From: J G Cho (gcho at fundingmatters.com) Date: Sat Jun 25 12:55:14 EDT 2011 |
|
Seems like an elegant approach but.... "dispatcher outside the servlet" goes over my head like an UFO over a crop duster. I guess I will have to dig deeper into how the server is put together. On Sat, Jun 25, 2011 at 1:23 AM, Jay McCarthy <jay.mccarthy at gmail.com> wrote: > I find it more convenient to setup a dispatcher outside the servlet > that checks for the authenticator, that way once it has passed that > part of the dispatch chain, security can be relied upon. Something > like... > > (serve/launch/wait > (sequence:make > (lift:make (lambda (req) (if (or (unsecured-url? req) > (authenticated? req)) (next-dispatcher) (display-error/login-page)))) > (dispatch/servlet ...))) > > Then the servlet code can basically ignore the authenticator. > > Jay > > 2011/6/24 J G Cho <gcho at fundingmatters.com>: >> Hello again, >> >> I am guessing my problem calls for macro (which is "beyond my pay >> scale") and I am hoping this is the right place. >> >> Anyway, after reading this >> http://docs.racket-lang.org/web-server/faq.html#(part._.What_special_considerations_are_there_for_security_with_the_.Web_.Server_) >> >> I am led to believe that I will be writing lots of code like this: >> >> (define (some-sensitive-content req) >> >> (if (user-is-legit req) ;check auth cookie >> (...what have you ...) >> (do-login-and-then-maybe-handle req))) >> >> So here is my first attemp at macro which sorta works: >> >> (define-syntax (guarded-handler stx) >> (syntax-case stx () >> [(_ name body) >> #'(begin (define (name req) >> (if (user-is-legit req) >> body >> (ask-login req))))])) >> >> (guarded-handler gated-content >> (response/xexpr >> `(html (head (title "Gated Content")) >> (body (p "Shhhhhhh") >> (p >> (a ([href "/logout "]) >> "Done")))))) >> >> What I would really like, however, is >> >> (guard (lambda (req) ...)) to transformed to: >> >> (lambda (req) >> (if (user-is-legit req) >> (...what have you ...) >> (do-login-and-then-maybe-handle req))) >> >> such that I can use it like: >> >> (define (count-dot-com i) >> (count-dot-com >> (send/suspend/dispatch >> (λ (embed/url) >> (response/xexpr >> `(html >> (head (title "Count!")) >> (body (h2 (a ([href ,(embed/url >> (guard (λ (req) >> (sub1 i))))]) >> "-")) >> ... >> >> (define (count-dot-com i) >> (send/suspend/dispatch >> (λ (embed/url) >> (response/xexpr >> `(html >> (head (title "Count!")) >> (body (h2 (a ([href ,(embed/url >> >> (guard (λ (req) >> (count-dot-com (sub1 i))))]) >> "-") >> ... >> >> in addition to the first case like this: >> >> (define gated-content >> (guard (lambda (req) ...)) >> >> Seems simple enough but my naive macros (not shown here to protect my >> fragile ego) are failing. >> Any help/suggestion is greatly appreciated. >> >> jGc >> >> _________________________________________________ >> For list-related administrative tasks: >> http://lists.racket-lang.org/listinfo/users > > > > -- > Jay McCarthy <jay at cs.byu.edu> > Assistant Professor / Brigham Young University > http://faculty.cs.byu.edu/~jay > > "The glory of God is Intelligence" - D&C 93 >