"http.server" --- HTTP サーバー
*******************************

**ソースコード:** Lib/http/server.py

======================================================================

このモジュールは HTTP サーバを実装するためのクラスを提供しています。

警告:

  "http.server" is not recommended for production. It only implements
  basic security checks.

Availability: not WASI.

このモジュールは WebAssembly では動作しないか、利用不可です。詳しくは
、WebAssembly プラットフォーム を見てください。

クラス "HTTPServer" は "socketserver.TCPServer" のサブクラスです。
"HTTPServer" は HTTP ソケットを生成してリクエスト待ち (listen) を行い
、リクエストをハンドラに渡します。 サーバを作成して動作させるためのコ
ードは以下のようになります:

   def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler):
       server_address = ('', 8000)
       httpd = server_class(server_address, handler_class)
       httpd.serve_forever()

class http.server.HTTPServer(server_address, RequestHandlerClass)

   このクラスは "TCPServer" クラスの上に構築されており、サーバのアドレ
   スをインスタンス変数 "server_name" および "server_port" に記憶しま
   す。 サーバはハンドラからアクセス可能で、通常ハンドラの "server" イ
   ンスタンス変数からアクセスします。

class http.server.ThreadingHTTPServer(server_address, RequestHandlerClass)

   This class is identical to HTTPServer but uses threads to handle
   requests by using the "ThreadingMixIn". This is useful to handle
   web browsers pre-opening sockets, on which "HTTPServer" would wait
   indefinitely.

   Added in version 3.7.

class http.server.HTTPSServer(server_address, RequestHandlerClass, bind_and_activate=True, *, certfile, keyfile=None, password=None, alpn_protocols=None)

   Subclass of "HTTPServer" with a wrapped socket using the "ssl"
   module. If the "ssl" module is not available, instantiating a
   "HTTPSServer" object fails with a "RuntimeError".

   The *certfile* argument is the path to the SSL certificate chain
   file, and the *keyfile* is the path to file containing the private
   key.

   A *password* can be specified for files protected and wrapped with
   PKCS#8, but beware that this could possibly expose hardcoded
   passwords in clear.

   参考:

     See "ssl.SSLContext.load_cert_chain()" for additional information
     on the accepted values for *certfile*, *keyfile* and *password*.

   When specified, the *alpn_protocols* argument must be a sequence of
   strings specifying the "Application-Layer Protocol Negotiation"
   (ALPN) protocols supported by the server. ALPN allows the server
   and the client to negotiate the application protocol during the TLS
   handshake.

   By default, it is set to "["http/1.1"]", meaning the server
   supports HTTP/1.1.

   Added in version 3.14.

class http.server.ThreadingHTTPSServer(server_address, RequestHandlerClass, bind_and_activate=True, *, certfile, keyfile=None, password=None, alpn_protocols=None)

   This class is identical to "HTTPSServer" but uses threads to handle
   requests by inheriting from "ThreadingMixIn". This is analogous to
   "ThreadingHTTPServer" only using "HTTPSServer".

   Added in version 3.14.

The "HTTPServer", "ThreadingHTTPServer", "HTTPSServer" and
"ThreadingHTTPSServer" must be given a *RequestHandlerClass* on
instantiation, of which this module provides three different variants:

class http.server.BaseHTTPRequestHandler(request, client_address, server)

   This class is used to handle the HTTP requests that arrive at the
   server.  By itself, it cannot respond to any actual HTTP requests;
   it must be subclassed to handle each request method (for example,
   "'GET'" or "'POST'"). "BaseHTTPRequestHandler" provides a number of
   class and instance variables, and methods for use by subclasses.

   The handler will parse the request and the headers, then call a
   method specific to the request type. The method name is constructed
   from the request. For example, for the request method "SPAM", the
   "do_SPAM()" method will be called with no arguments. All of the
   relevant information is stored in instance variables of the
   handler.  Subclasses should not need to override or extend the
   "__init__()" method.

   "BaseHTTPRequestHandler" は以下のインスタンス変数を持っています:

   client_address

      HTTP クライアントのアドレスを参照している、"(host, port)" の形式
      をとるタプルが入っています。

   server

      server インスタンスが入っています。

   close_connection

      "handle_one_request()" が返る前に設定すべき真偽値で、別のリクエ
      ストが期待されているかどうか、もしくはコネクションを切断すべきか
      どうかを指し示しています。

   requestline

      HTTP リクエスト行の文字列表現を保持しています。 末尾の CRLF は除
      去されています。 この属性は "handle_one_request()" によって設定
      されるべきです。 妥当なリクエスト行が1行も処理されなかった場合は
      、空文字列に設定されるべきです。

   command

      HTTP 命令 (リクエスト形式) が入っています。例えば "'GET'" です。

   path

      Contains the request path. If query component of the URL is
      present, then "path" includes the query. Using the terminology
      of **RFC 3986**, "path" here includes "hier-part" and the
      "query".

   request_version

      リクエストのバージョン文字列が入っています。例えば "'HTTP/1.0'"
      です。

   headers

      Holds an instance of the class specified by the "MessageClass"
      class variable. This instance parses and manages the headers in
      the HTTP request. The "parse_headers()" function from
      "http.client" is used to parse the headers and it requires that
      the HTTP request provide a valid **RFC 5322** style header.

   rfile

      An "io.BufferedIOBase" input stream, ready to read from the
      start of the optional input data.

   wfile

      Contains the output stream for writing a response back to the
      client. Proper adherence to the HTTP protocol must be used when
      writing to this stream in order to achieve successful
      interoperation with HTTP clients.

      バージョン 3.6 で変更: This is an "io.BufferedIOBase" stream.

   "BaseHTTPRequestHandler" は以下の属性を持っています:

   server_version

      サーバのソフトウェアバージョンを指定します。この値は上書きする必
      要が生じるかもしれません。書式は複数の文字列を空白で分割したもの
      で、各文字列はソフトウェア名[/バージョン] の形式をとります。例え
      ば、"'BaseHTTP/0.2'" です。

   sys_version

      Python 処理系のバージョンが, "version_string" メソッドや
      "server_version" クラス変数で利用可能な形式で入っています。例え
      ば "'Python/1.4'" です。

   error_message_format

      Specifies a format string that should be used by "send_error()"
      method for building an error response to the client. The string
      is filled by default with variables from "responses" based on
      the status code that passed to "send_error()".

   error_content_type

      エラーレスポンスをクライアントに送信する時に使う Content-Type
      HTTP ヘッダを指定します。デフォルトでは "'text/html'" です。

   protocol_version

      Specifies the HTTP version to which the server is conformant. It
      is sent in responses to let the client know the server's
      communication capabilities for future requests. If set to
      "'HTTP/1.1'", the server will permit HTTP persistent
      connections; however, your server *must* then include an
      accurate "Content-Length" header (using "send_header()") in all
      of its responses to clients. For backwards compatibility, the
      setting defaults to "'HTTP/1.0'".

   MessageClass

      HTTP ヘッダを解釈するための "email.message.Message" 類似のクラス
      を指定します。 通常この値が上書きされることはなく、デフォルトの
      "http.client.HTTPMessage" になっています。

   responses

      This attribute contains a mapping of error code integers to two-
      element tuples containing a short and long message. For example,
      "{code: (shortmessage, longmessage)}". The *shortmessage* is
      usually used as the *message* key in an error response, and
      *longmessage* as the *explain* key.  It is used by
      "send_response_only()" and "send_error()" methods.

   "BaseHTTPRequestHandler" インスタンスは以下のメソッドを持っています
   :

   handle()

      Calls "handle_one_request()" once (or, if persistent connections
      are enabled, multiple times) to handle incoming HTTP requests.
      You should never need to override it; instead, implement
      appropriate "do_*()" methods.

   handle_one_request()

      This method will parse and dispatch the request to the
      appropriate "do_*()" method.  You should never need to override
      it.

   handle_expect_100()

      When an HTTP/1.1 conformant server receives an "Expect:
      100-continue" request header it responds back with a "100
      Continue" followed by "200 OK" headers. This method can be
      overridden to raise an error if the server does not want the
      client to continue.  For example, the server can choose to send
      "417 Expectation Failed" as a response header and "return
      False".

      Added in version 3.2.

   send_error(code, message=None, explain=None)

      Sends and logs a complete error reply to the client. The numeric
      *code* specifies the HTTP error code, with *message* as an
      optional, short, human readable description of the error.  The
      *explain* argument can be used to provide more detailed
      information about the error; it will be formatted using the
      "error_message_format" attribute and emitted, after a complete
      set of headers, as the response body.  The "responses" attribute
      holds the default values for *message* and *explain* that will
      be used if no value is provided; for unknown codes the default
      value for both is the string "???". The body will be empty if
      the method is HEAD or the response code is one of the following:
      "1*xx*", "204 No Content", "205 Reset Content", "304 Not
      Modified".

      バージョン 3.4 で変更: The error response includes a Content-
      Length header. Added the *explain* argument.

   send_response(code, message=None)

      Adds a response header to the headers buffer and logs the
      accepted request. The HTTP response line is written to the
      internal buffer, followed by *Server* and *Date* headers. The
      values for these two headers are picked up from the
      "version_string()" and "date_time_string()" methods,
      respectively. If the server does not intend to send any other
      headers using the "send_header()" method, then "send_response()"
      should be followed by an "end_headers()" call.

      バージョン 3.3 で変更: Headers are stored to an internal buffer
      and "end_headers()" needs to be called explicitly.

   send_header(keyword, value)

      Adds the HTTP header to an internal buffer which will be written
      to the output stream when either "end_headers()" or
      "flush_headers()" is invoked. *keyword* should specify the
      header keyword, with *value* specifying its value. Note that,
      after the send_header calls are done, "end_headers()" MUST BE
      called in order to complete the operation.

      This method does not reject input containing CRLF sequences.

      バージョン 3.2 で変更: ヘッダは内部バッファに保存されます。

   send_response_only(code, message=None)

      Sends the response header only, used for the purposes when "100
      Continue" response is sent by the server to the client. The
      headers not buffered and sent directly the output stream.If the
      *message* is not specified, the HTTP message corresponding the
      response *code*  is sent.

      This method does not reject *message* containing CRLF sequences.

      Added in version 3.2.

   end_headers()

      Adds a blank line (indicating the end of the HTTP headers in the
      response) to the headers buffer and calls "flush_headers()".

      バージョン 3.2 で変更: バッファされたヘッダは出力ストリームに書
      き出されます。

   flush_headers()

      最終的にヘッダを出力ストリームに送り、内部ヘッダバッファをフラッ
      シュします。

      Added in version 3.3.

   log_request(code='-', size='-')

      受理された (成功した) リクエストをログに記録します。*code* には
      この応答に関連付けられた HTTP コード番号を指定します。応答メッセ
      ージの大きさを知ることができる場合、*size* パラメタに渡すとよい
      でしょう。

   log_error(...)

      リクエストを遂行できなかった際に、エラーをログに記録します。標準
      では、メッセージを "log_message()" に渡します。従って同じ引数
      (*format* と追加の値) を取ります。

   log_message(format, ...)

      任意のメッセージを "sys.stderr" にログ記録します。このメソッドは
      通常、カスタムのエラーログ記録機構を作成するために上書きされます
      。 *format* 引数は標準の printf 形式の書式文字列で、
      "log_message()" に渡された追加の引数は書式化の入力として適用され
      ます。ログ記録される全てのメッセージには、クライアントの IP アド
      レスおよび現在の日付、時刻が先頭に付けられます。

   version_string()

      サーバーのソフトウェアのバージョンを示す文字列を返します。 その
      文字列は、"server_version" と "sys_version" の属性が含まれます。

   date_time_string(timestamp=None)

      メッセージヘッダ向けに書式化された、 *timestamp* ("None" または
      "time.time()" のフォーマットである必要があります)で与えられた日
      時を返します。もし *timestamp* が省略された場合には、現在の日時
      が使われます。

      出力は "'Sun, 06 Nov 1994 08:49:37 GMT'" のようになります。

   log_date_time_string()

      ログ記録向けに書式化された、現在の日付および時刻を返します。

   address_string()

      クライアントのアドレスを返します。

      バージョン 3.3 で変更: Previously, a name lookup was performed.
      To avoid name resolution delays, it now always returns the IP
      address.

class http.server.SimpleHTTPRequestHandler(request, client_address, server, *, directory=None, extra_response_headers=None)

   This class serves files from the directory *directory* and below,
   or the current directory if *directory* is not provided, directly
   mapping the directory structure to HTTP requests.

   バージョン 3.7 で変更: Added the *directory* parameter.

   バージョン 3.9 で変更: The *directory* parameter accepts a *path-
   like object*.

   バージョン 3.15 で変更: Added *extra_response_headers* parameter.

   リクエストの解釈のような、多くの作業は基底クラス
   "BaseHTTPRequestHandler" で行われます。このクラスは関数 "do_GET()"
   および "do_HEAD()" を実装しています。

   "SimpleHTTPRequestHandler" では以下のメンバ変数を定義しています:

   server_version

      この値は ""SimpleHTTP/" + __version__" になります。"__version__"
      はこのモジュールで定義されている値です。

   default_content_type

      Specifies the Content-Type header value sent when the MIME type
      cannot be guessed from the file extension of the requested URL.
      By default, it is set to "'application/octet-stream'".

      Added in version 3.15.

   extensions_map

      A dictionary mapping suffixes into MIME types, contains custom
      overrides for the default system mappings. The mapping is used
      case-insensitively, and so should contain only lower-cased keys.

      バージョン 3.9 で変更: This dictionary is no longer filled with
      the default system mappings, but only contains overrides.

   extra_response_headers

      A sequence of "(name, value)" pairs containing user-defined
      extra HTTP response headers to add to each successful HTTP
      status 200 response. These headers are not included in other
      status code responses.

      Headers that the server sends automatically such as "Content-
      Type" will not be overwritten by "extra_response_headers".

   "SimpleHTTPRequestHandler" では以下のメソッドを定義しています:

   do_HEAD()

      このメソッドは "'HEAD'" 型のリクエスト処理を実行します: すなわち
      、 "GET" リクエストの時に送信されるものと同じヘッダを送信します
      。送信される可能性のあるヘッダについての完全な説明は "do_GET()"
      メソッドを参照してください。

   do_GET()

      リクエストを現在の作業ディレクトリからの相対的なパスとして解釈す
      ることで、リクエストをローカルシステム上のファイルと対応付けます
      。

      リクエストがディレクトリに対応付けられた場合、 "index.html" また
      は "index.htm" を (この順序で) チェックします。もしファイルを発
      見できればその内容を、そうでなければディレクトリ一覧を
      "list_directory()" メソッドで生成して、返します。このメソッドは
      "os.listdir()" をディレクトリのスキャンに用いており、
      "listdir()" が失敗した場合には "404" 応答が返されます。

      If the request was mapped to a file, it is opened. Any "OSError"
      exception in opening the requested file is mapped to a "404",
      "'File not found'" error. If there was an "'If-Modified-Since'"
      header in the request, and the file was not modified after this
      time, a "304", "'Not Modified'" response is sent. Otherwise, the
      content type is guessed by calling the "guess_type()" method,
      which in turn uses the *extensions_map* variable, and the file
      contents are returned.

      出力は "'Content-type:'" と推測されたコンテントタイプで、その後
      にファイルサイズを示す "'Content-Length;'" ヘッダと、ファイルの
      更新日時を示す "'Last-Modified:'" ヘッダが続きます。

      The instance attribute "extra_response_headers" is a sequence of
      "(name, value)" pairs containing user-defined extra response
      headers.

      Then follows a blank line signifying the end of the headers, and
      then the contents of the file are output.

      For example usage, see the implementation of the "test" function
      in Lib/http/server.py.

      バージョン 3.7 で変更: Support of the "'If-Modified-Since'"
      header.

The "SimpleHTTPRequestHandler" class can be used in the following
manner in order to create a very basic webserver serving files
relative to the current directory:

   import http.server
   import socketserver

   PORT = 8000

   Handler = http.server.SimpleHTTPRequestHandler

   with socketserver.TCPServer(("", PORT), Handler) as httpd:
       print("serving at port", PORT)
       httpd.serve_forever()

"SimpleHTTPRequestHandler" can also be subclassed to enhance behavior,
such as using different index file names by overriding the class
attribute "index_pages".


コマンドライン・インターフェース
================================

"http.server" can also be invoked directly using the "-m" switch of
the interpreter.  The following example illustrates how to serve files
relative to the current directory:

   python -m http.server [OPTIONS] [port]

以下のオプションが使用できます:

port

   The server listens to port 8000 by default. The default can be
   overridden by passing the desired port number as an argument:

      python -m http.server 9000

-b, --bind <address>

   Specifies a specific address to which it should bind. Both IPv4 and
   IPv6 addresses are supported. By default, the server binds itself
   to all interfaces. For example, the following command causes the
   server to bind to localhost only:

      python -m http.server --bind 127.0.0.1

   Added in version 3.4.

   バージョン 3.8 で変更: Support IPv6 in the "--bind" option.

-d, --directory <dir>

   Specifies a directory to which it should serve the files. By
   default, the server uses the current directory. For example, the
   following command uses a specific directory:

      python -m http.server --directory /tmp/

   Added in version 3.7.

-p, --protocol <version>

   Specifies the HTTP version to which the server is conformant. By
   default, the server is conformant to HTTP/1.0. For example, the
   following command runs an HTTP/1.1 conformant server:

      python -m http.server --protocol HTTP/1.1

   Added in version 3.11.

--content-type <content_type>

   Specifies the default Content-Type HTTP header used when the MIME
   type cannot be guessed from the URL's file extension. By default,
   the server uses "'application/octet-stream'":

      python -m http.server --content-type text/html

   Added in version 3.15.

--tls-cert

   Specifies a TLS certificate chain for HTTPS connections:

      python -m http.server --tls-cert fullchain.pem

   Added in version 3.14.

--tls-key

   Specifies a private key file for HTTPS connections.

   This option requires "--tls-cert" to be specified.

   Added in version 3.14.

--tls-password-file

   Specifies the password file for password-protected private keys:

      python -m http.server \
             --tls-cert cert.pem \
             --tls-key key.pem \
             --tls-password-file password.txt

   This option requires "--tls-cert" to be specified.

   Added in version 3.14.

-H, --header <header> <value>

   Specify an additional extra HTTP Response Header to send on
   successful HTTP 200 responses. Can be used multiple times to send
   additional custom response headers. Headers that are sent
   automatically by the server (for instance Content-Type) will not be
   overwritten by the server.

   Added in version 3.15.


セキュリティで考慮すべき点
==========================

"SimpleHTTPRequestHandler" will follow symbolic links when handling
requests, this makes it possible for files outside of the specified
directory to be served.

Methods "BaseHTTPRequestHandler.send_header()" and
"BaseHTTPRequestHandler.send_response_only()" assume sanitized input
and do not perform input validation such as checking for the presence
of CRLF sequences. Untrusted input may result in HTTP Header injection
attacks.

Earlier versions of Python did not scrub control characters from the
log messages emitted to stderr from "python -m http.server" or the
default "BaseHTTPRequestHandler" ".log_message" implementation. This
could allow remote clients connecting to your server to send nefarious
control codes to your terminal.

バージョン 3.12 で変更: Control characters are scrubbed in stderr
logs.
