I have implemented a very small application with Tornado, where HTTP GET Requests are used to perform actions. Now I would like to secure these requests. What would be a preferable way? Using .htaccess? How can I realize that?
It doesn't have to be for certain requests, it should be for all requests running on a certain port.
If you based your application on the Tornado "Hello World" example then you probably haven't, but you really should consider writing your application as a WSGI application. Tornado has no problem with that, and the advantage is that your application now will run under a multitude of other environments (Apache + mod_wsgi to name but one).
But how does that solve your original problem? Well, just Google "WSGI authentication middleware", it'll yield plenty of hits. Basically, what that entails is transparently 'wrapping' your WSGI-application in another, one allowing you to completely decouple that aspect of your application. If you're lucky, and one of hits turns out to be a perfect fit, you might get away with not witing any extra code at all.
Since you mentioned .htaccess: it is possible to have Apache do the authentication in an Apache/mod_wsgi configuration.
.htaccess files are not supported by Tornado as far as I know. Look into setting up basic authentication on Tornado. Something like this: https://gist.github.com/660185 is probably what you want. You'll need to store your own user credentials however as Tornado has no baked in support for that as apache does with .htaccess files.
Related
I'm migrating a simple toolset from python 2.7 to 3.5 and one of the tools is a simple web server using web.py.
Unfortunately web.py is not available for 3.5 yet so I switched to bottle.py for this.
According to the specification of the interface I'm creating I need to close the connection which I can do quite easily in web.py by adding the following line:
web.header('Connection', 'close')
But using bottle I get the error that hop-by-hop headers are not allowed when I do the following:
response.add_header('Connection', 'close')
How do I add this header to the response anyway? I've read the bottle documentation, searched online and looked through the bottle code.
I'm not sure so take what I write with a grain of salt.
The bottle development server is a lightly modified wsgiref server which is a sligthly modified http.server server. It has no easy methods or configurations to send "unusual" headers. You can though subclass it and write some custom code. I think it should be enough to overwrite the send_head method (here) and include self.send_header("Connection", "close") somewhere.
You can use bottly with any wsgi server you like. It has inbuild support for quite some servers, but any wsgi server should be able to serve the app. Maybe there is an easier way for other servers to send the custom header.
Also the http.server is not meant for production so you might want to change it even if you can get your header to work. If it is only for internal usage you might get away with using it.
I was wondering how to create a django webservice (responds with XML) with websockets.
I have already a django webservice which accepts xml requests, parse those requests, makes a database query, creates a response xml and send that xml back to the requester/browser. Just a normal HTTP XML request, where the response is shown as xml within the browser.
But how would i now create a websocket django webservice? Lets say i would like to send a xml response to the requester/browser with the latest data from database whenever a new magical event occurs.
I have read a lot of posts and blogs but it was kinda all too general. Can i solve this only with django + apache or do i need something else next to django and another server only to handle websockets?
I am right now using django 1.3, Apache + wsgi but i would be ready to switch any configuration that would work.
Update:
There are many possible websockets out there,
http://pypi.python.org/pypi?:action=search&term=websocket&submit=search
but which one could be used in my case?
Sorry but django handles async requests very very poorly as it is wsgi. You'll be limited by your number of parallel instance if you have to handle real users. The best solution is to use tornado or node.js.
Tornado handles websocket and long polling brilliantly. Here is my wrapper to allow getting user and sessions from a parallel tornado thread:
https://gist.github.com/1939836
It's adapted from a more complex source, I didn't tested this gist, it's long polling but tornado handlse WebSocket as well.
http://www.tornadoweb.org/documentation/websocket.html
update:
Avoid django-websocket for production use. Even the main developer recommends against it.
I recommend Tornado because it's an awesome technology which is damningly faster/lighter than django. It may be useful for some simple cases. You'll need to configure apache/nginx anyway so, at least get "faster web pages" feature available.
Django-Desktop-Notification focuses on chrome browser and require node.js.
update (01/2016):
Mozilla gave money to django in late 2015 to solve this particular issue, the current most promizing implementation made by a django core dev is this one:
https://github.com/andrewgodwin/channels
It will probably be part of django 1.11 or 2.0
Although it's a bit complicated to setup (but probably the way to go), you could use gunicorn + gevent + socket.io .
I used this article to guide my way through it.
You might also look at server sent events (the article mentioned above looks at that too). If they suit your needs, it would be a bit easier to set up - since you don't have to set up socket.io and you don't need a client library. One catch though - SSE are not supported in IE.
Yeah, django is not all that great when it comes to asynchronous stuffs. My advice for you would be to use twisted as it has a lot of websocket libraries. If you really need to use django..you can make django act just as a pass through, for all the api stuff you build using twisted.
I am currently working on a project to create simple file uploader site that will update the user of the progress of an upload.
I've been attempting this in pure python (with CGI) on the server side but to get the progress of the file I obviously need send requests to the server continually. I was looking to use AJAX to do this but I was wondering how hard it would be to, instead of changing to some other framerwork (web.py for instance), just write my own web server for receiving the XML HTTP Requests?
My main problem is that sending the request is done from HTML and Javascript so it all seems like magic trickery at the moment.
Can anyone advise me as to the best way to go about receiving these requests on the server?
EDIT: It seems that a framework would be the way to go. Would web.py be a good route to take?
I would recommend to use a microframework like Sinatra for Ruby. There seem to be some equivalents for Python. What python equivalent of Sinatra would you recommend?
Such a framework allows you to simply map a single method to a route.
Writing a very basic HTTP server won't be very hard (see http://docs.python.org/library/simplehttpserver.html for an example), but you will be missing many features that are provided by real servers and web frameworks.
For your project, I suggest you pick one of the many Python web frameworks and run your application behind Apache/mod_wsgi.
There's absolutely no need to write your own web server. Plenty of options exist, including lightweight ones like nginx.
You should use one of those, and either your own custom WSGI code to receive the request, or (better) one of the microframeworks like Flask or Bottle.
I've written a Python application that makes web requests using the urllib2 library after which it scrapes the data. I could deploy this as a web application which means all urllib2 requests go through my web-server. This leads to the danger of the server's IP being banned due to the high number of web requests for many users. The other option is to create an desktop application which I don't want to do. Is there any way I could deploy my application so that I can get my web-requests through the client side. One way was to use Jython to create an applet but I've read that Java applets can only make web-requests to the server it is deployed on and the only way to to circumvent this is to create a server side proxy which leads us back to the problem of the server's ip getting banned.
This might sounds sound like and impossible situation and I'll probably end up creating a desktop application but I thought I'd ask if anyone knew of an alternate solution.
Thanks.
You can use a signed Java applet, they can use the Java security mechanism to enable access to any site.
This tutorial explains exactly what you have to do: http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
The same might be possible from a Flash applet. Javascript is also restricted to the published site and doesn't allow being signed or security exceptions like this, AFAIK.
You probably can use AJAX requests made from JavaScript that is a part of client-side.
Use server → client communication to give commands and necessary data to make a request
…and use AJAX communication from client to 3rd party server then.
This depends on the form of "scraping" you intend to do:
You might run into problems running an AJAX call to a third-party site. Please see Screen scraping through AJAX and javascript.
An alternative would be to do it server-side, but to cache the results so that you don't hit the third-party server unnecessarily.
Check out diggstripper on google code.
I want to develop a tool for my project using python. The requirements are:
Embed a web server to let the user get some static files, but the traffic is not very high.
User can configure the tool using http, I don't want a GUI page, I just need a RPC interface, like XML-RPC? or others?
Besides the web server, the tool need some background job to do, so these jobs need to be done with the web server.
So, Which python web server is best choice? I am looking at CherryPy, If you have other recommendation, please write it here.
what about the internal python webserver ?
just type "python web server" in google, and host the 1st result...
Well, I used web frameworks like TurboGears, my current projects are based on Pylons. The last ist fairly easy to learn and both come with CherryPy.
To do some background job you could implement that in pylons too.
Just go to your config/environment.py and see that example:
(I implemented a queue here)
from faxserver.lib.myQueue import start_queue
...
def load_environment(global_conf, app_conf):
...
start_queue()
It depends on your need if you simply use CherryPy or start to use something more complete like Pylons.
Use the WSGI Reference Implementation wsgiref already provided with Python
Use REST protocols with JSON (not XML-RPC). It's simpler and faster than XML.
Background jobs are started with subprocess.
Why dont you use open source build tools (continuous integration tools) like Cruise. Most of them come with a web server/xml interface and sometimes with fancy reports as well.
This sounds like a fun project. So, why don't write your own HTTP server? Its not so complicated after all, HTTP is a well-known and easy to implement protocol and you'll gain a lot of new knowledge!
Check documentation or manual pages (whatever you prefer) of socket(), bind(), listen(), accept() and so on.