# Protocols
![An image of the definition of a protocol, especially: a code presecribing strict adherence to correct etiquette and precedence.](protocol.png)
<center>Web Protocols</center>

## Overview/Outline

Programming languages like Python are the languages we speak to computers.

Protocols are the languages that computers speak to each-other.

This session we’ll look at a few of them and

  * Learn what makes them similar
  * Learn what makes them different
  * Learn about Python’s tools for speaking them
  * Learn how to speak one (HTTP) ourselves

## Review

Questions from the Homework?

Examples of an echo server using select

## What Is A Protocol?

** a set of rules or conventions **

** governing communications **

Life has lots of sets of rules for how to do things:

  * What do you say when you get on the elevator?
  * What do you do on a first date?
  * What do you wear to a job interview?
  * What do (and don’t) you talk about at a dinner party?
  * ...?
  
  ![An image describing how men choose urinals in the bathroom.](icup.png)
<center>http://blog.xkcd.com/2009/09/02/urinal-protocol-vulnerability/</center>

Digital life has lots of rules too:

  * how to say hello
  * how to identify yourself
  * how to ask for information
  * how to provide answers
  * how to say goodbye

## Real Protocol Examples

What does this look like in practice?

  * SMTP (Simple Message Transfer Protocol) 
    http://tools.ietf.org/html/rfc5321#appendix-D
  * POP3 (Post Office Protocol) 
    http://www.faqs.org/docs/artu/ch05s03.html
  * IMAP (Internet Message Access Protocol) 
    http://www.faqs.org/docs/artu/ch05s03.html
  * HTTP (Hyper-Text Transfer Protocol) 
    http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
    
Over the next few slides we’ll be looking at server/client interactions.

Each interaction is line-based, each line represents one message.

Messages from the Server to the Client are prefaced with S (<--)

Messages from the Client to the Server are prefaced with C (-->)

**All** lines end with the character sequence `<CRLF\>` (`\r\n`)

### SMTP (Simple Mail Transfer Protocol)

Say hello and identify yourself:
```
    S (<--): 220 example.com Simple Mail Transfer Service Ready
    C (-->): EHLO example.com
    S (<--): 250-foo.com greets example.com
    S (<--): 250-8BITMIME
    S (<--): 250-SIZE
    S (<--): 250-DSN
    S (<--): 250 HELP
```

Ask for information, provide answers:
```
    C (-->): MAIL FROM:<bob@example.com>
    S (<--): 250 OK
    C (-->): RCPT TO:<alice@example.com>
    S (<--): 250 OK
    C (-->): RCPT TO:<theboss@example.com>
    S (<--): 550 No such user here
    C (-->): DATA
    S (<--): 354 Start mail input; end with <CRLF>.<CRLF>
    C (-->): From: "Bob Example" <bob@example.com>
    C (-->): To: "Alice Example" <alice@example.com>
    C (-->): Cc: theboss@example.com
    C (-->): Date: Tue, 15 January 2008 16:02:43 -0500
    C (-->): Subject: Test message
    C (-->): 
    C (-->): Hello Alice.
    C (-->): This is a test message with 5 header fields and 4 lines in the message body.
    C (-->): Your friend,
    C (-->): Bob
    C (-->): .
    S (<--): 250 OK
```

Say goodbye:
```
    C (-->): QUIT
    S (<--): 221 foo.com Service closing transmission channel
```

  * Interaction consists of commands and replies
  * Each command or reply is one line terminated by `<CRLF>`
    * (there are exceptions, see the 250 reply to EHLO above)
  * The exception is message payload, terminated by `<CRLF>.<CRLF>`
  * Each command has a verb and one or more arguments
  * Each reply has a formal code and an informal explanation

### POP3

Say hello and identify yourself:
```
    C (-->): <client connects to service port 110>
    S (<--): +OK POP3 server ready <1896.6971@mailgate.dobbs.org>
    C (-->): USER bob
    S (<--): +OK bob
    C (-->): PASS redqueen
    S (<--): +OK bob's maildrop has 2 messages (320 octets)
```

Ask for information, provide answers:
```
    C (-->): STAT
    S (<--): +OK 2 320
    C (-->): LIST
    S (<--): +OK 1 messages (120 octets)
    S (<--): 1 120
    S (<--): .
```

Ask for information, provide answers:
```
    C (-->): RETR 1
    S (<--): +OK 120 octets
    S (<--): <server sends the text of message 1>
    S (<--): .
    C (-->): DELE 1
    S (<--): +OK message 1 deleted
```

Say goodbye:
```
    C (-->): QUIT
    S (<--): +OK dewey POP3 server signing off (maildrop empty)
    C (-->): <client hangs up>
```

   * Interaction consists of commands and replies
   * Each command or reply is one line terminated by `<CRLF>`
   * The exception is message payload, terminated by `<CRLF>.<CRLF>`
   * Each command has a verb and one or more arguments
   * Each reply has a formal code and an informal explanation

The codes don’t really look the same, though, do they?

The exception to the one-line-per-message rule is *payload*.

In both SMTP and POP3 this is terminated by `<CRLF>.<CRLF>`

In SMTP, the client has this ability

But in POP3, it belongs to the server.

<center>Why?</center>

### IMAP

Say hello and identify yourself:
```
    C (-->): <client connects to service port 143>
    S (<--): * OK example.com IMAP4rev1 v12.264 server ready
    C (-->): A0001 USER "frobozz" "xyzzy"
    S (<--): * OK User frobozz authenticated
```

Ask for information, provide answers (connect to an inbox):
```
    C (-->): A0002 SELECT INBOX
    S (<--): * 1 EXISTS
    S (<--): * 1 RECENT
    S (<--): * FLAGS (\Answered \Flagged \Deleted \Draft \Seen)
    S (<--): * OK [UNSEEN 1] first unseen message in /var/spool/mail/esr
    S (<--): A0002 OK [READ-WRITE] SELECT completed
```

Ask for information, provide answers (get message sizes):
```
    C (-->): A0003 FETCH 1 RFC822.SIZE
    S (<--): * 1 FETCH (RFC822.SIZE 2545)
    S (<--): A0003 OK FETCH completed
```

Ask for information, provide answers (get first message header):
```
    C (-->): A0004 FETCH 1 BODY[HEADER]
    S (<--): * 1 FETCH (RFC822.HEADER {1425}
    <server sends 1425 octets of message payload>
    S (<--): )
    S (<--): A0004 OK FETCH completed
```

Ask for information, provide answers (Get first message body):
```
    C (-->): A0005 FETCH 1 BODY[TEXT]
    S (<--): * 1 FETCH (BODY[TEXT] {1120}
    <server sends 1120 octets of message payload>
    S (<--): )
    S (<--): * 1 FETCH (FLAGS (\Recent \Seen))
    S (<--): A0005 OK FETCH completed
```

Say goodbye:
```
    C (-->): A0006 LOGOUT
    S (<--): * BYE example.com IMAP4rev1 server terminating connection
    S (<--): A0006 OK LOGOUT completed
    C (-->): <client hangs up>
```

  * Interaction consists of commands and replies
  * Each command or reply is one line terminated by `<CRLF>`
  * Each command has a verb and one or more arguments
  * Each reply has a formal code and an informal explanation

  * Commands and replies are prefixed by ‘sequence identifier’
  * Payloads are prefixed by message size, rather than terminated by reserved sequence

Compared with POP3, what do these differences suggest?
  

### Using IMAP in Python

Let's try this out for ourselves!

Fire up your python interpreters and prepare to type.

Begin by importing the `imaplib` module from the Python Standard Library.

In [4]:
import imaplib

This library has several features that we might find useful:

In [5]:
dir(imaplib)

['AllowedVersions',
 'CRLF',
 'Commands',
 'Continuation',
 'DEFAULT_BUFFER_SIZE',
 'Debug',
 'Flags',
 'HAVE_SSL',
 'IMAP4',
 'IMAP4_PORT',
 'IMAP4_SSL',
 'IMAP4_SSL_PORT',
 'IMAP4_stream',
 'Int2AP',
 'InternalDate',
 'Internaldate2tuple',
 'Literal',
 'MapCRLF',
 'Mon2num',
 'Months',
 'ParseFlags',
 'Response_code',
 'Time2Internaldate',
 'Untagged_response',
 'Untagged_status',
 '_Authenticator',
 '_Literal',
 '_MAXLINE',
 '_Untagged_status',
 '__all__',
 '__builtins__',
 '__cached__',
 '__doc__',
 '__file__',
 '__loader__',
 '__name__',
 '__package__',
 '__spec__',
 '__version__',
 'binascii',
 'calendar',
 'datetime',
 'errno',
 'random',
 're',
 'socket',
 'ssl',
 'subprocess',
 'sys',
 'time',
 'timedelta',
 'timezone']

Setting imaplib.Debug shows us what is sent and received.

In [6]:
imaplib.Debug = 4

I've preared a server for us to use, but we'll need to set up a client to speak to it.

Our server requires SSL (Secure Socket Layer) for connecting to IMAP servers, so let's initialize an IMAP4_SSL client and authenticate:

In [18]:
conn = imaplib.IMAP4_SSL('imap.aol.com')

  54:21.19 imaplib version 2.58
  54:21.19 new IMAP4 connection, tag=b'LFGO'
  54:21.32 < b'* OK IMAP4 ready'
  54:21.32 > b'LFGO0 CAPABILITY'
  54:21.41 < b'* CAPABILITY IMAP4rev1 UIDPLUS ID NAMESPACE LOGIN-REFERRALS IDLE STARTTLS AUTH=XAOL-UAS-MB AUTH=XOAUTH2'
  54:21.41 < b'LFGO0 OK completed'
  54:21.41 CAPABILITIES: ('IMAP4REV1', 'UIDPLUS', 'ID', 'NAMESPACE', 'LOGIN-REFERRALS', 'IDLE', 'STARTTLS', 'AUTH=XAOL-UAS-MB', 'AUTH=XOAUTH2')


In [19]:
conn.login('joseph.schilz', 'jYMohl56Of')

  54:29.03 > b'LFGO1 LOGIN joseph.schilz "jYMohl56Of"'
  54:29.39 < b'* CAPABILITY IMAP4rev1 APPENDLIMIT=36700160 BINARY CATENATE CHILDREN ESEARCH ID IDLE LITERAL+ LOGIN-REFERRALS NAMESPACE QUOTA SASL-IR UIDPLUS UNSELECT WITHIN XAOL-MOVE XAOL.SPAM.REASON XAOL-MSGID XAPPLEPUSHSERVICE MOVE REPLACE'
  54:29.39 < b'LFGO1 OK LOGIN completed'


('OK', [b'LOGIN completed'])

In [23]:
conn.select('INBOX')

  55:50.88 > b'LFGO2 SELECT INBOX'
  55:51.00 < b'* 1 EXISTS'
  55:51.00 < b'* 0 RECENT'
  55:51.00 < b'* OK [UIDVALIDITY 1] UID validity status'
  55:51.00 < b'* OK [UIDNEXT 258] predicted next UID'
  55:51.00 < b'* FLAGS ($Submitted $XAOL-SENT \\Answered \\Deleted \\Draft \\Flagged \\Seen $Forwarded $MDNSent Forwarded XAOL-CLIENT-BULK XAOL-RECEIVED XAOL-VOICEMAIL XAOL-GOOD XAOL-GOODCHECK-DONE XAOL-OFFICIAL-MAIL XAOL-CERTIFIED-MAIL XAOL-PRIORITY-MAIL XAOL-READ $hasAttached $hasEmbedded $Aggregated)'
  55:51.00 < b'* OK [PERMANENTFLAGS (\\Answered \\Deleted \\Draft \\Flagged \\Seen $Forwarded $MDNSent Forwarded XAOL-GOOD XAOL-GOODCHECK-DONE)] Permanent flags'
  55:51.00 < b'LFGO2 OK [READ-WRITE] SELECT completed'


('OK', [b'1'])

In [27]:
conn.search(None, '(FROM "joseph")')

  59:31.36 > b'LFGO6 SEARCH (FROM "joseph")'
  59:31.63 < b'* SEARCH 2'
  59:31.63 < b'* 2 EXISTS'
  59:31.63 < b'LFGO6 OK SEARCH completed'


('OK', [b'2'])

In [33]:
conn.fetch('2', 'BODY[HEADER]')

  00:47.60 > b'LFGO12 FETCH 2 BODY[HEADER]'
  00:47.69 < b'* 2 FETCH (BODY[HEADER] {1253}'
  00:47.69 read literal size 1253
  00:47.69 < b')'
  00:47.69 < b'LFGO12 OK FETCH completed'


('OK',
 [(b'2 (BODY[HEADER] {1253}',
   b'Return-Path: <joseph.schilz@aol.com>\r\nReceived: from core-lea01b.mail.aol.com (core-lea01.mail.aol.com [10.76.11.1])\r\n\tby mtaomg-mcc02.mx.aol.com (OMAG/Core Interface) with ESMTP id BD6813800008E\r\n\tfor <joseph.schilz@aol.com>; Thu,  7 Apr 2016 13:59:22 -0400 (EDT)\r\nReceived: from 128.95.239.95 by webprd-a58.mail.aol.com (10.72.57.65) with HTTP (WebMailUI); Thu, 07 Apr 2016 13:59:22 -0400\r\nDate: Thu, 7 Apr 2016 13:59:22 -0400\r\nFrom: joseph.schilz@aol.com\r\nTo: joseph.schilz@aol.com\r\nMessage-Id: <153f1e0e9d1-4911-15bce@webprd-a58.mail.aol.com>\r\nSubject: Hello Joe!\r\nMIME-Version: 1.0\r\nContent-Type: multipart/alternative; \r\n\tboundary="----=_Part_111840_263897238.1460051962317"\r\nX-MB-Message-Source: WebUI\r\nX-MB-Message-Type: User\r\nX-Mailer: JAS STD\r\nX-Originating-IP: [128.95.239.95]\r\nx-aol-global-disposition: G\r\nDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;\r\n\ts=20150623; t=1460051962;\r\

In [31]:
conn.fetch('2', 'FLAGS')

  00:23.26 > b'LFGO10 FETCH 2 FLAGS'
  00:23.36 < b'* 2 FETCH (FLAGS (XAOL-GOODCHECK-DONE))'
  00:23.36 < b'LFGO10 OK FETCH completed'


('OK', [b'2 (FLAGS (XAOL-GOODCHECK-DONE))'])

In [32]:
conn.fetch('2', 'BODY[TEXT]')

  00:34.09 > b'LFGO11 FETCH 2 BODY[TEXT]'
  00:34.28 < b'* 2 FETCH (BODY[TEXT] {383}'
  00:34.29 read literal size 383
  00:34.29 < b')'
  00:34.29 < b'* 2 FETCH (FLAGS (\\Seen XAOL-GOODCHECK-DONE XAOL-READ))'
  00:34.29 < b'LFGO11 OK FETCH completed'


('OK',
 [(b'2 (BODY[TEXT] {383}',
   b"------=_Part_111840_263897238.1460051962317\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Transfer-Encoding: 7bit\r\n\r\nEvery day is special!\r\n------=_Part_111840_263897238.1460051962317\r\nContent-Type: text/html; charset=utf-8\r\nContent-Transfer-Encoding: 7bit\r\n\r\n<font color='black' size='2' face='arial'>Every day is special!</font>\r\n------=_Part_111840_263897238.1460051962317--\r\n"),
  b')',
  b'2 (FLAGS (\\Seen XAOL-GOODCHECK-DONE XAOL-READ))'])

Now let's be good citizens and close the connection!

In [34]:
conn.close()

  01:43.22 > b'LFGO13 CLOSE'
  01:43.33 < b'LFGO13 OK CLOSE completed'


('OK', [b'CLOSE completed'])

What does the message say?

Python even includes an *email* library that would allow us to interact with this message in an object-oriented style.

Neat, huh?

### Summary

  * Protocols are just a set of rules for how to communicate
  * Protocols tell us how to parse and delimit messages
  * Protocols tell us what messages are valid
  * If we properly format request messages to a server, we can get response messages
  * Python supports a number of these protocols
  * So we don’t have to remember how to format the commands ourselves
  * But in every case we’ve seen, we could do the same thing with a socket and some strings

### Break Time?

Let's take a few minutes here to clear our heads.

When we return, we'll learn about the monarch of protocols: HTTP

### HTTP

HTTP is no different from the protocols we've explored above.

HTTP is also message-centered, with two-way communications:

  * Requests (asking for information)
  * Responses (providing answers)
  

#### Request

Ask for information:
```
GET /index.html HTTP/1.1
Host: www.example.com

```

All lines in HTTP are to be terminated with a `<CRLF>`. The Python string-literal representation of a `<CRLF>` is `'\r\n'`.

Thus, the string literal representation of our request is:

`b'GET /index.html HTTP/1.1\r\nHost: www.example.com\r\n\r\n'`

We'll write the `<CRLF>` explicitly to remind ourselves that there is a CRLF at the end of each line, but remember that `<CRLF>` represents the whitespace characters `'\r\n'`!

Using `<CRLF>`, we can write our request as:
```
GET /index.html HTTP/1.1<CRLF>
Host: www.example.com<CRLF>
<CRLF>
```

#### Response

Provide answers:
```
HTTP/1.1 200 OK<CRLF>
Date: Mon, 23 May 2005 22:38:34 GMT<CRLF>
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)<CRLF>
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT<CRLF>
Etag: "3f80f-1b6-3e1cb03b"<CRLF>
Accept-Ranges:  none<CRLF>
Content-Length: 438<CRLF>
Connection: close<CRLF>
Content-Type: text/html; charset=UTF-8<CRLF>
<CRLF>
<!DOCTYPE html>\n<html>\n  <head>\n    <title>This is a .... </html><CRLF>
```

Pay particular attention to the `<CRLF>` on a line by itself.

In HTTP, both request and response share a common basic format:

  * Line separators are `<CRLF>` (familiar, no?)
  * A required initial line (a command or a response code)
  * A (mostly) optional set of headers, one per line
  * A blank line
  * An optional body

### Implementing HTTP

Let's investigate the HTTP protocol a bit in real life.

We'll do so by building a simplified HTTP server, one step at a time.

There is a copy of the echo server from last time in resources/session02. It’s called http_server.py.

In a terminal, move into that directory. We’ll be doing our work here for the rest of the session

Test Driven Development (TDD) is all the rage these days.

It means that before you write code, you first write tests demonstrating what you want your code to do.

When all your tests pass, you are finished. You did this for your last assignment.

We’ll be doing it again today.

From inside resources/session02 start a second python interpreter and run $ python http_server.py

In your first interpreter run the tests. You should see similar output:


```
$ python tests.py
[...]
Ran 10 tests in 0.054s

FAILED (failures=3, errors=7)
```

Let’s take a few minutes here to look at these tests and understand them.

Our job is to make all those tests pass.

First, though, let’s pretend this server really is a functional HTTP server.

This time, instead of using the echo client to make a connection to the server, let’s use a web browser!

Point your favorite browser at http://localhost:10000

First, look at the printed output from your echo server.

Second, note that your browser is still waiting to finish loading the page

Moreover, your server should also be hung, waiting for more from the ‘client’

This is because the server is waiting for the browser to respond

And at the same time, the browser is waiting for the server to indicate it is done.

Our server does not yet speak the HTTP protocol, but the browser is expecting it.

Kill your server with ctrl-c (the keyboard interrupt) and you should see some printed content in your browser:

```
GET / HTTP/1.1
Host: localhost:10000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: __utma=111872281.383966302.1364503233.1364503233.1364503233.1; __utmz=111872281.1364503233.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); csrftoken=uiqj579iGRbReBHmJQNTH8PFfAz2qRJS
Connection: keep-alive
Cache-Control: max-age=0
```

Your server is simply echoing what it receives, so this is an HTTP Request as sent by your browser.

When working on HTTP applications, it’s nice to be able to see all this going back and forth.

Good browsers support this with a set of developer tools built-in.

  * firefox -> ctrl-shift-K or cmd-opt-K (os X)
  * safari -> enable in preferences:advanced then cmd-opt-i
  * chrome -> ctrl-shift-i or cmd-opt-i (os X)
  * IE (7.0+) -> F12 or tools menu -> developer tools
  
**Let's take a quick look!**

Sometimes you need or want to debug http requests that are not going through your browser.

Or perhaps you need functionality that is not supported by in-browser tools (request munging, header mangling, decryption of https request/responses)

Then it might be time for an HTTP debugging proxy:

  * windows: http://www.fiddler2.com/fiddler2/
  * win/osx/linux: http://www.charlesproxy.com/

We won’t cover any of these tools here today. But you can check them out when you have the time.

### Step 1: Basic HTTP Protocol

In HTTP 1.0, the only required line in an HTTP request is this:
```
GET /path/to/index.html HTTP/1.0<CRLF>
<CRLF>
```

As virtual hosting grew more common, that was not enough, so HTTP 1.1 adds a single required header, Host:
```
GET /path/to/index.html HTTP/1.1<CRLF>
Host: www.mysite1.com:80<CRLF>
<CRLF>
```

In both HTTP 1.0 and 1.1, a proper response consists of an intial line, followed by optional headers, a single blank line, and then optionally a response body. The following is a pretty minimal response:
```
HTTP/1.1 200 OK<CRLF>
Content-Type: text/plain<CRLF>
<CRLF>
```

Let’s update our server to return such a response.

Begin by implementing a new function in your http_server.py script called response_ok.

It can be super-simple for now. We’ll improve it later.

It needs to return our minimal response from above:
```
HTTP/1.1 200 OK<CRLF>
Content-Type: text/plain<CRLF>
<CRLF>
```

**Remember, `<CRLF>` is a placeholder for the \r\n character sequence.**

```
def response_ok():
    """returns a basic HTTP response"""
    
    response = b"\r\n".join([
        b"HTTP/1.1 200 OK",
        b"Content-Type: text/plain",
        b"",
        b"this is a pretty minimal response"
    ])
    
    return response
```

Did you remember that sockets only accept bytes?

We’ve now implemented a function that is tested by our tests. Let’s run them again:

```
$ python tests.py
[...]
----------------------------------------------------------------------
Ran 10 tests in 0.002s

FAILED (failures=3, errors=3)
```

Great! We've now get 4 tests that pass. Good woork!

Next, we need to rebuild the server loop from our echo server for its new purpose as a web server:

It should now wait for an incoming request to be *finished*, then send a response back to the client.

The response it sends can be the result of calling our new `response_ok` function for now.

We could also bump up the `recv` buffer size to something more reasonable for HTTP traffic, say 1024.

```
# ...
try:
    while True:
        print('waiting for a connection', file=log_buffer)
        conn, addr = sock.accept()  # blocking
        try:
            print('connection - {0}:{1}'.format(*addr), file=log_buffer)
            while True:
                data = conn.recv(1024)
                if len(data) < 1024:
                    break
            print('sending response', file=log_buffer)
            response = response_ok()
            conn.sendall(response)
        finally:
            conn.close()
# ...
```

Once you've got that set, restart your server (`Ctrl-C`, and then `python http_server.py`)

Then you can re-run your tests:
```
$ python tests.py
[...]
----------------------------------------------------------------------
Ran 10 tests in 0.003s

FAILED (failures=2, errors=3)
```

Five tests now pass!

### Step 2: Handling HTTP Methods

Every HTTP request must begin with a single line, broken by whitespace into three parts:

`GET /path/to/index.html HTTP/1.1`

The three parts are the *method*, the *URI*, and the *protocol*

Let’s look at each in turn.

**GET** /path/to/index.html HTTP/1.1

  * Every HTTP request must start with a method
  * There are four main HTTP methods:
    * GET
    * POST
    * PUT
    * DELETE
  * There are others, notably HEAD, but you won’t see them too much

These four methods are mapped to the four basic steps (CRUD) of persistent storage:

  * POST = Create
  * GET = Read
  * PUT = Update
  * DELETE = Delete

HTTP methods can be categorized as **safe** or **unsafe**, based on whether they might change something on the server:

  * Safe HTTP Methods
    * GET
  * Unsafe HTTP Methods
    * POST
    * PUT
    * DELETE

This is a *normative* distinction, which is to say **be careful**.

HTTP methods can be categorized as **idempotent**.

If a request is *idempotent*, then two, or three, or *n* of the same request in a row will have the same ultimate effect as just one of that request:

  * Idempotent HTTP Methods
    * GET
    * PUT
    * DELETE
  * Non-Idempotent HTTP Methods
    * POST
    
Again this distinction is *normative*. The server developer is responsible for ensuring that it is true.

Let’s keep things simple, our server will only respond to GET requests.

We need to create a function that parses a request and determines if we can respond to it: parse_request.

If the request method is not GET, our method should raise an error.

Remember, although a request is more than one line long, all we care about here is the first line.

Let’s keep things simple, our server will only respond to GET requests.

We need to create a function that parses a request and determines if we can respond to it: parse_request.

If the request method is not GET, our method should raise an error.

Remember, although a request is more than one line long, all we care about here is the first line.

```
def parse_request(request):
    first_line = request.split("\r\n", 1)[0]
    method, uri, protocol = first_line.split()
    if method != "GET":
        raise NotImplementedError("We only accept GET")
    print('request is okay', file=sys.stderr)
```

We’ll also need to update the server code. It should

  * save the request as it comes in
  * check the request using our new function
  * send an OK response if things go well
  
```
# ...
conn, addr = sock.accept() # blocking
try:
    print('connection - {0}:{1}'.format(*addr), file=log_buffer)
    request = ""
    while True:
        data = conn.recv(1024)
        request += data.decode('utf8')
        if len(data) < 1024 or not data:
            break

    parse_request(request)
    print('sending response', file=log_buffer)
    response = response_ok()
    conn.sendall(response)
finally:
    conn.close()
# ...
```

Quit and restart your server now that you’ve updated the code:
```
$ python http_server.py
```

At this point, we should have seven tests passing:
```
$ python tests.py
Ran 10 tests in 0.002s

FAILED (failures=1, errors=2)
```

The server quit during the tests, but an HTTP request from the browser should work fine now.

Restart the server and reload your browser. You should see your OK response.

We can use the `simple_client.py` script in our resources to test our error condition. In a second terminal window, run the script like so:

```
$ python simple_client.py "POST / HTTP/1.0\r\n\r\n"
```

This should cause the server to crash.

### Step 3: Error Responses

Okay, so the outcome there was pretty ugly. The client went off the rails, and our server has terminated as well.

<center><b>why?</b></center>

The HTTP protocol allows us to handle errors like this more gracefully.

Enter the Response Code

HTTP/1.1 <b>200 OK</b>

All HTTP responses must include a **response code** indicating the outcome of the request. The general classes of response codes are:

  * 1xx (HTTP 1.1 only) - Informational message
  * 2xx - Success of some kind
  * 3xx - Redirection of some kind
  * 4xx - Client Error of some kind
  * 5xx - Server Error of some kind

The text bit makes the code more human-readable.

There are certain HTTP response codes you are likely to see (and use) most often:

  * `200 OK` - Everything is good
  * `301 Moved Permanently` - You should update your link
  * `304 Not Modified` - You should load this from cache
  * `404 Not Found` - You’ve asked for something that doesn’t exist
  * `500 Internal Server Error` - Something bad happened
  
Do not be afraid to use other, less common codes in building good apps. There are a lot of them for a reason.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Luckily, there’s an error code that is tailor-made for this situation.

The client has made a request using a method we do not support

`405 Method Not Allowed`

Let’s add a new function that returns this error code. It should be called response_method_not_allowed

Remember, it must be a complete HTTP Response with the correct *code*
```
def response_method_not_allowed():
    """returns a 405 Method Not Allowed response"""
    
    response = b"\r\n".join([
        b"HTTP/1.1 405 Method Not Allowed",
        b"",
    ])
    
    return response
```

Again, we’ll need to update the server to handle this error condition correctly. It should

  * catch the exception raised by the `parse_request` function
  * create our new error response as a result
  * if no exception is raised, then create the OK response
  * return the generated response to the user
  
```
while True:
    data = conn.recv(1024)
    request += data.decode('utf8')
    if len(data) < 1024:
        break

try:
    parse_request(request)
except NotImplementedError:
    response = response_method_not_allowed()
else:
    response = response_ok()

print('sending response', file=log_buffer)
conn.sendall(response)
# ...
```

Start your server (or restart it if it's still going!). Then run the tests again:

```
$ python tests.py
[...]
Ran 10 tests in 0.002s

OK
```

Wahoo! All our tests are passing. This means we are done writing code...for now!

### Step 4: Serving Resources

We’ve got a very simple server that accepts a request and sends a response. But what happens if we make a different request?

In your web browser, enter the following URL:

```
http://localhost:10000/page
```

What happened? What happens if you use this URL:?

```
http://localhost:10000/section/page?
```

We expect different urls to result in different responses.

Each separate path provided should map to a resource

But this isn’t happening with our server, for obvious reasons.

It brings us back to the second element of that first line of an HTTP request.

#### The Return of the URI

GET **/path/to/index.html** HTTP/1.1

  * Every HTTP request must include a URI used to determine the resource to be returned
  * URI?? http://stackoverflow.com/questions/176264/whats-the-difference-between-a-uri-and-a-url/1984225#1984225
  * Resource? Files (html, img, .js, .css), but also:
    * Dynamic scripts
    * Raw data
    * API endpoints
Our parse_request method actually already finds the uri in the first line of a request

All we need to do is update the method so that it returns that uri

Then we can use it.
```
def parse_request(request):
    first_line = request.split("\r\n", 1)[0]
    method, uri, protocol = first_line.split()
    if method != "GET":
        raise NotImplementedError("We only accept GET")
    print >>sys.stderr, 'request is okay'
    # add the following line:
    return uri
```
Now we can update our server code so that it uses the return value of parse_request.

That’s a pretty simple change:
```
try:
    uri = parse_request(request)  # update this line
except NotImplementedError:
    response = response_method_not_allowed()
else:
    # and modify this block
    try:
        content, mime_type = resolve_uri(url)
    except NameError:
        response = response_not_found()
    else:
        response = response_ok(content, mime_type)
```