apifrom.security.hsts
=====================


HTTP Strict Transport Security (HSTS) implementation for APIFromAnything.

This module provides utilities for implementing HSTS preloading to ensure
that browsers always use HTTPS for your API.



.. py:currentmodule:: apifrom.security.hsts

Overview
--------

**Classes**

* :py:class:`BaseMiddleware`
* :py:class:`HSTSMiddleware`
* :py:class:`HSTSPreloadChecker`
* :py:class:`Request`
* :py:class:`Response`






Classes
-------

.. py:class:: BaseMiddleware(**options):bases: abc.ABC


Base middleware class for APIFromAnything.

   This abstract class defines the interface for middleware components.
   Middleware components can process requests and responses.

   .. attribute:: options

      Options for the middleware.

      :type: dict

   Initialize a new BaseMiddleware instance.

   :param \*\*options: Options for the middleware.














.. py:class:: HSTSMiddleware(max_age = 31536000, include_subdomains = True, preload = False, force_https_redirect = True, exempt_paths = None):bases: apifrom.middleware.base.BaseMiddleware


Middleware for implementing HTTP Strict Transport Security (HSTS).

   This middleware adds the Strict-Transport-Security header to responses
   to instruct browsers to only use HTTPS for your API.

   Initialize the HSTS middleware.

   :param max_age: The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS
   :param include_subdomains: Whether the HSTS policy applies to all subdomains
   :param preload: Whether to include the site in the HSTS preload list
   :param force_https_redirect: Whether to redirect HTTP requests to HTTPS
   :param exempt_paths: Paths exempt from HSTS




.. :: exempt_paths




.. :: force_https_redirect




.. :: include_subdomains




.. :: max_age






.. :: preload







.. method:: _add_hsts_header(response)

   Add the Strict-Transport-Security header to a response.

      :param response: The response to add the header to



.. method:: _build_hsts_header()

   Build the Strict-Transport-Security header value.

      :returns: The header value



.. method:: _get_https_redirect_url(request)

   Get the HTTPS redirect URL for a request.

      :param request: The request to redirect

      :returns: The HTTPS redirect URL



.. method:: _is_exempt(request)

   Check if a request is exempt from HSTS.

      :param request: The request to check

      :returns: True if the request is exempt, False otherwise



.. method:: _is_https(request)

   Check if a request is using HTTPS.

      :param request: The request to check

      :returns: True if the request is using HTTPS, False otherwise



.. method:: process_request(request)
      :async:

   Process a request through the HSTS middleware.

      :param request: The request to process

      :returns: The processed request



.. method:: process_response(response)
      :async:

   Process a response through the HSTS middleware.

      :param response: The response to process

      :returns: The processed response




.. py:class:: HSTSPreloadChecker

Utility for checking if a domain is eligible for HSTS preloading.

   This class provides methods to check if a domain meets the requirements
   for inclusion in the HSTS preload list.



.. method:: check_eligibility(domain, hsts_header, has_valid_certificate = True, all_subdomains_https = False, redirect_to_https = True)
      :staticmethod:

   Check if a domain is eligible for HSTS preloading.

      :param domain: The domain to check
      :param hsts_header: The Strict-Transport-Security header value
      :param has_valid_certificate: Whether the domain has a valid SSL/TLS certificate
      :param all_subdomains_https: Whether all subdomains support HTTPS
      :param redirect_to_https: Whether the domain redirects HTTP to HTTPS

      :returns: A dictionary with the eligibility status and any issues



.. method:: get_submission_instructions(domain)
      :staticmethod:

   Get instructions for submitting a domain to the HSTS preload list.

      :param domain: The domain to submit

      :returns: Instructions for submitting the domain




.. py:class:: Request(request = None, path_params = None, method = None, path = None, query_params = None, headers = None, body = None, client_ip = None)

Request class for APIFromAnything.

   This class wraps a Starlette request and provides methods for accessing
   request data in a convenient way.

   .. attribute:: _request

      The underlying Starlette request.

   .. attribute:: path_params

      Path parameters extracted from the URL.

   .. attribute:: query_params

      Query parameters extracted from the URL.

   .. attribute:: headers

      HTTP headers.

   .. attribute:: method

      HTTP method.

   .. attribute:: path

      Request path.

   .. attribute:: _body

      Cached request body.

   Initialize a new Request instance.

   :param request: The underlying Starlette request.
   :param path_params: Path parameters extracted from the URL.
   :param method: The HTTP method.
   :param path: The request path.
   :param query_params: Query parameters.
   :param headers: HTTP headers.
   :param body: Request body.
   :param client_ip: Client IP address.


















.. py:class:: Response(content = None, status_code = 200, headers = None, content_type = 'application/json')

Response class for APIFromAnything.

   This class represents an HTTP response and provides methods for setting
   response data, status code, and headers.

   .. attribute:: content

      The response content.

   .. attribute:: status_code

      The HTTP status code.

   .. attribute:: headers

      HTTP headers.

   .. attribute:: content_type

      The content type of the response.

   Initialize a new Response instance.

   :param content: The response content.
   :param status_code: The HTTP status code.
   :param headers: HTTP headers.
   :param content_type: The content type of the response.