2020-08-11 01:47:54 +02:00
|
|
|
# Life of a request
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
It can sometimes be confusing to figure out how to write a new feature,
|
|
|
|
or debug an existing one. Let us try to follow a request through the
|
|
|
|
Zulip codebase, and dive deep into how each part works.
|
|
|
|
|
|
|
|
We will use as our example the creation of users through the API, but we
|
|
|
|
will also highlight how alternative requests are handled.
|
|
|
|
|
2020-03-27 01:32:21 +01:00
|
|
|
## A request is sent to the server, and handled by [Nginx](https://nginx.org/en/docs/)
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
When Zulip is deployed in production, all requests go through nginx.
|
|
|
|
For the most part we don't need to know how this works, except for when
|
|
|
|
it isn't working. Nginx does the first level of routing--deciding which
|
|
|
|
application will serve the request (or deciding to serve the request
|
|
|
|
itself for static content).
|
|
|
|
|
|
|
|
In development, `tools/run-dev.py` fills the role of nginx. Static files
|
2020-10-23 02:43:28 +02:00
|
|
|
are in your Git checkout under `static`, and are served unminified.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2017-01-05 23:23:16 +01:00
|
|
|
## Static files are [served directly][served-directly] by Nginx
|
|
|
|
|
|
|
|
[served-directly]: https://github.com/zulip/zulip/blob/master/puppet/zulip/files/nginx/zulip-include-frontend/app
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2016-07-21 03:31:41 +02:00
|
|
|
Static files include JavaScript, css, static assets (like emoji, avatars),
|
2016-07-21 01:58:19 +02:00
|
|
|
and user uploads (if stored locally and not on S3).
|
|
|
|
|
2017-07-17 01:34:05 +02:00
|
|
|
File not found errors (404) are served using a Django URL, so that we
|
|
|
|
can use configuration variables (like whether the user is logged in)
|
|
|
|
in the 404 error page.
|
|
|
|
|
2016-07-21 01:58:19 +02:00
|
|
|
```
|
|
|
|
location /static/ {
|
|
|
|
alias /home/zulip/prod-static/;
|
2017-07-17 01:34:05 +02:00
|
|
|
# Set a nonexistent path, so we just serve the nice Django 404 page.
|
|
|
|
error_page 404 /django_static_404.html;
|
2016-07-21 01:58:19 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2020-08-11 01:47:54 +02:00
|
|
|
## Nginx routes other requests [between Django and Tornado][tornado-django]
|
2017-01-05 23:23:16 +01:00
|
|
|
|
2019-04-06 02:58:44 +02:00
|
|
|
[tornado-django]: ../overview/architecture-overview.html?highlight=tornado#django-and-tornado
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
All our connected clients hold open long-polling connections so that
|
2017-01-12 05:27:56 +01:00
|
|
|
they can receive events (messages, presence notifications, and so on) in
|
2016-07-21 01:58:19 +02:00
|
|
|
real-time. Events are served by Zulip's `tornado` application.
|
|
|
|
|
|
|
|
Nearly every other kind of request is served by the `zerver` Django
|
|
|
|
application.
|
|
|
|
|
2017-01-05 23:23:16 +01:00
|
|
|
[Here is the relevant nginx routing configuration.][nginx-config-link]
|
|
|
|
|
|
|
|
[nginx-config-link]: https://github.com/zulip/zulip/blob/master/puppet/zulip/files/nginx/zulip-include-frontend/app
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
## Django routes the request to a view in urls.py files
|
|
|
|
|
2017-11-16 20:44:00 +01:00
|
|
|
There are various
|
|
|
|
[urls.py](https://docs.djangoproject.com/en/1.8/topics/http/urls/)
|
|
|
|
files throughout the server codebase, which are covered in more detail
|
|
|
|
in
|
2019-09-30 19:37:56 +02:00
|
|
|
[the directory structure doc](../overview/directory-structure.md).
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
The main Zulip Django app is `zerver`. The routes are found in
|
|
|
|
```
|
|
|
|
zproject/urls.py
|
|
|
|
zproject/legacy_urls.py
|
|
|
|
```
|
|
|
|
|
|
|
|
There are HTML-serving, REST API, legacy, and webhook url patterns. We
|
|
|
|
will look at how each of these types of requests are handled, and focus
|
|
|
|
on how the REST API handles our user creation example.
|
|
|
|
|
|
|
|
## Views serving HTML are internationalized by server path
|
|
|
|
|
2017-11-16 20:44:00 +01:00
|
|
|
If we look in
|
|
|
|
[zproject/urls.py](https://github.com/zulip/zulip/blob/master/zproject/urls.py),
|
|
|
|
we can see something called `i18n_urls`. These urls show up in the
|
|
|
|
address bar of the browser, and serve HTML.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2017-06-13 05:42:34 +02:00
|
|
|
For example, the `/features` page (preview
|
2020-06-08 23:04:39 +02:00
|
|
|
[here](https://zulip.com/features/)) gets translated in Chinese at
|
2017-06-13 06:06:01 +02:00
|
|
|
`zh-hans/features/` (preview
|
2020-06-08 23:04:39 +02:00
|
|
|
[here](https://zulip.com/zh-hans/features/)).
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2017-06-13 06:06:01 +02:00
|
|
|
Note the `zh-hans` prefix--that url pattern gets added by `i18n_patterns`.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2020-03-27 01:32:21 +01:00
|
|
|
## API endpoints use [REST](https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm)
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
Our example is a REST API endpoint. It's a PUT to `/users`.
|
|
|
|
|
2018-05-31 01:56:18 +02:00
|
|
|
With the exception of incoming webhooks (which we do not usually control the
|
2016-07-21 01:58:19 +02:00
|
|
|
format of), legacy endpoints, and logged-out endpoints, Zulip uses REST
|
|
|
|
for its API. This means that we use:
|
|
|
|
|
2017-11-16 20:44:00 +01:00
|
|
|
* POST for creating something new where we don't have a unique
|
|
|
|
ID. Also used as a catch-all if no other verb is appropriate.
|
2016-07-21 01:58:19 +02:00
|
|
|
* PUT for creating something for which we have a unique ID.
|
|
|
|
* DELETE for deleting something
|
|
|
|
* PATCH for updating or editing attributes of something.
|
|
|
|
* GET to get something (read-only)
|
|
|
|
* HEAD to check the existence of something to GET, without getting it;
|
|
|
|
useful to check a link without downloading a potentially large link
|
|
|
|
* OPTIONS (handled automatically, see more below)
|
|
|
|
|
|
|
|
Of these, PUT, DELETE, HEAD, OPTIONS, and GET are *idempotent*, which
|
|
|
|
means that we can send the request multiple times and get the same
|
|
|
|
state on the server. You might get a different response after the first
|
|
|
|
request, as we like to give our clients an error so they know that no
|
|
|
|
new change was made by the extra requests.
|
|
|
|
|
|
|
|
POST is not idempotent--if I send a message multiple times, Zulip will
|
|
|
|
show my message multiple times. PATCH is special--it can be
|
|
|
|
idempotent, and we like to write API endpoints in an idempotent fashion,
|
|
|
|
as much as possible.
|
|
|
|
|
2017-01-05 23:23:16 +01:00
|
|
|
This [cookbook](http://restcookbook.com/) and
|
2020-03-27 01:32:21 +01:00
|
|
|
[tutorial](https://www.restapitutorial.com/) can be helpful if you are
|
2017-01-05 23:23:16 +01:00
|
|
|
new to REST web applications.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
### PUT is only for creating new things
|
|
|
|
|
|
|
|
If you're used to using PUT to update or modify resources, you might
|
|
|
|
find our convention a little strange.
|
|
|
|
|
|
|
|
We use PUT to create resources with unique identifiers, POST to create
|
|
|
|
resources without unique identifiers (like sending a message with the
|
|
|
|
same content multiple times), and PATCH to modify resources.
|
|
|
|
|
|
|
|
In our example, `create_user_backend` uses PUT, because there's a unique
|
|
|
|
identifier, the user's email.
|
|
|
|
|
|
|
|
### OPTIONS
|
|
|
|
|
|
|
|
The OPTIONS method will yield the allowed methods.
|
|
|
|
|
|
|
|
This request:
|
2016-10-26 10:12:32 +02:00
|
|
|
`OPTIONS https://chat.zulip.org/api/v1/users`
|
2016-07-21 01:58:19 +02:00
|
|
|
yields a response with this HTTP header:
|
|
|
|
`Allow: PUT, GET`
|
|
|
|
|
|
|
|
We can see this reflected in [zproject/urls.py](https://github.com/zulip/zulip/blob/master/zproject/urls.py):
|
|
|
|
|
2020-09-22 06:04:45 +02:00
|
|
|
rest_path('users',
|
|
|
|
GET=get_members_backend,
|
|
|
|
PUT=create_user_backend),
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
In this way, the API is partially self-documenting.
|
|
|
|
|
|
|
|
### Legacy endpoints are used by the web client
|
|
|
|
|
|
|
|
The endpoints from the legacy JSON API are written without REST in
|
|
|
|
mind. They are used extensively by the web client, and use POST.
|
|
|
|
|
2017-01-05 23:23:16 +01:00
|
|
|
You can see them in
|
|
|
|
[zproject/legacy_urls.py](https://github.com/zulip/zulip/blob/master/zproject/legacy_urls.py).
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2018-05-31 01:56:18 +02:00
|
|
|
### Incoming webhook integrations may not be RESTful
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
Zulip endpoints that are called by other services for integrations have
|
|
|
|
to conform to the service's request format. They are likely to use
|
|
|
|
only POST.
|
|
|
|
|
|
|
|
## Django calls rest_dispatch for REST endpoints, and authenticates
|
|
|
|
|
2017-01-05 23:23:16 +01:00
|
|
|
For requests that correspond to a REST url pattern, Zulip configures
|
|
|
|
its url patterns (see
|
|
|
|
[zerver/lib/rest.py](https://github.com/zulip/zulip/blob/master/zerver/lib/rest.py))
|
|
|
|
so that the action called is `rest_dispatch`. This method will
|
|
|
|
authenticate the user, either through a session token from a cookie,
|
2020-10-23 02:43:28 +02:00
|
|
|
or from an `email:api-key` string given via HTTP basic auth for API
|
2017-01-05 23:23:16 +01:00
|
|
|
clients.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
It will then look up what HTTP verb was used (GET, POST, etc) to make
|
|
|
|
the request, and then figure out which view to show from that.
|
|
|
|
|
|
|
|
In our example,
|
2017-01-05 23:23:16 +01:00
|
|
|
|
2016-07-21 01:58:19 +02:00
|
|
|
```
|
2020-09-22 06:04:45 +02:00
|
|
|
GET=get_members_backend,
|
|
|
|
PUT=create_user_backend
|
2016-07-21 01:58:19 +02:00
|
|
|
```
|
2017-01-05 23:23:16 +01:00
|
|
|
|
2020-09-22 06:04:45 +02:00
|
|
|
are supplied as arguments to `rest_path`, along with the
|
2017-01-05 23:23:16 +01:00
|
|
|
[HTTPRequest](https://docs.djangoproject.com/en/1.8/ref/request-response/).
|
2016-07-21 01:58:19 +02:00
|
|
|
The request has the HTTP verb `PUT`, which `rest_dispatch` can use to
|
2017-01-05 23:23:16 +01:00
|
|
|
find the correct view to show:
|
|
|
|
`zerver.views.users.create_user_backend`.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
## The view will authorize the user, extract request variables, and validate them
|
|
|
|
|
2019-09-30 19:37:56 +02:00
|
|
|
This is covered in good detail in the [writing views doc](writing-views.md).
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
## Results are given as JSON
|
|
|
|
|
|
|
|
Our API works on JSON requests and responses. Every API endpoint should
|
2021-06-30 18:46:10 +02:00
|
|
|
`raise JsonableError` in the case of an error, which gives a JSON string:
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2021-06-30 18:46:10 +02:00
|
|
|
`{'result': 'error', 'msg': <some error message>, 'code': 'BAD_REQUEST'}`
|
2016-07-21 01:58:19 +02:00
|
|
|
|
2017-01-05 23:23:16 +01:00
|
|
|
in a
|
2021-05-10 07:02:14 +02:00
|
|
|
[HTTP response](https://docs.djangoproject.com/en/1.8/ref/request-response/)
|
2017-01-05 23:23:16 +01:00
|
|
|
with a content type of 'application/json'.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
To pass back data from the server to the calling client, in the event of
|
2017-11-16 20:44:00 +01:00
|
|
|
a successfully handled request, we use
|
|
|
|
`json_success(data=<some python object which can be converted to a JSON string>`.
|
2016-07-21 01:58:19 +02:00
|
|
|
|
|
|
|
This will result in a JSON string:
|
|
|
|
|
|
|
|
`{'result': 'success', 'msg': '', 'data'='{'var_name1': 'var_value1', 'var_name2': 'var_value2'...}`
|
|
|
|
|
|
|
|
with a HTTP 200 status and a content type of 'application/json'.
|
|
|
|
|
2016-07-21 03:31:41 +02:00
|
|
|
That's it!
|