Progressive enhancement using WSGI                         Matthew Wilkes
/ˈwɪski/A Python API for web applications
Matthew Wilkes•   Zope / Plone core developer.•   Performance and Security work at the Code Distillery•   WSGI/Whisky snob...
WSGI apps    Just an API for handling HTTP requests. Used by:•   Pyramid•   Zope•   CherryPy•   Web2Py•   … most people
Composites    Composites join multiple WSGI    apps together•   Subsite URL Routing•   Management screens
Middlewares    Middlewares are used for changing a webapp’s input/output•   Theming/Design•   Error handling•   Adding fea...
Mistakes…
Python specific•   “Middlewares are easier to    write than normal libraries”•   Cannot assume that you won’t    want to us...
A waste of time•   Simple modifications work best as middlewares•   But, simple modifications are easy in your framework•   ...
The Good bits
Great libraries•   WebOb makes requests easy to deal with.•   The wsgiref WSGI web server is in the Standard Library•   Lo...
Templates•   http://pypi.python.org/pypi/wsgitemplates•   http://pythonpaste.org/deploy/#the-config-file•   http://docs.webo...
But… you said progressive enhancement
CAPTCHAs•   Many ways to do them in Plone•   Archetypes, formlib, z3c.form, custom view,    plone.app.discussion, PloneFor...
CAPTCHAs•   If we’re building a new application we have the most    flexibility.•   We want a boolean, isHuman.•   Simplest...
CAPTCHAs•   Not a very effective CAPTCHA.•   But, many historical CAPTCHAs are now unusable…•   As the enemy is getting be...
The code•   The middleware extracts the    checkboxes from the application    as requests are served.•   CAPTCHAs are gene...
CAPTCHAs•   A small Python class will now work on any web-app    backend.•   If you happen to have another application tha...
The code•   The middleware detects    <form>s as requests are served.•   The checkbox is inserted•   Inbound requests chec...
Overkill?
Maybe.•   Performance damage is very low.•   Decide on the what will save you the most development time in the    long-ter...
Linkshttps://github.com/MatthewWilkes/islay.simplecaptchahttps://github.com/MatthewWilkes/islay.hardercaptcha
The Code Distillery                              BristolQuestions?  Or contact us on:alan@thedistillery.eumatt@thedistille...
Progressive Enhancement using WSGI
Progressive Enhancement using WSGI
Upcoming SlideShare
Loading in …5
×

Progressive Enhancement using WSGI

535 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
535
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Progressive Enhancement using WSGI

  1. 1. Progressive enhancement using WSGI Matthew Wilkes
  2. 2. /ˈwɪski/A Python API for web applications
  3. 3. Matthew Wilkes• Zope / Plone core developer.• Performance and Security work at the Code Distillery• WSGI/Whisky snob.• Developed large applications using WSGI.• Co-author of the Zope’s WSGI support.
  4. 4. WSGI apps Just an API for handling HTTP requests. Used by:• Pyramid• Zope• CherryPy• Web2Py• … most people
  5. 5. Composites Composites join multiple WSGI apps together• Subsite URL Routing• Management screens
  6. 6. Middlewares Middlewares are used for changing a webapp’s input/output• Theming/Design• Error handling• Adding features• URL rewriting• Embargos of information
  7. 7. Mistakes…
  8. 8. Python specific• “Middlewares are easier to write than normal libraries”• Cannot assume that you won’t want to use it on a PHP app in future• Proxies allow heterogenous applications to be composed• Being language agnostic doesn’t mean you will have to write Perl code (it helps you avoid it)
  9. 9. A waste of time• Simple modifications work best as middlewares• But, simple modifications are easy in your framework• “I should just fix it in place”• “This wouldn’t be useful to other people, so I’ll leave it in the customer project”• You’ll likely make another website sometime soon
  10. 10. The Good bits
  11. 11. Great libraries• WebOb makes requests easy to deal with.• The wsgiref WSGI web server is in the Standard Library• Lots of other server frontends to select for production• Paste’s Transparent Proxy lets you test the middleware on any website• lxml makes managing HTML easy• PasteDeploy provides .ini app composition
  12. 12. Templates• http://pypi.python.org/pypi/wsgitemplates• http://pythonpaste.org/deploy/#the-config-file• http://docs.webob.org/en/latest/wiki-example.html
  13. 13. But… you said progressive enhancement
  14. 14. CAPTCHAs• Many ways to do them in Plone• Archetypes, formlib, z3c.form, custom view, plone.app.discussion, PloneFormGen, …• Some code reuse• Not enough• So, middleware?
  15. 15. CAPTCHAs• If we’re building a new application we have the most flexibility.• We want a boolean, isHuman.• Simplest CAPTCHA possible is a checkbox. (Hey! No lying, Spambots!)• So, add that with your favourite form library.
  16. 16. CAPTCHAs• Not a very effective CAPTCHA.• But, many historical CAPTCHAs are now unusable…• As the enemy is getting better, too.• Need to decouple the logic of ‘test for human’ and the method.• Use a WSGI Middleware to rewrite the form.
  17. 17. The code• The middleware extracts the checkboxes from the application as requests are served.• CAPTCHAs are generated and the image inserted.• The valid responses are stored in memory.• Inbound requests check the input and emulate selecting the checkbox.
  18. 18. CAPTCHAs• A small Python class will now work on any web-app backend.• If you happen to have another application that also outputs the checkboxes, this will slot right in front• But… you don’t really want to be adding checkboxes to the legacy apps.• So, middleware?
  19. 19. The code• The middleware detects <form>s as requests are served.• The checkbox is inserted• Inbound requests check if the checkbox is selected• If not, redirect back with form data in GET• Otherwise, remove the checkbox value and POST on.
  20. 20. Overkill?
  21. 21. Maybe.• Performance damage is very low.• Decide on the what will save you the most development time in the long-term.• Need more initial effort for the middleware• But all your deployments that use it can do so without the ‘upgrade the customer site to the latest trunk’ tax that stops you right now.• And it can be open sourced, so others will help you add features.
  22. 22. Linkshttps://github.com/MatthewWilkes/islay.simplecaptchahttps://github.com/MatthewWilkes/islay.hardercaptcha
  23. 23. The Code Distillery BristolQuestions? Or contact us on:alan@thedistillery.eumatt@thedistillery.eu

×