When I woke up this morning I realized there is a big security hole in
my solution. Namely, anyone will be able to download anything that's
in your python lib directories. To prevent this, it will be necessary
to modify the python script to use
toscawidgets.resources.registry.get_prefixed() to determine if a file
is part of a toscawidget or not, and then only serve the file if it's
part of a toscawidget. I will post a full solution later, after I eat
breakfast!
-Ian
On Sep 25, 9:24 pm, Ian Charnas <[EMAIL PROTECTED]> wrote:
> Background: Often with a python web framework using ToscaWidgets, you
> will want to serve your static files with Apache so they will download
> faster. The typical solution involves having ToscaWidgets generate
> the appropriate Apache configuration text to serve the files
> statically.
>
> Problem: The downside to this typical solution is that every time you
> create a new widget, you have to re-generate the configuration and
> reload Apache.
>
> Solution: I have a solution that uses some advanced features of
> mod_rewrite to do this on-the-fly. My solution uses a mod_rewrite
> External Rewriting Engine, which is just a few lines of python code
> that convert a URL into the appropriate file path.
>
> 1. Apache configuration
>
> Let's say you have your web framework (TurboGears, Pylons, or
> whatever) running on port 8080. You want URL's that start with "/
> toscawidgets/resources" to go through the External Rewriting Engine
> and get converted into file paths, and you want all other URLs to be
> proxied to the web framework. Make sure you have mod_rewrite compiled
> and loaded, and then put something like this inside your Server or
> VirtualHost configuration block:
>
> RewriteEngine On
> RewriteMap toscawidgets prg:/path/to/mapper.sh
> RewriteRule ^/toscawidgets/resources/(.*) ${toscawidgets:$1} [L]
> RewriteRule ^/(.*)http://127.0.0.1:8080/$1[P,L]
>
> Not too difficult, right? The first line turns on mod_rewrite's
> RewriteEngine for this Server or VirtualHost. The next line declares
> a "RewriteMap" that points towards a shell script that's responsible
> for doing the External Rewriting (we'll look at that in step 2,
> below). The third line says that for all URLs beginning with /
> toscawidgets/resources, send the rest of the URL to the 'toscawidgets'
> RewriteMap, which is responsible for returning a file path where the
> specified resource lives. The final line proxies all other requests
> to the web framework, like normal.
>
> 2. External Rewriting Engine
>
> So the mapper.sh we specified is our External Rewriting Engine. Wait,
> did I say it was written in python? It is! The shell just activates
> the WorkingEnv that I happen to use, and then exec's the python
> script. You could use the shell script to set your PYTHONPATH, or
> skip the shell script entirely and use mapper.py as your mapper
> instead. I use WorkingEnv though, so I need the shell script in front
> of the python script. My mapper.sh looks like this:
>
> ----[snip]----
> #!/bin/bash
>
> # Activate workingenv
> source /path/to/myenv/bin/activate
>
> # Call mapper script
> exec ./mapper.py
> ----[snip]----
>
> And then the real work is done by this simple python script, which
> accepts the URL pieces sent by that RewriteRule (from line 3 of step
> 1) on stdin, figures out which file should be served, and prints the
> absolute path to that file to stdout. mapper.py looks like this:
>
> ----[snip]----
> #!/usr/bin/python
>
> import sys
> import string
> import os
> import pkg_resources
>
> while True:
> data = string.strip(sys.stdin.readline())
> if not data:
> print "NULL"
> else:
> path_pieces = data.split("/")
> module_name = path_pieces[0]
> file_name = pkg_resources.resource_filename(
> module_name,
> os.path.join(*path_pieces[1:])
> )
> file_path = os.path.abspath(file_name)
> print file_path
> sys.stdout.flush()
> ----[snip]----
>
> 3. Framework Configuration
>
> Your framework will probably need to know you're deploying it behind a
> proxy. For TurboGears, you just have to add this to your dev.cfg or
> prod.cfg file:
>
> base_url_filter.on = True
> base_url_filter.use_x_forwarded_host = True
>
> 4. You're done!
>
> Isn't open source amazing! Congratulate yourself with a nice glass of
> juice or tea! Remember to get up and stretch. Enjoy life!
>
> -Ian Charnas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
