[Web-SIG] Naif wanting to improve CGI handling

Christoph Haas email at christoph-haas.de
Fri Nov 24 15:43:23 CET 2006 

Dear SIG,

I have just subscribed to this list and while I waded through a few 
postings in the list's archive I might not have a clear picture of what's 
currently really going on. So I may ask about things that you have decided 
on already.

Frankly I'm unhappy with the 'cgi' module in the standard library. A 
posting on the python-user mailing list made me rethink why web 
programming is so painful for me in Python while it was easy in Perl 
(while everything else was hard in Perl which is easy in Python). IMHO 
Python deserves at least a good CGI implementation. And since I'm used to 
Perl's 'CGI' module I would at least expect the same functionality in 
Python.

In my posting on python-user I wrote that I would want:

- cookie handling
- cookie-session handling (similar to PHP or Perl's CGI::Session; combined
  with database backends or simple text files)
- handling of form fields (Perl's CGI class can easily redisplay what
  has been entered in the fields when they got submitted through a <FORM>)
- accessing parameters (honestly I haven't yet understood why I need to use
  .value on FielStorage dictionaries - why isn't it just a plain
  dictionary?)
- state keeping (storing the contents of all form fields on disk
  to retrieve it later)
- creating form elements easily (option lists for example from
  dictionaries and lists like in Perl)
- creating standard HTML elements (or do you remember how DOCTYPE
  looks without looking it up?)
- handling of file uploads (which is just a recipe on ActivePython
  at the moment)
- controlling HTTP headers (expires, redirections, charset)
- convenience functions e.g. for getting the client IP address without
  needing to read ENV['REMOTE_ADDR']

So I started reading http://wiki.python.org/moin/WebStandardisation and 
found a pretty large list of frameworks, modules and other approaches to 
deal with the shortcomings of CGI handling in Python in real life. A user 
coming from Perl and being used to Perl's 'CGI' module will surely not 
know where to start. The standard library is not sufficient and makes 
him/her start to reinvent the wheel (that's what I did). Frameworks make 
him/her learn yet another language because frameworks often seem to 
transforming Python into some new language.

While reading what is already done and learning about this SIG I found the 
PEP333 that really scared me. I'm personally not interested in Python 
acting as a web server. I'm used to run Apache and use CGIs that deal with 
stdin, stdout and environment variables. So my expectations are pretty 
close to Perl's 'CGI' and 'CGI::Session' modules. But it sounds like it's 
pretty mandatory to use WSGI if I want to add any layer of functionality.

Currently my idea is to ignore PEP333 - mainly because I don't know whether 
I really need anything of that - and implement Perl's way of CGI handling 
in Python. I just fear that it will add to the pile of frameworks and get 
us even further away from providing *the* standard CGI library. It's nice 
to have the freedom to choose. But while everybody complains about Perl's 
TIMTOWTDI at least CGI programmers in Perl know what to use. While in 
Python everybody's going berserk on the large set of possible frameworks.
IMHO whenever TIMTOWTDI in Python there is missing something basic.

I'm dreaming of a generic way to handle CGIs in Python's common beautiful 
style while depending fully on the standard library. Perhaps something 
like...

import newstuff
import MySQLdb
import datetime

# Open database for storing sessions
mydatabase = MySQLdb.connect(...)

# Define a session handler
session_handler = newstuff.session_cookies(
    database_type = 'mysql',
    database_handler = mydatabase
    )

# Create a CGI instance
mycgi = newstuff.CGI(
    session_cookie_name = 'MYSESSION',
    session_cookie_handler = session_handler,
    session_max_age = datetime.timedelta(hours=1),
    # Cookie session based authentication
    authentication_needed = True,
    authentication_realm = 'Secure Area'
    )

# Print out the HTTP header
print mycgi.http_header(
    type='text/html',
    expires='+3d'
    )

# Print out the HTML header
print mycgi.start_html(
    title = 'Secrets of the Pyramids',
    target = '_blank',
    css_stylesheet = '/mystyle.css'
    )

# Provide a login form unless the user is authenticated through
# a <form> that is connected to the cookie session
if not mycgi.authenticated:
    print mycgi.html.loginform(
        ...
        )

# Print a <h1> HTML element
print mycgi.html.h1(
    'Hello world',
    style = 'funkytitle'
    )

# Access a form parameter
print "In the last form the name you entered was:", \
    mycgi.form('name')

# Store a value into the cookie session
mycgi.session_set('name', mycgi.form('name'))

# Access a value from the cookie session
print "Your cookie session contains this country:", \
    mycgi.session_get('country')

# Send </html>
mycgi.end_html()

This is just a rough brainstormed draft and I haven't thought of a huge 
concept or plan so far.

Should I just go ahead and create yet another framework and increase the 
chaos by joining the dark side? Or is there work going on where my ideas 
would fit in and where my revolutionary energy saves the world? I would 
love to see my Python skills - as average as they may be - create 
something useful not only for me. I hope someone of you has enough 
overview over the current activities to provide a little guidance. Thanks 
in advance.

Kindly
 Christoph

More information about the Web-SIG mailing list