mORMot Open Source

a blank project ,if it uses mormot.core.base, mormot.core.os units,

cross compile it with windows lazarus , it works on windows target .

but can NOT work on Linux 64 Target , error info :
/lib64/libc.so.6: version `GLIBC_2.34' not found (required by ./project)

/lib64/libc.so.6: version `GLIBC_2.34' not found (required by ./project)

if just uses the mormot.core.base, then it works fine.

there is topic about this  https://forum.lazarus.freepascal.org/in … ic=58888.0

maybe the problem comes from  mormot.core.os

laz ver :2.3.0 fpc ver:3.3.1 target os : x64 centos 7.9

some third party api need CAcertification, like cert.p12 ,cert.pem,cert_key.pem,
like some payout api,
is it a way to use CACert with TWinHttp Client?

AS_UNIQUE can mark a field value to be unique in the table,
but the woStoreStoredFalse option can not be set with
_ObjFast(const NameValuePairs: array of const)  overload function,
therefor ,the filed marked as_unique won't be serialized ,it just missing.

i know i can use  _ObjFast(aObject: TObject;  aOptions: TTextWriterWriteObjectOptions = [woDontStoreDefault]) overload function,

but there are so mary scenarios  _ObjFast(const NameValuePairs: array of const) comes more handy.

throuth the code ,woStoreStoredFalse is to protect some sensitive information like password,
the AS_UNIQUE should mean "unique", not "sensitive"
may be we need another marker to do so.

if it does ,the the uri will be more friendly
eg: domain/root
      domain/root/admin/*
      domain/root/api/*

i know the interface based service can do this ,but some times ,the method based service can be more flexable

seems very good

i test JSONToObject function ,it works , but seems to change the json content.
i want to reuse the json content ,

follow the Documentation's guide ,
i make a local copy use @vJson[1] or UniqueRawUTF8
but after JSONToObject ,i write the vJson variable content to a memo , it only contains "classname"

var
  vJson:rawutf8;
  vJsonP:PUTF8Char;
begin

    vJsonP :=UniqueRawUTF8(vJson);//@vJson[1];
    vObj :=TMyObject(JSONToNewObject(vJsonP,vObjValid,[j2oIgnoreUnknownProperty]));
    memo1.text:=vJson; //<--here it only output "classname" not the whole json content

end;

seems local copy did not work

Database created by mORMot Framework can Not be operated by 3rd tools
like  Navicat

take Sqlite3\sample\ 30 - MVC Server for demo,

navicat can open and do select Query operation

but write operation like Insert will trigger an error:

no such collation sequence: SYSTEMNOCASE

I'd like to implement ByPassAuthentication when use JWT authentication ,
so i  create my own ServicesRouting class and override the AuthenticationCheck(jwt: TJWTAbstract) procedure,

but the fPublishedMethod and fIPWhiteJWT is not accessable ,
may i suggest add two property'PublishedMethod' and 'IPWhiteJWT' to the TSQLRestServer class?

Just Asigned a TJWTHS256 instance to the RestServer.JWTForUnauthenticatedRequest property,
then set the client SessionHttpHeader :Authorization: Bearer <Token>

then call any method or interface based service that need auth ,you will fail.

problem is that :

JWTForUnauthenticatedRequest not working since procedure TSQLRestServer.URI  security handling logic bug:
in mOMRot.pas:

      // 2. handle security
      if (rsoSecureConnectionRequired in fOptions) and
         (Ctxt.MethodIndex<>fPublishedMethodTimestampIndex) and
         not (llfSecured in Call.LowLevelFlags) then
        Ctxt.AuthenticationFailed(afSecureConnectionRequired) else
      if not Ctxt.Authenticate then
        Ctxt.AuthenticationFailed(afInvalidSignature) else
      if (Ctxt.Service<>nil) and
          not (reService in Call.RestAccessRights^.AllowRemoteExecute) then
        if (rsoRedirectForbiddenToAuth in Options) and (Ctxt.ClientKind=ckAjax) then
          Ctxt.Redirect(Model.Root+'/auth') else
          Ctxt.AuthenticationFailed(afRemoteServiceExecutionNotAllowed) else
      if (Ctxt.Session<>CONST_AUTHENTICATION_NOT_USED) or
         (fJWTForUnauthenticatedRequest=nil) or
         (Ctxt.MethodIndex=fPublishedMethodTimestampIndex) or
         ((llfSecured in Call.LowLevelFlags) and
          not (llfHttps in Call.LowLevelFlags)) or // HTTPS does not authenticate
         Ctxt.AuthenticationCheck(fJWTForUnauthenticatedRequest) then

line 42740 42741 always get executed if not authed

if not Ctxt.Authenticate then
        Ctxt.AuthenticationFailed(afInvalidSignature)

so fJWTForUnauthenticatedRequest never get a chance .

or i am doing it wrong?

Thanks ab for the great mORMot framework, it helps me a lot.

i use the framework SOA、ORM  a lot .

now i need to build a web site. i guess at somepoint , we all need a website.

i found a little imperfect of MVC:

when you just need to show some pages,
just write you view template and define some interface , it works fine, same as Sample 30--MVC Server.

but, when you need to use Ajax in pages to Post data to or Get data from  the mvc server, it CAN NOT be done.

i mean , when you need to do AJAX request from the MVC application, there the NO WAY to return json data from the mvc application（interface）

i know,i know ,  u can make AJAX request to the RestServer (not to the mvc application),

but this approach will need to deal with the rest auth, while MVC application is based on Cookie.

for example:
when user need to login to the Web(not the RestSerrver), since our MVC application can not return custom json format (which ajax need),
we loose the ablity to interact with user  before or after the login.

or  , some page need use Ajax request data only after user login (again, web cookie, not the restserver auth)

so, if mvc application return JSON data will solve all that .(not the methodname/json approach, it is still for view context)

line 51791 of SynCommons.pas:this line:

if not RegisterCustomJSONSerializerSetOptions(aTypeInfo[XXXXX],aOptions) then

Missing  the "aAddIfNotExisting" parameter cause the register of array of aTypeInfo failing.

also:i use aTypeInfo[XXXXX] ,xxxx replace i in code above because when use i in this post ,i can NOT post.

I use serval online enc/dec services to check the AESECB encryption/decryption result ,
it seems that our SynCrypto TAESECB mode can not get any result same with the online services.

what is your result when do such enc/dec with TAESECB?
the utf8 string key is '123456'
utf8String Data is 'ABC'
All online services results:
PKCS7padding, keysize 256 : h3ivt+HEEOkunT75PoB199xf3tD1LRO/p1/l6Tdrg6I=
PKCS7padding, keysize 128 : FevVdP5MovJAiVEClsvBBQ==

none of them is same as our syncrypto results.

my code like this :

  
CONST
  KEY:RawByteString='123456';
VAR
  aKey: TSHA256Digest;
  AES:TAESECB;
  aa:TAESCFB;
  DAT:RawByteString;
  sr:RawByteString;
begin
  DAT:='ABC';
  aKey :=SHA256Digest(KEY);
  AES:=TAESECB.Create(aKey,256);
  sr:=AES.EncryptPKCS7(DAT);
  mmoLog.Lines.Add(BinToBase64(sr));
end;

result is EUouYChaLyxO7ArP0k3G4A==

what is your result with syncrypto?

i pull the latest source from git, still cannot compile anything with 10.3(Rio). 
ide stopped at line 18794 in SynCommon.pas

error message:

[dcc32 Error] SynCommons.pas(18794): E2015 Operator not applicable to this operand type

ide stopped at

procedure TSynTempBuffer.Init(Source: pointer; SourceLen: integer);
begin
  len := SourceLen;
  if len<=0 then
    buf := nil else begin
    if len<=SizeOf(tmp)-16 then
      buf := @tmp else
      GetMem(buf,len+16); // +16 for trailing #0 and for PInteger() parsing
    MoveFast(Source^,buf^,len);
    PPtrInt(buf+len)^ := 0; // always init last 4/8 bytes (makes valgrid happy)  <<----------stopped here 
  end;
end;

all 36 demo projects failed

we have similar usage like this:
https://synopse.info/forum/viewtopic.php?id=4712

many TSQLRestServerDB instance hosted in one httpserver,
we do this to preform "Each Client Has It's Own Database", and to practice the "Sharding"
this approach really simplify the  project's architecture and coding.

we have 1000 TSQLRestServerDB s hold in each Httpserver ,yes you see it right , 1000+

by test we fill two table of each database with One Million rows ，then each db file in disk is about 200M

we load all the 1000 databases, the project's whole RAM use is just around 300M， so we think with todays machine ablility ,
this will work just fine .

and we run 10+ process on each machine to get maxium use of the machine power.

if this work ok ,it will save a lot of money!! 

after reading the linked post above , we afriad  this approach may cause some other issue, like backup\ cache\ master\slave etc

any thought?

for example, our online services has many Couppon infomation , currently we use the ORM Rest Part of mORMot to serve the requests from all kinds of clients, such as browser ajax, mobile apps , pc clients.
something like this:

  TSQLCoupponInfo = class(TSQLRecord)
  private
    fId: TID;
    fProductName: RawUTF8;
    fManufactor: RawUTF8;
    fPrice:Currency;
    fCouppon:Currency;
    fDueTime:TDateTime;
    fCreatedAt: TCreateTime;
    fModifiedAt: TModTime;
   etc...
    
  published
    property id:TID read fId;
    property ProductName :rawuft8 read fProductName write ProductName;
    etc ...
    property CreatedAt: TCreateTime read fCreatedAt write fCreatedAt;
    property ModifiedAt: TModTime read fModifiedAt write fModifiedAt;

  end;

many table like this contains more then 20 fileds,and such table row count growing so fast (nearly 200 thousand per day),
now it contains nearly 5million rows .
the valid Couppon info is just the recent few days, we do not need to lookup the whole table,
but mORMot does not have a way to do something like :generate one table per day （or other strategy）

by this project, we build it all the mORMot rest way,  no stored proc, few table relation etc.
now we facing the rapid growing table size and massive client request（nearly 1million anonymous UV, 10million PV） , and our marketing invest will make the load way more heavy in the foreseeable future. not just the public services, many other services need auth also faceing the heavy requests.

now only thing we do ,it's just put many CDN server at Services's frontend and use more powerful machine. 
we go through all the mORMot doc and forum info,  we just found AB said that :you dont need scale or loadbalancing.

but we are so afraid that one day , our services just can't hold the request load anymore.
so, we need such sugestion:
1. table scale to control single table row count;
2. Rest Services load balancing.
and another thing , rest services really need version control .

we only use delphi to build or whole project, only 3 coder , and we love delphi/pascal , we really dont wanna switch to Java or Go solution.
maybe we used mORMot the wrong way . but any advice will be appreciated.
thanks very much.