def session_view(view, info): if info.options.get("uses_session"): # If we're using the session, then we'll just return the original view # with a small wrapper around it to ensure that it has a Vary: Cookie # header. return add_vary("Cookie")(view) else: # If we're not using the session on this view, then we'll wrap the view # with a wrapper that just ensures that the session cannot be used. @functools.wraps(view) def wrapped(context, request): # TODO: When Pyramid 1.8 is released we can make this better by # using info.exception_only. if request.exception is not None: return view(context, request) # Save the original session so that we can restore it once the # inner views have been called. original_session = request.session # This particular view hasn't been set to allow access to the # session, so we'll just assign an InvalidSession to # request.session request.session = InvalidSession() try: # Invoke the real view return view(context, request) finally: # Restore the original session so that things like # pyramid_debugtoolbar can access it. request.session = original_session return wrapped
def test_add_vary(vary): class FakeRequest: def __init__(self): self.callbacks = [] def add_response_callback(self, callback): self.callbacks.append(callback) response = pretend.stub(vary=vary) context = pretend.stub() request = FakeRequest() def view(context, request): return response assert add_vary("foobar")(view)(context, request) is response assert len(request.callbacks) == 1 request.callbacks[0](request, response) if vary is None: vary = [] assert response.vary == {"foobar"} | set(vary)
def uses_session(view): @functools.wraps(view) def wrapped(context, request): # Mark our request as allowing access to the sessions. request._allow_session = True # Actually execute our view. return view(context, request) # Wrap our already wrapped view with another wrapper which will ensure that # there is a Vary: Cookie header applied. wrapped = add_vary("Cookie")(wrapped) return wrapped
def translated_view(view, info): if info.options.get("has_translations"): # If this page can be translated, then we'll add a Vary: PyPI-Locale # Vary header. # Note: This will give weird results if hitting PyPI directly instead of through # the Fastly VCL which sets PyPI-Locale. return add_vary("PyPI-Locale")(view) elif info.exception_only: return view else: # If we're not using translations on this view, then we'll wrap the view # with a wrapper that just ensures that the localizer cannot be used. @functools.wraps(view) def wrapped(context, request): # This whole method is a little bit of an odd duck, we want to make # sure that we don't actually *access* request.localizer, because # doing so triggers the machinery to create a new localizer. So # instead we will dig into the request object __dict__ to # effectively do the same thing, just without triggering an access # on request.localizer. # Save the original session so that we can restore it once the # inner views have been called. nothing = object() original_localizer = request.__dict__.get("localizer", nothing) # This particular view hasn't been set to allow access to the # translations, so we'll just assign an InvalidLocalizer to # request.localizer request.__dict__["localizer"] = InvalidLocalizer() try: # Invoke the real view return view(context, request) finally: # Restore the original session so that things like # pyramid_debugtoolbar can access it. if original_localizer is nothing: del request.__dict__["localizer"] else: request.__dict__["localizer"] = original_localizer return wrapped
def session_view(view, info): if info.options.get("uses_session"): # If we're using the session, then we'll just return the original view # with a small wrapper around it to ensure that it has a Vary: Cookie # header. return add_vary("Cookie")(view) elif info.exception_only: return view else: # If we're not using the session on this view, then we'll wrap the view # with a wrapper that just ensures that the session cannot be used. @functools.wraps(view) def wrapped(context, request): # This whole method is a little bit of an odd duck, we want to make # sure that we don't actually *access* request.session, because # doing so triggers the machinery to create a new session. So # instead we will dig into the request object __dict__ to # effectively do the same thing, jsut without triggering an access # on request.session. # Save the original session so that we can restore it once the # inner views have been called. nothing = object() original_session = request.__dict__.get("session", nothing) # This particular view hasn't been set to allow access to the # session, so we'll just assign an InvalidSession to # request.session request.__dict__["session"] = InvalidSession() try: # Invoke the real view return view(context, request) finally: # Restore the original session so that things like # pyramid_debugtoolbar can access it. if original_session is nothing: del request.__dict__["session"] else: request.__dict__["session"] = original_session return wrapped
def wrapped(context, request): # Assign our view to an innerview function so that we can # modify it inside of the wrapped function. innerview = view # Check if we're processing CSRF for this request at all or # if it has been exempted from CSRF. if not getattr(request, "_process_csrf", True): return innerview(context, request) # If we're processing CSRF for this request, then we want to # set a Vary: Cookie header on every response to ensure that # we don't cache the result of a CSRF check or a form with a # CSRF token in it. if getattr(request, "_process_csrf", False): innerview = add_vary("Cookie")(innerview) # Actually check our CSRF _check_csrf(request) return innerview(context, request)
metrics.histogram("warehouse.views.search.results", page.item_count) return { "page": page, "term": q, "order": request.params.get("o", ""), "available_filters": sorted(available_filters.items(), key=filter_key), "applied_filters": request.params.getall("c"), } @view_config( route_name="stats", renderer="pages/stats.html", decorator=[ add_vary("Accept"), cache_control(1 * 24 * 60 * 60), # 1 day origin_cache( 1 * 24 * 60 * 60, # 1 day stale_while_revalidate=1 * 24 * 60 * 60, # 1 day stale_if_error=1 * 24 * 60 * 60, # 1 day ), ], ) @view_config( route_name="stats.json", renderer="json", decorator=[ add_vary("Accept"), cache_control(1 * 24 * 60 * 60), # 1 day origin_cache(
item.created = datetime.strptime(item.created, "%Y-%m-%dT%H:%M:%S") return { "page": page, "term": q, "order": request.params.get("o", ""), "available_filters": process_available_filters(), "applied_filters": request.params.getall("c"), } @view_config( route_name="stats", renderer="pages/stats.html", decorator=[ add_vary("Accept"), cache_control(1 * 24 * 60 * 60), # 1 day origin_cache( 1 * 24 * 60 * 60, # 1 day stale_while_revalidate=1 * 24 * 60 * 60, # 1 day stale_if_error=1 * 24 * 60 * 60, # 1 day ), ], ) @view_config( route_name="stats.json", renderer="json", decorator=[ add_vary("Accept"), cache_control(1 * 24 * 60 * 60), # 1 day origin_cache(