Version 7 - History - Request - µWeb - Bugtracker

Request » History » Version 7

Elmer de Looff, 2012-04-27 18:55
Cookies cookies cookies!

-Jan Klopper
+h1. Request
 Jan Klopper
-Elmer de Looff
+{{>toc}}
 Elmer de Looff
-Elmer de Looff
+The @Request@ object is an abstraction of the incoming HTTP request. This allows one simple interface that is independent of the underlying server that µWeb runs on (either [[Standalone]] using BaseHTTPServer, or [[Apache]] mode on @mod_python@).
 Jan Klopper
-Elmer de Looff
+From PageMaker methods, the request object is accessible as the @self.req@ member. The request object contains all the information about the incoming request: query arguments, post data, cookies and environment data. It is also the object where you define cookies that need to be provided to the client.
 Jan Klopper
-Elmer de Looff
+h1. Query arguments
 Elmer de Looff
-Elmer de Looff
+All query arguments provided by the client are present on the request object. They are also accessible directly on the [[PageMaker]] object. The following code demonstrates both ways to access a query argument:
 Elmer de Looff
-Elmer de Looff
+<pre><code class="html">
-Elmer de Looff
+...
-Elmer de Looff
+<form>
-Elmer de Looff
+  <label for="name">Name: </label><input id="name" name="name" />
-Elmer de Looff
+  <input type="submit" value="Tell us your name" />
-Elmer de Looff
+</form>
-Elmer de Looff
+...
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Jan Klopper
+<pre><code class="python">
-Elmer de Looff
+def NameFromQuery(self):
-Elmer de Looff
+  # Retrieves the 'name' argument from the request object:
-Elmer de Looff
+  name = self.req.vars['get'].getfirst('name')
 Elmer de Looff
-Elmer de Looff
+  # Retrieves the 'name' argument directly from the PageMaker instance (linked to the request):
-Elmer de Looff
+  name = self.get.getfirst('name')
-Elmer de Looff
+  return name
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+Using the @getfirst@ method, you get a single string returned from the query argument mapping, or a @None@ if no such value exists. Much like a dictionary's @get@ method, you can provide a second argument to the method, and have that returned instead as the default.
 Elmer de Looff
-Jan Klopper
+Now, HTTP allows the client to provide the same query argument multiple times. Using @getfirst@ you would only get the very first defined argument. So a request that looks like @http://example.org/group?name=Bob&name=Mark&name=Jenny@ would only return 'Bob' in the previous example. To get all their names printed, you can use the following:
 Jan Klopper
-Elmer de Looff
+<pre><code class="html">
-Elmer de Looff
+...
-Elmer de Looff
+<form action="/group">
-Elmer de Looff
+  <h2>Names in this group</h2>
-Elmer de Looff
+  <!-- These would likely be generated with Javascript, but written here for demonstrative purposes -->
-Elmer de Looff
+  <label for="name_1">Name: </label><input id="name_1" name="name" />
-Elmer de Looff
+  <label for="name_2">Name: </label><input id="name_2" name="name" />
-Elmer de Looff
+  <label for="name_3">Name: </label><input id="name_3" name="name" />
-Elmer de Looff
+  <input type="submit" value="Send these names" />
-Elmer de Looff
+</form>
-Elmer de Looff
+...
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Jan Klopper
+<pre><code class="python">
-Elmer de Looff
+def MemberNames(self):
-Jan Klopper
+  names = self.get.getlist('name')
-Jan Klopper
+  return ', '.join(names)
-Jan Klopper
+</code></pre>
 Jan Klopper
-Jan Klopper
+This returns a neat comma-separated string with all the provided names. The @getlist@ method does not take a default, but will instead return an empty list when there are no values for the requested argument name.
 Jan Klopper
-Elmer de Looff
+h1. Post data
 Jan Klopper
-Elmer de Looff
+Submitted form data is available on the request object as well. The interface is similar to that of the query arguments, and the @FieldStorage@ class already present in the @cgi@ module. If we take our initial example form handler, but now receive the data through HTTP POST, the code would look like this:
 Jan Klopper
-Elmer de Looff
+<pre><code class="html">
-Elmer de Looff
+...
-Elmer de Looff
+<form method="post">
-Elmer de Looff
+  <label for="name">Name: </label><input id="name" name="name" />
-Elmer de Looff
+  <input type="submit" value="Tell us your name" />
-Elmer de Looff
+</form>
-Elmer de Looff
+...
-Elmer de Looff
+</code></pre>
 Jan Klopper
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def NameFromPost(self):
-Elmer de Looff
+  # Retrieves the 'name' value from the request object:
-Elmer de Looff
+  name = self.req.vars['post'].getfirst('name')
 Jan Klopper
-Elmer de Looff
+  # Retrieves the 'name' value directly from the PageMaker instance (linked to the request):
-Elmer de Looff
+  name = self.post.getfirst('name')
-Elmer de Looff
+  return name
-Elmer de Looff
+</code></pre>
 Jan Klopper
-Elmer de Looff
+Like with the query arguments, @getfirst@ accepts a second argument that provides a default other than @None@.
 Jan Klopper
-Elmer de Looff
+Multiple values are again possible in the FieldStorage, and these work similar to how they do in query arguments:
 Jan Klopper
-Elmer de Looff
+<pre><code class="html">
-Elmer de Looff
+...
-Elmer de Looff
+<form action="/group" method="post">
-Elmer de Looff
+  <h2>Names in this group</h2>
-Elmer de Looff
+  <!-- These would likely be generated with Javascript, but written here for demonstrative purposes -->
-Elmer de Looff
+  <label for="name_1">Name: </label><input id="name_1" name="name" />
-Elmer de Looff
+  <label for="name_2">Name: </label><input id="name_2" name="name" />
-Elmer de Looff
+  <label for="name_3">Name: </label><input id="name_3" name="name" />
-Elmer de Looff
+  <input type="submit" value="Send these names" />
-Elmer de Looff
+</form>
-Elmer de Looff
+...
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def MemberNames(self):
-Elmer de Looff
+  names = self.post.getlist('name')
-Elmer de Looff
+  return ', '.join(names)
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+h2. Uploading files
 Jan Klopper
-Elmer de Looff
+Processing an uploaded file is done using the the same @FieldStorage@ system as the rest of the POST data, and roughly looks like the following. When performing file uploads, be sure to define the @enctype@ of your form, or the uploaded file will have no contents.
 Elmer de Looff
-Elmer de Looff
+<pre><code class="html">
-Elmer de Looff
+...
-Elmer de Looff
+<form method="post" enctype="multipart/form-data">
-Elmer de Looff
+  <label for="avatar">Avatar: </label><input id="avatar" name="avatar" type="file" />
-Elmer de Looff
+  <input type="submit" value="submit!" />
-Elmer de Looff
+</form>
-Elmer de Looff
+...
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def UpdateAvatar(self):
-Elmer de Looff
+  # Retrieve the currently logged-in user
-Elmer de Looff
+  user = self.GetCurrentUser()
 Elmer de Looff
-Elmer de Looff
+  # This gets the name of the file that was uploaded
-Elmer de Looff
+  avatar_name = self.post['avatar'].filename
 Elmer de Looff
-Elmer de Looff
+  # This retrieves the content of the uploaded file,
-Elmer de Looff
+  avatar_data = self.post['avatar'].value
 Elmer de Looff
-Elmer de Looff
+  self.SaveAvatar(user, avatar_data)
-Elmer de Looff
+  return 'Your avatar has been replaced by %r' % avatar_name
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Jan Klopper
+h2. Structured data using POST
 Elmer de Looff
-Elmer de Looff
+One of the things that has been extended on the basic @FieldStorage@ in µWeb is the way it treats square backets ( [ and ] ) in POST data. A form field with the name @person[name]@ will result in a dictionary @person@ being created in the resulting @FieldStorage@:
 Elmer de Looff
-Elmer de Looff
+<pre><code class="html">
-Elmer de Looff
+...
-Elmer de Looff
+<form method="post">
-Elmer de Looff
+  <label for="name">Name: </label><input id="name" name="person[name]" />
-Elmer de Looff
+  <label for="age">Age: </label><input id="age" name="person[age]" />
-Elmer de Looff
+  <label for="job">Job: </label><input id="job" name="person[job]" />
-Elmer de Looff
+  <input type="submit" value="Update your profile" />
-Elmer de Looff
+</form>
-Elmer de Looff
+...
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def PersonalData(self):
-Elmer de Looff
+  person = self.post.getfirst('person')
-Elmer de Looff
+  return uweb.Response(json.dumps(person), content_type="application/json")
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+In the above code here, the @person@ variable is a dictionary retrieved from the POST data, which is then presented to the client in JSON, by using a custom [[Response|repsonse]].
 Elmer de Looff
-Elmer de Looff
+Note that the 'numeric' age value is a string. This is of course because everything submitted in forms is in the form of a string. Conversion to appropriate types will have to be handled by the [[PageMaker]]. The @person@ dictionary itself looks like this:
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+{'age': '28', 'job': 'Engineer', 'name': 'Elmer'}
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+*N.B.:* When using structured form data, you still need to use the @getfirst@ method, because there might me separate (non-dictionary) values for the form name. There will never be more than one dictionary in the form values; if a single key is set more than once, the last-set value will be the one present in the dictionary.
 Elmer de Looff
-Elmer de Looff
+h1. Cookies
 Elmer de Looff
-Elmer de Looff
+h2. Reading cookies
 Jan Klopper
-Elmer de Looff
+Cookies provided by the client will also end up in the request object. They are both present on the request itself, as @self.req.vars['cookies']@, or through the @PageMaker@ instance itself as @self.cookies@ (both are from the scope of the PageMaker instance).
 Elmer de Looff
-Elmer de Looff
+The cookie storage itself is a plain Python dictionary, which makes for particularly easy access.
 Elmer de Looff
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def CookieInfo(self):
-Elmer de Looff
+  sample = self.cookies['sample']
-Elmer de Looff
+  return 'The sample cookie is set to %r' % sample
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+Cookies cannot be set by using this dictionary though, for that the @AddCookie@ method is required:
 Elmer de Looff
-Elmer de Looff
+h2. Setting cookies
 Elmer de Looff
-Elmer de Looff
+Response cookies are set using the request object. The method to use for this is @AddCookie@, the easiest use of which looks like this:
 Elmer de Looff
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def SetCookie(self):
-Elmer de Looff
+  self.req.AddCookie('example', 'this is an example cookie value set by µWeb')
-Elmer de Looff
+  return 'A cookie named "example" was set.'
-Elmer de Looff
+</code></pre>
 Elmer de Looff
-Elmer de Looff
+This creates a cookie that does not expire, will be provided with every request to the originating domain, and can be read from Javascript. To change these default behaviors, there are a number of optional arguments that can be provided, as detailed below. Of course, while the examples show one argument used at a time, they can all be combined:
 Elmer de Looff
-Elmer de Looff
+<pre><code class="python">
-Elmer de Looff
+def ShortLivedCookie(self):
-Elmer de Looff
+  """Sets an expiry time of the cookie, in this case 10 seconds."""
-Elmer de Looff
+  self.req.AddCookie('quick', 'I will be gone soon', max_age=10)
 Elmer de Looff
 Elmer de Looff
-Elmer de Looff
+def SecureCookie(self):
-Elmer de Looff
+  """Sets a cookie with the 'secure' flag enabled.
 Elmer de Looff
-Elmer de Looff
+  This means the cookie will only be provided with requests that the browser
-Elmer de Looff
+  considers secure. This typically means they will only be present in requests
-Elmer de Looff
+  that use SSL (https://).
-Elmer de Looff
+  """
-Elmer de Looff
+  self.req.AddCookie('secret', 'This server adores you', secure=True)
 Elmer de Looff
 Elmer de Looff
-Elmer de Looff
+def HttpOnlyCookie(self):
-Elmer de Looff
+  """Sets a cookie that is only transferred in HTTP requests.
 Elmer de Looff
-Elmer de Looff
+  The cookie will not be readable from Javascript. This defaults to False.
-Elmer de Looff
+  """
-Elmer de Looff
+  self.req.AddCookie('secret', 'Please no Javascript', httponly=True)
 Elmer de Looff
 Elmer de Looff
-Elmer de Looff
+def PathBoundCookie(self):
-Elmer de Looff
+  """Sets a cookie that is is only valid for the path '/admin'.
 Elmer de Looff
-Elmer de Looff
+  This means that the client (browser) will only provide it for requests
-Elmer de Looff
+  that go to '/admin' or a deeper nested path (such as '/admin/users'
-Elmer de Looff
+  but will not be provided for requests that go to '/blog'
-Elmer de Looff
+  """
-Elmer de Looff
+  self.req.AddCookie('user', 'bobbytables', path='/login')
 Elmer de Looff
 Elmer de Looff
-Elmer de Looff
+def DomainBoundCookie(self):
-Elmer de Looff
+  """Sets a cookie that is is only valid for the specified domain.
 Elmer de Looff
-Elmer de Looff
+  By default, if a cookie is set for 'www.example.com' it will not be provided
-Elmer de Looff
+  for requests that go to 'example.com' itself. If we set the cookie to be valid
-Elmer de Looff
+  for '.domain.com', it will be valid for domain.com and all sub-domains.
 Elmer de Looff
-Elmer de Looff
+  Explicitly specified domains MUST begin with a dot, or they will be rejected
-Elmer de Looff
+  as per RFC2109. Additionally, cookies set by 'x.y.example.com' MAY NOT set
-Elmer de Looff
+  their valid domain to be '.example.com' or they will be rejected.
 Elmer de Looff
-Elmer de Looff
+  If the 'domain' is not specified, the cookie will be valid for the domain that
-Elmer de Looff
+  set the cookie (as per HTTP_HOST from the environment)
-Elmer de Looff
+  """
-Elmer de Looff
+  self.req.AddCookie('session', 'SMqfUYLk3vCjkWL6', domain='.example.com')
-Elmer de Looff
+</code></pre>
 Elmer de Looff
 Jan Klopper
-Elmer de Looff
+h1. Environment
 Jan Klopper
-Jan Klopper
+The env variable is a dictionary containing the following items;
-Jan Klopper
+* CONTENT_TYPE
-Jan Klopper
+* CONTENT_LENGTH
-Jan Klopper
+* HTTP_COOKIE
-Jan Klopper
+* HTTP_HOST
-Jan Klopper
+* HTTP_REFERER
-Jan Klopper
+* HTTP_USER_AGENT
-Jan Klopper
+* PATH_INFO
-Jan Klopper
+* QUERY_STRING
-Jan Klopper
+* REMOTE_ADDR
-Jan Klopper
+* REQUEST_METHOD
-Jan Klopper
+* UWEB_MODE 'STANDALONE' / 'MOD_PYTHON'
 Jan Klopper
-Elmer de Looff
+h2. Extended environment
 Elmer de Looff
-Jan Klopper
+If more detail is required about the environment, you can issue a call to the self.req.ExtendedEnvironment() method, which will inject more details into the env var. This is a much slower operation than the normal env call, so that's why its tucked away in a separate method.
 Jan Klopper
-Jan Klopper
+* AUTH_TYPE
-Jan Klopper
+* CONNECTION_ID
-Jan Klopper
+* DOCUMENT_ROOT
-Jan Klopper
+* RAW_REQUEST
-Jan Klopper
+* REMOTE_HOST
-Jan Klopper
+* REMOTE_USER
-Jan Klopper
+* SERVER_NAME
-Jan Klopper
+* SERVER_PORT
-Jan Klopper
+* SERVER_LOCAL_NAME
-Jan Klopper
+* SERVER_LOCAL_IP
-Elmer de Looff
+* SERVER_PROTOCOL
 Jan Klopper
-Jan Klopper
+And in case of a @mod_python@ setup you will also get:
-Jan Klopper
+* MODPYTHON_HANDLER
-Jan Klopper
+* MODPYTHON_INTERPRETER
-Jan Klopper
+* MODPYTHON_PHASE
 Elmer de Looff
-Elmer de Looff
+h1. Setting cookies

Project

General

Profile

µWeb

Request » History » Version 7