Function Webaccounts_API(@API) /*********************************************************************************************************************** This program is proprietary and is not to be used by or disclosed to others, nor is it to be copied without written permission from SRP Computer Solutions, Inc. Name : Webaccounts_API Description : API logic for the Webaccounts resource. Notes : All web APIs should include the API_SETUP insert. This will provide several useful variables: HTTPMethod - The HTTP Method (Verb) submitted by the client (e.g., GET, POST, etc.) APIURL - The URL for the API entry point (e.g., api.mysite.com/v1). FullEndpointURL - The URL submitted by the client, including query params. FullEndpointURLNoQuery - The URL submitted by the client, excluding query params. ParentURL - The URL path preceeding the current endpoint. the SelfURL. CurrentAPI - The name of this stored procedure. Parameters : API [in] -- Web API to process. Format is [APIPattern].[HTTPMethod]: - APIPattern must follow this structure [.ID.[]] - HTTPMethod can be any valid HTTP method, e.g., GET, POST, PUT, DELETE, etc. Examples: - Webaccounts.POST - Webaccounts.ID.PUT - Webaccounts.ID.firstName.GET Response [out] -- Response to be sent back to the Controller (HTTP_MCP) or requesting procedure. Web API services do not rely upon anything being returned in the response. This is what the various services like SetResponseBody and SetResponseStatus services are for. A response value is only helpful if the developers want to use it for debug purposes. History : (Date, Initials, Notes) 11/19/18 dmb Original programmer. 04/09/19 dmb [SRPFW-271] Replace FullEndpointURL with FullEndpointURLNoQuery in the GetObjects service within the webaccounts.GET API to avoid query params in the embedded object self URLs. 05/28/19 dmb [SRPFW-274] Replace all references to AddLinkRelationships with AddLinkRelations. 01/23/20 dmb [SRPFW-296] Add matching HEAD APIs for all GET APIs. ***********************************************************************************************************************/ #pragma precomp SRP_PreCompiler $insert APP_INSERTS $insert API_SETUP $insert HTTP_INSERTS Declare function WebAccounts_Services AuthenticatedAccountID = HTTP_Authentication_Services('GetAuthenticatedAccountID') GoToAPI else // The specific resource endpoint doesn't have a API handler yet. HTTP_Services('SetResponseStatus', 204, 'This is a valid endpoint but a web API handler has not yet been created.') end Return Response OR '' //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Endpoint Handlers //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// API webaccounts.HEAD API webaccounts.GET objResource = HTTP_Resource_Services('GetObject') If Error_Services('NoError') then objWebAccounts = HTTP_Resource_Services('GetObject', 'WEB_ACCOUNTS', AuthenticatedAccountID, 'NAME', '', '', '', '', FullEndpointURLNoQuery) If Error_Services('NoError') then HTTP_Resource_Services('AddEmbeddedResources', objResource, 'webaccounts', objWebAccounts) // Add _links sub-properties for HAL implementation. Rels = 'self' : @FM : 'apiEntryPoint' URLs = FullEndpointURL : @FM : ParentURL HTTP_Resource_Services('AddLinkRelations', objResource, Rels, URLs) If Error_Services('NoError') then // Serialize the object into a JSON string. jsonResource = HTTP_Resource_Services('GetSerializedResource', objResource) // Set the response body with the JSON string and set the Content-Type response header. HTTP_Services('SetResponseBody', jsonResource, False$, 'application/hal+json') end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end api API webaccounts.ID.HEAD API webaccounts.ID.GET AccountID = EndpointSegment If AccountID EQ AuthenticatedAccountID then objResource = HTTP_Resource_Services('GetObject', 'WEB_ACCOUNTS', AccountID, 'NAME') If Error_Services('NoError') then objPassword = HTTP_Resource_Services('GetObject', 'WEB_ACCOUNTS', AccountID, 'CURRENT_PASSWORD' : @FM : 'CURRENT_PASSWORD_CREATED' : @FM : 'CURRENT_PASSWORD_EXPIRES', 'value' : @FM : 'created' : @FM : 'expires') If Error_Services('NoError') then // Add the password nested property. HTTP_Resource_Services('AddProperty', objResource, 'password', objPassword, 'ObjectHandle') end If Error_Services('NoError') then // Add _links sub-properties for HAL implementation. Names = 'self' : @FM : 'password' : @FM : 'apiEntryPoint' URLs = FullEndpointURL : @FM : FullEndpointURL : '/password' : @FM : APIURL HTTP_Resource_Services('AddLinkRelations', objResource, Names, URLs) end If Error_Services('NoError') then // Serialize the object into a JSON string. jsonResource = HTTP_Resource_Services('GetSerializedResource', objResource) // Set the response body with the JSON string and set the Content-Type response header. HTTP_Services('SetResponseBody', jsonResource, False$, 'application/hal+json') end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 401, 'This account is not authorized for this endpoint.', FullEndpointURL) end end api API webaccounts.ID.password.HEAD API webaccounts.ID.password.GET AccountID = ParentSegment If AccountID EQ AuthenticatedAccountID then objResource = HTTP_Resource_Services('GetObject', 'WEB_ACCOUNTS', AccountID, 'CURRENT_PASSWORD' : @FM : 'CURRENT_PASSWORD_CREATED' : @FM : 'CURRENT_PASSWORD_EXPIRES', 'value' : @FM : 'created' : @FM : 'expires') If Error_Services('NoError') then // Add _links sub-properties for HAL implementation. Names = 'self' : @FM : 'apiEntryPoint' URLs = FullEndpointURL : @FM : APIURL HTTP_Resource_Services('AddLinkRelations', objResource, Names, URLs) end If Error_Services('NoError') then HTTP_Resource_Services('AddFormAction', objResource, 'resetPassword', 'PATCH', FullEndpointURL, 'Reset Password', 'value', '' : @VM : True$ : @VM : True$) end If Error_Services('NoError') then // Serialize the object into a JSON string. jsonResource = HTTP_Resource_Services('GetSerializedResource', objResource) // Set the response body with the JSON string and set the Content-Type response header. HTTP_Services('SetResponseBody', jsonResource, False$, 'application/hal+json') end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 401, 'This account is not authorized for this endpoint.', FullEndpointURL) end end api API webaccounts.ID.password.PATCH AccountID = ParentSegment If AccountID EQ AuthenticatedAccountID then Password = HTTP_Authentication_Services('GetWebAccountPassword', AccountID, False$) Body = HTTP_Services('GetHTTPPostString') Body = HTTP_Services('DecodePercentString', Body) If SRP_JSON(objJSON, 'Parse', Body) EQ '' then NewPassword = SRP_JSON(objJSON, 'GetValue', 'value') SRP_JSON(objJSON, 'Release') HTTP_Authentication_Services('SetWebAccountPassword', AccountID, Password, NewPassword) If Error_Services('NoError') then objResource = HTTP_Resource_Services('GetObject', 'WEB_ACCOUNTS', AccountID, 'CURRENT_PASSWORD' : @FM : 'CURRENT_PASSWORD_CREATED' : @FM : 'CURRENT_PASSWORD_EXPIRES', 'value' : @FM : 'created' : @FM : 'expires') If Error_Services('NoError') then // Add _links sub-properties for HAL implementation. Names = 'self' : @FM : 'apiEntryPoint' URLs = FullEndpointURL : @FM : APIURL HTTP_Resource_Services('AddLinkRelations', objResource, Names, URLs) end If Error_Services('NoError') then HTTP_Resource_Services('AddFormAction', objResource, 'resetPassword', 'PATCH', FullEndpointURL, 'Reset Password', 'value', '' : @VM : True$ : @VM : True$) end If Error_Services('NoError') then // Serialize the object into a JSON string. jsonResource = HTTP_Resource_Services('GetSerializedResource', objResource) // Set the response body with the JSON string and set the Content-Type response header. HTTP_Services('SetResponseBody', jsonResource, False$, 'application/hal+json') end else HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 403, Error_Services('GetMessage'), FullEndpointURL) end end else Error_Services('Add', 'Error parsing JSON body within the ' : CurrentAPI : ' module.') HTTP_Services('SetResponseError', '', '', 500, Error_Services('GetMessage'), FullEndpointURL) end end else HTTP_Services('SetResponseError', '', '', 401, 'This account is not authorized for this endpoint.', FullEndpointURL) end end api