[racket] Stateless Web Server: Generating a response on a stuffer error

From: Galler (lzgaller at optonline.net)
Date: Mon Apr 23 17:35:46 EDT 2012

Description:

the stateless webserver allows a user to generate a stuffer to 
manipulate the encoding of the ANF sent to the client in the URL

For example

(stuffer-chain serialize-stuffer (stuffer-compose base64-stuffer 
(HMAC-SHA1-stuffer #"mysupersecretkey")))

will prepend a digest to the base64-encoded ANF, and recompute and 
authenticate the digest on receipt.

If either the encoded ANF, or the digest has been altered (i.e. forged) 
by the client, the stuffer correctly throws an error, which is caught by 
the webserver, which sends the following response back to the client:

<some html>
Exception

The application raised an exception with the message:

HMAC-SHA1-stuffer: Signature does not match!

</some html>

Question:

While the behavior is absolutely correct, is there someplace to set a 
response if an error occurs with the stuffer? Is the error caught at the 
top-level of the dispatching server and not available for customization?

If the answer is the latter, its ***not*** critical and probably not 
important to implement.

Example code: Once running, alter the url in your browser in any manner 
(character addition, deletion, substitution) to generate the expected 
error.

#lang web-server


(require web-server/stuffers)
(provide/contract (start (request? . -> . response?)))

(define (start request)
   (phase-1 request))

; phase-1: request -> response
(define (phase-1 request)
   (local [(define (response-generator embed/url)
             (response/xexpr
              `(html
                (body (h1 "Phase 1")
                      (a ((href ,(embed/url phase-2)))
                         "click me!")))))]
     (send/suspend/dispatch response-generator)))

; phase-2: request -> response
(define (phase-2 request)
   (display (request-bindings/raw request))
   (local [(define (response-generator embed/url)
             (response/xexpr
              `(html
                (body (h1 "Phase 2")
                      (a ((href ,(embed/url phase-1)))
                         "click me!")))))]
     (send/suspend/dispatch response-generator)))


(require web-server/servlet-env)
(serve/servlet start
               #:stateless? #t
               #:launch-browser? #t
               #:connection-close? #t
               #:stuffer (stuffer-chain serialize-stuffer 
(stuffer-compose base64-stuffer (HMAC-SHA1-stuffer 
#"mysupersecretkey")))
               #:quit? #f
               #:listen-ip #f
                #:servlet-path "/")

Posted on the users mailing list.