Next: Introduction, Previous: (dir), Up: (dir) [Contents][Index]
This is the hunchentools Reference Manual, version 1.0.0, generated automatically by Declt version 3.0 "Montgomery Scott" on Fri Jun 26 11:19:59 2020 GMT+0.
| • Introduction | What hunchentools is all about | |
| • Systems | The systems documentation | |
| • Files | The files documentation | |
| • Packages | The packages documentation | |
| • Definitions | The symbols documentation | |
| • Indexes | Concepts, functions, variables and data types |
Hunchentools is a utility library for the Hunchentoot web server. Hunchentools provides functions for creating dispatchers, aborting handlers, escaping strings, hardening session cookies, managing session users, and managing session CSRF tokens.
Hunchentools depends on Hunchentoot, Alexandria, CL-PPCRE, and Ironclad. Hunchentools is being developed with SBCL, CCL, and LispWorks on OS X. Hunchentools is being deployed with SBCL on Linux/AMD64.
(ql:quickload "hunchentools")
(hunchentoot:define-easy-handler (handle-login :uri "/login")
((username :parameter-type 'parse-username :request-type :post)
(password :parameter-type 'parse-password :request-type :post))
(hunchentoot:start-session)
(hunchentools:harden-session-cookie)
(setf (hunchentoot:content-type*) "text/html; charset=utf-8")
(case (hunchentoot:request-method*)
(:get
(with-output-to-string (stream)
(render-login-page "Login" stream)))
(:post
(if (or (null username)
(null password)
(string/= username "root")
(string/= password "foobar"))
(with-output-to-string (stream)
(render-login-page "Bad username and/or password." stream))
(progn
(setf (hunchentools:session-user) username)
(hunchentoot:redirect "/guess"))))))
(defun render-guess-page (csrf-token message
&optional (stream *standard-output*))
(with-html-page (stream)
(:div
(:p (cl-who:esc message))
(:form :action "/guess" :method "post"
(:input :type "hidden" :name "csrf-token"
:value (hunchentools:escape-string-custom
csrf-token
(constantly t)
#'write-char))
(:input :type "text" :name "guess" :value "")
(:input :type "submit" :value "Scan"))
(:p (:a :href "/logout" "Logout")))))
(hunchentoot:define-easy-handler (handle-guess :uri "/guess")
((guess :parameter-type 'parse-guess :request-type :post))
(hunchentoot:start-session)
(hunchentools:harden-session-cookie)
(setf (hunchentoot:content-type*) "text/html; charset=utf-8")
(hunchentools:require-session-user "/logout")
(case (hunchentoot:request-method*)
(:get
(with-output-to-string (stream)
(render-guess-page (hunchentools:session-csrf-token)
"Guess a number."
stream)))
(:post
(hunchentools:require-session-csrf-token :post)
(when (null guess)
(hunchentools:abort-with-bad-request))
(if (= guess 42)
(hunchentoot:redirect "/guess")
(with-output-to-string (stream)
(render-guess-page (hunchentools:session-csrf-token)
"Nope. Guess again."
stream))))))
(defun handle-logout ()
(hunchentoot:start-session)
(hunchentools:harden-session-cookie)
(hunchentools:delete-session-user)
(hunchentoot:redirect "/login"))
(eval-when (:compile-toplevel :load-toplevel :execute)
(push (hunchentools:create-uri-methods-dispatcher
"/logout"
:get
'handle-logout)
hunchentoot:*dispatch-table*))
Hunchentools is distributed under the MIT license. See LICENSE.
Next: Files, Previous: Introduction, Up: Top [Contents][Index]
The main system appears first, followed by any subsystem dependency.
| • The hunchentools system |
Michael J. Forster <mike@forsterfamily.ca>
MIT
Hunchentoot utility library
1.0.0
hunchentools.asd (file)
Files are sorted by type and then listed depth-first from the systems components trees.
| • Lisp files |
Next: The hunchentools/package․lisp file, Previous: Lisp files, Up: Lisp files [Contents][Index]
hunchentools.asd
hunchentools (system)
Next: The hunchentools/abort․lisp file, Previous: The hunchentools․asd file, Up: Lisp files [Contents][Index]
hunchentools (system)
package.lisp
Next: The hunchentools/dispatcher․lisp file, Previous: The hunchentools/package․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
hunchentools (system)
abort.lisp
Next: The hunchentools/string-escaping․lisp file, Previous: The hunchentools/abort․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
hunchentools (system)
dispatcher.lisp
Next: The hunchentools/session-cookie․lisp file, Previous: The hunchentools/dispatcher․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
hunchentools (system)
string-escaping.lisp
Next: The hunchentools/session-user․lisp file, Previous: The hunchentools/string-escaping․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
hunchentools (system)
session-cookie.lisp
harden-session-cookie (function)
Next: The hunchentools/session-csrf-token․lisp file, Previous: The hunchentools/session-cookie․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
hunchentools (system)
session-user.lisp
Previous: The hunchentools/session-user․lisp file, Up: Lisp files [Contents][Index]
package.lisp (file)
hunchentools (system)
session-csrf-token.lisp
Next: Definitions, Previous: Files, Up: Top [Contents][Index]
Packages are listed by definition order.
| • The hunchentools package |
package.lisp (file)
common-lisp
Definitions are sorted by export status, category, package, and then by lexicographic order.
| • Exported definitions | ||
| • Internal definitions |
Next: Internal definitions, Previous: Definitions, Up: Definitions [Contents][Index]
| • Exported functions |
Previous: Exported definitions, Up: Exported definitions [Contents][Index]
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-BAD-REQUEST+.
abort.lisp (file)
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-FORBIDDEN+.
abort.lisp (file)
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-INTERNAL-SERVER-ERROR+.
abort.lisp (file)
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-NOT-FOUND+.
abort.lisp (file)
Abort handling of the request as if the handler had returned RETURN-CODE.
abort.lisp (file)
Return a request dispatch function which will dispatch to the function denoted by HANDLER if the file name of the current request starts with the string PREFIX and the method of the current request is a member of the list denoted by METHODS. The dispatch function will return NIL if there is no match.
dispatcher.lisp (file)
Return a request dispatch function which will dispatch to the function denoted by HANDLER if the file name of the current request matches the CL-PPCRE regular expression REGEX and the method of the current request is a member of the list denoted by METHODS. The dispatch function will return NIL if there is no match.
dispatcher.lisp (file)
Return a request dispatch function which will dispatch to the function denoted by HANDLER if the file name of the current request matches the string URI and the method of the current request is a member of the list denoted by METHODS. The dispatch function will return NIL if there is no match.
dispatcher.lisp (file)
Remove the CSRF token, if any, from the session.
session-csrf-token.lisp (file)
Remove the user, if any, from the session.
session-user.lisp (file)
Given a string STRING, return a new string, encoding with the
function denoted by ESCAPE-WRITE-FUNCTION every character for which the
function denoted by TEST returns true.
Use this in place of CL-WHO:ESCAPE-STRING where custom encoding is required.
string-escaping.lisp (file)
Given a string STRING, return a new string, escaping all ASCII values less than 256 with the xHH format and those greater than or equal to 256 with the uHHHH format.
string-escaping.lisp (file)
Set the HTTP-ONLY and secure flags of the outgoing cookie named NAME and set it to expire with the session. NAME defaults to "hunchentoot-session".
session-cookie.lisp (file)
Abort handling the request, log a warning message, and remove any
session CSRF token if the request of type denoted by REQUEST-TYPE does
not provide a value for the parameter NAME, if the provided value does
not match the session CSRF token, or if the session CSRF token has not
been set. Othewise, do nothing. REQUEST-TYPE can be one
of :GET, :POST, :PUT, or :DELETE. NAME defaults to "csrf-token".
session-csrf-token.lisp (file)
Log a warning message and redirect if no user is set for the session. Otherwise, do nothing. REDIRECT-ARGS are used as keyword arguments to HUNCHENTOOT:REDIRECT.
session-user.lisp (file)
Return the current CSRF token set for the session or a new token if one has not been set. If the session does not exist, return NIL.
session-csrf-token.lisp (file)
Return the user set for the session. Return NIL if the session does
not exist or if no user has been set.
SETF of SESSION-USER can be used to set a new user for the session. If the session does not exist then one is created. Signal a correctable error of type TYPE-ERROR if SETF of SESSION-USER is called with a NIL value for user.
session-user.lisp (file)
(setf session-user) (function)
session-user.lisp (file)
session-user (function)
Previous: Exported definitions, Up: Definitions [Contents][Index]
| • Internal special variables | ||
| • Internal functions |
Next: Internal functions, Previous: Internal definitions, Up: Internal definitions [Contents][Index]
session-csrf-token.lisp (file)
session-csrf-token.lisp (file)
Previous: Internal special variables, Up: Internal definitions [Contents][Index]
session-csrf-token.lisp (file)
Return a random number (as a string) with base BASE and N digits.
session-csrf-token.lisp (file)
Previous: Definitions, Up: Top [Contents][Index]
| • Concept index | ||
| • Function index | ||
| • Variable index | ||
| • Data type index |
Next: Function index, Previous: Indexes, Up: Indexes [Contents][Index]
| Jump to: | F H L |
|---|
| Jump to: | F H L |
|---|
Next: Variable index, Previous: Concept index, Up: Indexes [Contents][Index]
| Jump to: | (
A C D E F H N R S |
|---|
| Jump to: | (
A C D E F H N R S |
|---|
Next: Data type index, Previous: Function index, Up: Indexes [Contents][Index]
| Jump to: | *
S |
|---|
| Jump to: | *
S |
|---|
Previous: Variable index, Up: Indexes [Contents][Index]
| Jump to: | H P S |
|---|
| Index Entry | Section | ||
|---|---|---|---|
| | |||
| H | |||
hunchentools: | The hunchentools system | ||
hunchentools: | The hunchentools package | ||
| | |||
| P | |||
Package, hunchentools: | The hunchentools package | ||
| | |||
| S | |||
System, hunchentools: | The hunchentools system | ||
| | |||
| Jump to: | H P S |
|---|