1 Introduction
2 ------------
3
4 WebStack is a package which provides a common API for Python Web
5 applications, regardless of the underlying server or framework environment.
6 It should be possible with WebStack to design and implement an application,
7 to choose a deployment environment, and then to be able to deploy the
8 application in a different environment later on without having to go back
9 and rewrite substantial parts of the application.
10
11 Quick Start
12 -----------
13
14 Try running the demo:
15
16 python tools/demo.py
17
18 An introductory guide to creating applications can be found in the docs
19 directory - see docs/index.html for the start page.
20
21 Contact, Copyright and Licence Information
22 ------------------------------------------
23
24 The current Web page for WebStack at the time of release is:
25
26 http://www.boddie.org.uk/python/WebStack.html
27
28 Copyright and licence information can be found in the docs directory - see
29 docs/COPYING.txt, docs/LICENCE.txt and docs/LICENCE-PyServlet.txt for more
30 information.
31
32 Framework Support
33 -----------------
34
35 Currently, BaseHTTPRequestHandler (via BaseHTTPServer in the standard
36 library), CGI, Jython/Java Servlet API, mod_python, Twisted, Webware, WSGI
37 and Zope 2 are supported. Each framework has its own set of strengths and
38 weaknesses, but the idea is that deployment concerns can be considered
39 separately from the implementation of application functionality. Consult the
40 NOTES.txt files in each framework's subdirectory of the docs directory for
41 some notes on how applications may be run in each environment.
42
43 Tested Frameworks Release Information
44 ----------------- -------------------
45
46 BaseHTTPRequestHandler Python 2.2.2, Python 2.3.3, Python 2.4.1
47 CGI Apache 2.0.44, Apache 2.0.53, AOLserver 4.0.10, lighttpd 1.3.15
48 Jython/Java Servlet API Jython 2.1, Java JDK 1.3.1_02, Tomcat 4.1.31 (Servlet 2.3)
49 mod_python 3.0.3 (3.1.3 for framework cookie and session support)
50 Twisted 1.0.5, 1.3.0
51 Webware 0.8.1, CVS (2004-02-06), 0.9b2
52 WSGI run_with_cgi (PEP 333)
53 Zope 2.7.2-0, 2.8.0-final
54
55 New in WebStack 1.1 (Changes since WebStack 1.0)
56 ------------------------------------------------
57
58 * Added a Repositories package to provide session-like support for
59 different kinds of storage.
60 * Added an explicit filesystem encoding to the Calendar example and adopted
61 the DirectoryRepository from the Repositories package.
62 * Added get_path_without_info, update_path and redirect methods to the
63 Transaction class.
64 * Added a values method to Helpers.Session.Wrapper.
65 * Fixed the distribution names in the Ubuntu changelog.
66
67 New in WebStack 1.0 (Changes since WebStack 0.10)
68 -------------------------------------------------
69
70 * Changed the behaviour of get_path, get_path_without_query, get_path_info,
71 get_virtual_path_info, get_processed_virtual_path_info and
72 get_fields_from_path to return Unicode data decoded using the optional
73 encoding parameter or a common default encoding.
74 * Fixed file upload values so that FileContent objects are returned for such
75 fields in get_fields_from_body and get_fields.
76 (Warning! Except for Twisted!)
77 * Fixed the JavaServlet support so that streams and file content are
78 obtained as "almost" plain strings.
79 * Updated/fixed LoginResource and LoginRedirectResource to use the updated
80 path API and to handle special characters properly.
81 * Added convenience methods to Transaction for the decoding and encoding of
82 path values (to and from Unicode objects) - see the decode_path and
83 encode_path methods.
84 * Added the notion of processed virtual path info - the part of the original
85 path info not represented in the current virtual path info.
86 * Added "pass through" behaviour to ResourceMap.MapResource (prompted by a
87 patch from Scott Robinson).
88 * Fixed ResourceMap.MapResource to handle non-existent resources properly
89 (where the virtual path info is only one component in length).
90 * Added Debian package support.
91 * Added automatic session directory creation for the WebStack sessions
92 implementation.
93 * Added support for the repeated retrieval of sessions from the same
94 WebStack session store, avoiding deadlocks.
95 * Fixed the calendar example, making it perform a proper function.
96 * Made the BaseHTTPRequestHandler and Twisted SimpleWithLogin applications
97 include the Login application, since Konqueror (at least) does not share
98 cookies across different port numbers on the same host.
99 * Added the SimpleWithLogin and Login applications to the demonstration.
100 * Improved the documentation, adding information on request headers, and
101 describing file upload and session support limitations.
102 * Improved the AOLserver-related notes for CGI and Webware, adding a patch
103 for Webware in order to work around AOLserver issues.
104
105 New in WebStack 0.10 (Changes since WebStack 0.9)
106 -------------------------------------------------
107
108 * Changes to make the tools/demo.py script work on Windows (and other)
109 platforms (suggested by Jim Madsen).
110 * Fixed end of header newlines for CGI (suggested by Matt Harrison).
111 * Minor documentation fixes and improvements, adding information on
112 AOLserver in the CGI and Webware notes.
113 * Changed the mod_python server name method to use the server object rather
114 than the connection object.
115 * Added a parameter to the ResourceMap.MapResource class to permit automatic
116 redirects into resource hierarchies when no trailing "/" was given in the
117 URL; changed the updated virtual path info so that empty values may be set
118 (the guarantee that "/" will always appear no longer applies).
119 * Fixed virtual path info retrieval when the value is an empty string.
120
121 New in WebStack 0.9 (Changes since WebStack 0.8)
122 ------------------------------------------------
123
124 * Standardised error handling in the adapters so that tracebacks can be
125 suppressed and an internal server error condition raised.
126 * Added overriding of path info in transactions.
127 * Added a ResourceMap resource for dispatching to different resources
128 according to path components.
129 * Standardised deployment for some frameworks (see docs/deploying.html).
130 * Introductory documentation in XHTML format.
131 * Added server name and port methods to the transaction.
132 * Added a simple demonstration application, incorporating many of the
133 examples and launched under a single script.
134 * Fixed mod_python native sessions.
135 * Fixed Zope request stream access.
136 * WebStack is now licensed under the LGPL - see docs/COPYING.txt for
137 details.
138
139 New in WebStack 0.8 (Changes since WebStack 0.7)
140 ------------------------------------------------
141
142 * Added a standard exception, EndOfResponse, which can be used to
143 immediately stop the processing/production of a response; this is useful
144 when resources need to issue a redirect without unnecessary content being
145 generated, for example.
146 * Fixed path information for Zope.
147 * Added WSGI support.
148 * Verified Twisted 1.3.0 support with Python 2.3.3.
149
150 New in WebStack 0.7 (Changes since WebStack 0.6)
151 ------------------------------------------------
152
153 * Fixed path information semantics.
154 * Fixed file upload semantics.
155 * Fixed content type handling for Unicode output and for interpreting
156 request body fields/parameters (although some improvement remains).
157 * Added a method to discover the chosen response stream encoding.
158 * Fixed field/parameter retrieval so that path and body fields are distinct,
159 regardless of the framework employed.
160 * Added a method to get a combination of path and body fields (suggested by
161 Jacob Smullyan).
162 * Introduced Zope 2 support.
163 * Improved Jython/Java Servlet API support (although a special PyServlet
164 class must now be used, and certain libraries must be deployed with
165 applications).
166 * Introduced authentication/authorisation support for Jython/Java Servlet
167 API.
168 * Session support has been added (except for Webware 0.8.1).
169 * Alternative cookie support for mod_python has been added.
170 * Cookie support now supports encoded Unicode sequences for names and
171 values.
172
173 New in WebStack 0.6 (Changes since WebStack 0.5)
174 ------------------------------------------------
175
176 * Introduced Jython/Java Servlet API support.
177 * Minor fixes to example applications and to BaseHTTPRequestHandler.
178
179 New in WebStack 0.5 (Changes since WebStack 0.4)
180 ------------------------------------------------
181
182 * Changed request body fields/parameters so that they are now represented
183 using Unicode objects rather than plain strings.
184 * Introduced better support for Unicode in response streams.
185
186 New in WebStack 0.4 (Changes since WebStack 0.3)
187 ------------------------------------------------
188
189 * Added application definition of user identity, permitting alternative
190 authentication mechanisms.
191 * Improved BaseHTTPRequestHandler and mod_python reliability around fields
192 from request bodies.
193 * Provided stream and environment parameterisation in the CGI adapter.
194 * Added LoginRedirect and Login examples.
195 * Added get_path_without_query and fixed get_path behaviour.
196
197 New in WebStack 0.3 (Changes since WebStack 0.2)
198 ------------------------------------------------
199
200 * Added better header support for Webware (suggested by Ian Bicking).
201 * Introduced CGI and Java Servlet support (the latter is currently
202 broken/unfinished).
203 * Introduced support for cookies.
204
205 Future Work
206 -----------
207
208 (Essential)
209
210 Twisted 1.3.0 does not provide file upload metadata, and Twisted Web 0.5.0
211 also seems to be missing this functionality. It isn't obvious whether Twisted
212 Web2 will just copy its predecessors and provide a similarly limited API.
213 Perhaps the Twisted support needs to resemble the CGI support much more when
214 handling fields.
215
216 JythonServlet libraries need to be configured using sys.add_package when
217 these do not feature in the compiled-in list. Adding such configuration to
218 the handler may be most appropriate (since the web.xml file can be too
219 arcane), but this needs testing.
220
221 (Important)
222
223 Things to consider for future releases: improved cookie support, redirects,
224 access to shared resources and much better documentation.
225
226 Field access needs testing, especially for anything using the
227 cgi.FieldStorage class, and the way file uploads are exposed should be
228 reviewed (currently the meta-data is not exposed). The acquisition of fields
229 from specific sources should be tested with different request methods - some
230 frameworks provide path fields in the body fields dictionary, others (eg.
231 Zope) change the fields exposed depending on request method.
232
233 Interpretation of path field encodings needs to be verified. Currently,
234 stray path fields are handled (eg. in WebStack.Helpers.Request) as being
235 ISO-8859-1, but it might be the case that some such fields might be
236 submitted as UTF-8. The decode_path method on Transaction does do much of the
237 work that is likely to be required, however. Still, a good policy for decoding
238 path fields, reducing the number of times one might specify the encoding in
239 various method calls, may be important.
240
241 An interesting test of encodings is to introduce things like the following to
242 the path info and query string sections of the URL: %25F0?%E6=%F8&%25F0=%F8
243 This should produce the following decoded result: %F0?æ=ø&%F0=ø
244 (The above needs to be read in ISO-8859-1 or ISO-8859-15.)
245
246 Cookie objects need defining strictly, especially since the standard library
247 Cookie object behaves differently to mod_python (and possibly Webware)
248 Cookie objects. Moreover, the set_cookie_value method needs to provide
249 access to the usual cookie parameters as supported by the frameworks. The
250 standard library Cookie module has issues with Unicode cookie names (and
251 possibly values) - this is worked around, but it would be best to resolve
252 this comprehensively.
253
254 UTF-16 (and possibly other encodings) causes problems with HTML form data
255 sent in POST requests using the application/x-www-form-urlencoded content
256 type. This should be reviewed at a later date when proper standardisation
257 has taken place.
258
259 Session support, especially through WebStack.Helpers.Session, should be
260 reviewed and be made compatible with non-cookie mechanisms.
261
262 HeaderValue objects should be employed more extensively. Thus, the header
263 access methods may need to change their behaviour slightly. The get_headers
264 method should potentially return a list for each item in the dictionary.
265
266 WSGI support could demand that a special "end of headers" method be
267 introduced into WebStack, thus making response output more efficient (and
268 probably also for other frameworks, too).
269
270 The algorithm employed in the WebStack.Helpers.Auth.get_token function
271 should be reviewed and improved for better security.
272
273 Investigate proper support for HEAD, OPTIONS and other request methods.
274
275 Consider packages for different operating systems (other than Debian).
276
277 Provide some 500 error content when handle_errors is true.
278
279 (Completed/rejected)
280
281 The location of deployed applications in the filesystem should be exposed to
282 those applications. (This is actually available in the __file__ module
283 variable.)
284
285 Path information should be consistent across all frameworks, and the "path
286 info" value should be meaningful. (This should now be correct.)
287
288 Investigate the nicer functions in the cgi module, discarding the "magic"
289 stuff like FieldStorage. (These nicer functions are used by projects like
290 Twisted - as of 1.3.0 at least - and do not give the necessary information we
291 require.)
292
293 Release Procedures
294 ------------------
295
296 Update the WebStack/__init__.py __version__ attribute.
297 Change the version number and package filename/directory in the documentation.
298 Change code examples in the documentation if appropriate.
299 Update the release notes (see above).
300 Check the setup.py file and ensure that all package directories are mentioned.
301 Check the release information in the PKG-INFO file and in the package
302 changelog (and other files).
303 Tag, export.
304 Generate the PyServlet classes.
305 Generate the API documentation.
306 Remove generated .pyc files: rm `find . -name "*.pyc"`
307 Archive, upload.
308 Upload the introductory documentation.
309 Update PyPI, PythonInfo Wiki, Vaults of Parnassus entries.
310
311 Generating the API Documentation
312 --------------------------------
313
314 In order to prepare the API documentation, it is necessary to generate some
315 Web pages from the Python source code. For this, the epydoc application must
316 be available on your system. Then, inside the distribution directory, run the
317 apidocs.sh tool script as follows:
318
319 ./tools/apidocs.sh
320
321 Some warnings may be generated by the script, but the result should be a new
322 apidocs directory within the distribution directory.
323
324 Making Packages
325 ---------------
326
327 To make Debian-based packages:
328
329 1. Create new package directories under packages if necessary.
330 2. Make a symbolic link in the distribution's root directory to keep the
331 Debian tools happy:
332
333 ln -s packages/ubuntu-hoary/python2.4-webstack/debian/
334
335 3. Run the package builder:
336
337 dpkg-buildpackage -rfakeroot
338
339 4. Locate and tidy up the packages in the parent directory of the
340 distribution's root directory.