RpcPython fixed and refactored

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

RpcPython fixed and refactored

panyasan
Hello List,

some time ago already,  Viktor Ferenczi wrote a jsonrpc server in Python (see http://python.cx.hu/qxjsonrpc). Unfortunately, he currently has no time to further develop it. I imported his externally hosted code to qooxdoo-contrib, fixed a small typo which kept it from functioning, and rewrote the applciation wrapper for his python package:

http://qooxdoo.org/documentation/RPC_Python

It is working now with the RpcExample and RpcConsole clients, and thus should work with any code that works with qx.io.remote.Rpc. I have departed from Viktors approach as far as RpcPython has been brought closer to the RpcPhp implementation. In Viktor's original code, the server script manually mapped each service to a particular Python class. In contrast, the current code receives a service name in dot-separated path format and expect to find the class containing the service in a file.

If the service name is “foo.bar.baz”, the class is named “Baz” in the “foo.bar.baz” module, located in “foo/bar/baz.py” somewhere on the python class path. The class file is dynamically loaded and the service object instantiated when the request is received (will be done only once for each service object).
The classes and methods are protected. The service class is loaded only if the containing module contains the “isRpcService” property set to True and if the method contains the “public” decorator.

I am fairly new to Python, that's why I welcome comments and criticism about the current implementation, in particular, on security issues etc. Also, please go ahead and test the code yourself.

Thanks to Viktor for his code!

Todo:
- update qxjsonrpc to a newer cjson version (currently works only with cjson 0.3).

Thanks,

Christian
Reply | Threaded
Open this post in threaded view
|

Re: RpcPython fixed and refactored

MartinWittemann
Administrator
Hello Christian,

I am not the python expert either so I can't give you any feedback on the code. Maybe Thomas can have a look at it because he's the expert. But as you sure know, we are preparing the beta release so don't expect some feedback too soon.
But you can expect a big thank you for another contrib. Keep up the good work!

Regards,
Martin

panyasan wrote
Hello List,

some time ago already,  Viktor Ferenczi wrote a jsonrpc server in Python (see http://python.cx.hu/qxjsonrpc). Unfortunately, he currently has no time to further develop it. I imported his externally hosted code to qooxdoo-contrib, fixed a small typo which kept it from functioning, and rewrote the applciation wrapper for his python package:

http://qooxdoo.org/documentation/RPC_Python

It is working now with the RpcExample and RpcConsole clients, and thus should work with any code that works with qx.io.remote.Rpc. I have departed from Viktors approach as far as RpcPython has been brought closer to the RpcPhp implementation. In Viktor's original code, the server script manually mapped each service to a particular Python class. In contrast, the current code receives a service name in dot-separated path format and expect to find the class containing the service in a file.

If the service name is “foo.bar.baz”, the class is named “Baz” in the “foo.bar.baz” module, located in “foo/bar/baz.py” somewhere on the python class path. The class file is dynamically loaded and the service object instantiated when the request is received (will be done only once for each service object).
The classes and methods are protected. The service class is loaded only if the containing module contains the “isRpcService” property set to True and if the method contains the “public” decorator.

I am fairly new to Python, that's why I welcome comments and criticism about the current implementation, in particular, on security issues etc. Also, please go ahead and test the code yourself.

Thanks to Viktor for his code!

Todo:
- update qxjsonrpc to a newer cjson version (currently works only with cjson 0.3).

Thanks,

Christian
Reply | Threaded
Open this post in threaded view
|

Re: RpcPython fixed and refactored

Thomas Herchenroeder
In reply to this post by panyasan
Just a minor thing: simplejson is part of the qooxdoo SDK (in
tool/pylib), and since Python 2.6 part of Python itself, as module 'json'.

T.

panyasan wrote:

> Hello List,
>
> some time ago already,  Viktor Ferenczi wrote a jsonrpc server in Python
> (see http://python.cx.hu/qxjsonrpc). Unfortunately, he currently has no time
> to further develop it. I imported his externally hosted code to
> qooxdoo-contrib, fixed a small typo which kept it from functioning, and
> rewrote the applciation wrapper for his python package:
>
> http://qooxdoo.org/documentation/RPC_Python
>
> It is working now with the RpcExample and RpcConsole clients, and thus
> should work with any code that works with qx.io.remote.Rpc. I have departed
> from Viktors approach as far as RpcPython has been brought closer to the
> RpcPhp implementation. In Viktor's original code, the server script manually
> mapped each service to a particular Python class. In contrast, the current
> code receives a service name in dot-separated path format and expect to find
> the class containing the service in a file.
>
> If the service name is “foo.bar.baz”, the class is named “Baz” in the
> “foo.bar.baz” module, located in “foo/bar/baz.py” somewhere on the python
> class path. The class file is dynamically loaded and the service object
> instantiated when the request is received (will be done only once for each
> service object).
> The classes and methods are protected. The service class is loaded only if
> the containing module contains the “isRpcService” property set to True and
> if the method contains the “public” decorator.
>
> I am fairly new to Python, that's why I welcome comments and criticism about
> the current implementation, in particular, on security issues etc. Also,
> please go ahead and test the code yourself.
>
> Thanks to Viktor for his code!
>
> Todo:
> - update qxjsonrpc to a newer cjson version (currently works only with cjson
> 0.3).
>
> Thanks,
>
> Christian
>  

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
qooxdoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: RpcPython fixed and refactored

Siarhei Barysiuk
Yep, and we use simplejson for QxTransformer as well.

Siarhei

On Nov 24, 2009, at 11:17 AM, thron7 wrote:

> Just a minor thing: simplejson is part of the qooxdoo SDK (in
> tool/pylib), and since Python 2.6 part of Python itself, as module  
> 'json'.
>
> T.
>
> panyasan wrote:
>> Hello List,
>>
>> some time ago already,  Viktor Ferenczi wrote a jsonrpc server in  
>> Python
>> (see http://python.cx.hu/qxjsonrpc). Unfortunately, he currently  
>> has no time
>> to further develop it. I imported his externally hosted code to
>> qooxdoo-contrib, fixed a small typo which kept it from functioning,  
>> and
>> rewrote the applciation wrapper for his python package:
>>
>> http://qooxdoo.org/documentation/RPC_Python
>>
>> It is working now with the RpcExample and RpcConsole clients, and  
>> thus
>> should work with any code that works with qx.io.remote.Rpc. I have  
>> departed
>> from Viktors approach as far as RpcPython has been brought closer  
>> to the
>> RpcPhp implementation. In Viktor's original code, the server script  
>> manually
>> mapped each service to a particular Python class. In contrast, the  
>> current
>> code receives a service name in dot-separated path format and  
>> expect to find
>> the class containing the service in a file.
>>
>> If the service name is “foo.bar.baz”, the class is named “Baz” in the
>> “foo.bar.baz” module, located in “foo/bar/baz.py” somewhere on the  
>> python
>> class path. The class file is dynamically loaded and the service  
>> object
>> instantiated when the request is received (will be done only once  
>> for each
>> service object).
>> The classes and methods are protected. The service class is loaded  
>> only if
>> the containing module contains the “isRpcService” property set to  
>> True and
>> if the method contains the “public” decorator.
>>
>> I am fairly new to Python, that's why I welcome comments and  
>> criticism about
>> the current implementation, in particular, on security issues etc.  
>> Also,
>> please go ahead and test the code yourself.
>>
>> Thanks to Viktor for his code!
>>
>> Todo:
>> - update qxjsonrpc to a newer cjson version (currently works only  
>> with cjson
>> 0.3).
>>
>> Thanks,
>>
>> Christian
>>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> qooxdoo-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
qooxdoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: RpcPython fixed and refactored

panyasan
Since I have it running with cjson, I'd be happy if you - Thomas or Siarhei - could update the code to make use of simplejson... I need to move on to other issues.

Thanks!

Siarhei Barysiuk wrote
Yep, and we use simplejson for QxTransformer as well.

Siarhei

On Nov 24, 2009, at 11:17 AM, thron7 wrote:

> Just a minor thing: simplejson is part of the qooxdoo SDK (in
> tool/pylib), and since Python 2.6 part of Python itself, as module  
> 'json'.
>
> T.
>
> panyasan wrote:
>> Hello List,
>>
>> some time ago already,  Viktor Ferenczi wrote a jsonrpc server in  
>> Python
>> (see http://python.cx.hu/qxjsonrpc). Unfortunately, he currently  
>> has no time
>> to further develop it. I imported his externally hosted code to
>> qooxdoo-contrib, fixed a small typo which kept it from functioning,  
>> and
>> rewrote the applciation wrapper for his python package:
>>
>> http://qooxdoo.org/documentation/RPC_Python
>>
>> It is working now with the RpcExample and RpcConsole clients, and  
>> thus
>> should work with any code that works with qx.io.remote.Rpc. I have  
>> departed
>> from Viktors approach as far as RpcPython has been brought closer  
>> to the
>> RpcPhp implementation. In Viktor's original code, the server script  
>> manually
>> mapped each service to a particular Python class. In contrast, the  
>> current
>> code receives a service name in dot-separated path format and  
>> expect to find
>> the class containing the service in a file.
>>
>> If the service name is “foo.bar.baz”, the class is named “Baz” in the
>> “foo.bar.baz” module, located in “foo/bar/baz.py” somewhere on the  
>> python
>> class path. The class file is dynamically loaded and the service  
>> object
>> instantiated when the request is received (will be done only once  
>> for each
>> service object).
>> The classes and methods are protected. The service class is loaded  
>> only if
>> the containing module contains the “isRpcService” property set to  
>> True and
>> if the method contains the “public” decorator.
>>
>> I am fairly new to Python, that's why I welcome comments and  
>> criticism about
>> the current implementation, in particular, on security issues etc.  
>> Also,
>> please go ahead and test the code yourself.
>>
>> Thanks to Viktor for his code!
>>
>> Todo:
>> - update qxjsonrpc to a newer cjson version (currently works only  
>> with cjson
>> 0.3).
>>
>> Thanks,
>>
>> Christian
>>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> qooxdoo-devel mailing list
> qooxdoo-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
qooxdoo-devel mailing list
qooxdoo-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: RpcPython fixed and refactored

panyasan
In reply to this post by panyasan
panyasan wrote
...

I am fairly new to Python, that's why I welcome comments and criticism about the current implementation, in particular, on security issues etc. Also, please go ahead and test the code yourself.

...
Since I departed from the explicit registration of service classes, the obvious problem arises how to keep a malicious user to call arbitrary python modules on the service class - admittedly a major problem of my approach. In RpcPhp and RpcPerl, the issue is solved by prefixing class and method names (class_ and method_). Currently, I solve it by requring a module attribute ("isRpcService"). Another way of solving it would be to require a specific super class as a marker interface - I think this is how it is done in RpcJava. Since Python supports multiple inheritance, this would be another way to go.

What do you think? I am not attached to the current solution. In Python 3.0, class decorators are possible, but not in Python 2.*

Thanks for your ideas,

Christian