diff options
Diffstat (limited to 'services/request.esp')
| -rw-r--r-- | services/request.esp | 540 |
1 files changed, 0 insertions, 540 deletions
diff --git a/services/request.esp b/services/request.esp deleted file mode 100644 index 03226f975d..0000000000 --- a/services/request.esp +++ /dev/null @@ -1,540 +0,0 @@ -<% - -/* - * Copyright: - * (C) 2006 by Derrell Lipman - * All rights reserved - * - * License: - * LGPL 2.1: http://creativecommons.org/licenses/LGPL/2.1/ - */ - -/* - * This is a simple JSON-RPC server. - */ - -/* Bring in the json format/parse functions */ -jsonrpc_include("json.esp"); - -/* Bring in the date class */ -jsonrpc_include("jsondate.esp"); - -/* Load the authentication script */ -jsonrpc_include("json_auth.esp"); - - -/* bring the string functions into the global frame */ -string_init(global); - -/* Bring the system functions into the global frame */ -sys_init(global); - -/* Bring the session functions into the global frame */ -system_session(global); - - -function printf() -{ - print(vsprintf(arguments)); -} - - -/* - * All of our manipulation of JSON RPC methods will be through this object. - * Each class of methods will assign to here, and all of the constants will - * also be in this object. - */ -jsonrpc = new Object(); -jsonrpc.Constant = new Object(); -jsonrpc.Constant.ErrorOrigin = new Object(); /* error origins */ -jsonrpc.Constant.ServerError = new Object(); /* server-generated error codes */ -jsonrpc.method = new Object(); /* methods available in requested class */ - -/* - * ScriptTransport constants - */ -jsonrpc.Constant.ScriptTransport = new Object(); -jsonrpc.Constant.ScriptTransport.NotInUse = -1; - - -/* - * JSON-RPC error origin constants - */ -jsonrpc.Constant.ErrorOrigin.Server = 1; -jsonrpc.Constant.ErrorOrigin.Application = 2; -jsonrpc.Constant.ErrorOrigin.Transport = 3; -jsonrpc.Constant.ErrorOrigin.Client = 4; - - - -/* - * JSON-RPC server-generated error code constants - */ - -/** - * Error code, value 0: Unknown Error - * - * The default error code, used only when no specific error code is passed to - * the JsonRpcError constructor. This code should generally not be used. - */ -jsonrpc.Constant.ServerError.Unknown = 0; - -/** - * Error code, value 1: Illegal Service - * - * The service name contains illegal characters or is otherwise deemed - * unacceptable to the JSON-RPC server. - */ -jsonrpc.Constant.ServerError.IllegalService = 1; - -/** - * Error code, value 2: Service Not Found - * - * The requested service does not exist at the JSON-RPC server. - */ -jsonrpc.Constant.ServerError.ServiceNotFound = 2; - -/** - * Error code, value 3: Class Not Found - * - * If the JSON-RPC server divides service methods into subsets (classes), this - * indicates that the specified class was not found. This is slightly more - * detailed than "Method Not Found", but that error would always also be legal - * (and true) whenever this one is returned. (Not used in this implementation) - */ -jsonrpc.Constant.ServerError.ClassNotFound = 3; - -/** - * Error code, value 4: Method Not Found - * - * The method specified in the request is not found in the requested service. - */ -jsonrpc.Constant.ServerError.MethodNotFound = 4; - -/* - * Error code, value 5: Parameter Mismatch - * - * If a method discovers that the parameters (arguments) provided to it do not - * match the requisite types for the method's parameters, it should return - * this error code to indicate so to the caller. - * - * This error is also used to indicate an illegal parameter value, in server - * scripts. - */ -jsonrpc.Constant.ServerError.ParameterMismatch = 5; - -/** - * Error code, value 6: Permission Denied - * - * A JSON-RPC service provider can require authentication, and that - * authentication can be implemented such the method takes authentication - * parameters, or such that a method or class of methods requires prior - * authentication. If the caller has not properly authenticated to use the - * requested method, this error code is returned. - */ -jsonrpc.Constant.ServerError.PermissionDenied = 6; - -/*** Errors generated by this server which are not qooxdoo-standard ***/ - -/* - * Error code, value 1000: Unexpected Output - * - * The called method illegally generated output to the browser, which would - * have preceeded the JSON-RPC data. - */ -jsonrpc.Constant.ServerError.UnexpectedOutput = 1000; - -/* - * Error code, value 1001: Resource Error - * - * Too many resources were requested, a system limitation on the total number - * of resources has been reached, or a resource or resource id was misused. - */ -jsonrpc.Constant.ServerError.ResourceError = 1001; - -/* - * Error code, value 1002: Not Logged In - * - * The user has logged out and must re-authenticate, or this is a brand new - * session and the user must log in. - * - */ -jsonrpc.Constant.ServerError.NotLoggedIn = 1002; - -/* - * Error code, value 1003: Session Expired - * - * The session has expired and the user must re-authenticate. - * - */ -jsonrpc.Constant.ServerError.SessionExpired = 1003; - -/* - * Error code, value 1004: Login Failed - * - * An attempt to log in failed. - * - */ -jsonrpc.Constant.ServerError.LoginFailed = 1004; - - - - - -function sendReply(reply, scriptTransportId) -{ - /* If not using ScriptTransport... */ - if (scriptTransportId == jsonrpc.Constant.ScriptTransport.NotInUse) - { - /* ... then just output the reply. */ - write(reply); - } - else - { - /* Otherwise, we need to add a call to a qooxdoo-specific function */ - reply = - "qx.io.remote.ScriptTransport._requestFinished(" + - scriptTransportId + ", " + reply + - ");"; - write(reply); - } -} - - -function _jsonValidRequest(req) -{ - if (req == undefined) - { - return false; - } - - if (typeof(req) != "object") - { - return false; - } - - if (req["id"] == undefined) - { - return false; - } - - if (req["service"] == undefined) - { - return false; - } - - if (req["method"] == undefined) - { - return false; - } - - if (req["params"] == undefined) - { - return false; - } - - return true; -} -jsonrpc.validRequest = _jsonValidRequest; -_jsonValidRequest = null; - -/* - * class JsonRpcError - * - * This class allows service methods to easily provide error information for - * return via JSON-RPC. - */ -function _JsonRpcError_create(origin, code, message) -{ - var o = new Object(); - - o.data = new Object(); - o.data.origin = origin; - o.data.code = code; - o.data.message = message; - o.scriptTransportId = jsonrpc.Constant.ScriptTransport.NotInUse; - o.__type = "_JsonRpcError"; - - function _origin(origin) - { - this.data.origin = origin; - } - o.setOrigin = _origin; - - function _setError(code, message) - { - this.data.code = code; - this.data.message = message; - } - o.setError = _setError; - - function _setId(id) - { - this.id = id; - } - o.setId = _setId; - - function _setScriptTransportId(id) - { - this.scriptTransportId = id; - } - o.setScriptTransportId = _setScriptTransportId; - - function _setInfo(info) - { - // Add the info field only if info is actually provided. - // This is an extension to qooxdoo's normal Error return value. - this.data.info = info; - } - o.setInfo = _setInfo; - - function _Send() - { - var error = this; - var id = this.id; - var ret = new Object(); - ret.error = this.data; - ret.id = this.id; - sendReply(Json.encode(ret), this.scriptTransportId); - } - o.Send = _Send; - - return o; -} - -jsonrpc.createError = _JsonRpcError_create; -_JsonRpcError_create = null; - -/* - * 'input' is the user-provided json-encoded request - * 'jsonInput' is that request, decoded into its object form - */ -var input; -var jsonInput = null; - -/* Allocate a generic error object */ -error = jsonrpc.createError(jsonrpc.Constant.ErrorOrigin.Server, - jsonrpc.Constant.ServerError.Unknown, - "Unknown error"); - -/* Assume (default) we're not using ScriptTransport */ -scriptTransportId = jsonrpc.Constant.ScriptTransport.NotInUse; - -/* What type of request did we receive? */ -if (request["REQUEST_METHOD"] == "POST" && - request["CONTENT_TYPE"] == "application/json") -{ - /* We found literal POSTed json-rpc data (we hope) */ - input = request["POST_DATA"]; - jsonInput = Json.decode(input); -} -else if (request["REQUEST_METHOD"] == "GET" && - form["_ScriptTransport_id"] != undefined && - form["_ScriptTransport_id"] != - jsonrpc.Constant.ScriptTransport.NotInUse && - form["_ScriptTransport_data"] != undefined) -{ - /* We have what looks like a valid ScriptTransport request */ - scriptTransportId = form["_ScriptTransport_id"]; - error.setScriptTransportId(scriptTransportId); - input = form["_ScriptTransport_data"]; - jsonInput = Json.decode(input); -} - -/* Ensure that this was a JSON-RPC service request */ -if (! jsonrpc.validRequest(jsonInput)) -{ - /* - * This request was not issued with JSON-RPC so echo the error rather than - * issuing a JsonRpcError response. - */ - write("JSON-RPC request expected; service, method or params missing<br>"); - return; -} - -/* - * Ok, it looks like JSON-RPC, so we'll return an Error object if we encounter - * errors from here on out. - */ -error.setId(jsonInput.id); - -/* Service and method names may contain these characters */ -var nameChars = - "_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; - -/* The first letter of service and method names must be a letter */ -var nameFirstLetter = - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - -/* - * Ensure the method name is kosher. A method name should be: - * - * - first character is in [a-zA-Z] - * - other characters are in [_a-zA-Z0-9] - */ - -/* First check for legal characters */ -if (strspn(jsonInput.method, nameChars) != strlen(jsonInput.method)) -{ - /* There's some illegal character in the service name */ - error.setError(jsonrpc.Constant.ServerError.MethodNotFound, - "Illegal character found in method name."); - error.Send(); - return; -} - -/* Now ensure that it begins with a letter */ -if (strspn(substr(jsonInput.method, 0, 1), nameFirstLetter) != 1) -{ - error.setError(jsonrpc.Constant.ServerError.MethodNotFound, - "The method name does not begin with a letter"); - error.Send(); - return; -} - -/* - * Ensure the requested service name is kosher. A service name should be: - * - * - a dot-separated sequences of strings; no adjacent dots - * - first character of each string is in [a-zA-Z] - * - other characters are in [_a-zA-Z0-9] - */ - -/* First check for legal characters */ -if (strspn(jsonInput.service, "." + nameChars) != strlen(jsonInput.service)) -{ - /* There's some illegal character in the service name */ - error.setError(jsonrpc.Constant.ServerError.IllegalService, - "Illegal character found in service name."); - error.Send(); - return; -} - -/* - * Now ensure there are no double dots. - * - * Frustration with ejs. Result must be NULL, but we can't use the === - * operator: strstr() === null so we have to use typeof. If the result isn't - * null, then it'll be a number and therefore not type "pointer". - */ -if (typeof(strstr(jsonInput.service, "..")) != "pointer") -{ - error.setError(jsonrpc.Constant.ServerError.IllegalService, - "Illegal use of two consecutive dots in service name"); - error.Send(); - return; -} - -/* Explode the service name into its dot-separated parts */ -var serviceComponents = split(".", jsonInput.service); - -/* Ensure that each component begins with a letter */ -for (var i = 0; i < serviceComponents.length; i++) -{ - if (strspn(substr(serviceComponents[i], 0, 1), nameFirstLetter) != 1) - { - error.setError(jsonrpc.Constant.ServerError.IllegalService, - "A service name component does not begin with a letter"); - error.Send(); - return; - } -} - -/* - * Now replace all dots with slashes so we can locate the service script. We - * also retain the split components of the path, as the class name of the - * service is the last component of the path. - */ -var servicePath = join("/", serviceComponents) + ".esp"; - -/* Load the requested class */ -if (jsonrpc_include(servicePath)) -{ - /* Couldn't find the requested service */ - error.setError(jsonrpc.Constant.ServerError.ServiceNotFound, - "Service class `" + servicePath + "` does not exist."); - error.Send(); - return; -} - -/* - * Find the requested method. - * - * What we really want to do here, and could do in any reasonable language, - * is: - * - * method = jsonrpc.method[jsonInput.method]; - * if (method && typeof(method) == "function") ... - * - * The following completely unreasonable sequence of commands is because: - * - * (a) ejs evaluates all OR'ed expressions even if an early one is false, and - * barfs on the typeof(method) call if method is undefined - * - * (b) ejs does not allow comparing against the string "function"!!! What - * the hell is special about that particular string??? - * - * E-gad. What a mess. - */ -var method = jsonrpc.method[jsonInput.method]; -var valid = (method != undefined); -if (valid) -{ - var type = typeof(method); - if (substr(type, 0, 1) != 'f' || substr(type, 1) != "unction") - { - valid = false; - } -} - -if (! valid) -{ - error.setError(jsonrpc.Constant.ServerError.MethodNotFound, - "Method `" + jsonInput.method + "` not found."); - error.Send(); - return; -} - -/* - * Ensure the logged-in user is allowed to issue the requested method. We - * provide the scriptTransportId as one of the determining factors because - * accepting requests via ScriptTransport is dangerous. Only methods which - * one might allow when unauthenticated should be allowed via ScriptTransport - * as it is easy for a rogue site to trick a user into bypassing - * authentication. - */ -if (! json_authenticate(serviceComponents, - jsonInput.method, - scriptTransportId, - error)) -{ - error.Send(); - return; -} - -/* Most errors from here on out will be Application-generated */ -error.setOrigin(jsonrpc.Constant.ErrorOrigin.Application); - -/* Call the requested method passing it the provided params */ -var retval = method(jsonInput.params, error); - -/* See if the result of the function was actually an error object */ -if (retval["__type"] == "_JsonRpcError") -{ - /* Yup, it was. Return the error */ - retval.Send(); - return; -} - -/* Give 'em what they came for! */ -var ret = new Object(); -ret.result = retval; -ret.id = jsonInput.id; -sendReply(Json.encode(ret), scriptTransportId); - -/* - * Local Variables: - * mode: c - * End: - */ -%> |