Server.Filtermodule Config : sig ... endA filter transforms a service. It can change the request (usually by changing the request context) or the response (by actually running the service and then modifying its response).
Filters can be composed using function composition.
val basic_auth : ('ctx1, < username : string; password : string; prev : 'ctx1; >, _ Response.t) tbasic_auth decodes and stores the login credentials sent with the Authorization header or returns a 401 Unauthorized error if there is none.
val bearer_auth : ('ctx1, < bearer_token : string; prev : 'ctx1; >, _ Response.t) tbearer_auth stores the bearer token sent with the Authorization header or returns a 401 Unauthorized error if there is none.
val body_form : ('ctor, 'ty) Form.t -> (unit, 'ty, [> Response.http ]) tbody_form(typ) is a filter that decodes a web form in the request body and puts it inside the request for the next service. The decoding is done as specified by the form definition typ. If the form fails to decode, it short-circuits and returns a 400 Bad Request.
val body_json : (unit, Yojson.Safe.t, [> Response.http ]) tbody_json is a filter that transforms a 'root' service (i.e. one with unit context) into a service with a context containing the request body. If the request body fails to parse as valid JSON, it short-circuits and returns a 400 Bad Request.
val body_json_decode : (Yojson.Safe.t -> ('ty, string) Stdlib.result) -> (Yojson.Safe.t, 'ty, [> Response.http ]) tbody_json_decode(decoder) is a filter that transforms a service with a parsed JSON structure in its context, to a service with a decoded value of type 'ty in its context. If the request body fails to decode with decoder, the filter short-circuits and returns a 400 Bad Request.
val body_string : (unit, string, [> Response.http ]) tbody_string is a filter that transforms a 'root' service into a service whose context contains the request body as a single string.
val cache_control : ReWeb__Header__CacheControl.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) tcache_control(policy) is a filter that applies the caching policy policy to the HTTP response.
val cors : ReWeb__Header__AccessControlAllowOrigin.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) tcors(origin) adds an Access-Control-Allow-Origin header with the given origin.
Note that it's upto you to pass in a well-formed origin string. The Header.AccessControlAllowOrigin module does not validate the origin string.
val csp : ReWeb__Header__ContentSecurityPolicy.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) tcsp(directives) is a filter that applies the Content-Security-Policy header directives to the response.
val hsts : ReWeb__Header__StrictTransportSecurity.t -> ('ctx, 'ctx, [ Response.http | Response.websocket ]) thsts(value) is a filter that applies the HTTP Strict Transport Security header to the response.
val multipart_form : typ:('ctor, 'ty) Form.t -> (filename:string ->
string -> string) -> (unit, 'ty, [> Response.http ]) tmultipart_form(~typ, path) is a filter that decodes multipart form data. typ must be provided but if you don't actually have any other fields in the form you can use Form.empty to decode into an 'empty' (unit) value.
path(~filename, name) is used to get the filesystem absolute path to save the given filename with corresponding form field name. Note that:
filename is the basename, not the full pathThis callback gives you a chance to sanitize incoming filenames before storing the files on disk.
val query_form : ('ctor, 'ty) Form.t -> ('ctx, < query : 'ty; prev : 'ctx; >, _ Response.t) tquery_form(typ) is a filter that decodes the request query (the part after the ? in the endpoint) into a value of type 'ty and stores it in the request context for the next service. The decoding and failure works in the same way as for body_form.