Ejemplo n.º 1
0
void BundleInstallHandler::run()
{
	ServiceRef::Ptr pInstallerRef = context()->registry().findByName(BundleInstallerService::SERVICE_NAME);
	AutoPtr<BundleInstallerService> pInstaller = pInstallerRef->castedInstance<BundleInstallerService>();

	HTMLForm form;
	InstallPartHandler partHandler(form, pInstaller);
	form.load(request(), request().stream(), partHandler);

	std::string title;
	std::string backLink;
	std::string backLinkTitle;
	std::string symbolicName = form.get("symbolicName", "");
	if (!symbolicName.empty())
	{
		Bundle::Ptr pBundle = context()->findBundle(symbolicName);
		title = text("upgradeBundle");
		title += ": ";
		title += symbolicName;
		backLink = bundlePath(symbolicName);
		backLinkTitle = text("bundle");
		backLinkTitle += ": ";
		backLinkTitle += pBundle->name();
	}
	else
	{
		title = text("installBundle");
		backLink = bundle()->properties().getString("web.path");
		backLinkTitle = text("installedBundles");
	}
		
	beginPage(title, backLink, backLinkTitle);
	if (partHandler.installed())
	{
		templat().clear();
		templat().setString("symbolicName", partHandler.bundle()->symbolicName());
		templat().setString("name", partHandler.bundle()->name());
		sendTemplate("html.installComplete");
		beginList();
		item(text("id"), NumberFormatter::format(partHandler.bundle()->id()));
		item(text("symbolicName"), partHandler.bundle()->symbolicName());
		item(text("version"), partHandler.bundle()->version().toString());
		item(text("path"), partHandler.bundle()->path());
		endList();
	}
	else if (symbolicName.empty())
	{
		sendTemplate("html.installForm");
	}
	else
	{
		templat().clear();
		templat().setString("symbolicName", symbolicName);
		sendTemplate("html.upgradeForm");
	}
	endPage();
}
Ejemplo n.º 2
0
void HTTPHandler::processQuery(
    Poco::Net::HTTPServerRequest & request,
    HTMLForm & params,
    Poco::Net::HTTPServerResponse & response,
    Output & used_output)
{
    Context context = server.context();
    context.setGlobalContext(server.context());

    CurrentThread::QueryScope query_scope(context);

    LOG_TRACE(log, "Request URI: " << request.getURI());

    std::istream & istr = request.stream();

    /// Part of the query can be passed in the 'query' parameter and the rest in the request body
    /// (http method need not necessarily be POST). In this case the entire query consists of the
    /// contents of the 'query' parameter, a line break and the request body.
    std::string query_param = params.get("query", "");
    if (!query_param.empty())
        query_param += '\n';

    /// The user and password can be passed by headers (similar to X-Auth-*),
    /// which is used by load balancers to pass authentication information.
    std::string user = request.get("X-ClickHouse-User", "");
    std::string password = request.get("X-ClickHouse-Key", "");
    std::string quota_key = request.get("X-ClickHouse-Quota", "");

    if (user.empty() && password.empty() && quota_key.empty())
    {
        /// User name and password can be passed using query parameters
        /// or using HTTP Basic auth (both methods are insecure).
        if (request.hasCredentials())
        {
            Poco::Net::HTTPBasicCredentials credentials(request);

            user = credentials.getUsername();
            password = credentials.getPassword();
        }
        else
        {
            user = params.get("user", "default");
            password = params.get("password", "");
        }

        quota_key = params.get("quota_key", "");
    }
    else
    {
        /// It is prohibited to mix different authorization schemes.
        if (request.hasCredentials()
            || params.has("user")
            || params.has("password")
            || params.has("quota_key"))
        {
            throw Exception("Invalid authentication: it is not allowed to use X-ClickHouse HTTP headers and other authentication methods simultaneously", ErrorCodes::REQUIRED_PASSWORD);
        }
    }

    std::string query_id = params.get("query_id", "");
    context.setUser(user, password, request.clientAddress(), quota_key);
    context.setCurrentQueryId(query_id);

    /// The user could specify session identifier and session timeout.
    /// It allows to modify settings, create temporary tables and reuse them in subsequent requests.

    std::shared_ptr<Context> session;
    String session_id;
    std::chrono::steady_clock::duration session_timeout;
    bool session_is_set = params.has("session_id");
    const auto & config = server.config();

    if (session_is_set)
    {
        session_id = params.get("session_id");
        session_timeout = parseSessionTimeout(config, params);
        std::string session_check = params.get("session_check", "");

        session = context.acquireSession(session_id, session_timeout, session_check == "1");

        context = *session;
        context.setSessionContext(*session);
    }

    SCOPE_EXIT({
        if (session_is_set)
            session->releaseSession(session_id, session_timeout);
    });