-
Notifications
You must be signed in to change notification settings - Fork 1
/
standalone.py
310 lines (246 loc) · 8.85 KB
/
standalone.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
#!/usr/bin/env python3
# Minimal standalone brat server based on SimpleHTTPRequestHandler.
# Run as apache, e.g. as
#
# APACHE_USER=`./apache-user.sh`
# sudo -u $APACHE_USER python3 standalone.py
import os
import socket
import sys
from cgi import FieldStorage
from http.server import HTTPServer, SimpleHTTPRequestHandler
from posixpath import normpath
from socketserver import ForkingMixIn
from urllib.parse import unquote
# brat imports
sys.path.append(os.path.join(os.path.dirname(__file__), 'server/src'))
from server import serve
_VERBOSE_HANDLER = False
_DEFAULT_SERVER_ADDR = 'localhost'
_DEFAULT_SERVER_PORT = 8001
_PERMISSIONS = """
Allow: /ajax.cgi
Disallow: *.py
Disallow: *.cgi
Disallow: /.htaccess
Disallow: *.py~ # no emacs backups
Disallow: *.cgi~
Disallow: /.htaccess~
Allow: /
"""
class PermissionParseError(Exception):
def __init__(self, linenum, line, message=None):
self.linenum = linenum
self.line = line
self.message = ' (%s)' % message if message is not None else ''
def __str__(self):
return 'line %d%s: %s' % (self.linenum, self.message, self.line)
class PathPattern(object):
def __init__(self, path):
self.path = path
self.plen = len(path)
def match(self, s):
# Require prefix match and separator/end.
return s[:self.plen] == self.path and (self.path[-1] == '/' or
s[self.plen:] == '' or
s[self.plen] == '/')
class ExtensionPattern(object):
def __init__(self, ext):
self.ext = ext
def match(self, s):
return os.path.splitext(s)[1] == self.ext
class PathPermissions(object):
"""Implements path permission checking with a robots.txt-like syntax."""
def __init__(self, default_allow=False):
self._entries = []
self.default_allow = default_allow
def allow(self, path):
# First match wins
for pattern, allow in self._entries:
if pattern.match(path):
return allow
return self.default_allow
def parse(self, lines):
# Syntax: "DIRECTIVE : PATTERN" where
# DIRECTIVE is either "Disallow:" or "Allow:" and
# PATTERN either has the form "*.EXT" or "/PATH".
# Strings starting with "#" and empty lines are ignored.
for ln, line in enumerate(lines):
i = line.find('#')
if i != -1:
line = line[:i]
line = line.strip()
if not line:
continue
i = line.find(':')
if i == -1:
raise PermissionParseError(ln, lines[ln], 'missing colon')
directive = line[:i].strip().lower()
pattern = line[i + 1:].strip()
if directive == 'allow':
allow = True
elif directive == 'disallow':
allow = False
else:
raise PermissionParseError(
ln, lines[ln], 'unrecognized directive')
if pattern.startswith('/'):
patt = PathPattern(pattern)
elif pattern.startswith('*.'):
patt = ExtensionPattern(pattern[1:])
else:
raise PermissionParseError(
ln, lines[ln], 'unrecognized pattern')
self._entries.append((patt, allow))
return self
class BratHTTPRequestHandler(SimpleHTTPRequestHandler):
"""Minimal handler for brat server."""
permissions = PathPermissions().parse(_PERMISSIONS.split('\n'))
def log_request(self, code='-', size='-'):
if _VERBOSE_HANDLER:
SimpleHTTPRequestHandler.log_request(self, code, size)
else:
# just ignore logging
pass
def is_brat(self):
# minimal cleanup
path = self.path
path = path.split('?', 1)[0]
path = path.split('#', 1)[0]
if path == '/ajax.cgi':
return True
else:
return False
def run_brat_direct(self):
"""Execute brat server directly."""
remote_addr = self.client_address[0]
remote_host = self.address_string()
cookie_data = ', '.join(
[_f for _f in self.headers.get_all('cookie', []) if _f])
query_string = ''
i = self.path.find('?')
if i != -1:
query_string = self.path[i + 1:]
saved = sys.stdin, sys.stdout, sys.stderr
sys.stdin, sys.stdout = self.rfile, self.wfile
# set env to get FieldStorage to read params
env = {}
env['REQUEST_METHOD'] = self.command
content_length = self.headers.get('content-length')
if content_length:
env['CONTENT_LENGTH'] = content_length
if query_string:
env['QUERY_STRING'] = query_string
os.environ.update(env)
params = FieldStorage(fp=self.rfile)
# Call main server
cookie_hdrs, response_data = serve(params, remote_addr, remote_host,
cookie_data)
sys.stdin, sys.stdout, sys.stderr = saved
# Package and send response
if cookie_hdrs is not None:
response_hdrs = [hdr for hdr in cookie_hdrs]
else:
response_hdrs = []
response_hdrs.extend(response_data[0])
self.send_response(200)
for k, v in response_hdrs:
self.send_header(k, v)
self.end_headers()
# Hack to support binary data and general Unicode for SVGs and JSON
if isinstance(response_data[1], str):
self.wfile.write(response_data[1].encode('utf-8'))
else:
self.wfile.write(response_data[1])
return 0
def allow_path(self):
"""Test whether to allow a request for self.path."""
# Cleanup in part following SimpleHTTPServer.translate_path()
path = self.path
path = path.split('?', 1)[0]
path = path.split('#', 1)[0]
path = unquote(path)
path = normpath(path)
parts = path.split('/')
parts = [_f for _f in parts if _f]
if '..' in parts:
return False
path = '/' + '/'.join(parts)
return self.permissions.allow(path)
def list_directory(self, path):
"""Override SimpleHTTPRequestHandler.list_directory()"""
# TODO: permissions for directory listings
self.send_error(403)
def do_POST(self):
"""Serve a POST request.
Only implemented for brat server.
"""
if self.is_brat():
self.run_brat_direct()
else:
self.send_error(501, "Can only POST to brat")
def do_GET(self):
"""Serve a GET request."""
if not self.allow_path():
self.send_error(403)
elif self.is_brat():
self.run_brat_direct()
else:
SimpleHTTPRequestHandler.do_GET(self)
def do_HEAD(self):
"""Serve a HEAD request."""
if not self.allow_path():
self.send_error(403)
else:
SimpleHTTPRequestHandler.do_HEAD(self)
class BratServer(ForkingMixIn, HTTPServer):
def __init__(self, server_address):
HTTPServer.__init__(self, server_address, BratHTTPRequestHandler)
def main(argv):
# warn if root/admin
try:
if os.getuid() == 0:
print("""
! WARNING: running as root. The brat standalone server is experimental !
! and may be a security risk. It is recommend to run the standalone !
! server as a non-root user with write permissions to the brat work/ and !
! data/ directories (e.g. apache if brat is set up using standard !
! installation). !
""", file=sys.stderr)
except AttributeError:
# not on UNIX
print("""
Warning: could not determine user. Note that the brat standalone
server is experimental and should not be run as administrator.
""", file=sys.stderr)
if len(argv) > 1:
try:
port = int(argv[1])
except ValueError:
print("Failed to parse", argv[1], "as port number.", file=sys.stderr)
return 1
else:
port = _DEFAULT_SERVER_PORT
if len(argv) > 2:
try:
addr = str(argv[2])
except ValueError:
print("Failed to parse", argv[2], "as server address.", file=sys.stderr)
return 1
else:
addr = _DEFAULT_SERVER_ADDR
try:
server = BratServer((addr, port))
print("Serving brat at http://%s:%d" % server.server_address, file=sys.stderr)
server.serve_forever()
except KeyboardInterrupt:
# normal exit
pass
except socket.error as why:
print("Error binding to port", port, ":", why[1], file=sys.stderr)
except Exception as e:
print("Server error", e, file=sys.stderr)
raise
return 0
if __name__ == "__main__":
sys.exit(main(sys.argv))