Pages: 1

#1 mORMot 1 » Cloudflare as a reverse proxy in front of mORMot to achieve SSL/TLS ? » 2021-07-13 13:57:39

Kixemi
Replies: 1

Hello
We have a mORMot service running on our customers various servers publishing/collecting some company-specific data, and it works great!
However it's http and not so secure, and installing/updating certificates on all these workstations/servers demands a little too much work to achieve.

Only for testing, I have now signed up for a Cloudflare account and added a domain.
I then created Type A DNS subdomain-records for all the customer servers, made them proxied and pointed them to our customers servers fixed IP:s. customer1.myservice.com
Always use HTTPS is set to True.
My SSL/TLS encryption mode is at this point set to Flexible, and the communication for now to the origin servers is plain http.

This way I get an unique web-address for every customer, (so far they have accessed the webpage directly by the IP adress) the servers ip:s are "hided" from end users, and they have a https connection.
So far it looks good, but the traffic from cloudflare to the origin servers is still http and not secured.

So now for my questions:
1. Is Cloudflare a good solution for this?
2. Is there any way to restrict the incoming traffic to the origin servers to accept only cloudflare traffic. Cloudflares ip scopes can change and they do not recommend to limit incoming traffic to these,  .htaccess is the recommended way to restrict traffic...  what is the mormot/windows way?
3. There is a thing called "Authenticated origin pulls" in cloudflare, or should I use the "cloudflare workers" feature?
4. Is there any guide on how to install the cloudflare certificate on the windows/mormot server. (I have managed to create/install a self signed certificate, but not succeded to install the free Cloudflare TLS certificate )
5. What are your experiences of Cloudflare? Is there anyone using it in front of mormot?

Best regards Kim Granlund

#2 Re: mORMot 1 » SilentLogin from Web or Crossplatform interface type client » 2019-05-08 16:33:00

Kixemi

Hi Ab
After i get "Authentication failed, Invalid signature(0)" I want to create a new connection on the fly in order to get a new valid signature and a new session on server side.
My "old" or "current" signature on the client side that reside inside the mORMot Crossplatformobjects, is not to be found anymore on the "BackEndServer" beacause of the session timeout there.
So now I want to recreate, or create a new session with the backend server. I tried to do it in the same way as I do it on client/program startup, but I think the problem is that I cant get rid of all the old CrossPlatformObjects.
I have tried aTIMSDriver.Free and FAppData.Free, but they gives me an errors... I cant get the cleanup done before creating a new session.
If i only call aTIMSDriver.Connect (without any Free:ing before that) it says that I already have a connection, and I cant create a new one.. and that would be a memory leak also..
In the code below

                aTIMSDriver.Client.Free;
                FAppData.Client := GetClient(FAppData.FTimsURL,FAppData.FLoginName,FAppData.FLoginPassword,StrToInt(FAppData.FTimsPort));
                aTIMSDriver.Connect;

I get the error described below from the aTIMSDriver.Connect row:
-errorcode 401
-sicClientDriven instance not found or deprecated for TIMSDriver.Connect

I have all the mORMot communication code inside a tread on the client side, can that be a problem, to Free the objects there..

To set a longer session timeout is perhaps a solution, but how long sessions are Ok, maybe is some cases the Android phone is without internet connection for many hours, and the session will then not be prolonged.
Is it ok to have a 24 hour session timeout?

Esteban,
can you show some code example on how to implement the OnAuthenticationFailed event, code to create that event handler and code to put for the relogin?


Best Regards Kim

#3 mORMot 1 » SilentLogin from Web or Crossplatform interface type client » 2019-05-08 14:06:37

Kixemi
Replies: 3

Hello

From my Android client I would like to do a silentlogin if sessiontimeout has expired.
When I do a query from client to the interface I sometimes because of different reasons get a 403 Authentication failed!
This because of the session timeout has expired.

In these cases I want to do a fast silentlogin and directly after send the endpoint call again.

The code below does not work, but perhaps you get the ide'e what I am getting!

            try
              rstRequest_mORMot.result := aTIMSDriver.GetRoutes(routemonitor_str, day_str, DriverToFetch, ''); // Normally I get a answer here, but sometimes i get invalid session signature.
            except on e: EServiceException do
             begin
                //so then I must create a "new" connection and new session signature
                aTIMSDriver.Client.Free;
                FAppData.Client := GetClient(FAppData.FTimsURL,FAppData.FLoginName,FAppData.FLoginPassword,StrToInt(FAppData.FTimsPort));
                aTIMSDriver.Connect;

                // And now I excecute the "orginal" query again
                rstRequest_mORMot.result := aTIMSDriver.GetRoutes(routemonitor_str, day_str, DriverToFetch, '');  // ...And get the answer I wanted to begin with...
           //   end;
             end;
            end;
          end

How is this done, is there a reconnect or something?

#4 Re: mORMot 1 » Defining ServiceDependences in TServiceController.CheckParameters » 2019-05-07 21:33:44

Kixemi

I was also looking for this functionality in TServiceController!
MSSQL has to be started before the rest server starts,
So by now I don't see how I could easyly install the Windows service with the TServiceController!

Best regards Kim Granlund

#5 Re: mORMot 1 » Mormot RestServer is working as Console but not as a Service » 2019-05-07 20:19:33

Kixemi

Now I got rid of the OleDB exception!
To be honest, I dont know where the fProps is released now, and I did not find any "opt*InBackgroundThread options" in the TServiceMethodOption....
but I did put
   aServiceFactoryServer.SetOptions([],[optExecInPerInterfaceThread,optFreeInPerInterfaceThread])
and that works both for service mode and console mode! It also fixex a problem with running MSSQL queryes in transactions (begintrans, commit)

However this did not eliminate the error when releasing the OleDB....
then I changed all the .free (aModel.free, aServer.free fProps.free ....) to the FreeAndNil(aModel for ex) in the program, and that fixed that problem.

Seems that the "if pointer <> nil" is in use before releasing objects inside the factory.

Thanks!

#6 Re: mORMot 1 » Mormot RestServer is working as Console but not as a Service » 2019-05-06 23:19:50

Kixemi

And many many many hours later... i found the reason why the program works in console mode but not as a service!

By removing this line of code:

aServiceFactoryServer.SetOptions([],[optExecInMainThread,optFreeInMainThread]);     

The calls to my (server 2) aHttpApiServer worked OK, all the time.
After the first calls to (server 1) aHTTPServer timestamp, Auth... and then .Connect I did not get any response anymore!
In the middle of .Connect the server begun to "shut down" EndCurrentThread in the log in the middle of creating a new connection...

Thanks! 

I hope this will help others with the same problem!
Perhaps somebody can tell the difference between the thread/mainthread handling in console versus service mode?

Now it works like a windows service shall do, and I can use it! smile

BUT! still I get an access violation shutting down the service!
from the log:
20190506 23184556  ! ERROR             "EAssertionFailed(00A49A80)":"You should call TOleDBConnection.Free from the same thread which called its Create: i.e. call MyProps.EndCurrentThread from an THttpServerGeneric.OnHttpThreadTerminate event - see ticket 213544b2f5 (D:\\CbtProgsBDS\\Vcl\\Mormot\\SynOleDB.pas, line 2299)" stack trace API 00461266 0040475B

I dont know witch  connection this refers to, one of the per-session specific db-connections or the connection i create in DoStart.

#7 mORMot 1 » Mormot RestServer is working as Console but not as a Service » 2019-05-04 11:59:51

Kixemi
Replies: 3

Hello

I have a mormot project and it works when I start it as a console app, (with /c parameter)
but when i start as a Service it does not work.

(Service user credentials same in both cases)

I have 2 servers running....

  TSQLRESTServerHttpService = class(TServiceSingle)
  public
    aModel1: TSQLModel;
    aModel2: TSQLModel;
    aServer1: TSQLRestServer;
    aServer2: TSQLRestServer;
    aHTTPServer: TSQLHttpServer;
    aHttpApiServer: THttpApiServer;
    aServerEvents: TMyServerEvents;
    aServiceFactoryServer: TServiceFactoryServer;
    http_server_security: TSQLHttpServerSecurity;
    server, db, user, pw: RawUTF8;
    ....

I create all model, restserver and httpserver in "DoStart" procedure.
The DB connection (MSSQL/oledb) is also created in dostart but it is owned by a global object (fprops)

It seems that, when starting as a service, DoStart will NOT be called (that is after ServicesRun)
Should i call dostart myself, as I do in the console mode?
What is the right place for creating model and server objects.
What is the right place for creating DB connection, same connection for all / separate connection for every connect/thread?

Any Ideas for where the error could be?
What is the best way to track it down?
Debugging is a little bit tricky because of the timeouts.

The model2,server2, httpApiServer works, it has no authentication and it serves a html login webpage. When I press "login" it calls model1,server1, httpServer for the authentication steps, timestamp and the next one's works, but the Connect ends with a timeout, no answer! This works when running in console mode!

(the structure of the project is "taken" from Sample 10, but we have several servers defined)

Best regards Kim Granlund


Errors from log when running as service:

when closing the service...
20190503 17164123  ! ERROR             "EAssertionFailed(00A49A80)":"You should call TOleDBConnection.Free from the same thread which called its Create: i.e. call MyProps.EndCurrentThread from an THttpServerGeneric.OnHttpThreadTerminate event - see ticket 213544b2f5 (D:\\CbtProgsBDS\\Vcl\\Mormot\\SynOleDB.pas, line 2299)" stack trace API 00461266 0040475B

20190503 17164625  ! EXC               EInvalidPointer ("Invalid pointer operation") at 00404715  stack trace API 0045F9B7 00405176 7C90327A 7C90E48A 00404715 0040475B 00659A90 0040475B 7C817077

#8 mORMot 1 » How to get the authenticated user when using interface based approach? » 2018-01-26 15:05:09

Kixemi
Replies: 3

Hello, we are using sessions and INTERFACE based endpoints. We need to know at the server side who the logged user is and this users GroupRights.
We have our own inherited TSQLAuthGroup with custom new fields.

In method based system we know you can get the user on serverside from the Ctxt variable. But with interface based system we dont have this variable at hands.

Now we think we found a solution, that is:
sqlauthuser := CurrentServiceContext.Request.Server.SessionGetUser(CurrentServiceContext.Request.Session);

And then we can get data from the user table for exampe like this:
MyCustomVariable := TSQLRestAuthUser(sqlauthuser).MyCustomField;

Is there a easier, and perhaps faster way to indentfy who is calling the interface endpoint?
We want to reply with user specific data.
Still we have not found a way to link and read from the custom fields of the TSQLMyAuthGroup external MSSQL table.

Still learning this amazing framework wink !

#9 Re: mORMot 1 » Javascript authentication » 2017-12-19 23:07:48

Kixemi

Hello I am a newbie, but I used a Javascript from somewhere here, perhaps it was SynAuth.js, for the Login and "create user Session" ... and i sometimes got "Invalid signature" on the call right after. In the end it appeared that the signature was computed on the Javascripts side ! BEFORE ! the return of a valid SessionKey was returned. So the signature was computed on a nonexistent Sessionkey. This is just a thought, but perhaps there is something in it! wink

#10 mORMot 1 » Newbie mormot question. Getting data from a public REST server » 2017-02-12 00:45:19

Kixemi
Replies: 2

I have been a Pascal coder since Turbo Pascal 5.5. Now using Delphi 6 for professional work and Berlin 10.1 starter edition for exploring...
I have over the years successfully made ERP solutions for companys / branches.
They have all been FAT clients
I know I have to get out on the internet/cloud in order to be alive in the future.
It will be REST connections in/out from the MSSQL databases of my software products to enable collaboration with other "datasources" and mobile access to ERP data.
I can't make my FAT-client software products totally web-based, at least at once, and I am satisfied with that, FAT clients have their benefits!

I have been looking at mormot now for a month, and it is ALL new to me,
ORM, JSON, Java, DDD, web protocols, servers.. its all new but I am sure this is the way in the future, and I will learn it. .
And I think that Mormot is a good choice that fulfills my needs.

So to get started I tried to make a very simple REST client, but I am stuck. And I don't think its a good id'e to show my non working code so far, too many errors.

In Finland the state have a REST service from where anyone can get company information based on the company VAT number.

It goes like this:  http://avoindata.prh.fi/tr/v1/0897464-3   (try it out in the browser)

And it sends you back all the data about that company (0897464-3 is the VAT number for the Microsoft company registered by Microsoft in Finland, just an example)

Here is a description of the model schema: http://avoindata.prh.fi/tr_en.html

Please give me some hints about how to get that data asked and interpreted into Delphi memory, collection, grid or DB table.
What should be in the Data model unit?   TCompany =  class(TSQLRecord)... ? I cannot get it to work.
I started from the sample: "28 - Simple RESTful ORM Servers" and the client there...
Please get me started with this!

Kim

Pages: 1

Board footer

Powered by FluxBB