123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040 |
- @c -*-texinfo-*-
- @c This is part of the GNU Guile Reference Manual.
- @c Copyright (C) 2010, 2011, 2012, 2013, 2015, 2018, 2019, 2020 Free Software Foundation, Inc.
- @c See the file guile.texi for copying conditions.
- @node Web
- @section @acronym{HTTP}, the Web, and All That
- @cindex Web
- @cindex WWW
- @cindex HTTP
- It has always been possible to connect computers together and share
- information between them, but the rise of the World Wide Web over the
- last couple of decades has made it much easier to do so. The result is
- a richly connected network of computation, in which Guile forms a part.
- By ``the web'', we mean the HTTP protocol@footnote{Yes, the P is for
- protocol, but this phrase appears repeatedly in RFC 2616.} as handled by
- servers, clients, proxies, caches, and the various kinds of messages and
- message components that can be sent and received by that protocol,
- notably HTML.
- On one level, the web is text in motion: the protocols themselves are
- textual (though the payload may be binary), and it's possible to create
- a socket and speak text to the web. But such an approach is obviously
- primitive. This section details the higher-level data types and
- operations provided by Guile: URIs, HTTP request and response records,
- and a conventional web server implementation.
- The material in this section is arranged in ascending order, in which
- later concepts build on previous ones. If you prefer to start with the
- highest-level perspective, @pxref{Web Examples}, and work your way
- back.
- @menu
- * Types and the Web:: Types prevent bugs and security problems.
- * URIs:: Universal Resource Identifiers.
- * HTTP:: The Hyper-Text Transfer Protocol.
- * HTTP Headers:: How Guile represents specific header values.
- * Transfer Codings:: HTTP Transfer Codings.
- * Requests:: HTTP requests.
- * Responses:: HTTP responses.
- * Web Client:: Accessing web resources over HTTP.
- * Web Server:: Serving HTTP to the internet.
- * Web Examples:: How to use this thing.
- @end menu
- @node Types and the Web
- @subsection Types and the Web
- It is a truth universally acknowledged, that a program with good use of
- data types, will be free from many common bugs. Unfortunately, the
- common practice in web programming seems to ignore this maxim. This
- subsection makes the case for expressive data types in web programming.
- By ``expressive data types'', we mean that the data types @emph{say}
- something about how a program solves a problem. For example, if we
- choose to represent dates using SRFI 19 date records (@pxref{SRFI-19}),
- this indicates that there is a part of the program that will always have
- valid dates. Error handling for a number of basic cases, like invalid
- dates, occurs on the boundary in which we produce a SRFI 19 date record
- from other types, like strings.
- With regards to the web, data types are helpful in the two broad phases
- of HTTP messages: parsing and generation.
- Consider a server, which has to parse a request, and produce a response.
- Guile will parse the request into an HTTP request object
- (@pxref{Requests}), with each header parsed into an appropriate Scheme
- data type. This transition from an incoming stream of characters to
- typed data is a state change in a program---the strings might parse, or
- they might not, and something has to happen if they do not. (Guile
- throws an error in this case.) But after you have the parsed request,
- ``client'' code (code built on top of the Guile web framework) will not
- have to check for syntactic validity. The types already make this
- information manifest.
- This state change on the parsing boundary makes programs more robust,
- as they themselves are freed from the need to do a number of common
- error checks, and they can use normal Scheme procedures to handle a
- request instead of ad-hoc string parsers.
- The need for types on the response generation side (in a server) is more
- subtle, though not less important. Consider the example of a POST
- handler, which prints out the text that a user submits from a form.
- Such a handler might include a procedure like this:
- @example
- ;; First, a helper procedure
- (define (para . contents)
- (string-append "<p>" (string-concatenate contents) "</p>"))
- ;; Now the meat of our simple web application
- (define (you-said text)
- (para "You said: " text))
- (display (you-said "Hi!"))
- @print{} <p>You said: Hi!</p>
- @end example
- This is a perfectly valid implementation, provided that the incoming
- text does not contain the special HTML characters @samp{<}, @samp{>}, or
- @samp{&}. But this provision of a restricted character set is not
- reflected anywhere in the program itself: we must @emph{assume} that the
- programmer understands this, and performs the check elsewhere.
- Unfortunately, the short history of the practice of programming does not
- bear out this assumption. A @dfn{cross-site scripting} (@acronym{XSS})
- vulnerability is just such a common error in which unfiltered user input
- is allowed into the output. A user could submit a crafted comment to
- your web site which results in visitors running malicious Javascript,
- within the security context of your domain:
- @example
- (display (you-said "<script src=\"http://bad.com/nasty.js\" />"))
- @print{} <p>You said: <script src="http://bad.com/nasty.js" /></p>
- @end example
- The fundamental problem here is that both user data and the program
- template are represented using strings. This identity means that types
- can't help the programmer to make a distinction between these two, so
- they get confused.
- There are a number of possible solutions, but perhaps the best is to
- treat HTML not as strings, but as native s-expressions: as SXML. The
- basic idea is that HTML is either text, represented by a string, or an
- element, represented as a tagged list. So @samp{foo} becomes
- @samp{"foo"}, and @samp{<b>foo</b>} becomes @samp{(b "foo")}.
- Attributes, if present, go in a tagged list headed by @samp{@@}, like
- @samp{(img (@@ (src "http://example.com/foo.png")))}. @xref{SXML}, for
- more information.
- The good thing about SXML is that HTML elements cannot be confused with
- text. Let's make a new definition of @code{para}:
- @example
- (define (para . contents)
- `(p ,@@contents))
- (use-modules (sxml simple))
- (sxml->xml (you-said "Hi!"))
- @print{} <p>You said: Hi!</p>
- (sxml->xml (you-said "<i>Rats, foiled again!</i>"))
- @print{} <p>You said: <i>Rats, foiled again!</i></p>
- @end example
- So we see in the second example that HTML elements cannot be unwittingly
- introduced into the output. However it is now perfectly acceptable to
- pass SXML to @code{you-said}; in fact, that is the big advantage of SXML
- over everything-as-a-string.
- @example
- (sxml->xml (you-said (you-said "<Hi!>")))
- @print{} <p>You said: <p>You said: <Hi!></p></p>
- @end example
- The SXML types allow procedures to @emph{compose}. The types make
- manifest which parts are HTML elements, and which are text. So you
- needn't worry about escaping user input; the type transition back to a
- string handles that for you. @acronym{XSS} vulnerabilities are a thing
- of the past.
- Well. That's all very nice and opinionated and such, but how do I use
- the thing? Read on!
- @node URIs
- @subsection Universal Resource Identifiers
- Guile provides a standard data type for Universal Resource Identifiers
- (URIs), as defined in RFC 3986.
- The generic URI syntax is as follows:
- @example
- URI-reference := [scheme ":"] ["//" [userinfo "@@"] host [":" port]] path \
- [ "?" query ] [ "#" fragment ]
- @end example
- For example, in the URI, @indicateurl{http://www.gnu.org/help/}, the
- scheme is @code{http}, the host is @code{www.gnu.org}, the path is
- @code{/help/}, and there is no userinfo, port, query, or fragment.
- Userinfo is something of an abstraction, as some legacy URI schemes
- allowed userinfo of the form @code{@var{username}:@var{passwd}}. But
- since passwords do not belong in URIs, the RFC does not want to condone
- this practice, so it calls anything before the @code{@@} sign
- @dfn{userinfo}.
- @example
- (use-modules (web uri))
- @end example
- The following procedures can be found in the @code{(web uri)}
- module. Load it into your Guile, using a form like the above, to have
- access to them.
- The most common way to build a URI from Scheme is with the
- @code{build-uri} function.
- @deffn {Scheme Procedure} build-uri scheme @
- [#:userinfo=@code{#f}] [#:host=@code{#f}] [#:port=@code{#f}] @
- [#:path=@code{""}] [#:query=@code{#f}] [#:fragment=@code{#f}] @
- [#:validate?=@code{#t}]
- Construct a URI. @var{scheme} should be a symbol, @var{port} either a
- positive, exact integer or @code{#f}, and the rest of the fields are
- either strings or @code{#f}. If @var{validate?} is true, also run some
- consistency checks to make sure that the constructed URI is valid.
- @end deffn
- @deffn {Scheme Procedure} uri? obj
- Return @code{#t} if @var{obj} is a URI.
- @end deffn
- Guile, URIs are represented as URI records, with a number of associated
- accessors.
- @deffn {Scheme Procedure} uri-scheme uri
- @deffnx {Scheme Procedure} uri-userinfo uri
- @deffnx {Scheme Procedure} uri-host uri
- @deffnx {Scheme Procedure} uri-port uri
- @deffnx {Scheme Procedure} uri-path uri
- @deffnx {Scheme Procedure} uri-query uri
- @deffnx {Scheme Procedure} uri-fragment uri
- Field accessors for the URI record type. The URI scheme will be a
- symbol, or @code{#f} if the object is a relative-ref (see below). The
- port will be either a positive, exact integer or @code{#f}, and the rest
- of the fields will be either strings or @code{#f} if not present.
- @end deffn
- @deffn {Scheme Procedure} string->uri string
- Parse @var{string} into a URI object. Return @code{#f} if the string
- could not be parsed.
- @end deffn
- @deffn {Scheme Procedure} uri->string uri [#:include-fragment?=@code{#t}]
- Serialize @var{uri} to a string. If the URI has a port that is the
- default port for its scheme, the port is not included in the
- serialization. If @var{include-fragment?} is given as false, the
- resulting string will omit the fragment (if any).
- @end deffn
- @deffn {Scheme Procedure} declare-default-port! scheme port
- Declare a default port for the given URI scheme.
- @end deffn
- @deffn {Scheme Procedure} uri-decode str [#:encoding=@code{"utf-8"}] [#:decode-plus-to-space? #t]
- Percent-decode the given @var{str}, according to @var{encoding}, which
- should be the name of a character encoding.
- Note that this function should not generally be applied to a full URI
- string. For paths, use @code{split-and-decode-uri-path} instead. For
- query strings, split the query on @code{&} and @code{=} boundaries, and
- decode the components separately.
- Note also that percent-encoded strings encode @emph{bytes}, not
- characters. There is no guarantee that a given byte sequence is a valid
- string encoding. Therefore this routine may signal an error if the
- decoded bytes are not valid for the given encoding. Pass @code{#f} for
- @var{encoding} if you want decoded bytes as a bytevector directly.
- @xref{Ports, @code{set-port-encoding!}}, for more information on
- character encodings.
- If @var{decode-plus-to-space?} is true, which is the default, also
- replace instances of the plus character @samp{+} with a space character.
- This is needed when parsing @code{application/x-www-form-urlencoded}
- data.
- Returns a string of the decoded characters, or a bytevector if
- @var{encoding} was @code{#f}.
- @end deffn
- @deffn {Scheme Procedure} uri-encode str [#:encoding=@code{"utf-8"}] [#:unescaped-chars]
- Percent-encode any character not in the character set,
- @var{unescaped-chars}.
- The default character set includes alphanumerics from ASCII, as well as
- the special characters @samp{-}, @samp{.}, @samp{_}, and @samp{~}. Any
- other character will be percent-encoded, by writing out the character to
- a bytevector within the given @var{encoding}, then encoding each byte as
- @code{%@var{HH}}, where @var{HH} is the hexadecimal representation of
- the byte.
- @end deffn
- @deffn {Scheme Procedure} split-and-decode-uri-path path
- Split @var{path} into its components, and decode each component,
- removing empty components.
- For example, @code{"/foo/bar%20baz/"} decodes to the two-element list,
- @code{("foo" "bar baz")}.
- @end deffn
- @deffn {Scheme Procedure} encode-and-join-uri-path parts
- URI-encode each element of @var{parts}, which should be a list of
- strings, and join the parts together with @code{/} as a delimiter.
- For example, the list @code{("scrambled eggs" "biscuits&gravy")} encodes
- as @code{"scrambled%20eggs/biscuits%26gravy"}.
- @end deffn
- @subsubheading Subtypes of URI
- As we noted above, not all URI objects have a scheme. You might have
- noted in the ``generic URI syntax'' example that the left-hand side of
- that grammar definition was URI-reference, not URI. A
- @dfn{URI-reference} is a generalization of a URI where the scheme is
- optional. If no scheme is specified, it is taken to be relative to some
- other related URI. A common use of URI references is when you want to
- be vague regarding the choice of HTTP or HTTPS -- serving a web page
- referring to @code{/foo.css} will use HTTPS if loaded over HTTPS, or
- HTTP otherwise.
- @deffn {Scheme Procedure} build-uri-reference [#:scheme=@code{#f}]@
- [#:userinfo=@code{#f}] [#:host=@code{#f}] [#:port=@code{#f}] @
- [#:path=@code{""}] [#:query=@code{#f}] [#:fragment=@code{#f}] @
- [#:validate?=@code{#t}]
- Like @code{build-uri}, but with an optional scheme.
- @end deffn
- @deffn {Scheme Procedure} uri-reference? obj
- Return @code{#t} if @var{obj} is a URI-reference. This is the most
- general URI predicate, as it includes not only full URIs that have
- schemes (those that match @code{uri?}) but also URIs without schemes.
- @end deffn
- It's also possible to build a @dfn{relative-ref}: a URI-reference that
- explicitly lacks a scheme.
- @deffn {Scheme Procedure} build-relative-ref @
- [#:userinfo=@code{#f}] [#:host=@code{#f}] [#:port=@code{#f}] @
- [#:path=@code{""}] [#:query=@code{#f}] [#:fragment=@code{#f}] @
- [#:validate?=@code{#t}]
- Like @code{build-uri}, but with no scheme.
- @end deffn
- @deffn {Scheme Procedure} relative-ref? obj
- Return @code{#t} if @var{obj} is a ``relative-ref'': a URI-reference
- that has no scheme. Every URI-reference will either match @code{uri?}
- or @code{relative-ref?} (but not both).
- @end deffn
- In case it's not clear from the above, the most general of these URI
- types is the URI-reference, with @code{build-uri-reference} as the most
- general constructor. @code{build-uri} and @code{build-relative-ref}
- enforce enforce specific restrictions on the URI-reference. The most
- generic URI parser is then @code{string->uri-reference}, and there is
- also a parser for when you know that you want a relative-ref.
- Note that @code{uri?} will only return @code{#t} for URI objects that
- have schemes; that is, it rejects relative-refs.
- @deffn {Scheme Procedure} string->uri-reference string
- Parse @var{string} into a URI object, while not requiring a scheme.
- Return @code{#f} if the string could not be parsed.
- @end deffn
- @deffn {Scheme Procedure} string->relative-ref string
- Parse @var{string} into a URI object, while asserting that no scheme is
- present. Return @code{#f} if the string could not be parsed.
- @end deffn
- @node HTTP
- @subsection The Hyper-Text Transfer Protocol
- The initial motivation for including web functionality in Guile, rather
- than rely on an external package, was to establish a standard base on
- which people can share code. To that end, we continue the focus on data
- types by providing a number of low-level parsers and unparsers for
- elements of the HTTP protocol.
- If you are want to skip the low-level details for now and move on to web
- pages, @pxref{Web Client}, and @pxref{Web Server}. Otherwise, load the
- HTTP module, and read on.
- @example
- (use-modules (web http))
- @end example
- The focus of the @code{(web http)} module is to parse and unparse
- standard HTTP headers, representing them to Guile as native data
- structures. For example, a @code{Date:} header will be represented as a
- SRFI-19 date record (@pxref{SRFI-19}), rather than as a string.
- Guile tries to follow RFCs fairly strictly---the road to perdition being
- paved with compatibility hacks---though some allowances are made for
- not-too-divergent texts.
- Header names are represented as lower-case symbols.
- @deffn {Scheme Procedure} string->header name
- Parse @var{name} to a symbolic header name.
- @end deffn
- @deffn {Scheme Procedure} header->string sym
- Return the string form for the header named @var{sym}.
- @end deffn
- For example:
- @example
- (string->header "Content-Length")
- @result{} content-length
- (header->string 'content-length)
- @result{} "Content-Length"
- (string->header "FOO")
- @result{} foo
- (header->string 'foo)
- @result{} "Foo"
- @end example
- Guile keeps a registry of known headers, their string names, and some
- parsing and serialization procedures. If a header is unknown, its
- string name is simply its symbol name in title-case.
- @deffn {Scheme Procedure} known-header? sym
- Return @code{#t} if @var{sym} is a known header, with associated
- parsers and serialization procedures, or @code{#f} otherwise.
- @end deffn
- @deffn {Scheme Procedure} header-parser sym
- Return the value parser for headers named @var{sym}. The result is a
- procedure that takes one argument, a string, and returns the parsed
- value. If the header isn't known to Guile, a default parser is returned
- that passes through the string unchanged.
- @end deffn
- @deffn {Scheme Procedure} header-validator sym
- Return a predicate which returns @code{#t} if the given value is valid
- for headers named @var{sym}. The default validator for unknown headers
- is @code{string?}.
- @end deffn
- @deffn {Scheme Procedure} header-writer sym
- Return a procedure that writes values for headers named @var{sym} to a
- port. The resulting procedure takes two arguments: a value and a port.
- The default writer is @code{display}.
- @end deffn
- For more on the set of headers that Guile knows about out of the box,
- @pxref{HTTP Headers}. To add your own, use the @code{declare-header!}
- procedure:
- @deffn {Scheme Procedure} declare-header! name parser validator writer @
- [#:multiple?=@code{#f}]
- Declare a parser, validator, and writer for a given header.
- @end deffn
- For example, let's say you are running a web server behind some sort of
- proxy, and your proxy adds an @code{X-Client-Address} header, indicating
- the IPv4 address of the original client. You would like for the HTTP
- request record to parse out this header to a Scheme value, instead of
- leaving it as a string. You could register this header with Guile's
- HTTP stack like this:
- @example
- (declare-header! "X-Client-Address"
- (lambda (str)
- (inet-pton AF_INET str))
- (lambda (ip)
- (and (integer? ip) (exact? ip) (<= 0 ip #xffffffff)))
- (lambda (ip port)
- (display (inet-ntop AF_INET ip) port)))
- @end example
- @deffn {Scheme Procedure} declare-opaque-header! name
- A specialised version of @code{declare-header!} for the case in which
- you want a header's value to be returned/written ``as-is''.
- @end deffn
- @deffn {Scheme Procedure} valid-header? sym val
- Return a true value if @var{val} is a valid Scheme value for the header
- with name @var{sym}, or @code{#f} otherwise.
- @end deffn
- Now that we have a generic interface for reading and writing headers, we
- do just that.
- @deffn {Scheme Procedure} read-header port
- Read one HTTP header from @var{port}. Return two values: the header
- name and the parsed Scheme value. May raise an exception if the header
- was known but the value was invalid.
- Returns the end-of-file object for both values if the end of the message
- body was reached (i.e., a blank line).
- @end deffn
- @deffn {Scheme Procedure} parse-header name val
- Parse @var{val}, a string, with the parser for the header named
- @var{name}. Returns the parsed value.
- @end deffn
- @deffn {Scheme Procedure} write-header name val port
- Write the given header name and value to @var{port}, using the writer
- from @code{header-writer}.
- @end deffn
- @deffn {Scheme Procedure} read-headers port
- Read the headers of an HTTP message from @var{port}, returning them
- as an ordered alist.
- @end deffn
- @deffn {Scheme Procedure} write-headers headers port
- Write the given header alist to @var{port}. Doesn't write the final
- @samp{\r\n}, as the user might want to add another header.
- @end deffn
- The @code{(web http)} module also has some utility procedures to read
- and write request and response lines.
- @deffn {Scheme Procedure} parse-http-method str [start] [end]
- Parse an HTTP method from @var{str}. The result is an upper-case symbol,
- like @code{GET}.
- @end deffn
- @deffn {Scheme Procedure} parse-http-version str [start] [end]
- Parse an HTTP version from @var{str}, returning it as a major--minor
- pair. For example, @code{HTTP/1.1} parses as the pair of integers,
- @code{(1 . 1)}.
- @end deffn
- @deffn {Scheme Procedure} parse-request-uri str [start] [end]
- Parse a URI from an HTTP request line. Note that URIs in requests do not
- have to have a scheme or host name. The result is a URI object.
- @end deffn
- @deffn {Scheme Procedure} read-request-line port
- Read the first line of an HTTP request from @var{port}, returning three
- values: the method, the URI, and the version.
- @end deffn
- @deffn {Scheme Procedure} write-request-line method uri version port
- Write the first line of an HTTP request to @var{port}.
- @end deffn
- @deffn {Scheme Procedure} read-response-line port
- Read the first line of an HTTP response from @var{port}, returning three
- values: the HTTP version, the response code, and the ``reason phrase''.
- @end deffn
- @deffn {Scheme Procedure} write-response-line version code reason-phrase port
- Write the first line of an HTTP response to @var{port}.
- @end deffn
- @node HTTP Headers
- @subsection HTTP Headers
- In addition to defining the infrastructure to parse headers, the
- @code{(web http)} module defines specific parsers and unparsers for all
- headers defined in the HTTP/1.1 standard.
- For example, if you receive a header named @samp{Accept-Language} with a
- value @samp{en, es;q=0.8}, Guile parses it as a quality list (defined
- below):
- @example
- (parse-header 'accept-language "en, es;q=0.8")
- @result{} ((1000 . "en") (800 . "es"))
- @end example
- The format of the value for @samp{Accept-Language} headers is defined
- below, along with all other headers defined in the HTTP standard. (If
- the header were unknown, the value would have been returned as a
- string.)
- For brevity, the header definitions below are given in the form,
- @var{Type} @code{@var{name}}, indicating that values for the header
- @code{@var{name}} will be of the given @var{Type}. Since Guile
- internally treats header names in lower case, in this document we give
- types title-cased names. A short description of the each header's
- purpose and an example follow.
- For full details on the meanings of all of these headers, see the HTTP
- 1.1 standard, RFC 2616.
- @subsubsection HTTP Header Types
- Here we define the types that are used below, when defining headers.
- @deftp {HTTP Header Type} Date
- A SRFI-19 date.
- @end deftp
- @deftp {HTTP Header Type} KVList
- A list whose elements are keys or key-value pairs. Keys are parsed to
- symbols. Values are strings by default. Non-string values are the
- exception, and are mentioned explicitly below, as appropriate.
- @end deftp
- @deftp {HTTP Header Type} SList
- A list of strings.
- @end deftp
- @deftp {HTTP Header Type} Quality
- An exact integer between 0 and 1000. Qualities are used to express
- preference, given multiple options. An option with a quality of 870,
- for example, is preferred over an option with quality 500.
- (Qualities are written out over the wire as numbers between 0.0 and
- 1.0, but since the standard only allows three digits after the decimal,
- it's equivalent to integers between 0 and 1000, so that's what Guile
- uses.)
- @end deftp
- @deftp {HTTP Header Type} QList
- A quality list: a list of pairs, the car of which is a quality, and the
- cdr a string. Used to express a list of options, along with their
- qualities.
- @end deftp
- @deftp {HTTP Header Type} ETag
- An entity tag, represented as a pair. The car of the pair is an opaque
- string, and the cdr is @code{#t} if the entity tag is a ``strong'' entity
- tag, and @code{#f} otherwise.
- @end deftp
- @subsubsection General Headers
- General HTTP headers may be present in any HTTP message.
- @deftypevr {HTTP Header} KVList cache-control
- A key-value list of cache-control directives. See RFC 2616, for more
- details.
- If present, parameters to @code{max-age}, @code{max-stale},
- @code{min-fresh}, and @code{s-maxage} are all parsed as non-negative
- integers.
- If present, parameters to @code{private} and @code{no-cache} are parsed
- as lists of header names, as symbols.
- @example
- (parse-header 'cache-control "no-cache,no-store"
- @result{} (no-cache no-store)
- (parse-header 'cache-control "no-cache=\"Authorization,Date\",no-store"
- @result{} ((no-cache . (authorization date)) no-store)
- (parse-header 'cache-control "no-cache=\"Authorization,Date\",max-age=10"
- @result{} ((no-cache . (authorization date)) (max-age . 10))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List connection
- A list of header names that apply only to this HTTP connection, as
- symbols. Additionally, the symbol @samp{close} may be present, to
- indicate that the server should close the connection after responding to
- the request.
- @example
- (parse-header 'connection "close")
- @result{} (close)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Date date
- The date that a given HTTP message was originated.
- @example
- (parse-header 'date "Tue, 15 Nov 1994 08:12:31 GMT")
- @result{} #<date ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} KVList pragma
- A key-value list of implementation-specific directives.
- @example
- (parse-header 'pragma "no-cache, broccoli=tasty")
- @result{} (no-cache (broccoli . "tasty"))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List trailer
- A list of header names which will appear after the message body, instead
- of with the message headers.
- @example
- (parse-header 'trailer "ETag")
- @result{} (etag)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List transfer-encoding
- A list of transfer codings, expressed as key-value lists. The only
- transfer coding defined by the specification is @code{chunked}.
- @example
- (parse-header 'transfer-encoding "chunked")
- @result{} ((chunked))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List upgrade
- A list of strings, indicating additional protocols that a server could use
- in response to a request.
- @example
- (parse-header 'upgrade "WebSocket")
- @result{} ("WebSocket")
- @end example
- @end deftypevr
- FIXME: parse out more fully?
- @deftypevr {HTTP Header} List via
- A list of strings, indicating the protocol versions and hosts of
- intermediate servers and proxies. There may be multiple @code{via}
- headers in one message.
- @example
- (parse-header 'via "1.0 venus, 1.1 mars")
- @result{} ("1.0 venus" "1.1 mars")
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List warning
- A list of warnings given by a server or intermediate proxy. Each
- warning is a itself a list of four elements: a code, as an exact integer
- between 0 and 1000, a host as a string, the warning text as a string,
- and either @code{#f} or a SRFI-19 date.
- There may be multiple @code{warning} headers in one message.
- @example
- (parse-header 'warning "123 foo \"core breach imminent\"")
- @result{} ((123 "foo" "core-breach imminent" #f))
- @end example
- @end deftypevr
- @subsubsection Entity Headers
- Entity headers may be present in any HTTP message, and refer to the
- resource referenced in the HTTP request or response.
- @deftypevr {HTTP Header} List allow
- A list of allowed methods on a given resource, as symbols.
- @example
- (parse-header 'allow "GET, HEAD")
- @result{} (GET HEAD)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List content-encoding
- A list of content codings, as symbols.
- @example
- (parse-header 'content-encoding "gzip")
- @result{} (gzip)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List content-language
- The languages that a resource is in, as strings.
- @example
- (parse-header 'content-language "en")
- @result{} ("en")
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} UInt content-length
- The number of bytes in a resource, as an exact, non-negative integer.
- @example
- (parse-header 'content-length "300")
- @result{} 300
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} URI content-location
- The canonical URI for a resource, in the case that it is also accessible
- from a different URI.
- @example
- (parse-header 'content-location "http://example.com/foo")
- @result{} #<<uri> ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} String content-md5
- The MD5 digest of a resource.
- @example
- (parse-header 'content-md5 "ffaea1a79810785575e29e2bd45e2fa5")
- @result{} "ffaea1a79810785575e29e2bd45e2fa5"
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List content-range
- Range specification as a list of three elements: the symbol
- @code{bytes}, either the symbol @code{*} or a pair of integers
- indicating the byte range, and either @code{*} or an integer indicating
- the instance length. Used to indicate that a response only includes
- part of a resource.
- @example
- (parse-header 'content-range "bytes 10-20/*")
- @result{} (bytes (10 . 20) *)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List content-type
- The MIME type of a resource, as a symbol, along with any parameters.
- @example
- (parse-header 'content-type "text/plain")
- @result{} (text/plain)
- (parse-header 'content-type "text/plain;charset=utf-8")
- @result{} (text/plain (charset . "utf-8"))
- @end example
- Note that the @code{charset} parameter is something of a misnomer, and
- the HTTP specification admits this. It specifies the @emph{encoding} of
- the characters, not the character set.
- @end deftypevr
- @deftypevr {HTTP Header} Date expires
- The date/time after which the resource given in a response is considered
- stale.
- @example
- (parse-header 'expires "Tue, 15 Nov 1994 08:12:31 GMT")
- @result{} #<date ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Date last-modified
- The date/time on which the resource given in a response was last
- modified.
- @example
- (parse-header 'expires "Tue, 15 Nov 1994 08:12:31 GMT")
- @result{} #<date ...>
- @end example
- @end deftypevr
- @subsubsection Request Headers
- Request headers may only appear in an HTTP request, not in a response.
- @deftypevr {HTTP Header} List accept
- A list of preferred media types for a response. Each element of the
- list is itself a list, in the same format as @code{content-type}.
- @example
- (parse-header 'accept "text/html,text/plain;charset=utf-8")
- @result{} ((text/html) (text/plain (charset . "utf-8")))
- @end example
- Preference is expressed with quality values:
- @example
- (parse-header 'accept "text/html;q=0.8,text/plain;q=0.6")
- @result{} ((text/html (q . 800)) (text/plain (q . 600)))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} QList accept-charset
- A quality list of acceptable charsets. Note again that what HTTP calls
- a ``charset'' is what Guile calls a ``character encoding''.
- @example
- (parse-header 'accept-charset "iso-8859-5, unicode-1-1;q=0.8")
- @result{} ((1000 . "iso-8859-5") (800 . "unicode-1-1"))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} QList accept-encoding
- A quality list of acceptable content codings.
- @example
- (parse-header 'accept-encoding "gzip,identity=0.8")
- @result{} ((1000 . "gzip") (800 . "identity"))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} QList accept-language
- A quality list of acceptable languages.
- @example
- (parse-header 'accept-language "cn,en=0.75")
- @result{} ((1000 . "cn") (750 . "en"))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Pair authorization
- Authorization credentials. The car of the pair indicates the
- authentication scheme, like @code{basic}. For basic authentication, the
- cdr of the pair will be the base64-encoded @samp{@var{user}:@var{pass}}
- string. For other authentication schemes, like @code{digest}, the cdr
- will be a key-value list of credentials.
- @example
- (parse-header 'authorization "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
- @result{} (basic . "QWxhZGRpbjpvcGVuIHNlc2FtZQ==")
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List expect
- A list of expectations that a client has of a server. The expectations
- are key-value lists.
- @example
- (parse-header 'expect "100-continue")
- @result{} ((100-continue))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} String from
- The email address of a user making an HTTP request.
- @example
- (parse-header 'from "bob@@example.com")
- @result{} "bob@@example.com"
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Pair host
- The host for the resource being requested, as a hostname-port pair. If
- no port is given, the port is @code{#f}.
- @example
- (parse-header 'host "gnu.org:80")
- @result{} ("gnu.org" . 80)
- (parse-header 'host "gnu.org")
- @result{} ("gnu.org" . #f)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} *|List if-match
- A set of etags, indicating that the request should proceed if and only
- if the etag of the resource is in that set. Either the symbol @code{*},
- indicating any etag, or a list of entity tags.
- @example
- (parse-header 'if-match "*")
- @result{} *
- (parse-header 'if-match "asdfadf")
- @result{} (("asdfadf" . #t))
- (parse-header 'if-match W/"asdfadf")
- @result{} (("asdfadf" . #f))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Date if-modified-since
- Indicates that a response should proceed if and only if the resource has
- been modified since the given date.
- @example
- (parse-header 'if-modified-since "Tue, 15 Nov 1994 08:12:31 GMT")
- @result{} #<date ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} *|List if-none-match
- A set of etags, indicating that the request should proceed if and only
- if the etag of the resource is not in the set. Either the symbol
- @code{*}, indicating any etag, or a list of entity tags.
- @example
- (parse-header 'if-none-match "*")
- @result{} *
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} ETag|Date if-range
- Indicates that the range request should proceed if and only if the
- resource matches a modification date or an etag. Either an entity tag,
- or a SRFI-19 date.
- @example
- (parse-header 'if-range "\"original-etag\"")
- @result{} ("original-etag" . #t)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Date if-unmodified-since
- Indicates that a response should proceed if and only if the resource has
- not been modified since the given date.
- @example
- (parse-header 'if-not-modified-since "Tue, 15 Nov 1994 08:12:31 GMT")
- @result{} #<date ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} UInt max-forwards
- The maximum number of proxy or gateway hops that a request should be
- subject to.
- @example
- (parse-header 'max-forwards "10")
- @result{} 10
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Pair proxy-authorization
- Authorization credentials for a proxy connection. See the documentation
- for @code{authorization} above for more information on the format.
- @example
- (parse-header 'proxy-authorization "Digest foo=bar,baz=qux"
- @result{} (digest (foo . "bar") (baz . "qux"))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} Pair range
- A range request, indicating that the client wants only part of a
- resource. The car of the pair is the symbol @code{bytes}, and the cdr
- is a list of pairs. Each element of the cdr indicates a range; the car
- is the first byte position and the cdr is the last byte position, as
- integers, or @code{#f} if not given.
- @example
- (parse-header 'range "bytes=10-30,50-")
- @result{} (bytes (10 . 30) (50 . #f))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} URI referer
- The URI of the resource that referred the user to this resource. The
- name of the header is a misspelling, but we are stuck with it.
- @example
- (parse-header 'referer "http://www.gnu.org/")
- @result{} #<uri ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List te
- A list of transfer codings, expressed as key-value lists. A common
- transfer coding is @code{trailers}.
- @example
- (parse-header 'te "trailers")
- @result{} ((trailers))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} String user-agent
- A string indicating the user agent making the request. The
- specification defines a structured format for this header, but it is
- widely disregarded, so Guile does not attempt to parse strictly.
- @example
- (parse-header 'user-agent "Mozilla/5.0")
- @result{} "Mozilla/5.0"
- @end example
- @end deftypevr
- @subsubsection Response Headers
- @deftypevr {HTTP Header} List accept-ranges
- A list of range units that the server supports, as symbols.
- @example
- (parse-header 'accept-ranges "bytes")
- @result{} (bytes)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} UInt age
- The age of a cached response, in seconds.
- @example
- (parse-header 'age "3600")
- @result{} 3600
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} ETag etag
- The entity-tag of the resource.
- @example
- (parse-header 'etag "\"foo\"")
- @result{} ("foo" . #t)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} URI-reference location
- A URI reference on which a request may be completed. Used in
- combination with a redirecting status code to perform client-side
- redirection.
- @example
- (parse-header 'location "http://example.com/other")
- @result{} #<uri ...>
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List proxy-authenticate
- A list of challenges to a proxy, indicating the need for authentication.
- @example
- (parse-header 'proxy-authenticate "Basic realm=\"foo\"")
- @result{} ((basic (realm . "foo")))
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} UInt|Date retry-after
- Used in combination with a server-busy status code, like 503, to
- indicate that a client should retry later. Either a number of seconds,
- or a date.
- @example
- (parse-header 'retry-after "60")
- @result{} 60
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} String server
- A string identifying the server.
- @example
- (parse-header 'server "My first web server")
- @result{} "My first web server"
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} *|List vary
- A set of request headers that were used in computing this response.
- Used to indicate that server-side content negotiation was performed, for
- example in response to the @code{accept-language} header. Can also be
- the symbol @code{*}, indicating that all headers were considered.
- @example
- (parse-header 'vary "Accept-Language, Accept")
- @result{} (accept-language accept)
- @end example
- @end deftypevr
- @deftypevr {HTTP Header} List www-authenticate
- A list of challenges to a user, indicating the need for authentication.
- @example
- (parse-header 'www-authenticate "Basic realm=\"foo\"")
- @result{} ((basic (realm . "foo")))
- @end example
- @end deftypevr
- @node Transfer Codings
- @subsection Transfer Codings
- HTTP 1.1 allows for various transfer codings to be applied to message
- bodies. These include various types of compression, and HTTP chunked
- encoding. Currently, only chunked encoding is supported by guile.
- Chunked coding is an optional coding that may be applied to message
- bodies, to allow messages whose length is not known beforehand to be
- returned. Such messages can be split into chunks, terminated by a final
- zero length chunk.
- In order to make dealing with encodings more simple, guile provides
- procedures to create ports that ``wrap'' existing ports, applying
- transformations transparently under the hood.
- These procedures are in the @code{(web http)} module.
- @example
- (use-modules (web http))
- @end example
- @deffn {Scheme Procedure} make-chunked-input-port port [#:keep-alive?=#f]
- Returns a new port, that transparently reads and decodes chunk-encoded
- data from @var{port}. If no more chunk-encoded data is available, it
- returns the end-of-file object. When the port is closed, @var{port} will
- also be closed, unless @var{keep-alive?} is true.
- @end deffn
- @example
- (use-modules (ice-9 rdelim))
- (define s "5\r\nFirst\r\nA\r\n line\n Sec\r\n8\r\nond line\r\n0\r\n")
- (define p (make-chunked-input-port (open-input-string s)))
- (read-line s)
- @result{} "First line"
- (read-line s)
- @result{} "Second line"
- @end example
- @deffn {Scheme Procedure} make-chunked-output-port port [#:keep-alive?=#f]
- Returns a new port, which transparently encodes data as chunk-encoded
- before writing it to @var{port}. Whenever a write occurs on this port,
- it buffers it, until the port is flushed, at which point it writes a
- chunk containing all the data written so far. When the port is closed,
- the data remaining is written to @var{port}, as is the terminating zero
- chunk. It also causes @var{port} to be closed, unless @var{keep-alive?}
- is true.
- Note. Forcing a chunked output port when there is no data is buffered
- does not write a zero chunk, as this would cause the data to be
- interpreted incorrectly by the client.
- @end deffn
- @example
- (call-with-output-string
- (lambda (out)
- (define out* (make-chunked-output-port out #:keep-alive? #t))
- (display "first chunk" out*)
- (force-output out*)
- (force-output out*) ; note this does not write a zero chunk
- (display "second chunk" out*)
- (close-port out*)))
- @result{} "b\r\nfirst chunk\r\nc\r\nsecond chunk\r\n0\r\n"
- @end example
- @node Requests
- @subsection HTTP Requests
- @example
- (use-modules (web request))
- @end example
- The request module contains a data type for HTTP requests.
- @subsubsection An Important Note on Character Sets
- HTTP requests consist of two parts: the request proper, consisting of a
- request line and a set of headers, and (optionally) a body. The body
- might have a binary content-type, and even in the textual case its
- length is specified in bytes, not characters.
- Therefore, HTTP is a fundamentally binary protocol. However the request
- line and headers are specified to be in a subset of ASCII, so they can
- be treated as text, provided that the port's encoding is set to an
- ASCII-compatible one-byte-per-character encoding. ISO-8859-1 (latin-1)
- is just such an encoding, and happens to be very efficient for Guile.
- So what Guile does when reading requests from the wire, or writing them
- out, is to set the port's encoding to latin-1, and treating the request
- headers as text.
- The request body is another issue. For binary data, the data is
- probably in a bytevector, so we use the R6RS binary output procedures to
- write out the binary payload. Textual data usually has to be written
- out to some character encoding, usually UTF-8, and then the resulting
- bytevector is written out to the port.
- In summary, Guile reads and writes HTTP over latin-1 sockets, without
- any loss of generality.
- @subsubsection Request API
- @deffn {Scheme Procedure} request? obj
- @deffnx {Scheme Procedure} request-method request
- @deffnx {Scheme Procedure} request-uri request
- @deffnx {Scheme Procedure} request-version request
- @deffnx {Scheme Procedure} request-headers request
- @deffnx {Scheme Procedure} request-meta request
- @deffnx {Scheme Procedure} request-port request
- A predicate and field accessors for the request type. The fields are as
- follows:
- @table @code
- @item method
- The HTTP method, for example, @code{GET}.
- @item uri
- The URI as a URI record.
- @item version
- The HTTP version pair, like @code{(1 . 1)}.
- @item headers
- The request headers, as an alist of parsed values.
- @item meta
- An arbitrary alist of other data, for example information returned in
- the @code{sockaddr} from @code{accept} (@pxref{Network Sockets and
- Communication}).
- @item port
- The port on which to read or write a request body, if any.
- @end table
- @end deffn
- @deffn {Scheme Procedure} read-request port [meta='()]
- Read an HTTP request from @var{port}, optionally attaching the given
- metadata, @var{meta}.
- As a side effect, sets the encoding on @var{port} to ISO-8859-1
- (latin-1), so that reading one character reads one byte. See the
- discussion of character sets above, for more information.
- Note that the body is not part of the request. Once you have read a
- request, you may read the body separately, and likewise for writing
- requests.
- @end deffn
- @deffn {Scheme Procedure} build-request uri [#:method='GET] @
- [#:version='(1 . 1)] [#:headers='()] [#:port=#f] [#:meta='()] @
- [#:validate-headers?=#t]
- Construct an HTTP request object. If @var{validate-headers?} is true,
- the headers are each run through their respective validators.
- @end deffn
- @deffn {Scheme Procedure} write-request r port
- Write the given HTTP request to @var{port}.
- Return a new request, whose @code{request-port} will continue writing
- on @var{port}, perhaps using some transfer encoding.
- @end deffn
- @deffn {Scheme Procedure} read-request-body r
- Reads the request body from @var{r}, as a bytevector. Return @code{#f}
- if there was no request body.
- @end deffn
- @deffn {Scheme Procedure} write-request-body r bv
- Write @var{bv}, a bytevector, to the port corresponding to the HTTP
- request @var{r}.
- @end deffn
- The various headers that are typically associated with HTTP requests may
- be accessed with these dedicated accessors. @xref{HTTP Headers}, for
- more information on the format of parsed headers.
- @deffn {Scheme Procedure} request-accept request [default='()]
- @deffnx {Scheme Procedure} request-accept-charset request [default='()]
- @deffnx {Scheme Procedure} request-accept-encoding request [default='()]
- @deffnx {Scheme Procedure} request-accept-language request [default='()]
- @deffnx {Scheme Procedure} request-allow request [default='()]
- @deffnx {Scheme Procedure} request-authorization request [default=#f]
- @deffnx {Scheme Procedure} request-cache-control request [default='()]
- @deffnx {Scheme Procedure} request-connection request [default='()]
- @deffnx {Scheme Procedure} request-content-encoding request [default='()]
- @deffnx {Scheme Procedure} request-content-language request [default='()]
- @deffnx {Scheme Procedure} request-content-length request [default=#f]
- @deffnx {Scheme Procedure} request-content-location request [default=#f]
- @deffnx {Scheme Procedure} request-content-md5 request [default=#f]
- @deffnx {Scheme Procedure} request-content-range request [default=#f]
- @deffnx {Scheme Procedure} request-content-type request [default=#f]
- @deffnx {Scheme Procedure} request-date request [default=#f]
- @deffnx {Scheme Procedure} request-expect request [default='()]
- @deffnx {Scheme Procedure} request-expires request [default=#f]
- @deffnx {Scheme Procedure} request-from request [default=#f]
- @deffnx {Scheme Procedure} request-host request [default=#f]
- @deffnx {Scheme Procedure} request-if-match request [default=#f]
- @deffnx {Scheme Procedure} request-if-modified-since request [default=#f]
- @deffnx {Scheme Procedure} request-if-none-match request [default=#f]
- @deffnx {Scheme Procedure} request-if-range request [default=#f]
- @deffnx {Scheme Procedure} request-if-unmodified-since request [default=#f]
- @deffnx {Scheme Procedure} request-last-modified request [default=#f]
- @deffnx {Scheme Procedure} request-max-forwards request [default=#f]
- @deffnx {Scheme Procedure} request-pragma request [default='()]
- @deffnx {Scheme Procedure} request-proxy-authorization request [default=#f]
- @deffnx {Scheme Procedure} request-range request [default=#f]
- @deffnx {Scheme Procedure} request-referer request [default=#f]
- @deffnx {Scheme Procedure} request-te request [default=#f]
- @deffnx {Scheme Procedure} request-trailer request [default='()]
- @deffnx {Scheme Procedure} request-transfer-encoding request [default='()]
- @deffnx {Scheme Procedure} request-upgrade request [default='()]
- @deffnx {Scheme Procedure} request-user-agent request [default=#f]
- @deffnx {Scheme Procedure} request-via request [default='()]
- @deffnx {Scheme Procedure} request-warning request [default='()]
- Return the given request header, or @var{default} if none was present.
- @end deffn
- @deffn {Scheme Procedure} request-absolute-uri r [default-host=#f] @
- [default-port=#f] [default-scheme=#f]
- A helper routine to determine the absolute URI of a request, using the
- @code{host} header and the default scheme, host and port. If there is
- no default scheme and the URI is not itself absolute, an error is
- signalled.
- @end deffn
- @node Responses
- @subsection HTTP Responses
- @example
- (use-modules (web response))
- @end example
- As with requests (@pxref{Requests}), Guile offers a data type for HTTP
- responses. Again, the body is represented separately from the request.
- @deffn {Scheme Procedure} response? obj
- @deffnx {Scheme Procedure} response-version response
- @deffnx {Scheme Procedure} response-code response
- @deffnx {Scheme Procedure} response-reason-phrase response
- @deffnx {Scheme Procedure} response-headers response
- @deffnx {Scheme Procedure} response-port response
- A predicate and field accessors for the response type. The fields are as
- follows:
- @table @code
- @item version
- The HTTP version pair, like @code{(1 . 1)}.
- @item code
- The HTTP response code, like @code{200}.
- @item reason-phrase
- The reason phrase, or the standard reason phrase for the response's
- code.
- @item headers
- The response headers, as an alist of parsed values.
- @item port
- The port on which to read or write a response body, if any.
- @end table
- @end deffn
- @deffn {Scheme Procedure} read-response port
- Read an HTTP response from @var{port}.
- As a side effect, sets the encoding on @var{port} to ISO-8859-1
- (latin-1), so that reading one character reads one byte. See the
- discussion of character sets in @ref{Responses}, for more information.
- @end deffn
- @deffn {Scheme Procedure} build-response [#:version='(1 . 1)] [#:code=200] [#:reason-phrase=#f] [#:headers='()] [#:port=#f] [#:validate-headers?=#t]
- Construct an HTTP response object. If @var{validate-headers?} is true,
- the headers are each run through their respective validators.
- @end deffn
- @deffn {Scheme Procedure} adapt-response-version response version
- Adapt the given response to a different HTTP version. Return a new HTTP
- response.
- The idea is that many applications might just build a response for the
- default HTTP version, and this method could handle a number of
- programmatic transformations to respond to older HTTP versions (0.9 and
- 1.0). But currently this function is a bit heavy-handed, just updating
- the version field.
- @end deffn
- @deffn {Scheme Procedure} write-response r port
- Write the given HTTP response to @var{port}.
- Return a new response, whose @code{response-port} will continue writing
- on @var{port}, perhaps using some transfer encoding.
- @end deffn
- @deffn {Scheme Procedure} response-must-not-include-body? r
- Some responses, like those with status code 304, are specified as never
- having bodies. This predicate returns @code{#t} for those responses.
- Note also, though, that responses to @code{HEAD} requests must also not
- have a body.
- @end deffn
- @deffn {Scheme Procedure} response-body-port r [#:decode?=#t] [#:keep-alive?=#t]
- Return an input port from which the body of @var{r} can be read. The encoding
- of the returned port is set according to @var{r}'s @code{content-type} header,
- when it's textual, except if @var{decode?} is @code{#f}. Return @code{#f}
- when no body is available.
- When @var{keep-alive?} is @code{#f}, closing the returned port also closes
- @var{r}'s response port.
- @end deffn
- @deffn {Scheme Procedure} read-response-body r
- Read the response body from @var{r}, as a bytevector. Returns @code{#f}
- if there was no response body.
- @end deffn
- @deffn {Scheme Procedure} write-response-body r bv
- Write @var{bv}, a bytevector, to the port corresponding to the HTTP
- response @var{r}.
- @end deffn
- As with requests, the various headers that are typically associated with
- HTTP responses may be accessed with these dedicated accessors.
- @xref{HTTP Headers}, for more information on the format of parsed
- headers.
- @deffn {Scheme Procedure} response-accept-ranges response [default=#f]
- @deffnx {Scheme Procedure} response-age response [default='()]
- @deffnx {Scheme Procedure} response-allow response [default='()]
- @deffnx {Scheme Procedure} response-cache-control response [default='()]
- @deffnx {Scheme Procedure} response-connection response [default='()]
- @deffnx {Scheme Procedure} response-content-encoding response [default='()]
- @deffnx {Scheme Procedure} response-content-language response [default='()]
- @deffnx {Scheme Procedure} response-content-length response [default=#f]
- @deffnx {Scheme Procedure} response-content-location response [default=#f]
- @deffnx {Scheme Procedure} response-content-md5 response [default=#f]
- @deffnx {Scheme Procedure} response-content-range response [default=#f]
- @deffnx {Scheme Procedure} response-content-type response [default=#f]
- @deffnx {Scheme Procedure} response-date response [default=#f]
- @deffnx {Scheme Procedure} response-etag response [default=#f]
- @deffnx {Scheme Procedure} response-expires response [default=#f]
- @deffnx {Scheme Procedure} response-last-modified response [default=#f]
- @deffnx {Scheme Procedure} response-location response [default=#f]
- @deffnx {Scheme Procedure} response-pragma response [default='()]
- @deffnx {Scheme Procedure} response-proxy-authenticate response [default=#f]
- @deffnx {Scheme Procedure} response-retry-after response [default=#f]
- @deffnx {Scheme Procedure} response-server response [default=#f]
- @deffnx {Scheme Procedure} response-trailer response [default='()]
- @deffnx {Scheme Procedure} response-transfer-encoding response [default='()]
- @deffnx {Scheme Procedure} response-upgrade response [default='()]
- @deffnx {Scheme Procedure} response-vary response [default='()]
- @deffnx {Scheme Procedure} response-via response [default='()]
- @deffnx {Scheme Procedure} response-warning response [default='()]
- @deffnx {Scheme Procedure} response-www-authenticate response [default=#f]
- Return the given response header, or @var{default} if none was present.
- @end deffn
- @deffn {Scheme Procedure} text-content-type? @var{type}
- Return @code{#t} if @var{type}, a symbol as returned by
- @code{response-content-type}, represents a textual type such as
- @code{text/plain}.
- @end deffn
- @node Web Client
- @subsection Web Client
- @code{(web client)} provides a simple, synchronous HTTP client, built on
- the lower-level HTTP, request, and response modules.
- @example
- (use-modules (web client))
- @end example
- @deffn {Scheme Procedure} open-socket-for-uri uri [#:verify-certificate? #t]
- Return an open input/output port for a connection to URI. Guile
- dynamically loads GnuTLS for HTTPS support.
- @xref{Guile Preparations,
- how to install the GnuTLS bindings for Guile,, gnutls-guile,
- GnuTLS-Guile}, for more information.
- @cindex certificate verification, for HTTPS
- When @var{verify-certificate?} is true, verify the server's X.509
- certificates against those read from @code{x509-certificate-directory}.
- When an error occurs---e.g., the server's certificate has expired, or
- its host name does not match---raise a @code{tls-certificate-error}
- exception. The arguments to the @code{tls-certificate-error} exception
- are:
- @enumerate
- @item
- a symbol indicating the failure cause, @code{host-mismatch} if the
- certificate's host name does not match the server's host name, and
- @code{invalid-certificate} for other causes;
- @item
- the server's X.509 certificate (@pxref{Guile Reference, GnuTLS Guile
- reference,, gnutls-guile, GnuTLS-Guile});
- @item
- the server's host name (a string);
- @item
- in the case of @code{invalid-certificate} errors, a list of GnuTLS
- certificate status values---one of the @code{certificate-status/}
- constants, such as @code{certificate-status/signer-not-found} or
- @code{certificate-status/revoked}.
- @end enumerate
- @end deffn
- @anchor{http-request}@deffn {Scheme Procedure} http-request @var{uri} @var{arg}@dots{}
- Connect to the server corresponding to @var{uri} and make a request over
- HTTP, using @var{method} (@code{GET}, @code{HEAD}, @code{POST}, etc.).
- The following keyword arguments allow you to modify the requests in
- various ways, for example attaching a body to the request, or setting
- specific headers. The following table lists the keyword arguments and
- their default values.
- @table @code
- @item #:method 'GET
- @item #:body #f
- @item #:verify-certificate? #t
- @item #:port (open-socket-for-uri @var{uri} #:verify-certificate? @var{verify-certificate?})
- @item #:version '(1 . 1)
- @item #:keep-alive? #f
- @item #:headers '()
- @item #:decode-body? #t
- @item #:streaming? #f
- @end table
- If you already have a port open, pass it as @var{port}. Otherwise, a
- connection will be opened to the server corresponding to @var{uri}. Any
- extra headers in the alist @var{headers} will be added to the request.
- If @var{body} is not @code{#f}, a message body will also be sent with
- the HTTP request. If @var{body} is a string, it is encoded according to
- the content-type in @var{headers}, defaulting to UTF-8. Otherwise
- @var{body} should be a bytevector, or @code{#f} for no body. Although a
- message body may be sent with any request, usually only @code{POST} and
- @code{PUT} requests have bodies.
- If @var{decode-body?} is true, as is the default, the body of the
- response will be decoded to string, if it is a textual content-type.
- Otherwise it will be returned as a bytevector.
- However, if @var{streaming?} is true, instead of eagerly reading the
- response body from the server, this function only reads off the headers.
- The response body will be returned as a port on which the data may be
- read.
- Unless @var{keep-alive?} is true, the port will be closed after the full
- response body has been read.
- If @var{port} is false, @var{uri} denotes an HTTPS URL, and @var{verify-certificate?} is
- true, verify X.509 certificates against those available in
- @code{x509-certificate-directory}.
- Returns two values: the response read from the server, and the response
- body as a string, bytevector, #f value, or as a port (if
- @var{streaming?} is true).
- @end deffn
- @deffn {Scheme Procedure} http-get @var{uri} @var{arg}@dots{}
- @deffnx {Scheme Procedure} http-head @var{uri} @var{arg}@dots{}
- @deffnx {Scheme Procedure} http-post @var{uri} @var{arg}@dots{}
- @deffnx {Scheme Procedure} http-put @var{uri} @var{arg}@dots{}
- @deffnx {Scheme Procedure} http-delete @var{uri} @var{arg}@dots{}
- @deffnx {Scheme Procedure} http-trace @var{uri} @var{arg}@dots{}
- @deffnx {Scheme Procedure} http-options @var{uri} @var{arg}@dots{}
- Connect to the server corresponding to @var{uri} and make a request over
- HTTP, using the appropriate method (@code{GET}, @code{HEAD},
- @code{POST}, etc.).
- These procedures are variants of @code{http-request} specialized with a
- specific @var{method} argument, and have the same prototype: a URI
- followed by an optional sequence of keyword arguments.
- @xref{http-request}, for full documentation on the various keyword
- arguments.
- @end deffn
- @defvr {Scheme Parameter} x509-certificate-directory
- @cindex X.509 certificate directory
- @cindex HTTPS, X.509 certificates
- @cindex certificates, for HTTPS
- This parameter gives the name of the directory where X.509 certificates
- for HTTPS connections should be looked for.
- Its default value is one of:
- @itemize
- @item
- @vindex GUILE_TLS_CERTIFICATE_DIRECTORY
- the value of the @env{GUILE_TLS_CERTIFICATE_DIRECTORY} environment
- variable;
- @item
- @vindex SSL_CERT_DIR
- or the value of the @env{SSL_CERT_DIR} environment variable (also
- honored by the OpenSSL library);
- @item
- or, as a last resort, @code{"/etc/ssl/certs"}.
- @end itemize
- X.509 certificates are used when authenticating the identity of a remote
- site, when the @code{#:verify-certificate?} argument to
- @code{open-socket-for-uri}, to @code{http-request}, or to related
- procedures is true.
- @end defvr
- @code{http-get} is useful for making one-off requests to web sites. If
- you are writing a web spider or some other client that needs to handle a
- number of requests in parallel, it's better to build an event-driven URL
- fetcher, similar in structure to the web server (@pxref{Web Server}).
- Another option, good but not as performant, would be to use threads,
- possibly via par-map or futures.
- @deffn {Scheme Parameter} current-http-proxy
- @deffnx {Scheme Parameter} current-https-proxy
- Either @code{#f} or a non-empty string containing the URL of the HTTP
- or HTTPS proxy server to be used by the procedures in the @code{(web client)}
- module, including @code{open-socket-for-uri}. Its initial value is
- based on the @env{http_proxy} and @env{https_proxy} environment variables.
- @example
- (current-http-proxy) @result{} "http://localhost:8123/"
- (parameterize ((current-http-proxy #f))
- (http-get "http://example.com/")) ; temporarily bypass proxy
- (current-http-proxy) @result{} "http://localhost:8123/"
- @end example
- @end deffn
- @node Web Server
- @subsection Web Server
- @code{(web server)} is a generic web server interface, along with a main
- loop implementation for web servers controlled by Guile.
- @example
- (use-modules (web server))
- @end example
- The lowest layer is the @code{<server-impl>} object, which defines a set
- of hooks to open a server, read a request from a client, write a
- response to a client, and close a server. These hooks -- @code{open},
- @code{read}, @code{write}, and @code{close}, respectively -- are bound
- together in a @code{<server-impl>} object. Procedures in this module take a
- @code{<server-impl>} object, if needed.
- A @code{<server-impl>} may also be looked up by name. If you pass the
- @code{http} symbol to @code{run-server}, Guile looks for a variable
- named @code{http} in the @code{(web server http)} module, which should
- be bound to a @code{<server-impl>} object. Such a binding is made by
- instantiation of the @code{define-server-impl} syntax. In this way the
- run-server loop can automatically load other backends if available.
- The life cycle of a server goes as follows:
- @enumerate
- @item
- The @code{open} hook is called, to open the server. @code{open} takes
- zero or more arguments, depending on the backend, and returns an opaque
- server socket object, or signals an error.
- @item
- The @code{read} hook is called, to read a request from a new client.
- The @code{read} hook takes one argument, the server socket. It should
- return three values: an opaque client socket, the request, and the
- request body. The request should be a @code{<request>} object, from
- @code{(web request)}. The body should be a string or a bytevector, or
- @code{#f} if there is no body.
- If the read failed, the @code{read} hook may return #f for the client
- socket, request, and body.
- @item
- A user-provided handler procedure is called, with the request and body
- as its arguments. The handler should return two values: the response,
- as a @code{<response>} record from @code{(web response)}, and the
- response body as bytevector, or @code{#f} if not present.
- The respose and response body are run through @code{sanitize-response},
- documented below. This allows the handler writer to take some
- convenient shortcuts: for example, instead of a @code{<response>}, the
- handler can simply return an alist of headers, in which case a default
- response object is constructed with those headers. Instead of a
- bytevector for the body, the handler can return a string, which will be
- serialized into an appropriate encoding; or it can return a procedure,
- which will be called on a port to write out the data. See the
- @code{sanitize-response} documentation, for more.
- @item
- The @code{write} hook is called with three arguments: the client
- socket, the response, and the body. The @code{write} hook returns no
- values.
- @item
- At this point the request handling is complete. For a loop, we
- loop back and try to read a new request.
- @item
- If the user interrupts the loop, the @code{close} hook is called on
- the server socket.
- @end enumerate
- A user may define a server implementation with the following form:
- @deffn {Scheme Syntax} define-server-impl name open read write close
- Make a @code{<server-impl>} object with the hooks @var{open},
- @var{read}, @var{write}, and @var{close}, and bind it to the symbol
- @var{name} in the current module.
- @end deffn
- @deffn {Scheme Procedure} lookup-server-impl impl
- Look up a server implementation. If @var{impl} is a server
- implementation already, it is returned directly. If it is a symbol, the
- binding named @var{impl} in the @code{(web server @var{impl})} module is
- looked up. Otherwise an error is signaled.
- Currently a server implementation is a somewhat opaque type, useful only
- for passing to other procedures in this module, like @code{read-client}.
- @end deffn
- The @code{(web server)} module defines a number of routines that use
- @code{<server-impl>} objects to implement parts of a web server. Given
- that we don't expose the accessors for the various fields of a
- @code{<server-impl>}, indeed these routines are the only procedures with
- any access to the impl objects.
- @deffn {Scheme Procedure} open-server impl open-params
- Open a server for the given implementation. Return one value, the new
- server object. The implementation's @code{open} procedure is applied to
- @var{open-params}, which should be a list.
- @end deffn
- @deffn {Scheme Procedure} read-client impl server
- Read a new client from @var{server}, by applying the implementation's
- @code{read} procedure to the server. If successful, return three
- values: an object corresponding to the client, a request object, and the
- request body. If any exception occurs, return @code{#f} for all three
- values.
- @end deffn
- @deffn {Scheme Procedure} handle-request handler request body state
- Handle a given request, returning the response and body.
- The response and response body are produced by calling the given
- @var{handler} with @var{request} and @var{body} as arguments.
- The elements of @var{state} are also passed to @var{handler} as
- arguments, and may be returned as additional values. The new
- @var{state}, collected from the @var{handler}'s return values, is then
- returned as a list. The idea is that a server loop receives a handler
- from the user, along with whatever state values the user is interested
- in, allowing the user's handler to explicitly manage its state.
- @end deffn
- @deffn {Scheme Procedure} sanitize-response request response body
- ``Sanitize'' the given response and body, making them appropriate for
- the given request.
- As a convenience to web handler authors, @var{response} may be given as
- an alist of headers, in which case it is used to construct a default
- response. Ensures that the response version corresponds to the request
- version. If @var{body} is a string, encodes the string to a bytevector,
- in an encoding appropriate for @var{response}. Adds a
- @code{content-length} and @code{content-type} header, as necessary.
- If @var{body} is a procedure, it is called with a port as an argument,
- and the output collected as a bytevector. In the future we might try to
- instead use a compressing, chunk-encoded port, and call this procedure
- later, in the write-client procedure. Authors are advised not to rely on
- the procedure being called at any particular time.
- @end deffn
- @deffn {Scheme Procedure} write-client impl server client response body
- Write an HTTP response and body to @var{client}. If the server and
- client support persistent connections, it is the implementation's
- responsibility to keep track of the client thereafter, presumably by
- attaching it to the @var{server} argument somehow.
- @end deffn
- @deffn {Scheme Procedure} close-server impl server
- Release resources allocated by a previous invocation of
- @code{open-server}.
- @end deffn
- Given the procedures above, it is a small matter to make a web server:
- @deffn {Scheme Procedure} serve-one-client handler impl server state
- Read one request from @var{server}, call @var{handler} on the request
- and body, and write the response to the client. Return the new state
- produced by the handler procedure.
- @end deffn
- @deffn {Scheme Procedure} run-server handler @
- [impl='http] [open-params='()] @
- arg @dots{}
- Run Guile's built-in web server.
- @var{handler} should be a procedure that takes two or more arguments,
- the HTTP request and request body, and returns two or more values, the
- response and response body.
- For examples, skip ahead to the next section, @ref{Web Examples}.
- The response and body will be run through @code{sanitize-response}
- before sending back to the client.
- Additional arguments to @var{handler} are taken from @var{arg}
- @enddots{}. These arguments comprise a @dfn{state}. Additional return
- values are accumulated into a new state, which will be used for
- subsequent requests. In this way a handler can explicitly manage its
- state.
- @end deffn
- The default web server implementation is @code{http}, which binds to a
- socket, listening for request on that port.
- @deffn {HTTP Implementation} http [#:host=#f] @
- [#:family=AF_INET] @
- [#:addr=INADDR_LOOPBACK] @
- [#:port 8080] [#:socket]
- The default HTTP implementation. We document it as a function with
- keyword arguments, because that is precisely the way that it is -- all
- of the @var{open-params} to @code{run-server} get passed to the
- implementation's open function.
- @example
- ;; The defaults: localhost:8080
- (run-server handler)
- ;; Same thing
- (run-server handler 'http '())
- ;; On a different port
- (run-server handler 'http '(#:port 8081))
- ;; IPv6
- (run-server handler 'http '(#:family AF_INET6 #:port 8081))
- ;; Custom socket
- (run-server handler 'http `(#:socket ,(sudo-make-me-a-socket)))
- @end example
- @end deffn
- @node Web Examples
- @subsection Web Examples
- Well, enough about the tedious internals. Let's make a web application!
- @subsubsection Hello, World!
- The first program we have to write, of course, is ``Hello, World!''.
- This means that we have to implement a web handler that does what we
- want.
- Now we define a handler, a function of two arguments and two return
- values:
- @example
- (define (handler request request-body)
- (values @var{response} @var{response-body}))
- @end example
- In this first example, we take advantage of a short-cut, returning an
- alist of headers instead of a proper response object. The response body
- is our payload:
- @example
- (define (hello-world-handler request request-body)
- (values '((content-type . (text/plain)))
- "Hello World!"))
- @end example
- Now let's test it, by running a server with this handler. Load up the
- web server module if you haven't yet done so, and run a server with this
- handler:
- @example
- (use-modules (web server))
- (run-server hello-world-handler)
- @end example
- By default, the web server listens for requests on
- @code{localhost:8080}. Visit that address in your web browser to
- test. If you see the string, @code{Hello World!}, sweet!
- @subsubsection Inspecting the Request
- The Hello World program above is a general greeter, responding to all
- URIs. To make a more exclusive greeter, we need to inspect the request
- object, and conditionally produce different results. So let's load up
- the request, response, and URI modules, and do just that.
- @example
- (use-modules (web server)) ; you probably did this already
- (use-modules (web request)
- (web response)
- (web uri))
- (define (request-path-components request)
- (split-and-decode-uri-path (uri-path (request-uri request))))
- (define (hello-hacker-handler request body)
- (if (equal? (request-path-components request)
- '("hacker"))
- (values '((content-type . (text/plain)))
- "Hello hacker!")
- (not-found request)))
- (run-server hello-hacker-handler)
- @end example
- Here we see that we have defined a helper to return the components of
- the URI path as a list of strings, and used that to check for a request
- to @code{/hacker/}. Then the success case is just as before -- visit
- @code{http://localhost:8080/hacker/} in your browser to check.
- You should always match against URI path components as decoded by
- @code{split-and-decode-uri-path}. The above example will work for
- @code{/hacker/}, @code{//hacker///}, and @code{/h%61ck%65r}.
- But we forgot to define @code{not-found}! If you are pasting these
- examples into a REPL, accessing any other URI in your web browser will
- drop your Guile console into the debugger:
- @example
- <unnamed port>:38:7: In procedure module-lookup:
- <unnamed port>:38:7: Unbound variable: not-found
- Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.
- scheme@@(guile-user) [1]>
- @end example
- So let's define the function, right there in the debugger. As you
- probably know, we'll want to return a 404 response.
- @example
- ;; Paste this in your REPL
- (define (not-found request)
- (values (build-response #:code 404)
- (string-append "Resource not found: "
- (uri->string (request-uri request)))))
- ;; Now paste this to let the web server keep going:
- ,continue
- @end example
- Now if you access @code{http://localhost/foo/}, you get this error
- message. (Note that some popular web browsers won't show
- server-generated 404 messages, showing their own instead, unless the 404
- message body is long enough.)
- @subsubsection Higher-Level Interfaces
- The web handler interface is a common baseline that all kinds of Guile
- web applications can use. You will usually want to build something on
- top of it, however, especially when producing HTML. Here is a simple
- example that builds up HTML output using SXML (@pxref{SXML}).
- First, load up the modules:
- @example
- (use-modules (web server)
- (web request)
- (web response)
- (sxml simple))
- @end example
- Now we define a simple templating function that takes a list of HTML
- body elements, as SXML, and puts them in our super template:
- @example
- (define (templatize title body)
- `(html (head (title ,title))
- (body ,@@body)))
- @end example
- For example, the simplest Hello HTML can be produced like this:
- @example
- (sxml->xml (templatize "Hello!" '((b "Hi!"))))
- @print{}
- <html><head><title>Hello!</title></head><body><b>Hi!</b></body></html>
- @end example
- Much better to work with Scheme data types than to work with HTML as
- strings. Now we define a little response helper:
- @example
- (define* (respond #:optional body #:key
- (status 200)
- (title "Hello hello!")
- (doctype "<!DOCTYPE html>\n")
- (content-type-params '((charset . "utf-8")))
- (content-type 'text/html)
- (extra-headers '())
- (sxml (and body (templatize title body))))
- (values (build-response
- #:code status
- #:headers `((content-type
- . (,content-type ,@@content-type-params))
- ,@@extra-headers))
- (lambda (port)
- (if sxml
- (begin
- (if doctype (display doctype port))
- (sxml->xml sxml port))))))
- @end example
- Here we see the power of keyword arguments with default initializers. By
- the time the arguments are fully parsed, the @code{sxml} local variable
- will hold the templated SXML, ready for sending out to the client.
- Also, instead of returning the body as a string, @code{respond} gives a
- procedure, which will be called by the web server to write out the
- response to the client.
- Now, a simple example using this responder, which lays out the incoming
- headers in an HTML table.
- @example
- (define (debug-page request body)
- (respond
- `((h1 "hello world!")
- (table
- (tr (th "header") (th "value"))
- ,@@(map (lambda (pair)
- `(tr (td (tt ,(with-output-to-string
- (lambda () (display (car pair))))))
- (td (tt ,(with-output-to-string
- (lambda ()
- (write (cdr pair))))))))
- (request-headers request))))))
- (run-server debug-page)
- @end example
- Now if you visit any local address in your web browser, we actually see
- some HTML, finally.
- @subsubsection Conclusion
- Well, this is about as far as Guile's built-in web support goes, for
- now. There are many ways to make a web application, but hopefully by
- standardizing the most fundamental data types, users will be able to
- choose the approach that suits them best, while also being able to
- switch between implementations of the server. This is a relatively new
- part of Guile, so if you have feedback, let us know, and we can take it
- into account. Happy hacking on the web!
- @c Local Variables:
- @c TeX-master: "guile.texi"
- @c End:
|