From 18dd5aface1c3f21a3c2c1d5e35a59279212a4f2 Mon Sep 17 00:00:00 2001
From: colin <colin@cicadas.surf>
Date: Sat, 17 Aug 2024 08:46:04 -0700
Subject: Add check-request-compliance method and get-header function

---
 src/endpoint.lisp |  1 +
 src/package.lisp  |  2 ++
 src/protocol.lisp | 16 ++++++++++++++++
 3 files changed, 19 insertions(+)

(limited to 'src')

diff --git a/src/endpoint.lisp b/src/endpoint.lisp
index 5c2a386..00f681f 100644
--- a/src/endpoint.lisp
+++ b/src/endpoint.lisp
@@ -386,6 +386,7 @@ the ;."
         (content-type
           (content-type class)))
     (lambda ()
+      (check-request-compliance class)
       (setf (http:content-type*) content-type)
       (handle (instantiate-endpoint class init-slots)))))
 
diff --git a/src/package.lisp b/src/package.lisp
index 1d12ea4..1563c07 100644
--- a/src/package.lisp
+++ b/src/package.lisp
@@ -13,6 +13,7 @@
    (#:mop #:closer-mop))
   (:export
    ;; HANDLER PROTOCOL
+   #:check-request-compliance
    #:authenticate                       
    #:authorize
    #:handle
@@ -23,6 +24,7 @@
    #:endpoint-redirect
    #:route-to
    #:get-cookie
+   #:get-header
    #:err
 
    ;; re-exports
diff --git a/src/protocol.lisp b/src/protocol.lisp
index f94364a..74019b1 100644
--- a/src/protocol.lisp
+++ b/src/protocol.lisp
@@ -101,6 +101,17 @@ that the request has insufficient permissions to evoke the endpoint handler. "))
 
 ;;; HANDLER PROTOCOL
 
+(defgeneric check-request-compliance (endpoint-instance-class)
+  (:documentation "This function is called before instances the endpoint class are
+created; This occurrs before the HTTP request's body has been
+read. All request headers are available for inspection.  
+
+This is meant to enforce higher-level or server-wide policies, such as
+on the size of request bodies.")
+  (:method ((epclass symbol))
+    (check-request-compliance (find-class epclass)))
+  (:method ((epclass t))))
+
 (defgeneric authenticate (endpoint)
   (:documentation "Returns a boolean. Any protected endpoint should implement
 this. Called before handling, should be used to supply
@@ -161,6 +172,11 @@ AUTHORIZE while handling endpoint-class instance EP."
   "Returns the cookie with name NAME the actively"
   (http:cookie-in name))
 
+(defun get-header (name)
+  "Returns the string value of the header named NAME, which can be a
+string or keyword."
+  (http:header-in* name))
+
 (define-condition request-error (error)
   ((content :reader error-content :initarg :content :initform "Bad Request")
    (mimetype :reader error-content-mimetype :initarg :mimetype :initform "text/plain")
-- 
cgit v1.2.3