From 3b929b9cf42e562a7e5e2ea2208086c81bfc52cc Mon Sep 17 00:00:00 2001
From: Konrad Rosenbaum <konrad@silmor.de>
Date: Sun, 21 Jul 2013 14:20:38 +0200
Subject: [PATCH] implement nolog parameter for transactions

---
 doc/wolf-comm.html           |    9 +++++++++
 qtbase/include/transaction.h |    5 +++++
 qtbase/src/transaction.cpp   |   21 +++++++++++++++++----
 woc/proc/proctrans.cpp       |    9 +++++++++
 woc/proc/proctrans.h         |   14 ++++++++++++++
 woc/qt/qtctrans.cpp          |   13 +++++++++++++
 woc/qt/qtctrans.h            |    2 ++
 woc/qt/qtstrans.cpp          |   13 +++++++++++++
 woc/qt/qtstrans.h            |    2 ++
 9 files changed, 84 insertions(+), 4 deletions(-)

diff --git a/doc/wolf-comm.html b/doc/wolf-comm.html
index 7ec54a6..d07f7ae 100644
--- a/doc/wolf-comm.html
+++ b/doc/wolf-comm.html
@@ -113,6 +113,7 @@ Transaction attributes:
 <tr><td>name</td><td>the name of the transaction</td></tr>
 <tr><td>mode</td><td>(optional, default=checked) can be used to require less restrictive privileges, see below for values</td></tr>
 <tr><td>updating</td><td>optional, tells woc whether the transaction is to be considered writing to the database - the default is given in the global "Database" tag.</td></tr>
+<tr><td>nolog</td><td>optional, if given it excludes the request and/or response from the log file (currently: Qt implementation only), use this for transactions that carry passwords or other sensitive information, see below</td></tr>
 </table><p>
 
 Transaction modes:
@@ -123,6 +124,14 @@ Transaction modes:
 <tr><td>open</td><td>no session is necessary for this to work; usually this is only done for login</tr></tr>
 </table><p>
 
+NoLog values:
+<table frame="1" border="1">
+<tr><td><b>Value</b></td><td><b>Description</b></td></tr>
+<tr><td>"request" (or: req)</td><td>excludes the request body from logging</td></tr>
+<tr><td>"response" (or: rsp)</td><td>excludes the response body from logging</td></tr>
+<tr><td>"any" (or: "all" or: "request,response")</td><td>neither request nor response bodies are logged (only the fact that the transaction happened is logged)</tr></tr>
+</table><p>
+
 Input defines the input parameters (Var tag) of the transaction (ie. what is sent to the server).<p>
 
 Output defines the data (Var tag) sent back to the client.<p>
diff --git a/qtbase/include/transaction.h b/qtbase/include/transaction.h
index e4f902f..e642150 100644
--- a/qtbase/include/transaction.h
+++ b/qtbase/include/transaction.h
@@ -128,6 +128,11 @@ class WOLF_BASE_EXPORT WTransaction:public WHelper
 		friend class WTransaction::LogWrap;
 		friend class WTransaction_Private;
 		WTransaction_Private *d;
+                
+                ///internal: returns true if this transaction can log requests (default: true)
+                virtual bool canLogRequest()const;
+                ///internal: returns true if this transaction can log responses (default: true)
+                virtual bool canLogResponse()const;
 };
 
 #endif
diff --git a/qtbase/src/transaction.cpp b/qtbase/src/transaction.cpp
index b239a1b..f5d6d7a 100644
--- a/qtbase/src/transaction.cpp
+++ b/qtbase/src/transaction.cpp
@@ -275,6 +275,9 @@ QByteArray WTransaction::encodeError()const
 	return doc.toByteArray();
 }
 
+bool WTransaction::canLogRequest()const{return true;}
+bool WTransaction::canLogResponse()const{return true;}
+
 /*****************************************************************************/
 
 static int logid=0;
@@ -314,8 +317,13 @@ void WTransaction::Log::outStr(const QString&s)
 void WTransaction::Log::setRequ(const QString&h,const QString&d)
 {
 	if(lvl<=WInterface::LogInfo)return;
-	QString r=QString("Transaction %1, Request:\n--Header--\n%2\n--Body--\n%3\n--End--")
-		.arg(trn).arg(h).arg(d);
+	QString r;
+        if(parent && parent->canLogRequest())
+                r=QString("Transaction %1, Request:\n--Header--\n%2\n--Body--\n%3\n--End--")
+                        .arg(trn).arg(h).arg(d);
+        else
+                r=QString("Transaction %1, Request:\n--Header--\n%2\n--Cannot Log Body: Log Forbidden--")
+                        .arg(trn).arg(h);
 	if(lvl==WInterface::LogDetailed)
 		outStr(r);
 	else
@@ -326,8 +334,13 @@ void WTransaction::Log::setRequ(const QString&h,const QString&d)
 void WTransaction::Log::setResp(const QString&h,const QString&d)
 {
 	if(lvl<=WInterface::LogInfo)return;
-	QString r=QString("Transaction %1, Response:\n--Header--\n%2\n--Body--\n%3\n--End--")
-		 .arg(trn).arg(h).arg(d);
+	QString r;
+        if(parent && parent->canLogResponse())
+                r=QString("Transaction %1, Response:\n--Header--\n%2\n--Body--\n%3\n--End--")
+                        .arg(trn).arg(h).arg(d);
+        else
+                r=QString("Transaction %1, Response:\n--Header--\n%2\n--Cannot Log Body: Log Forbidden--")
+                        .arg(trn).arg(h);
 	if(lvl==WInterface::LogDetailed)
 		outStr(r);
 	else
diff --git a/woc/proc/proctrans.cpp b/woc/proc/proctrans.cpp
index 1f92e23..0a83897 100644
--- a/woc/proc/proctrans.cpp
+++ b/woc/proc/proctrans.cpp
@@ -24,6 +24,7 @@ WocTransaction::WocTransaction(const QDomElement&root)
 {
 	m_valid=true;
 	m_mode=Checked;
+        m_logmode=LogAll;
 	QRegExp rval("[a-z][a-z0-9_]*",Qt::CaseInsensitive);
 	//get basics
 	m_name=root.attribute("name");
@@ -44,6 +45,14 @@ WocTransaction::WocTransaction(const QDomElement&root)
 			return;
 		}
 	}
+	if(root.hasAttribute("nolog")){
+                QStringList nl=root.attribute("nolog").toLower().split(",");
+                if(nl.contains("request")||nl.contains("req"))m_logmode=NoLogRequest;
+                if(nl.contains("response")||nl.contains("rsp"))
+                        m_logmode=NoLogMode(m_logmode|NoLogResponse);
+                if(nl.contains("all")||nl.contains("any"))
+                        m_logmode=NoLogAny;
+        }
 	if(root.hasAttribute("updating"))
 		m_update=str2bool(root.attribute("updating"));
 	else
diff --git a/woc/proc/proctrans.h b/woc/proc/proctrans.h
index 98abfe3..ee8b87e 100644
--- a/woc/proc/proctrans.h
+++ b/woc/proc/proctrans.h
@@ -56,6 +56,19 @@ class WocTransaction
 		};
 		AuthMode authMode()const{return m_mode;}
 		
+		///Log Mode: signals what kind of logging is forbidden
+		enum NoLogMode {
+                        ///default: all logging is allowed
+                        LogAll=0,
+                        ///logging the request is forbidden
+                        NoLogRequest=1,
+                        ///logging the response is forbidden
+                        NoLogResponse=2,
+                        ///logging any data is forbidden
+                        NoLogAny=3
+                };
+                NoLogMode logMode()const{return m_logmode;}
+		
 		/**returns true if the type given is a list*/
 		static bool isListType(QString t){return t.startsWith("List:");}
 		/**returns the type without list or xml qualifiers*/
@@ -107,6 +120,7 @@ class WocTransaction
 		QString m_name;
 		bool m_valid,m_update;
 		AuthMode m_mode;
+                NoLogMode m_logmode;
 		QMap<QString,QPair<QString,QString> > m_call;
 		QList<QPair<QString,QString> >m_input,m_output;
 		QStringList m_privileges;
diff --git a/woc/qt/qtctrans.cpp b/woc/qt/qtctrans.cpp
index f6b4b0f..01cfac6 100644
--- a/woc/qt/qtctrans.cpp
+++ b/woc/qt/qtctrans.cpp
@@ -115,6 +115,9 @@ void WocQtClientTransaction::newTransaction(const WocTransaction&trn)
 	
 	//create scripting
 	genScripting(ct);
+        
+        //create log control
+        genLogCtrl(ct);
 	
 	//button class up
 	ct.hcd+="};\n\n";
@@ -326,6 +329,16 @@ void WocQtClientTransaction::genScripting(QtCTrans& ct)
 	);
 }
 
+void WocQtClientTransaction::genLogCtrl(QtCTrans& ct)
+{
+        if(ct.trn.logMode()==WocTransaction::LogAll)return;
+        ct.hcd+="  protected:\n";
+        if(ct.trn.logMode()&WocTransaction::NoLogRequest)
+                ct.hcd+="\tvirtual bool canLogRequest()const{return false;}\n";
+        if(ct.trn.logMode()&WocTransaction::NoLogResponse)
+                ct.hcd+="\tvirtual bool canLogResponse()const{return false;}\n";
+}
+
 QString WocQtClientTransaction::trnInput(const WocTransaction&trn)
 {
 	QString code;
diff --git a/woc/qt/qtctrans.h b/woc/qt/qtctrans.h
index 0533dd3..5c943bf 100644
--- a/woc/qt/qtctrans.h
+++ b/woc/qt/qtctrans.h
@@ -45,6 +45,8 @@ class WocQtClientTransaction:public WocQtTransaction
 		void genGetters(QtCTrans&);
 		///helper: generate QtScript glue code
 		void genScripting(QtCTrans&);
+                ///helper: generate log control
+                void genLogCtrl(QtCTrans&);
 		///helper: initialize data in the transaction wrapper
 		void initList(QtCTrans&);
 		
diff --git a/woc/qt/qtstrans.cpp b/woc/qt/qtstrans.cpp
index 1231b0c..b131a7b 100644
--- a/woc/qt/qtstrans.cpp
+++ b/woc/qt/qtstrans.cpp
@@ -99,6 +99,9 @@ void WocQtServerTransaction::newTransaction(const WocTransaction&trn)
 	
 	//create scripting
 	genScripting(ct);
+        
+        //create log control
+        genLogCtrl(ct);
 	
 	//button class up
 	ct.hcd+="};\n\n";
@@ -289,6 +292,16 @@ void WocQtServerTransaction::genScripting(QtSTrans& ct)
 	);
 }
 
+void WocQtServerTransaction::genLogCtrl(QtSTrans& ct)
+{
+        if(ct.trn.logMode()==WocTransaction::LogAll)return;
+        ct.hcd+="  protected:\n";
+        if(ct.trn.logMode()&WocTransaction::NoLogRequest)
+                ct.hcd+="\tvirtual bool canLogRequest()const{return false;}\n";
+        if(ct.trn.logMode()&WocTransaction::NoLogResponse)
+                ct.hcd+="\tvirtual bool canLogResponse()const{return false;}\n";
+}
+
 QString WocQtServerTransaction::trnOutput(const WocTransaction&trn)
 {
 	QString code;
diff --git a/woc/qt/qtstrans.h b/woc/qt/qtstrans.h
index 260cca1..656a59d 100644
--- a/woc/qt/qtstrans.h
+++ b/woc/qt/qtstrans.h
@@ -42,6 +42,8 @@ class WocQtServerTransaction:public WocQtTransaction
 		void genSetters(QtSTrans&);
 		///helper: generate QtScript glue code
 		void genScripting(QtSTrans&);
+                ///helper: generate log control
+                void genLogCtrl(QtSTrans&);
 };
 
 #endif
-- 
1.7.2.5