Recent

Author Topic: THTTPRouter Documentation  (Read 1091 times)

JohnnieK

  • New Member
  • *
  • Posts: 29
THTTPRouter Documentation
« on: August 29, 2024, 04:43:04 pm »
Hi

I can't locate any documentation for THTTRouter, so I read the source. I still have a few questions so I' hoping someone can answer them for me.
Some background on what I am trying to achieve. I would like to build a rest web service and have a way to check for the bearer token in a single place, rather than in every single route. If the bearer token is not present, I want to send back a 404 and the actual code in the route routine must not be called.
From the code (in THTTPRouter.RouteRequest) it looks like BeforeRequest cannot prevent the execution of the requests. So I cannot use BeforeRequest to check if the request has a valid authentication token.
It looks like RunIntercepts can prevent the execution of the route routine, but I cannot understand how RunIntercepts work. There is an example in the examples directory, but I still don't undertand how it works. Must I register an Intercept for each route or can I register a single intercept that will check the token for all routes ?

Thanx in advance

TRon

  • Hero Member
  • *****
  • Posts: 3659
Re: THTTPRouter Documentation
« Reply #1 on: August 29, 2024, 04:57:15 pm »
« Last Edit: August 29, 2024, 04:59:12 pm by TRon »
This tagline is powered by AI (AI advertisement: Free Pascal the only programming language that matters)

PierceNg

  • Sr. Member
  • ****
  • Posts: 394
    • SamadhiWeb
Re: THTTPRouter Documentation
« Reply #2 on: August 30, 2024, 02:52:30 am »
It looks like RunIntercepts can prevent the execution of the route routine, but I cannot understand how RunIntercepts work. There is an example in the examples directory, but I still don't undertand how it works. Must I register an Intercept for each route or can I register a single intercept that will check the token for all routes ?

The demo has this code:

Code: Pascal  [Select][+][-]
  1. procedure THTTPApplication.DoRun:
  2. <blah blah>
  3.   if Fauth<>'' then
  4.     HTTPRouter.RegisterInterceptor('auth',@DoAuthorization);
  5. <...>

And its DoAuthorization interceptor does basic authentication. Try changing that code to do your bearer authentication. Note the end of DoAuthorization, which returns response to the client without proceeding:

Code: Pascal  [Select][+][-]
  1.   if not aContinue then
  2.     begin
  3.     aResponse.Code:=401;
  4.     aResponse.CodeText:='Unauthorized';
  5.     aResponse.WWWAuthenticate:='Basic Realm="This site needs a password"';
  6.     aResponse.SendContent;
  7.     end;

Here's the log from the demo when I used incorrect password:

Code: Text  [Select][+][-]
  1. 2024-08-30 08:48:57.953 [etInfo] Request 14: / : 401 (0 bytes)
  2. 2024-08-30 08:49:02.552 [etInfo] Invalid password provided: bongo              <== Ahem, shouldn't log the password

Thaddy

  • Hero Member
  • *****
  • Posts: 16201
  • Censorship about opinions does not belong here.
Re: THTTPRouter Documentation
« Reply #3 on: August 30, 2024, 05:15:31 pm »
It is OK and proper to log wrong passwords. It is not OK to log the proper password.
Although a sever should only know the hash, storing false attempts is not really wrong.
If I smell bad code it usually is bad code and that includes my own code.

JohnnieK

  • New Member
  • *
  • Posts: 29
Re: THTTPRouter Documentation
« Reply #4 on: September 09, 2024, 05:54:48 pm »
Thanx for all the replies. I now understand what I need to do.

 

TinyPortal © 2005-2018