void DataStore::handleRequest(const Http::Request& request, Http::Response& response) { response.setMimeType("text/x-json"); WModelIndexList matches; if (modelFilterColumn_ != -1) { WString query; const std::string *queryE = request.getParameter("query"); if (queryE) query = WString::fromUTF8(*queryE); matches = model_->match(model_->index(0, modelFilterColumn_), DisplayRole, boost::any(query)); } int start = 0; int rowCount = (modelFilterColumn_ == -1 ? model_->rowCount() : matches.size()); int limit = rowCount; const std::string *s; s = request.getParameter("start"); if (s) try { start = std::max(0, std::min(limit, boost::lexical_cast<int>(*s))); } catch (boost::bad_lexical_cast& e) { LOG_ERROR("start '" << *s << "' is not-a-number."); } s = request.getParameter("limit"); if (s) try { limit = std::max(0, std::min(limit - start, boost::lexical_cast<int>(*s))); } catch (boost::bad_lexical_cast& e) { LOG_ERROR("limit '" << *s << "' is not-a-number."); } std::ostream& o = response.out(); o << "{" << "'count':" << rowCount << "," << "'data':["; for (int row = start; row < start + limit; ++row) { if (row != start) o << ","; o << "{"; int modelRow = modelFilterColumn_ == -1 ? row : matches[row].row(); o << "'id':" << getRecordId(modelRow); for (unsigned j = 0; j < columns_.size(); ++j) o << ",'" << columns_[j].fieldName << "':" << dataAsJSLiteral(modelRow, columns_[j].modelColumn); o << "}"; } o << "]}"; }
virtual void handleRequest(const Http::Request& request, Http::Response& response) { bool triggerUpdate = false; std::vector<Http::UploadedFile> files; #ifdef WT_TARGET_JAVA static Http::UploadedFile* uploaded; #endif Utils::find(request.uploadedFiles(), "data", files); if (!request.tooLarge()) if (!files.empty() || request.getParameter("data")) triggerUpdate = true; response.setMimeType("text/html; charset=utf-8"); response.addHeader("Expires", "Sun, 14 Jun 2020 00:00:00 GMT"); response.addHeader("Cache-Control", "max-age=315360000"); #ifndef WT_TARGET_JAVA std::ostream& o = response.out(); #else std::ostream o(response.out()); #endif // WT_TARGET_JAVA o << "<!DOCTYPE html>" "<html>\n" "<head><script type=\"text/javascript\">\n" "function load() { "; if (triggerUpdate || request.tooLarge()) { o << "if (window.parent." << WApplication::instance()->javaScriptClass() << ") "; if (triggerUpdate) { LOG_DEBUG("Resource handleRequest(): signaling uploaded"); o << "window.parent." << WApplication::instance()->javaScriptClass() << "._p_.update(null, '" << fileUpload_->uploaded().encodeCmd() << "', null, true);"; } else if (request.tooLarge()) { LOG_DEBUG("Resource handleRequest(): signaling file-too-large"); o << "window.parent." << WApplication::instance()->javaScriptClass() << "._p_.update(null, '" << fileUpload_->fileTooLargeImpl().encodeCmd() << "', null, true);"; } } else { LOG_DEBUG("Resource handleRequest(): no signal"); } o << "}\n" "</script></head>" "<body onload=\"load();\"></body></html>"; if (request.tooLarge()) fileUpload_->tooLargeSize_ = request.tooLarge(); else if (!files.empty()) fileUpload_->setFiles(files); }
void OAuthTokenEndpoint::handleRequest(const Http::Request &request, Http::Response &response) { #ifdef WT_TARGET_JAVA try { #endif // WT_TARGET_JAVA response.setMimeType("application/json"); response.addHeader("Cache-Control", "no-store"); response.addHeader("Pragma", "no-cache"); const std::string *grantType = request.getParameter("grant_type"); const std::string *redirectUri = request.getParameter("redirect_uri"); const std::string *code = request.getParameter("code"); std::string clientId; std::string clientSecret; ClientSecretMethod authMethod = HttpAuthorizationBasic; // Preferred method: get authorization information from // Http Basic authentication std::string headerSecret; std::string authHeader = request.headerValue("Authorization"); if (authHeader.length() > AUTH_TYPE.length() + 1) { #ifndef WT_TARGET_JAVA headerSecret = Utils::base64Decode(authHeader.substr(AUTH_TYPE.length() + 1)); #else headerSecret = Utils::base64DecodeS(authHeader.substr(AUTH_TYPE.length() + 1)); #endif // WT_TARGET_JAVA std::vector<std::string> tokens; boost::split(tokens, headerSecret, boost::is_any_of(":")); if (tokens.size() == 2) { clientId = Utils::urlDecode(tokens[0]); clientSecret = Utils::urlDecode(tokens[1]); authMethod = HttpAuthorizationBasic; } } // Alternative method: pass authorization information as parameters // (only allowed for post methods) if (clientId.empty() && clientSecret.empty()) { const std::string *clientIdParam = request.getParameter("client_id"); const std::string *clientSecretParam = request.getParameter("client_secret"); if (clientIdParam && clientSecretParam) { clientId = *clientIdParam; clientSecret = *clientSecretParam; authMethod = RequestBodyParameter; } } if (!code || clientId.empty() || clientSecret.empty() || !grantType || !redirectUri) { response.setStatus(400); response.out() << "{\"error\": \"invalid_request\"}" << std::endl; return; } OAuthClient client = db_->idpClientFindWithId(clientId); if (!client.checkValid() || !client.verifySecret(clientSecret) || client.authMethod() != authMethod) { response.setStatus(401); if (!authHeader.empty()) { if (client.authMethod() == HttpAuthorizationBasic) response.addHeader("WWW-Authenticate", AUTH_TYPE); else response.addHeader("WWW-Authenticate", methodToString(client.authMethod())); } response.out() << "{\n\"error\": \"invalid_client\"\n}" << std::endl; return; } if (*grantType != GRANT_TYPE) { response.setStatus(400); response.out() << "{\n\"error\": \"unsupported_grant_type\"\n}" << std::endl; return; } IssuedToken authCode = db_->idpTokenFindWithValue(GRANT_TYPE, *code); if (!authCode.checkValid() || authCode.redirectUri() != *redirectUri || WDateTime::currentDateTime() > authCode.expirationTime()) { response.setStatus(400); response.out() << "{\n\"error\": \"invalid_grant\"\n}" << std::endl; return; } std::string accessTokenValue = WRandom::generateId(); WDateTime expirationTime = WDateTime::currentDateTime().addSecs(accessExpSecs_); const User &user = authCode.user(); const OAuthClient &authClient = authCode.authClient(); const std::string scope = authCode.scope(); db_->idpTokenAdd(accessTokenValue, expirationTime, "access_token", scope, authCode.redirectUri(), user, authClient); db_->idpTokenRemove(authCode); response.setStatus(200); Json::Object root; root["access_token"] = Json::Value(accessTokenValue); root["token_type"] = Json::Value("Bearer"); root["expires_in"] = Json::Value(accessExpSecs_); if (authCode.scope().find("openid") != std::string::npos) { std::string header; std::string signature; std::string payload = Utils::base64Encode(idTokenPayload(authClient.clientId(), scope, user), false); #ifndef WT_TARGET_JAVA #ifdef WT_WITH_SSL if (privateKey) { header = Utils::base64Encode("{\n\"typ\": \"JWT\",\n\"alg\": \"RS256\"\n}", false); signature = Utils::base64Encode(rs256(header + "." + payload), false); } else { #endif // WT_WITH_SSL #endif // WT_TARGET_JAVA header = Utils::base64Encode("{\n\"typ\": \"JWT\",\n\"alg\": \"none\"\n}", false); signature = Utils::base64Encode("", false); #ifndef WT_TARGET_JAVA #ifdef WT_WITH_SSL } #endif // WT_WITH_SSL #endif // WT_TARGET_JAVA root["id_token"] = Json::Value(header + "." + payload + "." + signature); } response.out() << Json::serialize(root); #ifdef WT_TARGET_JAVA } catch (std::io_exception ioe) { LOG_ERROR(ioe.message()); } #endif }