web2py: ideas we stole and ideas we had by Massimo Di Pierro of DePaul University

Presenters: Massimo Di Pierro of DePaul University

PyCon 2012 presentation page: https://us.pycon.org/2012/schedule/presentation/112/

Slides: http://dl.dropbox.com/u/18065445/Slides/PySFTalkSlides.pdf

Video: https://www.youtube.com/watch?v=M5IPlMe83yI&list=PLBC82890EA0228306&index=16&feature=plpp_video

Video running time: 31:55

web2py - http://web2py.com/

Ideas we borrowed


  • Model View Controller on WSGI (like everyone else)
  • w2p files (like Java’s Web application ARchives)
  • Optional routing (like Rails)
  • Routing mechanism (like Django)
  • Pure Python templating language (like Mako)
  • Helpers (like Rails) but easier to remember: span, a, etc.
  • request['xxx'] == request.xxx (like web.py)
  • web based database interface (like Django admin)

Ideas we had


  • A tool for both technical and non-technical people
  • Always backwards compatible (since 2007, 2.5, 2.6, 2.7, pypy, jython)
  • One click deploy (Windows and Mac binaries, USB drive)
  • No configuration, no dependencies, and secure by default
  • Everything has default (DRY)
  • Multi project / multi db / share nothing by default
  • Web based IDE (development, editor, deployment, management, translations, testing, debugger, version control) shell optional
  • Automatic db migrations (CREATE and ALTER table)
  • Plugins / Components / Ajax with digitally signed URLs


  • Role based access control
  • Every app is a Central Authentication Service provider (and optionally consumer)
  • Built-in portable cron and master/workers task scheduler
  • multi tenant apps with common fields & common filters
  • record versioning (without breaking refs)
  • embeddable CRUD and grid controls
  • Package lots of 3rd party modules: pyfpdf, database drivers, credit card payment APIs, ...

Getting web2py


wget http://www.web2py.com/examples/static/web2py_src.zip
unzip web2py_src.zip
cd web2py
web2py.py -a 'apassword' &

Gluon is 1.3 MB; smaller than most microframeworks



Web based IDE


Mobile IDE


Web translation






Let’s build something


  • URL shortening service
  • Bookmark service with tagging
  • Click counter
  • URL rating (WOT service)


Download and start web2py


# download and start web2py
wget http://www.web2py.com/examples/static/web2py_src.zip
unzip web2py_src.zip
cd web2py
python2.7 web2py.py -a hello -p 8000 &

# Shows the welcome page

cd applications

Explore the admin interface



# Shows the administrative interface
# Can edit files
# Can get a web-based Python shell
# Can run web-based tests
# Can configure crontab
# Can access Mercurial versioning
# Can access error logs
# Can upgrade web2py
# Can use new application wizard

Create a new application from the shell


mkdir myapp
cp -r welcome/* myapp/
cd myapp

rm controllers/default.py
edit controllers/default.py
def index():
    return "hello world"

def oops():
open displays “hello world”

Show error with ticket and traceback

(14:25) displays “Internal error” with a link to a ticket with the traceback.

Edit a model


edit models/mydb.py
Link = db.define_table(
    Field('url', unique=True))

App administrative interface


Add more fields to our model


edit models/mydb.py
Link = db.define_table(
    Field('url', unique=True),
    Field('visits', 'integer', default=0),
    Field('screenshot', 'upload', writable=False),
    format = '%(url)s')

Bookmark = db.define_table(
    Field('Link', 'reference link', writable=False),
    Field('category', requires=IS_IN_SET(['work', 'personal'])),
    Field('tags', 'list:string'),

def toCode(id):
    s, c = 'GKys67LJPDAFvcEp9rkw8...', ''
    while id: c,id = c+s[id % 55], id//55
    return c

def toInt(code):
    s, id = 'GKys67LJPDAFvcEp9rkw8...', 0
    for i in range(len(code)): id += s.find(code[i])*55**i
    return id

def shorten(id, row):
    s = URL('visit', args=toCode(id), scheme=True)
    return A(s, _href=s)

Bookmark.link.represent = shorten
Bookmark.id.readable = False
Bookmark.is_active.readable = False
Bookmark.is_active.writable = False

(17:25) Note that by adding a field to a model, web2py automatically detects it and does the SQL ALTER TABLE stuff.

Integrating with web services


  • Integrate with thumbalizer and WOT (Web Of Trust)

Edit the menu


edit models/menu.py
response.menu = (
    (T('Home'), False, URL('default', 'index')),
    (T('My Bookmarks'), False, URL('default', 'bookmarks')),

Edit the controller


Show how it works


Customize routes


Edit routes_in and routes_out in routes.py

Authentication using Janrain


Janrain auth - ldap, oauth1, oauth2, google, openid, dropbox

All you have to do is copy janrain.key into private folder.

Edit templates


Create web services


The old way

def linksby(key=''):
    return db(Link.id==Bookmark.link)\
        (Bookmark.tags.contains(key)).select(Link.ALL, distinct=True)

The new way

def api():
    def POST():
        raise HTTP(501)
    def GET(keys=''):
        return dict(result=linksby(key).as_list())
    return locals()

def call(): return service()

The scheduler


Deploy remotely


Package the app into a w2p file.

Notes from PDF slides

These are notes from the slides at http://dl.dropbox.com/u/18065445/Slides/PySFTalkSlides.pdf, which did not map closely to the talk.

Main features

  • One Instance - Many Applications (hot plug and play)
  • Web based Integrated Development Environment
  • Web based Database administration (for each app)
  • Each application can connect to multiple Databases
  • Writes SQL for you
  • Strong on Security (no SQL Injections, XSS, CSRF, ..., audited)
  • Built-in ticketing system (logs all errors)
  • Runs everywhere (it is written in Python)
  • Requires NO Installation (just download and unzip)
  • Has no coniguration files and no third party dependencies
  • Can run off a USB drive
  • Always backward compatible (since 2007 and on...)
  • 50+ of developers already involved


Included APIs

  • generation and parsing: HTML / XML / RSS / JSON
  • web services: JSON / JSON-RPC / XML / XML-RPC / AMF
  • document generation WIKI, CSV, RTF, LATEX, PDF
  • 10 different SQL dialects and Google App Engine
  • Role based access control with login plugins local, OpenID, OAuth, 1 and 2, Janrain, LDAP Consumer + Provider Central Authentication Service
  • sending SMS, accepting Credit Card payments
  • internationalization, cron jobs, multi-tenancy, ..

web2py architecture

web2py modules

Admin - Design

web2py applications

Architecture of applications

Complete application (“friends”)


Routing (in, out, onerror)





Thread locals


Role based access control

Web services


Record versioning

Modularity with digitally signed URLs

Federated authentication


GAE deployment

Web translation

Error logging

Who uses web2py?

3000 registered users


  • web2py has been bround for since 2007
  • 50% was rewritten in 2010 while mantaining backward compatibility
  • Some like it, some find it useful
  • Give it a try!