This is a mostly auto-generated API. If you are new to bottle, you might find the narrative Tutorial more helpful.
The module defines several functions, constants, and an exception.
Change the debug level. There is only one debug level supported at the moment.
Start a server instance. This method blocks until the server terminates.
app – WSGI application or target string supported by
load_app()
. (default: default_app()
)
server – Server adapter to use. See server_names
keys
for valid names or pass a ServerAdapter
subclass.
(default: wsgiref)
host – Server address to bind to. Pass 0.0.0.0
to listens on
all interfaces including the external one. (default: 127.0.0.1)
port – Server port to bind to. Values below 1024 require root privileges. (default: 8080)
reloader – Start auto-reloading server? (default: False)
interval – Auto-reloader interval in seconds (default: 1)
quiet – Suppress output to stdout and stderr? (default: False)
options – Options passed to the server adapter.
Import a module or fetch an object from a module.
package.module
returns module as a module object.
pack.mod:name
returns the module variable name from pack.mod.
pack.mod:func()
calls pack.mod.func() and returns the result.
The last form accepts not only function calls, but any type of
expression. Keyword arguments passed to this function are available as
local variables. Example: import_string('re:compile(x)', x='[a-z]')
Load a bottle application from a module and make sure that the import
does not affect the current default application, but returns a separate
application object. See load()
for the target parameter.
A thread-safe instance of LocalRequest
. If accessed from within a
request callback, this instance always refers to the current request
(even on a multithreaded server).
A thread-safe instance of LocalResponse
. It is used to change the
HTTP response for the current request.
A dict to map HTTP status codes (e.g. 404) to phrases (e.g. ‘Not Found’)
Return the current Default Application. Actually, these are callable instances of AppStack
and implement a stack-like API.
Bottle maintains a stack of Bottle
instances (see app()
and AppStack
) and uses the top of the stack as a default application for some of the module-level functions and decorators.
Decorator to install a route to the current default application. See Bottle.route()
for details.
Decorator to install an error handler to the current default application. See Bottle.error()
for details.
Parse rfc2617 HTTP authentication header string (basic) and return (user,pass) tuple or None
Encode and sign a pickle-able object. Return a (byte) string
Verify and decode an encoded string. Return an object or None.
Return a generator for routes that match the signature (name, args) of the func parameter. This may yield more than one route if the function takes optional keyword arguments. The output is best described by example:
a() -> '/a'
b(x, y) -> '/b/<x>/<y>'
c(x, y=5) -> '/c/<x>' and '/c/<x>/<y>'
d(x=5, y=6) -> '/d' and '/d/<x>' and '/d/<x>/<y>'
Shift path fragments from PATH_INFO to SCRIPT_NAME and vice versa.
The modified paths.
script_name – The SCRIPT_NAME path.
script_name – The PATH_INFO path.
shift – The number of path fragments to shift. May be negative to change the shift direction. (default: 1)
This dict stores multiple values per key, but behaves exactly like a normal dict in that it returns only the newest value for any given key. There are special methods available to access the full list of values.
Return the most recent value for a key.
default – The default value to be returned if the key is not present or the type conversion fails.
index – An index for the list of available values.
type – If defined, this callable is used to cast the value into a specific type. Exception are suppressed and result in the default value to be returned.
Return a (possibly empty) list of values for a key.
Aliases for WTForms to mimic other multi-dict APIs (Django)
A case-insensitive version of MultiDict
that defaults to
replace the old value instead of appending it.
Return the most recent value for a key.
default – The default value to be returned if the key is not present or the type conversion fails.
index – An index for the list of available values.
type – If defined, this callable is used to cast the value into a specific type. Exception are suppressed and result in the default value to be returned.
This MultiDict
subclass is used to store request form data.
Additionally to the normal dict-like item access methods (which return
unmodified data as native strings), this container also supports
attribute-like access to its values. Attributes are automatically de-
or recoded to match input_encoding
(default: ‘utf8’). Missing
attributes default to an empty string.
Returns a copy with all keys and values de- or recoded to match
input_encoding
. Some libraries (e.g. WTForms) want a
unicode dictionary.
Return the value as a unicode string, or the default.
Encoding used for attribute values.
If true (default), unicode strings are first encoded with latin1
and then decoded to match input_encoding
.
This dict-like class wraps a WSGI environ dict and provides convenient access to HTTP_* fields. Keys and values are native strings (2.x bytes or 3.x unicode) and keys are case-insensitive. If the WSGI environment contains non-native string values, these are de- or encoded using a lossless ‘latin1’ character set.
The API will remain stable even on changes to the relevant PEPs. Currently PEP 333, 444 and 3333 are supported. (PEP 444 is the only one that uses non-native strings.)
List of keys that do not have a HTTP_
prefix.
A stack-like list. Calling it returns the head of the stack.
Return the current default application and remove it from the stack.
This class manages a list of search paths and helps to find and open application-bound resources (files).
base – default value for add_path()
calls.
opener – callable used to open resources.
cachemode – controls which lookups are cached. One of ‘all’, ‘found’ or ‘none’.
Add a new path to the list of search paths. Return False if the path does not exist.
path – The new search path. Relative paths are turned into an absolute and normalized form. If the path looks like a file (not ending in /), the filename is stripped off.
base – Path used to absolutize relative search paths.
Defaults to base
which defaults to os.getcwd()
.
index – Position within the list of search paths. Defaults to last index (appends to the list).
The base parameter makes it easy to reference files installed along with a python module or package:
res.add_path('./resources/', __file__)
A cache for resolved paths. res.cache.clear()
clears the cache.
Search for a resource and return an absolute file path, or None.
The path
list is searched in order. The first match is
returend. Symlinks are followed. The result is cached to speed up
future lookups.
Find a resource and return a file object, or raise IOError.
A list of search paths. See add_path()
for details.
Bottle
Class¶Each Bottle object represents a single, distinct web application and consists of routes, callbacks, plugins, resources and configuration. Instances are callable WSGI applications.
catchall – If true (default), handle all exceptions. Turn off to let debugging middleware handle exceptions.
Attach a callback to a hook. Three hooks are currently implemented:
Executed once before each request. The request context is available, but no routing has happened yet.
Executed once after each request regardless of its outcome.
Called whenever Bottle.reset()
is called.
A ConfigDict
for app specific configuration.
Equals route()
with a DELETE
method parameter.
Return a decorator that attaches a callback to a hook. See
add_hook()
for details.
Add a plugin to the list of plugins and prepare it for being
applied to all routes of this application. A plugin may be a simple
decorator or an object that implements the Plugin
API.
Search for a matching route and return a (Route
, urlargs)
tuple. The second value is a dictionary with parameters extracted
from the URL. Raise HTTPError
(404/405) on a non-match.
Merge the routes of another Bottle
application or a list of
Route
objects into this application. The routes keep their
‘owner’, meaning that the Route.app
attribute is not
changed.
Mount an application (Bottle
or plain WSGI) to a specific
URL prefix. Example:
root_app.mount('/admin/', admin_app)
prefix – path prefix or mount-point. If it ends in a slash, that slash is mandatory.
app – an instance of Bottle
or a WSGI application.
All other parameters are passed to the underlying route()
call.
Reset all routes (force plugins to be re-applied) and clear all caches. If an ID or route object is given, only that specific route is affected.
A ResourceManager
for application files
A decorator to bind a function to a request URL. Example:
@app.route('/hello/:name')
def hello(name):
return 'Hello %s' % name
The :name
part is a wildcard. See Router
for syntax
details.
path – Request path or a list of paths to listen to. If no path is specified, it is automatically generated from the signature of the function.
method – HTTP method (GET, POST, PUT, …) or a list of methods to listen to. (default: GET)
callback – An optional shortcut to avoid the decorator
syntax. route(..., callback=func)
equals route(...)(func)
name – The name for this route. (default: None)
apply – A decorator or plugin or a list of plugins. These are applied to the route callback in addition to installed plugins.
skip – A list of plugins, plugin classes or names. Matching
plugins are not installed to this route. True
skips all.
Any additional keyword arguments are stored as route-specific
configuration and passed to plugins (see Plugin.apply()
).
This class wraps a route callback along with route specific metadata and configuration and applies Plugins on demand. It is also responsible for turing an URL path rule into a regular expression usable by the Router.
The application this route is installed to.
The route callback with all plugins applied. This property is created on demand and then cached to speed up subsequent requests.
The original callback with no plugins applied. Useful for introspection.
Additional keyword arguments passed to the Bottle.route()
decorator are stored in this dictionary. Used for route-specific
plugin configuration and meta-data.
Return a list of argument names the callback (most likely) accepts as keyword arguments. If the callback is a decorated function, try to recover the original function before inspection.
Lookup a config field and return its value, first checking the route.config, then route.app.config.
Return the callback. If the callback is a decorated function, try to recover the original function.
The HTTP method as a string (e.g. GET
).
The name of the route (if specified) or None
.
A list of route-specific plugins (see Bottle.route()
).
Forget any cached values. The next time call
is accessed,
all plugins are re-applied.
The path-rule string (e.g. /wiki/:page
).
A list of plugins to not apply to this route (see Bottle.route()
).
Request
Object¶The Request
class wraps a WSGI environment and provides helpful methods to parse and access form data, cookies, file uploads and other metadata. Most of the attributes are read-only.
alias of BaseRequest
A wrapper for WSGI environment dictionaries that adds a lot of convenient access methods and properties. Most of them are read-only.
Adding new attributes to a request actually adds them to the environ dictionary (as ‘bottle.request.ext.<name>’). This is the recommended way to store and access request-specific data.
The values of forms
and files
combined into a single
FormsDict
. Values are either strings (form values) or
instances of cgi.FieldStorage
(file uploads).
HTTP authentication data as a (user, password) tuple. This
implementation currently supports basic (not digest) authentication
only. If the authentication happened at a higher level (e.g. in the
front web-server or a middleware), the password field is None, but
the user field is looked up from the REMOTE_USER
environ
variable. On any errors, None is returned.
The HTTP request body as a seek-able file-like object. Depending on
MEMFILE_MAX
, this is either a temporary file or a
io.BytesIO
instance. Accessing this property for the first
time reads and replaces the wsgi.input
environ variable.
Subsequent accesses just do a seek(0) on the file object.
True if Chunked transfer encoding was.
The request body length as an integer. The client is responsible to
set this header. Otherwise, the real length of the body is unknown
and -1 is returned. In this case, body
will be empty.
The Content-Type header as a lowercase-string (default: empty).
Cookies parsed into a FormsDict
. Signed cookies are NOT
decoded. Use get_cookie()
if you expect signed cookies.
The wrapped WSGI environ dictionary. This is the only real attribute. All other attributes actually are read-only properties.
File uploads parsed from multipart/form-data encoded POST or PUT
request body. The values are instances of FileUpload
.
Form values parsed from an url-encoded or multipart/form-data
encoded POST or PUT request body. The result is returned as a
FormsDict
. All keys and values are strings. File uploads
are stored separately in files
.
Request path including script_name
(if present).
Return the content of a cookie. To read a Signed Cookie, the
secret must match the one used to create the cookie (see
BaseResponse.set_cookie()
). If anything goes wrong (missing
cookie or wrong signature), return a default value.
Return the value of a request header, or a given default value.
A WSGIHeaderDict
that provides case-insensitive access to
HTTP request headers.
True if the request was triggered by a XMLHttpRequest. This only works with JavaScript libraries that support the X-Requested-With header (most of the popular libraries do).
If the Content-Type
header is application/json
, this
property holds the parsed content of the request body. Only requests
smaller than MEMFILE_MAX
are processed to avoid memory
exhaustion.
The REQUEST_METHOD
value as an uppercase string.
A FormsDict
with the combined values of query
and
forms
. File uploads are stored in files
.
The value of PATH_INFO
with exactly one prefixed slash (to fix
broken clients and avoid the “empty path” edge case).
path
to script_name
andvice versa.
shift – The number of path segments to shift. May be negative to change the shift direction. (default: 1)
The query_string
parsed into a FormsDict
. These
values are sometimes called “URL arguments” or “GET parameters”, but
not to be confused with “URL wildcards” as they are provided by the
Router
.
The client IP as a string. Note that this information can be forged by malicious clients.
A list of all IPs that were involved in this request, starting with
the client IP and followed by zero or more proxies. This does only
work if all proxies support the `X-Forwarded-For
header. Note
that this information can be forged by malicious clients.
The initial portion of the URL’s path that was removed by a higher level (server or routing middleware) before the application was called. This script path is returned with leading and tailing slashes.
The full request URI including hostname and scheme. If your app
lives behind a reverse proxy or load balancer and you get confusing
results, make sure that the X-Forwarded-Host
header is set
correctly.
The module-level bottle.request
is a proxy object (implemented in LocalRequest
) and always refers to the current request, or in other words, the request that is currently processed by the request handler in the current thread. This thread locality ensures that you can safely use a global instance in a multi-threaded environment.
A thread-local subclass of BaseRequest
with a different
set of attributes for each thread. There is usually only one global
instance of this class (request
). If accessed during a
request/response cycle, this instance always refers to the current
request (even on a multithreaded server).
Wrap a WSGI environ dictionary.
The wrapped WSGI environ dictionary. This is the only real attribute. All other attributes actually are read-only properties.
Response
Object¶The Response
class stores the HTTP status code as well as headers and cookies that are to be sent to the client. Similar to bottle.request
there is a thread-local bottle.response
instance that can be used to adjust the current response. Moreover, you can instantiate Response
and return it from your request handler. In this case, the custom instance overrules the headers and cookies defined in the global one.
alias of BaseResponse
Storage class for a response body as well as headers and cookies.
This class does support dict-like case-insensitive item-access to headers, but is NOT a dict. Most notably, iterating over a response yields parts of the body and not the headers.
body – The response body as one of the supported types.
status – Either an HTTP status code (e.g. 200) or a status line including the reason phrase (e.g. ‘200 OK’).
headers – A dictionary or a list of name-value pairs.
Additional keyword arguments are added to the list of headers. Underscores in the header name are replaced with dashes.
Return the charset specified in the content-type header (default: utf8).
Current value of the ‘Content-Length’ header.
Current value of the ‘Content-Type’ header.
Delete a cookie. Be sure to use the same domain and path settings as used to create the cookie.
Current value of the ‘Expires’ header.
Return the value of a previously defined header. If there is no header with that name, return a default value.
WSGI conform list of (header, value) tuples.
An instance of HeaderDict
, a case-insensitive dict-like
view on the response headers.
Yield (header, value) tuples, skipping headers that are not allowed with the current response status code.
Create a new cookie or replace an old one. If the secret parameter is set, create a Signed Cookie (described below).
name – the name of the cookie.
value – the value of the cookie.
secret – a signature key required for signed cookies.
Additionally, this method accepts all RFC 2109 attributes that are
supported by cookie.Morsel
, including:
max_age – maximum age in seconds. (default: None)
expires – a datetime object or UNIX timestamp. (default: None)
domain – the domain that is allowed to read the cookie. (default: current domain)
path – limits the cookie to a given path (default: current path)
secure – limit the cookie to HTTPS connections (default: off).
httponly – prevents client-side javascript to read this cookie (default: off, requires Python 2.6 or newer).
If neither expires nor max_age is set (default), the cookie will expire at the end of the browser session (as soon as the browser window is closed).
Signed cookies may store any pickle-able object and are cryptographically signed to prevent manipulation. Keep in mind that cookies are limited to 4kb in most browsers.
Warning: Signed cookies are not encrypted (the client can still see the content) and not copy-protected (the client can restore an old cookie). The main intention is to make pickling and unpickling save, not to store secret information at client side.
Create a new response header, replacing any previously defined headers with the same name.
A writeable property to change the HTTP response status. It accepts
either a numeric code (100-999) or a string with a custom reason
phrase (e.g. “404 Brain not found”). Both status_line
and
status_code
are updated accordingly. The return value is
always a status string.
The HTTP status code as an integer (e.g. 404).
The HTTP status line as a string (e.g. 404 Not Found
).
A thread-local subclass of BaseResponse
with a different
set of attributes for each thread. There is usually only one global
instance of this class (response
). Its attributes are used
to build the HTTP response at the end of the request/response cycle.
Initialize self. See help(type(self)) for accurate signature.
Thread-local property
The following two classes can be raised as an exception. The most noticeable difference is that bottle invokes error handlers for HTTPError
, but not for HTTPResponse
or other response types.
All template engines supported by bottle
implement the BaseTemplate
API. This way it is possible to switch and mix template engines without changing the application code at all.
Base class and minimal API for template adapters
Create a new template. If the source parameter (str or buffer) is missing, the name argument is used to guess a template filename. Subclasses can assume that self.source and/or self.filename are set. Both are strings. The lookup, encoding and settings parameters are stored as instance variables. The lookup parameter stores a list containing directory paths. The encoding parameter should be used to decode byte strings or files. The settings parameter contains a dict for engine-specific settings.
This reads or sets the global settings stored in class.settings.
Run preparations (parsing, caching, …). It should be possible to call this again to refresh a template or to update settings.
Render the template with the specified local variables and return a single byte or unicode string. If it is a byte string, the encoding must match self.encoding. This method must be thread-safe! Local variables may be provided in dictionaries (args) or directly, as keywords (kwargs).
Decorator: renders a template for a handler. The handler can control its behavior like that:
return a dict of template vars to fill out the template
return something other than a dict and the view decorator will not process the template, but return the handler result as is. This includes returning a HTTPResponse(dict) to get, for instance, JSON with autojson or other castfilters.
Get a rendered template as a string iterator. You can use a name, a filename or a template string as first parameter. Template rendering arguments can be passed as dictionaries or directly (as keyword arguments).
You can write your own adapter for your favourite template engine or use one of the predefined adapters. Currently there are four fully supported template engines:
Class |
URL |
Decorator |
Render function |
---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
To use MakoTemplate
as your default template engine, just import its specialised decorator and render function:
from bottle import mako_view as view, mako_template as template