Pages: 1

#1 mORMot 2 » General safety warning. » 2025-10-01 03:49:34

DonAlfredo
Replies: 2

Just a general warning.
Just a few minutes after deploying a simple mORMot2 relay-server on AWS (Amazon Web Services) behind an Apache proxy, I saw the below in the Apache logs.

91.168.172.13 - - [28/Sep/2025:06:45:01 +0000] "GET /root/TimeStamp HTTP/1.1" 301 257 "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
91.168.172.13 - - [28/Sep/2025:06:45:01 +0000] "GET /root/TimeStamp HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
91.168.172.13 - - [28/Sep/2025:06:45:01 +0000] "GET /root/Auth?UserName=User HTTP/1.1" 301 266 "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
91.168.172.13 - - [28/Sep/2025:06:45:02 +0000] "GET /root/Auth?UserName=User HTTP/1.1" 200 77 "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
91.168.172.13 - - [28/Sep/2025:06:45:02 +0000] "GET /root/Auth?UserName=User&Password=2f9814c4bef24ad962e182299c5cdfa3798785c6a62bb8ba3617dd3d05c03c50&ClientNonce=3ffd126ec71eede7f9b57a407528daa5ea5e69bb6eb53d782eef051d84058375 HTTP/1.1" 301 425 "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
91.168.172.13 - - [28/Sep/2025:06:45:02 +0000] "GET /root/Auth?UserName=User&Password=2f9814c4bef24ad962e182299c5cdfa3798785c6a62bb8ba3617dd3d05c03c50&ClientNonce=3ffd126ec71eede7f9b57a407528daa5ea5e69bb6eb53d782eef051d84058375 HTTP/1.1" 200 219 "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
3.249.207.130 - - [28/Sep/2025:06:45:02 +0000] "POST /root/Up?session_signature=67c5133bec86170e6b1888f3 HTTP/1.1" 201 - "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"
91.168.172.13 - - [28/Sep/2025:06:45:02 +0000] "POST /root/Up?session_signature=67c5133bec86170e6b1888f3 HTTP/1.1" 201 - "-" "Mozilla/5.0 (Windows; mORMot 1.18 TWinHTTP)"

This means that outsiders know the basic signature and setup of a mORMot http server.
Naturally, this is no cause of alarm when authentication or JWT is used.

But the logs suggests to do always 2 simple things:
1: change the servername to something not referencing our beloved mORMot.
2: change the Model root ('root') to something of your own choice.
These two simple changes will lower the changes of attackers being able to indentify the server and use (un)known vulnerabilities.

#2 Re: mORMot 2 » Replication to external database » 2025-09-27 08:48:11

DonAlfredo

Please consider this issue as a non-issue. As the same is happening with a direct client connection towards the external database. So, this is not caused by embedding a client into a server.
Sorry about the noise !

#3 Re: mORMot 2 » Replication to external database » 2025-09-27 07:30:21

DonAlfredo

Normal (embedded) client:   fClient := TRestHttpClient.CreateWithOwnModel(uri.Address, uri.Port,'root',true);
Gives error.
Also (embedded) tried:   fClient := TRestHttpClient.CreateWithOwnModel(uri.Address, uri.Port,'root',true,'','',30000,30000,30000);
Gives same error.
Again. Remarkable.
If I send something to the remote server time after time within a couple of seconds, all ok. If I wait for 3-4 seconds: socket error.
Inside of TSChannelNetTls.Receive:

        if read = 0 then
          result := nrClosed

Edit: the remote server response contains a keep-alive-timeout of 5 seconds.

#4 Re: mORMot 2 » Replication to external database » 2025-09-27 06:05:05

DonAlfredo

Some additional info.
The server tries to send data towards the remote server through its own client.
This errors with message
ENetSock on SockInReadLn [#5 Closed]
Location

procedure DoInputSock(r: PTextRec; const ctx: ShortString; notvoid: boolean);
var
  res: integer;
begin
  res := InputSock(r^);
  if res <> NO_ERROR then

However, very remarkable.
I I perform some kind of action within the first few (2-3) seconds after the start of the server, the remote database is reached by the client inside the server and updated with the changes.
So, all works as expected, but only for the first few seconds after start of the server with the build-in client.

Edit: all running on Windows 11. Latest mORMot.

#5 mORMot 2 » Replication to external database » 2025-09-25 12:06:23

DonAlfredo
Replies: 5

Hello to all.

Usecase.

An intranet mORMot2 interface-based server. Many clients.
The intranet cannot be reached from the outside.
So, an external replication slave cannot reach this (master) database.

I want this database mirrored on an external (same as above) mORMot2 database (located at AWS).
This database can already be reached by clients in readonly-mode.

So, I need to push changes from intranet master to external AWS.

I have tried to use the normal (working) client, created inside of the intranet server, to push towards the external AWS database. But this gives a socket error (socket closed #5).

Any ideas ?

#6 mORMot 2 » Map to Fieldbits » 2025-08-25 09:17:02

DonAlfredo
Replies: 0

Hello Ab,

I am using the TRttiMap to map between a CollectionItem and a TOrm. Works well.
However, sometimes I need to use the Fieldbits to update only certain TOrm fields, base on the CollectionItem fieldnames.
Feature request.
Be able to use a Map to get the bits for TOrm from Item fields.
Something like function FieldBitsFromRttiMap(const aObjectFieldsCsv: RawUtf8; const aMapfromObjectToOrm:TRttiMap; var OrmBits: TFieldBits)
I hope you will be able to implement or accept a pull for this, if I am able to do this myself.

Thanks.

#7 Re: mORMot 2 » Upcoming FPC 3.2.4 » 2025-06-24 07:42:16

DonAlfredo

@ab
Yes, that should work.
Method.
Run fpcupdeluxe.
Select (and/or create) a brand new and empty install directory.
Select the tags tab. Upon selection, it should fill itself with FPC and Lazarus release tags.
Select 3.2.4_rc1. Click "Add Tag".
Select basic tab. The FPC versions list should now contain an extra entry named "release_3_2_4_rc1".
Select this version and install this FPC and Lazarus stable.

Sidenote.
GIT needs to be installed to retrieve the tags-list.

#8 mORMot 2 » Upcoming FPC 3.2.4 » 2025-06-24 06:06:15

DonAlfredo
Replies: 6

The FPC devs have released FPC 3.2.4 RC1.
https://forum.lazarus.freepascal.org/in … .msg558684

This will be the next stable release of FPC.
If possible, please test this release with the mORMot[1/2].

Thanks.

#9 Re: mORMot 2 » DocVariant to Object and back conversion problem » 2025-05-05 11:36:45

DonAlfredo
TD2:=_ObjFast(Product2,[woRawByteStringAsBase64Magic]);
json:=TDocVariantData(TD2).ToJson;

Result: json = 'null'
Very strange !

#10 Re: mORMot 2 » DocVariant to Object and back conversion problem » 2025-05-05 11:14:27

DonAlfredo

I am sorry, but I cannot get it to work unfortunately. I am doing something wrong, but have no clue.
Code.

TProduct2 = class(TCollectionItem)
strict private
    fProductCode      : RawUTF8;
    fThumb            : RawBlob;
published
    property ProductCode : RawUTF8 read fProductCode write fProductCode;
    property Thumb       : RawBlob read fThumb write fThumb;
end;

Product2:=TProduct2.Create(nil);
Product2.ProductCode:='yolo';
Product2.Thumb:='don'#0'alfredo';
//TD2:=_ObjFast(Product2);
//TD2:=_ObjFast(Product2,[woRawBlobAsBase64]);
TD2:=_ObjFast(Product2,[woRawBlobAsBase64,woRawByteStringAsBase64Magic]);
json:=TDocVariantData(TD2).ToJson; // as check of raw contents
DocVariantToObject(_Safe(TD2)^,Product2);

#11 Re: mORMot 2 » DocVariant to Object and back conversion problem » 2025-05-05 08:52:52

DonAlfredo

I was hoping for something (some magic) I missed. But I will use manual detection on client and server as you suggest.
Thanks Ab.

#12 Re: mORMot 2 » DocVariant to Object and back conversion problem » 2025-05-05 08:43:49

DonAlfredo

Is woRawBlobAsBase64 really needed?

I am sending over some fields by converting them to a variant like this

rA := Rtti.RegisterClass(PClass(Product)^);
pa := rA.Props.Find(FieldName);
pa^.GetValueVariant(Product,TVarData(TD2), @JSON_[mDefault]);
TDocVariantData(TD).AddValue(FieldName,TD2);

Problem with the thumb: binary data containing zero's. So, when sending over (interface based), the zero's prevent correct json data when the variant is converted into json and back. The [json] data gets truncated at the first zero encountered.
Naturally, like rawblobs, using base64 solved this. As done by ObjectToVariant. But no auto-detection of base64 contents when converting back.

it is possible that a valid BASE-64 text is in fact a binary

Indeed !

#13 mORMot 2 » DocVariant to Object and back conversion problem » 2025-05-05 07:20:20

DonAlfredo
Replies: 9

Hello.
The following code does not work for RawBlobs.
Product is a CollectionItem with a RawBlob as one of its fields.

rA := Rtti.RegisterClass(PClass(Product)^);
ObjectToVariant(Product,TD2,[woRawBlobAsBase64]);
DocVariantToObject(_Safe(TD2)^,Product,rA);

After this conversion, the Rawblob field contains the Base64 encoded data and not the original contents.
Am I missing something ?

#14 Re: mORMot 2 » mORMot 2 Pascal Café 2025 in Nederlands » 2025-04-13 08:26:23

DonAlfredo

I have added a local connect and a remote connect button into the client.
That gives you the easy choice.
Also added some default database files with example data.

#15 Re: mORMot 2 » mORMot 2 Pascal Café 2025 in Nederlands » 2025-04-09 13:58:40

DonAlfredo

Correct !
Solved. Please update your sources from the Github demo.

#16 Re: mORMot 2 » mORMot 2 Pascal Café 2025 in Nederlands » 2025-04-09 12:00:47

DonAlfredo

:-)

And, the proceedings will be donated to the mORMot !

#17 Re: mORMot 2 » DocVariantToObject does not handle all fields » 2024-12-27 17:34:42

DonAlfredo

Working 100%. Thanks !!

#18 mORMot 2 » DocVariantToObject does not handle all fields » 2024-12-27 13:50:05

DonAlfredo
Replies: 3

I am trying to use DocVariantToObject to fill an object from a variant.
Looking at the code.

if prop <> nil then
  prop^.Prop.SetValue(obj, doc.Values[p]);

This does not check the return-value of SetValue.
However, the return-value is false in case of complex fields.
So, when using this function with objects that contain classes like TCollection, then DocVariantToObject will not fill all fields.

Suggestion.

Valid := prop^.Prop.SetValue(obj,doc.Values[p]);
if (NOT Valid) then
begin
    json:=TDocVariantData(doc.Values[p]).ToJson;
    PropertyFromJson(prop,obj,pointer(json),Valid,JSONPARSER_TOLERANTOPTIONS);
end;

#19 Re: mORMot 2 » Memory leak when using getters and setters for collection. » 2024-12-16 10:18:21

DonAlfredo

Works perfect. Thanks !!

Fields:=TOrmProduct.OrmProps.FieldBitsFromExcludingClass([TDataRunCollection],ooSelect,True);

#20 Re: mORMot 2 » Memory leak when using getters and setters for collection. » 2024-12-14 13:16:30

DonAlfredo

Thanks Ab ! Solves.

If I may hack this thread for another TCollection question.

In my applications, I use TCollections a lot. They might contain a lot of data. And this data is stored as JSON in the database for external use by non-mORMot applications.
All very well.
However, I would like to consider these TCollection fields as a kind of blobs, due to their huge data-size. So, I want to exclude them when retrieving data from the database.
Code for that (please excuse me for a bit long code listing):

  rA := Rtti.RegisterClass(TOrmProduct);
  pa := pointer(rA.Props.List);
  count:=rA.Props.Count;
  SQL:='';
  repeat
    if pa^.Value.ValueRtlClass=vcCollection then
    begin
      if pa^.Value.ValueClass.ClassParent=TDataRunCollection then SQL:=SQL+','+pa^.Name;
    end;
    inc(pa);
    dec(count);
  until count = 0;
  Delete(SQL,1,1);
  Fields:=TOrmProduct.OrmProps.FieldBitsFromExcludingCsv(SQL);

Question. Or feature request.
Would it be possible to implement something like this ?

Fields:=TOrmProduct.OrmProps.FieldBitsFromExcludingFromDataType(TDataRunCollection);
Fields:=TOrmProduct.OrmProps.FieldBitsFromExcludingFromClassParent(TDataRunCollection);

#21 Re: mORMot 2 » Memory leak when using getters and setters for collection. » 2024-12-12 16:29:57

DonAlfredo

Yes I guess. This occurs in an interface based client-server setting.

#22 mORMot 2 » Memory leak when using getters and setters for collection. » 2024-12-12 16:17:18

DonAlfredo
Replies: 6

A memory leak is occurring when doing the following.

  TResultsRun = class(TCollectionItem)
  private
    fTDC     : TTestDataCollection;
  protected
    function GetNewerTestData:TTestDataCollection;
    procedure SetNewerTestData(aValue:TTestDataCollection);
  public
    constructor Create(ACollection: TCollection); override;
    destructor Destroy;override;
  published
    //property NewerTestData : TTestDataCollection read fTDC write fTDC; <----- all ok !!
    property NewerTestData : TTestDataCollection read GetNewerTestData write SetNewerTestData; <----- memory leak
  end;

(the getter and setter are simple assignments)
Are getters and setters supported for collections ?

#23 mORMot 2 » TRttiMap feature request » 2024-10-22 06:15:19

DonAlfredo
Replies: 0

I use the TRttiMap to map a DTO to ORM. Works very well.
But sometimes, we need to update a single value of the DTO/ORM.
Normally, the function Orm.Update(OrmEntity,FieldName) would be good. However, the DTO fieldname might be different from the ORM fieldname. Naturally, that is why the mapping is used.
To use this function, we need something like:

TRttiMap.FindField.ToB(FieldNameOfA):RawUTF8;
TRttiMap.FindField.ToA(FieldNameOfB):RawUTF8;

Thanks !

#24 Re: mORMot 2 » Error running docker container from ex\martin-doyle\07-HttpDockerORM » 2023-10-31 17:52:50

DonAlfredo

This might help.
https://reviews.freebsd.org/rS350481

Pages: 1

Board footer

Powered by FluxBB