1 /**
2 	Implements a declarative framework for building web interfaces.
3 
4 	This module contains the sister funtionality to the $(D vibe.web.rest)
5 	module. While the REST interface generator is meant for stateless
6 	machine-to-machine communication, this module aims at implementing
7 	user facing web services. Apart from that, both systems use the same
8 	declarative approach.
9 
10 	See $(D registerWebInterface) for an overview of how the system works.
11 
12 	Copyright: © 2013-2016 Sönke Ludwig
13 	License: Subject to the terms of the MIT license, as written in the included LICENSE.txt file.
14 	Authors: Sönke Ludwig
15 */
16 module vibe.web.web;
17 
18 public import vibe.internal.meta.funcattr : PrivateAccessProxy, before, after;
19 public import vibe.web.common;
20 public import vibe.web.i18n;
21 public import vibe.web.validation;
22 
23 import vibe.core.core;
24 import vibe.inet.url;
25 import vibe.http.common;
26 import vibe.http.router;
27 import vibe.http.server;
28 import vibe.http.websockets;
29 import vibe.web.auth : AuthInfo, handleAuthentication, handleAuthorization, isAuthenticated;
30 
31 import std.encoding : sanitize;
32 
33 /*
34 	TODO:
35 		- conversion errors of path place holder parameters should result in 404
36 		- support format patterns for redirect()
37 */
38 
39 
40 /**
41 	Registers a HTTP/web interface based on a class instance.
42 
43 	Each public method of the given class instance will be mapped to a HTTP
44 	route. Property methods are mapped to GET/PUT and all other methods are
45 	mapped according to their prefix verb. If the method has no known prefix,
46 	POST is used. The rest of the name is mapped to the path of the route
47 	according to the given `method_style`. Note that the prefix word must be
48 	all-lowercase and is delimited by either an upper case character, a
49 	non-alphabetic character, or the end of the string.
50 
51 	The following table lists the mappings from prefix verb to HTTP verb:
52 
53 	$(TABLE
54 		$(TR $(TH HTTP method) $(TH Recognized prefixes))
55 		$(TR $(TD GET)	  $(TD get, query))
56 		$(TR $(TD PUT)    $(TD set, put))
57 		$(TR $(TD POST)   $(TD add, create, post))
58 		$(TR $(TD DELETE) $(TD remove, erase, delete))
59 		$(TR $(TD PATCH)  $(TD update, patch))
60 	)
61 
62 	Method parameters will be sourced from either the query string
63 	or form data of the request, or, if the parameter name has an underscore
64 	prefixed, from the $(D vibe.http.server.HTTPServerRequest.params) map.
65 
66 	The latter can be used to inject custom data in various ways. Examples of
67 	this are placeholders specified in a `@path` annotation, values computed
68 	by a `@before` annotation, error information generated by the
69 	`@errorDisplay` annotation, or data injected manually in a HTTP method
70 	handler that processed the request prior to passing it to the generated
71 	web interface handler routes.
72 
73 	Methods that return a $(D class) or $(D interface) instance, instead of
74 	being mapped to a single HTTP route, will be mapped recursively by
75 	iterating the public routes of the returned instance. This way, complex
76 	path hierarchies can be mapped to class hierarchies.
77 
78 	Parameter_conversion_rules:
79 		For mapping method parameters without a prefixed underscore to
80 		query/form fields, the following rules are applied:
81 
82 		$(UL
83 			$(LI A dynamic array of values is mapped to
84 				`<parameter_name>_<index>`, where `index`
85 				denotes the zero based index of the array entry. Any missing
86 				indexes will be left as their `init` value. Arrays can also be
87 				passed without indexes using the name `<parameter_name>_`. They
88 				will be added in the order they appear in the form data or
89 				query. Mixed styles can also be used, non-indexed elements will
90 				be used to fill in missing indexes, or appended if no missing
91 				index exists. Duplicate indexes are ignored)
92 			$(LI A static array of values is mapped identically to dynamic
93 				arrays, except that all elements must be present in the query
94 				or form data, and indexes or non-indexed data beyond the size
95 				of the array is ignored.)
96 			$(LI $(D Nullable!T) typed parameters, as well as parameters with
97 				default values, are optional parameters and are allowed to be
98 				missing in the set of form fields. All other parameter types
99 				require the corresponding field to be present and will result
100 				in a runtime error otherwise.)
101 			$(LI $(D struct) type parameters that don't define a $(D fromString)
102 				or a $(D fromStringValidate) method will be mapped to one
103 				form field per struct member with a scheme similar to how
104 				arrays are treated: `<parameter_name>_<member_name>`)
105 			$(LI Boolean parameters will be set to $(D true) if a form field of
106 				the corresponding name is present and to $(D false) otherwise.
107 				This is compatible to how check boxes in HTML forms work.)
108 			$(LI All other types of parameters will be converted from a string
109 				by using the first available means of the following:
110 				a static $(D fromStringValidate) method, a static $(D fromString)
111 				method, using $(D std.conv.to!T).)
112 			$(LI Any of these rules can be applied recursively, so that it is
113 				possible to nest arrays and structs appropriately. Note that
114 				non-indexed arrays used recursively will be ignored because of
115 				the nature of that mechanism.)
116 		)
117 
118 	Special_parameters:
119 		$(UL
120 			$(LI A parameter named $(D __error) will be populated automatically
121 				with error information, when an $(D @errorDisplay) attribute
122 				is in use.)
123 			$(LI An $(D InputStream) typed parameter will receive the request
124 				body as an input stream. Note that this stream may be already
125 				emptied if the request was subject to certain body parsing
126 				options. See $(D vibe.http.server.HTTPServerOption).)
127 			$(LI Parameters of types $(D vibe.http.server.HTTPServerRequest),
128 				$(D vibe.http.server.HTTPServerResponse),
129 				$(D vibe.http.common.HTTPRequest) or
130 				$(D vibe.http.common.HTTPResponse) will receive the
131 				request/response objects of the invoking request.)
132 			$(LI If a parameter of the type `WebSocket` is found, the route
133 				is registered as a web socket endpoint. It will automatically
134 				upgrade the connection and pass the resulting WebSocket to
135 				the connection.)
136 		)
137 
138 
139 	Supported_attributes:
140 		The following attributes are supported for annotating methods of the
141 		registered class:
142 
143 		$(D @before), $(D @after), $(D @errorDisplay),
144 		$(D @vibe.web.common.method), $(D @vibe.web.common.path),
145 		$(D @vibe.web.common.contentType)
146 
147 		The `@path` attribute can also be applied to the class itself, in which
148 		case it will be used as an additional prefix to the one in
149 		`WebInterfaceSettings.urlPrefix`.
150 
151 		The $(D @nestedNameStyle) attribute can be applied only to the class
152 		itself. Applying it to a method is not supported at this time.
153 
154 	Supported return types:
155 		$(UL
156 			$(LI $(D vibe.data.json.Json))
157 			$(LI $(D const(char)[]))
158 			$(LI $(D void))
159 			$(LI $(D const(ubyte)[]))
160 			$(LI $(D vibe.core.stream.InputStream))
161 		)
162 
163 	Params:
164 		router = The HTTP router to register to
165 		instance = Class instance to use for the web interface mapping
166 		settings = Optional parameter to customize the mapping process
167 */
168 URLRouter registerWebInterface(C : Object, MethodStyle method_style = MethodStyle.lowerUnderscored)(URLRouter router, C instance, WebInterfaceSettings settings = null)
169 {
170 	import std.algorithm : endsWith;
171 	import std.traits;
172 	import vibe.internal.meta.uda : findFirstUDA;
173 
174 	if (!settings) settings = new WebInterfaceSettings;
175 
176 	string url_prefix = settings.urlPrefix;
177 	enum cls_path = findFirstUDA!(PathAttribute, C);
178 	static if (cls_path.found) {
179 		url_prefix = concatURL(url_prefix, cls_path.value, true);
180 	}
181 
182 	foreach (M; __traits(allMembers, C)) {
183 		/*static if (isInstanceOf!(SessionVar, __traits(getMember, instance, M))) {
184 			__traits(getMember, instance, M).m_getContext = toDelegate({ return s_requestContext; });
185 		}*/
186 
187 		// Ignore special members, such as ctor, dtors, postblit, and opAssign,
188 		// and object default methods and fields.
189 		// See https://github.com/vibe-d/vibe.d/issues/2438
190 		static if (M != "__ctor" && M != "__dtor" && M != "__xdtor" && M != "this"
191 				   && M != "__postblit" && M != "__xpostblit" && M != "opAssign"
192 				   && !is(typeof(__traits(getMember, Object, M))))
193 		{
194 			foreach (overload; __traits(getOverloads, C, M)) {
195 				static if (isPublic!overload) {
196 					alias RT = ReturnType!overload;
197 					enum minfo = extractHTTPMethodAndName!(overload, true)();
198 					enum url = minfo.hadPathUDA ? minfo.url : adjustMethodStyle(minfo.url, method_style);
199 
200 					static if (findFirstUDA!(NoRouteAttribute, overload).found) {
201 						import vibe.core.log : logDebug;
202 						logDebug("Method %s.%s annotated with @noRoute - not generating a route entry.", C.stringof, M);
203 					} else static if (is(RT == class) || is(RT == interface)) {
204 						// nested API
205 						static assert(
206 							ParameterTypeTuple!overload.length == 0,
207 							"Instances may only be returned from parameter-less functions ("~M~")!"
208 						);
209 						auto subsettings = settings.dup;
210 						subsettings.urlPrefix = concatURL(url_prefix, url, true);
211 						registerWebInterface!RT(router, __traits(getMember, instance, M)(), subsettings);
212 					} else {
213 						auto fullurl = concatURL(url_prefix, url);
214 						router.match(minfo.method, fullurl, (HTTPServerRequest req, HTTPServerResponse res) @trusted {
215 							handleRequest!(M, overload)(req, res, instance, settings);
216 						});
217 						if (settings.ignoreTrailingSlash && !fullurl.endsWith("*") && fullurl != "/") {
218 							auto m = fullurl.endsWith("/") ? fullurl[0 .. $-1] : fullurl ~ "/";
219 							router.match(minfo.method, m, delegate void (HTTPServerRequest req, HTTPServerResponse res) @safe {
220 								static if (minfo.method == HTTPMethod.GET) {
221 									URL redurl = req.fullURL;
222 									auto redpath = redurl.path;
223 									redpath.endsWithSlash = !redpath.endsWithSlash;
224 									redurl.path = redpath;
225 									res.redirect(redurl);
226 								} else {
227 									() @trusted { handleRequest!(M, overload)(req, res, instance, settings); } ();
228 								}
229 							});
230 						}
231 					}
232 				}
233 			}
234 		}
235 	}
236 	return router;
237 }
238 
239 
240 /**
241 	Gives an overview of the basic features. For more advanced use, see the
242 	example in the "examples/web/" directory.
243 */
244 unittest {
245 	import vibe.http.router;
246 	import vibe.http.server;
247 	import vibe.web.web;
248 
249 	class WebService {
250 		private {
251 			SessionVar!(string, "login_user") m_loginUser;
252 		}
253 
254 		@path("/")
255 		void getIndex(string _error = null)
256 		{
257 			header("Access-Control-Allow-Origin", "Access-Control-Allow-Origin: *");
258 			//render!("index.dt", _error);
259 		}
260 
261 		// automatically mapped to: POST /login
262 		@errorDisplay!getIndex
263 		void postLogin(string username, string password)
264 		{
265 			enforceHTTP(username.length > 0, HTTPStatus.forbidden,
266 				"User name must not be empty.");
267 			enforceHTTP(password == "secret", HTTPStatus.forbidden,
268 				"Invalid password.");
269 			m_loginUser = username;
270 			redirect("/profile");
271 		}
272 
273 		// automatically mapped to: POST /logout
274 		void postLogout()
275 		{
276 			terminateSession();
277 			status(201);
278 			redirect("/");
279 		}
280 
281 		// automatically mapped to: GET /profile
282 		void getProfile()
283 		{
284 			enforceHTTP(m_loginUser.length > 0, HTTPStatus.forbidden,
285 				"Must be logged in to access the profile.");
286 			//render!("profile.dt")
287 		}
288 	}
289 
290 	void run()
291 	{
292 		auto router = new URLRouter;
293 		router.registerWebInterface(new WebService);
294 
295 		auto settings = new HTTPServerSettings;
296 		settings.port = 8080;
297 		listenHTTP(settings, router);
298 	}
299 }
300 
301 
302 /**
303 	Renders a Diet template file to the current HTTP response.
304 
305 	This function is equivalent to `vibe.http.server.render`, but implicitly
306 	writes the result to the response object of the currently processed
307 	request.
308 
309 	Note that this may only be called from a function/method
310 	registered using `registerWebInterface`.
311 
312 	In addition to the vanilla `render` function, this one also makes additional
313 	functionality available within the template:
314 
315 	$(UL
316 		$(LI The `req` variable that holds the current request object)
317 		$(LI If the `@translationContext` attribute us used, enables the
318 		     built-in i18n support of Diet templates)
319 	)
320 */
321 template render(string diet_file, ALIASES...) {
322 	void render(string MODULE = __MODULE__, string FUNCTION = __FUNCTION__)()
323 	{
324 		import vibe.web.i18n;
325 		import vibe.internal.meta.uda : findFirstUDA;
326 		mixin("static import "~MODULE~";");
327 
328 		alias PARENT = typeof(__traits(parent, mixin(FUNCTION)).init);
329 		enum FUNCTRANS = findFirstUDA!(TranslationContextAttribute, mixin(FUNCTION));
330 		enum PARENTTRANS = findFirstUDA!(TranslationContextAttribute, PARENT);
331 		static if (FUNCTRANS.found) alias TranslateContext = FUNCTRANS.value.Context;
332 		else static if (PARENTTRANS.found) alias TranslateContext = PARENTTRANS.value.Context;
333 
334 		assert(s_requestContext.req !is null, "render() used outside of a web interface request!");
335 		auto req = s_requestContext.req;
336 
337 		struct TranslateCTX(string lang)
338 		{
339 			version (Have_diet_ng) {
340 				import diet.traits : dietTraits;
341 				@dietTraits static struct diet_translate__ {
342 					static string translate(string key, string context=null) { return tr!(TranslateContext, lang)(key, context); }
343 				}
344 			} else static string diet_translate__(string key,string context=null) { return tr!(TranslateContext, lang)(key, context); }
345 
346 			void render()
347 			{
348 				vibe.http.server.render!(diet_file, req, ALIASES, diet_translate__)(s_requestContext.res);
349 			}
350 		}
351 
352 		static if (is(TranslateContext) && languageSeq!TranslateContext.length) {
353 			switch (s_requestContext.language) {
354 				default:
355 				mixin({
356 					string ret;
357 					foreach (lang; TranslateContext.languages)
358 						ret ~= "case `" ~ lang ~ "`: {
359 							TranslateCTX!`" ~ lang ~ "` renderctx;
360 							renderctx.render();
361 							return;
362 							}";
363 					return ret;
364 				}());
365 			}
366 		} else {
367 			vibe.http.server.render!(diet_file, req, ALIASES)(s_requestContext.res);
368 		}
369 	}
370 }
371 
372 
373 /**
374 	Redirects to the given URL.
375 
376 	The URL may either be a full URL, including the protocol and server
377 	portion, or it may be the local part of the URI (the path and an
378 	optional query string). Finally, it may also be a relative path that is
379 	combined with the path of the current request to yield an absolute
380 	path.
381 
382 	Note that this may only be called from a function/method
383 	registered using registerWebInterface.
384 */
385 void redirect(string url, int status = HTTPStatus.found)
386 @safe {
387 	import std.algorithm : canFind, endsWith, startsWith;
388 
389 	auto ctx = getRequestContext();
390 	URL fullurl;
391 	if (url.startsWith("/")) {
392 		fullurl = ctx.req.fullURL;
393 		fullurl.localURI = url;
394 	} else if (url.canFind(":")) { // TODO: better URL recognition
395 		fullurl = URL(url);
396 	} else  if (ctx.req.fullURL.path.endsWithSlash) {
397 		fullurl = ctx.req.fullURL;
398 		fullurl.localURI = fullurl.path.toString() ~ url;
399 	} else {
400 		fullurl = ctx.req.fullURL.parentURL;
401 		assert(fullurl.localURI.endsWith("/"), "Parent URL not ending in a slash?!");
402 		fullurl.localURI = fullurl.localURI ~ url;
403 	}
404 	ctx.res.redirect(fullurl, status);
405 }
406 
407 /// ditto
408 void redirect(URL url, int status = HTTPStatus.found)
409 @safe {
410 	redirect(url.toString, status);
411 }
412 
413 ///
414 @safe unittest {
415 	import vibe.data.json : Json;
416 
417 	class WebService {
418 		// POST /item
419 		void postItem() {
420 			redirect("/item/1");
421 		}
422 	}
423 
424 	void run()
425 	{
426 		auto router = new URLRouter;
427 		router.registerWebInterface(new WebService);
428 
429 		auto settings = new HTTPServerSettings;
430 		settings.port = 8080;
431 		listenHTTP(settings, router);
432 	}
433 }
434 
435 /**
436 	Sets a response header.
437 
438 	Params:
439 		name = name of the header to set
440 		value = value of the header to set
441 
442 	Note that this may only be called from a function/method
443 	registered using registerWebInterface.
444 */
445 void header(string name, string value)
446 @safe {
447 	getRequestContext().res.headers[name] = value;
448 }
449 
450 ///
451 @safe unittest {
452 	import vibe.data.json : Json;
453 
454 	class WebService {
455 		// POST /item
456 		Json postItem() {
457 			header("X-RateLimit-Remaining", "59");
458 			return Json(["id": Json(100)]);
459 		}
460 	}
461 
462 	void run()
463 	{
464 		auto router = new URLRouter;
465 		router.registerWebInterface(new WebService);
466 
467 		auto settings = new HTTPServerSettings;
468 		settings.port = 8080;
469 		listenHTTP(settings, router);
470 	}
471 }
472 
473 /**
474 	Sets the response status code.
475 
476 	Params:
477 		statusCode = the HTTPStatus code to send to the client
478 
479 	Note that this may only be called from a function/method
480 	registered using registerWebInterface.
481 */
482 void status(int statusCode) @safe
483 in
484 {
485 	assert(100 <= statusCode && statusCode < 600);
486 }
487 do
488 {
489 	getRequestContext().res.statusCode = statusCode;
490 }
491 
492 ///
493 @safe unittest {
494 	import vibe.data.json : Json;
495 
496 	class WebService {
497 		// POST /item
498 		Json postItem() {
499 			status(HTTPStatus.created);
500 			return Json(["id": Json(100)]);
501 		}
502 	}
503 
504 	void run()
505 	{
506 		auto router = new URLRouter;
507 		router.registerWebInterface(new WebService);
508 
509 		auto settings = new HTTPServerSettings;
510 		settings.port = 8080;
511 		listenHTTP(settings, router);
512 	}
513 }
514 
515 /**
516 	Returns the agreed upon language.
517 
518 	Note that this may only be called from a function/method
519 	registered using registerWebInterface.
520 */
521 @property string language() @safe
522 {
523 	return getRequestContext().language;
524 }
525 
526 /**
527 	Returns the current request.
528 
529 	Note that this may only be called from a function/method
530 	registered using registerWebInterface.
531 */
532 @property HTTPServerRequest request() @safe
533 {
534 	return getRequestContext().req;
535 }
536 
537 ///
538 @safe unittest {
539 	void requireAuthenticated()
540 	{
541 		auto authorization = "Authorization" in request.headers;
542 
543 		enforceHTTP(authorization !is null, HTTPStatus.forbidden);
544 		enforceHTTP(*authorization == "secret", HTTPStatus.forbidden);
545 	}
546 
547 	class WebService {
548 		void getPage()
549 		{
550 			requireAuthenticated();
551 		}
552 	}
553 
554 	void run()
555 	{
556 		auto router = new URLRouter;
557 		router.registerWebInterface(new WebService);
558 
559 		auto settings = new HTTPServerSettings;
560 		settings.port = 8080;
561 		listenHTTP(settings, router);
562 	}
563 }
564 
565 /**
566 	Returns the current response.
567 
568 	Note that this may only be called from a function/method
569 	registered using registerWebInterface.
570 */
571 @property HTTPServerResponse response() @safe
572 {
573 	return getRequestContext().res;
574 }
575 
576 ///
577 @safe unittest {
578 	void logIn()
579 	{
580 		auto session = response.startSession();
581 		session.set("token", "secret");
582 	}
583 
584 	class WebService {
585 		void postLogin(string username, string password)
586 		{
587 			if (username == "foo" && password == "bar") {
588 				logIn();
589 			}
590 		}
591 	}
592 
593 	void run()
594 	{
595 		auto router = new URLRouter;
596 		router.registerWebInterface(new WebService);
597 
598 		auto settings = new HTTPServerSettings;
599 		settings.port = 8080;
600 		listenHTTP(settings, router);
601 	}
602 }
603 
604 /**
605 	Terminates the currently active session (if any).
606 
607 	Note that this may only be called from a function/method
608 	registered using registerWebInterface.
609 */
610 void terminateSession()
611 @safe {
612 	auto ctx = getRequestContext();
613 	if (ctx.req.session) {
614 		ctx.res.terminateSession();
615 		ctx.req.session = Session.init;
616 	}
617 }
618 
619 ///
620 @safe unittest {
621 	class WebService {
622 		// automatically mapped to: POST /logout
623 		void postLogout()
624 		{
625 			terminateSession();
626 			201.status;
627 			redirect("/");
628 		}
629 	}
630 
631 	void run()
632 	{
633 		auto router = new URLRouter;
634 		router.registerWebInterface(new WebService);
635 
636 		auto settings = new HTTPServerSettings;
637 		settings.port = 8080;
638 		listenHTTP(settings, router);
639 	}
640 }
641 
642 /**
643 	Translates text based on the language of the current web request.
644 
645 	The first overload performs a direct translation of the given translation
646 	key/text. The second overload can select from a set of plural forms
647 	based on the given integer value (msgid_plural).
648 
649 	Params:
650 		text = The translation key
651 		context = Optional context/namespace identifier (msgctxt)
652 		plural_text = Plural form of the translation key
653 		count = The quantity used to select the proper plural form of a translation
654 
655 	See_also: $(D vibe.web.i18n.translationContext)
656 */
657 string trWeb(string text, string context = null)
658 @safe {
659 	return getRequestContext().tr(text, context);
660 }
661 
662 /// ditto
663 string trWeb(string text, string plural_text, int count, string context = null)
664 @safe {
665 	return getRequestContext().tr_plural(text, plural_text, count, context);
666 }
667 
668 ///
669 @safe unittest {
670 	struct TRC {
671 		import std.typetuple;
672 		alias languages = TypeTuple!("en_US", "de_DE", "fr_FR");
673 		//mixin translationModule!"test";
674 	}
675 
676 	@translationContext!TRC
677 	class WebService {
678 		void index(HTTPServerResponse res)
679 		{
680 			res.writeBody(trWeb("This text will be translated!"));
681 		}
682 	}
683 }
684 
685 
686 /**
687 	Attribute to customize how errors/exceptions are displayed.
688 
689 	The first template parameter takes a function that maps an exception and an
690 	optional field name to a single error type. The result of this function
691 	will then be passed as the $(D _error) parameter to the method referenced
692 	by the second template parameter.
693 
694 	Supported types for the $(D _error) parameter are $(D bool), $(D string),
695 	$(D Exception), or a user defined $(D struct). The $(D field) member, if
696 	present, will be set to null if the exception was thrown after the field
697 	validation has finished.
698 */
699 @property errorDisplay(alias DISPLAY_METHOD)()
700 {
701 	return ErrorDisplayAttribute!DISPLAY_METHOD.init;
702 }
703 
704 /// Shows the basic error message display.
705 unittest {
706 	void getForm(string _error = null)
707 	{
708 		//render!("form.dt", _error);
709 	}
710 
711 	@errorDisplay!getForm
712 	void postForm(string name)
713 	{
714 		if (name.length == 0)
715 			throw new Exception("Name must not be empty");
716 		redirect("/");
717 	}
718 }
719 
720 /// Advanced error display including the offending form field.
721 unittest {
722 	struct FormError {
723 		// receives the original error message
724 		string error;
725 		// receives the name of the field that caused the error, if applicable
726 		string field;
727 	}
728 
729 	void getForm(FormError _error = FormError.init)
730 	{
731 		//render!("form.dt", _error);
732 	}
733 
734 	// throws an error if the submitted form value is not a valid integer
735 	@errorDisplay!getForm
736 	void postForm(int ingeter)
737 	{
738 		redirect("/");
739 	}
740 }
741 
742 /** Determines how nested D fields/array entries are mapped to form field
743  * names. Note that this attribute only works if applied to the class.
744 */
745 NestedNameStyleAttribute nestedNameStyle(NestedNameStyle style)
746 {
747 	import vibe.internal.meta.uda : onlyAsUda;
748 	if (!__ctfe) assert(false, onlyAsUda!__FUNCTION__);
749 	return NestedNameStyleAttribute(style);
750 }
751 
752 ///
753 unittest {
754 	struct Items {
755 		int[] entries;
756 	}
757 
758 	@nestedNameStyle(NestedNameStyle.d)
759 	class MyService {
760 		// expects fields in D native style:
761 		// "items.entries[0]", "items.entries[1]", "items.entries[]", ...
762 		void postItems(Items items)
763 		{
764 
765 		}
766 	}
767 }
768 
769 
770 /**
771 	Encapsulates settings used to customize the generated web interface.
772 */
773 class WebInterfaceSettings {
774 	string urlPrefix = "/";
775 	bool ignoreTrailingSlash = true;
776 
777 	@property WebInterfaceSettings dup() const @safe {
778 		auto ret = new WebInterfaceSettings;
779 		ret.urlPrefix = this.urlPrefix;
780 		ret.ignoreTrailingSlash = this.ignoreTrailingSlash;
781 		return ret;
782 	}
783 }
784 
785 
786 /**
787 	Maps a web interface member variable to a session field.
788 
789 	Setting a SessionVar variable will implicitly start a session, if none
790 	has been started yet. The content of the variable will be stored in
791 	the session store and is automatically serialized and deserialized.
792 
793 	Note that variables of type SessionVar must only be used from within
794 	handler functions of a class that was registered using
795 	$(D registerWebInterface). Also note that two different session
796 	variables with the same $(D name) parameter will access the same
797 	underlying data.
798 */
799 struct SessionVar(T, string name) {
800 @safe:
801 
802 	private {
803 		T m_initValue;
804 	}
805 
806 	/** Initializes a session var with a constant value.
807 	*/
808 	this(T init_val) { m_initValue = init_val; }
809 	///
810 	unittest {
811 		class MyService {
812 			SessionVar!(int, "someInt") m_someInt = 42;
813 
814 			void index() {
815 				assert(m_someInt == 42);
816 			}
817 		}
818 	}
819 
820 	/** Accesses the current value of the session variable.
821 
822 		Any access will automatically start a new session and set the
823 		initializer value, if necessary.
824 	*/
825 	@property const(T) value()
826 	{
827 		auto ctx = getRequestContext();
828 		if (!ctx.req.session) ctx.req.session = ctx.res.startSession();
829 
830 		if (ctx.req.session.isKeySet(name))
831 			return ctx.req.session.get!T(name);
832 
833 		ctx.req.session.set!T(name, m_initValue);
834 		return m_initValue;
835 	}
836 	/// ditto
837 	@property void value(T new_value)
838 	{
839 		auto ctx = getRequestContext();
840 		if (!ctx.req.session) ctx.req.session = ctx.res.startSession();
841 		ctx.req.session.set(name, new_value);
842 	}
843 
844 	void opAssign(T new_value) { this.value = new_value; }
845 
846 	alias value this;
847 }
848 
849 private struct ErrorDisplayAttribute(alias DISPLAY_METHOD) {
850 	import std.traits : ParameterTypeTuple, ParameterIdentifierTuple;
851 
852 	alias displayMethod = DISPLAY_METHOD;
853 	enum displayMethodName = __traits(identifier, DISPLAY_METHOD);
854 
855 	private template GetErrorParamType(size_t idx) {
856 		static if (idx >= ParameterIdentifierTuple!DISPLAY_METHOD.length)
857 			static assert(false, "Error display method "~displayMethodName~" is missing the _error parameter.");
858 		else static if (ParameterIdentifierTuple!DISPLAY_METHOD[idx] == "_error")
859 			alias GetErrorParamType = ParameterTypeTuple!DISPLAY_METHOD[idx];
860 		else alias GetErrorParamType = GetErrorParamType!(idx+1);
861 	}
862 
863 	alias ErrorParamType = GetErrorParamType!0;
864 
865 	ErrorParamType getError(Exception ex, string field)
866 	{
867 		static if (is(ErrorParamType == bool)) return true;
868 		else static if (is(ErrorParamType == string)) return ex.msg;
869 		else static if (is(ErrorParamType == Exception)) return ex;
870 		else static if (is(typeof(ErrorParamType(ex, field)))) return ErrorParamType(ex, field);
871 		else static if (is(typeof(ErrorParamType(ex.msg, field)))) return ErrorParamType(ex.msg, field);
872 		else static if (is(typeof(ErrorParamType(ex.msg)))) return ErrorParamType(ex.msg);
873 		else static assert(false, "Error parameter type %s does not have the required constructor.");
874 	}
875 }
876 
877 private struct NestedNameStyleAttribute { NestedNameStyle value; }
878 
879 
880 private {
881 	TaskLocal!RequestContext s_requestContext;
882 }
883 
884 private struct RequestContext {
885 	HTTPServerRequest req;
886 	HTTPServerResponse res;
887 	string language;
888 	string function(string, string) @safe tr;
889 	string function(string, string, int, string) @safe tr_plural;
890 }
891 
892 private RequestContext getRequestContext()
893 @trusted nothrow {
894 	assert(s_requestContext.req !is HTTPServerRequest.init, "Request context used outside of a web interface request!");
895 	return s_requestContext;
896 }
897 
898 private void handleRequest(string M, alias overload, C, ERROR...)(HTTPServerRequest req, HTTPServerResponse res, C instance, WebInterfaceSettings settings, ERROR error)
899 	if (ERROR.length <= 1)
900 {
901 	import std.algorithm : countUntil, startsWith;
902 	import std.traits;
903 	import std.typetuple : Filter, staticIndexOf;
904 	import vibe.core.stream;
905 	import vibe.data.json;
906 	import vibe.internal.meta.funcattr;
907 	import vibe.internal.meta.uda : findFirstUDA;
908 
909 	alias RET = ReturnType!overload;
910 	alias PARAMS = ParameterTypeTuple!overload;
911 	alias default_values = ParameterDefaultValueTuple!overload;
912 	alias AuthInfoType = AuthInfo!C;
913 	enum param_names = [ParameterIdentifierTuple!overload];
914 	enum erruda = findFirstUDA!(ErrorDisplayAttribute, overload);
915 
916 	static if (findFirstUDA!(NestedNameStyleAttribute, C).found)
917 		enum nested_style = findFirstUDA!(NestedNameStyleAttribute, C).value.value;
918 	else enum nested_style = NestedNameStyle.underscore;
919 
920 	s_requestContext = createRequestContext!overload(req, res);
921 	enum hasAuth = isAuthenticated!(C, overload);
922 
923 	static if (hasAuth) {
924 		auto auth_info = handleAuthentication!overload(instance, req, res);
925 		if (res.headerWritten) return;
926 	}
927 
928 	// collect all parameter values
929 	PARAMS params = void; // FIXME: in case of errors, destructors could be called on uninitialized variables!
930 	foreach (i, PT; PARAMS) {
931 		bool got_error = false;
932 		ParamError err;
933 		err.field = param_names[i];
934 		try {
935 			static if (hasAuth && is(PT == AuthInfoType)) {
936 				params[i] = auth_info;
937 			} else static if (IsAttributedParameter!(overload, param_names[i])) {
938 				params[i].setVoid(computeAttributedParameterCtx!(overload, param_names[i])(instance, req, res));
939 				if (res.headerWritten) return;
940 			}
941 			else static if (param_names[i] == "_error") {
942 				static if (ERROR.length == 1)
943 					params[i].setVoid(error[0]);
944 				else static if (!is(default_values[i] == void))
945 					params[i].setVoid(default_values[i]);
946 				else
947 					params[i] = typeof(params[i]).init;
948 			}
949 			else static if (is(PT == InputStream)) params[i] = req.bodyReader;
950 			else static if (is(PT == HTTPServerRequest) || is(PT == HTTPRequest)) params[i] = req;
951 			else static if (is(PT == HTTPServerResponse) || is(PT == HTTPResponse)) params[i] = res;
952 			else static if (is(PT == WebSocket)) {} // handled below
953 			else static if (param_names[i].startsWith("_")) {
954 				if (auto pv = param_names[i][1 .. $] in req.params) {
955 					got_error = !webConvTo(*pv, params[i], err);
956 					// treat errors in route parameters as non-match
957 					// FIXME: verify that the parameter is actually a route parameter!
958 					if (got_error) return;
959 				} else static if (!is(default_values[i] == void)) params[i].setVoid(default_values[i]);
960 				else static if (!isNullable!PT) enforceHTTP(false, HTTPStatus.badRequest, "Missing request parameter for "~param_names[i]);
961 			} else static if (is(PT == bool)) {
962 				params[i] = param_names[i] in req.form || param_names[i] in req.query;
963 			} else {
964 				enum has_default = !is(default_values[i] == void);
965 				ParamResult pres = readFormParamRec(req, params[i], param_names[i], !has_default, nested_style, err);
966 				static if (has_default) {
967 					if (pres == ParamResult.skipped)
968 						params[i].setVoid(default_values[i]);
969 				} else assert(pres != ParamResult.skipped);
970 
971 				if (pres == ParamResult.error)
972 					got_error = true;
973 			}
974 		} catch (HTTPStatusException ex) {
975 			throw ex;
976 		} catch (Exception ex) {
977 			import vibe.core.log : logDebug;
978 			got_error = true;
979 			err.text = ex.msg;
980 			debug logDebug("Error handling field '%s': %s", param_names[i], ex.toString().sanitize);
981 		}
982 
983 		if (got_error) {
984 			static if (erruda.found && ERROR.length == 0) {
985 				auto errnfo = erruda.value.getError(new Exception(err.text), err.field);
986 				handleRequest!(erruda.value.displayMethodName, erruda.value.displayMethod)(req, res, instance, settings, errnfo);
987 				return;
988 			} else {
989 				throw new HTTPStatusException(HTTPStatus.badRequest, "Error handling field '"~err.field~"': "~err.text);
990 			}
991 		}
992 	}
993 
994 	// validate all confirmation parameters
995 	foreach (i, PT; PARAMS) {
996 		static if (isNullable!PT)
997 			alias ParamBaseType = typeof(PT.init.get());
998 		else alias ParamBaseType = PT;
999 
1000 		static if (isInstanceOf!(Confirm, ParamBaseType)) {
1001 			enum pidx = param_names.countUntil(PT.confirmedParameter);
1002 			static assert(pidx >= 0, "Unknown confirmation parameter reference \""~PT.confirmedParameter~"\".");
1003 			static assert(pidx != i, "Confirmation parameter \""~PT.confirmedParameter~"\" may not reference itself.");
1004 
1005 			bool matched;
1006 			static if (isNullable!PT && isNullable!(PARAMS[pidx])) {
1007 				matched = (params[pidx].isNull() && params[i].isNull()) ||
1008 					(!params[pidx].isNull() && !params[i].isNull() && params[pidx] == params[i]);
1009 			} else {
1010 				static assert(!isNullable!PT && !isNullable!(PARAMS[pidx]),
1011 					"Either both or none of the confirmation and original fields must be nullable.");
1012 				matched = params[pidx] == params[i];
1013 			}
1014 
1015 			if (!matched) {
1016 				auto ex = new Exception("Comfirmation field mismatch.");
1017 				static if (erruda.found && ERROR.length == 0) {
1018 					auto err = erruda.value.getError(ex, param_names[i]);
1019 					handleRequest!(erruda.value.displayMethodName, erruda.value.displayMethod)(req, res, instance, settings, err);
1020 					return;
1021 				} else {
1022 					throw new HTTPStatusException(HTTPStatus.badRequest, ex.msg);
1023 				}
1024 			}
1025 		}
1026 	}
1027 
1028 	static if (hasAuth)
1029 		handleAuthorization!(C, overload, params)(auth_info);
1030 
1031 	// execute the method and write the result
1032 	try {
1033 		import vibe.internal.meta.funcattr;
1034 
1035 		static if (staticIndexOf!(WebSocket, PARAMS) >= 0) {
1036 			static assert(is(RET == void), "WebSocket handlers must return void.");
1037 			handleWebSocket((scope ws) {
1038 				foreach (i, PT; PARAMS)
1039 					static if (is(PT == WebSocket))
1040 						params[i] = ws;
1041 
1042 				__traits(getMember, instance, M)(params);
1043 			}, req, res);
1044 		} else static if (is(RET == void)) {
1045 			__traits(getMember, instance, M)(params);
1046 		} else {
1047 			auto ret = __traits(getMember, instance, M)(params);
1048 			ret = evaluateOutputModifiers!overload(ret, req, res);
1049 
1050 			static if (is(RET : Json)) {
1051 				res.writeJsonBody(ret);
1052 			} else static if (is(RET : InputStream) || is(RET : const ubyte[])) {
1053 				enum type = findFirstUDA!(ContentTypeAttribute, overload);
1054 				static if (type.found) {
1055 					res.writeBody(ret, type.value);
1056 				} else {
1057 					res.writeBody(ret);
1058 				}
1059 			} else static if (is(RET : const(char)[])) {
1060 				res.writeBody(ret);
1061 			} else {
1062 				static assert(is(RET == void), M~": Only `InputStream`, `const(ubyte[])`, `Json`, `const(char)[]` and `void` are supported as return types for route methods.");
1063 			}
1064 		}
1065 	} catch (Exception ex) {
1066 		import vibe.core.log;
1067 		logDebug("Web handler %s has thrown: %s", M, ex);
1068 		static if (erruda.found && ERROR.length == 0) {
1069 			auto err = erruda.value.getError(ex, null);
1070 			handleRequest!(erruda.value.displayMethodName, erruda.value.displayMethod)(req, res, instance, settings, err);
1071 		} else throw ex;
1072 	}
1073 }
1074 
1075 private RequestContext createRequestContext(alias handler)(HTTPServerRequest req, HTTPServerResponse res)
1076 {
1077 	RequestContext ret;
1078 	ret.req = req;
1079 	ret.res = res;
1080 	ret.language = determineLanguage!handler(req);
1081 
1082 	import vibe.web.i18n;
1083 	import vibe.internal.meta.uda : findFirstUDA;
1084 
1085 	alias PARENT = typeof(__traits(parent, handler).init);
1086 	enum FUNCTRANS = findFirstUDA!(TranslationContextAttribute, handler);
1087 	enum PARENTTRANS = findFirstUDA!(TranslationContextAttribute, PARENT);
1088 	static if (FUNCTRANS.found) alias TranslateContext = FUNCTRANS.value.Context;
1089 	else static if (PARENTTRANS.found) alias TranslateContext = PARENTTRANS.value.Context;
1090 
1091 	static if (is(TranslateContext) && languageSeq!TranslateContext.length) {
1092 		switch (ret.language) {
1093 			default:
1094 			mixin({
1095 				string ret;
1096 				foreach (lang; TranslateContext.languages) {
1097 					ret ~= "case `" ~ lang ~ "`:
1098 						ret.tr = &tr!(TranslateContext, `" ~ lang ~ "`);
1099 						ret.tr_plural = &tr!(TranslateContext, `" ~ lang ~ "`);
1100 						break;";
1101 				}
1102 				return ret;
1103 			}());
1104 		}
1105 	} else {
1106 		ret.tr = (t,c) => t;
1107 		// Without more knowledge about the requested language, the best we can do is return the msgid as a hint
1108 		// that either a po file is needed for the language, or that a translation entry does not exist for the msgid.
1109 		ret.tr_plural = (txt,ptxt,cnt,ctx) => !ptxt.length || cnt == 1 ? txt : ptxt;
1110 	}
1111 
1112 	return ret;
1113 }
1114 
1115 static if (__VERSION__ >= 2096) {
1116 	enum isPublic(alias symbol) = __traits(getVisibility, symbol) == "public";
1117 } else {
1118 	enum isPublic(alias symbol) = __traits(getProtection, symbol) == "public";
1119 }