Next: Introduction, Previous: (dir), Up: (dir) [Contents][Index]
This is the hunchentools Reference Manual, version 1.0.0, generated automatically by Declt version 4.0 beta 2 "William Riker" on Mon Aug 15 04:50:56 2022 GMT+0.
Next: Systems, Previous: The hunchentools Reference Manual, Up: The hunchentools Reference Manual [Contents][Index]
Hunchentools is a utility library for the Hunchentoot web server. Hunchentools provides functions for creating dispatchers, aborting handlers, escaping strings, hardening session cookies, managing session users, and managing session CSRF tokens.
Hunchentools depends on Hunchentoot, Alexandria, CL-PPCRE, and Ironclad. Hunchentools is being developed with SBCL, CCL, and LispWorks on OS X. Hunchentools is being deployed with SBCL on Linux/AMD64.
(ql:quickload "hunchentools")
(hunchentoot:define-easy-handler (handle-login :uri "/login")
((username :parameter-type 'parse-username :request-type :post)
(password :parameter-type 'parse-password :request-type :post))
(hunchentoot:start-session)
(hunchentools:harden-session-cookie)
(setf (hunchentoot:content-type*) "text/html; charset=utf-8")
(case (hunchentoot:request-method*)
(:get
(with-output-to-string (stream)
(render-login-page "Login" stream)))
(:post
(if (or (null username)
(null password)
(string/= username "root")
(string/= password "foobar"))
(with-output-to-string (stream)
(render-login-page "Bad username and/or password." stream))
(progn
(setf (hunchentools:session-user) username)
(hunchentoot:redirect "/guess"))))))
(defun render-guess-page (csrf-token message
&optional (stream *standard-output*))
(with-html-page (stream)
(:div
(:p (cl-who:esc message))
(:form :action "/guess" :method "post"
(:input :type "hidden" :name "csrf-token"
:value (hunchentools:escape-string-custom
csrf-token
(constantly t)
#'write-char))
(:input :type "text" :name "guess" :value "")
(:input :type "submit" :value "Scan"))
(:p (:a :href "/logout" "Logout")))))
(hunchentoot:define-easy-handler (handle-guess :uri "/guess")
((guess :parameter-type 'parse-guess :request-type :post))
(hunchentoot:start-session)
(hunchentools:harden-session-cookie)
(setf (hunchentoot:content-type*) "text/html; charset=utf-8")
(hunchentools:require-session-user "/logout")
(case (hunchentoot:request-method*)
(:get
(with-output-to-string (stream)
(render-guess-page (hunchentools:session-csrf-token)
"Guess a number."
stream)))
(:post
(hunchentools:require-session-csrf-token :post)
(when (null guess)
(hunchentools:abort-with-bad-request))
(if (= guess 42)
(hunchentoot:redirect "/guess")
(with-output-to-string (stream)
(render-guess-page (hunchentools:session-csrf-token)
"Nope. Guess again."
stream))))))
(defun handle-logout ()
(hunchentoot:start-session)
(hunchentools:harden-session-cookie)
(hunchentools:delete-session-user)
(hunchentoot:redirect "/login"))
(eval-when (:compile-toplevel :load-toplevel :execute)
(push (hunchentools:create-uri-methods-dispatcher
"/logout"
:get
'handle-logout)
hunchentoot:*dispatch-table*))
Hunchentools is distributed under the MIT license. See LICENSE.
Next: Files, Previous: Introduction, Up: The hunchentools Reference Manual [Contents][Index]
The main system appears first, followed by any subsystem dependency.
Hunchentoot utility library
Michael J. Forster <mike@forsterfamily.ca>
MIT
1.0.0
Next: Packages, Previous: Systems, Up: The hunchentools Reference Manual [Contents][Index]
Files are sorted by type and then listed depth-first from the systems components trees.
Next: hunchentools/package.lisp, Previous: Lisp, Up: Lisp [Contents][Index]
hunchentools (system).
Next: hunchentools/abort.lisp, Previous: hunchentools/hunchentools.asd, Up: Lisp [Contents][Index]
hunchentools (system).
Next: hunchentools/dispatcher.lisp, Previous: hunchentools/package.lisp, Up: Lisp [Contents][Index]
package.lisp (file).
hunchentools (system).
Next: hunchentools/string-escaping.lisp, Previous: hunchentools/abort.lisp, Up: Lisp [Contents][Index]
package.lisp (file).
hunchentools (system).
Next: hunchentools/session-cookie.lisp, Previous: hunchentools/dispatcher.lisp, Up: Lisp [Contents][Index]
package.lisp (file).
hunchentools (system).
Next: hunchentools/session-user.lisp, Previous: hunchentools/string-escaping.lisp, Up: Lisp [Contents][Index]
package.lisp (file).
hunchentools (system).
harden-session-cookie (function).
Next: hunchentools/session-csrf-token.lisp, Previous: hunchentools/session-cookie.lisp, Up: Lisp [Contents][Index]
package.lisp (file).
hunchentools (system).
Previous: hunchentools/session-user.lisp, Up: Lisp [Contents][Index]
package.lisp (file).
hunchentools (system).
Next: Definitions, Previous: Files, Up: The hunchentools Reference Manual [Contents][Index]
Packages are listed by definition order.
common-lisp.
Next: Indexes, Previous: Packages, Up: The hunchentools Reference Manual [Contents][Index]
Definitions are sorted by export status, category, package, and then by lexicographic order.
Next: Internals, Previous: Definitions, Up: Definitions [Contents][Index]
Previous: Public Interface, Up: Public Interface [Contents][Index]
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-BAD-REQUEST+.
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-FORBIDDEN+.
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-INTERNAL-SERVER-ERROR+.
Abort handling of the request as if the handler had returned HUNCHENTOOT:+HTTP-NOT-FOUND+.
Abort handling of the request as if the handler had returned RETURN-CODE.
Return a request dispatch function which will dispatch to the function denoted by HANDLER if the file name of the current request starts with the string PREFIX and the method of the current request is a member of the list denoted by METHODS. The dispatch function will return NIL if there is no match.
Return a request dispatch function which will dispatch to the function denoted by HANDLER if the file name of the current request matches the CL-PPCRE regular expression REGEX and the method of the current request is a member of the list denoted by METHODS. The dispatch function will return NIL if there is no match.
Return a request dispatch function which will dispatch to the function denoted by HANDLER if the file name of the current request matches the string URI and the method of the current request is a member of the list denoted by METHODS. The dispatch function will return NIL if there is no match.
Remove the CSRF token, if any, from the session.
Remove the user, if any, from the session.
Given a string STRING, return a new string, encoding with the
function denoted by ESCAPE-WRITE-FUNCTION every character for which the
function denoted by TEST returns true.
Use this in place of CL-WHO:ESCAPE-STRING where custom encoding is required.
Given a string STRING, return a new string, escaping all ASCII values less than 256 with the xHH format and those greater than or equal to 256 with the uHHHH format.
Set the HTTP-ONLY and secure flags of the outgoing cookie named NAME and set it to expire with the session. NAME defaults to "hunchentoot-session".
Abort handling the request, log a warning message, and remove any
session CSRF token if the request of type denoted by REQUEST-TYPE does
not provide a value for the parameter NAME, if the provided value does
not match the session CSRF token, or if the session CSRF token has not
been set. Othewise, do nothing. REQUEST-TYPE can be one
of :GET, :POST, :PUT, or :DELETE. NAME defaults to "csrf-token".
Log a warning message and redirect if no user is set for the session. Otherwise, do nothing. REDIRECT-ARGS are used as keyword arguments to HUNCHENTOOT:REDIRECT.
Return the current CSRF token set for the session or a new token if one has not been set. If the session does not exist, return NIL.
Return the user set for the session. Return NIL if the session does
not exist or if no user has been set.
SETF of SESSION-USER can be used to set a new user for the session. If the session does not exist then one is created. Signal a correctable error of type TYPE-ERROR if SETF of SESSION-USER is called with a NIL value for user.
Previous: Public Interface, Up: Definitions [Contents][Index]
Next: Ordinary functions, Previous: Internals, Up: Internals [Contents][Index]
Previous: Definitions, Up: The hunchentools Reference Manual [Contents][Index]
| Jump to: | (
A C D E F H N R S |
|---|
| Jump to: | (
A C D E F H N R S |
|---|
Next: Data types, Previous: Functions, Up: Indexes [Contents][Index]
| Jump to: | *
S |
|---|
| Jump to: | *
S |
|---|
| Jump to: | A D F H P S |
|---|
| Jump to: | A D F H P S |
|---|