WebStack

README.txt

515:f0e5c72e3b70
2005-11-20 paulb [project @ 2005-11-20 02:37:06 by paulb] Added reference documentation for repositories, static content and resource mapping.
     1 Introduction
     2 ------------
     3 
     4 WebStack is a package which provides a common API for Python Web
     5 applications, regardless of the underlying server or framework environment.
     6 It should be possible with WebStack to design and implement an application,
     7 to choose a deployment environment, and then to be able to deploy the
     8 application in a different environment later on without having to go back
     9 and rewrite substantial parts of the application.
    10 
    11 Quick Start
    12 -----------
    13 
    14 Try running the demo:
    15 
    16 python tools/demo.py
    17 
    18 An introductory guide to creating applications can be found in the docs
    19 directory - see docs/index.html for the start page.
    20 
    21 Contact, Copyright and Licence Information
    22 ------------------------------------------
    23 
    24 The current Web page for WebStack at the time of release is:
    25 
    26 http://www.boddie.org.uk/python/WebStack.html
    27 
    28 Copyright and licence information can be found in the docs directory - see
    29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
    30 information.
    31 
    32 Framework Support
    33 -----------------
    34 
    35 Currently, BaseHTTPRequestHandler (via BaseHTTPServer in the standard
    36 library), CGI, Jython/Java Servlet API, mod_python, Twisted, Webware, WSGI
    37 and Zope 2 are supported. Each framework has its own set of strengths and
    38 weaknesses, but the idea is that deployment concerns can be considered
    39 separately from the implementation of application functionality. Consult the
    40 NOTES.txt files in each framework's subdirectory of the docs directory for
    41 some notes on how applications may be run in each environment.
    42 
    43 Tested Frameworks           Release Information
    44 -----------------           -------------------
    45 
    46 BaseHTTPRequestHandler      Python 2.2.2, Python 2.3.3, Python 2.4.1
    47 CGI                         Apache 2.0.44, Apache 2.0.53, AOLserver 4.0.10, lighttpd 1.3.15
    48 Jython/Java Servlet API     Jython 2.1, Java JDK 1.3.1_02, Tomcat 4.1.31 (Servlet 2.3)
    49 mod_python                  3.0.3 (3.1.3 for framework cookie and session support)
    50 Twisted                     1.0.5, 1.3.0
    51 Webware                     0.8.1, CVS (2004-02-06), 0.9b2
    52 WSGI                        run_with_cgi (PEP 333)
    53 Zope                        2.7.2-0, 2.8.0-final
    54 
    55 New in WebStack 1.1 (Changes since WebStack 1.0)
    56 ------------------------------------------------
    57 
    58   * Added a Repositories package to provide session-like support for
    59     different kinds of storage.
    60   * Added an explicit filesystem encoding to the Calendar example and adopted
    61     the DirectoryRepository from the Repositories package.
    62   * Added get_path_without_info, update_path and redirect methods to the
    63     Transaction class.
    64   * Added a values method to Helpers.Session.Wrapper.
    65   * Improved/fixed exception handling in the adapters so that transactions are
    66     committed as the final act of an adapter experiencing an unhandled
    67     exception. This should result in session stores being closed properly.
    68   * Made the "not found" behaviour of DirectoryResource more configurable.
    69   * Added documentation for MapResource and DirectoryResource.
    70   * Fixed the distribution names in the Ubuntu changelog.
    71 
    72 New in WebStack 1.0 (Changes since WebStack 0.10)
    73 -------------------------------------------------
    74 
    75   * Changed the behaviour of get_path, get_path_without_query, get_path_info,
    76     get_virtual_path_info, get_processed_virtual_path_info and
    77     get_fields_from_path to return Unicode data decoded using the optional
    78     encoding parameter or a common default encoding.
    79   * Fixed file upload values so that FileContent objects are returned for such
    80     fields in get_fields_from_body and get_fields.
    81     (Warning! Except for Twisted!)
    82   * Fixed the JavaServlet support so that streams and file content are
    83     obtained as "almost" plain strings.
    84   * Updated/fixed LoginResource and LoginRedirectResource to use the updated
    85     path API and to handle special characters properly.
    86   * Added convenience methods to Transaction for the decoding and encoding of
    87     path values (to and from Unicode objects) - see the decode_path and
    88     encode_path methods.
    89   * Added the notion of processed virtual path info - the part of the original
    90     path info not represented in the current virtual path info.
    91   * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a
    92     patch from Scott Robinson).
    93   * Fixed ResourceMap.MapResource to handle non-existent resources properly
    94     (where the virtual path info is only one component in length).
    95   * Added Debian package support.
    96   * Added automatic session directory creation for the WebStack sessions
    97     implementation.
    98   * Added support for the repeated retrieval of sessions from the same
    99     WebStack session store, avoiding deadlocks.
   100   * Fixed the calendar example, making it perform a proper function.
   101   * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
   102     include the Login application, since Konqueror (at least) does not share
   103     cookies across different port numbers on the same host.
   104   * Added the SimpleWithLogin and Login applications to the demonstration.
   105   * Improved the documentation, adding information on request headers, and
   106     describing file upload and session support limitations.
   107   * Improved the AOLserver-related notes for CGI and Webware, adding a patch
   108     for Webware in order to work around AOLserver issues.
   109 
   110 New in WebStack 0.10 (Changes since WebStack 0.9)
   111 -------------------------------------------------
   112 
   113   * Changes to make the tools/demo.py script work on Windows (and other)
   114     platforms (suggested by Jim Madsen).
   115   * Fixed end of header newlines for CGI (suggested by Matt Harrison).
   116   * Minor documentation fixes and improvements, adding information on
   117     AOLserver in the CGI and Webware notes.
   118   * Changed the mod_python server name method to use the server object rather
   119     than the connection object.
   120   * Added a parameter to the ResourceMap.MapResource class to permit automatic
   121     redirects into resource hierarchies when no trailing "/" was given in the
   122     URL; changed the updated virtual path info so that empty values may be set
   123     (the guarantee that "/" will always appear no longer applies).
   124   * Fixed virtual path info retrieval when the value is an empty string.
   125 
   126 New in WebStack 0.9 (Changes since WebStack 0.8)
   127 ------------------------------------------------
   128 
   129   * Standardised error handling in the adapters so that tracebacks can be
   130     suppressed and an internal server error condition raised.
   131   * Added overriding of path info in transactions.
   132   * Added a ResourceMap resource for dispatching to different resources
   133     according to path components.
   134   * Standardised deployment for some frameworks (see docs/deploying.html).
   135   * Introductory documentation in XHTML format.
   136   * Added server name and port methods to the transaction.
   137   * Added a simple demonstration application, incorporating many of the
   138     examples and launched under a single script.
   139   * Fixed mod_python native sessions.
   140   * Fixed Zope request stream access.
   141   * WebStack is now licensed under the LGPL - see docs/COPYING.txt for
   142     details.
   143 
   144 New in WebStack 0.8 (Changes since WebStack 0.7)
   145 ------------------------------------------------
   146 
   147   * Added a standard exception, EndOfResponse, which can be used to
   148     immediately stop the processing/production of a response; this is useful
   149     when resources need to issue a redirect without unnecessary content being
   150     generated, for example.
   151   * Fixed path information for Zope.
   152   * Added WSGI support.
   153   * Verified Twisted 1.3.0 support with Python 2.3.3.
   154 
   155 New in WebStack 0.7 (Changes since WebStack 0.6)
   156 ------------------------------------------------
   157 
   158   * Fixed path information semantics.
   159   * Fixed file upload semantics.
   160   * Fixed content type handling for Unicode output and for interpreting
   161     request body fields/parameters (although some improvement remains).
   162   * Added a method to discover the chosen response stream encoding.
   163   * Fixed field/parameter retrieval so that path and body fields are distinct,
   164     regardless of the framework employed.
   165   * Added a method to get a combination of path and body fields (suggested by
   166     Jacob Smullyan).
   167   * Introduced Zope 2 support.
   168   * Improved Jython/Java Servlet API support (although a special PyServlet
   169     class must now be used, and certain libraries must be deployed with
   170     applications).
   171   * Introduced authentication/authorisation support for Jython/Java Servlet
   172     API.
   173   * Session support has been added (except for Webware 0.8.1).
   174   * Alternative cookie support for mod_python has been added.
   175   * Cookie support now supports encoded Unicode sequences for names and
   176     values.
   177 
   178 New in WebStack 0.6 (Changes since WebStack 0.5)
   179 ------------------------------------------------
   180 
   181   * Introduced Jython/Java Servlet API support.
   182   * Minor fixes to example applications and to BaseHTTPRequestHandler.
   183 
   184 New in WebStack 0.5 (Changes since WebStack 0.4)
   185 ------------------------------------------------
   186 
   187   * Changed request body fields/parameters so that they are now represented
   188     using Unicode objects rather than plain strings.
   189   * Introduced better support for Unicode in response streams.
   190 
   191 New in WebStack 0.4 (Changes since WebStack 0.3)
   192 ------------------------------------------------
   193 
   194   * Added application definition of user identity, permitting alternative
   195     authentication mechanisms.
   196   * Improved BaseHTTPRequestHandler and mod_python reliability around fields
   197     from request bodies.
   198   * Provided stream and environment parameterisation in the CGI adapter.
   199   * Added LoginRedirect and Login examples.
   200   * Added get_path_without_query and fixed get_path behaviour.
   201 
   202 New in WebStack 0.3 (Changes since WebStack 0.2)
   203 ------------------------------------------------
   204 
   205   * Added better header support for Webware (suggested by Ian Bicking).
   206   * Introduced CGI and Java Servlet support (the latter is currently
   207     broken/unfinished).
   208   * Introduced support for cookies.
   209 
   210 Future Work
   211 -----------
   212 
   213 (Essential)
   214 
   215 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
   216 also seems to be missing this functionality. It isn't obvious whether Twisted
   217 Web2 will just copy its predecessors and provide a similarly limited API.
   218 Perhaps the Twisted support needs to resemble the CGI support much more when
   219 handling fields.
   220 
   221 JythonServlet libraries need to be configured using sys.add_package when
   222 these do not feature in the compiled-in list. Adding such configuration to
   223 the handler may be most appropriate (since the web.xml file can be too
   224 arcane), but this needs testing.
   225 
   226 (Important)
   227 
   228 Field access needs testing, especially for anything using the
   229 cgi.FieldStorage class, and the way file uploads are exposed should be
   230 reviewed (currently the meta-data is not exposed). The acquisition of fields
   231 from specific sources should be tested with different request methods - some
   232 frameworks provide path fields in the body fields dictionary, others (eg.
   233 Zope) change the fields exposed depending on request method.
   234 
   235 Interpretation of path field encodings needs to be verified. Currently,
   236 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
   237 ISO-8859-1, but it might be the case that some such fields might be
   238 submitted as UTF-8. The decode_path method on Transaction does do much of the
   239 work that is likely to be required, however. Still, a good policy for decoding
   240 path fields, reducing the number of times one might specify the encoding in
   241 various method calls, may be important.
   242 
   243 An interesting test of encodings is to introduce things like the following to
   244 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
   245 This should produce the following decoded result: %F0?æ=ø&%F0=ø
   246 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
   247 
   248 Cookie objects need defining strictly, especially since the standard library
   249 Cookie object behaves differently to mod_python (and possibly Webware)
   250 Cookie objects. Moreover, the set_cookie_value method needs to provide
   251 access to the usual cookie parameters as supported by the frameworks. The
   252 standard library Cookie module has issues with Unicode cookie names (and
   253 possibly values) - this is worked around, but it would be best to resolve
   254 this comprehensively.
   255 
   256 UTF-16 (and possibly other encodings) causes problems with HTML form data
   257 sent in POST requests using the application/x-www-form-urlencoded content
   258 type.  This should be reviewed at a later date when proper standardisation
   259 has taken place.
   260 
   261 Session support, especially through WebStack.Helpers.Session, should be
   262 reviewed and be made compatible with non-cookie mechanisms.
   263 
   264 Locking in the session support and in DirectoryRepository should be improved.
   265 
   266 HeaderValue objects should be employed more extensively. Thus, the header
   267 access methods may need to change their behaviour slightly. The get_headers
   268 method should potentially return a list for each item in the dictionary.
   269 
   270 WSGI support could demand that a special "end of headers" method be
   271 introduced into WebStack, thus making response output more efficient (and
   272 probably also for other frameworks, too).
   273 
   274 The algorithm employed in the WebStack.Helpers.Auth.get_token function
   275 should be reviewed and improved for better security.
   276 
   277 Investigate proper support for HEAD, OPTIONS and other request methods.
   278 
   279 Consider packages for different operating systems (other than Debian).
   280 
   281 Provide some 500 error content when handle_errors is true.
   282 
   283 (Completed/rejected)
   284 
   285 The location of deployed applications in the filesystem should be exposed to
   286 those applications. (This is actually available in the __file__ module
   287 variable.)
   288 
   289 Path information should be consistent across all frameworks, and the "path
   290 info" value should be meaningful. (This should now be correct.)
   291 
   292 Investigate the nicer functions in the cgi module, discarding the "magic"
   293 stuff like FieldStorage. (These nicer functions are used by projects like
   294 Twisted - as of 1.3.0 at least - and do not give the necessary information we
   295 require.)
   296 
   297 Release Procedures
   298 ------------------
   299 
   300 Update the WebStack/__init__.py __version__ attribute.
   301 Change the version number and package filename/directory in the documentation.
   302 Change code examples in the documentation if appropriate.
   303 Update the release notes (see above).
   304 Check the setup.py file and ensure that all package directories are mentioned.
   305 Check the release information in the PKG-INFO file and in the package
   306 changelog (and other files).
   307 Tag, export.
   308 Generate the PyServlet classes.
   309 Generate the API documentation.
   310 Remove generated .pyc files: rm `find . -name "*.pyc"`
   311 Archive, upload.
   312 Upload the introductory documentation.
   313 Update PyPI, PythonInfo Wiki, Vaults of Parnassus entries.
   314 
   315 Generating the API Documentation
   316 --------------------------------
   317 
   318 In order to prepare the API documentation, it is necessary to generate some
   319 Web pages from the Python source code. For this, the epydoc application must
   320 be available on your system. Then, inside the distribution directory, run the
   321 apidocs.sh tool script as follows:
   322 
   323 ./tools/apidocs.sh
   324 
   325 Some warnings may be generated by the script, but the result should be a new
   326 apidocs directory within the distribution directory.
   327 
   328 Making Packages
   329 ---------------
   330 
   331 To make Debian-based packages:
   332 
   333   1. Create new package directories under packages if necessary.
   334   2. Make a symbolic link in the distribution's root directory to keep the
   335      Debian tools happy:
   336 
   337      ln -s packages/ubuntu-hoary/python2.4-webstack/debian/
   338 
   339   3. Run the package builder:
   340 
   341      dpkg-buildpackage -rfakeroot
   342 
   343   4. Locate and tidy up the packages in the parent directory of the
   344      distribution's root directory.