Recent

« previous next »
Pages: [1]

Author Topic: THTTPRouter Documentation  (Read 1601 times)

JohnnieK

  • New Member
  • *
  • Posts: 31
THTTPRouter Documentation
« on: August 29, 2024, 04:43:04 pm »
Hi

I can't locate any documentation for THTTRouter, so I read the source. I still have a few questions so I' hoping someone can answer them for me.
Some background on what I am trying to achieve. I would like to build a rest web service and have a way to check for the bearer token in a single place, rather than in every single route. If the bearer token is not present, I want to send back a 404 and the actual code in the route routine must not be called.
From the code (in THTTPRouter.RouteRequest) it looks like BeforeRequest cannot prevent the execution of the requests. So I cannot use BeforeRequest to check if the request has a valid authentication token.
It looks like RunIntercepts can prevent the execution of the route routine, but I cannot understand how RunIntercepts work. There is an example in the examples directory, but I still don't undertand how it works. Must I register an Intercept for each route or can I register a single intercept that will check the token for all routes ?

Thanx in advance
Logged

TRon

  • Hero Member
  • *****
  • Posts: 4377
Re: THTTPRouter Documentation
« Reply #1 on: August 29, 2024, 04:57:15 pm »
« Last Edit: August 29, 2024, 04:59:12 pm by TRon »
Logged
Today is tomorrow's yesterday.

PierceNg

  • Sr. Member
  • ****
  • Posts: 420
    • SamadhiWeb
Re: THTTPRouter Documentation
« Reply #2 on: August 30, 2024, 02:52:30 am »
Quote from: JohnnieK on August 29, 2024, 04:43:04 pm
It looks like RunIntercepts can prevent the execution of the route routine, but I cannot understand how RunIntercepts work. There is an example in the examples directory, but I still don't undertand how it works. Must I register an Intercept for each route or can I register a single intercept that will check the token for all routes ?

The demo has this code:

Code: Pascal  [Select][+][-]
  1. procedure THTTPApplication.DoRun:
  2. <blah blah>
  3.   if Fauth<>'' then
  4.     HTTPRouter.RegisterInterceptor('auth',@DoAuthorization);
  5. <...>

And its DoAuthorization interceptor does basic authentication. Try changing that code to do your bearer authentication. Note the end of DoAuthorization, which returns response to the client without proceeding:

Code: Pascal  [Select][+][-]
  1.   if not aContinue then
  2.     begin
  3.     aResponse.Code:=401;
  4.     aResponse.CodeText:='Unauthorized';
  5.     aResponse.WWWAuthenticate:='Basic Realm="This site needs a password"';
  6.     aResponse.SendContent;
  7.     end;

Here's the log from the demo when I used incorrect password:

Code: Text  [Select][+][-]
  1. 2024-08-30 08:48:57.953 [etInfo] Request 14: / : 401 (0 bytes)
  2. 2024-08-30 08:49:02.552 [etInfo] Invalid password provided: bongo              <== Ahem, shouldn't log the password
Logged

Thaddy

  • Hero Member
  • *****
  • Posts: 18729
  • To Europe: simply sell USA bonds: dollar collapses
Re: THTTPRouter Documentation
« Reply #3 on: August 30, 2024, 05:15:31 pm »
It is OK and proper to log wrong passwords. It is not OK to log the proper password.
Although a sever should only know the hash, storing false attempts is not really wrong.
Logged
If Europe sells their USA bonds the USD will collapse. Europe can affort that given average state debts. The USA can't affort that. Just an advice...

JohnnieK

  • New Member
  • *
  • Posts: 31
Re: THTTPRouter Documentation
« Reply #4 on: September 09, 2024, 05:54:48 pm »
Thanx for all the replies. I now understand what I need to do.
Logged
Pages: [1]
« previous next »
 

TinyPortal © 2005-2018