cbaines/guix-data-service
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add a new query-parameters module

Browse source 
The query parameters feed in to the results shown, but also forms on
pages. Validation is important to avoid errors and security issues, but it's
also important to provide appropriate feedback to the user.

This module provides some utilities and structure around handling query
parameters.
This commit is contained in:
Christopher Baines 2019-05-11 16:44:17 +01:00
parent b29178ff14
commit f2e123b7ac
4 changed files with 102 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Makefile.am
View file

@ -54,6 +54,7 @@ SOURCES = \
guix-data-service/web/render.scm \
guix-data-service/web/server.scm \
guix-data-service/web/sxml.scm \
guix-data-service/web/query-parameters.scm \
guix-data-service/web/util.scm \
guix-data-service/web/view/html.scm

1
guix-data-service/web/controller.scm
View file

@ -38,6 +38,7 @@
#:use-module (guix-data-service model build)
#:use-module (guix-data-service jobs load-new-guix-revision)
#:use-module (guix-data-service web render)
#:use-module (guix-data-service web query-parameters)
#:use-module (guix-data-service web util)
#:use-module (guix-data-service web view html)
#:export (controller))

99
guix-data-service/web/query-parameters.scm Normal file
View file

@ -0,0 +1,99 @@
;;; Guix Data Service -- Information about Guix over time
;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2014 David Thompson <davet@gnu.org>
;;; Copyright © 2019 Christopher Baines <mail@cbaines.net>
;;;
;;; This program is free software: you can redistribute it and/or
;;; modify it under the terms of the GNU Affero General Public License
;;; as published by the Free Software Foundation, either version 3 of
;;; the License, or (at your option) any later version.
;;;
;;; This program is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
;;; Affero General Public License for more details.
;;;
;;; You should have received a copy of the GNU Affero General Public
;;; License along with this program. If not, see
;;; <http://www.gnu.org/licenses/>.
(define-module (guix-data-service web query-parameters)
#:use-module (guix-data-service web util)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9 gnu)
#:use-module (srfi srfi-19)
#:use-module (web request)
#:use-module (web uri)
#:export (parse-query-string
<invalid-query-parameter>
make-invalid-query-parameter
invalid-query-parameter?
invalid-query-parameter-value
invalid-query-parameter-message
any-invalid-query-parameters?
parse-query-parameters
parse-datetime
parse-result-limit))
(define (parse-query-string query)
"Parse and decode the URI query string QUERY and return an alist."
(let lp ((lst (map uri-decode (string-split query (char-set #\& #\=)))))
(match lst
((key value . rest)
(cons (cons key value) (lp rest)))
(() '()))))
(define-immutable-record-type <invalid-query-parameter>
(make-invalid-query-parameter value message)
invalid-query-parameter?
(value invalid-query-parameter-value)
(message invalid-query-parameter-message))
(define (parse-query-parameters request
accepted-query-parameters)
(define request-query-parameters
(let ((query (uri-query (request-uri request))))
(if query
(map (match-lambda
((name . value)
(cons (string->symbol name)
value)))
(parse-query-string query))
'())))
(filter-map
(match-lambda
((name processor)
(match (assq name request-query-parameters)
(#f #f)
((_ . "") #f)
((_ . value) (cons name
(processor value)))))
((name processor #:default default)
(match (assq name request-query-parameters)
(#f (cons name default))
((_ . "") (cons name default))
((_ . value) (cons name
(processor value))))))
accepted-query-parameters))
(define (parse-datetime s)
(catch
'misc-error
(lambda ()
(string->date s "~Y-~m-~d ~H:~M:~S"))
(lambda (key . args)
(make-invalid-query-parameter s #f))))
(define (parse-result-limit s)
(match (string->number s)
(#f (make-invalid-query-parameter s #f))
((? number? num) num)))
(define (any-invalid-query-parameters? query-parameters)
(->bool (any invalid-query-parameter? (map cdr query-parameters))))

11
guix-data-service/web/util.scm
View file

@ -22,19 +22,10 @@
#:use-module (srfi srfi-1)
#:use-module (web request)
#:use-module (web uri)
#:export (parse-query-string
request-path-components
#:export (request-path-components
file-extension
directory?))
(define (parse-query-string query)
"Parse and decode the URI query string QUERY and return an alist."
(let lp ((lst (map uri-decode (string-split query (char-set #\& #\=)))))
(match lst
((key value . rest)
(cons (cons key value) (lp rest)))
(() '()))))
(define (request-path-components request)
(split-and-decode-uri-path (uri-path (request-uri request))))