/// add the class if it doesn't exist yet as itself or as inherited class
    // - similar to AddTable(), but any class inheriting from the supplied type
    // will be considered as sufficient
    // - return the class which has been added, or was already there as
    // inherited, so that could be used for further instance creation:
    // ! fSQLAuthUserClass := Model.AddTableInherited(TSQLAuthUser);
    function AddTableInherited(aTable: TSQLRecordClass): pointer;



    /// get the index of aTable in Tables[]
    // - returns -1 if the table is not in the model
    function GetTableIndex(aTable: TSQLRecordClass): integer; overload;
    /// get the index of any class inherithing from aTable in Tables[]
    // - returns -1 if no table is matching in the model
    function GetTableIndexInheritsFrom(aTable: TSQLRecordClass): integer;
    /// get the index of aTable in Tables[]
................................................................................
    property Ident: RawUTF8 index 50 read fIdent write fIdent stored AS_UNIQUE;
    /// the number of minutes a session is kept alive
    property SessionTimeout: integer read fSessionTimeOut write fSessionTimeOut;
    /// a textual representation of a TSQLAccessRights buffer
    property AccessRights: RawUTF8 index 1600 read fAccessRights write fAccessRights;
  end;

  /// class-reference type (metaclass) of the table containing the available
  // user access rights for authentication, defined as a group
  TSQLAuthGroupClass = class of TSQLAuthGroup;

  /// table containing the Users registered for authentication
  // - this class should be added to the TSQLModel, together with TSQLAuthGroup,
  // to allow authentication support
  // - you can inherit from it to add your custom properties to each user info:
  // TSQLModel will search for any class inheriting from TSQLAuthUser to manage
  // per-user authorization data
  // - by default, it won't be accessible remotely by anyone; to enhance security,
................................................................................
    /// some custom data, associated to the User
    // - Server application may store here custom data
    // - its content is not used by the framework but 'may' be used by your
    // application
    property Data: TSQLRawBlob read fData write fData;
  end;

  /// class-reference type (metaclass) of a table containing the Users
  // registered for authentication
  // - see also TSQLRestServer.OnAuthenticationUserRetrieve custom event
  TSQLAuthUserClass = class of TSQLAuthUser;

  /// class used to maintain in-memory sessions
  // - this is not a TSQLRecord table so won't be remotely accessible, for
  // performance and security reasons
  // - the User field is a true instance, copy of the corresponding database
  // content (for better speed)
  // - you can inherit from this class, to add custom session process
  TAuthSession = class(TSynPersistent)
................................................................................
    procedure FindServiceAll(const aServiceName: RawUTF8; aWriter: TTextWriter); overload;
    /// the number of milliseconds after which an entry expires
    // - is 0 by default, meaning no expiration
    // - you can set it to a value so that any service URI registered with
    // RegisterFromJSON() AFTER this property modification may expire
    property TimeOut: integer read fTimeOut write fTimeOut;
  end;










  /// class-reference type (metaclass) of a REST server
  TSQLRestServerClass = class of TSQLRestServer;

  /// some options for TSQLRestServer process
  // - read-only rsoNoAJAXJSON indicates that JSON data is transmitted in "not
  // expanded" format: you should NEVER change this option by including
................................................................................
  // - any published method of descendants must match TSQLRestServerCallBack
  // prototype, and is expected to be thread-safe
  TSQLRestServer = class(TSQLRest)
  protected
    fVirtualTableDirect: boolean;
    fHandleAuthentication: boolean;
    fBypassORMAuthentication: TSQLURIMethods;
    fAfterCreation: boolean;
    fOptions: TSQLRestServerOptions;
    /// the TSQLAuthUser and TSQLAuthGroup classes, as defined in model
    fSQLAuthUserClass: TSQLAuthUserClass;
    fSQLAuthGroupClass: TSQLAuthGroupClass;


    /// how in-memory sessions are handled
    fSessionClass: TAuthSessionClass;
    /// will contain the in-memory representation of some static tables
    // - this array has the same length as the associated Model.Tables[]
    // - fStaticData[] will contain pure in-memory tables, not declared as
    // SQLite3 virtual tables, therefore not available from joined SQL statements
    fStaticData: TSQLRestDynArray;
................................................................................
    // from URI() will call directly the corresponding TSQLRestStorage
    // instance, for better speed for most used RESTful operations; but complex
    // SQL requests (e.g. joined SELECT) will rely on the main SQL engine
    // - if set to false, will use the main SQLite3 engine for all statements
    // (should not to be used normaly, because it will add unnecessary overhead)
    property StaticVirtualTableDirect: boolean read fVirtualTableDirect
      write fVirtualTableDirect;
    /// the class inheriting from TSQLAuthUser, as defined in the model
    // - during authentication, this class will be used for every TSQLAuthUser
    // table access
    // - see also the OnAuthenticationUserRetrieve optional event handler
    property SQLAuthUserClass: TSQLAuthUserClass read fSQLAuthUserClass;
    /// the class inheriting from TSQLAuthGroup, as defined in the model
    // - during authentication, this class will be used for every TSQLAuthGroup
    // table access
    property SQLAuthGroupClass: TSQLAuthGroupClass read fSQLAuthGroupClass;
    /// the class inheriting from TSQLRecordTableDeleted, as defined in the model
    // - during authentication, this class will be used for storing a trace of
    // every deletion of table rows containing a TRecordVersion published field
    property SQLRecordVersionDeleteTable: TSQLRecordTableDeletedClass
      read fSQLRecordVersionDeleteTable;
    /// the class inheriting from TAuthSession to handle in-memory sessions
    // - since all sessions data remain in memory, ensure they are not taking
    // too much resource (memory or process time)
    property SessionClass: TAuthSessionClass read fSessionClass write fSessionClass;









  published { standard method-based services }
    /// REST service accessible from ModelRoot/Stat URI to gather detailed information
    // - returns the current execution statistics of this server, as a JSON object
    // - this method will require an authenticated client, for safety
    // - by default, will return the high-level information of this server
    // - will return human-readable JSON layout if ModelRoot/Stat/json is used, or
    // the corresponding XML content if ModelRoot/Stat/xml is used
................................................................................
begin
  ndx := GetTableIndexInheritsFrom(aTable);
  if ndx<0 then
    if not AddTable(aTable,@ndx) then
      raise EModelException.CreateUTF8('%.AddTableInherited(%)',[self,aTable]);
  result := Tables[ndx];
end;










constructor TSQLModel.Create(CloneFrom: TSQLModel);
var i: integer;
begin
  if CloneFrom=nil then
    raise EModelException.CreateUTF8('%.Create(CloneFrom=nil)',[self]);
  fTables := CloneFrom.fTables;
................................................................................
begin
  if aModel=nil then
    raise EORMException.CreateUTF8('%.Create(Model=nil)',[self]);
  // specific server initialization
  fStatLevels := SERVERDEFAULTMONITORLEVELS;
  fVirtualTableDirect := true; // faster direct Static call by default
  fSessions := TObjectListLocked.Create; // needed by AuthenticationRegister() below
  fModel := aModel;
  fSQLAuthUserClass := TSQLAuthUser;
  fSQLAuthGroupClass := TSQLAuthGroup;

  fSQLRecordVersionDeleteTable := TSQLRecordTableDeleted;
  for t := 0 to high(Model.Tables) do
  if fModel.Tables[t].RecordProps.RecordVersionField<>nil then begin
    fSQLRecordVersionDeleteTable := fModel.AddTableInherited(TSQLRecordTableDeleted);
    break;
  end;
  fSessionClass := TAuthSession;
................................................................................
    key: RawUTF8;
begin
  result := false;
  if Sender=nil then
    exit;
  try
    Sender.SessionClose;  // ensure Sender.SessionUser=nil
    U := TSQLAuthUser.Create;
    try
      U.LogonName := trim(aUserName);
      U.DisplayName := U.LogonName;
      if aPasswordKind<>passClear then
        U.PasswordHashHexa := aPassword else
        if aHashSalt='' then
          U.PasswordPlain := aPassword else // compute SHA256('salt'+aPassword)
................................................................................
  if aPasswordKind<>passClear then
    raise ESecurityException.CreateUTF8('%.ClientSetUser(%) expects passClear',
      [self,Sender]);
  Sender.SessionClose; // ensure Sender.SessionUser=nil
  try // inherited ClientSetUser() won't fit with Auth() method below
    ClientSetUserHttpOnly(Sender,aUserName,aPassword);
    Sender.fSessionAuthentication := self; // to enable ClientSessionSign()
    U := TSQLAuthUser.Create;
    try
      U.LogonName := trim(aUserName);
      res := ClientGetSessionKey(Sender,U,[]);
      if res<>'' then
        result := Sender.SessionCreate(self,U,res);
    finally
      U.Free;

    /// add the class if it doesn't exist yet as itself or as inherited class
    // - similar to AddTable(), but any class inheriting from the supplied type
    // will be considered as sufficient
    // - return the class which has been added, or was already there as
    // inherited, so that could be used for further instance creation:
    // ! fSQLAuthUserClass := Model.AddTableInherited(TSQLAuthUser);
    function AddTableInherited(aTable: TSQLRecordClass): pointer;
    /// return any class inheriting from the given table in the model
    // - if the model does not contain such table, supplied aTable is returned
    function GetTableInherited(aTable: TSQLRecordClass): TSQLRecordClass;
    /// get the index of aTable in Tables[]
    // - returns -1 if the table is not in the model
    function GetTableIndex(aTable: TSQLRecordClass): integer; overload;
    /// get the index of any class inherithing from aTable in Tables[]
    // - returns -1 if no table is matching in the model
    function GetTableIndexInheritsFrom(aTable: TSQLRecordClass): integer;
    /// get the index of aTable in Tables[]
................................................................................
    property Ident: RawUTF8 index 50 read fIdent write fIdent stored AS_UNIQUE;
    /// the number of minutes a session is kept alive
    property SessionTimeout: integer read fSessionTimeOut write fSessionTimeOut;
    /// a textual representation of a TSQLAccessRights buffer
    property AccessRights: RawUTF8 index 1600 read fAccessRights write fAccessRights;
  end;





  /// table containing the Users registered for authentication
  // - this class should be added to the TSQLModel, together with TSQLAuthGroup,
  // to allow authentication support
  // - you can inherit from it to add your custom properties to each user info:
  // TSQLModel will search for any class inheriting from TSQLAuthUser to manage
  // per-user authorization data
  // - by default, it won't be accessible remotely by anyone; to enhance security,
................................................................................
    /// some custom data, associated to the User
    // - Server application may store here custom data
    // - its content is not used by the framework but 'may' be used by your
    // application
    property Data: TSQLRawBlob read fData write fData;
  end;






  /// class used to maintain in-memory sessions
  // - this is not a TSQLRecord table so won't be remotely accessible, for
  // performance and security reasons
  // - the User field is a true instance, copy of the corresponding database
  // content (for better speed)
  // - you can inherit from this class, to add custom session process
  TAuthSession = class(TSynPersistent)
................................................................................
    procedure FindServiceAll(const aServiceName: RawUTF8; aWriter: TTextWriter); overload;
    /// the number of milliseconds after which an entry expires
    // - is 0 by default, meaning no expiration
    // - you can set it to a value so that any service URI registered with
    // RegisterFromJSON() AFTER this property modification may expire
    property TimeOut: integer read fTimeOut write fTimeOut;
  end;

  /// class-reference type (metaclass) of a table containing the Users
  // registered for authentication
  // - see also TSQLRestServer.OnAuthenticationUserRetrieve custom event
  TSQLAuthUserClass = class of TSQLAuthUser;

  /// class-reference type (metaclass) of the table containing the available
  // user access rights for authentication, defined as a group
  TSQLAuthGroupClass = class of TSQLAuthGroup;

  /// class-reference type (metaclass) of a REST server
  TSQLRestServerClass = class of TSQLRestServer;

  /// some options for TSQLRestServer process
  // - read-only rsoNoAJAXJSON indicates that JSON data is transmitted in "not
  // expanded" format: you should NEVER change this option by including
................................................................................
  // - any published method of descendants must match TSQLRestServerCallBack
  // prototype, and is expected to be thread-safe
  TSQLRestServer = class(TSQLRest)
  protected
    fVirtualTableDirect: boolean;
    fHandleAuthentication: boolean;
    fBypassORMAuthentication: TSQLURIMethods;


    /// the TSQLAuthUser and TSQLAuthGroup classes, as defined in model
    fSQLAuthUserClass: TSQLAuthUserClass;
    fSQLAuthGroupClass: TSQLAuthGroupClass;
    fAfterCreation: boolean;
    fOptions: TSQLRestServerOptions;
    /// how in-memory sessions are handled
    fSessionClass: TAuthSessionClass;
    /// will contain the in-memory representation of some static tables
    // - this array has the same length as the associated Model.Tables[]
    // - fStaticData[] will contain pure in-memory tables, not declared as
    // SQLite3 virtual tables, therefore not available from joined SQL statements
    fStaticData: TSQLRestDynArray;
................................................................................
    // from URI() will call directly the corresponding TSQLRestStorage
    // instance, for better speed for most used RESTful operations; but complex
    // SQL requests (e.g. joined SELECT) will rely on the main SQL engine
    // - if set to false, will use the main SQLite3 engine for all statements
    // (should not to be used normaly, because it will add unnecessary overhead)
    property StaticVirtualTableDirect: boolean read fVirtualTableDirect
      write fVirtualTableDirect;









    /// the class inheriting from TSQLRecordTableDeleted, as defined in the model
    // - during authentication, this class will be used for storing a trace of
    // every deletion of table rows containing a TRecordVersion published field
    property SQLRecordVersionDeleteTable: TSQLRecordTableDeletedClass
      read fSQLRecordVersionDeleteTable;
    /// the class inheriting from TAuthSession to handle in-memory sessions
    // - since all sessions data remain in memory, ensure they are not taking
    // too much resource (memory or process time)
    property SessionClass: TAuthSessionClass read fSessionClass write fSessionClass;
    /// the class inheriting from TSQLAuthUser, as defined in the model
    // - during authentication, this class will be used for every TSQLAuthUser
    // table access
    // - see also the OnAuthenticationUserRetrieve optional event handler
    property SQLAuthUserClass: TSQLAuthUserClass read fSQLAuthUserClass;
    /// the class inheriting from TSQLAuthGroup, as defined in the model
    // - during authentication, this class will be used for every TSQLAuthGroup
    // table access
    property SQLAuthGroupClass: TSQLAuthGroupClass read fSQLAuthGroupClass;
  published { standard method-based services }
    /// REST service accessible from ModelRoot/Stat URI to gather detailed information
    // - returns the current execution statistics of this server, as a JSON object
    // - this method will require an authenticated client, for safety
    // - by default, will return the high-level information of this server
    // - will return human-readable JSON layout if ModelRoot/Stat/json is used, or
    // the corresponding XML content if ModelRoot/Stat/xml is used
................................................................................
begin
  ndx := GetTableIndexInheritsFrom(aTable);
  if ndx<0 then
    if not AddTable(aTable,@ndx) then
      raise EModelException.CreateUTF8('%.AddTableInherited(%)',[self,aTable]);
  result := Tables[ndx];
end;

function TSQLModel.GetTableInherited(aTable: TSQLRecordClass): TSQLRecordClass;
var ndx: integer;
begin
  ndx := GetTableIndexInheritsFrom(aTable);
  if ndx<0 then
    result := aTable else
    result := Tables[ndx];
end;

constructor TSQLModel.Create(CloneFrom: TSQLModel);
var i: integer;
begin
  if CloneFrom=nil then
    raise EModelException.CreateUTF8('%.Create(CloneFrom=nil)',[self]);
  fTables := CloneFrom.fTables;
................................................................................
begin
  if aModel=nil then
    raise EORMException.CreateUTF8('%.Create(Model=nil)',[self]);
  // specific server initialization
  fStatLevels := SERVERDEFAULTMONITORLEVELS;
  fVirtualTableDirect := true; // faster direct Static call by default
  fSessions := TObjectListLocked.Create; // needed by AuthenticationRegister() below

  fSQLAuthUserClass := TSQLAuthUser;
  fSQLAuthGroupClass := TSQLAuthGroup;
  fModel := aModel;
  fSQLRecordVersionDeleteTable := TSQLRecordTableDeleted;
  for t := 0 to high(Model.Tables) do
  if fModel.Tables[t].RecordProps.RecordVersionField<>nil then begin
    fSQLRecordVersionDeleteTable := fModel.AddTableInherited(TSQLRecordTableDeleted);
    break;
  end;
  fSessionClass := TAuthSession;
................................................................................
    key: RawUTF8;
begin
  result := false;
  if Sender=nil then
    exit;
  try
    Sender.SessionClose;  // ensure Sender.SessionUser=nil
    U := TSQLAuthUser(Sender.Model.GetTableInherited(TSQLAuthUser).Create);
    try
      U.LogonName := trim(aUserName);
      U.DisplayName := U.LogonName;
      if aPasswordKind<>passClear then
        U.PasswordHashHexa := aPassword else
        if aHashSalt='' then
          U.PasswordPlain := aPassword else // compute SHA256('salt'+aPassword)
................................................................................
  if aPasswordKind<>passClear then
    raise ESecurityException.CreateUTF8('%.ClientSetUser(%) expects passClear',
      [self,Sender]);
  Sender.SessionClose; // ensure Sender.SessionUser=nil
  try // inherited ClientSetUser() won't fit with Auth() method below
    ClientSetUserHttpOnly(Sender,aUserName,aPassword);
    Sender.fSessionAuthentication := self; // to enable ClientSessionSign()
    U := TSQLAuthUser(Sender.Model.GetTableInherited(TSQLAuthUser).Create);
    try
      U.LogonName := trim(aUserName);
      res := ClientGetSessionKey(Sender,U,[]);
      if res<>'' then
        result := Sender.SessionCreate(self,U,res);
    finally
      U.Free;

'1.18.3372'

'1.18.3373'