[racket] Help needed in writing Macro to transform (lambda (req) ....) to be used in web-server/servlet using auth cookies

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Sat Jun 25 01:23:31 EDT 2011

I find it more convenient to setup a dispatcher outside the servlet
that checks for the authenticator, that way once it has passed that
part of the dispatch chain, security can be relied upon. Something
like...

(serve/launch/wait
 (sequence:make
  (lift:make (lambda (req) (if (or (unsecured-url? req)
(authenticated? req)) (next-dispatcher) (display-error/login-page))))
  (dispatch/servlet ...)))

Then the servlet code can basically ignore the authenticator.

Jay

2011/6/24 J G Cho <gcho at fundingmatters.com>:
> Hello again,
>
> I am guessing my problem calls for macro (which is "beyond my pay
> scale") and I am hoping this is the right place.
>
> Anyway, after reading this
> http://docs.racket-lang.org/web-server/faq.html#(part._.What_special_considerations_are_there_for_security_with_the_.Web_.Server_)
>
> I am led to believe that I will be writing lots of code like this:
>
> (define (some-sensitive-content req)
>
>   (if (user-is-legit req) ;check auth cookie
>      (...what have you ...)
>      (do-login-and-then-maybe-handle req)))
>
> So here is my first attemp at macro which sorta works:
>
> (define-syntax (guarded-handler stx)
>  (syntax-case stx ()
>    [(_ name body)
>     #'(begin (define (name req)
>                (if (user-is-legit req)
>                    body
>                    (ask-login req))))]))
>
> (guarded-handler gated-content
>                 (response/xexpr
>                  `(html (head (title "Gated Content"))
>                         (body (p "Shhhhhhh")
>                               (p
>                                (a ([href "/logout "])
>                                   "Done"))))))
>
> What I would really like, however, is
>
> (guard (lambda (req) ...)) to transformed to:
>
> (lambda (req)
>   (if (user-is-legit req)
>      (...what have you ...)
>      (do-login-and-then-maybe-handle  req)))
>
> such that I can use it like:
>
> (define (count-dot-com i)
>  (count-dot-com
>  (send/suspend/dispatch
>   (λ (embed/url)
>     (response/xexpr
>      `(html
>        (head (title "Count!"))
>        (body (h2 (a ([href ,(embed/url
>                              (guard (λ (req)
>                                (sub1 i))))])
>                     "-"))
> ...
>
> (define (count-dot-com i)
>  (send/suspend/dispatch
>   (λ (embed/url)
>     (response/xexpr
>      `(html
>        (head (title "Count!"))
>        (body (h2 (a ([href ,(embed/url
>
>                              (guard (λ (req)
>                                (count-dot-com (sub1 i))))])
>                     "-")
> ...
>
> in addition to the first case like this:
>
> (define gated-content
>  (guard (lambda (req) ...))
>
> Seems simple enough but my naive macros (not shown here to protect my
> fragile ego) are failing.
> Any help/suggestion is greatly appreciated.
>
> jGc
>
> _________________________________________________
>  For list-related administrative tasks:
>  http://lists.racket-lang.org/listinfo/users



-- 
Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University
http://faculty.cs.byu.edu/~jay

"The glory of God is Intelligence" - D&C 93



Posted on the users mailing list.