diff --git a/.gitignore b/.gitignore
index 4b9ffc145..1d0cbed73 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
__pycache__/
.vscode
-web/
\ No newline at end of file
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/DESCRIPTION.rst b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..239dbda32
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/DESCRIPTION.rst
@@ -0,0 +1,46 @@
+Flask
+-----
+
+Flask is a microframework for Python based on Werkzeug, Jinja 2 and good
+intentions. And before you ask: It's BSD licensed!
+
+Flask is Fun
+````````````
+
+Save in a hello.py:
+
+.. code:: python
+
+ from flask import Flask
+ app = Flask(__name__)
+
+ @app.route("/")
+ def hello():
+ return "Hello World!"
+
+ if __name__ == "__main__":
+ app.run()
+
+And Easy to Setup
+`````````````````
+
+And run it:
+
+.. code:: bash
+
+ $ pip install Flask
+ $ python hello.py
+ * Running on http://localhost:5000/
+
+ Ready for production? `Read this first `.
+
+Links
+`````
+
+* `website `_
+* `documentation `_
+* `development version
+ `_
+
+
+
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/INSTALLER b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/LICENSE.txt b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/LICENSE.txt
new file mode 100644
index 000000000..a7da10e17
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/LICENSE.txt
@@ -0,0 +1,33 @@
+Copyright (c) 2015 by Armin Ronacher and contributors. See AUTHORS
+for more details.
+
+Some rights reserved.
+
+Redistribution and use in source and binary forms of the software as well
+as documentation, with or without modification, are permitted provided
+that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+* The names of the contributors may not be used to endorse or
+ promote products derived from this software without specific
+ prior written permission.
+
+THIS SOFTWARE AND DOCUMENTATION IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE AND DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/METADATA b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/METADATA
new file mode 100644
index 000000000..8c43205bb
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/METADATA
@@ -0,0 +1,75 @@
+Metadata-Version: 2.0
+Name: Flask
+Version: 0.12.2
+Summary: A microframework based on Werkzeug, Jinja2 and good intentions
+Home-page: http://github.com/pallets/flask/
+Author: Armin Ronacher
+Author-email: armin.ronacher@active-4.com
+License: BSD
+Platform: any
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.6
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: Jinja2 (>=2.4)
+Requires-Dist: Werkzeug (>=0.7)
+Requires-Dist: click (>=2.0)
+Requires-Dist: itsdangerous (>=0.21)
+
+Flask
+-----
+
+Flask is a microframework for Python based on Werkzeug, Jinja 2 and good
+intentions. And before you ask: It's BSD licensed!
+
+Flask is Fun
+````````````
+
+Save in a hello.py:
+
+.. code:: python
+
+ from flask import Flask
+ app = Flask(__name__)
+
+ @app.route("/")
+ def hello():
+ return "Hello World!"
+
+ if __name__ == "__main__":
+ app.run()
+
+And Easy to Setup
+`````````````````
+
+And run it:
+
+.. code:: bash
+
+ $ pip install Flask
+ $ python hello.py
+ * Running on http://localhost:5000/
+
+ Ready for production? `Read this first `.
+
+Links
+`````
+
+* `website `_
+* `documentation `_
+* `development version
+ `_
+
+
+
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/RECORD b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/RECORD
new file mode 100644
index 000000000..69d2b278a
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/RECORD
@@ -0,0 +1,52 @@
+Flask-0.12.2.dist-info/DESCRIPTION.rst,sha256=DmJm8IBlBjl3wkm0Ly23jYvWbvK_mCuE5oUseYCijbI,810
+Flask-0.12.2.dist-info/LICENSE.txt,sha256=hLgKluMRHSnxG-L0EmrqjmKgG5cHlff6pIh3rCNINeI,1582
+Flask-0.12.2.dist-info/METADATA,sha256=OgSkJQ_kmrz4qEkS-OzYtL75uZmXAThymkOcGR4kXRQ,1948
+Flask-0.12.2.dist-info/RECORD,,
+Flask-0.12.2.dist-info/WHEEL,sha256=o2k-Qa-RMNIJmUdIc7KU6VWR_ErNRbWNlxDIpl7lm34,110
+Flask-0.12.2.dist-info/entry_points.txt,sha256=jzk2Wy2h30uEcqqzd4CVnlzsMXB-vaD5GXjuPMXmTmI,60
+Flask-0.12.2.dist-info/metadata.json,sha256=By8kZ1vY9lLEAGnRiWNBhudqKvLPo0HkZVXTYECyPKk,1389
+Flask-0.12.2.dist-info/top_level.txt,sha256=dvi65F6AeGWVU0TBpYiC04yM60-FX1gJFkK31IKQr5c,6
+flask/__init__.py,sha256=sHdK1v6WRbVmCN0fEv990EE7rOT2UlamQkSof2d0Dt0,1673
+flask/__main__.py,sha256=cldbNi5zpjE68XzIWI8uYHNWwBHHVJmwtlXWk6P4CO4,291
+flask/_compat.py,sha256=VlfjUuLjufsTHJIjr_ZsnnOesSbAXIslBBgRe5tfOok,2802
+flask/app.py,sha256=6DPjtb5jUJWgL5fXksG5boA49EB3l-k9pWyftitbNNk,83169
+flask/blueprints.py,sha256=6HVasMcPcaq7tk36kCrgX4bnhTkky4G5WIWCyyJL8HY,16872
+flask/cli.py,sha256=2NXEdCOu5-4ymklxX4Lf6bjb-89I4VHYeP6xScR3i8E,18328
+flask/config.py,sha256=Ym5Jenyu6zAZ1fdVLeKekY9-EsKmq8183qnRgauwCMY,9905
+flask/ctx.py,sha256=UPA0YwoIlHP0txOGanC9lQLSGv6eCqV5Fmw2cVJRmgQ,14739
+flask/debughelpers.py,sha256=z-uQavKIymOZl0WQDLXsnacA00ERIlCx3S3Tnb_OYsE,6024
+flask/exthook.py,sha256=SvXs5jwpcOjogwJ7SNquiWTxowoN1-MHFoqAejWnk2o,5762
+flask/globals.py,sha256=I3m_4RssLhWW1R11zuEI8oFryHUHX3NQwjMkGXOZzg8,1645
+flask/helpers.py,sha256=KrsQ2Yo3lOVHvBTgQCLvpubgmTOpQdTTyiCOOYlwDuQ,38452
+flask/json.py,sha256=1zPM-NPLiWoOfGd0P14FxnEkeKtjtUZxMC9pyYyDBYI,9183
+flask/logging.py,sha256=UG-77jPkRClk9w1B-_ArjjXPuj9AmZz9mG0IRGvptW0,2751
+flask/sessions.py,sha256=QBKXVYKJ-HKbx9m6Yb5yan_EPq84a5yevVLgAzNKFQY,14394
+flask/signals.py,sha256=MfZk5qTRj_R_O3aGYlTEnx2g3SvlZncz8Ii73eKK59g,2209
+flask/templating.py,sha256=u7FbN6j56H_q6CrdJJyJ6gZtqaMa0vh1_GP12gEHRQQ,4912
+flask/testing.py,sha256=II8EO_NjOT1LvL8Hh_SdIFL_BdlwVPcB9yot5pbltxE,5630
+flask/views.py,sha256=6OPv7gwu3h14JhqpeeMRWwrxoGHsUr4_nOGSyTRAxAI,5630
+flask/wrappers.py,sha256=1S_5mmuA1Tlx7D9lXV6xMblrg-PdAauNWahe-henMEE,7612
+flask/ext/__init__.py,sha256=UEezCApsG4ZJWqwUnX9YmWcNN4OVENgph_9L05n0eOM,842
+../../Scripts/flask.exe,sha256=WiosIiBPkig5ooCR_yaHUrP5WMPviLDqJxogDFixmOY,98150
+Flask-0.12.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+flask/ext/__pycache__/__init__.cpython-36.pyc,,
+flask/__pycache__/app.cpython-36.pyc,,
+flask/__pycache__/blueprints.cpython-36.pyc,,
+flask/__pycache__/cli.cpython-36.pyc,,
+flask/__pycache__/config.cpython-36.pyc,,
+flask/__pycache__/ctx.cpython-36.pyc,,
+flask/__pycache__/debughelpers.cpython-36.pyc,,
+flask/__pycache__/exthook.cpython-36.pyc,,
+flask/__pycache__/globals.cpython-36.pyc,,
+flask/__pycache__/helpers.cpython-36.pyc,,
+flask/__pycache__/json.cpython-36.pyc,,
+flask/__pycache__/logging.cpython-36.pyc,,
+flask/__pycache__/sessions.cpython-36.pyc,,
+flask/__pycache__/signals.cpython-36.pyc,,
+flask/__pycache__/templating.cpython-36.pyc,,
+flask/__pycache__/testing.cpython-36.pyc,,
+flask/__pycache__/views.cpython-36.pyc,,
+flask/__pycache__/wrappers.cpython-36.pyc,,
+flask/__pycache__/_compat.cpython-36.pyc,,
+flask/__pycache__/__init__.cpython-36.pyc,,
+flask/__pycache__/__main__.cpython-36.pyc,,
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/WHEEL b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/WHEEL
new file mode 100644
index 000000000..8b6dd1b5a
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.29.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/entry_points.txt b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/entry_points.txt
new file mode 100644
index 000000000..14adf18ab
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/entry_points.txt
@@ -0,0 +1,4 @@
+
+ [console_scripts]
+ flask=flask.cli:main
+
\ No newline at end of file
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/metadata.json b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/metadata.json
new file mode 100644
index 000000000..4d814b8b3
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 4 - Beta", "Environment :: Web Environment", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Topic :: Internet :: WWW/HTTP :: Dynamic Content", "Topic :: Software Development :: Libraries :: Python Modules"], "extensions": {"python.commands": {"wrap_console": {"flask": "flask.cli:main"}}, "python.details": {"contacts": [{"email": "armin.ronacher@active-4.com", "name": "Armin Ronacher", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "http://github.com/pallets/flask/"}}, "python.exports": {"console_scripts": {"flask": "flask.cli:main"}}}, "extras": [], "generator": "bdist_wheel (0.29.0)", "license": "BSD", "metadata_version": "2.0", "name": "Flask", "platform": "any", "run_requires": [{"requires": ["Jinja2 (>=2.4)", "Werkzeug (>=0.7)", "click (>=2.0)", "itsdangerous (>=0.21)"]}], "summary": "A microframework based on Werkzeug, Jinja2 and good intentions", "version": "0.12.2"}
\ No newline at end of file
diff --git a/website/web/Lib/site-packages/Flask-0.12.2.dist-info/top_level.txt b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/top_level.txt
new file mode 100644
index 000000000..7e1060246
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask-0.12.2.dist-info/top_level.txt
@@ -0,0 +1 @@
+flask
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/PKG-INFO b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/PKG-INFO
new file mode 100644
index 000000000..63db21e96
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/PKG-INFO
@@ -0,0 +1,30 @@
+Metadata-Version: 1.1
+Name: Flask-OAuth
+Version: 0.12
+Summary: Adds OAuth support to Flask
+Home-page: http://github.com/mitsuhiko/flask-oauth
+Author: Armin Ronacher
+Author-email: armin.ronacher@active-4.com
+License: BSD
+Description:
+ Flask-OAuth
+ -----------
+
+ Adds OAuth support to Flask.
+
+ Links
+ `````
+
+ * `documentation `_
+ * `development version
+ `_
+
+Platform: any
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/SOURCES.txt b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/SOURCES.txt
new file mode 100644
index 000000000..f12db5add
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/SOURCES.txt
@@ -0,0 +1,10 @@
+README
+flask_oauth.py
+setup.cfg
+setup.py
+Flask_OAuth.egg-info/PKG-INFO
+Flask_OAuth.egg-info/SOURCES.txt
+Flask_OAuth.egg-info/dependency_links.txt
+Flask_OAuth.egg-info/not-zip-safe
+Flask_OAuth.egg-info/requires.txt
+Flask_OAuth.egg-info/top_level.txt
\ No newline at end of file
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/dependency_links.txt b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/dependency_links.txt
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/dependency_links.txt
@@ -0,0 +1 @@
+
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/installed-files.txt b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/installed-files.txt
new file mode 100644
index 000000000..57bfb769b
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/installed-files.txt
@@ -0,0 +1,8 @@
+..\flask_oauth.py
+..\__pycache__\flask_oauth.cpython-36.pyc
+dependency_links.txt
+not-zip-safe
+PKG-INFO
+requires.txt
+SOURCES.txt
+top_level.txt
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/not-zip-safe b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/not-zip-safe
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/not-zip-safe
@@ -0,0 +1 @@
+
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/requires.txt b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/requires.txt
new file mode 100644
index 000000000..b17522e93
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/requires.txt
@@ -0,0 +1,2 @@
+Flask
+oauth2
diff --git a/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/top_level.txt b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/top_level.txt
new file mode 100644
index 000000000..b53f96d53
--- /dev/null
+++ b/website/web/Lib/site-packages/Flask_OAuth-0.12-py3.6.egg-info/top_level.txt
@@ -0,0 +1 @@
+flask_oauth
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/DESCRIPTION.rst b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..1594da5ce
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/DESCRIPTION.rst
@@ -0,0 +1,37 @@
+
+Jinja2
+~~~~~~
+
+Jinja2 is a template engine written in pure Python. It provides a
+`Django`_ inspired non-XML syntax but supports inline expressions and
+an optional `sandboxed`_ environment.
+
+Nutshell
+--------
+
+Here a small example of a Jinja template::
+
+ {% extends 'base.html' %}
+ {% block title %}Memberlist{% endblock %}
+ {% block content %}
+
+ {% endblock %}
+
+Philosophy
+----------
+
+Application logic is for the controller but don't try to make the life
+for the template designer too hard by giving him too few functionality.
+
+For more informations visit the new `Jinja2 webpage`_ and `documentation`_.
+
+.. _sandboxed: https://en.wikipedia.org/wiki/Sandbox_(computer_security)
+.. _Django: https://www.djangoproject.com/
+.. _Jinja2 webpage: http://jinja.pocoo.org/
+.. _documentation: http://jinja.pocoo.org/2/documentation/
+
+
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/INSTALLER b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/LICENSE.txt b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/LICENSE.txt
new file mode 100644
index 000000000..10145a264
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/LICENSE.txt
@@ -0,0 +1,31 @@
+Copyright (c) 2009 by the Jinja Team, see AUTHORS for more details.
+
+Some rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+ * The names of the contributors may not be used to endorse or
+ promote products derived from this software without specific
+ prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/METADATA b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/METADATA
new file mode 100644
index 000000000..40f2b46b4
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/METADATA
@@ -0,0 +1,68 @@
+Metadata-Version: 2.0
+Name: Jinja2
+Version: 2.10
+Summary: A small but fast and easy to use stand-alone template engine written in pure python.
+Home-page: http://jinja.pocoo.org/
+Author: Armin Ronacher
+Author-email: armin.ronacher@active-4.com
+License: BSD
+Description-Content-Type: UNKNOWN
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.6
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Requires-Dist: MarkupSafe (>=0.23)
+Provides-Extra: i18n
+Requires-Dist: Babel (>=0.8); extra == 'i18n'
+
+
+Jinja2
+~~~~~~
+
+Jinja2 is a template engine written in pure Python. It provides a
+`Django`_ inspired non-XML syntax but supports inline expressions and
+an optional `sandboxed`_ environment.
+
+Nutshell
+--------
+
+Here a small example of a Jinja template::
+
+ {% extends 'base.html' %}
+ {% block title %}Memberlist{% endblock %}
+ {% block content %}
+
+ {% endblock %}
+
+Philosophy
+----------
+
+Application logic is for the controller but don't try to make the life
+for the template designer too hard by giving him too few functionality.
+
+For more informations visit the new `Jinja2 webpage`_ and `documentation`_.
+
+.. _sandboxed: https://en.wikipedia.org/wiki/Sandbox_(computer_security)
+.. _Django: https://www.djangoproject.com/
+.. _Jinja2 webpage: http://jinja.pocoo.org/
+.. _documentation: http://jinja.pocoo.org/2/documentation/
+
+
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/RECORD b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/RECORD
new file mode 100644
index 000000000..a1ec831ea
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/RECORD
@@ -0,0 +1,63 @@
+Jinja2-2.10.dist-info/DESCRIPTION.rst,sha256=b5ckFDoM7vVtz_mAsJD4OPteFKCqE7beu353g4COoYI,978
+Jinja2-2.10.dist-info/LICENSE.txt,sha256=JvzUNv3Io51EiWrAPm8d_SXjhJnEjyDYvB3Tvwqqils,1554
+Jinja2-2.10.dist-info/METADATA,sha256=18EgU8zR6-av-0-5y_gXebzK4GnBB_76lALUsl-6QHM,2258
+Jinja2-2.10.dist-info/RECORD,,
+Jinja2-2.10.dist-info/WHEEL,sha256=kdsN-5OJAZIiHN-iO4Rhl82KyS0bDWf4uBwMbkNafr8,110
+Jinja2-2.10.dist-info/entry_points.txt,sha256=NdzVcOrqyNyKDxD09aERj__3bFx2paZhizFDsKmVhiA,72
+Jinja2-2.10.dist-info/metadata.json,sha256=NPUJ9TMBxVQAv_kTJzvU8HwmP-4XZvbK9mz6_4YUVl4,1473
+Jinja2-2.10.dist-info/top_level.txt,sha256=PkeVWtLb3-CqjWi1fO29OCbj55EhX_chhKrCdrVe_zs,7
+jinja2/__init__.py,sha256=xJHjaMoy51_KXn1wf0cysH6tUUifUxZCwSOfcJGEYZw,2614
+jinja2/_compat.py,sha256=xP60CE5Qr8FTYcDE1f54tbZLKGvMwYml4-8T7Q4KG9k,2596
+jinja2/_identifier.py,sha256=W1QBSY-iJsyt6oR_nKSuNNCzV95vLIOYgUNPUI1d5gU,1726
+jinja2/asyncfilters.py,sha256=cTDPvrS8Hp_IkwsZ1m9af_lr5nHysw7uTa5gV0NmZVE,4144
+jinja2/asyncsupport.py,sha256=UErQ3YlTLaSjFb94P4MVn08-aVD9jJxty2JVfMRb-1M,7878
+jinja2/bccache.py,sha256=nQldx0ZRYANMyfvOihRoYFKSlUdd5vJkS7BjxNwlOZM,12794
+jinja2/compiler.py,sha256=BqC5U6JxObSRhblyT_a6Tp5GtEU5z3US1a4jLQaxxgo,65386
+jinja2/constants.py,sha256=uwwV8ZUhHhacAuz5PTwckfsbqBaqM7aKfyJL7kGX5YQ,1626
+jinja2/debug.py,sha256=WTVeUFGUa4v6ReCsYv-iVPa3pkNB75OinJt3PfxNdXs,12045
+jinja2/defaults.py,sha256=Em-95hmsJxIenDCZFB1YSvf9CNhe9rBmytN3yUrBcWA,1400
+jinja2/environment.py,sha256=VnkAkqw8JbjZct4tAyHlpBrka2vqB-Z58RAP-32P1ZY,50849
+jinja2/exceptions.py,sha256=_Rj-NVi98Q6AiEjYQOsP8dEIdu5AlmRHzcSNOPdWix4,4428
+jinja2/ext.py,sha256=atMQydEC86tN1zUsdQiHw5L5cF62nDbqGue25Yiu3N4,24500
+jinja2/filters.py,sha256=yOAJk0MsH-_gEC0i0U6NweVQhbtYaC-uE8xswHFLF4w,36528
+jinja2/idtracking.py,sha256=2GbDSzIvGArEBGLkovLkqEfmYxmWsEf8c3QZwM4uNsw,9197
+jinja2/lexer.py,sha256=ySEPoXd1g7wRjsuw23uimS6nkGN5aqrYwcOKxCaVMBQ,28559
+jinja2/loaders.py,sha256=xiTuURKAEObyym0nU8PCIXu_Qp8fn0AJ5oIADUUm-5Q,17382
+jinja2/meta.py,sha256=fmKHxkmZYAOm9QyWWy8EMd6eefAIh234rkBMW2X4ZR8,4340
+jinja2/nativetypes.py,sha256=_sJhS8f-8Q0QMIC0dm1YEdLyxEyoO-kch8qOL5xUDfE,7308
+jinja2/nodes.py,sha256=L10L_nQDfubLhO3XjpF9qz46FSh2clL-3e49ogVlMmA,30853
+jinja2/optimizer.py,sha256=MsdlFACJ0FRdPtjmCAdt7JQ9SGrXFaDNUaslsWQaG3M,1722
+jinja2/parser.py,sha256=lPzTEbcpTRBLw8ii6OYyExHeAhaZLMA05Hpv4ll3ULk,35875
+jinja2/runtime.py,sha256=DHdD38Pq8gj7uWQC5usJyWFoNWL317A9AvXOW_CLB34,27755
+jinja2/sandbox.py,sha256=TVyZHlNqqTzsv9fv2NvJNmSdWRHTguhyMHdxjWms32U,16708
+jinja2/tests.py,sha256=iJQLwbapZr-EKquTG_fVOVdwHUUKf3SX9eNkjQDF8oU,4237
+jinja2/utils.py,sha256=q24VupGZotQ-uOyrJxCaXtDWhZC1RgsQG7kcdmjck2Q,20629
+jinja2/visitor.py,sha256=JD1H1cANA29JcntFfN5fPyqQxB4bI4wC00BzZa-XHks,3316
+Jinja2-2.10.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jinja2/__pycache__/asyncfilters.cpython-36.pyc,,
+jinja2/__pycache__/asyncsupport.cpython-36.pyc,,
+jinja2/__pycache__/bccache.cpython-36.pyc,,
+jinja2/__pycache__/compiler.cpython-36.pyc,,
+jinja2/__pycache__/constants.cpython-36.pyc,,
+jinja2/__pycache__/debug.cpython-36.pyc,,
+jinja2/__pycache__/defaults.cpython-36.pyc,,
+jinja2/__pycache__/environment.cpython-36.pyc,,
+jinja2/__pycache__/exceptions.cpython-36.pyc,,
+jinja2/__pycache__/ext.cpython-36.pyc,,
+jinja2/__pycache__/filters.cpython-36.pyc,,
+jinja2/__pycache__/idtracking.cpython-36.pyc,,
+jinja2/__pycache__/lexer.cpython-36.pyc,,
+jinja2/__pycache__/loaders.cpython-36.pyc,,
+jinja2/__pycache__/meta.cpython-36.pyc,,
+jinja2/__pycache__/nativetypes.cpython-36.pyc,,
+jinja2/__pycache__/nodes.cpython-36.pyc,,
+jinja2/__pycache__/optimizer.cpython-36.pyc,,
+jinja2/__pycache__/parser.cpython-36.pyc,,
+jinja2/__pycache__/runtime.cpython-36.pyc,,
+jinja2/__pycache__/sandbox.cpython-36.pyc,,
+jinja2/__pycache__/tests.cpython-36.pyc,,
+jinja2/__pycache__/utils.cpython-36.pyc,,
+jinja2/__pycache__/visitor.cpython-36.pyc,,
+jinja2/__pycache__/_compat.cpython-36.pyc,,
+jinja2/__pycache__/_identifier.cpython-36.pyc,,
+jinja2/__pycache__/__init__.cpython-36.pyc,,
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/WHEEL b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/WHEEL
new file mode 100644
index 000000000..7332a419c
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.30.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/entry_points.txt b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/entry_points.txt
new file mode 100644
index 000000000..32e6b7530
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/entry_points.txt
@@ -0,0 +1,4 @@
+
+ [babel.extractors]
+ jinja2 = jinja2.ext:babel_extract[i18n]
+
\ No newline at end of file
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/metadata.json b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/metadata.json
new file mode 100644
index 000000000..7f5dc3879
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Internet :: WWW/HTTP :: Dynamic Content", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Markup :: HTML"], "description_content_type": "UNKNOWN", "extensions": {"python.details": {"contacts": [{"email": "armin.ronacher@active-4.com", "name": "Armin Ronacher", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "http://jinja.pocoo.org/"}}, "python.exports": {"babel.extractors": {"jinja2": "jinja2.ext:babel_extract [i18n]"}}}, "extras": ["i18n"], "generator": "bdist_wheel (0.30.0)", "license": "BSD", "metadata_version": "2.0", "name": "Jinja2", "run_requires": [{"extra": "i18n", "requires": ["Babel (>=0.8)"]}, {"requires": ["MarkupSafe (>=0.23)"]}], "summary": "A small but fast and easy to use stand-alone template engine written in pure python.", "version": "2.10"}
\ No newline at end of file
diff --git a/website/web/Lib/site-packages/Jinja2-2.10.dist-info/top_level.txt b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/top_level.txt
new file mode 100644
index 000000000..7f7afbf3b
--- /dev/null
+++ b/website/web/Lib/site-packages/Jinja2-2.10.dist-info/top_level.txt
@@ -0,0 +1 @@
+jinja2
diff --git a/website/web/Lib/site-packages/MarkupSafe-1.0-py3.6.egg-info/PKG-INFO b/website/web/Lib/site-packages/MarkupSafe-1.0-py3.6.egg-info/PKG-INFO
new file mode 100644
index 000000000..ad3a5a4ab
--- /dev/null
+++ b/website/web/Lib/site-packages/MarkupSafe-1.0-py3.6.egg-info/PKG-INFO
@@ -0,0 +1,133 @@
+Metadata-Version: 1.1
+Name: MarkupSafe
+Version: 1.0
+Summary: Implements a XML/HTML/XHTML Markup safe string for Python
+Home-page: http://github.com/pallets/markupsafe
+Author: Armin Ronacher
+Author-email: armin.ronacher@active-4.com
+License: BSD
+Description: MarkupSafe
+ ==========
+
+ Implements a unicode subclass that supports HTML strings:
+
+ .. code-block:: python
+
+ >>> from markupsafe import Markup, escape
+ >>> escape("")
+ Markup(u'<script>alert(document.cookie);</script>')
+ >>> tmpl = Markup("%s")
+ >>> tmpl % "Peter > Lustig"
+ Markup(u'Peter > Lustig')
+
+ If you want to make an object unicode that is not yet unicode
+ but don't want to lose the taint information, you can use the
+ ``soft_unicode`` function. (On Python 3 you can also use ``soft_str`` which
+ is a different name for the same function).
+
+ .. code-block:: python
+
+ >>> from markupsafe import soft_unicode
+ >>> soft_unicode(42)
+ u'42'
+ >>> soft_unicode(Markup('foo'))
+ Markup(u'foo')
+
+ HTML Representations
+ --------------------
+
+ Objects can customize their HTML markup equivalent by overriding
+ the ``__html__`` function:
+
+ .. code-block:: python
+
+ >>> class Foo(object):
+ ... def __html__(self):
+ ... return 'Nice'
+ ...
+ >>> escape(Foo())
+ Markup(u'Nice')
+ >>> Markup(Foo())
+ Markup(u'Nice')
+
+ Silent Escapes
+ --------------
+
+ Since MarkupSafe 0.10 there is now also a separate escape function
+ called ``escape_silent`` that returns an empty string for ``None`` for
+ consistency with other systems that return empty strings for ``None``
+ when escaping (for instance Pylons' webhelpers).
+
+ If you also want to use this for the escape method of the Markup
+ object, you can create your own subclass that does that:
+
+ .. code-block:: python
+
+ from markupsafe import Markup, escape_silent as escape
+
+ class SilentMarkup(Markup):
+ __slots__ = ()
+
+ @classmethod
+ def escape(cls, s):
+ return cls(escape(s))
+
+ New-Style String Formatting
+ ---------------------------
+
+ Starting with MarkupSafe 0.21 new style string formats from Python 2.6 and
+ 3.x are now fully supported. Previously the escape behavior of those
+ functions was spotty at best. The new implementations operates under the
+ following algorithm:
+
+ 1. if an object has an ``__html_format__`` method it is called as
+ replacement for ``__format__`` with the format specifier. It either
+ has to return a string or markup object.
+ 2. if an object has an ``__html__`` method it is called.
+ 3. otherwise the default format system of Python kicks in and the result
+ is HTML escaped.
+
+ Here is how you can implement your own formatting:
+
+ .. code-block:: python
+
+ class User(object):
+
+ def __init__(self, id, username):
+ self.id = id
+ self.username = username
+
+ def __html_format__(self, format_spec):
+ if format_spec == 'link':
+ return Markup('{1}').format(
+ self.id,
+ self.__html__(),
+ )
+ elif format_spec:
+ raise ValueError('Invalid format spec')
+ return self.__html__()
+
+ def __html__(self):
+ return Markup('{0}').format(self.username)
+
+ And to format that user:
+
+ .. code-block:: python
+
+ >>> user = User(1, 'foo')
+ >>> Markup('
+ The console is locked and needs to be unlocked by entering the PIN.
+ You can find the PIN printed out on the standard output of your
+ shell that runs the server.
+
+
+
+
+
+'''
+
+PAGE_HTML = HEADER + u'''\
+
%(exception_type)s
+
+
%(exception)s
+
+
Traceback (most recent call last)
+%(summary)s
+
+
+
+
+ The debugger caught an exception in your WSGI application. You can now
+ look at the traceback which led to the error.
+ If you enable JavaScript you can also use additional features such as code
+ execution (if the evalex feature is enabled), automatic pasting of the
+ exceptions and much more.
+
+In this console you can execute Python expressions in the context of the
+application. The initial namespace was created by the debugger automatically.
+
+
The Console requires JavaScript.
+''' + FOOTER
+
+SUMMARY_HTML = u'''\
+
+ %(title)s
+
%(frames)s
+ %(description)s
+
+'''
+
+FRAME_HTML = u'''\
+
+
File "%(filename)s",
+ line %(lineno)s,
+ in %(function_name)s
+
%(lines)s
+
+'''
+
+SOURCE_LINE_HTML = u'''\
+
+
%(lineno)s
+
%(code)s
+
+'''
+
+
+def render_console_html(secret, evalex_trusted=True):
+ return CONSOLE_HTML % {
+ 'evalex': 'true',
+ 'evalex_trusted': evalex_trusted and 'true' or 'false',
+ 'console': 'true',
+ 'title': 'Console',
+ 'secret': secret,
+ 'traceback_id': -1
+ }
+
+
+def get_current_traceback(ignore_system_exceptions=False,
+ show_hidden_frames=False, skip=0):
+ """Get the current exception info as `Traceback` object. Per default
+ calling this method will reraise system exceptions such as generator exit,
+ system exit or others. This behavior can be disabled by passing `False`
+ to the function as first parameter.
+ """
+ exc_type, exc_value, tb = sys.exc_info()
+ if ignore_system_exceptions and exc_type in system_exceptions:
+ raise
+ for x in range_type(skip):
+ if tb.tb_next is None:
+ break
+ tb = tb.tb_next
+ tb = Traceback(exc_type, exc_value, tb)
+ if not show_hidden_frames:
+ tb.filter_hidden_frames()
+ return tb
+
+
+class Line(object):
+ """Helper for the source renderer."""
+ __slots__ = ('lineno', 'code', 'in_frame', 'current')
+
+ def __init__(self, lineno, code):
+ self.lineno = lineno
+ self.code = code
+ self.in_frame = False
+ self.current = False
+
+ def classes(self):
+ rv = ['line']
+ if self.in_frame:
+ rv.append('in-frame')
+ if self.current:
+ rv.append('current')
+ return rv
+ classes = property(classes)
+
+ def render(self):
+ return SOURCE_LINE_HTML % {
+ 'classes': u' '.join(self.classes),
+ 'lineno': self.lineno,
+ 'code': escape(self.code)
+ }
+
+
+class Traceback(object):
+ """Wraps a traceback."""
+
+ def __init__(self, exc_type, exc_value, tb):
+ self.exc_type = exc_type
+ self.exc_value = exc_value
+ if not isinstance(exc_type, str):
+ exception_type = exc_type.__name__
+ if exc_type.__module__ not in ('__builtin__', 'exceptions'):
+ exception_type = exc_type.__module__ + '.' + exception_type
+ else:
+ exception_type = exc_type
+ self.exception_type = exception_type
+
+ # we only add frames to the list that are not hidden. This follows
+ # the the magic variables as defined by paste.exceptions.collector
+ self.frames = []
+ while tb:
+ self.frames.append(Frame(exc_type, exc_value, tb))
+ tb = tb.tb_next
+
+ def filter_hidden_frames(self):
+ """Remove the frames according to the paste spec."""
+ if not self.frames:
+ return
+
+ new_frames = []
+ hidden = False
+ for frame in self.frames:
+ hide = frame.hide
+ if hide in ('before', 'before_and_this'):
+ new_frames = []
+ hidden = False
+ if hide == 'before_and_this':
+ continue
+ elif hide in ('reset', 'reset_and_this'):
+ hidden = False
+ if hide == 'reset_and_this':
+ continue
+ elif hide in ('after', 'after_and_this'):
+ hidden = True
+ if hide == 'after_and_this':
+ continue
+ elif hide or hidden:
+ continue
+ new_frames.append(frame)
+
+ # if we only have one frame and that frame is from the codeop
+ # module, remove it.
+ if len(new_frames) == 1 and self.frames[0].module == 'codeop':
+ del self.frames[:]
+
+ # if the last frame is missing something went terrible wrong :(
+ elif self.frames[-1] in new_frames:
+ self.frames[:] = new_frames
+
+ def is_syntax_error(self):
+ """Is it a syntax error?"""
+ return isinstance(self.exc_value, SyntaxError)
+ is_syntax_error = property(is_syntax_error)
+
+ def exception(self):
+ """String representation of the exception."""
+ buf = traceback.format_exception_only(self.exc_type, self.exc_value)
+ rv = ''.join(buf).strip()
+ return rv.decode('utf-8', 'replace') if PY2 else rv
+ exception = property(exception)
+
+ def log(self, logfile=None):
+ """Log the ASCII traceback into a file object."""
+ if logfile is None:
+ logfile = sys.stderr
+ tb = self.plaintext.rstrip() + u'\n'
+ if PY2:
+ tb = tb.encode('utf-8', 'replace')
+ logfile.write(tb)
+
+ def paste(self):
+ """Create a paste and return the paste id."""
+ data = json.dumps({
+ 'description': 'Werkzeug Internal Server Error',
+ 'public': False,
+ 'files': {
+ 'traceback.txt': {
+ 'content': self.plaintext
+ }
+ }
+ }).encode('utf-8')
+ try:
+ from urllib2 import urlopen
+ except ImportError:
+ from urllib.request import urlopen
+ rv = urlopen('https://api.github.com/gists', data=data)
+ resp = json.loads(rv.read().decode('utf-8'))
+ rv.close()
+ return {
+ 'url': resp['html_url'],
+ 'id': resp['id']
+ }
+
+ def render_summary(self, include_title=True):
+ """Render the traceback for the interactive console."""
+ title = ''
+ frames = []
+ classes = ['traceback']
+ if not self.frames:
+ classes.append('noframe-traceback')
+
+ if include_title:
+ if self.is_syntax_error:
+ title = u'Syntax Error'
+ else:
+ title = u'Traceback (most recent call last):'
+
+ for frame in self.frames:
+ frames.append(u'%s' % (
+ frame.info and u' title="%s"' % escape(frame.info) or u'',
+ frame.render()
+ ))
+
+ if self.is_syntax_error:
+ description_wrapper = u'
%s
'
+ else:
+ description_wrapper = u'
%s
'
+
+ return SUMMARY_HTML % {
+ 'classes': u' '.join(classes),
+ 'title': title and u'
%s
' % title or u'',
+ 'frames': u'\n'.join(frames),
+ 'description': description_wrapper % escape(self.exception)
+ }
+
+ def render_full(self, evalex=False, secret=None,
+ evalex_trusted=True):
+ """Render the Full HTML page with the traceback info."""
+ exc = escape(self.exception)
+ return PAGE_HTML % {
+ 'evalex': evalex and 'true' or 'false',
+ 'evalex_trusted': evalex_trusted and 'true' or 'false',
+ 'console': 'false',
+ 'title': exc,
+ 'exception': exc,
+ 'exception_type': escape(self.exception_type),
+ 'summary': self.render_summary(include_title=False),
+ 'plaintext': escape(self.plaintext),
+ 'plaintext_cs': re.sub('-{2,}', '-', self.plaintext),
+ 'traceback_id': self.id,
+ 'secret': secret
+ }
+
+ def generate_plaintext_traceback(self):
+ """Like the plaintext attribute but returns a generator"""
+ yield u'Traceback (most recent call last):'
+ for frame in self.frames:
+ yield u' File "%s", line %s, in %s' % (
+ frame.filename,
+ frame.lineno,
+ frame.function_name
+ )
+ yield u' ' + frame.current_line.strip()
+ yield self.exception
+
+ def plaintext(self):
+ return u'\n'.join(self.generate_plaintext_traceback())
+ plaintext = cached_property(plaintext)
+
+ id = property(lambda x: id(x))
+
+
+class Frame(object):
+
+ """A single frame in a traceback."""
+
+ def __init__(self, exc_type, exc_value, tb):
+ self.lineno = tb.tb_lineno
+ self.function_name = tb.tb_frame.f_code.co_name
+ self.locals = tb.tb_frame.f_locals
+ self.globals = tb.tb_frame.f_globals
+
+ fn = inspect.getsourcefile(tb) or inspect.getfile(tb)
+ if fn[-4:] in ('.pyo', '.pyc'):
+ fn = fn[:-1]
+ # if it's a file on the file system resolve the real filename.
+ if os.path.isfile(fn):
+ fn = os.path.realpath(fn)
+ self.filename = to_unicode(fn, get_filesystem_encoding())
+ self.module = self.globals.get('__name__')
+ self.loader = self.globals.get('__loader__')
+ self.code = tb.tb_frame.f_code
+
+ # support for paste's traceback extensions
+ self.hide = self.locals.get('__traceback_hide__', False)
+ info = self.locals.get('__traceback_info__')
+ if info is not None:
+ try:
+ info = text_type(info)
+ except UnicodeError:
+ info = str(info).decode('utf-8', 'replace')
+ self.info = info
+
+ def render(self):
+ """Render a single frame in a traceback."""
+ return FRAME_HTML % {
+ 'id': self.id,
+ 'filename': escape(self.filename),
+ 'lineno': self.lineno,
+ 'function_name': escape(self.function_name),
+ 'lines': self.render_line_context(),
+ }
+
+ def render_line_context(self):
+ before, current, after = self.get_context_lines()
+ rv = []
+
+ def render_line(line, cls):
+ line = line.expandtabs().rstrip()
+ stripped_line = line.strip()
+ prefix = len(line) - len(stripped_line)
+ rv.append(
+ '
%s%s
' % (
+ cls, ' ' * prefix, escape(stripped_line) or ' '))
+
+ for line in before:
+ render_line(line, 'before')
+ render_line(current, 'current')
+ for line in after:
+ render_line(line, 'after')
+
+ return '\n'.join(rv)
+
+ def get_annotated_lines(self):
+ """Helper function that returns lines with extra information."""
+ lines = [Line(idx + 1, x) for idx, x in enumerate(self.sourcelines)]
+
+ # find function definition and mark lines
+ if hasattr(self.code, 'co_firstlineno'):
+ lineno = self.code.co_firstlineno - 1
+ while lineno > 0:
+ if _funcdef_re.match(lines[lineno].code):
+ break
+ lineno -= 1
+ try:
+ offset = len(inspect.getblock([x.code + '\n' for x
+ in lines[lineno:]]))
+ except TokenError:
+ offset = 0
+ for line in lines[lineno:lineno + offset]:
+ line.in_frame = True
+
+ # mark current line
+ try:
+ lines[self.lineno - 1].current = True
+ except IndexError:
+ pass
+
+ return lines
+
+ def eval(self, code, mode='single'):
+ """Evaluate code in the context of the frame."""
+ if isinstance(code, string_types):
+ if PY2 and isinstance(code, unicode): # noqa
+ code = UTF8_COOKIE + code.encode('utf-8')
+ code = compile(code, '', mode)
+ return eval(code, self.globals, self.locals)
+
+ @cached_property
+ def sourcelines(self):
+ """The sourcecode of the file as list of unicode strings."""
+ # get sourcecode from loader or file
+ source = None
+ if self.loader is not None:
+ try:
+ if hasattr(self.loader, 'get_source'):
+ source = self.loader.get_source(self.module)
+ elif hasattr(self.loader, 'get_source_by_code'):
+ source = self.loader.get_source_by_code(self.code)
+ except Exception:
+ # we munch the exception so that we don't cause troubles
+ # if the loader is broken.
+ pass
+
+ if source is None:
+ try:
+ f = open(to_native(self.filename, get_filesystem_encoding()),
+ mode='rb')
+ except IOError:
+ return []
+ try:
+ source = f.read()
+ finally:
+ f.close()
+
+ # already unicode? return right away
+ if isinstance(source, text_type):
+ return source.splitlines()
+
+ # yes. it should be ascii, but we don't want to reject too many
+ # characters in the debugger if something breaks
+ charset = 'utf-8'
+ if source.startswith(UTF8_COOKIE):
+ source = source[3:]
+ else:
+ for idx, match in enumerate(_line_re.finditer(source)):
+ match = _coding_re.search(match.group())
+ if match is not None:
+ charset = match.group(1)
+ break
+ if idx > 1:
+ break
+
+ # on broken cookies we fall back to utf-8 too
+ charset = to_native(charset)
+ try:
+ codecs.lookup(charset)
+ except LookupError:
+ charset = 'utf-8'
+
+ return source.decode(charset, 'replace').splitlines()
+
+ def get_context_lines(self, context=5):
+ before = self.sourcelines[self.lineno - context - 1:self.lineno - 1]
+ past = self.sourcelines[self.lineno:self.lineno + context]
+ return (
+ before,
+ self.current_line,
+ past,
+ )
+
+ @property
+ def current_line(self):
+ try:
+ return self.sourcelines[self.lineno - 1]
+ except IndexError:
+ return u''
+
+ @cached_property
+ def console(self):
+ return Console(self.globals, self.locals)
+
+ id = property(lambda x: id(x))
diff --git a/website/web/Lib/site-packages/werkzeug/exceptions.py b/website/web/Lib/site-packages/werkzeug/exceptions.py
new file mode 100644
index 000000000..1d68185a9
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/exceptions.py
@@ -0,0 +1,719 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.exceptions
+ ~~~~~~~~~~~~~~~~~~~
+
+ This module implements a number of Python exceptions you can raise from
+ within your views to trigger a standard non-200 response.
+
+
+ Usage Example
+ -------------
+
+ ::
+
+ from werkzeug.wrappers import BaseRequest
+ from werkzeug.wsgi import responder
+ from werkzeug.exceptions import HTTPException, NotFound
+
+ def view(request):
+ raise NotFound()
+
+ @responder
+ def application(environ, start_response):
+ request = BaseRequest(environ)
+ try:
+ return view(request)
+ except HTTPException as e:
+ return e
+
+
+ As you can see from this example those exceptions are callable WSGI
+ applications. Because of Python 2.4 compatibility those do not extend
+ from the response objects but only from the python exception class.
+
+ As a matter of fact they are not Werkzeug response objects. However you
+ can get a response object by calling ``get_response()`` on a HTTP
+ exception.
+
+ Keep in mind that you have to pass an environment to ``get_response()``
+ because some errors fetch additional information from the WSGI
+ environment.
+
+ If you want to hook in a different exception page to say, a 404 status
+ code, you can add a second except for a specific subclass of an error::
+
+ @responder
+ def application(environ, start_response):
+ request = BaseRequest(environ)
+ try:
+ return view(request)
+ except NotFound, e:
+ return not_found(request)
+ except HTTPException, e:
+ return e
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import sys
+
+# Because of bootstrapping reasons we need to manually patch ourselves
+# onto our parent module.
+import werkzeug
+werkzeug.exceptions = sys.modules[__name__]
+
+from werkzeug._internal import _get_environ
+from werkzeug._compat import iteritems, integer_types, text_type, \
+ implements_to_string
+
+from werkzeug.wrappers import Response
+
+
+@implements_to_string
+class HTTPException(Exception):
+
+ """
+ Baseclass for all HTTP exceptions. This exception can be called as WSGI
+ application to render a default error page or you can catch the subclasses
+ of it independently and render nicer error messages.
+ """
+
+ code = None
+ description = None
+
+ def __init__(self, description=None, response=None):
+ Exception.__init__(self)
+ if description is not None:
+ self.description = description
+ self.response = response
+
+ @classmethod
+ def wrap(cls, exception, name=None):
+ """This method returns a new subclass of the exception provided that
+ also is a subclass of `BadRequest`.
+ """
+ class newcls(cls, exception):
+
+ def __init__(self, arg=None, *args, **kwargs):
+ cls.__init__(self, *args, **kwargs)
+ exception.__init__(self, arg)
+ newcls.__module__ = sys._getframe(1).f_globals.get('__name__')
+ newcls.__name__ = name or cls.__name__ + exception.__name__
+ return newcls
+
+ @property
+ def name(self):
+ """The status name."""
+ return HTTP_STATUS_CODES.get(self.code, 'Unknown Error')
+
+ def get_description(self, environ=None):
+ """Get the description."""
+ return u'
\n'
+ u'%(description)s\n'
+ ) % {
+ 'code': self.code,
+ 'name': escape(self.name),
+ 'description': self.get_description(environ)
+ })
+
+ def get_headers(self, environ=None):
+ """Get a list of headers."""
+ return [('Content-Type', 'text/html')]
+
+ def get_response(self, environ=None):
+ """Get a response object. If one was passed to the exception
+ it's returned directly.
+
+ :param environ: the optional environ for the request. This
+ can be used to modify the response depending
+ on how the request looked like.
+ :return: a :class:`Response` object or a subclass thereof.
+ """
+ if self.response is not None:
+ return self.response
+ if environ is not None:
+ environ = _get_environ(environ)
+ headers = self.get_headers(environ)
+ return Response(self.get_body(environ), self.code, headers)
+
+ def __call__(self, environ, start_response):
+ """Call the exception as WSGI application.
+
+ :param environ: the WSGI environment.
+ :param start_response: the response callable provided by the WSGI
+ server.
+ """
+ response = self.get_response(environ)
+ return response(environ, start_response)
+
+ def __str__(self):
+ code = self.code if self.code is not None else '???'
+ return '%s %s: %s' % (code, self.name, self.description)
+
+ def __repr__(self):
+ code = self.code if self.code is not None else '???'
+ return "<%s '%s: %s'>" % (self.__class__.__name__, code, self.name)
+
+
+class BadRequest(HTTPException):
+
+ """*400* `Bad Request`
+
+ Raise if the browser sends something to the application the application
+ or server cannot handle.
+ """
+ code = 400
+ description = (
+ 'The browser (or proxy) sent a request that this server could '
+ 'not understand.'
+ )
+
+
+class ClientDisconnected(BadRequest):
+
+ """Internal exception that is raised if Werkzeug detects a disconnected
+ client. Since the client is already gone at that point attempting to
+ send the error message to the client might not work and might ultimately
+ result in another exception in the server. Mainly this is here so that
+ it is silenced by default as far as Werkzeug is concerned.
+
+ Since disconnections cannot be reliably detected and are unspecified
+ by WSGI to a large extent this might or might not be raised if a client
+ is gone.
+
+ .. versionadded:: 0.8
+ """
+
+
+class SecurityError(BadRequest):
+
+ """Raised if something triggers a security error. This is otherwise
+ exactly like a bad request error.
+
+ .. versionadded:: 0.9
+ """
+
+
+class BadHost(BadRequest):
+
+ """Raised if the submitted host is badly formatted.
+
+ .. versionadded:: 0.11.2
+ """
+
+
+class Unauthorized(HTTPException):
+
+ """*401* `Unauthorized`
+
+ Raise if the user is not authorized. Also used if you want to use HTTP
+ basic auth.
+ """
+ code = 401
+ description = (
+ 'The server could not verify that you are authorized to access '
+ 'the URL requested. You either supplied the wrong credentials (e.g. '
+ 'a bad password), or your browser doesn\'t understand how to supply '
+ 'the credentials required.'
+ )
+
+
+class Forbidden(HTTPException):
+
+ """*403* `Forbidden`
+
+ Raise if the user doesn't have the permission for the requested resource
+ but was authenticated.
+ """
+ code = 403
+ description = (
+ 'You don\'t have the permission to access the requested resource. '
+ 'It is either read-protected or not readable by the server.'
+ )
+
+
+class NotFound(HTTPException):
+
+ """*404* `Not Found`
+
+ Raise if a resource does not exist and never existed.
+ """
+ code = 404
+ description = (
+ 'The requested URL was not found on the server. '
+ 'If you entered the URL manually please check your spelling and '
+ 'try again.'
+ )
+
+
+class MethodNotAllowed(HTTPException):
+
+ """*405* `Method Not Allowed`
+
+ Raise if the server used a method the resource does not handle. For
+ example `POST` if the resource is view only. Especially useful for REST.
+
+ The first argument for this exception should be a list of allowed methods.
+ Strictly speaking the response would be invalid if you don't provide valid
+ methods in the header which you can do with that list.
+ """
+ code = 405
+ description = 'The method is not allowed for the requested URL.'
+
+ def __init__(self, valid_methods=None, description=None):
+ """Takes an optional list of valid http methods
+ starting with werkzeug 0.3 the list will be mandatory."""
+ HTTPException.__init__(self, description)
+ self.valid_methods = valid_methods
+
+ def get_headers(self, environ):
+ headers = HTTPException.get_headers(self, environ)
+ if self.valid_methods:
+ headers.append(('Allow', ', '.join(self.valid_methods)))
+ return headers
+
+
+class NotAcceptable(HTTPException):
+
+ """*406* `Not Acceptable`
+
+ Raise if the server can't return any content conforming to the
+ `Accept` headers of the client.
+ """
+ code = 406
+
+ description = (
+ 'The resource identified by the request is only capable of '
+ 'generating response entities which have content characteristics '
+ 'not acceptable according to the accept headers sent in the '
+ 'request.'
+ )
+
+
+class RequestTimeout(HTTPException):
+
+ """*408* `Request Timeout`
+
+ Raise to signalize a timeout.
+ """
+ code = 408
+ description = (
+ 'The server closed the network connection because the browser '
+ 'didn\'t finish the request within the specified time.'
+ )
+
+
+class Conflict(HTTPException):
+
+ """*409* `Conflict`
+
+ Raise to signal that a request cannot be completed because it conflicts
+ with the current state on the server.
+
+ .. versionadded:: 0.7
+ """
+ code = 409
+ description = (
+ 'A conflict happened while processing the request. The resource '
+ 'might have been modified while the request was being processed.'
+ )
+
+
+class Gone(HTTPException):
+
+ """*410* `Gone`
+
+ Raise if a resource existed previously and went away without new location.
+ """
+ code = 410
+ description = (
+ 'The requested URL is no longer available on this server and there '
+ 'is no forwarding address. If you followed a link from a foreign '
+ 'page, please contact the author of this page.'
+ )
+
+
+class LengthRequired(HTTPException):
+
+ """*411* `Length Required`
+
+ Raise if the browser submitted data but no ``Content-Length`` header which
+ is required for the kind of processing the server does.
+ """
+ code = 411
+ description = (
+ 'A request with this method requires a valid Content-'
+ 'Length header.'
+ )
+
+
+class PreconditionFailed(HTTPException):
+
+ """*412* `Precondition Failed`
+
+ Status code used in combination with ``If-Match``, ``If-None-Match``, or
+ ``If-Unmodified-Since``.
+ """
+ code = 412
+ description = (
+ 'The precondition on the request for the URL failed positive '
+ 'evaluation.'
+ )
+
+
+class RequestEntityTooLarge(HTTPException):
+
+ """*413* `Request Entity Too Large`
+
+ The status code one should return if the data submitted exceeded a given
+ limit.
+ """
+ code = 413
+ description = (
+ 'The data value transmitted exceeds the capacity limit.'
+ )
+
+
+class RequestURITooLarge(HTTPException):
+
+ """*414* `Request URI Too Large`
+
+ Like *413* but for too long URLs.
+ """
+ code = 414
+ description = (
+ 'The length of the requested URL exceeds the capacity limit '
+ 'for this server. The request cannot be processed.'
+ )
+
+
+class UnsupportedMediaType(HTTPException):
+
+ """*415* `Unsupported Media Type`
+
+ The status code returned if the server is unable to handle the media type
+ the client transmitted.
+ """
+ code = 415
+ description = (
+ 'The server does not support the media type transmitted in '
+ 'the request.'
+ )
+
+
+class RequestedRangeNotSatisfiable(HTTPException):
+
+ """*416* `Requested Range Not Satisfiable`
+
+ The client asked for an invalid part of the file.
+
+ .. versionadded:: 0.7
+ """
+ code = 416
+ description = (
+ 'The server cannot provide the requested range.'
+ )
+
+ def __init__(self, length=None, units="bytes", description=None):
+ """Takes an optional `Content-Range` header value based on ``length``
+ parameter.
+ """
+ HTTPException.__init__(self, description)
+ self.length = length
+ self.units = units
+
+ def get_headers(self, environ):
+ headers = HTTPException.get_headers(self, environ)
+ if self.length is not None:
+ headers.append(
+ ('Content-Range', '%s */%d' % (self.units, self.length)))
+ return headers
+
+
+class ExpectationFailed(HTTPException):
+
+ """*417* `Expectation Failed`
+
+ The server cannot meet the requirements of the Expect request-header.
+
+ .. versionadded:: 0.7
+ """
+ code = 417
+ description = (
+ 'The server could not meet the requirements of the Expect header'
+ )
+
+
+class ImATeapot(HTTPException):
+
+ """*418* `I'm a teapot`
+
+ The server should return this if it is a teapot and someone attempted
+ to brew coffee with it.
+
+ .. versionadded:: 0.7
+ """
+ code = 418
+ description = (
+ 'This server is a teapot, not a coffee machine'
+ )
+
+
+class UnprocessableEntity(HTTPException):
+
+ """*422* `Unprocessable Entity`
+
+ Used if the request is well formed, but the instructions are otherwise
+ incorrect.
+ """
+ code = 422
+ description = (
+ 'The request was well-formed but was unable to be followed '
+ 'due to semantic errors.'
+ )
+
+
+class Locked(HTTPException):
+
+ """*423* `Locked`
+
+ Used if the resource that is being accessed is locked.
+ """
+ code = 423
+ description = (
+ 'The resource that is being accessed is locked.'
+ )
+
+
+class PreconditionRequired(HTTPException):
+
+ """*428* `Precondition Required`
+
+ The server requires this request to be conditional, typically to prevent
+ the lost update problem, which is a race condition between two or more
+ clients attempting to update a resource through PUT or DELETE. By requiring
+ each client to include a conditional header ("If-Match" or "If-Unmodified-
+ Since") with the proper value retained from a recent GET request, the
+ server ensures that each client has at least seen the previous revision of
+ the resource.
+ """
+ code = 428
+ description = (
+ 'This request is required to be conditional; try using "If-Match" '
+ 'or "If-Unmodified-Since".'
+ )
+
+
+class TooManyRequests(HTTPException):
+
+ """*429* `Too Many Requests`
+
+ The server is limiting the rate at which this user receives responses, and
+ this request exceeds that rate. (The server may use any convenient method
+ to identify users and their request rates). The server may include a
+ "Retry-After" header to indicate how long the user should wait before
+ retrying.
+ """
+ code = 429
+ description = (
+ 'This user has exceeded an allotted request count. Try again later.'
+ )
+
+
+class RequestHeaderFieldsTooLarge(HTTPException):
+
+ """*431* `Request Header Fields Too Large`
+
+ The server refuses to process the request because the header fields are too
+ large. One or more individual fields may be too large, or the set of all
+ headers is too large.
+ """
+ code = 431
+ description = (
+ 'One or more header fields exceeds the maximum size.'
+ )
+
+
+class UnavailableForLegalReasons(HTTPException):
+
+ """*451* `Unavailable For Legal Reasons`
+
+ This status code indicates that the server is denying access to the
+ resource as a consequence of a legal demand.
+ """
+ code = 451
+ description = (
+ 'Unavailable for legal reasons.'
+ )
+
+
+class InternalServerError(HTTPException):
+
+ """*500* `Internal Server Error`
+
+ Raise if an internal server error occurred. This is a good fallback if an
+ unknown error occurred in the dispatcher.
+ """
+ code = 500
+ description = (
+ 'The server encountered an internal error and was unable to '
+ 'complete your request. Either the server is overloaded or there '
+ 'is an error in the application.'
+ )
+
+
+class NotImplemented(HTTPException):
+
+ """*501* `Not Implemented`
+
+ Raise if the application does not support the action requested by the
+ browser.
+ """
+ code = 501
+ description = (
+ 'The server does not support the action requested by the '
+ 'browser.'
+ )
+
+
+class BadGateway(HTTPException):
+
+ """*502* `Bad Gateway`
+
+ If you do proxying in your application you should return this status code
+ if you received an invalid response from the upstream server it accessed
+ in attempting to fulfill the request.
+ """
+ code = 502
+ description = (
+ 'The proxy server received an invalid response from an upstream '
+ 'server.'
+ )
+
+
+class ServiceUnavailable(HTTPException):
+
+ """*503* `Service Unavailable`
+
+ Status code you should return if a service is temporarily unavailable.
+ """
+ code = 503
+ description = (
+ 'The server is temporarily unable to service your request due to '
+ 'maintenance downtime or capacity problems. Please try again '
+ 'later.'
+ )
+
+
+class GatewayTimeout(HTTPException):
+
+ """*504* `Gateway Timeout`
+
+ Status code you should return if a connection to an upstream server
+ times out.
+ """
+ code = 504
+ description = (
+ 'The connection to an upstream server timed out.'
+ )
+
+
+class HTTPVersionNotSupported(HTTPException):
+
+ """*505* `HTTP Version Not Supported`
+
+ The server does not support the HTTP protocol version used in the request.
+ """
+ code = 505
+ description = (
+ 'The server does not support the HTTP protocol version used in the '
+ 'request.'
+ )
+
+
+default_exceptions = {}
+__all__ = ['HTTPException']
+
+
+def _find_exceptions():
+ for name, obj in iteritems(globals()):
+ try:
+ is_http_exception = issubclass(obj, HTTPException)
+ except TypeError:
+ is_http_exception = False
+ if not is_http_exception or obj.code is None:
+ continue
+ __all__.append(obj.__name__)
+ old_obj = default_exceptions.get(obj.code, None)
+ if old_obj is not None and issubclass(obj, old_obj):
+ continue
+ default_exceptions[obj.code] = obj
+_find_exceptions()
+del _find_exceptions
+
+
+class Aborter(object):
+
+ """
+ When passed a dict of code -> exception items it can be used as
+ callable that raises exceptions. If the first argument to the
+ callable is an integer it will be looked up in the mapping, if it's
+ a WSGI application it will be raised in a proxy exception.
+
+ The rest of the arguments are forwarded to the exception constructor.
+ """
+
+ def __init__(self, mapping=None, extra=None):
+ if mapping is None:
+ mapping = default_exceptions
+ self.mapping = dict(mapping)
+ if extra is not None:
+ self.mapping.update(extra)
+
+ def __call__(self, code, *args, **kwargs):
+ if not args and not kwargs and not isinstance(code, integer_types):
+ raise HTTPException(response=code)
+ if code not in self.mapping:
+ raise LookupError('no exception for %r' % code)
+ raise self.mapping[code](*args, **kwargs)
+
+
+def abort(status, *args, **kwargs):
+ '''
+ Raises an :py:exc:`HTTPException` for the given status code or WSGI
+ application::
+
+ abort(404) # 404 Not Found
+ abort(Response('Hello World'))
+
+ Can be passed a WSGI application or a status code. If a status code is
+ given it's looked up in the list of exceptions and will raise that
+ exception, if passed a WSGI application it will wrap it in a proxy WSGI
+ exception and raise that::
+
+ abort(404)
+ abort(Response('Hello World'))
+
+ '''
+ return _aborter(status, *args, **kwargs)
+
+_aborter = Aborter()
+
+
+#: an exception that is used internally to signal both a key error and a
+#: bad request. Used by a lot of the datastructures.
+BadRequestKeyError = BadRequest.wrap(KeyError)
+
+
+# imported here because of circular dependencies of werkzeug.utils
+from werkzeug.utils import escape
+from werkzeug.http import HTTP_STATUS_CODES
diff --git a/website/web/Lib/site-packages/werkzeug/filesystem.py b/website/web/Lib/site-packages/werkzeug/filesystem.py
new file mode 100644
index 000000000..624674655
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/filesystem.py
@@ -0,0 +1,66 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.filesystem
+ ~~~~~~~~~~~~~~~~~~~
+
+ Various utilities for the local filesystem.
+
+ :copyright: (c) 2015 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+
+import codecs
+import sys
+import warnings
+
+# We do not trust traditional unixes.
+has_likely_buggy_unicode_filesystem = \
+ sys.platform.startswith('linux') or 'bsd' in sys.platform
+
+
+def _is_ascii_encoding(encoding):
+ """
+ Given an encoding this figures out if the encoding is actually ASCII (which
+ is something we don't actually want in most cases). This is necessary
+ because ASCII comes under many names such as ANSI_X3.4-1968.
+ """
+ if encoding is None:
+ return False
+ try:
+ return codecs.lookup(encoding).name == 'ascii'
+ except LookupError:
+ return False
+
+
+class BrokenFilesystemWarning(RuntimeWarning, UnicodeWarning):
+ '''The warning used by Werkzeug to signal a broken filesystem. Will only be
+ used once per runtime.'''
+
+
+_warned_about_filesystem_encoding = False
+
+
+def get_filesystem_encoding():
+ """
+ Returns the filesystem encoding that should be used. Note that this is
+ different from the Python understanding of the filesystem encoding which
+ might be deeply flawed. Do not use this value against Python's unicode APIs
+ because it might be different. See :ref:`filesystem-encoding` for the exact
+ behavior.
+
+ The concept of a filesystem encoding in generally is not something you
+ should rely on. As such if you ever need to use this function except for
+ writing wrapper code reconsider.
+ """
+ global _warned_about_filesystem_encoding
+ rv = sys.getfilesystemencoding()
+ if has_likely_buggy_unicode_filesystem and not rv \
+ or _is_ascii_encoding(rv):
+ if not _warned_about_filesystem_encoding:
+ warnings.warn(
+ 'Detected a misconfigured UNIX filesystem: Will use UTF-8 as '
+ 'filesystem encoding instead of {0!r}'.format(rv),
+ BrokenFilesystemWarning)
+ _warned_about_filesystem_encoding = True
+ return 'utf-8'
+ return rv
diff --git a/website/web/Lib/site-packages/werkzeug/formparser.py b/website/web/Lib/site-packages/werkzeug/formparser.py
new file mode 100644
index 000000000..c56859e90
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/formparser.py
@@ -0,0 +1,534 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.formparser
+ ~~~~~~~~~~~~~~~~~~~
+
+ This module implements the form parsing. It supports url-encoded forms
+ as well as non-nested multipart uploads.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import re
+import codecs
+
+# there are some platforms where SpooledTemporaryFile is not available.
+# In that case we need to provide a fallback.
+try:
+ from tempfile import SpooledTemporaryFile
+except ImportError:
+ from tempfile import TemporaryFile
+ SpooledTemporaryFile = None
+
+from itertools import chain, repeat, tee
+from functools import update_wrapper
+
+from werkzeug._compat import to_native, text_type, BytesIO
+from werkzeug.urls import url_decode_stream
+from werkzeug.wsgi import make_line_iter, \
+ get_input_stream, get_content_length
+from werkzeug.datastructures import Headers, FileStorage, MultiDict
+from werkzeug.http import parse_options_header
+
+
+#: an iterator that yields empty strings
+_empty_string_iter = repeat('')
+
+#: a regular expression for multipart boundaries
+_multipart_boundary_re = re.compile('^[ -~]{0,200}[!-~]$')
+
+#: supported http encodings that are also available in python we support
+#: for multipart messages.
+_supported_multipart_encodings = frozenset(['base64', 'quoted-printable'])
+
+
+def default_stream_factory(total_content_length, filename, content_type,
+ content_length=None):
+ """The stream factory that is used per default."""
+ max_size = 1024 * 500
+ if SpooledTemporaryFile is not None:
+ return SpooledTemporaryFile(max_size=max_size, mode='wb+')
+ if total_content_length is None or total_content_length > max_size:
+ return TemporaryFile('wb+')
+ return BytesIO()
+
+
+def parse_form_data(environ, stream_factory=None, charset='utf-8',
+ errors='replace', max_form_memory_size=None,
+ max_content_length=None, cls=None,
+ silent=True):
+ """Parse the form data in the environ and return it as tuple in the form
+ ``(stream, form, files)``. You should only call this method if the
+ transport method is `POST`, `PUT`, or `PATCH`.
+
+ If the mimetype of the data transmitted is `multipart/form-data` the
+ files multidict will be filled with `FileStorage` objects. If the
+ mimetype is unknown the input stream is wrapped and returned as first
+ argument, else the stream is empty.
+
+ This is a shortcut for the common usage of :class:`FormDataParser`.
+
+ Have a look at :ref:`dealing-with-request-data` for more details.
+
+ .. versionadded:: 0.5
+ The `max_form_memory_size`, `max_content_length` and
+ `cls` parameters were added.
+
+ .. versionadded:: 0.5.1
+ The optional `silent` flag was added.
+
+ :param environ: the WSGI environment to be used for parsing.
+ :param stream_factory: An optional callable that returns a new read and
+ writeable file descriptor. This callable works
+ the same as :meth:`~BaseResponse._get_file_stream`.
+ :param charset: The character set for URL and url encoded form data.
+ :param errors: The encoding error behavior.
+ :param max_form_memory_size: the maximum number of bytes to be accepted for
+ in-memory stored form data. If the data
+ exceeds the value specified an
+ :exc:`~exceptions.RequestEntityTooLarge`
+ exception is raised.
+ :param max_content_length: If this is provided and the transmitted data
+ is longer than this value an
+ :exc:`~exceptions.RequestEntityTooLarge`
+ exception is raised.
+ :param cls: an optional dict class to use. If this is not specified
+ or `None` the default :class:`MultiDict` is used.
+ :param silent: If set to False parsing errors will not be caught.
+ :return: A tuple in the form ``(stream, form, files)``.
+ """
+ return FormDataParser(stream_factory, charset, errors,
+ max_form_memory_size, max_content_length,
+ cls, silent).parse_from_environ(environ)
+
+
+def exhaust_stream(f):
+ """Helper decorator for methods that exhausts the stream on return."""
+
+ def wrapper(self, stream, *args, **kwargs):
+ try:
+ return f(self, stream, *args, **kwargs)
+ finally:
+ exhaust = getattr(stream, 'exhaust', None)
+ if exhaust is not None:
+ exhaust()
+ else:
+ while 1:
+ chunk = stream.read(1024 * 64)
+ if not chunk:
+ break
+ return update_wrapper(wrapper, f)
+
+
+class FormDataParser(object):
+
+ """This class implements parsing of form data for Werkzeug. By itself
+ it can parse multipart and url encoded form data. It can be subclassed
+ and extended but for most mimetypes it is a better idea to use the
+ untouched stream and expose it as separate attributes on a request
+ object.
+
+ .. versionadded:: 0.8
+
+ :param stream_factory: An optional callable that returns a new read and
+ writeable file descriptor. This callable works
+ the same as :meth:`~BaseResponse._get_file_stream`.
+ :param charset: The character set for URL and url encoded form data.
+ :param errors: The encoding error behavior.
+ :param max_form_memory_size: the maximum number of bytes to be accepted for
+ in-memory stored form data. If the data
+ exceeds the value specified an
+ :exc:`~exceptions.RequestEntityTooLarge`
+ exception is raised.
+ :param max_content_length: If this is provided and the transmitted data
+ is longer than this value an
+ :exc:`~exceptions.RequestEntityTooLarge`
+ exception is raised.
+ :param cls: an optional dict class to use. If this is not specified
+ or `None` the default :class:`MultiDict` is used.
+ :param silent: If set to False parsing errors will not be caught.
+ """
+
+ def __init__(self, stream_factory=None, charset='utf-8',
+ errors='replace', max_form_memory_size=None,
+ max_content_length=None, cls=None,
+ silent=True):
+ if stream_factory is None:
+ stream_factory = default_stream_factory
+ self.stream_factory = stream_factory
+ self.charset = charset
+ self.errors = errors
+ self.max_form_memory_size = max_form_memory_size
+ self.max_content_length = max_content_length
+ if cls is None:
+ cls = MultiDict
+ self.cls = cls
+ self.silent = silent
+
+ def get_parse_func(self, mimetype, options):
+ return self.parse_functions.get(mimetype)
+
+ def parse_from_environ(self, environ):
+ """Parses the information from the environment as form data.
+
+ :param environ: the WSGI environment to be used for parsing.
+ :return: A tuple in the form ``(stream, form, files)``.
+ """
+ content_type = environ.get('CONTENT_TYPE', '')
+ content_length = get_content_length(environ)
+ mimetype, options = parse_options_header(content_type)
+ return self.parse(get_input_stream(environ), mimetype,
+ content_length, options)
+
+ def parse(self, stream, mimetype, content_length, options=None):
+ """Parses the information from the given stream, mimetype,
+ content length and mimetype parameters.
+
+ :param stream: an input stream
+ :param mimetype: the mimetype of the data
+ :param content_length: the content length of the incoming data
+ :param options: optional mimetype parameters (used for
+ the multipart boundary for instance)
+ :return: A tuple in the form ``(stream, form, files)``.
+ """
+ if self.max_content_length is not None and \
+ content_length is not None and \
+ content_length > self.max_content_length:
+ raise exceptions.RequestEntityTooLarge()
+ if options is None:
+ options = {}
+
+ parse_func = self.get_parse_func(mimetype, options)
+ if parse_func is not None:
+ try:
+ return parse_func(self, stream, mimetype,
+ content_length, options)
+ except ValueError:
+ if not self.silent:
+ raise
+
+ return stream, self.cls(), self.cls()
+
+ @exhaust_stream
+ def _parse_multipart(self, stream, mimetype, content_length, options):
+ parser = MultiPartParser(self.stream_factory, self.charset, self.errors,
+ max_form_memory_size=self.max_form_memory_size,
+ cls=self.cls)
+ boundary = options.get('boundary')
+ if boundary is None:
+ raise ValueError('Missing boundary')
+ if isinstance(boundary, text_type):
+ boundary = boundary.encode('ascii')
+ form, files = parser.parse(stream, boundary, content_length)
+ return stream, form, files
+
+ @exhaust_stream
+ def _parse_urlencoded(self, stream, mimetype, content_length, options):
+ if self.max_form_memory_size is not None and \
+ content_length is not None and \
+ content_length > self.max_form_memory_size:
+ raise exceptions.RequestEntityTooLarge()
+ form = url_decode_stream(stream, self.charset,
+ errors=self.errors, cls=self.cls)
+ return stream, form, self.cls()
+
+ #: mapping of mimetypes to parsing functions
+ parse_functions = {
+ 'multipart/form-data': _parse_multipart,
+ 'application/x-www-form-urlencoded': _parse_urlencoded,
+ 'application/x-url-encoded': _parse_urlencoded
+ }
+
+
+def is_valid_multipart_boundary(boundary):
+ """Checks if the string given is a valid multipart boundary."""
+ return _multipart_boundary_re.match(boundary) is not None
+
+
+def _line_parse(line):
+ """Removes line ending characters and returns a tuple (`stripped_line`,
+ `is_terminated`).
+ """
+ if line[-2:] in ['\r\n', b'\r\n']:
+ return line[:-2], True
+ elif line[-1:] in ['\r', '\n', b'\r', b'\n']:
+ return line[:-1], True
+ return line, False
+
+
+def parse_multipart_headers(iterable):
+ """Parses multipart headers from an iterable that yields lines (including
+ the trailing newline symbol). The iterable has to be newline terminated.
+
+ The iterable will stop at the line where the headers ended so it can be
+ further consumed.
+
+ :param iterable: iterable of strings that are newline terminated
+ """
+ result = []
+ for line in iterable:
+ line = to_native(line)
+ line, line_terminated = _line_parse(line)
+ if not line_terminated:
+ raise ValueError('unexpected end of line in multipart header')
+ if not line:
+ break
+ elif line[0] in ' \t' and result:
+ key, value = result[-1]
+ result[-1] = (key, value + '\n ' + line[1:])
+ else:
+ parts = line.split(':', 1)
+ if len(parts) == 2:
+ result.append((parts[0].strip(), parts[1].strip()))
+
+ # we link the list to the headers, no need to create a copy, the
+ # list was not shared anyways.
+ return Headers(result)
+
+
+_begin_form = 'begin_form'
+_begin_file = 'begin_file'
+_cont = 'cont'
+_end = 'end'
+
+
+class MultiPartParser(object):
+
+ def __init__(self, stream_factory=None, charset='utf-8', errors='replace',
+ max_form_memory_size=None, cls=None, buffer_size=64 * 1024):
+ self.charset = charset
+ self.errors = errors
+ self.max_form_memory_size = max_form_memory_size
+ self.stream_factory = default_stream_factory if stream_factory is None else stream_factory
+ self.cls = MultiDict if cls is None else cls
+
+ # make sure the buffer size is divisible by four so that we can base64
+ # decode chunk by chunk
+ assert buffer_size % 4 == 0, 'buffer size has to be divisible by 4'
+ # also the buffer size has to be at least 1024 bytes long or long headers
+ # will freak out the system
+ assert buffer_size >= 1024, 'buffer size has to be at least 1KB'
+
+ self.buffer_size = buffer_size
+
+ def _fix_ie_filename(self, filename):
+ """Internet Explorer 6 transmits the full file name if a file is
+ uploaded. This function strips the full path if it thinks the
+ filename is Windows-like absolute.
+ """
+ if filename[1:3] == ':\\' or filename[:2] == '\\\\':
+ return filename.split('\\')[-1]
+ return filename
+
+ def _find_terminator(self, iterator):
+ """The terminator might have some additional newlines before it.
+ There is at least one application that sends additional newlines
+ before headers (the python setuptools package).
+ """
+ for line in iterator:
+ if not line:
+ break
+ line = line.strip()
+ if line:
+ return line
+ return b''
+
+ def fail(self, message):
+ raise ValueError(message)
+
+ def get_part_encoding(self, headers):
+ transfer_encoding = headers.get('content-transfer-encoding')
+ if transfer_encoding is not None and \
+ transfer_encoding in _supported_multipart_encodings:
+ return transfer_encoding
+
+ def get_part_charset(self, headers):
+ # Figure out input charset for current part
+ content_type = headers.get('content-type')
+ if content_type:
+ mimetype, ct_params = parse_options_header(content_type)
+ return ct_params.get('charset', self.charset)
+ return self.charset
+
+ def start_file_streaming(self, filename, headers, total_content_length):
+ if isinstance(filename, bytes):
+ filename = filename.decode(self.charset, self.errors)
+ filename = self._fix_ie_filename(filename)
+ content_type = headers.get('content-type')
+ try:
+ content_length = int(headers['content-length'])
+ except (KeyError, ValueError):
+ content_length = 0
+ container = self.stream_factory(total_content_length, content_type,
+ filename, content_length)
+ return filename, container
+
+ def in_memory_threshold_reached(self, bytes):
+ raise exceptions.RequestEntityTooLarge()
+
+ def validate_boundary(self, boundary):
+ if not boundary:
+ self.fail('Missing boundary')
+ if not is_valid_multipart_boundary(boundary):
+ self.fail('Invalid boundary: %s' % boundary)
+ if len(boundary) > self.buffer_size: # pragma: no cover
+ # this should never happen because we check for a minimum size
+ # of 1024 and boundaries may not be longer than 200. The only
+ # situation when this happens is for non debug builds where
+ # the assert is skipped.
+ self.fail('Boundary longer than buffer size')
+
+ def parse_lines(self, file, boundary, content_length, cap_at_buffer=True):
+ """Generate parts of
+ ``('begin_form', (headers, name))``
+ ``('begin_file', (headers, name, filename))``
+ ``('cont', bytestring)``
+ ``('end', None)``
+
+ Always obeys the grammar
+ parts = ( begin_form cont* end |
+ begin_file cont* end )*
+ """
+ next_part = b'--' + boundary
+ last_part = next_part + b'--'
+
+ iterator = chain(make_line_iter(file, limit=content_length,
+ buffer_size=self.buffer_size,
+ cap_at_buffer=cap_at_buffer),
+ _empty_string_iter)
+
+ terminator = self._find_terminator(iterator)
+
+ if terminator == last_part:
+ return
+ elif terminator != next_part:
+ self.fail('Expected boundary at start of multipart data')
+
+ while terminator != last_part:
+ headers = parse_multipart_headers(iterator)
+
+ disposition = headers.get('content-disposition')
+ if disposition is None:
+ self.fail('Missing Content-Disposition header')
+ disposition, extra = parse_options_header(disposition)
+ transfer_encoding = self.get_part_encoding(headers)
+ name = extra.get('name')
+
+ # Accept filename* to support non-ascii filenames as per rfc2231
+ filename = extra.get('filename') or extra.get('filename*')
+
+ # if no content type is given we stream into memory. A list is
+ # used as a temporary container.
+ if filename is None:
+ yield _begin_form, (headers, name)
+
+ # otherwise we parse the rest of the headers and ask the stream
+ # factory for something we can write in.
+ else:
+ yield _begin_file, (headers, name, filename)
+
+ buf = b''
+ for line in iterator:
+ if not line:
+ self.fail('unexpected end of stream')
+
+ if line[:2] == b'--':
+ terminator = line.rstrip()
+ if terminator in (next_part, last_part):
+ break
+
+ if transfer_encoding is not None:
+ if transfer_encoding == 'base64':
+ transfer_encoding = 'base64_codec'
+ try:
+ line = codecs.decode(line, transfer_encoding)
+ except Exception:
+ self.fail('could not decode transfer encoded chunk')
+
+ # we have something in the buffer from the last iteration.
+ # this is usually a newline delimiter.
+ if buf:
+ yield _cont, buf
+ buf = b''
+
+ # If the line ends with windows CRLF we write everything except
+ # the last two bytes. In all other cases however we write
+ # everything except the last byte. If it was a newline, that's
+ # fine, otherwise it does not matter because we will write it
+ # the next iteration. this ensures we do not write the
+ # final newline into the stream. That way we do not have to
+ # truncate the stream. However we do have to make sure that
+ # if something else than a newline is in there we write it
+ # out.
+ if line[-2:] == b'\r\n':
+ buf = b'\r\n'
+ cutoff = -2
+ else:
+ buf = line[-1:]
+ cutoff = -1
+ yield _cont, line[:cutoff]
+
+ else: # pragma: no cover
+ raise ValueError('unexpected end of part')
+
+ # if we have a leftover in the buffer that is not a newline
+ # character we have to flush it, otherwise we will chop of
+ # certain values.
+ if buf not in (b'', b'\r', b'\n', b'\r\n'):
+ yield _cont, buf
+
+ yield _end, None
+
+ def parse_parts(self, file, boundary, content_length):
+ """Generate ``('file', (name, val))`` and
+ ``('form', (name, val))`` parts.
+ """
+ in_memory = 0
+
+ for ellt, ell in self.parse_lines(file, boundary, content_length):
+ if ellt == _begin_file:
+ headers, name, filename = ell
+ is_file = True
+ guard_memory = False
+ filename, container = self.start_file_streaming(
+ filename, headers, content_length)
+ _write = container.write
+
+ elif ellt == _begin_form:
+ headers, name = ell
+ is_file = False
+ container = []
+ _write = container.append
+ guard_memory = self.max_form_memory_size is not None
+
+ elif ellt == _cont:
+ _write(ell)
+ # if we write into memory and there is a memory size limit we
+ # count the number of bytes in memory and raise an exception if
+ # there is too much data in memory.
+ if guard_memory:
+ in_memory += len(ell)
+ if in_memory > self.max_form_memory_size:
+ self.in_memory_threshold_reached(in_memory)
+
+ elif ellt == _end:
+ if is_file:
+ container.seek(0)
+ yield ('file',
+ (name, FileStorage(container, filename, name,
+ headers=headers)))
+ else:
+ part_charset = self.get_part_charset(headers)
+ yield ('form',
+ (name, b''.join(container).decode(
+ part_charset, self.errors)))
+
+ def parse(self, file, boundary, content_length):
+ formstream, filestream = tee(
+ self.parse_parts(file, boundary, content_length), 2)
+ form = (p[1] for p in formstream if p[0] == 'form')
+ files = (p[1] for p in filestream if p[0] == 'file')
+ return self.cls(form), self.cls(files)
+
+
+from werkzeug import exceptions
diff --git a/website/web/Lib/site-packages/werkzeug/http.py b/website/web/Lib/site-packages/werkzeug/http.py
new file mode 100644
index 000000000..22197221c
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/http.py
@@ -0,0 +1,1158 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.http
+ ~~~~~~~~~~~~~
+
+ Werkzeug comes with a bunch of utilities that help Werkzeug to deal with
+ HTTP data. Most of the classes and functions provided by this module are
+ used by the wrappers, but they are useful on their own, too, especially if
+ the response and request objects are not used.
+
+ This covers some of the more HTTP centric features of WSGI, some other
+ utilities such as cookie handling are documented in the `werkzeug.utils`
+ module.
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import re
+import warnings
+from time import time, gmtime
+try:
+ from email.utils import parsedate_tz
+except ImportError: # pragma: no cover
+ from email.Utils import parsedate_tz
+try:
+ from urllib.request import parse_http_list as _parse_list_header
+ from urllib.parse import unquote_to_bytes as _unquote
+except ImportError: # pragma: no cover
+ from urllib2 import parse_http_list as _parse_list_header, \
+ unquote as _unquote
+from datetime import datetime, timedelta
+from hashlib import md5
+import base64
+
+from werkzeug._internal import _cookie_quote, _make_cookie_domain, \
+ _cookie_parse_impl
+from werkzeug._compat import to_unicode, iteritems, text_type, \
+ string_types, try_coerce_native, to_bytes, PY2, \
+ integer_types
+
+
+_cookie_charset = 'latin1'
+# for explanation of "media-range", etc. see Sections 5.3.{1,2} of RFC 7231
+_accept_re = re.compile(
+ r'''( # media-range capturing-parenthesis
+ [^\s;,]+ # type/subtype
+ (?:[ \t]*;[ \t]* # ";"
+ (?: # parameter non-capturing-parenthesis
+ [^\s;,q][^\s;,]* # token that doesn't start with "q"
+ | # or
+ q[^\s;,=][^\s;,]* # token that is more than just "q"
+ )
+ )* # zero or more parameters
+ ) # end of media-range
+ (?:[ \t]*;[ \t]*q= # weight is a "q" parameter
+ (\d*(?:\.\d+)?) # qvalue capturing-parentheses
+ [^,]* # "extension" accept params: who cares?
+ )? # accept params are optional
+ ''', re.VERBOSE)
+_token_chars = frozenset("!#$%&'*+-.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ '^_`abcdefghijklmnopqrstuvwxyz|~')
+_etag_re = re.compile(r'([Ww]/)?(?:"(.*?)"|(.*?))(?:\s*,\s*|$)')
+_unsafe_header_chars = set('()<>@,;:\"/[]?={} \t')
+_option_header_piece_re = re.compile(r'''
+ ;\s*
+ (?P
+ "[^"\\]*(?:\\.[^"\\]*)*" # quoted string
+ |
+ [^\s;,=*]+ # token
+ )
+ \s*
+ (?: # optionally followed by =value
+ (?: # equals sign, possibly with encoding
+ \*\s*=\s* # * indicates extended notation
+ (?P[^\s]+?)
+ '(?P[^\s]*?)'
+ |
+ =\s* # basic notation
+ )
+ (?P
+ "[^"\\]*(?:\\.[^"\\]*)*" # quoted string
+ |
+ [^;,]+ # token
+ )?
+ )?
+ \s*
+''', flags=re.VERBOSE)
+_option_header_start_mime_type = re.compile(r',\s*([^;,\s]+)([;,]\s*.+)?')
+
+_entity_headers = frozenset([
+ 'allow', 'content-encoding', 'content-language', 'content-length',
+ 'content-location', 'content-md5', 'content-range', 'content-type',
+ 'expires', 'last-modified'
+])
+_hop_by_hop_headers = frozenset([
+ 'connection', 'keep-alive', 'proxy-authenticate',
+ 'proxy-authorization', 'te', 'trailer', 'transfer-encoding',
+ 'upgrade'
+])
+
+
+HTTP_STATUS_CODES = {
+ 100: 'Continue',
+ 101: 'Switching Protocols',
+ 102: 'Processing',
+ 200: 'OK',
+ 201: 'Created',
+ 202: 'Accepted',
+ 203: 'Non Authoritative Information',
+ 204: 'No Content',
+ 205: 'Reset Content',
+ 206: 'Partial Content',
+ 207: 'Multi Status',
+ 226: 'IM Used', # see RFC 3229
+ 300: 'Multiple Choices',
+ 301: 'Moved Permanently',
+ 302: 'Found',
+ 303: 'See Other',
+ 304: 'Not Modified',
+ 305: 'Use Proxy',
+ 307: 'Temporary Redirect',
+ 400: 'Bad Request',
+ 401: 'Unauthorized',
+ 402: 'Payment Required', # unused
+ 403: 'Forbidden',
+ 404: 'Not Found',
+ 405: 'Method Not Allowed',
+ 406: 'Not Acceptable',
+ 407: 'Proxy Authentication Required',
+ 408: 'Request Timeout',
+ 409: 'Conflict',
+ 410: 'Gone',
+ 411: 'Length Required',
+ 412: 'Precondition Failed',
+ 413: 'Request Entity Too Large',
+ 414: 'Request URI Too Long',
+ 415: 'Unsupported Media Type',
+ 416: 'Requested Range Not Satisfiable',
+ 417: 'Expectation Failed',
+ 418: 'I\'m a teapot', # see RFC 2324
+ 422: 'Unprocessable Entity',
+ 423: 'Locked',
+ 424: 'Failed Dependency',
+ 426: 'Upgrade Required',
+ 428: 'Precondition Required', # see RFC 6585
+ 429: 'Too Many Requests',
+ 431: 'Request Header Fields Too Large',
+ 449: 'Retry With', # proprietary MS extension
+ 451: 'Unavailable For Legal Reasons',
+ 500: 'Internal Server Error',
+ 501: 'Not Implemented',
+ 502: 'Bad Gateway',
+ 503: 'Service Unavailable',
+ 504: 'Gateway Timeout',
+ 505: 'HTTP Version Not Supported',
+ 507: 'Insufficient Storage',
+ 510: 'Not Extended'
+}
+
+
+def wsgi_to_bytes(data):
+ """coerce wsgi unicode represented bytes to real ones
+
+ """
+ if isinstance(data, bytes):
+ return data
+ return data.encode('latin1') # XXX: utf8 fallback?
+
+
+def bytes_to_wsgi(data):
+ assert isinstance(data, bytes), 'data must be bytes'
+ if isinstance(data, str):
+ return data
+ else:
+ return data.decode('latin1')
+
+
+def quote_header_value(value, extra_chars='', allow_token=True):
+ """Quote a header value if necessary.
+
+ .. versionadded:: 0.5
+
+ :param value: the value to quote.
+ :param extra_chars: a list of extra characters to skip quoting.
+ :param allow_token: if this is enabled token values are returned
+ unchanged.
+ """
+ if isinstance(value, bytes):
+ value = bytes_to_wsgi(value)
+ value = str(value)
+ if allow_token:
+ token_chars = _token_chars | set(extra_chars)
+ if set(value).issubset(token_chars):
+ return value
+ return '"%s"' % value.replace('\\', '\\\\').replace('"', '\\"')
+
+
+def unquote_header_value(value, is_filename=False):
+ r"""Unquotes a header value. (Reversal of :func:`quote_header_value`).
+ This does not use the real unquoting but what browsers are actually
+ using for quoting.
+
+ .. versionadded:: 0.5
+
+ :param value: the header value to unquote.
+ """
+ if value and value[0] == value[-1] == '"':
+ # this is not the real unquoting, but fixing this so that the
+ # RFC is met will result in bugs with internet explorer and
+ # probably some other browsers as well. IE for example is
+ # uploading files with "C:\foo\bar.txt" as filename
+ value = value[1:-1]
+
+ # if this is a filename and the starting characters look like
+ # a UNC path, then just return the value without quotes. Using the
+ # replace sequence below on a UNC path has the effect of turning
+ # the leading double slash into a single slash and then
+ # _fix_ie_filename() doesn't work correctly. See #458.
+ if not is_filename or value[:2] != '\\\\':
+ return value.replace('\\\\', '\\').replace('\\"', '"')
+ return value
+
+
+def dump_options_header(header, options):
+ """The reverse function to :func:`parse_options_header`.
+
+ :param header: the header to dump
+ :param options: a dict of options to append.
+ """
+ segments = []
+ if header is not None:
+ segments.append(header)
+ for key, value in iteritems(options):
+ if value is None:
+ segments.append(key)
+ else:
+ segments.append('%s=%s' % (key, quote_header_value(value)))
+ return '; '.join(segments)
+
+
+def dump_header(iterable, allow_token=True):
+ """Dump an HTTP header again. This is the reversal of
+ :func:`parse_list_header`, :func:`parse_set_header` and
+ :func:`parse_dict_header`. This also quotes strings that include an
+ equals sign unless you pass it as dict of key, value pairs.
+
+ >>> dump_header({'foo': 'bar baz'})
+ 'foo="bar baz"'
+ >>> dump_header(('foo', 'bar baz'))
+ 'foo, "bar baz"'
+
+ :param iterable: the iterable or dict of values to quote.
+ :param allow_token: if set to `False` tokens as values are disallowed.
+ See :func:`quote_header_value` for more details.
+ """
+ if isinstance(iterable, dict):
+ items = []
+ for key, value in iteritems(iterable):
+ if value is None:
+ items.append(key)
+ else:
+ items.append('%s=%s' % (
+ key,
+ quote_header_value(value, allow_token=allow_token)
+ ))
+ else:
+ items = [quote_header_value(x, allow_token=allow_token)
+ for x in iterable]
+ return ', '.join(items)
+
+
+def parse_list_header(value):
+ """Parse lists as described by RFC 2068 Section 2.
+
+ In particular, parse comma-separated lists where the elements of
+ the list may include quoted-strings. A quoted-string could
+ contain a comma. A non-quoted string could have quotes in the
+ middle. Quotes are removed automatically after parsing.
+
+ It basically works like :func:`parse_set_header` just that items
+ may appear multiple times and case sensitivity is preserved.
+
+ The return value is a standard :class:`list`:
+
+ >>> parse_list_header('token, "quoted value"')
+ ['token', 'quoted value']
+
+ To create a header from the :class:`list` again, use the
+ :func:`dump_header` function.
+
+ :param value: a string with a list header.
+ :return: :class:`list`
+ """
+ result = []
+ for item in _parse_list_header(value):
+ if item[:1] == item[-1:] == '"':
+ item = unquote_header_value(item[1:-1])
+ result.append(item)
+ return result
+
+
+def parse_dict_header(value, cls=dict):
+ """Parse lists of key, value pairs as described by RFC 2068 Section 2 and
+ convert them into a python dict (or any other mapping object created from
+ the type with a dict like interface provided by the `cls` argument):
+
+ >>> d = parse_dict_header('foo="is a fish", bar="as well"')
+ >>> type(d) is dict
+ True
+ >>> sorted(d.items())
+ [('bar', 'as well'), ('foo', 'is a fish')]
+
+ If there is no value for a key it will be `None`:
+
+ >>> parse_dict_header('key_without_value')
+ {'key_without_value': None}
+
+ To create a header from the :class:`dict` again, use the
+ :func:`dump_header` function.
+
+ .. versionchanged:: 0.9
+ Added support for `cls` argument.
+
+ :param value: a string with a dict header.
+ :param cls: callable to use for storage of parsed results.
+ :return: an instance of `cls`
+ """
+ result = cls()
+ if not isinstance(value, text_type):
+ # XXX: validate
+ value = bytes_to_wsgi(value)
+ for item in _parse_list_header(value):
+ if '=' not in item:
+ result[item] = None
+ continue
+ name, value = item.split('=', 1)
+ if value[:1] == value[-1:] == '"':
+ value = unquote_header_value(value[1:-1])
+ result[name] = value
+ return result
+
+
+def parse_options_header(value, multiple=False):
+ """Parse a ``Content-Type`` like header into a tuple with the content
+ type and the options:
+
+ >>> parse_options_header('text/html; charset=utf8')
+ ('text/html', {'charset': 'utf8'})
+
+ This should not be used to parse ``Cache-Control`` like headers that use
+ a slightly different format. For these headers use the
+ :func:`parse_dict_header` function.
+
+ .. versionadded:: 0.5
+
+ :param value: the header to parse.
+ :param multiple: Whether try to parse and return multiple MIME types
+ :return: (mimetype, options) or (mimetype, options, mimetype, options, …)
+ if multiple=True
+ """
+ if not value:
+ return '', {}
+
+ result = []
+
+ value = "," + value.replace("\n", ",")
+ while value:
+ match = _option_header_start_mime_type.match(value)
+ if not match:
+ break
+ result.append(match.group(1)) # mimetype
+ options = {}
+ # Parse options
+ rest = match.group(2)
+ while rest:
+ optmatch = _option_header_piece_re.match(rest)
+ if not optmatch:
+ break
+ option, encoding, _, option_value = optmatch.groups()
+ option = unquote_header_value(option)
+ if option_value is not None:
+ option_value = unquote_header_value(
+ option_value,
+ option == 'filename')
+ if encoding is not None:
+ option_value = _unquote(option_value).decode(encoding)
+ options[option] = option_value
+ rest = rest[optmatch.end():]
+ result.append(options)
+ if multiple is False:
+ return tuple(result)
+ value = rest
+
+ return tuple(result) if result else ('', {})
+
+
+def parse_accept_header(value, cls=None):
+ """Parses an HTTP Accept-* header. This does not implement a complete
+ valid algorithm but one that supports at least value and quality
+ extraction.
+
+ Returns a new :class:`Accept` object (basically a list of ``(value, quality)``
+ tuples sorted by the quality with some additional accessor methods).
+
+ The second parameter can be a subclass of :class:`Accept` that is created
+ with the parsed values and returned.
+
+ :param value: the accept header string to be parsed.
+ :param cls: the wrapper class for the return value (can be
+ :class:`Accept` or a subclass thereof)
+ :return: an instance of `cls`.
+ """
+ if cls is None:
+ cls = Accept
+
+ if not value:
+ return cls(None)
+
+ result = []
+ for match in _accept_re.finditer(value):
+ quality = match.group(2)
+ if not quality:
+ quality = 1
+ else:
+ quality = max(min(float(quality), 1), 0)
+ result.append((match.group(1), quality))
+ return cls(result)
+
+
+def parse_cache_control_header(value, on_update=None, cls=None):
+ """Parse a cache control header. The RFC differs between response and
+ request cache control, this method does not. It's your responsibility
+ to not use the wrong control statements.
+
+ .. versionadded:: 0.5
+ The `cls` was added. If not specified an immutable
+ :class:`~werkzeug.datastructures.RequestCacheControl` is returned.
+
+ :param value: a cache control header to be parsed.
+ :param on_update: an optional callable that is called every time a value
+ on the :class:`~werkzeug.datastructures.CacheControl`
+ object is changed.
+ :param cls: the class for the returned object. By default
+ :class:`~werkzeug.datastructures.RequestCacheControl` is used.
+ :return: a `cls` object.
+ """
+ if cls is None:
+ cls = RequestCacheControl
+ if not value:
+ return cls(None, on_update)
+ return cls(parse_dict_header(value), on_update)
+
+
+def parse_set_header(value, on_update=None):
+ """Parse a set-like header and return a
+ :class:`~werkzeug.datastructures.HeaderSet` object:
+
+ >>> hs = parse_set_header('token, "quoted value"')
+
+ The return value is an object that treats the items case-insensitively
+ and keeps the order of the items:
+
+ >>> 'TOKEN' in hs
+ True
+ >>> hs.index('quoted value')
+ 1
+ >>> hs
+ HeaderSet(['token', 'quoted value'])
+
+ To create a header from the :class:`HeaderSet` again, use the
+ :func:`dump_header` function.
+
+ :param value: a set header to be parsed.
+ :param on_update: an optional callable that is called every time a
+ value on the :class:`~werkzeug.datastructures.HeaderSet`
+ object is changed.
+ :return: a :class:`~werkzeug.datastructures.HeaderSet`
+ """
+ if not value:
+ return HeaderSet(None, on_update)
+ return HeaderSet(parse_list_header(value), on_update)
+
+
+def parse_authorization_header(value):
+ """Parse an HTTP basic/digest authorization header transmitted by the web
+ browser. The return value is either `None` if the header was invalid or
+ not given, otherwise an :class:`~werkzeug.datastructures.Authorization`
+ object.
+
+ :param value: the authorization header to parse.
+ :return: a :class:`~werkzeug.datastructures.Authorization` object or `None`.
+ """
+ if not value:
+ return
+ value = wsgi_to_bytes(value)
+ try:
+ auth_type, auth_info = value.split(None, 1)
+ auth_type = auth_type.lower()
+ except ValueError:
+ return
+ if auth_type == b'basic':
+ try:
+ username, password = base64.b64decode(auth_info).split(b':', 1)
+ except Exception:
+ return
+ return Authorization('basic', {'username': bytes_to_wsgi(username),
+ 'password': bytes_to_wsgi(password)})
+ elif auth_type == b'digest':
+ auth_map = parse_dict_header(auth_info)
+ for key in 'username', 'realm', 'nonce', 'uri', 'response':
+ if key not in auth_map:
+ return
+ if 'qop' in auth_map:
+ if not auth_map.get('nc') or not auth_map.get('cnonce'):
+ return
+ return Authorization('digest', auth_map)
+
+
+def parse_www_authenticate_header(value, on_update=None):
+ """Parse an HTTP WWW-Authenticate header into a
+ :class:`~werkzeug.datastructures.WWWAuthenticate` object.
+
+ :param value: a WWW-Authenticate header to parse.
+ :param on_update: an optional callable that is called every time a value
+ on the :class:`~werkzeug.datastructures.WWWAuthenticate`
+ object is changed.
+ :return: a :class:`~werkzeug.datastructures.WWWAuthenticate` object.
+ """
+ if not value:
+ return WWWAuthenticate(on_update=on_update)
+ try:
+ auth_type, auth_info = value.split(None, 1)
+ auth_type = auth_type.lower()
+ except (ValueError, AttributeError):
+ return WWWAuthenticate(value.strip().lower(), on_update=on_update)
+ return WWWAuthenticate(auth_type, parse_dict_header(auth_info),
+ on_update)
+
+
+def parse_if_range_header(value):
+ """Parses an if-range header which can be an etag or a date. Returns
+ a :class:`~werkzeug.datastructures.IfRange` object.
+
+ .. versionadded:: 0.7
+ """
+ if not value:
+ return IfRange()
+ date = parse_date(value)
+ if date is not None:
+ return IfRange(date=date)
+ # drop weakness information
+ return IfRange(unquote_etag(value)[0])
+
+
+def parse_range_header(value, make_inclusive=True):
+ """Parses a range header into a :class:`~werkzeug.datastructures.Range`
+ object. If the header is missing or malformed `None` is returned.
+ `ranges` is a list of ``(start, stop)`` tuples where the ranges are
+ non-inclusive.
+
+ .. versionadded:: 0.7
+ """
+ if not value or '=' not in value:
+ return None
+
+ ranges = []
+ last_end = 0
+ units, rng = value.split('=', 1)
+ units = units.strip().lower()
+
+ for item in rng.split(','):
+ item = item.strip()
+ if '-' not in item:
+ return None
+ if item.startswith('-'):
+ if last_end < 0:
+ return None
+ try:
+ begin = int(item)
+ except ValueError:
+ return None
+ end = None
+ last_end = -1
+ elif '-' in item:
+ begin, end = item.split('-', 1)
+ begin = begin.strip()
+ end = end.strip()
+ if not begin.isdigit():
+ return None
+ begin = int(begin)
+ if begin < last_end or last_end < 0:
+ return None
+ if end:
+ if not end.isdigit():
+ return None
+ end = int(end) + 1
+ if begin >= end:
+ return None
+ else:
+ end = None
+ last_end = end
+ ranges.append((begin, end))
+
+ return Range(units, ranges)
+
+
+def parse_content_range_header(value, on_update=None):
+ """Parses a range header into a
+ :class:`~werkzeug.datastructures.ContentRange` object or `None` if
+ parsing is not possible.
+
+ .. versionadded:: 0.7
+
+ :param value: a content range header to be parsed.
+ :param on_update: an optional callable that is called every time a value
+ on the :class:`~werkzeug.datastructures.ContentRange`
+ object is changed.
+ """
+ if value is None:
+ return None
+ try:
+ units, rangedef = (value or '').strip().split(None, 1)
+ except ValueError:
+ return None
+
+ if '/' not in rangedef:
+ return None
+ rng, length = rangedef.split('/', 1)
+ if length == '*':
+ length = None
+ elif length.isdigit():
+ length = int(length)
+ else:
+ return None
+
+ if rng == '*':
+ return ContentRange(units, None, None, length, on_update=on_update)
+ elif '-' not in rng:
+ return None
+
+ start, stop = rng.split('-', 1)
+ try:
+ start = int(start)
+ stop = int(stop) + 1
+ except ValueError:
+ return None
+
+ if is_byte_range_valid(start, stop, length):
+ return ContentRange(units, start, stop, length, on_update=on_update)
+
+
+def quote_etag(etag, weak=False):
+ """Quote an etag.
+
+ :param etag: the etag to quote.
+ :param weak: set to `True` to tag it "weak".
+ """
+ if '"' in etag:
+ raise ValueError('invalid etag')
+ etag = '"%s"' % etag
+ if weak:
+ etag = 'W/' + etag
+ return etag
+
+
+def unquote_etag(etag):
+ """Unquote a single etag:
+
+ >>> unquote_etag('W/"bar"')
+ ('bar', True)
+ >>> unquote_etag('"bar"')
+ ('bar', False)
+
+ :param etag: the etag identifier to unquote.
+ :return: a ``(etag, weak)`` tuple.
+ """
+ if not etag:
+ return None, None
+ etag = etag.strip()
+ weak = False
+ if etag.startswith(('W/', 'w/')):
+ weak = True
+ etag = etag[2:]
+ if etag[:1] == etag[-1:] == '"':
+ etag = etag[1:-1]
+ return etag, weak
+
+
+def parse_etags(value):
+ """Parse an etag header.
+
+ :param value: the tag header to parse
+ :return: an :class:`~werkzeug.datastructures.ETags` object.
+ """
+ if not value:
+ return ETags()
+ strong = []
+ weak = []
+ end = len(value)
+ pos = 0
+ while pos < end:
+ match = _etag_re.match(value, pos)
+ if match is None:
+ break
+ is_weak, quoted, raw = match.groups()
+ if raw == '*':
+ return ETags(star_tag=True)
+ elif quoted:
+ raw = quoted
+ if is_weak:
+ weak.append(raw)
+ else:
+ strong.append(raw)
+ pos = match.end()
+ return ETags(strong, weak)
+
+
+def generate_etag(data):
+ """Generate an etag for some data."""
+ return md5(data).hexdigest()
+
+
+def parse_date(value):
+ """Parse one of the following date formats into a datetime object:
+
+ .. sourcecode:: text
+
+ Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123
+ Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
+ Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format
+
+ If parsing fails the return value is `None`.
+
+ :param value: a string with a supported date format.
+ :return: a :class:`datetime.datetime` object.
+ """
+ if value:
+ t = parsedate_tz(value.strip())
+ if t is not None:
+ try:
+ year = t[0]
+ # unfortunately that function does not tell us if two digit
+ # years were part of the string, or if they were prefixed
+ # with two zeroes. So what we do is to assume that 69-99
+ # refer to 1900, and everything below to 2000
+ if year >= 0 and year <= 68:
+ year += 2000
+ elif year >= 69 and year <= 99:
+ year += 1900
+ return datetime(*((year,) + t[1:7])) - \
+ timedelta(seconds=t[-1] or 0)
+ except (ValueError, OverflowError):
+ return None
+
+
+def _dump_date(d, delim):
+ """Used for `http_date` and `cookie_date`."""
+ if d is None:
+ d = gmtime()
+ elif isinstance(d, datetime):
+ d = d.utctimetuple()
+ elif isinstance(d, (integer_types, float)):
+ d = gmtime(d)
+ return '%s, %02d%s%s%s%s %02d:%02d:%02d GMT' % (
+ ('Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun')[d.tm_wday],
+ d.tm_mday, delim,
+ ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep',
+ 'Oct', 'Nov', 'Dec')[d.tm_mon - 1],
+ delim, str(d.tm_year), d.tm_hour, d.tm_min, d.tm_sec
+ )
+
+
+def cookie_date(expires=None):
+ """Formats the time to ensure compatibility with Netscape's cookie
+ standard.
+
+ Accepts a floating point number expressed in seconds since the epoch in, a
+ datetime object or a timetuple. All times in UTC. The :func:`parse_date`
+ function can be used to parse such a date.
+
+ Outputs a string in the format ``Wdy, DD-Mon-YYYY HH:MM:SS GMT``.
+
+ :param expires: If provided that date is used, otherwise the current.
+ """
+ return _dump_date(expires, '-')
+
+
+def http_date(timestamp=None):
+ """Formats the time to match the RFC1123 date format.
+
+ Accepts a floating point number expressed in seconds since the epoch in, a
+ datetime object or a timetuple. All times in UTC. The :func:`parse_date`
+ function can be used to parse such a date.
+
+ Outputs a string in the format ``Wdy, DD Mon YYYY HH:MM:SS GMT``.
+
+ :param timestamp: If provided that date is used, otherwise the current.
+ """
+ return _dump_date(timestamp, ' ')
+
+
+def parse_age(value=None):
+ """Parses a base-10 integer count of seconds into a timedelta.
+
+ If parsing fails, the return value is `None`.
+
+ :param value: a string consisting of an integer represented in base-10
+ :return: a :class:`datetime.timedelta` object or `None`.
+ """
+ if not value:
+ return None
+ try:
+ seconds = int(value)
+ except ValueError:
+ return None
+ if seconds < 0:
+ return None
+ try:
+ return timedelta(seconds=seconds)
+ except OverflowError:
+ return None
+
+
+def dump_age(age=None):
+ """Formats the duration as a base-10 integer.
+
+ :param age: should be an integer number of seconds,
+ a :class:`datetime.timedelta` object, or,
+ if the age is unknown, `None` (default).
+ """
+ if age is None:
+ return
+ if isinstance(age, timedelta):
+ # do the equivalent of Python 2.7's timedelta.total_seconds(),
+ # but disregarding fractional seconds
+ age = age.seconds + (age.days * 24 * 3600)
+
+ age = int(age)
+ if age < 0:
+ raise ValueError('age cannot be negative')
+
+ return str(age)
+
+
+def is_resource_modified(environ, etag=None, data=None, last_modified=None,
+ ignore_if_range=True):
+ """Convenience method for conditional requests.
+
+ :param environ: the WSGI environment of the request to be checked.
+ :param etag: the etag for the response for comparison.
+ :param data: or alternatively the data of the response to automatically
+ generate an etag using :func:`generate_etag`.
+ :param last_modified: an optional date of the last modification.
+ :param ignore_if_range: If `False`, `If-Range` header will be taken into
+ account.
+ :return: `True` if the resource was modified, otherwise `False`.
+ """
+ if etag is None and data is not None:
+ etag = generate_etag(data)
+ elif data is not None:
+ raise TypeError('both data and etag given')
+ if environ['REQUEST_METHOD'] not in ('GET', 'HEAD'):
+ return False
+
+ unmodified = False
+ if isinstance(last_modified, string_types):
+ last_modified = parse_date(last_modified)
+
+ # ensure that microsecond is zero because the HTTP spec does not transmit
+ # that either and we might have some false positives. See issue #39
+ if last_modified is not None:
+ last_modified = last_modified.replace(microsecond=0)
+
+ if_range = None
+ if not ignore_if_range and 'HTTP_RANGE' in environ:
+ # http://tools.ietf.org/html/rfc7233#section-3.2
+ # A server MUST ignore an If-Range header field received in a request
+ # that does not contain a Range header field.
+ if_range = parse_if_range_header(environ.get('HTTP_IF_RANGE'))
+
+ if if_range is not None and if_range.date is not None:
+ modified_since = if_range.date
+ else:
+ modified_since = parse_date(environ.get('HTTP_IF_MODIFIED_SINCE'))
+
+ if modified_since and last_modified and last_modified <= modified_since:
+ unmodified = True
+
+ if etag:
+ etag, _ = unquote_etag(etag)
+ if if_range is not None and if_range.etag is not None:
+ unmodified = parse_etags(if_range.etag).contains(etag)
+ else:
+ if_none_match = parse_etags(environ.get('HTTP_IF_NONE_MATCH'))
+ if if_none_match:
+ # http://tools.ietf.org/html/rfc7232#section-3.2
+ # "A recipient MUST use the weak comparison function when comparing
+ # entity-tags for If-None-Match"
+ unmodified = if_none_match.contains_weak(etag)
+
+ # https://tools.ietf.org/html/rfc7232#section-3.1
+ # "Origin server MUST use the strong comparison function when
+ # comparing entity-tags for If-Match"
+ if_match = parse_etags(environ.get('HTTP_IF_MATCH'))
+ if if_match:
+ unmodified = not if_match.is_strong(etag)
+
+ return not unmodified
+
+
+def remove_entity_headers(headers, allowed=('expires', 'content-location')):
+ """Remove all entity headers from a list or :class:`Headers` object. This
+ operation works in-place. `Expires` and `Content-Location` headers are
+ by default not removed. The reason for this is :rfc:`2616` section
+ 10.3.5 which specifies some entity headers that should be sent.
+
+ .. versionchanged:: 0.5
+ added `allowed` parameter.
+
+ :param headers: a list or :class:`Headers` object.
+ :param allowed: a list of headers that should still be allowed even though
+ they are entity headers.
+ """
+ allowed = set(x.lower() for x in allowed)
+ headers[:] = [(key, value) for key, value in headers if
+ not is_entity_header(key) or key.lower() in allowed]
+
+
+def remove_hop_by_hop_headers(headers):
+ """Remove all HTTP/1.1 "Hop-by-Hop" headers from a list or
+ :class:`Headers` object. This operation works in-place.
+
+ .. versionadded:: 0.5
+
+ :param headers: a list or :class:`Headers` object.
+ """
+ headers[:] = [(key, value) for key, value in headers if
+ not is_hop_by_hop_header(key)]
+
+
+def is_entity_header(header):
+ """Check if a header is an entity header.
+
+ .. versionadded:: 0.5
+
+ :param header: the header to test.
+ :return: `True` if it's an entity header, `False` otherwise.
+ """
+ return header.lower() in _entity_headers
+
+
+def is_hop_by_hop_header(header):
+ """Check if a header is an HTTP/1.1 "Hop-by-Hop" header.
+
+ .. versionadded:: 0.5
+
+ :param header: the header to test.
+ :return: `True` if it's an HTTP/1.1 "Hop-by-Hop" header, `False` otherwise.
+ """
+ return header.lower() in _hop_by_hop_headers
+
+
+def parse_cookie(header, charset='utf-8', errors='replace', cls=None):
+ """Parse a cookie. Either from a string or WSGI environ.
+
+ Per default encoding errors are ignored. If you want a different behavior
+ you can set `errors` to ``'replace'`` or ``'strict'``. In strict mode a
+ :exc:`HTTPUnicodeError` is raised.
+
+ .. versionchanged:: 0.5
+ This function now returns a :class:`TypeConversionDict` instead of a
+ regular dict. The `cls` parameter was added.
+
+ :param header: the header to be used to parse the cookie. Alternatively
+ this can be a WSGI environment.
+ :param charset: the charset for the cookie values.
+ :param errors: the error behavior for the charset decoding.
+ :param cls: an optional dict class to use. If this is not specified
+ or `None` the default :class:`TypeConversionDict` is
+ used.
+ """
+ if isinstance(header, dict):
+ header = header.get('HTTP_COOKIE', '')
+ elif header is None:
+ header = ''
+
+ # If the value is an unicode string it's mangled through latin1. This
+ # is done because on PEP 3333 on Python 3 all headers are assumed latin1
+ # which however is incorrect for cookies, which are sent in page encoding.
+ # As a result we
+ if isinstance(header, text_type):
+ header = header.encode('latin1', 'replace')
+
+ if cls is None:
+ cls = TypeConversionDict
+
+ def _parse_pairs():
+ for key, val in _cookie_parse_impl(header):
+ key = to_unicode(key, charset, errors, allow_none_charset=True)
+ val = to_unicode(val, charset, errors, allow_none_charset=True)
+ yield try_coerce_native(key), val
+
+ return cls(_parse_pairs())
+
+
+def dump_cookie(key, value='', max_age=None, expires=None, path='/',
+ domain=None, secure=False, httponly=False,
+ charset='utf-8', sync_expires=True, max_size=4093,
+ samesite=None):
+ """Creates a new Set-Cookie header without the ``Set-Cookie`` prefix
+ The parameters are the same as in the cookie Morsel object in the
+ Python standard library but it accepts unicode data, too.
+
+ On Python 3 the return value of this function will be a unicode
+ string, on Python 2 it will be a native string. In both cases the
+ return value is usually restricted to ascii as the vast majority of
+ values are properly escaped, but that is no guarantee. If a unicode
+ string is returned it's tunneled through latin1 as required by
+ PEP 3333.
+
+ The return value is not ASCII safe if the key contains unicode
+ characters. This is technically against the specification but
+ happens in the wild. It's strongly recommended to not use
+ non-ASCII values for the keys.
+
+ :param max_age: should be a number of seconds, or `None` (default) if
+ the cookie should last only as long as the client's
+ browser session. Additionally `timedelta` objects
+ are accepted, too.
+ :param expires: should be a `datetime` object or unix timestamp.
+ :param path: limits the cookie to a given path, per default it will
+ span the whole domain.
+ :param domain: Use this if you want to set a cross-domain cookie. For
+ example, ``domain=".example.com"`` will set a cookie
+ that is readable by the domain ``www.example.com``,
+ ``foo.example.com`` etc. Otherwise, a cookie will only
+ be readable by the domain that set it.
+ :param secure: The cookie will only be available via HTTPS
+ :param httponly: disallow JavaScript to access the cookie. This is an
+ extension to the cookie standard and probably not
+ supported by all browsers.
+ :param charset: the encoding for unicode values.
+ :param sync_expires: automatically set expires if max_age is defined
+ but expires not.
+ :param max_size: Warn if the final header value exceeds this size. The
+ default, 4093, should be safely `supported by most browsers
+ `_. Set to 0 to disable this check.
+ :param samesite: Limits the scope of the cookie such that it will only
+ be attached to requests if those requests are "same-site".
+
+ .. _`cookie`: http://browsercookielimits.squawky.net/
+ """
+ key = to_bytes(key, charset)
+ value = to_bytes(value, charset)
+
+ if path is not None:
+ path = iri_to_uri(path, charset)
+ domain = _make_cookie_domain(domain)
+ if isinstance(max_age, timedelta):
+ max_age = (max_age.days * 60 * 60 * 24) + max_age.seconds
+ if expires is not None:
+ if not isinstance(expires, string_types):
+ expires = cookie_date(expires)
+ elif max_age is not None and sync_expires:
+ expires = to_bytes(cookie_date(time() + max_age))
+
+ samesite = samesite.title() if samesite else None
+ if samesite not in ('Strict', 'Lax', None):
+ raise ValueError("invalid SameSite value; must be 'Strict', 'Lax' or None")
+
+ buf = [key + b'=' + _cookie_quote(value)]
+
+ # XXX: In theory all of these parameters that are not marked with `None`
+ # should be quoted. Because stdlib did not quote it before I did not
+ # want to introduce quoting there now.
+ for k, v, q in ((b'Domain', domain, True),
+ (b'Expires', expires, False,),
+ (b'Max-Age', max_age, False),
+ (b'Secure', secure, None),
+ (b'HttpOnly', httponly, None),
+ (b'Path', path, False),
+ (b'SameSite', samesite, False)):
+ if q is None:
+ if v:
+ buf.append(k)
+ continue
+
+ if v is None:
+ continue
+
+ tmp = bytearray(k)
+ if not isinstance(v, (bytes, bytearray)):
+ v = to_bytes(text_type(v), charset)
+ if q:
+ v = _cookie_quote(v)
+ tmp += b'=' + v
+ buf.append(bytes(tmp))
+
+ # The return value will be an incorrectly encoded latin1 header on
+ # Python 3 for consistency with the headers object and a bytestring
+ # on Python 2 because that's how the API makes more sense.
+ rv = b'; '.join(buf)
+ if not PY2:
+ rv = rv.decode('latin1')
+
+ # Warn if the final value of the cookie is less than the limit. If the
+ # cookie is too large, then it may be silently ignored, which can be quite
+ # hard to debug.
+ cookie_size = len(rv)
+
+ if max_size and cookie_size > max_size:
+ value_size = len(value)
+ warnings.warn(
+ 'The "{key}" cookie is too large: the value was {value_size} bytes'
+ ' but the header required {extra_size} extra bytes. The final size'
+ ' was {cookie_size} bytes but the limit is {max_size} bytes.'
+ ' Browsers may silently ignore cookies larger than this.'.format(
+ key=key,
+ value_size=value_size,
+ extra_size=cookie_size - value_size,
+ cookie_size=cookie_size,
+ max_size=max_size
+ ),
+ stacklevel=2
+ )
+
+ return rv
+
+
+def is_byte_range_valid(start, stop, length):
+ """Checks if a given byte content range is valid for the given length.
+
+ .. versionadded:: 0.7
+ """
+ if (start is None) != (stop is None):
+ return False
+ elif start is None:
+ return length is None or length >= 0
+ elif length is None:
+ return 0 <= start < stop
+ elif start >= stop:
+ return False
+ return 0 <= start < length
+
+
+# circular dependency fun
+from werkzeug.datastructures import Accept, HeaderSet, ETags, Authorization, \
+ WWWAuthenticate, TypeConversionDict, IfRange, Range, ContentRange, \
+ RequestCacheControl
+
+
+# DEPRECATED
+# backwards compatible imports
+from werkzeug.datastructures import ( # noqa
+ MIMEAccept, CharsetAccept, LanguageAccept, Headers
+)
+from werkzeug.urls import iri_to_uri
diff --git a/website/web/Lib/site-packages/werkzeug/local.py b/website/web/Lib/site-packages/werkzeug/local.py
new file mode 100644
index 000000000..e6d7478a0
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/local.py
@@ -0,0 +1,420 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.local
+ ~~~~~~~~~~~~~~
+
+ This module implements context-local objects.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import copy
+from functools import update_wrapper
+from werkzeug.wsgi import ClosingIterator
+from werkzeug._compat import PY2, implements_bool
+
+# since each thread has its own greenlet we can just use those as identifiers
+# for the context. If greenlets are not available we fall back to the
+# current thread ident depending on where it is.
+try:
+ from greenlet import getcurrent as get_ident
+except ImportError:
+ try:
+ from thread import get_ident
+ except ImportError:
+ from _thread import get_ident
+
+
+def release_local(local):
+ """Releases the contents of the local for the current context.
+ This makes it possible to use locals without a manager.
+
+ Example::
+
+ >>> loc = Local()
+ >>> loc.foo = 42
+ >>> release_local(loc)
+ >>> hasattr(loc, 'foo')
+ False
+
+ With this function one can release :class:`Local` objects as well
+ as :class:`LocalStack` objects. However it is not possible to
+ release data held by proxies that way, one always has to retain
+ a reference to the underlying local object in order to be able
+ to release it.
+
+ .. versionadded:: 0.6.1
+ """
+ local.__release_local__()
+
+
+class Local(object):
+ __slots__ = ('__storage__', '__ident_func__')
+
+ def __init__(self):
+ object.__setattr__(self, '__storage__', {})
+ object.__setattr__(self, '__ident_func__', get_ident)
+
+ def __iter__(self):
+ return iter(self.__storage__.items())
+
+ def __call__(self, proxy):
+ """Create a proxy for a name."""
+ return LocalProxy(self, proxy)
+
+ def __release_local__(self):
+ self.__storage__.pop(self.__ident_func__(), None)
+
+ def __getattr__(self, name):
+ try:
+ return self.__storage__[self.__ident_func__()][name]
+ except KeyError:
+ raise AttributeError(name)
+
+ def __setattr__(self, name, value):
+ ident = self.__ident_func__()
+ storage = self.__storage__
+ try:
+ storage[ident][name] = value
+ except KeyError:
+ storage[ident] = {name: value}
+
+ def __delattr__(self, name):
+ try:
+ del self.__storage__[self.__ident_func__()][name]
+ except KeyError:
+ raise AttributeError(name)
+
+
+class LocalStack(object):
+
+ """This class works similar to a :class:`Local` but keeps a stack
+ of objects instead. This is best explained with an example::
+
+ >>> ls = LocalStack()
+ >>> ls.push(42)
+ >>> ls.top
+ 42
+ >>> ls.push(23)
+ >>> ls.top
+ 23
+ >>> ls.pop()
+ 23
+ >>> ls.top
+ 42
+
+ They can be force released by using a :class:`LocalManager` or with
+ the :func:`release_local` function but the correct way is to pop the
+ item from the stack after using. When the stack is empty it will
+ no longer be bound to the current context (and as such released).
+
+ By calling the stack without arguments it returns a proxy that resolves to
+ the topmost item on the stack.
+
+ .. versionadded:: 0.6.1
+ """
+
+ def __init__(self):
+ self._local = Local()
+
+ def __release_local__(self):
+ self._local.__release_local__()
+
+ def _get__ident_func__(self):
+ return self._local.__ident_func__
+
+ def _set__ident_func__(self, value):
+ object.__setattr__(self._local, '__ident_func__', value)
+ __ident_func__ = property(_get__ident_func__, _set__ident_func__)
+ del _get__ident_func__, _set__ident_func__
+
+ def __call__(self):
+ def _lookup():
+ rv = self.top
+ if rv is None:
+ raise RuntimeError('object unbound')
+ return rv
+ return LocalProxy(_lookup)
+
+ def push(self, obj):
+ """Pushes a new item to the stack"""
+ rv = getattr(self._local, 'stack', None)
+ if rv is None:
+ self._local.stack = rv = []
+ rv.append(obj)
+ return rv
+
+ def pop(self):
+ """Removes the topmost item from the stack, will return the
+ old value or `None` if the stack was already empty.
+ """
+ stack = getattr(self._local, 'stack', None)
+ if stack is None:
+ return None
+ elif len(stack) == 1:
+ release_local(self._local)
+ return stack[-1]
+ else:
+ return stack.pop()
+
+ @property
+ def top(self):
+ """The topmost item on the stack. If the stack is empty,
+ `None` is returned.
+ """
+ try:
+ return self._local.stack[-1]
+ except (AttributeError, IndexError):
+ return None
+
+
+class LocalManager(object):
+
+ """Local objects cannot manage themselves. For that you need a local
+ manager. You can pass a local manager multiple locals or add them later
+ by appending them to `manager.locals`. Every time the manager cleans up,
+ it will clean up all the data left in the locals for this context.
+
+ The `ident_func` parameter can be added to override the default ident
+ function for the wrapped locals.
+
+ .. versionchanged:: 0.6.1
+ Instead of a manager the :func:`release_local` function can be used
+ as well.
+
+ .. versionchanged:: 0.7
+ `ident_func` was added.
+ """
+
+ def __init__(self, locals=None, ident_func=None):
+ if locals is None:
+ self.locals = []
+ elif isinstance(locals, Local):
+ self.locals = [locals]
+ else:
+ self.locals = list(locals)
+ if ident_func is not None:
+ self.ident_func = ident_func
+ for local in self.locals:
+ object.__setattr__(local, '__ident_func__', ident_func)
+ else:
+ self.ident_func = get_ident
+
+ def get_ident(self):
+ """Return the context identifier the local objects use internally for
+ this context. You cannot override this method to change the behavior
+ but use it to link other context local objects (such as SQLAlchemy's
+ scoped sessions) to the Werkzeug locals.
+
+ .. versionchanged:: 0.7
+ You can pass a different ident function to the local manager that
+ will then be propagated to all the locals passed to the
+ constructor.
+ """
+ return self.ident_func()
+
+ def cleanup(self):
+ """Manually clean up the data in the locals for this context. Call
+ this at the end of the request or use `make_middleware()`.
+ """
+ for local in self.locals:
+ release_local(local)
+
+ def make_middleware(self, app):
+ """Wrap a WSGI application so that cleaning up happens after
+ request end.
+ """
+ def application(environ, start_response):
+ return ClosingIterator(app(environ, start_response), self.cleanup)
+ return application
+
+ def middleware(self, func):
+ """Like `make_middleware` but for decorating functions.
+
+ Example usage::
+
+ @manager.middleware
+ def application(environ, start_response):
+ ...
+
+ The difference to `make_middleware` is that the function passed
+ will have all the arguments copied from the inner application
+ (name, docstring, module).
+ """
+ return update_wrapper(self.make_middleware(func), func)
+
+ def __repr__(self):
+ return '<%s storages: %d>' % (
+ self.__class__.__name__,
+ len(self.locals)
+ )
+
+
+@implements_bool
+class LocalProxy(object):
+
+ """Acts as a proxy for a werkzeug local. Forwards all operations to
+ a proxied object. The only operations not supported for forwarding
+ are right handed operands and any kind of assignment.
+
+ Example usage::
+
+ from werkzeug.local import Local
+ l = Local()
+
+ # these are proxies
+ request = l('request')
+ user = l('user')
+
+
+ from werkzeug.local import LocalStack
+ _response_local = LocalStack()
+
+ # this is a proxy
+ response = _response_local()
+
+ Whenever something is bound to l.user / l.request the proxy objects
+ will forward all operations. If no object is bound a :exc:`RuntimeError`
+ will be raised.
+
+ To create proxies to :class:`Local` or :class:`LocalStack` objects,
+ call the object as shown above. If you want to have a proxy to an
+ object looked up by a function, you can (as of Werkzeug 0.6.1) pass
+ a function to the :class:`LocalProxy` constructor::
+
+ session = LocalProxy(lambda: get_current_request().session)
+
+ .. versionchanged:: 0.6.1
+ The class can be instantiated with a callable as well now.
+ """
+ __slots__ = ('__local', '__dict__', '__name__', '__wrapped__')
+
+ def __init__(self, local, name=None):
+ object.__setattr__(self, '_LocalProxy__local', local)
+ object.__setattr__(self, '__name__', name)
+ if callable(local) and not hasattr(local, '__release_local__'):
+ # "local" is a callable that is not an instance of Local or
+ # LocalManager: mark it as a wrapped function.
+ object.__setattr__(self, '__wrapped__', local)
+
+ def _get_current_object(self):
+ """Return the current object. This is useful if you want the real
+ object behind the proxy at a time for performance reasons or because
+ you want to pass the object into a different context.
+ """
+ if not hasattr(self.__local, '__release_local__'):
+ return self.__local()
+ try:
+ return getattr(self.__local, self.__name__)
+ except AttributeError:
+ raise RuntimeError('no object bound to %s' % self.__name__)
+
+ @property
+ def __dict__(self):
+ try:
+ return self._get_current_object().__dict__
+ except RuntimeError:
+ raise AttributeError('__dict__')
+
+ def __repr__(self):
+ try:
+ obj = self._get_current_object()
+ except RuntimeError:
+ return '<%s unbound>' % self.__class__.__name__
+ return repr(obj)
+
+ def __bool__(self):
+ try:
+ return bool(self._get_current_object())
+ except RuntimeError:
+ return False
+
+ def __unicode__(self):
+ try:
+ return unicode(self._get_current_object()) # noqa
+ except RuntimeError:
+ return repr(self)
+
+ def __dir__(self):
+ try:
+ return dir(self._get_current_object())
+ except RuntimeError:
+ return []
+
+ def __getattr__(self, name):
+ if name == '__members__':
+ return dir(self._get_current_object())
+ return getattr(self._get_current_object(), name)
+
+ def __setitem__(self, key, value):
+ self._get_current_object()[key] = value
+
+ def __delitem__(self, key):
+ del self._get_current_object()[key]
+
+ if PY2:
+ __getslice__ = lambda x, i, j: x._get_current_object()[i:j]
+
+ def __setslice__(self, i, j, seq):
+ self._get_current_object()[i:j] = seq
+
+ def __delslice__(self, i, j):
+ del self._get_current_object()[i:j]
+
+ __setattr__ = lambda x, n, v: setattr(x._get_current_object(), n, v)
+ __delattr__ = lambda x, n: delattr(x._get_current_object(), n)
+ __str__ = lambda x: str(x._get_current_object())
+ __lt__ = lambda x, o: x._get_current_object() < o
+ __le__ = lambda x, o: x._get_current_object() <= o
+ __eq__ = lambda x, o: x._get_current_object() == o
+ __ne__ = lambda x, o: x._get_current_object() != o
+ __gt__ = lambda x, o: x._get_current_object() > o
+ __ge__ = lambda x, o: x._get_current_object() >= o
+ __cmp__ = lambda x, o: cmp(x._get_current_object(), o) # noqa
+ __hash__ = lambda x: hash(x._get_current_object())
+ __call__ = lambda x, *a, **kw: x._get_current_object()(*a, **kw)
+ __len__ = lambda x: len(x._get_current_object())
+ __getitem__ = lambda x, i: x._get_current_object()[i]
+ __iter__ = lambda x: iter(x._get_current_object())
+ __contains__ = lambda x, i: i in x._get_current_object()
+ __add__ = lambda x, o: x._get_current_object() + o
+ __sub__ = lambda x, o: x._get_current_object() - o
+ __mul__ = lambda x, o: x._get_current_object() * o
+ __floordiv__ = lambda x, o: x._get_current_object() // o
+ __mod__ = lambda x, o: x._get_current_object() % o
+ __divmod__ = lambda x, o: x._get_current_object().__divmod__(o)
+ __pow__ = lambda x, o: x._get_current_object() ** o
+ __lshift__ = lambda x, o: x._get_current_object() << o
+ __rshift__ = lambda x, o: x._get_current_object() >> o
+ __and__ = lambda x, o: x._get_current_object() & o
+ __xor__ = lambda x, o: x._get_current_object() ^ o
+ __or__ = lambda x, o: x._get_current_object() | o
+ __div__ = lambda x, o: x._get_current_object().__div__(o)
+ __truediv__ = lambda x, o: x._get_current_object().__truediv__(o)
+ __neg__ = lambda x: -(x._get_current_object())
+ __pos__ = lambda x: +(x._get_current_object())
+ __abs__ = lambda x: abs(x._get_current_object())
+ __invert__ = lambda x: ~(x._get_current_object())
+ __complex__ = lambda x: complex(x._get_current_object())
+ __int__ = lambda x: int(x._get_current_object())
+ __long__ = lambda x: long(x._get_current_object()) # noqa
+ __float__ = lambda x: float(x._get_current_object())
+ __oct__ = lambda x: oct(x._get_current_object())
+ __hex__ = lambda x: hex(x._get_current_object())
+ __index__ = lambda x: x._get_current_object().__index__()
+ __coerce__ = lambda x, o: x._get_current_object().__coerce__(x, o)
+ __enter__ = lambda x: x._get_current_object().__enter__()
+ __exit__ = lambda x, *a, **kw: x._get_current_object().__exit__(*a, **kw)
+ __radd__ = lambda x, o: o + x._get_current_object()
+ __rsub__ = lambda x, o: o - x._get_current_object()
+ __rmul__ = lambda x, o: o * x._get_current_object()
+ __rdiv__ = lambda x, o: o / x._get_current_object()
+ if PY2:
+ __rtruediv__ = lambda x, o: x._get_current_object().__rtruediv__(o)
+ else:
+ __rtruediv__ = __rdiv__
+ __rfloordiv__ = lambda x, o: o // x._get_current_object()
+ __rmod__ = lambda x, o: o % x._get_current_object()
+ __rdivmod__ = lambda x, o: x._get_current_object().__rdivmod__(o)
+ __copy__ = lambda x: copy.copy(x._get_current_object())
+ __deepcopy__ = lambda x, memo: copy.deepcopy(x._get_current_object(), memo)
diff --git a/website/web/Lib/site-packages/werkzeug/posixemulation.py b/website/web/Lib/site-packages/werkzeug/posixemulation.py
new file mode 100644
index 000000000..8fd6314f2
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/posixemulation.py
@@ -0,0 +1,106 @@
+# -*- coding: utf-8 -*-
+r"""
+ werkzeug.posixemulation
+ ~~~~~~~~~~~~~~~~~~~~~~~
+
+ Provides a POSIX emulation for some features that are relevant to
+ web applications. The main purpose is to simplify support for
+ systems such as Windows NT that are not 100% POSIX compatible.
+
+ Currently this only implements a :func:`rename` function that
+ follows POSIX semantics. Eg: if the target file already exists it
+ will be replaced without asking.
+
+ This module was introduced in 0.6.1 and is not a public interface.
+ It might become one in later versions of Werkzeug.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import sys
+import os
+import errno
+import time
+import random
+
+from ._compat import to_unicode
+from .filesystem import get_filesystem_encoding
+
+
+can_rename_open_file = False
+if os.name == 'nt': # pragma: no cover
+ _rename = lambda src, dst: False
+ _rename_atomic = lambda src, dst: False
+
+ try:
+ import ctypes
+
+ _MOVEFILE_REPLACE_EXISTING = 0x1
+ _MOVEFILE_WRITE_THROUGH = 0x8
+ _MoveFileEx = ctypes.windll.kernel32.MoveFileExW
+
+ def _rename(src, dst):
+ src = to_unicode(src, get_filesystem_encoding())
+ dst = to_unicode(dst, get_filesystem_encoding())
+ if _rename_atomic(src, dst):
+ return True
+ retry = 0
+ rv = False
+ while not rv and retry < 100:
+ rv = _MoveFileEx(src, dst, _MOVEFILE_REPLACE_EXISTING |
+ _MOVEFILE_WRITE_THROUGH)
+ if not rv:
+ time.sleep(0.001)
+ retry += 1
+ return rv
+
+ # new in Vista and Windows Server 2008
+ _CreateTransaction = ctypes.windll.ktmw32.CreateTransaction
+ _CommitTransaction = ctypes.windll.ktmw32.CommitTransaction
+ _MoveFileTransacted = ctypes.windll.kernel32.MoveFileTransactedW
+ _CloseHandle = ctypes.windll.kernel32.CloseHandle
+ can_rename_open_file = True
+
+ def _rename_atomic(src, dst):
+ ta = _CreateTransaction(None, 0, 0, 0, 0, 1000, 'Werkzeug rename')
+ if ta == -1:
+ return False
+ try:
+ retry = 0
+ rv = False
+ while not rv and retry < 100:
+ rv = _MoveFileTransacted(src, dst, None, None,
+ _MOVEFILE_REPLACE_EXISTING |
+ _MOVEFILE_WRITE_THROUGH, ta)
+ if rv:
+ rv = _CommitTransaction(ta)
+ break
+ else:
+ time.sleep(0.001)
+ retry += 1
+ return rv
+ finally:
+ _CloseHandle(ta)
+ except Exception:
+ pass
+
+ def rename(src, dst):
+ # Try atomic or pseudo-atomic rename
+ if _rename(src, dst):
+ return
+ # Fall back to "move away and replace"
+ try:
+ os.rename(src, dst)
+ except OSError as e:
+ if e.errno != errno.EEXIST:
+ raise
+ old = "%s-%08x" % (dst, random.randint(0, sys.maxint))
+ os.rename(dst, old)
+ os.rename(src, dst)
+ try:
+ os.unlink(old)
+ except Exception:
+ pass
+else:
+ rename = os.rename
+ can_rename_open_file = True
diff --git a/website/web/Lib/site-packages/werkzeug/routing.py b/website/web/Lib/site-packages/werkzeug/routing.py
new file mode 100644
index 000000000..2e4e2f42c
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/routing.py
@@ -0,0 +1,1792 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.routing
+ ~~~~~~~~~~~~~~~~
+
+ When it comes to combining multiple controller or view functions (however
+ you want to call them) you need a dispatcher. A simple way would be
+ applying regular expression tests on the ``PATH_INFO`` and calling
+ registered callback functions that return the value then.
+
+ This module implements a much more powerful system than simple regular
+ expression matching because it can also convert values in the URLs and
+ build URLs.
+
+ Here a simple example that creates an URL map for an application with
+ two subdomains (www and kb) and some URL rules:
+
+ >>> m = Map([
+ ... # Static URLs
+ ... Rule('/', endpoint='static/index'),
+ ... Rule('/about', endpoint='static/about'),
+ ... Rule('/help', endpoint='static/help'),
+ ... # Knowledge Base
+ ... Subdomain('kb', [
+ ... Rule('/', endpoint='kb/index'),
+ ... Rule('/browse/', endpoint='kb/browse'),
+ ... Rule('/browse//', endpoint='kb/browse'),
+ ... Rule('/browse//', endpoint='kb/browse')
+ ... ])
+ ... ], default_subdomain='www')
+
+ If the application doesn't use subdomains it's perfectly fine to not set
+ the default subdomain and not use the `Subdomain` rule factory. The endpoint
+ in the rules can be anything, for example import paths or unique
+ identifiers. The WSGI application can use those endpoints to get the
+ handler for that URL. It doesn't have to be a string at all but it's
+ recommended.
+
+ Now it's possible to create a URL adapter for one of the subdomains and
+ build URLs:
+
+ >>> c = m.bind('example.com')
+ >>> c.build("kb/browse", dict(id=42))
+ 'http://kb.example.com/browse/42/'
+ >>> c.build("kb/browse", dict())
+ 'http://kb.example.com/browse/'
+ >>> c.build("kb/browse", dict(id=42, page=3))
+ 'http://kb.example.com/browse/42/3'
+ >>> c.build("static/about")
+ '/about'
+ >>> c.build("static/index", force_external=True)
+ 'http://www.example.com/'
+
+ >>> c = m.bind('example.com', subdomain='kb')
+ >>> c.build("static/about")
+ 'http://www.example.com/about'
+
+ The first argument to bind is the server name *without* the subdomain.
+ Per default it will assume that the script is mounted on the root, but
+ often that's not the case so you can provide the real mount point as
+ second argument:
+
+ >>> c = m.bind('example.com', '/applications/example')
+
+ The third argument can be the subdomain, if not given the default
+ subdomain is used. For more details about binding have a look at the
+ documentation of the `MapAdapter`.
+
+ And here is how you can match URLs:
+
+ >>> c = m.bind('example.com')
+ >>> c.match("/")
+ ('static/index', {})
+ >>> c.match("/about")
+ ('static/about', {})
+ >>> c = m.bind('example.com', '/', 'kb')
+ >>> c.match("/")
+ ('kb/index', {})
+ >>> c.match("/browse/42/23")
+ ('kb/browse', {'id': 42, 'page': 23})
+
+ If matching fails you get a `NotFound` exception, if the rule thinks
+ it's a good idea to redirect (for example because the URL was defined
+ to have a slash at the end but the request was missing that slash) it
+ will raise a `RequestRedirect` exception. Both are subclasses of the
+ `HTTPException` so you can use those errors as responses in the
+ application.
+
+ If matching succeeded but the URL rule was incompatible to the given
+ method (for example there were only rules for `GET` and `HEAD` and
+ routing system tried to match a `POST` request) a `MethodNotAllowed`
+ exception is raised.
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import difflib
+import re
+import uuid
+import posixpath
+
+from pprint import pformat
+from threading import Lock
+
+from werkzeug.urls import url_encode, url_quote, url_join
+from werkzeug.utils import redirect, format_string
+from werkzeug.exceptions import HTTPException, NotFound, MethodNotAllowed, \
+ BadHost
+from werkzeug._internal import _get_environ, _encode_idna
+from werkzeug._compat import itervalues, iteritems, to_unicode, to_bytes, \
+ text_type, string_types, native_string_result, \
+ implements_to_string, wsgi_decoding_dance
+from werkzeug.datastructures import ImmutableDict, MultiDict
+from werkzeug.utils import cached_property
+
+
+_rule_re = re.compile(r'''
+ (?P[^<]*) # static rule data
+ <
+ (?:
+ (?P[a-zA-Z_][a-zA-Z0-9_]*) # converter name
+ (?:\((?P.*?)\))? # converter arguments
+ \: # variable delimiter
+ )?
+ (?P[a-zA-Z_][a-zA-Z0-9_]*) # variable name
+ >
+''', re.VERBOSE)
+_simple_rule_re = re.compile(r'<([^>]+)>')
+_converter_args_re = re.compile(r'''
+ ((?P\w+)\s*=\s*)?
+ (?P
+ True|False|
+ \d+.\d+|
+ \d+.|
+ \d+|
+ [\w\d_.]+|
+ [urUR]?(?P"[^"]*?"|'[^']*')
+ )\s*,
+''', re.VERBOSE | re.UNICODE)
+
+
+_PYTHON_CONSTANTS = {
+ 'None': None,
+ 'True': True,
+ 'False': False
+}
+
+
+def _pythonize(value):
+ if value in _PYTHON_CONSTANTS:
+ return _PYTHON_CONSTANTS[value]
+ for convert in int, float:
+ try:
+ return convert(value)
+ except ValueError:
+ pass
+ if value[:1] == value[-1:] and value[0] in '"\'':
+ value = value[1:-1]
+ return text_type(value)
+
+
+def parse_converter_args(argstr):
+ argstr += ','
+ args = []
+ kwargs = {}
+
+ for item in _converter_args_re.finditer(argstr):
+ value = item.group('stringval')
+ if value is None:
+ value = item.group('value')
+ value = _pythonize(value)
+ if not item.group('name'):
+ args.append(value)
+ else:
+ name = item.group('name')
+ kwargs[name] = value
+
+ return tuple(args), kwargs
+
+
+def parse_rule(rule):
+ """Parse a rule and return it as generator. Each iteration yields tuples
+ in the form ``(converter, arguments, variable)``. If the converter is
+ `None` it's a static url part, otherwise it's a dynamic one.
+
+ :internal:
+ """
+ pos = 0
+ end = len(rule)
+ do_match = _rule_re.match
+ used_names = set()
+ while pos < end:
+ m = do_match(rule, pos)
+ if m is None:
+ break
+ data = m.groupdict()
+ if data['static']:
+ yield None, None, data['static']
+ variable = data['variable']
+ converter = data['converter'] or 'default'
+ if variable in used_names:
+ raise ValueError('variable name %r used twice.' % variable)
+ used_names.add(variable)
+ yield converter, data['args'] or None, variable
+ pos = m.end()
+ if pos < end:
+ remaining = rule[pos:]
+ if '>' in remaining or '<' in remaining:
+ raise ValueError('malformed url rule: %r' % rule)
+ yield None, None, remaining
+
+
+class RoutingException(Exception):
+
+ """Special exceptions that require the application to redirect, notifying
+ about missing urls, etc.
+
+ :internal:
+ """
+
+
+class RequestRedirect(HTTPException, RoutingException):
+
+ """Raise if the map requests a redirect. This is for example the case if
+ `strict_slashes` are activated and an url that requires a trailing slash.
+
+ The attribute `new_url` contains the absolute destination url.
+ """
+ code = 301
+
+ def __init__(self, new_url):
+ RoutingException.__init__(self, new_url)
+ self.new_url = new_url
+
+ def get_response(self, environ):
+ return redirect(self.new_url, self.code)
+
+
+class RequestSlash(RoutingException):
+
+ """Internal exception."""
+
+
+class RequestAliasRedirect(RoutingException):
+
+ """This rule is an alias and wants to redirect to the canonical URL."""
+
+ def __init__(self, matched_values):
+ self.matched_values = matched_values
+
+
+@implements_to_string
+class BuildError(RoutingException, LookupError):
+
+ """Raised if the build system cannot find a URL for an endpoint with the
+ values provided.
+ """
+
+ def __init__(self, endpoint, values, method, adapter=None):
+ LookupError.__init__(self, endpoint, values, method)
+ self.endpoint = endpoint
+ self.values = values
+ self.method = method
+ self.adapter = adapter
+
+ @cached_property
+ def suggested(self):
+ return self.closest_rule(self.adapter)
+
+ def closest_rule(self, adapter):
+ def _score_rule(rule):
+ return sum([
+ 0.98 * difflib.SequenceMatcher(
+ None, rule.endpoint, self.endpoint
+ ).ratio(),
+ 0.01 * bool(set(self.values or ()).issubset(rule.arguments)),
+ 0.01 * bool(rule.methods and self.method in rule.methods)
+ ])
+
+ if adapter and adapter.map._rules:
+ return max(adapter.map._rules, key=_score_rule)
+
+ def __str__(self):
+ message = []
+ message.append('Could not build url for endpoint %r' % self.endpoint)
+ if self.method:
+ message.append(' (%r)' % self.method)
+ if self.values:
+ message.append(' with values %r' % sorted(self.values.keys()))
+ message.append('.')
+ if self.suggested:
+ if self.endpoint == self.suggested.endpoint:
+ if self.method and self.method not in self.suggested.methods:
+ message.append(' Did you mean to use methods %r?' % sorted(
+ self.suggested.methods
+ ))
+ missing_values = self.suggested.arguments.union(
+ set(self.suggested.defaults or ())
+ ) - set(self.values.keys())
+ if missing_values:
+ message.append(
+ ' Did you forget to specify values %r?' %
+ sorted(missing_values)
+ )
+ else:
+ message.append(
+ ' Did you mean %r instead?' % self.suggested.endpoint
+ )
+ return u''.join(message)
+
+
+class ValidationError(ValueError):
+
+ """Validation error. If a rule converter raises this exception the rule
+ does not match the current URL and the next URL is tried.
+ """
+
+
+class RuleFactory(object):
+
+ """As soon as you have more complex URL setups it's a good idea to use rule
+ factories to avoid repetitive tasks. Some of them are builtin, others can
+ be added by subclassing `RuleFactory` and overriding `get_rules`.
+ """
+
+ def get_rules(self, map):
+ """Subclasses of `RuleFactory` have to override this method and return
+ an iterable of rules."""
+ raise NotImplementedError()
+
+
+class Subdomain(RuleFactory):
+
+ """All URLs provided by this factory have the subdomain set to a
+ specific domain. For example if you want to use the subdomain for
+ the current language this can be a good setup::
+
+ url_map = Map([
+ Rule('/', endpoint='#select_language'),
+ Subdomain('', [
+ Rule('/', endpoint='index'),
+ Rule('/about', endpoint='about'),
+ Rule('/help', endpoint='help')
+ ])
+ ])
+
+ All the rules except for the ``'#select_language'`` endpoint will now
+ listen on a two letter long subdomain that holds the language code
+ for the current request.
+ """
+
+ def __init__(self, subdomain, rules):
+ self.subdomain = subdomain
+ self.rules = rules
+
+ def get_rules(self, map):
+ for rulefactory in self.rules:
+ for rule in rulefactory.get_rules(map):
+ rule = rule.empty()
+ rule.subdomain = self.subdomain
+ yield rule
+
+
+class Submount(RuleFactory):
+
+ """Like `Subdomain` but prefixes the URL rule with a given string::
+
+ url_map = Map([
+ Rule('/', endpoint='index'),
+ Submount('/blog', [
+ Rule('/', endpoint='blog/index'),
+ Rule('/entry/', endpoint='blog/show')
+ ])
+ ])
+
+ Now the rule ``'blog/show'`` matches ``/blog/entry/``.
+ """
+
+ def __init__(self, path, rules):
+ self.path = path.rstrip('/')
+ self.rules = rules
+
+ def get_rules(self, map):
+ for rulefactory in self.rules:
+ for rule in rulefactory.get_rules(map):
+ rule = rule.empty()
+ rule.rule = self.path + rule.rule
+ yield rule
+
+
+class EndpointPrefix(RuleFactory):
+
+ """Prefixes all endpoints (which must be strings for this factory) with
+ another string. This can be useful for sub applications::
+
+ url_map = Map([
+ Rule('/', endpoint='index'),
+ EndpointPrefix('blog/', [Submount('/blog', [
+ Rule('/', endpoint='index'),
+ Rule('/entry/', endpoint='show')
+ ])])
+ ])
+ """
+
+ def __init__(self, prefix, rules):
+ self.prefix = prefix
+ self.rules = rules
+
+ def get_rules(self, map):
+ for rulefactory in self.rules:
+ for rule in rulefactory.get_rules(map):
+ rule = rule.empty()
+ rule.endpoint = self.prefix + rule.endpoint
+ yield rule
+
+
+class RuleTemplate(object):
+
+ """Returns copies of the rules wrapped and expands string templates in
+ the endpoint, rule, defaults or subdomain sections.
+
+ Here a small example for such a rule template::
+
+ from werkzeug.routing import Map, Rule, RuleTemplate
+
+ resource = RuleTemplate([
+ Rule('/$name/', endpoint='$name.list'),
+ Rule('/$name/', endpoint='$name.show')
+ ])
+
+ url_map = Map([resource(name='user'), resource(name='page')])
+
+ When a rule template is called the keyword arguments are used to
+ replace the placeholders in all the string parameters.
+ """
+
+ def __init__(self, rules):
+ self.rules = list(rules)
+
+ def __call__(self, *args, **kwargs):
+ return RuleTemplateFactory(self.rules, dict(*args, **kwargs))
+
+
+class RuleTemplateFactory(RuleFactory):
+
+ """A factory that fills in template variables into rules. Used by
+ `RuleTemplate` internally.
+
+ :internal:
+ """
+
+ def __init__(self, rules, context):
+ self.rules = rules
+ self.context = context
+
+ def get_rules(self, map):
+ for rulefactory in self.rules:
+ for rule in rulefactory.get_rules(map):
+ new_defaults = subdomain = None
+ if rule.defaults:
+ new_defaults = {}
+ for key, value in iteritems(rule.defaults):
+ if isinstance(value, string_types):
+ value = format_string(value, self.context)
+ new_defaults[key] = value
+ if rule.subdomain is not None:
+ subdomain = format_string(rule.subdomain, self.context)
+ new_endpoint = rule.endpoint
+ if isinstance(new_endpoint, string_types):
+ new_endpoint = format_string(new_endpoint, self.context)
+ yield Rule(
+ format_string(rule.rule, self.context),
+ new_defaults,
+ subdomain,
+ rule.methods,
+ rule.build_only,
+ new_endpoint,
+ rule.strict_slashes
+ )
+
+
+@implements_to_string
+class Rule(RuleFactory):
+
+ """A Rule represents one URL pattern. There are some options for `Rule`
+ that change the way it behaves and are passed to the `Rule` constructor.
+ Note that besides the rule-string all arguments *must* be keyword arguments
+ in order to not break the application on Werkzeug upgrades.
+
+ `string`
+ Rule strings basically are just normal URL paths with placeholders in
+ the format ```` where the converter and the
+ arguments are optional. If no converter is defined the `default`
+ converter is used which means `string` in the normal configuration.
+
+ URL rules that end with a slash are branch URLs, others are leaves.
+ If you have `strict_slashes` enabled (which is the default), all
+ branch URLs that are matched without a trailing slash will trigger a
+ redirect to the same URL with the missing slash appended.
+
+ The converters are defined on the `Map`.
+
+ `endpoint`
+ The endpoint for this rule. This can be anything. A reference to a
+ function, a string, a number etc. The preferred way is using a string
+ because the endpoint is used for URL generation.
+
+ `defaults`
+ An optional dict with defaults for other rules with the same endpoint.
+ This is a bit tricky but useful if you want to have unique URLs::
+
+ url_map = Map([
+ Rule('/all/', defaults={'page': 1}, endpoint='all_entries'),
+ Rule('/all/page/', endpoint='all_entries')
+ ])
+
+ If a user now visits ``http://example.com/all/page/1`` he will be
+ redirected to ``http://example.com/all/``. If `redirect_defaults` is
+ disabled on the `Map` instance this will only affect the URL
+ generation.
+
+ `subdomain`
+ The subdomain rule string for this rule. If not specified the rule
+ only matches for the `default_subdomain` of the map. If the map is
+ not bound to a subdomain this feature is disabled.
+
+ Can be useful if you want to have user profiles on different subdomains
+ and all subdomains are forwarded to your application::
+
+ url_map = Map([
+ Rule('/', subdomain='', endpoint='user/homepage'),
+ Rule('/stats', subdomain='', endpoint='user/stats')
+ ])
+
+ `methods`
+ A sequence of http methods this rule applies to. If not specified, all
+ methods are allowed. For example this can be useful if you want different
+ endpoints for `POST` and `GET`. If methods are defined and the path
+ matches but the method matched against is not in this list or in the
+ list of another rule for that path the error raised is of the type
+ `MethodNotAllowed` rather than `NotFound`. If `GET` is present in the
+ list of methods and `HEAD` is not, `HEAD` is added automatically.
+
+ .. versionchanged:: 0.6.1
+ `HEAD` is now automatically added to the methods if `GET` is
+ present. The reason for this is that existing code often did not
+ work properly in servers not rewriting `HEAD` to `GET`
+ automatically and it was not documented how `HEAD` should be
+ treated. This was considered a bug in Werkzeug because of that.
+
+ `strict_slashes`
+ Override the `Map` setting for `strict_slashes` only for this rule. If
+ not specified the `Map` setting is used.
+
+ `build_only`
+ Set this to True and the rule will never match but will create a URL
+ that can be build. This is useful if you have resources on a subdomain
+ or folder that are not handled by the WSGI application (like static data)
+
+ `redirect_to`
+ If given this must be either a string or callable. In case of a
+ callable it's called with the url adapter that triggered the match and
+ the values of the URL as keyword arguments and has to return the target
+ for the redirect, otherwise it has to be a string with placeholders in
+ rule syntax::
+
+ def foo_with_slug(adapter, id):
+ # ask the database for the slug for the old id. this of
+ # course has nothing to do with werkzeug.
+ return 'foo/' + Foo.get_slug_for_id(id)
+
+ url_map = Map([
+ Rule('/foo/', endpoint='foo'),
+ Rule('/some/old/url/', redirect_to='foo/'),
+ Rule('/other/old/url/', redirect_to=foo_with_slug)
+ ])
+
+ When the rule is matched the routing system will raise a
+ `RequestRedirect` exception with the target for the redirect.
+
+ Keep in mind that the URL will be joined against the URL root of the
+ script so don't use a leading slash on the target URL unless you
+ really mean root of that domain.
+
+ `alias`
+ If enabled this rule serves as an alias for another rule with the same
+ endpoint and arguments.
+
+ `host`
+ If provided and the URL map has host matching enabled this can be
+ used to provide a match rule for the whole host. This also means
+ that the subdomain feature is disabled.
+
+ .. versionadded:: 0.7
+ The `alias` and `host` parameters were added.
+ """
+
+ def __init__(self, string, defaults=None, subdomain=None, methods=None,
+ build_only=False, endpoint=None, strict_slashes=None,
+ redirect_to=None, alias=False, host=None):
+ if not string.startswith('/'):
+ raise ValueError('urls must start with a leading slash')
+ self.rule = string
+ self.is_leaf = not string.endswith('/')
+
+ self.map = None
+ self.strict_slashes = strict_slashes
+ self.subdomain = subdomain
+ self.host = host
+ self.defaults = defaults
+ self.build_only = build_only
+ self.alias = alias
+ if methods is None:
+ self.methods = None
+ else:
+ if isinstance(methods, str):
+ raise TypeError('param `methods` should be `Iterable[str]`, not `str`')
+ self.methods = set([x.upper() for x in methods])
+ if 'HEAD' not in self.methods and 'GET' in self.methods:
+ self.methods.add('HEAD')
+ self.endpoint = endpoint
+ self.redirect_to = redirect_to
+
+ if defaults:
+ self.arguments = set(map(str, defaults))
+ else:
+ self.arguments = set()
+ self._trace = self._converters = self._regex = self._argument_weights = None
+
+ def empty(self):
+ """
+ Return an unbound copy of this rule.
+
+ This can be useful if want to reuse an already bound URL for another
+ map. See ``get_empty_kwargs`` to override what keyword arguments are
+ provided to the new copy.
+ """
+ return type(self)(self.rule, **self.get_empty_kwargs())
+
+ def get_empty_kwargs(self):
+ """
+ Provides kwargs for instantiating empty copy with empty()
+
+ Use this method to provide custom keyword arguments to the subclass of
+ ``Rule`` when calling ``some_rule.empty()``. Helpful when the subclass
+ has custom keyword arguments that are needed at instantiation.
+
+ Must return a ``dict`` that will be provided as kwargs to the new
+ instance of ``Rule``, following the initial ``self.rule`` value which
+ is always provided as the first, required positional argument.
+ """
+ defaults = None
+ if self.defaults:
+ defaults = dict(self.defaults)
+ return dict(defaults=defaults, subdomain=self.subdomain,
+ methods=self.methods, build_only=self.build_only,
+ endpoint=self.endpoint, strict_slashes=self.strict_slashes,
+ redirect_to=self.redirect_to, alias=self.alias,
+ host=self.host)
+
+ def get_rules(self, map):
+ yield self
+
+ def refresh(self):
+ """Rebinds and refreshes the URL. Call this if you modified the
+ rule in place.
+
+ :internal:
+ """
+ self.bind(self.map, rebind=True)
+
+ def bind(self, map, rebind=False):
+ """Bind the url to a map and create a regular expression based on
+ the information from the rule itself and the defaults from the map.
+
+ :internal:
+ """
+ if self.map is not None and not rebind:
+ raise RuntimeError('url rule %r already bound to map %r' %
+ (self, self.map))
+ self.map = map
+ if self.strict_slashes is None:
+ self.strict_slashes = map.strict_slashes
+ if self.subdomain is None:
+ self.subdomain = map.default_subdomain
+ self.compile()
+
+ def get_converter(self, variable_name, converter_name, args, kwargs):
+ """Looks up the converter for the given parameter.
+
+ .. versionadded:: 0.9
+ """
+ if converter_name not in self.map.converters:
+ raise LookupError('the converter %r does not exist' % converter_name)
+ return self.map.converters[converter_name](self.map, *args, **kwargs)
+
+ def compile(self):
+ """Compiles the regular expression and stores it."""
+ assert self.map is not None, 'rule not bound'
+
+ if self.map.host_matching:
+ domain_rule = self.host or ''
+ else:
+ domain_rule = self.subdomain or ''
+
+ self._trace = []
+ self._converters = {}
+ self._static_weights = []
+ self._argument_weights = []
+ regex_parts = []
+
+ def _build_regex(rule):
+ index = 0
+ for converter, arguments, variable in parse_rule(rule):
+ if converter is None:
+ regex_parts.append(re.escape(variable))
+ self._trace.append((False, variable))
+ for part in variable.split('/'):
+ if part:
+ self._static_weights.append((index, -len(part)))
+ else:
+ if arguments:
+ c_args, c_kwargs = parse_converter_args(arguments)
+ else:
+ c_args = ()
+ c_kwargs = {}
+ convobj = self.get_converter(
+ variable, converter, c_args, c_kwargs)
+ regex_parts.append('(?P<%s>%s)' % (variable, convobj.regex))
+ self._converters[variable] = convobj
+ self._trace.append((True, variable))
+ self._argument_weights.append(convobj.weight)
+ self.arguments.add(str(variable))
+ index = index + 1
+
+ _build_regex(domain_rule)
+ regex_parts.append('\\|')
+ self._trace.append((False, '|'))
+ _build_regex(self.is_leaf and self.rule or self.rule.rstrip('/'))
+ if not self.is_leaf:
+ self._trace.append((False, '/'))
+
+ if self.build_only:
+ return
+ regex = r'^%s%s$' % (
+ u''.join(regex_parts),
+ (not self.is_leaf or not self.strict_slashes) and
+ '(?/?)' or ''
+ )
+ self._regex = re.compile(regex, re.UNICODE)
+
+ def match(self, path, method=None):
+ """Check if the rule matches a given path. Path is a string in the
+ form ``"subdomain|/path"`` and is assembled by the map. If
+ the map is doing host matching the subdomain part will be the host
+ instead.
+
+ If the rule matches a dict with the converted values is returned,
+ otherwise the return value is `None`.
+
+ :internal:
+ """
+ if not self.build_only:
+ m = self._regex.search(path)
+ if m is not None:
+ groups = m.groupdict()
+ # we have a folder like part of the url without a trailing
+ # slash and strict slashes enabled. raise an exception that
+ # tells the map to redirect to the same url but with a
+ # trailing slash
+ if self.strict_slashes and not self.is_leaf and \
+ not groups.pop('__suffix__') and \
+ (method is None or self.methods is None or
+ method in self.methods):
+ raise RequestSlash()
+ # if we are not in strict slashes mode we have to remove
+ # a __suffix__
+ elif not self.strict_slashes:
+ del groups['__suffix__']
+
+ result = {}
+ for name, value in iteritems(groups):
+ try:
+ value = self._converters[name].to_python(value)
+ except ValidationError:
+ return
+ result[str(name)] = value
+ if self.defaults:
+ result.update(self.defaults)
+
+ if self.alias and self.map.redirect_defaults:
+ raise RequestAliasRedirect(result)
+
+ return result
+
+ def build(self, values, append_unknown=True):
+ """Assembles the relative url for that rule and the subdomain.
+ If building doesn't work for some reasons `None` is returned.
+
+ :internal:
+ """
+ tmp = []
+ add = tmp.append
+ processed = set(self.arguments)
+ for is_dynamic, data in self._trace:
+ if is_dynamic:
+ try:
+ add(self._converters[data].to_url(values[data]))
+ except ValidationError:
+ return
+ processed.add(data)
+ else:
+ add(url_quote(to_bytes(data, self.map.charset), safe='/:|+'))
+ domain_part, url = (u''.join(tmp)).split(u'|', 1)
+
+ if append_unknown:
+ query_vars = MultiDict(values)
+ for key in processed:
+ if key in query_vars:
+ del query_vars[key]
+
+ if query_vars:
+ url += u'?' + url_encode(query_vars, charset=self.map.charset,
+ sort=self.map.sort_parameters,
+ key=self.map.sort_key)
+
+ return domain_part, url
+
+ def provides_defaults_for(self, rule):
+ """Check if this rule has defaults for a given rule.
+
+ :internal:
+ """
+ return not self.build_only and self.defaults and \
+ self.endpoint == rule.endpoint and self != rule and \
+ self.arguments == rule.arguments
+
+ def suitable_for(self, values, method=None):
+ """Check if the dict of values has enough data for url generation.
+
+ :internal:
+ """
+ # if a method was given explicitly and that method is not supported
+ # by this rule, this rule is not suitable.
+ if method is not None and self.methods is not None \
+ and method not in self.methods:
+ return False
+
+ defaults = self.defaults or ()
+
+ # all arguments required must be either in the defaults dict or
+ # the value dictionary otherwise it's not suitable
+ for key in self.arguments:
+ if key not in defaults and key not in values:
+ return False
+
+ # in case defaults are given we ensure taht either the value was
+ # skipped or the value is the same as the default value.
+ if defaults:
+ for key, value in iteritems(defaults):
+ if key in values and value != values[key]:
+ return False
+
+ return True
+
+ def match_compare_key(self):
+ """The match compare key for sorting.
+
+ Current implementation:
+
+ 1. rules without any arguments come first for performance
+ reasons only as we expect them to match faster and some
+ common ones usually don't have any arguments (index pages etc.)
+ 2. rules with more static parts come first so the second argument
+ is the negative length of the number of the static weights.
+ 3. we order by static weights, which is a combination of index
+ and length
+ 4. The more complex rules come first so the next argument is the
+ negative length of the number of argument weights.
+ 5. lastly we order by the actual argument weights.
+
+ :internal:
+ """
+ return bool(self.arguments), -len(self._static_weights), self._static_weights,\
+ -len(self._argument_weights), self._argument_weights
+
+ def build_compare_key(self):
+ """The build compare key for sorting.
+
+ :internal:
+ """
+ return self.alias and 1 or 0, -len(self.arguments), \
+ -len(self.defaults or ())
+
+ def __eq__(self, other):
+ return self.__class__ is other.__class__ and \
+ self._trace == other._trace
+
+ __hash__ = None
+
+ def __ne__(self, other):
+ return not self.__eq__(other)
+
+ def __str__(self):
+ return self.rule
+
+ @native_string_result
+ def __repr__(self):
+ if self.map is None:
+ return u'<%s (unbound)>' % self.__class__.__name__
+ tmp = []
+ for is_dynamic, data in self._trace:
+ if is_dynamic:
+ tmp.append(u'<%s>' % data)
+ else:
+ tmp.append(data)
+ return u'<%s %s%s -> %s>' % (
+ self.__class__.__name__,
+ repr((u''.join(tmp)).lstrip(u'|')).lstrip(u'u'),
+ self.methods is not None
+ and u' (%s)' % u', '.join(self.methods)
+ or u'',
+ self.endpoint
+ )
+
+
+class BaseConverter(object):
+
+ """Base class for all converters."""
+ regex = '[^/]+'
+ weight = 100
+
+ def __init__(self, map):
+ self.map = map
+
+ def to_python(self, value):
+ return value
+
+ def to_url(self, value):
+ return url_quote(value, charset=self.map.charset)
+
+
+class UnicodeConverter(BaseConverter):
+
+ """This converter is the default converter and accepts any string but
+ only one path segment. Thus the string can not include a slash.
+
+ This is the default validator.
+
+ Example::
+
+ Rule('/pages/'),
+ Rule('/')
+
+ :param map: the :class:`Map`.
+ :param minlength: the minimum length of the string. Must be greater
+ or equal 1.
+ :param maxlength: the maximum length of the string.
+ :param length: the exact length of the string.
+ """
+
+ def __init__(self, map, minlength=1, maxlength=None, length=None):
+ BaseConverter.__init__(self, map)
+ if length is not None:
+ length = '{%d}' % int(length)
+ else:
+ if maxlength is None:
+ maxlength = ''
+ else:
+ maxlength = int(maxlength)
+ length = '{%s,%s}' % (
+ int(minlength),
+ maxlength
+ )
+ self.regex = '[^/]' + length
+
+
+class AnyConverter(BaseConverter):
+
+ """Matches one of the items provided. Items can either be Python
+ identifiers or strings::
+
+ Rule('/')
+
+ :param map: the :class:`Map`.
+ :param items: this function accepts the possible items as positional
+ arguments.
+ """
+
+ def __init__(self, map, *items):
+ BaseConverter.__init__(self, map)
+ self.regex = '(?:%s)' % '|'.join([re.escape(x) for x in items])
+
+
+class PathConverter(BaseConverter):
+
+ """Like the default :class:`UnicodeConverter`, but it also matches
+ slashes. This is useful for wikis and similar applications::
+
+ Rule('/')
+ Rule('//edit')
+
+ :param map: the :class:`Map`.
+ """
+ regex = '[^/].*?'
+ weight = 200
+
+
+class NumberConverter(BaseConverter):
+
+ """Baseclass for `IntegerConverter` and `FloatConverter`.
+
+ :internal:
+ """
+ weight = 50
+
+ def __init__(self, map, fixed_digits=0, min=None, max=None):
+ BaseConverter.__init__(self, map)
+ self.fixed_digits = fixed_digits
+ self.min = min
+ self.max = max
+
+ def to_python(self, value):
+ if (self.fixed_digits and len(value) != self.fixed_digits):
+ raise ValidationError()
+ value = self.num_convert(value)
+ if (self.min is not None and value < self.min) or \
+ (self.max is not None and value > self.max):
+ raise ValidationError()
+ return value
+
+ def to_url(self, value):
+ value = self.num_convert(value)
+ if self.fixed_digits:
+ value = ('%%0%sd' % self.fixed_digits) % value
+ return str(value)
+
+
+class IntegerConverter(NumberConverter):
+
+ """This converter only accepts integer values::
+
+ Rule('/page/')
+
+ This converter does not support negative values.
+
+ :param map: the :class:`Map`.
+ :param fixed_digits: the number of fixed digits in the URL. If you set
+ this to ``4`` for example, the application will
+ only match if the url looks like ``/0001/``. The
+ default is variable length.
+ :param min: the minimal value.
+ :param max: the maximal value.
+ """
+ regex = r'\d+'
+ num_convert = int
+
+
+class FloatConverter(NumberConverter):
+
+ """This converter only accepts floating point values::
+
+ Rule('/probability/')
+
+ This converter does not support negative values.
+
+ :param map: the :class:`Map`.
+ :param min: the minimal value.
+ :param max: the maximal value.
+ """
+ regex = r'\d+\.\d+'
+ num_convert = float
+
+ def __init__(self, map, min=None, max=None):
+ NumberConverter.__init__(self, map, 0, min, max)
+
+
+class UUIDConverter(BaseConverter):
+
+ """This converter only accepts UUID strings::
+
+ Rule('/object/')
+
+ .. versionadded:: 0.10
+
+ :param map: the :class:`Map`.
+ """
+ regex = r'[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-' \
+ r'[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}'
+
+ def to_python(self, value):
+ return uuid.UUID(value)
+
+ def to_url(self, value):
+ return str(value)
+
+
+#: the default converter mapping for the map.
+DEFAULT_CONVERTERS = {
+ 'default': UnicodeConverter,
+ 'string': UnicodeConverter,
+ 'any': AnyConverter,
+ 'path': PathConverter,
+ 'int': IntegerConverter,
+ 'float': FloatConverter,
+ 'uuid': UUIDConverter,
+}
+
+
+class Map(object):
+
+ """The map class stores all the URL rules and some configuration
+ parameters. Some of the configuration values are only stored on the
+ `Map` instance since those affect all rules, others are just defaults
+ and can be overridden for each rule. Note that you have to specify all
+ arguments besides the `rules` as keyword arguments!
+
+ :param rules: sequence of url rules for this map.
+ :param default_subdomain: The default subdomain for rules without a
+ subdomain defined.
+ :param charset: charset of the url. defaults to ``"utf-8"``
+ :param strict_slashes: Take care of trailing slashes.
+ :param redirect_defaults: This will redirect to the default rule if it
+ wasn't visited that way. This helps creating
+ unique URLs.
+ :param converters: A dict of converters that adds additional converters
+ to the list of converters. If you redefine one
+ converter this will override the original one.
+ :param sort_parameters: If set to `True` the url parameters are sorted.
+ See `url_encode` for more details.
+ :param sort_key: The sort key function for `url_encode`.
+ :param encoding_errors: the error method to use for decoding
+ :param host_matching: if set to `True` it enables the host matching
+ feature and disables the subdomain one. If
+ enabled the `host` parameter to rules is used
+ instead of the `subdomain` one.
+
+ .. versionadded:: 0.5
+ `sort_parameters` and `sort_key` was added.
+
+ .. versionadded:: 0.7
+ `encoding_errors` and `host_matching` was added.
+ """
+
+ #: .. versionadded:: 0.6
+ #: a dict of default converters to be used.
+ default_converters = ImmutableDict(DEFAULT_CONVERTERS)
+
+ def __init__(self, rules=None, default_subdomain='', charset='utf-8',
+ strict_slashes=True, redirect_defaults=True,
+ converters=None, sort_parameters=False, sort_key=None,
+ encoding_errors='replace', host_matching=False):
+ self._rules = []
+ self._rules_by_endpoint = {}
+ self._remap = True
+ self._remap_lock = Lock()
+
+ self.default_subdomain = default_subdomain
+ self.charset = charset
+ self.encoding_errors = encoding_errors
+ self.strict_slashes = strict_slashes
+ self.redirect_defaults = redirect_defaults
+ self.host_matching = host_matching
+
+ self.converters = self.default_converters.copy()
+ if converters:
+ self.converters.update(converters)
+
+ self.sort_parameters = sort_parameters
+ self.sort_key = sort_key
+
+ for rulefactory in rules or ():
+ self.add(rulefactory)
+
+ def is_endpoint_expecting(self, endpoint, *arguments):
+ """Iterate over all rules and check if the endpoint expects
+ the arguments provided. This is for example useful if you have
+ some URLs that expect a language code and others that do not and
+ you want to wrap the builder a bit so that the current language
+ code is automatically added if not provided but endpoints expect
+ it.
+
+ :param endpoint: the endpoint to check.
+ :param arguments: this function accepts one or more arguments
+ as positional arguments. Each one of them is
+ checked.
+ """
+ self.update()
+ arguments = set(arguments)
+ for rule in self._rules_by_endpoint[endpoint]:
+ if arguments.issubset(rule.arguments):
+ return True
+ return False
+
+ def iter_rules(self, endpoint=None):
+ """Iterate over all rules or the rules of an endpoint.
+
+ :param endpoint: if provided only the rules for that endpoint
+ are returned.
+ :return: an iterator
+ """
+ self.update()
+ if endpoint is not None:
+ return iter(self._rules_by_endpoint[endpoint])
+ return iter(self._rules)
+
+ def add(self, rulefactory):
+ """Add a new rule or factory to the map and bind it. Requires that the
+ rule is not bound to another map.
+
+ :param rulefactory: a :class:`Rule` or :class:`RuleFactory`
+ """
+ for rule in rulefactory.get_rules(self):
+ rule.bind(self)
+ self._rules.append(rule)
+ self._rules_by_endpoint.setdefault(rule.endpoint, []).append(rule)
+ self._remap = True
+
+ def bind(self, server_name, script_name=None, subdomain=None,
+ url_scheme='http', default_method='GET', path_info=None,
+ query_args=None):
+ """Return a new :class:`MapAdapter` with the details specified to the
+ call. Note that `script_name` will default to ``'/'`` if not further
+ specified or `None`. The `server_name` at least is a requirement
+ because the HTTP RFC requires absolute URLs for redirects and so all
+ redirect exceptions raised by Werkzeug will contain the full canonical
+ URL.
+
+ If no path_info is passed to :meth:`match` it will use the default path
+ info passed to bind. While this doesn't really make sense for
+ manual bind calls, it's useful if you bind a map to a WSGI
+ environment which already contains the path info.
+
+ `subdomain` will default to the `default_subdomain` for this map if
+ no defined. If there is no `default_subdomain` you cannot use the
+ subdomain feature.
+
+ .. versionadded:: 0.7
+ `query_args` added
+
+ .. versionadded:: 0.8
+ `query_args` can now also be a string.
+ """
+ server_name = server_name.lower()
+ if self.host_matching:
+ if subdomain is not None:
+ raise RuntimeError('host matching enabled and a '
+ 'subdomain was provided')
+ elif subdomain is None:
+ subdomain = self.default_subdomain
+ if script_name is None:
+ script_name = '/'
+ try:
+ server_name = _encode_idna(server_name)
+ except UnicodeError:
+ raise BadHost()
+ return MapAdapter(self, server_name, script_name, subdomain,
+ url_scheme, path_info, default_method, query_args)
+
+ def bind_to_environ(self, environ, server_name=None, subdomain=None):
+ """Like :meth:`bind` but you can pass it an WSGI environment and it
+ will fetch the information from that dictionary. Note that because of
+ limitations in the protocol there is no way to get the current
+ subdomain and real `server_name` from the environment. If you don't
+ provide it, Werkzeug will use `SERVER_NAME` and `SERVER_PORT` (or
+ `HTTP_HOST` if provided) as used `server_name` with disabled subdomain
+ feature.
+
+ If `subdomain` is `None` but an environment and a server name is
+ provided it will calculate the current subdomain automatically.
+ Example: `server_name` is ``'example.com'`` and the `SERVER_NAME`
+ in the wsgi `environ` is ``'staging.dev.example.com'`` the calculated
+ subdomain will be ``'staging.dev'``.
+
+ If the object passed as environ has an environ attribute, the value of
+ this attribute is used instead. This allows you to pass request
+ objects. Additionally `PATH_INFO` added as a default of the
+ :class:`MapAdapter` so that you don't have to pass the path info to
+ the match method.
+
+ .. versionchanged:: 0.5
+ previously this method accepted a bogus `calculate_subdomain`
+ parameter that did not have any effect. It was removed because
+ of that.
+
+ .. versionchanged:: 0.8
+ This will no longer raise a ValueError when an unexpected server
+ name was passed.
+
+ :param environ: a WSGI environment.
+ :param server_name: an optional server name hint (see above).
+ :param subdomain: optionally the current subdomain (see above).
+ """
+ environ = _get_environ(environ)
+
+ if 'HTTP_HOST' in environ:
+ wsgi_server_name = environ['HTTP_HOST']
+
+ if environ['wsgi.url_scheme'] == 'http' \
+ and wsgi_server_name.endswith(':80'):
+ wsgi_server_name = wsgi_server_name[:-3]
+ elif environ['wsgi.url_scheme'] == 'https' \
+ and wsgi_server_name.endswith(':443'):
+ wsgi_server_name = wsgi_server_name[:-4]
+ else:
+ wsgi_server_name = environ['SERVER_NAME']
+
+ if (environ['wsgi.url_scheme'], environ['SERVER_PORT']) not \
+ in (('https', '443'), ('http', '80')):
+ wsgi_server_name += ':' + environ['SERVER_PORT']
+
+ wsgi_server_name = wsgi_server_name.lower()
+
+ if server_name is None:
+ server_name = wsgi_server_name
+ else:
+ server_name = server_name.lower()
+
+ if subdomain is None and not self.host_matching:
+ cur_server_name = wsgi_server_name.split('.')
+ real_server_name = server_name.split('.')
+ offset = -len(real_server_name)
+ if cur_server_name[offset:] != real_server_name:
+ # This can happen even with valid configs if the server was
+ # accesssed directly by IP address under some situations.
+ # Instead of raising an exception like in Werkzeug 0.7 or
+ # earlier we go by an invalid subdomain which will result
+ # in a 404 error on matching.
+ subdomain = ''
+ else:
+ subdomain = '.'.join(filter(None, cur_server_name[:offset]))
+
+ def _get_wsgi_string(name):
+ val = environ.get(name)
+ if val is not None:
+ return wsgi_decoding_dance(val, self.charset)
+
+ script_name = _get_wsgi_string('SCRIPT_NAME')
+ path_info = _get_wsgi_string('PATH_INFO')
+ query_args = _get_wsgi_string('QUERY_STRING')
+ return Map.bind(self, server_name, script_name,
+ subdomain, environ['wsgi.url_scheme'],
+ environ['REQUEST_METHOD'], path_info,
+ query_args=query_args)
+
+ def update(self):
+ """Called before matching and building to keep the compiled rules
+ in the correct order after things changed.
+ """
+ if not self._remap:
+ return
+
+ with self._remap_lock:
+ if not self._remap:
+ return
+
+ self._rules.sort(key=lambda x: x.match_compare_key())
+ for rules in itervalues(self._rules_by_endpoint):
+ rules.sort(key=lambda x: x.build_compare_key())
+ self._remap = False
+
+ def __repr__(self):
+ rules = self.iter_rules()
+ return '%s(%s)' % (self.__class__.__name__, pformat(list(rules)))
+
+
+class MapAdapter(object):
+
+ """Returned by :meth:`Map.bind` or :meth:`Map.bind_to_environ` and does
+ the URL matching and building based on runtime information.
+ """
+
+ def __init__(self, map, server_name, script_name, subdomain,
+ url_scheme, path_info, default_method, query_args=None):
+ self.map = map
+ self.server_name = to_unicode(server_name)
+ script_name = to_unicode(script_name)
+ if not script_name.endswith(u'/'):
+ script_name += u'/'
+ self.script_name = script_name
+ self.subdomain = to_unicode(subdomain)
+ self.url_scheme = to_unicode(url_scheme)
+ self.path_info = to_unicode(path_info)
+ self.default_method = to_unicode(default_method)
+ self.query_args = query_args
+
+ def dispatch(self, view_func, path_info=None, method=None,
+ catch_http_exceptions=False):
+ """Does the complete dispatching process. `view_func` is called with
+ the endpoint and a dict with the values for the view. It should
+ look up the view function, call it, and return a response object
+ or WSGI application. http exceptions are not caught by default
+ so that applications can display nicer error messages by just
+ catching them by hand. If you want to stick with the default
+ error messages you can pass it ``catch_http_exceptions=True`` and
+ it will catch the http exceptions.
+
+ Here a small example for the dispatch usage::
+
+ from werkzeug.wrappers import Request, Response
+ from werkzeug.wsgi import responder
+ from werkzeug.routing import Map, Rule
+
+ def on_index(request):
+ return Response('Hello from the index')
+
+ url_map = Map([Rule('/', endpoint='index')])
+ views = {'index': on_index}
+
+ @responder
+ def application(environ, start_response):
+ request = Request(environ)
+ urls = url_map.bind_to_environ(environ)
+ return urls.dispatch(lambda e, v: views[e](request, **v),
+ catch_http_exceptions=True)
+
+ Keep in mind that this method might return exception objects, too, so
+ use :class:`Response.force_type` to get a response object.
+
+ :param view_func: a function that is called with the endpoint as
+ first argument and the value dict as second. Has
+ to dispatch to the actual view function with this
+ information. (see above)
+ :param path_info: the path info to use for matching. Overrides the
+ path info specified on binding.
+ :param method: the HTTP method used for matching. Overrides the
+ method specified on binding.
+ :param catch_http_exceptions: set to `True` to catch any of the
+ werkzeug :class:`HTTPException`\s.
+ """
+ try:
+ try:
+ endpoint, args = self.match(path_info, method)
+ except RequestRedirect as e:
+ return e
+ return view_func(endpoint, args)
+ except HTTPException as e:
+ if catch_http_exceptions:
+ return e
+ raise
+
+ def match(self, path_info=None, method=None, return_rule=False,
+ query_args=None):
+ """The usage is simple: you just pass the match method the current
+ path info as well as the method (which defaults to `GET`). The
+ following things can then happen:
+
+ - you receive a `NotFound` exception that indicates that no URL is
+ matching. A `NotFound` exception is also a WSGI application you
+ can call to get a default page not found page (happens to be the
+ same object as `werkzeug.exceptions.NotFound`)
+
+ - you receive a `MethodNotAllowed` exception that indicates that there
+ is a match for this URL but not for the current request method.
+ This is useful for RESTful applications.
+
+ - you receive a `RequestRedirect` exception with a `new_url`
+ attribute. This exception is used to notify you about a request
+ Werkzeug requests from your WSGI application. This is for example the
+ case if you request ``/foo`` although the correct URL is ``/foo/``
+ You can use the `RequestRedirect` instance as response-like object
+ similar to all other subclasses of `HTTPException`.
+
+ - you get a tuple in the form ``(endpoint, arguments)`` if there is
+ a match (unless `return_rule` is True, in which case you get a tuple
+ in the form ``(rule, arguments)``)
+
+ If the path info is not passed to the match method the default path
+ info of the map is used (defaults to the root URL if not defined
+ explicitly).
+
+ All of the exceptions raised are subclasses of `HTTPException` so they
+ can be used as WSGI responses. They will all render generic error or
+ redirect pages.
+
+ Here is a small example for matching:
+
+ >>> m = Map([
+ ... Rule('/', endpoint='index'),
+ ... Rule('/downloads/', endpoint='downloads/index'),
+ ... Rule('/downloads/', endpoint='downloads/show')
+ ... ])
+ >>> urls = m.bind("example.com", "/")
+ >>> urls.match("/", "GET")
+ ('index', {})
+ >>> urls.match("/downloads/42")
+ ('downloads/show', {'id': 42})
+
+ And here is what happens on redirect and missing URLs:
+
+ >>> urls.match("/downloads")
+ Traceback (most recent call last):
+ ...
+ RequestRedirect: http://example.com/downloads/
+ >>> urls.match("/missing")
+ Traceback (most recent call last):
+ ...
+ NotFound: 404 Not Found
+
+ :param path_info: the path info to use for matching. Overrides the
+ path info specified on binding.
+ :param method: the HTTP method used for matching. Overrides the
+ method specified on binding.
+ :param return_rule: return the rule that matched instead of just the
+ endpoint (defaults to `False`).
+ :param query_args: optional query arguments that are used for
+ automatic redirects as string or dictionary. It's
+ currently not possible to use the query arguments
+ for URL matching.
+
+ .. versionadded:: 0.6
+ `return_rule` was added.
+
+ .. versionadded:: 0.7
+ `query_args` was added.
+
+ .. versionchanged:: 0.8
+ `query_args` can now also be a string.
+ """
+ self.map.update()
+ if path_info is None:
+ path_info = self.path_info
+ else:
+ path_info = to_unicode(path_info, self.map.charset)
+ if query_args is None:
+ query_args = self.query_args
+ method = (method or self.default_method).upper()
+
+ path = u'%s|%s' % (
+ self.map.host_matching and self.server_name or self.subdomain,
+ path_info and '/%s' % path_info.lstrip('/')
+ )
+
+ have_match_for = set()
+ for rule in self.map._rules:
+ try:
+ rv = rule.match(path, method)
+ except RequestSlash:
+ raise RequestRedirect(self.make_redirect_url(
+ url_quote(path_info, self.map.charset,
+ safe='/:|+') + '/', query_args))
+ except RequestAliasRedirect as e:
+ raise RequestRedirect(self.make_alias_redirect_url(
+ path, rule.endpoint, e.matched_values, method, query_args))
+ if rv is None:
+ continue
+ if rule.methods is not None and method not in rule.methods:
+ have_match_for.update(rule.methods)
+ continue
+
+ if self.map.redirect_defaults:
+ redirect_url = self.get_default_redirect(rule, method, rv,
+ query_args)
+ if redirect_url is not None:
+ raise RequestRedirect(redirect_url)
+
+ if rule.redirect_to is not None:
+ if isinstance(rule.redirect_to, string_types):
+ def _handle_match(match):
+ value = rv[match.group(1)]
+ return rule._converters[match.group(1)].to_url(value)
+ redirect_url = _simple_rule_re.sub(_handle_match,
+ rule.redirect_to)
+ else:
+ redirect_url = rule.redirect_to(self, **rv)
+ raise RequestRedirect(str(url_join('%s://%s%s%s' % (
+ self.url_scheme or 'http',
+ self.subdomain and self.subdomain + '.' or '',
+ self.server_name,
+ self.script_name
+ ), redirect_url)))
+
+ if return_rule:
+ return rule, rv
+ else:
+ return rule.endpoint, rv
+
+ if have_match_for:
+ raise MethodNotAllowed(valid_methods=list(have_match_for))
+ raise NotFound()
+
+ def test(self, path_info=None, method=None):
+ """Test if a rule would match. Works like `match` but returns `True`
+ if the URL matches, or `False` if it does not exist.
+
+ :param path_info: the path info to use for matching. Overrides the
+ path info specified on binding.
+ :param method: the HTTP method used for matching. Overrides the
+ method specified on binding.
+ """
+ try:
+ self.match(path_info, method)
+ except RequestRedirect:
+ pass
+ except HTTPException:
+ return False
+ return True
+
+ def allowed_methods(self, path_info=None):
+ """Returns the valid methods that match for a given path.
+
+ .. versionadded:: 0.7
+ """
+ try:
+ self.match(path_info, method='--')
+ except MethodNotAllowed as e:
+ return e.valid_methods
+ except HTTPException as e:
+ pass
+ return []
+
+ def get_host(self, domain_part):
+ """Figures out the full host name for the given domain part. The
+ domain part is a subdomain in case host matching is disabled or
+ a full host name.
+ """
+ if self.map.host_matching:
+ if domain_part is None:
+ return self.server_name
+ return to_unicode(domain_part, 'ascii')
+ subdomain = domain_part
+ if subdomain is None:
+ subdomain = self.subdomain
+ else:
+ subdomain = to_unicode(subdomain, 'ascii')
+ return (subdomain and subdomain + u'.' or u'') + self.server_name
+
+ def get_default_redirect(self, rule, method, values, query_args):
+ """A helper that returns the URL to redirect to if it finds one.
+ This is used for default redirecting only.
+
+ :internal:
+ """
+ assert self.map.redirect_defaults
+ for r in self.map._rules_by_endpoint[rule.endpoint]:
+ # every rule that comes after this one, including ourself
+ # has a lower priority for the defaults. We order the ones
+ # with the highest priority up for building.
+ if r is rule:
+ break
+ if r.provides_defaults_for(rule) and \
+ r.suitable_for(values, method):
+ values.update(r.defaults)
+ domain_part, path = r.build(values)
+ return self.make_redirect_url(
+ path, query_args, domain_part=domain_part)
+
+ def encode_query_args(self, query_args):
+ if not isinstance(query_args, string_types):
+ query_args = url_encode(query_args, self.map.charset)
+ return query_args
+
+ def make_redirect_url(self, path_info, query_args=None, domain_part=None):
+ """Creates a redirect URL.
+
+ :internal:
+ """
+ suffix = ''
+ if query_args:
+ suffix = '?' + self.encode_query_args(query_args)
+ return str('%s://%s/%s%s' % (
+ self.url_scheme or 'http',
+ self.get_host(domain_part),
+ posixpath.join(self.script_name[:-1].lstrip('/'),
+ path_info.lstrip('/')),
+ suffix
+ ))
+
+ def make_alias_redirect_url(self, path, endpoint, values, method, query_args):
+ """Internally called to make an alias redirect URL."""
+ url = self.build(endpoint, values, method, append_unknown=False,
+ force_external=True)
+ if query_args:
+ url += '?' + self.encode_query_args(query_args)
+ assert url != path, 'detected invalid alias setting. No canonical ' \
+ 'URL found'
+ return url
+
+ def _partial_build(self, endpoint, values, method, append_unknown):
+ """Helper for :meth:`build`. Returns subdomain and path for the
+ rule that accepts this endpoint, values and method.
+
+ :internal:
+ """
+ # in case the method is none, try with the default method first
+ if method is None:
+ rv = self._partial_build(endpoint, values, self.default_method,
+ append_unknown)
+ if rv is not None:
+ return rv
+
+ # default method did not match or a specific method is passed,
+ # check all and go with first result.
+ for rule in self.map._rules_by_endpoint.get(endpoint, ()):
+ if rule.suitable_for(values, method):
+ rv = rule.build(values, append_unknown)
+ if rv is not None:
+ return rv
+
+ def build(self, endpoint, values=None, method=None, force_external=False,
+ append_unknown=True):
+ """Building URLs works pretty much the other way round. Instead of
+ `match` you call `build` and pass it the endpoint and a dict of
+ arguments for the placeholders.
+
+ The `build` function also accepts an argument called `force_external`
+ which, if you set it to `True` will force external URLs. Per default
+ external URLs (include the server name) will only be used if the
+ target URL is on a different subdomain.
+
+ >>> m = Map([
+ ... Rule('/', endpoint='index'),
+ ... Rule('/downloads/', endpoint='downloads/index'),
+ ... Rule('/downloads/', endpoint='downloads/show')
+ ... ])
+ >>> urls = m.bind("example.com", "/")
+ >>> urls.build("index", {})
+ '/'
+ >>> urls.build("downloads/show", {'id': 42})
+ '/downloads/42'
+ >>> urls.build("downloads/show", {'id': 42}, force_external=True)
+ 'http://example.com/downloads/42'
+
+ Because URLs cannot contain non ASCII data you will always get
+ bytestrings back. Non ASCII characters are urlencoded with the
+ charset defined on the map instance.
+
+ Additional values are converted to unicode and appended to the URL as
+ URL querystring parameters:
+
+ >>> urls.build("index", {'q': 'My Searchstring'})
+ '/?q=My+Searchstring'
+
+ When processing those additional values, lists are furthermore
+ interpreted as multiple values (as per
+ :py:class:`werkzeug.datastructures.MultiDict`):
+
+ >>> urls.build("index", {'q': ['a', 'b', 'c']})
+ '/?q=a&q=b&q=c'
+
+ If a rule does not exist when building a `BuildError` exception is
+ raised.
+
+ The build method accepts an argument called `method` which allows you
+ to specify the method you want to have an URL built for if you have
+ different methods for the same endpoint specified.
+
+ .. versionadded:: 0.6
+ the `append_unknown` parameter was added.
+
+ :param endpoint: the endpoint of the URL to build.
+ :param values: the values for the URL to build. Unhandled values are
+ appended to the URL as query parameters.
+ :param method: the HTTP method for the rule if there are different
+ URLs for different methods on the same endpoint.
+ :param force_external: enforce full canonical external URLs. If the URL
+ scheme is not provided, this will generate
+ a protocol-relative URL.
+ :param append_unknown: unknown parameters are appended to the generated
+ URL as query string argument. Disable this
+ if you want the builder to ignore those.
+ """
+ self.map.update()
+ if values:
+ if isinstance(values, MultiDict):
+ valueiter = iteritems(values, multi=True)
+ else:
+ valueiter = iteritems(values)
+ values = dict((k, v) for k, v in valueiter if v is not None)
+ else:
+ values = {}
+
+ rv = self._partial_build(endpoint, values, method, append_unknown)
+ if rv is None:
+ raise BuildError(endpoint, values, method, self)
+ domain_part, path = rv
+
+ host = self.get_host(domain_part)
+
+ # shortcut this.
+ if not force_external and (
+ (self.map.host_matching and host == self.server_name) or
+ (not self.map.host_matching and domain_part == self.subdomain)
+ ):
+ return str(url_join(self.script_name, './' + path.lstrip('/')))
+ return str('%s//%s%s/%s' % (
+ self.url_scheme + ':' if self.url_scheme else '',
+ host,
+ self.script_name[:-1],
+ path.lstrip('/')
+ ))
diff --git a/website/web/Lib/site-packages/werkzeug/script.py b/website/web/Lib/site-packages/werkzeug/script.py
new file mode 100644
index 000000000..cfff3c117
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/script.py
@@ -0,0 +1,318 @@
+# -*- coding: utf-8 -*-
+r'''
+ werkzeug.script
+ ~~~~~~~~~~~~~~~
+
+ .. admonition:: Deprecated Functionality
+
+ ``werkzeug.script`` is deprecated without replacement functionality.
+ Python's command line support improved greatly with :mod:`argparse`
+ and a bunch of alternative modules.
+
+ Most of the time you have recurring tasks while writing an application
+ such as starting up an interactive python interpreter with some prefilled
+ imports, starting the development server, initializing the database or
+ something similar.
+
+ For that purpose werkzeug provides the `werkzeug.script` module which
+ helps you writing such scripts.
+
+
+ Basic Usage
+ -----------
+
+ The following snippet is roughly the same in every werkzeug script::
+
+ #!/usr/bin/env python
+ # -*- coding: utf-8 -*-
+ from werkzeug import script
+
+ # actions go here
+
+ if __name__ == '__main__':
+ script.run()
+
+ Starting this script now does nothing because no actions are defined.
+ An action is a function in the same module starting with ``"action_"``
+ which takes a number of arguments where every argument has a default. The
+ type of the default value specifies the type of the argument.
+
+ Arguments can then be passed by position or using ``--name=value`` from
+ the shell.
+
+ Because a runserver and shell command is pretty common there are two
+ factory functions that create such commands::
+
+ def make_app():
+ from yourapplication import YourApplication
+ return YourApplication(...)
+
+ action_runserver = script.make_runserver(make_app, use_reloader=True)
+ action_shell = script.make_shell(lambda: {'app': make_app()})
+
+
+ Using The Scripts
+ -----------------
+
+ The script from above can be used like this from the shell now:
+
+ .. sourcecode:: text
+
+ $ ./manage.py --help
+ $ ./manage.py runserver localhost 8080 --debugger --no-reloader
+ $ ./manage.py runserver -p 4000
+ $ ./manage.py shell
+
+ As you can see it's possible to pass parameters as positional arguments
+ or as named parameters, pretty much like Python function calls.
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+'''
+from __future__ import print_function
+
+import sys
+import inspect
+import getopt
+from os.path import basename
+from werkzeug._compat import iteritems
+
+
+argument_types = {
+ bool: 'boolean',
+ str: 'string',
+ int: 'integer',
+ float: 'float'
+}
+
+
+converters = {
+ 'boolean': lambda x: x.lower() in ('1', 'true', 'yes', 'on'),
+ 'string': str,
+ 'integer': int,
+ 'float': float
+}
+
+
+def run(namespace=None, action_prefix='action_', args=None):
+ """Run the script. Participating actions are looked up in the caller's
+ namespace if no namespace is given, otherwise in the dict provided.
+ Only items that start with action_prefix are processed as actions. If
+ you want to use all items in the namespace provided as actions set
+ action_prefix to an empty string.
+
+ :param namespace: An optional dict where the functions are looked up in.
+ By default the local namespace of the caller is used.
+ :param action_prefix: The prefix for the functions. Everything else
+ is ignored.
+ :param args: the arguments for the function. If not specified
+ :data:`sys.argv` without the first argument is used.
+ """
+ if namespace is None:
+ namespace = sys._getframe(1).f_locals
+ actions = find_actions(namespace, action_prefix)
+
+ if args is None:
+ args = sys.argv[1:]
+ if not args or args[0] in ('-h', '--help'):
+ return print_usage(actions)
+ elif args[0] not in actions:
+ fail('Unknown action \'%s\'' % args[0])
+
+ arguments = {}
+ types = {}
+ key_to_arg = {}
+ long_options = []
+ formatstring = ''
+ func, doc, arg_def = actions[args.pop(0)]
+ for idx, (arg, shortcut, default, option_type) in enumerate(arg_def):
+ real_arg = arg.replace('-', '_')
+ if shortcut:
+ formatstring += shortcut
+ if not isinstance(default, bool):
+ formatstring += ':'
+ key_to_arg['-' + shortcut] = real_arg
+ long_options.append(isinstance(default, bool) and arg or arg + '=')
+ key_to_arg['--' + arg] = real_arg
+ key_to_arg[idx] = real_arg
+ types[real_arg] = option_type
+ arguments[real_arg] = default
+
+ try:
+ optlist, posargs = getopt.gnu_getopt(args, formatstring, long_options)
+ except getopt.GetoptError as e:
+ fail(str(e))
+
+ specified_arguments = set()
+ for key, value in enumerate(posargs):
+ try:
+ arg = key_to_arg[key]
+ except IndexError:
+ fail('Too many parameters')
+ specified_arguments.add(arg)
+ try:
+ arguments[arg] = converters[types[arg]](value)
+ except ValueError:
+ fail('Invalid value for argument %s (%s): %s' % (key, arg, value))
+
+ for key, value in optlist:
+ arg = key_to_arg[key]
+ if arg in specified_arguments:
+ fail('Argument \'%s\' is specified twice' % arg)
+ if types[arg] == 'boolean':
+ if arg.startswith('no_'):
+ value = 'no'
+ else:
+ value = 'yes'
+ try:
+ arguments[arg] = converters[types[arg]](value)
+ except ValueError:
+ fail('Invalid value for \'%s\': %s' % (key, value))
+
+ newargs = {}
+ for k, v in iteritems(arguments):
+ newargs[k.startswith('no_') and k[3:] or k] = v
+ arguments = newargs
+ return func(**arguments)
+
+
+def fail(message, code=-1):
+ """Fail with an error."""
+ print('Error: %s' % message, file=sys.stderr)
+ sys.exit(code)
+
+
+def find_actions(namespace, action_prefix):
+ """Find all the actions in the namespace."""
+ actions = {}
+ for key, value in iteritems(namespace):
+ if key.startswith(action_prefix):
+ actions[key[len(action_prefix):]] = analyse_action(value)
+ return actions
+
+
+def print_usage(actions):
+ """Print the usage information. (Help screen)"""
+ actions = sorted(iteritems(actions))
+ print('usage: %s []' % basename(sys.argv[0]))
+ print(' %s --help' % basename(sys.argv[0]))
+ print()
+ print('actions:')
+ for name, (func, doc, arguments) in actions:
+ print(' %s:' % name)
+ for line in doc.splitlines():
+ print(' %s' % line)
+ if arguments:
+ print()
+ for arg, shortcut, default, argtype in arguments:
+ if isinstance(default, bool):
+ print(' %s' % (
+ (shortcut and '-%s, ' % shortcut or '') + '--' + arg
+ ))
+ else:
+ print(' %-30s%-10s%s' % (
+ (shortcut and '-%s, ' % shortcut or '') + '--' + arg,
+ argtype, default
+ ))
+ print()
+
+
+def analyse_action(func):
+ """Analyse a function."""
+ description = inspect.getdoc(func) or 'undocumented action'
+ arguments = []
+ args, varargs, kwargs, defaults = inspect.getargspec(func)
+ if varargs or kwargs:
+ raise TypeError('variable length arguments for action not allowed.')
+ if len(args) != len(defaults or ()):
+ raise TypeError('not all arguments have proper definitions')
+
+ for idx, (arg, definition) in enumerate(zip(args, defaults or ())):
+ if arg.startswith('_'):
+ raise TypeError('arguments may not start with an underscore')
+ if not isinstance(definition, tuple):
+ shortcut = None
+ default = definition
+ else:
+ shortcut, default = definition
+ argument_type = argument_types[type(default)]
+ if isinstance(default, bool) and default is True:
+ arg = 'no-' + arg
+ arguments.append((arg.replace('_', '-'), shortcut,
+ default, argument_type))
+ return func, description, arguments
+
+
+def make_shell(init_func=None, banner=None, use_ipython=True):
+ """Returns an action callback that spawns a new interactive
+ python shell.
+
+ :param init_func: an optional initialization function that is
+ called before the shell is started. The return
+ value of this function is the initial namespace.
+ :param banner: the banner that is displayed before the shell. If
+ not specified a generic banner is used instead.
+ :param use_ipython: if set to `True` ipython is used if available.
+ """
+ if banner is None:
+ banner = 'Interactive Werkzeug Shell'
+ if init_func is None:
+ init_func = dict
+
+ def action(ipython=use_ipython):
+ """Start a new interactive python session."""
+ namespace = init_func()
+ if ipython:
+ try:
+ try:
+ from IPython.frontend.terminal.embed import InteractiveShellEmbed
+ sh = InteractiveShellEmbed(banner1=banner)
+ except ImportError:
+ from IPython.Shell import IPShellEmbed
+ sh = IPShellEmbed(banner=banner)
+ except ImportError:
+ pass
+ else:
+ sh(global_ns={}, local_ns=namespace)
+ return
+ from code import interact
+ interact(banner, local=namespace)
+ return action
+
+
+def make_runserver(app_factory, hostname='localhost', port=5000,
+ use_reloader=False, use_debugger=False, use_evalex=True,
+ threaded=False, processes=1, static_files=None,
+ extra_files=None, ssl_context=None):
+ """Returns an action callback that spawns a new development server.
+
+ .. versionadded:: 0.5
+ `static_files` and `extra_files` was added.
+
+ ..versionadded:: 0.6.1
+ `ssl_context` was added.
+
+ :param app_factory: a function that returns a new WSGI application.
+ :param hostname: the default hostname the server should listen on.
+ :param port: the default port of the server.
+ :param use_reloader: the default setting for the reloader.
+ :param use_evalex: the default setting for the evalex flag of the debugger.
+ :param threaded: the default threading setting.
+ :param processes: the default number of processes to start.
+ :param static_files: optional dict of static files.
+ :param extra_files: optional list of extra files to track for reloading.
+ :param ssl_context: optional SSL context for running server in HTTPS mode.
+ """
+ def action(hostname=('h', hostname), port=('p', port),
+ reloader=use_reloader, debugger=use_debugger,
+ evalex=use_evalex, threaded=threaded, processes=processes):
+ """Start a new development server."""
+ from werkzeug.serving import run_simple
+ app = app_factory()
+ run_simple(hostname, port, app,
+ use_reloader=reloader, use_debugger=debugger,
+ use_evalex=evalex, extra_files=extra_files,
+ reloader_interval=1, threaded=threaded, processes=processes,
+ static_files=static_files, ssl_context=ssl_context)
+ return action
diff --git a/website/web/Lib/site-packages/werkzeug/security.py b/website/web/Lib/site-packages/werkzeug/security.py
new file mode 100644
index 000000000..d4c5c9f48
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/security.py
@@ -0,0 +1,270 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.security
+ ~~~~~~~~~~~~~~~~~
+
+ Security related helpers such as secure password hashing tools.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import os
+import hmac
+import hashlib
+import posixpath
+import codecs
+from struct import Struct
+from random import SystemRandom
+from operator import xor
+from itertools import starmap
+
+from werkzeug._compat import range_type, PY2, text_type, izip, to_bytes, \
+ string_types, to_native
+
+
+SALT_CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+DEFAULT_PBKDF2_ITERATIONS = 50000
+
+
+_pack_int = Struct('>I').pack
+_builtin_safe_str_cmp = getattr(hmac, 'compare_digest', None)
+_sys_rng = SystemRandom()
+_os_alt_seps = list(sep for sep in [os.path.sep, os.path.altsep]
+ if sep not in (None, '/'))
+
+
+def _find_hashlib_algorithms():
+ algos = getattr(hashlib, 'algorithms', None)
+ if algos is None:
+ algos = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512')
+ rv = {}
+ for algo in algos:
+ func = getattr(hashlib, algo, None)
+ if func is not None:
+ rv[algo] = func
+ return rv
+_hash_funcs = _find_hashlib_algorithms()
+
+
+def pbkdf2_hex(data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS,
+ keylen=None, hashfunc=None):
+ """Like :func:`pbkdf2_bin`, but returns a hex-encoded string.
+
+ .. versionadded:: 0.9
+
+ :param data: the data to derive.
+ :param salt: the salt for the derivation.
+ :param iterations: the number of iterations.
+ :param keylen: the length of the resulting key. If not provided,
+ the digest size will be used.
+ :param hashfunc: the hash function to use. This can either be the
+ string name of a known hash function, or a function
+ from the hashlib module. Defaults to sha256.
+ """
+ rv = pbkdf2_bin(data, salt, iterations, keylen, hashfunc)
+ return to_native(codecs.encode(rv, 'hex_codec'))
+
+
+_has_native_pbkdf2 = hasattr(hashlib, 'pbkdf2_hmac')
+
+
+def pbkdf2_bin(data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS,
+ keylen=None, hashfunc=None):
+ """Returns a binary digest for the PBKDF2 hash algorithm of `data`
+ with the given `salt`. It iterates `iterations` times and produces a
+ key of `keylen` bytes. By default, SHA-256 is used as hash function;
+ a different hashlib `hashfunc` can be provided.
+
+ .. versionadded:: 0.9
+
+ :param data: the data to derive.
+ :param salt: the salt for the derivation.
+ :param iterations: the number of iterations.
+ :param keylen: the length of the resulting key. If not provided
+ the digest size will be used.
+ :param hashfunc: the hash function to use. This can either be the
+ string name of a known hash function or a function
+ from the hashlib module. Defaults to sha256.
+ """
+ if isinstance(hashfunc, string_types):
+ hashfunc = _hash_funcs[hashfunc]
+ elif not hashfunc:
+ hashfunc = hashlib.sha256
+ data = to_bytes(data)
+ salt = to_bytes(salt)
+
+ # If we're on Python with pbkdf2_hmac we can try to use it for
+ # compatible digests.
+ if _has_native_pbkdf2:
+ _test_hash = hashfunc()
+ if hasattr(_test_hash, 'name') and \
+ _test_hash.name in _hash_funcs:
+ return hashlib.pbkdf2_hmac(_test_hash.name,
+ data, salt, iterations,
+ keylen)
+
+ mac = hmac.HMAC(data, None, hashfunc)
+ if not keylen:
+ keylen = mac.digest_size
+
+ def _pseudorandom(x, mac=mac):
+ h = mac.copy()
+ h.update(x)
+ return bytearray(h.digest())
+ buf = bytearray()
+ for block in range_type(1, -(-keylen // mac.digest_size) + 1):
+ rv = u = _pseudorandom(salt + _pack_int(block))
+ for i in range_type(iterations - 1):
+ u = _pseudorandom(bytes(u))
+ rv = bytearray(starmap(xor, izip(rv, u)))
+ buf.extend(rv)
+ return bytes(buf[:keylen])
+
+
+def safe_str_cmp(a, b):
+ """This function compares strings in somewhat constant time. This
+ requires that the length of at least one string is known in advance.
+
+ Returns `True` if the two strings are equal, or `False` if they are not.
+
+ .. versionadded:: 0.7
+ """
+ if isinstance(a, text_type):
+ a = a.encode('utf-8')
+ if isinstance(b, text_type):
+ b = b.encode('utf-8')
+
+ if _builtin_safe_str_cmp is not None:
+ return _builtin_safe_str_cmp(a, b)
+
+ if len(a) != len(b):
+ return False
+
+ rv = 0
+ if PY2:
+ for x, y in izip(a, b):
+ rv |= ord(x) ^ ord(y)
+ else:
+ for x, y in izip(a, b):
+ rv |= x ^ y
+
+ return rv == 0
+
+
+def gen_salt(length):
+ """Generate a random string of SALT_CHARS with specified ``length``."""
+ if length <= 0:
+ raise ValueError('Salt length must be positive')
+ return ''.join(_sys_rng.choice(SALT_CHARS) for _ in range_type(length))
+
+
+def _hash_internal(method, salt, password):
+ """Internal password hash helper. Supports plaintext without salt,
+ unsalted and salted passwords. In case salted passwords are used
+ hmac is used.
+ """
+ if method == 'plain':
+ return password, method
+
+ if isinstance(password, text_type):
+ password = password.encode('utf-8')
+
+ if method.startswith('pbkdf2:'):
+ args = method[7:].split(':')
+ if len(args) not in (1, 2):
+ raise ValueError('Invalid number of arguments for PBKDF2')
+ method = args.pop(0)
+ iterations = args and int(args[0] or 0) or DEFAULT_PBKDF2_ITERATIONS
+ is_pbkdf2 = True
+ actual_method = 'pbkdf2:%s:%d' % (method, iterations)
+ else:
+ is_pbkdf2 = False
+ actual_method = method
+
+ hash_func = _hash_funcs.get(method)
+ if hash_func is None:
+ raise TypeError('invalid method %r' % method)
+
+ if is_pbkdf2:
+ if not salt:
+ raise ValueError('Salt is required for PBKDF2')
+ rv = pbkdf2_hex(password, salt, iterations,
+ hashfunc=hash_func)
+ elif salt:
+ if isinstance(salt, text_type):
+ salt = salt.encode('utf-8')
+ rv = hmac.HMAC(salt, password, hash_func).hexdigest()
+ else:
+ h = hash_func()
+ h.update(password)
+ rv = h.hexdigest()
+ return rv, actual_method
+
+
+def generate_password_hash(password, method='pbkdf2:sha256', salt_length=8):
+ """Hash a password with the given method and salt with a string of
+ the given length. The format of the string returned includes the method
+ that was used so that :func:`check_password_hash` can check the hash.
+
+ The format for the hashed string looks like this::
+
+ method$salt$hash
+
+ This method can **not** generate unsalted passwords but it is possible
+ to set param method='plain' in order to enforce plaintext passwords.
+ If a salt is used, hmac is used internally to salt the password.
+
+ If PBKDF2 is wanted it can be enabled by setting the method to
+ ``pbkdf2:method:iterations`` where iterations is optional::
+
+ pbkdf2:sha256:80000$salt$hash
+ pbkdf2:sha256$salt$hash
+
+ :param password: the password to hash.
+ :param method: the hash method to use (one that hashlib supports). Can
+ optionally be in the format ``pbkdf2:[:iterations]``
+ to enable PBKDF2.
+ :param salt_length: the length of the salt in letters.
+ """
+ salt = method != 'plain' and gen_salt(salt_length) or ''
+ h, actual_method = _hash_internal(method, salt, password)
+ return '%s$%s$%s' % (actual_method, salt, h)
+
+
+def check_password_hash(pwhash, password):
+ """check a password against a given salted and hashed password value.
+ In order to support unsalted legacy passwords this method supports
+ plain text passwords, md5 and sha1 hashes (both salted and unsalted).
+
+ Returns `True` if the password matched, `False` otherwise.
+
+ :param pwhash: a hashed string like returned by
+ :func:`generate_password_hash`.
+ :param password: the plaintext password to compare against the hash.
+ """
+ if pwhash.count('$') < 2:
+ return False
+ method, salt, hashval = pwhash.split('$', 2)
+ return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval)
+
+
+def safe_join(directory, *pathnames):
+ """Safely join `directory` and one or more untrusted `pathnames`. If this
+ cannot be done, this function returns ``None``.
+
+ :param directory: the base directory.
+ :param pathnames: the untrusted pathnames relative to that directory.
+ """
+ parts = [directory]
+ for filename in pathnames:
+ if filename != '':
+ filename = posixpath.normpath(filename)
+ for sep in _os_alt_seps:
+ if sep in filename:
+ return None
+ if os.path.isabs(filename) or \
+ filename == '..' or \
+ filename.startswith('../'):
+ return None
+ parts.append(filename)
+ return posixpath.join(*parts)
diff --git a/website/web/Lib/site-packages/werkzeug/serving.py b/website/web/Lib/site-packages/werkzeug/serving.py
new file mode 100644
index 000000000..902f1aa1c
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/serving.py
@@ -0,0 +1,862 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.serving
+ ~~~~~~~~~~~~~~~~
+
+ There are many ways to serve a WSGI application. While you're developing
+ it you usually don't want a full blown webserver like Apache but a simple
+ standalone one. From Python 2.5 onwards there is the `wsgiref`_ server in
+ the standard library. If you're using older versions of Python you can
+ download the package from the cheeseshop.
+
+ However there are some caveats. Sourcecode won't reload itself when
+ changed and each time you kill the server using ``^C`` you get an
+ `KeyboardInterrupt` error. While the latter is easy to solve the first
+ one can be a pain in the ass in some situations.
+
+ The easiest way is creating a small ``start-myproject.py`` that runs the
+ application::
+
+ #!/usr/bin/env python
+ # -*- coding: utf-8 -*-
+ from myproject import make_app
+ from werkzeug.serving import run_simple
+
+ app = make_app(...)
+ run_simple('localhost', 8080, app, use_reloader=True)
+
+ You can also pass it a `extra_files` keyword argument with a list of
+ additional files (like configuration files) you want to observe.
+
+ For bigger applications you should consider using `click`
+ (http://click.pocoo.org) instead of a simple start file.
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+from __future__ import with_statement
+
+import io
+import os
+import socket
+import sys
+import signal
+
+
+can_fork = hasattr(os, "fork")
+
+
+try:
+ import termcolor
+except ImportError:
+ termcolor = None
+
+try:
+ import ssl
+except ImportError:
+ class _SslDummy(object):
+ def __getattr__(self, name):
+ raise RuntimeError('SSL support unavailable')
+ ssl = _SslDummy()
+
+
+def _get_openssl_crypto_module():
+ try:
+ from OpenSSL import crypto
+ except ImportError:
+ raise TypeError('Using ad-hoc certificates requires the pyOpenSSL '
+ 'library.')
+ else:
+ return crypto
+
+
+try:
+ import SocketServer as socketserver
+ from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+except ImportError:
+ import socketserver
+ from http.server import HTTPServer, BaseHTTPRequestHandler
+
+ThreadingMixIn = socketserver.ThreadingMixIn
+
+if can_fork:
+ ForkingMixIn = socketserver.ForkingMixIn
+else:
+ class ForkingMixIn(object):
+ pass
+
+# important: do not use relative imports here or python -m will break
+import werkzeug
+from werkzeug._internal import _log
+from werkzeug._compat import PY2, WIN, reraise, wsgi_encoding_dance
+from werkzeug.urls import url_parse, url_unquote
+from werkzeug.exceptions import InternalServerError
+
+
+LISTEN_QUEUE = 128
+can_open_by_fd = not WIN and hasattr(socket, 'fromfd')
+
+
+class DechunkedInput(io.RawIOBase):
+ """An input stream that handles Transfer-Encoding 'chunked'"""
+
+ def __init__(self, rfile):
+ self._rfile = rfile
+ self._done = False
+ self._len = 0
+
+ def readable(self):
+ return True
+
+ def read_chunk_len(self):
+ try:
+ line = self._rfile.readline().decode('latin1')
+ _len = int(line.strip(), 16)
+ except ValueError:
+ raise IOError('Invalid chunk header')
+ if _len < 0:
+ raise IOError('Negative chunk length not allowed')
+ return _len
+
+ def readinto(self, buf):
+ read = 0
+ while not self._done and read < len(buf):
+ if self._len == 0:
+ # This is the first chunk or we fully consumed the previous
+ # one. Read the next length of the next chunk
+ self._len = self.read_chunk_len()
+
+ if self._len == 0:
+ # Found the final chunk of size 0. The stream is now exhausted,
+ # but there is still a final newline that should be consumed
+ self._done = True
+
+ if self._len > 0:
+ # There is data (left) in this chunk, so append it to the
+ # buffer. If this operation fully consumes the chunk, this will
+ # reset self._len to 0.
+ n = min(len(buf), self._len)
+ buf[read:read + n] = self._rfile.read(n)
+ self._len -= n
+ read += n
+
+ if self._len == 0:
+ # Skip the terminating newline of a chunk that has been fully
+ # consumed. This also applies to the 0-sized final chunk
+ terminator = self._rfile.readline()
+ if terminator not in (b'\n', b'\r\n', b'\r'):
+ raise IOError('Missing chunk terminating newline')
+
+ return read
+
+
+class WSGIRequestHandler(BaseHTTPRequestHandler, object):
+
+ """A request handler that implements WSGI dispatching."""
+
+ @property
+ def server_version(self):
+ return 'Werkzeug/' + werkzeug.__version__
+
+ def make_environ(self):
+ request_url = url_parse(self.path)
+
+ def shutdown_server():
+ self.server.shutdown_signal = True
+
+ url_scheme = self.server.ssl_context is None and 'http' or 'https'
+ path_info = url_unquote(request_url.path)
+
+ environ = {
+ 'wsgi.version': (1, 0),
+ 'wsgi.url_scheme': url_scheme,
+ 'wsgi.input': self.rfile,
+ 'wsgi.errors': sys.stderr,
+ 'wsgi.multithread': self.server.multithread,
+ 'wsgi.multiprocess': self.server.multiprocess,
+ 'wsgi.run_once': False,
+ 'werkzeug.server.shutdown': shutdown_server,
+ 'SERVER_SOFTWARE': self.server_version,
+ 'REQUEST_METHOD': self.command,
+ 'SCRIPT_NAME': '',
+ 'PATH_INFO': wsgi_encoding_dance(path_info),
+ 'QUERY_STRING': wsgi_encoding_dance(request_url.query),
+ 'REMOTE_ADDR': self.address_string(),
+ 'REMOTE_PORT': self.port_integer(),
+ 'SERVER_NAME': self.server.server_address[0],
+ 'SERVER_PORT': str(self.server.server_address[1]),
+ 'SERVER_PROTOCOL': self.request_version
+ }
+
+ for key, value in self.headers.items():
+ key = key.upper().replace('-', '_')
+ if key not in ('CONTENT_TYPE', 'CONTENT_LENGTH'):
+ key = 'HTTP_' + key
+ environ[key] = value
+
+ if environ.get('HTTP_TRANSFER_ENCODING', '').strip().lower() == 'chunked':
+ environ['wsgi.input_terminated'] = True
+ environ['wsgi.input'] = DechunkedInput(environ['wsgi.input'])
+
+ if request_url.scheme and request_url.netloc:
+ environ['HTTP_HOST'] = request_url.netloc
+
+ return environ
+
+ def run_wsgi(self):
+ if self.headers.get('Expect', '').lower().strip() == '100-continue':
+ self.wfile.write(b'HTTP/1.1 100 Continue\r\n\r\n')
+
+ self.environ = environ = self.make_environ()
+ headers_set = []
+ headers_sent = []
+
+ def write(data):
+ assert headers_set, 'write() before start_response'
+ if not headers_sent:
+ status, response_headers = headers_sent[:] = headers_set
+ try:
+ code, msg = status.split(None, 1)
+ except ValueError:
+ code, msg = status, ""
+ code = int(code)
+ self.send_response(code, msg)
+ header_keys = set()
+ for key, value in response_headers:
+ self.send_header(key, value)
+ key = key.lower()
+ header_keys.add(key)
+ if not ('content-length' in header_keys or
+ environ['REQUEST_METHOD'] == 'HEAD' or
+ code < 200 or code in (204, 304)):
+ self.close_connection = True
+ self.send_header('Connection', 'close')
+ if 'server' not in header_keys:
+ self.send_header('Server', self.version_string())
+ if 'date' not in header_keys:
+ self.send_header('Date', self.date_time_string())
+ self.end_headers()
+
+ assert isinstance(data, bytes), 'applications must write bytes'
+ self.wfile.write(data)
+ self.wfile.flush()
+
+ def start_response(status, response_headers, exc_info=None):
+ if exc_info:
+ try:
+ if headers_sent:
+ reraise(*exc_info)
+ finally:
+ exc_info = None
+ elif headers_set:
+ raise AssertionError('Headers already set')
+ headers_set[:] = [status, response_headers]
+ return write
+
+ def execute(app):
+ application_iter = app(environ, start_response)
+ try:
+ for data in application_iter:
+ write(data)
+ if not headers_sent:
+ write(b'')
+ finally:
+ if hasattr(application_iter, 'close'):
+ application_iter.close()
+ application_iter = None
+
+ try:
+ execute(self.server.app)
+ except (socket.error, socket.timeout) as e:
+ self.connection_dropped(e, environ)
+ except Exception:
+ if self.server.passthrough_errors:
+ raise
+ from werkzeug.debug.tbtools import get_current_traceback
+ traceback = get_current_traceback(ignore_system_exceptions=True)
+ try:
+ # if we haven't yet sent the headers but they are set
+ # we roll back to be able to set them again.
+ if not headers_sent:
+ del headers_set[:]
+ execute(InternalServerError())
+ except Exception:
+ pass
+ self.server.log('error', 'Error on request:\n%s',
+ traceback.plaintext)
+
+ def handle(self):
+ """Handles a request ignoring dropped connections."""
+ rv = None
+ try:
+ rv = BaseHTTPRequestHandler.handle(self)
+ except (socket.error, socket.timeout) as e:
+ self.connection_dropped(e)
+ except Exception:
+ if self.server.ssl_context is None or not is_ssl_error():
+ raise
+ if self.server.shutdown_signal:
+ self.initiate_shutdown()
+ return rv
+
+ def initiate_shutdown(self):
+ """A horrible, horrible way to kill the server for Python 2.6 and
+ later. It's the best we can do.
+ """
+ # Windows does not provide SIGKILL, go with SIGTERM then.
+ sig = getattr(signal, 'SIGKILL', signal.SIGTERM)
+ # reloader active
+ if os.environ.get('WERKZEUG_RUN_MAIN') == 'true':
+ os.kill(os.getpid(), sig)
+ # python 2.7
+ self.server._BaseServer__shutdown_request = True
+ # python 2.6
+ self.server._BaseServer__serving = False
+
+ def connection_dropped(self, error, environ=None):
+ """Called if the connection was closed by the client. By default
+ nothing happens.
+ """
+
+ def handle_one_request(self):
+ """Handle a single HTTP request."""
+ self.raw_requestline = self.rfile.readline()
+ if not self.raw_requestline:
+ self.close_connection = 1
+ elif self.parse_request():
+ return self.run_wsgi()
+
+ def send_response(self, code, message=None):
+ """Send the response header and log the response code."""
+ self.log_request(code)
+ if message is None:
+ message = code in self.responses and self.responses[code][0] or ''
+ if self.request_version != 'HTTP/0.9':
+ hdr = "%s %d %s\r\n" % (self.protocol_version, code, message)
+ self.wfile.write(hdr.encode('ascii'))
+
+ def version_string(self):
+ return BaseHTTPRequestHandler.version_string(self).strip()
+
+ def address_string(self):
+ if getattr(self, 'environ', None):
+ return self.environ['REMOTE_ADDR']
+ else:
+ return self.client_address[0]
+
+ def port_integer(self):
+ return self.client_address[1]
+
+ def log_request(self, code='-', size='-'):
+ msg = self.requestline
+ code = str(code)
+
+ if termcolor:
+ color = termcolor.colored
+
+ if code[0] == '1': # 1xx - Informational
+ msg = color(msg, attrs=['bold'])
+ elif code[0] == '2': # 2xx - Success
+ msg = color(msg, color='white')
+ elif code == '304': # 304 - Resource Not Modified
+ msg = color(msg, color='cyan')
+ elif code[0] == '3': # 3xx - Redirection
+ msg = color(msg, color='green')
+ elif code == '404': # 404 - Resource Not Found
+ msg = color(msg, color='yellow')
+ elif code[0] == '4': # 4xx - Client Error
+ msg = color(msg, color='red', attrs=['bold'])
+ else: # 5xx, or any other response
+ msg = color(msg, color='magenta', attrs=['bold'])
+
+ self.log('info', '"%s" %s %s', msg, code, size)
+
+ def log_error(self, *args):
+ self.log('error', *args)
+
+ def log_message(self, format, *args):
+ self.log('info', format, *args)
+
+ def log(self, type, message, *args):
+ _log(type, '%s - - [%s] %s\n' % (self.address_string(),
+ self.log_date_time_string(),
+ message % args))
+
+
+#: backwards compatible name if someone is subclassing it
+BaseRequestHandler = WSGIRequestHandler
+
+
+def generate_adhoc_ssl_pair(cn=None):
+ from random import random
+ crypto = _get_openssl_crypto_module()
+
+ # pretty damn sure that this is not actually accepted by anyone
+ if cn is None:
+ cn = '*'
+
+ cert = crypto.X509()
+ cert.set_serial_number(int(random() * sys.maxsize))
+ cert.gmtime_adj_notBefore(0)
+ cert.gmtime_adj_notAfter(60 * 60 * 24 * 365)
+
+ subject = cert.get_subject()
+ subject.CN = cn
+ subject.O = 'Dummy Certificate' # noqa: E741
+
+ issuer = cert.get_issuer()
+ issuer.CN = 'Untrusted Authority'
+ issuer.O = 'Self-Signed' # noqa: E741
+
+ pkey = crypto.PKey()
+ pkey.generate_key(crypto.TYPE_RSA, 2048)
+ cert.set_pubkey(pkey)
+ cert.sign(pkey, 'sha256')
+
+ return cert, pkey
+
+
+def make_ssl_devcert(base_path, host=None, cn=None):
+ """Creates an SSL key for development. This should be used instead of
+ the ``'adhoc'`` key which generates a new cert on each server start.
+ It accepts a path for where it should store the key and cert and
+ either a host or CN. If a host is given it will use the CN
+ ``*.host/CN=host``.
+
+ For more information see :func:`run_simple`.
+
+ .. versionadded:: 0.9
+
+ :param base_path: the path to the certificate and key. The extension
+ ``.crt`` is added for the certificate, ``.key`` is
+ added for the key.
+ :param host: the name of the host. This can be used as an alternative
+ for the `cn`.
+ :param cn: the `CN` to use.
+ """
+ from OpenSSL import crypto
+ if host is not None:
+ cn = '*.%s/CN=%s' % (host, host)
+ cert, pkey = generate_adhoc_ssl_pair(cn=cn)
+
+ cert_file = base_path + '.crt'
+ pkey_file = base_path + '.key'
+
+ with open(cert_file, 'wb') as f:
+ f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+ with open(pkey_file, 'wb') as f:
+ f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+
+ return cert_file, pkey_file
+
+
+def generate_adhoc_ssl_context():
+ """Generates an adhoc SSL context for the development server."""
+ crypto = _get_openssl_crypto_module()
+ import tempfile
+ import atexit
+
+ cert, pkey = generate_adhoc_ssl_pair()
+ cert_handle, cert_file = tempfile.mkstemp()
+ pkey_handle, pkey_file = tempfile.mkstemp()
+ atexit.register(os.remove, pkey_file)
+ atexit.register(os.remove, cert_file)
+
+ os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+ os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+ os.close(cert_handle)
+ os.close(pkey_handle)
+ ctx = load_ssl_context(cert_file, pkey_file)
+ return ctx
+
+
+def load_ssl_context(cert_file, pkey_file=None, protocol=None):
+ """Loads SSL context from cert/private key files and optional protocol.
+ Many parameters are directly taken from the API of
+ :py:class:`ssl.SSLContext`.
+
+ :param cert_file: Path of the certificate to use.
+ :param pkey_file: Path of the private key to use. If not given, the key
+ will be obtained from the certificate file.
+ :param protocol: One of the ``PROTOCOL_*`` constants in the stdlib ``ssl``
+ module. Defaults to ``PROTOCOL_SSLv23``.
+ """
+ if protocol is None:
+ protocol = ssl.PROTOCOL_SSLv23
+ ctx = _SSLContext(protocol)
+ ctx.load_cert_chain(cert_file, pkey_file)
+ return ctx
+
+
+class _SSLContext(object):
+
+ '''A dummy class with a small subset of Python3's ``ssl.SSLContext``, only
+ intended to be used with and by Werkzeug.'''
+
+ def __init__(self, protocol):
+ self._protocol = protocol
+ self._certfile = None
+ self._keyfile = None
+ self._password = None
+
+ def load_cert_chain(self, certfile, keyfile=None, password=None):
+ self._certfile = certfile
+ self._keyfile = keyfile or certfile
+ self._password = password
+
+ def wrap_socket(self, sock, **kwargs):
+ return ssl.wrap_socket(sock, keyfile=self._keyfile,
+ certfile=self._certfile,
+ ssl_version=self._protocol, **kwargs)
+
+
+def is_ssl_error(error=None):
+ """Checks if the given error (or the current one) is an SSL error."""
+ exc_types = (ssl.SSLError,)
+ try:
+ from OpenSSL.SSL import Error
+ exc_types += (Error,)
+ except ImportError:
+ pass
+
+ if error is None:
+ error = sys.exc_info()[1]
+ return isinstance(error, exc_types)
+
+
+def select_ip_version(host, port):
+ """Returns AF_INET4 or AF_INET6 depending on where to connect to."""
+ # disabled due to problems with current ipv6 implementations
+ # and various operating systems. Probably this code also is
+ # not supposed to work, but I can't come up with any other
+ # ways to implement this.
+ # try:
+ # info = socket.getaddrinfo(host, port, socket.AF_UNSPEC,
+ # socket.SOCK_STREAM, 0,
+ # socket.AI_PASSIVE)
+ # if info:
+ # return info[0][0]
+ # except socket.gaierror:
+ # pass
+ if ':' in host and hasattr(socket, 'AF_INET6'):
+ return socket.AF_INET6
+ return socket.AF_INET
+
+
+def get_sockaddr(host, port, family):
+ """Returns a fully qualified socket address, that can properly used by
+ socket.bind"""
+ try:
+ res = socket.getaddrinfo(host, port, family,
+ socket.SOCK_STREAM, socket.SOL_TCP)
+ except socket.gaierror:
+ return (host, port)
+ return res[0][4]
+
+
+class BaseWSGIServer(HTTPServer, object):
+
+ """Simple single-threaded, single-process WSGI server."""
+ multithread = False
+ multiprocess = False
+ request_queue_size = LISTEN_QUEUE
+
+ def __init__(self, host, port, app, handler=None,
+ passthrough_errors=False, ssl_context=None, fd=None):
+ if handler is None:
+ handler = WSGIRequestHandler
+
+ self.address_family = select_ip_version(host, port)
+
+ if fd is not None:
+ real_sock = socket.fromfd(fd, self.address_family,
+ socket.SOCK_STREAM)
+ port = 0
+ HTTPServer.__init__(self, get_sockaddr(host, int(port),
+ self.address_family), handler)
+ self.app = app
+ self.passthrough_errors = passthrough_errors
+ self.shutdown_signal = False
+ self.host = host
+ self.port = self.socket.getsockname()[1]
+
+ # Patch in the original socket.
+ if fd is not None:
+ self.socket.close()
+ self.socket = real_sock
+ self.server_address = self.socket.getsockname()
+
+ if ssl_context is not None:
+ if isinstance(ssl_context, tuple):
+ ssl_context = load_ssl_context(*ssl_context)
+ if ssl_context == 'adhoc':
+ ssl_context = generate_adhoc_ssl_context()
+ # If we are on Python 2 the return value from socket.fromfd
+ # is an internal socket object but what we need for ssl wrap
+ # is the wrapper around it :(
+ sock = self.socket
+ if PY2 and not isinstance(sock, socket.socket):
+ sock = socket.socket(sock.family, sock.type, sock.proto, sock)
+ self.socket = ssl_context.wrap_socket(sock, server_side=True)
+ self.ssl_context = ssl_context
+ else:
+ self.ssl_context = None
+
+ def log(self, type, message, *args):
+ _log(type, message, *args)
+
+ def serve_forever(self):
+ self.shutdown_signal = False
+ try:
+ HTTPServer.serve_forever(self)
+ except KeyboardInterrupt:
+ pass
+ finally:
+ self.server_close()
+
+ def handle_error(self, request, client_address):
+ if self.passthrough_errors:
+ raise
+ return HTTPServer.handle_error(self, request, client_address)
+
+ def get_request(self):
+ con, info = self.socket.accept()
+ return con, info
+
+
+class ThreadedWSGIServer(ThreadingMixIn, BaseWSGIServer):
+
+ """A WSGI server that does threading."""
+ multithread = True
+ daemon_threads = True
+
+
+class ForkingWSGIServer(ForkingMixIn, BaseWSGIServer):
+
+ """A WSGI server that does forking."""
+ multiprocess = True
+
+ def __init__(self, host, port, app, processes=40, handler=None,
+ passthrough_errors=False, ssl_context=None, fd=None):
+ if not can_fork:
+ raise ValueError('Your platform does not support forking.')
+ BaseWSGIServer.__init__(self, host, port, app, handler,
+ passthrough_errors, ssl_context, fd)
+ self.max_children = processes
+
+
+def make_server(host=None, port=None, app=None, threaded=False, processes=1,
+ request_handler=None, passthrough_errors=False,
+ ssl_context=None, fd=None):
+ """Create a new server instance that is either threaded, or forks
+ or just processes one request after another.
+ """
+ if threaded and processes > 1:
+ raise ValueError("cannot have a multithreaded and "
+ "multi process server.")
+ elif threaded:
+ return ThreadedWSGIServer(host, port, app, request_handler,
+ passthrough_errors, ssl_context, fd=fd)
+ elif processes > 1:
+ return ForkingWSGIServer(host, port, app, processes, request_handler,
+ passthrough_errors, ssl_context, fd=fd)
+ else:
+ return BaseWSGIServer(host, port, app, request_handler,
+ passthrough_errors, ssl_context, fd=fd)
+
+
+def is_running_from_reloader():
+ """Checks if the application is running from within the Werkzeug
+ reloader subprocess.
+
+ .. versionadded:: 0.10
+ """
+ return os.environ.get('WERKZEUG_RUN_MAIN') == 'true'
+
+
+def run_simple(hostname, port, application, use_reloader=False,
+ use_debugger=False, use_evalex=True,
+ extra_files=None, reloader_interval=1,
+ reloader_type='auto', threaded=False,
+ processes=1, request_handler=None, static_files=None,
+ passthrough_errors=False, ssl_context=None):
+ """Start a WSGI application. Optional features include a reloader,
+ multithreading and fork support.
+
+ This function has a command-line interface too::
+
+ python -m werkzeug.serving --help
+
+ .. versionadded:: 0.5
+ `static_files` was added to simplify serving of static files as well
+ as `passthrough_errors`.
+
+ .. versionadded:: 0.6
+ support for SSL was added.
+
+ .. versionadded:: 0.8
+ Added support for automatically loading a SSL context from certificate
+ file and private key.
+
+ .. versionadded:: 0.9
+ Added command-line interface.
+
+ .. versionadded:: 0.10
+ Improved the reloader and added support for changing the backend
+ through the `reloader_type` parameter. See :ref:`reloader`
+ for more information.
+
+ :param hostname: The host for the application. eg: ``'localhost'``
+ :param port: The port for the server. eg: ``8080``
+ :param application: the WSGI application to execute
+ :param use_reloader: should the server automatically restart the python
+ process if modules were changed?
+ :param use_debugger: should the werkzeug debugging system be used?
+ :param use_evalex: should the exception evaluation feature be enabled?
+ :param extra_files: a list of files the reloader should watch
+ additionally to the modules. For example configuration
+ files.
+ :param reloader_interval: the interval for the reloader in seconds.
+ :param reloader_type: the type of reloader to use. The default is
+ auto detection. Valid values are ``'stat'`` and
+ ``'watchdog'``. See :ref:`reloader` for more
+ information.
+ :param threaded: should the process handle each request in a separate
+ thread?
+ :param processes: if greater than 1 then handle each request in a new process
+ up to this maximum number of concurrent processes.
+ :param request_handler: optional parameter that can be used to replace
+ the default one. You can use this to replace it
+ with a different
+ :class:`~BaseHTTPServer.BaseHTTPRequestHandler`
+ subclass.
+ :param static_files: a list or dict of paths for static files. This works
+ exactly like :class:`SharedDataMiddleware`, it's actually
+ just wrapping the application in that middleware before
+ serving.
+ :param passthrough_errors: set this to `True` to disable the error catching.
+ This means that the server will die on errors but
+ it can be useful to hook debuggers in (pdb etc.)
+ :param ssl_context: an SSL context for the connection. Either an
+ :class:`ssl.SSLContext`, a tuple in the form
+ ``(cert_file, pkey_file)``, the string ``'adhoc'`` if
+ the server should automatically create one, or ``None``
+ to disable SSL (which is the default).
+ """
+ if not isinstance(port, int):
+ raise TypeError('port must be an integer')
+ if use_debugger:
+ from werkzeug.debug import DebuggedApplication
+ application = DebuggedApplication(application, use_evalex)
+ if static_files:
+ from werkzeug.wsgi import SharedDataMiddleware
+ application = SharedDataMiddleware(application, static_files)
+
+ def log_startup(sock):
+ display_hostname = hostname not in ('', '*') and hostname or 'localhost'
+ if ':' in display_hostname:
+ display_hostname = '[%s]' % display_hostname
+ quit_msg = '(Press CTRL+C to quit)'
+ port = sock.getsockname()[1]
+ _log('info', ' * Running on %s://%s:%d/ %s',
+ ssl_context is None and 'http' or 'https',
+ display_hostname, port, quit_msg)
+
+ def inner():
+ try:
+ fd = int(os.environ['WERKZEUG_SERVER_FD'])
+ except (LookupError, ValueError):
+ fd = None
+ srv = make_server(hostname, port, application, threaded,
+ processes, request_handler,
+ passthrough_errors, ssl_context,
+ fd=fd)
+ if fd is None:
+ log_startup(srv.socket)
+ srv.serve_forever()
+
+ if use_reloader:
+ # If we're not running already in the subprocess that is the
+ # reloader we want to open up a socket early to make sure the
+ # port is actually available.
+ if os.environ.get('WERKZEUG_RUN_MAIN') != 'true':
+ if port == 0 and not can_open_by_fd:
+ raise ValueError('Cannot bind to a random port with enabled '
+ 'reloader if the Python interpreter does '
+ 'not support socket opening by fd.')
+
+ # Create and destroy a socket so that any exceptions are
+ # raised before we spawn a separate Python interpreter and
+ # lose this ability.
+ address_family = select_ip_version(hostname, port)
+ s = socket.socket(address_family, socket.SOCK_STREAM)
+ s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+ s.bind(get_sockaddr(hostname, port, address_family))
+ if hasattr(s, 'set_inheritable'):
+ s.set_inheritable(True)
+
+ # If we can open the socket by file descriptor, then we can just
+ # reuse this one and our socket will survive the restarts.
+ if can_open_by_fd:
+ os.environ['WERKZEUG_SERVER_FD'] = str(s.fileno())
+ s.listen(LISTEN_QUEUE)
+ log_startup(s)
+ else:
+ s.close()
+
+ # Do not use relative imports, otherwise "python -m werkzeug.serving"
+ # breaks.
+ from werkzeug._reloader import run_with_reloader
+ run_with_reloader(inner, extra_files, reloader_interval,
+ reloader_type)
+ else:
+ inner()
+
+
+def run_with_reloader(*args, **kwargs):
+ # People keep using undocumented APIs. Do not use this function
+ # please, we do not guarantee that it continues working.
+ from werkzeug._reloader import run_with_reloader
+ return run_with_reloader(*args, **kwargs)
+
+
+def main():
+ '''A simple command-line interface for :py:func:`run_simple`.'''
+
+ # in contrast to argparse, this works at least under Python < 2.7
+ import optparse
+ from werkzeug.utils import import_string
+
+ parser = optparse.OptionParser(
+ usage='Usage: %prog [options] app_module:app_object')
+ parser.add_option('-b', '--bind', dest='address',
+ help='The hostname:port the app should listen on.')
+ parser.add_option('-d', '--debug', dest='use_debugger',
+ action='store_true', default=False,
+ help='Use Werkzeug\'s debugger.')
+ parser.add_option('-r', '--reload', dest='use_reloader',
+ action='store_true', default=False,
+ help='Reload Python process if modules change.')
+ options, args = parser.parse_args()
+
+ hostname, port = None, None
+ if options.address:
+ address = options.address.split(':')
+ hostname = address[0]
+ if len(address) > 1:
+ port = address[1]
+
+ if len(args) != 1:
+ sys.stdout.write('No application supplied, or too much. See --help\n')
+ sys.exit(1)
+ app = import_string(args[0])
+
+ run_simple(
+ hostname=(hostname or '127.0.0.1'), port=int(port or 5000),
+ application=app, use_reloader=options.use_reloader,
+ use_debugger=options.use_debugger
+ )
+
+if __name__ == '__main__':
+ main()
diff --git a/website/web/Lib/site-packages/werkzeug/test.py b/website/web/Lib/site-packages/werkzeug/test.py
new file mode 100644
index 000000000..acd21793d
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/test.py
@@ -0,0 +1,948 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.test
+ ~~~~~~~~~~~~~
+
+ This module implements a client to WSGI applications for testing.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import sys
+import mimetypes
+from time import time
+from random import random
+from itertools import chain
+from tempfile import TemporaryFile
+from io import BytesIO
+
+try:
+ from urllib2 import Request as U2Request
+except ImportError:
+ from urllib.request import Request as U2Request
+try:
+ from http.cookiejar import CookieJar
+except ImportError: # Py2
+ from cookielib import CookieJar
+
+from werkzeug._compat import iterlists, iteritems, itervalues, to_bytes, \
+ string_types, text_type, reraise, wsgi_encoding_dance, \
+ make_literal_wrapper
+from werkzeug._internal import _empty_stream, _get_environ
+from werkzeug.wrappers import BaseRequest
+from werkzeug.urls import url_encode, url_fix, iri_to_uri, url_unquote, \
+ url_unparse, url_parse
+from werkzeug.wsgi import get_host, get_current_url, ClosingIterator
+from werkzeug.utils import dump_cookie, get_content_type
+from werkzeug.datastructures import FileMultiDict, MultiDict, \
+ CombinedMultiDict, Headers, FileStorage, CallbackDict
+from werkzeug.http import dump_options_header, parse_options_header
+
+
+def stream_encode_multipart(values, use_tempfile=True, threshold=1024 * 500,
+ boundary=None, charset='utf-8'):
+ """Encode a dict of values (either strings or file descriptors or
+ :class:`FileStorage` objects.) into a multipart encoded string stored
+ in a file descriptor.
+ """
+ if boundary is None:
+ boundary = '---------------WerkzeugFormPart_%s%s' % (time(), random())
+ _closure = [BytesIO(), 0, False]
+
+ if use_tempfile:
+ def write_binary(string):
+ stream, total_length, on_disk = _closure
+ if on_disk:
+ stream.write(string)
+ else:
+ length = len(string)
+ if length + _closure[1] <= threshold:
+ stream.write(string)
+ else:
+ new_stream = TemporaryFile('wb+')
+ new_stream.write(stream.getvalue())
+ new_stream.write(string)
+ _closure[0] = new_stream
+ _closure[2] = True
+ _closure[1] = total_length + length
+ else:
+ write_binary = _closure[0].write
+
+ def write(string):
+ write_binary(string.encode(charset))
+
+ if not isinstance(values, MultiDict):
+ values = MultiDict(values)
+
+ for key, values in iterlists(values):
+ for value in values:
+ write('--%s\r\nContent-Disposition: form-data; name="%s"' %
+ (boundary, key))
+ reader = getattr(value, 'read', None)
+ if reader is not None:
+ filename = getattr(value, 'filename',
+ getattr(value, 'name', None))
+ content_type = getattr(value, 'content_type', None)
+ if content_type is None:
+ content_type = filename and \
+ mimetypes.guess_type(filename)[0] or \
+ 'application/octet-stream'
+ if filename is not None:
+ write('; filename="%s"\r\n' % filename)
+ else:
+ write('\r\n')
+ write('Content-Type: %s\r\n\r\n' % content_type)
+ while 1:
+ chunk = reader(16384)
+ if not chunk:
+ break
+ write_binary(chunk)
+ else:
+ if not isinstance(value, string_types):
+ value = str(value)
+
+ value = to_bytes(value, charset)
+ write('\r\n\r\n')
+ write_binary(value)
+ write('\r\n')
+ write('--%s--\r\n' % boundary)
+
+ length = int(_closure[0].tell())
+ _closure[0].seek(0)
+ return _closure[0], length, boundary
+
+
+def encode_multipart(values, boundary=None, charset='utf-8'):
+ """Like `stream_encode_multipart` but returns a tuple in the form
+ (``boundary``, ``data``) where data is a bytestring.
+ """
+ stream, length, boundary = stream_encode_multipart(
+ values, use_tempfile=False, boundary=boundary, charset=charset)
+ return boundary, stream.read()
+
+
+def File(fd, filename=None, mimetype=None):
+ """Backwards compat."""
+ from warnings import warn
+ warn(DeprecationWarning('werkzeug.test.File is deprecated, use the '
+ 'EnvironBuilder or FileStorage instead'))
+ return FileStorage(fd, filename=filename, content_type=mimetype)
+
+
+class _TestCookieHeaders(object):
+
+ """A headers adapter for cookielib
+ """
+
+ def __init__(self, headers):
+ self.headers = headers
+
+ def getheaders(self, name):
+ headers = []
+ name = name.lower()
+ for k, v in self.headers:
+ if k.lower() == name:
+ headers.append(v)
+ return headers
+
+ def get_all(self, name, default=None):
+ rv = []
+ for k, v in self.headers:
+ if k.lower() == name.lower():
+ rv.append(v)
+ return rv or default or []
+
+
+class _TestCookieResponse(object):
+
+ """Something that looks like a httplib.HTTPResponse, but is actually just an
+ adapter for our test responses to make them available for cookielib.
+ """
+
+ def __init__(self, headers):
+ self.headers = _TestCookieHeaders(headers)
+
+ def info(self):
+ return self.headers
+
+
+class _TestCookieJar(CookieJar):
+
+ """A cookielib.CookieJar modified to inject and read cookie headers from
+ and to wsgi environments, and wsgi application responses.
+ """
+
+ def inject_wsgi(self, environ):
+ """Inject the cookies as client headers into the server's wsgi
+ environment.
+ """
+ cvals = []
+ for cookie in self:
+ cvals.append('%s=%s' % (cookie.name, cookie.value))
+ if cvals:
+ environ['HTTP_COOKIE'] = '; '.join(cvals)
+
+ def extract_wsgi(self, environ, headers):
+ """Extract the server's set-cookie headers as cookies into the
+ cookie jar.
+ """
+ self.extract_cookies(
+ _TestCookieResponse(headers),
+ U2Request(get_current_url(environ)),
+ )
+
+
+def _iter_data(data):
+ """Iterates over a `dict` or :class:`MultiDict` yielding all keys and
+ values.
+ This is used to iterate over the data passed to the
+ :class:`EnvironBuilder`.
+ """
+ if isinstance(data, MultiDict):
+ for key, values in iterlists(data):
+ for value in values:
+ yield key, value
+ else:
+ for key, values in iteritems(data):
+ if isinstance(values, list):
+ for value in values:
+ yield key, value
+ else:
+ yield key, values
+
+
+class EnvironBuilder(object):
+
+ """This class can be used to conveniently create a WSGI environment
+ for testing purposes. It can be used to quickly create WSGI environments
+ or request objects from arbitrary data.
+
+ The signature of this class is also used in some other places as of
+ Werkzeug 0.5 (:func:`create_environ`, :meth:`BaseResponse.from_values`,
+ :meth:`Client.open`). Because of this most of the functionality is
+ available through the constructor alone.
+
+ Files and regular form data can be manipulated independently of each
+ other with the :attr:`form` and :attr:`files` attributes, but are
+ passed with the same argument to the constructor: `data`.
+
+ `data` can be any of these values:
+
+ - a `str` or `bytes` object: The object is converted into an
+ :attr:`input_stream`, the :attr:`content_length` is set and you have to
+ provide a :attr:`content_type`.
+ - a `dict` or :class:`MultiDict`: The keys have to be strings. The values
+ have to be either any of the following objects, or a list of any of the
+ following objects:
+
+ - a :class:`file`-like object: These are converted into
+ :class:`FileStorage` objects automatically.
+ - a `tuple`: The :meth:`~FileMultiDict.add_file` method is called
+ with the key and the unpacked `tuple` items as positional
+ arguments.
+ - a `str`: The string is set as form data for the associated key.
+ - a file-like object: The object content is loaded in memory and then
+ handled like a regular `str` or a `bytes`.
+
+ .. versionadded:: 0.6
+ `path` and `base_url` can now be unicode strings that are encoded using
+ the :func:`iri_to_uri` function.
+
+ :param path: the path of the request. In the WSGI environment this will
+ end up as `PATH_INFO`. If the `query_string` is not defined
+ and there is a question mark in the `path` everything after
+ it is used as query string.
+ :param base_url: the base URL is a URL that is used to extract the WSGI
+ URL scheme, host (server name + server port) and the
+ script root (`SCRIPT_NAME`).
+ :param query_string: an optional string or dict with URL parameters.
+ :param method: the HTTP method to use, defaults to `GET`.
+ :param input_stream: an optional input stream. Do not specify this and
+ `data`. As soon as an input stream is set you can't
+ modify :attr:`args` and :attr:`files` unless you
+ set the :attr:`input_stream` to `None` again.
+ :param content_type: The content type for the request. As of 0.5 you
+ don't have to provide this when specifying files
+ and form data via `data`.
+ :param content_length: The content length for the request. You don't
+ have to specify this when providing data via
+ `data`.
+ :param errors_stream: an optional error stream that is used for
+ `wsgi.errors`. Defaults to :data:`stderr`.
+ :param multithread: controls `wsgi.multithread`. Defaults to `False`.
+ :param multiprocess: controls `wsgi.multiprocess`. Defaults to `False`.
+ :param run_once: controls `wsgi.run_once`. Defaults to `False`.
+ :param headers: an optional list or :class:`Headers` object of headers.
+ :param data: a string or dict of form data or a file-object.
+ See explanation above.
+ :param environ_base: an optional dict of environment defaults.
+ :param environ_overrides: an optional dict of environment overrides.
+ :param charset: the charset used to encode unicode data.
+ """
+
+ #: the server protocol to use. defaults to HTTP/1.1
+ server_protocol = 'HTTP/1.1'
+
+ #: the wsgi version to use. defaults to (1, 0)
+ wsgi_version = (1, 0)
+
+ #: the default request class for :meth:`get_request`
+ request_class = BaseRequest
+
+ def __init__(self, path='/', base_url=None, query_string=None,
+ method='GET', input_stream=None, content_type=None,
+ content_length=None, errors_stream=None, multithread=False,
+ multiprocess=False, run_once=False, headers=None, data=None,
+ environ_base=None, environ_overrides=None, charset='utf-8',
+ mimetype=None):
+ path_s = make_literal_wrapper(path)
+ if query_string is None and path_s('?') in path:
+ path, query_string = path.split(path_s('?'), 1)
+ self.charset = charset
+ self.path = iri_to_uri(path)
+ if base_url is not None:
+ base_url = url_fix(iri_to_uri(base_url, charset), charset)
+ self.base_url = base_url
+ if isinstance(query_string, (bytes, text_type)):
+ self.query_string = query_string
+ else:
+ if query_string is None:
+ query_string = MultiDict()
+ elif not isinstance(query_string, MultiDict):
+ query_string = MultiDict(query_string)
+ self.args = query_string
+ self.method = method
+ if headers is None:
+ headers = Headers()
+ elif not isinstance(headers, Headers):
+ headers = Headers(headers)
+ self.headers = headers
+ if content_type is not None:
+ self.content_type = content_type
+ if errors_stream is None:
+ errors_stream = sys.stderr
+ self.errors_stream = errors_stream
+ self.multithread = multithread
+ self.multiprocess = multiprocess
+ self.run_once = run_once
+ self.environ_base = environ_base
+ self.environ_overrides = environ_overrides
+ self.input_stream = input_stream
+ self.content_length = content_length
+ self.closed = False
+
+ if data:
+ if input_stream is not None:
+ raise TypeError('can\'t provide input stream and data')
+ if hasattr(data, 'read'):
+ data = data.read()
+ if isinstance(data, text_type):
+ data = data.encode(self.charset)
+ if isinstance(data, bytes):
+ self.input_stream = BytesIO(data)
+ if self.content_length is None:
+ self.content_length = len(data)
+ else:
+ for key, value in _iter_data(data):
+ if isinstance(value, (tuple, dict)) or \
+ hasattr(value, 'read'):
+ self._add_file_from_data(key, value)
+ else:
+ self.form.setlistdefault(key).append(value)
+
+ if mimetype is not None:
+ self.mimetype = mimetype
+
+ def _add_file_from_data(self, key, value):
+ """Called in the EnvironBuilder to add files from the data dict."""
+ if isinstance(value, tuple):
+ self.files.add_file(key, *value)
+ elif isinstance(value, dict):
+ from warnings import warn
+ warn(DeprecationWarning('it\'s no longer possible to pass dicts '
+ 'as `data`. Use tuples or FileStorage '
+ 'objects instead'), stacklevel=2)
+ value = dict(value)
+ mimetype = value.pop('mimetype', None)
+ if mimetype is not None:
+ value['content_type'] = mimetype
+ self.files.add_file(key, **value)
+ else:
+ self.files.add_file(key, value)
+
+ def _get_base_url(self):
+ return url_unparse((self.url_scheme, self.host,
+ self.script_root, '', '')).rstrip('/') + '/'
+
+ def _set_base_url(self, value):
+ if value is None:
+ scheme = 'http'
+ netloc = 'localhost'
+ script_root = ''
+ else:
+ scheme, netloc, script_root, qs, anchor = url_parse(value)
+ if qs or anchor:
+ raise ValueError('base url must not contain a query string '
+ 'or fragment')
+ self.script_root = script_root.rstrip('/')
+ self.host = netloc
+ self.url_scheme = scheme
+
+ base_url = property(_get_base_url, _set_base_url, doc='''
+ The base URL is a URL that is used to extract the WSGI
+ URL scheme, host (server name + server port) and the
+ script root (`SCRIPT_NAME`).''')
+ del _get_base_url, _set_base_url
+
+ def _get_content_type(self):
+ ct = self.headers.get('Content-Type')
+ if ct is None and not self._input_stream:
+ if self._files:
+ return 'multipart/form-data'
+ elif self._form:
+ return 'application/x-www-form-urlencoded'
+ return None
+ return ct
+
+ def _set_content_type(self, value):
+ if value is None:
+ self.headers.pop('Content-Type', None)
+ else:
+ self.headers['Content-Type'] = value
+
+ content_type = property(_get_content_type, _set_content_type, doc='''
+ The content type for the request. Reflected from and to the
+ :attr:`headers`. Do not set if you set :attr:`files` or
+ :attr:`form` for auto detection.''')
+ del _get_content_type, _set_content_type
+
+ def _get_content_length(self):
+ return self.headers.get('Content-Length', type=int)
+
+ def _get_mimetype(self):
+ ct = self.content_type
+ if ct:
+ return ct.split(';')[0].strip()
+
+ def _set_mimetype(self, value):
+ self.content_type = get_content_type(value, self.charset)
+
+ def _get_mimetype_params(self):
+ def on_update(d):
+ self.headers['Content-Type'] = \
+ dump_options_header(self.mimetype, d)
+ d = parse_options_header(self.headers.get('content-type', ''))[1]
+ return CallbackDict(d, on_update)
+
+ mimetype = property(_get_mimetype, _set_mimetype, doc='''
+ The mimetype (content type without charset etc.)
+
+ .. versionadded:: 0.14
+ ''')
+ mimetype_params = property(_get_mimetype_params, doc='''
+ The mimetype parameters as dict. For example if the content
+ type is ``text/html; charset=utf-8`` the params would be
+ ``{'charset': 'utf-8'}``.
+
+ .. versionadded:: 0.14
+ ''')
+ del _get_mimetype, _set_mimetype, _get_mimetype_params
+
+ def _set_content_length(self, value):
+ if value is None:
+ self.headers.pop('Content-Length', None)
+ else:
+ self.headers['Content-Length'] = str(value)
+
+ content_length = property(_get_content_length, _set_content_length, doc='''
+ The content length as integer. Reflected from and to the
+ :attr:`headers`. Do not set if you set :attr:`files` or
+ :attr:`form` for auto detection.''')
+ del _get_content_length, _set_content_length
+
+ def form_property(name, storage, doc):
+ key = '_' + name
+
+ def getter(self):
+ if self._input_stream is not None:
+ raise AttributeError('an input stream is defined')
+ rv = getattr(self, key)
+ if rv is None:
+ rv = storage()
+ setattr(self, key, rv)
+
+ return rv
+
+ def setter(self, value):
+ self._input_stream = None
+ setattr(self, key, value)
+ return property(getter, setter, doc=doc)
+
+ form = form_property('form', MultiDict, doc='''
+ A :class:`MultiDict` of form values.''')
+ files = form_property('files', FileMultiDict, doc='''
+ A :class:`FileMultiDict` of uploaded files. You can use the
+ :meth:`~FileMultiDict.add_file` method to add new files to the
+ dict.''')
+ del form_property
+
+ def _get_input_stream(self):
+ return self._input_stream
+
+ def _set_input_stream(self, value):
+ self._input_stream = value
+ self._form = self._files = None
+
+ input_stream = property(_get_input_stream, _set_input_stream, doc='''
+ An optional input stream. If you set this it will clear
+ :attr:`form` and :attr:`files`.''')
+ del _get_input_stream, _set_input_stream
+
+ def _get_query_string(self):
+ if self._query_string is None:
+ if self._args is not None:
+ return url_encode(self._args, charset=self.charset)
+ return ''
+ return self._query_string
+
+ def _set_query_string(self, value):
+ self._query_string = value
+ self._args = None
+
+ query_string = property(_get_query_string, _set_query_string, doc='''
+ The query string. If you set this to a string :attr:`args` will
+ no longer be available.''')
+ del _get_query_string, _set_query_string
+
+ def _get_args(self):
+ if self._query_string is not None:
+ raise AttributeError('a query string is defined')
+ if self._args is None:
+ self._args = MultiDict()
+ return self._args
+
+ def _set_args(self, value):
+ self._query_string = None
+ self._args = value
+
+ args = property(_get_args, _set_args, doc='''
+ The URL arguments as :class:`MultiDict`.''')
+ del _get_args, _set_args
+
+ @property
+ def server_name(self):
+ """The server name (read-only, use :attr:`host` to set)"""
+ return self.host.split(':', 1)[0]
+
+ @property
+ def server_port(self):
+ """The server port as integer (read-only, use :attr:`host` to set)"""
+ pieces = self.host.split(':', 1)
+ if len(pieces) == 2 and pieces[1].isdigit():
+ return int(pieces[1])
+ elif self.url_scheme == 'https':
+ return 443
+ return 80
+
+ def __del__(self):
+ try:
+ self.close()
+ except Exception:
+ pass
+
+ def close(self):
+ """Closes all files. If you put real :class:`file` objects into the
+ :attr:`files` dict you can call this method to automatically close
+ them all in one go.
+ """
+ if self.closed:
+ return
+ try:
+ files = itervalues(self.files)
+ except AttributeError:
+ files = ()
+ for f in files:
+ try:
+ f.close()
+ except Exception:
+ pass
+ self.closed = True
+
+ def get_environ(self):
+ """Return the built environ."""
+ input_stream = self.input_stream
+ content_length = self.content_length
+
+ mimetype = self.mimetype
+ content_type = self.content_type
+
+ if input_stream is not None:
+ start_pos = input_stream.tell()
+ input_stream.seek(0, 2)
+ end_pos = input_stream.tell()
+ input_stream.seek(start_pos)
+ content_length = end_pos - start_pos
+ elif mimetype == 'multipart/form-data':
+ values = CombinedMultiDict([self.form, self.files])
+ input_stream, content_length, boundary = \
+ stream_encode_multipart(values, charset=self.charset)
+ content_type = mimetype + '; boundary="%s"' % boundary
+ elif mimetype == 'application/x-www-form-urlencoded':
+ # XXX: py2v3 review
+ values = url_encode(self.form, charset=self.charset)
+ values = values.encode('ascii')
+ content_length = len(values)
+ input_stream = BytesIO(values)
+ else:
+ input_stream = _empty_stream
+
+ result = {}
+ if self.environ_base:
+ result.update(self.environ_base)
+
+ def _path_encode(x):
+ return wsgi_encoding_dance(url_unquote(x, self.charset), self.charset)
+
+ qs = wsgi_encoding_dance(self.query_string)
+
+ result.update({
+ 'REQUEST_METHOD': self.method,
+ 'SCRIPT_NAME': _path_encode(self.script_root),
+ 'PATH_INFO': _path_encode(self.path),
+ 'QUERY_STRING': qs,
+ 'SERVER_NAME': self.server_name,
+ 'SERVER_PORT': str(self.server_port),
+ 'HTTP_HOST': self.host,
+ 'SERVER_PROTOCOL': self.server_protocol,
+ 'CONTENT_TYPE': content_type or '',
+ 'CONTENT_LENGTH': str(content_length or '0'),
+ 'wsgi.version': self.wsgi_version,
+ 'wsgi.url_scheme': self.url_scheme,
+ 'wsgi.input': input_stream,
+ 'wsgi.errors': self.errors_stream,
+ 'wsgi.multithread': self.multithread,
+ 'wsgi.multiprocess': self.multiprocess,
+ 'wsgi.run_once': self.run_once
+ })
+ for key, value in self.headers.to_wsgi_list():
+ result['HTTP_%s' % key.upper().replace('-', '_')] = value
+ if self.environ_overrides:
+ result.update(self.environ_overrides)
+ return result
+
+ def get_request(self, cls=None):
+ """Returns a request with the data. If the request class is not
+ specified :attr:`request_class` is used.
+
+ :param cls: The request wrapper to use.
+ """
+ if cls is None:
+ cls = self.request_class
+ return cls(self.get_environ())
+
+
+class ClientRedirectError(Exception):
+
+ """
+ If a redirect loop is detected when using follow_redirects=True with
+ the :cls:`Client`, then this exception is raised.
+ """
+
+
+class Client(object):
+
+ """This class allows to send requests to a wrapped application.
+
+ The response wrapper can be a class or factory function that takes
+ three arguments: app_iter, status and headers. The default response
+ wrapper just returns a tuple.
+
+ Example::
+
+ class ClientResponse(BaseResponse):
+ ...
+
+ client = Client(MyApplication(), response_wrapper=ClientResponse)
+
+ The use_cookies parameter indicates whether cookies should be stored and
+ sent for subsequent requests. This is True by default, but passing False
+ will disable this behaviour.
+
+ If you want to request some subdomain of your application you may set
+ `allow_subdomain_redirects` to `True` as if not no external redirects
+ are allowed.
+
+ .. versionadded:: 0.5
+ `use_cookies` is new in this version. Older versions did not provide
+ builtin cookie support.
+
+ .. versionadded:: 0.14
+ The `mimetype` parameter was added.
+ """
+
+ def __init__(self, application, response_wrapper=None, use_cookies=True,
+ allow_subdomain_redirects=False):
+ self.application = application
+ self.response_wrapper = response_wrapper
+ if use_cookies:
+ self.cookie_jar = _TestCookieJar()
+ else:
+ self.cookie_jar = None
+ self.allow_subdomain_redirects = allow_subdomain_redirects
+
+ def set_cookie(self, server_name, key, value='', max_age=None,
+ expires=None, path='/', domain=None, secure=None,
+ httponly=False, charset='utf-8'):
+ """Sets a cookie in the client's cookie jar. The server name
+ is required and has to match the one that is also passed to
+ the open call.
+ """
+ assert self.cookie_jar is not None, 'cookies disabled'
+ header = dump_cookie(key, value, max_age, expires, path, domain,
+ secure, httponly, charset)
+ environ = create_environ(path, base_url='http://' + server_name)
+ headers = [('Set-Cookie', header)]
+ self.cookie_jar.extract_wsgi(environ, headers)
+
+ def delete_cookie(self, server_name, key, path='/', domain=None):
+ """Deletes a cookie in the test client."""
+ self.set_cookie(server_name, key, expires=0, max_age=0,
+ path=path, domain=domain)
+
+ def run_wsgi_app(self, environ, buffered=False):
+ """Runs the wrapped WSGI app with the given environment."""
+ if self.cookie_jar is not None:
+ self.cookie_jar.inject_wsgi(environ)
+ rv = run_wsgi_app(self.application, environ, buffered=buffered)
+ if self.cookie_jar is not None:
+ self.cookie_jar.extract_wsgi(environ, rv[2])
+ return rv
+
+ def resolve_redirect(self, response, new_location, environ, buffered=False):
+ """Resolves a single redirect and triggers the request again
+ directly on this redirect client.
+ """
+ scheme, netloc, script_root, qs, anchor = url_parse(new_location)
+ base_url = url_unparse((scheme, netloc, '', '', '')).rstrip('/') + '/'
+
+ cur_server_name = netloc.split(':', 1)[0].split('.')
+ real_server_name = get_host(environ).rsplit(':', 1)[0].split('.')
+ if cur_server_name == ['']:
+ # this is a local redirect having autocorrect_location_header=False
+ cur_server_name = real_server_name
+ base_url = EnvironBuilder(environ).base_url
+
+ if self.allow_subdomain_redirects:
+ allowed = cur_server_name[-len(real_server_name):] == real_server_name
+ else:
+ allowed = cur_server_name == real_server_name
+
+ if not allowed:
+ raise RuntimeError('%r does not support redirect to '
+ 'external targets' % self.__class__)
+
+ status_code = int(response[1].split(None, 1)[0])
+ if status_code == 307:
+ method = environ['REQUEST_METHOD']
+ else:
+ method = 'GET'
+
+ # For redirect handling we temporarily disable the response
+ # wrapper. This is not threadsafe but not a real concern
+ # since the test client must not be shared anyways.
+ old_response_wrapper = self.response_wrapper
+ self.response_wrapper = None
+ try:
+ return self.open(path=script_root, base_url=base_url,
+ query_string=qs, as_tuple=True,
+ buffered=buffered, method=method)
+ finally:
+ self.response_wrapper = old_response_wrapper
+
+ def open(self, *args, **kwargs):
+ """Takes the same arguments as the :class:`EnvironBuilder` class with
+ some additions: You can provide a :class:`EnvironBuilder` or a WSGI
+ environment as only argument instead of the :class:`EnvironBuilder`
+ arguments and two optional keyword arguments (`as_tuple`, `buffered`)
+ that change the type of the return value or the way the application is
+ executed.
+
+ .. versionchanged:: 0.5
+ If a dict is provided as file in the dict for the `data` parameter
+ the content type has to be called `content_type` now instead of
+ `mimetype`. This change was made for consistency with
+ :class:`werkzeug.FileWrapper`.
+
+ The `follow_redirects` parameter was added to :func:`open`.
+
+ Additional parameters:
+
+ :param as_tuple: Returns a tuple in the form ``(environ, result)``
+ :param buffered: Set this to True to buffer the application run.
+ This will automatically close the application for
+ you as well.
+ :param follow_redirects: Set this to True if the `Client` should
+ follow HTTP redirects.
+ """
+ as_tuple = kwargs.pop('as_tuple', False)
+ buffered = kwargs.pop('buffered', False)
+ follow_redirects = kwargs.pop('follow_redirects', False)
+ environ = None
+ if not kwargs and len(args) == 1:
+ if isinstance(args[0], EnvironBuilder):
+ environ = args[0].get_environ()
+ elif isinstance(args[0], dict):
+ environ = args[0]
+ if environ is None:
+ builder = EnvironBuilder(*args, **kwargs)
+ try:
+ environ = builder.get_environ()
+ finally:
+ builder.close()
+
+ response = self.run_wsgi_app(environ, buffered=buffered)
+
+ # handle redirects
+ redirect_chain = []
+ while 1:
+ status_code = int(response[1].split(None, 1)[0])
+ if status_code not in (301, 302, 303, 305, 307) \
+ or not follow_redirects:
+ break
+ new_location = response[2]['location']
+ new_redirect_entry = (new_location, status_code)
+ if new_redirect_entry in redirect_chain:
+ raise ClientRedirectError('loop detected')
+ redirect_chain.append(new_redirect_entry)
+ environ, response = self.resolve_redirect(response, new_location,
+ environ,
+ buffered=buffered)
+
+ if self.response_wrapper is not None:
+ response = self.response_wrapper(*response)
+ if as_tuple:
+ return environ, response
+ return response
+
+ def get(self, *args, **kw):
+ """Like open but method is enforced to GET."""
+ kw['method'] = 'GET'
+ return self.open(*args, **kw)
+
+ def patch(self, *args, **kw):
+ """Like open but method is enforced to PATCH."""
+ kw['method'] = 'PATCH'
+ return self.open(*args, **kw)
+
+ def post(self, *args, **kw):
+ """Like open but method is enforced to POST."""
+ kw['method'] = 'POST'
+ return self.open(*args, **kw)
+
+ def head(self, *args, **kw):
+ """Like open but method is enforced to HEAD."""
+ kw['method'] = 'HEAD'
+ return self.open(*args, **kw)
+
+ def put(self, *args, **kw):
+ """Like open but method is enforced to PUT."""
+ kw['method'] = 'PUT'
+ return self.open(*args, **kw)
+
+ def delete(self, *args, **kw):
+ """Like open but method is enforced to DELETE."""
+ kw['method'] = 'DELETE'
+ return self.open(*args, **kw)
+
+ def options(self, *args, **kw):
+ """Like open but method is enforced to OPTIONS."""
+ kw['method'] = 'OPTIONS'
+ return self.open(*args, **kw)
+
+ def trace(self, *args, **kw):
+ """Like open but method is enforced to TRACE."""
+ kw['method'] = 'TRACE'
+ return self.open(*args, **kw)
+
+ def __repr__(self):
+ return '<%s %r>' % (
+ self.__class__.__name__,
+ self.application
+ )
+
+
+def create_environ(*args, **kwargs):
+ """Create a new WSGI environ dict based on the values passed. The first
+ parameter should be the path of the request which defaults to '/'. The
+ second one can either be an absolute path (in that case the host is
+ localhost:80) or a full path to the request with scheme, netloc port and
+ the path to the script.
+
+ This accepts the same arguments as the :class:`EnvironBuilder`
+ constructor.
+
+ .. versionchanged:: 0.5
+ This function is now a thin wrapper over :class:`EnvironBuilder` which
+ was added in 0.5. The `headers`, `environ_base`, `environ_overrides`
+ and `charset` parameters were added.
+ """
+ builder = EnvironBuilder(*args, **kwargs)
+ try:
+ return builder.get_environ()
+ finally:
+ builder.close()
+
+
+def run_wsgi_app(app, environ, buffered=False):
+ """Return a tuple in the form (app_iter, status, headers) of the
+ application output. This works best if you pass it an application that
+ returns an iterator all the time.
+
+ Sometimes applications may use the `write()` callable returned
+ by the `start_response` function. This tries to resolve such edge
+ cases automatically. But if you don't get the expected output you
+ should set `buffered` to `True` which enforces buffering.
+
+ If passed an invalid WSGI application the behavior of this function is
+ undefined. Never pass non-conforming WSGI applications to this function.
+
+ :param app: the application to execute.
+ :param buffered: set to `True` to enforce buffering.
+ :return: tuple in the form ``(app_iter, status, headers)``
+ """
+ environ = _get_environ(environ)
+ response = []
+ buffer = []
+
+ def start_response(status, headers, exc_info=None):
+ if exc_info is not None:
+ reraise(*exc_info)
+ response[:] = [status, headers]
+ return buffer.append
+
+ app_rv = app(environ, start_response)
+ close_func = getattr(app_rv, 'close', None)
+ app_iter = iter(app_rv)
+
+ # when buffering we emit the close call early and convert the
+ # application iterator into a regular list
+ if buffered:
+ try:
+ app_iter = list(app_iter)
+ finally:
+ if close_func is not None:
+ close_func()
+
+ # otherwise we iterate the application iter until we have a response, chain
+ # the already received data with the already collected data and wrap it in
+ # a new `ClosingIterator` if we need to restore a `close` callable from the
+ # original return value.
+ else:
+ while not response:
+ buffer.append(next(app_iter))
+ if buffer:
+ app_iter = chain(buffer, app_iter)
+ if close_func is not None and app_iter is not app_rv:
+ app_iter = ClosingIterator(app_iter, close_func)
+
+ return app_iter, response[0], Headers(response[1])
diff --git a/website/web/Lib/site-packages/werkzeug/testapp.py b/website/web/Lib/site-packages/werkzeug/testapp.py
new file mode 100644
index 000000000..595555a09
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/testapp.py
@@ -0,0 +1,230 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.testapp
+ ~~~~~~~~~~~~~~~~
+
+ Provide a small test application that can be used to test a WSGI server
+ and check it for WSGI compliance.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import os
+import sys
+import werkzeug
+from textwrap import wrap
+from werkzeug.wrappers import BaseRequest as Request, BaseResponse as Response
+from werkzeug.utils import escape
+import base64
+
+logo = Response(base64.b64decode('''
+R0lGODlhoACgAOMIAAEDACwpAEpCAGdgAJaKAM28AOnVAP3rAP/////////
+//////////////////////yH5BAEKAAgALAAAAACgAKAAAAT+EMlJq704680R+F0ojmRpnuj0rWnrv
+nB8rbRs33gu0bzu/0AObxgsGn3D5HHJbCUFyqZ0ukkSDlAidctNFg7gbI9LZlrBaHGtzAae0eloe25
+7w9EDOX2fst/xenyCIn5/gFqDiVVDV4aGeYiKkhSFjnCQY5OTlZaXgZp8nJ2ekaB0SQOjqphrpnOiq
+ncEn65UsLGytLVmQ6m4sQazpbtLqL/HwpnER8bHyLrLOc3Oz8PRONPU1crXN9na263dMt/g4SzjMeX
+m5yDpLqgG7OzJ4u8lT/P69ej3JPn69kHzN2OIAHkB9RUYSFCFQYQJFTIkCDBiwoXWGnowaLEjRm7+G
+p9A7Hhx4rUkAUaSLJlxHMqVMD/aSycSZkyTplCqtGnRAM5NQ1Ly5OmzZc6gO4d6DGAUKA+hSocWYAo
+SlM6oUWX2O/o0KdaVU5vuSQLAa0ADwQgMEMB2AIECZhVSnTno6spgbtXmHcBUrQACcc2FrTrWS8wAf
+78cMFBgwIBgbN+qvTt3ayikRBk7BoyGAGABAdYyfdzRQGV3l4coxrqQ84GpUBmrdR3xNIDUPAKDBSA
+ADIGDhhqTZIWaDcrVX8EsbNzbkvCOxG8bN5w8ly9H8jyTJHC6DFndQydbguh2e/ctZJFXRxMAqqPVA
+tQH5E64SPr1f0zz7sQYjAHg0In+JQ11+N2B0XXBeeYZgBZFx4tqBToiTCPv0YBgQv8JqA6BEf6RhXx
+w1ENhRBnWV8ctEX4Ul2zc3aVGcQNC2KElyTDYyYUWvShdjDyMOGMuFjqnII45aogPhz/CodUHFwaDx
+lTgsaOjNyhGWJQd+lFoAGk8ObghI0kawg+EV5blH3dr+digkYuAGSaQZFHFz2P/cTaLmhF52QeSb45
+Jwxd+uSVGHlqOZpOeJpCFZ5J+rkAkFjQ0N1tah7JJSZUFNsrkeJUJMIBi8jyaEKIhKPomnC91Uo+NB
+yyaJ5umnnpInIFh4t6ZSpGaAVmizqjpByDegYl8tPE0phCYrhcMWSv+uAqHfgH88ak5UXZmlKLVJhd
+dj78s1Fxnzo6yUCrV6rrDOkluG+QzCAUTbCwf9SrmMLzK6p+OPHx7DF+bsfMRq7Ec61Av9i6GLw23r
+idnZ+/OO0a99pbIrJkproCQMA17OPG6suq3cca5ruDfXCCDoS7BEdvmJn5otdqscn+uogRHHXs8cbh
+EIfYaDY1AkrC0cqwcZpnM6ludx72x0p7Fo/hZAcpJDjax0UdHavMKAbiKltMWCF3xxh9k25N/Viud8
+ba78iCvUkt+V6BpwMlErmcgc502x+u1nSxJSJP9Mi52awD1V4yB/QHONsnU3L+A/zR4VL/indx/y64
+gqcj+qgTeweM86f0Qy1QVbvmWH1D9h+alqg254QD8HJXHvjQaGOqEqC22M54PcftZVKVSQG9jhkv7C
+JyTyDoAJfPdu8v7DRZAxsP/ky9MJ3OL36DJfCFPASC3/aXlfLOOON9vGZZHydGf8LnxYJuuVIbl83y
+Az5n/RPz07E+9+zw2A2ahz4HxHo9Kt79HTMx1Q7ma7zAzHgHqYH0SoZWyTuOLMiHwSfZDAQTn0ajk9
+YQqodnUYjByQZhZak9Wu4gYQsMyEpIOAOQKze8CmEF45KuAHTvIDOfHJNipwoHMuGHBnJElUoDmAyX
+c2Qm/R8Ah/iILCCJOEokGowdhDYc/yoL+vpRGwyVSCWFYZNljkhEirGXsalWcAgOdeAdoXcktF2udb
+qbUhjWyMQxYO01o6KYKOr6iK3fE4MaS+DsvBsGOBaMb0Y6IxADaJhFICaOLmiWTlDAnY1KzDG4ambL
+cWBA8mUzjJsN2KjSaSXGqMCVXYpYkj33mcIApyhQf6YqgeNAmNvuC0t4CsDbSshZJkCS1eNisKqlyG
+cF8G2JeiDX6tO6Mv0SmjCa3MFb0bJaGPMU0X7c8XcpvMaOQmCajwSeY9G0WqbBmKv34DsMIEztU6Y2
+KiDlFdt6jnCSqx7Dmt6XnqSKaFFHNO5+FmODxMCWBEaco77lNDGXBM0ECYB/+s7nKFdwSF5hgXumQe
+EZ7amRg39RHy3zIjyRCykQh8Zo2iviRKyTDn/zx6EefptJj2Cw+Ep2FSc01U5ry4KLPYsTyWnVGnvb
+UpyGlhjBUljyjHhWpf8OFaXwhp9O4T1gU9UeyPPa8A2l0p1kNqPXEVRm1AOs1oAGZU596t6SOR2mcB
+Oco1srWtkaVrMUzIErrKri85keKqRQYX9VX0/eAUK1hrSu6HMEX3Qh2sCh0q0D2CtnUqS4hj62sE/z
+aDs2Sg7MBS6xnQeooc2R2tC9YrKpEi9pLXfYXp20tDCpSP8rKlrD4axprb9u1Df5hSbz9QU0cRpfgn
+kiIzwKucd0wsEHlLpe5yHXuc6FrNelOl7pY2+11kTWx7VpRu97dXA3DO1vbkhcb4zyvERYajQgAADs
+='''), mimetype='image/png')
+
+
+TEMPLATE = u'''\
+
+WSGI Information
+
+
+
+
WSGI Information
+
+ This page displays all available information about the WSGI server and
+ the underlying Python interpreter.
+
Python Interpreter
+
+
+
Python Version
+
%(python_version)s
+
+
Platform
+
%(platform)s [%(os)s]
+
+
API Version
+
%(api_version)s
+
+
Byteorder
+
%(byteorder)s
+
+
Werkzeug Version
+
%(werkzeug_version)s
+
+
WSGI Environment
+
%(wsgi_env)s
+
Installed Eggs
+
+ The following python packages were installed on the system as
+ Python eggs:
+
%(python_eggs)s
+
System Path
+
+ The following paths are the current contents of the load path. The
+ following entries are looked up for Python packages. Note that not
+ all items in this path are folders. Gray and underlined items are
+ entries pointing to invalid resources or used by custom import hooks
+ such as the zip importer.
+
+ Items with a bright background were expanded for display from a relative
+ path. If you encounter such paths in the output you might want to check
+ your setup as relative paths are usually problematic in multithreaded
+ environments.
+
%(sys_path)s
+
+'''
+
+
+def iter_sys_path():
+ if os.name == 'posix':
+ def strip(x):
+ prefix = os.path.expanduser('~')
+ if x.startswith(prefix):
+ x = '~' + x[len(prefix):]
+ return x
+ else:
+ strip = lambda x: x
+
+ cwd = os.path.abspath(os.getcwd())
+ for item in sys.path:
+ path = os.path.join(cwd, item or os.path.curdir)
+ yield strip(os.path.normpath(path)), \
+ not os.path.isdir(path), path != item
+
+
+def render_testapp(req):
+ try:
+ import pkg_resources
+ except ImportError:
+ eggs = ()
+ else:
+ eggs = sorted(pkg_resources.working_set,
+ key=lambda x: x.project_name.lower())
+ python_eggs = []
+ for egg in eggs:
+ try:
+ version = egg.version
+ except (ValueError, AttributeError):
+ version = 'unknown'
+ python_eggs.append('
%s' % (
+ escape(str(key)),
+ ' '.join(wrap(escape(repr(value))))
+ ))
+
+ sys_path = []
+ for item, virtual, expanded in iter_sys_path():
+ class_ = []
+ if virtual:
+ class_.append('virtual')
+ if expanded:
+ class_.append('exp')
+ sys_path.append('%s' % (
+ class_ and ' class="%s"' % ' '.join(class_) or '',
+ escape(item)
+ ))
+
+ return (TEMPLATE % {
+ 'python_version': ' '.join(escape(sys.version).splitlines()),
+ 'platform': escape(sys.platform),
+ 'os': escape(os.name),
+ 'api_version': sys.api_version,
+ 'byteorder': sys.byteorder,
+ 'werkzeug_version': werkzeug.__version__,
+ 'python_eggs': '\n'.join(python_eggs),
+ 'wsgi_env': '\n'.join(wsgi_env),
+ 'sys_path': '\n'.join(sys_path)
+ }).encode('utf-8')
+
+
+def test_app(environ, start_response):
+ """Simple test application that dumps the environment. You can use
+ it to check if Werkzeug is working properly:
+
+ .. sourcecode:: pycon
+
+ >>> from werkzeug.serving import run_simple
+ >>> from werkzeug.testapp import test_app
+ >>> run_simple('localhost', 3000, test_app)
+ * Running on http://localhost:3000/
+
+ The application displays important information from the WSGI environment,
+ the Python interpreter and the installed libraries.
+ """
+ req = Request(environ, populate_request=False)
+ if req.args.get('resource') == 'logo':
+ response = logo
+ else:
+ response = Response(render_testapp(req), mimetype='text/html')
+ return response(environ, start_response)
+
+
+if __name__ == '__main__':
+ from werkzeug.serving import run_simple
+ run_simple('localhost', 5000, test_app, use_reloader=True)
diff --git a/website/web/Lib/site-packages/werkzeug/urls.py b/website/web/Lib/site-packages/werkzeug/urls.py
new file mode 100644
index 000000000..5bd9a40d8
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/urls.py
@@ -0,0 +1,1007 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.urls
+ ~~~~~~~~~~~~~
+
+ ``werkzeug.urls`` used to provide several wrapper functions for Python 2
+ urlparse, whose main purpose were to work around the behavior of the Py2
+ stdlib and its lack of unicode support. While this was already a somewhat
+ inconvenient situation, it got even more complicated because Python 3's
+ ``urllib.parse`` actually does handle unicode properly. In other words,
+ this module would wrap two libraries with completely different behavior. So
+ now this module contains a 2-and-3-compatible backport of Python 3's
+ ``urllib.parse``, which is mostly API-compatible.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import os
+import re
+from werkzeug._compat import text_type, PY2, to_unicode, \
+ to_native, implements_to_string, try_coerce_native, \
+ normalize_string_tuple, make_literal_wrapper, \
+ fix_tuple_repr
+from werkzeug._internal import _encode_idna, _decode_idna
+from werkzeug.datastructures import MultiDict, iter_multi_items
+from collections import namedtuple
+
+
+# A regular expression for what a valid schema looks like
+_scheme_re = re.compile(r'^[a-zA-Z0-9+-.]+$')
+
+# Characters that are safe in any part of an URL.
+_always_safe = (b'abcdefghijklmnopqrstuvwxyz'
+ b'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.-+')
+
+_hexdigits = '0123456789ABCDEFabcdef'
+_hextobyte = dict(
+ ((a + b).encode(), int(a + b, 16))
+ for a in _hexdigits for b in _hexdigits
+)
+_bytetohex = [
+ ('%%%02X' % char).encode('ascii') for char in range(256)
+]
+
+
+_URLTuple = fix_tuple_repr(namedtuple(
+ '_URLTuple',
+ ['scheme', 'netloc', 'path', 'query', 'fragment']
+))
+
+
+class BaseURL(_URLTuple):
+
+ '''Superclass of :py:class:`URL` and :py:class:`BytesURL`.'''
+ __slots__ = ()
+
+ def replace(self, **kwargs):
+ """Return an URL with the same values, except for those parameters
+ given new values by whichever keyword arguments are specified."""
+ return self._replace(**kwargs)
+
+ @property
+ def host(self):
+ """The host part of the URL if available, otherwise `None`. The
+ host is either the hostname or the IP address mentioned in the
+ URL. It will not contain the port.
+ """
+ return self._split_host()[0]
+
+ @property
+ def ascii_host(self):
+ """Works exactly like :attr:`host` but will return a result that
+ is restricted to ASCII. If it finds a netloc that is not ASCII
+ it will attempt to idna decode it. This is useful for socket
+ operations when the URL might include internationalized characters.
+ """
+ rv = self.host
+ if rv is not None and isinstance(rv, text_type):
+ try:
+ rv = _encode_idna(rv)
+ except UnicodeError:
+ rv = rv.encode('ascii', 'ignore')
+ return to_native(rv, 'ascii', 'ignore')
+
+ @property
+ def port(self):
+ """The port in the URL as an integer if it was present, `None`
+ otherwise. This does not fill in default ports.
+ """
+ try:
+ rv = int(to_native(self._split_host()[1]))
+ if 0 <= rv <= 65535:
+ return rv
+ except (ValueError, TypeError):
+ pass
+
+ @property
+ def auth(self):
+ """The authentication part in the URL if available, `None`
+ otherwise.
+ """
+ return self._split_netloc()[0]
+
+ @property
+ def username(self):
+ """The username if it was part of the URL, `None` otherwise.
+ This undergoes URL decoding and will always be a unicode string.
+ """
+ rv = self._split_auth()[0]
+ if rv is not None:
+ return _url_unquote_legacy(rv)
+
+ @property
+ def raw_username(self):
+ """The username if it was part of the URL, `None` otherwise.
+ Unlike :attr:`username` this one is not being decoded.
+ """
+ return self._split_auth()[0]
+
+ @property
+ def password(self):
+ """The password if it was part of the URL, `None` otherwise.
+ This undergoes URL decoding and will always be a unicode string.
+ """
+ rv = self._split_auth()[1]
+ if rv is not None:
+ return _url_unquote_legacy(rv)
+
+ @property
+ def raw_password(self):
+ """The password if it was part of the URL, `None` otherwise.
+ Unlike :attr:`password` this one is not being decoded.
+ """
+ return self._split_auth()[1]
+
+ def decode_query(self, *args, **kwargs):
+ """Decodes the query part of the URL. Ths is a shortcut for
+ calling :func:`url_decode` on the query argument. The arguments and
+ keyword arguments are forwarded to :func:`url_decode` unchanged.
+ """
+ return url_decode(self.query, *args, **kwargs)
+
+ def join(self, *args, **kwargs):
+ """Joins this URL with another one. This is just a convenience
+ function for calling into :meth:`url_join` and then parsing the
+ return value again.
+ """
+ return url_parse(url_join(self, *args, **kwargs))
+
+ def to_url(self):
+ """Returns a URL string or bytes depending on the type of the
+ information stored. This is just a convenience function
+ for calling :meth:`url_unparse` for this URL.
+ """
+ return url_unparse(self)
+
+ def decode_netloc(self):
+ """Decodes the netloc part into a string."""
+ rv = _decode_idna(self.host or '')
+
+ if ':' in rv:
+ rv = '[%s]' % rv
+ port = self.port
+ if port is not None:
+ rv = '%s:%d' % (rv, port)
+ auth = ':'.join(filter(None, [
+ _url_unquote_legacy(self.raw_username or '', '/:%@'),
+ _url_unquote_legacy(self.raw_password or '', '/:%@'),
+ ]))
+ if auth:
+ rv = '%s@%s' % (auth, rv)
+ return rv
+
+ def to_uri_tuple(self):
+ """Returns a :class:`BytesURL` tuple that holds a URI. This will
+ encode all the information in the URL properly to ASCII using the
+ rules a web browser would follow.
+
+ It's usually more interesting to directly call :meth:`iri_to_uri` which
+ will return a string.
+ """
+ return url_parse(iri_to_uri(self).encode('ascii'))
+
+ def to_iri_tuple(self):
+ """Returns a :class:`URL` tuple that holds a IRI. This will try
+ to decode as much information as possible in the URL without
+ losing information similar to how a web browser does it for the
+ URL bar.
+
+ It's usually more interesting to directly call :meth:`uri_to_iri` which
+ will return a string.
+ """
+ return url_parse(uri_to_iri(self))
+
+ def get_file_location(self, pathformat=None):
+ """Returns a tuple with the location of the file in the form
+ ``(server, location)``. If the netloc is empty in the URL or
+ points to localhost, it's represented as ``None``.
+
+ The `pathformat` by default is autodetection but needs to be set
+ when working with URLs of a specific system. The supported values
+ are ``'windows'`` when working with Windows or DOS paths and
+ ``'posix'`` when working with posix paths.
+
+ If the URL does not point to to a local file, the server and location
+ are both represented as ``None``.
+
+ :param pathformat: The expected format of the path component.
+ Currently ``'windows'`` and ``'posix'`` are
+ supported. Defaults to ``None`` which is
+ autodetect.
+ """
+ if self.scheme != 'file':
+ return None, None
+
+ path = url_unquote(self.path)
+ host = self.netloc or None
+
+ if pathformat is None:
+ if os.name == 'nt':
+ pathformat = 'windows'
+ else:
+ pathformat = 'posix'
+
+ if pathformat == 'windows':
+ if path[:1] == '/' and path[1:2].isalpha() and path[2:3] in '|:':
+ path = path[1:2] + ':' + path[3:]
+ windows_share = path[:3] in ('\\' * 3, '/' * 3)
+ import ntpath
+ path = ntpath.normpath(path)
+ # Windows shared drives are represented as ``\\host\\directory``.
+ # That results in a URL like ``file://///host/directory``, and a
+ # path like ``///host/directory``. We need to special-case this
+ # because the path contains the hostname.
+ if windows_share and host is None:
+ parts = path.lstrip('\\').split('\\', 1)
+ if len(parts) == 2:
+ host, path = parts
+ else:
+ host = parts[0]
+ path = ''
+ elif pathformat == 'posix':
+ import posixpath
+ path = posixpath.normpath(path)
+ else:
+ raise TypeError('Invalid path format %s' % repr(pathformat))
+
+ if host in ('127.0.0.1', '::1', 'localhost'):
+ host = None
+
+ return host, path
+
+ def _split_netloc(self):
+ if self._at in self.netloc:
+ return self.netloc.split(self._at, 1)
+ return None, self.netloc
+
+ def _split_auth(self):
+ auth = self._split_netloc()[0]
+ if not auth:
+ return None, None
+ if self._colon not in auth:
+ return auth, None
+ return auth.split(self._colon, 1)
+
+ def _split_host(self):
+ rv = self._split_netloc()[1]
+ if not rv:
+ return None, None
+
+ if not rv.startswith(self._lbracket):
+ if self._colon in rv:
+ return rv.split(self._colon, 1)
+ return rv, None
+
+ idx = rv.find(self._rbracket)
+ if idx < 0:
+ return rv, None
+
+ host = rv[1:idx]
+ rest = rv[idx + 1:]
+ if rest.startswith(self._colon):
+ return host, rest[1:]
+ return host, None
+
+
+@implements_to_string
+class URL(BaseURL):
+
+ """Represents a parsed URL. This behaves like a regular tuple but
+ also has some extra attributes that give further insight into the
+ URL.
+ """
+ __slots__ = ()
+ _at = '@'
+ _colon = ':'
+ _lbracket = '['
+ _rbracket = ']'
+
+ def __str__(self):
+ return self.to_url()
+
+ def encode_netloc(self):
+ """Encodes the netloc part to an ASCII safe URL as bytes."""
+ rv = self.ascii_host or ''
+ if ':' in rv:
+ rv = '[%s]' % rv
+ port = self.port
+ if port is not None:
+ rv = '%s:%d' % (rv, port)
+ auth = ':'.join(filter(None, [
+ url_quote(self.raw_username or '', 'utf-8', 'strict', '/:%'),
+ url_quote(self.raw_password or '', 'utf-8', 'strict', '/:%'),
+ ]))
+ if auth:
+ rv = '%s@%s' % (auth, rv)
+ return to_native(rv)
+
+ def encode(self, charset='utf-8', errors='replace'):
+ """Encodes the URL to a tuple made out of bytes. The charset is
+ only being used for the path, query and fragment.
+ """
+ return BytesURL(
+ self.scheme.encode('ascii'),
+ self.encode_netloc(),
+ self.path.encode(charset, errors),
+ self.query.encode(charset, errors),
+ self.fragment.encode(charset, errors)
+ )
+
+
+class BytesURL(BaseURL):
+
+ """Represents a parsed URL in bytes."""
+ __slots__ = ()
+ _at = b'@'
+ _colon = b':'
+ _lbracket = b'['
+ _rbracket = b']'
+
+ def __str__(self):
+ return self.to_url().decode('utf-8', 'replace')
+
+ def encode_netloc(self):
+ """Returns the netloc unchanged as bytes."""
+ return self.netloc
+
+ def decode(self, charset='utf-8', errors='replace'):
+ """Decodes the URL to a tuple made out of strings. The charset is
+ only being used for the path, query and fragment.
+ """
+ return URL(
+ self.scheme.decode('ascii'),
+ self.decode_netloc(),
+ self.path.decode(charset, errors),
+ self.query.decode(charset, errors),
+ self.fragment.decode(charset, errors)
+ )
+
+
+def _unquote_to_bytes(string, unsafe=''):
+ if isinstance(string, text_type):
+ string = string.encode('utf-8')
+ if isinstance(unsafe, text_type):
+ unsafe = unsafe.encode('utf-8')
+ unsafe = frozenset(bytearray(unsafe))
+ bits = iter(string.split(b'%'))
+ result = bytearray(next(bits, b''))
+ for item in bits:
+ try:
+ char = _hextobyte[item[:2]]
+ if char in unsafe:
+ raise KeyError()
+ result.append(char)
+ result.extend(item[2:])
+ except KeyError:
+ result.extend(b'%')
+ result.extend(item)
+ return bytes(result)
+
+
+def _url_encode_impl(obj, charset, encode_keys, sort, key):
+ iterable = iter_multi_items(obj)
+ if sort:
+ iterable = sorted(iterable, key=key)
+ for key, value in iterable:
+ if value is None:
+ continue
+ if not isinstance(key, bytes):
+ key = text_type(key).encode(charset)
+ if not isinstance(value, bytes):
+ value = text_type(value).encode(charset)
+ yield url_quote_plus(key) + '=' + url_quote_plus(value)
+
+
+def _url_unquote_legacy(value, unsafe=''):
+ try:
+ return url_unquote(value, charset='utf-8',
+ errors='strict', unsafe=unsafe)
+ except UnicodeError:
+ return url_unquote(value, charset='latin1', unsafe=unsafe)
+
+
+def url_parse(url, scheme=None, allow_fragments=True):
+ """Parses a URL from a string into a :class:`URL` tuple. If the URL
+ is lacking a scheme it can be provided as second argument. Otherwise,
+ it is ignored. Optionally fragments can be stripped from the URL
+ by setting `allow_fragments` to `False`.
+
+ The inverse of this function is :func:`url_unparse`.
+
+ :param url: the URL to parse.
+ :param scheme: the default schema to use if the URL is schemaless.
+ :param allow_fragments: if set to `False` a fragment will be removed
+ from the URL.
+ """
+ s = make_literal_wrapper(url)
+ is_text_based = isinstance(url, text_type)
+
+ if scheme is None:
+ scheme = s('')
+ netloc = query = fragment = s('')
+ i = url.find(s(':'))
+ if i > 0 and _scheme_re.match(to_native(url[:i], errors='replace')):
+ # make sure "iri" is not actually a port number (in which case
+ # "scheme" is really part of the path)
+ rest = url[i + 1:]
+ if not rest or any(c not in s('0123456789') for c in rest):
+ # not a port number
+ scheme, url = url[:i].lower(), rest
+
+ if url[:2] == s('//'):
+ delim = len(url)
+ for c in s('/?#'):
+ wdelim = url.find(c, 2)
+ if wdelim >= 0:
+ delim = min(delim, wdelim)
+ netloc, url = url[2:delim], url[delim:]
+ if (s('[') in netloc and s(']') not in netloc) or \
+ (s(']') in netloc and s('[') not in netloc):
+ raise ValueError('Invalid IPv6 URL')
+
+ if allow_fragments and s('#') in url:
+ url, fragment = url.split(s('#'), 1)
+ if s('?') in url:
+ url, query = url.split(s('?'), 1)
+
+ result_type = is_text_based and URL or BytesURL
+ return result_type(scheme, netloc, url, query, fragment)
+
+
+def url_quote(string, charset='utf-8', errors='strict', safe='/:', unsafe=''):
+ """URL encode a single string with a given encoding.
+
+ :param s: the string to quote.
+ :param charset: the charset to be used.
+ :param safe: an optional sequence of safe characters.
+ :param unsafe: an optional sequence of unsafe characters.
+
+ .. versionadded:: 0.9.2
+ The `unsafe` parameter was added.
+ """
+ if not isinstance(string, (text_type, bytes, bytearray)):
+ string = text_type(string)
+ if isinstance(string, text_type):
+ string = string.encode(charset, errors)
+ if isinstance(safe, text_type):
+ safe = safe.encode(charset, errors)
+ if isinstance(unsafe, text_type):
+ unsafe = unsafe.encode(charset, errors)
+ safe = frozenset(bytearray(safe) + _always_safe) - frozenset(bytearray(unsafe))
+ rv = bytearray()
+ for char in bytearray(string):
+ if char in safe:
+ rv.append(char)
+ else:
+ rv.extend(_bytetohex[char])
+ return to_native(bytes(rv))
+
+
+def url_quote_plus(string, charset='utf-8', errors='strict', safe=''):
+ """URL encode a single string with the given encoding and convert
+ whitespace to "+".
+
+ :param s: The string to quote.
+ :param charset: The charset to be used.
+ :param safe: An optional sequence of safe characters.
+ """
+ return url_quote(string, charset, errors, safe + ' ', '+').replace(' ', '+')
+
+
+def url_unparse(components):
+ """The reverse operation to :meth:`url_parse`. This accepts arbitrary
+ as well as :class:`URL` tuples and returns a URL as a string.
+
+ :param components: the parsed URL as tuple which should be converted
+ into a URL string.
+ """
+ scheme, netloc, path, query, fragment = \
+ normalize_string_tuple(components)
+ s = make_literal_wrapper(scheme)
+ url = s('')
+
+ # We generally treat file:///x and file:/x the same which is also
+ # what browsers seem to do. This also allows us to ignore a schema
+ # register for netloc utilization or having to differenciate between
+ # empty and missing netloc.
+ if netloc or (scheme and path.startswith(s('/'))):
+ if path and path[:1] != s('/'):
+ path = s('/') + path
+ url = s('//') + (netloc or s('')) + path
+ elif path:
+ url += path
+ if scheme:
+ url = scheme + s(':') + url
+ if query:
+ url = url + s('?') + query
+ if fragment:
+ url = url + s('#') + fragment
+ return url
+
+
+def url_unquote(string, charset='utf-8', errors='replace', unsafe=''):
+ """URL decode a single string with a given encoding. If the charset
+ is set to `None` no unicode decoding is performed and raw bytes
+ are returned.
+
+ :param s: the string to unquote.
+ :param charset: the charset of the query string. If set to `None`
+ no unicode decoding will take place.
+ :param errors: the error handling for the charset decoding.
+ """
+ rv = _unquote_to_bytes(string, unsafe)
+ if charset is not None:
+ rv = rv.decode(charset, errors)
+ return rv
+
+
+def url_unquote_plus(s, charset='utf-8', errors='replace'):
+ """URL decode a single string with the given `charset` and decode "+" to
+ whitespace.
+
+ Per default encoding errors are ignored. If you want a different behavior
+ you can set `errors` to ``'replace'`` or ``'strict'``. In strict mode a
+ :exc:`HTTPUnicodeError` is raised.
+
+ :param s: The string to unquote.
+ :param charset: the charset of the query string. If set to `None`
+ no unicode decoding will take place.
+ :param errors: The error handling for the `charset` decoding.
+ """
+ if isinstance(s, text_type):
+ s = s.replace(u'+', u' ')
+ else:
+ s = s.replace(b'+', b' ')
+ return url_unquote(s, charset, errors)
+
+
+def url_fix(s, charset='utf-8'):
+ r"""Sometimes you get an URL by a user that just isn't a real URL because
+ it contains unsafe characters like ' ' and so on. This function can fix
+ some of the problems in a similar way browsers handle data entered by the
+ user:
+
+ >>> url_fix(u'http://de.wikipedia.org/wiki/Elf (Begriffskl\xe4rung)')
+ 'http://de.wikipedia.org/wiki/Elf%20(Begriffskl%C3%A4rung)'
+
+ :param s: the string with the URL to fix.
+ :param charset: The target charset for the URL if the url was given as
+ unicode string.
+ """
+ # First step is to switch to unicode processing and to convert
+ # backslashes (which are invalid in URLs anyways) to slashes. This is
+ # consistent with what Chrome does.
+ s = to_unicode(s, charset, 'replace').replace('\\', '/')
+
+ # For the specific case that we look like a malformed windows URL
+ # we want to fix this up manually:
+ if s.startswith('file://') and s[7:8].isalpha() and s[8:10] in (':/', '|/'):
+ s = 'file:///' + s[7:]
+
+ url = url_parse(s)
+ path = url_quote(url.path, charset, safe='/%+$!*\'(),')
+ qs = url_quote_plus(url.query, charset, safe=':&%=+$!*\'(),')
+ anchor = url_quote_plus(url.fragment, charset, safe=':&%=+$!*\'(),')
+ return to_native(url_unparse((url.scheme, url.encode_netloc(),
+ path, qs, anchor)))
+
+
+def uri_to_iri(uri, charset='utf-8', errors='replace'):
+ r"""
+ Converts a URI in a given charset to a IRI.
+
+ Examples for URI versus IRI:
+
+ >>> uri_to_iri(b'http://xn--n3h.net/')
+ u'http://\u2603.net/'
+ >>> uri_to_iri(b'http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th')
+ u'http://\xfcser:p\xe4ssword@\u2603.net/p\xe5th'
+
+ Query strings are left unchanged:
+
+ >>> uri_to_iri('/?foo=24&x=%26%2f')
+ u'/?foo=24&x=%26%2f'
+
+ .. versionadded:: 0.6
+
+ :param uri: The URI to convert.
+ :param charset: The charset of the URI.
+ :param errors: The error handling on decode.
+ """
+ if isinstance(uri, tuple):
+ uri = url_unparse(uri)
+ uri = url_parse(to_unicode(uri, charset))
+ path = url_unquote(uri.path, charset, errors, '%/;?')
+ query = url_unquote(uri.query, charset, errors, '%;/?:@&=+,$#')
+ fragment = url_unquote(uri.fragment, charset, errors, '%;/?:@&=+,$#')
+ return url_unparse((uri.scheme, uri.decode_netloc(),
+ path, query, fragment))
+
+
+def iri_to_uri(iri, charset='utf-8', errors='strict', safe_conversion=False):
+ r"""
+ Converts any unicode based IRI to an acceptable ASCII URI. Werkzeug always
+ uses utf-8 URLs internally because this is what browsers and HTTP do as
+ well. In some places where it accepts an URL it also accepts a unicode IRI
+ and converts it into a URI.
+
+ Examples for IRI versus URI:
+
+ >>> iri_to_uri(u'http://☃.net/')
+ 'http://xn--n3h.net/'
+ >>> iri_to_uri(u'http://üser:pässword@☃.net/påth')
+ 'http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th'
+
+ There is a general problem with IRI and URI conversion with some
+ protocols that appear in the wild that are in violation of the URI
+ specification. In places where Werkzeug goes through a forced IRI to
+ URI conversion it will set the `safe_conversion` flag which will
+ not perform a conversion if the end result is already ASCII. This
+ can mean that the return value is not an entirely correct URI but
+ it will not destroy such invalid URLs in the process.
+
+ As an example consider the following two IRIs::
+
+ magnet:?xt=uri:whatever
+ itms-services://?action=download-manifest
+
+ The internal representation after parsing of those URLs is the same
+ and there is no way to reconstruct the original one. If safe
+ conversion is enabled however this function becomes a noop for both of
+ those strings as they both can be considered URIs.
+
+ .. versionadded:: 0.6
+
+ .. versionchanged:: 0.9.6
+ The `safe_conversion` parameter was added.
+
+ :param iri: The IRI to convert.
+ :param charset: The charset for the URI.
+ :param safe_conversion: indicates if a safe conversion should take place.
+ For more information see the explanation above.
+ """
+ if isinstance(iri, tuple):
+ iri = url_unparse(iri)
+
+ if safe_conversion:
+ try:
+ native_iri = to_native(iri)
+ ascii_iri = to_native(iri).encode('ascii')
+ if ascii_iri.split() == [ascii_iri]:
+ return native_iri
+ except UnicodeError:
+ pass
+
+ iri = url_parse(to_unicode(iri, charset, errors))
+
+ netloc = iri.encode_netloc()
+ path = url_quote(iri.path, charset, errors, '/:~+%')
+ query = url_quote(iri.query, charset, errors, '%&[]:;$*()+,!?*/=')
+ fragment = url_quote(iri.fragment, charset, errors, '=%&[]:;$()+,!?*/')
+
+ return to_native(url_unparse((iri.scheme, netloc,
+ path, query, fragment)))
+
+
+def url_decode(s, charset='utf-8', decode_keys=False, include_empty=True,
+ errors='replace', separator='&', cls=None):
+ """
+ Parse a querystring and return it as :class:`MultiDict`. There is a
+ difference in key decoding on different Python versions. On Python 3
+ keys will always be fully decoded whereas on Python 2, keys will
+ remain bytestrings if they fit into ASCII. On 2.x keys can be forced
+ to be unicode by setting `decode_keys` to `True`.
+
+ If the charset is set to `None` no unicode decoding will happen and
+ raw bytes will be returned.
+
+ Per default a missing value for a key will default to an empty key. If
+ you don't want that behavior you can set `include_empty` to `False`.
+
+ Per default encoding errors are ignored. If you want a different behavior
+ you can set `errors` to ``'replace'`` or ``'strict'``. In strict mode a
+ `HTTPUnicodeError` is raised.
+
+ .. versionchanged:: 0.5
+ In previous versions ";" and "&" could be used for url decoding.
+ This changed in 0.5 where only "&" is supported. If you want to
+ use ";" instead a different `separator` can be provided.
+
+ The `cls` parameter was added.
+
+ :param s: a string with the query string to decode.
+ :param charset: the charset of the query string. If set to `None`
+ no unicode decoding will take place.
+ :param decode_keys: Used on Python 2.x to control whether keys should
+ be forced to be unicode objects. If set to `True`
+ then keys will be unicode in all cases. Otherwise,
+ they remain `str` if they fit into ASCII.
+ :param include_empty: Set to `False` if you don't want empty values to
+ appear in the dict.
+ :param errors: the decoding error behavior.
+ :param separator: the pair separator to be used, defaults to ``&``
+ :param cls: an optional dict class to use. If this is not specified
+ or `None` the default :class:`MultiDict` is used.
+ """
+ if cls is None:
+ cls = MultiDict
+ if isinstance(s, text_type) and not isinstance(separator, text_type):
+ separator = separator.decode(charset or 'ascii')
+ elif isinstance(s, bytes) and not isinstance(separator, bytes):
+ separator = separator.encode(charset or 'ascii')
+ return cls(_url_decode_impl(s.split(separator), charset, decode_keys,
+ include_empty, errors))
+
+
+def url_decode_stream(stream, charset='utf-8', decode_keys=False,
+ include_empty=True, errors='replace', separator='&',
+ cls=None, limit=None, return_iterator=False):
+ """Works like :func:`url_decode` but decodes a stream. The behavior
+ of stream and limit follows functions like
+ :func:`~werkzeug.wsgi.make_line_iter`. The generator of pairs is
+ directly fed to the `cls` so you can consume the data while it's
+ parsed.
+
+ .. versionadded:: 0.8
+
+ :param stream: a stream with the encoded querystring
+ :param charset: the charset of the query string. If set to `None`
+ no unicode decoding will take place.
+ :param decode_keys: Used on Python 2.x to control whether keys should
+ be forced to be unicode objects. If set to `True`,
+ keys will be unicode in all cases. Otherwise, they
+ remain `str` if they fit into ASCII.
+ :param include_empty: Set to `False` if you don't want empty values to
+ appear in the dict.
+ :param errors: the decoding error behavior.
+ :param separator: the pair separator to be used, defaults to ``&``
+ :param cls: an optional dict class to use. If this is not specified
+ or `None` the default :class:`MultiDict` is used.
+ :param limit: the content length of the URL data. Not necessary if
+ a limited stream is provided.
+ :param return_iterator: if set to `True` the `cls` argument is ignored
+ and an iterator over all decoded pairs is
+ returned
+ """
+ from werkzeug.wsgi import make_chunk_iter
+ if return_iterator:
+ cls = lambda x: x
+ elif cls is None:
+ cls = MultiDict
+ pair_iter = make_chunk_iter(stream, separator, limit)
+ return cls(_url_decode_impl(pair_iter, charset, decode_keys,
+ include_empty, errors))
+
+
+def _url_decode_impl(pair_iter, charset, decode_keys, include_empty, errors):
+ for pair in pair_iter:
+ if not pair:
+ continue
+ s = make_literal_wrapper(pair)
+ equal = s('=')
+ if equal in pair:
+ key, value = pair.split(equal, 1)
+ else:
+ if not include_empty:
+ continue
+ key = pair
+ value = s('')
+ key = url_unquote_plus(key, charset, errors)
+ if charset is not None and PY2 and not decode_keys:
+ key = try_coerce_native(key)
+ yield key, url_unquote_plus(value, charset, errors)
+
+
+def url_encode(obj, charset='utf-8', encode_keys=False, sort=False, key=None,
+ separator=b'&'):
+ """URL encode a dict/`MultiDict`. If a value is `None` it will not appear
+ in the result string. Per default only values are encoded into the target
+ charset strings. If `encode_keys` is set to ``True`` unicode keys are
+ supported too.
+
+ If `sort` is set to `True` the items are sorted by `key` or the default
+ sorting algorithm.
+
+ .. versionadded:: 0.5
+ `sort`, `key`, and `separator` were added.
+
+ :param obj: the object to encode into a query string.
+ :param charset: the charset of the query string.
+ :param encode_keys: set to `True` if you have unicode keys. (Ignored on
+ Python 3.x)
+ :param sort: set to `True` if you want parameters to be sorted by `key`.
+ :param separator: the separator to be used for the pairs.
+ :param key: an optional function to be used for sorting. For more details
+ check out the :func:`sorted` documentation.
+ """
+ separator = to_native(separator, 'ascii')
+ return separator.join(_url_encode_impl(obj, charset, encode_keys, sort, key))
+
+
+def url_encode_stream(obj, stream=None, charset='utf-8', encode_keys=False,
+ sort=False, key=None, separator=b'&'):
+ """Like :meth:`url_encode` but writes the results to a stream
+ object. If the stream is `None` a generator over all encoded
+ pairs is returned.
+
+ .. versionadded:: 0.8
+
+ :param obj: the object to encode into a query string.
+ :param stream: a stream to write the encoded object into or `None` if
+ an iterator over the encoded pairs should be returned. In
+ that case the separator argument is ignored.
+ :param charset: the charset of the query string.
+ :param encode_keys: set to `True` if you have unicode keys. (Ignored on
+ Python 3.x)
+ :param sort: set to `True` if you want parameters to be sorted by `key`.
+ :param separator: the separator to be used for the pairs.
+ :param key: an optional function to be used for sorting. For more details
+ check out the :func:`sorted` documentation.
+ """
+ separator = to_native(separator, 'ascii')
+ gen = _url_encode_impl(obj, charset, encode_keys, sort, key)
+ if stream is None:
+ return gen
+ for idx, chunk in enumerate(gen):
+ if idx:
+ stream.write(separator)
+ stream.write(chunk)
+
+
+def url_join(base, url, allow_fragments=True):
+ """Join a base URL and a possibly relative URL to form an absolute
+ interpretation of the latter.
+
+ :param base: the base URL for the join operation.
+ :param url: the URL to join.
+ :param allow_fragments: indicates whether fragments should be allowed.
+ """
+ if isinstance(base, tuple):
+ base = url_unparse(base)
+ if isinstance(url, tuple):
+ url = url_unparse(url)
+
+ base, url = normalize_string_tuple((base, url))
+ s = make_literal_wrapper(base)
+
+ if not base:
+ return url
+ if not url:
+ return base
+
+ bscheme, bnetloc, bpath, bquery, bfragment = \
+ url_parse(base, allow_fragments=allow_fragments)
+ scheme, netloc, path, query, fragment = \
+ url_parse(url, bscheme, allow_fragments)
+ if scheme != bscheme:
+ return url
+ if netloc:
+ return url_unparse((scheme, netloc, path, query, fragment))
+ netloc = bnetloc
+
+ if path[:1] == s('/'):
+ segments = path.split(s('/'))
+ elif not path:
+ segments = bpath.split(s('/'))
+ if not query:
+ query = bquery
+ else:
+ segments = bpath.split(s('/'))[:-1] + path.split(s('/'))
+
+ # If the rightmost part is "./" we want to keep the slash but
+ # remove the dot.
+ if segments[-1] == s('.'):
+ segments[-1] = s('')
+
+ # Resolve ".." and "."
+ segments = [segment for segment in segments if segment != s('.')]
+ while 1:
+ i = 1
+ n = len(segments) - 1
+ while i < n:
+ if segments[i] == s('..') and \
+ segments[i - 1] not in (s(''), s('..')):
+ del segments[i - 1:i + 1]
+ break
+ i += 1
+ else:
+ break
+
+ # Remove trailing ".." if the URL is absolute
+ unwanted_marker = [s(''), s('..')]
+ while segments[:2] == unwanted_marker:
+ del segments[1]
+
+ path = s('/').join(segments)
+ return url_unparse((scheme, netloc, path, query, fragment))
+
+
+class Href(object):
+
+ """Implements a callable that constructs URLs with the given base. The
+ function can be called with any number of positional and keyword
+ arguments which than are used to assemble the URL. Works with URLs
+ and posix paths.
+
+ Positional arguments are appended as individual segments to
+ the path of the URL:
+
+ >>> href = Href('/foo')
+ >>> href('bar', 23)
+ '/foo/bar/23'
+ >>> href('foo', bar=23)
+ '/foo/foo?bar=23'
+
+ If any of the arguments (positional or keyword) evaluates to `None` it
+ will be skipped. If no keyword arguments are given the last argument
+ can be a :class:`dict` or :class:`MultiDict` (or any other dict subclass),
+ otherwise the keyword arguments are used for the query parameters, cutting
+ off the first trailing underscore of the parameter name:
+
+ >>> href(is_=42)
+ '/foo?is=42'
+ >>> href({'foo': 'bar'})
+ '/foo?foo=bar'
+
+ Combining of both methods is not allowed:
+
+ >>> href({'foo': 'bar'}, bar=42)
+ Traceback (most recent call last):
+ ...
+ TypeError: keyword arguments and query-dicts can't be combined
+
+ Accessing attributes on the href object creates a new href object with
+ the attribute name as prefix:
+
+ >>> bar_href = href.bar
+ >>> bar_href("blub")
+ '/foo/bar/blub'
+
+ If `sort` is set to `True` the items are sorted by `key` or the default
+ sorting algorithm:
+
+ >>> href = Href("/", sort=True)
+ >>> href(a=1, b=2, c=3)
+ '/?a=1&b=2&c=3'
+
+ .. versionadded:: 0.5
+ `sort` and `key` were added.
+ """
+
+ def __init__(self, base='./', charset='utf-8', sort=False, key=None):
+ if not base:
+ base = './'
+ self.base = base
+ self.charset = charset
+ self.sort = sort
+ self.key = key
+
+ def __getattr__(self, name):
+ if name[:2] == '__':
+ raise AttributeError(name)
+ base = self.base
+ if base[-1:] != '/':
+ base += '/'
+ return Href(url_join(base, name), self.charset, self.sort, self.key)
+
+ def __call__(self, *path, **query):
+ if path and isinstance(path[-1], dict):
+ if query:
+ raise TypeError('keyword arguments and query-dicts '
+ 'can\'t be combined')
+ query, path = path[-1], path[:-1]
+ elif query:
+ query = dict([(k.endswith('_') and k[:-1] or k, v)
+ for k, v in query.items()])
+ path = '/'.join([to_unicode(url_quote(x, self.charset), 'ascii')
+ for x in path if x is not None]).lstrip('/')
+ rv = self.base
+ if path:
+ if not rv.endswith('/'):
+ rv += '/'
+ rv = url_join(rv, './' + path)
+ if query:
+ rv += '?' + to_unicode(url_encode(query, self.charset, sort=self.sort,
+ key=self.key), 'ascii')
+ return to_native(rv)
diff --git a/website/web/Lib/site-packages/werkzeug/useragents.py b/website/web/Lib/site-packages/werkzeug/useragents.py
new file mode 100644
index 000000000..4d7d41f1c
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/useragents.py
@@ -0,0 +1,212 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.useragents
+ ~~~~~~~~~~~~~~~~~~~
+
+ This module provides a helper to inspect user agent strings. This module
+ is far from complete but should work for most of the currently available
+ browsers.
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import re
+
+
+class UserAgentParser(object):
+
+ """A simple user agent parser. Used by the `UserAgent`."""
+
+ platforms = (
+ ('cros', 'chromeos'),
+ ('iphone|ios', 'iphone'),
+ ('ipad', 'ipad'),
+ (r'darwin|mac|os\s*x', 'macos'),
+ ('win', 'windows'),
+ (r'android', 'android'),
+ ('netbsd', 'netbsd'),
+ ('openbsd', 'openbsd'),
+ ('freebsd', 'freebsd'),
+ ('dragonfly', 'dragonflybsd'),
+ ('(sun|i86)os', 'solaris'),
+ (r'x11|lin(\b|ux)?', 'linux'),
+ (r'nintendo\s+wii', 'wii'),
+ ('irix', 'irix'),
+ ('hp-?ux', 'hpux'),
+ ('aix', 'aix'),
+ ('sco|unix_sv', 'sco'),
+ ('bsd', 'bsd'),
+ ('amiga', 'amiga'),
+ ('blackberry|playbook', 'blackberry'),
+ ('symbian', 'symbian')
+ )
+ browsers = (
+ ('googlebot', 'google'),
+ ('msnbot', 'msn'),
+ ('yahoo', 'yahoo'),
+ ('ask jeeves', 'ask'),
+ (r'aol|america\s+online\s+browser', 'aol'),
+ ('opera', 'opera'),
+ ('edge', 'edge'),
+ ('chrome', 'chrome'),
+ ('seamonkey', 'seamonkey'),
+ ('firefox|firebird|phoenix|iceweasel', 'firefox'),
+ ('galeon', 'galeon'),
+ ('safari|version', 'safari'),
+ ('webkit', 'webkit'),
+ ('camino', 'camino'),
+ ('konqueror', 'konqueror'),
+ ('k-meleon', 'kmeleon'),
+ ('netscape', 'netscape'),
+ (r'msie|microsoft\s+internet\s+explorer|trident/.+? rv:', 'msie'),
+ ('lynx', 'lynx'),
+ ('links', 'links'),
+ ('Baiduspider', 'baidu'),
+ ('bingbot', 'bing'),
+ ('mozilla', 'mozilla')
+ )
+
+ _browser_version_re = r'(?:%s)[/\sa-z(]*(\d+[.\da-z]+)?'
+ _language_re = re.compile(
+ r'(?:;\s*|\s+)(\b\w{2}\b(?:-\b\w{2}\b)?)\s*;|'
+ r'(?:\(|\[|;)\s*(\b\w{2}\b(?:-\b\w{2}\b)?)\s*(?:\]|\)|;)'
+ )
+
+ def __init__(self):
+ self.platforms = [(b, re.compile(a, re.I)) for a, b in self.platforms]
+ self.browsers = [(b, re.compile(self._browser_version_re % a, re.I))
+ for a, b in self.browsers]
+
+ def __call__(self, user_agent):
+ for platform, regex in self.platforms:
+ match = regex.search(user_agent)
+ if match is not None:
+ break
+ else:
+ platform = None
+ for browser, regex in self.browsers:
+ match = regex.search(user_agent)
+ if match is not None:
+ version = match.group(1)
+ break
+ else:
+ browser = version = None
+ match = self._language_re.search(user_agent)
+ if match is not None:
+ language = match.group(1) or match.group(2)
+ else:
+ language = None
+ return platform, browser, version, language
+
+
+class UserAgent(object):
+
+ """Represents a user agent. Pass it a WSGI environment or a user agent
+ string and you can inspect some of the details from the user agent
+ string via the attributes. The following attributes exist:
+
+ .. attribute:: string
+
+ the raw user agent string
+
+ .. attribute:: platform
+
+ the browser platform. The following platforms are currently
+ recognized:
+
+ - `aix`
+ - `amiga`
+ - `android`
+ - `blackberry`
+ - `bsd`
+ - `chromeos`
+ - `dragonflybsd`
+ - `freebsd`
+ - `hpux`
+ - `ipad`
+ - `iphone`
+ - `irix`
+ - `linux`
+ - `macos`
+ - `netbsd`
+ - `openbsd`
+ - `sco`
+ - `solaris`
+ - `symbian`
+ - `wii`
+ - `windows`
+
+ .. attribute:: browser
+
+ the name of the browser. The following browsers are currently
+ recognized:
+
+ - `aol` *
+ - `ask` *
+ - `baidu` *
+ - `bing` *
+ - `camino`
+ - `chrome`
+ - `firefox`
+ - `galeon`
+ - `google` *
+ - `kmeleon`
+ - `konqueror`
+ - `links`
+ - `lynx`
+ - `mozilla`
+ - `msie`
+ - `msn`
+ - `netscape`
+ - `opera`
+ - `safari`
+ - `seamonkey`
+ - `webkit`
+ - `yahoo` *
+
+ (Browsers marked with a star (``*``) are crawlers.)
+
+ .. attribute:: version
+
+ the version of the browser
+
+ .. attribute:: language
+
+ the language of the browser
+ """
+
+ _parser = UserAgentParser()
+
+ def __init__(self, environ_or_string):
+ if isinstance(environ_or_string, dict):
+ environ_or_string = environ_or_string.get('HTTP_USER_AGENT', '')
+ self.string = environ_or_string
+ self.platform, self.browser, self.version, self.language = \
+ self._parser(environ_or_string)
+
+ def to_header(self):
+ return self.string
+
+ def __str__(self):
+ return self.string
+
+ def __nonzero__(self):
+ return bool(self.browser)
+
+ __bool__ = __nonzero__
+
+ def __repr__(self):
+ return '<%s %r/%s>' % (
+ self.__class__.__name__,
+ self.browser,
+ self.version
+ )
+
+
+# conceptionally this belongs in this module but because we want to lazily
+# load the user agent module (which happens in wrappers.py) we have to import
+# it afterwards. The class itself has the module set to this module so
+# pickle, inspect and similar modules treat the object as if it was really
+# implemented here.
+from werkzeug.wrappers import UserAgentMixin # noqa
diff --git a/website/web/Lib/site-packages/werkzeug/utils.py b/website/web/Lib/site-packages/werkzeug/utils.py
new file mode 100644
index 000000000..918e7e5b6
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/utils.py
@@ -0,0 +1,628 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.utils
+ ~~~~~~~~~~~~~~
+
+ This module implements various utilities for WSGI applications. Most of
+ them are used by the request and response wrappers but especially for
+ middleware development it makes sense to use them without the wrappers.
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+import re
+import os
+import sys
+import pkgutil
+try:
+ from html.entities import name2codepoint
+except ImportError:
+ from htmlentitydefs import name2codepoint
+
+from werkzeug._compat import unichr, text_type, string_types, iteritems, \
+ reraise, PY2
+from werkzeug._internal import _DictAccessorProperty, \
+ _parse_signature, _missing
+
+
+_format_re = re.compile(r'\$(?:(%s)|\{(%s)\})' % (('[a-zA-Z_][a-zA-Z0-9_]*',) * 2))
+_entity_re = re.compile(r'&([^;]+);')
+_filename_ascii_strip_re = re.compile(r'[^A-Za-z0-9_.-]')
+_windows_device_files = ('CON', 'AUX', 'COM1', 'COM2', 'COM3', 'COM4', 'LPT1',
+ 'LPT2', 'LPT3', 'PRN', 'NUL')
+
+
+class cached_property(property):
+
+ """A decorator that converts a function into a lazy property. The
+ function wrapped is called the first time to retrieve the result
+ and then that calculated result is used the next time you access
+ the value::
+
+ class Foo(object):
+
+ @cached_property
+ def foo(self):
+ # calculate something important here
+ return 42
+
+ The class has to have a `__dict__` in order for this property to
+ work.
+ """
+
+ # implementation detail: A subclass of python's builtin property
+ # decorator, we override __get__ to check for a cached value. If one
+ # choses to invoke __get__ by hand the property will still work as
+ # expected because the lookup logic is replicated in __get__ for
+ # manual invocation.
+
+ def __init__(self, func, name=None, doc=None):
+ self.__name__ = name or func.__name__
+ self.__module__ = func.__module__
+ self.__doc__ = doc or func.__doc__
+ self.func = func
+
+ def __set__(self, obj, value):
+ obj.__dict__[self.__name__] = value
+
+ def __get__(self, obj, type=None):
+ if obj is None:
+ return self
+ value = obj.__dict__.get(self.__name__, _missing)
+ if value is _missing:
+ value = self.func(obj)
+ obj.__dict__[self.__name__] = value
+ return value
+
+
+class environ_property(_DictAccessorProperty):
+
+ """Maps request attributes to environment variables. This works not only
+ for the Werzeug request object, but also any other class with an
+ environ attribute:
+
+ >>> class Test(object):
+ ... environ = {'key': 'value'}
+ ... test = environ_property('key')
+ >>> var = Test()
+ >>> var.test
+ 'value'
+
+ If you pass it a second value it's used as default if the key does not
+ exist, the third one can be a converter that takes a value and converts
+ it. If it raises :exc:`ValueError` or :exc:`TypeError` the default value
+ is used. If no default value is provided `None` is used.
+
+ Per default the property is read only. You have to explicitly enable it
+ by passing ``read_only=False`` to the constructor.
+ """
+
+ read_only = True
+
+ def lookup(self, obj):
+ return obj.environ
+
+
+class header_property(_DictAccessorProperty):
+
+ """Like `environ_property` but for headers."""
+
+ def lookup(self, obj):
+ return obj.headers
+
+
+class HTMLBuilder(object):
+
+ """Helper object for HTML generation.
+
+ Per default there are two instances of that class. The `html` one, and
+ the `xhtml` one for those two dialects. The class uses keyword parameters
+ and positional parameters to generate small snippets of HTML.
+
+ Keyword parameters are converted to XML/SGML attributes, positional
+ arguments are used as children. Because Python accepts positional
+ arguments before keyword arguments it's a good idea to use a list with the
+ star-syntax for some children:
+
+ >>> html.p(class_='foo', *[html.a('foo', href='foo.html'), ' ',
+ ... html.a('bar', href='bar.html')])
+ u'
'
+
+ This class works around some browser limitations and can not be used for
+ arbitrary SGML/XML generation. For that purpose lxml and similar
+ libraries exist.
+
+ Calling the builder escapes the string passed:
+
+ >>> html.p(html(""))
+ u'
<foo>
'
+ """
+
+ _entity_re = re.compile(r'&([^;]+);')
+ _entities = name2codepoint.copy()
+ _entities['apos'] = 39
+ _empty_elements = set([
+ 'area', 'base', 'basefont', 'br', 'col', 'command', 'embed', 'frame',
+ 'hr', 'img', 'input', 'keygen', 'isindex', 'link', 'meta', 'param',
+ 'source', 'wbr'
+ ])
+ _boolean_attributes = set([
+ 'selected', 'checked', 'compact', 'declare', 'defer', 'disabled',
+ 'ismap', 'multiple', 'nohref', 'noresize', 'noshade', 'nowrap'
+ ])
+ _plaintext_elements = set(['textarea'])
+ _c_like_cdata = set(['script', 'style'])
+
+ def __init__(self, dialect):
+ self._dialect = dialect
+
+ def __call__(self, s):
+ return escape(s)
+
+ def __getattr__(self, tag):
+ if tag[:2] == '__':
+ raise AttributeError(tag)
+
+ def proxy(*children, **arguments):
+ buffer = '<' + tag
+ for key, value in iteritems(arguments):
+ if value is None:
+ continue
+ if key[-1] == '_':
+ key = key[:-1]
+ if key in self._boolean_attributes:
+ if not value:
+ continue
+ if self._dialect == 'xhtml':
+ value = '="' + key + '"'
+ else:
+ value = ''
+ else:
+ value = '="' + escape(value) + '"'
+ buffer += ' ' + key + value
+ if not children and tag in self._empty_elements:
+ if self._dialect == 'xhtml':
+ buffer += ' />'
+ else:
+ buffer += '>'
+ return buffer
+ buffer += '>'
+
+ children_as_string = ''.join([text_type(x) for x in children
+ if x is not None])
+
+ if children_as_string:
+ if tag in self._plaintext_elements:
+ children_as_string = escape(children_as_string)
+ elif tag in self._c_like_cdata and self._dialect == 'xhtml':
+ children_as_string = '/**/'
+ buffer += children_as_string + ''
+ return buffer
+ return proxy
+
+ def __repr__(self):
+ return '<%s for %r>' % (
+ self.__class__.__name__,
+ self._dialect
+ )
+
+
+html = HTMLBuilder('html')
+xhtml = HTMLBuilder('xhtml')
+
+
+def get_content_type(mimetype, charset):
+ """Returns the full content type string with charset for a mimetype.
+
+ If the mimetype represents text the charset will be appended as charset
+ parameter, otherwise the mimetype is returned unchanged.
+
+ :param mimetype: the mimetype to be used as content type.
+ :param charset: the charset to be appended in case it was a text mimetype.
+ :return: the content type.
+ """
+ if mimetype.startswith('text/') or \
+ mimetype == 'application/xml' or \
+ (mimetype.startswith('application/') and
+ mimetype.endswith('+xml')):
+ mimetype += '; charset=' + charset
+ return mimetype
+
+
+def format_string(string, context):
+ """String-template format a string:
+
+ >>> format_string('$foo and ${foo}s', dict(foo=42))
+ '42 and 42s'
+
+ This does not do any attribute lookup etc. For more advanced string
+ formattings have a look at the `werkzeug.template` module.
+
+ :param string: the format string.
+ :param context: a dict with the variables to insert.
+ """
+ def lookup_arg(match):
+ x = context[match.group(1) or match.group(2)]
+ if not isinstance(x, string_types):
+ x = type(string)(x)
+ return x
+ return _format_re.sub(lookup_arg, string)
+
+
+def secure_filename(filename):
+ r"""Pass it a filename and it will return a secure version of it. This
+ filename can then safely be stored on a regular file system and passed
+ to :func:`os.path.join`. The filename returned is an ASCII only string
+ for maximum portability.
+
+ On windows systems the function also makes sure that the file is not
+ named after one of the special device files.
+
+ >>> secure_filename("My cool movie.mov")
+ 'My_cool_movie.mov'
+ >>> secure_filename("../../../etc/passwd")
+ 'etc_passwd'
+ >>> secure_filename(u'i contain cool \xfcml\xe4uts.txt')
+ 'i_contain_cool_umlauts.txt'
+
+ The function might return an empty filename. It's your responsibility
+ to ensure that the filename is unique and that you generate random
+ filename if the function returned an empty one.
+
+ .. versionadded:: 0.5
+
+ :param filename: the filename to secure
+ """
+ if isinstance(filename, text_type):
+ from unicodedata import normalize
+ filename = normalize('NFKD', filename).encode('ascii', 'ignore')
+ if not PY2:
+ filename = filename.decode('ascii')
+ for sep in os.path.sep, os.path.altsep:
+ if sep:
+ filename = filename.replace(sep, ' ')
+ filename = str(_filename_ascii_strip_re.sub('', '_'.join(
+ filename.split()))).strip('._')
+
+ # on nt a couple of special files are present in each folder. We
+ # have to ensure that the target file is not such a filename. In
+ # this case we prepend an underline
+ if os.name == 'nt' and filename and \
+ filename.split('.')[0].upper() in _windows_device_files:
+ filename = '_' + filename
+
+ return filename
+
+
+def escape(s, quote=None):
+ """Replace special characters "&", "<", ">" and (") to HTML-safe sequences.
+
+ There is a special handling for `None` which escapes to an empty string.
+
+ .. versionchanged:: 0.9
+ `quote` is now implicitly on.
+
+ :param s: the string to escape.
+ :param quote: ignored.
+ """
+ if s is None:
+ return ''
+ elif hasattr(s, '__html__'):
+ return text_type(s.__html__())
+ elif not isinstance(s, string_types):
+ s = text_type(s)
+ if quote is not None:
+ from warnings import warn
+ warn(DeprecationWarning('quote parameter is implicit now'), stacklevel=2)
+ s = s.replace('&', '&').replace('<', '<') \
+ .replace('>', '>').replace('"', """)
+ return s
+
+
+def unescape(s):
+ """The reverse function of `escape`. This unescapes all the HTML
+ entities, not only the XML entities inserted by `escape`.
+
+ :param s: the string to unescape.
+ """
+ def handle_match(m):
+ name = m.group(1)
+ if name in HTMLBuilder._entities:
+ return unichr(HTMLBuilder._entities[name])
+ try:
+ if name[:2] in ('#x', '#X'):
+ return unichr(int(name[2:], 16))
+ elif name.startswith('#'):
+ return unichr(int(name[1:]))
+ except ValueError:
+ pass
+ return u''
+ return _entity_re.sub(handle_match, s)
+
+
+def redirect(location, code=302, Response=None):
+ """Returns a response object (a WSGI application) that, if called,
+ redirects the client to the target location. Supported codes are 301,
+ 302, 303, 305, and 307. 300 is not supported because it's not a real
+ redirect and 304 because it's the answer for a request with a request
+ with defined If-Modified-Since headers.
+
+ .. versionadded:: 0.6
+ The location can now be a unicode string that is encoded using
+ the :func:`iri_to_uri` function.
+
+ .. versionadded:: 0.10
+ The class used for the Response object can now be passed in.
+
+ :param location: the location the response should redirect to.
+ :param code: the redirect status code. defaults to 302.
+ :param class Response: a Response class to use when instantiating a
+ response. The default is :class:`werkzeug.wrappers.Response` if
+ unspecified.
+ """
+ if Response is None:
+ from werkzeug.wrappers import Response
+
+ display_location = escape(location)
+ if isinstance(location, text_type):
+ # Safe conversion is necessary here as we might redirect
+ # to a broken URI scheme (for instance itms-services).
+ from werkzeug.urls import iri_to_uri
+ location = iri_to_uri(location, safe_conversion=True)
+ response = Response(
+ '\n'
+ 'Redirecting...\n'
+ '
Redirecting...
\n'
+ '
You should be redirected automatically to target URL: '
+ '%s. If not click the link.' %
+ (escape(location), display_location), code, mimetype='text/html')
+ response.headers['Location'] = location
+ return response
+
+
+def append_slash_redirect(environ, code=301):
+ """Redirects to the same URL but with a slash appended. The behavior
+ of this function is undefined if the path ends with a slash already.
+
+ :param environ: the WSGI environment for the request that triggers
+ the redirect.
+ :param code: the status code for the redirect.
+ """
+ new_path = environ['PATH_INFO'].strip('/') + '/'
+ query_string = environ.get('QUERY_STRING')
+ if query_string:
+ new_path += '?' + query_string
+ return redirect(new_path, code)
+
+
+def import_string(import_name, silent=False):
+ """Imports an object based on a string. This is useful if you want to
+ use import paths as endpoints or something similar. An import path can
+ be specified either in dotted notation (``xml.sax.saxutils.escape``)
+ or with a colon as object delimiter (``xml.sax.saxutils:escape``).
+
+ If `silent` is True the return value will be `None` if the import fails.
+
+ :param import_name: the dotted name for the object to import.
+ :param silent: if set to `True` import errors are ignored and
+ `None` is returned instead.
+ :return: imported object
+ """
+ # force the import name to automatically convert to strings
+ # __import__ is not able to handle unicode strings in the fromlist
+ # if the module is a package
+ import_name = str(import_name).replace(':', '.')
+ try:
+ try:
+ __import__(import_name)
+ except ImportError:
+ if '.' not in import_name:
+ raise
+ else:
+ return sys.modules[import_name]
+
+ module_name, obj_name = import_name.rsplit('.', 1)
+ try:
+ module = __import__(module_name, None, None, [obj_name])
+ except ImportError:
+ # support importing modules not yet set up by the parent module
+ # (or package for that matter)
+ module = import_string(module_name)
+
+ try:
+ return getattr(module, obj_name)
+ except AttributeError as e:
+ raise ImportError(e)
+
+ except ImportError as e:
+ if not silent:
+ reraise(
+ ImportStringError,
+ ImportStringError(import_name, e),
+ sys.exc_info()[2])
+
+
+def find_modules(import_path, include_packages=False, recursive=False):
+ """Finds all the modules below a package. This can be useful to
+ automatically import all views / controllers so that their metaclasses /
+ function decorators have a chance to register themselves on the
+ application.
+
+ Packages are not returned unless `include_packages` is `True`. This can
+ also recursively list modules but in that case it will import all the
+ packages to get the correct load path of that module.
+
+ :param import_path: the dotted name for the package to find child modules.
+ :param include_packages: set to `True` if packages should be returned, too.
+ :param recursive: set to `True` if recursion should happen.
+ :return: generator
+ """
+ module = import_string(import_path)
+ path = getattr(module, '__path__', None)
+ if path is None:
+ raise ValueError('%r is not a package' % import_path)
+ basename = module.__name__ + '.'
+ for importer, modname, ispkg in pkgutil.iter_modules(path):
+ modname = basename + modname
+ if ispkg:
+ if include_packages:
+ yield modname
+ if recursive:
+ for item in find_modules(modname, include_packages, True):
+ yield item
+ else:
+ yield modname
+
+
+def validate_arguments(func, args, kwargs, drop_extra=True):
+ """Checks if the function accepts the arguments and keyword arguments.
+ Returns a new ``(args, kwargs)`` tuple that can safely be passed to
+ the function without causing a `TypeError` because the function signature
+ is incompatible. If `drop_extra` is set to `True` (which is the default)
+ any extra positional or keyword arguments are dropped automatically.
+
+ The exception raised provides three attributes:
+
+ `missing`
+ A set of argument names that the function expected but where
+ missing.
+
+ `extra`
+ A dict of keyword arguments that the function can not handle but
+ where provided.
+
+ `extra_positional`
+ A list of values that where given by positional argument but the
+ function cannot accept.
+
+ This can be useful for decorators that forward user submitted data to
+ a view function::
+
+ from werkzeug.utils import ArgumentValidationError, validate_arguments
+
+ def sanitize(f):
+ def proxy(request):
+ data = request.values.to_dict()
+ try:
+ args, kwargs = validate_arguments(f, (request,), data)
+ except ArgumentValidationError:
+ raise BadRequest('The browser failed to transmit all '
+ 'the data expected.')
+ return f(*args, **kwargs)
+ return proxy
+
+ :param func: the function the validation is performed against.
+ :param args: a tuple of positional arguments.
+ :param kwargs: a dict of keyword arguments.
+ :param drop_extra: set to `False` if you don't want extra arguments
+ to be silently dropped.
+ :return: tuple in the form ``(args, kwargs)``.
+ """
+ parser = _parse_signature(func)
+ args, kwargs, missing, extra, extra_positional = parser(args, kwargs)[:5]
+ if missing:
+ raise ArgumentValidationError(tuple(missing))
+ elif (extra or extra_positional) and not drop_extra:
+ raise ArgumentValidationError(None, extra, extra_positional)
+ return tuple(args), kwargs
+
+
+def bind_arguments(func, args, kwargs):
+ """Bind the arguments provided into a dict. When passed a function,
+ a tuple of arguments and a dict of keyword arguments `bind_arguments`
+ returns a dict of names as the function would see it. This can be useful
+ to implement a cache decorator that uses the function arguments to build
+ the cache key based on the values of the arguments.
+
+ :param func: the function the arguments should be bound for.
+ :param args: tuple of positional arguments.
+ :param kwargs: a dict of keyword arguments.
+ :return: a :class:`dict` of bound keyword arguments.
+ """
+ args, kwargs, missing, extra, extra_positional, \
+ arg_spec, vararg_var, kwarg_var = _parse_signature(func)(args, kwargs)
+ values = {}
+ for (name, has_default, default), value in zip(arg_spec, args):
+ values[name] = value
+ if vararg_var is not None:
+ values[vararg_var] = tuple(extra_positional)
+ elif extra_positional:
+ raise TypeError('too many positional arguments')
+ if kwarg_var is not None:
+ multikw = set(extra) & set([x[0] for x in arg_spec])
+ if multikw:
+ raise TypeError('got multiple values for keyword argument ' +
+ repr(next(iter(multikw))))
+ values[kwarg_var] = extra
+ elif extra:
+ raise TypeError('got unexpected keyword argument ' +
+ repr(next(iter(extra))))
+ return values
+
+
+class ArgumentValidationError(ValueError):
+
+ """Raised if :func:`validate_arguments` fails to validate"""
+
+ def __init__(self, missing=None, extra=None, extra_positional=None):
+ self.missing = set(missing or ())
+ self.extra = extra or {}
+ self.extra_positional = extra_positional or []
+ ValueError.__init__(self, 'function arguments invalid. ('
+ '%d missing, %d additional)' % (
+ len(self.missing),
+ len(self.extra) + len(self.extra_positional)
+ ))
+
+
+class ImportStringError(ImportError):
+
+ """Provides information about a failed :func:`import_string` attempt."""
+
+ #: String in dotted notation that failed to be imported.
+ import_name = None
+ #: Wrapped exception.
+ exception = None
+
+ def __init__(self, import_name, exception):
+ self.import_name = import_name
+ self.exception = exception
+
+ msg = (
+ 'import_string() failed for %r. Possible reasons are:\n\n'
+ '- missing __init__.py in a package;\n'
+ '- package or module path not included in sys.path;\n'
+ '- duplicated package or module name taking precedence in '
+ 'sys.path;\n'
+ '- missing module, class, function or variable;\n\n'
+ 'Debugged import:\n\n%s\n\n'
+ 'Original exception:\n\n%s: %s')
+
+ name = ''
+ tracked = []
+ for part in import_name.replace(':', '.').split('.'):
+ name += (name and '.') + part
+ imported = import_string(name, silent=True)
+ if imported:
+ tracked.append((name, getattr(imported, '__file__', None)))
+ else:
+ track = ['- %r found in %r.' % (n, i) for n, i in tracked]
+ track.append('- %r not found.' % name)
+ msg = msg % (import_name, '\n'.join(track),
+ exception.__class__.__name__, str(exception))
+ break
+
+ ImportError.__init__(self, msg)
+
+ def __repr__(self):
+ return '<%s(%r, %r)>' % (self.__class__.__name__, self.import_name,
+ self.exception)
+
+
+# DEPRECATED
+# these objects were previously in this module as well. we import
+# them here for backwards compatibility with old pickles.
+from werkzeug.datastructures import ( # noqa
+ MultiDict, CombinedMultiDict, Headers, EnvironHeaders)
+from werkzeug.http import parse_cookie, dump_cookie # noqa
diff --git a/website/web/Lib/site-packages/werkzeug/websocket.py b/website/web/Lib/site-packages/werkzeug/websocket.py
new file mode 100644
index 000000000..764698b70
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/websocket.py
@@ -0,0 +1,337 @@
+import re
+import errno
+import socket
+import struct
+import collections
+
+from base64 import b64decode, b64encode
+from hashlib import sha1
+
+
+WS_KEY = b'258EAFA5-E914-47DA-95CA-C5AB0DC85B11'
+
+
+def pack_message(message):
+ """Pack the message inside ``00`` and ``FF``
+ As per the dataframing section (5.3) for the websocket spec
+ """
+ if isinstance(message, unicode):
+ message = message.encode('utf-8')
+ elif not isinstance(message, str):
+ message = str(message)
+ packed = "\x00%s\xFF" % message
+ return packed
+
+
+def encode_hybi(buf, opcode, base64=False):
+ """ Encode a HyBi style WebSocket frame.
+ Optional opcode:
+ 0x0 - continuation
+ 0x1 - text frame (base64 encode buf)
+ 0x2 - binary frame (use raw buf)
+ 0x8 - connection close
+ 0x9 - ping
+ 0xA - pong
+ """
+ if base64:
+ buf = b64encode(buf)
+ b1 = 0x80 | (opcode & 0x0f) # FIN + opcode
+ payload_len = len(buf)
+ if payload_len <= 125:
+ header = struct.pack('>BB', b1, payload_len)
+ elif payload_len > 125 and payload_len < 65536:
+ header = struct.pack('>BBH', b1, 126, payload_len)
+ elif payload_len >= 65536:
+ header = struct.pack('>BBQ', b1, 127, payload_len)
+ return header + buf, len(header), 0
+
+
+def decode_hybi(buf, base64=False):
+ """Decode HyBi style WebSocket packets."""
+ f = {'fin' : 0,
+ 'opcode' : 0,
+ 'mask' : 0,
+ 'hlen' : 2,
+ 'length' : 0,
+ 'payload' : None,
+ 'left' : 0,
+ 'close_code' : None,
+ 'close_reason' : None}
+
+ blen = len(buf)
+ f['left'] = blen
+
+ if blen < f['hlen']:
+ return f # Incomplete frame header
+
+ b1, b2 = struct.unpack_from(">BB", buf)
+ f['opcode'] = b1 & 0x0f
+ f['fin'] = (b1 & 0x80) >> 7
+ has_mask = (b2 & 0x80) >> 7
+
+ f['length'] = b2 & 0x7f
+
+ if f['length'] == 126:
+ f['hlen'] = 4
+ if blen < f['hlen']:
+ return f # Incomplete frame header
+ (f['length'],) = struct.unpack_from('>xxH', buf)
+ elif f['length'] == 127:
+ f['hlen'] = 10
+ if blen < f['hlen']:
+ return f # Incomplete frame header
+ (f['length'],) = struct.unpack_from('>xxQ', buf)
+
+ full_len = f['hlen'] + has_mask * 4 + f['length']
+
+ if blen < full_len: # Incomplete frame
+ return f # Incomplete frame header
+
+ # Number of bytes that are part of the next frame(s)
+ f['left'] = blen - full_len
+
+ # Process 1 frame
+ if has_mask:
+ # unmask payload
+ f['mask'] = buf[f['hlen']:f['hlen']+4]
+ b = c = ''
+ if f['length'] >= 4:
+ data = struct.unpack('= 2:
+ f['close_code'] = struct.unpack_from(">H", f['payload'])
+ if f['length'] > 3:
+ f['close_reason'] = f['payload'][2:]
+
+ return f
+
+
+class WebSocketWSGI(object):
+
+ def __init__(self, handler):
+ self.handler = handler
+
+ def verify_client(self, ws):
+ pass
+
+ def __call__(self, environ, start_response):
+ if not (environ.get('HTTP_CONNECTION').find('Upgrade') != -1 and
+ environ['HTTP_UPGRADE'].lower() == 'websocket'):
+ # need to check a few more things here for true compliance
+ start_response('400 Bad Request', [('Connection','close')])
+ return []
+
+ sock = environ['gunicorn.socket']
+
+ ws = WebSocket(sock, environ)
+
+ handshake_reply = ("HTTP/1.1 101 Switching Protocols\r\n"
+ "Upgrade: websocket\r\n"
+ "Connection: Upgrade\r\n")
+
+ path = environ['PATH_INFO']
+ key = environ.get('HTTP_SEC_WEBSOCKET_KEY')
+ if key:
+ ws_key = b64decode(key)
+ if len(ws_key) != 16:
+ start_response('400 Bad Request', [('Connection','close')])
+ return []
+
+ protocols = []
+ subprotocols = environ.get('HTTP_SEC_WEBSOCKET_PROTOCOL')
+ ws_protocols = []
+ if subprotocols:
+ for s in subprotocols.split(','):
+ s = s.strip()
+ if s in protocols:
+ ws_protocols.append(s)
+ if ws_protocols:
+ handshake_reply += 'Sec-WebSocket-Protocol: %s\r\n' % ', '.join(ws_protocols)
+
+ exts = []
+ extensions = environ.get('HTTP_SEC_WEBSOCKET_EXTENSIONS')
+ ws_extensions = []
+ if extensions:
+ for ext in extensions.split(','):
+ ext = ext.strip()
+ if ext in exts:
+ ws_extensions.append(ext)
+ if ws_extensions:
+ handshake_reply += 'Sec-WebSocket-Extensions: %s\r\n' % ', '.join(ws_extensions)
+
+ handshake_reply += (
+ "Sec-WebSocket-Origin: %s\r\n"
+ "Sec-WebSocket-Location: ws://%s%s\r\n"
+ "Sec-WebSocket-Version: %s\r\n"
+ "Sec-WebSocket-Accept: %s\r\n\r\n"
+ % (
+ environ.get('HTTP_ORIGIN'),
+ environ.get('HTTP_HOST'),
+ path,
+ ws.version,
+ b64encode(sha1(key + WS_KEY).digest())
+ ))
+
+ else:
+
+ handshake_reply += (
+ "WebSocket-Origin: %s\r\n"
+ "WebSocket-Location: ws://%s%s\r\n\r\n" % (
+ environ.get('HTTP_ORIGIN'),
+ environ.get('HTTP_HOST'),
+ path))
+
+ sock.sendall(handshake_reply)
+
+ try:
+ self.handler(ws)
+ except socket.error as e:
+ if e[0] != errno.EPIPE:
+ raise
+
+ # use this undocumented feature of grainbows to ensure that it
+ # doesn't barf on the fact that we didn't call start_response
+ return ALREADY_HANDLED
+
+
+class WebSocket(object):
+
+ def __init__(self, sock, environ, version=76):
+ self._socket = sock
+ try:
+ version = int(environ.get('HTTP_SEC_WEBSOCKET_VERSION'))
+ except (ValueError, TypeError):
+ version = 76
+ self.version = version
+ self.closed = False
+ self.accepted = False
+ self._buf = b''
+ self._msgs = collections.deque()
+
+ def _parse_messages(self):
+ """ Parses for messages in the buffer *buf*. It is assumed that
+ the buffer contains the start character for a message, but that it
+ may contain only part of the rest of the message.
+ Returns an array of messages, and the buffer remainder that
+ didn't contain any full messages."""
+ msgs = []
+ end_idx = 0
+ buf = self._buf
+ while buf:
+ if self.version in (7, 8, 13):
+ frame = decode_hybi(buf, base64=False)
+
+ if frame['payload'] == None:
+ break
+ else:
+ if frame['opcode'] == 0x8: # connection close
+ self.closed = True
+ break
+ else:
+ msgs.append(frame['payload']);
+ if frame['left']:
+ buf = buf[-frame['left']:]
+ else:
+ buf = b''
+
+ else:
+ frame_type = ord(buf[0])
+ if frame_type == 0:
+ # Normal message.
+ end_idx = buf.find("\xFF")
+ if end_idx == -1: #pragma NO COVER
+ break
+ msgs.append(buf[1:end_idx].decode('utf-8', 'replace'))
+ buf = buf[end_idx+1:]
+ elif frame_type == 255:
+ # Closing handshake.
+ assert ord(buf[1]) == 0, "Unexpected closing handshake: %r" % buf
+ self.closed = True
+ break
+ else:
+ raise ValueError("Don't understand how to parse this type of message: %r" % buf)
+ self._buf = buf
+ return msgs
+
+ def send(self, message):
+ """Send a message to the browser.
+ *message* should be convertable to a string; unicode objects should be
+ encodable as utf-8. Raises socket.error with errno of 32
+ (broken pipe) if the socket has already been closed by the client.
+ """
+ if self.version in (7, 8, 13):
+ packed, lenhead, lentail = encode_hybi(
+ message, opcode=0x01, base64=False)
+ else:
+ packed = pack_message(message)
+ self._socket.sendall(packed)
+
+ def wait(self):
+ """Waits for and deserializes messages.
+ Returns a single message; the oldest not yet processed. If the client
+ has already closed the connection, returns None. This is different
+ from normal socket behavior because the empty string is a valid
+ websocket message."""
+ while not self._msgs:
+ # Websocket might be closed already.
+ if self.closed:
+ return None
+ # no parsed messages, must mean buf needs more data
+ delta = self._socket.recv(8096)
+ if delta == '':
+ return None
+ self._buf += delta
+ msgs = self._parse_messages()
+ self._msgs.extend(msgs)
+ return self._msgs.popleft()
+
+ def _send_closing_frame(self, ignore_send_errors=False):
+ """Sends the closing frame to the client, if required."""
+ if self.version in (7, 8, 13) and not self.closed:
+ msg = ''
+ #if code != None:
+ # msg = struct.pack(">H%ds" % (len(reason)), code)
+
+ buf, h, t = encode_hybi(msg, opcode=0x08, base64=False)
+ self._socket.sendall(buf)
+ self.closed = True
+
+ elif self.version == 76 and not self.closed:
+ try:
+ self._socket.sendall("\xff\x00")
+ except socket.error:
+ # Sometimes, like when the remote side cuts off the connection,
+ # we don't care about this.
+ if not ignore_send_errors: #pragma NO COVER
+ raise
+ self.closed = True
+
+ def close(self):
+ """Forcibly close the websocket; generally it is preferable to
+ return from the handler method."""
+ self._send_closing_frame()
+ self._socket.shutdown(True)
+ self._socket.close()
diff --git a/website/web/Lib/site-packages/werkzeug/wrappers.py b/website/web/Lib/site-packages/werkzeug/wrappers.py
new file mode 100644
index 000000000..92dfa5dac
--- /dev/null
+++ b/website/web/Lib/site-packages/werkzeug/wrappers.py
@@ -0,0 +1,2028 @@
+# -*- coding: utf-8 -*-
+"""
+ werkzeug.wrappers
+ ~~~~~~~~~~~~~~~~~
+
+ The wrappers are simple request and response objects which you can
+ subclass to do whatever you want them to do. The request object contains
+ the information transmitted by the client (webbrowser) and the response
+ object contains all the information sent back to the browser.
+
+ An important detail is that the request object is created with the WSGI
+ environ and will act as high-level proxy whereas the response object is an
+ actual WSGI application.
+
+ Like everything else in Werkzeug these objects will work correctly with
+ unicode data. Incoming form data parsed by the response object will be
+ decoded into an unicode object if possible and if it makes sense.
+
+
+ :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details.
+ :license: BSD, see LICENSE for more details.
+"""
+from functools import update_wrapper
+from datetime import datetime, timedelta
+from warnings import warn
+
+from werkzeug.http import HTTP_STATUS_CODES, \
+ parse_accept_header, parse_cache_control_header, parse_etags, \
+ parse_date, generate_etag, is_resource_modified, unquote_etag, \
+ quote_etag, parse_set_header, parse_authorization_header, \
+ parse_www_authenticate_header, remove_entity_headers, \
+ parse_options_header, dump_options_header, http_date, \
+ parse_if_range_header, parse_cookie, dump_cookie, \
+ parse_range_header, parse_content_range_header, dump_header, \
+ parse_age, dump_age
+from werkzeug.urls import url_decode, iri_to_uri, url_join
+from werkzeug.formparser import FormDataParser, default_stream_factory
+from werkzeug.utils import cached_property, environ_property, \
+ header_property, get_content_type
+from werkzeug.wsgi import get_current_url, get_host, \
+ ClosingIterator, get_input_stream, get_content_length, _RangeWrapper
+from werkzeug.datastructures import MultiDict, CombinedMultiDict, Headers, \
+ EnvironHeaders, ImmutableMultiDict, ImmutableTypeConversionDict, \
+ ImmutableList, MIMEAccept, CharsetAccept, LanguageAccept, \
+ ResponseCacheControl, RequestCacheControl, CallbackDict, \
+ ContentRange, iter_multi_items
+from werkzeug._internal import _get_environ
+from werkzeug._compat import to_bytes, string_types, text_type, \
+ integer_types, wsgi_decoding_dance, wsgi_get_bytes, \
+ to_unicode, to_native, BytesIO
+
+
+def _run_wsgi_app(*args):
+ """This function replaces itself to ensure that the test module is not
+ imported unless required. DO NOT USE!
+ """
+ global _run_wsgi_app
+ from werkzeug.test import run_wsgi_app as _run_wsgi_app
+ return _run_wsgi_app(*args)
+
+
+def _warn_if_string(iterable):
+ """Helper for the response objects to check if the iterable returned
+ to the WSGI server is not a string.
+ """
+ if isinstance(iterable, string_types):
+ warn(Warning('response iterable was set to a string. This appears '
+ 'to work but means that the server will send the '
+ 'data to the client char, by char. This is almost '
+ 'never intended behavior, use response.data to assign '
+ 'strings to the response object.'), stacklevel=2)
+
+
+def _assert_not_shallow(request):
+ if request.shallow:
+ raise RuntimeError('A shallow request tried to consume '
+ 'form data. If you really want to do '
+ 'that, set `shallow` to False.')
+
+
+def _iter_encoded(iterable, charset):
+ for item in iterable:
+ if isinstance(item, text_type):
+ yield item.encode(charset)
+ else:
+ yield item
+
+
+def _clean_accept_ranges(accept_ranges):
+ if accept_ranges is True:
+ return "bytes"
+ elif accept_ranges is False:
+ return "none"
+ elif isinstance(accept_ranges, text_type):
+ return to_native(accept_ranges)
+ raise ValueError("Invalid accept_ranges value")
+
+
+class BaseRequest(object):
+
+ """Very basic request object. This does not implement advanced stuff like
+ entity tag parsing or cache controls. The request object is created with
+ the WSGI environment as first argument and will add itself to the WSGI
+ environment as ``'werkzeug.request'`` unless it's created with
+ `populate_request` set to False.
+
+ There are a couple of mixins available that add additional functionality
+ to the request object, there is also a class called `Request` which
+ subclasses `BaseRequest` and all the important mixins.
+
+ It's a good idea to create a custom subclass of the :class:`BaseRequest`
+ and add missing functionality either via mixins or direct implementation.
+ Here an example for such subclasses::
+
+ from werkzeug.wrappers import BaseRequest, ETagRequestMixin
+
+ class Request(BaseRequest, ETagRequestMixin):
+ pass
+
+ Request objects are **read only**. As of 0.5 modifications are not
+ allowed in any place. Unlike the lower level parsing functions the
+ request object will use immutable objects everywhere possible.
+
+ Per default the request object will assume all the text data is `utf-8`
+ encoded. Please refer to `the unicode chapter `_ for more
+ details about customizing the behavior.
+
+ Per default the request object will be added to the WSGI
+ environment as `werkzeug.request` to support the debugging system.
+ If you don't want that, set `populate_request` to `False`.
+
+ If `shallow` is `True` the environment is initialized as shallow
+ object around the environ. Every operation that would modify the
+ environ in any way (such as consuming form data) raises an exception
+ unless the `shallow` attribute is explicitly set to `False`. This
+ is useful for middlewares where you don't want to consume the form
+ data by accident. A shallow request is not populated to the WSGI
+ environment.
+
+ .. versionchanged:: 0.5
+ read-only mode was enforced by using immutables classes for all
+ data.
+ """
+
+ #: the charset for the request, defaults to utf-8
+ charset = 'utf-8'
+
+ #: the error handling procedure for errors, defaults to 'replace'
+ encoding_errors = 'replace'
+
+ #: the maximum content length. This is forwarded to the form data
+ #: parsing function (:func:`parse_form_data`). When set and the
+ #: :attr:`form` or :attr:`files` attribute is accessed and the
+ #: parsing fails because more than the specified value is transmitted
+ #: a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` exception is raised.
+ #:
+ #: Have a look at :ref:`dealing-with-request-data` for more details.
+ #:
+ #: .. versionadded:: 0.5
+ max_content_length = None
+
+ #: the maximum form field size. This is forwarded to the form data
+ #: parsing function (:func:`parse_form_data`). When set and the
+ #: :attr:`form` or :attr:`files` attribute is accessed and the
+ #: data in memory for post data is longer than the specified value a
+ #: :exc:`~werkzeug.exceptions.RequestEntityTooLarge` exception is raised.
+ #:
+ #: Have a look at :ref:`dealing-with-request-data` for more details.
+ #:
+ #: .. versionadded:: 0.5
+ max_form_memory_size = None
+
+ #: the class to use for `args` and `form`. The default is an
+ #: :class:`~werkzeug.datastructures.ImmutableMultiDict` which supports
+ #: multiple values per key. alternatively it makes sense to use an
+ #: :class:`~werkzeug.datastructures.ImmutableOrderedMultiDict` which
+ #: preserves order or a :class:`~werkzeug.datastructures.ImmutableDict`
+ #: which is the fastest but only remembers the last key. It is also
+ #: possible to use mutable structures, but this is not recommended.
+ #:
+ #: .. versionadded:: 0.6
+ parameter_storage_class = ImmutableMultiDict
+
+ #: the type to be used for list values from the incoming WSGI environment.
+ #: By default an :class:`~werkzeug.datastructures.ImmutableList` is used
+ #: (for example for :attr:`access_list`).
+ #:
+ #: .. versionadded:: 0.6
+ list_storage_class = ImmutableList
+
+ #: the type to be used for dict values from the incoming WSGI environment.
+ #: By default an
+ #: :class:`~werkzeug.datastructures.ImmutableTypeConversionDict` is used
+ #: (for example for :attr:`cookies`).
+ #:
+ #: .. versionadded:: 0.6
+ dict_storage_class = ImmutableTypeConversionDict
+
+ #: The form data parser that shoud be used. Can be replaced to customize
+ #: the form date parsing.
+ form_data_parser_class = FormDataParser
+
+ #: Optionally a list of hosts that is trusted by this request. By default
+ #: all hosts are trusted which means that whatever the client sends the
+ #: host is will be accepted.
+ #:
+ #: This is the recommended setup as a webserver should manually be set up
+ #: to only route correct hosts to the application, and remove the
+ #: `X-Forwarded-Host` header if it is not being used (see
+ #: :func:`werkzeug.wsgi.get_host`).
+ #:
+ #: .. versionadded:: 0.9
+ trusted_hosts = None
+
+ #: Indicates whether the data descriptor should be allowed to read and
+ #: buffer up the input stream. By default it's enabled.
+ #:
+ #: .. versionadded:: 0.9
+ disable_data_descriptor = False
+
+ def __init__(self, environ, populate_request=True, shallow=False):
+ self.environ = environ
+ if populate_request and not shallow:
+ self.environ['werkzeug.request'] = self
+ self.shallow = shallow
+
+ def __repr__(self):
+ # make sure the __repr__ even works if the request was created
+ # from an invalid WSGI environment. If we display the request
+ # in a debug session we don't want the repr to blow up.
+ args = []
+ try:
+ args.append("'%s'" % to_native(self.url, self.url_charset))
+ args.append('[%s]' % self.method)
+ except Exception:
+ args.append('(invalid WSGI environ)')
+
+ return '<%s %s>' % (
+ self.__class__.__name__,
+ ' '.join(args)
+ )
+
+ @property
+ def url_charset(self):
+ """The charset that is assumed for URLs. Defaults to the value
+ of :attr:`charset`.
+
+ .. versionadded:: 0.6
+ """
+ return self.charset
+
+ @classmethod
+ def from_values(cls, *args, **kwargs):
+ """Create a new request object based on the values provided. If
+ environ is given missing values are filled from there. This method is
+ useful for small scripts when you need to simulate a request from an URL.
+ Do not use this method for unittesting, there is a full featured client
+ object (:class:`Client`) that allows to create multipart requests,
+ support for cookies etc.
+
+ This accepts the same options as the
+ :class:`~werkzeug.test.EnvironBuilder`.
+
+ .. versionchanged:: 0.5
+ This method now accepts the same arguments as
+ :class:`~werkzeug.test.EnvironBuilder`. Because of this the
+ `environ` parameter is now called `environ_overrides`.
+
+ :return: request object
+ """
+ from werkzeug.test import EnvironBuilder
+ charset = kwargs.pop('charset', cls.charset)
+ kwargs['charset'] = charset
+ builder = EnvironBuilder(*args, **kwargs)
+ try:
+ return builder.get_request(cls)
+ finally:
+ builder.close()
+
+ @classmethod
+ def application(cls, f):
+ """Decorate a function as responder that accepts the request as first
+ argument. This works like the :func:`responder` decorator but the
+ function is passed the request object as first argument and the
+ request object will be closed automatically::
+
+ @Request.application
+ def my_wsgi_app(request):
+ return Response('Hello World!')
+
+ As of Werkzeug 0.14 HTTP exceptions are automatically caught and
+ converted to responses instead of failing.
+
+ :param f: the WSGI callable to decorate
+ :return: a new WSGI callable
+ """
+ #: return a callable that wraps the -2nd argument with the request
+ #: and calls the function with all the arguments up to that one and
+ #: the request. The return value is then called with the latest
+ #: two arguments. This makes it possible to use this decorator for
+ #: both methods and standalone WSGI functions.
+ from werkzeug.exceptions import HTTPException
+
+ def application(*args):
+ request = cls(args[-2])
+ with request:
+ try:
+ resp = f(*args[:-2] + (request,))
+ except HTTPException as e:
+ resp = e.get_response(args[-2])
+ return resp(*args[-2:])
+
+ return update_wrapper(application, f)
+
+ def _get_file_stream(self, total_content_length, content_type, filename=None,
+ content_length=None):
+ """Called to get a stream for the file upload.
+
+ This must provide a file-like class with `read()`, `readline()`
+ and `seek()` methods that is both writeable and readable.
+
+ The default implementation returns a temporary file if the total
+ content length is higher than 500KB. Because many browsers do not
+ provide a content length for the files only the total content
+ length matters.
+
+ :param total_content_length: the total content length of all the
+ data in the request combined. This value
+ is guaranteed to be there.
+ :param content_type: the mimetype of the uploaded file.
+ :param filename: the filename of the uploaded file. May be `None`.
+ :param content_length: the length of this file. This value is usually
+ not provided because webbrowsers do not provide
+ this value.
+ """
+ return default_stream_factory(
+ total_content_length=total_content_length,
+ content_type=content_type,
+ filename=filename,
+ content_length=content_length)
+
+ @property
+ def want_form_data_parsed(self):
+ """Returns True if the request method carries content. As of
+ Werkzeug 0.9 this will be the case if a content type is transmitted.
+
+ .. versionadded:: 0.8
+ """
+ return bool(self.environ.get('CONTENT_TYPE'))
+
+ def make_form_data_parser(self):
+ """Creates the form data parser. Instantiates the
+ :attr:`form_data_parser_class` with some parameters.
+
+ .. versionadded:: 0.8
+ """
+ return self.form_data_parser_class(self._get_file_stream,
+ self.charset,
+ self.encoding_errors,
+ self.max_form_memory_size,
+ self.max_content_length,
+ self.parameter_storage_class)
+
+ def _load_form_data(self):
+ """Method used internally to retrieve submitted data. After calling
+ this sets `form` and `files` on the request object to multi dicts
+ filled with the incoming form data. As a matter of fact the input
+ stream will be empty afterwards. You can also call this method to
+ force the parsing of the form data.
+
+ .. versionadded:: 0.8
+ """
+ # abort early if we have already consumed the stream
+ if 'form' in self.__dict__:
+ return
+
+ _assert_not_shallow(self)
+
+ if self.want_form_data_parsed:
+ content_type = self.environ.get('CONTENT_TYPE', '')
+ content_length = get_content_length(self.environ)
+ mimetype, options = parse_options_header(content_type)
+ parser = self.make_form_data_parser()
+ data = parser.parse(self._get_stream_for_parsing(),
+ mimetype, content_length, options)
+ else:
+ data = (self.stream, self.parameter_storage_class(),
+ self.parameter_storage_class())
+
+ # inject the values into the instance dict so that we bypass
+ # our cached_property non-data descriptor.
+ d = self.__dict__
+ d['stream'], d['form'], d['files'] = data
+
+ def _get_stream_for_parsing(self):
+ """This is the same as accessing :attr:`stream` with the difference
+ that if it finds cached data from calling :meth:`get_data` first it
+ will create a new stream out of the cached data.
+
+ .. versionadded:: 0.9.3
+ """
+ cached_data = getattr(self, '_cached_data', None)
+ if cached_data is not None:
+ return BytesIO(cached_data)
+ return self.stream
+
+ def close(self):
+ """Closes associated resources of this request object. This
+ closes all file handles explicitly. You can also use the request
+ object in a with statement which will automatically close it.
+
+ .. versionadded:: 0.9
+ """
+ files = self.__dict__.get('files')
+ for key, value in iter_multi_items(files or ()):
+ value.close()
+
+ def __enter__(self):
+ return self
+
+ def __exit__(self, exc_type, exc_value, tb):
+ self.close()
+
+ @cached_property
+ def stream(self):
+ """
+ If the incoming form data was not encoded with a known mimetype
+ the data is stored unmodified in this stream for consumption. Most
+ of the time it is a better idea to use :attr:`data` which will give
+ you that data as a string. The stream only returns the data once.
+
+ Unlike :attr:`input_stream` this stream is properly guarded that you
+ can't accidentally read past the length of the input. Werkzeug will
+ internally always refer to this stream to read data which makes it
+ possible to wrap this object with a stream that does filtering.
+
+ .. versionchanged:: 0.9
+ This stream is now always available but might be consumed by the
+ form parser later on. Previously the stream was only set if no
+ parsing happened.
+ """
+ _assert_not_shallow(self)
+ return get_input_stream(self.environ)
+
+ input_stream = environ_property('wsgi.input', """
+ The WSGI input stream.
+
+ In general it's a bad idea to use this one because you can easily read past
+ the boundary. Use the :attr:`stream` instead.
+ """)
+
+ @cached_property
+ def args(self):
+ """The parsed URL parameters (the part in the URL after the question
+ mark).
+
+ By default an
+ :class:`~werkzeug.datastructures.ImmutableMultiDict`
+ is returned from this function. This can be changed by setting
+ :attr:`parameter_storage_class` to a different type. This might
+ be necessary if the order of the form data is important.
+ """
+ return url_decode(wsgi_get_bytes(self.environ.get('QUERY_STRING', '')),
+ self.url_charset, errors=self.encoding_errors,
+ cls=self.parameter_storage_class)
+
+ @cached_property
+ def data(self):
+ """
+ Contains the incoming request data as string in case it came with
+ a mimetype Werkzeug does not handle.
+ """
+
+ if self.disable_data_descriptor:
+ raise AttributeError('data descriptor is disabled')
+ # XXX: this should eventually be deprecated.
+
+ # We trigger form data parsing first which means that the descriptor
+ # will not cache the data that would otherwise be .form or .files
+ # data. This restores the behavior that was there in Werkzeug
+ # before 0.9. New code should use :meth:`get_data` explicitly as
+ # this will make behavior explicit.
+ return self.get_data(parse_form_data=True)
+
+ def get_data(self, cache=True, as_text=False, parse_form_data=False):
+ """This reads the buffered incoming data from the client into one
+ bytestring. By default this is cached but that behavior can be
+ changed by setting `cache` to `False`.
+
+ Usually it's a bad idea to call this method without checking the
+ content length first as a client could send dozens of megabytes or more
+ to cause memory problems on the server.
+
+ Note that if the form data was already parsed this method will not
+ return anything as form data parsing does not cache the data like
+ this method does. To implicitly invoke form data parsing function
+ set `parse_form_data` to `True`. When this is done the return value
+ of this method will be an empty string if the form parser handles
+ the data. This generally is not necessary as if the whole data is
+ cached (which is the default) the form parser will used the cached
+ data to parse the form data. Please be generally aware of checking
+ the content length first in any case before calling this method
+ to avoid exhausting server memory.
+
+ If `as_text` is set to `True` the return value will be a decoded
+ unicode string.
+
+ .. versionadded:: 0.9
+ """
+ rv = getattr(self, '_cached_data', None)
+ if rv is None:
+ if parse_form_data:
+ self._load_form_data()
+ rv = self.stream.read()
+ if cache:
+ self._cached_data = rv
+ if as_text:
+ rv = rv.decode(self.charset, self.encoding_errors)
+ return rv
+
+ @cached_property
+ def form(self):
+ """The form parameters. By default an
+ :class:`~werkzeug.datastructures.ImmutableMultiDict`
+ is returned from this function. This can be changed by setting
+ :attr:`parameter_storage_class` to a different type. This might
+ be necessary if the order of the form data is important.
+
+ Please keep in mind that file uploads will not end up here, but instead
+ in the :attr:`files` attribute.
+
+ .. versionchanged:: 0.9
+
+ Previous to Werkzeug 0.9 this would only contain form data for POST
+ and PUT requests.
+ """
+ self._load_form_data()
+ return self.form
+
+ @cached_property
+ def values(self):
+ """A :class:`werkzeug.datastructures.CombinedMultiDict` that combines
+ :attr:`args` and :attr:`form`."""
+ args = []
+ for d in self.args, self.form:
+ if not isinstance(d, MultiDict):
+ d = MultiDict(d)
+ args.append(d)
+ return CombinedMultiDict(args)
+
+ @cached_property
+ def files(self):
+ """:class:`~werkzeug.datastructures.MultiDict` object containing
+ all uploaded files. Each key in :attr:`files` is the name from the
+ ````. Each value in :attr:`files` is a
+ Werkzeug :class:`~werkzeug.datastructures.FileStorage` object.
+
+ It basically behaves like a standard file object you know from Python,
+ with the difference that it also has a
+ :meth:`~werkzeug.datastructures.FileStorage.save` function that can
+ store the file on the filesystem.
+
+ Note that :attr:`files` will only contain data if the request method was
+ POST, PUT or PATCH and the ``