fix(web): create_app() boots without the security extra (v26.06.06)#32
Merged
Merged
Conversation
Both web adapters (starlette + fastapi) collected OAuth2 login routes during create_app() via an unconditional `from pyfly.security.oauth2.login import OAuth2LoginHandler`. That module imports pyjwt at load, so a pyfly[web]-only install (what `pyfly new --archetype web-api|fastapi-api` generates) crashed at app-build time with ModuleNotFoundError: No module named 'jwt'. The import is now lazy + guarded (try/except ImportError): web-only services boot, and OAuth2 login routes still mount when pyfly[security] is installed and an OAuth2LoginHandler bean is registered. Adds tests/web/test_web_only_boot.py (starlette + fastapi). Verified end-to-end: a true pyfly[web]-only scaffold now boots and serves /health, /todos CRUD, and /docs. Gates: ruff + ruff format + mypy --strict (src/pyfly/web) clean; full suite 3617 passed, 1 skipped.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Both web adapters (
pyfly.web.adapters.starletteandpyfly.web.adapters.fastapi) collected OAuth2 login routes duringcreate_app()via an unconditional import:That module imports
pyjwtat load time. So apyfly[web]-only install (nopyfly[security]) — exactly whatpyfly new --archetype web-api/fastapi-apigenerates — crashed at app-build time with:Fix
Make the import lazy and guarded (
try/except ImportError, matching the repo's existing optional-dependency idiom inpyfly.observability). When the security extra is absent there can be noOAuth2LoginHandlerbean anyway, so the route loop is simply skipped; whenpyfly[security]is installed, OAuth2 login routes still mount.Fixed in both adapters (Starlette
app.py:_collect_context_routes, FastAPIapp.py:_install_context_routes).Tests
tests/web/test_web_only_boot.py(both adapters) — simulates apyfly[web]-only install and assertscreate_app()boots and serves. Verified it fails without the fix (ModuleNotFoundError: import of pyfly.security.oauth2.login halted) and passes with it.End-to-end verification
A true
pyfly[web]-only install (pyjwt present: False) →pyfly new order-api --archetype web-api→ boot →GET /health/→200 {"status":"UP"},POST/GET /todos/→201/200,/docs→200.Gates
ruff✓ ·ruff format✓ ·mypy --strict(src/pyfly/web) ✓ · full suite 3617 passed, 1 skipped.Bumps
v26.06.05 → v26.06.06(pyproject /__init__/ README), adds CHANGELOG entry, syncsuv.lock.