Pages: 1

#1 2017-12-06 15:46:46

tomek
Member
Registered: 2017-10-24
Posts: 46

sicClientDriven service and JavaScript client

Hi
I've server with services registered in sicClientDriven mode, and JavaScript client. Authentication works fine but services invoked within session don't see values shared in service object:

  IRemoteSrv = interface(IInvokable)
    ['{9A60A8ED-CEB2-4E09-87D4-4A17F496E9F1}']
    function SetValue(i: integer);
    function Test(): UTF8String;
  end;

  TRemoteSrv = class(TInterfacedObjectWithCustomCreate, IRemoteSrv)
  private
    fSomeValue: string;
  public
    function SetValue();
    function Test(): UTF8String;
  end;

function TRemoteSrv.SetValue();
begin
  fSomeValue := 'abc';
end;

function TRemoteSrv.Test(): UTF8String;
begin
  Result := 'Result: ' + fSomeValue;
end;

JS calls:

 XHR.open("GET", "http://localhost:8092/root/RemoteSRV.SetValue?session_signature=xxx"));
 XHR.open("GET", "http://localhost:8092/root/RemoteSRV.Test?session_signature=xxx"));       // returns 'Result: ';

Delphi client with ServiceRegisterClientDriven() works fine with the same server, returns 'Result: abc';

Regards, Tomek

Offline

#2 2017-12-06 19:39:42

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: sicClientDriven service and JavaScript client

The client need to supply the session ID in the signature.
Are you sure the session ID is correct?

Offline

#3 2017-12-07 07:51:51

tomek
Member
Registered: 2017-10-24
Posts: 46

Re: sicClientDriven service and JavaScript client

I guess so. I'm using esmondb approach:
https://synopse.info/forum/viewtopic.ph … 513#p12513
extracting session ID's (after /Auth?UserName=user&Password=pass):

    var data = JSON.parse(this.responseText);
    var i = data.result.indexOf("+");
    //console.log("data.result: " + data.result);                        
    Client._instance.SessionID = parseInt(data.result.slice(0, i), 10);
    //console.log("sessionID: " + Client._instance.SessionID);                        
    Client._instance.SessionIDHexa8 = Client._instance.SessionID.toString(16);
    while (Client._instance.SessionIDHexa8.length < 8) {
        Client._instance.SessionIDHexa8 = '0' + Client._instance.SessionIDHexa8;
    }
    //console.log("SessionIDHexa8: " + Client._instance.SessionIDHexa8);
    Client._instance.loggedIn = true;
    Client._instance.SessionPrivateKey = Client._instance.crc32(Client._instance.PasswordHashHexa, Client._instance.crc32(data.result, 0));

and then signing each request:

    Client.prototype.signUrl = function (url) {
        if (Client._instance.loggedIn === true) {
            var Tix, Nonce, s, ss, d = new Date();
            Tix = d.getTime() - Client._instance.SessionTickCountOffset;
            Nonce = Tix.toString(16);
            while (Nonce.length < 8) {
                Nonce = '0' + Nonce;
            }
            if (Nonce.length > 8) {
                Nonce = Nonce.slice(Nonce.length - 8);
            }
            ss = Client._instance.crc32(url, Client._instance.crc32(Nonce, Client._instance.SessionPrivateKey)).toString(16);
            while (ss.length < 8) {
                ss = '0' + ss;
            }
            s = url.indexOf("?") === -1 ? url + '?session_signature=' : url + '&session_signature=';
            return s + Client._instance.SessionIDHexa8 + Nonce + ss;
        } else {
            return url;
        }
    };

I was sure that if signature was incorrect i would receive 403.

Last edited by tomek (2017-12-07 07:57:04)

Offline

Pages: 1

Board footer

Powered by FluxBB