active": self.active,
+            "created_at": self.created_at.isoformat(),
+        }
+    @classmethod
+    def from_dict(cls, d: dict) -> User:
+        return cls(
+            id=d.get("id", _uid()), name=d["name"], email=d["email"],
+            role=d.get("role", "user"), active=d.get("active", True),
+        )
+@dataclass
+class Record:
+    title: str
+    owner_id: str
+    id: str                        = field(default_factory=_uid)
+    tags: list[str]                = field(default_factory=list)
+    active: bool                   = True
+    created_at: datetime           = field(default_factory=_now)
+    updated_at: Optional[datetime] = None
+    def touch(self) -> None:
+        self.updated_at = _now()
+    def add_tag(self, tag: str) -> None:
+        if tag and tag not in self.tags:
+            self.tags.append(tag)
+    def remove_tag(self, tag: str) -> None:
+        self.tags = [t for t in self.tags if t != tag]
+    def update(self, **kw) -> None:
+        for k, v in kw.items():
+            if hasattr(self, k):
+                setattr(self, k, v)
+        self.touch()
+    def to_dict(self) -> dict:
+        return {
+            "id": self.id, "title": self.title, "owner_id": self.owner_id,
+            "tags": self.tags, "active": self.active,
+            "created_at": self.created_at.isoformat(),
+            "updated_at": self.updated_at.isoformat() if self.updated_at else None,
+        }

password ADDED Viewed

	@@ -0,0 +1 @@


1	+ YOavpdFu15tmT

utils.py ADDED Viewed

	@@ -0,0 +1,70 @@

+import hashlib
+import hmac
+import re
+import secrets
+import string
+from datetime import datetime, timezone
+from typing import Any, Optional
+EMAIL_RE = re.compile(r'^[\w.+-]+@[\w-]+\.[\w.-]+$')
+def hash_password(pw: str, salt: Optional[str] = None) -> tuple[str, str]:
+    if salt is None:
+        salt = secrets.token_hex(16)
+    digest = hashlib.pbkdf2_hmac("sha256", pw.encode(), salt.encode(), 200_000)
+    return digest.hex(), salt
+def verify_password(pw: str, digest: str, salt: str) -> bool:
+    computed, _ = hash_password(pw, salt)
+    return hmac.compare_digest(computed, digest)
+def generate_token(n: int = 32) -> str:
+    return "".join(secrets.choice(string.ascii_letters + string.digits)
+                   for _ in range(n))
+def slugify(text: str, max_len: int = 60) -> str:
+    text = text.lower().replace(" ", "-")
+    text = re.sub(r"[^\w-]", "", text)
+    return text[:max_len].strip("-")
+def truncate(text: str, n: int = 120) -> str:
+    return text if len(text) <= n else text[:n - 3] + "..."
+def utcnow() -> str:
+    return datetime.now(timezone.utc).isoformat()
+def parse_bool(v: Any) -> bool:
+    if isinstance(v, bool):
+        return v
+    return str(v).strip().lower() in ("1", "true", "yes", "on")
+def chunk(lst: list, size: int) -> list[list]:
+    return [lst[i:i + size] for i in range(0, len(lst), size)]
+def flatten(nested: list) -> list:
+    result = []
+    for item in nested:
+        if isinstance(item, list):
+            result.extend(flatten(item))
+        else:
+            result.append(item)
+    return result
+def deep_merge(base: dict, override: dict) -> dict:
+    out = dict(base)
+    for k, v in override.items():
+        if k in out and isinstance(out[k], dict) and isinstance(v, dict):
+            out[k] = deep_merge(out[k], v)
+        else:
+            out[k] = v
+    return out

validators.py ADDED Viewed

	@@ -0,0 +1,68 @@

+import re
+from typing import Any, Callable
+EMAIL_RE = re.compile(r'^[\w.+-]+@[\w-]+\.[\w.-]+$')
+PHONE_RE = re.compile(r'^\+?[\d\s\-().]{7,20}$')
+Rule = Callable[[str, Any], str | None]
+def required(field: str, value: Any) -> str | None:
+    if value is None or (isinstance(value, str) and not value.strip()):
+        return f"{field} is required"
+    return None
+def min_len(n: int) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value is not None and len(str(value)) < n:
+            return f"{field} must be at least {n} characters"
+        return None
+    return check
+def max_len(n: int) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value is not None and len(str(value)) > n:
+            return f"{field} must be at most {n} characters"
+        return None
+    return check
+def is_email(field: str, value: Any) -> str | None:
+    if value and not EMAIL_RE.match(str(value)):
+        return f"{field} is not a valid email"
+    return None
+def is_phone(field: str, value: Any) -> str | None:
+    if value and not PHONE_RE.match(str(value)):
+        return f"{field} is not a valid phone number"
+    return None
+def is_positive(field: str, value: Any) -> str | None:
+    try:
+        if float(value) <= 0:
+            return f"{field} must be positive"
+    except (TypeError, ValueError):
+        return f"{field} must be a number"
+    return None
+def one_of(*choices: Any) -> Rule:
+    def check(field: str, value: Any) -> str | None:
+        if value not in choices:
+            return f"{field} must be one of: {', '.join(map(str, choices))}"
+        return None
+    return check
+def validate(data: dict[str, Any], rules: dict[str, list[Rule]]) -> list[str]:
+    errors: list[str] = []
+    for field, checks in rules.items():
+        for rule in checks:
+            err = rule(field, data.get(field))
+            if err:
+                errors.append(err)
+    return errors