I want to develop an extremely lightweight web service with a RESTful JSON API. I will do all the session management on the server side. The solution will receive several 100k (or more) API calls an hour and return (compressed) JSON as response, it should be able to scale effortlessly.
Security is naturally important, but I want to avoid heavy weight frameworks like Django etc, and preferably will use a webserver like nginx or lighttpd instead of Apache.
At the server end, this is all I need:
user session management
security (protection against atleast the more common attacks such as cross site request forgery etc)
url routing
http utilities (e.g. compression)
I am aware of web2py, but its deployment options seems 'not well though out' at best - so far, I have been unable to get it to work with Apache, despite following the user manuals.
Can anyone suggest a python framework (and web server) best suited for this task?
if you want to go really lightweight, you might try wsgi itself without a framework, or maybe Flask. I understand wsgi runs on lighttpd, you'll get some hits on a Google search.
Try Pyramid. It's fast, lightweight and with a lot of options to configure your enviroment as you like...
Related
I'm currently working on a University project that needs to be implemented with a Client - Server model.
I had experiences in the past where I was managing the communication at socket level and that really sucked.
I was wondering if someone could suggest an easy to use python framework that I can use for that purpose.
I don't know what kind of details you may need to answer so I'm just going to describe the project briefly.
Communication should happen over HTTP, possibly HTTPS.
The server does not need to send data back or invoke methods on the clients, it just collects data
Many clients send data concurrently to server, who needs to distinguish the sender, process the data accordingly and put the result in a database.
You can use something like Flask or Django. Both frameworks are fairly easy to implement, Flask is much easier than Django IMO, although Django has a built in authentication layer that you can use, albeit more difficult to implement in a client/server scenario like you need.
I would personally use Flask and JWT (JSON Web Tokens), which will allow you to give a token to each client for authentication with the server, which will also let you differentiate between clients, and you can use HTTPS for your SSL/TLS requirement. It is tons easier to implement this, and although I like django better for what it brings to the table, it is probably overkill to have you learn it for a single assignment.
For Flask with SSL, here is a quick rundown of that.
For JWT with Flask, here is that.
You can use any database system you would like.
If I understood you correctly you can use any web framework in python. For instance, you can use Flask (I use it and I like it). Django is also a popular choice among the python web frameworks. However, you shouldn't be limited to only these two. There are plenty of them out there. Just google for them.
The implementation of the client depends on what kind of communication there will be between the clients and the server - I don't have enough details here. I only know it's unidirectional.
The client can be a browser accessing you web application written in Flask where users send only POST requests to the server. However, even here the communication will bidirectional (the clients need to open the page which means the server sends requests back to the client) and it violates your initial requirement.
Then it can be a specific client written in python sending some particular requests to your server over http/https. For instance, your client can use a requests package to send HTTP requests.
I am currently working on a project where we need to establish communication like an ESB, between a REST API and the apps services on a small scale.
Scenario:
Assume a web app front end (e.g. Django/Python or Ruby/Rails) and services that are accessible via a HTTP RESTful request.
How can I:
make it configurable which web services are called on a web request depending on the request and not requiring code changes (through keys for example)
encapsulate or implement the services in a way to make it easy to manage them e.g. start/stop etc.
I have been looking at spring.io, but cant work out whether this could be used for the this??
I am open to all suggestions,
Thanks
From what I understand, you want an authorisation solution.
In Rails, Pundit and CanCanCan are very popular. You could also implement it from scratch. Here is a screencast to help you get started.
I'm in the process of setting up a new web app and deciding whether to just do it with WSGI or go the full framework route with Django.
The app's foremost requirements:
1) The app has no UI what so ever and all of the data is exposed to clients via a REST api with JSON.
2) It will have data to persist so MongoDB & probably Amazon's SimpleDB will be used for the database side.
Is there a reason to use Django or can I get marginal speed improvement with WSGI only?
Previous server-side apps I've built were either with Java/Struts and Groovy/Grails on the JVM. My understanding is that Django is an MVC framework similar to Rails and Grails.
I've also played around with Google App Engine which uses WSGI as thin layer above your code for managing and routing requests.
I suggest you consider something between those two extremes. Flask is lightweight, very easy to use, and connects to your web server via wsgi. You can use regular python database connectors with it, and a few databases even have Flask-specific extension modules.
I have worked with Django for a couple of projects and I like it a lot, but since you are going to use mongoDB and a lot of JSON I suggest you use NodeJS as server side, with Express as framework, you can see a brief tutorial here:
http://howtonode.org/express-mongodb
One of the advantages of this is that you will use only javascript all along your project, I began working with this technology the last month in a Hackathon, and I can tell you that I'm very impressed of how fast and simple it is.
I've worked a bit with some django "apps" ,its really easy, but setting up the "apps" can be a bit of a long process. Django has a lot of nice features that you won't be using and I agree that you might be on one "extreme" here.
I am trying to explore more about web service in Python/Django and to be honest i am quite confused. There are so many things like SOAPpy, XML-RPC, JSON-RPC RESTful, web service.
Basically all i want to know is what is the standard way of implementing web service in Python/Django and has anyone implemented in live production environment
There isn't a 'standard' way, but a lot of people (including me) have used -- and like! -- Django Piston, which is actually also used to create the web service for BitBucket (where piston's source is hosted)
Also, if you're still learning about web services, I can highly recommend the O'Reilly book RESTful Web Services -- although it's a book with a focus on REST (which I agree is the best design pattern for a web service) it also explains RPC and SOAP, too.
There are so many things like SOAPpy, XML-RPC, JSON-RPC RESTful, web service.
This should give you a clue - there are different services out there that use one or more of these mechanisms.
Basically all i want to know is what is the standard way of implementing web service in Python/Django and has anyone implemented in live production environment
There is no single standard way of implementing a web service. This is as true for Django/Python as for other web frameworks.
Different people have used Django in different ways to create a web service to suit their needs.
I'm quite new in Python world. I come from java and ABAP world, where their application server are able to handle stateful request.
Is it also possible in python using WSGI?
Or stateful and stateless are handled in other layer?
Usually, you don't work with "bare" WSGI. You work with web-frameworks, such as Pylons or TurboGears2.
And these contain a session-middleware, based on WSGI - called "Beaker". But if you work with the framework, you don't have to worry about that - you just use it.
But if you insist, you can of course use Beaker standalone.
I prefer working directly on wsgi, along with mako and psycopg.
It's good to know about Beaker, though I usually don't hold state in the server because I believe it reduces scalability. I either put it in the user's cookie, in the database tied to a token in the user's cookie, or in a redirect url.
Your question is a little vague and open-ended. First of all, WSGI itself isn't a framework, it's just the glue to connect a framework to the web server. Secondly, I'm not clear on what you mean when you say "state" -- do you mean storing information about a client on the server? If so, web frameworks (Pylons, Django, etc) allow you to store that kind of information in web session variables.