core.request¶
This module implements the WSGI (Web Server Gateway Interface) layer for ViUR. This is the main entry point for incomming http requests. The main class is the :class:BrowserHandler. Each request will get it’s own instance of that class which then holds the reference to the request and response object. Additionally, this module defines the RequestValidator interface which provides a very early hook into the request processing (useful for global ratelimiting, DDoS prevention or access control).
Module Contents¶
Classes¶
RequestValidators can be used to validate a request very early on. If the validate method returns a tuple, |
|
This validator examines the headers "Sec-Fetch-Site", "sec-fetch-mode" and "sec-fetch-dest" as |
|
This class accepts the requests, collect its parameters and routes the request |
Attributes¶
- core.request.TEMPLATE_STYLE_KEY = 'style'¶
- class core.request.RequestValidator¶
Bases:
abc.ABCRequestValidators can be used to validate a request very early on. If the validate method returns a tuple, the request is aborted. Can be used to block requests from bots.
To register or remove a validator, access it in main.py through :attr: viur.core.request.Router.requestValidators
- name = 'RequestValidator'¶
- abstract static validate(request)¶
The function that checks the current request. If the request is valid, simply return None. If the request should be blocked, it must return a tuple of - The HTTP status code (as int) - The Description of that status code (eg “Forbidden”) - The Response Body (can be a simple string or an HTML-Page)
- Parameters:
request (BrowseHandler) – The Request instance to check
- Returns:
None on success, an Error-Tuple otherwise
- Return type:
Optional[tuple[int, str, str]]
- class core.request.FetchMetaDataValidator¶
Bases:
RequestValidatorThis validator examines the headers “Sec-Fetch-Site”, “sec-fetch-mode” and “sec-fetch-dest” as recommended by https://web.dev/fetch-metadata/
- name = 'FetchMetaDataValidator'¶
- static validate(request)¶
The function that checks the current request. If the request is valid, simply return None. If the request should be blocked, it must return a tuple of - The HTTP status code (as int) - The Description of that status code (eg “Forbidden”) - The Response Body (can be a simple string or an HTML-Page)
- Parameters:
request (BrowseHandler) – The Request instance to check
- Returns:
None on success, an Error-Tuple otherwise
- Return type:
Optional[tuple[int, str, str]]
- class core.request.Router(environ)¶
This class accepts the requests, collect its parameters and routes the request to its destination function. The basic control flow is - Setting up internal variables - Running the Request validators - Emitting the headers (especially the security related ones) - Run the TLS check (ensure it’s a secure connection or check if the URL is whitelisted) - Load or initialize a new session - Set up i18n (choosing the language etc) - Run the request preprocessor (if any) - Normalize & sanity check the parameters - Resolve the exposed function and call it - Save the session / tear down the request - Return the response generated
- Warning:
Don’t instantiate! Don’t subclass! DON’T TOUCH! ;)
- Parameters:
environ (dict) –
- property isDevServer: bool¶
- Return type:
bool
- requestValidators¶
- _select_language(path)¶
Tries to select the best language for the current request. Depending on the value of conf.i18n.language_method, we’ll either try to load it from the session, determine it by the domain or extract it from the URL.
- Parameters:
path (str) –
- Return type:
str
- _process()¶
- _route(path)¶
Does the actual work of sanitizing the parameter, determine which exposed-function to call (and with which parameters)
- Parameters:
path (str) –
- Return type:
None
- saveSession()¶
- Return type:
None