Building Web Scripts with Lua

Server API

The Server API (SAPI) allows the abstraction of a series of internal web server details and allows CGILua to be used over WSAPI. The reference implementation of WSAPI currently supports Apache, Microsoft IIS and Xavante as Web servers, and CGI, FastCGI, as WSAPI connectors. Xavante has a native WSAPI connector.

The SAPI API is separated into two packages: SAPI.Request and SAPI.Response.

The SAPI.Request package offers two functions:

SAPI.Request.getpostdata ([n])
Gets a block of POST data. The optional parameter n is the number of bytes to read (a default block size is used if no parameter is passed).
Returns the block as a Lua string.
SAPI.Request.servervariable (varname)
Gets the value of a server environment variable. The argument can be one of the defined CGI Variables, although not all servers implements the full set of variables. The set consists of:
  • AUTH_TYPE - If the server supports user authentication, and the script is protected, this is the protocol-specific authentication method used to validate the user.
  • CONTENT_LENGTH - The length of the content itself as given by the client.
  • CONTENT_TYPE - For queries which have attached information, such as HTTP POST and PUT, this is the content type of the data.
  • GATEWAY_INTERFACE - The revision of the CGI specification to which this server complies. Format: CGI/revision
  • PATH_INFO - The extra path information, as given by the client. In other words, scripts can be accessed by their virtual pathname, followed by extra information at the end of this path. The extra information is sent as PATH_INFO. This information should be decoded by the server if it comes from a URL before it is passed to the CGI script.
  • PATH_TRANSLATED - The server provides a translated version of PATH_INFO, which takes the path and does any virtual-to-physical mapping to it.
  • QUERY_STRING - The information which follows the "?" in the URL which referenced this script. This is the query information. It should not be decoded in any fashion. This variable should always be set when there is query information, regardless of command line decoding.
  • REMOTE_ADDR - The IP address of the remote host making the request.
  • REMOTE_HOST - The hostname making the request. If the server does not have this information, it should set REMOTE_ADDR and leave this unset.
  • REMOTE_IDENT - If the HTTP server supports RFC 931 identification, then this variable will be set to the remote user name retrieved from the server. Usage of this variable should be limited to logging only.
  • REMOTE_USER - If the server supports user authentication, and the script is protected, this is the username they have authenticated as.
  • REQUEST_METHOD - The method with which the request was made. For HTTP, this is "GET", "HEAD", "POST", etc.
  • SCRIPT_NAME - A virtual path to the script being executed, used for self-referencing URLs.
  • SERVER_NAME - The server's hostname, DNS alias, or IP address as it would appear in self-referencing URLs.
  • SERVER_PORT - The port number to which the request was sent.
  • SERVER_PROTOCOL - The name and revision of the information protcol this request came in with. Format: protocol/revision
  • SERVER_SOFTWARE - The name and version of the web server software answering the request (and running the gateway). Format: name/version
In addition to these, the header lines received from the client, if any, are placed into the environment with the prefix HTTP_ followed by the header name. Any - characters in the header name are changed to _ characters. The server may exclude any headers which it has already processed, such as Authorization, Content-type, and Content-length. If necessary, the server may choose to exclude any or all of these headers if including them would exceed any system environment limits.
Returns a string.

And the SAPI.Response package offers five functions:

SAPI.Response.contenttype (header)
Sends the Content-type header to the client. The given header should be in the form "type/subtype". This function must be called before any output is sent using SAPI.Response.write.
Returns nothing.
SAPI.Response.errorlog (message)
Generates error output using the given string or number.
Returns nothing.
SAPI.Response.header (header, value)
Sends a generic header to the client. The first argument must be the header name, such as "Set-Cookie". The second argument should be its value. This function should not be used to replace the SAPI.Response.contenttype nor the SAPI.Response.redirect functions.
Returns nothing.
SAPI.Response.redirect (url)
Sends the Location header to the client. The given url should be a string.
Returns nothing.
SAPI.Response.write (...)
Generates output using the given arguments. The arguments must be strings or numbers.
Returns nothing.

Valid XHTML 1.0!

$Id: sapi.html,v 1.33 2009/02/06 00:56:06 carregal Exp $