Table of Contents
List of Figures
List of Examples
- 2.1. Hello World
- 2.2. Exposed Methods
- 3.1. Sample application (handler mapping example)
- 3.2. A user method which handles positional parameters
- 3.3. A
defaultmethod example - 3.4. Traversal examples
- 3.5. Turning on a default filter
- 3.6. Using a non default filter
- 3.7. Configuration file
- 3.8. Configuration dictionary
- 3.9. Basic example of session usage
- 3.10. Static filter configuration
- 3.11. A custom
_cp_on_errormethod - 3.12.
- 3.13.
- 3.14. Profiling example
Table of Contents
CherryPy is a pythonic, object-oriented web development framework. It provides the foundation over which complex web-based applications can be written, with little or no knowledge of the underlying protocols. CherryPy allows developers to build web applications in much the same way they would build any other object-oriented Python program. This usually results in smaller source code developed in less time.
CherryPy does its best to stay out of the way between the programmer and the problem. CherryPy applications are usually very simple. It works out of the box; default behavior is sensible enough to allow use without extensive setup or customization. The embedded web server allows one to deploy web applications anywhere Python is installed. In short, CherryPy is as pythonic as it gets.
Table of Contents
Abstract
Since CherryPy is pure Python and has no dependencies, obtaining and installing it is a snap. You can install using a release package, or by using Subversion.
A "release package" is an official stable release of CherryPy. It means that the main features and issues that were decided to be integrated and fixed for a particular milestone, have been.
The latest package is available from the sourceforge repository of the CherryPy project. You need to pick up the latest version of the package.
Installing CherryPy from a release package will take three steps only. Type the following commands :
tar {zxvf} {CherryPy-2.1.0.tar.gz}
Which will create the CherryPy-2.1.0 directory.
cd {CherryPy-2.1.0}
Then issue the following command (if you are under Unix or Linux, you should be root):
python {setup.py} {install}
The CherryPy project uses Subversion to control access to its source code. Getting CherryPy from the latest changeset is sometimes required because a bugfix or a feature is only available from it. Keep in mind that subversion code is subject to change on a regular basis; therefore, only use it if you know what you are doing.
To get the latest source code from the subversion repository, you first need to install a SVN client. On Microsoft Windows, TortoiseSVN is a good choice. Under Linux, you can either use the svn command line tools or use a graphical user interface such as eSVN.
Once you have installed a svn client, you need to type the following command :
svn {co} {http://svn.cherrypy.org}
This will download the complete source code to your computer.
If you have downloaded the source code from the CherryPy subversion repository, then you should have a directory called svn.cherrypy.org. Then type the following commands:
cd {svn.cherrypy.org/trunk}
Then issue the following command (as root if you are under Unix/Linux):
python {setup.py} {install}
Alternately, since CherryPy has no dependencies, you don't have to run setup.py.
Instead, checkout /trunk/cherrypy into a directory which is on your Python
path, such as site-packages/cherrypy.
If you have installed CherryPy from the source code downloaded from the subversion repository, you can run the test suite to check if everything is fine on your system. Type the following commands:
cd {svn.cherrypy.org/trunk/cherrypy/test}
python {test.py}
If all tests pass, then they will be flagged as ok. If an error occurs,
please visit the main CherryPy website to report the issue.
Table of Contents
The best way to learn CherryPy is to look at example programs.
Save the code under a file named helloworld.py. Then to start up the application, type the following command:
python {helloworld.py}
You will see some information on your terminal window which are the log of the web server.
Then simply point your browser to http://localhost:8080 and say Bravo!
Example 2.1. Hello World
"""
Tutorial - Hello World
The most basic (working) CherryPy application possible.
"""
# Import CherryPy global namespace
import cherrypy
class HelloWorld:
""" Sample request handler class. """
def index(self):
# CherryPy will call this method for the root URI ("/") and send
# its return value to the client. Because this is tutorial
# lesson number 01, we'll just send something really simple.
# How about...
return "Hello world!"
# Expose the index method through the web. CherryPy will never
# publish methods that don't have the exposed attribute set to True.
index.exposed = True
# CherryPy always starts with cherrypy.root when trying to map request URIs
# to objects, so we need to mount a request handler object here. A request
# to '/' will be mapped to cherrypy.root.index().
cherrypy.root = HelloWorld()
if __name__ == '__main__':
# Use the configuration file tutorial.conf.
cherrypy.config.update(file = 'tutorial.conf')
# Start the CherryPy server.
cherrypy.server.start()
For security reasons, CherryPy requires developers to explicitly specify which methods may be accessed via the web. The method's 'exposed' attribute, when True, indicates that a given method is published to the web.
Example 2.2. Exposed Methods
"""
Tutorial - Multiple methods
This tutorial shows you how to link to other methods of your request
handler.
"""
import cherrypy
class HelloWorld:
def index(self):
# Let's link to another method here.
return 'We have an <a href="showMessage">important message</a> for you!'
index.exposed = True
def showMessage(self):
# Here's the important message!
return "Hello world!"
showMessage.exposed = True
cherrypy.root = HelloWorld()
if __name__ == '__main__':
cherrypy.config.update(file = 'tutorial.conf')
cherrypy.server.start()
In this section we will be working around a blog system in order to have an overview of how to build applications with CherryPy. Of course we do not pretend to define the unique way to layout an application with CherryPy, this is a practical introduction to CherryPy.
We will cover the following topics:
Layout of the package. In that section we will see how to setup a generic structure for the package.
Backend support. In that section we will discuss the different backend once can use for an application and the implication of such choices.
Template support. That section will explain how CherryPy works with templating systems.
We will be describing the product opkee! in its version 1.0. You will therefore need to download it at http://www.defuze.org/oss/opkee/.
Table of Contents
Abstract
CherryPy lets developers use Python to develop web applications, just as they would use Python for any other type of application. Building a web application with CherryPy is very straightforward and does not require the developer to change habits, or learn many features, before being able to produce a working application. This section will review the basic components which you will use to build a CherryPy application.CherryPy has lots of fancy features to help you manage HTTP messages. But the most
fundamental thing it does is allow you to map URI's to handler functions. It does this in a
very straightforward way: the path portion of a URI is heirarchical, so CherryPy uses a
parallel heirarchy of objects, starting with cherrypy.root. If your application
receives a request for "/admin/user?name=idunno", then CherryPy will try to find the handler:
cherrypy.root.admin.user. If it exists, is callable, and has an "exposed = True"
attribute, then CherryPy will hand off control to that function. Any URI parameters (like
"name=idunno", above) are passed to the handler as keyword arguments.
There are some special cases, however. To what handler should we map a path like
"/admin/search/"? Note the trailing slash after "search"—it indicates that our path has
three components: "admin", "search", and "". Static webservers interpret this to mean
that the search object is a directory, and, since the third component is
blank, they use an index.html file if it exists. CherryPy is a dynamic
webserver, so it allows you to specify an index method to handle this. In
our example, CherryPy will look for a handler at
cherrypy.root.admin.search.index. Let's pause and show our example
application so far:
Example 3.1. Sample application (handler mapping example)
import cherrypy
class Root:
def index(self):
return "Hello, world!"
index.exposed = True
class Admin:
def user(self, name=""):
return "You asked for user '%s'" % name
user.exposed = True
class Search:
def index(self):
return search_page()
index.exposed = True
cherrypy.root = Root()
cherrypy.root.admin = Admin()
cherrypy.root.admin.search = Search()So far, we have three exposed handlers:
root.index. This will be called for the URI's "/" and "/index".root.admin.user. This will be called for the URI "/admin/user".root.admin.search.index. This will be called for the URI's "/admin/search/" and "/admin/search".
Yes, you read that third line correctly: root.admin.search.index will
be called whether or not the URI has a trailing slash. Actually, that isn't quite true;
CherryPy will answer a request for "/admin/search" (without the slash) with an HTTP
Redirect response. Most browsers will then request "/admin/search/" as the redirection
suggests, and then our root.admin.search.index handler
will be called. But the final outcome is the same.
Now, let's consider another special case. What if, instead of passing a user name as a parameter, we wish to use a user id as part of the path? What to do with a URI like "/admin/user/8173/schedule"? This is intended to reference the schedule belonging to "user #8173", but we certainly don't want to have a separate function for each user id!
CherryPy allows you to map a single handler to multiple URI's with the simple
approach of not writing handlers you don't need. If a node in the
cherrypy.root tree doesn't have any children, that node will be called for
all of its child paths, and CherryPy will pass the leftover path info as positional
arguments. In our example, CherryPy will call cherrypy.root.admin.user("8173",
"schedule"). Let's rewrite our user method to handle such requests:
Example 3.2. A user method which handles positional parameters
class Admin:
def user(self, *args):
if not args:
raise cherrypy.HTTPError(400, "A user id was expected but not supplied.")
id = args.pop(0)
if args and args[0] == 'schedule':
return self.schedule(id)
return "You asked for user '%s'" % id
user.exposed = TrueNote that this is different behavior than CherryPy 2.1, which only allowed positional params for methods named "default".
Are you ready for another special case? What handler is called in our example if
you request the URI "/not/a/valid/path"? Given the behavior we have described up to this
point, you might deduce that the root.index method will end up handling
any path that can't be mapped elsewhere. This would mean, in effect,
that CherryPy applications with a root.index could never return a "404 Not
Found" response!
To prevent this, CherryPy doesn't try to call index methods unless they are
attached to the last node in the path; in our example, the only index method that might
be called would be a root.not.a.valid.path.index method. If you truly want
an intermediate index method to receive positional parameters, well, you can't do that.
But what you can do is define a default method to do that for you, instead
of an index method. If we wanted our cherrypy.root to handle
any child path, and receive positional parameters, we could rewrite it like this:
Example 3.3. A default method example
class Root:
def index(self):
return "Hello, world!"
index.exposed = True
def default(self, *args):
return "Extra path info: %s" % repr(args)
default.exposed = TrueThis new Root class would handle the URI's "/" and "/index" via the
index method, and would handle URI's like "/not/a/valid/path" and
"/admin/unknown" via the default method.
For those of you who need to see in exactly what order CherryPy will try various handlers, here are some examples, using the application above. We always start by trying to find the longest object path first, and then working backwards until an exposed, callable handler is found:
Example 3.4. Traversal examples
"/admin/user/8192/schedule"
Trying to reach cherrypy.root.admin.user.8192.schedule.index...
cherrypy.root exists? Yes.
.root.admin exists? Yes.
.admin.user exists? Yes.
.user.8192 exists? No.
.user.default is callable and exposed? No.
.admin.user is callable and exposed? Yes. Call it.
"/admin/search/"
Trying to reach cherrypy.root.admin.search.index...
cherrypy.root exists? Yes.
.root.admin exists? Yes.
.admin.search exists? Yes.
.search.index exists? Yes. Path exhausted.
.search.index is callable and exposed? Yes. Call it.
"/admin/unknown"
Trying to reach cherrypy.root.admin.unknown.index...
cherrypy.root exists? Yes.
.root.admin exists? Yes.
.admin.unknown exists? No.
.admin.default is callable and exposed? No.
.root.admin is callable and exposed? No.
.root.default is callable and exposed? Yes. Call it.Filters are one of the most important features of CherryPy. The CherryPy core can call user-defined functions at specific points during request processing; a filter is a class which defines those functions. Filters are designed to be called at a low level—the HTTP request/response level—and therefore should only be used in that context.
CherryPy comes with a set of built-in filters, but they're turned off by default. To enable them, you must use the configuration system as follows:
- First you must decide where to enable the filter. CherryPy maintains a tree of published objects; you must decide which branch should use the filter. The filter will then apply to that branch and all its children in the tree. Remember that the tree is accessed as a path and then mapped internally by the core to match the correct exposed object.
- Second in the config file you must turn the filter on like this
:
filterName.on = True
Example 3.5. Turning on a default filter
[/entries/view]
tidy_filter.on = True
tidy_filter.tmp_dir = "/tmp"
tidy_filter.strict_xml = True
On the first line we define that the tidy filter will be used by the
core whenever the path /entries/view (or one of its sub-paths)
is called. On the two last lines we also define some parameters used by the
filter.
CherryPy lets you write your own filters as we will see in the
developer reference chapter. However, the way to use them is different from
the default filters. You do not declare custom filters within the
configuration file; instead, use the _cp_filters attribute in
your source code:
Example 3.6. Using a non default filter
import cherrypy
from myfiltermodule import MyFilterClass
class Entry:
_cp_filters = [ MyFilterClass() ]
def view(self, id):
# do suff...
view.exposed = True
class Root: pass
cherrypy.root = Root()
cherrypy.root.entries = Entry()
cherrypy.server.start()
As all objects below cherrypy.root.entries will inherit
the filter, there is no need to re-specify it in each
_cp_filters underneath.
Keep in mind that the user-defined filters are called in the order you add them to the list.
The CherryPy configuration system provides fine-grained control over how each part of the application should react. You will use it for two reasons:
Web server settings
Enabling filters per path
You will be able to declare the configuration settings either from a file or from a Python dictionary.
First of all, let's see how a typical configuration file is defined.
Example 3.7. Configuration file
# The configuration file called myconfigfile.conf
[global]
server.socket_port=8080
server.socket_host=""
server.socket_file=""
server.socket_queue_size=5
server.protocol_version="HTTP/1.0"
server.log_to_screen=True
server.log_file=""
server.reverse_dns=False
server.thread_pool=10
server.environment="development"
[/service/xmlrpc]
xmlrpc_filter.on = True
[/admin]
session_authenticate_filter.on=True
[/css/default.css]
static_filter.on = True
static_filter.file = "data/css/default.css"
# From your script...
cherrypy.config.update(file="myconfigfile.conf")
The settings can also be defined using a python dictionary instead of a file as follows:
Example 3.8. Configuration dictionary
settings = {
'global': {
'server.socket_port' : 8080,
'server.socket_host': "",
'server.socket_file': "",
'server.socket_queue_size': 5,
'server.protocol_version': "HTTP/1.0",
'server.log_to_screen': True,
'server.log_file': "",
'server.reverse_dns': False,
'server.thread_pool': 10,
'server.environment': "development"
},
'/service/xmlrpc' : {
'xmlrpc_filter.on': True
},
'/admin': {
'session_authenticate_filter.on' :True
},
'/css/default.css': {
'static_filter.on': True,
'static_filter.file': "data/css/default.css"
}
}
cherrypy.config.update(settings)
Each section of the configuration refers to an object path; the object path is used to
lookup the correct handler for each Request-URI. Therefore when the server receives a
Request-URI of /css/default.css, the static filter will handle the request, and
the server will actually return the physical file at
data/css/default.css. Since the path /service/xmlrpc has
the XML-RPC filter enabled, all the exposed methods of the object
cherrypy.root.service.xmlrpc will be treated as XML-RPC methods.
The global entry represents settings which apply outside the request
process, including server settings such as the port, the protocol version to use by default,
the number of threads to start with the server, etc. This is not the
same as the root entry [/], which maps to cherrypy.root.
By default, URI's and object paths are equivalent; however, filters may rewrite the
objectPath to produce a different mapping between URI's and handlers. This is necessary, for
example, when mounting applications at virtual roots (e.g. serving the object path
/welcome at the URI "/users/~rdelon/welcome").
All values in the configuration file must be valid Python values. Strings must be quoted, booleans must be True or False, etc.
The server.environment entry controls how CherryPy should run. Three
values are built in:
development
log_debug_info_filter is enabled
HTTPErrors (and therefore the default _cp_on_error) display tracebacks in the browser if errors occur
autoreload is enabled
NotFound errors (404) are listed in the error.log
production
log_debug_info_filter is disabled
tracebacks are logged, but are not displayed in the browser
autoreload is disabled
NotFound errors (404) aren't listed in the error log
staging (same as production for the moment)
Beginning in CherryPy 2.2, the behavior of each environment is defined in
cherrypy.config.environments, a dict whose keys are "development",
"production", etc, and whose values are dicts of config keys and values. Application
developers are free to modify existing environments, or define new environments for use
by their deployers, by modifying this container. For example, if you develop an
application which absolutely cannot handle autoreload, your app can set
cherrypy.config.environments['development']['autoreload.on'] = False.
Deployers who selected the "development" environment would then be free from the danger
of autoreload interacting with your application. Another example of using
config.environments directly might be an application which needs a "development" and
"production" environment, but also separate "beta", "rc", "live data" and/or "testing"
environments.
Abstract
CherryPy 2.1 includes a powerful sessions system provided via a new
session_filter.
First you need to enable the session filter through the
configuration system, by setting session_filter.on to
True. This gives you a variable called
cherrypy.session, which is a dictionary-like object
where you can read/store your session data. This dictionary always has a
special key called _id which contains the session
id.
Here is sample code showing how to implement a simple counter using sessions:
Example 3.9. Basic example of session usage
import cherrypy
class Root:
def index(self):
count = cherrypy.session.get('count', 0) + 1
cherrypy.session['count'] = count
return 'Counter: %s' % count
index.exposed = True
cherrypy.config.update({'session_filter.on': True})
cherrypy.root = Root()
cherrypy.server.start()
The following configuration options are available for "session_filter":
session_filter.on:TrueorFalse(default): enable/disable sessionssession_filter.storage_type: Specify which storage type should be used for storing session data on the server. Built-in types areRam(default),FileandPostgreSQL(see Section 1.4.3, “Choosing the backend” for more info).session_filter.storage_path: Specifies the directory in which CherryPy puts the session files when session_filter.storage_type is set toFile.session_filter.timeout: The number of minutes of inactivity before an individual session can be removed. It can be a float (ex: 0.5 for 30 seconds). Defaults to 60.session_filter.clean_up_delay: Once in a while the server cleans up old/expired sessions. This config option specifies how often this clean up process should happen. The delay is in minutes. Defaults to 5.session_filter.cookie_name: The name of the cookie that CherryPy will use to store the session ID. Defaults tosessionID.session_filter.get_db: See thePostgreSQLbackend from Section 1.4.3, “Choosing the backend”.session_filter.deadlock_timeout: See Section 1.4.5, “Handling concurrent requests for the same session data”.session_filter.on_create_session: See Section 1.4.6, “Being notified when sessions are created/deleted”.session_filter.on_renew_session: See Section 1.4.6, “Being notified when sessions are created/deleted”.session_filter.on_delete_session: See Section 1.4.6, “Being notified when sessions are created/deleted”.session_filter.storage_class: See Section 1.4.4, “Writing your own custom backend”.
CherryPy comes with multiple build-in backends for storing session data on the server side. They are:
Ram: All data is stored in RAM; this is the fastest storage, but it means that the data will be lost if you restart the server; and it also means that it won't scale to multiple processes/machinesFile: All data is stored on disk; this is a bit slower than Ram storage, but the data will persist if you restart the server. It also means that data can be shared amongst multiple CherryPy processes, either on the same machine, or on multiple machines if all machines have access to the same disk (for example, via NFS).PostgreSQL: This backend is included with CherryPy to show how easy it is to implement your own custom backend for the session system. All data is stored in a PostgreSQL database; storing your data in a database is the recommend setup for production if you have a very high traffic website and you need to scale your site across multiple machines. To use this backend, you'll need to create the following table in your PostgreSQL database:create table session ( id varchar(40), data text, expiration_time timestamp )
You also need to programmatically set thesession_filter.get_dbconfig option to a function that returns a DB connection. Note that you should use thepsycopg2module.
Ram backend, the session data is saved as soon as you stick it in cherrypy.session. So even if an error occurs later on in the page handler the data is still saved; this is not the case for the other backends.
By default, CherryPy comes with 3 built-in backends, but if you have specific needs, it is very easy to implement your own custom backend (for instance, another database, or an XML-RPC server, ...). To do so, all you have to do is write a class that implements the following methods:
class MyCustomBackend:
def save(self, id, data, expirationTime):
""" Save the session data and expirationTime for that session id """
def load(self, id):
""" Load the session data and expirationTime for 'id' and return
a tuple (data, expirationTime) (even if the session is
expired). Return None if id doesn't exist. """
def clean_up(self):
""" Delete expired session data from storage and call
'on_delete_session' for each deleted session id """
Note that if you want to use explicit
locking (see Section 1.4.5, “Handling concurrent requests for the same session data”), you also have to implement
two extra methods: acquire_lock and
release_lock.
Once you have written this class, you have to programmatically set
the session_filter.storage_class config option to this
class.
If you need help in writing your own custom backend it is a good
idea to look at how the current ones (ram, file and postgresql) are
implemented. They are implemented in the file
cherrypy/lib/filter/sessionfilter.py
It is normally quite rare to have two simultaneous requests with the same session ID. It means that a same browser is making 2 requests to your server at the same time (to dynamic pages ... static data like images don't have sessions). However, this case can happen (if you're using frames for instance), and it will happen more and more often as more and more people start using Ajax.
In that case, we need to make sure that access to the session data is serialized. This way, threads can't both modify the data at the same time and leave it in an inconsistent state.
What you need to do is call "cherrypy.session.acquire_lock()" in methods that update the session data. (Method that only read it don't need that call). The lock will be automatically released when the request is over. Here is a sample code that does it:
class Root:
def increment_counter(self):
# We call acquire_lock at the beginning
# of the method
cherrypy.session.acquire_lock()
c = cherrypy.session.get('counter', 0) + 1
cherrypy.session['counter'] = c
return str(c)
increment_counter.exposed = True
def read_counter(self):
# No need to call acquire_lock
# because we're only reading
# the session data
c = cherrypy.session.get('counter', 0) + 1
return str(c)
read_counter.exposed = True
It is possible to configure the session_filter so
that it calls some special callback functions from your code when sessions
are being created/renewed/deleted. To do so you have to set the
session_filter.on_create_session,
session_filter.on_renew_session, and
session_filter.on_delete_session config options. When a
session is created/deleted, CherryPy will call these functions and pass
them the session data.
CherryPy is a low-level framework for building web applications, and thus does not offer high-level features such as an integrated templating system. This is quite a different point of view from many other web frameworks. CherryPy does not force you to use a specific templating language; instead, it allows you to plug in your favourite one as you see fit.
CherryPy works with all the main templating systems:
You will find recipes on how to use them on the CherryPy website.
Static content is now handled by a filter called "static_filter" that
can easily be enabled and configured in your config file. For instance, if
you wanted to serve /style.css from
/home/site/style.css and /static/* from
/home/site/static/*, you can use the following
configuration:
Example 3.10. Static filter configuration
[global]
static_filter.root = "/home/site"
[/style.css]
static_filter.on = True
static_filter.file = "style.css"
[/static]
static_filter.on = True
static_filter.dir = "static"
The static_filter.root entry can be either absolute or
relative. If absolute, static content is sought within that absolute path.
Since CherryPy cannot guess where your application root is located, relative
paths are assumed to be relative to the directory where your
cherrypy.root class is defined (if you do not provide a root,
it defaults to "", and therefore to the directory of your
cherrypy.root class).
As an application developer, the design of your application affects whether you choose to use absolute or relative paths. If you are creating a one-off application that will only be deployed once, you might as well use absolute paths. But you can make multiple deployments easier by using relative paths, letting CherryPy calculate the absolute path each time for you. Absolute paths, however, give deployers the ability to place static content on read-only filesystems, or on faster disks.
Before version 2.1, CherryPy handled file uploads by reading the entire file into memory, storing it in a string, and passing it to the page handler method. This worked well for small files, but not so well for large files.
CherryPy 2.1 uses the python cgi module to parse the
POST data. When a file is being uploaded, the cgi module
stores it in a temp file and returns a FieldStorage instance
which contains information about this file. CherryPy then passes this
FieldStorage instance to the method. The
FieldStorage instance has the following attributes:
file: the file(-like) object from which you can read the datafilename: the client-side filenametype: the content-type of the file
As you read this section, refer to the following diagram to understand the flow of execution:
When an unhandled exception is raised inside CherryPy, three actions occur (in order):
before_error_responsefilter methods are calleda
_cp_on_errormethod is calledresponse.finalizeis calledafter_error_responsefilter methods are called
The error response filter methods are defined by each filter;
they cannot prevent the call to _cp_on_error (unless
before_error_response raises an exception, including
HTTPRedirect).
The _cp_on_error function is a CherryPy
"special attribute"; that is, you can define your own
_cp_on_error method for any branch in your
cherrypy.root object tree, and it will be invoked for
all child handlers. For example:
Example 3.11. A custom _cp_on_error method
import cherrypy
class Root:
def _cp_on_error(self):
cherrypy.response.body = ("We apologise for the fault in the website. "
"Those responsible have been sacked.")
def index(self):
return "A m" + 00 + "se once bit my sister..."
index.exposed = TrueThe default _cp_on_error function simply responds
as if an HTTPError 500 had been raised (see the next
section).
If an HTTPRedirect is raised during the error-handling
process, it will be handled appropriately. If any other kind of
error occurs during the handling of an initial error, then CherryPy
punts, returning a bare-bones, text/plain error
response (containing both tracebacks if
server.show_tracebacks is True).
HTTPError exceptions do not result in calls to
_cp_on_error. Instead, they have their own
_cp_on_http_error function. Like _cp_on_error,
this is a "special attribute" and can be overridden by
cherrypy.root objects. The default _cp_on_http_error
handler sets the HTTP response to a pretty HTML error page.
[global] server.socket_port: port number where the server is listening (defaults to 8080)[global] server.log_file: path to a file to log CherryPy server activity. Items logged include startup config info, tracebacks and HTTP requests. It is disabled by default and everything is logged to the screen.[global] server.log_access_file: path to a file where access log data will be stored in Common Log Format. The default is to write access log data to the screen. If a file is specified, the access log data is no longer written to the screen.[global] server.log_to_screen: controls whether any log data is written to the screen. It defaults to on (True). For performance reasons, it is best to have this option turned off on a production server.[global] server.log_tracebacks: controls whether or not tracebacks are written to the log (screen or otherwise). Defaults to on (True) If set to False, only a 500 return code will be logged in the access log.[global] server.max_request_header_size: maximum acceptable size of a request header, in bytes (defaults to 500KB). If a longer request arrives, the server will interrupt it and return a 413 error. This setting is global (ie: doesn't depend on the path). Set it to zero to remove the limit[global] server.default_content_type: default content type to be used for all responses (default to text/html). This setting is global (ie: doesn't depend on the path).[/path] server.max_request_body_size: maximum acceptable size of a request body, in bytes (defaults to 100MB). If a longer request body arrives, the server will interrupt it and return a 413 error. This setting can be configured per path. This is useful to limit the size of uploaded files. Set it to zero to remove the limitTODO: other config options
So far, we have talked about applications as if they are always "mounted" at root; that is,
that the URL "/" is the "base URL" for the application. However, this rarely happens in practice.
Often, you not only have an application mounted at some other base URL, but it must coexist with
other applications (perhaps in the same process). CherryPy has always allowed applications to be
deployed simultaneously, but it was often a difficult process, and required a lot of manual
manipulation of the cherrypy.root tree, and of config file paths.
Beginning in version 2.2, CherryPy provides a tool to make mounting applications easier:
cherrypy.tree.mount(app_root, baseurl=None, conf=None). You pass it a handler tree,
the base URL for the app, and a config dict or filename, and it does all of the "hard work" for
you. For example, instead of writing this:
Example 3.12.
import cherrypy
class Root:
def index(self):
return "Hello world! This is %s" % cherrypy.request.path
index.exposed = True
cherrypy.root.path.to.approot = Root()
cherrypy.config.update({'/path/to/approot/':
{'server.log_file': '/var/log/myapp.log'}
})...you can now write the last two lines like this:
Example 3.13.
cherrypy.tree.mount(Root(), "/path/to/approot",
{'/': {'server.log_file': '/var/log/myapp.log'}})The call to mount() will prefix all of the config-section paths with your mount point path. If you use a config file instead of a Python dict, it becomes even cleaner.
You can read more about the cherrypy.tree object in the API Reference later in
this book.
At its most basic, CherryPy is designed to allow the production of simple websites without having to think about any of the details of HTTP. Notice we're saying HTTP (the transport), not HTML (the markup language)! In particular, developers should not have to concern themselves with:
Responding to unpublished requests
Logging and notifying users appropriately when unhandled exceptions occur
The difference between query strings and POSTed params
The decoding and unpacking of request headers and bodies, including file uploads
Response status or headers
For the most part, simple "page handlers" (functions attached to
cherrypy.root), should never have to refer to cherrypy at all! They receive
params via function arguments, and return content directly. Advanced functionality is
most often enabled via the built-in filters, which encapsulate the particulars of HTTP,
and can be completely controlled via the config file.
Simple apps are produced simply, but when a developer needs to step out of the
mundane and provide real value, they should be able to leverage the complete power and
flexibility of the HTTP specification. In general, the HTTP request and response messages
are completely represented in the cherrypy.request and
.response objects. At the lowest level, a developer should be able to
generate any valid HTTP response message by modifying
cherrypy.response.status, .headers, and/or
.body.
The design of HTTP itself is guided by REST, a set of principles which constrain its expressivity and therefore its implementation. HTTP is a transfer protocol which enables the exchange of representations of resources. In a RESTful design, clients never expect to access a resource directly; instead, they request a representation of that resource. For example, if a resource has both an XML and an HTML representation, then an HTTP/1.1 server might be expected to inspect the Accept request header in order to decide which representation to serve in response.
It's important to clarify some terminology, here. In REST terms, a "resource" is "any concept that might be the target of an author’s hypertext reference...a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time". A resource is not the request, nor the response, in an HTTP conversation. "The resource is not the storage object. The resource is not a mechanism that the server uses to handle the storage object. The resource is a conceptual mapping — the server receives the identifier (which identifies the mapping) and applies it to its current mapping implementation (usually a combination of collection-specific deep tree traversal and/or hash tables) to find the currently responsible handler implementation and the handler implementation then selects the appropriate action+response based on the request content."
CherryPy, therefore, does not provide REST resources, nor model them, nor serve them. Instead, it provides mappings between identifiers (URI's) and handlers (functions). It allows application developers to model resources, perhaps, but it only serves representations of resources.
By default, these identifier-to-handler mappings (which we will call "handler dispatch" from now on) follow a simple pattern: since the path portion of a URI is hierarchical, CherryPy arranges handlers in a similar heirarchy, starting at cherrypy.root, and branching on each attribute; every leaf node in this tree must be "exposed" (but the branches need not be, see section 2.2). Note in particular that, although the query portion of a Request-URI is part of the resource identifier, CherryPy does not use it to map identifiers to handlers. Application developers may use the query string to further identify the requested resource, of course, but CherryPy, not having any domain-specific knowledge about the format or semantic of a query string, doesn't try to guess.
Filters, then, are CherryPy's way to wrap or circumvent the default handler dispatch. EncodingFilter, for example, wraps the response from a handler, encoding the response body as it is produced. StaticFilter, on the other hand, intercepts some requests (based on the path portion of the Request-URI) and implements its own identifier-to-handler mapping. Developers who wish to provide their own handler dispatch mechanisms are encouraged to do so via a filter.
The cherrypy.request object contains request-related objects. Pretty lame description, but that's all it does; it's a big data dump. At the beginning of each HTTP request, the existing request object is destroyed, and a new one is created, (one request object for each thread). Therefore, CherryPy (and you yourself) can stick data into cherrypy.request and not worry about it conflicting with other requests.
This attribute is a string containing the IP address of the client. It will be an empty string if it is not available.
This attribute is an int containing the TCP port number of the client. It will be -1 if it is not available.
This attribute is a string containing the remote hostname of the client.
This attribute is a dictionary containing the received HTTP headers, with automatically titled keys (e.g., "Content-Type"). As it's a dictionary, no duplicates are allowed.
This attribute is a list of (header, value) tuples containing the received HTTP headers. In general, you probably want to use headers instead; this is only here in case you need to inspect duplicates in the request headers.
This attribute is a string containing the first line of the raw HTTP request; for example, "GET /path/page HTTP/1.1".
This attribute is a SimpleCookie instance from the standard library's Cookie module which contains the incoming cookie values from the client.
This attribute is the input stream to the client, if applicable. See cherrypy.request.processRequestBody for more information.
This attribute is the request entity body, if applicable. See cherrypy.request.processRequestBody for more information.
This attribute specifies whether or not the request's body (request.rfile, which is POST or PUT data) will be handled by CherryPy. If True (the default for POST and PUT requests), then request.rfile will be consumed by CherryPy (and unreadable after that). If the request Content-Type is "application/x-www-form-urlencoded", then the rfile will be parsed and placed into request.params; otherwise, it will be available in request.body. If cherrypy.request.processRequestBody is False, then the rfile is not consumed, but will be readable by the exposed method.
This attribute is a string containing the HTTP request method, such as GET or POST.
This attribute is a string containing the HTTP protocol of the request in the form of HTTP/x.x
This attribute is a Version object which represents the HTTP protocol. It's the
same os request.protocol, but allows easy comparisons like if
cherrypy.request.version >= "1.1": do_http_1_1_thing.
This attribute is a dictionary containing the WSGI environment for the request. In non-WSGI settings (i.e., custom HTTP servers), it is absent.
This attribute is a string containing the query string of the request (the part of the URL following '?').
This attribute is a string containing the path of the resource the client requested.
This attribute is a dictionary containing the query string and POST arguments of this request.
This attribute is a string containing the root URL of the server. By default, it is equal to request.scheme://request.headers['Host'].
This attribute is a string containing the URL the client requested. By default, it
is equal to request.base + request.path, plus the querystring, if
provided.
This attribute is a string containing the path of the exposed method that will be called to handle this request. This is usually the same as cherrypy.request.path, but can be changed in a filter to change which method is actually called.
This attribute is a string containing the original value of cherrypy.request.path, in case it is modified by a filter during the request.
This attribute is a string containing the original value of cherrypy.request.params, in case it is modified by a filter during the request.
The cherrypy.response object contains response-related objects. Pretty lame description, but that's all it does; it's a big data dump. At the beginning of each HTTP request, the existing response object is destroyed, and a new one is created, (one response object for each thread). Therefore, CherryPy (and you yourself) can stick data into cherrypy.response and not worry about it conflicting with other requests.
This attribute is a dictionary with automatically titled keys (e.g., "Content-Length"). It holds all outgoing HTTP headers to the client.
This attribute is a list of (header, value) tuples. It's not available until the response has been finalized; it's really only there in the extremely rare cases when you need duplicate response header_list. In general, you should use request.headers instead.
This attribute is a SimpleCookie instance from the standard library's Cookie module. It contains the outgoing cookie values.
This attribute is originally just the return value of the exposed method, but by the end of the request it must be an iterable (usually a list or generator of strings) which will be the content of the HTTP response.
This attribute is a string containing the HTTP response code in the form "### Reason-Phrase", i.e. "200 OK". You may also set it to an int, in which case the response finalization process will supply a Reason-Phrase for you.
This attribute is a Version object, representing the HTTP protocol version of the response. This is not necessarily the value that will be written in the response! Instead, it should be used to determine which features are available for the response. For example, an HTTP server may send an HTTP/1.1 response even though the client is known to only understand HTTP/1.0—the response.version will be set to Version("1.0") to inform you of this, so that you (and CherryPy) can restrict the response to HTTP/1.0 features only.
Start the CherryPy Server. Simple websites may call this without any arguments, to run the default server. If init_only is False (the default), this function will block until KeyboardInterrupt or SystemExit is raised, so that the process will persist. When using one of the built-in HTTP servers, you should leave this set to False. You should only set it to True if you're running CherryPy as an extension to another HTTP server (for example, when using Apache and mod_python with CherryPy), in which case the foreign HTTP server should do its own process-management.
Use the server_class argument to specify that you wish to use an HTTP server other than the default, built-in WSGIServer. If missing, config.get("server.class") will be checked for an alternate value; otherwise, the default is used. Possible alternate values (you may pass the class names as a string if you wish):
None: this will not load any HTTP server. Note that this is not the default; the default (if server_class is not given) is to load the WSGIServer.Any other class (or dotted-name string): load a custom HTTP server.
You must call this function from Python's main thread, and set init_only to False, if you want CherryPy to shut down when KeyboardInterrupt or SystemExit are raised (including Ctrl-C). The only time you might want to do otherwise is if you run CherryPy as a Windows service, or as an extension to, say, mod_python, and even then, you might want to anyway.
If the "init_only" argument to server.start is True, this will be False, and vice-versa.
Whatever HTTP server class is set in server.start will be stuck in here.
Whatever HTTP server class is set in server.start will be instantiated and stuck in here.
One of three values, indicating the state of the server:
STOPPED = 0: The server hasn't been started, and will not accept requests.
STARTING = None: The server is in the process of starting, or an error occured while trying to start the server.
STARTED = 1: The server has started (including an HTTP server if requested), and is ready to receive requests.
True if the server is ready to receive requests, false otherwise. Read-only.
Since server.start usually blocks, other threads need to be started before calling server.start; however, they often must wait for server.start to complete it's setup of the HTTP server. Use this function from other threads to make them wait for the HTTP server to be ready to receive requests.
Since server.start usually blocks, use this to easily run another function in a new thread. It starts the new thread and then runs server.start. The new thread automatically waits for the server to finish its startup procedure.
Stop the CherryPy Server. Well, "suspend" might be a better term—this doesn't terminate the process.
Usually None, set this to KeyboardInterrupt() or SystemExit() to shut down the entire process. That is, the new exception will be raised in the main thread.
A list of functions that will be called when the server starts.
A list of functions that will be called when the server stops.
A list of functions that will be called when each request thread is started. Note that such threads do not need to be started or controlled by CherryPy; for example, when using CherryPy with mod_python, Apache will start and stop the request threads. Nevertheless, CherryPy will run the on_start_thread_list functions upon the first request using each distinct thread.
A list of functions that will be called when each request thread is stopped.
This function returns the configuration value for the given key. The function checks if the setting is defined for the current request path; it walks up the request path until the key is found, or it returns the default value. If returnSection is True, the function returns the configuration path where the key is defined instead.
The getAll function returns a list containing a (path, value) tuple for all occurences of the key within the request path. This function allows applications to inherit configuration data defined for parent paths.
Function to update the configuration map. The "updateMap" argument is a dictionary of the form {'sectionPath' : { } }. The "file" argument is the path to the configuration file.
The Tree class is used to keep track of where applications are mounted. To "mount" an
application means to have its root respond to a URL other than "/". By using
cherrypy.tree, you can easily mount applications and remember where you mounted
them!
Function to mount a tree of objects at the given baseurl, using the given
configuration dict or filename. If baseurl is None or missing, it is assumed to be "/"
unless the config specifies [global] mount_point = "/path/to/approot". If
conf is not None, then each of its sections (which should be a relative URL, like
"/skins/deepblue/main") will be prefixed with the baseurl, so that config lookups are
also "mounted" at the base URL.
Note that, by using tree.mount, your approot may not be found at cherrypy.root; there may be several "dummy" objects placed in-between cherrypy.root and your application's root instance.
A method which finds the appropriate baseurl for a given path. If path is None or
missing, cherrypy.request.object_path is used. If multiple applications "contain" the
given path, the longer baseurl is returned. That is, if App1 is mounted at "/" and App2
is mounted at "/path/to/app", then
cherrypy.tree.mount_point("/path/to/app/main") will return
"/path/to/app".
Once you have obtained the baseurl using mount_point, you can obtain a reference to
the application root object by looking up
cherrypy.tree.mount_points[baseurl].
This exception can be used to automatically send a response using a http status code, with an appropriate error page.
This exception will redirect processing to another path within the site (without informing the client). Provide the new path as an argument when raising the exception. You may also provide a second "params" argument which will replace the current request params (usually a dict, but you may also supply a GET-param-style string). This exception is only handled from within page handlers and before_main filter methods.
Utility class that exposes a getitem-aware object. It does not provide index() or default() methods, and it does not expose the individual item objects - just the list or dict that contains them. User-specific index() and default() methods can be implemented by inheriting from this class.
Utility class that restores positional parameters functionality that was found in 2.0.0-beta.
Returns a list of AcceptValue objects from the specified Accept-* header (or None if the header is not present). The list is sorted so that the most-preferred values are first in the list.
Each AcceptValue object has a value attribute, a string which is
the value itself. For example, if headername is "Accept-Encoding", the
value attribute might be "gzip". It also has a (read-only)
qvalue attribute, a float between 0 and 1 which specifies the client's
preference for the value; higher numbers are preferred. Finally, each AcceptValue
also has a params attribute, a dict; for most headers, this dict will
only possess the original "q" value as a string.
If headername is "Accept" (the default), then the params attribute
may contain extra parameters which further differentiate the value. In addition,
params["q"] may itself be an AcceptValue object, with its own
params dict. Don't ask us why; ask the authors of the HTTP spec.
Returns a list of (start, stop) indices from a Range request header. Returns None if no such header is provided in the request. Each (start, stop) tuple will be composed of two ints, which are suitable for use in a slicing operation. That is, the header "Range: bytes=3-6", if applied against a Python string, is requesting resource[3:7]. This function will return the list [(3, 7)].
A subclass of Python's builtin dict class; CherryPy's default
request.headers and response.headers objects are instances
of this class. The keys are automatically titled (str(key).title()) in
order to provide case-insensitive comparisons and avoid duplicates.
Returns (method, path, querystring, protocol) from an HTTP
requestLine. The default Request processor calls this function.
Returns a dict of {'key': 'value'} pairs from an HTTP "key=value"
query string. Also handles server-side image map query strings. The default Request
processor calls this function.
Returns a dict of {'key': ''value'} pairs from a
cgi.FieldStorage object. The default Request processor calls this
function.
Set status, headers, and body in order to serve the file at the given path. The Content-Type header will be set to the contentType arg, if provided. If not provided, the Content-Type will be guessed by the extension of the file. If disposition is not None, the Content-Disposition header will be set to "<disposition>; filename=<name>". If name is None, it will be set to the basename of path. If disposition is None, no Content-Disposition header will be written.
This module both provides code-coverage tools, and may also be run as a script. To use this module, or the coverage tools in the test suite, you need to download 'coverage.py', either Gareth Rees' original implementation or Ned Batchelder's enhanced version.
Set cherrypy.codecoverage to True to turn on coverage tracing. Then, use the covercp.serve() function to browse the results in a web browser. If you run this module as a script (i.e., from the command line), it will call serve() for you.
You can profile any of your page handlers (exposed methods) as follows:
Example 3.14. Profiling example
from cherrypy.lib import profile
class Root:
p = profile.Profiler("/path/to/profile/dir")
def index(self):
self.p.run(self._index)
index.exposed = True
def _index(self):
return "Hello, world!"
cherrypy.root = Root()Set the config entry: "profiling.on = True" if you'd rather turn on profiling for all requests. Then, use the serve() function to browse the results in a web browser. If you run this module as a script (i.e., from the command line), it will call serve() for you.
Developers: this module should be used whenever you make significant changes to CherryPy, to get a quick sanity-check on the performance of the request process. Basic requests should complete in about 5 milliseconds on a reasonably-fast machine running Python 2.4 (Python 2.3 will be much slower due to threadlocal being implemented in Python, not C). You can profile the test suite by supplying the --profile option to test.py.
This module provides a brute-force method of reloading application files on the fly. When the config entry "autoreload.on" is True (or when "server.environment" is "development"), CherryPy uses the autoreload module to restart the current process whenever one of the files in use is changed. The mechanism by which it does so is pretty complicated:
_cp_on_error is a function for handling unanticipated exceptions, whether raised by CherryPy itself, or in user applications. The default simply responds as if HTTPError(500) had been raised.
_cp_on_http_error handles HTTPError responses, setting cherrypy.response.status, headers, and body.
User defined filters are enabled using the class attribute _cp_filters. Any filter instances placed in _cp_filters will be applied to all methods of the class.
CherryPy provides a set of hooks which are called at specific places during the request process. A filter should inherit from the BaseFilter class and implement the hooks it requires to add extra code during the process. CherryPy will go through all the filters which are on (buil-in and user defined) for that requested path and call all hooks that are implemented by each filter.
This hook is being called righ at the beginning of the request process. The only work CherryPy has done when this hook is called is to parse the first line of the HTTP request. This is needed so that filters have access to the object path translated from the path specified in the HTTP request.
This hook is always called.
This hook is being called right after CherryPy has parse the HTTP request headers but before it tries to parse the request body. If a filter which implements that hook sets cherrypy.request.processRequestBody to False, CherryPy will not parse the request body at all. This can be handy when you know your user agent returns the data in a form that the default CherryPy request body parsing function cannot understand.
For example, assuming your user agent returns you a request body which is an XML string unquoted, you may want a filter to parse that XML string and generates an XML DOM instance. Then the filter could add that instance to the cherrypy.request.params which in turns would be passed to your page handler like if it had actually been sent like that through the HTTP request. Therefore your filter has turned the XML string into an XML DOM instance transparently and makes your life easier. In that case you do not want CherryPy to parse the request body. It could also be used to scan the request body before it is being processed any further and decide to reject it if needed.
This hook is not called if an error occurs during the process before hand.
This hook is called right before your page handler (exposed callable) is being called by CherryPy. It can be handy if considering HTTP request headers or body you may want not to call the page handler at all, then you would have to set cherrypy.request.executeMain to False.
This hook is not called if an error occurs during the process before hand.
This hook is called right after the page handler has been processed (depending on the before_main hook behavior) and before CherryPy formats the final respone object. It helps you for example to check for what could have been returned by your page handler and change some headers of needed.
This hook is not called if an error occurs during the process before hand.
This hook is called at the end of the process so that you can finely tweak your HTTP response if needed (eg adding headers to the cherrypy.response.header_list). Note that cherrypy.response.headers will not be processed any longer at that stage.
This hook is always called.
This hook is called when an error has occured during the request processing. It allows you to called code before the _cp_on_error handler is being called as well as the response finalizing stage.
Filters provide a powerful mechanism for extending CherryPy. The aim is to provide code called at the HTTP request level itself. More specifically it means that you can write code that will be called:
- before a request is processed
- after a request has been processed
- before a response is sent to the client
- after a response is sent to the client
The baseurlfilter changes the base url of a request. It is useful for running CherryPy behind Apache with mod_rewrite.
The baseurlfilter has the following configuration options
base_url_filter.base_url
base_url_filter.use_x_forwarded_host
The cachefilter stores responses in memory. If an identical request is subsequently made, then the cached response is output without calling the page handler.
The decoding filter can be configured to automatically decode incoming requests.
The decodingfilter has the following configuration options:
decoding_filter.encoding
The encodingfilter can be configured to automatically encode outgoing responses.
The encodingfilter has the following configuration options:
encoding_filter.encoding: Force all text responses to be encoded with this encoding.
encoding_filter.default_encoding: Default all text responses to this encoding (if the user-agent does not request otherwise).
The gzipfilter will automatically gzip outgoing requests, if it is supported by the client.
The gzipfilter does not have any configuration options.
The logdebuinfofilter adds debug information to each page. The filter is automatically turned on when "server.environment" is set to "development".
The logdebuginfofilter has the following configuration options:
log_debug_info_filter.mime_types, ['text/html']
log_debug_info_filter.log_as_comment, False
log_debug_info_filter.log_build_time, True
log_debug_info_filter.log_page_size, True
The sessionauthenticatefilter provides simple form-based authentication and access control.
The static filter allows CherryPy to serve static files.
The staticfilter has the following configuration options:
static_filter.file
static_filter.dir
static_filter.root
The tidyfilter cleans up returned html by running the response through Tidy.
Note that we use the standalone Tidy tool rather than the python mxTidy module. This is because this module doesn't seem to be stable and it crashes on some HTML pages (which means that the server would also crash.)
The tidyfilter has the following configuration options:
tidy_filter.tmp_dir
tidy_filter.strict_xml, False
tidy_filter.tidy_path
The virtualhostfilter changes the ObjectPath based on the Host. Use this filter when running multiple sites within one CP server.
The virtualhostfilter has the following configuration options:
virtual_host_filter.prefix, '/'
The wsgiappfilter allows the application developer or deployer to mount WSGI-compatible applications and middleware to locations on the CherryPy object tree.
Applications can be added to the tree by using the cherrypy.lib.cptools.WSGIApp convenience class to directly mount applications to the CherryPy tree. You can also add an instance of the filter to a class's _cp_filters list.
The cherrypy.lib.cptools.WSGIApp and WSGIAppFilter class contsructors takes the following parameters:
wsgi_app (required) - the WSGI application callable.
env_update - a optional dictionary of parameters used to update the WSGI environment.
The xmlrpcfilter converts XMLRPC to the CherryPy2 object system and vice-versa.
PLEASE NOTE: before_request_body: Unmarshalls the posted data to a methodname and parameters. - These are stored in cherrypy.request.rpcMethod and .rpcParams - The method is also stored in cherrypy.request.path, so CP2 will find the right method to call for you, based on the root's position. before_finalize: Marshalls cherrypy.response.body to xmlrpc. - Until resolved: cherrypy.response.body must be a python source string; this string is 'eval'ed to return the results. This will be resolved in the future. - Content-Type and Content-Length are set according to the new (marshalled) data
The xmlrpcfilter does not have any configuration options.
CherryPy 2.1 supports arbitrary WSGI servers, and includes its own WSGI server (the default). This means that you should be able to deploy your CherryPy application using Apache or IIS (among others) without any changes to your application--only the deployment scripts will change.