From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Zelphir Kaltstahl <zelphirkaltstahl@posteo.de>
Newsgroups: gmane.lisp.guile.user
Subject: Guile web server example serving static files
Date: Thu, 17 Sep 2020 23:45:07 +0200
Message-ID: <04e63ab3-93b7-a0fe-6db8-34f00e6098e0@posteo.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="2202"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Icedove/68.10.0
To: Guile User <guile-user@gnu.org>
Original-X-From: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Thu Sep 17 23:45:29 2020
Return-path: <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>
Envelope-to: guile-user@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>)
	id 1kJ1ib-0000SG-2v
	for guile-user@m.gmane-mx.org; Thu, 17 Sep 2020 23:45:29 +0200
Original-Received: from localhost ([::1]:58764 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>)
	id 1kJ1ia-00024Y-34
	for guile-user@m.gmane-mx.org; Thu, 17 Sep 2020 17:45:28 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:53896)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <zelphirkaltstahl@posteo.de>)
 id 1kJ1iO-00024D-Cd
 for guile-user@gnu.org; Thu, 17 Sep 2020 17:45:16 -0400
Original-Received: from mout02.posteo.de ([185.67.36.66]:41543)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <zelphirkaltstahl@posteo.de>)
 id 1kJ1iK-0003ef-4v
 for guile-user@gnu.org; Thu, 17 Sep 2020 17:45:15 -0400
Original-Received: from submission (posteo.de [89.146.220.130]) 
 by mout02.posteo.de (Postfix) with ESMTPS id 394A12400FB
 for <guile-user@gnu.org>; Thu, 17 Sep 2020 23:45:08 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
 t=1600379108; bh=VVz1ZQaZu4wKGEe3uube1Sa58ug6fs7PtcyHP5uzgXg=;
 h=To:From:Subject:Date:From;
 b=kZeo8EC3aAddHD7hFsALWOWXnuFDRg5Z0m2XdWz7KgyX7Wfhvrx3vMjKOhLTCX4j7
 VWFRoBeRnO4VHWGsgdhUf0V3HcEuOXjuyhQ4kiu9SFFzORGxcR1VKgxHgHzGI4iE2y
 h5ydPoMlgS44zoo99Qlj6ZNk2E8Zn9XJvvoDcZ7x6CodrQhTzF/3R28xWLdBOUrm6u
 Dy0reviSWe0E2PY1gbPGpuI/n+ZuGttfar+yojHaEPkjyYqKqdu+cpDCvjKAGmaprX
 n8ivgk820UcUpgWZKQglWJUoWMvl/W0XA3V40lVzA0QT1p5qqV4s/GGxD/ytuAJoof
 Q0CFM/xk2N/Xw==
Original-Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4Bsr9H5YFWz9rxB
 for <guile-user@gnu.org>; Thu, 17 Sep 2020 23:45:07 +0200 (CEST)
Content-Language: en-US
Received-SPF: pass client-ip=185.67.36.66;
 envelope-from=zelphirkaltstahl@posteo.de; helo=mout02.posteo.de
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/17 17:45:08
X-ACL-Warn: Detected OS   = Linux 3.11 and newer [fuzzy]
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-user@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: General Guile related discussions <guile-user.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-user>
List-Post: <mailto:guile-user@gnu.org>
List-Help: <mailto:guile-user-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=subscribe>
Errors-To: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org
Original-Sender: "guile-user" <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.lisp.guile.user:16919
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.user/16919>

Hello Guile Users!

I finally managed to create an example for using Guile's web server and
serving static files. A rather silly bug kept me for a few days from
making progress, but finally today I fixed it.

I tried to implement some security checks about the path of the
requested static assets. If anyone wants to look at it and point out
issues with it, I will try to fix it, or you could make a pull request.
If there are any other issues, it would also be great to know them : )

Here is the code in my repository:

https://notabug.org/ZelphirKaltstahl/guile-examples/src/65ba7cead2983f1ceb8aa2d4eedfe37734e5ca56/web-development/example-03-serve-static-assets

I tried to comment most stuff, so that the code can be understood more
easily.

And here is a pointer to the path security stuff:

https://notabug.org/ZelphirKaltstahl/guile-examples/src/65ba7cead2983f1ceb8aa2d4eedfe37734e5ca56/web-development/example-03-serve-static-assets/web-path-handling.scm#L50

(Perhaps I overlooked something fundamental with regard to safe path
handling?)

So I guess I can soon start developing another example, perhaps already
a blog, which makes use of all the code : )

I have not yet made use of Guile's sendfile procedure and keyboard
interrupt is not yet caught.

Regards,
Zelphir

-- 
repositories: https://notabug.org/ZelphirKaltstahl