Commits

jbe/bsw  committed 944642a

New set_cookie functions; Added inline documentation; Make set_allowed_json_request_slots work in interactive shell

  • Participants
  • Parent commits 6441487

Comments (0)

Files changed (6)

File doc/autodoc-header.htmlpart

         color: #505050;
       }
     </style>
-    <title>WebMCP 1.0.8 Documentation</title>
+    <title>WebMCP 1.0.9 Documentation</title>
   </head>
   <body>
-    <h1>WebMCP 1.0.8 Documentation</h1>
+    <h1>WebMCP 1.0.9 Documentation</h1>
     <p>
       WebMCP is a completely new web development framework, and has not been extensively tested yet. The API might change at any time, but in future releases there will be a list of all changes, which break downward compatibility.
     </p>

File framework/cgi-bin/webmcp.lua

 #!/usr/bin/env lua
 
-_WEBMCP_VERSION = "1.0.8"
+_WEBMCP_VERSION = "1.0.9"
 
 -- include "../lib/" in search path for libraries
 do

File framework/env/request/get_absolute_baseurl.lua

+--[[--
+baseurl =
+request.get_absolute_baseurl()
+
+This function returns the absolute base URL of the application, as set by request.set_absolute_baseurl(...).
+
+--]]--
+
 function request.get_absolute_baseurl()
   if request._absolute_baseurl then
     return request._absolute_baseurl

File framework/env/request/set_allowed_json_request_slots.lua

 --]]--
 
 function request.set_allowed_json_request_slots(slot_idents)
-  local hash = {}
-  for idx, slot_ident in ipairs(slot_idents) do
-    hash[slot_ident] = true
-  end
-  if cgi.params["_webmcp_json_slots[]"] then
-    for idx, slot_ident in ipairs(cgi.params["_webmcp_json_slots[]"]) do
-      if not hash[slot_ident] then
-        error('Requesting slot "' .. slot_ident .. '" is forbidden.')
+  if cgi then  -- do nothing, when being in interactive mode
+    local hash = {}
+    for idx, slot_ident in ipairs(slot_idents) do
+      hash[slot_ident] = true
+    end
+    if cgi.params["_webmcp_json_slots[]"] then
+      for idx, slot_ident in ipairs(cgi.params["_webmcp_json_slots[]"]) do
+        if not hash[slot_ident] then
+          error('Requesting slot "' .. slot_ident .. '" is forbidden.')
+        end
       end
     end
+    request._json_requests_allowed = true
   end
-  request._json_requests_allowed = true
 end

File framework/env/request/set_cookie.lua

+--[[--
+request.set_cookie{
+  name   = name,     -- name of cookie
+  value  = value,    -- value of cookie
+  domain = domain,   -- optional domain domain where cookie is transmitted
+  path   = path,     -- optional path where cookie is transmitted, defaults to application base
+  secure = secure    -- optional boolean, indicating if cookie should only be transmitted over HTTPS
+}
+
+This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://".
+
+--]]--
+
+function request.set_cookie(args)
+  local path = args.path
+  if not path then
+    path = string.match(
+      request.get_absolute_baseurl(),
+      "://[^/]*(.*)"
+    )
+    if path == nil or path == "" then
+      path = "/"
+    end
+  end
+  local secure = args.secure
+  if secure == nil then
+    if string.find(
+      string.lower(request.get_absolute_baseurl()),
+      "^https://"
+    ) then
+      secure = true
+    else
+      secure = false
+    end
+  end
+  cgi.set_cookie{
+    name   = args.name,
+    value  = args.value,
+    domain = args.domain,
+    path   = path,
+    secure = secure
+  }
+end

File libraries/rocketcgi/rocketcgi.lua

 
 data_sent = false
 
+--[[--
+rocketcgi.add_header(
+  string_part1,        -- string
+  string_part2,        -- optional second part of string to be concatted
+  ...
+)
+
+Sends a header line to the browser. Multiple arguments are concatted to form a single string.
+
+--]]--
 function add_header(...)
   if data_sent then
     error("Can not add header after data has been sent.", 2)
   io.stdout:write(...)
   io.stdout:write("\r\n")
 end
+--//--
 
+--[[--
+rocketcgi.send_data(
+  string_part1,       -- string
+  string_part2,       -- optional second part of string to be concatted
+  ...
+)
+
+Sends document data to the browser. Multiple arguments are concatted to form a single string.
+
+--]]--
 function send_data(...)
   if not data_sent then
     io.stdout:write("\r\n")
   end
   io.stdout:write(...)
 end
+--//--
 
+--[[--
+rocketcgi.set_status(
+  status               -- Status code and description, e.g. "404 Not Found"
+)
+
+Sends a header line to the browser, indicating a given HTTP status.
+
+--]]--
 function set_status(status)
   add_header("Status: ", status)
 end
+--//--
 
+--[[--
+rocketcgi.redirect(
+  status             -- Absolute URL to redirect the browser to
+)
+
+Redirects the browser to the given absolute URL, using a 303 Redirect.
+
+--]]--
 function redirect(location)
   set_status("303 See Other")
   add_header("Location: ", location)
 end
+--//--
 
+--[[--
+rocketcgi.set_status(
+  status               -- Status code and description, e.g. "404 Not Found"
+)
+
+Sends a header line specifying the content-type to the browser.
+
+--]]--
 function set_content_type(content_type)
   add_header("Content-Type: ", content_type)
 end
+--//--
+
+--[[--
+rocketcgi.set_cookie{
+  name   = name,       -- name of cookie
+  value  = value,      -- value of cookie
+  domain = domain,     -- domain where cookie is transmitted
+  path   = path,       -- path where cookie is transmitted
+  secure = secure      -- boolean, indicating if cookie should only be transmitted over HTTPS
+}
+
+Sends a header line setting a cookie. NOTE: Currently only session cookies are supported.
+
+--]]--
+function set_cookie(args)
+  assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")
+  assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")
+  local parts = {"Set-Cookie: " .. args.name .. "=" .. args.value}
+  if args.domain then
+    assert(
+      string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
+      "Illegal cookie domain"
+    )
+    parts[#parts+1] = "domain=" .. args.domain
+  end
+  if args.path then
+    assert(
+      string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
+      "Illegal cookie path"
+    )
+    parts[#parts+1] = "path=" .. args.path
+  end
+  if args.secure then
+    parts[#parts+1] = "secure"
+  end
+  add_header(table.concat(parts, "; "))
+end
+--//--
 
 method = os.getenv("REQUEST_METHOD") or false
 query = os.getenv("QUERY_STRING") or false