X-Git-Url: http://git.cielonegro.org/gitweb.cgi?a=blobdiff_plain;f=Network%2FHTTP%2FLucu%2FResource.hs;h=696abf1b1311e55c5f13f4eca54a45ea02ea0146;hb=1f0a19cbad7c4b64a773d7f1c1ae9180448624e6;hp=bc4bf3336389d959aa5bfedefcb857bf0e13b163;hpb=9961a721f98b101825ef154a2122c1fc2fa6d1ac;p=Lucu.git diff --git a/Network/HTTP/Lucu/Resource.hs b/Network/HTTP/Lucu/Resource.hs index bc4bf33..696abf1 100644 --- a/Network/HTTP/Lucu/Resource.hs +++ b/Network/HTTP/Lucu/Resource.hs @@ -1,14 +1,819 @@ +{-# LANGUAGE + GeneralizedNewtypeDeriving + , DoAndIfThenElse + , OverloadedStrings + , RecordWildCards + , UnicodeSyntax + #-} +-- |This is the Resource Monad; monadic actions to define the behavior +-- of each resources. The 'Resource' Monad is a kind of 'Prelude.IO' +-- Monad thus it implements 'Control.Monad.Trans.MonadIO' class. It is +-- also a state machine. +-- +-- Request Processing Flow: +-- +-- 1. A client issues an HTTP request. +-- +-- 2. If the URI of it matches to any resource, the corresponding +-- 'Resource' Monad starts running on a newly spawned thread. +-- +-- 3. The 'Resource' Monad looks at the request header, find (or not +-- find) an entity, receive the request body (if any), decide the +-- response header, and decide the response body. This process +-- will be discussed later. +-- +-- 4. The 'Resource' Monad and its thread stops running. The client +-- may or may not be sending us the next request at this point. +-- +-- 'Resource' Monad takes the following states. The initial state is +-- /Examining Request/ and the final state is /Done/. +-- +-- [/Examining Request/] In this state, a 'Resource' looks at the +-- request header and thinks about an entity for it. If there is a +-- suitable entity, the 'Resource' tells the system an entity tag +-- and its last modification time ('foundEntity'). If it found no +-- entity, it tells the system so ('foundNoEntity'). In case it is +-- impossible to decide the existence of entity, which is a typical +-- case for POST requests, 'Resource' does nothing in this state. +-- +-- [/Getting Body/] A 'Resource' asks the system to receive a +-- request body from client. Before actually reading from the +-- socket, the system sends \"100 Continue\" to the client if need +-- be. When a 'Resource' transits to the next state without +-- receiving all or part of request body, the system still reads it +-- and just throws it away. +-- +-- [/Deciding Header/] A 'Resource' makes a decision of status code +-- and response header. When it transits to the next state, the +-- system checks the validness of response header and then write +-- them to the socket. +-- +-- [/Deciding Body/] In this state, a 'Resource' asks the system to +-- write some response body to the socket. When it transits to the +-- next state without writing any response body, the system +-- completes it depending on the status code. +-- +-- [/Done/] Everything is over. A 'Resource' can do nothing for the +-- HTTP interaction anymore. +-- +-- Note that the state transition is one-way: for instance, it is an +-- error to try to read a request body after writing some +-- response. This limitation is for efficiency. We don't want to read +-- the entire request before starting 'Resource', nor we don't want to +-- postpone writing the entire response till the end of 'Resource' +-- computation. module Network.HTTP.Lucu.Resource - ( Resource + ( + -- * Types + Resource + , FormData(..) + + -- * Getting request header + -- |These actions can be computed regardless of the current state, + -- and they don't change the state. + , getConfig + , getRemoteAddr + , getRemoteAddr' + , getRemoteHost + , getRemoteCertificate + , getRequest + , getMethod + , getRequestURI + , getRequestVersion + , getResourcePath + , getPathInfo + , getQueryForm + , getHeader + , getAccept + , getAcceptEncoding + , isEncodingAcceptable + , getContentType + , getAuthorization + + -- * Finding an entity + -- |These actions can be computed only in the /Examining Request/ + -- state. After the computation, the 'Resource' transits to + -- /Getting Body/ state. + , foundEntity + , foundETag + , foundTimeStamp + , foundNoEntity + + -- * Getting a request body + -- |Computation of these actions changes the state to /Getting + -- Body/. + , getChunk + , getChunks + , getForm + , defaultLimit + + -- * Setting response headers + -- |Computation of these actions changes the state to /Deciding + -- Header/. + , setStatus + , redirect + , setContentType + , setContentEncoding + , setWWWAuthenticate + + -- ** Less frequently used functions + , setLocation + , setHeader + , deleteHeader + + -- * Writing a response body + -- |Computation of these actions changes the state to /Deciding + -- Body/. + , putChunk + , putChunks + , putBuilder ) where +import Blaze.ByteString.Builder (Builder) +import qualified Blaze.ByteString.Builder.ByteString as BB +import Control.Applicative +import Control.Concurrent.STM +import Control.Monad +import Control.Monad.IO.Class +import Control.Monad.Unicode +import Data.Ascii (Ascii, CIAscii) +import qualified Data.Ascii as A +import qualified Data.Attoparsec.Char8 as P +import qualified Data.Attoparsec.Lazy as LP +import Data.ByteString (ByteString) +import qualified Data.ByteString as Strict +import qualified Data.ByteString.Lazy as Lazy +import Data.Foldable (toList) +import Data.List +import qualified Data.Map as M +import Data.Maybe +import Data.Monoid.Unicode +import Data.Sequence (Seq) +import Data.Text (Text) +import qualified Data.Text as T +import qualified Data.Text.Encoding as T +import Data.Time +import qualified Data.Time.HTTP as HTTP +import Network.HTTP.Lucu.Abortion +import Network.HTTP.Lucu.Authorization +import Network.HTTP.Lucu.Config +import Network.HTTP.Lucu.ContentCoding +import Network.HTTP.Lucu.ETag +import qualified Network.HTTP.Lucu.Headers as H +import Network.HTTP.Lucu.HttpVersion +import Network.HTTP.Lucu.Interaction +import Network.HTTP.Lucu.MultipartForm +import Network.HTTP.Lucu.Postprocess +import Network.HTTP.Lucu.Request +import Network.HTTP.Lucu.Resource.Internal +import Network.HTTP.Lucu.Response +import Network.HTTP.Lucu.MIMEType +import Network.HTTP.Lucu.Utils +import Network.Socket hiding (accept) +import Network.URI hiding (path) +import OpenSSL.X509 +import Prelude.Unicode + +-- |Get the 'Config' value which is used for the httpd. +getConfig ∷ Resource Config +getConfig = itrConfig <$> getInteraction + +-- |Get the 'SockAddr' of the remote host. If you want a string +-- representation instead of 'SockAddr', use 'getRemoteAddr''. +getRemoteAddr ∷ Resource SockAddr +getRemoteAddr = itrRemoteAddr <$> getInteraction + +-- |Get the string representation of the address of remote host. If +-- you want a 'SockAddr' instead of 'String', use 'getRemoteAddr'. +getRemoteAddr' ∷ Resource HostName +getRemoteAddr' + = do sa ← getRemoteAddr + (Just a, _) ← liftIO $ getNameInfo [NI_NUMERICHOST] True False sa + return a + +-- |Resolve an address to the remote host. +getRemoteHost ∷ Resource (Maybe HostName) +getRemoteHost + = do sa ← getRemoteAddr + fst <$> (liftIO $ getNameInfo [] True False sa) + +-- | Return the X.509 certificate of the client, or 'Nothing' if: +-- +-- * This request didn't came through an SSL stream. +-- +-- * The client didn't send us its certificate. +-- +-- * The 'OpenSSL.Session.VerificationMode' of +-- 'OpenSSL.Session.SSLContext' in 'SSLConfig' has not been set to +-- 'OpenSSL.Session.VerifyPeer'. +getRemoteCertificate ∷ Resource (Maybe X509) +getRemoteCertificate = itrRemoteCert <$> getInteraction + +-- |Get the 'Method' value of the request. +getMethod ∷ Resource Method +getMethod = reqMethod <$> getRequest + +-- |Get the URI of the request. +getRequestURI ∷ Resource URI +getRequestURI = reqURI <$> getRequest + +-- |Get the HTTP version of the request. +getRequestVersion ∷ Resource HttpVersion +getRequestVersion = reqVersion <$> getRequest + +-- |Get the path of this 'Resource' (to be exact, +-- 'Network.HTTP.Lucu.Resource.Tree.ResourceDef') in the +-- 'Network.HTTP.Lucu.Resource.Tree.ResTree'. The result of this +-- action is the exact path in the tree even when the +-- 'Network.HTTP.Lucu.Resource.Tree.ResourceDef' is greedy. +-- +-- Example: +-- +-- > main = let tree = mkResTree [ (["foo"], resFoo) ] +-- > in runHttpd defaultConfig tree +-- > +-- > resFoo = ResourceDef { +-- > resIsGreedy = True +-- > , resGet = Just $ do requestURI <- getRequestURI +-- > resourcePath <- getResourcePath +-- > pathInfo <- getPathInfo +-- > -- uriPath requestURI == "/foo/bar/baz" +-- > -- resourcePath == ["foo"] +-- > -- pathInfo == ["bar", "baz"] +-- > ... +-- > , ... +-- > } +getResourcePath ∷ Resource [Text] +getResourcePath = (fromJust ∘ itrResourcePath) <$> getInteraction + +-- |This is an analogy of CGI PATH_INFO. The result is +-- URI-unescaped. It is always @[]@ if the +-- 'Network.HTTP.Lucu.Resource.Tree.ResourceDef' is not greedy. See +-- 'getResourcePath'. +-- +-- Note that the returned path is URI-decoded and then UTF-8 decoded. +getPathInfo ∷ Resource [Text] +getPathInfo = do rsrcPath ← getResourcePath + reqPath ← splitPathInfo <$> getRequestURI + -- rsrcPath と reqPath の共通する先頭部分を reqPath か + -- ら全部取り除くと、それは PATH_INFO のやうなものにな + -- る。rsrcPath は全部一致してゐるに決まってゐる(でな + -- ければこの Resource が撰ばれた筈が無い)ので、 + -- rsrcPath の長さの分だけ削除すれば良い。 + return $ drop (length rsrcPath) reqPath + +-- |Assume the query part of request URI as +-- application\/x-www-form-urlencoded, and parse it to pairs of +-- @(name, formData)@. This action doesn't parse the request body. See +-- 'inputForm'. Field names are decoded in UTF-8. +getQueryForm ∷ Resource [(Text, FormData)] +getQueryForm = parse' <$> getRequestURI + where + parse' = map toPairWithFormData ∘ + parseWWWFormURLEncoded ∘ + fromJust ∘ + A.fromChars ∘ + drop 1 ∘ + uriQuery + +toPairWithFormData ∷ (ByteString, ByteString) → (Text, FormData) +toPairWithFormData (name, value) + = let fd = FormData { + fdFileName = Nothing + , fdContent = Lazy.fromChunks [value] + } + in (T.decodeUtf8 name, fd) + +-- |Get a value of given request header. Comparison of header name is +-- case-insensitive. Note that this action is not intended to be used +-- so frequently: there should be actions like 'getContentType' for +-- every common headers. +getHeader ∷ CIAscii → Resource (Maybe Ascii) +getHeader name + = H.getHeader name <$> getRequest + +-- |Get a list of 'MIMEType' enumerated on header \"Accept\". +getAccept ∷ Resource [MIMEType] +getAccept + = do acceptM ← getHeader "Accept" + case acceptM of + Nothing + → return [] + Just accept + → case P.parseOnly p (A.toByteString accept) of + Right xs → return xs + Left _ → abort BadRequest [] + (Just $ "Unparsable Accept: " ⊕ A.toText accept) + where + p = do xs ← mimeTypeListP + P.endOfInput + return xs + +-- |Get a list of @(contentCoding, qvalue)@ enumerated on header +-- \"Accept-Encoding\". The list is sorted in descending order by +-- qvalue. +getAcceptEncoding ∷ Resource [(CIAscii, Maybe Double)] +getAcceptEncoding + = do accEncM ← getHeader "Accept-Encoding" + case accEncM of + Nothing + -- HTTP/1.0 には Accept-Encoding が無い場合の規定が無い + -- ので安全の爲 identity が指定された事にする。HTTP/1.1 + -- の場合は何でも受け入れて良い事になってゐるので "*" が + -- 指定された事にする。 + → do ver ← getRequestVersion + case ver of + HttpVersion 1 0 → return [("identity", Nothing)] + HttpVersion 1 1 → return [("*" , Nothing)] + _ → abort InternalServerError [] + (Just "getAcceptEncoding: unknown HTTP version") + Just ae + → if ae ≡ "" then + -- identity のみが許される。 + return [("identity", Nothing)] + else + case P.parseOnly p (A.toByteString ae) of + Right xs → return $ map toTuple $ reverse $ sort xs + Left _ → abort BadRequest [] + (Just $ "Unparsable Accept-Encoding: " ⊕ A.toText ae) + where + p = do xs ← acceptEncodingListP + P.endOfInput + return xs + + toTuple (AcceptEncoding {..}) + = (aeEncoding, aeQValue) + +-- |Check whether a given content-coding is acceptable. +isEncodingAcceptable ∷ CIAscii → Resource Bool +isEncodingAcceptable encoding = any f <$> getAcceptEncoding + where + f (e, q) + = (e ≡ "*" ∨ e ≡ encoding) ∧ q ≢ Just 0 + +-- |Get the header \"Content-Type\" as 'MIMEType'. +getContentType ∷ Resource (Maybe MIMEType) +getContentType + = do cTypeM ← getHeader "Content-Type" + case cTypeM of + Nothing + → return Nothing + Just cType + → case P.parseOnly p (A.toByteString cType) of + Right t → return $ Just t + Left _ → abort BadRequest [] + (Just $ "Unparsable Content-Type: " ⊕ A.toText cType) + where + p = do t ← mimeTypeP + P.endOfInput + return t + +-- |Get the header \"Authorization\" as 'AuthCredential'. +getAuthorization ∷ Resource (Maybe AuthCredential) +getAuthorization + = do authM ← getHeader "Authorization" + case authM of + Nothing + → return Nothing + Just auth + → case P.parseOnly p (A.toByteString auth) of + Right ac → return $ Just ac + Left _ → return Nothing + where + p = do ac ← authCredentialP + P.endOfInput + return ac + + +-- Finding an entity + +-- |Tell the system that the 'Resource' found an entity for the +-- request URI. If this is a GET or HEAD request, a found entity means +-- a datum to be replied. If this is a PUT or DELETE request, it means +-- a datum which was stored for the URI until now. It is an error to +-- compute 'foundEntity' if this is a POST request. +-- +-- Computation of 'foundEntity' performs \"If-Match\" test or +-- \"If-None-Match\" test if possible. When those tests fail, the +-- computation of 'Resource' immediately aborts with status \"412 +-- Precondition Failed\" or \"304 Not Modified\" depending on the +-- situation. +-- +-- If this is a GET or HEAD request, 'foundEntity' automatically puts +-- \"ETag\" and \"Last-Modified\" headers into the response. +foundEntity ∷ ETag → UTCTime → Resource () +foundEntity tag timeStamp + = do driftTo ExaminingRequest + + method ← getMethod + when (method ≡ GET ∨ method ≡ HEAD) + $ setHeader' "Last-Modified" (HTTP.toAscii timeStamp) + when (method ≡ POST) + $ abort InternalServerError [] + (Just "Illegal computation of foundEntity for a POST request.") + foundETag tag + + driftTo GettingBody + +-- |Tell the system that the 'Resource' found an entity for the +-- request URI. The only difference from 'foundEntity' is that +-- 'foundETag' doesn't (and can't) put \"Last-Modified\" header into +-- the response. +-- +-- This action is not preferred. You should use 'foundEntity' whenever +-- possible. +foundETag ∷ ETag → Resource () +foundETag tag + = do driftTo ExaminingRequest + + method ← getMethod + when (method ≡ GET ∨ method ≡ HEAD) + $ setHeader' "ETag" + $ A.fromAsciiBuilder + $ printETag tag + when (method ≡ POST) + $ abort InternalServerError [] + (Just "Illegal computation of foundETag for POST request.") + + -- If-Match があればそれを見る。 + ifMatch ← getHeader "If-Match" + case ifMatch of + Nothing → return () + Just value → if value ≡ "*" then + return () + else + case P.parseOnly p (A.toByteString value) of + Right tags + -- tags の中に一致するものが無ければ + -- PreconditionFailed で終了。 + → when ((¬) (any (≡ tag) tags)) + $ abort PreconditionFailed [] + (Just $ "The entity tag doesn't match: " ⊕ A.toText value) + Left _ + → abort BadRequest [] (Just $ "Unparsable If-Match: " ⊕ A.toText value) + + let statusForNoneMatch + = if method ≡ GET ∨ method ≡ HEAD then + NotModified + else + PreconditionFailed + + -- If-None-Match があればそれを見る。 + ifNoneMatch ← getHeader "If-None-Match" + case ifNoneMatch of + Nothing → return () + Just value → if value ≡ "*" then + abort statusForNoneMatch [] (Just "The entity tag matches: *") + else + case P.parseOnly p (A.toByteString value) of + Right tags + → when (any (≡ tag) tags) + $ abort statusForNoneMatch [] + (Just $ "The entity tag matches: " ⊕ A.toText value) + Left _ + → abort BadRequest [] + (Just $ "Unparsable If-None-Match: " ⊕ A.toText value) + + driftTo GettingBody + where + p = do xs ← eTagListP + P.endOfInput + return xs + +-- |Tell the system that the 'Resource' found an entity for the +-- request URI. The only difference from 'foundEntity' is that +-- 'foundTimeStamp' performs \"If-Modified-Since\" test or +-- \"If-Unmodified-Since\" test instead of \"If-Match\" test or +-- \"If-None-Match\" test. Be aware that any tests based on last +-- modification time are unsafe because it is possible to mess up such +-- tests by modifying the entity twice in a second. +-- +-- This action is not preferred. You should use 'foundEntity' whenever +-- possible. +foundTimeStamp ∷ UTCTime → Resource () +foundTimeStamp timeStamp + = do driftTo ExaminingRequest + + method ← getMethod + when (method ≡ GET ∨ method ≡ HEAD) + $ setHeader' "Last-Modified" (HTTP.toAscii timeStamp) + when (method ≡ POST) + $ abort InternalServerError [] + (Just "Illegal computation of foundTimeStamp for POST request.") + + let statusForIfModSince + = if method ≡ GET ∨ method ≡ HEAD then + NotModified + else + PreconditionFailed + + -- If-Modified-Since があればそれを見る。 + ifModSince ← getHeader "If-Modified-Since" + case ifModSince of + Just str → case HTTP.fromAscii str of + Right lastTime + → when (timeStamp ≤ lastTime) + $ abort statusForIfModSince [] + (Just $ "The entity has not been modified since " ⊕ A.toText str) + Left _ + → return () -- 不正な時刻は無視 + Nothing → return () + + -- If-Unmodified-Since があればそれを見る。 + ifUnmodSince ← getHeader "If-Unmodified-Since" + case ifUnmodSince of + Just str → case HTTP.fromAscii str of + Right lastTime + → when (timeStamp > lastTime) + $ abort PreconditionFailed [] + (Just $ "The entity has not been modified since " ⊕ A.toText str) + Left _ + → return () -- 不正な時刻は無視 + Nothing → return () + + driftTo GettingBody + +-- | Computation of @'foundNoEntity' mStr@ tells the system that the +-- 'Resource' found no entity for the request URI. @mStr@ is an +-- optional error message to be replied to the client. +-- +-- If this is a PUT request, 'foundNoEntity' performs \"If-Match\" +-- test and aborts with status \"412 Precondition Failed\" when it +-- failed. If this is a GET, HEAD, POST or DELETE request, +-- 'foundNoEntity' always aborts with status \"404 Not Found\". +foundNoEntity ∷ Maybe Text → Resource () +foundNoEntity msgM + = do driftTo ExaminingRequest + + method ← getMethod + when (method ≢ PUT) + $ abort NotFound [] msgM + + -- エンティティが存在しないと云ふ事は、"*" も含めたどのやうな + -- If-Match: 條件も滿たさない。 + ifMatch ← getHeader "If-Match" + when (ifMatch ≢ Nothing) + $ abort PreconditionFailed [] msgM + + driftTo GettingBody + + +-- Getting a request body + +-- | Computation of @'input' limit@ attempts to read the request body +-- up to @limit@ bytes, and then make the 'Resource' transit to +-- /Deciding Header/ state. When the actual size of body is larger +-- than @limit@ bytes, computation of 'Resource' immediately aborts +-- with status \"413 Request Entity Too Large\". When the request has +-- no body, 'input' returns an empty string. +-- +-- @limit@ may be less than or equal to zero. In this case, the +-- default limitation value ('cnfMaxEntityLength') is used. See +-- 'defaultLimit'. +-- +-- 'input' returns a 'Lazy.ByteString' but it's not really lazy: +-- reading from the socket just happens at the computation of 'input', +-- not at the evaluation of the 'Lazy.ByteString'. The same goes for +-- 'inputChunk'. +input ∷ Int → Resource Lazy.ByteString +input limit + = do driftTo GettingBody + itr ← getInteraction + chunk ← if reqMustHaveBody $ fromJust $ itrRequest itr then + askForInput itr + else + do driftTo DecidingHeader + return (∅) + return chunk + where + askForInput ∷ Interaction → Resource Lazy.ByteString + askForInput (Interaction {..}) + = do let confLimit = cnfMaxEntityLength itrConfig + actualLimit = if limit ≤ 0 then + confLimit + else + limit + when (actualLimit ≤ 0) + $ fail ("inputLBS: limit must be positive: " ⧺ show actualLimit) + -- Reader にリクエスト + liftIO $ atomically + $ writeTVar itrReqBodyWanted actualLimit + -- 應答を待つ。トランザクションを分けなければ當然デッドロックする。 + chunk ← liftIO $ atomically + $ do chunkLen ← readTVar itrReceivedBodyLen + chunkIsOver ← readTVar itrReqChunkIsOver + if chunkLen < actualLimit then + -- 要求された量に滿たなくて、まだ殘りが + -- あるなら再試行。 + unless chunkIsOver + $ retry + else + -- 制限値一杯まで讀むやうに指示したのに + -- まだ殘ってゐるなら、それは多過ぎる。 + unless chunkIsOver + $ tooLarge actualLimit + -- 成功。itr 内にチャンクを置いたままにする + -- とメモリの無駄になるので除去。 + chunk ← seqToLBS <$> readTVar itrReceivedBody + writeTVar itrReceivedBody (∅) + writeTVar itrReceivedBodyLen 0 + return chunk + + driftTo DecidingHeader + return chunk + + tooLarge ∷ Int → STM () + tooLarge lim = abortSTM RequestEntityTooLarge [] + (Just $ "Request body must be smaller than " + ⊕ T.pack (show lim) ⊕ " bytes.") + +seqToLBS ∷ Seq ByteString → Lazy.ByteString +{-# INLINE seqToLBS #-} +seqToLBS = Lazy.fromChunks ∘ toList + +-- | Computation of @'inputChunk' limit@ attempts to read a part of +-- request body up to @limit@ bytes. You can read any large request by +-- repeating computation of this action. When you've read all the +-- request body, 'inputChunk' returns an empty string and then make +-- the 'Resource' transit to /Deciding Header/ state. +-- +-- @limit@ may be less than or equal to zero. In this case, the +-- default limitation value ('cnfMaxEntityLength') is used. See +-- 'defaultLimit'. +-- +-- Note that 'inputChunkLBS' is more efficient than 'inputChunk' so you +-- should use it whenever possible. +inputChunk ∷ Int → Resource Lazy.ByteString +inputChunk limit + = do driftTo GettingBody + itr ← getInteraction + chunk ← if reqMustHaveBody $ fromJust $ itrRequest itr then + askForInput itr + else + do driftTo DecidingHeader + return (∅) + return chunk + where + askForInput ∷ Interaction → Resource Lazy.ByteString + askForInput (Interaction {..}) + = do let confLimit = cnfMaxEntityLength itrConfig + actualLimit = if limit < 0 then + confLimit + else + limit + when (actualLimit ≤ 0) + $ fail ("inputChunkLBS: limit must be positive: " ++ show actualLimit) + -- Reader にリクエスト + liftIO $ atomically + $ writeTVar itrReqBodyWanted actualLimit + -- 應答を待つ。トランザクションを分けなければ當然デッドロック。 + chunk ← liftIO $ atomically + $ do chunkLen ← readTVar itrReceivedBodyLen + -- 要求された量に滿たなくて、まだ殘りがある + -- なら再試行。 + when (chunkLen < actualLimit) + $ do chunkIsOver ← readTVar itrReqChunkIsOver + unless chunkIsOver + $ retry + -- 成功 + chunk ← seqToLBS <$> readTVar itrReceivedBody + writeTVar itrReceivedBody (∅) + writeTVar itrReceivedBodyLen 0 + return chunk + when (Lazy.null chunk) + $ driftTo DecidingHeader + return chunk + +-- | Computation of @'inputForm' limit@ attempts to read the request +-- body with 'input' and parse it as +-- @application\/x-www-form-urlencoded@ or @multipart\/form-data@. If +-- the request header \"Content-Type\" is neither of them, 'inputForm' +-- makes 'Resource' abort with status \"415 Unsupported Media +-- Type\". If the request has no \"Content-Type\", it aborts with +-- \"400 Bad Request\". +-- +-- Field names in @multipart\/form-data@ will be precisely decoded in +-- accordance with RFC 2231. On the other hand, +-- @application\/x-www-form-urlencoded@ says nothing about the +-- encoding of field names, so they'll always be decoded in UTF-8. +inputForm ∷ Int → Resource [(Text, FormData)] +inputForm limit + = do cTypeM ← getContentType + case cTypeM of + Nothing + → abort BadRequest [] (Just "Missing Content-Type") + Just (MIMEType "application" "x-www-form-urlencoded" _) + → readWWWFormURLEncoded + Just (MIMEType "multipart" "form-data" params) + → readMultipartFormData params + Just cType + → abort UnsupportedMediaType [] + $ Just + $ A.toText + $ A.fromAsciiBuilder + $ A.toAsciiBuilder "Unsupported media type: " + ⊕ printMIMEType cType + where + readWWWFormURLEncoded + = (map toPairWithFormData ∘ parseWWWFormURLEncoded) + <$> + (bsToAscii =≪ input limit) + + bsToAscii bs + = case A.fromByteString (Strict.concat (Lazy.toChunks bs)) of + Just a → return a + Nothing → abort BadRequest [] (Just "Malformed x-www-form-urlencoded") + + readMultipartFormData params + = do case M.lookup "boundary" params of + Nothing + → abort BadRequest [] (Just "Missing boundary of multipart/form-data") + Just boundary + → do src ← input limit + b ← case A.fromText boundary of + Just b → return b + Nothing → abort BadRequest [] + (Just $ "Malformed boundary: " ⊕ boundary) + case LP.parse (p b) src of + LP.Done _ formList + → return formList + _ → abort BadRequest [] (Just "Unparsable multipart/form-data") + where + p b = do xs ← multipartFormP b + P.endOfInput + return xs + +-- | This is just a constant @-1@. It's better to say @'input' +-- 'defaultLimit'@ than to say @'input' (-1)@ but these are exactly +-- the same. +defaultLimit ∷ Int +defaultLimit = (-1) + + +-- Setting response headers + +-- | Computation of @'redirect' code uri@ sets the response status to +-- @code@ and \"Location\" header to @uri@. The @code@ must satisfy +-- 'isRedirection' or it causes an error. +redirect ∷ StatusCode → URI → Resource () +redirect code uri + = do when (code ≡ NotModified ∨ not (isRedirection code)) + $ abort InternalServerError [] + $ Just + $ A.toText + $ A.fromAsciiBuilder + $ A.toAsciiBuilder "Attempted to redirect with status " + ⊕ printStatusCode code + setStatus code + setLocation uri + +-- | Computation of @'setContentType' mType@ sets the response header +-- \"Content-Type\" to @mType@. +setContentType ∷ MIMEType → Resource () +setContentType + = setHeader "Content-Type" ∘ A.fromAsciiBuilder ∘ printMIMEType + +-- | Computation of @'setLocation' uri@ sets the response header +-- \"Location\" to @uri@. You usually don't need to call this function +-- directly. +setLocation ∷ URI → Resource () +setLocation uri + = case A.fromChars uriStr of + Just a → setHeader "Location" a + Nothing → abort InternalServerError [] + (Just $ "Malformed URI: " ⊕ T.pack uriStr) + where + uriStr = uriToString id uri "" + +-- |Computation of @'setContentEncoding' codings@ sets the response +-- header \"Content-Encoding\" to @codings@. +setContentEncoding ∷ [CIAscii] → Resource () +setContentEncoding codings + = do ver ← getRequestVersion + tr ← case ver of + HttpVersion 1 0 → return (toAB ∘ unnormalizeCoding) + HttpVersion 1 1 → return toAB + _ → abort InternalServerError [] + (Just "setContentEncoding: Unknown HTTP version") + setHeader "Content-Encoding" + (A.fromAsciiBuilder $ joinWith ", " $ map tr codings) + where + toAB = A.toAsciiBuilder ∘ A.fromCIAscii -import Control.Monad.State -import qualified Data.ByteString.Lazy.Char8 as B -import Data.ByteString.Lazy.Char8 (ByteString) +-- |Computation of @'setWWWAuthenticate' challenge@ sets the response +-- header \"WWW-Authenticate\" to @challenge@. +setWWWAuthenticate ∷ AuthChallenge → Resource () +setWWWAuthenticate challenge + = setHeader "WWW-Authenticate" (printAuthChallenge challenge) -data ResState = ResState -- FIXME -type ResourceT m a = StateT ResState m a +-- Writing a response body -type Resource a = ResourceT IO a +-- | Write a chunk in 'Lazy.ByteString' to the response body. It is +-- safe to apply this function to an infinitely long +-- 'Lazy.ByteString'. +-- +-- Note that you must first set the response header \"Content-Type\" +-- before applying this function. See: 'setContentType' +putChunk ∷ Lazy.ByteString → Resource () +putChunk = putBuilder ∘ BB.fromLazyByteString