Add in support for static asset file serving

[mscosti]

A very common use case for a web server is to be able to respond with static asset (files). This is primarily so that if a web browser makes an http request to your webserver, you can respond with a .html file which contains markup for a user interface. This .html file may also include references to other files, namely .js or .css, for front end javascript code and styling.

A common way to achieve this in other frameworks is to specify a particular folder on the server's filesystem, and expose white listed parts or all of its contents. I.e, If a http request comes in and matches the relative path of a file in that folder, then send back an 200 with the contents of that file.

This means that you wouldn't have to manually add a particular route for every static asset you want to serve, and less boiler plate code to read and transmit the asset.

---

Using Flask as inspiration

Need at minimum

• WSGIApp class accepts a param called static_folder , that is the path to a folder on the local filesystem that should be served.
• WSGIApp class accepts a param called static_url_path, that is what the web app base path would be for serving files from static_folder. If not provided, default to serving with the same base path of static_folder
• expose a utility method for responding with a static folder that looks something like
  def send_from_directory(directory, filepath) -> return valid WSGI response, for situations where you need to respond with a file but need to do it from your own route handler (simple example, serve this OR that file depending on some dynamic criteria)
  • Like flask documents, only send_from_directory should be used if there is ANY client provided data being directly used, so that you do not permit read access to the entire filesystem; it must a filepath within a known directory.
  • Do not expose a 'send_file' method for above reason, easy to shoot yourself in the foot.

Questions

• Do we default to automatically serving a folder named static at path /static/ ?
  • Most frameworks do this, but its worth posing the question
• Do we need some blacklisting regex that we apply be default?
  • ex, disallow for serving .py or specifically secrets.py
  • How do you opt out?
• Do we allow for configurable white listing or default white listing?
  • ex. Only serve files in /static that are .html, .css, .js, photo types, etc ?
  • Might not be necessary, as /static/ is meant for purposefully adding files you want to serve, and would not usually have a file in there you do not want public.
  • Would need appropriate warning documentation that this is the case.

[dhalbert]

We now recommend using https://github.com/adafruit/Adafruit_CircuitPython_HTTPServer instead, and would like to discontinue supporting this library. Would that library meet your needs? I believe it already addresses what you requested here.