open-insight/FRAMEWORKS/STPROC/HTTP_ENTRY_POINT_SERVICES.txt

Function HTTP_Entry_Point_Services(RemainingURL)
/***********************************************************************************************************************

    This program is proprietary and is not to be used by or disclosed to others, nor is it to be copied without written
    permission from SRP Computer Solutions, Inc.

    Name        :   HTTP_Entry_Point_Services

    Description :   Handler program for the HTTP Entry Point service module.

    Notes       :   All HTTP web services should include the HTTP_SERVICE_SETUP insert. This will provide several useful
                    variables:

                        HTTPMethod              - The HTTP Method (Verb) submitted by the client (e.g., GET, POST, etc.)
                        APIURL                  - The URL for the API entry point (e.g., api.mysite.com/v1).
                        SelfURL                 - The URL path representing the current service.
                        FullEndPointURL         - The URL submitted by the client. This can be the same or longer than
                                                  the SelfURL.
                        NextSegment             - The URL segment immediately following the SelfURL (if any). This
                                                  could contain the name of the next service or it could contain the
                                                  Item ID for the current service (aka resource).
                        CurrentServiceHandler   - The name of this stored procedure.

    Parameters  :
        RemainingURL    [in] -- The remaining portion of the URL that follows the URL that launched this current
                                service. This information is used in the HTTP_SERVICE_SETUP insert to populate other
                                useful variables (see Notes above).
        Response       [out] -- Response to be sent back to the Controller (HTTP_MCP) or requesting procedure. Web API
                                services do not rely upon anything being returned in the response. This is what the
                                various services like SetResponseBody and SetResponseStatus services are for. A response
                                value is only helpful if the developers want to use it for debug purposes.

    History     :   (Date, Initials, Notes)
        02/04/15    dmb     Original programmer. - [SRPFW-92]
        04/17/15    dmb     Replace the SetHALLinks service with SetHALCollection service for the Get method. -
                            [SRPFW-92]
        03/09/16    dmb     Refactor to use the updated RunHTTPService service. - [SRPFW-112]
        07/01/17    dmb     Refactor using Enhanced BASIC+ syntax. - [SRPFW-184]
        07/10/17    dmb     Add version to the list of allowed services. - [SRPFW-188]
        09/13/18    dmb     Add scan as an allowed service. Remove contacts and version.

***********************************************************************************************************************/

#pragma precomp SRP_PreCompiler

$insert APP_INSERTS
$insert HTTP_SERVICE_SETUP
$insert HTTP_INSERTS

// Assume the current HTTP method is valid until proven otherwise.
ValidMethod     = True$
// Assume the current web service is valid until provent otherwise.
ValidService    = True$
// Assume no HTTP methods are valid until proven otherwise.
AllowedMethods  = ''
// A list of all services able to be called from this URL.
AllowedServices = 'scan'

// Since all authenticated API requests will start with the Entry Point, any authentication-dependent global response
// headers should be set here.
GoSub SetGlobalResponseHeaders

// Handle the HTTP request as needed.
Begin Case
    Case RemainingURL _EQC ''
        // This means the URL matches the <APIURL>, which means this is the entry point. The client is requesting a
        // collection of services available.
        AllowedMethods  = 'GET,OPTIONS'
        Locate HTTPMethod in AllowedMethods using ',' setting MethodPos then
            On MethodPos GoSub Get, Options
        end else
            ValidMethod = False$
        end

    Case Count(RemainingURL, '/') GE 0
        // This means the URL ends with /{service}, where <NextSegment> is the name of the service. The client is
        // requesting a specific web service. If this is an allowed service, just call the service "as is" and let it
        // handle the request. Calling another HTTP service is similar to the way one MFS calls another MFS by modifying
        // the FS list. In this case, the NextSegment and RemainingURL variables will need to be modified.
        Locate NextSegment in AllowedServices using ',' setting ServicePos then
            RemainingURL    = Field(RemainingURL, '/', 2, 99)
            HTTP_Services('RunHTTPService', NextSegment, RemainingURL)
        end else
            ValidService    = False$
        end

    Case Otherwise$
        ValidService    = False$
End Case

// Resolve any invalid conditions with the HTTP request.
Begin Case
    Case Not(ValidService)
        HTTP_Services('SetResponseStatus', 404, NextSegment : ' is not a valid service request within the ' : CurrentServiceHandler : ' module.')

    Case Not(ValidMethod)
        HTTP_Services('SetResponseStatus', 405, HTTPMethod : ' is not valid for this service.')

        GoSub SetAllowedMethods
End Case

Return Response OR ''


////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Service Parameter Options
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Options BOOLEAN                     = True$, False$


////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Web Services
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

//----------------------------------------------------------------------------------------------------------------------
// Get
//
// Returns the available services.
//----------------------------------------------------------------------------------------------------------------------
Get:

    HREFNames           = ''
    HREFURIs            = ''
    For Each Service in AllowedServices using ','
        HREFNames  := service : @FM
        HREFURIs   := SelfURL : '/' : Service : @FM
    Next Service
    HREFNames[-1, 1]    = ''
    HREFURIs[-1, 1]     = ''

    HTTP_JSON_Services('SetHALCollection', SelfURL, HREFURIs, HREFNames)

    If Error_Services('NoError') then
        Services    = HTTP_JSON_Services('GetHAL')
        HTTP_Services('SetResponseBody', Services, False$, 'application/hal+json')
    end else
        HTTP_Services('SetResponseStatus', 500, '')
    end

return


//----------------------------------------------------------------------------------------------------------------------
// Options
//
// Sets the appropriate response header fields for an OPTIONS request.
//----------------------------------------------------------------------------------------------------------------------
Options:

    GoSub SetCommonOptionResponseHeaders

return


////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Internal GoSubs
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

//----------------------------------------------------------------------------------------------------------------------
// SetGlobalResponseHeaders
//
// Since all authenticated API requests will start with the Entry Point, any authentication-dependent global response
// headers should be set here.
//----------------------------------------------------------------------------------------------------------------------
SetGlobalResponseHeaders:
return


//----------------------------------------------------------------------------------------------------------------------
// SetCommonOptionResponseHeaders
//
// Sets the response headers that will be common for all OPTIONS methods.
//----------------------------------------------------------------------------------------------------------------------
SetCommonOptionResponseHeaders:

    HTTP_Services('SetResponseHeaderField', 'Access-Control-Allow-Headers', 'authorization', True$)
    HTTP_Services('SetResponseHeaderField', 'Access-Control-Allow-Headers', 'x-authorization', True$)
    HTTP_Services('SetResponseHeaderField', 'Access-Control-Max-Age', 1728000)

    GoSub SetAllowedMethods

return


//----------------------------------------------------------------------------------------------------------------------
// SetAllowedMethods
//
// Sets the Allow response header field as appropriate for the requested URL.
//----------------------------------------------------------------------------------------------------------------------
SetAllowedMethods:

    If AllowedMethods NE '' then
        For Each Method in AllowedMethods using ','
            HTTP_Services('SetResponseHeaderField', 'Allow', Method, True$)
        Next Method
    end

return