From 243a94a13fd836958f600c6df4edac5521b5853d Mon Sep 17 00:00:00 2001 From: konrad Date: Sat, 8 Aug 2009 09:13:11 +0000 Subject: [PATCH] *some minor fixes *moved session id into header to make processing more efficient git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@320 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- src/msinterface.cpp | 7 +++++++ src/msinterface.h | 17 +++++++++++++---- src/wbase/WInterface.h | 8 +------- src/wbase/WTransaction.cpp | 5 ++++- wob/magicsmoke.wolf | 8 ++++---- woc/phpout.cpp | 19 +++++++++---------- woc/qtout.cpp | 2 -- www/inc/machine/session.php | 13 +++++++++++-- www/inc/wbase/transaction.php | 7 +++++++ 9 files changed, 56 insertions(+), 30 deletions(-) diff --git a/src/msinterface.cpp b/src/msinterface.cpp index f4a5526..318515c 100644 --- a/src/msinterface.cpp +++ b/src/msinterface.cpp @@ -31,3 +31,10 @@ bool MSInterface::login(QString username,QString passwd,QString hostname,QString void logout(){} bool relogin(){return false;} + +QMap MSInterface::headers(QString s)const +{ + QMap ret=WInterface::headers(s); + ret.insert("Wob-SessionId",m_sessid); + return ret; +} diff --git a/src/msinterface.h b/src/msinterface.h index 6ef9060..32e723c 100644 --- a/src/msinterface.h +++ b/src/msinterface.h @@ -23,15 +23,24 @@ class MSInterface:public MInterface static MSInterface* instance(){return qobject_cast(MInterface::instance());} - bool login(QString username,QString passwd,QString hostname,QString hostkey); - void logout(){} - bool relogin(){return false;} QString currentUser()const{return "";} bool hasRole(QString)const{return false;} QString dataDir()const{return "/tmp/blah";} QString settingsGroup()const{return "nosuchgroup";} + /**returns the current session ID*/ + QString sessionId()const{return m_sessid;} + + virtual QMap headers(QString)const; + + public slots: + bool login(QString username,QString passwd,QString hostname,QString hostkey); + void logout(){} + bool relogin(){return false;} + /**sets the session id to be transmitted*/ + void setSessionId(QString sid){m_sessid=sid;} + private: - QString profileid; + QString profileid,m_sessid; }; diff --git a/src/wbase/WInterface.h b/src/wbase/WInterface.h index 94a0908..8cae7d6 100644 --- a/src/wbase/WInterface.h +++ b/src/wbase/WInterface.h @@ -66,9 +66,6 @@ class WInterface:public QObject /**returns the current log level*/ LogLevel logLevel()const{return loglvl;} - /**returns the current session ID*/ - QString sessionId()const{return m_sessid;} - public slots: /**set log level*/ void setLogLevel(WInterface::LogLevel l){loglvl=l;} @@ -84,13 +81,10 @@ class WInterface:public QObject /**sets the URL of the interface*/ void setUrl(QUrl u){m_url=u;} - /**sets the session id to be transmitted*/ - void setSessionId(QString sid){m_sessid=sid;} - private: static QMapinst; QUrl m_url; - QString m_proxyhost,m_proxyuser,m_proxypass,m_sessid; + QString m_proxyhost,m_proxyuser,m_proxypass; unsigned short m_proxyport; int m_wtimeout; LogLevel loglvl; diff --git a/src/wbase/WTransaction.cpp b/src/wbase/WTransaction.cpp index 5ecc24d..40ef1f4 100644 --- a/src/wbase/WTransaction.cpp +++ b/src/wbase/WTransaction.cpp @@ -91,8 +91,11 @@ QByteArray WTransaction::executeQuery(QString hreq,QByteArray data) QString hostspec=url.host(); if(url.port()>0)hostspec+=":"+QString::number(port); hrh.setValue("Host",hostspec); + QMaphdrs=iface->headers(hreq); + QStringList hdrn=hdrs.keys(); + for(int i=0;i + isAuthenticated="Session::instance()->isAuthenticated()" + hasRole="Session::instance()->canExecute(%)" + userName="Session::instance()->getUser()" + init="new Session($this)"/> diff --git a/woc/phpout.cpp b/woc/phpout.cpp index c354a5d..ec0ffbd 100644 --- a/woc/phpout.cpp +++ b/woc/phpout.cpp @@ -676,23 +676,16 @@ void WocPHPServerOut::newTransaction(const WocTransaction&trn) //request handler: code="public function handleRequest(){\n"; - //parse low level XML - code+="\tglobal $HTTP_RAW_POST_DATA;\n\tif(isset($HTTP_RAW_POST_DATA))$txt=$HTTP_RAW_POST_DATA;else $txt=\"\";\n"; - code+="\t$xml=new DOMDocument;\n\tif(!$xml->loadXML($txt))xmlParserError();\n"; - code+="\t$root=$xml->documentElement;\n"; - //security handling switch(trn.authMode()){ case WocTransaction::Checked: code+="\t/*security check: authenticated and authorized*/\n"; - code+="\t$sid=$root->getAttribute(\"sessionid\");\n"; - code+="\t"+QString(m_authinit).replace("%","$sid")+";\n"; + code+="\t"+m_authinit+";\n"; code+="\tif(!"+m_isauth+"||!"+QString(m_hasrole).replace("%","\""+trn.name()+"\"")+")notAuthenticated();\n"; break; case WocTransaction::Auth: code+="\t/*security check: authenticated*/\n"; - code+="\t$sid=$root->getAttribute(\"sessionid\");\n"; - code+="\t"+QString(m_authinit).replace("%","$sid")+";\n"; + code+="\t"+m_authinit+";\n"; code+="\tif(!"+m_isauth+")notAuthenticated();\n"; break; default: @@ -700,6 +693,12 @@ void WocPHPServerOut::newTransaction(const WocTransaction&trn) break;//none } + //parse low level XML + code+="\t/*low level XML parsing*/\n"; + code+="\tglobal $HTTP_RAW_POST_DATA;\n\tif(isset($HTTP_RAW_POST_DATA))$txt=$HTTP_RAW_POST_DATA;else $txt=\"\";\n"; + code+="\t$xml=new DOMDocument;\n\tif(!$xml->loadXML($txt))xmlParserError();\n"; + code+="\t$root=$xml->documentElement;\n"; + //parse inputs code+=trnInput(trn); @@ -891,7 +890,7 @@ QString WocPHPServerOut::trnGetSet(const WocTransaction&trn) code+="\t\t$this->aoutput[\""+sl[i]+"\"][]=\"\".$vv;\n"; add+="\t$this->aoutput[\""+sl[i]+"\"][]=\"\".$vv;\n"; } - code+="\t}\n};"; + code+="\t}\n"; add+="}\n"; }else{ if(trn.isIntType(t)){ diff --git a/woc/qtout.cpp b/woc/qtout.cpp index cbf1290..c7d00df 100644 --- a/woc/qtout.cpp +++ b/woc/qtout.cpp @@ -514,8 +514,6 @@ void WocQtClientOut::newTransaction(const WocTransaction&trn) scd+="\tQDomElement tmp;\n"; scd+="\tWInterface *iface=WInterface::instance(m_iface);\n"; scd+="\tif(iface==0){m_errtype=\"_iface\";m_errstr=\"interface not found\";m_stage=Error;return;}\n"; - if(trn.authMode()!=trn.Open) - scd+="\troot.setAttribute(\"sessionid\",iface->sessionId());\n"; //encode input scd+=trnInput(trn); scd+="\tdoc.appendChild(root);\n"; diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php index c31bb6c..1916e41 100644 --- a/www/inc/machine/session.php +++ b/www/inc/machine/session.php @@ -25,11 +25,12 @@ class Session private $rights; /**construct the session object, check validity*/ - public function __construct($sid) + public function __construct($trans) { global $db,$session; $this->roles=array(); $this->rights=array(); + $sid=$trans->getHeader("Wob-SessionId"); $res=$db->select("session","sessionid,user","sessionid=".$db->escapeString($sid)); if(count($res)>0){ $this->sessid=$sid; @@ -39,8 +40,16 @@ class Session $session=$this; } + /**return the session instance*/ + public static function instance() + { + global $session; + if(!isset($session))return null; + return $session; + } + /**internal: retrieve and remember the rights of this user*/ - public function initRights() + protected function initRights() { global $db; $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); diff --git a/www/inc/wbase/transaction.php b/www/inc/wbase/transaction.php index f5b902c..5fc248e 100644 --- a/www/inc/wbase/transaction.php +++ b/www/inc/wbase/transaction.php @@ -38,6 +38,13 @@ class WobTransactionBase { } return $_SERVER["HTTP_X_WOBREQUEST"]; } + /**called to determine the session id*/ + static public function getHeader($hd) + { + $hd="HTTP_X_".strtoupper(str_replace("-","_",$hd)); + if(isset($_SERVER[$hd]))return $_SERVER[$hd]; + else return ""; + } /**called if the transaction is not known. aborts the script.*/ static public function noSuchTransaction() { -- 1.7.2.5