Spaces:
Running
Running
File size: 9,361 Bytes
3060aa0 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 | # PyFundaments: A Secure Python Architecture
##### v. 1.0.1 dev
## Description
This project, named **PyFundaments**, provides a robust and secure Python architecture. Its core mission is not to be a monolithic framework, but to establish a layered, modular foundationβor "fundament"βof essential services. This structure ensures that every application starts on a verified and secure base, with a focus on stability, code clarity, and a security-first mindset from the ground up.
> [!NOTE]
> you must create your app/bot in app/* or you get an error! Than uncoment
> ```
>from app.app import start_application
>await start_application(fundaments)
>```
> in main.py
-----
## Table of Contents
- [Project Structure](#project-structure)
- [The Role of `main.py`](#the-role-of-mainpy)
- [Configuration (`.env`)](#configuration-env)
- [Installation](#installation)
- [Getting Started](#getting-started)
- [Module Documentation](#module-documentation)
- [Notes](#notes)
-----
## Project Structure
```
βββ main.py # run main!
βββ README.md
βββ requirements.txt
βββ .gitignore
βββ .env.example
βββ app/
β βββ ...
β βββ app.py # sandboxed app run!
β βββ tools.py
β βββ provider.py
β βββ models.py
β βββ db_sync.py
βββ fundaments/ # do not touch!
β βββ access_control.py
β βββ config_handler.py
β βββ encryption.py
β βββ postgresql.py
β βββ security.py
β βββ user_handler.py
βββ docs/
βββ access_control.py.md
βββ encryption.py.md
βββ postgresql.py.md
βββ security.py.md
βββ user_handler.py.md
```
-----
## The Role of `main.py`
`main.py` is the **only entry point** and acts as the first line of defense for the application.
### Responsibilities
- [x] **Validate Dependencies**: It checks for all necessary core modules in `fundaments/` and exits immediately if any are missing.
- [x] **Conditional Environment Loading**: It uses the `config_handler` to load available configuration variables and initializes only the services for which configuration is present.
- [x] **Initialize Services**: It creates instances of available services (PostgreSQL, encryption, access control, user handling) based on environment configuration, collecting them into a single service dictionary.
- [x] **Graceful Degradation**: Services that cannot be initialized are skipped with warnings, allowing applications to run with partial functionality.
- [x] **Decouple App Logic**: It hands off the prepared and verified services to `app/app.py`, allowing the main application to focus purely on its business logic without worrying about low-level setup.
-----
## Configuration (`.env`)
Application settings are managed using a `.env` file. **Never commit this file to version control.**
The framework uses **conditional loading** - only services with available configuration are initialized. This allows different application types to use only what they need.
A `.env.example` file is provided to show available variables. Create a copy named `.env` and configure only what your application requires.
### Core Configuration (Optional based on app type)
```text
# Database connection (required only for database-using apps)
DATABASE_URL="postgresql://user:password@host:port/database?sslmode=require"
# Encryption keys (required only for apps using encryption)
MASTER_ENCRYPTION_KEY="your_256_bit_key_here"
PERSISTENT_ENCRYPTION_SALT="your_unique_salt_here"
# Logging configuration (optional)
LOG_LEVEL="INFO"
LOG_TO_TMP="false"
ENABLE_PUBLIC_LOGS="true"
```
### Application Examples
**Discord Bot:** Only needs `BOT_TOKEN`, no database or encryption required.
**ML Pipeline:** Only needs `DATABASE_URL` for data access.
**Web Application:** May need all services for full functionality.
-----
## Installation
```bash
pip install -r requirements.txt
```
-----
## Getting Started
1. **Configure**: Create your `.env` file from the `.env.example` and set only the variables your application type requires.
2. **Run**: Execute the `main.py` script to start the application.
```bash
python main.py
```
The framework will automatically detect available configuration and load only the necessary services.
-----
## Module Documentation
Each security-relevant core module is documented in the `docs/` directory:
| Module | Description | Documentation |
| ------------------- | ---------------------------------------- | -------------------------------------------------|
| `access_control.py` | Role-based access management | [access\_control.py.md](docs/access_control.py.md)|
| `config_handler.py` | Universal configuration loader | [config\_handler.py.md](docs/config_handler.py.md)|
| `encryption.py` | Cryptographic routines | [encryption.py.md](docs/encryption.py.md) |
| `postgresql.py` | Secure, asynchronous database access | [postgresql.py.md](docs/postgresql.py.md) |
| `user_handler.py` | Authentication and identity management | [user\_handler.py.md](docs/user_handler.py.md) |
| `security.py` | Central security orchestration layer | [security.py.md](docs/security.py.md) |
-----
## License
This project is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0).
### Section 4: Additional Restrictions and Ethical Use Policy
This project is released under the permissive Apache 2.0 License, which is intended to provide broad freedom for use and modification.
However, in the interest of fostering a safe and responsible community, we include the following **mandatory ethical use restrictions**:
Use of this project (or derivatives) is **strictly prohibited** for purposes that:
- **Promote Hatred or Discrimination**
Includes hate speech, incitement to violence, or discrimination based on race, religion, gender, orientation, etc.
- **Facilitate Illegal Activities**
Use to conduct or support criminal activity is forbidden.
- **Spread Malicious Content**
This includes pornography, malware, spyware, or other harmful payloads.
We believe that freedom in development must be coupled with responsibility.
**Violation of these terms constitutes a breach of license and will trigger takedown actions** including legal and technical responses.
*Volkan KΓΌcΓΌkbudak*
-----
## Credits
- Developed and maintained by the PyFundaments project.
- Core components inspired by best practices in modular app architecture and OWASP security principles.
- Third-party libraries are credited in their respective module docs and comply with open-source terms.
-----
## Notes
Security-first by design.
If one piece is missing or unsafe β the app does not run.
Zero tolerance for guesswork.
> Give a β if you find the structure helpful.
## Changelog
###### Version 1.0.0 -> 1.0.1
### PyFundaments Refactoring
#### Modified Files
**1. main.py - Conditional Service Loading**
- **Added:** Environment-based conditional service initialization
- **Added:** Graceful fallback when services can't be initialized (warning instead of crash)
- **Added:** Conditional logging configuration (LOG_LEVEL, LOG_TO_TMP, ENABLE_PUBLIC_LOGS)
- **Added:** Smart dependency management (access_control & user_handler only load if database available)
- **Added:** Safe shutdown (only close DB pool if it was initialized)
- **Result:** Framework now supports partial service loading for different app types
**2. app/app.py - Proper Service Injection**
- **Removed:** Direct service imports and instantiation
- **Added:** Services received as parameter from main.py
- **Modified:** start_application() now takes fundaments dictionary as parameter
- **Added:** Conditional service usage based on what main.py provides
- **Added:** Examples for different app types (database-only, database-free modes)
- **Result:** Clean separation - main.py handles initialization, app.py uses services
**3. fundaments/config_handler.py - Universal Configuration Loader**
- **Removed:** REQUIRED_KEYS validation (moved to main.py)
- **Modified:** Now loads ALL environment variables without validation
- **Added:** Helper methods: get_bool(), get_int(), has(), get_all()
- **Added:** Safe defaults and type conversion
- **Result:** Config handler never needs updates, works with any ENV variables
**4. .env.example - Conditional Configuration Template**
- **Added:** Clear separation between core and optional dependencies
- **Added:** Logging configuration options
- **Added:** App-specific configuration examples (Discord, ML, Web)
- **Added:** Comments explaining when to use each option
- **Result:** Users only configure what they need, no unused variables
#### Architecture Improvements
- **Conditional Loading:** Framework only loads needed services based on available ENV vars
- **Merge-Safe Structure:** User code (app/, config_handler.py) protected from framework updates
- **Zero Breaking Changes:** Updates only affect fundaments/ directory
- **Enterprise-Level Merging:** Community can safely pull framework updates</document_content></document>
|