What's news in GNU Artanis-0.5?

Posted by NalaGinrut 14 February 2021 6:52 PM
artanis web cookie http

Recently, I released GNU Artanis-0.5. Here's Relese Note.

So what's news in it? We listed some notable changes here and ignore misc bugfixes.

Support and only support Guile-3+

The most notable news is that we support Guile-3 since Artanis-0.5. Guile-3 is a significant version because it contains better optimizatoins and JIT. However, Guile-3 has something incompatible with Guile-2. You may read more in my mail. That is to say, you should not use Guile-2 anymore since Artanis-0.5.

Support Network Security Services (NSS)

I believe some people may ask the same question: why not GnuTLS?

Alright, we don't reject GnuTLS, but the current guile support in GnuTLS is dropped in some distros. I'm not going to write my own guile-gnutls wrapper. So I prefer to wait.

It's possible to support multi security libs if it's necessary. Fortunately, NSS has good coding quality and it is a nice option for our design in the long term.

In Artanis-0.5, libnss is only used for hashing algorithms. The hash functions (md5, sha, etc) are implemented in pure Scheme. Obviously, we have a better choice for efficiency and security to take advantage of existing industrial-level library.

In the future, we may add more features of crypto and security.

Fix Ssql to adapt SQL standard

Ssql is a feature to map s-expression to SQL string. We fix 2 issues according to SQL standard.

String value should be single-quoted

In SQL, the string should be single-quoted, not double-quoted, for example:

(->sql select * from 'Persons (where (/and #:name "john" #:company "lambadchip.com")))

And you should get the result:

"select * from Persons where name='john' and company='lambadchip.com';"

Number value shouldn't be single-quoted

(->sql select * from 'Persons (where #:age 15))

And you should get the result:

"select * from Persons where age=15;"

Fix and enhance cookies

In the current design of Artanis, these APIs are used for controling the cookies for the client.

The API only affects rc-set-cookie that handles new cookies from the server-side:

:cookies-ref
:cookies-set!
:cookies-setattr!

The API only affects rc-cookie that handles cookies of the client:

:cookies-remove!
:cookies-check
:cookies-value

You may use #:cookies to initialize cookie instance, then control it, the result will be updated to the HTTP response automatically. If you want to modify the existing cookie sent from the client, you have to link the client cookie with the cookie instance that you initialized:

(get "/set"
 #:cookies '(names a)
 (lambda (rc)
   (:cookies-set! rc 'a "a" 123)
   ;; Don't forget the path should be the same, otherwise the modified
   ;; cookie will not affect.
   (:cookies-setattr! rc 'a #:path "/test")
   "done"))

(get "/test"
 #:cookies '(names a)
 (lambda (rc)
   ;; link with :cookies-set!
   (:cookies-set! rc 'a "a" (:cookies-value rc "a"))
   (:cookies-setattr! rc 'a #:expires 21600 #:secure #t)
   "yes"))

For more details, please read Artanis manual about cookies.