|
Eric Brunson
brunson at brunson.com
Wed Sep 20 13:29:56 EDT 2006
I should have proofread this *before* I sent it. Eric Brunson wrote: > durumdara wrote: >> Hi ! > > Hi, > >> >> I want to understand the modpy technics, to I create good structure >> for my new modpy site. An example needed. > > I'm by no means an expert, but I think I can address a couple of your > questions, I'm sure someone will correct me if I steer you wrong. > >> >> I used PHP, Zope, CGI before this project. > I've used PHP and CGI, but never Zope, so I won't be able to make any > comparisons to Zope. >> >> If I understand it good, I can specify one handler script for one >> directory. >> Anywhere, where I specify a handler, the handler script working for >> all .py (both for existing and not existing). > > Not precisely (and someone please help out if I express this > incorrectly). You can add a handler for dealing with .py files in > which case .py files will be handled by that handler, or you can set a > handler for URLs, which will perform a sort of module resolution > algorithm on the URL. This statement applies to the mod_python.publisher handler. A handler that you write doesn't have to do any module resolution, you can parse and handle the URL however you see fit. > In the first case, which I'm least familiar with, if you associate a > handler with a .py file, referencing a file that doesn't exist will > give you a 404 error. > > In the second case apache passes the URL to a python handler, like the > supplied publisher handler, which is advertised to be modeled after > Zope's publisher, but I don't know anything about that. Say I have a > directory called ip_management (which I do) and you access that > directory via the URL "http://yourserver/ip_management", and in there > you have a .htaccess file containing: > > SetHandler python-program > PythonHandler mod_python.publisher > > You have set the handler for that directory to be the > mod_python.publisher handler, even if a file "example.html" exists in > that directory, apache will not server the contents of that file when > the URL "http://yourserver/ip_management/example.html" is requested. > It passes the URL to the specified handler and that python code > decides what to do with it. If your python code decides to look for a > file with that name and serve the contents, then great, but it doesn't > have to. > > The mod_python.publisher will break the URL up and try to find a > python module that will satisfy its own rules. In a simple sense, it > takes the part of the URL after the directory specification and tries > to find a module that contains a function of the same name. So > "http://yourserver/ip_management/something/otherthing" will result in > the publisher looking for a module called "something" with a function > called "otherthing" inside it, then will execute the function > "otherthing". If at any point it doesn't find a file or directory > with the module name it will look through a file called "index.py" for > the function name. If it finds a module that matches the fill path, > i.e. "something.otherthing" then it will try to execute a function > called "index". > > You can write your own handler that will simply be passed the apache > request object and you can do whatever your heart desires with it. > >> So if I need a centralized web application, I need to import a shared >> module that helps me to start and finish to handle the process >> (example: pre - collect the important informations, make global >> variables, open the db connections, open the session datas; post - >> save the session if need, close the db connection, drop the content >> if we have redirection, etc.). I thinking good ? > > Sure, you can do whatever your heart desires in your handler. > >> >> 1.) >> But I need to protect some area in the htdocs (restricted area). How >> to I force it ? (auth module ?). I need to define to every dir I used >> (httpd.conf) ? > > There's an example of writing an auth handler in the documentation. > The publisher handler makes it super simple, simply defining a > __auth__ object in the module, either a list, dict or function, you > can authenticate a user using Basic HTTP Auth mechanism. You can also > define an __auth__ method within your method. There is also a > separate __access__ object that can restrict authenticated users do > certain functions. > > I personally let Apache do the authorization, then use __access__ to > restrict access. Your milage may vary. > >> >> 2.) >> In Zope the header/footer objects used for handle the pre/post >> actions, and the zpts/scripts used for make the content of the page. >> Is better to I use psp-s that call pre/post scripts, or is better if >> I use py scripts, and they are get psp-s I need ? > > I'm not qualified to judge your architecture. I don't use PSP, I > found it a bit cumbersome, I do all my processing in the handler, > build my own sort of "mini DOM" objects that can render themselves. > Your way should work, whether there's a better design is a matter of > taste. > >> >> 3.) >> How to avoid to user type any .py to browser's address textbox, and >> get same result that handler present ? >> Example: I use main.py for handle requests. The address is: >> www.foo.hu/main.py. >> The user can type www.foo.hu/sux.py, and get same result ! > > It's up to the handler. Using Apache's "AddHandler somehandler .py" > to add a handler for python scripts will not serve a non-existent > file, you will get a 404. The publisher handler will not server > content to a URL you have not defined in your code, you will get a > 404. If you write your own handler you can do whatever your heart > desires. > >> >> 4.) >> How to prevent the .py extension showing in the browser ? >> To I see (can type): >> www.foo.hu/ >> or >> www.foo.hu/index >> not >> www.foo.hu/index.py. >> I want to protect my site - if anyone see it, he/she don't know, what >> engine I used. > > Please see the answer to #3. > >> >> >> Thanks for your answers: >> dd > > I'm still learning the intricacies of mod_python myself, but > everything I've told you is very well documented. Try reading through > the docs, I had to go through them a few times before the puzzle > pieces started falling into place. It helps to have a passing > understanding of the Apache API and the Apache request objects. > > Hope that helped, > e. > > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python
|