How to receive POST with Reqbody in servant - haskell

Below code is supposed to be able to send a json body.
But I always get a error with the following request:
curl -X POST -i http://localhost:8080/comtrade --data 'name=nut&age=12'
The error message is:
Status Code: 405 Method Not Allowed
content-type: text/plain
date: Fri, 12 Mar 2021 18:49:04 GMT
server: Warp/3.3.14
transfer-encoding: chunked
data User = User {
age :: Int,
name :: String
} deriving Generic
instance FromJSON User where
parseJSON = withObject "User" parseUser
parseUser :: Object -> Parser User
parseUser o = do
n <- (o .: "name")
a <- (o .: "age")
return (User a n)
instance ToJSON User where
toJSON user = object
[ "age" .= age user
, "name" .= name user
]
type ComTradeAPI =
"comtrade" :> ReqBody '[JSON] User :> Post '[JSON] Int
:<|> "test" :> Get '[JSON] User
:<|> Raw
myServer :: Server ComTradeAPI
myServer = getUser
:<|> test
:<|> serveDirectoryWebApp "site"
where
test :: Handler User
test = return (User 12 "nut")
getUser :: User -> Handler Int
getUser usr = return 12
main :: IO ()
main = openBrowser "http://localhost:8080/index.html"
>> run 8080 (serve (Proxy :: Proxy ComTradeAPI) myServer)
Could anyone tell me how to make servant-server receive POST messages?

As Fyodor Soikin points out in the comment, the cURL example in the OP doesn't post JSON, but URL-encoded data. You can see this if you use the -v (verbose) option for cURL instead of -i:
$ curl -v http://localhost:8080/comtrade -d "{ \"name\": \"nut\", \"age\": 12 }"
* Trying ::1:8080...
* TCP_NODELAY set
* Trying 127.0.0.1:8080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /comtrade HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.67.0
> Accept: */*
> Content-Length: 28
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 28 out of 28 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 405 Method Not Allowed
< Transfer-Encoding: chunked
< Date: Sat, 13 Mar 2021 12:52:59 GMT
< Server: Warp/3.2.28
< Content-Type: text/plain
<
Only GET or HEAD is supported
Notice that Content-Type is application/x-www-form-urlencoded.
The ReqBody '[JSON] User type declares that the API expects the body as JSON. The first thing you need to do, then, is to post JSON instead of URL-encoded data.
That, in itself, is, however, not enough:
$ curl -v http://localhost:8080/comtrade -d "{ \"name\": \"nut\", \"age\": 12 }"
* Trying ::1:8080...
* TCP_NODELAY set
* Trying 127.0.0.1:8080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /comtrade HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.67.0
> Accept: */*
> Content-Length: 28
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 28 out of 28 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 405 Method Not Allowed
< Transfer-Encoding: chunked
< Date: Sat, 13 Mar 2021 12:56:42 GMT
< Server: Warp/3.2.28
< Content-Type: text/plain
<
Only GET or HEAD is supported
Notice that cURL still defaults the Content-Type to application/x-www-form-urlencoded. Since the API is declared to receive JSON, you must explicitly tell it that here comes JSON:
$ curl -i http://localhost:8080/comtrade -H "Content-Type: application/json" -d "{ \"name\": \"nut\", \"age\": 12 }"
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Date: Sat, 13 Mar 2021 12:58:09 GMT
Server: Warp/3.2.28
Content-Type: application/json;charset=utf-8
12
As far as I can tell, there's nothing wrong with the Haskell code. It's a question of using the HTTP protocol correctly.

Related

CouchDB can't get cookie auth session for nonadmin user

For admin user:
$ curl -X POST localhost:5984/_session -d "username=admin&password=admin"
{"ok":true,"name":"admin","roles":["_admin"]}
$ curl -vX GET localhost:5984/_session --cookie AuthSession=YWRtaW...
{"ok":true,"userCtx":{"name":"admin","roles":["_admin"]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"],"authenticated":"cookie"}}
but for regular user:
$ curl -vX POST localhost:5984/_session -d "username=user&password=123"
{"ok":true,"name":"user","roles":["users"]}
$ curl -vX GET localhost:5984/_session --cookie AuthSession=ZGlqbzo...
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"]}}
The same thing happens when im doing XmlHttpRequest via iron-ajax element, or simply from chrome. What am I doing wrong?
CouchDB version: 2.1.1
Config:
[chttpd]
bind_address = 0.0.0.0
port = 5984
authentication_handlers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
[httpd]
enable_cors = true
[couch_httpd_auth]
allow_persistent_cookies = true
timeout = 60000
[cors]
credentials = true
origins = *
headers = accept, authorization, content-type, origin, referer
methods = GET, PUT, POST, HEAD, DELETE
I didn't quite get your problem, but here is what I do with curl to authenticate with cookie as a nonadmin user:
First I run curl with -v option to see the header fields:
$ curl -k -v -X POST https://192.168.1.106:6984/_session -d 'username=jan&password=****'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 192.168.1.106...
* Connected to 192.168.1.106 (192.168.1.106) port 6984 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 604 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* error fetching CN from cert:The requested data were not available.
* common name: (does not match '192.168.1.106')
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: O=Tech Studio
* start date: Sat, 31 Mar 2018 04:37:51 GMT
* expire date: Tue, 30 Mar 2021 04:37:51 GMT
* issuer: O=Tech Studio
* compression: NULL
* ALPN, server did not agree to a protocol
> POST /_session HTTP/1.1
> Host: 192.168.1.106:6984
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 25
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 25 out of 25 bytes
< HTTP/1.1 200 OK
< Set-Cookie: AuthSession=amFuOjVBRTk3MENGOuKAb68qYzf5jJ7bIOq72Jlfw-Qb; Version=1; Secure; Path=/; HttpOnly
< Server: CouchDB/2.1.1 (Erlang OTP/18)
< Date: Wed, 02 May 2018 08:03:27 GMT
< Content-Type: application/json
< Content-Length: 44
< Cache-Control: must-revalidate
<
{"ok":true,"name":"jan","roles":["sample"]}
* Connection #0 to host 192.168.1.106 left intact
I see in the above header fields the cookie:
Set-Cookie: AuthSession=amFuOjVBRTk3MENGOuKAb68qYzf5jJ7bIOq72Jlfw-Qb; Version=1; Secure; Path=/; HttpOnly
I use the above cookie to authenticate as a nonadmin user and get the user info for the same nonadmin user like this:
$ curl -k -X GET https://192.168.1.106:6984/_users/org.couchdb.user:jan -H 'Cookie: AuthSession=amFuOjVBRTk3MENGOuKAb68qYzf5jJ7bIOq72Jlfw-Qb'
{"_id":"org.couchdb.user:jan","_rev":"3-f11b227a6e1236fa502af668fdbf326d","name":"jan","roles":["sample"],"type":"user","password_scheme":"pbkdf2","iterations":10,"derived_key":"a973123ebd9dbc2a543d477a506268b018e7aab4","salt":"0ef2111a894062b08ffd723fd34b6b75"}
Problem gone when i removed from my local.ini
authentication_handlers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
Because i used incorrect handler: couch_httpd_auth in the config for chttpd, when that handler is only written to work with the original couch_httpd module

Use express sendFile for HEAD requests

sendFile is for sending files and it also figures out some interesting headers from the file (like content length). For a HEAD request I would ideally want the exact same headers but just skip the body.
There doesn't seem to be an option for this in the API. Maybe I can override something in the response object to stop it from sending anything?
Here's what I got:
res.sendFile(file, { headers: hdrs, lastModified: false, etag: false })
Has anyone solved this?
As Robert Klep has already written, the sendFile already has the required behavior of sending the headers and not sending the body if the request method is HEAD.
In addition to that, Express already handles HEAD requests for routes that have GET handlers defined. So you don't even need to define any HEAD handler explicitly.
Example:
let app = require('express')();
let file = __filename;
let hdrs = {'X-Custom-Header': '123'};
app.get('/file', (req, res) => {
res.sendFile(file, { headers: hdrs, lastModified: false, etag: false });
});
app.listen(3322, () => console.log('Listening on 3322'));
This sends its own source code on GET /file as can be demonstrated with:
$ curl -v -X GET localhost:3322/file
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3322 (#0)
> GET /file HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:3322
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< X-Custom-Header: 123
< Accept-Ranges: bytes
< Cache-Control: public, max-age=0
< Content-Type: application/javascript
< Content-Length: 267
< Date: Tue, 11 Apr 2017 10:45:36 GMT
< Connection: keep-alive
<
[...]
The [...] is the body that was not included here.
Without adding any new handler this will also work:
$ curl -v -X HEAD localhost:3322/file
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3322 (#0)
> HEAD /file HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:3322
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< X-Custom-Header: 123
< Accept-Ranges: bytes
< Cache-Control: public, max-age=0
< Content-Type: application/javascript
< Content-Length: 267
< Date: Tue, 11 Apr 2017 10:46:29 GMT
< Connection: keep-alive
<
This is the same but with no body.
Express uses send to implement sendFile, which already does exactly what you want.

Difference between curl expressions

I have an API server running at localhost:3000 and I am trying to query it using these two expressions:
[wani#lenovo ilparser-docker]$ time (curl "localhost:3000/parse?lang=hin&data=देश" )
{"tokenizer":"<Sentence id=\"1\">\n1\tदेश\tunk\n<\/Sentence>\n"}
real 0m0.023s
user 0m0.009s
sys 0m0.004s
[wani#lenovo ilparser-docker]$ time (curl -XGET localhost:3000/parse -F lang=hin -F data="देश" )
{"tokenizer":"<Sentence id=\"1\">\n1\tदेश\tunk\n<\/Sentence>\n"}
real 0m1.101s
user 0m0.020s
sys 0m0.070s
Why does the second expression take so much more time?
With more verbosity:
[wani#lenovo ilparser-docker]$ time curl -v localhost:3000/parse -F lang=hin -F data="देश"
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
> POST /parse HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 244
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------1eb5e5991b976cb1
>
* Done waiting for 100-continue
< HTTP/1.1 200 OK
< Content-Length: 70
< Server: Mojolicious (Perl)
< Content-Type: application/json;charset=UTF-8
< Date: Mon, 21 Mar 2016 11:06:09 GMT
< Connection: keep-alive
<
* Connection #0 to host localhost left intact
{"tokenizer":"<Sentence id=\"1\">\n1\tदेश\tunk\n<\/Sentence>\n"}
real 0m1.106s
user 0m0.027s
sys 0m0.068s
[wani#lenovo ilparser-docker]$ time curl -v localhost:3000/parse --data lang=hin --data data="देश"
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3000 (#0)
> POST /parse HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 23
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 23 out of 23 bytes
< HTTP/1.1 200 OK
< Server: Mojolicious (Perl)
< Content-Length: 70
< Connection: keep-alive
< Date: Mon, 21 Mar 2016 11:06:24 GMT
< Content-Type: application/json;charset=UTF-8
<
* Connection #0 to host localhost left intact
{"tokenizer":"<Sentence id=\"1\">\n1\tदेश\tunk\n<\/Sentence>\n"}
real 0m0.031s
user 0m0.011s
sys 0m0.003s
Expect: 100-continue sounded fishy, so I cleared that header:
[wani#lenovo ilparser-docker]$ time curl -v -F lang=hin -F data="देश" "localhost:3000/parse" -H Expect: --trace-time
16:48:04.513691 * Trying 127.0.0.1...
16:48:04.513933 * Connected to localhost (127.0.0.1) port 3000 (#0)
16:48:04.514083 * Initializing NSS with certpath: sql:/etc/pki/nssdb
16:48:04.610095 > POST /parse HTTP/1.1
16:48:04.610095 > Host: localhost:3000
16:48:04.610095 > User-Agent: curl/7.43.0
16:48:04.610095 > Accept: */*
16:48:04.610095 > Content-Length: 244
16:48:04.610095 > Content-Type: multipart/form-data; boundary=------------------------24f30647b16ba82d
16:48:04.610095 >
16:48:04.618107 < HTTP/1.1 200 OK
16:48:04.618194 < Content-Length: 70
16:48:04.618249 < Server: Mojolicious (Perl)
16:48:04.618306 < Content-Type: application/json;charset=UTF-8
16:48:04.618370 < Date: Mon, 21 Mar 2016 11:18:04 GMT
16:48:04.618430 < Connection: keep-alive
16:48:04.618492 <
16:48:04.618590 * Connection #0 to host localhost left intact
{"tokenizer":"<Sentence id=\"1\">\n1\tदेश\tunk\n<\/Sentence>\n"}
real 0m0.117s
user 0m0.023s
sys 0m0.082s
Now the only time taking thing left is: Initializing NSS with certpath: sql:/etc/pki/nssdb. Why does curl do that in this context?
After a little help on IRC from #DanielStenberg, I came to know that the db load is present because curl inits nss in that case since curl needs a good random source for the boundary separator used for -F . Curl could have used getrandom() syscall or read bits out of /dev/urandom since boundary separators don't need to be cryptographically secure in any way, but curl just wants secure random in some other places so curl reuses the random function that it already has.

RCurl including xml

I have a curl command in linux that works
curl -X POST -H "Authorization: Basic ENCODED_USERNAME_PASSWORD_HERE" -H "Content-Type: application/xml" --data #basicRequest.xml http://abcd/efg/requests/
I tried to write the R equivalent for this and this is what I did so far
getURL("http://abcd/efg/requests/", login = "m12345", password = "123456", httpauth = 1L)
Need help with the rest, no clue how to include the XML file (i have a separate XML file), Content-Type, --data #basicRequest.xml etc...
==================update=======================================
When I run this version of the code
setwd("H:/.../.../TestProject")
xmlfile=xmlParse("test1.xml")
library(httr) ;
t2 = POST(content_type_xml(), authenticate("m12345", "123456", type = "basic"), url='http://abcd/efg/requests/', body=upload_file("test1.xml"),verbose())
I get the following message
-> POST /efg/requests/ HTTP/1.1
-> Authorization: Basic YlRF.....Q==
-> User-Agent: curl/7.39.0 Rcurl/1.95.4.5 httr/0.6.1
-> Host: ....:8786
-> Accept-Encoding: gzip
-> Accept: application/json, text/xml, application/xml, */*
-> Content-Type: application/xml
-> Content-Length: 1234
-> Expect: 100-continue
->
<- HTTP/1.1 100 Continue
>> <?xml version="1.0" encoding="UTF-8" ?>
>> <request>
>> <api-id>............</input-file>
>> </request>
<- HTTP/1.1 401 Unauthorized
<- Server: Apache-Coyote/1.1
<- Content-Type: text/html;charset=utf-8
<- Content-Length: 951
<- Date: Tue, 20 Jan 2015 05:28:42 GMT
Dont know where I am wrong ?

Curl POST Form with Image File to Form

I am trying to POST a JPEG image from a particular file directory to the server curl. This is what I typed:
curl -v -include --form filedata='/home/pi/Documents/2014-01-18-09:11:25.jpeg' http://hostdomain.me/file/upload
Upon executing this command, the following is returned from the Terminal:
* Couldn't find host rdnvpfwnwk.localtunnel.me in the .netrc file; using defaults
* About to connect() to rdnvpfwnwk.localtunnel.me port 80 (#0)
* Trying 192.34.58.73...
* connected
* Connected to rdnvpfwnwk.localtunnel.me (192.34.58.73) port 80 (#0)
> POST /file/upload HTTP/1.1
> User-Agent: curl/7.26.0
> Host: rdnvpfwnwk.localtunnel.me
> Accept: */*
> Content-Length: 186
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------affc91df7bc3
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 100 Continue
HTTP/1.1 100 Continue
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 500 Internal Server Error
HTTP/1.1 500 Internal Server Error
< Server: nginx
Server: nginx
< Date: Sat, 18 Jan 2014 11:44:39 GMT
Date: Sat, 18 Jan 2014 11:44:39 GMT
< Content-Type: text/plain
Content-Type: text/plain
< Content-Length: 9245
Content-Length: 9245
< Connection: keep-alive
Connection: keep-alive
< X-Powered-By: Sails <sailsjs.org>
X-Powered-By: Sails <sailsjs.org>
* Added cookie sails.sid="s%3AAucWnGhDSzZSGB_tBgSXJoU2.DMQ4FuVVRRGLFGheMgr4CvIFUICCiP9Gqd5GIjRevA8" for domain rdnvpfwnwk.localtunnel.me, path /, expire 0
< Set-Cookie: sails.sid=s%3AAucWnGhDSzZSGB_tBgSXJoU2.DMQ4FuVVRRGLFGheMgr4CvIFUICCiP9Gqd5GIjRevA8; Path=/; HttpOnly
Set-Cookie: sails.sid=s%3AAucWnGhDSzZSGB_tBgSXJoU2.DMQ4FuVVRRGLFGheMgr4CvIFUICCiP9Gqd5GIjRevA8; Path=/; HttpOnly
* HTTP error before end of send, stop sending
<
TypeError: Cannot read property 'name' of undefined
When using the form on the site it sends properly. Here is the form:
<form id="uploadForm"
enctype="multipart/form-data"
action="/file/upload"
method="post">
<input type="file" id="userPhotoInput" name="userPhoto" />
<input type="submit" value="Submit">
</form>
How can this be fixed?
use this :
curl -v -include --form "userPhoto=#/home/pi/Documents/2014-01-18-09:11:25.jpeg" http://hostdomain.me/file/upload
^^^^^^^^^ ^

Resources