#1 2011-11-24 16:07:32

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,550
Website

Modification of TSQLRestServerCallBack method prototype

In order to implement some RESTful Services, a callback has to be defined on the server side.
See http://synopse.info/forum/viewtopic.php?id=60

The prototype of these method has been modified, to supply an additional aSession: cardinal parameter: this is a CODE BREAK change and you shall refresh ALL your server-side code to match the new signature.

For instance, here is the difference applied on the corresponding sample folder.

This new aSession parameter will identify the authentication session of the remote client, or 1 (if authentication mode is not set), or 0 (if the session not started yet).
Service implementation code may then use the new SessionGetUser() protected method to retrieve the session details, e.g. the user logon name and display name, or the associated BLOB data.

See http://synopse.info/fossil/info/e04dbb13d0

Offline

#2 2012-02-07 07:47:08

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,550
Website

Re: Modification of TSQLRestServerCallBack method prototype

TSQLRestServerCallBack now expects an unique var parameter to be supplied to Service implementation callbacks methods, named TSQLRestServerCallBackParams.

This is a CODE BREAK change and you shall refresh ALL your server-side code to match the new signature.

First the declaration of the class:

TSQLRestServerTest = class(TSQLRestServerDB)
  published
    function Sum(var aParams: TSQLRestServerCallBackParams): Integer;
  end;

This method name will be used for the URL encoding, and will be called here with ModelRoot/Sum URL. The ModelRoot is the one defined in the Root parameter of the model used by the application.

This method, like all Server-side methods, MUST have all parameters of the TSQLRestServerCallBack prototype:

type
  TSQLRestServerCallBack = function(var aParams: TSQLRestServerCallBackParams): Integer of object;

Then we implement this method:

function TSQLRestServerTest.Sum(var aParams: TSQLRestServerCallBackParams): Integer;
var a,b: Extended;
begin
  if not UrlDecodeNeedParameters(aParams.Parameters,'A,B') then
  begin
    result := 404; // invalid Request
    exit;
  end;
  while aParameters<>nil do
  begin
    UrlDecodeExtended(aParams.Parameters,'A=',a);
    UrlDecodeExtended(aParams.Parameters,'B=',b,@aParams.Parameters);
  end;
  aParams.Resp := JSONEncodeResult([a+b]);
  // same as : aResp := JSONEncode(['result',a+b],TempMemoryStream);
  result := 200; // success
end;

On the Server side, you can use the UrlDecodeNeedParameters function to check that an expected parameters were supplied by the caller, then call UrlDecodeInteger / UrlDecodeInt64 / UrlDecodeExtended / UrlDecodeValue functions (all defined in SynCommons.pas) to retrieve each individual parameter as standard JSON content. The powerful UrlDecodeObject function (defined in SQLite3Commons.pas) can be used to unserialize most class instance from its textual JSON representation.

Note that due to this implementation pattern, the mORMot service implementation is very fast, and not sensitive to the "Hash collision attack" security issue, as reported with Apache - see http://blog.synopse.info/post/2011/12/3 … ion-attack for details.

The aParams.Session parameter may contain at calling time the current session identifier. If authentication is not used, this parameter is meaningless. Server-side implementation can use the TSQLRestServer.SessionGetUser method to retrieve the corresponding user details (the returned TSQLAuthUser instance is a local thread-safe copy which shall be freed when done).

The aParams.Head parameter may be overridden on the server side to set a custom header which will be provided to the client - it may be useful for instance to specify another mime-type than the default constant JSON_CONTENT_TYPE, i.e. 'application/json; charset=UTF-8'.

See http://synopse.info/fossil/info/f66814a621

Offline

Board footer

Powered by FluxBB