This file is indexed.

/usr/lib/ocaml/netcgi2/netcgi.mli is in libocamlnet-ocaml-dev 3.7.3-3build2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
(* netcgi.mli

   Copyright (C) 2005-2006

     Christophe Troestler
     email: Christophe.Troestler@umh.ac.be
     WWW: http://math.umh.ac.be/an/

   This library is free software; see the file LICENSE for more information.

   This library is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the file
   LICENSE for more details.
*)

(** Common data-structures for CGI-like connectors.
 *
 * This library tries to minimize the use of unsafe practices.  It
 * cannot be bullet proof however and you should read about
 * {{:http://www.w3.org/Security/Faq/wwwsf4.html}security}.
 *
 * REMARK: It happens frequently that hard to predict random numbers
 * are needed in Web applications.  The previous version of this
 * library used to include some facilities for that (in the
 * [Netcgi_jserv] module).  They have been dropped in favor of
 * {{:http://pauillac.inria.fr/~xleroy/software.html#cryptokit}Cryptokit}.
 *)


(** {2 Arguments} *)

(** Represent a key-value pair of data passed to the script (including
    file uploads).  *)
class type cgi_argument =
object
  method name : string
    (** The name of the argument. *)
  method value : string
    (** The value of the argument, after all transfer encodings have
        been removed.  If the value is stored in a file, the file will
        be loaded.

        @raise Argument.Oversized if the argument was discarded.
	@raise Failure if the object has been finalized.  *)

  method open_value_rd : unit -> Netchannels.in_obj_channel
    (** Open the contents of the value as an input channel.  This
        works for all kinds of arguments, regardless of their
        [#storage] and [#representation].

        @raise Argument.Oversized if the argument was discarded.
	@raise Failure if the object has been finalized.  *)

  method store : [`Memory | `File of string]
    (** Tells whether the argument is stored in memory (as a string)
        or as a file (the argument of [`File] being the filename). *)
  method content_type : unit -> string * (string * Mimestring.s_param) list
    (** Returns the content type of the header and its parameters as a
	couple [(hdr, params)].  When the header is missing, the
	result is [("text/plain", [])].  Below you will find access
	method for frequently used parameters.  *)
  method charset : string
    (** The [charset] parameter of the content type of the header, or
        [""] when there is no such parameter, or no header.  *)
  method filename : string option
    (** The [filename] parameter found in the header of file uploads.
        When present, [Some name] is returned, and [None] otherwise.
        (This is not to be confused with the possible local file
        holding the data.)  *)

  method representation : [ `Simple of Netmime.mime_body
                          | `MIME of Netmime.mime_message ]
    (** The representation of the argument.

        - [`Simple] the value of the CGI argument is an unstructured
          string value.
        - [`MIME] The argument has a MIME header in addition to the
          value.  The MIME message is read-only.  *)

  method finalize : unit -> unit
    (** Arguments stored in temp files must be deleted when the
        argument is no longer used. You can call [finalize] to delete
        such files.  The method does not have any effect when [store =
        `Memory].  The method never raises any exceptions.  If the
        file no longer exists (e.g. because it was moved away) or if
        there are any problems deleting the file, the error will be
        ignored.

        The [finalize] method is not registered in the garbage
        collector.  You can do that, but it is usually better to call
        this method manually.  *)
    (* FIXME: Should we do that at the end of the request anyway?
       Since the request handler is a callback, this is possible. *)
    (* FIXME: Reference counting? *)
end


(** Operations on arguments and lists of thereof. *)
module Argument :
sig
  exception Oversized

  val simple : string -> string -> cgi_argument
    (** [simple_arg name value] creates an unstructured CGI argument
	called [name] with contents [value].  *)

  val mime : ?work_around_backslash_bug:bool ->
    ?name:string -> Netmime.mime_message -> cgi_argument
    (** [mime_arg ?name msg] creates a MIME-structured CGI argument
	called [name] with contents [msg].  You can create [msg] by
	either {!Netmime.memory_mime_message} or
	{!Netmime.file_mime_message}.

	@param name set the name of the argument.  If it is not given,
	the name is extracted from the "Content-Disposition" field of
	the [msg] header or it [""] if this field is not found.

	@param work_around_backslash_bug Whether to work around a bug
	found in almost all browsers regarding the treatment of
	backslashes.  The browsers do not quote backslashes in file
	names.  This breaks RFC standards, however.  This argument is
	[true] by default.  *)


  (** It is easy to manipulate lists of arguments with the [List]
      module.  For example, [List.filter (fun a -> a#name <> n) args]
      will remove from [args] all occurrences of the argument with
      name [n].  The following functions are helpers for operations
      specific to arguments.  *)

  val clone : ?name:string -> ?value:string -> ?msg:Netmime.mime_message ->
    cgi_argument -> cgi_argument

  val set : cgi_argument list -> cgi_argument list -> cgi_argument list
    (** [set new_args args] creates a list of argument from [args]
	deleting the arguments whose name appears in [new_args] and
	adding the [new_args] arguments. *)
end


(** Old deprecated writable argument type.
    @deprecated Arguments are read-only. *)
class type rw_cgi_argument =
object
  inherit cgi_argument
  method ro : bool
  method set_value : string -> unit
  method open_value_wr : unit -> Netchannels.out_obj_channel
end

class simple_argument : ?ro:bool -> string -> string -> rw_cgi_argument
  (** Old deprecated simple argument class.
      @deprecated Use {!Netcgi.Argument.simple} instead. *)

class mime_argument : ?work_around_backslash_bug:bool ->
  string -> Netmime.mime_message -> rw_cgi_argument
  (**  Old deprecated MIME argument class.
       @deprecated Use {!Netcgi.Argument.mime} instead. *)




(** {2 Cookies} *)

(** Functions to manipulate cookies.

    You should know that besides the [name] and [value] attribute,
    user agents will send at most the [path], [domain] and [port] and
    usually will not send them at all.

    For interoperability, cookies are set using version 0 (by
    Netscape) unless version 1 (RFC 2965 and the older RFC 2109)
    fields are set.  While version 0 is well supported by browsers,
    RFC 2109 requires a recent browser and RFC 2965 is usually not
    supported.  You do not have to worry however, cookies are always
    sent in such a way older browsers understand them -- albeit not
    all attributes of course -- so your application can be ready for
    the time RFC 2965 will be the norm.

    N.B. This module appears also as {!Nethttp.Cookie}.
 *)
module Cookie :
sig
  type t = Nethttp.Cookie.t
    (** Mutable cookie type. *)

  val make :
    ?max_age:int ->
    ?domain:string ->
    ?path:string ->
    ?secure:bool ->
    ?comment:string ->
    ?comment_url:string ->
    ?ports:int list ->
    string -> string -> t
    (** [make ?expires ?domain ?path ?secure name value] creates a new
        cookie with name [name] holding [value].

        @param max_age see {!Netcgi.Cookie.set_max_age}.
                       Default: when user agent exits.
        @param domain see {!Netcgi.Cookie.set_domain}.
	              Default: hostname of the server.
        @param path see {!Netcgi.Cookie.set_path}.
                    Default: script name + path_info.
        @param secure see {!Netcgi.Cookie.set_secure}.  Default: [false].
	@param comment see {!Netcgi.Cookie.set_comment}.  Default: [""].
	@param comment_url see {!Netcgi.Cookie.set_comment_url}.
	                   Default: [""].
	@param ports see {!Netcgi.Cookie.set_ports}.
	             Default: same port the cookie was sent.
    *)

  val name : t -> string
    (** The name of the cookie. *)
  val value : t -> string
    (** The value of the cookie. *)
  val domain : t -> string option
    (** The domain of the cookie, if set. *)
  val path : t -> string option
    (** The path of the cookie, if set. *)
  val ports : t -> int list option
    (** [port c] the ports to which the cookie may be returned or [[]] if
	not set. *)
  val max_age : t -> int option
    (** The expiration time of the cookie, in seconds.  [None] means
        that the cookie will be discarded when the browser exits.
        This information is not returned by the browser. *)
  val secure : t -> bool
    (** Tells whether the cookie is secure.
        This information is not returned by the browser. *)
  val comment : t -> string
    (** Returns the comment associated to the cookie or [""] if it
        does not exists.  This information is not returned by the
        browser. *)
  val comment_url : t -> string
    (** Returns the comment URL associated to the cookie or [""] if it
        does not exists.  This information is not returned by the
        browser. *)

  val set_value : t -> string -> unit
    (** [set_value c v] sets the value of the cookie [c] to [v]. *)
  val set_max_age : t -> int option -> unit
    (** [set_max_age c (Some t)] sets the lifetime of the cookie [c]
        to [t] seconds.  If [t <= 0], it means that the cookie should
        be discarded immediately.  [set_expires c None] tells the
        cookie to be discarded when the user agent exits.  (Despite
        the fact that the name is borrowed from the version 1 of the
        specification, it works transparently with version 0.) *)
  val set_domain : t -> string option -> unit
    (** Cookies are bound to a certain domain, i.e. the browser sends
	them only when web pages of the domain are requested:
	- [None]: the domain is the hostname of the server.
	- [Some domain]: the domain is [domain].  *)
  val set_path : t -> string option -> unit
    (** Cookies are also bound to certain path prefixes, i.e. the
        browser sends them only when web pages at the path or below are
        requested.
        - [None]: the path is script name + path_info
        - [Some p]: the path is [p]. With [Some "/"] you can disable the
          path restriction completely.  *)
  val set_secure : t -> bool -> unit
    (** Cookies are also bound to the type of the web server:
        [set_secure false] means servers without SSL, [set_secure
        true] means servers with activated SSL ("https").  *)
  val set_comment : t -> string -> unit
    (** [set_comment c s] sets the comment of the cookie [c] to [s]
	which must be UTF-8 encoded (RFC 2279).  Because cookies can
	store personal information, the comment should describe how
	the cookie will be used so the client can decide whether to
	allow the cookie or not.  To cancel a comment, set it to [""].

	Cookie version 1 (RFC 2109).  *)
  val set_comment_url : t -> string -> unit
    (** [set_comment_url c url] same as {!Netcgi.Cookie.set_comment}
	except that the cookie comment is available on the page
	pointed by [url].  To cancel, set it to [""].

	Cookie version 1 (RFC 2965).  *)
  val set_ports : t -> int list option -> unit
    (** [set ports c (Some p)] says that the cookie [c] must only be
	returned if the server request comes from one of the listed
	ports.  If [p = []], the cookie will only be sent to the
	request-port it was received from.  [set_ports c None] says
	that the cookie may be sent to any port.

	Cookie version 1 (RFC 2965).  *)

  val of_netscape_cookie : Nethttp.netscape_cookie -> t
    (** Convert a Netscape cookie to the new representation *)

  val to_netscape_cookie : t -> Nethttp.netscape_cookie
    (** Convert to Netscape cookie (with information loss) *)
end





(** {2 The environment of a request} *)

type http_method =
    [`GET | `HEAD | `POST | `DELETE | `PUT]

type config = Netcgi_common.config = {
  tmp_directory : string;
  (** The directory where to create temporary files.  This should be
      an absolute path name. *)
  tmp_prefix : string;
  (** The name prefix for temporary files. This must be a non-empty
      string. It must not contain '/'.  *)

  permitted_http_methods : http_method list;
  (** The list of accepted HTTP methods *)
  permitted_input_content_types : string list;
  (** The list of accepted content types in requests.
      Content type parameters (like "charset") are ignored.
      If the list is empty, all content types are allowed. *)
  input_content_length_limit : int;
  (** The maximum size of the request, in bytes. *)
  max_arguments : int;
  (** The maximum number of CGI arguments *)
  workarounds : [ `MSIE_Content_type_bug | `Backslash_bug
                | `Work_around_MSIE_Content_type_bug
                | `Work_around_backslash_bug ] list;
  (** The list of enabled workarounds.

      - [`MSIE_Content_type_bug]

      - [`Backslash_bug] A common error in MIME implementations is not
      to escape backslashes in quoted string and comments.  This
      workaround mandates that backslashes are handled as normal
      characters.  This is important for e.g. DOS filenames because,
      in the absence of this, the wrongly encoded "C:\dir\file" will
      be decoded as "C:dirfile".

      Remark: [`Work_around_MSIE_Content_type_bug] and
      [`Work_around_backslash_bug] are deprecated versions of,
      respectively, [`MSIE_Content_type_bug] and [`Backslash_bug]. *)
  default_exn_handler : bool;
  (** Whether to catch exceptions raised by the script and display an
      error page.  This will keep the connector running even if your
      program has bugs in some of its components.  This will however
      also prevent a stack trace to be printed; if you want this turn
      this option off. *)
}

val default_config : config
  (** The default configuration is:
      - [tmp_directory]: {!Netsys_tmp.tmp_directory()}
      - [tmp_prefix]: "netcgi"
      - [permitted_http_methods]: [`GET], [`HEAD], [`POST].
      - [permitted_input_content_types]: ["multipart/form-data"],
      ["application/x-www-form-urlencoded"].
      - [input_content_length_limit]: [maxint] (i.e., no limit).
      - [max_arguments = 10000] (for security reasons)
      - [workarounds]: all of them.
      - [default_exn_handler]: set to [true].

      To create a custom configuration, it is recommended to use this syntax:
      {[
      let custom_config = { default_config with tmp_prefix = "my_prefix" }
      ]}
      (This syntax is also robust w.r.t. the possible addition of new
      config flields.) *)

(** The environment of a request consists of the information available
    besides the data sent by the user (as key-value pairs).  *)
class type cgi_environment =
object
  (** {3 CGI properties}

      The following properties are standardised by CGI.  The methods
      return [""] (or [None] in the case of the port number) when the
      property is not available.  *)

  method cgi_gateway_interface : string
  method cgi_server_name       : string
  method cgi_server_port       : int option
  method cgi_server_protocol   : string
  method cgi_server_software   : string
  method cgi_request_method    : string
    (** We recommend you to use the method {!Netcgi.cgi.request_method}
	which is more type-safe and informative. *)
  method cgi_script_name       : string
  method cgi_path_info         : string
  method cgi_path_translated   : string
  method cgi_auth_type         : string
  method cgi_remote_addr       : string
  method cgi_remote_host       : string
  method cgi_remote_user       : string
  method cgi_remote_ident      : string
  method cgi_query_string      : string
    (** This is the row query string.  The {!Netcgi.cgi} class gives
	you an easy access to the arguments through the [#arg...]
	methods.  *)

  method protocol : Nethttp.protocol
    (** The server protocol in a decoded form.  It can be either
        - [`Http((major,minor),attributes)] or
        - [`Other]. *)

  method cgi_property : ?default:string -> string -> string
    (** Returns a (possibly non-standard) CGI environment property.
        If the property is not set, [Not_found] is be raised unless
        the [default] argument is passed.  The [default] argument
        determines the result of the function in this case.

        The method takes the case-sensitive name and returns the value
        of the property. Usually, these properties have uppercase
        names.

        For example, [cgi_gateway_interface] returns the same as {[
        cgi_property ~default:"" "GATEWAY_INTERFACE" ]}

        You cannot access the fields coming from the HTTP header.  Use
        the method [input_header_field] instead.  *)

  method cgi_properties : (string * string) list
    (** Return all properties as an associative list. *)

  method cgi_https : bool
    (** A well-known extension is the HTTPS property.  It indicates
        whether a secure connection is used (SSL/TLS).  This method
        interprets this property and returns true if the connection is
        secure.  This method fails if there is a HTTPS property with
        an unknown value.  *)

  (** {3 Header of the incoming HTTP request.}  *)

  method input_header : Netmime.mime_header
    (** The whole HTTP header. *)
  method input_header_field : ?default:string -> string -> string
    (** [#input_header_field ?default f] returns the value of a field
        [f] of the HTTP request header.  The field name [f] is
        case-insensitive; if the name is a compound name, the parts
        are separated by "-", e.g. ["content-length"].  If there are
        several fields with the same name only the first field will be
        returned.

	@raise Not_found if the field does not exist, unless the
        [default] argument is passed.  The [default] argument is the
        result of the function in this case.  *)
  method multiple_input_header_field : string -> string list
    (** Returns the values of all fields with the passed name of the
        request header.  *)
  method input_header_fields : (string * string) list
    (** Returns the input header as (name,value) pairs.  The names may
        consist of lowercase or uppercase letters.  *)

  method cookie : string -> Cookie.t
    (** [#cookie cn] returns the cookie with name [cn].
        @raise Not_found if such a cookie does not exists. *)
  method cookies : Cookie.t list
    (** Returns the list of valid cookies found in the request header.
        Here "valid" means that the decode function does not raise an
        exception. *)

  method user_agent : string
    (** This is a convenience method that returns the ["User-agent"]
        field of the HTTP request header. *)
  method input_content_length : int
    (** Returns the ["Content-length"] request header field.
	@raise Not_found if it is not set.  *)
  method input_content_type_string : string
    (** Returns the ["Content-type"] request header field as a plain
        string or [""] if it is not set. *)
  method input_content_type :
    unit -> string * (string * Mimestring.s_param) list
    (** Returns the parsed ["Content-type"] request header field.
        @raise Not_found if it is not set.
        See also {!Mimestring.scan_mime_type_ep}. *)


  (** {3 Response header} *)

  method output_header : Netmime.mime_header
    (** The whole HTTP response header *)
  method output_header_field : ?default:string -> string -> string
    (** Returns the value of a field of the response header. If the
        field does not exist, [Not_found] will be raised unless the
        [default] argument is passed. The [default] argument determines
        the result of the function in this case.

        If there are several fields with the same name only the first
        field will be returned.

        The anonymous string is the name of the field.  The name is
        case-insensitive, and it does not matter whether it consists
        of lowercase or uppercase letters. If the name is a compound
        name, the parts are separated by "-", e.g. ["content-length"].
    *)
  method multiple_output_header_field : string -> string list
    (** Returns the values of all fields with the passed name of the
        repsonse header.  *)
  method output_header_fields : (string * string) list
    (** Returns the output header as (name,value) pairs.  The names may
        consist of lowercase or uppercase letters.  *)

  method set_output_header_field : string -> string -> unit
    (** Sets the value of a field of the response header.  The
        previous value, if any, is overwritten.  If there have been
        multiple values, all values will be removed and replaced by
        the single new value.  *)
  method set_multiple_output_header_field : string -> string list -> unit
    (** Sets multiple values of a field of the response header.  Any
        previous values are removed and replaced by the new values.
    *)
  method set_output_header_fields : (string * string) list -> unit
    (** Sets the complete response header at once. *)
  method set_status : Nethttp.http_status -> unit
    (** Sets the response status.  This is by definition the same as
	setting the [Status] output header field.  *)
  method send_output_header : unit -> unit
    (** This method will encode and send the output header to the
        output channel.  Note that of the output_channel is
        [`Transactionnal] (as opposed to [`Direct]), no output will
        actually take place before you issue [#commit_work()] -- thus
        a [#rollback_work()] will also rollback the headers as
        expected.  *)


  (** {3 The output channel transferring the response} *)

  method output_ch : Netchannels.out_obj_channel
    (** @deprecated Use [#out_channel] instead. *)

  method out_channel : Netchannels.out_obj_channel
    (** The "raw" output channel.  In general you should use instead
	{!Netcgi.cgi}[#out_channnel] which supports transactions (if you
	choose to).  Access to the "raw" channel is useful however,
	for example for sending images or download of files (for which
	transactions are not interesting but merely more work). *)

  (** {3 Logging} *)

  method log_error : string -> unit
    (** [#log_error msg] appends [msg] to the webserver log. *)


  (** {3 Miscellaneous} *)

  method config : config
    (** The configuration of the request. *)
end



(** {2 CGI object} *)

type other_url_spec = [ `Env | `This of string | `None ]
    (** Determines how an URL part is generated:
        - [`Env]: Take the value from the environment.
        - [`This v]: Use this value [v]. It must already be URL-encoded.
        - [`None]: Do not include this part into the URL.
    *)

type query_string_spec = [ `Env | `This of cgi_argument list | `None
                         | `Args of rw_cgi_argument list ]
    (** Determines how the query part of URLs is generated:
        - [`Env]: The query string of the current request.
        - [`This l]: The query string is created from the specified
                     argument list [l].
        - [`None]: The query string is omitted.
	- [`Args]: {i deprecated}, use [`This]
                   (left for backward compatibility).
    *)

type cache_control = [ `No_cache | `Max_age of int | `Unspecified ]
  (** This is only a small subset of the HTTP 1.1 cache control
      features, but they are usually sufficient, and they work for
      HTTP/1.0 as well.  The directives mean:

      - [`No_cache]: Caches are disabled.  The following headers are
      sent: [Cache-control: no-cache], [Pragma: no-cache], [Expires:]
      (now - 1 second). Note that many versions of Internet Explorer
      have problems to process non-cached contents when TLS/SSL is
      used to transfer the file. Use [`Max_age] in such cases (see
      http://support.microsoft.com/kb/316431).

      - [`Max_age n]: Caches are allowed to store a copy of the
      response for [n] seconds.  After that, the response must be
      revalidated.  The following headers are sent: [Cache-control:
      max-age n], [Cache-control: must-revalidate], [Expires:] (now +
      [n] seconds)

      - [`Unspecified]: No cache control header is added to the
      response.

      Notes:
      - Cache control directives only apply to GET requests; POST
      requests are never cached.
      - Not only proxies are considered as cache, but also the local
      disk cache of the browser.
      - HTTP/1.0 did not specify cache behaviour as strictly as
      HTTP/1.1 does.  Because of this the [Pragma] and [Expires]
      headers are sent, too.  These fields are not interpreted by
      HTTP/1.1 clients because [Cache-control] has higher precedence.
  *)



(** Object symbolizing a CGI-like request/response cycle.

    This is the minimal set of services a connector must provide.
    Additional methods may be defined for specific connectors.  *)
class type cgi =
object
  (** {3 Arguments -- data sent to the script} *)

  method argument : string -> cgi_argument
    (** [#argument name] returns the value of the argument named [name].
        If the argument appears several times, only one of its
        instances is used.
        @raise Not_found if no such argument exists. *)
  method argument_value : ?default:string -> string -> string
    (** [#argument_value] returns the value of the argument as a
        string.  If the argument does not exist, the [default] is
        returned.  @param default defaults to [""].  *)
  method argument_exists : string -> bool
    (** [#argument_exists] returns [false] if the named parameter is
        missing and [true] otherwise.  *)
  method multiple_argument : string -> cgi_argument list
    (** [#multiple_argument name] returns all the values of the
	argument named [name]. *)
  method arguments : cgi_argument list
    (** The complete list of arguments. *)

  method environment : cgi_environment
    (** The environment object.  This object is the "outer layer" of the
        activation object that connects it with real I/O channels.  *)
  method request_method : [ `GET | `HEAD | `POST | `DELETE
                          | `PUT of cgi_argument]
    (** The HTTP method used to make the request. *)

  method finalize  : unit -> unit
    (** This method calls [#finalize] for every CGI argument
        (including the possible one of PUT) to ensure that all files
        are deleted.  It also executes all functions registered with
        [#at_exit].  It does not close the in/out channels, however.
        This method is not registered in the garbage collector, and it
        is a bad idea to do so.  However, all connectors offered in
        Netcgi automatically call [#finalize] at the end of the
        request cycle (even when its terminated by an uncaught exception
        when [#config.default_exn_handler] is true) so you do not have
        to worry much about calling it yourself.  *)


  (** {3 Self-referencing URL} *)

  method url : ?protocol:Nethttp.protocol ->
               ?with_authority:other_url_spec ->        (* default: `Env *)
               ?with_script_name:other_url_spec ->      (* default: `Env *)
               ?with_path_info:other_url_spec ->        (* default: `Env *)
               ?with_query_string:query_string_spec ->  (* default: `None *)
               unit -> string
    (** Returns the URL of the current CGI-like script.  (Note that it
	may differ from the actual URL that requested the script if,
	for example, rewriting rules were specified in the web server
	configuration.)

        @param protocol The URL scheme.  By default, the URL scheme is
        used that is described in the environment

        @param with_authority Whether to include authority part
        (e.g. http or https) of the URL, and if yes, from which
        source.  Default: [`Env].

        @param with_script_name Whether to include the part of the URL
        path identifying the CGI script, and if yes, from which
        source.  Default: [`Env].

        @param with_path_info Whether to include the rest of the URL
        path exceeding the script name, and if yes, from which source.
        Default: [`Env].

        @param with_query_string Whether to include a query string,
        and if yes, which one.  Only arguments with [#store] being
        [`Memory] will be added.  Default: [`None], i.e. no query
        string.  *)


  (** {3 Outputting} *)

  method set_header :
    ?status:Nethttp.http_status ->
    ?content_type:string ->
    ?content_length:int ->
    ?set_cookie:Nethttp.cookie list ->
    ?set_cookies:Cookie.t list ->
    ?cache:cache_control ->
    ?filename:string ->
    ?language:string ->
    ?script_type:string ->
    ?style_type:string ->
    ?fields:(string * string list) list ->
    unit -> unit
    (** Sets the header (removing any previous one).  When the output
        channel supports transactions, it is possible to set the
        header (possibly several times) until the [#out_channel] is
        commited for the first time or [#env#send_output_header()] is
        called.  When there is no support for transactions, the header
        must be set before the first byte of output is written.

        If [#set_header] is called a second time, it will overwrite
        {i all} the header fields.

        @param status Sets the HTTP status of the reply according to
	{{:http://www.w3.org/Protocols/rfc2616}RFC 2616}.  Defaults to
	"no status", but the server normally complements an [`Ok]
	status in this case.

        @param content_type Sets the content type.
	Defaults to ["text/html"].

	@param content_length Sets the content length (in bytes).
	Default: No such field.

	@param set_cookie Deprecated, use [set_cookies].

        @param set_cookies Sets a number of cookies.  Default: [[]].
	Remember that the browser may not support more than 20 cookies
	per web server.  You can query the cookies using [env#cookies]
	and [env#cookie].  If you set cookies, you want to think about
	an appropriate [cache] setting.  You may also want to add a
	{{:http://www.w3.org/P3P/}P3P} header (Platform for Privacy
	Preferences) -- otherwise your cookies may be discarded by
	some browsers.

        @param cache Sets the cache behavior for replies to GET
        requests.  The default is [`Unspecified].  {b It is strongly
        recommended to specify the caching behaviour!!!} You are on
        the safe side with [`No_cache], forcing every page to be
        regenerated. If your data do not change frequently, [`Max_age
        n] tells the caches to store the data at most [n] seconds.

        @param filename Sets the filename associated with the page.
        This filename is taken for the "save as..."  dialog.  Default:
        [""], i.e. no filename.  Note: It is bad practice if the
        filename contains problematic characters (backslash, double
        quote, space), or the names of directories.  It is recommended
        that you set [content_type] to "application/octet-stream" for
        this feture to work with most browsers and, if possible, to
        set [content_length] because that usually improves the
        download dialog.)

        @param script_type Sets the language of the script tag (for
        HTML replies).  It is recommended to use this field if there
        are [ONXXX] attributes containing scripts before the first
        [<SCRIPT>] element, because you cannot specify the script
        language for the [ONXXX] attributes otherwise.  [script_type]
        must be a media type, e.g. "text/javascript".  Default: no
        language is specified.

        @param style_type Sets the language of the style tag (for
        HTML replies).  It is recommended to use this field if there
        are [STYLE] attributes containing scripts before the first
        [<STYLE>] element, because you cannot specify the style
        language for the [STYLE] attributes otherwise.  [style_type]
        must be a media type, e.g. "text/css".  Default: no language
        is specified.

        @param fields Sets additional fields of the header.  Default: [[]].
    *)
  method set_redirection_header :
    ?set_cookies:Cookie.t list ->
    ?fields:(string * string list) list ->
    string -> unit
    (** Sets the header such that a redirection to the specified URL
        is performed.  If the URL begins with "http:" the redirection
        directive is passed back to the client, and the client will
        repeat the request for the new location (with a GET method).
        If the URL begins with "/", the server performs the
        redirection, and it is invisible for the client.  *)

  method output : Netchannels.trans_out_obj_channel
    (** @deprecated Use [#out_channel] instead. *)

  method out_channel : Netchannels.trans_out_obj_channel
    (** The output channel to which the generated content is intended
        to be written.  The header is not stored in this channel, so
        [#pos_out] returns the size of the DATA in bytes (useful to
        set Content-Length).  Note that HEAD requests must not send
        back a message body so, in this case, all data sent to this
        channel is discarded.  This allows your scripts to work
        unmodified for GET, POST and HEAD requests.

        The output channel may have transactional semantics, and
        because of this, it is an [trans_out_obj_channel].
        Implementations are free to support transactions or not.

        After all data have been written, the method [#commit_work()]
        {b must} be called, even if there is no support for
        transactions.

        Simple Example:
        {[
        cgi # out_channel # output_string "Hello world!\n";
        cgi # out_channel # commit_work()
        ]}

        Example for an error handler and a transaction buffer: If an
        error happens, it is possible to roll the channel back, and to
        write the error message.
        {[
        try
          cgi # set_header ... ();
          cgi # out_channel # output_string "Hello World!"; ...
          cgi # out_channel # commit_work();
        with err ->
          cgi # out_channel # rollback_work();
          cgi # set_header ... ();
          cgi # out_channel # output_string "Software error!"; ...
          cgi # out_channel # commit_work();
        ]}
    *)

  (* later:
     method send_mime_message : mime_message -> unit
     method begin_multipart_message : XXX -> unit
     method end_multipart_message : XXX -> unit
  *)


  method at_exit : (unit -> unit) -> unit
    (** [#at_exit f] registers the function [f] to be executed when
	[#finalize] is called (which is done automatically when the
	request finishes).  The functions are executed in the reverse
	order in which they were registered. *)
end


class type cgi_activation = cgi
  (** Alternate, more descriptive name for [cgi] *)




(** {2 Connectors} *)

type output_type =
  [ `Direct of string
  | `Transactional of config ->
      Netchannels.out_obj_channel -> Netchannels.trans_out_obj_channel
  ]
  (** The ouput type determines how generated data is buffered.
      - [`Direct sep]: Data written to the output channel of the
        activation object is not collected in a transaction buffer, but
        directly sent to the browser (the normal I/O buffering is still
        active, however, so call [#flush] to ensure that data is really
        sent).  The method [#commit_work] of the output channel is the
        same as [#flush].  The method [#rollback_work] causes that the
        string [sep] is sent, meant as a separator between the already
        generated output, and the now following error message.

      - [`Transactional f]: A transactional channel [tc] is created
        from the real output channel [ch] by calling [f cfg ch] (here,
        [cfg] is the CGI configuration).  The channel [tc] is propagated
        as the output channel of the activation object. This means that
        the methods [commit_work] and [rollback_work] are implemented by
        [tc], and the intended behaviour is that data is buffered in a
        special transaction buffer until [commit_work] is called.  This
        invocation forces the buffered data to be sent to the
        browser. If, however, [rollback_work] is called, the buffer is
        cleared.

      Two important examples for [`Transactional] are:
      - The transaction buffer is implemented in memory:
      {[
      let buffered _ ch = new Netchannels.buffered_trans_channel ch in
      `Transactional buffered
      ]}
      - The transaction buffer is implemented as an external file:
      {[
      `Transactional(fun _ ch -> new Netchannels.tempfile_output_channel ch)
      ]}
  *)


val buffered_transactional_outtype : output_type
  (** The [output_type] implementing transactions with a RAM-based buffer *)

val buffered_transactional_optype : output_type
  (** {b Deprecated} name for [buffered_transactional_outtype] *)

val tempfile_transactional_outtype : output_type
  (** The [output_type] implementing transactions with a tempfile-based
      buffer
   *)

val tempfile_transactional_optype : output_type
  (** {b Deprecated} name for [tempfile_transactional_outtype] *)


type arg_store = cgi_environment -> string -> Netmime.mime_header_ro ->
  [ `Memory | `File | `Automatic | `Discard
  | `Memory_max of float | `File_max of float | `Automatic_max of float]
    (** This is the type of functions [arg_store] so that [arg_store env
        name header] tells whether to [`Discard] the argument or to
        store it into a [`File] or in [`Memory].  The parameters passed
        to [arg_store] are as follows:

        - [env] is the CGI environment.  Thus, for example, you can have
        different policies for different [cgi_path_info].

        - [name] is the name of the argument.

        - [header] is the MIME header of the argument (if any).

        Any exception raised by [arg_store] will be treated like if it
        returned [`Discard].  Note that the [`File] will be treated
        like [`Memory] except for [`POST] "multipart/form-data" and
        [`PUT] queries.

        [`Automatic] means to store it into a file if the header
        contains a file name and otherwise in memory (strictly
        speaking [`Automatic] is not necessary since [arg_store] can
        check the header but is provided for your convenience).

        [`Memory_max] (resp. [`File_max], resp. [`Automatic_max]) is
        the same as [`Memory] (resp. [`File], resp. [`Automatic])
        except that the parameter indicates the maximum size in kB of
        the argument value.  If the size is bigger, the
        {!Netcgi.cgi_argument} methods [#value] and [#open_value_rd]
        methods will raise {!Netcgi.Argument.Oversized}.

        Remark: this allows for fine grained size constraints while
        {!Netcgi.config}[.input_content_length_limit] option is a
        limit on the size of the entire request.  *)


type exn_handler = cgi_environment -> (unit -> unit) -> unit
  (** A function of type [exn_handler] allows to define a custom
      handler of uncaught exceptions raised by the [unit -> unit]
      parameter.  A typical example of [exn_handler] is as follows:
      {[
      let exn_handler env f =
        try f()
        with
        | Exn1 -> (* generate error page *)
            env#set_output_header_fields [...];
            env#send_output_header();
            env#out_channel#output_string "...";
            env#out_channel#close_out()
        | ...
      ]} *)

type connection_directive =
    [ `Conn_close | `Conn_close_linger | `Conn_keep_alive
    | `Conn_error of exn
    ]
  (** Directive how to go on with the current connection:
    * - [`Conn_close]: Just shut down and close descriptor
    * - [`Conn_close_linger]: Linger, shut down, and close descriptor
    * - [`Conn_keep_alive]: Check for another request on the same connection
    * - [`Conn_error e]: Shut down and close descriptor, and handle the
    *   exception [e]
   *)


(** Specific connectors can be found in separate modules.  For example:

    - {!Netcgi_cgi}:  classical CGI.
    - {!Netcgi_fcgi}: FastCGI protocol.
    - {!Netcgi_ajp}:  AJP 1.3 connector (JSERV protocol).
    - {!Netcgi_mod}:  connector binding to Apache API.
    - {!Netcgi_scgi}: SCGI connector.
    - {!Netcgi_test}: special "connector" to test your code.

    A typical use is as follows:
    {[
    open Netcgi

    let main (cgi:cgi) =
       let arg = cgi#argument_value "name" in
       ...
       cgi#out_channel#commit_work()

    let () =
      let buffered _ ch = new Netchannels.buffered_trans_channel ch in
      Netcgi_cgi.run ~output_type:(`Transactional buffered) main
    ]}
*)



(*
  Local Variables:
  mode: outline-minor
  outline-regexp: " *\\(val\\|module\\|class\\|type\\) "
  End:
*)