Server

class Server(**properties: Any)

Superclasses: Object

A HTTP server.

Server implements a simple HTTP server.

To begin, create a server using new. Add at least one handler by calling add_handler or add_early_handler; the handler will be called to process any requests underneath the path you pass. (If you want all requests to go to the same handler, just pass “/” (or None) for the path.)

When a new connection is accepted (or a new request is started on an existing persistent connection), the Server will emit request_started and then begin processing the request as described below, but note that once the message is assigned a status-code, then callbacks after that point will be skipped. Note also that it is not defined when the callbacks happen relative to various ServerMessage signals.

Once the headers have been read, Server will check if there is a AuthDomain (qv) covering the Request-URI; if so, and if the message does not contain suitable authorization, then the AuthDomain will set a status of UNAUTHORIZED on the message.

After checking for authorization, Server will look for “early” handlers (added with add_early_handler) matching the Request-URI. If one is found, it will be run; in particular, this can be used to connect to signals to do a streaming read of the request body.

(At this point, if the request headers contain Expect: 100-continue, and a status code has been set, then Server will skip the remaining steps and return the response. If the request headers contain Expect: 100-continue and no status code has been set, Server will return a CONTINUE status before continuing.)

The server will then read in the response body (if present). At this point, if there are no handlers at all defined for the Request-URI, then the server will return NOT_FOUND to the client.

Otherwise (assuming no previous step assigned a status to the message) any “normal” handlers (added with add_handler) for the message’s Request-URI will be run.

Then, if the path has a WebSocket handler registered (and has not yet been assigned a status), Server will attempt to validate the WebSocket handshake, filling in the response and setting a status of SWITCHING_PROTOCOLS or BAD_REQUEST accordingly.

If the message still has no status code at this point (and has not been paused with pause), then it will be given a status of INTERNAL_SERVER_ERROR (because at least one handler ran, but returned without assigning a status).

Finally, the server will emit request_finished (or request_aborted if an I/O error occurred before handling was completed).

If you want to handle the special “*” URI (eg, “OPTIONS “), you must explicitly register a handler for “”; the default handler will not be used for that case.

If you want to process https connections in addition to (or instead of) http connections, you can set the tls_certificate property.

Once the server is set up, make one or more calls to listen, listen_local, or listen_all to tell it where to listen for connections. (All ports on a Server use the same handlers; if you need to handle some ports differently, such as returning different data for http and https, you’ll need to create multiple SoupServer’s, or else check the passed-in URI in the handler function.).

Server will begin processing connections as soon as you return to (or start) the main loop for the current thread-default MainContext.

Methods

class Server

accept_iostream(stream: IOStream, local_addr: SocketAddress | None = None, remote_addr: SocketAddress | None = None) → bool

Adds a new client stream to the server.

Parameters:

• stream – a IOStream

• local_addr – the local SocketAddress associated with the stream

• remote_addr – the remote SocketAddress associated with the stream

add_auth_domain(auth_domain: AuthDomain) → None

Adds an authentication domain to server.

Each auth domain will have the chance to require authentication for each request that comes in; normally auth domains will require authentication for requests on certain paths that they have been set up to watch, or that meet other criteria set by the caller. If an auth domain determines that a request requires authentication (and the request doesn’t contain authentication), server will automatically reject the request with an appropriate status (401 Unauthorized or 407 Proxy Authentication Required). If the request used the SoupServer:100-continue Expectation, server will reject it before the request body is sent.

Parameters:

auth_domain – a AuthDomain

add_early_handler(path: str | None, callback: Callable[[...], None], *user_data: Any) → None

Adds an “early” handler to server for requests prefixed by path.

Note that “normal” and “early” handlers are matched up together, so if you add a normal handler for “/foo” and an early handler for “/foo/bar”, then a request to “/foo/bar” (or any path below it) will run only the early handler. (But if you add both handlers at the same path, then both will get run.)

For requests under path (that have not already been assigned a status code by a AuthDomain or a signal handler), callback will be invoked after receiving the request headers, but before receiving the request body; the message’s method and request-headers properties will be set.

Early handlers are generally used for processing requests with request bodies in a streaming fashion. If you determine that the request will contain a message body, normally you would call set_accumulate on the message’s request-body to turn off request-body accumulation, and connect to the message’s got_chunk signal to process each chunk as it comes in.

To complete the message processing after the full message body has been read, you can either also connect to got_body, or else you can register a non-early handler for path as well. As long as you have not set the status-code by the time got_body is emitted, the non-early handler will be run as well.

Parameters:

• path – the toplevel path for the handler

• callback – callback to invoke for requests under path

• user_data – data for callback

add_handler(path: str | None, callback: Callable[[...], None], *user_data: Any) → None

Adds a handler to server for requests prefixed by path.

If path is None or “/”, then this will be the default handler for all requests that don’t have a more specific handler. (Note though that if you want to handle requests to the special “*” URI, you must explicitly register a handler for “*”; the default handler will not be used for that case.)

For requests under path (that have not already been assigned a status code by a AuthDomain, an early server handler, or a signal handler), callback will be invoked after receiving the request body; the ServerMessage’s method, request-headers, and request-body properties will be set.

After determining what to do with the request, the callback must at a minimum call set_status on the message to set the response status code. Additionally, it may set response headers and/or fill in the response body.

If the callback cannot fully fill in the response before returning (eg, if it needs to wait for information from a database, or another network server), it should call pause to tell server to not send the response right away. When the response is ready, call unpause to cause it to be sent.

To send the response body a bit at a time using “chunked” encoding, first call set_encoding to set CHUNKED on the response-headers. Then call append (or append_bytes)) to append each chunk as it becomes ready, and unpause to make sure it’s running. (The server will automatically pause the message if it is using chunked encoding but no more chunks are available.) When you are done, call complete to indicate that no more chunks are coming.

Parameters:

• path – the toplevel path for the handler

• callback – callback to invoke for requests under path

• user_data – data for callback

add_websocket_extension(extension_type: type) → None

Add support for a WebSocket extension of the given extension_type.

When a WebSocket client requests an extension of extension_type, a new WebsocketExtension of type extension_type will be created to handle the request.

Note that WebsocketExtensionDeflate is supported by default, use remove_websocket_extension if you want to disable it.

Parameters:

extension_type – a Type

add_websocket_handler(path: str | None, origin: str | None, protocols: Sequence[str] | None, callback: Callable[[...], None], *user_data: Any) → None

Adds a WebSocket handler to server for requests prefixed by path.

If path is None or “/”, then this will be the default handler for all requests that don’t have a more specific handler.

When a path has a WebSocket handler registered, server will check incoming requests for WebSocket handshakes after all other handlers have run (unless some earlier handler has already set a status code on the message), and update the request’s status, response headers, and response body accordingly.

If origin is non-None, then only requests containing a matching “Origin” header will be accepted. If protocols is non-None, then only requests containing a compatible “Sec-WebSocket-Protocols” header will be accepted. More complicated requirements can be handled by adding a normal handler to path, and having it perform whatever checks are needed and setting a failure status code if the handshake should be rejected.

Parameters:

• path – the toplevel path for the handler

• origin – the origin of the connection

• protocols – the protocols supported by this handler

• callback – callback to invoke for successful WebSocket requests under path

• user_data – data for callback

disconnect() → None

Closes and frees server’s listening sockets.

Note that if there are currently requests in progress on server, that they will continue to be processed if server’s MainContext is still running.

You can call listen, etc, after calling this function if you want to start listening again.

get_listeners() → list[Socket]

Gets server’s list of listening sockets.

You should treat these sockets as read-only; writing to or modifiying any of these sockets may cause server to malfunction.

get_tls_auth_mode() → TlsAuthenticationMode

Gets the server SSL/TLS client authentication mode.

get_tls_certificate() → TlsCertificate | None

Gets the server SSL/TLS certificate.

get_tls_database() → TlsDatabase | None

Gets the server SSL/TLS database.

get_uris() → list[Uri]

Gets a list of URIs corresponding to the interfaces server is listening on.

These will contain IP addresses, not hostnames, and will also indicate whether the given listener is http or https.

Note that if you used listen_all the returned URIs will use the addresses 0.0.0.0 and ::, rather than actually returning separate URIs for each interface on the system.

is_https() → bool

Checks whether server is capable of https.

In order for a server to run https, you must call set_tls_certificate, or set the tls_certificate property, to provide it with a certificate to use.

If you are using the deprecated single-listener APIs, then a return value of True indicates that the Server serves https exclusively. If you are using listen, etc, then a True return value merely indicates that the server is able to do https, regardless of whether it actually currently is or not. Use get_uris to see if it currently has any https listeners.

listen(address: SocketAddress, options: ServerListenOptions) → bool

Attempts to set up server to listen for connections on address.

If options includes HTTPS, and server has been configured for TLS, then server will listen for https connections on this port. Otherwise it will listen for plain http.

You may call this method (along with the other “listen” methods) any number of times on a server, if you want to listen on multiple ports, or set up both http and https service.

After calling this method, server will begin accepting and processing connections as soon as the appropriate MainContext is run.

Note that this API does not make use of dual IPv4/IPv6 sockets; if address is an IPv6 address, it will only accept IPv6 connections. You must configure IPv4 listening separately.

Parameters:

• address – the address of the interface to listen on

• options – listening options for this server

listen_all(port: int, options: ServerListenOptions) → bool

Attempts to set up server to listen for connections on all interfaces on the system.

That is, it listens on the addresses 0.0.0.0 and/or ::, depending on whether options includes IPV4_ONLY, IPV6_ONLY, or neither.) If port is specified, server will listen on that port. If it is 0, server will find an unused port to listen on. (In that case, you can use get_uris to find out what port it ended up choosing.

See listen for more details.

Parameters:

• port – the port to listen on, or 0

• options – listening options for this server

listen_local(port: int, options: ServerListenOptions) → bool

Attempts to set up server to listen for connections on “localhost”.

That is, 127.0.0.1 and/or ::1, depending on whether options includes IPV4_ONLY, IPV6_ONLY, or neither). If port is specified, server will listen on that port. If it is 0, server will find an unused port to listen on. (In that case, you can use get_uris to find out what port it ended up choosing.

See listen for more details.

Parameters:

• port – the port to listen on, or 0

• options – listening options for this server

listen_socket(socket: Socket, options: ServerListenOptions) → bool

Attempts to set up server to listen for connections on socket.

See listen for more details.

Parameters:

• socket – a listening Socket

• options – listening options for this server

pause_message(msg: ServerMessage) → None

Pauses I/O on msg.

This can be used when you need to return from the server handler without having the full response ready yet. Use unpause_message to resume I/O.

This must only be called on a ServerMessage which was created by the Server and are currently doing I/O, such as those passed into a ServerCallback or emitted in a request_read signal.

Deprecated since version 3.2: Use pause() instead.

Parameters:

msg – a ServerMessage associated with server.

remove_auth_domain(auth_domain: AuthDomain) → None

Removes auth_domain from server.

Parameters:

auth_domain – a AuthDomain

remove_handler(path: str) → None

Removes all handlers (early and normal) registered at path.

Parameters:

path – the toplevel path for the handler

remove_websocket_extension(extension_type: type) → None

Removes support for WebSocket extension of type extension_type (or any subclass of extension_type) from server.

Parameters:

extension_type – a Type

set_tls_auth_mode(mode: TlsAuthenticationMode) → None

Sets server’s TlsAuthenticationMode to use for SSL/TLS client authentication.

Parameters:

mode – a TlsAuthenticationMode

set_tls_certificate(certificate: TlsCertificate) → None

Sets server up to do https, using the given SSL/TLS certificate.

Parameters:

certificate – a TlsCertificate

set_tls_database(tls_database: TlsDatabase) → None

Sets server’s TlsDatabase to use for validating SSL/TLS client certificates.

Parameters:

tls_database – a TlsDatabase

unpause_message(msg: ServerMessage) → None

Resumes I/O on msg.

Use this to resume after calling pause_message, or after adding a new chunk to a chunked response.

I/O won’t actually resume until you return to the main loop.

This must only be called on a ServerMessage which was created by the Server and are currently doing I/O, such as those passed into a ServerCallback or emitted in a request_read signal.

Deprecated since version 3.2: Use unpause() instead.

Parameters:

msg – a ServerMessage associated with server.

Properties

class Server

props.raw_paths: bool

If True, percent-encoding in the Request-URI path will not be automatically decoded.

props.server_header: str

Server header.

If non-None, the value to use for the “Server” header on ServerMessage’s processed by this server.

The Server header is the server equivalent of the User-Agent header, and provides information about the server and its components. It contains a list of one or more product tokens, separated by whitespace, with the most significant product token coming first. The tokens must be brief, ASCII, and mostly alphanumeric (although “-”, “_”, and “.” are also allowed), and may optionally include a “/” followed by a version string. You may also put comments, enclosed in parentheses, between or after the tokens.

Some HTTP server implementations intentionally do not use version numbers in their Server header, so that installations running older versions of the server don’t end up advertising their vulnerability to specific security holes.

As with user_agent, if you set a server_header property that has trailing whitespace, Server will append its own product token (eg, libsoup/2.3.2) to the end of the header for you.

props.tls_auth_mode: TlsAuthenticationMode

A TlsAuthenticationMode for SSL/TLS client authentication.

props.tls_certificate: TlsCertificate

A TlsCertificate[ that has a private_key set.

If this is set, then the server will be able to speak https in addition to (or instead of) plain http.

props.tls_database: TlsDatabase

A TlsDatabase to use for validating SSL/TLS client certificates.

Signals

class Server.signals

request_aborted(message: ServerMessage) → None

Emitted when processing has failed for a message.

This could mean either that it could not be read (if request_read has not been emitted for it yet), or that the response could not be written back (if request_read has been emitted but request_finished has not been).

message is in an undefined state when this signal is emitted; the signal exists primarily to allow the server to free any state that it may have allocated in request_started.

Parameters:

message – the message

request_finished(message: ServerMessage) → None

Emitted when the server has finished writing a response to a request.

Parameters:

message – the message

request_read(message: ServerMessage) → None

Emitted when the server has successfully read a request.

message will have all of its request-side information filled in, and if the message was authenticated, client will have information about that. This signal is emitted before any (non-early) handlers are called for the message, and if it sets the message’s status_code, then normal handler processing will be skipped.

Parameters:

message – the message

request_started(message: ServerMessage) → None

Emitted when the server has started reading a new request.

message will be completely blank; not even the Request-Line will have been read yet. About the only thing you can usefully do with it is connect to its signals.

If the request is read successfully, this will eventually be followed by a request_read signal. If a response is then sent, the request processing will end with a request_finished signal. If a network error occurs, the processing will instead end with request_aborted.

Parameters:

message – the new message

Virtual Methods

class Server

do_request_aborted(msg: ServerMessage) → None

Parameters:

msg

do_request_finished(msg: ServerMessage) → None

Parameters:

msg

do_request_read(msg: ServerMessage) → None

Parameters:

msg

do_request_started(msg: ServerMessage) → None

Parameters:

msg

Fields

class Server

parent_instance