| From: Jay McCarthy (jay.mccarthy at gmail.com) Date: Sat Jun 25 13:10:06 EDT 2011 |
|
The Web server is set up as a pipeline of "dispatchers", which are functions that accept the TCP connection and the HTTP request and either write a response or refuse to handle the request. This chapter of the documentation: http://docs.racket-lang.org/web-server-internal/dispatchers.html discusses all the dispatchers that make up the standard server. They can be combined very easily to customize the server to do exactly what you want. Launching a server with your custom dispatcher is as easy as using serve/servlet or web-server/insta: http://docs.racket-lang.org/web-server-internal/web-server.html Jay 2011/6/25 J G Cho <gcho at fundingmatters.com>: > Seems like an elegant approach but.... "dispatcher outside the > servlet" goes over my head like an UFO over a crop duster. > > I guess I will have to dig deeper into how the server is put together. > > On Sat, Jun 25, 2011 at 1:23 AM, Jay McCarthy <jay.mccarthy at gmail.com> wrote: >> I find it more convenient to setup a dispatcher outside the servlet >> that checks for the authenticator, that way once it has passed that >> part of the dispatch chain, security can be relied upon. Something >> like... >> >> (serve/launch/wait >> (sequence:make >> (lift:make (lambda (req) (if (or (unsecured-url? req) >> (authenticated? req)) (next-dispatcher) (display-error/login-page)))) >> (dispatch/servlet ...))) >> >> Then the servlet code can basically ignore the authenticator. >> >> Jay >> >> 2011/6/24 J G Cho <gcho at fundingmatters.com>: >>> Hello again, >>> >>> I am guessing my problem calls for macro (which is "beyond my pay >>> scale") and I am hoping this is the right place. >>> >>> Anyway, after reading this >>> http://docs.racket-lang.org/web-server/faq.html#(part._.What_special_considerations_are_there_for_security_with_the_.Web_.Server_) >>> >>> I am led to believe that I will be writing lots of code like this: >>> >>> (define (some-sensitive-content req) >>> >>> (if (user-is-legit req) ;check auth cookie >>> (...what have you ...) >>> (do-login-and-then-maybe-handle req))) >>> >>> So here is my first attemp at macro which sorta works: >>> >>> (define-syntax (guarded-handler stx) >>> (syntax-case stx () >>> [(_ name body) >>> #'(begin (define (name req) >>> (if (user-is-legit req) >>> body >>> (ask-login req))))])) >>> >>> (guarded-handler gated-content >>> (response/xexpr >>> `(html (head (title "Gated Content")) >>> (body (p "Shhhhhhh") >>> (p >>> (a ([href "/logout "]) >>> "Done")))))) >>> >>> What I would really like, however, is >>> >>> (guard (lambda (req) ...)) to transformed to: >>> >>> (lambda (req) >>> (if (user-is-legit req) >>> (...what have you ...) >>> (do-login-and-then-maybe-handle req))) >>> >>> such that I can use it like: >>> >>> (define (count-dot-com i) >>> (count-dot-com >>> (send/suspend/dispatch >>> (λ (embed/url) >>> (response/xexpr >>> `(html >>> (head (title "Count!")) >>> (body (h2 (a ([href ,(embed/url >>> (guard (λ (req) >>> (sub1 i))))]) >>> "-")) >>> ... >>> >>> (define (count-dot-com i) >>> (send/suspend/dispatch >>> (λ (embed/url) >>> (response/xexpr >>> `(html >>> (head (title "Count!")) >>> (body (h2 (a ([href ,(embed/url >>> >>> (guard (λ (req) >>> (count-dot-com (sub1 i))))]) >>> "-") >>> ... >>> >>> in addition to the first case like this: >>> >>> (define gated-content >>> (guard (lambda (req) ...)) >>> >>> Seems simple enough but my naive macros (not shown here to protect my >>> fragile ego) are failing. >>> Any help/suggestion is greatly appreciated. >>> >>> jGc >>> >>> _________________________________________________ >>> For list-related administrative tasks: >>> http://lists.racket-lang.org/listinfo/users >> >> >> >> -- >> Jay McCarthy <jay at cs.byu.edu> >> Assistant Professor / Brigham Young University >> http://faculty.cs.byu.edu/~jay >> >> "The glory of God is Intelligence" - D&C 93 >> > -- Jay McCarthy <jay at cs.byu.edu> Assistant Professor / Brigham Young University http://faculty.cs.byu.edu/~jay "The glory of God is Intelligence" - D&C 93
![[logo]](/logo.png){kind=logo}