238 lines
10 KiB
Plaintext
238 lines
10 KiB
Plaintext
Function Oiwizard_API(@API)
|
|
/***********************************************************************************************************************
|
|
|
|
This program is proprietary and is not to be used by or disclosed to others, nor is it to be copied without written
|
|
permission from SRP Computer Solutions, Inc.
|
|
|
|
Name : Oiwizard_API
|
|
|
|
Description : API logic for the Oiwizard resource.
|
|
|
|
Notes : All web APIs should include the API_SETUP insert. This will provide several useful variables:
|
|
|
|
HTTPMethod - The HTTP Method (Verb) submitted by the client (e.g., GET, POST, etc.)
|
|
APIURL - The URL for the API entry point (e.g., api.mysite.com/v1).
|
|
FullEndpointURL - The URL submitted by the client, including query params.
|
|
FullEndpointURLNoQuery - The URL submitted by the client, excluding query params.
|
|
EndpointSegment - The URL endpoint segment.
|
|
ParentURL - The URL path preceeding the current endpoint.
|
|
CurrentAPI - The name of this stored procedure.
|
|
|
|
Parameters :
|
|
API [in] -- Web API to process. Format is [APIPattern].[HTTPMethod]:
|
|
- APIPattern must follow this structure Oiwizard[.ID.[<Property>]]
|
|
- HTTPMethod can be any valid HTTP method, e.g., GET, POST, PUT, DELETE, etc.
|
|
Examples:
|
|
- Oiwizard.POST
|
|
- Oiwizard.ID.PUT
|
|
- Oiwizard.ID.firstName.GET
|
|
Response [out] -- Response to be sent back to the Controller (HTTP_MCP) or requesting procedure. Web API
|
|
services do not rely upon anything being returned in the response. This is what the
|
|
various services like SetResponseBody and SetResponseStatus services are for. A response
|
|
value is only helpful if the developers want to use it for debug purposes.
|
|
|
|
History : (Date, Initials, Notes)
|
|
06/22/22 xxx Original programmer.
|
|
|
|
***********************************************************************************************************************/
|
|
|
|
#pragma precomp SRP_PreCompiler
|
|
|
|
$insert APP_INSERTS
|
|
$insert API_SETUP
|
|
$insert HTTP_INSERTS
|
|
|
|
Declare function Security_Services, OI_Wizard_Services, Utility_DotNet, Datetime, Active_Directory_Services
|
|
Declare subroutine OI_Wizard_Services
|
|
|
|
GoToAPI else
|
|
// The specific resource endpoint doesn't have a API handler yet.
|
|
HTTP_Services('SetResponseStatus', 204, 'This is a valid endpoint but a web API handler has not yet been created.')
|
|
end
|
|
|
|
Return Response OR ''
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
// Endpoint Handlers
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
API oiwizard.POST
|
|
|
|
// Check to see if a cookie is set
|
|
OIWizardID = ''
|
|
Cookies = HTTP_Services('GetHTTPCookie')
|
|
For each Cookie in Cookies using ';'
|
|
Key = Field(Cookie, '=', 1)
|
|
If Key EQ 'sessionID' then
|
|
OIWizardID = Field(Cookie, '=', 2)
|
|
end
|
|
Next Cookie
|
|
|
|
ValidSession = OI_Wizard_Services('ValidateSession', OIWizardID)
|
|
|
|
If ValidSession EQ True$ then
|
|
// Check to see if logout value was sent in the body
|
|
Body = HTTP_Services('GetHTTPPostString')
|
|
If Body NE '' then
|
|
// The POST string will have been encoded so use percent (URL) decoding
|
|
WizardJSON = HTTP_Services('DecodePercentString', Body)
|
|
ParseResponse = SRP_JSON(hWizardJSON, 'PARSE', WizardJSON)
|
|
If (ParseResponse EQ '') then
|
|
Logout = SRP_JSON(hWizardJSON, 'GetValue', 'logout')
|
|
SRP_JSON(hWizardJSON, 'Release')
|
|
If Logout EQ True$ then
|
|
// Set session as terminated and clear cookies
|
|
OI_Wizard_Services('TerminateSession', OIWizardID)
|
|
If Error_Services('NoError') then
|
|
Expiry = Utility_DotNet('TIMEZONE', Datetime(), -1)
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'sessionID="" ;Expires=':Expiry)
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'userID="" ;Expires=':Expiry, True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Expires', Expiry, True$)
|
|
Message = 'Session ended.'
|
|
end
|
|
end
|
|
StatusCode = 200
|
|
GoSub CreateHALItem
|
|
end else
|
|
HTTP_Services('SetResponseStatus', 400, 'Unable to parse the JSON data from the request.')
|
|
end
|
|
end else
|
|
// Logout message not sent, so just send back a 200 to inform the front end the session is still valid.
|
|
Expiry = Xlate('OI_WIZARD', OIWizardID, 'EXPIRY_UTC', 'X')
|
|
LSLUserID = Xlate('OI_WIZARD', OIWizardID, 'EMPLOYEE_ID', 'X')
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'sessionID=':OIWizardID:' ;Expires=':Expiry)
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'userID=':LSLUserID:' ;Expires=':Expiry, True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Expires', Expiry)
|
|
StatusCode = 200
|
|
GoSub CreateHALItem
|
|
end
|
|
end else
|
|
// See if credentials were passed in and create a new session
|
|
Body = HTTP_Services('GetHTTPPostString')
|
|
If Body NE '' then
|
|
// The POST string will have been encoded so use percent (URL) decoding
|
|
WizardJSON = HTTP_Services('DecodePercentString', Body)
|
|
ParseResponse = SRP_JSON(hWizardJSON, 'PARSE', WizardJSON)
|
|
If (ParseResponse EQ '') then
|
|
// Validate credentials and create a new session
|
|
UserID = SRP_JSON(hWizardJSON, 'GetValue', 'userID')
|
|
Password = SRP_JSON(hWizardJSON, 'GetValue', 'password')
|
|
SRP_JSON(hWizardJSON, 'Release')
|
|
Authenticated = Active_Directory_Services('AuthenticateUser', UserID, Password, 'Infineon')
|
|
If Authenticated then
|
|
LSLUserID = Security_Services('GetLSLUser', UserID)
|
|
If LSLUserID NE '' then
|
|
OIWizardID = OI_Wizard_Services('CreateWizardID', LSLUserID)
|
|
If Error_Services('NoError') then
|
|
Expiry = Xlate('OI_WIZARD', OIWizardID, 'EXPIRY_UTC', 'X')
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'sessionID=':OIWizardID:' ;Expires=':Expiry)
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'userID=':LSLUserID:' ;Expires=':Expiry, True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Expires', Expiry)
|
|
StatusCode = 201
|
|
GoSub CreateHALItem
|
|
end else
|
|
Message = Error_Services('GetMessage')
|
|
HTTP_Services('SetResponseStatus', 500, Message)
|
|
end
|
|
end else
|
|
Message = 'Error in Security_Services("GetLSLUser") service. No LSLUserID found for user ':UserID:'.'
|
|
HTTP_Services('SetResponseStatus', 500, Message)
|
|
end
|
|
end else
|
|
HTTP_Services('SetResponseStatus', 401, Error_Services('GetMessage'))
|
|
end
|
|
end else
|
|
HTTP_Services('SetResponseStatus', 400, 'Unable to parse the JSON data from the request.')
|
|
end
|
|
end else
|
|
// No credentials passed in, so inform the front end that the sesion is invalid
|
|
HTTP_Services('SetResponseStatus', 401, 'Invalid session. Reauthentication required.')
|
|
end
|
|
end
|
|
|
|
end api
|
|
|
|
|
|
API oiwizard.HEAD
|
|
API oiwizard.GET
|
|
|
|
// Check to see if a cookie is set
|
|
OIWizardID = ''
|
|
Cookies = HTTP_Services('GetHTTPCookie')
|
|
For each Cookie in Cookies using ';'
|
|
Key = Field(Cookie, '=', 1)
|
|
If Key EQ 'sessionID' then
|
|
OIWizardID = Field(Cookie, '=', 2)
|
|
end
|
|
Next Cookie
|
|
|
|
ValidSession = OI_Wizard_Services('ValidateSession', OIWizardID)
|
|
|
|
If ValidSession EQ True$ then
|
|
Expiry = Xlate('OI_WIZARD', OIWizardID, 'EXPIRY_UTC', 'X')
|
|
LSLUserID = Xlate('OI_WIZARD', OIWizardID, 'EMPLOYEE_ID', 'X')
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'sessionID=':OIWizardID:' ;Expires=':Expiry)
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'userID=':LSLUserID:' ;Expires=':Expiry, True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Expires', Expiry)
|
|
Message = 'Valid session. Expiry updated'
|
|
StatusCode = 200
|
|
GoSub CreateHALItem
|
|
end else
|
|
HTTP_Services('SetResponseStatus', 401, 'Invalid session. Reauthentication required.')
|
|
end
|
|
|
|
end api
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
// Internal GoSubs
|
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
// CreateHALItem
|
|
//
|
|
// Creates a HAL+JSON object based on the OpenInsight data row representation of the scan.
|
|
//----------------------------------------------------------------------------------------------------------------------
|
|
CreateHALItem:
|
|
|
|
HTTP_Services('SetResponseHeaderField', 'Content-Location', FullEndpointURL)
|
|
If Assigned(Message) then
|
|
HTTP_Services('SetResponseStatus', StatusCode, Message)
|
|
end else
|
|
HTTP_Services('SetResponseStatus', StatusCode)
|
|
end
|
|
|
|
return
|
|
|
|
API oiwizard.checkidleoisessionvalid.HEAD
|
|
API oiwizard.checkidleoisessionvalid.GET
|
|
|
|
OIWizardID = ''
|
|
Cookies = HTTP_Services('GetHTTPCookie')
|
|
For each Cookie in Cookies using ';'
|
|
Key = Field(Cookie, '=', 1)
|
|
If Key EQ 'sessionID' then
|
|
OIWizardID = Field(Cookie, '=', 2)
|
|
end
|
|
Next Cookie
|
|
|
|
ValidSession = OI_Wizard_Services('ValidateSessionIdle', OIWizardID)
|
|
|
|
If ValidSession EQ True$ then
|
|
Expiry = Xlate('OI_WIZARD', OIWizardID, 'EXPIRY_UTC', 'X')
|
|
LSLUserID = Xlate('OI_WIZARD', OIWizardID, 'EMPLOYEE_ID', 'X')
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'sessionID=':OIWizardID:' ;Expires=':Expiry)
|
|
HTTP_Services('SetResponseHeaderField', 'Set-Cookie', 'userID=':LSLUserID:' ;Expires=':Expiry, True$)
|
|
HTTP_Services('SetResponseHeaderField', 'Expires', Expiry)
|
|
Message = 'Valid session. Expiry updated'
|
|
StatusCode = 200
|
|
GoSub CreateHALItem
|
|
end else
|
|
HTTP_Services('SetResponseStatus', 401, 'Invalid session. Reauthentication required.')
|
|
end
|
|
|
|
end api
|