Spaces:
Running
Running
| # PyFundaments: A Secure Python Architecture | |
| ##### v. 1.0.1 dev | |
| ## Description | |
| This project, named **PyFundaments**, provides a robust and secure Python architecture. Its core mission is not to be a monolithic framework, but to establish a layered, modular foundationβor "fundament"βof essential services. This structure ensures that every application starts on a verified and secure base, with a focus on stability, code clarity, and a security-first mindset from the ground up. | |
| > [!NOTE] | |
| > you must create your app/bot in app/* or you get an error! Than uncoment | |
| > ``` | |
| >from app.app import start_application | |
| >await start_application(fundaments) | |
| >``` | |
| > in main.py | |
| ----- | |
| ## Table of Contents | |
| - [Project Structure](#project-structure) | |
| - [The Role of `main.py`](#the-role-of-mainpy) | |
| - [Configuration (`.env`)](#configuration-env) | |
| - [Installation](#installation) | |
| - [Getting Started](#getting-started) | |
| - [Module Documentation](#module-documentation) | |
| - [Notes](#notes) | |
| ----- | |
| ## Project Structure | |
| ``` | |
| βββ main.py # run main! | |
| βββ README.md | |
| βββ requirements.txt | |
| βββ .gitignore | |
| βββ .env.example | |
| βββ app/ | |
| β βββ ... | |
| β βββ app.py # sandboxed app run! | |
| β βββ tools.py | |
| β βββ provider.py | |
| β βββ models.py | |
| β βββ db_sync.py | |
| βββ fundaments/ # do not touch! | |
| β βββ access_control.py | |
| β βββ config_handler.py | |
| β βββ encryption.py | |
| β βββ postgresql.py | |
| β βββ security.py | |
| β βββ user_handler.py | |
| βββ docs/ | |
| βββ access_control.py.md | |
| βββ encryption.py.md | |
| βββ postgresql.py.md | |
| βββ security.py.md | |
| βββ user_handler.py.md | |
| ``` | |
| ----- | |
| ## The Role of `main.py` | |
| `main.py` is the **only entry point** and acts as the first line of defense for the application. | |
| ### Responsibilities | |
| - [x] **Validate Dependencies**: It checks for all necessary core modules in `fundaments/` and exits immediately if any are missing. | |
| - [x] **Conditional Environment Loading**: It uses the `config_handler` to load available configuration variables and initializes only the services for which configuration is present. | |
| - [x] **Initialize Services**: It creates instances of available services (PostgreSQL, encryption, access control, user handling) based on environment configuration, collecting them into a single service dictionary. | |
| - [x] **Graceful Degradation**: Services that cannot be initialized are skipped with warnings, allowing applications to run with partial functionality. | |
| - [x] **Decouple App Logic**: It hands off the prepared and verified services to `app/app.py`, allowing the main application to focus purely on its business logic without worrying about low-level setup. | |
| ----- | |
| ## Configuration (`.env`) | |
| Application settings are managed using a `.env` file. **Never commit this file to version control.** | |
| The framework uses **conditional loading** - only services with available configuration are initialized. This allows different application types to use only what they need. | |
| A `.env.example` file is provided to show available variables. Create a copy named `.env` and configure only what your application requires. | |
| ### Core Configuration (Optional based on app type) | |
| ```text | |
| # Database connection (required only for database-using apps) | |
| DATABASE_URL="postgresql://user:password@host:port/database?sslmode=require" | |
| # Encryption keys (required only for apps using encryption) | |
| MASTER_ENCRYPTION_KEY="your_256_bit_key_here" | |
| PERSISTENT_ENCRYPTION_SALT="your_unique_salt_here" | |
| # Logging configuration (optional) | |
| LOG_LEVEL="INFO" | |
| LOG_TO_TMP="false" | |
| ENABLE_PUBLIC_LOGS="true" | |
| ``` | |
| ### Application Examples | |
| **Discord Bot:** Only needs `BOT_TOKEN`, no database or encryption required. | |
| **ML Pipeline:** Only needs `DATABASE_URL` for data access. | |
| **Web Application:** May need all services for full functionality. | |
| ----- | |
| ## Installation | |
| ```bash | |
| pip install -r requirements.txt | |
| ``` | |
| ----- | |
| ## Getting Started | |
| 1. **Configure**: Create your `.env` file from the `.env.example` and set only the variables your application type requires. | |
| 2. **Run**: Execute the `main.py` script to start the application. | |
| ```bash | |
| python main.py | |
| ``` | |
| The framework will automatically detect available configuration and load only the necessary services. | |
| ----- | |
| ## Module Documentation | |
| Each security-relevant core module is documented in the `docs/` directory: | |
| | Module | Description | Documentation | | |
| | ------------------- | ---------------------------------------- | -------------------------------------------------| | |
| | `access_control.py` | Role-based access management | [access\_control.py.md](docs/access_control.py.md)| | |
| | `config_handler.py` | Universal configuration loader | [config\_handler.py.md](docs/config_handler.py.md)| | |
| | `encryption.py` | Cryptographic routines | [encryption.py.md](docs/encryption.py.md) | | |
| | `postgresql.py` | Secure, asynchronous database access | [postgresql.py.md](docs/postgresql.py.md) | | |
| | `user_handler.py` | Authentication and identity management | [user\_handler.py.md](docs/user_handler.py.md) | | |
| | `security.py` | Central security orchestration layer | [security.py.md](docs/security.py.md) | | |
| ----- | |
| ## License | |
| This project is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0). | |
| ### Section 4: Additional Restrictions and Ethical Use Policy | |
| This project is released under the permissive Apache 2.0 License, which is intended to provide broad freedom for use and modification. | |
| However, in the interest of fostering a safe and responsible community, we include the following **mandatory ethical use restrictions**: | |
| Use of this project (or derivatives) is **strictly prohibited** for purposes that: | |
| - **Promote Hatred or Discrimination** | |
| Includes hate speech, incitement to violence, or discrimination based on race, religion, gender, orientation, etc. | |
| - **Facilitate Illegal Activities** | |
| Use to conduct or support criminal activity is forbidden. | |
| - **Spread Malicious Content** | |
| This includes pornography, malware, spyware, or other harmful payloads. | |
| We believe that freedom in development must be coupled with responsibility. | |
| **Violation of these terms constitutes a breach of license and will trigger takedown actions** including legal and technical responses. | |
| *Volkan KΓΌcΓΌkbudak* | |
| ----- | |
| ## Credits | |
| - Developed and maintained by the PyFundaments project. | |
| - Core components inspired by best practices in modular app architecture and OWASP security principles. | |
| - Third-party libraries are credited in their respective module docs and comply with open-source terms. | |
| ----- | |
| ## Notes | |
| Security-first by design. | |
| If one piece is missing or unsafe β the app does not run. | |
| Zero tolerance for guesswork. | |
| > Give a β if you find the structure helpful. | |
| ## Changelog | |
| ###### Version 1.0.0 -> 1.0.1 | |
| ### PyFundaments Refactoring | |
| #### Modified Files | |
| **1. main.py - Conditional Service Loading** | |
| - **Added:** Environment-based conditional service initialization | |
| - **Added:** Graceful fallback when services can't be initialized (warning instead of crash) | |
| - **Added:** Conditional logging configuration (LOG_LEVEL, LOG_TO_TMP, ENABLE_PUBLIC_LOGS) | |
| - **Added:** Smart dependency management (access_control & user_handler only load if database available) | |
| - **Added:** Safe shutdown (only close DB pool if it was initialized) | |
| - **Result:** Framework now supports partial service loading for different app types | |
| **2. app/app.py - Proper Service Injection** | |
| - **Removed:** Direct service imports and instantiation | |
| - **Added:** Services received as parameter from main.py | |
| - **Modified:** start_application() now takes fundaments dictionary as parameter | |
| - **Added:** Conditional service usage based on what main.py provides | |
| - **Added:** Examples for different app types (database-only, database-free modes) | |
| - **Result:** Clean separation - main.py handles initialization, app.py uses services | |
| **3. fundaments/config_handler.py - Universal Configuration Loader** | |
| - **Removed:** REQUIRED_KEYS validation (moved to main.py) | |
| - **Modified:** Now loads ALL environment variables without validation | |
| - **Added:** Helper methods: get_bool(), get_int(), has(), get_all() | |
| - **Added:** Safe defaults and type conversion | |
| - **Result:** Config handler never needs updates, works with any ENV variables | |
| **4. .env.example - Conditional Configuration Template** | |
| - **Added:** Clear separation between core and optional dependencies | |
| - **Added:** Logging configuration options | |
| - **Added:** App-specific configuration examples (Discord, ML, Web) | |
| - **Added:** Comments explaining when to use each option | |
| - **Result:** Users only configure what they need, no unused variables | |
| #### Architecture Improvements | |
| - **Conditional Loading:** Framework only loads needed services based on available ENV vars | |
| - **Merge-Safe Structure:** User code (app/, config_handler.py) protected from framework updates | |
| - **Zero Breaking Changes:** Updates only affect fundaments/ directory | |
| - **Enterprise-Level Merging:** Community can safely pull framework updates</document_content></document> | |