Preliminary results of letting #iocaine requests handlers return the response directly, with a quick bombardier run, serving the built-in "challenge" template (not really a template, it's a static HTML, always the same):
And there's a few opportunities where I can improve performance by cloning less.
Making the template engine available to the scripting engine is... problematic, in its current form. Thus, I will simply not bother. I'll make the new template engine available instead, and that will be built in a way that makes this easy.
fn decide(request: Request) -> Response? {
let response = ResponseBuilder.new();
response.header("content-type", "text/html");
response.status(HTTP_STATUS_OK);
response.body_from_string("<!doctype html>
<html>
<head><title>Cookie monster!</title></head>
<body>
<p>This is an automated check to get rid of most bots. If you have JavaScript enabled, it should redirect to the real page soon.</p>
<script>document.cookie=\"x-bot-challenge=passed;path=/\";window.location.reload();</script>
</body>");
Some(response.build())
}
Mmmm. Feels nice to use so far.
Still need to make the garbage generation helpers available to the engine, and that's the next challenge! I need to figure out how to do that in a way that is efficient, and isn't a pain to use. This will also shape how the templating will work.
Look, Mom! JavaScript-less Cookie Monster!
fn decide(request: Request) -> Response? {
let response = ResponseBuilder.new();if request.cookie("x-bot-challenge") == "passed" {
response.status(HTTP_STATUS_MISDIRECTED_REQUEST);
} else {
response.header("content-type", "text/html");
response.header("set-cookie", "x-bot-challenge=passed;path=/");
response.status(HTTP_STATUS_OK);
response.body_from_string("<!doctype html>
<html>
<head>
<title>Cookie monster!</title>
<meta http-equiv="refresh" content="0">
</head>
<body>
<p>This is an automated check to get rid of most bots. You should be redirected to the real page soon.</p>
</body>");
}
Some(response.build())
}
A better version of the JavaScript-less Cookie Monster, one which curl can work with too, with the appropriate flags:
fn decide(request: Request) -> Response? {
let response = ResponseBuilder.new();if request.cookie("x-bot-challenge") == "passed" {
response.status(HTTP_STATUS_MISDIRECTED_REQUEST);
} else {
response.header("content-type", "text/html");
response.header("set-cookie", "x-bot-challenge=passed;path=/");
response.header("location", request.path());
response.status(HTTP_STATUS_MOVED_PERMANENTLY);
response.body_from_string("<!doctype html>
<html>
<head>
<title>Cookie monster!</title>
</head>
<body>
<p>This is an automated check to get rid of most bots. You should be redirected to the real page soon.</p>
</body>");
}
Some(response.build())
}
=>
❯ curl -iL http://localhost:42069/foobar -b ""
HTTP/1.1 301 Moved Permanently
content-type: text/html
set-cookie: x-bot-challenge=passed;path=/
location: foobar
content-length: 194
date: Fri, 25 Jul 2025 14:51:17 GMT
HTTP/1.1 421 Misdirected Request
content-type: application/octet-stream
content-length: 0
date: Fri, 25 Jul 2025 14:51:17 GMT
Not completely sure about that location header, though. But something like this should do the trick!
Or the <meta http-equiv=refresh>, as long as it is bound to browsers only, and not for other tools.
Further testing suggests that the Location header is fine as it is. Both curl and Firefox do the right thing, but I'll test with other browsers & tools too, before merging this to main and moving Nam-Shub of Enki over to it.
Time to eat, have a nap, and figure out how to make the generators available to Roto (& Lua, but if I have the Roto part down, Lua falls into place too).
Kinda feels like I need a helper to handle the 421 case. The default response code is already HTTP_STATUS_OK, so that case cna stay as-is. Template helpers will take care of setting the content-type if need be.
So... hmm. response.not_for_us()? A bit of a throwback to iocaine 2's Outcome.not_for_us(). Can't think of a better one at the moment.
<script>document.location.reload();</script>
with the noscript message to please manually refresh the message, deployed on git.catgirls.systems for curl consumption :>
A space for Bonfire maintainers and contributors to communicate
