* allow gunicorn worker to be disabled
* allow gunicorn worker to be disabled
* rewrite the command
---------
Co-authored-by: Khaleel Al-Adhami <khaleel.aladhami@gmail.com>
* add a config variable to add extra overlay components
* add integration test
* Apply suggestions from code review
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* add the watermark class
* remove shortcut exposing badge publicly for now
* Rename as "sticky" because "watermark" has a negative connotation
* Add config `show_built_with_reflex`
This config option is available for authenticated users on various plan tiers
* py3.11 compatible f-string
* sticky badge inherit from A instead of using on_click/redirect
* fix integration test
* Move export checking logic to reflex CLI
* rx.logo: make it accessible to screen readers
Add role="img" aria_label="Reflex" and title="Reflex".
* Hide the built with reflex badge for localhost
* Revert "fix integration test"
This reverts commit a978684d70.
* experimental: do not show warning for internal imports
Only show experimental feature warnings when accessing the names through the
rx._x namespace.
If reflex internally imports the names via deep imports, then this bypasses the
warning to avoid showing it to users that have no control over how the
framework uses experimental features.
* add help link for show_built_with_reflex option
* pre-commit fixes
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* add backend disabled dialog
* pyi that guy
* pyi the other guy
* extend test_connection_banner to also test the cloud banner
* oops, need asyncio _inside_ the app
* Update reflex/components/core/banner.py
Co-authored-by: Masen Furer <m_github@0x26.net>
* use universal cookies
* fix pre-commit
* revert universal cookie 🍪
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* add more type annotations through the code
* add typing in reflex/utils
* misc typing
* more typings
* state typing
* keep typing
* typing init and utils
* more typing for components
* fix attempt for 3.9
* need more __future
* more typings
* type event plz
* type model
* type vars/base.py
* enable 'ANN001' for reflex folder (ignore tests and benchmarks)
* fix pyi
* add missing annotations
* use more precise error when ignoring
* Allow custom app module in rxconfig
* what was that pyscopg mess?
* fix another mess
* get this working with relative imports and hot reload
* typing to named tuple
* minor refactor
* revert redis knobs positions
* fix pyright except 1
* fix pyright hopefully
* use the resolved module path
* testing workflow
* move nba-proxy job to counter job
* just cast the type
* fix tests for python 3.9
* darglint
* CR Suggestions for #4556 (#4644)
* reload_dirs: search up from app_module for last directory containing __init__
* Change custom app_module to use an import string
* preserve sys.path entries added while loading rxconfig.py
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* Proxy backend requests on '/' to the frontend
If the optional extra `proxy` is installed, then the backend can handle all
requests by proxy unrecognized routes to the frontend nextjs server.
* Update lock file
* pre-commit fu
* AppHarness: set config frontend_port and backend_port
* integration: frontend port and backend port should return the same content
with proxying enabled by default in dev mode, both frontend and backend ports
on / should return the same content.
* Retry up to 100 times when proxying to frontend
* Reduce retry attempts to 25
Fix log level passing to subprocess
* scripts/wait_for_listening_port: primarily check HTTP responses
if the port is up or not, we don't really care... the HTTP request needs to
work and not return errors
* aiohttp is an optional dep
* adapt integration.sh for --backend-only (counter integration test)
* woops
* windows WTF?
* scratching my head 🎄
* double WTF windows
* Fix remaining integration tests
* Throw warnings when Redis lock is held for more than the allowed threshold
* initial tests
* fix tests and address comments
* fix tests fr, and use pydantic validators
* darglint fix
* increase lock expiration in tests to 2500
* remove print statement
---------
Co-authored-by: Khaleel Al-Adhami <khaleel.aladhami@gmail.com>
* Reuse the sqlalchemy engine once it's created
* Implement `rx.asession` for async database support
Requires setting `async_db_url` to the same database as `db_url`, except using
an async driver; this will vary by database.
* resolve the url first, so the key into _ENGINE is correct
* Ping db connections before returning them from pool
Move connect engine kwargs to a separate function
* the param is `echo`
* sanity check that config db_url and async_db_url are the same
throw a warning if the part following the `://` differs between these two
* create_async_engine: use sqlalchemy async API
update types
* redact ASYNC_DB_URL similarly to DB_URL when overridden in config
* update rx.asession docstring
* use async_sessionmaker
* Redact sensitive env vars instead of hiding them
* fix and test bug in config env loading
* streamline env var interpretation with @adhami3310
* improve error messages, fix invalid value for TELEMETRY_ENABLED
* just a small hint
* ruffing
* fix typo from review
* refactor - ruff broke the imports..
* cleanup imports
* more
* add internal and enum env var support
* ruff cleanup
* more global imports
* revert telemetry, it lives in rx.Config
* minor fixes/cleanup
* i missed some refs
* fix darglint
* reload config is internal
* fix EnvVar name
* add test for EnvVar + minor typing improvement
* bool tests
* was this broken?
* retain old behavior
* migrate APP_HARNESS_HEADLESS to new env var system
* migrate more APP_HARNESS env vars to new config system
* migrate SCREENSHOT_DIR to new env var system
* refactor EnvVar.get to be a method
* readd deleted functions and deprecate them
* improve EnvVar api, cleanup RELOAD_CONFIG question
* move is_prod_mode back to where it was
* add existing path subclass for env checks
* use the power of dataclasses
* use metaclass
* fake the class name
* use annotated
* use flag instead of dict
* dang it darglint
* cleanups
* fix and test bug in config env loading
* streamline env var interpretation with @adhami3310
* improve error messages, fix invalid value for TELEMETRY_ENABLED
* just a small hint
* ruffing
* fix typo from review
* move all environment variables to the same place
* reorder things around
* move more variables to environment
* remove cyclical imports
* forgot default value for field
* for some reason type hints aren't being interpreted
* put the field type *before* not after
* make it get
* move a bit more
* add more fields
* move reflex dir
* add return
* put things somewhere else
* add custom error
* use pathlib as much as possible
* fixstuff
* break locally to unbreak in CI 🤷
* add type on env
* debug attempt 1
* debugged
* oops, there is the actual fix
* fix 3.9 compat
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* add more tests
* add tests to raise coverage
* more tests, bump coverage to 73
* fix up icon_button test
* fix darglint for app.py
* fix utcnow usage warning
* set threshold to 72
* fix timestamp
* fix unit tests for linux-redis
* removed commented code and put a TODO
* Remove upper bounds of most dependencies.
Also adds a import try except block for pydantic.v1 and relocks.
Keep black and ruff to not mess to much with current formatting
Make pyright see the right import as long as constraint still lock pydantiv v1
Down pin pytest-asyncio again due to known issue
Fix upload handler with latest versions of fastapi
Change comment
* Add changed lockfile
* Set max versions for deps
* Revert app.pyi
---------
Co-authored-by: Malte Klemm <malte.klemm@blueyonder.com>
Co-authored-by: Nikhil Rao <nikhil@reflex.dev>
* rebase
* pass include_children kwarg in radix FormRoot
* respect include_children
* ruff fixes
* readd statemanager init, run pyi gen
* minor performance imporovements, fix for state changes
* fix pyi and pyright
* pass include_children for chakra
* remove old state detection
* add test for unused states in stateless app
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
