Andrew McNamara
2011-04-27 09:33:47 UTC
OVERVIEW
Albatross is a small toolkit for developing highly stateful web applications.
The toolkit has been designed to take a lot of the pain out of constructing
python web applications.
In slightly more than 4000 lines of Python (according to pycount) you get the
following:
An extensible HTML templating system similar to DTML including tags for:
- Conditional processing.
- Macro definition and expansion.
- Sequence iteration and pagination.
- Tree browsing.
- Lookup tables to translate Python values to arbitrary template text.
Application classes which offer the following features:
- Optional server side or browser side sessions.
- The ability to place Python code for each page in a dynamically loaded
module, or to place all page processing code in a single mainline.
The ability to deploy applications as CGI, FastCGI, mod_python or a pure
python HTTP server by changing less than 10 lines of code.
The toolkit application functionality is defined by a collection of fine
grained mixin classes. Nine different application types and six different
execution contexts are prepackaged, you are able to define your own drop
in replacements for any of the mixins to alter any aspect of the toolkit
semantics.
Application deployment is controlled by your choice of either cgi, FastCGI,
mod_python, or BaseHTTPServer Request class. It should be possible to
develop a Request class for Medusa or Twisted to allow applications to be
deployed on those platforms with minimal changes.
Albatross comes with over 200 pages of documentation. HTML and PDF formatted
documentation is available from the toolkit homepage.
The toolkit homepage:
http://www.object-craft.com.au/projects/albatross/
The Albatross mailing list subscription and archives:
http://object-craft.com.au/cgi-bin/mailman/listinfo/albatross-users
CHANGES SINCE 1.40:
===================
New Features
------------
* Template evaluation namespaces
Evaluation of expressions in templates normally takes place within the
scope of ctx.locals. The new <al-namespace> tag allows you to switch
temporarily to a subordinate namespace. Expression evaluation will take
place with respect to that namespace, and input names will automatically
be prefixed with the name of the namespace.
For example:
class Field:
prompt = 'Enter age'
data = 23
field = Field()
And
<al-namespace name="field">
<al-value expr="prompt">: <al-input name="data" whitespace>
</al-namespace>
Would produce:
Enter age: <input name="field.data" value="23" />
A namespace="..." attribute has also been added to the <al-expand> and
<al-for> tags allowing you to execute their contained content in the
specified namespace.
* Easier selection of Application and Context classes
A new get_app_classes(page_model, context_model) function has been added
that makes choosing Application and Context classes easier. Previously,
you had to choose between one of twelve Application classes and match
this with an appropriate Context class. With the get_app_classes()
function, you just need to choose a page model and a session model,
and the appropriate Application and Context classes are returned. For
more information, see the "Prepackaged Application and Execution Context
Classes" section of the manual.
* Albatross command line and quick-start application skeleton
An albatross command line utility has been added. This utility currently
has four sub-commands:
* create - creates the basic framework of an application.
* add-page - adds a page to an application so created.
* serve - starts a stand-alone development server for the specified
application.
* session-server - starts a session server (see "Session Server Daemon"
in the "Guide to Building Applications" section of the manual for
more information).
This makes it very easy to get started writing Albatross applications:
$ albatross create myapp
$ cd myapp
$ ls
app.ini app.py pages session static
$ ls pages
environment.html macros.html new_session.py session_expired.html
environment.py main.html page_not_found.html uncaught_exception.html
__init__.py main.py raise_exception.py unhandled_exception.html
1$ ls static
alxform.css favicon.ico logo.png style.css
$ albatross serve
Starting web server for "myapp" on port 8000
Stop the server with Ctrl-C
http://localhost:8000/
Enhancements
------------
* A new alternative to the noescape attribute has been implemented that
allows a data source to signal that a given string does not require
escaping when it is rendered by template execution by casting it to the
htmlsafe() type. This moves the responsibility for this potentially risky
action from the template closer to the code that generated the string.
The htmlsafe() type can also be used to selectively disable the escaping
of evaluated attributes.
While the "noescape" attribute still works, it's scope has been reduced,
and it should be considered deprecated.
* RandomModular applications will now attempt to render an
application-supplied page_not_found.html template, before falling back
to an internal "URL .. was not found on this server" message.
* A simple logging mechanism has been added. Calling the
Application.set_logger(logger) method with a logger compatible with the
standard python logging module registers that logger with the application.
Exceptions will be logged to the logger at "error" level, and a ctx.log(msg)
method allows messages to be logged at "info" level.
Incompatibilities
-----------------
* As of version 1.42, Albatross no longer supports Python 2.3 - version
2.4 or up is required (Python 3 is not supported at this time).
* Application.handle_exception(ctx, req) no longer escapes the python and
template tracebacks before executing any application-supplied trackback
template. As this change could result in a potential security problem, the
application-supplied exception template has been renamed from traceback.html
to uncaught_exception.html. If you used this functionality, you must
remove "noescape" from your traceback.html template before renaming it
to uncaught_exception.html.
* SessionExpired handling was made consistent across session
models and SessionExpired is now caught by the Application.run()
method. When run() catches a SessionExpired exception, it calls
Application.handle_session_expired(). This method attempts to display an
application-supplied session_expired.html template before falling back
to an internal "Your session has expired" message.
* The noescape attribute (which disables the escaping of special HTML
characters) is now only honoured for tag content, not tag attributes.
Formerly, noescape on a tag would turn off escaping of all attributes
and tag content. On reflection, this is too broad to be used safely. The
noescape attribute will now raise an exception if used on any tag other than
<al-option>, <al-select>, <al-textarea> or <al-value>, and only applies to
the tag content. The new htmlsafe() mechanism provides an alternative way to
disable escaping of evaluated attributes (see "Escaping generated content"
in the "Templates Reference" section of the manual for more information).
* The session daemon al-session-daemon and the stand-alone development
server al-httpd are now part of the Albatross command line tool. Usage
remains largely the same, but rather than invoking al-session-daemon
start, use albatross session-server start, and rather than al-httpd
module.app 8080, use albatross serve --port=8080 module.app. You can
also symlink the albatross script to al-session-daemon and al-httpd.
For more information on the session server, see "Session Server Daemon"
in the "Guide to Building Applications" section of the manual, and for
more information on the stand-alone development server, see "Stand-alone
Python HTTP Server Deployment".
Bug Fixes
---------
* If an application supplied it's own traceback.html template, the HTML
headers would be emitted twice. Also see the important note above regarding
escaping of the tracebacks and renaming the template.
* PageModuleMixin.load_page_module() now raises a new PageNotFound exception
(a subclass of ApplicationError) if the page module is not found.
This addresses a bug where the RandomPageModuleMixin would not reliably
handle an unknown page.
* The standard exception handling bypasses the context logic, writing
directly to the Request object. This created an issue with the session
cookie not being cleared when an exception occurred. The exception handler
now explicitly adds a "Set-Cookie:" header to clear the application cookie.
Albatross is a small toolkit for developing highly stateful web applications.
The toolkit has been designed to take a lot of the pain out of constructing
python web applications.
In slightly more than 4000 lines of Python (according to pycount) you get the
following:
An extensible HTML templating system similar to DTML including tags for:
- Conditional processing.
- Macro definition and expansion.
- Sequence iteration and pagination.
- Tree browsing.
- Lookup tables to translate Python values to arbitrary template text.
Application classes which offer the following features:
- Optional server side or browser side sessions.
- The ability to place Python code for each page in a dynamically loaded
module, or to place all page processing code in a single mainline.
The ability to deploy applications as CGI, FastCGI, mod_python or a pure
python HTTP server by changing less than 10 lines of code.
The toolkit application functionality is defined by a collection of fine
grained mixin classes. Nine different application types and six different
execution contexts are prepackaged, you are able to define your own drop
in replacements for any of the mixins to alter any aspect of the toolkit
semantics.
Application deployment is controlled by your choice of either cgi, FastCGI,
mod_python, or BaseHTTPServer Request class. It should be possible to
develop a Request class for Medusa or Twisted to allow applications to be
deployed on those platforms with minimal changes.
Albatross comes with over 200 pages of documentation. HTML and PDF formatted
documentation is available from the toolkit homepage.
The toolkit homepage:
http://www.object-craft.com.au/projects/albatross/
The Albatross mailing list subscription and archives:
http://object-craft.com.au/cgi-bin/mailman/listinfo/albatross-users
CHANGES SINCE 1.40:
===================
New Features
------------
* Template evaluation namespaces
Evaluation of expressions in templates normally takes place within the
scope of ctx.locals. The new <al-namespace> tag allows you to switch
temporarily to a subordinate namespace. Expression evaluation will take
place with respect to that namespace, and input names will automatically
be prefixed with the name of the namespace.
For example:
class Field:
prompt = 'Enter age'
data = 23
field = Field()
And
<al-namespace name="field">
<al-value expr="prompt">: <al-input name="data" whitespace>
</al-namespace>
Would produce:
Enter age: <input name="field.data" value="23" />
A namespace="..." attribute has also been added to the <al-expand> and
<al-for> tags allowing you to execute their contained content in the
specified namespace.
* Easier selection of Application and Context classes
A new get_app_classes(page_model, context_model) function has been added
that makes choosing Application and Context classes easier. Previously,
you had to choose between one of twelve Application classes and match
this with an appropriate Context class. With the get_app_classes()
function, you just need to choose a page model and a session model,
and the appropriate Application and Context classes are returned. For
more information, see the "Prepackaged Application and Execution Context
Classes" section of the manual.
* Albatross command line and quick-start application skeleton
An albatross command line utility has been added. This utility currently
has four sub-commands:
* create - creates the basic framework of an application.
* add-page - adds a page to an application so created.
* serve - starts a stand-alone development server for the specified
application.
* session-server - starts a session server (see "Session Server Daemon"
in the "Guide to Building Applications" section of the manual for
more information).
This makes it very easy to get started writing Albatross applications:
$ albatross create myapp
$ cd myapp
$ ls
app.ini app.py pages session static
$ ls pages
environment.html macros.html new_session.py session_expired.html
environment.py main.html page_not_found.html uncaught_exception.html
__init__.py main.py raise_exception.py unhandled_exception.html
1$ ls static
alxform.css favicon.ico logo.png style.css
$ albatross serve
Starting web server for "myapp" on port 8000
Stop the server with Ctrl-C
http://localhost:8000/
Enhancements
------------
* A new alternative to the noescape attribute has been implemented that
allows a data source to signal that a given string does not require
escaping when it is rendered by template execution by casting it to the
htmlsafe() type. This moves the responsibility for this potentially risky
action from the template closer to the code that generated the string.
The htmlsafe() type can also be used to selectively disable the escaping
of evaluated attributes.
While the "noescape" attribute still works, it's scope has been reduced,
and it should be considered deprecated.
* RandomModular applications will now attempt to render an
application-supplied page_not_found.html template, before falling back
to an internal "URL .. was not found on this server" message.
* A simple logging mechanism has been added. Calling the
Application.set_logger(logger) method with a logger compatible with the
standard python logging module registers that logger with the application.
Exceptions will be logged to the logger at "error" level, and a ctx.log(msg)
method allows messages to be logged at "info" level.
Incompatibilities
-----------------
* As of version 1.42, Albatross no longer supports Python 2.3 - version
2.4 or up is required (Python 3 is not supported at this time).
* Application.handle_exception(ctx, req) no longer escapes the python and
template tracebacks before executing any application-supplied trackback
template. As this change could result in a potential security problem, the
application-supplied exception template has been renamed from traceback.html
to uncaught_exception.html. If you used this functionality, you must
remove "noescape" from your traceback.html template before renaming it
to uncaught_exception.html.
* SessionExpired handling was made consistent across session
models and SessionExpired is now caught by the Application.run()
method. When run() catches a SessionExpired exception, it calls
Application.handle_session_expired(). This method attempts to display an
application-supplied session_expired.html template before falling back
to an internal "Your session has expired" message.
* The noescape attribute (which disables the escaping of special HTML
characters) is now only honoured for tag content, not tag attributes.
Formerly, noescape on a tag would turn off escaping of all attributes
and tag content. On reflection, this is too broad to be used safely. The
noescape attribute will now raise an exception if used on any tag other than
<al-option>, <al-select>, <al-textarea> or <al-value>, and only applies to
the tag content. The new htmlsafe() mechanism provides an alternative way to
disable escaping of evaluated attributes (see "Escaping generated content"
in the "Templates Reference" section of the manual for more information).
* The session daemon al-session-daemon and the stand-alone development
server al-httpd are now part of the Albatross command line tool. Usage
remains largely the same, but rather than invoking al-session-daemon
start, use albatross session-server start, and rather than al-httpd
module.app 8080, use albatross serve --port=8080 module.app. You can
also symlink the albatross script to al-session-daemon and al-httpd.
For more information on the session server, see "Session Server Daemon"
in the "Guide to Building Applications" section of the manual, and for
more information on the stand-alone development server, see "Stand-alone
Python HTTP Server Deployment".
Bug Fixes
---------
* If an application supplied it's own traceback.html template, the HTML
headers would be emitted twice. Also see the important note above regarding
escaping of the tracebacks and renaming the template.
* PageModuleMixin.load_page_module() now raises a new PageNotFound exception
(a subclass of ApplicationError) if the page module is not found.
This addresses a bug where the RandomPageModuleMixin would not reliably
handle an unknown page.
* The standard exception handling bypasses the context logic, writing
directly to the Request object. This created an issue with the session
cookie not being cleared when an exception occurred. The exception handler
now explicitly adds a "Set-Cookie:" header to clear the application cookie.
--
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/