brunson at brunson.com
Wed Sep 20 13:24:40 EDT 2006
durumdara wrote: > Hi ! Hi, > > I want to understand the modpy technics, to I create good structure > for my new modpy site. An example needed. I'm by no means an expert, but I think I can address a couple of your questions, I'm sure someone will correct me if I steer you wrong. > > I used PHP, Zope, CGI before this project. I've used PHP and CGI, but never Zope, so I won't be able to make any comparisons to Zope. > > If I understand it good, I can specify one handler script for one > directory. > Anywhere, where I specify a handler, the handler script working for > all .py (both for existing and not existing). Not precisely (and someone please help out if I express this incorrectly). You can add a handler for dealing with .py files in which case .py files will be handled by that handler, or you can set a handler for URLs, which will perform a sort of module resolution algorithm on the URL. In the first case, which I'm least familiar with, if you associate a handler with a .py file, referencing a file that doesn't exist will give you a 404 error. In the second case apache passes the URL to a python handler, like the supplied publisher handler, which is advertised to be modeled after Zope's publisher, but I don't know anything about that. Say I have a directory called ip_management (which I do) and you access that directory via the URL "http://yourserver/ip_management", and in there you have a .htaccess file containing: SetHandler python-program PythonHandler mod_python.publisher You have set the handler for that directory to be the mod_python.publisher handler, even if a file "example.html" exists in that directory, apache will not server the contents of that file when the URL "http://yourserver/ip_management/example.html" is requested. It passes the URL to the specified handler and that python code decides what to do with it. If your python code decides to look for a file with that name and serve the contents, then great, but it doesn't have to. The mod_python.publisher will break the URL up and try to find a python module that will satisfy its own rules. In a simple sense, it takes the part of the URL after the directory specification and tries to find a module that contains a function of the same name. So "http://yourserver/ip_management/something/otherthing" will result in the publisher looking for a module called "something" with a function called "otherthing" inside it, then will execute the function "otherthing". If at any point it doesn't find a file or directory with the module name it will look through a file called "index.py" for the function name. If it finds a module that matches the fill path, i.e. "something.otherthing" then it will try to execute a function called "index". You can write your own handler that will simply be passed the apache request object and you can do whatever your heart desires with it. > So if I need a centralized web application, I need to import a shared > module that helps me to start and finish to handle the process > (example: pre - collect the important informations, make global > variables, open the db connections, open the session datas; post - > save the session if need, close the db connection, drop the content if > we have redirection, etc.). I thinking good ? Sure, you can do whatever your heart desires in your handler. > > 1.) > But I need to protect some area in the htdocs (restricted area). How > to I force it ? (auth module ?). I need to define to every dir I used > (httpd.conf) ? There's an example of writing an auth handler in the documentation. The publisher handler makes it super simple, simply defining a __auth__ object in the module, either a list, dict or function, you can authenticate a user using Basic HTTP Auth mechanism. You can also define an __auth__ method within your method. There is also a separate __access__ object that can restrict authenticated users do certain functions. I personally let Apache do the authorization, then use __access__ to restrict access. Your milage may vary. > > 2.) > In Zope the header/footer objects used for handle the pre/post > actions, and the zpts/scripts used for make the content of the page. > Is better to I use psp-s that call pre/post scripts, or is better if I > use py scripts, and they are get psp-s I need ? I'm not qualified to judge your architecture. I don't use PSP, I found it a bit cumbersome, I do all my processing in the handler, build my own sort of "mini DOM" objects that can render themselves. Your way should work, whether there's a better design is a matter of taste. > > 3.) > How to avoid to user type any .py to browser's address textbox, and > get same result that handler present ? > Example: I use main.py for handle requests. The address is: > www.foo.hu/main.py. > The user can type www.foo.hu/sux.py, and get same result ! It's up to the handler. Using Apache's "AddHandler somehandler .py" to add a handler for python scripts will not serve a non-existent file, you will get a 404. The publisher handler will not server content to a URL you have not defined in your code, you will get a 404. If you write your own handler you can do whatever your heart desires. > > 4.) > How to prevent the .py extension showing in the browser ? > To I see (can type): > www.foo.hu/ > or > www.foo.hu/index > not > www.foo.hu/index.py. > I want to protect my site - if anyone see it, he/she don't know, what > engine I used. Please see the answer to #3. > > > Thanks for your answers: > dd I'm still learning the intricacies of mod_python myself, but everything I've told you is very well documented. Try reading through the docs, I had to go through them a few times before the puzzle pieces started falling into place. It helps to have a passing understanding of the Apache API and the Apache request objects. Hope that helped, e.