tbnl-devel January 2011

tbnl-devel@common-lisp.net

8 participants
9 discussions

[hunchentoot-devel] Hunchentoot sessions
by Sebastian Tennant 01 Feb '11

01 Feb '11

Hi all, I tried my hand at using sessions for the first time last year, and wrote the following notes in the process. ---8<------8<------8<------8<------8<------8<------8<------8<------8<--- ;;; Hunchentoot sessions are one-to-one associations between in-memory CLOS ;;; objects and the (unique) value of any incoming session cookie (a cookie ;;; with a particular name). In short, whenever there's an incoming session ;;; cookie, if there's a corresponding in-memory CLOS object then a session is ;;; taking place and *SESSION* is automatically bound to the CLOS object. ;;; Ending a session is therefore simply a case of deleting the in-memory CLOS ;;; object, and starting a session is a case of arranging for a new session ;;; cookie to be dispatched and creating a corresponding CLOS object. ;;; Nothing is sent over HTTP until the execution of a handler is complete, ;;; including cookies. Imagine for a moment that you want to end the current ;;; session and start a new one. Somewhere near the beginning of your handler ;;; you delete the CLOS object that represents the current session, arrange ;;; for a new cookie to be dispatched and create a new matching CLOS object. ;;; You then begin filling the new CLOS object with data until there comes a ;;; point when you decide you want to perform a redirect, thus aborting the ;;; execution of your handler before it's complete. ;;; How should hunchentoot handle this situation? If you perform the redirect ;;; the new cookie will never be sent and the data in your CLOS object is ;;; effectively lost. Should hunchentoot somehow arrange for the same cookie ;;; to be sent with the next reply? Should it refuse to perform the redirect? ;;; Hunchentoot's answer is to avoid this situation altogether by not adding ;;; CLOS objects to the session database until their corresponding cookies ;;; have actually been sent. In practice this means that you can't delete the ;;; current session and create a new one within the lifetime of a single ;;; handler. ---8<------8<------8<------8<------8<------8<------8<------8<------8<--- Are they accurate? I'm not at all sure about the last three paragraphs. Seb -- Emacs' AlsaPlayer - Music Without Jolts Lightweight, full-featured and mindful of your idyllic happiness. http://home.gna.org/eap

3 3

[hunchentoot-devel] timeout errors
by Andrea Chiumenti 31 Jan '11

31 Jan '11

Hello, I'm using hunchentoot v 1.1.1 and after serving each request I always have errors like this one: [2011-01-31 10:39:13 [ERROR]] Error while processing connection: I/O timeout while doing input on #<SB-SYS:FD-STREAM for "socket 127.0.0.1:4242, peer: 127.0.0.1:45423" {100396FEC1}>. Why the connection isn't properly closed ? Thanks in advance, kiuma

2 2

[hunchentoot-devel] HTTP 500 error handling behavior customization
by Blond BF 30 Jan '11

30 Jan '11

So there was the need to handle the HTTP 500 error in two different ways depending on the current request string. So I threw error formatting code from START-OUTPUT and PROCESS-REQUEST to a separate function for start. Then I tried to make this function context-depended so I set the default value of *HTTP-ERROR-HANDLER* to this function and put error detection and handling code to HANDLE-REQUEST. Now HANDLE-REQUST responds to lisp and http errors by calling *HTTP-ERROR-HANDLER* and passing to it condition and backtrace in case of lisp error and dispatcher's return value in case of HTTP error. This error handler looks at RETURN-CODE* and formats corresponding error message. START-OUTPUT and PROCESS-REQUEST now just write what HANDLE-REQUEST returns. Now I can do something like (let ((*http-error-handler* 'custom-handler-for-this-site... in the dispatcher. There is little problem with compatibility: *HTTP-ERROR-HANDLER* takes error code as single argument before but now it taking error description string as single argument (can take return-code from reply object). I have no idea to save backward compatibility here. Here is a draft patch: diff --git a/acceptor.lisp b/acceptor.lisp index f90aa55..9f15947 100644 --- a/acceptor.lisp +++ b/acceptor.lisp @@ -421,6 +421,32 @@ chunked encoding, but acceptor is configured to not use it."))))) (mp:process-unstop (acceptor-process acceptor)) nil) +(defun handle-http-error (&optional description) + "Standard HTTP error handler. Looks at return code and +formats corresponding error message. Return value is error message +typically shown in user's web browser." + (let* ((return-code (return-code*)) + (reason-phrase (reason-phrase return-code))) + (format nil "<html><head><title>~D ~A</title></head><body><h1>~:*~A</h1><hr /><p>~A</p><p>~A</p><hr /><p>~A</p></body></html>" + return-code reason-phrase + (case return-code + ((#.+http-moved-temporarily+ #.+http-moved-permanently+) + (format nil "The document has moved <a href='~A'>here</a>" + (header-out :location))) + ((#.+http-authorization-required+) + "The server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials \(e.g., bad password), or your browser doesn't understand how to supply the credentials required.") + ((#.+http-forbidden+) + (format nil "You don't have permission to access ~A on this server." + (script-name *request*))) + ((#.+http-not-found+) + (format nil "The requested URL ~A was not found on this server." + (script-name *request*))) + ((#.+http-bad-request+) + "Your browser sent a request that this server could not understand.") + (otherwise "")) + (or description "") + (address-string)))) + (defun list-request-dispatcher (request) "The default request dispatcher which selects a request handler based on a list of individual request dispatchers all of which can @@ -433,8 +459,8 @@ either return a handler or neglect by returning NIL." (defmethod handle-request ((*acceptor* acceptor) (*request* request)) "Standard method for request handling. Calls the request dispatcher of *ACCEPTOR* to determine how the request should be handled. Also -sets up standard error handling which catches any errors within the -handler." +calls http error handler if return code is error code and sets up standard +error handling which catches any errors within the handler" (handler-bind ((error (lambda (cond) (when *log-lisp-errors-p* @@ -447,11 +473,30 @@ handler." ;; the stream (when *headers-sent* (setq *close-hunchentoot-stream* t)) + (setf (return-code*) +http-internal-server-error+) (throw 'handler-done - (values nil cond (and *show-lisp-backtraces-p* (get-backtrace)))))) + ;; A dispatcher can serve separate web-sites and + ;; set custom error pages for them by setting + ;; *http-error-handler* variable. + (funcall + *http-error-handler* + (let ((description + (format nil + "~A~%~A" + (if *show-lisp-errors-p* cond "") + (if *show-lisp-backtraces-p* (get-backtrace) "")))) + (regex-replace-all "\\n" (escape-for-html description) (format nil "<br />~%"))))))) (warning (lambda (cond) (when *log-lisp-warnings-p* (log-message *lisp-warnings-log-level* "~A" cond))))) - (with-debugger - (funcall (acceptor-request-dispatcher *acceptor*) *request*)))) + (let ((content (funcall (acceptor-request-dispatcher *acceptor*) *request*))) + ;; Call HTTP error handler when return code is not in approved + ;; list and http error handling is turned on. + ;; Pass dispatcher's output to error handler's input so + ;; dispatcher can format its own error description. + (if (or + (member (return-code*) *approved-return-codes*) + (null *handle-http-errors-p*)) + content + (funcall *http-error-handler* content))))) diff --git a/doc/index.xml b/doc/index.xml index df46c7c..a10a38f 100644 --- a/doc/index.xml +++ b/doc/index.xml @@ -1619,7 +1619,9 @@ The default method calls the acceptor's <a href="#request-dispatch">request dispatcher</a>, but you can of course implement a different behaviour. The default method also sets up <a href="#logging">standard error handling</a> for -the <a href="#handlers">handler</a>. +the <a href="#handlers">handler</a> and calls <clix:ref>*HTTP-ERROR-HANDLER*</clix:ref> +(with passing dispatcher's return value to it) if the request dispatcher +sets return code that not in <clix:ref>*APPROVED-RETURN-CODES*</clix:ref> </p> <p> Might be a good place to bind or rebind special variables which can @@ -2698,18 +2700,16 @@ see <clix:ref>*HANDLE-HTTP-ERRORS-P*</clix:ref>. <clix:special-variable name='*handle-http-errors-p*'> <clix:description>A generalized boolean that determines whether return codes which are not in <clix:ref>*APPROVED-RETURN-CODES*</clix:ref> are treated specially. When its value -is true (the default), either a default body for the return code or -the result of calling <clix:ref>*HTTP-ERROR-HANDLER*</clix:ref> is used. When the value is -<code>NIL</code>, no special action is taken and you are expected to supply your -own response body to describe the error. +is true (the default), the result of calling <clix:ref>*HTTP-ERROR-HANDLER*</clix:ref> is used to +format error message. When the value is <code>NIL</code>, no special action is taken and you are +expected to supply your own response body to describe the error. </clix:description> </clix:special-variable> <clix:special-variable name='*http-error-handler*'> - <clix:description>Contains <code>NIL</code> (the default) or a function of one argument which is -called if the content handler has set a return code which is not in -<clix:ref>*APPROVED-RETURN-CODES*</clix:ref> -and <clix:ref>*HANDLE-HTTP-ERRORS*</clix:ref> is true. + <clix:description>Contains <code>handle-http-error</code> (the default) or a function of one +argument (error description) which is called if the content handler has set a return code which is not in +<clix:ref>*APPROVED-RETURN-CODES*</clix:ref> and <clix:ref>*HANDLE-HTTP-ERRORS-P*</clix:ref> is true. </clix:description> </clix:special-variable> @@ -2777,6 +2777,19 @@ source code of <clix:ref>REDIRECT</clix:ref> for an example. </clix:description> </clix:function> + <clix:function name="handle-http-error"> + <clix:lambda-list><clix:lkw>optional</clix:lkw> description</clix:lambda-list> + <clix:returns>string (formatted error message)</clix:returns> + <clix:description> + Default HTTP error handler (see <clix:ref>*HTTP-ERROR-HANDLER*</clix:ref>). + <p> + Looks at <clix:ref>RETURN-CODE*</clix:ref> and formats corresponding error message with + reason phrase (see <clix:ref>REASON-PHRASE</clix:ref>) and optional + <clix:arg>description</clix:arg>. + </p> + </clix:description> + </clix:function> + <clix:function name="handle-static-file"> <clix:lambda-list>path <clix:lkw>optional</clix:lkw> content-type</clix:lambda-list> <clix:returns>nil</clix:returns> diff --git a/headers.lisp b/headers.lisp index 89df868..0ae2320 100644 --- a/headers.lisp +++ b/headers.lisp @@ -74,9 +74,8 @@ writes them directly to the client as an HTTP header line.") (request *request*)) "Sends all headers and maybe the content body to *HUNCHENTOOT-STREAM*. Returns immediately and does nothing if called -more than once per request. Handles the supported return codes -accordingly. Called by PROCESS-REQUEST and/or SEND-HEADERS. Returns -the stream to write to." +more than once per request. Called by PROCESS-REQUEST and/or SEND-HEADERS. +Returns the stream to write to." ;; send headers only once (when *headers-sent* (return-from start-output)) @@ -135,41 +134,6 @@ the stream to write to." content-modified-p t return-code +http-internal-server-error+ reason-phrase (reason-phrase return-code))) - (unless (or (not *handle-http-errors-p*) - (member return-code *approved-return-codes*)) - ;; call error handler, if any - should return NIL if it can't - ;; handle the error - (let (error-handled-p) - (when *http-error-handler* - (setq error-handled-p (funcall *http-error-handler* return-code) - content (or error-handled-p content) - content-modified-p (or content-modified-p error-handled-p))) - ;; handle common return codes other than 200, which weren't - ;; handled by the error handler - (unless error-handled-p - (setf (content-type*) - "text/html; charset=iso-8859-1" - content-modified-p t - content - (format nil "<html><head><title>~D ~A</title></head><body><h1>~:*~A</h1>~A<p><hr>~A</p></body></html>" - return-code reason-phrase - (case return-code - ((#.+http-internal-server-error+) content) - ((#.+http-moved-temporarily+ #.+http-moved-permanently+) - (format nil "The document has moved <a href='~A'>here</a>" - (escape-for-html (header-out :location)))) - ((#.+http-authorization-required+) - "The server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials \(e.g., bad password), or your browser doesn't understand how to supply the credentials required.") - ((#.+http-forbidden+) - (format nil "You don't have permission to access ~A on this server." - (escape-for-html (script-name request)))) - ((#.+http-not-found+) - (format nil "The requested URL ~A was not found on this server." - (escape-for-html (script-name request)))) - ((#.+http-bad-request+) - "Your browser sent a request that this server could not understand.") - (otherwise "")) - (address-string)))))) ;; start with status line (let ((first-line (format nil "HTTP/1.1 ~D ~A" return-code reason-phrase))) diff --git a/request.lisp b/request.lisp index ea0e2a7..1ef7daa 100644 --- a/request.lisp +++ b/request.lisp @@ -216,22 +216,7 @@ doing." (unwind-protect (with-mapped-conditions () (let* ((*request* request)) - (multiple-value-bind (body error backtrace) - ;; skip dispatch if bad request - (when (eql (return-code *reply*) +http-ok+) - (catch 'handler-done - (handle-request *acceptor* *request*))) - (when error - (setf (return-code *reply*) - +http-internal-server-error+)) - (start-output :content (cond ((and error *show-lisp-errors-p*) - (format nil "<pre>~A~@[~%~%Backtrace:~A~]</pre>" - (escape-for-html (format nil "~A" error)) - (when *show-lisp-backtraces-p* - (escape-for-html (format nil "~A" backtrace))))) - (error - "An error has occured.") - (t body)))))) + (start-output :content (catch 'handler-done (handle-request *acceptor* *request*))))) (dolist (path *tmp-files*) (when (and (pathnamep path) (probe-file path)) ;; the handler may have chosen to (re)move the uploaded diff --git a/specials.lisp b/specials.lisp index 7759ad5..84ccf66 100644 --- a/specials.lisp +++ b/specials.lisp @@ -270,10 +270,11 @@ DEFAULT-DISPATCHER.") "An alist of \(URI acceptor-names function) lists defined by DEFINE-EASY-HANDLER.") -(defvar *http-error-handler* nil - "Contains NIL \(the default) or a function of one argument which is -called if the content handler has set a return code which is not in -*APPROVED-RETURN-CODES* and *HANDLE-HTTP-ERRORS* is true.") +(defvar *http-error-handler* 'handle-http-error + "Contains 'handle-http-error (by default) or a function of one +argument (error description) which is called if the content handler +has set a return code which is not in *APPROVED-RETURN-CODES* and +*HANDLE-HTTP-ERRORS* is true") (defvar *handle-http-errors-p* t "A generalized boolean that determines whether return codes which

2 2

[hunchentoot-devel] Logging API and default behavior changed
by Hans Hübner 24 Jan '11

24 Jan '11

Hi, I have made an incompatible change to Hunchentoot's logging API (http://bknr.net/trac/changeset/4639). To sum up: The old special variables to configure the log paths as well as the -logger slots in the acceptors are gone. Instead, Hunchentoot now has per-acceptor slots containing the log pathnames, if any. Logging is performed by calling the ACCEPTOR-LOG-ACCESS and ACCEPTOR-LOG-MESSAGE generic functions that can be specialized for derived logger classes. Previously, it was possible to disable logging altogether by setting the log pathnames to NIL, which also was the default. I have changed that so that if a log pathname is NIL, the log entry is written to CL:*ERROR-OUTPUT* instead. This seems to be a more helpful behavior. If an application desires to switch off logging completely, it now needs to either set the log pathnames to "/dev/null" (wasteful, but quick) or implement methods for the logging functions above. Please let me know if there are any problems with this change, apart from the incompatibility. -Hans

3 3

[hunchentoot-devel] Hard to catch errors below process-request
by AVS 24 Jan '11

24 Jan '11

Hi Recently I was trying to find out why the client received an empty response. The problem was inside function start-output. Function call to (string-to-octets content :external-format (reply-external-format*) was throwing an exception (it was a non-latin character for latin external-format) which I couldn't catch in debugger by setting (setf hunchentoot:*handle-http-errors-p* nil) (setf hunchentoot:*handle-http-errors-p* t) (setf *catch-errors-p* nil) Actually inside start-output I can write any crazy code that would fail to compile or throw an exception, but for some reason this error never gets shown at any level. Maybe I am just missing something that I can specify, or maybe it only happens on my end (I am using hunchentoot 1.1.1 on Ubuntu) please let me know. Thank you, Andrei

3 21

[hunchentoot-devel] Exporting session-start & session-id
by Nico de Jager 21 Jan '11

21 Jan '11

Hi Although the Hunchentoot documentation says "... the internal structure of SESSION objects should be considered opaque ..." and the functionality of session-id and session-start can be trivially implemented, I am wondering if these two readers can be exported? session-start is useful for seeing how long users have been on the system. session-id is useful for session identity. Why re-implement them when Hunchentoot already has the functionality? Regards. Nico

3 5

[hunchentoot-devel] [Patch] Allow user to not send a Content-Type header
by Chaitanya Gupta 21 Jan '11

21 Jan '11

Hi, Right now, hunchentoot doesn't allow one to set a NULL Content-Type header -- so it is always sent to the client. With this patch, the user can (setf (content-type*) nil) And no Content-Type header will be sent in that case. Chaitanya -- http://chaitanyagupta.com/blog/

2 1

[hunchentoot-devel] Fix for ECL
by Sohail Somani 21 Jan '11

21 Jan '11

Hi there, In specials.lisp, ECL seems to require *supports-threads-p* to be set as follows: (eval-when (:compile-toplevel :load-toplevel :execute) (define-symbol-macro *supports-threads-p* #+:lispworks t #-:lispworks bt:*supports-threads-p*)) Apparently the symbol macro is not available when compiling the file. Otherwise compiling the file twice works when loading.

2 1

[hunchentoot-devel] Different accessors in define-easy-handler
by Nicolas Neuss 21 Jan '11

21 Jan '11

Hello, since some time I use a patch for DEFINE-EASY-HANDLER which makes it work correctly with multiple accessors (I hope). Here it is. (I am not quite sure if it has not been corrected yet. The patch is against Hunchentoot-1.1.1 from Quicklisp.) Thanks, Nicolas --- easy-handlers.lisp~ 2010-11-30 10:34:27.000000000 +0100 +++ easy-handlers.lisp 2010-11-30 10:46:39.000000000 +0100 @@ -288,8 +288,11 @@ `(progn (setq *easy-handler-alist* (delete-if (lambda (list) - (or (equal ,uri (first list)) - (eq ',name (third list)))) + (and (or (equal ,uri (first list)) + (eq ',name (third list))) + (or (eq ,acceptor-names t) + (intersection ,acceptor-names + (second list))))) *easy-handler-alist*)) (push (list ,uri ,acceptor-names ',name) *easy-handler-alist*))))) (defun ,name (&key ,@(loop for part in lambda-list

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

tbnl-devel January 2011