Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to understand the Tornado web framework". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to understand the Tornado web framework.

Introduction to tornado

1. Overview of tornado

Tornado is the open source version of our Web server at FriendFeed and its common tools. Tornado is obviously different from today's mainstream Web server frameworks, including most Python frameworks: it is a non-blocking server, and it is quite fast. Thanks to its non-blocking approach and the use of epoll, Tornado can handle thousands of connections per second, so Tornado is an ideal framework for real-time Web services. The main purpose of developing this Web server is to deal with the real-time functionality of FriendFeed-every active user maintains a server connection in FriendFeed applications. (for questions about how to expand the server to handle thousands of client connections, see The C10K problem)

Tornado represents the latest generation of development and execution environments embedded in real-time applications. Tornado consists of three complete parts:

(1) Tornado series tools, a set of powerful interactive development tools and usage programs located on the host or target computer.

(2), VxWorks system, high-performance scalable real-time operating system on the target board

(3) optional communication software packages that connect the host and the target, such as Ethernet, serial line, online simulator or ROM simulator.

In the process of learning web front-end, you will inevitably encounter a lot of problems, these problems may bother you for a long time, so I have a web development learning exchange group (545667817), which are ITPUB partners, we learn from each other, communicate with each other and make common progress, and share different learning materials every day!

2. Characteristics of tornado

What makes Tornado unique is that all its development tools can be used at any stage of application development and any level of hardware resources. Moreover, a complete set of Tornado tools allows developers to completely ignore the policy of connecting to the target or the size of the target store. The Tornado architecture is specifically designed to provide an open environment for developers and third-party tool vendors. Some application program interfaces are available and come with a bibliography, ranging from the development environment interface to the connection implementation. Tornado includes powerful development and debugging tools, especially for embedded developers facing a large number of problems. These tools include C and C++ source-level debuggers, target and tool management, system target tracking, memory usage analysis and automatic configuration. In addition, all tools can be easily run at the same time, and it is easy to add and develop interactively.

3. Tornado module index

The most important module is web, which is the Web framework that contains most of the main functions of Tornado. The other modules are tool-based in order to make the web module more useful. The Tornado playbook that follows explains in detail how to use the web module.

Main module

The basic Web framework used by web-FriendFeed, which contains most of the important features of Tornado

Coding / Decoding methods of escape-XHTML, JSON, URL

Database-simple encapsulation of MySQLdb to make it easier to use

Template-web template system based on Python

Httpclient-non-blocking HTTP client designed to work with web and httpserver

Auth-implementation of third-party authentication (including Google OpenID/OAuth, Facebook Platform, Yahoo BBAuth, FriendFeed OpenID/OAuth, Twitter OAuth)

Locale-support for localization and translation

Options-command line and profile parsing tool optimized for server environment

Underlying module

Httpserver-implementation of a very simple HTTP server that serves the web module

Iostream-simple encapsulation of non-blocking socket to facilitate common read and write operations

Ioloop-the core of the Imax O cycle

Using the tornado framework

1. Install tornado

one

two

Pip install tornado

Source code installation: https://pypi.python.org/packages/source/t/tornado/tornado-4.3.tar.gz

2, first write an entry-level code, I believe everyone can understand, declare: tornado has helped us to achieve socket.

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

thirteen

fourteen

fifteen

sixteen

seventeen

eighteen

#! / usr/bin/env python

#-*-coding:utf-8-*-

Import tornado.web

Import tornado.ioloop

Class IndexHandler (tornado.web.RequestHandler):

Def get (self, * args, * * kwargs):

Self.write ("Hello World, My name is Zhang Yanlin")

Application = tornado.web.Application ([

(ritual indexation journal IndexHandler)

])

If _ name__ = = "_ _ main__":

Application.listen (8080)

Tornado.ioloop.IOLoop.instance () .start ()

Step 1: execute the script and listen on port 8080

Step 2: browser client access / index-- > http://127.0.0.1:8080/index

Step 3: the server accepts the request and leaves it to the corresponding class to process

Step 4: after the class receives the request, it invokes and executes the corresponding method according to the request method (post / get / delete...).

Step 5: then return the method of the class to the browser

Tornado routing system

In the tornado web framework, any item in the routing table is a tuple, and each tuple contains pattern (schema) and handler (processor). When the httpserver receives a http request, server parses the url path (in the http protocol start line) from the received request, and then traverses the routing table sequentially. If it is found that the url path can match a certain pattern, the http request is handed over to the corresponding handler in the web application for processing.

Due to the url routing mechanism, web application developers do not have to deal with complex http server layer code, but only need to write the web application layer logic (handler). Each url in Tornado corresponds to a class.

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

thirteen

fourteen

fifteen

sixteen

seventeen

eighteen

nineteen

twenty

twenty-one

twenty-two

twenty-three

twenty-four

twenty-five

twenty-six

twenty-seven

twenty-eight

twenty-nine

thirty

thirty-one

thirty-two

thirty-three

thirty-four

thirty-five

thirty-six

#! / usr/bin/env python

#-*-coding:utf-8-*-

_ _ auth__ = "zhangyanlin"

Import tornado.web

Import tornado.ioloop

Class IndexHandler (tornado.web.RequestHandler):

Def get (self, * args, * * kwargs):

Self.write ("Hello World, My name is Zhang Yanlin")

Class LoginHandler (tornado.web.RequestHandler):

Def get (self, * args, * * kwargs):

Self.write ("")

Class RegisterHandler (tornado.web.RequestHandler):

Def get (self, * args, * * kwargs):

Self.write ("")

Application = tornado.web.Application ([

(r'/index/ (? P\ d *)', IndexHandler), # basic regular routing

(ringing pact LoginHandler)

(ritual registerquarter RegisterHandler)

])

# second-level route mapping

Application.add_handlers ('buy.zhangyanlin.com$', [

(ringing database loginarians, LoginHandler)

])

If _ name__ = = "_ _ main__":

Application.listen (8080)

Tornado.ioloop.IOLoop.instance () .start ()

If you look at the content of all the web pages, there are pages below. When you click on the number at the back of the next page, it will change. This can be done with basic regular routing. Let me give you a case of page paging.

Tornado server demo

Front-end HTML file

Note: two files must be placed in the same folder. XSS attacks and template language are useful in the middle front-end code. These two knowledge points will be explained in detail below.

Tornado template engine

The template language in Tornao is similar to that in django, where the template engine loads the template file into memory, embeds the data in it, and finally gets a complete string, which is returned to the requester.

Tornado templates support "control statements" and "expression statements". Control statements are wrapped with {% and%}, for example, {% if len (items) > 2%}. Expression statements are wrapped with {{and}}, such as {{items [0]}}.

The format of the control statement and the corresponding Python statement is basically the same. We support if, for, while, and try, where the logical end of these statements needs to be marked with {% end%}. Template inheritance is also implemented through extends and block statements. These are described in detail in the template module code documentation.

Note: before using the template, you need to set the template path in setting: "template_path": "views"

Settings = {'template_path':'views', # set the template path. After setting up, you can put the HTML file in the views folder.' static_path':'static', # set the static template path, and set the css,JS after setting. Static files such as Jquery are placed in the static folder 'static_url_prefix':' / sss/', # need to be imported with / sss/, such as' cookie_secret': "asdasd, and # cookie needs to generate random strings in advance when generating keys Need to render 'xsrf_cokkies':True' here, # allow CSRF to use} application = tornado.web.Application ([(ringing settings index.IndexHandler),], * * Handler) # need to load here

The file directory structure is as follows:

1. The template language basically uses for loop, if..else, custom UIMethod to UIModule.

Start.py

Uimodule

Uimethod

Index.html

2. Motherboard inheritance

(1) like string formatting equivalent to python, define a placeholder first

Layout.html

(2) the format of the template inherited from the corresponding position in the secondary board

Index.html

3. Import content

Content.html

Index.html

Some functions, fields, Class for template use: alias xhtml_escape of escape: tornado.escape.xhtml_escape: alias url_escape of tornado.escape.xhtml_escape: alias json_encode of tornado.escape.url_escape: alias squeeze of tornado.escape.json_encode: alias linkify of tornado.escape.squeeze: alias datetime of tornado.escape.linkify: datetime module handler of Python: current RequestHandler object request: alias current_user of handler.request: alias locale of handler.current_user: Alias of handler.locale _: alias of handler.locale.translate alias of static_url: alias of for handler.static_url xsrf_form_html: alias of handler.xsrf_form_html

When you create a practical application, you will need to use all the functions of the Tornado template, especially the template inheritance function. All of these features can be found in the code documentation of the template module. (some of these functions are implemented in web modules, such as UIModules)

Tornado cookie

Cookie, sometimes in its plural form Cookies, refers to the data (usually encrypted) stored on the user's local terminal by some websites in order to identify the user and perform session tracking. Both RFC2109 and 2965 are obsolete, and the latest superseded specification is RFC6265. (it can be called browser cache)

1. Basic operation of cookie

#! / usr/bin/env python#-*-coding:utf-8-*-import tornado.ioloopimport tornado.web class MainHandler (tornado.web.RequestHandler): def get (self): print (self.cookies) # get all cookie self.set_cookie ('K1') 'v1') # set cookie print (self.get_cookie ('K1')) # get the specified cookie self.write ("Hello, world") application = tornado.web.Application ([(r "/ index", MainHandler),]) if _ _ name__ = = "_ _ main__": application.listen (8888) tornado.ioloop.IOLoop.instance (). Start ()

2. Encrypt cookie (signature)

Cookie is easily forged by malicious clients. To add information such as the id of the current login user you want to save in cookie, you need to sign the cookie to prevent forgery. Tornado supports this functionality directly through set_secure_cookie and get_secure_cookie methods. To use these methods, you need to provide a key named cookie_secret when you create the application. You can pass it into the settings of the application as a keyword parameter:

#! / usr/bin/env python#-*-coding:utf-8-*-import tornado.ioloopimport tornado.web class MainHandler (tornado.web.RequestHandler): def get (self): if not self.get_secure_cookie ("mycookie"): # get signed cookie self.set_secure_cookie ("mycookie") "myvalue") # sets the signed cookie self.write ("Your cookie was not set yet!") Else: self.write ("Your cookie was set!") application = tornado.web.Application ([(r "/ index", MainHandler),]) if _ _ name__ = = "_ _ main__": application.listen (8888) tornado.ioloop.IOLoop.instance () .start ()

The essence of signature Cookie is:

Write cookie process: encrypt the value by base64 to sign content other than the value, hash algorithm (cannot reverse parse) splice signature + encrypt value read cookie process: read signature + encrypted value to verify signature base64 decryption, get value content

Use cookie to do simple custom user authentication, the following will write an absolutely powerful custom session user authentication

Custom authentication login

3. JavaScript operates Cookie

Because Cookie is saved on the browser side, you can also use JavaScript to manipulate Cookie on the browser side.

/ * set cookie, specify the number of seconds to expire. Name indicates that the passed key,value represents the corresponding value passed, and expires indicates that the current date expires plus 5 seconds * / function setCookie (name,value,expires) {var temp = []; var current_date = new Date (); current_date.setSeconds (current_date.getSeconds () + 5); [xss_clean] = name + "=" + value + "; expires=" + current_date.toUTCString ();}

Note: there is also a specified plug-in jQuery Cookie in jQuery that is specifically used to operate cookie. Click here

4. Custom session

Originally, I wanted to open a new post, but I'd better post the code here and copy it directly when it is useful for session verification.

Custom session

XSS attacks and CSRF request forgery

XSS

Cross-site scripting attack (Cross Site Scripting) is abbreviated to XSS because it is not confused with the abbreviation of cascading style sheets (Cascading Style Sheets, CSS). A malicious attacker inserts malicious Script code into a Web page, and when a user browses the page, the Script code embedded in the Web will be executed, thus achieving the special purpose of malicious attack on the user.

XSS has been blocked for us in tornado, but when we write the front-end code from the back end to the front end, the browser is passed in a string rather than a code format. So you need an inverse solution, adding a raw in front of the incoming template language, such as {{raw zhangyanlin}}, so you may not quite understand it. Write a piece of code and you may understand it.

Start.py

Index.html

CSRF

CSRF (Cross-site request forgery cross-site request forgery, also known as "one click attack" or session riding, usually abbreviated to CSRF or XSRF, is a malicious exploitation of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, and the attack mode is almost different. XSS takes advantage of trusted users within the site, while CSRF takes advantage of trusted sites by masquerading requests from trusted users. Compared with XSS attacks, CSRF attacks are often less popular (so there are few resources to prevent them) and difficult to prevent, so they are considered to be more dangerous than XSS.

Currently, a common way to guard against XSRF is to record an unpredictable cookie data for each user, and then require that all submitted requests must contain this cookie data. If this data does not match, then the request may have been falsified.

Tornado has a built-in XSRF defense mechanism. To use this mechanism, you need to add the xsrf_cookies setting: xsrf_cookies=True to the application configuration, and write a piece of code to show:

Start.py

Csrf.html

To put it simply, it generates an ID number similar to your own in the form verification, carrying him to visit the web page.

Tornado uploads files

Uploading files can be divided into two categories, the first is uploading through form form verification, and the other is uploading through ajax. Let's introduce these two categories.

1. Upload files with form form

Start.py

Index.html

2. Upload files on ajax

HTML iframe

Jquery upload

XML submission

Start.py

Note: all the following examples can be implemented with the same python code, only need to change the front-end code, the python code file name is start.py

Tornado generates random verification codes

Using python to generate random CAPTCHA needs to learn from a plug-in and an io module, which is also very easy to implement. Of course, you also need to learn from session to determine whether the CAPTCHA is wrong. Write a section of user login verification with CAPTCHA below. Look at the effect. The plug-in and the execution file must be placed in a more directory.

Start.py

Login.html

The effect picture is as follows:

Thank you for your reading, the above is the content of "how to understand the Tornado web framework", after the study of this article, I believe you have a deeper understanding of how to understand the Tornado web framework, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.