From: Jay McCarthy (jay.mccarthy at gmail.com) Date: Sat Jun 25 01:23:31 EDT 2011 |
|
I find it more convenient to setup a dispatcher outside the servlet that checks for the authenticator, that way once it has passed that part of the dispatch chain, security can be relied upon. Something like... (serve/launch/wait (sequence:make (lift:make (lambda (req) (if (or (unsecured-url? req) (authenticated? req)) (next-dispatcher) (display-error/login-page)))) (dispatch/servlet ...))) Then the servlet code can basically ignore the authenticator. Jay 2011/6/24 J G Cho <gcho at fundingmatters.com>: > Hello again, > > I am guessing my problem calls for macro (which is "beyond my pay > scale") and I am hoping this is the right place. > > Anyway, after reading this > http://docs.racket-lang.org/web-server/faq.html#(part._.What_special_considerations_are_there_for_security_with_the_.Web_.Server_) > > I am led to believe that I will be writing lots of code like this: > > (define (some-sensitive-content req) > > (if (user-is-legit req) ;check auth cookie > (...what have you ...) > (do-login-and-then-maybe-handle req))) > > So here is my first attemp at macro which sorta works: > > (define-syntax (guarded-handler stx) > (syntax-case stx () > [(_ name body) > #'(begin (define (name req) > (if (user-is-legit req) > body > (ask-login req))))])) > > (guarded-handler gated-content > (response/xexpr > `(html (head (title "Gated Content")) > (body (p "Shhhhhhh") > (p > (a ([href "/logout "]) > "Done")))))) > > What I would really like, however, is > > (guard (lambda (req) ...)) to transformed to: > > (lambda (req) > (if (user-is-legit req) > (...what have you ...) > (do-login-and-then-maybe-handle req))) > > such that I can use it like: > > (define (count-dot-com i) > (count-dot-com > (send/suspend/dispatch > (λ (embed/url) > (response/xexpr > `(html > (head (title "Count!")) > (body (h2 (a ([href ,(embed/url > (guard (λ (req) > (sub1 i))))]) > "-")) > ... > > (define (count-dot-com i) > (send/suspend/dispatch > (λ (embed/url) > (response/xexpr > `(html > (head (title "Count!")) > (body (h2 (a ([href ,(embed/url > > (guard (λ (req) > (count-dot-com (sub1 i))))]) > "-") > ... > > in addition to the first case like this: > > (define gated-content > (guard (lambda (req) ...)) > > Seems simple enough but my naive macros (not shown here to protect my > fragile ego) are failing. > Any help/suggestion is greatly appreciated. > > jGc > > _________________________________________________ > For list-related administrative tasks: > http://lists.racket-lang.org/listinfo/users -- Jay McCarthy <jay at cs.byu.edu> Assistant Professor / Brigham Young University http://faculty.cs.byu.edu/~jay "The glory of God is Intelligence" - D&C 93