Spiffy CGI Handlers

Spiffy CGI Handlers
1. Description
2. Author
3. Requirements
4. FastCGI
  1. Procedures
5. CGI
  1. Procedures
  2. Configuration
6. Repository
7. Changelog
  1. 0.7
  2. 0.6
  3. 0.5
  4. 0.4
  5. 0.3
  6. 0.2
  7. 0.1
8. License

Description

Spiffy handlers which add support for CGI and derivatives (currently only FastCGI).

Author

The CGI code was originally written by Felix Winkelmann, the FastCGI code was written by Andy Bennett.

Current maintainers are Andy Bennett (FastCGI) and Peter Bex (CGI).

Requirements

Requires the srfi-1, srfi-13, srfi-18, miscmacros, intarweb, uri-common, socket, records and (of course) spiffy extensions.

FastCGI

Support for the FastCGI server-side specification. This allows you to run FastCGI client processes like Rails or PHP as backends to be accessed from Spiffy.

You can load it via the fcgi-handler module:

(import fcgi-handler)

Procedures

The fcgi-handler module exports two procedures:

[procedure] (fcgi-handler app-name #!key (continue #f))

TODO: Document this.

[procedure] (fcgi-register-application name role filename socket prespawn maxspawn)

TODO: Document this.

Role is one of the role constants fcgi-responder, fcgi-authorizer or fcgi-filter.

[constant] fcgi-responder
[constant] fcgi-authorizer
[constant] fcgi-filter

Constants that store role identifiers for use in fcgi-register-application.

CGI

This egg includes support for the old-fashioned CGI/1.1 protocol, as specified by RFC 3875. It includes a few workarounds required for PHP as well.

You can load it via the cgi-handler module:

(import cgi-handler)

All request headers will be passed as environment variables to the CGI program, prefixed with "HTTP_", and converted to uppercase, with hyphens ("-") replaced by an underscore ("_"). The CGI program will receive the request body in unparsed form from stdin and should write a complete HTTP response to stdout. Any headers that are missing but required for HTTP will be added by Spiffy. For more info on how a CGI script is called, consult the spec.

The AUTH_TYPE and REMOTE_USER environment variables are currently not set during invocation of CGI subprocesses. The REMOTE_IDENT environment variable is not and never will be supported.

Procedures

The cgi-handler module exports two procedures:

[procedure] (cgi-handler filename [interpreter])

The cgi handler simply calls CGI scripts. It is assumed the requested file is executable if no interpreter is given. (If used as a regular handler, it will only receive the filename). If the filename is a relative path, it is assumed to be relative to (root-path). It's safer to store your scripts outside the docroot, though!

[procedure] (cgi-handler* [interpreter])

The cgi-handler* procedure is usually more useful. It allows you to define an interpreter to use for files and returns a new handler. See spiffy's example for file-extension-handlers.

Configuration

The CGI handler can be configured with the following parameters:

[procedure] (cgi-default-environment [env-alist])

The environment variables that should be in the default environnment of every CGI program. Variables like SCRIPT_NAME will be added dynamically to the end of this alist.

Default:

(("GATEWAY_INTERFACE" . "CGI/1.1"))

Fix build for CHICKEN 5.2 (With thanks to Kooda for supplying the patch)

0.6

Add support for both CHICKEN 4 and CHICKEN 5 from the same codebase.

0.5

Avoid "httpoxy" attack by not converting a Proxy header to a HTTP_PROXY environment variable (CVE-2016-6286).

0.4

Reduce copy/pasted code between FCGI and CGI by putting it in one file.
Do not use stock intarweb header parser for parsing CGI response: this was made more strict so CRLF was required, instead of just the LF which CGI wants.
Remove dependency on the regex egg.

0.3

Rework the FCGI header parsing to fix spurious line break issues.

0.2

Support the non-blocking sockets produced by the socket egg in version 0.2.3 and later.
Include the query string, as well as the path, in REQUEST_URI.

0.1

Initial release of FastCGI module and moved CGI module from Spiffy to this egg.

License

Two BSD-like licenses apply. For the Scheme code, a standard 3-clause BSD license applies:

 Copyright (c) 2012, Andy Bennett <andyjpb@knodium.com>
 Copyright (c) 2007-2009, 2016 Peter Bex
 Copyright (c) 2000-2005, Felix L. Winkelmann
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
 
 Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
 
 Redistributions in binary form must reproduce the above copyright
 notice, this list of conditions and the following disclaimer in the
 documentation and/or other materials provided with the distribution.
 
 Neither the name of the author nor the names of its contributors may
 be used to endorse or promote products derived from this software
 without specific prior written permission.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 OF THE POSSIBILITY OF SUCH DAMAGE.

and, for the fastcgi C code the following license applies:

 
 This FastCGI application library source and object code (the
 "Software") and its documentation (the "Documentation") are
 copyrighted by Open Market, Inc ("Open Market").  The following terms
 apply to all files associated with the Software and Documentation
 unless explicitly disclaimed in individual files.
 
 Open Market permits you to use, copy, modify, distribute, and license
 this Software and the Documentation for any purpose, provided that
 existing copyright notices are retained in all copies and that this
 notice is included verbatim in any distributions.  No written
 agreement, license, or royalty fee is required for any of the
 authorized uses.  Modifications to this Software and Documentation may
 be copyrighted by their authors and need not follow the licensing
 terms described here.  If modifications to this Software and
 Documentation have new licensing terms, the new terms must be clearly
 indicated on the first page of each file where they apply.
 
 OPEN MARKET MAKES NO EXPRESS OR IMPLIED WARRANTY WITH RESPECT TO THE
 SOFTWARE OR THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY
 WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  IN
 NO EVENT SHALL OPEN MARKET BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY
 DAMAGES ARISING FROM OR RELATING TO THIS SOFTWARE OR THE
 DOCUMENTATION, INCLUDING, WITHOUT LIMITATION, ANY INDIRECT, SPECIAL OR
 CONSEQUENTIAL DAMAGES OR SIMILAR DAMAGES, INCLUDING LOST PROFITS OR
 LOST DATA, EVEN IF OPEN MARKET HAS BEEN ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGES.  THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS".
 OPEN MARKET HAS NO LIABILITY IN CONTRACT, TORT, NEGLIGENCE OR
 OTHERWISE ARISING OUT OF THIS SOFTWARE OR THE DOCUMENTATION.