Server.Filter
module Config : sig ... end
A filter transforms a service. It can change the request (usually by changing the request context) or the response (by actually running the service and then modifying its response).
Filters can be composed using function composition.
val basic_auth : ('ctx1, < username : string; password : string; prev : 'ctx1; >, _ Response.t) t
basic_auth
decodes and stores the login credentials sent with the Authorization
header or returns a 401 Unauthorized error if there is none.
val bearer_auth : ('ctx1, < bearer_token : string; prev : 'ctx1; >, _ Response.t) t
bearer_auth
stores the bearer token sent with the Authorization
header or returns a 401 Unauthorized error if there is none.
val body_form : ('ctor, 'ty) Form.t -> (unit, 'ty, [> Response.http ]) t
body_form(typ)
is a filter that decodes a web form in the request body and puts it inside the request for the next service. The decoding is done as specified by the form definition typ
. If the form fails to decode, it short-circuits and returns a 400 Bad Request.
val body_json : (unit, Yojson.Safe.t, [> Response.http ]) t
body_json
is a filter that transforms a 'root' service (i.e. one with unit
context) into a service with a context containing the request body. If the request body fails to parse as valid JSON, it short-circuits and returns a 400 Bad Request.
val body_json_decode : (Yojson.Safe.t -> ('ty, string) Stdlib.result) -> (Yojson.Safe.t, 'ty, [> Response.http ]) t
body_json_decode(decoder)
is a filter that transforms a service with a parsed JSON structure in its context, to a service with a decoded value of type 'ty
in its context. If the request body fails to decode with decoder
, the filter short-circuits and returns a 400 Bad Request.
val body_string : (unit, string, [> Response.http ]) t
body_string
is a filter that transforms a 'root' service into a service whose context contains the request body as a single string.
val cache_control : ReWeb__Header__CacheControl.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) t
cache_control(policy)
is a filter that applies the caching policy
policy to the HTTP response.
val cors : ReWeb__Header__AccessControlAllowOrigin.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) t
cors(origin)
adds an Access-Control-Allow-Origin header with the given origin
.
Note that it's upto you to pass in a well-formed origin string. The Header.AccessControlAllowOrigin
module does not validate the origin string.
val csp : ReWeb__Header__ContentSecurityPolicy.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) t
csp(directives)
is a filter that applies the Content-Security-Policy
header directives
to the response.
val hsts : ReWeb__Header__StrictTransportSecurity.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) t
hsts(value)
is a filter that applies the HTTP Strict Transport Security header to the response.
val multipart_form : typ:('ctor, 'ty) Form.t -> (filename:string ->
string -> string) -> (unit, 'ty, [> Response.http ]) t
multipart_form(~typ, path)
is a filter that decodes multipart form data. typ
must be provided but if you don't actually have any other fields in the form you can use Form.empty
to decode into an 'empty' (unit) value.
path(~filename, name)
is used to get the filesystem absolute path to save the given filename
with corresponding form field name
. Note that:
filename
is the basename, not the full pathThis callback gives you a chance to sanitize incoming filenames before storing the files on disk.
val query_form : ('ctor, 'ty) Form.t -> ('ctx, < query : 'ty; prev : 'ctx; >, _ Response.t) t
query_form(typ)
is a filter that decodes the request query (the part after the ?
in the endpoint) into a value of type 'ty
and stores it in the request context for the next service. The decoding and failure works in the same way as for body_form
.