add basic HTTP server for viewing skpdiff results

tools/skpdiff/skpdiff_server.py

+#!/usr/bin/python

[epoger, 2013/07/24 17:46:53]

I don't remember where this is documented, but for Python our style guide calls
for 80 column wrap and 2-space indents.  Please reformat.

[Zach Reizner, 2013/07/24 20:16:36]

According to http://www.python.org/dev/peps/pep-0008/#indentation, python
indentation should always be a multiple of 4. In addition rebaseline.py,
svndiff.py, and jsondiff.py all use 4 space indents.

+# -*- coding: utf-8 -*-
+
+from __future__ import print_function
+import BaseHTTPServer
+import os
+import os.path
+
+# A simple dictionary of file name extensions to MIME types. The empty string entry is used as the
+# default when no extension was given or if the extension has no entry in this dictionary.
+MIME_TYPE_MAP = {'': 'application/octet-stream',
+                 'html': 'text/html',
+                 'css': 'text/css',
+                 'png': 'image/png',
+                 'js': 'application/javascript'
+                 }
+
+
+class SkPDiffHandler(BaseHTTPServer.BaseHTTPRequestHandler):
+    def send_file(self, file_path):
+        # Grab the extension if there is one
+        extension = os.path.splitext(file_path)[1]
+        if len(extension) >= 1:

[epoger, 2013/07/24 17:46:53]

FYI: I don't care one way or the other, but I think many Python reviewers would
say just "if extension:" is more Pythony.

+            extension = extension[1:]
+
+        # Determine the MIME type of the file from its extension
+        mime_type = MIME_TYPE_MAP.get(extension, MIME_TYPE_MAP[''])
+
+        # Open the file and send it over HTTP
+        sending_file = open(file_path, 'rb')
+        self.send_response(200)
+        self.send_header('Content-type', mime_type)
+        self.end_headers()
+        self.wfile.write(sending_file.read())
+        sending_file.close()
+
+    def serve_if_in_dir(self, dir_path, file_path):
+        # Determine if the file exists relative to the given dir_path AND exists under the dir_path

[epoger, 2013/07/24 17:46:53]

Please add a note indicating the security reasons for making this check.

+        real_path = os.path.normpath(os.path.join(dir_path, file_path))
+        print(repr(real_path))
+        if os.path.commonprefix([real_path, dir_path]) == dir_path:
+            if os.path.isfile(real_path):
+                self.send_file(real_path)
+                return True
+        return False
+
+    def do_GET(self):
+        # Grab the script path because that is where all the static assets are
+        script_dir = os.path.dirname(os.path.abspath(__file__))
+
+        # Simple rewrite rule of the root path to 'viewer.html'
+        if self.path == '' or self.path == '/':
+            self.path = '/viewer.html'
+
+        # The [1:] chops of the leading '/'

[epoger, 2013/07/24 17:46:53]

of -> off

+        file_path = self.path[1:]
+
+        # Attempt to send static asset files first
+        if self.serve_if_in_dir(script_dir, file_path):
+            return
+
+        # WARNING: Using the root is a big ol' hack. Incredibly insecure. Only allow serving to

[epoger, 2013/07/24 17:46:53]

Indeed it is.  Is there some other way we can handle this, without such
exposure?

One thing to note is that the client's browser can grab images directly from
Google Storage via URLs like this:
http://chromium-skia-gm.commondatastorage.googleapis.com/gm/bitmap-64bitMD5/a...

Maybe you could do that instead?  Let's discuss live...

+        # localhost unless you want the network to be able to see ALL of the files you can.
+        # Attempt to send gm image files
+        if self.serve_if_in_dir('/', file_path):
+            return
+
+        # If no file to send was found, just give the standard 404
+        self.send_error(404)
+
+
+def main():
+    server_address = ('127.0.0.1', 8080)
+    http_server = BaseHTTPServer.HTTPServer(server_address, SkPDiffHandler)
+    print('Navigate thine browser to: {}:{}'.format(*server_address))
+    http_server.serve_forever()
+
+if __name__ == '__main__':
+    main()