WebStack

README.txt

632:08d88dc2b74c
2007-04-16 paulb [project @ 2007-04-16 14:43:42 by paulb] Fixed OpenSSL dependency introduced by an import required by the secure server classes and functions.
     1 Introduction
     2 ------------
     3 
     4 WebStack is a package which provides a common API for Python Web
     5 applications, regardless of the underlying server or framework environment.
     6 It should be possible with WebStack to design and implement an application,
     7 to choose a deployment environment, and then to be able to deploy the
     8 application in a different environment later on without having to go back
     9 and rewrite substantial parts of the application.
    10 
    11 Quick Start
    12 -----------
    13 
    14 Try running the demo:
    15 
    16 python tools/demo.py
    17 
    18 An introductory guide to creating applications can be found in the docs
    19 directory - see docs/index.html for the start page.
    20 
    21 Contact, Copyright and Licence Information
    22 ------------------------------------------
    23 
    24 The current Web page for WebStack at the time of release is:
    25 
    26 http://www.boddie.org.uk/python/WebStack.html
    27 
    28 Copyright and licence information can be found in the docs directory - see
    29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
    30 information.
    31 
    32 Framework Support
    33 -----------------
    34 
    35 See the docs/supported-frameworks.html document for more information.
    36 
    37 New in WebStack 1.2.3 (Changes since WebStack 1.2.2)
    38 ----------------------------------------------------
    39 
    40   * Fixed inadvertent OpenSSL dependency, noticed by John Krukoff.
    41 
    42 New in WebStack 1.2.2 (Changes since WebStack 1.2.1)
    43 ----------------------------------------------------
    44 
    45   * Added an EncodingSelector class for the setting of default encodings on
    46     transactions.
    47   * Added some documentation about path processing strategies.
    48   * Added a secure variant of the BaseHTTPServer provided in the adapter for
    49     BaseHTTPRequestHandler.
    50 
    51 New in WebStack 1.2.1 (Changes since WebStack 1.2)
    52 --------------------------------------------------
    53 
    54   * Fixed mod_python get_content_type method.
    55   * Fixed LoginResource form field processing; changed the field type to
    56     password.
    57   * Exposed LoginResource and LoginRedirectResource page contents as
    58     attributes.
    59   * Added documentation about extending LoginRedirectResource and using
    60     PathSelector to remember an application's root path.
    61   * Changed handle_errors to 1 throughout the examples.
    62 
    63 New in WebStack 1.2 (Changes since WebStack 1.1.2)
    64 --------------------------------------------------
    65 
    66   * Added support for Django.
    67   * Fixed documentation about the representation of file upload fields.
    68   * Changed mod_python, Java Servlet and Webware (> 0.8.1) deployment to use a
    69     deploy function instead of more complicated configuration mechanisms.
    70   * Improved mod_python deployment documentation and tools so that cleaner
    71     application paths/URLs can now be used.
    72   * Moved user and path_info default definitions into WebStack.Generic as
    73     class attributes.
    74   * Fixed encoding usage issues with path fields when using get_fields in a
    75     Zope environment.
    76   * Added a FileResource class to WebStack.Resources.Static.
    77   * Made DirectoryRepository convert filenames to Unicode in all cases.
    78   * Renamed the Apache and Java Servlet tools, making them scripts which are
    79     installed by setup.py.
    80   * Fixed CGI content charsets and languages support.
    81   * Fixed CGI cookie output.
    82   * Added URL overriding in the LoginRedirectResource.
    83   * Exposed a get_target function from WebStack.Resources.Login in order to
    84     better support alternative login resources.
    85   * Added improved error reporting for BaseHTTPRequestHandler, CGI, Django and
    86     WSGI.
    87   * Added a traverse_path method to the Transaction class.
    88   * Made a path_encoding alias for urlencoding in the initialisation of
    89     WebStack.Resources.ResourceMap objects.
    90   * Added a Selectors module to WebStack.Resources in order to support common
    91     resource selection patterns.
    92 
    93 New in WebStack 1.1.2 (Changes since WebStack 1.1.1)
    94 ----------------------------------------------------
    95 
    96   * Fixed missing import in WebStack.Repositories.Directory.
    97 
    98 New in WebStack 1.1.1 (Changes since WebStack 1.1)
    99 --------------------------------------------------
   100 
   101   * Fixed update_path to handle the root path properly.
   102 
   103 New in WebStack 1.1 (Changes since WebStack 1.0)
   104 ------------------------------------------------
   105 
   106   * Added a Repositories package to provide session-like support for
   107     different kinds of storage.
   108   * Added an explicit filesystem encoding to the Calendar example and adopted
   109     the DirectoryRepository from the Repositories package.
   110   * Added get_path_without_info, update_path and redirect methods to the
   111     Transaction class.
   112   * Added get_attributes (attribute support) to the Transaction class.
   113   * Added a values method to Helpers.Session.Wrapper.
   114   * Fixed get_processed_virtual_path_info (to match from right to left).
   115   * Improved/fixed exception handling in the adapters so that transactions are
   116     committed as the final act of an adapter experiencing an unhandled
   117     exception. This should result in session stores being closed properly.
   118   * Changed the Helpers.Session.SessionStore to use DirectoryRepository.
   119   * Made the "not found" behaviour of DirectoryResource more configurable.
   120   * Added documentation for MapResource and DirectoryResource.
   121   * Fixed the distribution names in the Ubuntu changelog.
   122 
   123 New in WebStack 1.0 (Changes since WebStack 0.10)
   124 -------------------------------------------------
   125 
   126   * Changed the behaviour of get_path, get_path_without_query, get_path_info,
   127     get_virtual_path_info, get_processed_virtual_path_info and
   128     get_fields_from_path to return Unicode data decoded using the optional
   129     encoding parameter or a common default encoding.
   130   * Fixed file upload values so that FileContent objects are returned for such
   131     fields in get_fields_from_body and get_fields.
   132     (Warning! Except for Twisted!)
   133   * Fixed the JavaServlet support so that streams and file content are
   134     obtained as "almost" plain strings.
   135   * Updated/fixed LoginResource and LoginRedirectResource to use the updated
   136     path API and to handle special characters properly.
   137   * Added convenience methods to Transaction for the decoding and encoding of
   138     path values (to and from Unicode objects) - see the decode_path and
   139     encode_path methods.
   140   * Added the notion of processed virtual path info - the part of the original
   141     path info not represented in the current virtual path info.
   142   * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a
   143     patch from Scott Robinson).
   144   * Fixed ResourceMap.MapResource to handle non-existent resources properly
   145     (where the virtual path info is only one component in length).
   146   * Added Debian package support.
   147   * Added automatic session directory creation for the WebStack sessions
   148     implementation.
   149   * Added support for the repeated retrieval of sessions from the same
   150     WebStack session store, avoiding deadlocks.
   151   * Fixed the calendar example, making it perform a proper function.
   152   * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
   153     include the Login application, since Konqueror (at least) does not share
   154     cookies across different port numbers on the same host.
   155   * Added the SimpleWithLogin and Login applications to the demonstration.
   156   * Improved the documentation, adding information on request headers, and
   157     describing file upload and session support limitations.
   158   * Improved the AOLserver-related notes for CGI and Webware, adding a patch
   159     for Webware in order to work around AOLserver issues.
   160 
   161 New in WebStack 0.10 (Changes since WebStack 0.9)
   162 -------------------------------------------------
   163 
   164   * Changes to make the tools/demo.py script work on Windows (and other)
   165     platforms (suggested by Jim Madsen).
   166   * Fixed end of header newlines for CGI (suggested by Matt Harrison).
   167   * Minor documentation fixes and improvements, adding information on
   168     AOLserver in the CGI and Webware notes.
   169   * Changed the mod_python server name method to use the server object rather
   170     than the connection object.
   171   * Added a parameter to the ResourceMap.MapResource class to permit automatic
   172     redirects into resource hierarchies when no trailing "/" was given in the
   173     URL; changed the updated virtual path info so that empty values may be set
   174     (the guarantee that "/" will always appear no longer applies).
   175   * Fixed virtual path info retrieval when the value is an empty string.
   176 
   177 New in WebStack 0.9 (Changes since WebStack 0.8)
   178 ------------------------------------------------
   179 
   180   * Standardised error handling in the adapters so that tracebacks can be
   181     suppressed and an internal server error condition raised.
   182   * Added overriding of path info in transactions.
   183   * Added a ResourceMap resource for dispatching to different resources
   184     according to path components.
   185   * Standardised deployment for some frameworks (see docs/deploying.html).
   186   * Introductory documentation in XHTML format.
   187   * Added server name and port methods to the transaction.
   188   * Added a simple demonstration application, incorporating many of the
   189     examples and launched under a single script.
   190   * Fixed mod_python native sessions.
   191   * Fixed Zope request stream access.
   192   * WebStack is now licensed under the LGPL - see docs/COPYING.txt for
   193     details.
   194 
   195 New in WebStack 0.8 (Changes since WebStack 0.7)
   196 ------------------------------------------------
   197 
   198   * Added a standard exception, EndOfResponse, which can be used to
   199     immediately stop the processing/production of a response; this is useful
   200     when resources need to issue a redirect without unnecessary content being
   201     generated, for example.
   202   * Fixed path information for Zope.
   203   * Added WSGI support.
   204   * Verified Twisted 1.3.0 support with Python 2.3.3.
   205 
   206 New in WebStack 0.7 (Changes since WebStack 0.6)
   207 ------------------------------------------------
   208 
   209   * Fixed path information semantics.
   210   * Fixed file upload semantics.
   211   * Fixed content type handling for Unicode output and for interpreting
   212     request body fields/parameters (although some improvement remains).
   213   * Added a method to discover the chosen response stream encoding.
   214   * Fixed field/parameter retrieval so that path and body fields are distinct,
   215     regardless of the framework employed.
   216   * Added a method to get a combination of path and body fields (suggested by
   217     Jacob Smullyan).
   218   * Introduced Zope 2 support.
   219   * Improved Jython/Java Servlet API support (although a special PyServlet
   220     class must now be used, and certain libraries must be deployed with
   221     applications).
   222   * Introduced authentication/authorisation support for Jython/Java Servlet
   223     API.
   224   * Session support has been added (except for Webware 0.8.1).
   225   * Alternative cookie support for mod_python has been added.
   226   * Cookie support now supports encoded Unicode sequences for names and
   227     values.
   228 
   229 New in WebStack 0.6 (Changes since WebStack 0.5)
   230 ------------------------------------------------
   231 
   232   * Introduced Jython/Java Servlet API support.
   233   * Minor fixes to example applications and to BaseHTTPRequestHandler.
   234 
   235 New in WebStack 0.5 (Changes since WebStack 0.4)
   236 ------------------------------------------------
   237 
   238   * Changed request body fields/parameters so that they are now represented
   239     using Unicode objects rather than plain strings.
   240   * Introduced better support for Unicode in response streams.
   241 
   242 New in WebStack 0.4 (Changes since WebStack 0.3)
   243 ------------------------------------------------
   244 
   245   * Added application definition of user identity, permitting alternative
   246     authentication mechanisms.
   247   * Improved BaseHTTPRequestHandler and mod_python reliability around fields
   248     from request bodies.
   249   * Provided stream and environment parameterisation in the CGI adapter.
   250   * Added LoginRedirect and Login examples.
   251   * Added get_path_without_query and fixed get_path behaviour.
   252 
   253 New in WebStack 0.3 (Changes since WebStack 0.2)
   254 ------------------------------------------------
   255 
   256   * Added better header support for Webware (suggested by Ian Bicking).
   257   * Introduced CGI and Java Servlet support (the latter is currently
   258     broken/unfinished).
   259   * Introduced support for cookies.
   260 
   261 Future Work
   262 -----------
   263 
   264 (Essential)
   265 
   266 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
   267 also seems to be missing this functionality. It isn't obvious whether Twisted
   268 Web2 will just copy its predecessors and provide a similarly limited API.
   269 Perhaps the Twisted support needs to resemble the CGI support much more when
   270 handling fields.
   271 
   272 JythonServlet libraries need to be configured using sys.add_package when
   273 these do not feature in the compiled-in list. Adding such configuration to
   274 the handler may be most appropriate (since the web.xml file can be too
   275 arcane), but this needs testing.
   276 
   277 The algorithm employed in the WebStack.Helpers.Auth.get_token function
   278 should be reviewed and improved for better security.
   279 
   280 (Important)
   281 
   282 Field access needs testing, especially for anything using the
   283 cgi.FieldStorage class, and the way file uploads are exposed should be
   284 reviewed (currently the meta-data is not exposed). The acquisition of fields
   285 from specific sources should be tested with different request methods - some
   286 frameworks provide path fields in the body fields dictionary, others (eg.
   287 Zope) change the fields exposed depending on request method.
   288 
   289 Interpretation of path field encodings needs to be verified. Currently,
   290 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
   291 ISO-8859-1, but it might be the case that some such fields might be
   292 submitted as UTF-8. The decode_path method on Transaction does do much of the
   293 work that is likely to be required, however. Still, a good policy for decoding
   294 path fields, reducing the number of times one might specify the encoding in
   295 various method calls, may be important.
   296 
   297 An interesting test of encodings is to introduce things like the following to
   298 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
   299 This should produce the following decoded result: %F0?æ=ø&%F0=ø
   300 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
   301 
   302 Cookie objects need defining strictly, especially since the standard library
   303 Cookie object behaves differently to mod_python (and possibly Webware)
   304 Cookie objects. Moreover, the set_cookie_value method needs to provide
   305 access to the usual cookie parameters as supported by the frameworks. The
   306 standard library Cookie module has issues with Unicode cookie names (and
   307 possibly values) - this is worked around, but it would be best to resolve
   308 this comprehensively.
   309 
   310 UTF-16 (and possibly other encodings) causes problems with HTML form data
   311 sent in POST requests using the application/x-www-form-urlencoded content
   312 type.  This should be reviewed at a later date when proper standardisation
   313 has taken place.
   314 
   315 Session support, especially through WebStack.Helpers.Session, should be
   316 reviewed and be made compatible with non-cookie mechanisms.
   317 
   318 Locking in the session support and in DirectoryRepository should be improved.
   319 
   320 HeaderValue objects should be employed more extensively. Thus, the header
   321 access methods may need to change their behaviour slightly. The get_headers
   322 method should potentially return a list for each item in the dictionary.
   323 
   324 WSGI support could demand that a special "end of headers" method be
   325 introduced into WebStack, thus making response output more efficient (and
   326 probably also for other frameworks, too).
   327 
   328 Investigate proper support for HEAD, OPTIONS and other request methods.
   329 
   330 Consider packages for different operating systems (other than Debian).
   331 
   332 Investigate cStringIO usage.
   333 
   334 The location of deployed applications in the filesystem should be exposed to
   335 those applications. (This is actually available in the __file__ module
   336 variable.) A resource could be provided to record the "root" path and added to
   337 a resource hierarchy or site map. Note that PathSelector records the "root"
   338 path, although it is not automatically deployed.
   339 
   340 (Completed/rejected)
   341 
   342 Path information should be consistent across all frameworks, and the "path
   343 info" value should be meaningful. (This should now be correct.)
   344 
   345 Investigate the nicer functions in the cgi module, discarding the "magic"
   346 stuff like FieldStorage. (These nicer functions are used by projects like
   347 Twisted - as of 1.3.0 at least - and do not give the necessary information we
   348 require.)
   349 
   350 Release Procedures
   351 ------------------
   352 
   353 Update the WebStack/__init__.py __version__ attribute.
   354 Change the version number and package filename/directory in the documentation.
   355 Change code examples in the documentation if appropriate.
   356 Update the release notes (see above).
   357 Check the setup.py file and ensure that all package directories are mentioned.
   358 Check the release information in the PKG-INFO file and in the package
   359 changelog (and other files).
   360 Tag, export.
   361 Generate the PyServlet classes.
   362 Generate the API documentation.
   363 Remove generated .pyc files: rm `find . -name "*.pyc"`
   364 Archive, upload.
   365 Upload the introductory documentation.
   366 Update PyPI, PythonInfo Wiki, Vaults of Parnassus entries.
   367 
   368 Generating the API Documentation
   369 --------------------------------
   370 
   371 In order to prepare the API documentation, it is necessary to generate some
   372 Web pages from the Python source code. For this, the epydoc application must
   373 be available on your system. Then, inside the distribution directory, run the
   374 apidocs.sh tool script as follows:
   375 
   376 ./tools/apidocs.sh
   377 
   378 Some warnings may be generated by the script, but the result should be a new
   379 apidocs directory within the distribution directory.
   380 
   381 Making Packages
   382 ---------------
   383 
   384 To make Debian-based packages:
   385 
   386   1. Create new package directories under packages if necessary.
   387   2. Make a symbolic link in the distribution's root directory to keep the
   388      Debian tools happy:
   389 
   390      ln -s packages/ubuntu-hoary/python2.4-webstack/debian/
   391 
   392   3. Run the package builder:
   393 
   394      dpkg-buildpackage -rfakeroot
   395 
   396   4. Locate and tidy up the packages in the parent directory of the
   397      distribution's root directory.