# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)

# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php

# Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php

# Licensed to PSF under a Contributor Agreement

"""

Middleware to check for obedience to the WSGI specification.



Some of the things this checks:



* Signature of the application and start_response (including that

  keyword arguments are not used).



* Environment checks:



  - Environment is a dictionary (and not a subclass).



  - That all the required keys are in the environment: REQUEST_METHOD,

    SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors,

    wsgi.multithread, wsgi.multiprocess, wsgi.run_once



  - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the

    environment (these headers should appear as CONTENT_LENGTH and

    CONTENT_TYPE).



  - Warns if QUERY_STRING is missing, as the cgi module acts

    unpredictably in that case.



  - That CGI-style variables (that don't contain a .) have

    (non-unicode) string values



  - That wsgi.version is a tuple



  - That wsgi.url_scheme is 'http' or 'https' (@@: is this too

    restrictive?)



  - Warns if the REQUEST_METHOD is not known (@@: probably too

    restrictive).



  - That SCRIPT_NAME and PATH_INFO are empty or start with /



  - That at least one of SCRIPT_NAME or PATH_INFO are set.



  - That CONTENT_LENGTH is a positive integer.



  - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should

    be '/').



  - That wsgi.input has the methods read, readline, readlines, and

    __iter__



  - That wsgi.errors has the methods flush, write, writelines



* The status is a string, contains a space, starts with an integer,

  and that integer is in range (> 100).



* That the headers is a list (not a subclass, not another kind of

  sequence).



* That the items of the headers are tuples of strings.



* That there is no 'status' header (that is used in CGI, but not in

  WSGI).



* That the headers don't contain newlines or colons, end in _ or -, or

  contain characters codes below 037.



* That Content-Type is given if there is content (CGI often has a

  default content type, but WSGI does not).



* That no Content-Type is given when there is no content (@@: is this

  too restrictive?)



* That the exc_info argument to start_response is a tuple or None.



* That all calls to the writer are with strings, and no other methods

  on the writer are accessed.



* That wsgi.input is used properly:



  - .read() is called with zero or one argument



  - That it returns a string



  - That readline, readlines, and __iter__ return strings



  - That .close() is not called



  - No other methods are provided



* That wsgi.errors is used properly:



  - .write() and .writelines() is called with a string



  - That .close() is not called, and no other methods are provided.



* The response iterator:



  - That it is not a string (it should be a list of a single string; a

    string will work, but perform horribly).



  - That .next() returns a string



  - That the iterator is not iterated over until start_response has

    been called (that can signal either a server or application

    error).



  - That .close() is called (doesn't raise exception, only prints to

    sys.stderr, because we only know it isn't called when the object

    is garbage collected).

"""

__all__ = ['validator']





import re

import sys

from types import DictType, StringType, TupleType, ListType

import warnings



header_re = re.compile(r'^[a-zA-Z][a-zA-Z0-9\-_]*$')

bad_header_value_re = re.compile(r'[\000-\037]')



class WSGIWarning(Warning):

    """

    Raised in response to WSGI-spec-related warnings

    """



def assert_(cond, *args):

    if not cond:

        raise AssertionError(*args)



def validator(application):



    """

    When applied between a WSGI server and a WSGI application, this

    middleware will check for WSGI compliancy on a number of levels.

    This middleware does not modify the request or response in any

    way, but will throw an AssertionError if anything seems off

    (except for a failure to close the application iterator, which

    will be printed to stderr -- there's no way to throw an exception

    at that point).

    """



    def lint_app(*args, **kw):

        assert_(len(args) == 2, "Two arguments required")

        assert_(not kw, "No keyword arguments allowed")

        environ, start_response = args



        check_environ(environ)



        # We use this to check if the application returns without

        # calling start_response:

        start_response_started = []



        def start_response_wrapper(*args, **kw):

            assert_(len(args) == 2 or len(args) == 3, (

                "Invalid number of arguments: %s" % (args,)))

            assert_(not kw, "No keyword arguments allowed")

            status = args[0]

            headers = args[1]

            if len(args) == 3:

                exc_info = args[2]

            else:

                exc_info = None



            check_status(status)

            check_headers(headers)

            check_content_type(status, headers)

            check_exc_info(exc_info)



            start_response_started.append(None)

            return WriteWrapper(start_response(*args))



        environ['wsgi.input'] = InputWrapper(environ['wsgi.input'])

        environ['wsgi.errors'] = ErrorWrapper(environ['wsgi.errors'])



        iterator = application(environ, start_response_wrapper)

        assert_(iterator is not None and iterator != False,

            "The application must return an iterator, if only an empty list")



        check_iterator(iterator)



        return IteratorWrapper(iterator, start_response_started)



    return lint_app



class InputWrapper:



    def __init__(self, wsgi_input):

        self.input = wsgi_input



    def read(self, *args):

        assert_(len(args) <= 1)

        v = self.input.read(*args)

        assert_(type(v) is type(""))

        return v



    def readline(self):

        v = self.input.readline()

        assert_(type(v) is type(""))

        return v



    def readlines(self, *args):

        assert_(len(args) <= 1)

        lines = self.input.readlines(*args)

        assert_(type(lines) is type([]))

        for line in lines:

            assert_(type(line) is type(""))

        return lines



    def __iter__(self):

        while 1:

            line = self.readline()

            if not line:

                return

            yield line



    def close(self):

        assert_(0, "input.close() must not be called")



class ErrorWrapper:



    def __init__(self, wsgi_errors):

        self.errors = wsgi_errors



    def write(self, s):

        assert_(type(s) is type(""))

        self.errors.write(s)



    def flush(self):

        self.errors.flush()



    def writelines(self, seq):

        for line in seq:

            self.write(line)



    def close(self):

        assert_(0, "errors.close() must not be called")



class WriteWrapper:



    def __init__(self, wsgi_writer):

        self.writer = wsgi_writer



    def __call__(self, s):

        assert_(type(s) is type(""))

        self.writer(s)



class PartialIteratorWrapper:



    def __init__(self, wsgi_iterator):

        self.iterator = wsgi_iterator



    def __iter__(self):

        # We want to make sure __iter__ is called

        return IteratorWrapper(self.iterator, None)



class IteratorWrapper:



    def __init__(self, wsgi_iterator, check_start_response):

        self.original_iterator = wsgi_iterator

        self.iterator = iter(wsgi_iterator)

        self.closed = False

        self.check_start_response = check_start_response



    def __iter__(self):

        return self



    def next(self):

        assert_(not self.closed,

            "Iterator read after closed")

        v = self.iterator.next()

        if self.check_start_response is not None:

            assert_(self.check_start_response,

                "The application returns and we started iterating over its body, but start_response has not yet been called")

            self.check_start_response = None

        return v



    def close(self):

        self.closed = True

        if hasattr(self.original_iterator, 'close'):

            self.original_iterator.close()



    def __del__(self):

        if not self.closed:

            sys.stderr.write(

                "Iterator garbage collected without being closed")

        assert_(self.closed,

            "Iterator garbage collected without being closed")



def check_environ(environ):

    assert_(type(environ) is DictType,

        "Environment is not of the right type: %r (environment: %r)"

        % (type(environ), environ))



    for key in ['REQUEST_METHOD', 'SERVER_NAME', 'SERVER_PORT',

                'wsgi.version', 'wsgi.input', 'wsgi.errors',

                'wsgi.multithread', 'wsgi.multiprocess',

                'wsgi.run_once']:

        assert_(key in environ,

            "Environment missing required key: %r" % (key,))



    for key in ['HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH']:

        assert_(key not in environ,

            "Environment should not have the key: %s "

            "(use %s instead)" % (key, key[5:]))



    if 'QUERY_STRING' not in environ:

        warnings.warn(

            'QUERY_STRING is not in the WSGI environment; the cgi '

            'module will use sys.argv when this variable is missing, '

            'so application errors are more likely',

            WSGIWarning)



    for key in environ.keys():

        if '.' in key:

            # Extension, we don't care about its type

            continue

        assert_(type(environ[key]) is StringType,

            "Environmental variable %s is not a string: %r (value: %r)"

            % (key, type(environ[key]), environ[key]))



    assert_(type(environ['wsgi.version']) is TupleType,

        "wsgi.version should be a tuple (%r)" % (environ['wsgi.version'],))

    assert_(environ['wsgi.url_scheme'] in ('http', 'https'),

        "wsgi.url_scheme unknown: %r" % environ['wsgi.url_scheme'])



    check_input(environ['wsgi.input'])

    check_errors(environ['wsgi.errors'])



    # @@: these need filling out:

    if environ['REQUEST_METHOD'] not in (

        'GET', 'HEAD', 'POST', 'OPTIONS','PUT','DELETE','TRACE'):

        warnings.warn(

            "Unknown REQUEST_METHOD: %r" % environ['REQUEST_METHOD'],

            WSGIWarning)



    assert_(not environ.get('SCRIPT_NAME')

            or environ['SCRIPT_NAME'].startswith('/'),

        "SCRIPT_NAME doesn't start with /: %r" % environ['SCRIPT_NAME'])

    assert_(not environ.get('PATH_INFO')

            or environ['PATH_INFO'].startswith('/'),

        "PATH_INFO doesn't start with /: %r" % environ['PATH_INFO'])

    if environ.get('CONTENT_LENGTH'):

        assert_(int(environ['CONTENT_LENGTH']) >= 0,

            "Invalid CONTENT_LENGTH: %r" % environ['CONTENT_LENGTH'])



    if not environ.get('SCRIPT_NAME'):

        assert_(environ.has_key('PATH_INFO'),

            "One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO "

            "should at least be '/' if SCRIPT_NAME is empty)")

    assert_(environ.get('SCRIPT_NAME') != '/',

        "SCRIPT_NAME cannot be '/'; it should instead be '', and "

        "PATH_INFO should be '/'")



def check_input(wsgi_input):

    for attr in ['read', 'readline', 'readlines', '__iter__']:

        assert_(hasattr(wsgi_input, attr),

            "wsgi.input (%r) doesn't have the attribute %s"

            % (wsgi_input, attr))



def check_errors(wsgi_errors):

    for attr in ['flush', 'write', 'writelines']:

        assert_(hasattr(wsgi_errors, attr),

            "wsgi.errors (%r) doesn't have the attribute %s"

            % (wsgi_errors, attr))



def check_status(status):

    assert_(type(status) is StringType,

        "Status must be a string (not %r)" % status)

    # Implicitly check that we can turn it into an integer:

    status_code = status.split(None, 1)[0]

    assert_(len(status_code) == 3,

        "Status codes must be three characters: %r" % status_code)

    status_int = int(status_code)

    assert_(status_int >= 100, "Status code is invalid: %r" % status_int)

    if len(status) < 4 or status[3] != ' ':

        warnings.warn(

            "The status string (%r) should be a three-digit integer "

            "followed by a single space and a status explanation"

            % status, WSGIWarning)



def check_headers(headers):

    assert_(type(headers) is ListType,

        "Headers (%r) must be of type list: %r"

        % (headers, type(headers)))

    header_names = {}

    for item in headers:

        assert_(type(item) is TupleType,

            "Individual headers (%r) must be of type tuple: %r"

            % (item, type(item)))

        assert_(len(item) == 2)

        name, value = item

        assert_(name.lower() != 'status',

            "The Status header cannot be used; it conflicts with CGI "

            "script, and HTTP status is not given through headers "

            "(value: %r)." % value)

        header_names[name.lower()] = None

        assert_('\n' not in name and ':' not in name,

            "Header names may not contain ':' or '\\n': %r" % name)

        assert_(header_re.search(name), "Bad header name: %r" % name)

        assert_(not name.endswith('-') and not name.endswith('_'),

            "Names may not end in '-' or '_': %r" % name)

        if bad_header_value_re.search(value):

            assert_(0, "Bad header value: %r (bad char: %r)"

            % (value, bad_header_value_re.search(value).group(0)))



def check_content_type(status, headers):

    code = int(status.split(None, 1)[0])

    # @@: need one more person to verify this interpretation of RFC 2616

    #     http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

    NO_MESSAGE_BODY = (204, 304)

    for name, value in headers:

        if name.lower() == 'content-type':

            if code not in NO_MESSAGE_BODY:

                return

            assert_(0, ("Content-Type header found in a %s response, "

                        "which must not return content.") % code)

    if code not in NO_MESSAGE_BODY:

        assert_(0, "No Content-Type header found in headers (%s)" % headers)



def check_exc_info(exc_info):

    assert_(exc_info is None or type(exc_info) is type(()),

        "exc_info (%r) is not a tuple: %r" % (exc_info, type(exc_info)))

    # More exc_info checks?



def check_iterator(iterator):

    # Technically a string is legal, which is why it's a really bad

    # idea, because it may cause the response to be returned

    # character-by-character

    assert_(not isinstance(iterator, str),

        "You should not return a string as your application iterator, "

        "instead return a single-item list containing that string.")

