Re: aspen

24 views
Skip to first unread message

Chad Whitacre

unread,
Mar 26, 2012, 11:03:03 AM3/26/12
to du...@buchuki.com, Paul Jimenez, aspen-users
Dusty,

Sweet, thank you! I've linked it from the homepage. Paul Jimenez (copied here) wrote an HTTP Digest integration which I've uploaded along with my broken old cookie module here:

    https://github.com/whit537/aspen-auth

I've been keeping design docs on sync.in, here's a few notes on auth design:


Eventually I do hope to bundle an auth/session framework with Aspen. As you suggest it should be pluggable with regards to storage. At least the hash algorithm should also be pluggable.

I need to focus on base APIs (request, response, etc.) targeting 1.0 in May. After that is stable let's make sessions/auth one of the first batteries we add to Aspen.

!m gents


chad

/cc pjz and also aspen-users



On Mon, Mar 26, 2012 at 10:40 AM, Chad Whitacre <chad.w...@yougov.com> wrote:


---------- Forwarded message ----------
From: Dusty Phillips <du...@buchuki.com>
Date: Sat, Mar 24, 2012 at 8:38 PM
Subject: Re: aspen
To: Chad Whitacre <chad.w...@yougov.com>


Hi Chad,

I've created simple session and auth modules at
https://github.com/buchuki/trembling

I don't think they're secure enough for prime use, but I figured I'd start. Let me know if you have any suggestions before I post 0.1 to pypi. I figure it'll be good advertising for Aspen; I'll probably also write a blog post.

I don't think you'd want to include them with Aspen because they depend on mongo-engine. Maybe you could link to them as examples, though, or else turn them into backend-driven versions like django uses.

Reading through the Django source code to figure this out made me sad. They've added so many layers of abstraction that it just doesn't make sense. The phrase "overengineered" comes to mind. Aspen doesn't strike me as that. ;-)

Dusty


On 19/03/12 06:41 AM, Chad Whitacre wrote:
Check out polaris (YG project)

https://dev.yougov.com/browser/polaris/.aspen/src/polaris/polaris/authentication.py

I've made a start on generalizing that but haven't released it yet.


On Sun, Mar 18, 2012 at 9:02 PM, Dusty Phillips <du...@buchuki.com
<mailto:du...@buchuki.com>> wrote:

   Got any examples of how to add session/auth support?

   Cheers,

   Dusty




---------

*Chad Whitacre*

Lead Developer

YouGovPolimetrix

chad.w...@yougov.com <mailto:chad.whitacre@yougov.com>

http://www.yougov.com/







Chad Whitacre

unread,
Mar 26, 2012, 8:36:16 PM3/26/12
to Dusty Phillips, aspen-users
Dusty,

Can we move this on-list? Makes the project look livelier. :D



How do you suggest handling form validation? I have been experimenting with pycerberus, which I like better than formencode because a) it's not Ian Bicking, and b) the html fill library scares me.

Any of the above. Aspen doesn't bundle a form validator and I don't really have an opinion (I'm happy to roll my own--though it's good to know about pycerberus). Would be a good tutorial. :)

 
Second, how do I make Aspen display the body of an error Response issued using raise instead of rendering an error message? I basically want to abuse HTTP in a way that I think it should be abused such that I'm attaching a json response to a 406.

Is the non-error response also json? If so try modifying the "response" object in your simplate and letting it fall off the end instead of raising it, like so:

/myfile.json

^L
good = request.qs.one('good')
if good:
    response.body = {"success": True}
else:
    response.code = 406
    response.body = {"success": False}


Third, I feel like having "blah.html" in my urls is a lie when I'm rendering dynamic code, and also not clean. Any suggestions?

May I try to explain Aspen's point of view? The Content-Type refers to the type of the content as delivered to the client, and that's what Aspen uses the file extension for, because there's a mature infrastructure for that (mime.types files + the python mimetypes module). From the outside world's point of view (sez Aspen), who cares whether it is dynamic or static?

In other words, Aspen thinks the .html extension is the truth, and clean.

If you want all your URLs to end in / you can make them all directories. Mongs does this to a certain extent.


Can I just name the file NO_EXTENSION? Can I set the mime-type dynamically or does it have to be set in the simplate?

If you really want naked URLs (no slash, no extension) then you have to do it manually in 0.14.x: response.headers.set('Content-Type', 'foo/bar').

There's a nice proposal for "Negotiated Resources" which should cover this use case: http://sync.in/aspen-negotiated-resources.




chad
Reply all
Reply to author
Forward
0 new messages