www.it-ebooks.info www.it-ebooks.info Introduction to Tornado Michael Dory, Adam Parrish, and Brendan Berg Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo www.it-ebooks.info Introduction to Tornado by Michael Dory, Adam Parrish, and Brendan Berg Copyright © 2012 Michael Dory, Adam Parrish, and Brendan Berg. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com. Editors: Andy Oram and Mike Hendrickson Production Editor: Melanie Yarbrough Cover Designer: Karen Montgomery Interior Designer: David Futato Illustrator: Robert Romano Revision History for the First Edition: 2012-03-16 First release See http://oreilly.com/catalog/errata.csp?isbn=9781449309077 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Introduction to Tornado, the cover image of an American marsh hawk, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. ISBN: 978-1-449-30907-7 [LSI] 1331730824 www.it-ebooks.info Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 What Is Tornado? 2 Getting Started with Tornado 3 Community and Support 3 Simple Web Services 4 Hello Tornado 4 String Service 7 More About RequestHandlers 9 Next Steps 11 2. Forms and Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Simple Example: Poem Maker Pro 13 Rendering Templates 15 Interpolation 16 Template Syntax 17 Interpolating Expressions 18 Control Flow Statements 18 Using Functions Inside Templates 19 Complete Example: The Alpha Munger 20 How It Works 23 Serving Static Files 25 Next Steps with Templates 26 3. Extending Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Blocks and Substitutions 27 Basics of Blocks 27 Templates in Practice: Burt’s Books 31 Autoescaping 34 UI Modules 37 iii www.it-ebooks.info Basic Module Usage 38 Modules in Depth 39 Embedding JavaScript and CSS 42 Summing Up 44 4. Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Basic MongoDB Operations with PyMongo 48 Establishing a Connection 48 Dealing with Documents 49 MongoDB Documents and JSON 51 A Simple Persistent Web Service 52 A Read-Only Dictionary 52 Writing the Dictionary 54 Burt’s Books 56 Reading Books (From the Database) 56 Editing and Adding Books 59 MongoDB: Next Steps 63 5. Asynchronous Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Asynchronous Web Requests 67 Starting Synchronous 68 The Trouble with Blocking 70 Basic Asynchronous Calls 72 The asynchronous Decorator and the finish Method 73 Asynchronous Generators 75 Summary of Asynchronous Operations 78 Long Polling with Tornado 78 The Benefits of Long Polling 79 Example: Live Inventory Reporting 80 The Downsides of Long Polling 86 WebSockets with Tornado 87 Tornado’s WebSocket Module 88 Example: Live Inventory with WebSockets 88 The Future of WebSockets 92 6. Writing Secure Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Cookie Vulnerabilities 93 Cookie Forgery 93 Secure Cookies 93 Request Vulnerabilities 96 Anatomy of a Cross-Site Request Forgery 96 Defending Against Request Forgeries 96 Using Tornado’s XSRF protection 97 iv | Table of Contents www.it-ebooks.info User Authentication 98 Example: Welcome Back 98 The authenticated Decorator 100 Summing up 101 7. Authenticating with External Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 The Tornado auth Module 103 The Authorization Workflow 103 Asynchronous Requests 104 Example: Sign in With Twitter 104 Example: Facebook Authentication and the Graph API 109 8. Deploying Tornado . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Reasons for Running Multiple Tornado Instances 115 Using Nginx as a Reverse Proxy 116 Basic Nginx Configuration 116 SSL Decryption with Nginx 118 Using Supervisor to Manage Tornado Processes 119 Table of Contents | v www.it-ebooks.info www.it-ebooks.info Preface Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, email addresses, filenames, and file extensions. Constant width Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords. Constant width bold Shows commands or other text that should be typed literally by the user. Constant width italic Shows text that should be replaced with user-supplied values or by values deter- mined by context. This icon signifies a tip, suggestion, or general note. This icon indicates a warning or caution. Using Code Examples This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does vii www.it-ebooks.info require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission. We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Introduction to Tornado by Michael Dory, Adam Parrish, and Brendan Berg (O’Reilly). Copyright 2012 Michael Dory, Adam Par- rish, and Brendan Berg, ISBN 978-1-4493-0907-7.” If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com. Safari® Books Online Safari Books Online is an on-demand digital library that lets you easily search over 7,500 technology and creative reference books and videos to find the answers you need quickly. With a subscription, you can read any page and watch any video from our library online. Read books on your cell phone and mobile devices. Access new titles before they are available for print, and get exclusive access to manuscripts in development and post feedback for the authors. Copy and paste code samples, organize your favorites, down- load chapters, bookmark key sections, create notes, print out pages, and benefit from tons of other time-saving features. O’Reilly Media has uploaded this book to the Safari Books Online service. To have full digital access to this book and others on similar topics from O’Reilly and other pub- lishers, sign up for free at http://my.safaribooksonline.com. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 800-998-9938 (in the United States or Canada) 707-829-0515 (international or local) 707-829-0104 (fax) We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at: http://shop.oreilly.com/product/0636920021292.do To comment or ask technical questions about this book, send email to: bookquestions@oreilly.com viii | Preface www.it-ebooks.info [...]... specific concerns, the Tornado Web Server Google Group is active and full of folks who use Tornado on a daily basis What Is Tornado? | 3 www.it-ebooks.info Simple Web Services Now that we’ve covered what Tornado is, let’s look at what it can do To start, we’ll go over the basics of writing a simple web service with Tornado Hello Tornado Tornado is a framework for writing responses to HTTP requests Your... of Tornado 2.0, and the Tornado team has advised developers to continue to keep an eye out for bugs on that front Community and Support For questions, examples, and general how -to s, the official Tornado documentation is a great place to start There’s a variety of examples and breakdowns of features at tornadoweb.org, and more specific details and changes can be seen at Facebook’s Tornado repository... http://github.com/downloads/facebook /tornado/ tornado-2.1.1.tar.gz tar xvzf tornado- 2.1.1.tar.gz cd tornado- 2.1.1 python setup.py build sudo python setup.py install Tornado is not officially supported on Windows, but it can be installed via ActivePython’s PyPM package manager like so: C:\> pypm install tornado Once Tornado is installed on your machine, you’re good to go! A bunch of demos are included... writing responses to HTTP requests Your job as a programmer is to write “handlers” that respond to HTTP requests that match particular criteria Here’s a basic example of a fully functional Tornado application: Example 1-1 The basics: hello.py import import import import tornado. httpserver tornado. ioloop tornado. options tornado. web from tornado. options import define, options define("port", default=8000,... string_service.py import textwrap import import import import tornado. httpserver tornado. ioloop tornado. options tornado. web from tornado. options import define, options define("port", default=8000, help="run on the given port", type=int) class ReverseHandler (tornado. web.RequestHandler): def get(self, input): self.write(input[::-1]) class WrapHandler (tornado. web.RequestHandler): def post(self): text = self.get_argument('text')... This application consists of four files: main.py (the Tornado program), style.css (a CSS stylesheet file), index.html, and munged.html (Tornado templates) Let’s look at the code: Example 2-4 Complete forms and templates: main.py import os.path import random import import import import tornado. httpserver tornado. ioloop tornado. options tornado. web from tornado. options import define, options define("port",... various Tornado libraries There are other helpful libraries included with Tornado, but you’ll need to import at least these four to get this example running: from tornado. options import define, options define("port", default=8000, help="run on the given port", type=int) Tornado includes a helpful library (tornado. options) for reading options from the command line We make use of that library here to let... the user to fill out, and then processes the results of that form See Example 2-1 for the Python code Example 2-1 Simple forms and templates: poemmaker.py import os.path import import import import tornado. httpserver tornado. ioloop tornado. options tornado. web from tornado. options import define, options define("port", default=8000, help="run on the given port", type=int) class IndexHandler (tornado. web.RequestHandler):... Once we’ve told Tornado where to find templates, we can use the render method of the RequestHandler class to tell Tornado to read in a template file, interpolate any template code found within, and then send the results to the browser In IndexHandler, for example, we find the following: self.render('index.html') This code will cause Tornado to find a file called index.html in the templates directory, read... = tornado. web.Application(handlers=[(r"/", IndexHandler)]) Simple Web Services | 5 www.it-ebooks.info These are the lines that actually make the Tornado application run First, we use Tornado s options library to parse the command line Then we create an instance of Tornado s Application class The most important argument to pass to the init method of the Application class is handlers This tells Tornado . Tornado application: Example 1-1. The basics: hello.py import tornado. httpserver import tornado. ioloop import tornado. options import tornado. web from tornado. options. http://github.com/downloads/facebook /tornado/ tornado-2.1.1.tar.gz $ tar xvzf tornado- 2.1.1.tar.gz $ cd tornado- 2.1.1 $ python setup.py build $ sudo python setup.py install Tornado