One-time and CSRF tokens.

This module provides onetime keys. Such a Securitykey can only be used once to authenticate an action like edit an entry. Unless specified otherwise, keys are bound to a session. This prevents such actions from beeing executed without explicit user consent so an attacker can’t send special crafted links (like /user/delete/xxx) to a authenticated user as these links would lack a valid securityKey.

Its also possible to store data along with a securityKey and specify a lifeTime.

server.securitykey.create(duration=None, **kwargs)

Creates a new onetime Securitykey for the current session If duration is not set, this key is valid only for the current session. Otherwise, the key and its data is serialized and saved inside the datastore for up to duration-seconds

Parameters:duration (Int or None) – Make this key valid for a fixed timeframe (and independend of the current session)
Returns:The new onetime key

Removes old (expired) skeys

server.securitykey.validate(key, acceptSessionKey=False)

Validates a onetime securitykey

  • key (String) – The key to validate
  • acceptSessionKey (Bool) – If True, we also accept the session’s skey

False if the key was not valid for whatever reasons, the data (given during createSecurityKey) as dictionary or True if the dict is empty.


Utility functions.


Return a string containing random characters of given length. Its safe to use this string in URLs or HTML.

Parameters:length (int) – The desired length of the generated string.
Returns:A string with random characters of the given length.
Return type:str
server.utils.sendEMail(dests, name, skel, extraFiles=[], cc=None, bcc=None, replyTo=None, *args, **kwargs)

General purpose function for sending e-mail.

This function allows for sending e-mails, also with generated content using the Jinja2 template engine.

  • dests (str | list of str) – Full-qualified recipient email addresses; These can be assigned as list, for multiple targets.
  • name (str) – The name of a template from the appengine/emails directory, or the template string itself.
  • skel (server.skeleton.Skeleton | dict | None) – The data made available to the template. In case of a Skeleton, its parsed the usual way; Dictionarys are passed unchanged.
  • extraFiles (list of fileobjects) – List of open fileobjects to be sent within the mail as attachments
  • cc (str | list of str) – Carbon-copy recipients
  • bcc (str | list of str) – Blind carbon-copy recipients
  • replyTo (str) – A reply-to email address
server.utils.sendEMailToAdmins(subject, body, sender=None)

Sends an e-mail to the appengine administration of the current app. (all users having access to the applications dashboard)

  • subject (str) – Defines the subject of the message.
  • body (str) – Defines the message body.
  • sender (str) – (optional) specify a different sender

Retrieve current user, if logged in.

If a user is logged in, this function returns a dict containing user data.

If no user is logged in, the function returns None.

Return type:dict | bool
Returns:A dict containing information about the logged-in user, None if no user is logged in.

Adds a marker to the data store that the file specified as dlkey can be deleted.

Once the mark has been set, the data store is checked four times (default: every 4 hours) if the file is in use somewhere. If it is still in use, the mark goes away, otherwise the mark and the file are removed from the datastore. These delayed checks are necessary due to database inconsistency.

Parameters:dlkey (str) – Unique download-key of the file that shall be marked for deletion.
server.utils.escapeString(val, maxLength=254)

Quotes several characters and removes “\n” and “\0” to prevent XSS injection.

  • val (str) – The value to be escaped.
  • maxLength (int) – Cut-off after maxLength characters. A value of 0 means “unlimited”.

The quoted string.

Return type:


server.utils.safeStringComparison(s1, s2)

Performs a string comparison in constant time. This should prevent side-channel (timing) attacks on passwords etc. :param s1: First string to compare :type s1: string | unicode :param s2: Second string to compare :type s2: string | unicode :return: True if both strings are equal, False otherwise :return type: bool


Normalizes a datastore key (replacing _application with the current one)

Parameters:key – Key to be normalized.
Returns:Normalized key in string representation.


An efficient index manager.

class server.indexes.IndexMannager(pageSize=10, maxPages=100)

Allows efficient pagination for a small specified set of queries. This works only if the number of different querys is limited. Otherwise use the built-in page parameter for small result-sets and few pages. If you have lots of different querys and large result-sets you can only generate next/previous links on the fly.


The refreshAll Method is missing - intentionally. Whenever data changes you have to call refreshIndex for each affected Index. As long as you can name them, their number is limited and everything is fine :)

__init__(pageSize=10, maxPages=100)
  • pageSize – How many items per page
  • maxPages – How many pages are build. Items become unreachable if the amount of items exceed pageSize*maxPages (ie. if a forum-thread has more than pageSize*maxPages Posts, Posts after that barrier won’t show up).

cursorForQuery(query, page)

Returns the starting-cursor for the given query and page using an index.

  • query (db.Query) – Query to get the cursor for
  • page (int) – Page the user wants to retrieve

String-Cursor or None if no cursor is applicable


Returns a list of all starting-cursors for this query. The first element is always None as the first page doesn’t have any start-cursor


Derives a unique Database-Key from a given query. This Key is stable regardless in which order the filter have been applied

Parameters:query (DB.Query) – Query to derive key from

Refreshes the Index for the given query (Actually it removes it from the db so it gets rebuild on next use)

Parameters:query (db.Query) – Query for which the index should be refreshed