Skip to main content

a library of functions for connecting external apps to/from opencore

Project description

A small library of functions useful for integration with opencore.



  • get_secret(filename)

    Get a shared secret to be used in cookie parsing & construction.

  • generate_cookie_value(username, shared_secret)

    Use this to set a cookie so that opencore will recognize the user as logged in.

  • authenticate_from_cookie(cookie_string, shared_secret)

    Returns (username, hash) for the user identified by the cookie. Throws a BadCookie exception if the cookie is malformed, or a NotAuthenticated exception if the cookie is well-formed but not using the correct shared secret.


  • filter_factory / CustomDeliveranceMiddleware

    A subclass of Deliverance middleware (v0.3) that carries along the original request’s HTTP_X_OPENPLANS_* headers and cookie, when making external subrequests. This allows external applications to properly respect login and context information.

    It also hard-codes the necessary Deliverance ruleset, and theme uri.

    The theme is served by opencore itself, at a @@theme.html view registered on the portal. Here, it is fetched by making an external request to the front of the OpenCore stack, to guarantee that links in the theme are correct.


  • composite_factory / URLDispatcher

    A paste.composite_factory that will dispatch requests to opencore and to other applications (tasktracker and wordpress) based on the URL.

    It will add the necessary request headers before making subrequests.


  • app_factory / RemoteProxy

    A paste.app_factory that will proxy requests to external HTTP calls. Pass a remote_uri with the base href for the app.

    If is_opencore is set, it will rewrite the request to tell Zope’s VirtualHostMonster how links in the response should look.



  • New module libopencore.import_utils
  • New function parse_listen_settings in libopencore.import_utils


  • Added new configuration variable site_root in http_proxy app, for proxying to an opencore (zope) backend. The default value is /openplans/. If you are proxying to an opencore backend where the plone site root is installed elsewhere, or if you are using a ++skin++ layer for customizations, you can set this to a different value.

    This should be used instead of setting remote_uri to a value like http://localhost:10001/++skin++avata/. Instead of

    remote_uri = http://localhost:10001/++skin++avata/

    you should use

    remote_uri = http://localhost:10001 site_root = /++skin++avata/openplans/

    to ensure proper url generation.

  • Added X-Forwarded-Server to the set of preserved headers in Deliverance subrequests.


Features added

  • The http proxy’s load-balancer is now capable of sending robots to a specific backend.

    To use it for a given backend, pass in a URL for robots_uri and this URL will be chosen if the request’s User-Agent string matches a set of known robots.

    To segregate robots from all other users, this URL could be omitted from the remote_uri parameter.

  • The deliverance.xml rules now try to fetch /openplans/xinha-config if there is a <div class="opencore_wysiwyg"> present in the page. This is used to apply a consistent Xinha editor to Wordpress pages. For more details and context see:

Bugs Fixed

  • URLs to the root of a non-Zope opencore component must have a trailing slash; if they don’t, a permanent redirect is issued to the correct URL. (So /projects/foo/blog -> /projects/foo/blog/) The specific symptom I noticed was the link to “Write a new post” on the front page of a project’s blog (when logged in as a project admin, when no posts have been made yet) was incorrectly missing the /blog/ component of the URL. This behavior previously existed somewhere in DeliveranceVHoster.
  • Responses to Ajax requests (X-Requested-With: XMLHttpRequest) are not themed by Deliverance even if they have Content-Type: text/html. This fixes the behavior of TaskTracker’s Ajax requests to post new comments on a task.
  • The deliverance.xml rules no longer try to fetch /openplans/oc-footer or /openplans/oc-header; these have been unused for ages, so there’s no need to make the extra subrequests to Zope.
  • The composite WSGI application in now adds the request header X-Openplans-Application: zope when directing a request to opencore. This behavior previously existed somewhere in DeliveranceVHoster. It fixes


Added a simple random-choice load balancer to the http proxy.

To use it for a given backend, pass in a space-separated list of URLs as remote_uri instead of a single URL. Assuming you have identical applications listening at each URL, proxied requests will be distributed across those URLs.

(The intended use is for multiple Zope instances talking to the same ZEO server, though I guess it could also work for any of the other applications if there was a reason.)


Bugs fixed

  • Work around a bug deeper in the stack which causes links in the response HTML like /foo/ to be rewritten as /foo/ if HTTP_HOST is
  • Previously some proxied WordPress URLs were incorrect and resulting in 404s. This is now fixed.

Features added

Added transcluder_middleware module and a libopencore#transcluder entry point for a paste.filter_factory.

If using transcluder middleware, Transcluder must be installed.

If using transcluder middleware, it should be the outermost wsgi filter in your stack. This is because Transcluder sometimes makes internal WSGI subrequests instead of HTTP calls, and calls its inner app. So if you have routing, security or anything else important outside Transcluder, you may get strange results.

Added support for proxying to a Twirlip server. Twirlip must be mounted on /notifications by a regular paste#urlmap (where / is then mapped to the main libopencore composite app) and it must be wrapped by transcluder middleware.

To use the Twirlip proxy, install libopencore’s twirlip extra requirements (listed in extras_require in

To use the Twirlip proxy, use a libopencore#proxy app with the setting is_twirlip=true and a setting topp_secret_filename that points to the absolute path of the shared secret used for authentication. Your Twirlip proxy will be wrapped in Eyvind middleware which converts REMOTE_USER into a special HTTP header signed with the shared secret, which is then decoded by the Twirlip server.

Twirlip and Transcluder are currently used in an OpenCore stack to provide subscription-based email notifications for wikipage edits and changes to tasks. But don’t try to use these unless you absolutely need to – I’m going to replace Twirlip with something simpler before long.


Added deliverance_middleware, wsgi, and http_proxy modules.

Added a sample paste.ini file showing how to combine these into a frontend app that proxies to opencore, tasktracker and wordpress, and themes the responses with deliverance when necessary.


Initial release. Added auth module.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for libopencore, version 0.7.1
Filename, size File type Python version Upload date Hashes
Filename, size libopencore-0.7.1.tar.gz (15.2 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page