# Geofence Validator

[](https://pypi.org/project/geofence-validator/)
[](https://opensource.org/licenses/MIT)
[](https://github.com/SunK3R/geofence-validator)
[](https://github.com/SunK3R/geofence-validator)
**A zero-dependency, deterministic, and high-performance Python library for IP-based geofence validation.**
---
## Table of Contents
- [Philosophy](#philosophy)
- [Key Features](#key-features)
- [Installation](#installation)
- [Quickstart: 5-Minute Example](#quickstart-5-minute-example)
- [High-Performance Usage: The `Validator` Class](#high-performance-usage-the-validator-class)
- [Why Use the `Validator` Class?](#why-use-the-validator-class)
- [Example](#example)
- [Handling Failures: The Error Hierarchy](#handling-failures-the-error-hierarchy)
- [Catching Specific Input Errors](#catching-specific-input-errors)
- [Catching Categories of Errors](#catching-categories-of-errors)
- [Catching Any Library Error](#catching-any-library-error)
- [Command-Line Interface (CLI)](#command-line-interface-cli)
- [Basic Checks](#basic-checks)
- [Enabling Verbose Logging](#enabling-verbose-logging)
- [Using a Custom Data File](#using-a-custom-data-file)
- [Architectural Deep Dive](#architectural-deep-dive)
- [The Components](#the-components)
- [Performance & Memory Considerations](#performance--memory-considerations)
- [Thread Safety](#thread-safety)
- [Contributing](#contributing)
- [Setting Up the Development Environment](#setting-up-the-development-environment)
- [Running Tests](#running-tests)
- [Updating the GeoIP Data](#updating-the-geoip-data)
- [API Reference](#api-reference)
- [Primary Interface (`geofence_validator`)](#primary-interface-geofence_validator)
- [Custom Exceptions (`geofence_validator.errors`)](#custom-exceptions-geofence_validatoreerrors)
- [Acknowledgements](#acknowledgements)
- [License](#license)
## Philosophy
Geofencing isn't about complex firewalls or magical APIs. It's about enforcing boundary logic with **clarity, testability, and deterministic precision.** This library was built from the ground up to embody these principles.
Most geofencing tools either rely on external API calls, introducing network latency and failure points, or they use complex binary database formats that require specific C-bindings. `geofence-validator` takes a different approach: it is a pure Python, zero-dependency library that bundles its own data, providing zero-latency lookups with completely predictable behavior.
Every design decision was made to serve a single purpose: to give developers a tool that is **trustworthy, transparent, and trivial to integrate.**
## Key Features
- **Zero Dependencies:** `pip install geofence-validator` is all you need. No hidden system requirements, no C-bindings, just pure Python.
- **High-Performance:** By pre-loading a compiled dataset into memory, the `Validator` class can perform millions of checks per second with zero I/O or network latency.
- **Comprehensive Bundled Data:** Ships with a complete and up-to-date GeoLite2 Country database, ready to use out-of-the-box. (See [Updating the GeoIP Data](#updating-the-geoip-data) for how to refresh it).
- **Whitelist & Blacklist Policies:** Supports both common geofencing strategies with clear, unambiguous rules.
- **Deterministic Logic:** The handling of unknown or unresolvable IP addresses is explicitly defined and tested, eliminating surprises.
- **Extensible:** Provides a clean `Resolver` interface for advanced users who wish to supply their own IP data source.
- **Robust Error Handling:** A rich hierarchy of custom exceptions allows for fine-grained, predictable error handling.
- **Developer-Friendly Debugging:** An optional, rich-powered logger can be enabled with a single command to provide beautiful, colorized diagnostic output.
- **Feature-Rich CLI:** Includes a powerful command-line interface for quick checks, diagnostics, and testing.
## Installation
The library requires Python 3.9 or newer.
```bash
pip install geofence-validator
```
For an enhanced developer experience with beautifully formatted debug logs, you can install the optional `rich` dependency:
```bash
pip install "geofence-validator[rich]"
```
## Quickstart: 5-Minute Example
For simple, one-off checks, the `is_ip_allowed` function provides a straightforward interface.
```python
from geofence_validator import is_ip_allowed
from geofence_validator.errors import GeofenceError
# Define a whitelist policy for the US and Canada
ALLOWED_COUNTRIES = {"US", "CA"}
# --- Test Cases ---
google_dns_ip = "8.8.8.8" # Located in the US
german_ip = "78.46.10.20" # Located in Germany
private_ip = "192.168.1.1" # Non-public IP
try:
# Check 1: An IP that should be allowed
is_google_allowed = is_ip_allowed(google_dns_ip, "whitelist", ALLOWED_COUNTRIES)
print(f"Check for {google_dns_ip}: {'Allowed' if is_google_allowed else 'Denied'}")
# Expected: Check for 8.8.8.8: Allowed
# Check 2: An IP that should be denied
is_german_ip_allowed = is_ip_allowed(german_ip, "whitelist", ALLOWED_COUNTRIES)
print(f"Check for {german_ip}: {'Allowed' if is_german_ip_allowed else 'Denied'}")
# Expected: Check for 78.46.10.20: Denied
# Check 3: This will raise an error because the IP is not a public, geolocatable address
is_ip_allowed(private_ip, "whitelist", ALLOWED_COUNTRIES)
except GeofenceError as e:
print(f"\nA predictable error occurred: {e}")
# Expected: A predictable error occurred: The IP address '192.168.1.1' is a non-public address (private (RFC 1918)) and cannot be geolocated.
```
## High-Performance Usage: The `Validator` Class
### Why Use the `Validator` Class?
The `is_ip_allowed` function is convenient, but it recreates a policy object on every single call. For any application performing more than one check (e.g., a web server middleware, a data processing pipeline), this is inefficient.
The `Validator` class is the high-performance engine of the library. You instantiate it **once** with your desired policy and country set. This object pre-compiles the policy logic. Subsequent calls to its `.check()` method are extremely fast, as they involve no object creation.
### Example
```python
import time
from geofence_validator import Validator
# 1. Create a validator instance ONCE at application startup.
# This is the "expensive" step that loads and prepares everything.
print("Initializing validator...")
uk_de_blacklist = Validator(
policy_rule="blacklist",
countries={"UK", "DE"}
)
print("Validator ready.")
ips_to_check = [
"8.8.8.8", # US -> Allowed
"212.58.224.1", # GB -> Allowed
"78.46.10.20", # DE -> Denied
"1.1.1.1", # AU -> Allowed
]
# 2. Use the same instance repeatedly in your application's hot path.
# These checks are extremely fast.
for ip in ips_to_check:
is_allowed = uk_de_blacklist.check(ip)
print(f"IP {ip} is {'Allowed' if is_allowed else 'Denied'}")
```
## Handling Failures: The Error Hierarchy
A core design principle of this library is that **failures should be predictable and actionable.** All custom exceptions inherit from a common base class, `GeofenceError`, and are organized into a clear hierarchy. This allows you to handle errors with the exact level of granularity you need.
### Catching Specific Input Errors
If you want to handle a specific type of bad input, such as a malformed IP address, you can catch the specific exception. This is useful for returning precise error messages to an end-user (e.g., in an API response).
```python
from geofence_validator import Validator
from geofence_validator.errors import InvalidIPAddressError
validator = Validator("whitelist", {"US"})
try:
validator.check("not-a-real-ip")
except InvalidIPAddressError as e:
# This block will execute
print(f"Error: The provided input '{e.invalid_ip}' is not a valid IP address.")
# You could return a HTTP 400 Bad Request here.
```
### Catching Categories of Errors
If you want to handle any type of input validation failure without distinguishing between them, you can catch the parent `ValidationError`.
```python
from geofence_validator import Validator
from geofence_validator.errors import ValidationError
validator = Validator("whitelist", {"US"})
ips_to_test = ["127.0.0.1", "bad-ip-string"]
for ip in ips_to_test:
try:
validator.check(ip)
except ValidationError as e:
# This block will catch both InvalidIPAddressError and NonPublicIPAddressError
print(f"Input validation failed for '{ip}': {e}")
```
### Catching Any Library Error
For general-purpose logging or a top-level fallback, you can simply catch the base `GeofenceError`. This guarantees you will handle any predictable error originating from this library without accidentally catching unrelated exceptions from other parts of your code.
```python
from geofence_validator import Validator
from geofence_validator.errors import GeofenceError
validator = Validator("whitelist", {"US"})
try:
# This could fail for any number of reasons
validator.check("...")
except GeofenceError as e:
# Log the library-specific error and continue
print(f"A geofence-validator error occurred: {e}")
```
## Command-Line Interface (CLI)
The library includes a powerful CLI for quick checks and diagnostics, executable via `python -m geofence_validator`.
### Basic Checks
The basic syntax is `python -m geofence_validator <IP_ADDRESS> <POLICY_RULE> <COUNTRY_CODES...>`
```bash
# Whitelist check: Is 8.8.8.8 in the US or Canada?
$ python -m geofence_validator 8.8.8.8 whitelist US CA
Result: ALLOWED
# Blacklist check: Is 78.46.10.20 in Germany?
$ python -m geofence_validator 78.46.10.20 blacklist DE
Result: DENIED
```
The script communicates its result via its **exit code**:
- `0`: The IP was **ALLOWED**.
- `1`: The IP was **DENIED**.
- `2`: An error occurred.
This allows for easy scripting: `python -m geofence_validator $IP whitelist US && ./deploy_to_us.sh`
### Enabling Verbose Logging
For debugging, use the `-v` or `--verbose` flag. If you have `rich` installed, you will get beautifully colorized output.
```bash
$ python -m geofence_validator -v 8.8.8.8 whitelist US
```

### Using a Custom Data File
The `--data-file` flag allows you to point the resolver to your own CSV data file, which must be in the format `CIDR,COUNTRY_CODE`.
```bash
$ python -m geofence_validator --data-file /path/to/my_ips.csv 8.8.8.8 whitelist US
```
## Architectural Deep Dive
### The Components
The library is composed of several specialized, single-responsibility modules:
- `core.py`: The main engine. Contains the high-performance `Validator` class and the `is_ip_allowed` functional wrapper. Its job is to orchestrate the other components.
- `resolver.py`: The data lookup layer. Contains the `Resolver` abstract base class and the `InMemoryResolver` implementation, which handles loading the bundled CSV data and performing efficient CIDR range lookups.
- `policy.py`: The logic layer. Contains the `WhitelistPolicy` and `BlacklistPolicy` implementations as immutable dataclasses. This module's sole responsibility is to answer the question "is this country allowed according to my rules?".
- `errors.py`: The failure contract. Defines the complete hierarchy of custom exceptions. This provides a stable, predictable API for error handling.
- `logger.py`: The "good citizen" logging layer. Implements the standard `NullHandler` pattern to ensure the library is silent by default, but provides an `enable_debugging()` helper for a rich diagnostic experience when needed.
- `__main__.py`: The CLI application layer. A user-friendly interface to the library's core functionality.
### Performance & Memory Considerations
This library makes a deliberate engineering trade-off: **it prioritizes zero-latency lookups and zero runtime dependencies over a minimal disk/memory footprint.**
- **Disk Size:** The bundled `ip_ranges.csv` file is over 20 MB. This is the cost of including a comprehensive, real-world dataset directly within the package.
- **Memory Usage:** Upon first use, the `InMemoryResolver` loads and parses this entire file into memory. This results in a memory footprint of **~200-300 MB** for the resolver object.
- **The Payoff (Speed):** Because the entire dataset resides in memory as optimized objects, lookups are extremely fast. A single `Validator` instance can perform **millions of checks per second** on a modern machine, as the process involves no disk I/O, network calls, or database queries.
This architecture is ideal for server-side applications, such as web server middleware or high-throughput data pipelines, where a one-time memory cost is acceptable for a massive gain in request-time performance.
### Thread Safety
The most expensive operation is the one-time initialization of the default `InMemoryResolver`. The library guarantees that this initialization is **thread-safe**. A `threading.Lock` protects the creation of the singleton resolver instance, ensuring that even in a highly concurrent environment, the data file will only be read and parsed once.
## Contributing
Contributions are welcome and appreciated! This project is built on the principles of clarity and robustness, and any contributions should align with that spirit.
### Setting Up the Development Environment
1. **Clone the repository:**
```bash
git clone https://github.com/SunK3R/geofence-validator.git
cd geofence-validator
```
2. **Create a virtual environment:**
```bash
python -m venv .venv
source .venv/bin/activate # On Windows, use `.venv\Scripts\activate`
```
3. **Install in editable mode with all development dependencies:**
This command installs the library in a way that your source code changes are immediately reflected. It also installs `pytest`, `ruff`, `mypy`, `rich`, and other development tools.
```bash
pip install -e ".[dev]"
```
### Running Tests
The library maintains a very high standard of test coverage.
```bash
# Run all tests
pytest
# Run tests with coverage report
pytest --cov=geofence_validator --cov-report=term-missing
```
### Updating the GeoIP Data
The bundled `ip_ranges.csv` is sourced from the MaxMind GeoLite2 Country database. A maintainer script is provided to automate the process of downloading the latest data and regenerating this file.
1. **Get a MaxMind License Key:**
- Sign up for a free account at [MaxMind GeoLite2](https://www.maxmind.com/en/geolite2/signup).
- From your account dashboard, navigate to "Manage License Keys" and generate a new key.
2. **Set Environment Variables:**
The script requires your Account ID and License Key. The best way to manage this is with a `.env` file in the project root. **This file must be added to `.gitignore` and never committed.**
`.env` file:
```
MAXMIND_ACCOUNT_ID="YOUR_ACCOUNT_ID_HERE"
MAXMIND_LICENSE_KEY="YOUR_LICENSE_KEY_HERE"
```
3. **Run the update script:**
```bash
python scripts/update_geolite_data.py
```
This will download the latest data, process it, and overwrite `geofence_validator/data/ip_ranges.csv`. You can then commit the updated data file as part of a new library release.
## API Reference
### Primary Interface (`geofence_validator`)
- `Validator(policy_rule, countries, *, custom_resolver=None)`: The main class.
- `.check(ip_address)`: Performs the validation. Returns `bool`.
- `.policy`: Read-only property to inspect the configured `Policy` object.
- `.resolver`: Read-only property to inspect the configured `Resolver` object.
- `is_ip_allowed(ip_address, policy_rule, countries, *, custom_resolver=None)`: A functional wrapper for one-off checks.
- `enable_debugging()`: A helper function to enable verbose console logging.
### Custom Exceptions (`geofence_validator.errors`)
All exceptions inherit from `errors.GeofenceError`.
- **`ValidationError`**: Base for input validation errors.
- `InvalidIPAddressError(invalid_ip)`: Contains `.invalid_ip`.
- `NonPublicIPAddressError(ip_address, reason)`: Contains `.ip_address` and `.reason`.
- `InvalidCountryCodeError(invalid_code)`: Contains `.invalid_code`.
- `InvalidPolicyRuleError(unsupported_rule, supported_rules)`: Contains `.unsupported_rule` and `.supported_rules`.
- **`ResolutionError`**: Base for IP lookup errors.
- `IPResolutionFailedError(ip_address, details)`: Contains `.ip_address` and `.details`.
- `IPAddressNotFoundError(ip_address)`: Contains `.ip_address`.
- **`PolicyError`**: Base for logical policy errors.
- `InvalidPolicyDefinitionError(reason)`: Contains `.reason`.
- **`ConfigurationError`**: Base for setup errors.
- `ResolverInitializationError(details)`: Contains `.details`.
## Acknowledgements
This product includes GeoLite2 data created by MaxMind, available from [https://www.maxmind.com](https://www.maxmind.com).
## License
This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.
Raw data
{
"_id": null,
"home_page": null,
"name": "geofence-validator",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "Sooraj K R <soorajkr03@gmail.com>",
"keywords": "geofence, geoip, security, validation, network, acl, ipaddress",
"author": null,
"author_email": "Sooraj K R <soorajkr03@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/1d/e6/ac75f944d208bd96a4c8dd405e6792adfdd2e76f9b122d29cbefbc629088/geofence_validator-0.1.0.tar.gz",
"platform": null,
"description": "# Geofence Validator\r\n\r\n\r\n[](https://pypi.org/project/geofence-validator/)\r\n[](https://opensource.org/licenses/MIT)\r\n[](https://github.com/SunK3R/geofence-validator)\r\n[](https://github.com/SunK3R/geofence-validator)\r\n\r\n**A zero-dependency, deterministic, and high-performance Python library for IP-based geofence validation.**\r\n\r\n---\r\n\r\n## Table of Contents\r\n\r\n- [Philosophy](#philosophy)\r\n- [Key Features](#key-features)\r\n- [Installation](#installation)\r\n- [Quickstart: 5-Minute Example](#quickstart-5-minute-example)\r\n- [High-Performance Usage: The `Validator` Class](#high-performance-usage-the-validator-class)\r\n - [Why Use the `Validator` Class?](#why-use-the-validator-class)\r\n - [Example](#example)\r\n- [Handling Failures: The Error Hierarchy](#handling-failures-the-error-hierarchy)\r\n - [Catching Specific Input Errors](#catching-specific-input-errors)\r\n - [Catching Categories of Errors](#catching-categories-of-errors)\r\n - [Catching Any Library Error](#catching-any-library-error)\r\n- [Command-Line Interface (CLI)](#command-line-interface-cli)\r\n - [Basic Checks](#basic-checks)\r\n - [Enabling Verbose Logging](#enabling-verbose-logging)\r\n - [Using a Custom Data File](#using-a-custom-data-file)\r\n- [Architectural Deep Dive](#architectural-deep-dive)\r\n - [The Components](#the-components)\r\n - [Performance & Memory Considerations](#performance--memory-considerations)\r\n - [Thread Safety](#thread-safety)\r\n- [Contributing](#contributing)\r\n - [Setting Up the Development Environment](#setting-up-the-development-environment)\r\n - [Running Tests](#running-tests)\r\n - [Updating the GeoIP Data](#updating-the-geoip-data)\r\n- [API Reference](#api-reference)\r\n - [Primary Interface (`geofence_validator`)](#primary-interface-geofence_validator)\r\n - [Custom Exceptions (`geofence_validator.errors`)](#custom-exceptions-geofence_validatoreerrors)\r\n- [Acknowledgements](#acknowledgements)\r\n- [License](#license)\r\n\r\n## Philosophy\r\n\r\nGeofencing isn't about complex firewalls or magical APIs. It's about enforcing boundary logic with **clarity, testability, and deterministic precision.** This library was built from the ground up to embody these principles.\r\n\r\nMost geofencing tools either rely on external API calls, introducing network latency and failure points, or they use complex binary database formats that require specific C-bindings. `geofence-validator` takes a different approach: it is a pure Python, zero-dependency library that bundles its own data, providing zero-latency lookups with completely predictable behavior.\r\n\r\nEvery design decision was made to serve a single purpose: to give developers a tool that is **trustworthy, transparent, and trivial to integrate.**\r\n\r\n## Key Features\r\n\r\n- **Zero Dependencies:** `pip install geofence-validator` is all you need. No hidden system requirements, no C-bindings, just pure Python.\r\n- **High-Performance:** By pre-loading a compiled dataset into memory, the `Validator` class can perform millions of checks per second with zero I/O or network latency.\r\n- **Comprehensive Bundled Data:** Ships with a complete and up-to-date GeoLite2 Country database, ready to use out-of-the-box. (See [Updating the GeoIP Data](#updating-the-geoip-data) for how to refresh it).\r\n- **Whitelist & Blacklist Policies:** Supports both common geofencing strategies with clear, unambiguous rules.\r\n- **Deterministic Logic:** The handling of unknown or unresolvable IP addresses is explicitly defined and tested, eliminating surprises.\r\n- **Extensible:** Provides a clean `Resolver` interface for advanced users who wish to supply their own IP data source.\r\n- **Robust Error Handling:** A rich hierarchy of custom exceptions allows for fine-grained, predictable error handling.\r\n- **Developer-Friendly Debugging:** An optional, rich-powered logger can be enabled with a single command to provide beautiful, colorized diagnostic output.\r\n- **Feature-Rich CLI:** Includes a powerful command-line interface for quick checks, diagnostics, and testing.\r\n\r\n## Installation\r\n\r\nThe library requires Python 3.9 or newer.\r\n\r\n```bash\r\npip install geofence-validator\r\n```\r\n\r\nFor an enhanced developer experience with beautifully formatted debug logs, you can install the optional `rich` dependency:\r\n\r\n```bash\r\npip install \"geofence-validator[rich]\"\r\n```\r\n\r\n## Quickstart: 5-Minute Example\r\n\r\nFor simple, one-off checks, the `is_ip_allowed` function provides a straightforward interface.\r\n\r\n```python\r\nfrom geofence_validator import is_ip_allowed\r\nfrom geofence_validator.errors import GeofenceError\r\n\r\n# Define a whitelist policy for the US and Canada\r\nALLOWED_COUNTRIES = {\"US\", \"CA\"}\r\n\r\n# --- Test Cases ---\r\ngoogle_dns_ip = \"8.8.8.8\" # Located in the US\r\ngerman_ip = \"78.46.10.20\" # Located in Germany\r\nprivate_ip = \"192.168.1.1\" # Non-public IP\r\n\r\ntry:\r\n # Check 1: An IP that should be allowed\r\n is_google_allowed = is_ip_allowed(google_dns_ip, \"whitelist\", ALLOWED_COUNTRIES)\r\n print(f\"Check for {google_dns_ip}: {'Allowed' if is_google_allowed else 'Denied'}\")\r\n # Expected: Check for 8.8.8.8: Allowed\r\n\r\n # Check 2: An IP that should be denied\r\n is_german_ip_allowed = is_ip_allowed(german_ip, \"whitelist\", ALLOWED_COUNTRIES)\r\n print(f\"Check for {german_ip}: {'Allowed' if is_german_ip_allowed else 'Denied'}\")\r\n # Expected: Check for 78.46.10.20: Denied\r\n\r\n # Check 3: This will raise an error because the IP is not a public, geolocatable address\r\n is_ip_allowed(private_ip, \"whitelist\", ALLOWED_COUNTRIES)\r\n\r\nexcept GeofenceError as e:\r\n print(f\"\\nA predictable error occurred: {e}\")\r\n # Expected: A predictable error occurred: The IP address '192.168.1.1' is a non-public address (private (RFC 1918)) and cannot be geolocated.\r\n```\r\n\r\n## High-Performance Usage: The `Validator` Class\r\n\r\n### Why Use the `Validator` Class?\r\n\r\nThe `is_ip_allowed` function is convenient, but it recreates a policy object on every single call. For any application performing more than one check (e.g., a web server middleware, a data processing pipeline), this is inefficient.\r\n\r\nThe `Validator` class is the high-performance engine of the library. You instantiate it **once** with your desired policy and country set. This object pre-compiles the policy logic. Subsequent calls to its `.check()` method are extremely fast, as they involve no object creation.\r\n\r\n### Example\r\n\r\n```python\r\nimport time\r\nfrom geofence_validator import Validator\r\n\r\n# 1. Create a validator instance ONCE at application startup.\r\n# This is the \"expensive\" step that loads and prepares everything.\r\nprint(\"Initializing validator...\")\r\nuk_de_blacklist = Validator(\r\n policy_rule=\"blacklist\",\r\n countries={\"UK\", \"DE\"}\r\n)\r\nprint(\"Validator ready.\")\r\n\r\nips_to_check = [\r\n \"8.8.8.8\", # US -> Allowed\r\n \"212.58.224.1\", # GB -> Allowed\r\n \"78.46.10.20\", # DE -> Denied\r\n \"1.1.1.1\", # AU -> Allowed\r\n]\r\n\r\n# 2. Use the same instance repeatedly in your application's hot path.\r\n# These checks are extremely fast.\r\nfor ip in ips_to_check:\r\n is_allowed = uk_de_blacklist.check(ip)\r\n print(f\"IP {ip} is {'Allowed' if is_allowed else 'Denied'}\")\r\n```\r\n\r\n## Handling Failures: The Error Hierarchy\r\n\r\nA core design principle of this library is that **failures should be predictable and actionable.** All custom exceptions inherit from a common base class, `GeofenceError`, and are organized into a clear hierarchy. This allows you to handle errors with the exact level of granularity you need.\r\n\r\n### Catching Specific Input Errors\r\n\r\nIf you want to handle a specific type of bad input, such as a malformed IP address, you can catch the specific exception. This is useful for returning precise error messages to an end-user (e.g., in an API response).\r\n\r\n```python\r\nfrom geofence_validator import Validator\r\nfrom geofence_validator.errors import InvalidIPAddressError\r\n\r\nvalidator = Validator(\"whitelist\", {\"US\"})\r\n\r\ntry:\r\n validator.check(\"not-a-real-ip\")\r\nexcept InvalidIPAddressError as e:\r\n # This block will execute\r\n print(f\"Error: The provided input '{e.invalid_ip}' is not a valid IP address.\")\r\n # You could return a HTTP 400 Bad Request here.\r\n```\r\n\r\n### Catching Categories of Errors\r\n\r\nIf you want to handle any type of input validation failure without distinguishing between them, you can catch the parent `ValidationError`.\r\n\r\n```python\r\nfrom geofence_validator import Validator\r\nfrom geofence_validator.errors import ValidationError\r\n\r\nvalidator = Validator(\"whitelist\", {\"US\"})\r\n\r\nips_to_test = [\"127.0.0.1\", \"bad-ip-string\"]\r\n\r\nfor ip in ips_to_test:\r\n try:\r\n validator.check(ip)\r\n except ValidationError as e:\r\n # This block will catch both InvalidIPAddressError and NonPublicIPAddressError\r\n print(f\"Input validation failed for '{ip}': {e}\")\r\n```\r\n\r\n### Catching Any Library Error\r\n\r\nFor general-purpose logging or a top-level fallback, you can simply catch the base `GeofenceError`. This guarantees you will handle any predictable error originating from this library without accidentally catching unrelated exceptions from other parts of your code.\r\n\r\n```python\r\nfrom geofence_validator import Validator\r\nfrom geofence_validator.errors import GeofenceError\r\n\r\nvalidator = Validator(\"whitelist\", {\"US\"})\r\n\r\ntry:\r\n # This could fail for any number of reasons\r\n validator.check(\"...\")\r\nexcept GeofenceError as e:\r\n # Log the library-specific error and continue\r\n print(f\"A geofence-validator error occurred: {e}\")\r\n```\r\n\r\n## Command-Line Interface (CLI)\r\n\r\nThe library includes a powerful CLI for quick checks and diagnostics, executable via `python -m geofence_validator`.\r\n\r\n### Basic Checks\r\n\r\nThe basic syntax is `python -m geofence_validator <IP_ADDRESS> <POLICY_RULE> <COUNTRY_CODES...>`\r\n\r\n```bash\r\n# Whitelist check: Is 8.8.8.8 in the US or Canada?\r\n$ python -m geofence_validator 8.8.8.8 whitelist US CA\r\nResult: ALLOWED\r\n\r\n# Blacklist check: Is 78.46.10.20 in Germany?\r\n$ python -m geofence_validator 78.46.10.20 blacklist DE\r\nResult: DENIED\r\n```\r\n\r\nThe script communicates its result via its **exit code**:\r\n- `0`: The IP was **ALLOWED**.\r\n- `1`: The IP was **DENIED**.\r\n- `2`: An error occurred.\r\n\r\nThis allows for easy scripting: `python -m geofence_validator $IP whitelist US && ./deploy_to_us.sh`\r\n\r\n### Enabling Verbose Logging\r\n\r\nFor debugging, use the `-v` or `--verbose` flag. If you have `rich` installed, you will get beautifully colorized output.\r\n\r\n```bash\r\n$ python -m geofence_validator -v 8.8.8.8 whitelist US\r\n```\r\n\r\n\r\n\r\n### Using a Custom Data File\r\n\r\nThe `--data-file` flag allows you to point the resolver to your own CSV data file, which must be in the format `CIDR,COUNTRY_CODE`.\r\n\r\n```bash\r\n$ python -m geofence_validator --data-file /path/to/my_ips.csv 8.8.8.8 whitelist US\r\n```\r\n\r\n## Architectural Deep Dive\r\n\r\n### The Components\r\n\r\nThe library is composed of several specialized, single-responsibility modules:\r\n\r\n- `core.py`: The main engine. Contains the high-performance `Validator` class and the `is_ip_allowed` functional wrapper. Its job is to orchestrate the other components.\r\n- `resolver.py`: The data lookup layer. Contains the `Resolver` abstract base class and the `InMemoryResolver` implementation, which handles loading the bundled CSV data and performing efficient CIDR range lookups.\r\n- `policy.py`: The logic layer. Contains the `WhitelistPolicy` and `BlacklistPolicy` implementations as immutable dataclasses. This module's sole responsibility is to answer the question \"is this country allowed according to my rules?\".\r\n- `errors.py`: The failure contract. Defines the complete hierarchy of custom exceptions. This provides a stable, predictable API for error handling.\r\n- `logger.py`: The \"good citizen\" logging layer. Implements the standard `NullHandler` pattern to ensure the library is silent by default, but provides an `enable_debugging()` helper for a rich diagnostic experience when needed.\r\n- `__main__.py`: The CLI application layer. A user-friendly interface to the library's core functionality.\r\n\r\n### Performance & Memory Considerations\r\n\r\nThis library makes a deliberate engineering trade-off: **it prioritizes zero-latency lookups and zero runtime dependencies over a minimal disk/memory footprint.**\r\n\r\n- **Disk Size:** The bundled `ip_ranges.csv` file is over 20 MB. This is the cost of including a comprehensive, real-world dataset directly within the package.\r\n- **Memory Usage:** Upon first use, the `InMemoryResolver` loads and parses this entire file into memory. This results in a memory footprint of **~200-300 MB** for the resolver object.\r\n- **The Payoff (Speed):** Because the entire dataset resides in memory as optimized objects, lookups are extremely fast. A single `Validator` instance can perform **millions of checks per second** on a modern machine, as the process involves no disk I/O, network calls, or database queries.\r\n\r\nThis architecture is ideal for server-side applications, such as web server middleware or high-throughput data pipelines, where a one-time memory cost is acceptable for a massive gain in request-time performance.\r\n\r\n### Thread Safety\r\n\r\nThe most expensive operation is the one-time initialization of the default `InMemoryResolver`. The library guarantees that this initialization is **thread-safe**. A `threading.Lock` protects the creation of the singleton resolver instance, ensuring that even in a highly concurrent environment, the data file will only be read and parsed once.\r\n\r\n## Contributing\r\n\r\nContributions are welcome and appreciated! This project is built on the principles of clarity and robustness, and any contributions should align with that spirit.\r\n\r\n### Setting Up the Development Environment\r\n\r\n1. **Clone the repository:**\r\n ```bash\r\n git clone https://github.com/SunK3R/geofence-validator.git\r\n cd geofence-validator\r\n ```\r\n\r\n2. **Create a virtual environment:**\r\n ```bash\r\n python -m venv .venv\r\n source .venv/bin/activate # On Windows, use `.venv\\Scripts\\activate`\r\n ```\r\n\r\n3. **Install in editable mode with all development dependencies:**\r\n This command installs the library in a way that your source code changes are immediately reflected. It also installs `pytest`, `ruff`, `mypy`, `rich`, and other development tools.\r\n ```bash\r\n pip install -e \".[dev]\"\r\n ```\r\n\r\n### Running Tests\r\n\r\nThe library maintains a very high standard of test coverage.\r\n\r\n```bash\r\n# Run all tests\r\npytest\r\n\r\n# Run tests with coverage report\r\npytest --cov=geofence_validator --cov-report=term-missing\r\n```\r\n\r\n### Updating the GeoIP Data\r\n\r\nThe bundled `ip_ranges.csv` is sourced from the MaxMind GeoLite2 Country database. A maintainer script is provided to automate the process of downloading the latest data and regenerating this file.\r\n\r\n1. **Get a MaxMind License Key:**\r\n - Sign up for a free account at [MaxMind GeoLite2](https://www.maxmind.com/en/geolite2/signup).\r\n - From your account dashboard, navigate to \"Manage License Keys\" and generate a new key.\r\n\r\n2. **Set Environment Variables:**\r\n The script requires your Account ID and License Key. The best way to manage this is with a `.env` file in the project root. **This file must be added to `.gitignore` and never committed.**\r\n\r\n `.env` file:\r\n ```\r\n MAXMIND_ACCOUNT_ID=\"YOUR_ACCOUNT_ID_HERE\"\r\n MAXMIND_LICENSE_KEY=\"YOUR_LICENSE_KEY_HERE\"\r\n ```\r\n\r\n3. **Run the update script:**\r\n ```bash\r\n python scripts/update_geolite_data.py\r\n ```\r\n\r\nThis will download the latest data, process it, and overwrite `geofence_validator/data/ip_ranges.csv`. You can then commit the updated data file as part of a new library release.\r\n\r\n## API Reference\r\n\r\n### Primary Interface (`geofence_validator`)\r\n\r\n- `Validator(policy_rule, countries, *, custom_resolver=None)`: The main class.\r\n - `.check(ip_address)`: Performs the validation. Returns `bool`.\r\n - `.policy`: Read-only property to inspect the configured `Policy` object.\r\n - `.resolver`: Read-only property to inspect the configured `Resolver` object.\r\n- `is_ip_allowed(ip_address, policy_rule, countries, *, custom_resolver=None)`: A functional wrapper for one-off checks.\r\n- `enable_debugging()`: A helper function to enable verbose console logging.\r\n\r\n### Custom Exceptions (`geofence_validator.errors`)\r\n\r\nAll exceptions inherit from `errors.GeofenceError`.\r\n\r\n- **`ValidationError`**: Base for input validation errors.\r\n - `InvalidIPAddressError(invalid_ip)`: Contains `.invalid_ip`.\r\n - `NonPublicIPAddressError(ip_address, reason)`: Contains `.ip_address` and `.reason`.\r\n - `InvalidCountryCodeError(invalid_code)`: Contains `.invalid_code`.\r\n - `InvalidPolicyRuleError(unsupported_rule, supported_rules)`: Contains `.unsupported_rule` and `.supported_rules`.\r\n- **`ResolutionError`**: Base for IP lookup errors.\r\n - `IPResolutionFailedError(ip_address, details)`: Contains `.ip_address` and `.details`.\r\n - `IPAddressNotFoundError(ip_address)`: Contains `.ip_address`.\r\n- **`PolicyError`**: Base for logical policy errors.\r\n - `InvalidPolicyDefinitionError(reason)`: Contains `.reason`.\r\n- **`ConfigurationError`**: Base for setup errors.\r\n - `ResolverInitializationError(details)`: Contains `.details`.\r\n\r\n## Acknowledgements\r\n\r\nThis product includes GeoLite2 data created by MaxMind, available from [https://www.maxmind.com](https://www.maxmind.com).\r\n\r\n## License\r\n\r\nThis project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.\r\n",
"bugtrack_url": null,
"license": null,
"summary": "A zero-dependency, deterministic, and high-performance Python library for IP-based geofence validation.",
"version": "0.1.0",
"project_urls": {
"Bug Tracker": "https://github.com/SunK3R/geofence-validator/issues",
"Documentation": "https://github.com/SunK3R/geofence-validator/blob/main/README.md",
"Homepage": "https://github.com/SunK3R/geofence-validator",
"Repository": "https://github.com/SunK3R/geofence-validator"
},
"split_keywords": [
"geofence",
" geoip",
" security",
" validation",
" network",
" acl",
" ipaddress"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "5e96a8ced3a751918821f31af611863a94539f3ed2a95e572ab84bb4319dc3cf",
"md5": "f71b358087f2ebb7f441c36362f9a41b",
"sha256": "6d75be7f8014fe29526e51153bbaf41c5e457a7cdd27a7461a2b1659a27addd2"
},
"downloads": -1,
"filename": "geofence_validator-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f71b358087f2ebb7f441c36362f9a41b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 4728711,
"upload_time": "2025-07-17T01:23:27",
"upload_time_iso_8601": "2025-07-17T01:23:27.403719Z",
"url": "https://files.pythonhosted.org/packages/5e/96/a8ced3a751918821f31af611863a94539f3ed2a95e572ab84bb4319dc3cf/geofence_validator-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "1de6ac75f944d208bd96a4c8dd405e6792adfdd2e76f9b122d29cbefbc629088",
"md5": "3fd837ddf24c72edef701558bc83f2c0",
"sha256": "0f670ce0319b2ea9355637ec0cb8505581d639f0a1381d0ef102fc51732c0adb"
},
"downloads": -1,
"filename": "geofence_validator-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "3fd837ddf24c72edef701558bc83f2c0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 4618118,
"upload_time": "2025-07-17T01:23:38",
"upload_time_iso_8601": "2025-07-17T01:23:38.870559Z",
"url": "https://files.pythonhosted.org/packages/1d/e6/ac75f944d208bd96a4c8dd405e6792adfdd2e76f9b122d29cbefbc629088/geofence_validator-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-17 01:23:38",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "SunK3R",
"github_project": "geofence-validator",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "geofence-validator"
}