gevent.pywsgi
– A pure-Python, gevent-friendly WSGI server#
A pure-Python, gevent-friendly WSGI server implementing HTTP/1.1.
The server is provided in WSGIServer
, but most of the actual
WSGI work is handled by WSGIHandler
— a new instance is
created for each request. The server can be customized to use
different subclasses of WSGIHandler
.
Important
This server is intended primarily for development and testing, and secondarily for other “safe” scenarios where it will not be exposed to potentially malicious input. The code has not been security audited, and is not intended for direct exposure to the public Internet. For production usage on the Internet, either choose a production-strength server such as gunicorn, or put a reverse proxy between gevent and the Internet.
Changed in version 23.9.0: Complies more closely with the HTTP specification for chunked transfer encoding. In particular, we are much stricter about trailers, and trailers that are invalid (too long or featuring disallowed characters) forcibly close the connection to the client after the results have been sent.
Trailers otherwise continue to be ignored and are not available to the WSGI application.
- class Environ[source]#
Bases:
dict
A base class that can be used for WSGI environment objects.
Provisional API.
New in version 1.2a1.
- class LoggingLogAdapter(logger, level=20)[source]#
Bases:
object
An adapter for
logging.Logger
instances to let them be used withWSGIServer
.Warning
Unless the entire process is monkey-patched at a very early part of the lifecycle (before logging is configured), loggers are likely to not be gevent-cooperative. For example, the socket and syslog handlers use the socket module in a way that can block, and most handlers acquire threading locks.
Warning
It may be possible for the logging functions to be called in the
gevent.Hub
greenlet. Code running in the hub greenlet cannot use any gevent blocking functions without triggering aLoopExit
.New in version 1.1a3.
Changed in version 1.1b6: Attributes not present on this object are proxied to the underlying logger instance. This permits using custom
Logger
subclasses (or indeed, even duck-typed objects).Changed in version 1.1: Strip trailing newline characters on the message passed to
write()
because log handlers will usually add one themselves.Write information to the logger at the given level (default to INFO).
- class SecureEnviron[source]#
Bases:
Environ
An environment that does not print its keys and values by default.
Provisional API.
This is intended to keep potentially sensitive information like HTTP authorization and cookies from being inadvertently printed or logged.
For debugging, each instance can have its secure_repr attribute set to
False
, which will cause it to print like a normal dict.When secure_repr is
True
(the default), then the value of the whitelist_keys attribute is consulted; if this value is true-ish, it should be a container (something that responds toin
) of key names (typically a list or set). Keys and values in this dictionary that are in whitelist_keys will then be printed, while all other values will be masked. These values may be customized on the class by setting the default_secure_repr and default_whitelist_keys, respectively:>>> environ = SecureEnviron(key='value') >>> environ <pywsgi.SecureEnviron dict (keys: 1) at ...
If we whitelist the key, it gets printed:
>>> environ.whitelist_keys = {'key'} >>> environ {'key': 'value'}
A non-whitelisted key (only, to avoid doctest issues) is masked:
>>> environ['secure'] = 'secret'; del environ['key'] >>> environ {'secure': '<MASKED>'}
We can turn it off entirely for the instance:
>>> environ.secure_repr = False >>> environ {'secure': 'secret'}
We can also customize it at the class level (here we use a new class to be explicit and to avoid polluting the true default values; we would set this class to be the
environ_class
of the server):>>> class MyEnviron(SecureEnviron): ... default_whitelist_keys = ('key',) ... >>> environ = MyEnviron({'key': 'value'}) >>> environ {'key': 'value'}
New in version 1.2a1.
- class WSGIHandler(sock, address, server, rfile=None)[source]#
Bases:
object
Handles HTTP requests from a socket, creates the WSGI environment, and interacts with the WSGI application.
This is the default value of
WSGIServer.handler_class
. This class may be subclassed carefully, and that class set on aWSGIServer
instance through a keyword argument at construction time.Instances are constructed with the same arguments as passed to the server’s
WSGIServer.handle()
method followed by the server itself. The application and environment are obtained from the server.- ApplicationError#
alias of
AssertionError
- get_environ()[source]#
Construct and return a new WSGI environment dictionary for a specific request.
This should begin with asking the server for the base environment using
WSGIServer.get_environ()
, and then proceed to add the request specific values.By the time this method is invoked the request line and request shall have been parsed and
self.headers
shall be populated.
- handle()[source]#
The main request handling method, called by the server.
This method runs a request handling loop, calling
handle_one_request()
until all requests on the connection have been handled (that is, it implements keep-alive).
- handle_one_request()[source]#
Handles one HTTP request using
self.socket
andself.rfile
.Each invocation of this method will do several things, including (but not limited to):
Read the request line using
read_requestline()
;Read the rest of the request, including headers, with
read_request()
;Construct a new WSGI environment in
self.environ
usingget_environ()
;Store the application in
self.application
, retrieving it from the server;Handle the remainder of the request, including invoking the application, with
handle_one_response()
There are several possible return values to indicate the state of the client connection:
None
The client connection is already closed or should be closed because the WSGI application or client set the
Connection: close
header. The request handling loop should terminate and perform cleanup steps.
- (status, body)
An HTTP status and body tuple. The request was in error, as detailed by the status and body. The request handling loop should terminate, close the connection, and perform cleanup steps. Note that the
body
is the complete contents to send to the client, including all headers and the initial status line.
True
The literal
True
value. The request was successfully handled and the response sent to the client byhandle_one_response()
. The connection remains open to process more requests and the connection handling loop should call this method again. This is the typical return value.
See also
Changed in version 1.1b6: Funnel exceptions having to do with invalid HTTP requests through
_handle_client_error()
to allow subclasses to customize. Note that this is experimental and may change in the future.
- handle_one_response()[source]#
Invoke the application to produce one response.
This is called by
handle_one_request()
after all the state for the request has been established. It is responsible for error handling.
- read_request(raw_requestline)[source]#
Parse the incoming request.
Parses various headers into
self.headers
usingMessageClass
. Other attributes that are set upon a successful return of this method includeself.content_length
andself.close_connection
.- Parameters:
raw_requestline (str) – A native
str
representing the request line. A processed version of this will be stored intoself.requestline
.- Raises:
ValueError – If the request is invalid. This error will not be logged as a traceback (because it’s a client issue, not a server problem).
- Returns:
A boolean value indicating whether the request was successfully parsed. This method should either return a true value or have raised a ValueError with details about the parsing error.
Changed in version 1.1b6: Raise the previously documented
ValueError
in more cases instead of returning a false value; this allows subclasses more opportunity to customize behaviour.
- read_requestline()[source]#
Read and return the HTTP request line.
Under both Python 2 and 3, this should return the native
str
type; under Python 3, this probably means the bytes read from the network need to be decoded (using the ISO-8859-1 charset, aka latin-1).
- start_response(status, headers, exc_info=None)[source]#
Changed in version 1.2a1: Avoid HTTP header injection by raising a
ValueError
if status or any header name or value contains a carriage return or newline.Changed in version 1.1b5: Pro-actively handle checking the encoding of the status line and headers during this method. On Python 2, avoid some extra encodings.
- ignored_socket_errors = (32, 104)#
These errors are silently ignored by
handle_one_response()
to avoid producing excess log entries on normal operating conditions. They indicate a remote client has disconnected and there is little or nothing this process can be expected to do about it. You may change this value in a subclass.The default value includes
errno.EPIPE
anderrno.ECONNRESET
. On Windows this also includeserrno.WSAECONNABORTED
.This is a provisional API, subject to change. See pull request #377, pull request #999 and issue #136.
New in version 1.3.
- class WSGISecureEnviron[source]#
Bases:
SecureEnviron
Specializes the default list of whitelisted keys to a few common WSGI variables.
Example:
>>> environ = WSGISecureEnviron(REMOTE_ADDR='::1', HTTP_AUTHORIZATION='secret') >>> environ {'REMOTE_ADDR': '::1', (hidden keys: 1)} >>> import pprint >>> pprint.pprint(environ) {'REMOTE_ADDR': '::1', (hidden keys: 1)} >>> print(pprint.pformat(environ)) {'REMOTE_ADDR': '::1', (hidden keys: 1)}
- class WSGIServer(listener, application=None, backlog=None, spawn='default', log='default', error_log='default', handler_class=None, environ=None, **ssl_args)[source]#
Bases:
StreamServer
A WSGI server based on
StreamServer
that supports HTTPS.- Parameters:
log – If given, an object with a
write
method to which request (access) logs will be written. If not given, defaults tosys.stderr
. You may passNone
to disable request logging. You may use a wrapper, around e.g.,logging
, to support objects that don’t implement awrite
method. (If you pass aLogger
instance, or in general something that provides alog
method but not awrite
method, such a wrapper will automatically be created and it will be logged to at theINFO
level.)error_log – If given, a file-like object with
write
,writelines
andflush
methods to which error logs will be written. If not given, defaults tosys.stderr
. You may passNone
to disable error logging (not recommended). You may use a wrapper, around e.g.,logging
, to support objects that don’t implement the proper methods. This parameter will become the value forwsgi.errors
in the WSGI environment (if not already set). (As with log, wrappers forLogger
instances and the like will be created automatically and logged to at theERROR
level.)
See also
LoggingLogAdapter
See important warnings before attempting to use
logging
.
Changed in version 1.1a3: Added the
error_log
parameter, and setwsgi.errors
in the WSGI environment to this value.Changed in version 1.1a3: Add support for passing
logging.Logger
objects to thelog
anderror_log
arguments.Changed in version 20.6.0: Passing a
handle
kwarg to the constructor is now officially deprecated.- environ_class#
The class of environ objects passed to the handlers. Must be a dict subclass. For compliance with PEP 3333 and libraries like WebOb, this is simply
dict
but this can be customized in a subclass or per-instance (probably toWSGISecureEnviron
).New in version 1.2a1.
alias of
dict
- handler_class#
A callable taking three arguments: (socket, address, server) and returning an object with a
handle()
method. The callable is called once for each incoming socket request, as is its handle method. The handle method should not return until all use of the socket is complete.This class uses the
WSGIHandler
object as the default value. You may subclass this class and set a different default value, or you may pass a value to use in thehandler_class
keyword constructor argument.alias of
WSGIHandler
- secure_environ_class#
alias of
WSGISecureEnviron
- handle(sock, address)[source]#
Create an instance of
handler_class
to handle the request.This method blocks until the handler returns.
- init_socket()[source]#
If the user initialized the server with an address rather than socket, then this function must create a socket, bind it, and put it into listening mode.
It is not supposed to be called by the user, it is called by
start()
before starting the accept loop.
- update_environ()[source]#
Called before the first request is handled to fill in WSGI environment values.
This includes getting the correct server name and port.
- error_log = None#
The object to which error logs will be written. It must never be None. Initialized from the
error_log
constructor parameter.
- log = None#
The object to which request logs will be written. It must never be None. Initialized from the
log
constructor parameter.