You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
446 lines
16 KiB
446 lines
16 KiB
:mod:`xmlrpc.server` --- Basic XML-RPC servers
|
|
==============================================
|
|
|
|
.. module:: xmlrpc.server
|
|
:synopsis: Basic XML-RPC server implementations.
|
|
|
|
.. moduleauthor:: Brian Quinlan <brianq@activestate.com>
|
|
.. sectionauthor:: Fred L. Drake, Jr. <fdrake@acm.org>
|
|
|
|
**Source code:** :source:`Lib/xmlrpc/server.py`
|
|
|
|
--------------
|
|
|
|
The :mod:`xmlrpc.server` module provides a basic server framework for XML-RPC
|
|
servers written in Python. Servers can either be free standing, using
|
|
:class:`SimpleXMLRPCServer`, or embedded in a CGI environment, using
|
|
:class:`CGIXMLRPCRequestHandler`.
|
|
|
|
|
|
.. warning::
|
|
|
|
The :mod:`xmlrpc.server` module is not secure against maliciously
|
|
constructed data. If you need to parse untrusted or unauthenticated data see
|
|
:ref:`xml-vulnerabilities`.
|
|
|
|
|
|
.. class:: SimpleXMLRPCServer(addr, requestHandler=SimpleXMLRPCRequestHandler,\
|
|
logRequests=True, allow_none=False, encoding=None,\
|
|
bind_and_activate=True, use_builtin_types=False)
|
|
|
|
Create a new server instance. This class provides methods for registration of
|
|
functions that can be called by the XML-RPC protocol. The *requestHandler*
|
|
parameter should be a factory for request handler instances; it defaults to
|
|
:class:`SimpleXMLRPCRequestHandler`. The *addr* and *requestHandler* parameters
|
|
are passed to the :class:`socketserver.TCPServer` constructor. If *logRequests*
|
|
is true (the default), requests will be logged; setting this parameter to false
|
|
will turn off logging. The *allow_none* and *encoding* parameters are passed
|
|
on to :mod:`xmlrpc.client` and control the XML-RPC responses that will be returned
|
|
from the server. The *bind_and_activate* parameter controls whether
|
|
:meth:`server_bind` and :meth:`server_activate` are called immediately by the
|
|
constructor; it defaults to true. Setting it to false allows code to manipulate
|
|
the *allow_reuse_address* class variable before the address is bound.
|
|
The *use_builtin_types* parameter is passed to the
|
|
:func:`~xmlrpc.client.loads` function and controls which types are processed
|
|
when date/times values or binary data are received; it defaults to false.
|
|
|
|
.. versionchanged:: 3.3
|
|
The *use_builtin_types* flag was added.
|
|
|
|
|
|
.. class:: CGIXMLRPCRequestHandler(allow_none=False, encoding=None,\
|
|
use_builtin_types=False)
|
|
|
|
Create a new instance to handle XML-RPC requests in a CGI environment. The
|
|
*allow_none* and *encoding* parameters are passed on to :mod:`xmlrpc.client`
|
|
and control the XML-RPC responses that will be returned from the server.
|
|
The *use_builtin_types* parameter is passed to the
|
|
:func:`~xmlrpc.client.loads` function and controls which types are processed
|
|
when date/times values or binary data are received; it defaults to false.
|
|
|
|
.. versionchanged:: 3.3
|
|
The *use_builtin_types* flag was added.
|
|
|
|
|
|
.. class:: SimpleXMLRPCRequestHandler()
|
|
|
|
Create a new request handler instance. This request handler supports ``POST``
|
|
requests and modifies logging so that the *logRequests* parameter to the
|
|
:class:`SimpleXMLRPCServer` constructor parameter is honored.
|
|
|
|
|
|
.. _simple-xmlrpc-servers:
|
|
|
|
SimpleXMLRPCServer Objects
|
|
--------------------------
|
|
|
|
The :class:`SimpleXMLRPCServer` class is based on
|
|
:class:`socketserver.TCPServer` and provides a means of creating simple, stand
|
|
alone XML-RPC servers.
|
|
|
|
|
|
.. method:: SimpleXMLRPCServer.register_function(function=None, name=None)
|
|
|
|
Register a function that can respond to XML-RPC requests. If *name* is given,
|
|
it will be the method name associated with *function*, otherwise
|
|
``function.__name__`` will be used. *name* is a string, and may contain
|
|
characters not legal in Python identifiers, including the period character.
|
|
|
|
This method can also be used as a decorator. When used as a decorator,
|
|
*name* can only be given as a keyword argument to register *function* under
|
|
*name*. If no *name* is given, ``function.__name__`` will be used.
|
|
|
|
.. versionchanged:: 3.7
|
|
:meth:`register_function` can be used as a decorator.
|
|
|
|
|
|
.. method:: SimpleXMLRPCServer.register_instance(instance, allow_dotted_names=False)
|
|
|
|
Register an object which is used to expose method names which have not been
|
|
registered using :meth:`register_function`. If *instance* contains a
|
|
:meth:`_dispatch` method, it is called with the requested method name and the
|
|
parameters from the request. Its API is ``def _dispatch(self, method, params)``
|
|
(note that *params* does not represent a variable argument list). If it calls
|
|
an underlying function to perform its task, that function is called as
|
|
``func(*params)``, expanding the parameter list. The return value from
|
|
:meth:`_dispatch` is returned to the client as the result. If *instance* does
|
|
not have a :meth:`_dispatch` method, it is searched for an attribute matching
|
|
the name of the requested method.
|
|
|
|
If the optional *allow_dotted_names* argument is true and the instance does not
|
|
have a :meth:`_dispatch` method, then if the requested method name contains
|
|
periods, each component of the method name is searched for individually, with
|
|
the effect that a simple hierarchical search is performed. The value found from
|
|
this search is then called with the parameters from the request, and the return
|
|
value is passed back to the client.
|
|
|
|
.. warning::
|
|
|
|
Enabling the *allow_dotted_names* option allows intruders to access your
|
|
module's global variables and may allow intruders to execute arbitrary code on
|
|
your machine. Only use this option on a secure, closed network.
|
|
|
|
|
|
.. method:: SimpleXMLRPCServer.register_introspection_functions()
|
|
|
|
Registers the XML-RPC introspection functions ``system.listMethods``,
|
|
``system.methodHelp`` and ``system.methodSignature``.
|
|
|
|
|
|
.. method:: SimpleXMLRPCServer.register_multicall_functions()
|
|
|
|
Registers the XML-RPC multicall function system.multicall.
|
|
|
|
|
|
.. attribute:: SimpleXMLRPCRequestHandler.rpc_paths
|
|
|
|
An attribute value that must be a tuple listing valid path portions of the URL
|
|
for receiving XML-RPC requests. Requests posted to other paths will result in a
|
|
404 "no such page" HTTP error. If this tuple is empty, all paths will be
|
|
considered valid. The default value is ``('/', '/RPC2')``.
|
|
|
|
|
|
.. _simplexmlrpcserver-example:
|
|
|
|
SimpleXMLRPCServer Example
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
Server code::
|
|
|
|
from xmlrpc.server import SimpleXMLRPCServer
|
|
from xmlrpc.server import SimpleXMLRPCRequestHandler
|
|
|
|
# Restrict to a particular path.
|
|
class RequestHandler(SimpleXMLRPCRequestHandler):
|
|
rpc_paths = ('/RPC2',)
|
|
|
|
# Create server
|
|
with SimpleXMLRPCServer(('localhost', 8000),
|
|
requestHandler=RequestHandler) as server:
|
|
server.register_introspection_functions()
|
|
|
|
# Register pow() function; this will use the value of
|
|
# pow.__name__ as the name, which is just 'pow'.
|
|
server.register_function(pow)
|
|
|
|
# Register a function under a different name
|
|
def adder_function(x, y):
|
|
return x + y
|
|
server.register_function(adder_function, 'add')
|
|
|
|
# Register an instance; all the methods of the instance are
|
|
# published as XML-RPC methods (in this case, just 'mul').
|
|
class MyFuncs:
|
|
def mul(self, x, y):
|
|
return x * y
|
|
|
|
server.register_instance(MyFuncs())
|
|
|
|
# Run the server's main loop
|
|
server.serve_forever()
|
|
|
|
The following client code will call the methods made available by the preceding
|
|
server::
|
|
|
|
import xmlrpc.client
|
|
|
|
s = xmlrpc.client.ServerProxy('http://localhost:8000')
|
|
print(s.pow(2,3)) # Returns 2**3 = 8
|
|
print(s.add(2,3)) # Returns 5
|
|
print(s.mul(5,2)) # Returns 5*2 = 10
|
|
|
|
# Print list of available methods
|
|
print(s.system.listMethods())
|
|
|
|
:meth:`register_function` can also be used as a decorator. The previous server
|
|
example can register functions in a decorator way::
|
|
|
|
from xmlrpc.server import SimpleXMLRPCServer
|
|
from xmlrpc.server import SimpleXMLRPCRequestHandler
|
|
|
|
class RequestHandler(SimpleXMLRPCRequestHandler):
|
|
rpc_paths = ('/RPC2',)
|
|
|
|
with SimpleXMLRPCServer(('localhost', 8000),
|
|
requestHandler=RequestHandler) as server:
|
|
server.register_introspection_functions()
|
|
|
|
# Register pow() function; this will use the value of
|
|
# pow.__name__ as the name, which is just 'pow'.
|
|
server.register_function(pow)
|
|
|
|
# Register a function under a different name, using
|
|
# register_function as a decorator. *name* can only be given
|
|
# as a keyword argument.
|
|
@server.register_function(name='add')
|
|
def adder_function(x, y):
|
|
return x + y
|
|
|
|
# Register a function under function.__name__.
|
|
@server.register_function
|
|
def mul(x, y):
|
|
return x * y
|
|
|
|
server.serve_forever()
|
|
|
|
The following example included in the :file:`Lib/xmlrpc/server.py` module shows
|
|
a server allowing dotted names and registering a multicall function.
|
|
|
|
.. warning::
|
|
|
|
Enabling the *allow_dotted_names* option allows intruders to access your
|
|
module's global variables and may allow intruders to execute arbitrary code on
|
|
your machine. Only use this example only within a secure, closed network.
|
|
|
|
::
|
|
|
|
import datetime
|
|
|
|
class ExampleService:
|
|
def getData(self):
|
|
return '42'
|
|
|
|
class currentTime:
|
|
@staticmethod
|
|
def getCurrentTime():
|
|
return datetime.datetime.now()
|
|
|
|
with SimpleXMLRPCServer(("localhost", 8000)) as server:
|
|
server.register_function(pow)
|
|
server.register_function(lambda x,y: x+y, 'add')
|
|
server.register_instance(ExampleService(), allow_dotted_names=True)
|
|
server.register_multicall_functions()
|
|
print('Serving XML-RPC on localhost port 8000')
|
|
try:
|
|
server.serve_forever()
|
|
except KeyboardInterrupt:
|
|
print("\nKeyboard interrupt received, exiting.")
|
|
sys.exit(0)
|
|
|
|
This ExampleService demo can be invoked from the command line::
|
|
|
|
python -m xmlrpc.server
|
|
|
|
|
|
The client that interacts with the above server is included in
|
|
`Lib/xmlrpc/client.py`::
|
|
|
|
server = ServerProxy("http://localhost:8000")
|
|
|
|
try:
|
|
print(server.currentTime.getCurrentTime())
|
|
except Error as v:
|
|
print("ERROR", v)
|
|
|
|
multi = MultiCall(server)
|
|
multi.getData()
|
|
multi.pow(2,9)
|
|
multi.add(1,2)
|
|
try:
|
|
for response in multi():
|
|
print(response)
|
|
except Error as v:
|
|
print("ERROR", v)
|
|
|
|
This client which interacts with the demo XMLRPC server can be invoked as::
|
|
|
|
python -m xmlrpc.client
|
|
|
|
|
|
CGIXMLRPCRequestHandler
|
|
-----------------------
|
|
|
|
The :class:`CGIXMLRPCRequestHandler` class can be used to handle XML-RPC
|
|
requests sent to Python CGI scripts.
|
|
|
|
|
|
.. method:: CGIXMLRPCRequestHandler.register_function(function=None, name=None)
|
|
|
|
Register a function that can respond to XML-RPC requests. If *name* is given,
|
|
it will be the method name associated with *function*, otherwise
|
|
``function.__name__`` will be used. *name* is a string, and may contain
|
|
characters not legal in Python identifiers, including the period character.
|
|
|
|
This method can also be used as a decorator. When used as a decorator,
|
|
*name* can only be given as a keyword argument to register *function* under
|
|
*name*. If no *name* is given, ``function.__name__`` will be used.
|
|
|
|
.. versionchanged:: 3.7
|
|
:meth:`register_function` can be used as a decorator.
|
|
|
|
|
|
.. method:: CGIXMLRPCRequestHandler.register_instance(instance)
|
|
|
|
Register an object which is used to expose method names which have not been
|
|
registered using :meth:`register_function`. If instance contains a
|
|
:meth:`_dispatch` method, it is called with the requested method name and the
|
|
parameters from the request; the return value is returned to the client as the
|
|
result. If instance does not have a :meth:`_dispatch` method, it is searched
|
|
for an attribute matching the name of the requested method; if the requested
|
|
method name contains periods, each component of the method name is searched for
|
|
individually, with the effect that a simple hierarchical search is performed.
|
|
The value found from this search is then called with the parameters from the
|
|
request, and the return value is passed back to the client.
|
|
|
|
|
|
.. method:: CGIXMLRPCRequestHandler.register_introspection_functions()
|
|
|
|
Register the XML-RPC introspection functions ``system.listMethods``,
|
|
``system.methodHelp`` and ``system.methodSignature``.
|
|
|
|
|
|
.. method:: CGIXMLRPCRequestHandler.register_multicall_functions()
|
|
|
|
Register the XML-RPC multicall function ``system.multicall``.
|
|
|
|
|
|
.. method:: CGIXMLRPCRequestHandler.handle_request(request_text=None)
|
|
|
|
Handle an XML-RPC request. If *request_text* is given, it should be the POST
|
|
data provided by the HTTP server, otherwise the contents of stdin will be used.
|
|
|
|
Example::
|
|
|
|
class MyFuncs:
|
|
def mul(self, x, y):
|
|
return x * y
|
|
|
|
|
|
handler = CGIXMLRPCRequestHandler()
|
|
handler.register_function(pow)
|
|
handler.register_function(lambda x,y: x+y, 'add')
|
|
handler.register_introspection_functions()
|
|
handler.register_instance(MyFuncs())
|
|
handler.handle_request()
|
|
|
|
|
|
Documenting XMLRPC server
|
|
-------------------------
|
|
|
|
These classes extend the above classes to serve HTML documentation in response
|
|
to HTTP GET requests. Servers can either be free standing, using
|
|
:class:`DocXMLRPCServer`, or embedded in a CGI environment, using
|
|
:class:`DocCGIXMLRPCRequestHandler`.
|
|
|
|
|
|
.. class:: DocXMLRPCServer(addr, requestHandler=DocXMLRPCRequestHandler,\
|
|
logRequests=True, allow_none=False, encoding=None,\
|
|
bind_and_activate=True, use_builtin_types=True)
|
|
|
|
Create a new server instance. All parameters have the same meaning as for
|
|
:class:`SimpleXMLRPCServer`; *requestHandler* defaults to
|
|
:class:`DocXMLRPCRequestHandler`.
|
|
|
|
.. versionchanged:: 3.3
|
|
The *use_builtin_types* flag was added.
|
|
|
|
|
|
.. class:: DocCGIXMLRPCRequestHandler()
|
|
|
|
Create a new instance to handle XML-RPC requests in a CGI environment.
|
|
|
|
|
|
.. class:: DocXMLRPCRequestHandler()
|
|
|
|
Create a new request handler instance. This request handler supports XML-RPC
|
|
POST requests, documentation GET requests, and modifies logging so that the
|
|
*logRequests* parameter to the :class:`DocXMLRPCServer` constructor parameter is
|
|
honored.
|
|
|
|
|
|
.. _doc-xmlrpc-servers:
|
|
|
|
DocXMLRPCServer Objects
|
|
-----------------------
|
|
|
|
The :class:`DocXMLRPCServer` class is derived from :class:`SimpleXMLRPCServer`
|
|
and provides a means of creating self-documenting, stand alone XML-RPC
|
|
servers. HTTP POST requests are handled as XML-RPC method calls. HTTP GET
|
|
requests are handled by generating pydoc-style HTML documentation. This allows a
|
|
server to provide its own web-based documentation.
|
|
|
|
|
|
.. method:: DocXMLRPCServer.set_server_title(server_title)
|
|
|
|
Set the title used in the generated HTML documentation. This title will be used
|
|
inside the HTML "title" element.
|
|
|
|
|
|
.. method:: DocXMLRPCServer.set_server_name(server_name)
|
|
|
|
Set the name used in the generated HTML documentation. This name will appear at
|
|
the top of the generated documentation inside a "h1" element.
|
|
|
|
|
|
.. method:: DocXMLRPCServer.set_server_documentation(server_documentation)
|
|
|
|
Set the description used in the generated HTML documentation. This description
|
|
will appear as a paragraph, below the server name, in the documentation.
|
|
|
|
|
|
DocCGIXMLRPCRequestHandler
|
|
--------------------------
|
|
|
|
The :class:`DocCGIXMLRPCRequestHandler` class is derived from
|
|
:class:`CGIXMLRPCRequestHandler` and provides a means of creating
|
|
self-documenting, XML-RPC CGI scripts. HTTP POST requests are handled as XML-RPC
|
|
method calls. HTTP GET requests are handled by generating pydoc-style HTML
|
|
documentation. This allows a server to provide its own web-based documentation.
|
|
|
|
|
|
.. method:: DocCGIXMLRPCRequestHandler.set_server_title(server_title)
|
|
|
|
Set the title used in the generated HTML documentation. This title will be used
|
|
inside the HTML "title" element.
|
|
|
|
|
|
.. method:: DocCGIXMLRPCRequestHandler.set_server_name(server_name)
|
|
|
|
Set the name used in the generated HTML documentation. This name will appear at
|
|
the top of the generated documentation inside a "h1" element.
|
|
|
|
|
|
.. method:: DocCGIXMLRPCRequestHandler.set_server_documentation(server_documentation)
|
|
|
|
Set the description used in the generated HTML documentation. This description
|
|
will appear as a paragraph, below the server name, in the documentation.
|