diff options
Diffstat (limited to 'docs/basics.rst')
| -rw-r--r-- | docs/basics.rst | 732 |
1 files changed, 732 insertions, 0 deletions
diff --git a/docs/basics.rst b/docs/basics.rst new file mode 100644 index 00000000..8129fc45 --- /dev/null +++ b/docs/basics.rst @@ -0,0 +1,732 @@ +.. _basics: + +Basics +------ + +The following sections will drive you through the basics of +a CherryPy application, introducing some essential concepts. + +.. contents:: + :depth: 4 + +The one-minute application example +################################## + +The most basic application you can write with CherryPy +involves almost all its core concepts. + +.. code-block:: python + :linenos: + + import cherrypy + + class Root(object): + @cherrypy.expose + def index(self): + return "Hello World!" + + if __name__ == '__main__': + cherrypy.quickstart(Root(), '/') + + +First and foremost, for most tasks, you will never need more than +a single import statement as demonstrated in line 1. + +Before discussing the meat, let's jump to line 9 which shows, +how to host your application with the CherryPy application server +and serve it with its builtin HTTP server at the `'/'` path. +All in one single line. Not bad. + +Let's now step back to the actual application. Even though CherryPy +does not mandate it, most of the time your applications +will be written as Python classes. Methods of those classes will +be called by CherryPy to respond to client requests. However, +CherryPy needs to be aware that a method can be used that way, we +say the method needs to be :term:`exposed`. This is precisely +what the :func:`cherrypy.expose()` decorator does in line 4. + +Save the snippet in a file named `myapp.py` and run your first +CherryPy application: + +.. code-block:: bash + + $ python myapp.py + +Then point your browser at http://127.0.0.1:8080. Tada! + + +.. note:: + + CherryPy is a small framework that focuses on one single task: + take a HTTP request and locate the most appropriate + Python function or method that match the request's URL. + Unlike other well-known frameworks, CherryPy does not + provide a built-in support for database access, HTML + templating or any other middleware nifty features. + + In a nutshell, once CherryPy has found and called an + :term:`exposed` method, it is up to you, as a developer, to + provide the tools to implement your application's logic. + + CherryPy takes the opinion that you, the developer, know best. + +.. warning:: + + The previous example demonstrated the simplicty of the + CherryPy interface but, your application will likely + contain a few other bits and pieces: static service, + more complex structure, database access, etc. + This will be developed in the tutorial section. + + +CherryPy is a minimal framework but not a bare one, it comes +with a few basic tools to cover common usages that you would +expect. + +Hosting one or more applications +################################ + +A web application needs an HTTP server to be accessed to. CherryPy +provides its own, production ready, HTTP server. There are two +ways to host an application with it. The simple one and the almost-as-simple one. + +Single application +^^^^^^^^^^^^^^^^^^ + +The most straightforward way is to use :func:`cherrypy.quickstart` +function. It takes at least one argument, the instance of the +application to host. Two other settings are optionals. First, the +base path at which the application will be accessible from. Second, +a config dictionary or file to configure your application. + +.. code-block:: python + + cherrypy.quickstart(Blog()) + cherrypy.quickstart(Blog(), '/blog') + cherrypy.quickstart(Blog(), '/blog', {'/': {'tools.gzip.on': True}}) + +The first one means that your application will be available at +http://hostname:port/ whereas the other two will make your blog +application available at http://hostname:port/blog. In addition, +the last one provides specific settings for the application. + +.. note:: + + Notice in the third case how the settings are still + relative to the application, not where it is made available at, + hence the `{'/': ... }` rather than a `{'/blog': ... }` + + +Multiple applications +^^^^^^^^^^^^^^^^^^^^^ + +The :func:`cherrypy.quickstart` approach is fine for a single application, +but lacks the capacity to host several applications with the server. +To achieve this, one must use the :meth:`cherrypy.tree.mount <cherrypy._cptree.Tree.mount>` +function as follows: + +.. code-block:: python + + cherrypy.tree.mount(Blog(), '/blog', blog_conf) + cherrypy.tree.mount(Forum(), '/forum', forum_conf) + + cherrypy.engine.start() + cherrypy.engine.block() + +Essentially, :meth:`cherrypy.tree.mount <cherrypy._cptree.Tree.mount>` +takes the same parameters as :func:`cherrypy.quickstart`: an :term:`application`, +a hosting path segment and a configuration. The last two lines +are simply starting application server. + +.. important:: + + :func:`cherrypy.quickstart` and :meth:`cherrypy.tree.mount <cherrypy._cptree.Tree.mount>` + are not exclusive. For instance, the previous lines can be written as: + + .. code-block:: python + + cherrypy.tree.mount(Blog(), '/blog', blog_conf) + cherrypy.quickstart(Forum(), '/forum', forum_conf) + +.. note:: + + You can also :ref:`host foreign WSGI application <hostwsgiapp>`. + + +Logging +####### + +Logging is an important task in any application. CherryPy will +log all incoming requests as well as protocol errors. + +To do so, CherryPy manages two loggers: + +- an access one that logs every incoming requests +- an application/error log that traces errors or other application-level messages + +Your application may leverage that second logger by calling +:func:`cherrypy.log() <cherrypy._cplogging.LogManager.error>`. + +.. code-block:: python + + cherrypy.log("hello there") + +You can also log an exception: + +.. code-block:: python + + try: + ... + except: + cherrypy.log("kaboom!", traceback=True) + +Both logs are writing to files identified by the following keys +in your configuration: + +- ``log.access_file`` for incoming requests using the + `common log format <http://en.wikipedia.org/wiki/Common_Log_Format>`_ +- ``log.error_file`` for the other log + +.. seealso:: + + Refer to the :mod:`cherrypy._cplogging` module for more + details about CherryPy's logging architecture. + +Disable logging +^^^^^^^^^^^^^^^ + +You may be interested in disabling either logs. + +To disable file logging, simply set a en empty string to the +``log.access_file`` or ``log.error_file`` keys in your +:ref:`global configuration <globalsettings>`. + +To disable, console logging, set ``log.screen`` to `False`. + + +Play along with your other loggers +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Your application may obviously already use the :mod:`logging` +module to trace application level messages. CherryPy will not +interfere with them as long as your loggers are explicitely +named. This would work nicely: + +.. code-block:: python + + import logging + logger = logging.getLogger('myapp.mypackage') + logger.setLevel(logging.INFO) + stream = logging.StreamHandler() + stream.setLevel(logging.INFO) + logger.addHandler(stream) + +.. _config: + +Configuring +########### + +CherryPy comes with a fine-grained configuration mechanism and +settings can be set at various levels. + +.. seealso:: + + Once you have the reviewed the basics, please refer + to the :ref:`in-depth discussion <configindepth>` + around configuration. + +.. _globalsettings: + +Global server configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To configure the HTTP and application servers, +use the :meth:`cherrypy.config.update() <cherrypy._cpconfig.Config.update>` +method. + +.. code-block:: python + + cherrypy.config.update({'server.socket_port': 9090}) + +The :mod:`cherrypy.config <cherrypy._cpconfig>` object is a dictionary and the +update method merges the passed dictionary into it. + +You can also pass a file instead (assuming a `server.conf` +file): + +.. code-block:: ini + + [global] + server.socket_port: 9090 + +.. code-block:: python + + cherrypy.config.update("server.conf") + +.. warning:: + + :meth:`cherrypy.config.update() <cherrypy._cpconfig.Config.update>` + is not meant to be used to configure the application. + It is a common mistake. It is used to configure the server and engine. + +.. _perappconf: + +Per-application configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To configure your application, pass in a dictionary or a file +when you associate their application to the server. + +.. code-block:: python + + cherrypy.quickstart(myapp, '/', {'/': {'tools.gzip.on': True}}) + +or via a file (called `app.conf` for instance): + +.. code-block:: ini + + [/] + tools.gzip.on: True + +.. code-block:: python + + cherrypy.quickstart(myapp, '/', "app.conf") + +Although, you can define most of your configuration in a global +fashion, it is sometimes convenient to define them +where they are applied in the code. + +.. code-block:: python + + class Root(object): + @cherrypy.expose + @cherrypy.tools.gzip() + def index(self): + return "hello world!" + +A variant notation to the above: + +.. code-block:: python + + class Root(object): + @cherrypy.expose + def index(self): + return "hello world!" + index._cp_config = {'tools.gzip.on': True} + +Both methods have the same effect so pick the one +that suits your style best. + +Additional application settings +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +You can add settings that are not specific to a request URL +and retrieve them from your page handler as follows: + +.. code-block:: ini + + [/] + tools.gzip.on: True + + [googleapi] + key = "..." + appid = "..." + +.. code-block:: python + + class Root(object): + @cherrypy.expose + def index(self): + google_appid = cherrypy.request.app.config['googleapi']['appid'] + return "hello world!" + + cherrypy.quickstart(Root(), '/', "app.conf") + + +Cookies +####### + +CherryPy uses the :mod:`Cookie` module from python and in particular the +:class:`Cookie.SimpleCookie` object type to handle cookies. + +- To send a cookie to a browser, set ``cherrypy.response.cookie[key] = value``. +- To retrieve a cookie sent by a browser, use ``cherrypy.request.cookie[key]``. +- To delete a cookie (on the client side), you must *send* the cookie with its + expiration time set to `0`: + +.. code-block:: python + + cherrypy.response.cookie[key] = value + cherrypy.response.cookie[key]['expires'] = 0 + +It's important to understand that the request cookies are **not** automatically +copied to the response cookies. Clients will send the same cookies on every +request, and therefore ``cherrypy.request.cookie`` should be populated each +time. But the server doesn't need to send the same cookies with every response; +therefore, ``cherrypy.response.cookie`` will usually be empty. When you wish +to “delete” (expire) a cookie, therefore, you must set +``cherrypy.response.cookie[key] = value`` first, and then set its ``expires`` +attribute to 0. + +Extended example: + +.. code-block:: python + + import cherrypy + + class MyCookieApp(object): + @cherrypy.expose + def set(self): + cookie = cherrypy.response.cookie + cookie['cookieName'] = 'cookieValue' + cookie['cookieName']['path'] = '/' + cookie['cookieName']['max-age'] = 3600 + cookie['cookieName']['version'] = 1 + return "<html><body>Hello, I just sent you a cookie</body></html>" + + @cherrypy.expose + def read(self): + cookie = cherrypy.request.cookie + res = """<html><body>Hi, you sent me %s cookies.<br /> + Here is a list of cookie names/values:<br />""" % len(cookie) + for name in cookie.keys(): + res += "name: %s, value: %s<br>" % (name, cookie[name].value) + return res + "</body></html>" + + if __name__ == '__main__': + cherrypy.quickstart(MyCookieApp(), '/cookie') + + +.. _basicsession: + +Using sessions +############## + +Sessions are one of the most common mechanism used by developers to +identify users and synchronize their activity. By default, CherryPy +does not activate sessions because it is not a mandatory feature +to have, to enable it simply add the following settings in your +configuration: + +.. code-block:: ini + + [/] + tools.sessions.on: True + +.. code-block:: python + + cherrypy.quickstart(myapp, '/', "app.conf") + +Sessions are, by default, stored in RAM so, if you restart your server +all of your current sessions will be lost. You can store them in memcached +or on the filesystem instead. + +Using sessions in your applications is done as follows: + +.. code-block:: python + + import cherrypy + + @cherrypy.expose + def index(self): + if 'count' not in cherrypy.session: + cherrypy.session['count'] = 0 + cherrypy.session['count'] += 1 + +In this snippet, everytime the the index page handler is called, +the current user's session has its `'count'` key incremented by `1`. + +CherryPy knows which session to use by inspecting the cookie +sent alongside the request. This cookie contains the session +identifier used by CherryPy to load the user's session from +the storage. + +.. seealso:: + + Refer to the :mod:`cherrypy.lib.sessions` module for more + details about the session interface and implementation. + Notably you will learn about sessions expiration. + +Filesystem backend +^^^^^^^^^^^^^^^^^^ + +Using a filesystem is a simple to not lose your sessions +between reboots. Each session is saved in its own file within +the given directory. + +.. code-block:: ini + + [/] + tools.sessions.on: True + tools.sessions.storage_type = "file" + tools.sessions.storage_path = "/some/directorys" + +Memcached backend +^^^^^^^^^^^^^^^^^ + +`Memcached <http://memcached.org/>`_ is a popular key-store on top of your RAM, +it is distributed and a good choice if you want to +share sessions outside of the process running CherryPy. + +.. code-block:: ini + + [/] + tools.sessions.on: True + tools.sessions.storage_type = "memcached" + +.. _staticontent: + +Static content serving +###################### + +CherryPy can serve your static content such as images, javascript and +CSS resources, etc. + +.. note:: + + CherryPy uses the :mod:`mimetypes` module to determine the + best content-type to serve a particular resource. If the choice + is not valid, you can simply set more media-types as follows: + + .. code-block:: python + + import mimetypes + mimetypes.types_map['.csv'] = 'text/csv' + + +Serving a single file +^^^^^^^^^^^^^^^^^^^^^ + +You can serve a single file as follows: + +.. code-block:: ini + + [/style.css] + tools.staticfile.on = True + tools.staticfile.filename = "/home/site/style.css" + +CherryPy will automatically respond to URLs such as +`http://hostname/style.css`. + +Serving a whole directory +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Serving a whole directory is similar to a single file: + +.. code-block:: ini + + [/static] + tools.staticdir.on = True + tools.staticdir.dir = "/home/site/static" + +Assuming you have a file at `static/js/my.js`, +CherryPy will automatically respond to URLs such as +`http://hostname/static/js/my.js`. + + +.. note:: + + CherryPy always requires the absolute path to the files or directories + it will serve. If you have several static sections to configure + but located in the same root directory, you can use the following + shortcut: + + + .. code-block:: ini + + [/] + tools.staticdir.root = "/home/site" + + [/static] + tools.staticdir.on = True + tools.staticdir.dir = "static" + +Allow files downloading +^^^^^^^^^^^^^^^^^^^^^^^ + +Using ``"application/x-download"`` response content-type, +you can tell a browser that a resource should be downloaded +onto the user's machine rather than displayed. + +You could for instance write a page handler as follows: + +.. code-block:: python + + from cherrypy.lib.static import serve_file + + @cherrypy.expose + def download(self, filepath): + return serve_file(filepath, "application/x-download", "attachment") + +Assuming the filepath is a valid path on your machine, the +response would be considered as a downloadable content by +the browser. + +.. warning:: + + The above page handler is a security risk on its own since any file + of the server could be accessed (if the user running the + server had permissions on them). + + +Dealing with JSON +################# + +CherryPy has built-in support for JSON encoding and decoding +of the request and/or response. + +Decoding request +^^^^^^^^^^^^^^^^ + +To automatically decode the content of a request using JSON: + +.. code-block:: python + + class Root(object): + @cherrypy.expose + @cherrypy.tools.json_in() + def index(self): + data = cherrypy.request.json + +The `json` attribute attached to the request contains +the decoded content. + +Encoding response +^^^^^^^^^^^^^^^^^ + +To automatically encode the content of a response using JSON: + +.. code-block:: python + + class Root(object): + @cherrypy.expose + @cherrypy.tools.json_out() + def index(self): + return {'key': 'value'} + +CherryPy will encode any content returned by your page handler +using JSON. Not all type of objects may natively be +encoded. + +Authentication +############## + +CherryPy provides support for two very simple authentication mechanisms, +both described in :rfc:`2617`: Basic and Digest. They are most commonly +known to trigger a browser's popup asking users their name +and password. + +Basic +^^^^^ + +Basic authentication is the simplest form of authentication however +it is not a secure one as the user's credentials are embedded into +the request. We advise against using it unless you are running on +SSL or within a closed network. + +.. code-block:: python + + from cherrypy.lib import auth_basic + + USERS = {'jon': 'secret'} + + def validate_password(username, password): + if username in USERS and USERS[username] == password: + return True + return False + + conf = { + '/protected/area': { + 'tools.auth_basic.on': True, + 'tools.auth_basic.realm': 'localhost', + 'tools.auth_basic.checkpassword': validate_password + } + } + + cherrypy.quickstart(myapp, '/', conf) + +Simply put, you have to provide a function that will +be called by CherryPy passing the username and password +decoded from the request. + +The function can read its data from any source it has to: a file, +a database, memory, etc. + + +Digest +^^^^^^ + +Digest authentication differs by the fact the credentials +are not carried on by the request so it's a little more secure +than basic. + +CherryPy's digest support has a similar interface to the +basic one explained above. + +.. code-block:: python + + from cherrypy.lib import auth_digest + + USERS = {'jon': 'secret'} + + conf = { + '/protected/area': { + 'tools.auth_digest.on': True, + 'tools.auth_digest.realm': 'localhost', + 'tools.auth_digest.get_ha1': auth_digest.get_ha1_dict_plain(USERS), + 'tools.auth_digest.key': 'a565c27146791cfb' + } + } + + cherrypy.quickstart(myapp, '/', conf) + +Favicon +####### + +CherryPy serves its own sweet red cherrypy as the default +`favicon <http://en.wikipedia.org/wiki/Favicon>`_ using the static file +tool. You can serve your own favicon as follows: + +.. code-block:: python + + import cherrypy + + class HelloWorld(object): + @cherrypy.expose + def index(self): + return "Hello World!" + + if __name__ == '__main__': + cherrypy.quickstart(HelloWorld(), '/', + { + '/favicon.ico': + { + 'tools.staticfile.on': True, + 'tools.staticfile.filename:' '/path/to/myfavicon.ico' + } + } + ) + +Please refer to the :ref:`static serving <staticontent>` section +for more details. + +You can also use a file to configure it: + +.. code-block:: ini + + [/favicon.ico] + tools.staticfile.on: True + tools.staticfile.filename: "/path/to/myfavicon.ico" + + +.. code-block:: python + + import cherrypy + + class HelloWorld(object): + @cherrypy.expose + def index(self): + return "Hello World!" + + if __name__ == '__main__': + cherrypy.quickstart(HelloWorld(), '/', app.conf) |