App class¶
The App class is the core of a MicroPie application.
It implements the ASGI call interface and dispatches HTTP, WebSocket
and lifespan events to your handlers. Subclass App
and add public methods to create route handlers. Instantiate your
subclass and pass the resulting object to an ASGI server such as
Uvicorn.
Constructor¶
- class App(session_backend=None, *, body_timeout=5.0, max_body_size=16777216, max_form_field_size=1048576, session_timeout=SESSION_TIMEOUT, session_cookie_secure=True, session_id_factory=UUIDv4 factory, session_id_validator=UUIDv4 validator)¶
Create a new application. If session_backend is provided it must be an instance of
SessionBackend. When omitted, MicroPie uses an in‑memory back‑end.body_timeout is the maximum number of seconds MicroPie waits for each request-body chunk, including multipart uploads. The timeout restarts after every chunk, so it limits idle time rather than total upload time. Set it to
Noneto disable the framework deadline.max_body_size limits the total encoded request body to 16 MiB by default. MicroPie rejects an oversized
Content-Lengthbefore reading the body and also counts actual chunks, covering requests without that header. max_form_field_size separately limits each accumulated multipart text field to 1 MiB while allowing file content to remain streamed. Either limit can be disabled withNone. Multipart file producers use nonblocking queues so later parts cannot deadlock behind an undrained file; consequently,max_body_sizeis also the request-wide payload-byte bound for queued upload content. Disabling it permits unbounded buffering when a handler does not consume files.session_timeout is passed to the session back-end whenever session data is saved. session_cookie_secure controls whether generated session cookies include the
Secureattribute. It defaults toTrue; applications served over plain HTTP during local development can set it toFalseexplicitly.By default, session_id_factory creates UUIDv4 values and session_id_validator accepts only canonical UUIDv4 strings. A custom storage back-end that owns another identifier format can provide a factory and validator; a validator returns the normalized ID or
Noneto reject it. Setting the validator itself toNoneaccepts any non-empty cookie value and should only be used with another trusted validation boundary.
Attributes¶
- middlewares¶
A list of
HttpMiddlewareinstances. Middlewares run before and after every HTTP request. Append a middleware instance to enable it. See Writing middleware for examples.
- ws_middlewares¶
A list of
WebSocketMiddlewareinstances used for WebSocket connections.
- session_backend¶
The active
SessionBackendinstance used to load and save session dictionaries for both HTTP and WebSocket flows.
- body_timeout¶
The configured per-chunk idle timeout for buffered and multipart request bodies, or
Nonewhen timeout enforcement is disabled.
- max_body_size¶
Maximum total encoded request-body size in bytes, or
None. Bodies exceeding the limit receive413 Payload Too Large.
- max_form_field_size¶
Maximum size in bytes of each multipart text field, or
None. This is independent of the total body limit so applications permitting large streamed files need not permit equally large in-memory fields.
- session_timeout¶
The expiration timeout passed to the session back-end when HTTP or WebSocket session data is saved.
- session_cookie_secure¶
Whether HTTP and WebSocket session cookies include the
Secureattribute.
- session_id_factory¶
Callable used whenever MicroPie needs a fresh session ID.
- session_id_validator¶
Callable that normalizes an incoming or generated session ID and returns
Noneto reject it. The default requires canonical UUIDv4.
- startup_handlers¶
A list of asynchronous callables that run during the ASGI
lifespan.startupevent. Use this to set up resources such as database connections. See Quick start for an example.
- shutdown_handlers¶
A list of asynchronous callables that run during the ASGI
lifespan.shutdownevent. Use this to clean up resources.
Methods¶
- __call__(scope, receive, send)¶
The ASGI entry point. Dispatches to HTTP, WebSocket or lifespan handlers based on
scope['type']. You normally do not call this directly; the ASGI server calls it for you.
- request¶
The current
Request(orWebSocketRequest) stored in a context variable for the active request lifecycle.
- _redirect(location, extra_headers=None)¶
Return a tuple
(302, '', headers)representing an HTTP redirect to location. Use this helper in your handlers to redirect the client. Absolute URLs are allowed, so do not pass an untrusted target without an application-level allow-list. MicroPie percent-encodes non-ASCII URL components, but applications constructing query strings should still useurllib.parse.urlencode()rather than concatenation.
- _render_template(name, **kwargs)¶
Render a Jinja2 template asynchronously. Returns a string containing the rendered output. Requires Jinja2 to be installed. See Rendering templates for details.
Additionally, MicroPie defines several private helper methods such as
_parse_cookies and _send_response. These are considered
internal and not part of the public API. They may change without
notice.
Framework diagnostics¶
MicroPie writes framework diagnostics and exception tracebacks to the
standard micropie Python logger. Configure this logger through the
logging package to integrate it with your deployment’s handlers
and formatters.
Body-limit placement¶
MicroPie’s HttpMiddleware hooks run after request-body
parsing starts and do not receive the ASGI receive callable.
They therefore cannot safely implement a byte-counting body limit. Use
the application settings above for framework enforcement. A reverse
proxy limit or outer ASGI middleware that wraps receive remains useful
as an additional deployment boundary.