1. 1 web.py http web.py

2. 2 Agenda Introduction to http URL, URI Method: GET, POST Response Code: 200, 400, 401 Introduction to web.py

3. 3 HTTP HyperText Transport Protocol Language of the Web protocol used for communication between web browsers and web servers TCP port 80 (443 secure) RFC 2616 (ver 1.1)

4. 4 Frames

5. 5 URI,URN,URL Uniform Resource Identifier Information about a resource Uniform Resource Name The name of the resource with in a namespace Uniform Resource Locator How to find the resource, a URI that says how to find the resource

6. 6 HTTP - methods Methods (cont.) PUT Used to transfer data from the client to the server HEAD requests URLs status header only used for conditional URL handling for performance enhancement schemes –retrieve URL only if not in local cache or date is more recent than cached copy

7. 7 HTTP - URLs URL Uniform Resource Locator protocol (http, ftp, news) host name (name.domain name) port (usually 80 but many on 8080) directory path to the resource resource name http://xxx.myplace.com/www/index.html http://xxx.myplace.com:80/cgi-bin/t.exe

8. 8 HTTP - methods Methods GET retrieve a URL from the server –simple page request –run a program –run a program with arguments attached to the URL POST preferred method for forms processing run a program parameterized data more secure and private

9. 9 HTTP Request Packets Sent from client to server Consists of HTTP header header is hidden in browser environment contains: content type / mime type content length user agent - browser issuing request content types user agent can handle and a URL

10. 10 HTTP Request Headers Precede HTTP Method requests headers are terminated by a blank line Header Fields: From Accept Accept-Encoding Accept Language

11. 11 HTTP Request Headers (cont.) Referer Authorization Charge-To If-Modified-Since Pragma

12. 12 Accept: List of schemes which will be accepted by client = Accept: * [, ] = *[; ] = = = q / mxs / mxb = Accept: text/html Accept: audio/basic q-1 if no Accept is found; plain/text is assumed may contain wildcards (*)

13. 13 Accept-Encoding Like Accept but list is a list of acceptable encoding schemes Ex Accept-Encoding: x-compress;x-zip

14. 14 User-Agent Software product used by original client = User-Agent: = [/ ] = Ex. User-Agent: IBM WebExplorer DLL /v960311

15. 15 Referer For Server’s benefit, client lists URL od document (or document type) from which the URL in request was obtained. Allows server to generate back-links, logging, tracing of bad links… Ex. Referer: http:/www.w3.com/xxx.html

16. 16 Authorization: For Password and authentication schemes Ex. Authorization: user fred:mypassword Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

17. 17 ChargeTo: Accounting information Accounting system dependent

18. 18 Pragma: Same format as accept for servers should be passed through proxies, but used by proxy only pragma currently defined is no- cache; proxy should get document from owning server rather than cache

19. 19 Modified-Since: Used with GET to make a conditional GET if requested document has not been modified since specified date a Modified 304 header is sent back to client instead of document client can then display cached version

20. Response Packets Sent by server to client browser in response to a Request Packet

21. Status Header “HTTP/1.0 sp code” Codes: 1xx - reserved for future use 2xx - successful, understood and accepted 3xx - further action needed to complete 4xx - bad syntax in client request 5xx - server can’t fulfill good request

22. HTTP Response Headers Sent by server to client browser Status Header Entities Content-Encoding: Content-Length: Content-Type: Expires: Last-Modified: extension-header Body – content (e.g., html)

23. Status Codes 200 OK 201 created 202 accepted 204 no content 301 moved perm. 302 moved temp 304 not modified 400 bad request 401 unauthorized 403 forbidden 404 not found 500 int. server error 501 not impl. 502 bad gateway 503 svc not avail

24. Statelessness Because of the Connect, Request, Response, Disconnect nature of HTTP it is said to be a stateless protocol i.e. from one web page to the next there is nothing in the protocol that allows a web program to maintain program “state” (like a desktop program). “state” can be maintained by “witchery” or “trickery” if it is needed

25. Maintaining program “state” Hidden variables ( Sessions Special header tags interpreted by the server Used by ASP, PHP, JSP –Implemented at the language api level

26. 26 Agenda Introduction to http Introduction to web.py mvc model controller view CRUD

27. 27 web.py MVC Controller: URI handler accept http request process http request using model generate http response using view return http response

28. 28 web.py MVC Model manage python and database objects View http response

29. 29 web.py Todo Demo /schema.sql /templates: /templates/base.html /templates/index.html /model.py /todo.py

30. 30 web.py Todo Demo /schema.sql (Backend) /templates: (VIEW) /templates/base.html (static) /templates/index.html (dynamic) /model.py (MODEL) /todo.py (CONTROLLER)

31. 31 database schema.sql CREATE TABLE todo ( id INT AUTO_INCREMENT, title TEXT, primary key (id) );

32. 32 database model.py import web db = web.database(dbn='mysql', db='test', user='')

33. 33 Model model.py import web db = web.database(dbn='mysql', db='test', user='') def get_todos(): return db.select('todo', order='id') def new_todo(text): db.insert('todo', title=text) def del_todo(id): db.delete('todo', where="id=$id", vars=locals())

34. 34 View templates/base.html $def with (page) Todo list $:page

35. 35 View templates/index.html $def with (todos, form) $for todo in todos: $todo.id $todo.title

36. 36 View templates/index.html $def with (todos, form) … $:form.render()

37. 37 Controller: url mapping todo.py import web import model urls = ( '/', 'Index', '/(\d+)', 'Index', '/del/(\d+)', 'Delete' )

38. 38 Controller: handling GET / todo.py ### Templates render = web.template.render('templates', base='base') class Index: form = web.form.Form( web.form.Textbox('title', web.form.notnull, description="I need to:"), web.form.Button('Add todo'), ) def GET(self): """ Show page """ todos = model.get_todos() form = self.form() return render.index(todos, form)

39. 39 Controller: handling POST / todo.py class Index: def POST(self): """ Add new entry """ form = self.form() if not form.validates(): todos = model.get_todos() return render.index(todos, form) model.new_todo(form.d.title) raise web.seeother('/')

40. 40 Controller: handling POST /del todo.py class Delete: def POST(self, id): """ Delete based on ID """ id = int(id) model.del_todo(id) raise web.seeother('/')

41. 41 MVC: GET / flow Client GET http://localhost:8080/http://localhost:8080/ Server Index::GET (controller, todo.py) model.get_todos (model.py) render http response (view) –templates/base.html –templates/index.html return http response

42. 42 MVC: GET / flow curl -v -X GET http://localhost:8080/http://localhost:8080/ * Connected to localhost (127.0.0.1) port 8080 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5 > Host: localhost:8080 > Accept: */* >

43. 43 MVC: GET / flow curl -v -X GET http://localhost:8080/http://localhost:8080/ < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < Transfer-Encoding: chunked < Date: Fri, 13 Feb 2015 05:30:34 GMT < Server: localhost Todo list...

44. 44 MVC: POST / flow Client POST http://localhost:8080/http://localhost:8080/ Server Index::POST (controller, todo.py) validate input if input invalid, render http response (view) –templates/base.html –templates/index.html return http response

45. 45 MVC: POST / flow Client POST http://localhost:8080/http://localhost:8080/ Server Index::POST (controller, todo.py) validate input if input valid –model.new_todo (model.py) seeother /

46. 46 MVC: POST / flow curl -v -d 'title=cleaningxx' -X POST localhost:8080 Connected to localhost (127.0.0.1) port 8080 (#0) > POST / HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5 > Host: localhost:8080 > Accept: */* > Content-Length: 16 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 16 out of 16 bytes

47. 47 MVC: POST / flow curl -v -d 'title=cleaningxx' -X POST localhost:8080 < HTTP/1.1 303 See Other < Content-Type: text/html < Location: http://localhost:8080/ < Transfer-Encoding: chunked < Date: Fri, 13 Feb 2015 01:41:35 GMT < Server: localhost < * Connection #0 to host localhost left intact * Closing connection #0

48. 48 MVC: POST /del Client POST http://localhost:8080/del/1 Server Delete::POST (controller, todo.py) model.delete_todo (model.py) seeother /

49. 49 MVC: POST /del flow $ curl -v -X POST localhost:8080/del/1 * Connected to localhost (127.0.0.1) port 8080 (#0) > POST /del/1 HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5 > Host: localhost:8080 > Accept: */* >

50. 50 MVC: POST /del flow $ curl -v -X POST localhost:8080/del/1 < HTTP/1.1 303 See Other < Content-Type: text/html < Location: http://localhost:8080/ < Transfer-Encoding: chunked < Date: Fri, 13 Feb 2015 05:39:14 GMT < Server: localhost < * Connection #0 to host localhost left intact * Closing connection #0

51. 51 MVC: DELETE / Browser form limitation: only GET and POST ### Url mappings urls = ( '/', 'Index', '/(\d+)', 'Index', '/del/(\d+)', 'Delete' ) class Index: def DELETE(self, id): """ Delete based on ID """ id = int(id) model.del_todo(id) raise web.seeother('/')

52. 52 MVC: DELETE / Browser form limitation: only GET and POST $ curl -v -X DELETE localhost:8080/3 * Connected to localhost (127.0.0.1) port 8080 (#0) > DELETE /3 HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5 > Host: localhost:8080 > Accept: */* >

53. 53 MVC: DELETE / $ curl -v -X DELETE localhost:8080/3 < HTTP/1.1 303 See Other < Content-Type: text/html < Location: http://localhost:8080/ < Transfer-Encoding: chunked < Date: Fri, 13 Feb 2015 07:15:52 GMT < Server: localhost <

54. 54 User inputs Form demo /schema.sql /templates: /templates/formtest.html /templates/index.html /form.py

55. 55 User inputs Form demo Database create table form (id int auto_increment primary key, boe char(20), bax int, moe char(20), curly boolean, french char(20), joindate timestamp);

56. 56 User inputs Form demo import web from web import form myform = form.Form( form.Textbox("boe"), form.Textbox("bax", form.notnull, form.regexp('\d+', 'Must be a digit'), form.Validator('Must be more than 5', lambda x:int(x)>5)), form.Textarea('moe'), form.Checkbox('curly'), form.Dropdown('french', ['mustard', 'fries', 'wine']))

57. 57 User inputs Form demo Extract inputs def POST(self): form = myform() if not form.validates(): return render.formtest(form) else: db.insert('form', boe=form.d.boe,bax=form['bax'].value,moe=form.d.moe, curly=form.d.curly, french=form.d.french, joindate=web.SQLLiteral("NOW()"))

58. 58 Database update Blog demo model.py db = web.database(dbn='mysql', user='', pw='', db='test') def update_post(id, title, text): db.update('entries', where="id=$id", vars=locals(), title=title, content=text)

59. 59 Ordering Blog demo model.py db = web.database(dbn='mysql', user='', pw='', db='test') def get_posts(): return db.select('entries', order='id DESC')

60. 60 Datetime import datetime from datetime import timedelta db.insert('entries', title=title, content=text, posted_on=datetime.datetime.utcnow()) db.insert('items', category=category, title=title, price=price, open=True, end_date=datetime.datetime.utcnow()+timedelta(days=7 ))

61. 61 Embed Python in HTML $def with (form, items, category, title, price, open, end_date) $for item in items: $item.id $if category: $item.category $if title: $item.title $if price: $item.price $if open: $item.open $if end_date: $item.end_date View

62. 62 Cookie urls = ('/bid', 'Bid', '/bid/(\d+)', 'Bid' ) class Bid: def GET(self, id): web.setcookie('id', item.id) return render.bid(item, bid) def POST(self): id = web.cookies().get('id') model.new_bid(id, bid.d.buyer, bid.d.price); raise web.seeother('/view/' + id)