This is the third post in my web app from scratch series. If you haven’t read them yet, you can find the first part here and the second part here. You’ll want to read them first.

This part is going to be short and sweet. We’re going to cover request handlers and middleware. Here’s the source for part 2 so you can follow along. Let’s get to it!

Handlers

Last time we implemented all our request handling logic inside the HTTPWorker class. That’s not an appropriate place for application logic to live in so we need to update that code to run arbitrary application code that it knows nothing about. To do this, we’re going to introduce the concept of a request handler. In our case a request handler is going to be a function that takes in a Request object and returns a Response object. Expressed as a type, that looks like this:

HandlerT = Callable[[Request], Response]

Let’s modify our HTTPServer so that it stores a set of request handlers, each one assigned to a particular path prefix so that we can host different applications at different paths. In HTTPServer’s constructor, let’s assign an empty list to the handlers instance variable.

class HTTPServer:
    def __init__(self, host="127.0.0.1", port=9000, worker_count=16) -> None:
        self.handlers = []
        ...

Next, let’s add a method that we can use to add handlers to the handler list. Call it mount.

    def mount(self, path_prefix: str, handler: HandlerT) -> None:
        """Mount a request handler at a particular path.  Handler
        prefixes are tested in the order that they are added so the
        first match "wins".
        """
        self.handlers.append((path_prefix, handler))

Now we need to update the HTTPWorker class to take advantage of these handlers. We need to make the workers’ constructor take the handlers list as a parameter.

class HTTPWorker(Thread):
    def __init__(self, connection_queue: Queue, handlers: List[Tuple[str, HandlerT]]) -> None:
        super().__init__(daemon=True)

        self.connection_queue = connection_queue
        self.handlers = handlers
        self.running = False

And then we need to update the handle_client method to delegate request handling to the handler functions. If none of the handlers match the current path, then we’ll return a 404 and if one of the handlers raises an exception then we’ll return a 500 error to the client.

    def handle_client(self, client_sock: socket.socket, client_addr: typing.Tuple[str, int]) -> None:
        with client_sock:
            try:
                request = Request.from_socket(client_sock)
            except Exception:
                LOGGER.warning("Failed to parse request.", exc_info=True)
                response = Response(status="400 Bad Request", content="Bad Request")
                response.send(client_sock)
                return

            # Force clients to send their request bodies on every
            # request rather than making the handlers deal with this.
            if "100-continue" in request.headers.get("expect", ""):
                response = Response(status="100 Continue")
                response.send(client_sock)

            for path_prefix, handler in self.handlers:
                if request.path.startswith(path_prefix):
                    try:
                        request = request._replace(path=request.path[len(path_prefix):])
                        response = handler(request)
                        response.send(client_sock)
                    except Exception as e:
                        LOGGER.exception("Unexpected error from handler %r.", handler)
                        response = Response(status="500 Internal Server Error", content="Internal Error")
                        response.send(client_sock)
                    finally:
                        break
            else:
                response = Response(status="404 Not Found", content="Not Found")
                response.send(client_sock)

Lastly, we have to make sure we pass the handler list to the HTTPWorkers when we instantiate them in serve_forever.

    def serve_forever(self) -> None:
        workers = []
        for _ in range(self.worker_count):
            worker = HTTPWorker(self.connection_queue, self.handlers)
            worker.start()
            workers.append(worker)

        ...

Now, whenever an HTTPWorker receives a new connection, it’ll parse the request and try to find a request handler to process it with. Before the request is passed to a request handler, we remove the prefix from its path property so that request handlers don’t have to be aware of what prefix they’re running under. This’ll come in handy when we write a handler that serves static files.

Since we haven’t mounted any request handlers yet, our server will reply with a 404 to any incoming request.

~> curl -v 127.0.0.1:9000
* Rebuilt URL to: 127.0.0.1:9000/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:9000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< content-length: 9
<
* Connection #0 to host 127.0.0.1 left intact
Not Found

Let’s mount a request handler that always returns the same response.

def app(request: Request) -> Response:
  return Response(status="200 OK", content="Hello!")


server = HTTPServer()
server.mount("", app)
server.serve_forever()

Whatever path we visit now, we’ll get the same Hello! response. Let’s mount another handler to serve static files from a local folder. To do this, we’re going to update our old serve_file function and turn it into a function that takes the path to some folder on disk and returns a request handler that can serve files from that folder.

def serve_static(server_root: str) -> HandlerT:
    """Generate a request handler that serves file off of disk
    relative to server_root.
    """

    def handler(request: Request) -> Response:
        path = request.path
        if request.path == "/":
            path = "/index.html"

        abspath = os.path.normpath(os.path.join(server_root, path.lstrip("/")))
        if not abspath.startswith(server_root):
            return Response(status="404 Not Found", content="Not Found")

        try:
            content_type, encoding = mimetypes.guess_type(abspath)
            if content_type is None:
                content_type = "application/octet-stream"

            if encoding is not None:
                content_type += f"; charset={encoding}"

            body_file = open(abspath, "rb")
            response = Response(status="200 OK", body=body_file)
            response.headers.add("content-type", content_type)
            return response
        except FileNotFoundError:
            return Response(status="404 Not Found", content="Not Found")

    return handler

Finally, we’re going to call serve static and mount the result under “/static” before we mount our application handler.

server = HTTPServer()
server.mount("/static", serve_static("www")),
server.mount("", app)
server.serve_forever()

All requests that begin with "/static" will now be handled by the generated static file handler and everything else will be handled by the app handler.

Middleware

Given that our request handlers are plain functions that take a request and return a response, writing middleware – arbitrary functionality that can run before or after every request – is pretty straightforward: any function that takes a request handler as input and itself generates a request handler is a middleware.

Here’s how we might write a middleware that ensures that all incoming requests have a valid Authorization header:

def wrap_auth(handler: HandlerT) -> HandlerT:
    def auth_handler(request: Request) -> Response:
        authorization = request.headers.get("authorization", "")
        if authorization.startswith("Bearer ") and authorization[len("Bearer "):] == "opensesame":
            return handler(request)
        return Response(status="403 Forbidden", content="Forbidden!")
    return auth_handler

To use it, we just pass it the app handler and mount the result.

server = HTTPServer()
server.mount("/static", serve_static("www")),
server.mount("", wrap_auth(app))
server.serve_forever()

Now all requests to the root handler will have to contain an authorization header with our super secret hard-coded value, otherwise they’ll get back a 403 response.

Winding down

That’s it for part 3. In part 4 we’re going to cover extracting an Application abstraction and implementing request routing. If you’d like to check out the full source code and follow along, you can find it here.

See ya next time!

Newsletter

If you want to find out about new parts as they come out, you can subscribe to the newsletter for this series by filling the form below.