Wapp

Diff
Login
Annotate Patch Side-by-side Diff

Differences From Artifact [88e94111a1]:

To Artifact [d5575a90a4]:

1
2
3
4
5
6
7

8
9
10
11
12


13
14
15
16
17
18
19
20
21
22
23


24
25
26
27
28
29
30
31
32
33
34
35
36
37


38
39
40
41
42
43
44
45
46
47

48
49
50
51
52
53
54

1
2
3
4
5
6

7
8
9
10


11
12
13
14
15
16
17
18
19
20
21


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

37
38
39
40
41
42
43
44
45
46
47

48
49
50
51
52
53
54
55







-
+



-
-
+
+









-
-
+
+













-
+
+









-
+








Wapp - A Web-Application Framework for TCL
========================================

1.0 Introduction
----------------

Wapp is a simple and lightweight framework that strives to simplify the
Wapp is a lightweight framework that strives to simplify the
construction of web application written in TCL. The same Wapp application
can be launched in multiple ways:

  *  From the command-line (ex: <tt>tclsh app.tcl</tt>).  In this mode,
     The wapp-app find an available TCL port on localhost, starts an
  *  From the command-line (ex: "<tt>tclsh app.tcl</tt>").  In this mode,
     The wapp finds an available TCL port on localhost, starts an
     in-process web server listening on that port, and then launches the 
     users default web browser directed at localhost:$port

  *  As a CGI program

  *  As an SCGI program

  *  As a stand-alone web server

All four methods of launching the application provide the same interface
to the user.
All four methods use the same application code and present the same
interface to the application user.

1.0 Hello World!
----------------

Wapp is designed to be easy to use.  A hello-world program is as follows:

>
    package require wapp
    proc wapp-default {req} {
       wapp "<h1>Hello, World!</h1>\n"
    }
    wapp-start $::argv

The application defines one or more procedures that accept HTTP requests.
The application defines one or more procedures that accept HTTP requests
and generate appropriate replies.
For an HTTP request where the initial portion of the URI is "abcde", the
procedure named "wapp-page-abcde" will be invoked to construct the reply.
If no such procedure exists, "wapp-default" is invoked instead.

The procedure generates a reply using one or more calls to the "wapp"
command.  Each "wapp" command appends new text to the reply.

The "wapp-start" command starts up the built-in web server.

To run this application, but the code above into a file named "main.tcl"
To run this application, copy the code above into a file named "main.tcl"
and then run type "<tt>tclsh main.tcl</tt>" at the command-line.  That
should cause the "Hello, World!" page to appear in your web browser.


### 1.1 A Slightly Longer Example

Information about each HTTP request is encoded in the global ::wapp

80
81
82
83
84
85
86
87
88



89
90
91
92
93
94
95
96
97

98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119

120
121
122
123
124
125
126
127

128
129
130
131
132
133
134
135
136


137
138
139

140
141

142
143

144
145
146
147


148
149
150
151
152


153
154
155
156
157


158
159

160
161
162
163
164
165
166

81
82
83
84
85
86
87


88
89
90
91
92
93
94
95
96
97
98

99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120

121
122
123
124
125
126
127
128

129
130
131
132
133
134
135
136


137
138
139
140

141
142

143
144

145
146
147


148
149
150
151
152


153
154
155
156
157


158
159
160

161
162
163
164
165
166
167
168








-
-
+
+
+








-
+

















-
+



-
+







-
+







-
-
+
+


-
+

-
+

-
+


-
-
+
+



-
-
+
+



-
-
+
+

-
+








the same as "wapp" (it appends its argument text to the web page under
construction) except that the argument to "wapp-unsafe" is allowed to contain
TCL variable and command expansions.  The "wapp" command will generate a
warning if its argument contains TCL variable or command expansions, as a
defense against accidental XSS vulnerabilities.

The /env page is implemented by the "wapp-page-env" proc.  This proc
generates an HTML unordered list where each element of the list describes
a single value in the global ::wapp dict.  The "wapp-escape-html"
generates an HTML that describes the content of the ::wapp dict.
Keys that begin with "." are for internal use by Wapp and are skipped
for this display. The "wapp-escape-html"
command is like "wapp" and "wapp-unsafe" except that "wapp-escape-html"
escapes HTML markup so that it displays correctly in the output.

### 1.2 The ::wapp Global Dict

To better understand how the ::wapp dict works, try running the previous
sample program, but extend the /env URL with extra path elements and query
parameters.  For example:
[http://localhost:8080/env/longer/path?q1=5&title=hello+world%21]
<http://localhost:8080/env/longer/path?q1=5&title=hello+world%21>

Notice how the query parameters in the input URL are decoded and become
elements of the ::wapp dict.  The same thing occurs with POST parameters
and cookies - they are all converted into entries in the ::wapp dict
variable so that the parameters are easily accessible to page generation
procedures.

The ::wapp variable contains additional information about the request,
roughly corresponding to CGI environment variables.  To prevent environment
information from overlapping and overwriting query parameters, all the
environment information uses upper-case names and all query parameters
are required to be lower case.  If an input URL contains an upper-case
query parameter (or POST parameter or cookie), that parameter is silently
omitted from the ::wapp variable

The ::wapp variable contains the following environment values:

  +  **HTTP_HOST**  
  +  **HTTP\_HOST**  
     The hostname (or IP address) and port that the client used to create
     the current HTTP request.  This is the first part of the request URL.

  +  **HTTP_USER_AGENT**  
  +  **HTTP\_USER\_AGENT**  
     The name of the web-browser or other client program that generated
     the current HTTP request.

  +  **HTTPS**  
     If the HTTP request arrived of SSL, then this variable has the value "on".
     For an unencrypted request, the variable does not exist.

  +  **REMOTE_ADDR**  
  +  **REMOTE\_ADDR**  
     The IP address and port from which the HTTP request originated.

  +  **SCRIPT_NAME**  
     In CGI mode, this is the name of the CGI script in the URL.  In other
     words, it is the initial part of the URL path that identifies the
     CGI script.  For other modes, this variable is an empty string.

  +  **PATH_INFO**  
     The part of the URL path that follows the SCRIPT_NAME.  For all modes
  +  **PATH\_INFO**  
     The part of the URL path that follows the SCRIPT\_NAME.  For all modes
     other than CGI, this is exactly the URL pathname.

  +  **REQUEST_URI**  
  +  **REQUEST\_URI**  
     The URL for the inbound request, without the initial "http://" or
     "https://" and without the HTTP_HOST.
     "https://" and without the HTTP\_HOST.

  +  **REQUEST_METHOD**  
  +  **REQUEST\_METHOD**  
     "GET" or "HEAD" or "POST"

  +  **BASE_URL**  
     The text of the request URL through the SCRIPT_NAME.  This value can
  +  **BASE\_URL**  
     The text of the request URL through the SCRIPT\_NAME.  This value can
     be prepended to hyperlinks to ensure that the correct page is reached by
     those hyperlinks.

  +  **PATH_HEAD**  
     The first element in the PATH_INFO.  The value of PATH_HEAD is used to
  +  **PATH\_HEAD**  
     The first element in the PATH\_INFO.  The value of PATH\_HEAD is used to
     select one of the "wapp-page-XXXXX" commands to run in order to generate
     the output web page.

  +  **PATH_TAIL**  
     All of PATH_INFO that follows PATH_HEAD.
  +  **PATH\_TAIL**  
     All of PATH\_INFO that follows PATH\_HEAD.

  +  **SELF_URL**  
  +  **SELF\_URL**  
     The URL for the current page, stripped of query parameter. This is
     useful for filling in the action= attribute of forms.
 

### 1.3 Additional Wapp Commands

The following utility commands are available for use by applications built