Nova/PyWebServer
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Compare commits

base: Nova:1.1+u2
Branches Tags
Nova:main Nova:backport-1.0-issue4
Nova:1.3.0 Nova:1.2.1 Nova:1.2 Nova:1.0+u2 Nova:1.1+u2 Nova:1.1 Nova:1.0
...
compare: Nova:1.2
Branches Tags
Nova:main Nova:backport-1.0-issue4
Nova:1.3.0 Nova:1.2.1 Nova:1.2 Nova:1.0+u2 Nova:1.1+u2 Nova:1.1 Nova:1.0

4 Commits
1.1+u2 ... 1.2

Author SHA1 Message Date
Stan
590abbf649 Uuuh? 2025-06-15 13:33:52 +02:00
Stan
87a2505395 Merge branch 'main' of https://git.novacow.ch/Nova/PyWebServer 2025-06-15 13:33:14 +02:00
Stan
118a342e9d Update to v1.2, crude fix for #6 and for #5 2025-06-15 13:32:19 +02:00
Nova
9cd0528ab3 Update README.md 2025-05-04 14:54:51 +02:00
2 changed files with 39 additions and 34 deletions
Expand all files Collapse all files

3
README.md
View File

@@ -1,8 +1,5 @@
# PyWebServer # PyWebServer
# PyWebServer is undergoing major security updates!
# Please use commit [7ac160f625](https://git.novacow.ch/Nova/PyWebServer/src/commit/7ac160f6259e637c2337a672e56f105f4cdd2d2a) as the source for now!!
## GitHub ## GitHub
The upstream of this project is on my own [Gitea instance](https://git.novacow.ch/Nova/PyWebServer/). The upstream of this project is on my own [Gitea instance](https://git.novacow.ch/Nova/PyWebServer/).
Because of that I'll mostly reply to issues and PRs there, you can submit issues and PRs on GitHub, but it might take longer before I read it. Because of that I'll mostly reply to issues and PRs there, you can submit issues and PRs on GitHub, but it might take longer before I read it.

70
pywebsrv.py
View File

@@ -34,6 +34,7 @@ Library aswell as a standalone script:
""" """
import os import os
import mimetypes
import threading import threading
import ssl import ssl
import socket import socket
@@ -71,23 +72,21 @@ class FileHandler:
with open(self.config_path, "w") as f: with open(self.config_path, "w") as f:
f.write(self.DEFAULT_CONFIG.format(cwd=os.getcwd())) f.write(self.DEFAULT_CONFIG.format(cwd=os.getcwd()))
def didnt_confirm(self):
os.remove(self.config_path)
def read_file(self, file_path): def read_file(self, file_path):
if "../" in file_path: if "../" in file_path:
return 403 return 403, None
full_path = os.path.join(self.base_dir, file_path.lstrip("/")) full_path = os.path.join(self.base_dir, file_path.lstrip("/"))
if not os.path.isfile(full_path): if not os.path.isfile(full_path):
return 404 return 404, None
try: try:
mimetype = mimetypes.guess_type(full_path)
with open(full_path, "rb") as f: with open(full_path, "rb") as f:
return f.read() return f.read(), mimetype
except Exception as e: except Exception as e:
print(f"Error reading file {full_path}: {e}") print(f"Error reading file {full_path}: {e}")
return 500 return 500, None
def write_file(self, file_path, data): def write_file(self, file_path, data):
if "../" in file_path: if "../" in file_path:
@@ -147,6 +146,8 @@ class FileHandler:
"FATAL: You haven't set up PyWebServer! Please edit pywebsrv.conf!" "FATAL: You haven't set up PyWebServer! Please edit pywebsrv.conf!"
) )
exit(1) exit(1)
if value.endswith("/"):
value = value.rstrip("/")
return value return value
return value return value
return None return None
@@ -200,6 +201,7 @@ class RequestParser:
if ":" in host: if ":" in host:
host = host.split(":", 1)[0] host = host.split(":", 1)[0]
host = host.lstrip() host = host.lstrip()
host = host.rstrip()
if ( if (
host == "localhost" or host == "127.0.0.1" host == "localhost" or host == "127.0.0.1"
) and self.file_handler.read_config("allow-localhost"): ) and self.file_handler.read_config("allow-localhost"):
@@ -224,6 +226,12 @@ class WebServer:
# me when no certificate and key file # me when no certificate and key file
if not os.path.exists(self.cert_file) or not os.path.exists(self.key_file): if not os.path.exists(self.cert_file) or not os.path.exists(self.key_file):
if not os.path.exists(self.cert_file) and not os.path.exists(self.key_file):
pass
elif not os.path.exists(self.cert_file):
os.remove(self.key_file)
elif not os.path.exists(self.key_file):
os.remove(self.cert_file)
print("WARN: No HTTPS certificate was found!") print("WARN: No HTTPS certificate was found!")
if self.file_handler.read_config("disable-autocertgen") is True: if self.file_handler.read_config("disable-autocertgen") is True:
print("WARN: AutoCertGen is disabled, ignoring...") print("WARN: AutoCertGen is disabled, ignoring...")
@@ -263,17 +271,17 @@ class WebServer:
self.http_404_html = ( self.http_404_html = (
"<html><head><title>HTTP 404 - PyWebServer</title></head>" "<html><head><title>HTTP 404 - PyWebServer</title></head>"
"<body><center><h1>HTTP 404 - Not Found!</h1><p>Running PyWebServer/1.1+u2</p>" "<body><center><h1>HTTP 404 - Not Found!</h1><p>Running PyWebServer/1.2</p>"
"</center></body></html>" "</center></body></html>"
) )
self.http_403_html = ( self.http_403_html = (
"<html><head><title>HTTP 403 - PyWebServer</title></head>" "<html><head><title>HTTP 403 - PyWebServer</title></head>"
"<body><center><h1>HTTP 403 - Forbidden</h1><p>Running PyWebServer/1.1+u2</p>" "<body><center><h1>HTTP 403 - Forbidden</h1><p>Running PyWebServer/1.2</p>"
"</center></body></html>" "</center></body></html>"
) )
self.http_405_html = ( self.http_405_html = (
"<html><head><title>HTTP 405 - PyWebServer</title></head>" "<html><head><title>HTTP 405 - PyWebServer</title></head>"
"<body><center><h1>HTTP 405 - Method not allowed</h1><p>Running PyWebServer/1.1+u2</p>" "<body><center><h1>HTTP 405 - Method not allowed</h1><p>Running PyWebServer/1.2</p>"
"</center></body></html>" "</center></body></html>"
) )
@@ -291,9 +299,9 @@ class WebServer:
if http is True: if http is True:
http_thread.start() http_thread.start()
print( # print(
f"Server running:\n - HTTP on port {self.http_port}\n - HTTPS on port {self.https_port}" # f"Server running:\n - HTTP on port {self.http_port}\n - HTTPS on port {self.https_port}"
) # )
http_thread.join() http_thread.join()
https_thread.join() https_thread.join()
@@ -344,6 +352,8 @@ class WebServer:
def handle_request(self, data, addr): def handle_request(self, data, addr):
if not data: if not data:
return self.build_response(400, "Bad Request") # user did fucky-wucky return self.build_response(400, "Bad Request") # user did fucky-wucky
if len(data) > 8192:
return self.build_response(413, "Request too long")
request_line = data.splitlines()[0] request_line = data.splitlines()[0]
@@ -368,12 +378,18 @@ class WebServer:
method, path, version = self.parser.parse_request_line(request_line) method, path, version = self.parser.parse_request_line(request_line)
# Figure out a better way to reload config
if path == "/?pywebsrv_reload_conf=1":
print("Got reload command! Reloading configuration...")
self.file_handler.base_dir = self.file_handler.read_config("directory")
return self.build_response(204, "")
if not all([method, path, version]) or not self.parser.is_method_allowed( if not all([method, path, version]) or not self.parser.is_method_allowed(
method method
): ):
return self.build_response(405, self.http_405_html) return self.build_response(405, self.http_405_html)
file_content = self.file_handler.read_file(path) file_content, mimetype = self.file_handler.read_file(path)
if file_content == 403: if file_content == 403:
print("WARN: Directory traversal attack prevented.") # look ma, security!! print("WARN: Directory traversal attack prevented.") # look ma, security!!
@@ -389,13 +405,14 @@ class WebServer:
# A really crude implementation of binary files. Later in 2.0 I'll actually # A really crude implementation of binary files. Later in 2.0 I'll actually
# make this useful. # make this useful.
if path.endswith((".mp3", ".png", ".jpg", ".jpeg", ".gif")): mimetype = mimetype[0]
return self.build_binary_response(200, file_content, path) if "text/" not in mimetype:
return self.build_binary_response(200, file_content, path, mimetype)
return self.build_response(200, file_content) return self.build_response(200, file_content)
@staticmethod @staticmethod
def build_binary_response(status_code, binary_data, filename): def build_binary_response(status_code, binary_data, filename, content_type):
"""Handles binary files like MP3s.""" """Handles binary files like MP3s."""
messages = { messages = {
200: "OK", 200: "OK",
@@ -405,21 +422,9 @@ class WebServer:
500: "Internal Server Error", 500: "Internal Server Error",
} }
status_message = messages.get(status_code) status_message = messages.get(status_code)
# In the spirit of keeping stuff small, we'll just guess and see.
content_type = "application/octet-stream"
if filename.endswith(".mp3"):
content_type = "audio/mpeg"
elif filename.endswith(".png"):
content_type = "image/png"
elif filename.endswith(".jpg") or filename.endswith(".jpeg"):
content_type = "image/jpeg"
elif filename.endswith(".gif"):
content_type = "image/gif"
headers = ( headers = (
f"HTTP/1.1 {status_code} {status_message}\r\n" f"HTTP/1.1 {status_code} {status_message}\r\n"
f"Server: PyWebServer/1.1+u2\r\n" f"Server: PyWebServer/1.2\r\n"
f"Content-Type: {content_type}\r\n" f"Content-Type: {content_type}\r\n"
f"Content-Length: {len(binary_data)}\r\n" f"Content-Length: {len(binary_data)}\r\n"
f"Connection: close\r\n\r\n" f"Connection: close\r\n\r\n"
@@ -436,12 +441,15 @@ class WebServer:
""" """
messages = { messages = {
200: "OK", 200: "OK",
204: "No Content",
304: "Not Modified", # TODO KEKL 304: "Not Modified", # TODO KEKL
400: "Bad Request", 400: "Bad Request",
403: "Forbidden", 403: "Forbidden",
404: "Not Found", 404: "Not Found",
405: "Method Not Allowed", 405: "Method Not Allowed",
413: "Payload Too Large",
500: "Internal Server Error", 500: "Internal Server Error",
635: "Go Away",
} }
status_message = messages.get(status_code) status_message = messages.get(status_code)
@@ -450,7 +458,7 @@ class WebServer:
headers = ( headers = (
f"HTTP/1.1 {status_code} {status_message}\r\n" f"HTTP/1.1 {status_code} {status_message}\r\n"
f"Server: PyWebServer/1.1+u2\r\n" f"Server: PyWebServer/1.2\r\n"
f"Content-Length: {len(body)}\r\n" f"Content-Length: {len(body)}\r\n"
f"Connection: close\r\n\r\n" f"Connection: close\r\n\r\n"
).encode() ).encode()