1 Introduction
2 ------------
3
4 WebStack is a package which provides a common API for Python Web
5 applications, regardless of the underlying server or framework environment.
6 It should be possible with WebStack to design and implement an application,
7 to choose a deployment environment, and then to be able to deploy the
8 application in a different environment later on without having to go back
9 and rewrite substantial parts of the application.
10
11 Quick Start
12 -----------
13
14 Try running the demo:
15
16 python tools/demo.py
17
18 An introductory guide to creating applications can be found in the docs
19 directory - see docs/index.html for the start page.
20
21 Contact, Copyright and Licence Information
22 ------------------------------------------
23
24 The current Web page for WebStack at the time of release is:
25
26 http://www.boddie.org.uk/python/WebStack.html
27
28 Copyright and licence information can be found in the docs directory - see
29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
30 information.
31
32 Framework Support
33 -----------------
34
35 See the docs/supported-frameworks.html document for more information.
36
37 New in WebStack 1.2.5 (Changes since WebStack 1.2.4)
38 ----------------------------------------------------
39
40 * Fixed mod_python status codes using a solution proposed by John Krukoff.
41 * Fixed a Twisted deprecation warning when accessing port numbers, thanks to
42 John Krukoff.
43 * Added Ubuntu Feisty (7.04) package support.
44 * Tidied up the documentation HTML.
45
46 New in WebStack 1.2.4 (Changes since WebStack 1.2.3)
47 ----------------------------------------------------
48
49 * Made a SessionDirectoryRepository which uses directories for data produced
50 by the shelve module, rather than attempting to manipulate files produced
51 by the shelve module, since the details of such files may differ between
52 environments: a situation noticed by John Krukoff in an environment
53 without the bsddb module installed.
54
55 New in WebStack 1.2.3 (Changes since WebStack 1.2.2)
56 ----------------------------------------------------
57
58 * Fixed inadvertent OpenSSL dependency, noticed by John Krukoff.
59
60 New in WebStack 1.2.2 (Changes since WebStack 1.2.1)
61 ----------------------------------------------------
62
63 * Added an EncodingSelector class for the setting of default encodings on
64 transactions.
65 * Added some documentation about path processing strategies.
66 * Added a secure variant of the BaseHTTPServer provided in the adapter for
67 BaseHTTPRequestHandler.
68
69 New in WebStack 1.2.1 (Changes since WebStack 1.2)
70 --------------------------------------------------
71
72 * Fixed mod_python get_content_type method.
73 * Fixed LoginResource form field processing; changed the field type to
74 password.
75 * Exposed LoginResource and LoginRedirectResource page contents as
76 attributes.
77 * Added documentation about extending LoginRedirectResource and using
78 PathSelector to remember an application's root path.
79 * Changed handle_errors to 1 throughout the examples.
80
81 New in WebStack 1.2 (Changes since WebStack 1.1.2)
82 --------------------------------------------------
83
84 * Added support for Django.
85 * Fixed documentation about the representation of file upload fields.
86 * Changed mod_python, Java Servlet and Webware (> 0.8.1) deployment to use a
87 deploy function instead of more complicated configuration mechanisms.
88 * Improved mod_python deployment documentation and tools so that cleaner
89 application paths/URLs can now be used.
90 * Moved user and path_info default definitions into WebStack.Generic as
91 class attributes.
92 * Fixed encoding usage issues with path fields when using get_fields in a
93 Zope environment.
94 * Added a FileResource class to WebStack.Resources.Static.
95 * Made DirectoryRepository convert filenames to Unicode in all cases.
96 * Renamed the Apache and Java Servlet tools, making them scripts which are
97 installed by setup.py.
98 * Fixed CGI content charsets and languages support.
99 * Fixed CGI cookie output.
100 * Added URL overriding in the LoginRedirectResource.
101 * Exposed a get_target function from WebStack.Resources.Login in order to
102 better support alternative login resources.
103 * Added improved error reporting for BaseHTTPRequestHandler, CGI, Django and
104 WSGI.
105 * Added a traverse_path method to the Transaction class.
106 * Made a path_encoding alias for urlencoding in the initialisation of
107 WebStack.Resources.ResourceMap objects.
108 * Added a Selectors module to WebStack.Resources in order to support common
109 resource selection patterns.
110
111 New in WebStack 1.1.2 (Changes since WebStack 1.1.1)
112 ----------------------------------------------------
113
114 * Fixed missing import in WebStack.Repositories.Directory.
115
116 New in WebStack 1.1.1 (Changes since WebStack 1.1)
117 --------------------------------------------------
118
119 * Fixed update_path to handle the root path properly.
120
121 New in WebStack 1.1 (Changes since WebStack 1.0)
122 ------------------------------------------------
123
124 * Added a Repositories package to provide session-like support for
125 different kinds of storage.
126 * Added an explicit filesystem encoding to the Calendar example and adopted
127 the DirectoryRepository from the Repositories package.
128 * Added get_path_without_info, update_path and redirect methods to the
129 Transaction class.
130 * Added get_attributes (attribute support) to the Transaction class.
131 * Added a values method to Helpers.Session.Wrapper.
132 * Fixed get_processed_virtual_path_info (to match from right to left).
133 * Improved/fixed exception handling in the adapters so that transactions are
134 committed as the final act of an adapter experiencing an unhandled
135 exception. This should result in session stores being closed properly.
136 * Changed the Helpers.Session.SessionStore to use DirectoryRepository.
137 * Made the "not found" behaviour of DirectoryResource more configurable.
138 * Added documentation for MapResource and DirectoryResource.
139 * Fixed the distribution names in the Ubuntu changelog.
140
141 New in WebStack 1.0 (Changes since WebStack 0.10)
142 -------------------------------------------------
143
144 * Changed the behaviour of get_path, get_path_without_query, get_path_info,
145 get_virtual_path_info, get_processed_virtual_path_info and
146 get_fields_from_path to return Unicode data decoded using the optional
147 encoding parameter or a common default encoding.
148 * Fixed file upload values so that FileContent objects are returned for such
149 fields in get_fields_from_body and get_fields.
150 (Warning! Except for Twisted!)
151 * Fixed the JavaServlet support so that streams and file content are
152 obtained as "almost" plain strings.
153 * Updated/fixed LoginResource and LoginRedirectResource to use the updated
154 path API and to handle special characters properly.
155 * Added convenience methods to Transaction for the decoding and encoding of
156 path values (to and from Unicode objects) - see the decode_path and
157 encode_path methods.
158 * Added the notion of processed virtual path info - the part of the original
159 path info not represented in the current virtual path info.
160 * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a
161 patch from Scott Robinson).
162 * Fixed ResourceMap.MapResource to handle non-existent resources properly
163 (where the virtual path info is only one component in length).
164 * Added Debian package support.
165 * Added automatic session directory creation for the WebStack sessions
166 implementation.
167 * Added support for the repeated retrieval of sessions from the same
168 WebStack session store, avoiding deadlocks.
169 * Fixed the calendar example, making it perform a proper function.
170 * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
171 include the Login application, since Konqueror (at least) does not share
172 cookies across different port numbers on the same host.
173 * Added the SimpleWithLogin and Login applications to the demonstration.
174 * Improved the documentation, adding information on request headers, and
175 describing file upload and session support limitations.
176 * Improved the AOLserver-related notes for CGI and Webware, adding a patch
177 for Webware in order to work around AOLserver issues.
178
179 New in WebStack 0.10 (Changes since WebStack 0.9)
180 -------------------------------------------------
181
182 * Changes to make the tools/demo.py script work on Windows (and other)
183 platforms (suggested by Jim Madsen).
184 * Fixed end of header newlines for CGI (suggested by Matt Harrison).
185 * Minor documentation fixes and improvements, adding information on
186 AOLserver in the CGI and Webware notes.
187 * Changed the mod_python server name method to use the server object rather
188 than the connection object.
189 * Added a parameter to the ResourceMap.MapResource class to permit automatic
190 redirects into resource hierarchies when no trailing "/" was given in the
191 URL; changed the updated virtual path info so that empty values may be set
192 (the guarantee that "/" will always appear no longer applies).
193 * Fixed virtual path info retrieval when the value is an empty string.
194
195 New in WebStack 0.9 (Changes since WebStack 0.8)
196 ------------------------------------------------
197
198 * Standardised error handling in the adapters so that tracebacks can be
199 suppressed and an internal server error condition raised.
200 * Added overriding of path info in transactions.
201 * Added a ResourceMap resource for dispatching to different resources
202 according to path components.
203 * Standardised deployment for some frameworks (see docs/deploying.html).
204 * Introductory documentation in XHTML format.
205 * Added server name and port methods to the transaction.
206 * Added a simple demonstration application, incorporating many of the
207 examples and launched under a single script.
208 * Fixed mod_python native sessions.
209 * Fixed Zope request stream access.
210 * WebStack is now licensed under the LGPL - see docs/COPYING.txt for
211 details.
212
213 New in WebStack 0.8 (Changes since WebStack 0.7)
214 ------------------------------------------------
215
216 * Added a standard exception, EndOfResponse, which can be used to
217 immediately stop the processing/production of a response; this is useful
218 when resources need to issue a redirect without unnecessary content being
219 generated, for example.
220 * Fixed path information for Zope.
221 * Added WSGI support.
222 * Verified Twisted 1.3.0 support with Python 2.3.3.
223
224 New in WebStack 0.7 (Changes since WebStack 0.6)
225 ------------------------------------------------
226
227 * Fixed path information semantics.
228 * Fixed file upload semantics.
229 * Fixed content type handling for Unicode output and for interpreting
230 request body fields/parameters (although some improvement remains).
231 * Added a method to discover the chosen response stream encoding.
232 * Fixed field/parameter retrieval so that path and body fields are distinct,
233 regardless of the framework employed.
234 * Added a method to get a combination of path and body fields (suggested by
235 Jacob Smullyan).
236 * Introduced Zope 2 support.
237 * Improved Jython/Java Servlet API support (although a special PyServlet
238 class must now be used, and certain libraries must be deployed with
239 applications).
240 * Introduced authentication/authorisation support for Jython/Java Servlet
241 API.
242 * Session support has been added (except for Webware 0.8.1).
243 * Alternative cookie support for mod_python has been added.
244 * Cookie support now supports encoded Unicode sequences for names and
245 values.
246
247 New in WebStack 0.6 (Changes since WebStack 0.5)
248 ------------------------------------------------
249
250 * Introduced Jython/Java Servlet API support.
251 * Minor fixes to example applications and to BaseHTTPRequestHandler.
252
253 New in WebStack 0.5 (Changes since WebStack 0.4)
254 ------------------------------------------------
255
256 * Changed request body fields/parameters so that they are now represented
257 using Unicode objects rather than plain strings.
258 * Introduced better support for Unicode in response streams.
259
260 New in WebStack 0.4 (Changes since WebStack 0.3)
261 ------------------------------------------------
262
263 * Added application definition of user identity, permitting alternative
264 authentication mechanisms.
265 * Improved BaseHTTPRequestHandler and mod_python reliability around fields
266 from request bodies.
267 * Provided stream and environment parameterisation in the CGI adapter.
268 * Added LoginRedirect and Login examples.
269 * Added get_path_without_query and fixed get_path behaviour.
270
271 New in WebStack 0.3 (Changes since WebStack 0.2)
272 ------------------------------------------------
273
274 * Added better header support for Webware (suggested by Ian Bicking).
275 * Introduced CGI and Java Servlet support (the latter is currently
276 broken/unfinished).
277 * Introduced support for cookies.
278
279 Future Work
280 -----------
281
282 (Essential)
283
284 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
285 also seems to be missing this functionality. It isn't obvious whether Twisted
286 Web2 will just copy its predecessors and provide a similarly limited API.
287 Perhaps the Twisted support needs to resemble the CGI support much more when
288 handling fields.
289
290 JythonServlet libraries need to be configured using sys.add_package when
291 these do not feature in the compiled-in list. Adding such configuration to
292 the handler may be most appropriate (since the web.xml file can be too
293 arcane), but this needs testing.
294
295 The algorithm employed in the WebStack.Helpers.Auth.get_token function
296 should be reviewed and improved for better security.
297
298 (Important)
299
300 Field access needs testing, especially for anything using the
301 cgi.FieldStorage class, and the way file uploads are exposed should be
302 reviewed (currently the meta-data is not exposed). The acquisition of fields
303 from specific sources should be tested with different request methods - some
304 frameworks provide path fields in the body fields dictionary, others (eg.
305 Zope) change the fields exposed depending on request method.
306
307 Interpretation of path field encodings needs to be verified. Currently,
308 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
309 ISO-8859-1, but it might be the case that some such fields might be
310 submitted as UTF-8. The decode_path method on Transaction does do much of the
311 work that is likely to be required, however. Still, a good policy for decoding
312 path fields, reducing the number of times one might specify the encoding in
313 various method calls, may be important.
314
315 An interesting test of encodings is to introduce things like the following to
316 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
317 This should produce the following decoded result: %F0?æ=ø&%F0=ø
318 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
319
320 Cookie objects need defining strictly, especially since the standard library
321 Cookie object behaves differently to mod_python (and possibly Webware)
322 Cookie objects. Moreover, the set_cookie_value method needs to provide
323 access to the usual cookie parameters as supported by the frameworks. The
324 standard library Cookie module has issues with Unicode cookie names (and
325 possibly values) - this is worked around, but it would be best to resolve
326 this comprehensively.
327
328 UTF-16 (and possibly other encodings) causes problems with HTML form data
329 sent in POST requests using the application/x-www-form-urlencoded content
330 type. This should be reviewed at a later date when proper standardisation
331 has taken place.
332
333 Session support, especially through WebStack.Helpers.Session, should be
334 reviewed and be made compatible with non-cookie mechanisms.
335
336 Locking in the session support and in DirectoryRepository should be improved.
337
338 HeaderValue objects should be employed more extensively. Thus, the header
339 access methods may need to change their behaviour slightly. The get_headers
340 method should potentially return a list for each item in the dictionary.
341
342 WSGI support could demand that a special "end of headers" method be
343 introduced into WebStack, thus making response output more efficient (and
344 probably also for other frameworks, too).
345
346 Investigate proper support for HEAD, OPTIONS and other request methods.
347
348 Consider packages for different operating systems (other than Debian).
349
350 Investigate cStringIO usage.
351
352 The location of deployed applications in the filesystem should be exposed to
353 those applications. (This is actually available in the __file__ module
354 variable.) A resource could be provided to record the "root" path and added to
355 a resource hierarchy or site map. Note that PathSelector records the "root"
356 path, although it is not automatically deployed.
357
358 (Completed/rejected)
359
360 Path information should be consistent across all frameworks, and the "path
361 info" value should be meaningful. (This should now be correct.)
362
363 Investigate the nicer functions in the cgi module, discarding the "magic"
364 stuff like FieldStorage. (These nicer functions are used by projects like
365 Twisted - as of 1.3.0 at least - and do not give the necessary information we
366 require.)
367
368 Release Procedures
369 ------------------
370
371 Update the WebStack/__init__.py __version__ attribute.
372 Change the version number and package filename/directory in the documentation.
373 Change code examples in the documentation if appropriate.
374 Update the release notes (see above).
375 Check the setup.py file and ensure that all package directories are mentioned.
376 Check the release information in the PKG-INFO file and in the package
377 changelog (and other files).
378 Tag, export.
379 Generate the PyServlet classes.
380 Generate the API documentation.
381 Remove generated .pyc files: rm `find . -name "*.pyc"`
382 Archive, upload.
383 Upload the introductory documentation.
384 Update PyPI, PythonInfo Wiki, Vaults of Parnassus entries.
385
386 Generating the API Documentation
387 --------------------------------
388
389 In order to prepare the API documentation, it is necessary to generate some
390 Web pages from the Python source code. For this, the epydoc application must
391 be available on your system. Then, inside the distribution directory, run the
392 apidocs.sh tool script as follows:
393
394 ./tools/apidocs.sh
395
396 Some warnings may be generated by the script, but the result should be a new
397 apidocs directory within the distribution directory.
398
399 Making Packages
400 ---------------
401
402 To make Debian-based packages:
403
404 1. Create new package directories under packages if necessary.
405 2. Make a symbolic link in the distribution's root directory to keep the
406 Debian tools happy. For example:
407
408 ln -s packages/ubuntu-hoary/python2.4-webstack/debian/
409 ln -s packages/ubuntu-feisty/python-webstack/debian/
410
411 3. Run the package builder:
412
413 dpkg-buildpackage -rfakeroot
414
415 4. Locate and tidy up the packages in the parent directory of the
416 distribution's root directory.