19.9.0 release (#1699)

Bump up pytest version for fixing ci build

.gitignore

@@ -10,6 +10,7 @@ coverage
 settings.py
 .idea/*
 .cache/*
+.mypy_cache/
 .python-version
 docs/_build/
 docs/_api/

.travis.yml

@@ -7,24 +7,42 @@ matrix:
   include:
     - env: TOX_ENV=py36
       python: 3.6
+      name: "Python 3.6 with Extensions"
     - env: TOX_ENV=py36-no-ext
       python: 3.6
+      name: "Python 3.6 without Extensions"
     - env: TOX_ENV=py37
       python: 3.7
       dist: xenial
       sudo: true
+      name: "Python 3.7 with Extensions"
     - env: TOX_ENV=py37-no-ext
       python: 3.7
       dist: xenial
       sudo: true
+      name: "Python 3.7 without Extensions"
+    - env: TOX_ENV=type-checking
+      python: 3.6
+      name: "Python 3.6 Type checks"
+    - env: TOX_ENV=type-checking
+      python: 3.7
+      name: "Python 3.7 Type checks"
     - env: TOX_ENV=lint
       python: 3.6
+      name: "Python 3.6 Linter checks"
     - env: TOX_ENV=check
       python: 3.6
+      name: "Python 3.6 Package checks"
     - env: TOX_ENV=security
       python: 3.7
       dist: xenial
       sudo: true
+      name: "Python 3.7 Bandit security scan"
+    - env: TOX_ENV=docs
+      python: 3.7
+      dist: xenial
+      sudo: true
+      name: "Python 3.7 Documentation tests"
 install:
   - pip install -U tox
   - pip install codecov

CHANGELOG.md

@@ -1,288 +0,0 @@
-Version 19.6
-------------
-19.6.0
-  - Changes:
-    - [#1562](https://github.com/huge-success/sanic/pull/1562)
-      Remove `aiohttp` dependencey and create new `SanicTestClient` based upon
-      [`requests-async`](https://github.com/encode/requests-async).
-
-    - [#1475](https://github.com/huge-success/sanic/pull/1475)
-      Added ASGI support (Beta)
-
-    - [#1436](https://github.com/huge-success/sanic/pull/1436)
-      Add Configure support from object string
-
-    - [#1544](https://github.com/huge-success/sanic/pull/1544)
-      Drop dependency on distutil
-
-  - Fixes:
-    - [#1587](https://github.com/huge-success/sanic/pull/1587)
-      Add missing handle for Expect header.
-
-    - [#1560](https://github.com/huge-success/sanic/pull/1560)
-      Allow to disable Transfer-Encoding: chunked.
-
-    - [#1558](https://github.com/huge-success/sanic/pull/1558)
-      Fix graceful shutdown.
-
-    - [#1594](https://github.com/huge-success/sanic/pull/1594)
-      Strict Slashes behavior fix
-
-  - Deprecation:
-    - [#1562](https://github.com/huge-success/sanic/pull/1562)
-      Drop support for Python 3.5
-
-    - [#1568](https://github.com/huge-success/sanic/pull/1568)
-      Deprecate route removal.
-
-Note: Sanic will not support Python 3.5 from version 19.6 and forward. However,
-version 18.12LTS will have its support period extended thru December 2020, and
-therefore passing Python's official support version 3.5, which is set to expire
-in September 2020.
-
-Version 19.3
--------------
-19.3.1
-  - Changes:
-    - [#1497](https://github.com/huge-success/sanic/pull/1497)
-      Add support for zero-length and RFC 5987 encoded filename for
-      multipart/form-data requests.
-
-    - [#1484](https://github.com/huge-success/sanic/pull/1484)
-      The type of `expires` attribute of `sanic.cookies.Cookie` is now
-      enforced to be of type `datetime`.
-
-    - [#1482](https://github.com/huge-success/sanic/pull/1482)
-      Add support for the `stream` parameter of `sanic.Sanic.add_route()`
-      available to `sanic.Blueprint.add_route()`.
-
-    - [#1481](https://github.com/huge-success/sanic/pull/1481)
-      Accept negative values for route parameters with type `int` or `number`.
-
-    - [#1476](https://github.com/huge-success/sanic/pull/1476)
-      Deprecated the use of `sanic.request.Request.raw_args` - it has a
-      fundamental flaw in which is drops repeated query string parameters.
-      Added `sanic.request.Request.query_args` as a replacement for the
-      original use-case.
-
-    - [#1472](https://github.com/huge-success/sanic/pull/1472)
-      Remove an unwanted `None` check in Request class `repr` implementation.
-      This changes the default `repr` of a Request from `<Request>` to
-      `<Request: None />`
-
-    - [#1470](https://github.com/huge-success/sanic/pull/1470)
-      Added 2 new parameters to `sanic.app.Sanic.create_server`:
-      - `return_asyncio_server` - whether to return an asyncio.Server.
-      - `asyncio_server_kwargs` - kwargs to pass to `loop.create_server` for
-        the event loop that sanic is using.
-
-      This is a breaking change.
-
-    - [#1499](https://github.com/huge-success/sanic/pull/1499)
-      Added a set of test cases that test and benchmark route resolution.
-
-    - [#1457](https://github.com/huge-success/sanic/pull/1457)
-      The type of the `"max-age"` value in a `sanic.cookies.Cookie` is now
-      enforced to be an integer. Non-integer values are replaced with `0`.
-
-    - [#1445](https://github.com/huge-success/sanic/pull/1445)
-      Added the `endpoint` attribute to an incoming `request`, containing the
-      name of the handler function.
-
-    - [#1423](https://github.com/huge-success/sanic/pull/1423)
-      Improved request streaming. `request.stream` is now a bounded-size buffer
-      instead of an unbounded queue. Callers must now call
-      `await request.stream.read()` instead of `await request.stream.get()`
-      to read each portion of the body.
-
-      This is a breaking change.
-
-  - Fixes:
-    - [#1502](https://github.com/huge-success/sanic/pull/1502)
-      Sanic was prefetching `time.time()` and updating it once per second to
-      avoid excessive `time.time()` calls. The implementation was observed to
-      cause memory leaks in some cases. The benefit of the prefetch appeared
-      to negligible, so this has been removed. Fixes
-      [#1500](https://github.com/huge-success/sanic/pull/1500)
-
-    - [#1501](https://github.com/huge-success/sanic/pull/1501)
-      Fix a bug in the auto-reloader when the process was launched as a module
-      i.e. `python -m init0.mod1` where the sanic server is started
-      in `init0/mod1.py` with `debug` enabled and imports another module in
-      `init0`.
-
-    - [#1376](https://github.com/huge-success/sanic/pull/1376)
-      Allow sanic test client to bind to a random port by specifying
-      `port=None` when constructing a `SanicTestClient`
-
-    - [#1399](https://github.com/huge-success/sanic/pull/1399)
-      Added the ability to specify middleware on a blueprint group, so that all
-      routes produced from the blueprints in the group have the middleware
-      applied.
-
-    - [#1442](https://github.com/huge-success/sanic/pull/1442)
-      Allow the the use the `SANIC_ACCESS_LOG` environment variable to
-      enable/disable the access log when not explicitly passed to `app.run()`.
-      This allows the access log to be disabled for example when running via
-      gunicorn.
-
-  - Developer infrastructure:
-    - [#1529](https://github.com/huge-success/sanic/pull/1529) Update project PyPI credentials
-    - [#1515](https://github.com/huge-success/sanic/pull/1515) fix linter issue causing travis build failures (fix #1514)
-    - [#1490](https://github.com/huge-success/sanic/pull/1490) Fix python version in doc build
-    - [#1478](https://github.com/huge-success/sanic/pull/1478) Upgrade setuptools version and use native docutils in doc build
-    - [#1464](https://github.com/huge-success/sanic/pull/1464) Upgrade pytest, and fix caplog unit tests
-
-  - Typos and Documentation:
-    - [#1516](https://github.com/huge-success/sanic/pull/1516) Fix typo at the exception documentation
-    - [#1510](https://github.com/huge-success/sanic/pull/1510) fix typo in Asyncio example
-    - [#1486](https://github.com/huge-success/sanic/pull/1486) Documentation typo
-    - [#1477](https://github.com/huge-success/sanic/pull/1477) Fix grammar in README.md
-    - [#1489](https://github.com/huge-success/sanic/pull/1489) Added "databases" to the extensions list
-    - [#1483](https://github.com/huge-success/sanic/pull/1483) Add sanic-zipkin to extensions list
-    - [#1487](https://github.com/huge-success/sanic/pull/1487) Removed link to deleted repo, Sanic-OAuth, from the extensions list
-    - [#1460](https://github.com/huge-success/sanic/pull/1460) 18.12 changelog
-    - [#1449](https://github.com/huge-success/sanic/pull/1449) Add example of amending request object
-    - [#1446](https://github.com/huge-success/sanic/pull/1446) Update README
-    - [#1444](https://github.com/huge-success/sanic/pull/1444) Update README
-    - [#1443](https://github.com/huge-success/sanic/pull/1443) Update README, including new logo
-    - [#1440](https://github.com/huge-success/sanic/pull/1440) fix minor type and pip install instruction mismatch
-    - [#1424](https://github.com/huge-success/sanic/pull/1424) Documentation Enhancements
-
-Note: 19.3.0 was skipped for packagement purposes and not released on PyPI
-
-Version 18.12
--------------
-18.12.0
-  - Changes:
-    - Improved codebase test coverage from 81% to 91%.
-    - Added stream_large_files and host examples in static_file document
-    - Added methods to append and finish body content on Request (#1379)
-    - Integrated with .appveyor.yml for windows ci support
-    - Added documentation for AF_INET6 and AF_UNIX socket usage
-    - Adopt black/isort for codestyle
-    - Cancel task when connection_lost
-    - Simplify request ip and port retrieval logic
-    - Handle config error in load config file.
-    - Integrate with codecov for CI
-    - Add missed documentation for config section.
-    - Deprecate Handler.log
-    - Pinned httptools requirement to version 0.0.10+
-
-  - Fixes:
-    - Fix `remove_entity_headers` helper function (#1415)
-    - Fix TypeError when use Blueprint.group() to group blueprint with default url_prefix, Use os.path.normpath to avoid invalid url_prefix like api//v1
-    f8a6af1 Rename the `http` module to `helpers` to prevent conflicts with the built-in Python http library (fixes #1323)
-    - Fix unittests on windows
-    - Fix Namespacing of sanic logger
-    - Fix missing quotes in decorator example
-    - Fix redirect with quoted param
-    - Fix doc for latest blueprint code
-    - Fix build of latex documentation relating to markdown lists
-    - Fix loop exception handling in app.py
-    - Fix content length mismatch in windows and other platform
-    - Fix Range header handling for static files (#1402)
-    - Fix the logger and make it work (#1397)
-    - Fix type pikcle->pickle in multiprocessing test
-    - Fix pickling blueprints Change the string passed in the "name" section of the namedtuples in Blueprint to match the name of the Blueprint module attribute name. This allows blueprints to be pickled and unpickled, without errors, which is a requirment of running Sanic in multiprocessing mode in Windows. Added a test for pickling and unpickling blueprints Added a test for pickling and unpickling sanic itself Added a test for enabling multiprocessing on an app with a blueprint (only useful to catch this bug if the tests are run on Windows).
-    - Fix document for logging
-
-Version 0.8
------------
-0.8.3
-  - Changes:
-    - Ownership changed to org 'huge-success'
-
-0.8.0
-  - Changes:
-    - Add Server-Sent Events extension (Innokenty Lebedev)
-    - Graceful handling of request_handler_task cancellation (Ashley Sommer)
-    - Sanitize URL before redirection (aveao)
-    - Add url_bytes to request (johndoe46)
-    - py37 support for travisci (yunstanford)
-    - Auto reloader support for OSX (garyo)
-    - Add UUID route support (Volodymyr Maksymiv)
-    - Add pausable response streams (Ashley Sommer)
-    - Add weakref to request slots (vopankov)
-    - remove ubuntu 12.04 from test fixture due to deprecation (yunstanford)
-    - Allow streaming handlers in add_route (kinware)
-    - use travis_retry for tox (Raphael Deem)
-    - update aiohttp version for test client (yunstanford)
-    - add redirect import for clarity (yingshaoxo)
-    - Update HTTP Entity headers (Arnulfo Solís)
-    - Add register_listener method (Stephan Fitzpatrick)
-    - Remove uvloop/ujson dependencies for Windows (abuckenheimer)
-    - Content-length header on 204/304 responses (Arnulfo Solís)
-    - Extend WebSocketProtocol arguments and add docs (Bob Olde Hampsink, yunstanford)
-    - Update development status from pre-alpha to beta (Maksim Anisenkov)
-    - KeepAlive Timout log level changed to debug (Arnulfo Solís)
-    - Pin pytest to 3.3.2 because of pytest-dev/pytest#3170 (Maksim Aniskenov)
-    - Install Python 3.5 and 3.6 on docker container for tests (Shahin Azad)
-    - Add support for blueprint groups and nesting (Elias Tarhini)
-    - Remove uvloop for windows setup (Aleksandr Kurlov)
-    - Auto Reload (Yaser Amari)
-    - Documentation updates/fixups (multiple contributors)
-
-  - Fixes:
-    - Fix: auto_reload in Linux (Ashley Sommer)
-    - Fix: broken tests for aiohttp >= 3.3.0 (Ashley Sommer)
-    - Fix: disable auto_reload by default on windows (abuckenheimer)
-    - Fix (1143): Turn off access log with gunicorn (hqy)
-    - Fix (1268): Support status code for file response (Cosmo Borsky)
-    - Fix (1266): Add content_type flag to Sanic.static (Cosmo Borsky)
-    - Fix: subprotocols parameter missing from add_websocket_route (ciscorn)
-    - Fix (1242): Responses for CI header (yunstanford)
-    - Fix (1237): add version constraint for websockets (yunstanford)
-    - Fix (1231): memory leak - always release resource (Phillip Xu)
-    - Fix (1221): make request truthy if transport exists (Raphael Deem)
-    - Fix failing tests for aiohttp>=3.1.0 (Ashley Sommer)
-    - Fix try_everything examples (PyManiacGR, kot83)
-    - Fix (1158): default to auto_reload in debug mode (Raphael Deem)
-    - Fix (1136): ErrorHandler.response handler call too restrictive (Julien Castiaux)
-    - Fix: raw requires bytes-like object (cloudship)
-    - Fix (1120): passing a list in to a route decorator's host arg (Timothy Ebiuwhe)
-    - Fix: Bug in multipart/form-data parser (DirkGuijt)
-    - Fix: Exception for missing parameter when value is null (NyanKiyoshi)
-    - Fix: Parameter check (Howie Hu)
-    - Fix (1089): Routing issue with named parameters and different methods (yunstanford)
-    - Fix (1085): Signal handling in multi-worker mode (yunstanford)
-    - Fix: single quote in readme.rst (Cosven)
-    - Fix: method typos (Dmitry Dygalo)
-    - Fix: log_response correct output for ip and port (Wibowo Arindrarto)
-    - Fix (1042): Exception Handling (Raphael Deem)
-    - Fix: Chinese URIs (Howie Hu)
-    - Fix (1079): timeout bug when self.transport is None (Raphael Deem)
-    - Fix (1074): fix strict_slashes when route has slash (Raphael Deem)
-    - Fix (1050): add samesite cookie to cookie keys (Raphael Deem)
-    - Fix (1065): allow add_task after server starts (Raphael Deem)
-    - Fix (1061): double quotes in unauthorized exception (Raphael Deem)
-    - Fix (1062): inject the app in add_task method (Raphael Deem)
-    - Fix: update environment.yml for readthedocs (Eli Uriegas)
-    - Fix: Cancel request task when response timeout is triggered (Jeong YunWon)
-    - Fix (1052): Method not allowed response for RFC7231 compliance (Raphael Deem)
-    - Fix: IPv6 Address and Socket Data Format (Dan Palmer)
-
-Note: Changelog was unmaintained between 0.1 and 0.7
-
-Version 0.1
------------
- - 0.1.7
-  - Reversed static url and directory arguments to meet spec
- - 0.1.6
-  - Static files
-  - Lazy Cookie Loading
- - 0.1.5
-  - Cookies
-  - Blueprint listeners and ordering
-  - Faster Router
-  - Fix: Incomplete file reads on medium+ sized post requests
-  - Breaking: after_start and before_stop now pass sanic as their first argument
- - 0.1.4
-  - Multiprocessing
- - 0.1.3
-  - Blueprint support
-  - Faster Response processing
- - 0.1.1 - 0.1.2
-  - Struggling to update pypi via CI
- - 0.1.0
-  - Released to public

CHANGELOG.rst

@@ -0,0 +1,398 @@
+Version 19.6.3
+==============
+
+Features
+********
+
+- Enable Towncrier Support
+
+  As part of this feature, `towncrier` is being introduced as a mechanism to partially  automate the process
+  of generating and managing change logs as part of each of pull requests. (`#1631 <https://github.com/huge-success/sanic/issues/1631>`__)
+
+
+Improved Documentation
+**********************
+
+- Documentation infrastructure changes
+
+  - Enable having a single common `CHANGELOG` file for both GitHub page and documentation
+  - Fix Sphinix deprecation warnings
+  - Fix documentation warnings due to invalid `rst` indentation
+  - Enable common contribution guidelines file across GitHub and documentation via `CONTRIBUTING.rst` (`#1631 <https://github.com/huge-success/sanic/issues/1631>`__)
+
+
+Version 19.6.2
+==============
+
+Features
+********
+
+  * 
+    `#1562 <https://github.com/huge-success/sanic/pull/1562>`_
+    Remove ``aiohttp`` dependencey and create new ``SanicTestClient`` based upon
+    `requests-async <https://github.com/encode/requests-async>`_
+
+  * 
+    `#1475 <https://github.com/huge-success/sanic/pull/1475>`_
+    Added ASGI support (Beta)
+
+  * 
+    `#1436 <https://github.com/huge-success/sanic/pull/1436>`_
+    Add Configure support from object string
+
+
+Bugfixes
+********
+
+  * 
+    `#1587 <https://github.com/huge-success/sanic/pull/1587>`_
+    Add missing handle for Expect header.
+
+  * 
+    `#1560 <https://github.com/huge-success/sanic/pull/1560>`_
+    Allow to disable Transfer-Encoding: chunked.
+
+  * 
+    `#1558 <https://github.com/huge-success/sanic/pull/1558>`_
+    Fix graceful shutdown.
+
+  * 
+    `#1594 <https://github.com/huge-success/sanic/pull/1594>`_
+    Strict Slashes behavior fix
+
+Deprecations and Removals
+*************************
+
+  *
+    `#1544 <https://github.com/huge-success/sanic/pull/1544>`_
+    Drop dependency on distutil
+
+  * 
+    `#1562 <https://github.com/huge-success/sanic/pull/1562>`_
+    Drop support for Python 3.5
+
+  * 
+    `#1568 <https://github.com/huge-success/sanic/pull/1568>`_
+    Deprecate route removal.
+
+.. warning::
+    Sanic will not support Python 3.5 from version 19.6 and forward. However,
+    version 18.12LTS will have its support period extended thru December 2020, and
+    therefore passing Python's official support version 3.5, which is set to expire
+    in September 2020.
+
+
+Version 19.3
+============
+
+Features
+********
+
+  * 
+    `#1497 <https://github.com/huge-success/sanic/pull/1497>`_
+    Add support for zero-length and RFC 5987 encoded filename for
+    multipart/form-data requests.
+
+  * 
+    `#1484 <https://github.com/huge-success/sanic/pull/1484>`_
+    The type of ``expires`` attribute of ``sanic.cookies.Cookie`` is now
+    enforced to be of type ``datetime``.
+
+  * 
+    `#1482 <https://github.com/huge-success/sanic/pull/1482>`_
+    Add support for the ``stream`` parameter of ``sanic.Sanic.add_route()``
+    available to ``sanic.Blueprint.add_route()``.
+
+  * 
+    `#1481 <https://github.com/huge-success/sanic/pull/1481>`_
+    Accept negative values for route parameters with type ``int`` or ``number``.
+
+  * 
+    `#1476 <https://github.com/huge-success/sanic/pull/1476>`_
+    Deprecated the use of ``sanic.request.Request.raw_args`` - it has a
+    fundamental flaw in which is drops repeated query string parameters.
+    Added ``sanic.request.Request.query_args`` as a replacement for the
+    original use-case.
+
+  * 
+    `#1472 <https://github.com/huge-success/sanic/pull/1472>`_
+    Remove an unwanted ``None`` check in Request class ``repr`` implementation.
+    This changes the default ``repr`` of a Request from ``<Request>`` to
+    ``<Request: None />``
+
+  * 
+    `#1470 <https://github.com/huge-success/sanic/pull/1470>`_
+    Added 2 new parameters to ``sanic.app.Sanic.create_server``\ :
+
+
+    * ``return_asyncio_server`` - whether to return an asyncio.Server.
+    * ``asyncio_server_kwargs`` - kwargs to pass to ``loop.create_server`` for
+      the event loop that sanic is using.
+
+    This is a breaking change.
+
+  * 
+    `#1499 <https://github.com/huge-success/sanic/pull/1499>`_
+    Added a set of test cases that test and benchmark route resolution.
+
+  * 
+    `#1457 <https://github.com/huge-success/sanic/pull/1457>`_
+    The type of the ``"max-age"`` value in a ``sanic.cookies.Cookie`` is now
+    enforced to be an integer. Non-integer values are replaced with ``0``.
+
+  * 
+    `#1445 <https://github.com/huge-success/sanic/pull/1445>`_
+    Added the ``endpoint`` attribute to an incoming ``request``\ , containing the
+    name of the handler function.
+
+  * 
+    `#1423 <https://github.com/huge-success/sanic/pull/1423>`_
+    Improved request streaming. ``request.stream`` is now a bounded-size buffer
+    instead of an unbounded queue. Callers must now call
+    ``await request.stream.read()`` instead of ``await request.stream.get()``
+    to read each portion of the body.
+
+    This is a breaking change.
+
+Bugfixes
+********
+
+
+  * 
+    `#1502 <https://github.com/huge-success/sanic/pull/1502>`_
+    Sanic was prefetching ``time.time()`` and updating it once per second to
+    avoid excessive ``time.time()`` calls. The implementation was observed to
+    cause memory leaks in some cases. The benefit of the prefetch appeared
+    to negligible, so this has been removed. Fixes
+    `#1500 <https://github.com/huge-success/sanic/pull/1500>`_
+
+  * 
+    `#1501 <https://github.com/huge-success/sanic/pull/1501>`_
+    Fix a bug in the auto-reloader when the process was launched as a module
+    i.e. ``python -m init0.mod1`` where the sanic server is started
+    in ``init0/mod1.py`` with ``debug`` enabled and imports another module in
+    ``init0``.
+
+  * 
+    `#1376 <https://github.com/huge-success/sanic/pull/1376>`_
+    Allow sanic test client to bind to a random port by specifying
+    ``port=None`` when constructing a ``SanicTestClient``
+
+  * 
+    `#1399 <https://github.com/huge-success/sanic/pull/1399>`_
+    Added the ability to specify middleware on a blueprint group, so that all
+    routes produced from the blueprints in the group have the middleware
+    applied.
+
+  * 
+    `#1442 <https://github.com/huge-success/sanic/pull/1442>`_
+    Allow the the use the ``SANIC_ACCESS_LOG`` environment variable to
+    enable/disable the access log when not explicitly passed to ``app.run()``.
+    This allows the access log to be disabled for example when running via
+    gunicorn.
+
+Developer infrastructure
+************************
+
+  * `#1529 <https://github.com/huge-success/sanic/pull/1529>`_ Update project PyPI credentials
+  * `#1515 <https://github.com/huge-success/sanic/pull/1515>`_ fix linter issue causing travis build failures (fix #1514)
+  * `#1490 <https://github.com/huge-success/sanic/pull/1490>`_ Fix python version in doc build
+  * `#1478 <https://github.com/huge-success/sanic/pull/1478>`_ Upgrade setuptools version and use native docutils in doc build
+  * `#1464 <https://github.com/huge-success/sanic/pull/1464>`_ Upgrade pytest, and fix caplog unit tests
+
+Improved Documentation
+**********************
+
+  * `#1516 <https://github.com/huge-success/sanic/pull/1516>`_ Fix typo at the exception documentation
+  * `#1510 <https://github.com/huge-success/sanic/pull/1510>`_ fix typo in Asyncio example
+  * `#1486 <https://github.com/huge-success/sanic/pull/1486>`_ Documentation typo
+  * `#1477 <https://github.com/huge-success/sanic/pull/1477>`_ Fix grammar in README.md
+  * `#1489 <https://github.com/huge-success/sanic/pull/1489>`_ Added "databases" to the extensions list
+  * `#1483 <https://github.com/huge-success/sanic/pull/1483>`_ Add sanic-zipkin to extensions list
+  * `#1487 <https://github.com/huge-success/sanic/pull/1487>`_ Removed link to deleted repo, Sanic-OAuth, from the extensions list
+  * `#1460 <https://github.com/huge-success/sanic/pull/1460>`_ 18.12 changelog
+  * `#1449 <https://github.com/huge-success/sanic/pull/1449>`_ Add example of amending request object
+  * `#1446 <https://github.com/huge-success/sanic/pull/1446>`_ Update README
+  * `#1444 <https://github.com/huge-success/sanic/pull/1444>`_ Update README
+  * `#1443 <https://github.com/huge-success/sanic/pull/1443>`_ Update README, including new logo
+  * `#1440 <https://github.com/huge-success/sanic/pull/1440>`_ fix minor type and pip install instruction mismatch
+  * `#1424 <https://github.com/huge-success/sanic/pull/1424>`_ Documentation Enhancements
+
+Note: 19.3.0 was skipped for packagement purposes and not released on PyPI
+
+Version 18.12
+=============
+
+18.12.0
+*******
+
+* 
+  Changes:
+
+
+  * Improved codebase test coverage from 81% to 91%.
+  * Added stream_large_files and host examples in static_file document
+  * Added methods to append and finish body content on Request (#1379)
+  * Integrated with .appveyor.yml for windows ci support
+  * Added documentation for AF_INET6 and AF_UNIX socket usage
+  * Adopt black/isort for codestyle
+  * Cancel task when connection_lost
+  * Simplify request ip and port retrieval logic
+  * Handle config error in load config file.
+  * Integrate with codecov for CI
+  * Add missed documentation for config section.
+  * Deprecate Handler.log
+  * Pinned httptools requirement to version 0.0.10+
+
+* 
+  Fixes:
+
+
+  * Fix ``remove_entity_headers`` helper function (#1415)
+  * Fix TypeError when use Blueprint.group() to group blueprint with default url_prefix, Use os.path.normpath to avoid invalid url_prefix like api//v1
+    f8a6af1 Rename the ``http`` module to ``helpers`` to prevent conflicts with the built-in Python http library (fixes #1323)
+  * Fix unittests on windows
+  * Fix Namespacing of sanic logger
+  * Fix missing quotes in decorator example
+  * Fix redirect with quoted param
+  * Fix doc for latest blueprint code
+  * Fix build of latex documentation relating to markdown lists
+  * Fix loop exception handling in app.py
+  * Fix content length mismatch in windows and other platform
+  * Fix Range header handling for static files (#1402)
+  * Fix the logger and make it work (#1397)
+  * Fix type pikcle->pickle in multiprocessing test
+  * Fix pickling blueprints Change the string passed in the "name" section of the namedtuples in Blueprint to match the name of the Blueprint module attribute name. This allows blueprints to be pickled and unpickled, without errors, which is a requirment of running Sanic in multiprocessing mode in Windows. Added a test for pickling and unpickling blueprints Added a test for pickling and unpickling sanic itself Added a test for enabling multiprocessing on an app with a blueprint (only useful to catch this bug if the tests are run on Windows).
+  * Fix document for logging
+
+Version 0.8
+===========
+
+0.8.3
+*****
+
+* Changes:
+
+  * Ownership changed to org 'huge-success'
+
+0.8.0
+*****
+
+* Changes:
+
+
+  * Add Server-Sent Events extension (Innokenty Lebedev)
+  * Graceful handling of request_handler_task cancellation (Ashley Sommer)
+  * Sanitize URL before redirection (aveao)
+  * Add url_bytes to request (johndoe46)
+  * py37 support for travisci (yunstanford)
+  * Auto reloader support for OSX (garyo)
+  * Add UUID route support (Volodymyr Maksymiv)
+  * Add pausable response streams (Ashley Sommer)
+  * Add weakref to request slots (vopankov)
+  * remove ubuntu 12.04 from test fixture due to deprecation (yunstanford)
+  * Allow streaming handlers in add_route (kinware)
+  * use travis_retry for tox (Raphael Deem)
+  * update aiohttp version for test client (yunstanford)
+  * add redirect import for clarity (yingshaoxo)
+  * Update HTTP Entity headers (Arnulfo Solís)
+  * Add register_listener method (Stephan Fitzpatrick)
+  * Remove uvloop/ujson dependencies for Windows (abuckenheimer)
+  * Content-length header on 204/304 responses (Arnulfo Solís)
+  * Extend WebSocketProtocol arguments and add docs (Bob Olde Hampsink, yunstanford)
+  * Update development status from pre-alpha to beta (Maksim Anisenkov)
+  * KeepAlive Timout log level changed to debug (Arnulfo Solís)
+  * Pin pytest to 3.3.2 because of pytest-dev/pytest#3170 (Maksim Aniskenov)
+  * Install Python 3.5 and 3.6 on docker container for tests (Shahin Azad)
+  * Add support for blueprint groups and nesting (Elias Tarhini)
+  * Remove uvloop for windows setup (Aleksandr Kurlov)
+  * Auto Reload (Yaser Amari)
+  * Documentation updates/fixups (multiple contributors)
+
+* Fixes:
+
+
+  * Fix: auto_reload in Linux (Ashley Sommer)
+  * Fix: broken tests for aiohttp >= 3.3.0 (Ashley Sommer)
+  * Fix: disable auto_reload by default on windows (abuckenheimer)
+  * Fix (1143): Turn off access log with gunicorn (hqy)
+  * Fix (1268): Support status code for file response (Cosmo Borsky)
+  * Fix (1266): Add content_type flag to Sanic.static (Cosmo Borsky)
+  * Fix: subprotocols parameter missing from add_websocket_route (ciscorn)
+  * Fix (1242): Responses for CI header (yunstanford)
+  * Fix (1237): add version constraint for websockets (yunstanford)
+  * Fix (1231): memory leak - always release resource (Phillip Xu)
+  * Fix (1221): make request truthy if transport exists (Raphael Deem)
+  * Fix failing tests for aiohttp>=3.1.0 (Ashley Sommer)
+  * Fix try_everything examples (PyManiacGR, kot83)
+  * Fix (1158): default to auto_reload in debug mode (Raphael Deem)
+  * Fix (1136): ErrorHandler.response handler call too restrictive (Julien Castiaux)
+  * Fix: raw requires bytes-like object (cloudship)
+  * Fix (1120): passing a list in to a route decorator's host arg (Timothy Ebiuwhe)
+  * Fix: Bug in multipart/form-data parser (DirkGuijt)
+  * Fix: Exception for missing parameter when value is null (NyanKiyoshi)
+  * Fix: Parameter check (Howie Hu)
+  * Fix (1089): Routing issue with named parameters and different methods (yunstanford)
+  * Fix (1085): Signal handling in multi-worker mode (yunstanford)
+  * Fix: single quote in readme.rst (Cosven)
+  * Fix: method typos (Dmitry Dygalo)
+  * Fix: log_response correct output for ip and port (Wibowo Arindrarto)
+  * Fix (1042): Exception Handling (Raphael Deem)
+  * Fix: Chinese URIs (Howie Hu)
+  * Fix (1079): timeout bug when self.transport is None (Raphael Deem)
+  * Fix (1074): fix strict_slashes when route has slash (Raphael Deem)
+  * Fix (1050): add samesite cookie to cookie keys (Raphael Deem)
+  * Fix (1065): allow add_task after server starts (Raphael Deem)
+  * Fix (1061): double quotes in unauthorized exception (Raphael Deem)
+  * Fix (1062): inject the app in add_task method (Raphael Deem)
+  * Fix: update environment.yml for readthedocs (Eli Uriegas)
+  * Fix: Cancel request task when response timeout is triggered (Jeong YunWon)
+  * Fix (1052): Method not allowed response for RFC7231 compliance (Raphael Deem)
+  * Fix: IPv6 Address and Socket Data Format (Dan Palmer)
+
+Note: Changelog was unmaintained between 0.1 and 0.7
+
+Version 0.1
+===========
+
+
+0.1.7
+*****
+
+  * Reversed static url and directory arguments to meet spec
+
+0.1.6
+*****
+
+  * Static files
+  * Lazy Cookie Loading
+
+0.1.5
+*****
+
+  * Cookies
+  * Blueprint listeners and ordering
+  * Faster Router
+  * Fix: Incomplete file reads on medium+ sized post requests
+  * Breaking: after_start and before_stop now pass sanic as their first argument
+
+0.1.4
+*****
+
+  * Multiprocessing
+
+0.1.3
+*****
+
+  * Blueprint support
+  * Faster Response processing
+
+0.1.1 - 0.1.2
+*************
+
+  * Struggling to update pypi via CI
+
+0.1.0
+*****
+
+  * Released to public

CONTRIBUTING.md

@@ -1,141 +0,0 @@
-# Contributing
-
-Thank you for your interest! Sanic is always looking for contributors. If you
-don't feel comfortable contributing code, adding docstrings to the source files
-is very appreciated.
-
-We are committed to providing a friendly, safe and welcoming environment for all,
-regardless of gender, sexual orientation, disability, ethnicity, religion,
-or similar personal characteristic.
-Our [code of conduct](./CONDUCT.md) sets the standards for behavior.
-
-## Installation
-
-To develop on sanic (and mainly to just run the tests) it is highly recommend to
-install from sources.
-
-So assume you have already cloned the repo and are in the working directory with
-a virtual environment already set up, then run:
-
-```bash
-pip3 install -e . ".[dev]"
-```
-
-# Dependency Changes
-
-`Sanic` doesn't use `requirements*.txt` files to manage any kind of dependencies related to it in order to simplify the
-effort required in managing the dependencies. Please make sure you have read and understood the following section of
-the document that explains the way `sanic` manages dependencies inside the `setup.py` file.
-
-| Dependency Type                           | Usage                                                                      | Installation                 |
-| ------------------------------------------| -------------------------------------------------------------------------- | ---------------------------  |
-| requirements                              | Bare minimum dependencies required for sanic to function                   | pip3 install -e .            |
-| tests_require / extras_require['test']    | Dependencies required to run the Unit Tests for `sanic`                    | pip3 install -e '.[test]'    |
-| extras_require['dev']                     | Additional Development requirements to add contributing                    | pip3 install -e '.[dev]'     |
-| extras_require['docs']                    | Dependencies required to enable building and enhancing sanic documentation | pip3 install -e '.[docs]'    |
-
-## Running all tests 
-To run the tests for Sanic it is recommended to use tox like so:
-
-```bash
-tox
-```
-See it's that simple!
-
-`tox.ini` contains different environments. Running `tox` without any arguments will 
-run all unittests, perform lint and other checks. 
-
-## Run unittests : 
-`tox` environment -> `[testenv]`
-
-To execute only unittests, run `tox` with environment like so: 
-
-```bash
-tox -e py36 -v -- tests/test_config.py
-# or 
-tox -e py37 -v -- tests/test_config.py
-```
-
-## Run lint checks : 
-`tox` environment -> `[testenv:lint]`
-
-Permform `flake8`, `black` and `isort` checks.
-```bash
-tox -e lint
-```
-
-## Run other checks : 
-`tox` environment -> `[testenv:check]`
-
-Perform other checks.
-```bash
-tox -e check
-```
-
-# Code Style 
-To maintain the code consistency, Sanic uses following tools. 
-
-1. [isort](https://github.com/timothycrosley/isort)
-2. [black](https://github.com/python/black)
-2. [flake8](https://github.com/PyCQA/flake8)
-
-
-## isort
-`isort` sorts Python imports. It divides imports into three 
-categories sorted each in alphabetical order. 
-  1. built-in
-  2. third-party
-  3. project-specific
-
-## black
-`black` is a Python code formatter.
-
-## flake8
-`flake8` is a Python style guide that wraps following tools into one.
-1. PyFlakes
-2. pycodestyle
-3. Ned Batchelder's McCabe script 
-
-`isort`, `black` and `flake8` checks are performed during `tox` lint checks. 
-
-Refer [tox](https://tox.readthedocs.io/en/latest/index.html) documentation for more details.
-
-## Pull requests!
-
-So the pull request approval rules are pretty simple:
-1. All pull requests must pass unit tests.
-2. All pull requests must be reviewed and approved by at least
-  one current collaborator on the project.
-3. All pull requests must pass flake8 checks.
-4. All pull requests must be consistent with the existing code.
-5. If you decide to remove/change anything from any common interface
-  a deprecation message should accompany it.
-6. If you implement a new feature you should have at least one unit
-  test to accompany it.
-7. An example must be one of the following:
-  * Example of how to use Sanic
-  * Example of how to use Sanic extensions
-  * Example of how to use Sanic and asynchronous library
-
-## Documentation
-
-Sanic's documentation is built
-using [sphinx](http://www.sphinx-doc.org/en/1.5.1/). Guides are written in
-Markdown and can be found in the `docs` folder, while the module reference is
-automatically generated using `sphinx-apidoc`.
-
-To generate the documentation from scratch:
-
-```bash
-sphinx-apidoc -fo docs/_api/ sanic
-sphinx-build -b html docs docs/_build
-```
-
-The HTML documentation will be created in the `docs/_build` folder.
-
-## Warning
-
-One of the main goals of Sanic is speed. Code that lowers the performance of
-Sanic without significant gains in usability, security, or features may not be
-merged. Please don't let this intimidate you! If you have any concerns about an
-idea, open an issue for discussion and help.

CONTRIBUTING.rst

@@ -0,0 +1,252 @@
+
+Contributing
+============
+
+Thank you for your interest! Sanic is always looking for contributors. If you
+don't feel comfortable contributing code, adding docstrings to the source files
+is very appreciated.
+
+We are committed to providing a friendly, safe and welcoming environment for all,
+regardless of gender, sexual orientation, disability, ethnicity, religion,
+or similar personal characteristic.
+Our `code of conduct <./CONDUCT.md>`_ sets the standards for behavior.
+
+Installation
+------------
+
+To develop on sanic (and mainly to just run the tests) it is highly recommend to
+install from sources.
+
+So assume you have already cloned the repo and are in the working directory with
+a virtual environment already set up, then run:
+
+.. code-block:: bash
+
+   pip3 install -e . ".[dev]"
+
+Dependency Changes
+------------------
+
+``Sanic`` doesn't use ``requirements*.txt`` files to manage any kind of dependencies related to it in order to simplify the
+effort required in managing the dependencies. Please make sure you have read and understood the following section of
+the document that explains the way ``sanic`` manages dependencies inside the ``setup.py`` file.
+
+.. list-table::
+   :header-rows: 1
+
+   * - Dependency Type
+     - Usage
+     - Installation
+   * - requirements
+     - Bare minimum dependencies required for sanic to function
+     - ``pip3 install -e .``
+   * - tests_require / extras_require['test']
+     - Dependencies required to run the Unit Tests for ``sanic``
+     - ``pip3 install -e '.[test]'``
+   * - extras_require['dev']
+     - Additional Development requirements to add contributing
+     - ``pip3 install -e '.[dev]'``
+   * - extras_require['docs']
+     - Dependencies required to enable building and enhancing sanic documentation
+     - ``pip3 install -e '.[docs]'``
+
+
+Running all tests
+-----------------
+
+To run the tests for Sanic it is recommended to use tox like so:
+
+.. code-block:: bash
+
+   tox
+
+See it's that simple!
+
+``tox.ini`` contains different environments. Running ``tox`` without any arguments will
+run all unittests, perform lint and other checks.
+
+Run unittests
+-------------
+
+``tox`` environment -> ``[testenv]`
+
+To execute only unittests, run ``tox`` with environment like so:
+
+.. code-block:: bash
+
+   tox -e py36 -v -- tests/test_config.py
+   # or
+   tox -e py37 -v -- tests/test_config.py
+
+Run lint checks
+---------------
+
+``tox`` environment -> ``[testenv:lint]``
+
+Permform ``flake8``\ , ``black`` and ``isort`` checks.
+
+.. code-block:: bash
+
+   tox -e lint
+
+Run other checks
+----------------
+
+``tox`` environment -> ``[testenv:check]``
+
+Perform other checks.
+
+.. code-block:: bash
+
+   tox -e check
+
+Run Static Analysis
+-------------------
+
+``tox`` environment -> ``[testenv:security]``
+
+Perform static analysis security scan
+
+.. code-block:: bash
+
+   tox -e security
+
+Run Documentation sanity check
+------------------------------
+
+``tox`` environment -> ``[testenv:docs]``
+
+Perform sanity check on documentation
+
+.. code-block:: bash
+
+   tox -e docs
+
+
+Code Style
+----------
+
+To maintain the code consistency, Sanic uses following tools.
+
+
+#. `isort <https://github.com/timothycrosley/isort>`_
+#. `black <https://github.com/python/black>`_
+#. `flake8 <https://github.com/PyCQA/flake8>`_
+
+isort
+*****
+
+``isort`` sorts Python imports. It divides imports into three
+categories sorted each in alphabetical order.
+
+
+#. built-in
+#. third-party
+#. project-specific
+
+black
+*****
+
+``black`` is a Python code formatter.
+
+flake8
+******
+
+``flake8`` is a Python style guide that wraps following tools into one.
+
+
+#. PyFlakes
+#. pycodestyle
+#. Ned Batchelder's McCabe script
+
+``isort``\ , ``black`` and ``flake8`` checks are performed during ``tox`` lint checks.
+
+Refer `tox <https://tox.readthedocs.io/en/latest/index.html>`_ documentation for more details.
+
+Pull requests
+-------------
+
+So the pull request approval rules are pretty simple:
+
+#. All pull requests must have a changelog details associated with it.
+#. All pull requests must pass unit tests.
+#. All pull requests must be reviewed and approved by at least one current collaborator on the project.
+#. All pull requests must pass flake8 checks.
+#. All pull requests must be consistent with the existing code.
+#. If you decide to remove/change anything from any common interface a deprecation message should accompany it.
+#. If you implement a new feature you should have at least one unit test to accompany it.
+#. An example must be one of the following:
+
+   * Example of how to use Sanic
+   * Example of how to use Sanic extensions
+   * Example of how to use Sanic and asynchronous library
+
+
+Changelog
+---------
+
+It is mandatory to add documentation for Change log as part of your Pull request when you fix/contribute something
+to the ``sanic`` community. This will enable us in generating better and well defined change logs during the
+release which can aid community users in a great way.
+
+.. note::
+
+    Single line explaining the details of the PR in brief
+
+    Detailed description of what the PR is about and what changes or enhancements are being done.
+    No need to include examples or any other details here. But it is important that you provide
+    enough context here to let user understand what this change is all about and why it is being
+    introduced into the ``sanic`` codebase.
+
+    Make sure you leave an line space after the first line to make sure the document rendering is clean
+
+
+.. list-table::
+   :header-rows: 1
+
+   * - Contribution Type
+     - Changelog file name format
+     - Changelog file location
+   * - Features
+     - <git_issue>.feature.rst
+     - ``changelogs``
+   * - Bugfixes
+     - <git_issue>.bugfix.rst
+     - ``changelogs``
+   * - Improved Documentation
+     - <git_issue>.doc.rst
+     - ``changelogs``
+   * - Deprecations and Removals
+     - <git_issue>.removal.rst
+     - ``changelogs``
+   * - Miscellaneous internal changes
+     - <git_issue>.misc.rst
+     - ``changelogs``
+
+
+Documentation
+-------------
+
+Sanic's documentation is built
+using `sphinx <http://www.sphinx-doc.org/en/1.5.1/>`_. Guides are written in
+Markdown and can be found in the ``docs`` folder, while the module reference is
+automatically generated using ``sphinx-apidoc``.
+
+To generate the documentation from scratch:
+
+.. code-block:: bash
+
+   sphinx-apidoc -fo docs/_api/ sanic
+   sphinx-build -b html docs docs/_build
+
+   # There is a simple make command provided to ease the work required in generating
+   # the documentation
+   make docs
+
+The HTML documentation will be created in the ``docs/_build`` folder.
+
+.. warning::
+   One of the main goals of Sanic is speed. Code that lowers the performance of
+   Sanic without significant gains in usability, security, or features may not be
+   merged. Please don't let this intimidate you! If you have any concerns about an
+   idea, open an issue for discussion and help.

Makefile

@@ -13,12 +13,28 @@ help:
 	@echo "docker-test"
 	@echo "		Run Sanic Unit Tests using Docker"
 	@echo "black"
-	@echo " 	Analyze and fix linting issues using Black"
+	@echo "		Analyze and fix linting issues using Black"
 	@echo "fix-import"
 	@echo "		Analyze and fix import order using isort"
 	@echo "beautify [sort_imports=1] [include_tests=1]"
-	@echo " 	Analyze and fix linting issue using black and optionally fix import sort using isort"
+	@echo "		Analyze and fix linting issue using black and optionally fix import sort using isort"
 	@echo ""
+	@echo "docs"
+	@echo "		Generate Sanic documentation"
+	@echo ""
+	@echo "clean-docs"
+	@echo "		Clean Sanic documentation"
+	@echo ""
+	@echo "docs-test"
+	@echo "		Test Sanic Documentation for errors"
+	@echo ""
+	@echo "changelog"
+	@echo "		Generate changelog for Sanic to prepare for new release"
+	@echo ""
+	@echo "release"
+	@echo "		Prepare Sanic for a new changes by version bump and changelog"
+	@echo ""
+
 
 clean:
 	find . ! -path "./.eggs/*" -name "*.pyc" -exec rm {} \;
@@ -56,3 +72,24 @@ black:
 
 fix-import: black
 	isort -rc sanic tests
+
+
+docs-clean:
+	cd docs && make clean
+
+docs: docs-clean
+	cd docs && make html
+
+docs-test: docs-clean
+	cd docs && make dummy
+
+changelog:
+	python scripts/changelog.py
+
+release:
+ifdef version
+	python scripts/release.py --release-version ${version} --generate-changelog
+else
+	python scripts/release.py --generate-changelog
+endif
+

README.rst

@@ -131,7 +131,7 @@ Documentation
 Changelog
 ---------
 
-`Release Changelogs <https://github.com/huge-success/sanic/blob/master/CHANGELOG.md>`_.
+`Release Changelogs <https://github.com/huge-success/sanic/blob/master/CHANGELOG.rst>`_.
 
    
 Questions and Discussion
@@ -142,4 +142,4 @@ Questions and Discussion
 Contribution
 ------------
 
-We are always happy to have new contributions. We have `marked issues good for anyone looking to get started <https://github.com/huge-success/sanic/issues?q=is%3Aopen+is%3Aissue+label%3Abeginner>`_, and welcome `questions on the forums <https://community.sanicframework.org/>`_. Please take a look at our `Contribution guidelines <https://github.com/huge-success/sanic/blob/master/CONTRIBUTING.md>`_.
+We are always happy to have new contributions. We have `marked issues good for anyone looking to get started <https://github.com/huge-success/sanic/issues?q=is%3Aopen+is%3Aissue+label%3Abeginner>`_, and welcome `questions on the forums <https://community.sanicframework.org/>`_. Please take a look at our `Contribution guidelines <https://sanic.readthedocs.io/en/latest/sanic/contributing.html>`_.

changelogs/.gitignore

@@ -0,0 +1,2 @@
+# Except this file
+!.gitignore

docs/conf.py

@@ -10,10 +10,8 @@
 import os
 import sys
 
-# Add support for Markdown documentation using Recommonmark
-from recommonmark.parser import CommonMarkParser
-
 # Add support for auto-doc
+import recommonmark
 from recommonmark.transform import AutoStructify
 
 # Ensure that sanic is present in the path, to allow sphinx-apidoc to
@@ -25,12 +23,11 @@ import sanic
 
 # -- General configuration ------------------------------------------------
 
-extensions = ['sphinx.ext.autodoc', 'sphinxcontrib.asyncio']
+extensions = ['sphinx.ext.autodoc', "recommonmark"]
 
 templates_path = ['_templates']
 
 # Enable support for both Restructured Text and Markdown
-source_parsers = {'.md': CommonMarkParser}
 source_suffix = ['.rst', '.md']
 
 # The master toctree document.
@@ -149,6 +146,6 @@ suppress_warnings = ['image.nonlocal_uri']
 def setup(app):
     app.add_config_value('recommonmark_config', {
         'enable_eval_rst': True,
-        'enable_auto_doc_ref': True,
+        'enable_auto_doc_ref': False,
     }, True)
     app.add_transform(AutoStructify)

docs/sanic/changelog.md

@@ -1,288 +0,0 @@
-# Changelog
-
-## Version 19.6
-
-  - Changes:
-    - [#1562](https://github.com/huge-success/sanic/pull/1562)
-      Remove `aiohttp` dependencey and create new `SanicTestClient` based upon
-      [`requests-async`](https://github.com/encode/requests-async).
-
-    - [#1475](https://github.com/huge-success/sanic/pull/1475)
-      Added ASGI support (Beta)
-
-    - [#1436](https://github.com/huge-success/sanic/pull/1436)
-      Add Configure support from object string
-
-    - [#1544](https://github.com/huge-success/sanic/pull/1544)
-      Drop dependency on distutil
-
-  - Fixes:
-    - [#1587](https://github.com/huge-success/sanic/pull/1587)
-      Add missing handle for Expect header.
-
-    - [#1560](https://github.com/huge-success/sanic/pull/1560)
-      Allow to disable Transfer-Encoding: chunked.
-
-    - [#1558](https://github.com/huge-success/sanic/pull/1558)
-      Fix graceful shutdown.
-
-    - [#1594](https://github.com/huge-success/sanic/pull/1594)
-      Strict Slashes behavior fix
-
-  - Deprecation:
-    - [#1562](https://github.com/huge-success/sanic/pull/1562)
-      Drop support for Python 3.5
-
-    - [#1568](https://github.com/huge-success/sanic/pull/1568)
-      Deprecate route removal.
-
-Note: Sanic will not support Python 3.5 from version 19.6 and forward. However,
-version 18.12LTS will have its support period extended thru December 2020, and
-therefore passing Python's official support version 3.5, which is set to expire
-in September 2020.
-
-
-## Version 19.3
-
-  - Changes:
-    - [#1497](https://github.com/huge-success/sanic/pull/1497)
-      Add support for zero-length and RFC 5987 encoded filename for
-      multipart/form-data requests.
-
-    - [#1484](https://github.com/huge-success/sanic/pull/1484)
-      The type of `expires` attribute of `sanic.cookies.Cookie` is now
-      enforced to be of type `datetime`.
-
-    - [#1482](https://github.com/huge-success/sanic/pull/1482)
-      Add support for the `stream` parameter of `sanic.Sanic.add_route()`
-      available to `sanic.Blueprint.add_route()`.
-
-    - [#1481](https://github.com/huge-success/sanic/pull/1481)
-      Accept negative values for route parameters with type `int` or `number`.
-
-    - [#1476](https://github.com/huge-success/sanic/pull/1476)
-      Deprecated the use of `sanic.request.Request.raw_args` - it has a
-      fundamental flaw in which is drops repeated query string parameters.
-      Added `sanic.request.Request.query_args` as a replacement for the
-      original use-case.
-
-    - [#1472](https://github.com/huge-success/sanic/pull/1472)
-      Remove an unwanted `None` check in Request class `repr` implementation.
-      This changes the default `repr` of a Request from `<Request>` to
-      `<Request: None />`
-
-    - [#1470](https://github.com/huge-success/sanic/pull/1470)
-      Added 2 new parameters to `sanic.app.Sanic.create_server`:
-      - `return_asyncio_server` - whether to return an asyncio.Server.
-      - `asyncio_server_kwargs` - kwargs to pass to `loop.create_server` for
-        the event loop that sanic is using.
-
-      This is a breaking change.
-
-    - [#1499](https://github.com/huge-success/sanic/pull/1499)
-      Added a set of test cases that test and benchmark route resolution.
-
-    - [#1457](https://github.com/huge-success/sanic/pull/1457)
-      The type of the `"max-age"` value in a `sanic.cookies.Cookie` is now
-      enforced to be an integer. Non-integer values are replaced with `0`.
-
-    - [#1445](https://github.com/huge-success/sanic/pull/1445)
-      Added the `endpoint` attribute to an incoming `request`, containing the
-      name of the handler function.
-
-    - [#1423](https://github.com/huge-success/sanic/pull/1423)
-      Improved request streaming. `request.stream` is now a bounded-size buffer
-      instead of an unbounded queue. Callers must now call
-      `await request.stream.read()` instead of `await request.stream.get()`
-      to read each portion of the body.
-
-      This is a breaking change.
-
-  - Fixes:
-    - [#1502](https://github.com/huge-success/sanic/pull/1502)
-      Sanic was prefetching `time.time()` and updating it once per second to
-      avoid excessive `time.time()` calls. The implementation was observed to
-      cause memory leaks in some cases. The benefit of the prefetch appeared
-      to negligible, so this has been removed. Fixes
-      [#1500](https://github.com/huge-success/sanic/pull/1500)
-
-    - [#1501](https://github.com/huge-success/sanic/pull/1501)
-      Fix a bug in the auto-reloader when the process was launched as a module
-      i.e. `python -m init0.mod1` where the sanic server is started
-      in `init0/mod1.py` with `debug` enabled and imports another module in
-      `init0`.
-
-    - [#1376](https://github.com/huge-success/sanic/pull/1376)
-      Allow sanic test client to bind to a random port by specifying
-      `port=None` when constructing a `SanicTestClient`
-
-    - [#1399](https://github.com/huge-success/sanic/pull/1399)
-      Added the ability to specify middleware on a blueprint group, so that all
-      routes produced from the blueprints in the group have the middleware
-      applied.
-
-    - [#1442](https://github.com/huge-success/sanic/pull/1442)
-      Allow the the use the `SANIC_ACCESS_LOG` environment variable to
-      enable/disable the access log when not explicitly passed to `app.run()`.
-      This allows the access log to be disabled for example when running via
-      gunicorn.
-
-  - Developer infrastructure:
-    - [#1529](https://github.com/huge-success/sanic/pull/1529) Update project PyPI credentials
-    - [#1515](https://github.com/huge-success/sanic/pull/1515) fix linter issue causing travis build failures (fix #1514)
-    - [#1490](https://github.com/huge-success/sanic/pull/1490) Fix python version in doc build
-    - [#1478](https://github.com/huge-success/sanic/pull/1478) Upgrade setuptools version and use native docutils in doc build
-    - [#1464](https://github.com/huge-success/sanic/pull/1464) Upgrade pytest, and fix caplog unit tests
-
-  - Typos and Documentation:
-    - [#1516](https://github.com/huge-success/sanic/pull/1516) Fix typo at the exception documentation
-    - [#1510](https://github.com/huge-success/sanic/pull/1510) fix typo in Asyncio example
-    - [#1486](https://github.com/huge-success/sanic/pull/1486) Documentation typo
-    - [#1477](https://github.com/huge-success/sanic/pull/1477) Fix grammar in README.md
-    - [#1489](https://github.com/huge-success/sanic/pull/1489) Added "databases" to the extensions list
-    - [#1483](https://github.com/huge-success/sanic/pull/1483) Add sanic-zipkin to extensions list
-    - [#1487](https://github.com/huge-success/sanic/pull/1487) Removed link to deleted repo, Sanic-OAuth, from the extensions list
-    - [#1460](https://github.com/huge-success/sanic/pull/1460) 18.12 changelog
-    - [#1449](https://github.com/huge-success/sanic/pull/1449) Add example of amending request object
-    - [#1446](https://github.com/huge-success/sanic/pull/1446) Update README
-    - [#1444](https://github.com/huge-success/sanic/pull/1444) Update README
-    - [#1443](https://github.com/huge-success/sanic/pull/1443) Update README, including new logo
-    - [#1440](https://github.com/huge-success/sanic/pull/1440) fix minor type and pip install instruction mismatch
-    - [#1424](https://github.com/huge-success/sanic/pull/1424) Documentation Enhancements
-
-Note: 19.3.0 was skipped for packagement purposes and not released on PyPI
-
-## Version 18.12
-
-  - Changes:
-    - Improved codebase test coverage from 81% to 91%.
-    - Added stream_large_files and host examples in static_file document
-    - Added methods to append and finish body content on Request (#1379)
-    - Integrated with .appveyor.yml for windows ci support
-    - Added documentation for AF_INET6 and AF_UNIX socket usage
-    - Adopt black/isort for codestyle
-    - Cancel task when connection_lost
-    - Simplify request ip and port retrieval logic
-    - Handle config error in load config file.
-    - Integrate with codecov for CI
-    - Add missed documentation for config section.
-    - Deprecate Handler.log
-    - Pinned httptools requirement to version 0.0.10+
-
-  - Fixes:
-    - Fix `remove_entity_headers` helper function (#1415)
-    - Fix TypeError when use Blueprint.group() to group blueprint with default url_prefix, Use os.path.normpath to avoid invalid url_prefix like api//v1
-    f8a6af1 Rename the `http` module to `helpers` to prevent conflicts with the built-in Python http library (fixes #1323)
-    - Fix unittests on windows
-    - Fix Namespacing of sanic logger
-    - Fix missing quotes in decorator example
-    - Fix redirect with quoted param
-    - Fix doc for latest blueprint code
-    - Fix build of latex documentation relating to markdown lists
-    - Fix loop exception handling in app.py
-    - Fix content length mismatch in windows and other platform
-    - Fix Range header handling for static files (#1402)
-    - Fix the logger and make it work (#1397)
-    - Fix type pikcle->pickle in multiprocessing test
-    - Fix pickling blueprints Change the string passed in the "name" section of the namedtuples in Blueprint to match the name of the Blueprint module attribute name. This allows blueprints to be pickled and unpickled, without errors, which is a requirment of running Sanic in multiprocessing mode in Windows. Added a test for pickling and unpickling blueprints Added a test for pickling and unpickling sanic itself Added a test for enabling multiprocessing on an app with a blueprint (only useful to catch this bug if the tests are run on Windows).
-    - Fix document for logging
-
-## Version 0.8
-
-0.8.3
-  - Changes:
-    - Ownership changed to org 'huge-success'
-
-0.8.0
-  - Changes:
-    - Add Server-Sent Events extension (Innokenty Lebedev)
-    - Graceful handling of request_handler_task cancellation (Ashley Sommer)
-    - Sanitize URL before redirection (aveao)
-    - Add url_bytes to request (johndoe46)
-    - py37 support for travisci (yunstanford)
-    - Auto reloader support for OSX (garyo)
-    - Add UUID route support (Volodymyr Maksymiv)
-    - Add pausable response streams (Ashley Sommer)
-    - Add weakref to request slots (vopankov)
-    - remove ubuntu 12.04 from test fixture due to deprecation (yunstanford)
-    - Allow streaming handlers in add_route (kinware)
-    - use travis_retry for tox (Raphael Deem)
-    - update aiohttp version for test client (yunstanford)
-    - add redirect import for clarity (yingshaoxo)
-    - Update HTTP Entity headers (Arnulfo Solís)
-    - Add register_listener method (Stephan Fitzpatrick)
-    - Remove uvloop/ujson dependencies for Windows (abuckenheimer)
-    - Content-length header on 204/304 responses (Arnulfo Solís)
-    - Extend WebSocketProtocol arguments and add docs (Bob Olde Hampsink, yunstanford)
-    - Update development status from pre-alpha to beta (Maksim Anisenkov)
-    - KeepAlive Timout log level changed to debug (Arnulfo Solís)
-    - Pin pytest to 3.3.2 because of pytest-dev/pytest#3170 (Maksim Aniskenov)
-    - Install Python 3.5 and 3.6 on docker container for tests (Shahin Azad)
-    - Add support for blueprint groups and nesting (Elias Tarhini)
-    - Remove uvloop for windows setup (Aleksandr Kurlov)
-    - Auto Reload (Yaser Amari)
-    - Documentation updates/fixups (multiple contributors)
-
-  - Fixes:
-    - Fix: auto_reload in Linux (Ashley Sommer)
-    - Fix: broken tests for aiohttp >= 3.3.0 (Ashley Sommer)
-    - Fix: disable auto_reload by default on windows (abuckenheimer)
-    - Fix (1143): Turn off access log with gunicorn (hqy)
-    - Fix (1268): Support status code for file response (Cosmo Borsky)
-    - Fix (1266): Add content_type flag to Sanic.static (Cosmo Borsky)
-    - Fix: subprotocols parameter missing from add_websocket_route (ciscorn)
-    - Fix (1242): Responses for CI header (yunstanford)
-    - Fix (1237): add version constraint for websockets (yunstanford)
-    - Fix (1231): memory leak - always release resource (Phillip Xu)
-    - Fix (1221): make request truthy if transport exists (Raphael Deem)
-    - Fix failing tests for aiohttp>=3.1.0 (Ashley Sommer)
-    - Fix try_everything examples (PyManiacGR, kot83)
-    - Fix (1158): default to auto_reload in debug mode (Raphael Deem)
-    - Fix (1136): ErrorHandler.response handler call too restrictive (Julien Castiaux)
-    - Fix: raw requires bytes-like object (cloudship)
-    - Fix (1120): passing a list in to a route decorator's host arg (Timothy Ebiuwhe)
-    - Fix: Bug in multipart/form-data parser (DirkGuijt)
-    - Fix: Exception for missing parameter when value is null (NyanKiyoshi)
-    - Fix: Parameter check (Howie Hu)
-    - Fix (1089): Routing issue with named parameters and different methods (yunstanford)
-    - Fix (1085): Signal handling in multi-worker mode (yunstanford)
-    - Fix: single quote in readme.rst (Cosven)
-    - Fix: method typos (Dmitry Dygalo)
-    - Fix: log_response correct output for ip and port (Wibowo Arindrarto)
-    - Fix (1042): Exception Handling (Raphael Deem)
-    - Fix: Chinese URIs (Howie Hu)
-    - Fix (1079): timeout bug when self.transport is None (Raphael Deem)
-    - Fix (1074): fix strict_slashes when route has slash (Raphael Deem)
-    - Fix (1050): add samesite cookie to cookie keys (Raphael Deem)
-    - Fix (1065): allow add_task after server starts (Raphael Deem)
-    - Fix (1061): double quotes in unauthorized exception (Raphael Deem)
-    - Fix (1062): inject the app in add_task method (Raphael Deem)
-    - Fix: update environment.yml for readthedocs (Eli Uriegas)
-    - Fix: Cancel request task when response timeout is triggered (Jeong YunWon)
-    - Fix (1052): Method not allowed response for RFC7231 compliance (Raphael Deem)
-    - Fix: IPv6 Address and Socket Data Format (Dan Palmer)
-
-Note: Changelog was unmaintained between 0.1 and 0.7
-
-## Version 0.1
-
- - 0.1.7
-  - Reversed static url and directory arguments to meet spec
- - 0.1.6
-  - Static files
-  - Lazy Cookie Loading
- - 0.1.5
-  - Cookies
-  - Blueprint listeners and ordering
-  - Faster Router
-  - Fix: Incomplete file reads on medium+ sized post requests
-  - Breaking: after_start and before_stop now pass sanic as their first argument
- - 0.1.4
-  - Multiprocessing
- - 0.1.3
-  - Blueprint support
-  - Faster Response processing
- - 0.1.1 - 0.1.2
-  - Struggling to update pypi via CI
- - 0.1.0
-  - Released to public

docs/sanic/changelog.rst

@@ -0,0 +1,4 @@
+Changelog
+---------
+
+.. include:: ../../CHANGELOG.rst

docs/sanic/config.md

@@ -110,37 +110,37 @@ Out of the box there are just a few predefined values which can be overwritten w
 
 #### `REQUEST_TIMEOUT`
 
-A request timeout measures the duration of time between the instant when a new open TCP connection is passed to the 
-Sanic backend server, and the instant when the whole HTTP request is received. If the time taken exceeds the 
-`REQUEST_TIMEOUT` value (in seconds), this is considered a Client Error so Sanic generates an `HTTP 408` response 
-and sends that to the client. Set this parameter's value higher if your clients routinely pass very large request payloads 
+A request timeout measures the duration of time between the instant when a new open TCP connection is passed to the
+Sanic backend server, and the instant when the whole HTTP request is received. If the time taken exceeds the
+`REQUEST_TIMEOUT` value (in seconds), this is considered a Client Error so Sanic generates an `HTTP 408` response
+and sends that to the client. Set this parameter's value higher if your clients routinely pass very large request payloads
 or upload requests very slowly.
 
 #### `RESPONSE_TIMEOUT`
 
-A response timeout measures the duration of time between the instant the Sanic server passes the HTTP request to the 
-Sanic App, and the instant a HTTP response is sent to the client. If the time taken exceeds the `RESPONSE_TIMEOUT` 
-value (in seconds), this is considered a Server Error so Sanic generates an `HTTP 503` response and sends that to the 
-client. Set this parameter's value higher if your application is likely to have long-running process that delay the 
+A response timeout measures the duration of time between the instant the Sanic server passes the HTTP request to the
+Sanic App, and the instant a HTTP response is sent to the client. If the time taken exceeds the `RESPONSE_TIMEOUT`
+value (in seconds), this is considered a Server Error so Sanic generates an `HTTP 503` response and sends that to the
+client. Set this parameter's value higher if your application is likely to have long-running process that delay the
 generation of a response.
 
 #### `KEEP_ALIVE_TIMEOUT`
 
 ##### What is Keep Alive? And what does the Keep Alive Timeout value do?
 
-`Keep-Alive` is a HTTP feature introduced in `HTTP 1.1`. When sending a HTTP request, the client (usually a web browser application) 
-can set a `Keep-Alive` header to indicate the http server (Sanic) to not close the TCP connection after it has send the response. 
-This allows the client to reuse the existing TCP connection to send subsequent HTTP requests, and ensures more efficient 
+`Keep-Alive` is a HTTP feature introduced in `HTTP 1.1`. When sending a HTTP request, the client (usually a web browser application)
+can set a `Keep-Alive` header to indicate the http server (Sanic) to not close the TCP connection after it has send the response.
+This allows the client to reuse the existing TCP connection to send subsequent HTTP requests, and ensures more efficient
 network traffic for both the client and the server.
 
-The `KEEP_ALIVE` config variable is set to `True` in Sanic by default. If you don't need this feature in your application, 
-set it to `False` to cause all client connections to close immediately after a response is sent, regardless of 
+The `KEEP_ALIVE` config variable is set to `True` in Sanic by default. If you don't need this feature in your application,
+set it to `False` to cause all client connections to close immediately after a response is sent, regardless of
 the `Keep-Alive` header on the request.
 
-The amount of time the server holds the TCP connection open is decided by the server itself. 
-In Sanic, that value is configured using the `KEEP_ALIVE_TIMEOUT` value. By default, it is set to 5 seconds. 
-This is the same default setting as the Apache HTTP server and is a good balance between allowing enough time for 
-the client to send a new request, and not holding open too many connections at once. Do not exceed 75 seconds unless 
+The amount of time the server holds the TCP connection open is decided by the server itself.
+In Sanic, that value is configured using the `KEEP_ALIVE_TIMEOUT` value. By default, it is set to 5 seconds.
+This is the same default setting as the Apache HTTP server and is a good balance between allowing enough time for
+the client to send a new request, and not holding open too many connections at once. Do not exceed 75 seconds unless
 you know your clients are using a browser which supports TCP connections held open for that long.
 
 For reference:
@@ -154,16 +154,58 @@ Opera 11 client hard keepalive limit = 120 seconds
 Chrome 13+ client keepalive limit > 300+ seconds
 ```
 
-### About proxy servers and client ip
+### Proxy configuration
 
-When you use a reverse proxy server (e.g. nginx), the value of `request.ip` will contain ip of a proxy, typically `127.0.0.1`. To determine the real client ip, `X-Forwarded-For` and `X-Real-IP` HTTP headers are used. But client can fake these headers if they have not been overridden by a proxy. Sanic has a set of options to determine the level of confidence in these headers.
+When you use a reverse proxy server (e.g. nginx), the value of `request.ip` will contain ip of a proxy, typically `127.0.0.1`. Sanic may be configured to use proxy headers for determining the true client IP, available as `request.remote_addr`. The full external URL is also constructed from header fields if available.
 
-* If you have a single proxy, set `PROXIES_COUNT` to `1`. Then Sanic will use `X-Real-IP` if available or the last ip from `X-Forwarded-For`.
+Without proper precautions, a malicious client may use proxy headers to spoof its own IP. To avoid such issues, Sanic does not use any proxy headers unless explicitly enabled.
 
-* If you have multiple proxies, set `PROXIES_COUNT` equal to their number to allow Sanic to select the correct ip from `X-Forwarded-For`.
+Services behind reverse proxies must configure `FORWARDED_SECRET`, `REAL_IP_HEADER` and/or `PROXIES_COUNT`.
 
-* If you don't use a proxy, set `PROXIES_COUNT` to `0` to ignore these headers and prevent ip falsification.
+#### Forwarded header
 
-* If you don't use `X-Real-IP` (e.g. your proxy sends only `X-Forwarded-For`), set `REAL_IP_HEADER` to an empty string.
+```
+Forwarded: for="1.2.3.4"; proto="https"; host="yoursite.com"; secret="Pr0xy",
+           for="10.0.0.1"; proto="http"; host="proxy.internal"; by="_1234proxy"
+```
 
-The real ip will be available in `request.remote_addr`. If HTTP headers are unavailable or untrusted, `request.remote_addr` will be an empty string; in this case use `request.ip` instead.
+* Set `FORWARDED_SECRET` to an identifier used by the proxy of interest.
+
+The secret is used to securely identify a specific proxy server. Given the above header, secret `Pr0xy` would use the information on the first line and secret `_1234proxy` would use the second line. The secret must exactly match the value of `secret` or `by`. A secret in `by` must begin with an underscore and use only characters specified in [RFC 7239 section 6.3](https://tools.ietf.org/html/rfc7239#section-6.3), while `secret` has no such restrictions.
+
+Sanic ignores any elements without the secret key, and will not even parse the header if no secret is set.
+
+All other proxy headers are ignored once a trusted forwarded element is found, as it already carries complete information about the client.
+
+#### Traditional proxy headers
+
+```
+X-Real-IP: 1.2.3.4
+X-Forwarded-For: 1.2.3.4, 10.0.0.1
+X-Forwarded-Proto: https
+X-Forwarded-Host: yoursite.com
+```
+
+* Set `REAL_IP_HEADER` to `x-real-ip`, `true-client-ip`, `cf-connecting-ip` or other name of such header.
+* Set `PROXIES_COUNT` to the number of entries expected in `x-forwarded-for` (name configurable via `FORWARDED_FOR_HEADER`).
+
+If client IP is found by one of these methods, Sanic uses the following headers for URL parts:
+
+* `x-forwarded-proto`, `x-forwarded-host`, `x-forwarded-port`, `x-forwarded-path` and if necessary, `x-scheme`.
+
+#### Proxy config if using ...
+
+* a proxy that supports `forwarded`: set `FORWARDED_SECRET` to the value that the proxy inserts in the header
+  * Apache Traffic Server: `CONFIG proxy.config.http.insert_forwarded STRING for|proto|host|by=_secret`
+  * NGHTTPX: `nghttpx --add-forwarded=for,proto,host,by --forwarded-for=ip --forwarded-by=_secret`
+  * NGINX: after [the official instructions](https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/), add anywhere in your config:
+
+        proxy_set_header Forwarded "$proxy_add_forwarded;by=\"_$server_name\";proto=$scheme;host=\"$http_host\";path=\"$request_uri\";secret=_secret";
+
+* a custom header with client IP: set `REAL_IP_HEADER` to the name of that header
+* `x-forwarded-for`: set `PROXIES_COUNT` to `1` for a single proxy, or a greater number to allow Sanic to select the correct IP
+* no proxies: no configuration required!
+
+#### Changes in Sanic 19.9
+
+Earlier Sanic versions had unsafe default settings. From 19.9 onwards proxy settings must be set manually, and support for negative PROXIES_COUNT has been removed.

docs/sanic/contributing.rst

@@ -1,89 +1 @@
-Contributing
-============
-
-Thank you for your interest! Sanic is always looking for contributors.
-If you don’t feel comfortable contributing code, adding docstrings to
-the source files is very appreciated.
-
-Installation
-------------
-
-To develop on sanic (and mainly to just run the tests) it is highly
-recommend to install from sources.
-
-So assume you have already cloned the repo and are in the working
-directory with a virtual environment already set up, then run:
-
-.. code:: bash
-
-   pip3 install -e '.[dev]'
-
-Dependency Changes
-------------------
-
-``Sanic`` doesn't use ``requirements*.txt`` files to manage any kind of dependencies related to it in order to simplify the
-effort required in managing the dependencies. Please make sure you have read and understood the following section of
-the document that explains the way ``sanic`` manages dependencies inside the ``setup.py`` file.
-
-+------------------------+-----------------------------------------------+--------------------------------+
-| Dependency Type        | Usage                                         | Installation                   |
-+========================+===============================================+================================+
-| requirements           | Bare minimum dependencies required for sanic  | ``pip3 install -e .``          |
-|                        | to function                                   |                                |
-+------------------------+-----------------------------------------------+--------------------------------+
-| tests_require /        | Dependencies required to run the Unit Tests   | ``pip3 install -e '.[test]'``  |
-| extras_require['test'] | for ``sanic``                                 |                                |
-+------------------------+-----------------------------------------------+--------------------------------+
-| extras_require['dev']  | Additional Development requirements to add    | ``pip3 install -e '.[dev]'``   |
-|                        | for contributing                              |                                |
-+------------------------+-----------------------------------------------+--------------------------------+
-| extras_require['docs'] | Dependencies required to enable building and  | ``pip3 install -e '.[docs]'``  |
-|                        | enhancing sanic documentation                 |                                |
-+------------------------+-----------------------------------------------+--------------------------------+
-
-Running tests
--------------
-
-To run the tests for sanic it is recommended to use tox like so:
-
-.. code:: bash
-
-   tox
-
-See it’s that simple!
-
-Pull requests!
---------------
-
-So the pull request approval rules are pretty simple:
-
-* All pull requests must pass unit tests
-* All pull requests must be reviewed and approved by at least one current collaborator on the project
-* All pull requests must pass flake8 checks
-* If you decide to remove/change anything from any common interface a deprecation message should accompany it.
-* If you implement a new feature you should have at least one unit test to accompany it.
-
-Documentation
--------------
-
-Sanic’s documentation is built using `sphinx`_. Guides are written in
-Markdown and can be found in the ``docs`` folder, while the module
-reference is automatically generated using ``sphinx-apidoc``.
-
-To generate the documentation from scratch:
-
-.. code:: bash
-
-   sphinx-apidoc -fo docs/_api/ sanic
-   sphinx-build -b html docs docs/_build
-
-The HTML documentation will be created in the ``docs/_build`` folder.
-
-.. warning::
-    One of the main goals of Sanic is speed. Code that lowers the
-    performance of Sanic without significant gains in usability, security,
-    or features may not be merged. Please don’t let this intimidate you! If
-    you have any concerns about an idea, open an issue for discussion and
-    help.
-
-.. _sphinx: http://www.sphinx-doc.org/en/1.5.1/
+.. include:: ../../CONTRIBUTING.rst

docs/sanic/deploying.md

@@ -157,4 +157,35 @@ server = app.create_server(host="0.0.0.0", port=8000, return_asyncio_server=True
 loop = asyncio.get_event_loop()
 task = asyncio.ensure_future(server)
 loop.run_forever()
+```
+
+Caveat: using this method, calling `app.create_server()` will trigger "before_server_start" server events, but not
+"after_server_start", "before_server_stop", or "after_server_stop" server events.
+
+For more advanced use-cases, you can trigger these events using the AsyncioServer object, returned by awaiting
+the server task.
+
+Here is an incomplete example (please see `run_async_advanced.py` in examples for something more complete):
+
+```python
+serv_coro = app.create_server(host="0.0.0.0", port=8000, return_asyncio_server=True)
+loop = asyncio.get_event_loop()
+serv_task = asyncio.ensure_future(serv_coro, loop=loop)
+server = loop.run_until_complete(serv_task)
+server.after_start()
+try:
+    loop.run_forever()
+except KeyboardInterrupt as e:
+    loop.stop()
+finally:
+    server.before_stop()
+
+    # Wait for server to close
+    close_task = server.close()
+    loop.run_until_complete(close_task)
+
+    # Complete all tasks on the loop
+    for connection in server.connections:
+        connection.close_if_idle()
+    server.after_stop()
 ```

docs/sanic/extensions.md

@@ -1 +1,3 @@
-Moved to the [`awesome-sanic`](https://github.com/mekicha/awesome-sanic) list.
+# Extensions
+
+Moved to the [awesome-sanic](https://github.com/mekicha/awesome-sanic) list.

docs/sanic/middleware.md

@@ -39,8 +39,8 @@ app = Sanic(__name__)
 
 @app.middleware('request')
 async def add_key(request):
-    # Add a key to request object like dict object
-    request['foo'] = 'bar'
+    # Arbitrary data may be stored in request context:
+    request.ctx.foo = 'bar'
 
 
 @app.middleware('response')
@@ -53,16 +53,21 @@ async def prevent_xss(request, response):
 	response.headers["x-xss-protection"] = "1; mode=block"
 
 
+@app.get("/")
+async def index(request):
+    return sanic.response.text(request.ctx.foo)
+
+
 app.run(host="0.0.0.0", port=8000)
 ```
 
-The above code will apply the three middleware in order. The first middleware
-**add_key** will add a new key `foo` into `request` object. This worked because
-`request` object can be manipulated like `dict` object. Then, the second middleware
-**custom_banner** will change the HTTP response header *Server* to
-*Fake-Server*, and the last middleware **prevent_xss** will add the HTTP
-header for preventing Cross-Site-Scripting (XSS) attacks. These two functions
-are invoked *after* a user function returns a response.
+The three middlewares are executed in order:
+
+1. The first request middleware **add_key** adds a new key `foo` into request context.
+2. Request is routed to handler **index**, which gets the key from context and returns a text response.
+3. The first response middleware **custom_banner** changes the HTTP response header *Server* to
+say *Fake-Server*
+4. The second response middleware **prevent_xss** adds the HTTP header for preventing Cross-Site-Scripting (XSS) attacks.
 
 ## Responding early
 
@@ -81,6 +86,16 @@ async def halt_response(request, response):
 	return text('I halted the response')
 ```
 
+## Custom context
+
+Arbitrary data may be stored in `request.ctx`. A typical use case
+would be to store the user object acquired from database in an authentication
+middleware. Keys added are accessible to all later middleware as well as
+the handler over the duration of the request.
+
+Custom context is reserved for applications and extensions. Sanic itself makes
+no use of it.
+
 ## Listeners
 
 If you want to execute startup/teardown code as your server starts or closes, you can use the following listeners:

docs/sanic/routing.md

@@ -203,16 +203,21 @@ async def post_handler(request, post_id):
 Other things to keep in mind when using `url_for`:
 
 - Keyword arguments passed to `url_for` that are not request parameters will be included in the URL's query string. For example:
+
 ```python
 url = app.url_for('post_handler', post_id=5, arg_one='one', arg_two='two')
 # /posts/5?arg_one=one&arg_two=two
 ```
+
 - Multivalue argument can be passed to `url_for`. For example:
+
 ```python
 url = app.url_for('post_handler', post_id=5, arg_one=['one', 'two'])
 # /posts/5?arg_one=one&arg_one=two
 ```
+
 - Also some special arguments (`_anchor`, `_external`, `_scheme`, `_method`, `_server`) passed to `url_for` will have special url building (`_method` is not supported now and will be ignored). For example:
+
 ```python
 url = app.url_for('post_handler', post_id=5, arg_one='one', _anchor='anchor')
 # /posts/5?arg_one=one#anchor
@@ -229,6 +234,7 @@ url = app.url_for('post_handler', post_id=5, arg_one='one', _scheme='http', _ext
 url = app.url_for('post_handler', post_id=5, arg_one=['one', 'two'], arg_two=2, _anchor='anchor', _scheme='http', _external=True, _server='another_server:8888')
 # http://another_server:8888/posts/5?arg_one=one&arg_one=two&arg_two=2#anchor
 ```
+
 - All valid parameters must be passed to `url_for` to build a URL. If a parameter is not supplied, or if a parameter does not match the specified type, a `URLBuildError` will be raised.
 
 ## WebSocket routes

docs/sanic/static_files.md

@@ -34,6 +34,10 @@ app.url_for('static', name='another', filename='any') == '/another.png'
 bp = Blueprint('bp', url_prefix='/bp')
 bp.static('/static', './static')
 
+# specify a different content_type for your files
+# such as adding 'charset'
+app.static('/', '/public/index.html', content_type="text/html; charset=utf-8")
+
 # servers the file directly
 bp.static('/the_best.png', '/home/ubuntu/test.png', name='best_png')
 app.blueprint(bp)

docs/sanic/websocket.rst

@@ -1,7 +1,10 @@
 WebSocket
 =========
 
-Sanic provides an easy to use abstraction on top of `websockets`. To setup a WebSocket:
+Sanic provides an easy to use abstraction on top of `websockets`.
+Sanic Supports websocket versions 7 and 8.
+
+To setup a WebSocket:
 
 .. code:: python
 

examples/run_async_advanced.py

@@ -0,0 +1,38 @@
+from sanic import Sanic
+from sanic import response
+from signal import signal, SIGINT
+import asyncio
+import uvloop
+
+app = Sanic(__name__)
+
+@app.listener('after_server_start')
+async def after_start_test(app, loop):
+    print("Async Server Started!")
+
+@app.route("/")
+async def test(request):
+    return response.json({"answer": "42"})
+
+asyncio.set_event_loop(uvloop.new_event_loop())
+serv_coro = app.create_server(host="0.0.0.0", port=8000, return_asyncio_server=True)
+loop = asyncio.get_event_loop()
+serv_task = asyncio.ensure_future(serv_coro, loop=loop)
+signal(SIGINT, lambda s, f: loop.stop())
+server = loop.run_until_complete(serv_task)
+server.after_start()
+try:
+    loop.run_forever()
+except KeyboardInterrupt as e:
+    loop.stop()
+finally:
+    server.before_stop()
+
+    # Wait for server to close
+    close_task = server.close()
+    loop.run_until_complete(close_task)
+
+    # Complete all tasks on the loop
+    for connection in server.connections:
+        connection.close_if_idle()
+    server.after_stop()

sanic/__init__.py

@@ -1,7 +1,6 @@
+from sanic.__version__ import __version__
 from sanic.app import Sanic
 from sanic.blueprints import Blueprint
 
 
-__version__ = "19.6.2"
-
-__all__ = ["Sanic", "Blueprint"]
+__all__ = ["Sanic", "Blueprint", "__version__"]

sanic/__main__.py

@@ -1,5 +1,6 @@
 from argparse import ArgumentParser
 from importlib import import_module
+from typing import Any, Dict, Optional
 
 from sanic.app import Sanic
 from sanic.log import logger
@@ -35,7 +36,10 @@ if __name__ == "__main__":
                 )
             )
         if args.cert is not None or args.key is not None:
-            ssl = {"cert": args.cert, "key": args.key}
+            ssl = {
+                "cert": args.cert,
+                "key": args.key,
+            }  # type: Optional[Dict[str, Any]]
         else:
             ssl = None
 

sanic/__version__.py

@@ -0,0 +1 @@
+__version__ = "19.9.0"

sanic/app.py

@@ -11,7 +11,7 @@ from inspect import getmodulename, isawaitable, signature, stack
 from socket import socket
 from ssl import Purpose, SSLContext, create_default_context
 from traceback import format_exc
-from typing import Any, Optional, Type, Union
+from typing import Any, Dict, Optional, Type, Union
 from urllib.parse import urlencode, urlunparse
 
 from sanic import reloader_helpers
@@ -138,11 +138,9 @@ class Sanic:
         """
         Register the listener for a given event.
 
-        Args:
-            listener: callable i.e. setup_db(app, loop)
-            event: when to register listener i.e. 'before_server_start'
-
-        Returns: listener
+        :param listener: callable i.e. setup_db(app, loop)
+        :param event: when to register listener i.e. 'before_server_start'
+        :return: listener
         """
 
         return self.listener(event)(listener)
@@ -441,14 +439,16 @@ class Sanic:
     def websocket(
         self, uri, host=None, strict_slashes=None, subprotocols=None, name=None
     ):
-        """Decorate a function to be registered as a websocket route
+        """
+        Decorate a function to be registered as a websocket route
+
         :param uri: path of the URL
         :param host: Host IP or FQDN details
         :param strict_slashes: If the API endpoint needs to terminate
-                with a "/" or not
+                               with a "/" or not
         :param subprotocols: optional list of str with supported subprotocols
         :param name: A unique name assigned to the URL so that it can
-                be used with :func:`url_for`
+                     be used with :func:`url_for`
         :return: decorated function
         """
         self.enable_websocket()
@@ -768,7 +768,7 @@ class Sanic:
             URLBuildError
         """
         # find the route by the supplied view name
-        kw = {}
+        kw: Dict[str, str] = {}
         # special static files url_for
         if view_name == "static":
             kw.update(name=kwargs.pop("name", "static"))
@@ -1049,8 +1049,8 @@ class Sanic:
         :param debug: Enables debug output (slows server)
         :type debug: bool
         :param ssl: SSLContext, or location of certificate and key
-            for SSL encryption of worker(s)
-        :type ssl:SSLContext or dict
+                    for SSL encryption of worker(s)
+        :type ssl: SSLContext or dict
         :param sock: Socket for the server to accept connections from
         :type sock: socket
         :param workers: Number of processes received before it is respected
@@ -1058,10 +1058,10 @@ class Sanic:
         :param protocol: Subclass of asyncio Protocol class
         :type protocol: type[Protocol]
         :param backlog: a number of unaccepted connections that the system
-            will allow before refusing new connections
+                        will allow before refusing new connections
         :type backlog: int
         :param stop_event: event to be triggered
-            before stopping the app - deprecated
+                           before stopping the app - deprecated
         :type stop_event: None
         :param register_sys_signals: Register SIG* events
         :type register_sys_signals: bool
@@ -1178,17 +1178,17 @@ class Sanic:
         :param debug: Enables debug output (slows server)
         :type debug: bool
         :param ssl: SSLContext, or location of certificate and key
-            for SSL encryption of worker(s)
-        :type ssl:SSLContext or dict
+                    for SSL encryption of worker(s)
+        :type ssl: SSLContext or dict
         :param sock: Socket for the server to accept connections from
         :type sock: socket
         :param protocol: Subclass of asyncio Protocol class
         :type protocol: type[Protocol]
         :param backlog: a number of unaccepted connections that the system
-            will allow before refusing new connections
+                        will allow before refusing new connections
         :type backlog: int
         :param stop_event: event to be triggered
-            before stopping the app - deprecated
+                           before stopping the app - deprecated
         :type stop_event: None
         :param access_log: Enables writing access logs (slows server)
         :type access_log: bool
@@ -1307,6 +1307,12 @@ class Sanic:
                 "stop_event will be removed from future versions.",
                 DeprecationWarning,
             )
+        if self.config.PROXIES_COUNT and self.config.PROXIES_COUNT < 0:
+            raise ValueError(
+                "PROXIES_COUNT cannot be negative. "
+                "https://sanic.readthedocs.io/en/latest/sanic/config.html"
+                "#proxy-configuration"
+            )
 
         self.error_handler.debug = debug
         self.debug = debug

sanic/asgi.py

@@ -1,13 +1,25 @@
 import asyncio
 import warnings
 
-from http.cookies import SimpleCookie
 from inspect import isawaitable
-from typing import Any, Awaitable, Callable, MutableMapping, Union
+from typing import (
+    Any,
+    Awaitable,
+    Callable,
+    Dict,
+    List,
+    MutableMapping,
+    Optional,
+    Tuple,
+    Union,
+)
 from urllib.parse import quote
 
-from multidict import CIMultiDict
+from requests_async import ASGISession  # type: ignore
 
+import sanic.app  # noqa
+
+from sanic.compat import Header
 from sanic.exceptions import InvalidUsage, ServerError
 from sanic.log import logger
 from sanic.request import Request
@@ -56,6 +68,8 @@ class MockProtocol:
 
 
 class MockTransport:
+    _protocol: Optional[MockProtocol]
+
     def __init__(
         self, scope: ASGIScope, receive: ASGIReceive, send: ASGISend
     ) -> None:
@@ -70,11 +84,12 @@ class MockTransport:
             self._protocol = MockProtocol(self, self.loop)
         return self._protocol
 
-    def get_extra_info(self, info: str) -> Union[str, bool]:
+    def get_extra_info(self, info: str) -> Union[str, bool, None]:
         if info == "peername":
             return self.scope.get("server")
         elif info == "sslcontext":
             return self.scope.get("scheme") in ["https", "wss"]
+        return None
 
     def get_websocket_connection(self) -> WebSocketConnection:
         try:
@@ -174,6 +189,13 @@ class Lifespan:
 
 
 class ASGIApp:
+    sanic_app: Union[ASGISession, "sanic.app.Sanic"]
+    request: Request
+    transport: MockTransport
+    do_stream: bool
+    lifespan: Lifespan
+    ws: Optional[WebSocketConnection]
+
     def __init__(self) -> None:
         self.ws = None
 
@@ -184,10 +206,10 @@ class ASGIApp:
         instance = cls()
         instance.sanic_app = sanic_app
         instance.transport = MockTransport(scope, receive, send)
-        instance.transport.add_task = sanic_app.loop.create_task
         instance.transport.loop = sanic_app.loop
+        setattr(instance.transport, "add_task", sanic_app.loop.create_task)
 
-        headers = CIMultiDict(
+        headers = Header(
             [
                 (key.decode("latin-1"), value.decode("latin-1"))
                 for key, value in scope.get("headers", [])
@@ -288,11 +310,22 @@ class ASGIApp:
         """
         Write the response.
         """
-
+        headers: List[Tuple[bytes, bytes]] = []
+        cookies: Dict[str, str] = {}
         try:
-            headers = [
+            cookies = {
+                v.key: v
+                for _, v in list(
+                    filter(
+                        lambda item: item[0].lower() == "set-cookie",
+                        response.headers.items(),
+                    )
+                )
+            }
+            headers += [
                 (str(name).encode("latin-1"), str(value).encode("latin-1"))
                 for name, value in response.headers.items()
+                if name.lower() not in ["set-cookie"]
             ]
         except AttributeError:
             logger.error(
@@ -318,14 +351,25 @@ class ASGIApp:
                 (b"content-length", str(len(response.body)).encode("latin-1"))
             ]
 
-        if response.cookies:
-            cookies = SimpleCookie()
-            cookies.load(response.cookies)
+        if "content-type" not in response.headers:
             headers += [
-                (b"set-cookie", cookie.encode("utf-8"))
-                for name, cookie in response.cookies.items()
+                (b"content-type", str(response.content_type).encode("latin-1"))
             ]
 
+        if response.cookies:
+            cookies.update(
+                {
+                    v.key: v
+                    for _, v in response.cookies.items()
+                    if v.key not in cookies.keys()
+                }
+            )
+
+        headers += [
+            (b"set-cookie", cookie.encode("utf-8"))
+            for k, cookie in cookies.items()
+        ]
+
         await self.transport.send(
             {
                 "type": "http.response.start",

sanic/blueprint_group.py

@@ -4,7 +4,8 @@ from collections.abc import MutableSequence
 class BlueprintGroup(MutableSequence):
     """
     This class provides a mechanism to implement a Blueprint Group
-    using the `Blueprint.group` method. To avoid having to re-write
+    using the :meth:`~sanic.blueprints.Blueprint.group` method in
+    :class:`~sanic.blueprints.Blueprint`. To avoid having to re-write
     some of the existing implementation, this class provides a custom
     iterator implementation that will let you use the object of this
     class as a list/tuple inside the existing implementation.
@@ -55,7 +56,7 @@ class BlueprintGroup(MutableSequence):
         """
         return self._blueprints[item]
 
-    def __setitem__(self, index: int, item: object) -> None:
+    def __setitem__(self, index, item) -> None:
         """
         Abstract method implemented to turn the `BlueprintGroup` class
         into a list like object to support all the existing behavior.
@@ -68,7 +69,7 @@ class BlueprintGroup(MutableSequence):
         """
         self._blueprints[index] = item
 
-    def __delitem__(self, index: int) -> None:
+    def __delitem__(self, index) -> None:
         """
         Abstract method implemented to turn the `BlueprintGroup` class
         into a list like object to support all the existing behavior.

sanic/compat.py

@@ -0,0 +1,6 @@
+from multidict import CIMultiDict  # type: ignore
+
+
+class Header(CIMultiDict):
+    def get_all(self, key):
+        return self.getall(key, default=[])

sanic/config.py

@@ -26,9 +26,10 @@ DEFAULT_CONFIG = {
     "WEBSOCKET_WRITE_LIMIT": 2 ** 16,
     "GRACEFUL_SHUTDOWN_TIMEOUT": 15.0,  # 15 sec
     "ACCESS_LOG": True,
-    "PROXIES_COUNT": -1,
+    "FORWARDED_SECRET": None,
+    "REAL_IP_HEADER": None,
+    "PROXIES_COUNT": None,
     "FORWARDED_FOR_HEADER": "X-Forwarded-For",
-    "REAL_IP_HEADER": "X-Real-IP",
 }
 
 

sanic/headers.py

@@ -0,0 +1,172 @@
+import re
+
+from typing import Dict, Iterable, List, Optional, Tuple, Union
+from urllib.parse import unquote
+
+
+Options = Dict[str, Union[int, str]]  # key=value fields in various headers
+OptionsIterable = Iterable[Tuple[str, str]]  # May contain duplicate keys
+
+_token, _quoted = r"([\w!#$%&'*+\-.^_`|~]+)", r'"([^"]*)"'
+_param = re.compile(fr";\s*{_token}=(?:{_token}|{_quoted})", re.ASCII)
+_firefox_quote_escape = re.compile(r'\\"(?!; |\s*$)')
+_ipv6 = "(?:[0-9A-Fa-f]{0,4}:){2,7}[0-9A-Fa-f]{0,4}"
+_ipv6_re = re.compile(_ipv6)
+_host_re = re.compile(
+    r"((?:\[" + _ipv6 + r"\])|[a-zA-Z0-9.\-]{1,253})(?::(\d{1,5}))?"
+)
+
+# RFC's quoted-pair escapes are mostly ignored by browsers. Chrome, Firefox and
+# curl all have different escaping, that we try to handle as well as possible,
+# even though no client espaces in a way that would allow perfect handling.
+
+# For more information, consult ../tests/test_requests.py
+
+
+def parse_content_header(value: str) -> Tuple[str, Options]:
+    """Parse content-type and content-disposition header values.
+
+    E.g. 'form-data; name=upload; filename=\"file.txt\"' to
+    ('form-data', {'name': 'upload', 'filename': 'file.txt'})
+
+    Mostly identical to cgi.parse_header and werkzeug.parse_options_header
+    but runs faster and handles special characters better. Unescapes quotes.
+    """
+    value = _firefox_quote_escape.sub("%22", value)
+    pos = value.find(";")
+    if pos == -1:
+        options: Dict[str, Union[int, str]] = {}
+    else:
+        options = {
+            m.group(1).lower(): m.group(2) or m.group(3).replace("%22", '"')
+            for m in _param.finditer(value[pos:])
+        }
+        value = value[:pos]
+    return value.strip().lower(), options
+
+
+# https://tools.ietf.org/html/rfc7230#section-3.2.6 and
+# https://tools.ietf.org/html/rfc7239#section-4
+# This regex is for *reversed* strings because that works much faster for
+# right-to-left matching than the other way around. Be wary that all things are
+# a bit backwards! _rparam matches forwarded pairs alike ";key=value"
+_rparam = re.compile(f"(?:{_token}|{_quoted})={_token}\\s*($|[;,])", re.ASCII)
+
+
+def parse_forwarded(headers, config) -> Optional[Options]:
+    """Parse RFC 7239 Forwarded headers.
+    The value of `by` or `secret` must match `config.FORWARDED_SECRET`
+    :return: dict with keys and values, or None if nothing matched
+    """
+    header = headers.getall("forwarded", None)
+    secret = config.FORWARDED_SECRET
+    if header is None or not secret:
+        return None
+    header = ",".join(header)  # Join multiple header lines
+    if secret not in header:
+        return None
+    # Loop over <separator><key>=<value> elements from right to left
+    sep = pos = None
+    options: List[Tuple[str, str]] = []
+    found = False
+    for m in _rparam.finditer(header[::-1]):
+        # Start of new element? (on parser skips and non-semicolon right sep)
+        if m.start() != pos or sep != ";":
+            # Was the previous element (from right) what we wanted?
+            if found:
+                break
+            # Clear values and parse as new element
+            del options[:]
+        pos = m.end()
+        val_token, val_quoted, key, sep = m.groups()
+        key = key.lower()[::-1]
+        val = (val_token or val_quoted.replace('"\\', '"'))[::-1]
+        options.append((key, val))
+        if key in ("secret", "by") and val == secret:
+            found = True
+        # Check if we would return on next round, to avoid useless parse
+        if found and sep != ";":
+            break
+    # If secret was found, return the matching options in left-to-right order
+    return fwd_normalize(reversed(options)) if found else None
+
+
+def parse_xforwarded(headers, config) -> Optional[Options]:
+    """Parse traditional proxy headers."""
+    real_ip_header = config.REAL_IP_HEADER
+    proxies_count = config.PROXIES_COUNT
+    addr = real_ip_header and headers.get(real_ip_header)
+    if not addr and proxies_count:
+        assert proxies_count > 0
+        try:
+            # Combine, split and filter multiple headers' entries
+            forwarded_for = headers.getall(config.FORWARDED_FOR_HEADER)
+            proxies = [
+                p
+                for p in (
+                    p.strip() for h in forwarded_for for p in h.split(",")
+                )
+                if p
+            ]
+            addr = proxies[-proxies_count]
+        except (KeyError, IndexError):
+            pass
+    # No processing of other headers if no address is found
+    if not addr:
+        return None
+
+    def options():
+        yield "for", addr
+        for key, header in (
+            ("proto", "x-scheme"),
+            ("proto", "x-forwarded-proto"),  # Overrides X-Scheme if present
+            ("host", "x-forwarded-host"),
+            ("port", "x-forwarded-port"),
+            ("path", "x-forwarded-path"),
+        ):
+            yield key, headers.get(header)
+
+    return fwd_normalize(options())
+
+
+def fwd_normalize(fwd: OptionsIterable) -> Options:
+    """Normalize and convert values extracted from forwarded headers."""
+    ret: Dict[str, Union[int, str]] = {}
+    for key, val in fwd:
+        if val is not None:
+            try:
+                if key in ("by", "for"):
+                    ret[key] = fwd_normalize_address(val)
+                elif key in ("host", "proto"):
+                    ret[key] = val.lower()
+                elif key == "port":
+                    ret[key] = int(val)
+                elif key == "path":
+                    ret[key] = unquote(val)
+                else:
+                    ret[key] = val
+            except ValueError:
+                pass
+    return ret
+
+
+def fwd_normalize_address(addr: str) -> str:
+    """Normalize address fields of proxy headers."""
+    if addr == "unknown":
+        raise ValueError()  # omit unknown value identifiers
+    if addr.startswith("_"):
+        return addr  # do not lower-case obfuscated strings
+    if _ipv6_re.fullmatch(addr):
+        addr = f"[{addr}]"  # bracket IPv6
+    return addr.lower()
+
+
+def parse_host(host: str) -> Tuple[Optional[str], Optional[int]]:
+    """Split host:port into hostname and port.
+    :return: None in place of missing elements
+    """
+    m = _host_re.fullmatch(host)
+    if not m:
+        return None, None
+    host, port = m.groups()
+    return host.lower(), int(port) if port is not None else None

sanic/helpers.py

@@ -8,6 +8,7 @@ STATUS_CODES = {
     100: b"Continue",
     101: b"Switching Protocols",
     102: b"Processing",
+    103: b"Early Hints",
     200: b"OK",
     201: b"Created",
     202: b"Accepted",

sanic/request.py

@@ -1,31 +1,28 @@
 import asyncio
 import email.utils
-import json
-import sys
 import warnings
 
-from cgi import parse_header
 from collections import defaultdict, namedtuple
 from http.cookies import SimpleCookie
+from types import SimpleNamespace
 from urllib.parse import parse_qs, parse_qsl, unquote, urlunparse
 
-from httptools import parse_url
+from httptools import parse_url  # type: ignore
 
 from sanic.exceptions import InvalidUsage
+from sanic.headers import (
+    parse_content_header,
+    parse_forwarded,
+    parse_host,
+    parse_xforwarded,
+)
 from sanic.log import error_logger, logger
 
 
 try:
-    from ujson import loads as json_loads
+    from ujson import loads as json_loads  # type: ignore
 except ImportError:
-    if sys.version_info[:2] == (3, 5):
-
-        def json_loads(data):
-            # on Python 3.5 json.loads only supports str not bytes
-            return json.loads(data.decode())
-
-    else:
-        json_loads = json.loads
+    from json import loads as json_loads  # type: ignore
 
 DEFAULT_HTTP_CONTENT_TYPE = "application/octet-stream"
 EXPECT_HEADER = "EXPECT"
@@ -66,7 +63,7 @@ class StreamBuffer:
         return self._queue.full()
 
 
-class Request(dict):
+class Request:
     """Properties of an HTTP request such as URL, headers, etc."""
 
     __slots__ = (
@@ -79,6 +76,7 @@ class Request(dict):
         "_socket",
         "app",
         "body",
+        "ctx",
         "endpoint",
         "headers",
         "method",
@@ -87,6 +85,7 @@ class Request(dict):
         "parsed_files",
         "parsed_form",
         "parsed_json",
+        "parsed_forwarded",
         "raw_url",
         "stream",
         "transport",
@@ -107,6 +106,8 @@ class Request(dict):
 
         # Init but do not inhale
         self.body_init()
+        self.ctx = SimpleNamespace()
+        self.parsed_forwarded = None
         self.parsed_json = None
         self.parsed_form = None
         self.parsed_files = None
@@ -122,10 +123,30 @@ class Request(dict):
             self.__class__.__name__, self.method, self.path
         )
 
-    def __bool__(self):
-        if self.transport:
-            return True
-        return False
+    def get(self, key, default=None):
+        """.. deprecated:: 19.9
+           Custom context is now stored in `request.custom_context.yourkey`"""
+        return self.ctx.__dict__.get(key, default)
+
+    def __contains__(self, key):
+        """.. deprecated:: 19.9
+           Custom context is now stored in `request.custom_context.yourkey`"""
+        return key in self.ctx.__dict__
+
+    def __getitem__(self, key):
+        """.. deprecated:: 19.9
+           Custom context is now stored in `request.custom_context.yourkey`"""
+        return self.ctx.__dict__[key]
+
+    def __delitem__(self, key):
+        """.. deprecated:: 19.9
+           Custom context is now stored in `request.custom_context.yourkey`"""
+        del self.ctx.__dict__[key]
+
+    def __setitem__(self, key, value):
+        """.. deprecated:: 19.9
+           Custom context is now stored in `request.custom_context.yourkey`"""
+        setattr(self.ctx, key, value)
 
     def body_init(self):
         self.body = []
@@ -177,7 +198,7 @@ class Request(dict):
             content_type = self.headers.get(
                 "Content-Type", DEFAULT_HTTP_CONTENT_TYPE
             )
-            content_type, parameters = parse_header(content_type)
+            content_type, parameters = parse_content_header(content_type)
             try:
                 if content_type == "application/x-www-form-urlencoded":
                     self.parsed_form = RequestParameters(
@@ -212,20 +233,25 @@ class Request(dict):
         Method to parse `query_string` using `urllib.parse.parse_qs`.
         This methods is used by `args` property.
         Can be used directly if you need to change default parameters.
-        :param keep_blank_values: flag indicating whether blank values in
+
+        :param keep_blank_values:
+            flag indicating whether blank values in
             percent-encoded queries should be treated as blank strings.
             A true value indicates that blanks should be retained as blank
             strings.  The default false value indicates that blank values
             are to be ignored and treated as if they were  not included.
         :type keep_blank_values: bool
-        :param strict_parsing: flag indicating what to do with parsing errors.
+        :param strict_parsing:
+            flag indicating what to do with parsing errors.
             If false (the default), errors are silently ignored. If true,
             errors raise a ValueError exception.
         :type strict_parsing: bool
-        :param encoding: specify how to decode percent-encoded sequences
+        :param encoding:
+            specify how to decode percent-encoded sequences
             into Unicode characters, as accepted by the bytes.decode() method.
         :type encoding: str
-        :param errors: specify how to decode percent-encoded sequences
+        :param errors:
+            specify how to decode percent-encoded sequences
             into Unicode characters, as accepted by the bytes.decode() method.
         :type errors: str
         :return: RequestParameters
@@ -275,20 +301,25 @@ class Request(dict):
         Method to parse `query_string` using `urllib.parse.parse_qsl`.
         This methods is used by `query_args` property.
         Can be used directly if you need to change default parameters.
-        :param keep_blank_values: flag indicating whether blank values in
+
+        :param keep_blank_values:
+            flag indicating whether blank values in
             percent-encoded queries should be treated as blank strings.
             A true value indicates that blanks should be retained as blank
             strings.  The default false value indicates that blank values
             are to be ignored and treated as if they were  not included.
         :type keep_blank_values: bool
-        :param strict_parsing: flag indicating what to do with parsing errors.
+        :param strict_parsing:
+            flag indicating what to do with parsing errors.
             If false (the default), errors are silently ignored. If true,
             errors raise a ValueError exception.
         :type strict_parsing: bool
-        :param encoding: specify how to decode percent-encoded sequences
+        :param encoding:
+            specify how to decode percent-encoded sequences
             into Unicode characters, as accepted by the bytes.decode() method.
         :type encoding: str
-        :param errors: specify how to decode percent-encoded sequences
+        :param errors:
+            specify how to decode percent-encoded sequences
             into Unicode characters, as accepted by the bytes.decode() method.
         :type errors: str
         :return: list
@@ -361,72 +392,58 @@ class Request(dict):
     @property
     def server_name(self):
         """
-        Attempt to get the server's hostname in this order:
-        `config.SERVER_NAME`, `x-forwarded-host` header, :func:`Request.host`
+        Attempt to get the server's external hostname in this order:
+        `config.SERVER_NAME`, proxied or direct Host headers
+        :func:`Request.host`
 
         :return: the server name without port number
         :rtype: str
         """
-        return (
-            self.app.config.get("SERVER_NAME")
-            or self.headers.get("x-forwarded-host")
-            or self.host.split(":")[0]
-        )
+        server_name = self.app.config.get("SERVER_NAME")
+        if server_name:
+            host = server_name.split("//", 1)[-1].split("/", 1)[0]
+            return parse_host(host)[0]
+        return parse_host(self.host)[0]
+
+    @property
+    def forwarded(self):
+        if self.parsed_forwarded is None:
+            self.parsed_forwarded = (
+                parse_forwarded(self.headers, self.app.config)
+                or parse_xforwarded(self.headers, self.app.config)
+                or {}
+            )
+        return self.parsed_forwarded
 
     @property
     def server_port(self):
         """
-        Attempt to get the server's port in this order:
-        `x-forwarded-port` header, :func:`Request.host`, actual port used by
-        the transport layer socket.
+        Attempt to get the server's external port number in this order:
+        `config.SERVER_NAME`, proxied or direct Host headers
+        :func:`Request.host`,
+        actual port used by the transport layer socket.
         :return: server port
         :rtype: int
         """
-        forwarded_port = self.headers.get("x-forwarded-port") or (
-            self.host.split(":")[1] if ":" in self.host else None
+        if self.forwarded:
+            return self.forwarded.get("port") or (
+                80 if self.scheme in ("http", "ws") else 443
+            )
+        return (
+            parse_host(self.host)[1]
+            or self.transport.get_extra_info("sockname")[1]
         )
-        if forwarded_port:
-            return int(forwarded_port)
-        else:
-            _, port = self.transport.get_extra_info("sockname")
-            return port
 
     @property
     def remote_addr(self):
-        """Attempt to return the original client ip based on X-Forwarded-For
-        or X-Real-IP. If HTTP headers are unavailable or untrusted, returns
-        an empty string.
+        """Attempt to return the original client ip based on `forwarded`,
+        `x-forwarded-for` or `x-real-ip`. If HTTP headers are unavailable or
+        untrusted, returns an empty string.
 
         :return: original client ip.
         """
         if not hasattr(self, "_remote_addr"):
-            if self.app.config.PROXIES_COUNT == 0:
-                self._remote_addr = ""
-            elif self.app.config.REAL_IP_HEADER and self.headers.get(
-                self.app.config.REAL_IP_HEADER
-            ):
-                self._remote_addr = self.headers[
-                    self.app.config.REAL_IP_HEADER
-                ]
-            elif self.app.config.FORWARDED_FOR_HEADER:
-                forwarded_for = self.headers.get(
-                    self.app.config.FORWARDED_FOR_HEADER, ""
-                ).split(",")
-                remote_addrs = [
-                    addr
-                    for addr in [addr.strip() for addr in forwarded_for]
-                    if addr
-                ]
-                if self.app.config.PROXIES_COUNT == -1:
-                    self._remote_addr = remote_addrs[0]
-                elif len(remote_addrs) >= self.app.config.PROXIES_COUNT:
-                    self._remote_addr = remote_addrs[
-                        -self.app.config.PROXIES_COUNT
-                    ]
-                else:
-                    self._remote_addr = ""
-            else:
-                self._remote_addr = ""
+            self._remote_addr = self.forwarded.get("for", "")
         return self._remote_addr
 
     @property
@@ -434,14 +451,13 @@ class Request(dict):
         """
         Attempt to get the request scheme.
         Seeking the value in this order:
-        `x-forwarded-proto` header, `x-scheme` header, the sanic app itself.
+        `forwarded` header, `x-forwarded-proto` header,
+        `x-scheme` header, the sanic app itself.
 
         :return: http|https|ws|wss or arbitrary value given by the headers.
         :rtype: str
         """
-        forwarded_proto = self.headers.get(
-            "x-forwarded-proto"
-        ) or self.headers.get("x-scheme")
+        forwarded_proto = self.forwarded.get("proto")
         if forwarded_proto:
             return forwarded_proto
 
@@ -461,12 +477,10 @@ class Request(dict):
     @property
     def host(self):
         """
-        :return: the Host specified in the header, may contains port number.
+        :return: proxied or direct Host header. Hostname and port number may be
+          separated by sanic.headers.parse_host(request.host).
         """
-        # it appears that httptools doesn't return the host
-        # so pull it from the headers
-
-        return self.headers.get("Host", "")
+        return self.forwarded.get("host", self.headers.get("Host", ""))
 
     @property
     def content_type(self):
@@ -504,6 +518,10 @@ class Request(dict):
         :return: an absolute url to the given view
         :rtype: str
         """
+        # Full URL SERVER_NAME can only be handled in app.url_for
+        if "//" in self.app.config.SERVER_NAME:
+            return self.app.url_for(view_name, _external=True, **kwargs)
+
         scheme = self.scheme
         host = self.server_name
         port = self.server_port
@@ -551,7 +569,7 @@ def parse_multipart_form(body, boundary):
 
             colon_index = form_line.index(":")
             form_header_field = form_line[0:colon_index].lower()
-            form_header_value, form_parameters = parse_header(
+            form_header_value, form_parameters = parse_content_header(
                 form_line[colon_index + 2 :]
             )
 

sanic/response.py

@@ -3,16 +3,16 @@ from mimetypes import guess_type
 from os import path
 from urllib.parse import quote_plus
 
-from aiofiles import open as open_async
-from multidict import CIMultiDict
+from aiofiles import open as open_async  # type: ignore
 
+from sanic.compat import Header
 from sanic.cookies import CookieJar
 from sanic.helpers import STATUS_CODES, has_message_body, remove_entity_headers
 
 
 try:
     from ujson import dumps as json_dumps
-except BaseException:
+except ImportError:
     from json import dumps
 
     # This is done in order to ensure that the JSON response is
@@ -74,7 +74,7 @@ class StreamingHTTPResponse(BaseHTTPResponse):
         self.content_type = content_type
         self.streaming_fn = streaming_fn
         self.status = status
-        self.headers = CIMultiDict(headers or {})
+        self.headers = Header(headers or {})
         self.chunked = chunked
         self._cookies = None
 
@@ -164,7 +164,7 @@ class HTTPResponse(BaseHTTPResponse):
             self.body = body_bytes
 
         self.status = status
-        self.headers = CIMultiDict(headers or {})
+        self.headers = Header(headers or {})
         self._cookies = None
 
     def output(self, version="1.1", keep_alive=False, keep_alive_timeout=None):

sanic/server.py

@@ -10,10 +10,10 @@ from signal import signal as signal_func
 from socket import SO_REUSEADDR, SOL_SOCKET, socket
 from time import time
 
-from httptools import HttpRequestParser
-from httptools.parser.errors import HttpParserError
-from multidict import CIMultiDict
+from httptools import HttpRequestParser  # type: ignore
+from httptools.parser.errors import HttpParserError  # type: ignore
 
+from sanic.compat import Header
 from sanic.exceptions import (
     HeaderExpectationFailed,
     InvalidUsage,
@@ -28,9 +28,10 @@ from sanic.response import HTTPResponse
 
 
 try:
-    import uvloop
+    import uvloop  # type: ignore
 
-    asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())
+    if not isinstance(asyncio.get_event_loop_policy(), uvloop.EventLoopPolicy):
+        asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())
 except ImportError:
     pass
 
@@ -304,7 +305,7 @@ class HttpProtocol(asyncio.Protocol):
     def on_headers_complete(self):
         self.request = self.request_class(
             url_bytes=self.url,
-            headers=CIMultiDict(self.headers),
+            headers=Header(self.headers),
             version=self.parser.get_http_version(),
             method=self.parser.get_method().decode(),
             transport=self.transport,
@@ -633,6 +634,78 @@ def trigger_events(events, loop):
             loop.run_until_complete(result)
 
 
+class AsyncioServer:
+    """
+    Wraps an asyncio server with functionality that might be useful to
+    a user who needs to manage the server lifecycle manually.
+    """
+
+    __slots__ = (
+        "loop",
+        "serve_coro",
+        "_after_start",
+        "_before_stop",
+        "_after_stop",
+        "server",
+        "connections",
+    )
+
+    def __init__(
+        self,
+        loop,
+        serve_coro,
+        connections,
+        after_start,
+        before_stop,
+        after_stop,
+    ):
+        # Note, Sanic already called "before_server_start" events
+        # before this helper was even created. So we don't need it here.
+        self.loop = loop
+        self.serve_coro = serve_coro
+        self._after_start = after_start
+        self._before_stop = before_stop
+        self._after_stop = after_stop
+        self.server = None
+        self.connections = connections
+
+    def after_start(self):
+        """Trigger "after_server_start" events"""
+        trigger_events(self._after_start, self.loop)
+
+    def before_stop(self):
+        """Trigger "before_server_stop" events"""
+        trigger_events(self._before_stop, self.loop)
+
+    def after_stop(self):
+        """Trigger "after_server_stop" events"""
+        trigger_events(self._after_stop, self.loop)
+
+    def is_serving(self):
+        if self.server:
+            return self.server.is_serving()
+        return False
+
+    def wait_closed(self):
+        if self.server:
+            return self.server.wait_closed()
+
+    def close(self):
+        if self.server:
+            self.server.close()
+            coro = self.wait_closed()
+            task = asyncio.ensure_future(coro, loop=self.loop)
+            return task
+
+    def __await__(self):
+        """Starts the asyncio server, returns AsyncServerCoro"""
+        task = asyncio.ensure_future(self.serve_coro)
+        while not task.done():
+            yield
+        self.server = task.result()
+        return self
+
+
 def serve(
     host,
     port,
@@ -699,6 +772,8 @@ def serve(
     :param reuse_port: `True` for multiple workers
     :param loop: asyncio compatible event loop
     :param protocol: subclass of asyncio protocol class
+    :param run_async: bool: Do not create a new event loop for the server,
+                      and return an AsyncServer object rather than running it
     :param request_class: Request class to use
     :param access_log: disable/enable access log
     :param websocket_max_size: enforces the maximum size for
@@ -770,7 +845,14 @@ def serve(
     )
 
     if run_async:
-        return server_coroutine
+        return AsyncioServer(
+            loop,
+            server_coroutine,
+            connections,
+            after_start,
+            before_stop,
+            after_stop,
+        )
 
     trigger_events(before_start, loop)
 

sanic/static.py

@@ -4,7 +4,7 @@ from re import sub
 from time import gmtime, strftime
 from urllib.parse import unquote
 
-from aiofiles.os import stat
+from aiofiles.os import stat  # type: ignore
 
 from sanic.exceptions import (
     ContentRangeError,

sanic/testing.py

@@ -6,9 +6,9 @@ from json import JSONDecodeError
 from socket import socket
 from urllib.parse import unquote, urlsplit
 
-import httpcore
-import requests_async as requests
-import websockets
+import httpcore  # type: ignore
+import requests_async as requests  # type: ignore
+import websockets  # type: ignore
 
 from sanic.asgi import ASGIApp
 from sanic.exceptions import MethodNotSupported
@@ -288,6 +288,14 @@ class SanicASGIAdapter(requests.asgi.ASGIAdapter):  # noqa
             request_complete = True
             return {"type": "http.request", "body": body_bytes}
 
+        request_complete = False
+        response_started = False
+        response_complete = False
+        raw_kwargs = {"content": b""}  # type: typing.Dict[str, typing.Any]
+        template = None
+        context = None
+        return_value = None
+
         async def send(message) -> None:
             nonlocal raw_kwargs, response_started, response_complete, template, context  # noqa
 
@@ -316,14 +324,6 @@ class SanicASGIAdapter(requests.asgi.ASGIAdapter):  # noqa
                 template = message["template"]
                 context = message["context"]
 
-        request_complete = False
-        response_started = False
-        response_complete = False
-        raw_kwargs = {"content": b""}  # type: typing.Dict[str, typing.Any]
-        template = None
-        context = None
-        return_value = None
-
         try:
             return_value = await self.app(scope, receive, send)
         except BaseException as exc:

sanic/views.py

@@ -1,3 +1,5 @@
+from typing import Any, Callable, List
+
 from sanic.constants import HTTP_METHODS
 from sanic.exceptions import InvalidUsage
 
@@ -37,7 +39,7 @@ class HTTPMethodView:
     To add any decorator you could set it into decorators variable
     """
 
-    decorators = []
+    decorators: List[Callable[[Callable[..., Any]], Callable[..., Any]]] = []
 
     def dispatch_request(self, request, *args, **kwargs):
         handler = getattr(self, request.method.lower(), None)

sanic/websocket.py

@@ -1,13 +1,27 @@
-from typing import Any, Awaitable, Callable, MutableMapping, Optional, Union
+from typing import (
+    Any,
+    Awaitable,
+    Callable,
+    Dict,
+    MutableMapping,
+    Optional,
+    Union,
+)
 
-from httptools import HttpParserUpgrade
-from websockets import ConnectionClosed  # noqa
-from websockets import InvalidHandshake, WebSocketCommonProtocol, handshake
+from httptools import HttpParserUpgrade  # type: ignore
+from websockets import (  # type: ignore
+    ConnectionClosed,
+    InvalidHandshake,
+    WebSocketCommonProtocol,
+    handshake,
+)
 
 from sanic.exceptions import InvalidUsage
 from sanic.server import HttpProtocol
 
 
+__all__ = ["ConnectionClosed", "WebSocketProtocol", "WebSocketConnection"]
+
 ASIMessage = MutableMapping[str, Any]
 
 
@@ -105,6 +119,9 @@ class WebSocketProtocol(HttpProtocol):
             read_limit=self.websocket_read_limit,
             write_limit=self.websocket_write_limit,
         )
+        # Following two lines are required for websockets 8.x
+        self.websocket.is_client = False
+        self.websocket.side = "server"
         self.websocket.subprotocol = subprotocol
         self.websocket.connection_made(request.transport)
         self.websocket.connection_open()
@@ -125,14 +142,12 @@ class WebSocketConnection:
         self._receive = receive
 
     async def send(self, data: Union[str, bytes], *args, **kwargs) -> None:
-        message = {"type": "websocket.send"}
+        message: Dict[str, Union[str, bytes]] = {"type": "websocket.send"}
 
-        try:
-            data.decode()
-        except AttributeError:
-            message.update({"text": str(data)})
-        else:
+        if isinstance(data, bytes):
             message.update({"bytes": data})
+        else:
+            message.update({"text": str(data)})
 
         await self._send(message)
 
@@ -144,6 +159,8 @@ class WebSocketConnection:
         elif message["type"] == "websocket.disconnect":
             pass
 
+        return None
+
     receive = recv
 
     async def accept(self) -> None:

sanic/worker.py

@@ -5,19 +5,19 @@ import signal
 import sys
 import traceback
 
-import gunicorn.workers.base as base
+import gunicorn.workers.base as base  # type: ignore
 
 from sanic.server import HttpProtocol, Signal, serve, trigger_events
 from sanic.websocket import WebSocketProtocol
 
 
 try:
-    import ssl
+    import ssl  # type: ignore
 except ImportError:
-    ssl = None
+    ssl = None  # type: ignore
 
 try:
-    import uvloop
+    import uvloop  # type: ignore
 
     asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())
 except ImportError:

scripts/changelog.py

@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+
+from os import path
+
+if __name__ == "__main__":
+    try:
+        import towncrier
+        import click
+    except ImportError:
+        print(
+            "Please make sure you have a installed towncrier and click before using this tool"
+        )
+        exit(1)
+
+    @click.command()
+    @click.option(
+        "--draft",
+        "draft",
+        default=False,
+        flag_value=True,
+        help="Render the news fragments, don't write to files, "
+        "don't check versions.",
+    )
+    @click.option(
+        "--dir", "directory", default=path.dirname(path.abspath(__file__))
+    )
+    @click.option("--name", "project_name", default=None)
+    @click.option(
+        "--version",
+        "project_version",
+        default=None,
+        help="Render the news fragments using given version.",
+    )
+    @click.option("--date", "project_date", default=None)
+    @click.option(
+        "--yes",
+        "answer_yes",
+        default=False,
+        flag_value=True,
+        help="Do not ask for confirmation to remove news fragments.",
+    )
+    def _main(
+        draft,
+        directory,
+        project_name,
+        project_version,
+        project_date,
+        answer_yes,
+    ):
+        return towncrier.__main(
+            draft,
+            directory,
+            project_name,
+            project_version,
+            project_date,
+            answer_yes,
+        )
+
+    _main()

scripts/pyproject.toml

@@ -0,0 +1,33 @@
+[tool.towncrier]
+package = "sanic"
+package_dir = "."
+filename = "../CHANGELOG.rst"
+directory = "./changelogs"
+underlines = ["=", "*", "~"]
+issue_format = "`#{issue} <https://github.com/huge-success/sanic/issues/{issue}>`__"
+title_format = "Version {version}"
+
+[[tool.towncrier.type]]
+directory = "feature"
+name = "Features"
+showcontent = true
+
+[[tool.towncrier.type]]
+directory = "bugfix"
+name = "Bugfixes"
+showcontent = true
+
+[[tool.towncrier.type]]
+directory = "doc"
+name = "Improved Documentation"
+showcontent = true
+
+[[tool.towncrier.type]]
+directory = "removal"
+name = "Deprecations and Removals"
+showcontent = true
+
+[[tool.towncrier.type]]
+directory = "misc"
+name = "Miscellaneous internal changes"
+showcontent = true

scripts/release.py

@@ -5,11 +5,12 @@ from collections import OrderedDict
 from configparser import RawConfigParser
 from datetime import datetime
 from json import dumps
-from os import path
+from os import path, chdir
 from subprocess import Popen, PIPE
 
 from jinja2 import Environment, BaseLoader
 from requests import patch
+import towncrier
 
 GIT_COMMANDS = {
     "get_tag": ["git describe --tags --abbrev=0"],
@@ -56,6 +57,18 @@ RELEASE_NOTE_UPDATE_URL = (
 )
 
 
+class Directory:
+    def __init__(self):
+        self._old_path = path.dirname(path.abspath(__file__))
+        self._new_path = path.dirname(self._old_path)
+
+    def __enter__(self):
+        chdir(self._new_path)
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        chdir(self._old_path)
+
+
 def _run_shell_command(command: list):
     try:
         process = Popen(
@@ -118,14 +131,14 @@ def _get_current_tag(git_command_name="get_tag"):
 
 
 def _update_release_version_for_sanic(
-    current_version, new_version, config_file
+    current_version, new_version, config_file, generate_changelog
 ):
     config_parser = RawConfigParser()
     with open(config_file) as cfg:
         config_parser.read_file(cfg)
     config_parser.set("version", "current_version", new_version)
 
-    version_file = config_parser.get("version", "file")
+    version_files = config_parser.get("version", "files")
     current_version_line = config_parser.get(
         "version", "current_version_pattern"
     ).format(current_version=current_version)
@@ -133,16 +146,27 @@ def _update_release_version_for_sanic(
         "version", "new_version_pattern"
     ).format(new_version=new_version)
 
-    with open(version_file) as init_file:
-        data = init_file.read()
+    for version_file in version_files.split(","):
+        with open(version_file) as init_file:
+            data = init_file.read()
 
-    new_data = data.replace(current_version_line, new_version_line)
-    with open(version_file, "w") as init_file:
-        init_file.write(new_data)
+        new_data = data.replace(current_version_line, new_version_line)
+        with open(version_file, "w") as init_file:
+            init_file.write(new_data)
 
     with open(config_file, "w") as config:
         config_parser.write(config)
 
+    if generate_changelog:
+        towncrier.__main(
+            draft=False,
+            directory=path.dirname(path.abspath(__file__)),
+            project_name=None,
+            project_version=new_version,
+            project_date=None,
+            answer_yes=True,
+        )
+
     command = GIT_COMMANDS.get("commit_version_change")
     command[0] = command[0].format(
         new_version=new_version, current_version=current_version
@@ -240,14 +264,16 @@ def release(args: Namespace):
         current_version=current_version,
         new_version=new_version,
         config_file=args.config,
+        generate_changelog=args.generate_changelog,
     )
-    _tag_release(
-        current_version=current_version,
-        new_version=new_version,
-        milestone=args.milestone,
-        release_name=args.release_name,
-        token=args.token,
-    )
+    if args.tag_release:
+        _tag_release(
+            current_version=current_version,
+            new_version=new_version,
+            milestone=args.milestone,
+            release_name=args.release_name,
+            token=args.token,
+        )
 
 
 if __name__ == "__main__":
@@ -278,13 +304,13 @@ if __name__ == "__main__":
         "--token",
         "-t",
         help="Git access token with necessary access to Huge Sanic Org",
-        required=True,
+        required=False,
     )
     cli.add_argument(
         "--milestone",
         "-ms",
         help="Git Release milestone information to include in relase note",
-        required=True,
+        required=False,
     )
     cli.add_argument(
         "--release-name",
@@ -300,5 +326,28 @@ if __name__ == "__main__":
         action="store_true",
         required=False,
     )
+    cli.add_argument(
+        "--tag-release",
+        help="Tag a new release for Sanic",
+        default=False,
+        action="store_true",
+        required=False,
+    )
+    cli.add_argument(
+        "--generate-changelog",
+        help="Generate changelog for Sanic as part of release",
+        default=False,
+        action="store_true",
+        required=False,
+    )
     args = cli.parse_args()
-    release(args)
+    if args.tag_release:
+        for key, value in {
+            "--token/-t": args.token,
+            "--milestone/-m": args.milestone,
+        }.items():
+            if not value:
+                print(f"{key} is mandatory while using --tag-release")
+                exit(1)
+    with Directory():
+        release(args)

setup.cfg

@@ -14,7 +14,8 @@ multi_line_output = 3
 not_skip = __init__.py
 
 [version]
-current_version = 19.3.1
-file = sanic/__init__.py
+current_version = 19.9.0
+files = sanic/__version__.py
 current_version_pattern = __version__ = "{current_version}"
 new_version_pattern = __version__ = "{new_version}"
+

setup.py

@@ -36,7 +36,7 @@ def open_local(paths, mode="r", encoding="utf8"):
     return codecs.open(path, mode, encoding)
 
 
-with open_local(["sanic", "__init__.py"], encoding="latin1") as fp:
+with open_local(["sanic", "__version__.py"], encoding="latin1") as fp:
     try:
         version = re.findall(
             r"^__version__ = \"([^']+)\"\r?$", fp.read(), re.M
@@ -80,13 +80,13 @@ requirements = [
     uvloop,
     ujson,
     "aiofiles>=0.3.0",
-    "websockets>=6.0,<7.0",
+    "websockets>=7.0,<9.0",
     "multidict>=4.0,<5.0",
     "requests-async==0.5.0",
 ]
 
 tests_require = [
-    "pytest==4.1.0",
+    "pytest==5.2.1",
     "multidict>=4.0,<5.0",
     "gunicorn",
     "pytest-cov",
@@ -99,6 +99,25 @@ tests_require = [
     "pytest-benchmark",
 ]
 
+docs_require = [
+    "sphinx>=2.1.2",
+    "sphinx_rtd_theme",
+    "recommonmark>=0.5.0",
+    "docutils",
+    "pygments",
+]
+
+dev_require = tests_require + [
+    "aiofiles",
+    "tox",
+    "black",
+    "flake8",
+    "bandit",
+    "towncrier",
+]
+
+all_require = dev_require + docs_require
+
 if strtobool(os.environ.get("SANIC_NO_UJSON", "no")):
     print("Installing without uJSON")
     requirements.remove(ujson)
@@ -112,15 +131,9 @@ if strtobool(os.environ.get("SANIC_NO_UVLOOP", "no")):
 
 extras_require = {
     "test": tests_require,
-    "dev": tests_require + ["aiofiles", "tox", "black", "flake8", "bandit"],
-    "docs": [
-        "sphinx",
-        "sphinx_rtd_theme",
-        "recommonmark",
-        "sphinxcontrib-asyncio",
-        "docutils",
-        "pygments",
-    ],
+    "dev": dev_require,
+    "docs": docs_require,
+    "all": all_require,
 }
 
 setup_kwargs["install_requires"] = requirements

tests/test_asgi.py

@@ -9,7 +9,7 @@ from sanic import Sanic
 from sanic.asgi import MockTransport
 from sanic.exceptions import InvalidUsage
 from sanic.request import Request
-from sanic.response import text
+from sanic.response import json, text
 from sanic.websocket import WebSocketConnection
 
 
@@ -229,3 +229,54 @@ async def test_request_class_custom():
 
     _, response = await app.asgi_client.get("/custom")
     assert response.body == b"MyCustomRequest"
+
+
+@pytest.mark.asyncio
+async def test_cookie_customization(app):
+    @app.get("/cookie")
+    def get_cookie(request):
+        response = text("There's a cookie up in this response")
+        response.cookies["test"] = "Cookie1"
+        response.cookies["test"]["httponly"] = True
+
+        response.cookies["c2"] = "Cookie2"
+        response.cookies["c2"]["httponly"] = False
+
+        return response
+
+    _, response = await app.asgi_client.get("/cookie")
+    cookie_map = {
+        "test": {"value": "Cookie1", "HttpOnly": True},
+        "c2": {"value": "Cookie2", "HttpOnly": False},
+    }
+
+    for k, v in (
+        response.cookies._cookies.get("mockserver.local").get("/").items()
+    ):
+        assert cookie_map.get(k).get("value") == v.value
+        if cookie_map.get(k).get("HttpOnly"):
+            assert "HttpOnly" in v._rest.keys()
+
+
+@pytest.mark.asyncio
+async def test_json_content_type(app):
+    @app.get("/json")
+    def send_json(request):
+        return json({"foo": "bar"})
+
+    @app.get("/text")
+    def send_text(request):
+        return text("foobar")
+
+    @app.get("/custom")
+    def send_custom(request):
+        return text("foobar", content_type="somethingelse")
+
+    _, response = await app.asgi_client.get("/json")
+    assert response.headers.get("content-type") == "application/json"
+
+    _, response = await app.asgi_client.get("/text")
+    assert response.headers.get("content-type") == "text/plain; charset=utf-8"
+
+    _, response = await app.asgi_client.get("/custom")
+    assert response.headers.get("content-type") == "somethingelse"

tests/test_headers.py

@@ -0,0 +1,57 @@
+import pytest
+
+from sanic import headers
+
+
+@pytest.mark.parametrize(
+    "input, expected",
+    [
+        ("text/plain", ("text/plain", {})),
+        ("text/vnd.just.made.this.up ; ", ("text/vnd.just.made.this.up", {})),
+        ("text/plain;charset=us-ascii", ("text/plain", {"charset": "us-ascii"})),
+        ('text/plain ; charset="us-ascii"', ("text/plain", {"charset": "us-ascii"})),
+        (
+            'text/plain ; charset="us-ascii"; another=opt',
+            ("text/plain", {"charset": "us-ascii", "another": "opt"})
+        ),
+        (
+            'attachment; filename="silly.txt"',
+            ("attachment", {"filename": "silly.txt"})
+        ),
+        (
+            'attachment; filename="strange;name"',
+            ("attachment", {"filename": "strange;name"})
+        ),
+        (
+            'attachment; filename="strange;name";size=123;',
+            ("attachment", {"filename": "strange;name", "size": "123"})
+        ),
+        (
+            'form-data; name="files"; filename="fo\\"o;bar\\"',
+            ('form-data', {'name': 'files', 'filename': 'fo"o;bar\\'})
+            # cgi.parse_header:
+            # ('form-data', {'name': 'files', 'filename': 'fo"o;bar\\'})
+            # werkzeug.parse_options_header:
+            # ('form-data', {'name': 'files', 'filename': '"fo\\"o', 'bar\\"': None})
+        ),
+        # <input type=file name="foo&quot;;bar\"> with Unicode filename!
+        (
+            # Chrome:
+            # Content-Disposition: form-data; name="foo%22;bar\"; filename="😀"
+            'form-data; name="foo%22;bar\\"; filename="😀"',
+            ('form-data', {'name': 'foo";bar\\', 'filename': '😀'})
+            # cgi: ('form-data', {'name': 'foo%22;bar"; filename="😀'})
+            # werkzeug: ('form-data', {'name': 'foo%22;bar"; filename='})
+        ),
+        (
+            # Firefox:
+            # Content-Disposition: form-data; name="foo\";bar\"; filename="😀"
+            'form-data; name="foo\\";bar\\"; filename="😀"',
+            ('form-data', {'name': 'foo";bar\\', 'filename': '😀'})
+            # cgi: ('form-data', {'name': 'foo";bar"; filename="😀'})
+            # werkzeug: ('form-data', {'name': 'foo";bar"; filename='})
+        ),
+    ]
+)
+def test_parse_headers(input, expected):
+    assert headers.parse_content_header(input) == expected

tests/test_multiprocessing.py

@@ -5,6 +5,7 @@ import signal
 
 import pytest
 
+from sanic import Blueprint
 from sanic.response import text
 from sanic.testing import HOST, PORT
 
@@ -37,8 +38,6 @@ def test_multiprocessing(app):
     reason="SIGALRM is not implemented for this platform",
 )
 def test_multiprocessing_with_blueprint(app):
-    from sanic import Blueprint
-
     # Selects a number at random so we can spot check
     num_workers = random.choice(range(2, multiprocessing.cpu_count() * 2 + 1))
     process_list = set()
@@ -64,27 +63,27 @@ def handler(request):
     return text("Hello")
 
 
-# Muliprocessing on Windows requires app to be able to be pickled
+# Multiprocessing on Windows requires app to be able to be pickled
 @pytest.mark.parametrize("protocol", [3, 4])
 def test_pickle_app(app, protocol):
     app.route("/")(handler)
     p_app = pickle.dumps(app, protocol=protocol)
+    del app
     up_p_app = pickle.loads(p_app)
     assert up_p_app
-    request, response = app.test_client.get("/")
+    request, response = up_p_app.test_client.get("/")
     assert response.text == "Hello"
 
 
 @pytest.mark.parametrize("protocol", [3, 4])
 def test_pickle_app_with_bp(app, protocol):
-    from sanic import Blueprint
-
     bp = Blueprint("test_text")
     bp.route("/")(handler)
     app.blueprint(bp)
     p_app = pickle.dumps(app, protocol=protocol)
+    del app
     up_p_app = pickle.loads(p_app)
     assert up_p_app
-    request, response = app.test_client.get("/")
-    assert app.is_request_stream is False
+    request, response = up_p_app.test_client.get("/")
+    assert up_p_app.is_request_stream is False
     assert response.text == "Hello"

tests/test_request_data.py

@@ -8,22 +8,72 @@ try:
 except ImportError:
     from json import loads
 
-
-def test_storage(app):
+def test_custom_context(app):
     @app.middleware("request")
     def store(request):
+        request.ctx.user = "sanic"
+        request.ctx.session = None
+
+    @app.route("/")
+    def handler(request):
+        # Accessing non-existant key should fail with AttributeError
+        try:
+            invalid = request.ctx.missing
+        except AttributeError as e:
+            invalid = str(e)
+        return json({
+            "user": request.ctx.user,
+            "session": request.ctx.session,
+            "has_user": hasattr(request.ctx, "user"),
+            "has_session": hasattr(request.ctx, "session"),
+            "has_missing": hasattr(request.ctx, "missing"),
+            "invalid": invalid
+        })
+
+    request, response = app.test_client.get("/")
+    assert response.json == {
+        "user": "sanic",
+        "session": None,
+        "has_user": True,
+        "has_session": True,
+        "has_missing": False,
+        "invalid": "'types.SimpleNamespace' object has no attribute 'missing'",
+    }
+
+
+# Remove this once the deprecated API is abolished.
+def test_custom_context_old(app):
+    @app.middleware("request")
+    def store(request):
+        try:
+            request["foo"]
+        except KeyError:
+            pass
         request["user"] = "sanic"
-        request["sidekick"] = "tails"
+        sidekick = request.get("sidekick", "tails")  # Item missing -> default
+        request["sidekick"] = sidekick
+        request["bar"] = request["sidekick"]
         del request["sidekick"]
 
     @app.route("/")
     def handler(request):
         return json(
-            {"user": request.get("user"), "sidekick": request.get("sidekick")}
+            {
+                "user": request.get("user"),
+                "sidekick": request.get("sidekick"),
+                "has_bar": "bar" in request,
+                "has_sidekick": "sidekick" in request,
+            }
         )
 
     request, response = app.test_client.get("/")
 
+    assert response.json == {
+        "user": "sanic",
+        "sidekick": None,
+        "has_bar": True,
+        "has_sidekick": False,
+    }
     response_json = loads(response.text)
     assert response_json["user"] == "sanic"
     assert response_json.get("sidekick") is None

tests/test_requests.py

@@ -401,8 +401,232 @@ async def test_content_type_asgi(app):
     assert response.text == "application/json"
 
 
+def test_standard_forwarded(app):
+    @app.route("/")
+    async def handler(request):
+        return json(request.forwarded)
+
+    # Without configured FORWARDED_SECRET, x-headers should be respected
+    app.config.PROXIES_COUNT = 1
+    app.config.REAL_IP_HEADER = "x-real-ip"
+    headers = {
+        "Forwarded": (
+            'for=1.1.1.1, for=injected;host="'
+            ', for="[::2]";proto=https;host=me.tld;path="/app/";secret=mySecret'
+            ',for=broken;;secret=b0rked'
+            ', for=127.0.0.3;scheme=http;port=1234'
+        ),
+        "X-Real-IP": "127.0.0.2",
+        "X-Forwarded-For": "127.0.1.1",
+        "X-Scheme": "ws",
+    }
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == { "for": "127.0.0.2", "proto": "ws" }
+    assert request.remote_addr == "127.0.0.2"
+    assert request.scheme == "ws"
+    assert request.server_port == 80
+
+    app.config.FORWARDED_SECRET = "mySecret"
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {
+        "for": "[::2]",
+        "proto": "https",
+        "host": "me.tld",
+        "path": "/app/",
+        "secret": "mySecret"
+    }
+    assert request.remote_addr == "[::2]"
+    assert request.server_name == "me.tld"
+    assert request.scheme == "https"
+    assert request.server_port == 443
+
+    # Empty Forwarded header -> use X-headers
+    headers["Forwarded"] = ""
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == { "for": "127.0.0.2", "proto": "ws" }
+
+    # Header present but not matching anything
+    request, response = app.test_client.get("/", headers={"Forwarded": "."})
+    assert response.json == {}
+
+    # Forwarded header present but no matching secret -> use X-headers
+    headers = {
+        "Forwarded": 'for=1.1.1.1;secret=x, for=127.0.0.1',
+        "X-Real-IP": "127.0.0.2"
+    }
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {"for": "127.0.0.2"}
+    assert request.remote_addr == "127.0.0.2"
+
+    # Different formatting and hitting both ends of the header
+    headers = {"Forwarded": 'Secret="mySecret";For=127.0.0.4;Port=1234'}
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {
+        "for": "127.0.0.4",
+        "port": 1234,
+        "secret": "mySecret"
+    }
+
+    # Test escapes (modify this if you see anyone implementing quoted-pairs)
+    headers = {"Forwarded": 'for=test;quoted="\\,x=x;y=\\";secret=mySecret'}
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {
+        "for": "test",
+        "quoted": '\\,x=x;y=\\',
+        "secret": "mySecret"
+    }
+
+    # Secret insulated by malformed field #1
+    headers = {"Forwarded": 'for=test;secret=mySecret;b0rked;proto=wss;'}
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {"for": "test", "secret": "mySecret"}
+
+    # Secret insulated by malformed field #2
+    headers = {"Forwarded": 'for=test;b0rked;secret=mySecret;proto=wss'}
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {"proto": "wss", "secret": "mySecret"}
+
+    # Unexpected termination should not lose existing acceptable values
+    headers = {"Forwarded": 'b0rked;secret=mySecret;proto=wss'}
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {"proto": "wss", "secret": "mySecret"}
+
+    # Field normalization
+    headers = {
+        "Forwarded": 'PROTO=WSS;BY="CAFE::8000";FOR=unknown;PORT=X;HOST="A:2";'
+          'PATH="/With%20Spaces%22Quoted%22/sanicApp?key=val";SECRET=mySecret'
+    }
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {
+        "proto": "wss",
+        "by": "[cafe::8000]",
+        "host": "a:2",
+        "path": '/With Spaces"Quoted"/sanicApp?key=val',
+        "secret": "mySecret",
+    }
+
+    # Using "by" field as secret
+    app.config.FORWARDED_SECRET = "_proxySecret"
+    headers = {"Forwarded": 'for=1.2.3.4; by=_proxySecret'}
+    request, response = app.test_client.get("/", headers=headers)
+    assert response.json == {"for": "1.2.3.4", "by": "_proxySecret"}
+
+
+@pytest.mark.asyncio
+async def test_standard_forwarded_asgi(app):
+    @app.route("/")
+    async def handler(request):
+        return json(request.forwarded)
+
+    # Without configured FORWARDED_SECRET, x-headers should be respected
+    app.config.PROXIES_COUNT = 1
+    app.config.REAL_IP_HEADER = "x-real-ip"
+    headers = {
+        "Forwarded": (
+            'for=1.1.1.1, for=injected;host="'
+            ', for="[::2]";proto=https;host=me.tld;path="/app/";secret=mySecret'
+            ',for=broken;;secret=b0rked'
+            ', for=127.0.0.3;scheme=http;port=1234'
+        ),
+        "X-Real-IP": "127.0.0.2",
+        "X-Forwarded-For": "127.0.1.1",
+        "X-Scheme": "ws",
+    }
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == { "for": "127.0.0.2", "proto": "ws" }
+    assert request.remote_addr == "127.0.0.2"
+    assert request.scheme == "ws"
+    assert request.server_port == 80
+
+    app.config.FORWARDED_SECRET = "mySecret"
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {
+        "for": "[::2]",
+        "proto": "https",
+        "host": "me.tld",
+        "path": "/app/",
+        "secret": "mySecret"
+    }
+    assert request.remote_addr == "[::2]"
+    assert request.server_name == "me.tld"
+    assert request.scheme == "https"
+    assert request.server_port == 443
+
+    # Empty Forwarded header -> use X-headers
+    headers["Forwarded"] = ""
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == { "for": "127.0.0.2", "proto": "ws" }
+
+    # Header present but not matching anything
+    request, response = await app.asgi_client.get("/", headers={"Forwarded": "."})
+    assert response.json() == {}
+
+    # Forwarded header present but no matching secret -> use X-headers
+    headers = {
+        "Forwarded": 'for=1.1.1.1;secret=x, for=127.0.0.1',
+        "X-Real-IP": "127.0.0.2"
+    }
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {"for": "127.0.0.2"}
+    assert request.remote_addr == "127.0.0.2"
+
+    # Different formatting and hitting both ends of the header
+    headers = {"Forwarded": 'Secret="mySecret";For=127.0.0.4;Port=1234'}
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {
+        "for": "127.0.0.4",
+        "port": 1234,
+        "secret": "mySecret"
+    }
+
+    # Test escapes (modify this if you see anyone implementing quoted-pairs)
+    headers = {"Forwarded": 'for=test;quoted="\\,x=x;y=\\";secret=mySecret'}
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {
+        "for": "test",
+        "quoted": '\\,x=x;y=\\',
+        "secret": "mySecret"
+    }
+
+    # Secret insulated by malformed field #1
+    headers = {"Forwarded": 'for=test;secret=mySecret;b0rked;proto=wss;'}
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {"for": "test", "secret": "mySecret"}
+
+    # Secret insulated by malformed field #2
+    headers = {"Forwarded": 'for=test;b0rked;secret=mySecret;proto=wss'}
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {"proto": "wss", "secret": "mySecret"}
+
+    # Unexpected termination should not lose existing acceptable values
+    headers = {"Forwarded": 'b0rked;secret=mySecret;proto=wss'}
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {"proto": "wss", "secret": "mySecret"}
+
+    # Field normalization
+    headers = {
+        "Forwarded": 'PROTO=WSS;BY="CAFE::8000";FOR=unknown;PORT=X;HOST="A:2";'
+          'PATH="/With%20Spaces%22Quoted%22/sanicApp?key=val";SECRET=mySecret'
+    }
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {
+        "proto": "wss",
+        "by": "[cafe::8000]",
+        "host": "a:2",
+        "path": '/With Spaces"Quoted"/sanicApp?key=val',
+        "secret": "mySecret",
+    }
+
+    # Using "by" field as secret
+    app.config.FORWARDED_SECRET = "_proxySecret"
+    headers = {"Forwarded": 'for=1.2.3.4; by=_proxySecret'}
+    request, response = await app.asgi_client.get("/", headers=headers)
+    assert response.json() == {"for": "1.2.3.4", "by": "_proxySecret"}
+
+
 def test_remote_addr_with_two_proxies(app):
     app.config.PROXIES_COUNT = 2
+    app.config.REAL_IP_HEADER = "x-real-ip"
 
     @app.route("/")
     async def handler(request):
@@ -443,6 +667,7 @@ def test_remote_addr_with_two_proxies(app):
 @pytest.mark.asyncio
 async def test_remote_addr_with_two_proxies_asgi(app):
     app.config.PROXIES_COUNT = 2
+    app.config.REAL_IP_HEADER = "x-real-ip"
 
     @app.route("/")
     async def handler(request):
@@ -480,57 +705,6 @@ async def test_remote_addr_with_two_proxies_asgi(app):
     assert response.text == "127.0.0.1"
 
 
-def test_remote_addr_with_infinite_number_of_proxies(app):
-    app.config.PROXIES_COUNT = -1
-
-    @app.route("/")
-    async def handler(request):
-        return text(request.remote_addr)
-
-    headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
-    request, response = app.test_client.get("/", headers=headers)
-    assert request.remote_addr == "127.0.0.2"
-    assert response.text == "127.0.0.2"
-
-    headers = {"X-Forwarded-For": "127.0.1.1"}
-    request, response = app.test_client.get("/", headers=headers)
-    assert request.remote_addr == "127.0.1.1"
-    assert response.text == "127.0.1.1"
-
-    headers = {
-        "X-Forwarded-For": "127.0.0.5, 127.0.0.4, 127.0.0.3, 127.0.0.2, 127.0.0.1"
-    }
-    request, response = app.test_client.get("/", headers=headers)
-    assert request.remote_addr == "127.0.0.5"
-    assert response.text == "127.0.0.5"
-
-
-@pytest.mark.asyncio
-async def test_remote_addr_with_infinite_number_of_proxies_asgi(app):
-    app.config.PROXIES_COUNT = -1
-
-    @app.route("/")
-    async def handler(request):
-        return text(request.remote_addr)
-
-    headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
-    request, response = await app.asgi_client.get("/", headers=headers)
-    assert request.remote_addr == "127.0.0.2"
-    assert response.text == "127.0.0.2"
-
-    headers = {"X-Forwarded-For": "127.0.1.1"}
-    request, response = await app.asgi_client.get("/", headers=headers)
-    assert request.remote_addr == "127.0.1.1"
-    assert response.text == "127.0.1.1"
-
-    headers = {
-        "X-Forwarded-For": "127.0.0.5, 127.0.0.4, 127.0.0.3, 127.0.0.2, 127.0.0.1"
-    }
-    request, response = await app.asgi_client.get("/", headers=headers)
-    assert request.remote_addr == "127.0.0.5"
-    assert response.text == "127.0.0.5"
-
-
 def test_remote_addr_without_proxy(app):
     app.config.PROXIES_COUNT = 0
 
@@ -634,14 +808,17 @@ def test_forwarded_scheme(app):
     async def handler(request):
         return text(request.remote_addr)
 
+    app.config.PROXIES_COUNT = 1
     request, response = app.test_client.get("/")
-    assert request.scheme == 'http'
+    assert request.scheme == "http"
 
-    request, response = app.test_client.get("/", headers={'X-Forwarded-Proto': 'https'})
-    assert request.scheme == 'https'
+    request, response = app.test_client.get(
+        "/", headers={"X-Forwarded-For": "127.1.2.3", "X-Forwarded-Proto": "https"}
+    )
+    assert request.scheme == "https"
 
-    request, response = app.test_client.get("/", headers={'X-Scheme': 'https'})
-    assert request.scheme == 'https'
+    request, response = app.test_client.get("/", headers={"X-Forwarded-For": "127.1.2.3", "X-Scheme": "https"})
+    assert request.scheme == "https"
 
 
 def test_match_info(app):
@@ -1322,9 +1499,6 @@ def test_request_bool(app):
     request, response = app.test_client.get("/")
     assert bool(request)
 
-    request.transport = False
-    assert not bool(request)
-
 
 def test_request_parsing_form_failed(app, caplog):
     @app.route("/", methods=["POST"])
@@ -1677,7 +1851,7 @@ def test_request_server_name(app):
         return text("OK")
 
     request, response = app.test_client.get("/")
-    assert request.server_name == '127.0.0.1'
+    assert request.server_name == "127.0.0.1"
 
 
 def test_request_server_name_in_host_header(app):
@@ -1685,8 +1859,20 @@ def test_request_server_name_in_host_header(app):
     def handler(request):
         return text("OK")
 
-    request, response = app.test_client.get("/", headers={'Host': 'my_server:5555'})
-    assert request.server_name == 'my_server'
+    request, response = app.test_client.get(
+        "/", headers={"Host": "my-server:5555"}
+    )
+    assert request.server_name == "my-server"
+
+    request, response = app.test_client.get(
+        "/", headers={"Host": "[2a00:1450:400f:80c::200e]:5555"}
+    )
+    assert request.server_name == "[2a00:1450:400f:80c::200e]"
+
+    request, response = app.test_client.get(
+        "/", headers={"Host": "mal_formed"}
+    )
+    assert request.server_name == None   # For now (later maybe 127.0.0.1)
 
 
 def test_request_server_name_forwarded(app):
@@ -1694,11 +1880,12 @@ def test_request_server_name_forwarded(app):
     def handler(request):
         return text("OK")
 
-    request, response = app.test_client.get("/", headers={
-        'Host': 'my_server:5555',
-        'X-Forwarded-Host': 'your_server'
-    })
-    assert request.server_name == 'your_server'
+    app.config.PROXIES_COUNT = 1
+    request, response = app.test_client.get(
+        "/",
+        headers={"Host": "my-server:5555", "X-Forwarded-For": "127.1.2.3", "X-Forwarded-Host": "your-server"},
+    )
+    assert request.server_name == "your-server"
 
 
 def test_request_server_port(app):
@@ -1706,9 +1893,7 @@ def test_request_server_port(app):
     def handler(request):
         return text("OK")
 
-    request, response = app.test_client.get("/", headers={
-        'Host': 'my_server'
-    })
+    request, response = app.test_client.get("/", headers={"Host": "my-server"})
     assert request.server_port == app.test_client.port
 
 
@@ -1717,21 +1902,31 @@ def test_request_server_port_in_host_header(app):
     def handler(request):
         return text("OK")
 
-    request, response = app.test_client.get("/", headers={
-        'Host': 'my_server:5555'
-    })
+    request, response = app.test_client.get(
+        "/", headers={"Host": "my-server:5555"}
+    )
     assert request.server_port == 5555
 
+    request, response = app.test_client.get(
+        "/", headers={"Host": "[2a00:1450:400f:80c::200e]:5555"}
+    )
+    assert request.server_port == 5555
+
+    request, response = app.test_client.get(
+        "/", headers={"Host": "mal_formed:5555"}
+    )
+    assert request.server_port == app.test_client.port
+
 
 def test_request_server_port_forwarded(app):
     @app.get("/")
     def handler(request):
         return text("OK")
 
-    request, response = app.test_client.get("/", headers={
-        'Host': 'my_server:5555',
-        'X-Forwarded-Port': '4444'
-    })
+    app.config.PROXIES_COUNT = 1
+    request, response = app.test_client.get(
+        "/", headers={"Host": "my-server:5555", "X-Forwarded-For": "127.1.2.3", "X-Forwarded-Port": "4444"}
+    )
     assert request.server_port == 4444
 
 
@@ -1745,6 +1940,23 @@ def test_request_form_invalid_content_type(app):
     assert request.form == {}
 
 
+def test_server_name_and_url_for(app):
+    @app.get("/foo")
+    def handler(request):
+        return text("ok")
+
+    app.config.SERVER_NAME = "my-server"
+    assert app.url_for("handler", _external=True) == "http://my-server/foo"
+    request, response = app.test_client.get("/foo")
+    assert request.url_for("handler") == f"http://my-server:{app.test_client.port}/foo"
+
+    app.config.SERVER_NAME = "https://my-server/path"
+    request, response = app.test_client.get("/foo")
+    url = f"https://my-server/path/foo"
+    assert app.url_for("handler", _external=True) == url
+    assert request.url_for("handler") == url
+
+
 def test_url_for_with_forwarded_request(app):
     @app.get("/")
     def handler(request):
@@ -1754,29 +1966,26 @@ def test_url_for_with_forwarded_request(app):
     def view_name(request):
         return text("OK")
 
-    request, response = app.test_client.get("/", headers={
-        'X-Forwarded-Proto': 'https',
-    })
-    assert app.url_for('view_name') == '/another_view'
-    assert app.url_for('view_name', _external=True) == 'http:///another_view'
-    assert request.url_for('view_name') == 'https://127.0.0.1:{}/another_view'.format(app.test_client.port)
+    app.config.SERVER_NAME = "my-server"
+    app.config.PROXIES_COUNT = 1
+    request, response = app.test_client.get(
+        "/", headers={"X-Forwarded-For": "127.1.2.3", "X-Forwarded-Proto": "https", "X-Forwarded-Port": "6789"}
+    )
+    assert app.url_for("view_name") == "/another_view"
+    assert (
+        app.url_for("view_name", _external=True)
+        == "http://my-server/another_view"
+    )
+    assert (
+        request.url_for("view_name") == "https://my-server:6789/another_view"
+    )
 
-    app.config.SERVER_NAME = "my_server"
-    request, response = app.test_client.get("/", headers={
-        'X-Forwarded-Proto': 'https',
-        'X-Forwarded-Port': '6789',
-    })
-    assert app.url_for('view_name') == '/another_view'
-    assert app.url_for('view_name', _external=True) == 'http://my_server/another_view'
-    assert request.url_for('view_name') == 'https://my_server:6789/another_view'
+    request, response = app.test_client.get(
+        "/", headers={"X-Forwarded-For": "127.1.2.3", "X-Forwarded-Proto": "https", "X-Forwarded-Port": "443"}
+    )
+    assert request.url_for("view_name") == "https://my-server/another_view"
 
-    request, response = app.test_client.get("/", headers={
-        'X-Forwarded-Proto': 'https',
-        'X-Forwarded-Port': '443',
-    })
-    assert request.url_for('view_name') == 'https://my_server/another_view'
 
-    
 @pytest.mark.asyncio
 async def test_request_form_invalid_content_type_asgi(app):
     @app.route("/", methods=["POST"])
@@ -1787,7 +1996,7 @@ async def test_request_form_invalid_content_type_asgi(app):
 
     assert request.form == {}
 
-    
+
 def test_endpoint_basic():
     app = Sanic()
 

tests/test_server_events.py

@@ -1,3 +1,4 @@
+import asyncio
 import signal
 
 import pytest
@@ -89,3 +90,52 @@ async def test_trigger_before_events_create_server(app):
 
     assert hasattr(app, "db")
     assert isinstance(app.db, MySanicDb)
+
+def test_create_server_trigger_events(app):
+    """Test if create_server can trigger server events"""
+
+    flag1 = False
+    flag2 = False
+    flag3 = False
+
+    async def stop(app, loop):
+        nonlocal flag1
+        flag1 = True
+        await asyncio.sleep(0.1)
+        app.stop()
+
+    async def before_stop(app, loop):
+        nonlocal flag2
+        flag2 = True
+
+    async def after_stop(app, loop):
+        nonlocal flag3
+        flag3 = True
+
+    app.listener("after_server_start")(stop)
+    app.listener("before_server_stop")(before_stop)
+    app.listener("after_server_stop")(after_stop)
+
+    loop = asyncio.get_event_loop()
+    serv_coro = app.create_server(return_asyncio_server=True)
+    serv_task = asyncio.ensure_future(serv_coro, loop=loop)
+    server = loop.run_until_complete(serv_task)
+    server.after_start()
+    try:
+        loop.run_forever()
+    except KeyboardInterrupt as e:
+        loop.stop()
+    finally:
+        # Run the on_stop function if provided
+        server.before_stop()
+
+        # Wait for server to close
+        close_task = server.close()
+        loop.run_until_complete(close_task)
+
+        # Complete all tasks on the loop
+        signal.stopped = True
+        for connection in server.connections:
+            connection.close_if_idle()
+        server.after_stop()
+    assert flag1 and flag2 and flag3

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, {py36,py37}-no-ext, lint, check, security
+envlist = py36, py37, {py36,py37}-no-ext, lint, check, security, docs
 
 [testenv]
 usedevelop = True
@@ -8,7 +8,7 @@ setenv =
     {py36,py37}-no-ext: SANIC_NO_UVLOOP=1
 deps =
     coverage
-    pytest==4.1.0
+    pytest==5.2.1
     pytest-cov
     pytest-sanic
     pytest-sugar
@@ -19,7 +19,7 @@ deps =
     gunicorn
     pytest-benchmark
     uvicorn
-    websockets>=6.0,<7.0
+    websockets>=7.0,<8.0
 commands =
     pytest {posargs:tests --cov sanic}
     - coverage combine --append
@@ -38,6 +38,13 @@ commands =
     black --config ./.black.toml --check --verbose sanic/
     isort --check-only --recursive sanic
 
+[testenv:type-checking]
+deps =
+    mypy
+
+commands =
+    mypy sanic
+
 [testenv:check]
 deps =
     docutils
@@ -55,3 +62,17 @@ deps =
 
 commands =
     bandit --recursive sanic --skip B404,B101 --exclude sanic/reloader_helpers.py
+
+[testenv:docs]
+platform = linux|linux2|darwin
+whitelist_externals = make
+deps =
+    sphinx>=2.1.2
+    sphinx_rtd_theme>=0.4.3
+    recommonmark>=0.5.0
+    docutils
+    pygments
+    gunicorn
+
+commands =
+    make docs-test