252 lines
12 KiB
Plaintext
252 lines
12 KiB
Plaintext
Function HTTP_WebAccounts_Services(RemainingURL)
|
|
/***********************************************************************************************************************
|
|
|
|
This program is proprietary and is not to be used by or disclosed to others, nor is it to be copied without written
|
|
permission from SRP Computer Solutions, Inc.
|
|
|
|
Name : HTTP_WebAccounts_Services
|
|
|
|
Description : Handler program for the HTTP WebAccounts service module.
|
|
|
|
Notes : All HTTP web services should include the HTTP_SERVICE_SETUP insert. This will provide several useful
|
|
variables:
|
|
|
|
HTTPMethod - The HTTP Method (Verb) submitted by the client (e.g., GET, POST, etc.)
|
|
APIURL - The URL for the API entry point (e.g., api.mysite.com/v1).
|
|
SelfURL - The URL path representing the current service.
|
|
FullEndPointURL - The URL submitted by the client. This can be the same or longer than
|
|
the SelfURL.
|
|
NextSegment - The URL segment immediately following the SelfURL (if any). This
|
|
could contain the name of the next service or it could contain the
|
|
Item ID for the current service (aka resource).
|
|
CurrentServiceHandler - The name of this stored procedure.
|
|
|
|
Parameters :
|
|
RemainingURL [in] -- The remaining portion of the URL that follows the URL that launched this current
|
|
service. This information is used in the HTTP_SERVICE_SETUP insert to populate other
|
|
useful variables (see Notes above).
|
|
Response [out] -- Response to be sent back to the Controller (HTTP_MCP) or requesting procedure. Web API
|
|
services do not rely upon anything being returned in the response. This is what the
|
|
various services like SetResponseBody and SetResponseStatus services are for. A response
|
|
value is only helpful if the developers want to use it for debug purposes.
|
|
|
|
History : (Date, Initials, Notes)
|
|
10/12/18 dmb Original programmer. - [SRPFW-254]
|
|
|
|
***********************************************************************************************************************/
|
|
|
|
#pragma precomp SRP_PreCompiler
|
|
|
|
$insert APP_INSERTS
|
|
$insert HTTP_SERVICE_SETUP
|
|
$insert HTTP_INSERTS
|
|
|
|
Declare subroutine WebAccounts_Services, HTTP_Authentication_Services
|
|
Declare function WebAccounts_Services, HTTP_Authentication_Services
|
|
|
|
// Assume the current HTTP method is valid until proven otherwise.
|
|
ValidMethod = True$
|
|
// Assume the current web service is valid until provent otherwise.
|
|
ValidService = True$
|
|
// Assume no HTTP methods are valid until proven otherwise.
|
|
AllowedMethods = ''
|
|
// A list of all services able to be called from this URL.
|
|
AllowedServices = 'password'
|
|
|
|
AuthenticatedAccountID = HTTP_Authentication_Services('GetAuthenticatedAccountID')
|
|
|
|
// Handle the HTTP request as needed.
|
|
Begin Case
|
|
Case Count(RemainingURL, '/') GE 1
|
|
// This means the URL ends with /webaccounts/{KeyID}/{property}.
|
|
Property = FullEndPointURL[-1, 'B/']
|
|
Locate Property in AllowedServices using ',' setting ServicePos then
|
|
AllowedMethods = 'PATCH,GET,OPTIONS'
|
|
Locate HTTPMethod in AllowedMethods using ',' setting MethodPos then
|
|
On MethodPos GoSub PatchItemProperty, GetItemProperty, OptionsItemProperty
|
|
end else
|
|
ValidMethod = False$
|
|
end
|
|
end else
|
|
ValidService = False$
|
|
end
|
|
|
|
Case Otherwise$
|
|
ValidService = False$
|
|
End Case
|
|
|
|
// Resolve any invalid conditions with the HTTP request.
|
|
Begin Case
|
|
Case Not(ValidService)
|
|
HTTP_Services('SetResponseStatus', 404, NextSegment : ' is not a valid service request within the ' : CurrentServiceHandler : ' module.')
|
|
|
|
Case Not(ValidMethod)
|
|
HTTP_Services('SetResponseStatus', 405, HTTPMethod : ' is not valid for this service.')
|
|
|
|
GoSub SetAllowedMethods
|
|
End Case
|
|
|
|
Return Response OR ''
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
// Service Parameter Options
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
Options BOOLEAN = True$, False$
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
// Web Services
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
// PatchItemProperty
|
|
//
|
|
// Attempts to update the property of a specific resource.
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
PatchItemProperty:
|
|
|
|
// Get the name of the property by looking at the last segment in the FullEndPointURL variable. An assumption is
|
|
// being made that there are no other segments in the URL that follow the property name.
|
|
Property = FullEndPointURL[-1, 'B/']
|
|
|
|
If Property _EQC 'password' then
|
|
AccountID = NextSegment
|
|
If AccountID EQ AuthenticatedAccountID then
|
|
Password = HTTP_Authentication_Services('GetWebAccountPassword', AccountID, False$)
|
|
Body = HTTP_Services('GetHTTPPostString')
|
|
Body = HTTP_Services('DecodePercentString', Body)
|
|
If SRP_JSON(objJSON, 'Parse', Body) EQ '' then
|
|
NewPassword = SRP_JSON(objJSON, 'GetValue', 'value')
|
|
SRP_JSON(objJSON, 'Release')
|
|
HTTP_Authentication_Services('SetWebAccountPassword', AccountID, Password, NewPassword)
|
|
If Error_Services('NoError') then
|
|
If SRP_JSON(objJSON, 'New', 'Object') then
|
|
If SRP_JSON(objLinks, 'New', 'Object') then
|
|
If SRP_JSON(objSelf, 'New', 'Object') then
|
|
SRP_JSON(objSelf, 'SetValue', 'href', FullEndPointURL)
|
|
SRP_JSON(objLinks, 'Set', 'self', objSelf)
|
|
SRP_JSON(objSelf, 'Release')
|
|
end
|
|
SRP_JSON(objJSON, 'Set', '_links', objLinks)
|
|
SRP_JSON(objLinks, 'Release')
|
|
end
|
|
SRP_JSON(objJSON, 'SetValue', 'value', NewPassword, 'String')
|
|
HAL = SRP_JSON(objJSON, 'Stringify', 'Fast')
|
|
SRP_JSON(objJSON, 'Release')
|
|
HTTP_Services('SetResponseBody', HAL, False$, 'application/hal+json')
|
|
end
|
|
end else
|
|
HTTP_Services('SetResponseStatus', '403', Error_Services('GetMessage'))
|
|
end
|
|
end else
|
|
Error_Services('Add', 'Error parsing JSON body within the ' : CurrentServiceHandler : ' module.')
|
|
HTTP_Services('SetResponseStatus', '500', Error_Services('GetMessage'))
|
|
end
|
|
end else
|
|
HTTP_Services('SetResponseStatus', '401', 'This account is not authorized for this endpoint.')
|
|
end
|
|
end else
|
|
// The URL contains an unsupported property. Return a 404 error.
|
|
HTTP_Services('SetResponseStatus', 404, Property : ' is not a valid service request within the ' : CurrentServiceHandler : ' module.')
|
|
end
|
|
|
|
return
|
|
|
|
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
// GetItemProperty
|
|
//
|
|
// Returns the property of a specific resource.
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
GetItemProperty:
|
|
|
|
// Get the name of the property by looking at the last segment in the FullEndPointURL variable. An assumption is
|
|
// being made that there are no other segments in the URL that follow the property name.
|
|
Property = FullEndPointURL[-1, 'B/']
|
|
If Property _EQC 'password' then
|
|
AccountID = NextSegment
|
|
If AccountID EQ AuthenticatedAccountID then
|
|
Password = HTTP_Authentication_Services('GetWebAccountPassword', AccountID, False$)
|
|
jsonWebAccounts = WebAccounts_Services('GetWebAccounts', AccountID, True$)
|
|
If Error_Services('NoError') then
|
|
If SRP_JSON(objJSON, 'Parse', jsonWebAccounts) EQ '' then
|
|
objPassword = SRP_JSON(objJSON, 'Get', 'password')
|
|
SRP_JSON(objJSON, 'Release')
|
|
If SRP_JSON(objLinks, 'New', 'Object') then
|
|
If SRP_JSON(objSelf, 'New', 'Object') then
|
|
SRP_JSON(objSelf, 'SetValue', 'href', FullEndPointURL)
|
|
SRP_JSON(objLinks, 'Set', 'self', objSelf)
|
|
SRP_JSON(objSelf, 'Release')
|
|
end
|
|
SRP_JSON(objPassword, 'Set', '_links', objLinks)
|
|
SRP_JSON(objLinks, 'Release')
|
|
end
|
|
HAL = SRP_JSON(objPassword, 'Stringify', 'Fast')
|
|
SRP_JSON(objPassword, 'Release')
|
|
HTTP_Services('SetResponseBody', HAL, False$, 'application/hal+json')
|
|
end else
|
|
Error_Services('Add', 'Error parsing JSON body within the ' : CurrentServiceHandler : ' module.')
|
|
HTTP_Services('SetResponseStatus', '500', Error_Services('GetMessage'))
|
|
end
|
|
end else
|
|
HTTP_Services('SetResponseStatus', '403', Error_Services('GetMessage'))
|
|
end
|
|
end else
|
|
HTTP_Services('SetResponseStatus', '401', 'This account is not authorized for this endpoint.')
|
|
end
|
|
end else
|
|
// The URL contains an unsupported property. Return a 404 error.
|
|
HTTP_Services('SetResponseStatus', 404, Property : ' is not a valid service request within the ' : CurrentServiceHandler : ' module.')
|
|
end
|
|
|
|
return
|
|
|
|
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
// OptionsItemProperty
|
|
//
|
|
// Sets the appropriate response header fields for an OPTIONS request.
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
OptionsItemProperty:
|
|
|
|
GoSub SetCommonOptionResponseHeaders
|
|
|
|
return
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
// Internal GoSubs
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
// SetCommonOptionResponseHeaders
|
|
//
|
|
// Sets the response headers that will be common for all OPTIONS methods.
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
SetCommonOptionResponseHeaders:
|
|
|
|
HTTP_Services('SetResponseHeaderField', 'Access-Control-Allow-Headers', 'authorization', True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Access-Control-Allow-Headers', 'x-authorization', True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Access-Control-Max-Age', 1728000)
|
|
|
|
GoSub SetAllowedMethods
|
|
|
|
return
|
|
|
|
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
// SetAllowedMethods
|
|
//
|
|
// Sets the Allow response header field as appropriate for the requested URL.
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
SetAllowedMethods:
|
|
|
|
If AllowedMethods NE '' then
|
|
For Each Method in AllowedMethods using ','
|
|
HTTP_Services('SetResponseHeaderField', 'Allow', Method, True$)
|
|
Next Method
|
|
end
|
|
|
|
return
|