当我们实现一个Web应用(application)的时候,通常不会考虑如何接受HTTP请求、解析HTTP请求、发送HTTP响应等等,我们只关心处理逻辑,而不用去关心HTTP规范的细节。
之所以有这层透明,是因为Web Server和Web Application之间有一套规范的接口,这套接口帮我们隐藏了很多HTTP相关的细节。这套接口规范就是WSGI(Web Server Gateway Interface)。
Web Server和Web Application都实现WSGI规范,然后各司其职:
- Web Server:接收来自客户端的HTTP,然后将请求交给Web Application
- Web Application:根据请求来调用相应的处理逻辑,生成response;通过Web Server把response发送给客户端
下面就一步步看下WSGI规范的更多内容。
Application Interface
上面了解到,Web Server和Web Application端都要遵守WSGI规范。对于实现WSGI的Web Application端,必须是一个callable的对象(类,函数,方法等等,实现__call__魔术方法的对象),这个callable对象需要满足下面两个条件:
-
包含两个参数
- 一个dict对象,Web Server会将HTTP请求相关的信息添加到这个字典中,供Web application使用
- 一个callback函数,Web application通过这个函数将HTTP status code和headers发送给Web Server
- 以字符串的形式返回response,并且包含在可迭代的list中
下面就是一个实现Application Interface的一个application函数:
# This is an application object. It could have any name, except when using mod_wsgi where it must be "application"
# The application object accepts two arguments
# This is an application object. It could have any name, except when using mod_wsgi where it must be "application"
# The application object accepts two arguments
def application(
# environ points to a dictionary containing CGI like environment variables
# which is filled by the server for each received request from the client
environ,
# start_response is a callback function supplied by the server
# which will be used to send the HTTP status and headers to the server
start_response):
# build the response body possibly using the environ dictionary
response_body = 'The request method was %s' % environ['REQUEST_METHOD']
# HTTP response code and message
status = '200 OK'
# These are HTTP headers expected by the client.
# They must be wrapped as a list of tupled pairs:
# [(Header name, Header value)].
response_headers = [('Content-Type', 'text/plain'), ('Content-Length', str(len(response_body)))]
# Send them to the server using the supplied function
start_response(status, response_headers)
# Return the response body.
# Notice it is wrapped in a list although it could be any iterable.
return [response_body]
看看Environment dict
在Python中就有一个WSGI server,我们可以直接使用。
在下面的这个例子中,WSGI server监听了"localhost:8080",并绑定了一个支持WSGI规范的application对象;application对象就会处理来自8080端口,并将"Environment dict"的内容生产response传给WSGI server。
# WSGI server in Python
from wsgiref.simple_server import make_server
def application(environ, start_response):
# Sorting and stringifying the environment key, value pairs
response_body = ['%s: %s' % (key, value)
for key, value in sorted(environ.items())]
response_body = '
'.join(response_body)
status = '200 OK'
response_headers = [('Content-Type', 'text/plain'),
('Content-Length', str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
# Instantiate the WSGI server.
# It will receive the request, pass it to the application
# and send the application's response to the client
httpd = make_server(
'localhost', # The host name.
8080, # A port number where to wait for the request.
application # Our application object name, in this case a function.
)
# Wait for a single request, serve it and quit.
httpd.handle_request()
# Keep the server always alive with serve_forever()
# httpd.serve_forever()
注意,在application对象返回的时候,我们使用的是"return [response_body]",当我们改成"return response_body"之后,一样可以工作,但是效率会很低,因为返回的时候会去迭代response字符串中的每一个字符。所以,当处理response字符串的时候,最好是将它包在一个可迭代对象中,例如list。
通过浏览器访问后,就可以得到"Environment dict"的内容,这些都是WSGI server提供的信息,包括了HTTP请求的相关信息。
处理GET请求
当我们执行一个如下的GET请求:
http://127.0.0.1:8080/?name=wilber&hobbies=software
QUERY_STRING(URL中"?"之后的部分)和REQUEST_METHOD这些信息会包含在"Environment dict",从application中可以很方便的得到这些信息。
在application中,可以使用cgi模块中的parse_qs函数得到一个由QUERY_STRING生成的字典,方便我们取出请求的变量信息。
同时,为了避免客户端的输入可能存在的脚本注入,可以使用cgi模块中的escape函数对输入进行一次过滤。
下面直接看例子:
from wsgiref.simple_server import make_server
from cgi import parse_qs, escape
html = """
<html>
<body>
<form method="get" action="/">
<p>
Name: <input type="text" name="name">
</p>
<p>
Hobbies:
<input name="hobbies" type="checkbox" value="running"> running
<input name="hobbies" type="checkbox" value="swimming"> swimming
<input name="hobbies" type="checkbox" value="reading"> reading
</p>
<p>
<input type="submit" value="Submit">
</p>
</form>
<p>
Name: %s<br>
Hobbies: %s
</p>
</body>
</html>"""
def application(environ, start_response):
print "QUERY_STRING: %s" %environ['QUERY_STRING']
print "REQUEST_METHOD: %s" %environ['REQUEST_METHOD']
# Returns a dictionary containing lists as values.
d = parse_qs(environ['QUERY_STRING'])
# In this idiom you must issue a list containing a default value.
name = d.get('name', [''])[0] # Returns the first name value.
hobbies = d.get('hobbies', []) # Returns a list of hobbies.
# Always escape user input to avoid script injection
name = escape(name)
hobbies = [escape(hobby) for hobby in hobbies]
response_body = html % (name or 'Empty',
', '.join(hobbies or ['No Hobbies']))
status = '200 OK'
# Now content type is text/html
response_headers = [('Content-Type', 'text/html'),
('Content-Length', str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
httpd = make_server('localhost', 8080, application)
# Now it is serve_forever() in instead of handle_request().
# In Windows you can kill it in the Task Manager (python.exe).
# In Linux a Ctrl-C will do it.
httpd.serve_forever()
从结果中可以看到,请求URL中的QUERY_STRING被WSGI server填入了"Environment dict"中。
处理POST请求
当执行一个POST请求的时候,query string是不会出现在URL里面的,而是会包含在request body中。
对于WSGI server,request body存放在"Environment dict"中(environ['wsgi.input']),environ['wsgi.input']对应的是一个file object,可以通过读取文件的方式读取request body。同时,environ.get('CONTENT_LENGTH', 0)中存放着request body的size,我们可以根据这个值来读取适当长度的request body。
看下面的例子:
from wsgiref.simple_server import make_server
from cgi import parse_qs, escape
html = """
<html>
<body>
<form method="post" action="parsing_post.wsgi">
<p>
Name: <input type="text" name="name">
</p>
<p>
Hobbies:
<input name="hobbies" type="checkbox" value="running"> running
<input name="hobbies" type="checkbox" value="swimming"> swimming
<input name="hobbies" type="checkbox" value="reading"> reading
</p>
<p>
<input type="submit" value="Submit">
</p>
</form>
<p>
Name: %s<br>
Hobbies: %s
</p>
</body>
</html>
"""
def application(environ, start_response):
# the environment variable CONTENT_LENGTH may be empty or missing
try:
request_body_size = int(environ.get('CONTENT_LENGTH', 0))
except (ValueError):
request_body_size = 0
# When the method is POST the query string will be sent
# in the HTTP request body which is passed by the WSGI server
# in the file like wsgi.input environment variable.
request_body = environ['wsgi.input'].read(request_body_size)
d = parse_qs(request_body)
print "wsgi.input %s" %environ['wsgi.input']
print "request_body_size %s" %environ.get('CONTENT_LENGTH', 0)
print "request_body %s" %request_body
name = d.get('name', [''])[0] # Returns the first name value.
hobbies = d.get('hobbies', []) # Returns a list of hobbies.
# Always escape user input to avoid script injection
name = escape(name)
hobbies = [escape(hobby) for hobby in hobbies]
response_body = html % (name or 'Empty',
', '.join(hobbies or ['No Hobbies']))
status = '200 OK'
response_headers = [('Content-Type', 'text/html'),
('Content-Length', str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
httpd = make_server('localhost', 8080, application)
httpd.serve_forever()
通过结果,我们可以看到environ字典中对应的"wsgi.input"和"CONTENT_LENGTH",以及读取出来的"request body"。
总结
本文介绍了WSGI的一些基本内容,以及如何解析GET和POST请求中的参数。
通过WSGI这个规范,Web application的开发人员可以不用关心HTTP协议中的细节问题。