* Initial work on restructure of application state
* Updated MOTD with more flexible input and add basic version
* Remove unnecessary type ignores
* Add wrapping and smarter output per process type
* Add support for ASGI MOTD
* Add Windows color support ernable
* Refactor __main__ into submodule
* Renest arguments
* Passing unit tests
* Passing unit tests
* Typing
* Fix num worker test
* Add context to assert failure
* Add some type annotations
* Some linting
* Line aware searching in test
* Test abstractions
* Fix some flappy tests
* Bump up timeout on CLI tests
* Change test for no access logs on gunicornworker
* Add some basic test converage
* Some new tests, and disallow workers and fast on app.run
* Add ability to log all exceptions
* Fix linting 🙄
* Remove shorthand
* Make `ErrorHandler.log` backwards-compat
* Ignore mypy error
* Don't store `noisy_exceptions` attribute in app
* Added tests
* Store noisy exceptions setting in config
* Default to not-noisy if config key not available
* Add CLI tests for `noisy-exceptions`
* Remove debugging line I left in 😅
* Fix tests
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>
* Smarter auto fallback
* remove config from blueprints
* Add tests for error formatting
* Add check for proper format
* Fix some tests
* Add some tests
* docstring
* Add accept matching
* Add some more tests on matching
* Fix contains bug, earlier return on MediaType eq
* Add matching flags for wildcards
* Add mathing controls to accept
* Cleanup dev cruft
* Add cleanup and resolve OSError relating to test implementation
* Fix test
* Fix some typos
* First attempt at new Websockets implementation based on websockets >= 9.0, with sans-i/o features. Requires more work.
* Update sanic/websocket.py
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
* Update sanic/websocket.py
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
* Update sanic/websocket.py
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
* wip, update websockets code to new Sans/IO API
* Refactored new websockets impl into own modules
Incorporated other suggestions made by team
* Another round of work on the new websockets impl
* Added websocket_timeout support (matching previous/legacy support)
* Lots more comments
* Incorporated suggested changes from previous round of review
* Changed RuntimeError usage to ServerError
* Changed SanicException usage to ServerError
* Removed some redundant asserts
* Change remaining asserts to ServerErrors
* Fixed some timeout handling issues
* Fixed websocket.close() handling, and made it more robust
* Made auto_close task smarter and more error-resilient
* Made fail_connection routine smarter and more error-resilient
* Further new websockets impl fixes
* Update compatibility with Websockets v10
* Track server connection state in a more precise way
* Try to handle the shutdown process more gracefully
* Add a new end_connection() helper, to use as an alterative to close() or fail_connection()
* Kill the auto-close task and keepalive-timeout task when sanic is shutdown
* Deprecate WEBSOCKET_READ_LIMIT and WEBSOCKET_WRITE_LIMIT configs, they are not used in this implementation.
* Change a warning message to debug level
Remove default values for deprecated websocket parameters
* Fix flake8 errors
* Fix a couple of missed failing tests
* remove websocket bench from examples
* Integrate suggestions from code reviews
Use Optional[T] instead of union[T,None]
Fix mypy type logic errors
change "is not None" to truthy checks where appropriate
change "is None" to falsy checks were appropriate
Add more debug logging when debug mode is on
Change to using sanic.logger for debug logging rather than error_logger.
* Fix long line lengths of debug messages
Add some new debug messages when websocket IO is paused and unpaused for flow control
Fix websocket example to use app.static()
* remove unused import in websocket example app
* re-run isort after Flake8 fixes
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>
* Deprecate `load_env` in favor of `env_prefix`
`load_env` both enabled/disabled environment variable parsing, while
also letting the user modify the env prefix. Deprecate the ability to
disable environment parsing, and add a new config variable to track the
user's desired prefix for environment-based configuration.
Resolves: #2102
* Add a few common .gitignore patterns
* Temp working version of initial signal api
* fix signals router finalizing
* Additional tests
* Add event test
* finalize test
* remove old comment
* Add some missing annotations
* multiple apps per BP support
* deepsource?
* rtemove deepsource
* nominal change
* fix blueprints test
* trivial change to trigger build
* signal docstring
* squash
* squash
* Add a couple new tests
* Add some suggestions from review
* Remove inaccessible code
* Change where to condition
* Streaming request by async for.
* Make all requests streaming and preload body for non-streaming handlers.
* Cleanup of code and avoid mixing streaming responses.
* Async http protocol loop.
* Change of test: don't require early bad request error but only after CRLF-CRLF.
* Add back streaming requests.
* Rewritten request body parser.
* Misc. cleanup, down to 4 failing tests.
* All tests OK.
* Entirely remove request body queue.
* Let black f*ckup the layout
* Better testing error messages on protocol errors.
* Remove StreamBuffer tests because the type is about to be removed.
* Remove tests using the deprecated get_headers function that can no longer be supported. Chunked mode is now autodetected, so do not put content-length header if chunked mode is preferred.
* Major refactoring of HTTP protocol handling (new module http.py added), all requests made streaming. A few compatibility issues and a lot of cleanup to be done remain, 16 tests failing.
* Terminate check_timeouts once connection_task finishes.
* Code cleanup, 14 tests failing.
* Much cleanup, 12 failing...
* Even more cleanup and error checking, 8 failing tests.
* Remove keep-alive header from responses. First of all, it should say timeout=<value> which wasn't the case with existing implementation, and secondly none of the other web servers I tried include this header.
* Everything but CustomServer OK.
* Linter
* Disable custom protocol test
* Remove unnecessary variables, optimise performance.
* A test was missing that body_init/body_push/body_finish are never called. Rewritten using receive_body and case switching to make it fail if bypassed.
* Minor fixes.
* Remove unused code.
* Py 3.8 check for deprecated loop argument.
* Fix a middleware cancellation handling test with py38.
* Linter 'n fixes
* Typing
* Stricter handling of request header size
* More specific error messages on Payload Too Large.
* Init http.response = None
* Messages further tuned.
* Always try to consume request body, plus minor cleanup.
* Add a missing check in case of close_if_idle on a dead connection.
* Avoid error messages on PayloadTooLarge.
* Add test for new API.
* json takes str, not bytes
* Default to no maximum request size for streaming handlers.
* Fix chunked mode crash.
* Header values should be strictly ASCII but both UTF-8 and Latin-1 exist. Use UTF-8B to
cope with all.
* Refactoring and cleanup.
* Unify response header processing of ASGI and asyncio modes.
* Avoid special handling of StreamingHTTPResponse.
* 35 % speedup in HTTP/1.1 response formatting (not so much overall effect).
* Duplicate set-cookie headers were being produced.
* Cleanup processed_headers some more.
* Linting
* Import ordering
* Response middleware ran by async request.respond().
* Need to check if transport is closing to avoid getting stuck in sending loops after peer has disconnected.
* Middleware and error handling refactoring.
* Linter
* Fix tracking of HTTP stage when writing to transport fails.
* Add clarifying comment
* Add a check for request body functions and a test for NotImplementedError.
* Linter and typing
* These must be tuples + hack mypy warnings away.
* New streaming test and minor fixes.
* Constant receive buffer size.
* 256 KiB send and receive buffers.
* Revert "256 KiB send and receive buffers."
This reverts commit abc1e3edb2.
* app.handle_exception already sends the response.
* Improved handling of errors during request.
* An odd hack to avoid an httpx limitation that causes test failures.
* Limit request header size to 8 KiB at most.
* Remove unnecessary use of format string.
* Cleanup tests
* Remove artifact
* Fix type checking
* Mark test for skipping
* Cleanup some edge cases
* Add ignore_body flag to safe methods
* Add unit tests for timeout logic
* Add unit tests for timeout logic
* Fix Mock usage in timeout test
* Change logging test to only logger in handler
* Windows py3.8 logging issue with current testing client
* Add test_header_size_exceeded
* Resolve merge conflicts
* Add request middleware to hard exception handling
* Add request middleware to hard exception handling
* Request middleware on exception handlers
* Linting
* Cleanup deprecations
Co-authored-by: L. Kärkkäinen <tronic@users.noreply.github.com>
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
Bandit is a python package for staticly scanning code for security issues.
* Added to tox.ini
* Added to setup.py
* Added to .travis.yml
As part of CI/CD pipeline
* Drop dependency on distutils
While distutils is part of stdlib, it feels odd to use distutils in main application code.
I personally use a (lean)[https://hub.docker.com/r/haizaar/python-minimal/tags] Python distribution for running my applications that does not include distutils.
* Flake8 fixes
* "black" fixes
* strtobool should actually return bool
