WebMCP is a completely new web development framework, and has not been extensively tested yet. The API might change at any time, but in future releases there will be a list of all changes, which break downward compatibility.
diff -r 6441487fa12f -r 944642a3e488 framework/cgi-bin/webmcp.lua --- a/framework/cgi-bin/webmcp.lua Sat Feb 20 21:01:57 2010 +0100 +++ b/framework/cgi-bin/webmcp.lua Thu Mar 25 17:37:03 2010 +0100 @@ -1,6 +1,6 @@ #!/usr/bin/env lua -_WEBMCP_VERSION = "1.0.8" +_WEBMCP_VERSION = "1.0.9" -- include "../lib/" in search path for libraries do diff -r 6441487fa12f -r 944642a3e488 framework/env/request/get_absolute_baseurl.lua --- a/framework/env/request/get_absolute_baseurl.lua Sat Feb 20 21:01:57 2010 +0100 +++ b/framework/env/request/get_absolute_baseurl.lua Thu Mar 25 17:37:03 2010 +0100 @@ -1,3 +1,11 @@ +--[[-- +baseurl = +request.get_absolute_baseurl() + +This function returns the absolute base URL of the application, as set by request.set_absolute_baseurl(...). + +--]]-- + function request.get_absolute_baseurl() if request._absolute_baseurl then return request._absolute_baseurl diff -r 6441487fa12f -r 944642a3e488 framework/env/request/set_allowed_json_request_slots.lua --- a/framework/env/request/set_allowed_json_request_slots.lua Sat Feb 20 21:01:57 2010 +0100 +++ b/framework/env/request/set_allowed_json_request_slots.lua Thu Mar 25 17:37:03 2010 +0100 @@ -8,16 +8,18 @@ --]]-- function request.set_allowed_json_request_slots(slot_idents) - local hash = {} - for idx, slot_ident in ipairs(slot_idents) do - hash[slot_ident] = true - end - if cgi.params["_webmcp_json_slots[]"] then - for idx, slot_ident in ipairs(cgi.params["_webmcp_json_slots[]"]) do - if not hash[slot_ident] then - error('Requesting slot "' .. slot_ident .. '" is forbidden.') + if cgi then -- do nothing, when being in interactive mode + local hash = {} + for idx, slot_ident in ipairs(slot_idents) do + hash[slot_ident] = true + end + if cgi.params["_webmcp_json_slots[]"] then + for idx, slot_ident in ipairs(cgi.params["_webmcp_json_slots[]"]) do + if not hash[slot_ident] then + error('Requesting slot "' .. slot_ident .. '" is forbidden.') + end end end + request._json_requests_allowed = true end - request._json_requests_allowed = true end diff -r 6441487fa12f -r 944642a3e488 framework/env/request/set_cookie.lua --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/framework/env/request/set_cookie.lua Thu Mar 25 17:37:03 2010 +0100 @@ -0,0 +1,43 @@ +--[[-- +request.set_cookie{ + name = name, -- name of cookie + value = value, -- value of cookie + domain = domain, -- optional domain domain where cookie is transmitted + path = path, -- optional path where cookie is transmitted, defaults to application base + secure = secure -- optional boolean, indicating if cookie should only be transmitted over HTTPS +} + +This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://". + +--]]-- + +function request.set_cookie(args) + local path = args.path + if not path then + path = string.match( + request.get_absolute_baseurl(), + "://[^/]*(.*)" + ) + if path == nil or path == "" then + path = "/" + end + end + local secure = args.secure + if secure == nil then + if string.find( + string.lower(request.get_absolute_baseurl()), + "^https://" + ) then + secure = true + else + secure = false + end + end + cgi.set_cookie{ + name = args.name, + value = args.value, + domain = args.domain, + path = path, + secure = secure + } +end diff -r 6441487fa12f -r 944642a3e488 libraries/rocketcgi/rocketcgi.lua --- a/libraries/rocketcgi/rocketcgi.lua Sat Feb 20 21:01:57 2010 +0100 +++ b/libraries/rocketcgi/rocketcgi.lua Thu Mar 25 17:37:03 2010 +0100 @@ -32,6 +32,16 @@ data_sent = false +--[[-- +rocketcgi.add_header( + string_part1, -- string + string_part2, -- optional second part of string to be concatted + ... +) + +Sends a header line to the browser. Multiple arguments are concatted to form a single string. + +--]]-- function add_header(...) if data_sent then error("Can not add header after data has been sent.", 2) @@ -39,7 +49,18 @@ io.stdout:write(...) io.stdout:write("\r\n") end +--//-- +--[[-- +rocketcgi.send_data( + string_part1, -- string + string_part2, -- optional second part of string to be concatted + ... +) + +Sends document data to the browser. Multiple arguments are concatted to form a single string. + +--]]-- function send_data(...) if not data_sent then io.stdout:write("\r\n") @@ -47,19 +68,84 @@ end io.stdout:write(...) end +--//-- +--[[-- +rocketcgi.set_status( + status -- Status code and description, e.g. "404 Not Found" +) + +Sends a header line to the browser, indicating a given HTTP status. + +--]]-- function set_status(status) add_header("Status: ", status) end +--//-- +--[[-- +rocketcgi.redirect( + status -- Absolute URL to redirect the browser to +) + +Redirects the browser to the given absolute URL, using a 303 Redirect. + +--]]-- function redirect(location) set_status("303 See Other") add_header("Location: ", location) end +--//-- +--[[-- +rocketcgi.set_status( + status -- Status code and description, e.g. "404 Not Found" +) + +Sends a header line specifying the content-type to the browser. + +--]]-- function set_content_type(content_type) add_header("Content-Type: ", content_type) end +--//-- + +--[[-- +rocketcgi.set_cookie{ + name = name, -- name of cookie + value = value, -- value of cookie + domain = domain, -- domain where cookie is transmitted + path = path, -- path where cookie is transmitted + secure = secure -- boolean, indicating if cookie should only be transmitted over HTTPS +} + +Sends a header line setting a cookie. NOTE: Currently only session cookies are supported. + +--]]-- +function set_cookie(args) + assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name") + assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value") + local parts = {"Set-Cookie: " .. args.name .. "=" .. args.value} + if args.domain then + assert( + string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"), + "Illegal cookie domain" + ) + parts[#parts+1] = "domain=" .. args.domain + end + if args.path then + assert( + string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"), + "Illegal cookie path" + ) + parts[#parts+1] = "path=" .. args.path + end + if args.secure then + parts[#parts+1] = "secure" + end + add_header(table.concat(parts, "; ")) +end +--//-- method = os.getenv("REQUEST_METHOD") or false query = os.getenv("QUERY_STRING") or false