def session_view(view, info):
if info.options.get("uses_session"):
# If we're using the session, then we'll just return the original view
# with a small wrapper around it to ensure that it has a Vary: Cookie
# header.
return add_vary("Cookie")(view)
else:
# If we're not using the session on this view, then we'll wrap the view
# with a wrapper that just ensures that the session cannot be used.
@functools.wraps(view)
def wrapped(context, request):
# TODO: When Pyramid 1.8 is released we can make this better by
# using info.exception_only.
if request.exception is not None:
return view(context, request)
# Save the original session so that we can restore it once the
# inner views have been called.
original_session = request.session
# This particular view hasn't been set to allow access to the
# session, so we'll just assign an InvalidSession to
# request.session
request.session = InvalidSession()
try:
# Invoke the real view
return view(context, request)
finally:
# Restore the original session so that things like
# pyramid_debugtoolbar can access it.
request.session = original_session
return wrapped
def test_add_vary(vary):
class FakeRequest:
def __init__(self):
self.callbacks = []
def add_response_callback(self, callback):
self.callbacks.append(callback)
response = pretend.stub(vary=vary)
context = pretend.stub()
request = FakeRequest()
def view(context, request):
return response
assert add_vary("foobar")(view)(context, request) is response
assert len(request.callbacks) == 1
request.callbacks[0](request, response)
if vary is None:
vary = []
assert response.vary == {"foobar"} | set(vary)
def uses_session(view):
@functools.wraps(view)
def wrapped(context, request):
# Mark our request as allowing access to the sessions.
request._allow_session = True
# Actually execute our view.
return view(context, request)
# Wrap our already wrapped view with another wrapper which will ensure that
# there is a Vary: Cookie header applied.
wrapped = add_vary("Cookie")(wrapped)
return wrapped
def uses_session(view):
@functools.wraps(view)
def wrapped(context, request):
# Mark our request as allowing access to the sessions.
request._allow_session = True
# Actually execute our view.
return view(context, request)
# Wrap our already wrapped view with another wrapper which will ensure that
# there is a Vary: Cookie header applied.
wrapped = add_vary("Cookie")(wrapped)
return wrapped
def translated_view(view, info):
if info.options.get("has_translations"):
# If this page can be translated, then we'll add a Vary: PyPI-Locale
# Vary header.
# Note: This will give weird results if hitting PyPI directly instead of through
# the Fastly VCL which sets PyPI-Locale.
return add_vary("PyPI-Locale")(view)
elif info.exception_only:
return view
else:
# If we're not using translations on this view, then we'll wrap the view
# with a wrapper that just ensures that the localizer cannot be used.
@functools.wraps(view)
def wrapped(context, request):
# This whole method is a little bit of an odd duck, we want to make
# sure that we don't actually *access* request.localizer, because
# doing so triggers the machinery to create a new localizer. So
# instead we will dig into the request object __dict__ to
# effectively do the same thing, just without triggering an access
# on request.localizer.
# Save the original session so that we can restore it once the
# inner views have been called.
nothing = object()
original_localizer = request.__dict__.get("localizer", nothing)
# This particular view hasn't been set to allow access to the
# translations, so we'll just assign an InvalidLocalizer to
# request.localizer
request.__dict__["localizer"] = InvalidLocalizer()
try:
# Invoke the real view
return view(context, request)
finally:
# Restore the original session so that things like
# pyramid_debugtoolbar can access it.
if original_localizer is nothing:
del request.__dict__["localizer"]
else:
request.__dict__["localizer"] = original_localizer
return wrapped
def session_view(view, info):
if info.options.get("uses_session"):
# If we're using the session, then we'll just return the original view
# with a small wrapper around it to ensure that it has a Vary: Cookie
# header.
return add_vary("Cookie")(view)
elif info.exception_only:
return view
else:
# If we're not using the session on this view, then we'll wrap the view
# with a wrapper that just ensures that the session cannot be used.
@functools.wraps(view)
def wrapped(context, request):
# This whole method is a little bit of an odd duck, we want to make
# sure that we don't actually *access* request.session, because
# doing so triggers the machinery to create a new session. So
# instead we will dig into the request object __dict__ to
# effectively do the same thing, jsut without triggering an access
# on request.session.
# Save the original session so that we can restore it once the
# inner views have been called.
nothing = object()
original_session = request.__dict__.get("session", nothing)
# This particular view hasn't been set to allow access to the
# session, so we'll just assign an InvalidSession to
# request.session
request.__dict__["session"] = InvalidSession()
try:
# Invoke the real view
return view(context, request)
finally:
# Restore the original session so that things like
# pyramid_debugtoolbar can access it.
if original_session is nothing:
del request.__dict__["session"]
else:
request.__dict__["session"] = original_session
return wrapped
def session_view(view, info):
if info.options.get("uses_session"):
# If we're using the session, then we'll just return the original view
# with a small wrapper around it to ensure that it has a Vary: Cookie
# header.
return add_vary("Cookie")(view)
elif info.exception_only:
return view
else:
# If we're not using the session on this view, then we'll wrap the view
# with a wrapper that just ensures that the session cannot be used.
@functools.wraps(view)
def wrapped(context, request):
# This whole method is a little bit of an odd duck, we want to make
# sure that we don't actually *access* request.session, because
# doing so triggers the machinery to create a new session. So
# instead we will dig into the request object __dict__ to
# effectively do the same thing, jsut without triggering an access
# on request.session.
# Save the original session so that we can restore it once the
# inner views have been called.
nothing = object()
original_session = request.__dict__.get("session", nothing)
# This particular view hasn't been set to allow access to the
# session, so we'll just assign an InvalidSession to
# request.session
request.__dict__["session"] = InvalidSession()
try:
# Invoke the real view
return view(context, request)
finally:
# Restore the original session so that things like
# pyramid_debugtoolbar can access it.
if original_session is nothing:
del request.__dict__["session"]
else:
request.__dict__["session"] = original_session
return wrapped
def wrapped(context, request):
# Assign our view to an innerview function so that we can
# modify it inside of the wrapped function.
innerview = view
# Check if we're processing CSRF for this request at all or
# if it has been exempted from CSRF.
if not getattr(request, "_process_csrf", True):
return innerview(context, request)
# If we're processing CSRF for this request, then we want to
# set a Vary: Cookie header on every response to ensure that
# we don't cache the result of a CSRF check or a form with a
# CSRF token in it.
if getattr(request, "_process_csrf", False):
innerview = add_vary("Cookie")(innerview)
# Actually check our CSRF
_check_csrf(request)
return innerview(context, request)
def wrapped(context, request):
# Assign our view to an innerview function so that we can
# modify it inside of the wrapped function.
innerview = view
# Check if we're processing CSRF for this request at all or
# if it has been exempted from CSRF.
if not getattr(request, "_process_csrf", True):
return innerview(context, request)
# If we're processing CSRF for this request, then we want to
# set a Vary: Cookie header on every response to ensure that
# we don't cache the result of a CSRF check or a form with a
# CSRF token in it.
if getattr(request, "_process_csrf", False):
innerview = add_vary("Cookie")(innerview)
# Actually check our CSRF
_check_csrf(request)
return innerview(context, request)
def test_add_vary(vary):
class FakeRequest:
def __init__(self):
self.callbacks = []
def add_response_callback(self, callback):
self.callbacks.append(callback)
response = pretend.stub(vary=vary)
context = pretend.stub()
request = FakeRequest()
def view(context, request):
return response
assert add_vary("foobar")(view)(context, request) is response
assert len(request.callbacks) == 1
request.callbacks[0](request, response)
if vary is None:
vary = []
assert response.vary == {"foobar"} | set(vary)
metrics.histogram("warehouse.views.search.results", page.item_count)
return {
"page": page,
"term": q,
"order": request.params.get("o", ""),
"available_filters": sorted(available_filters.items(), key=filter_key),
"applied_filters": request.params.getall("c"),
}
@view_config(
route_name="stats",
renderer="pages/stats.html",
decorator=[
add_vary("Accept"),
cache_control(1 * 24 * 60 * 60), # 1 day
origin_cache(
1 * 24 * 60 * 60, # 1 day
stale_while_revalidate=1 * 24 * 60 * 60, # 1 day
stale_if_error=1 * 24 * 60 * 60, # 1 day
),
],
)
@view_config(
route_name="stats.json",
renderer="json",
decorator=[
add_vary("Accept"),
cache_control(1 * 24 * 60 * 60), # 1 day
origin_cache(
item.created = datetime.strptime(item.created, "%Y-%m-%dT%H:%M:%S")
return {
"page": page,
"term": q,
"order": request.params.get("o", ""),
"available_filters": process_available_filters(),
"applied_filters": request.params.getall("c"),
}
@view_config(
route_name="stats",
renderer="pages/stats.html",
decorator=[
add_vary("Accept"),
cache_control(1 * 24 * 60 * 60), # 1 day
origin_cache(
1 * 24 * 60 * 60, # 1 day
stale_while_revalidate=1 * 24 * 60 * 60, # 1 day
stale_if_error=1 * 24 * 60 * 60, # 1 day
),
],
)
@view_config(
route_name="stats.json",
renderer="json",
decorator=[
add_vary("Accept"),
cache_control(1 * 24 * 60 * 60), # 1 day
origin_cache(
