core.request

Module Contents

Classes

RequestValidator

RequestValidators can be used to validate a request very early on. If the validate method returns a tuple,

FetchMetaDataValidator

This validator examines the headers "Sec-Fetch-Site", "sec-fetch-mode" and "sec-fetch-dest" as

BrowseHandler

This class accepts the requests, collect its parameters and routes the request

class core.request.RequestValidator

Bases: abc.ABC

RequestValidators can be used to validate a request very early on. If the validate method returns a tuple, the request is aborted. Can be used to block requests from bots.

To register a new validator, append it to :attr: viur.core.request.BrowseHandler.requestValidators

name = RequestValidator
abstract static validate(request: BrowseHandler) Optional[Tuple[int, str, str]]

The function that checks the current request. If the request is valid, simply return None. If the request should be blocked, it must return a tuple of - The HTTP status code (as int) - The Description of that status code (eg “Forbidden”) - The Response Body (can be a simple string or an HTML-Page)

Parameters

request – The Request instance to check

Returns

None on success, an Error-Tuple otherwise

class core.request.FetchMetaDataValidator

Bases: RequestValidator

This validator examines the headers “Sec-Fetch-Site”, “sec-fetch-mode” and “sec-fetch-dest” as recommended by https://web.dev/fetch-metadata/

name = FetchMetaDataValidator
static validate(request: BrowseHandler) Optional[Tuple[int, str, str]]

The function that checks the current request. If the request is valid, simply return None. If the request should be blocked, it must return a tuple of - The HTTP status code (as int) - The Description of that status code (eg “Forbidden”) - The Response Body (can be a simple string or an HTML-Page)

Parameters

request – The Request instance to check

Returns

None on success, an Error-Tuple otherwise

class core.request.BrowseHandler(request: webob.Request, response: webob.Response)

This class accepts the requests, collect its parameters and routes the request to its destination function. The basic control flow is - Setting up internal variables - Running the Request validators - Emitting the headers (especially the security related ones) - Run the TLS check (ensure it’s a secure connection or check if the URL is whitelisted) - Load or initialize a new session - Set up i18n (choosing the language etc) - Run the request preprocessor (if any) - Normalize & sanity check the parameters - Resolve the exposed function and call it - Save the session / tear down the request - Return the response generated

Warning

Don’t instantiate! Don’t subclass! DON’T TOUCH! ;)

requestValidators
selectLanguage(path: str) str

Tries to select the best language for the current request. Depending on the value of conf[“viur.languageMethod”], we’ll either try to load it from the session, determine it by the domain or extract it from the URL.

processRequest() None

Bring up the enviroment for this request, start processing and handle errors

processTypeHint(typeHint: ClassVar, inValue: Union[str, List[str]], parsingOnly: bool) Tuple[Union[str, List[str]], Any]

Helper function to enforce/convert the incoming :param: inValue to the type defined in :param: typeHint. Returns a string 2-tuple of the new value we’ll store in self.kwargs as well as the parsed value that’s passed to the caller. The first value is always the unmodified string, the unmodified list of strings or (in case typeHint is List[T] and the provided inValue is a simple string) a List containing only inValue. The second returned value is inValue converted to whatever type is suggested by typeHint.

Parameters
  • typeHint – Type to which inValue should be converted to

  • inValue – The value that should be converted to the given type

  • parsingOnly – If true, the parameter is a keyword argument which we can convert to List

Returns

2-tuple of the original string-value and the converted value

findAndCall(path: str, *args, **kwargs) None

Does the actual work of sanitizing the parameter, determine which @exposed (or @internalExposed) function to call (and with witch parameters)

saveSession() None