From 3b929b9cf42e562a7e5e2ea2208086c81bfc52cc Mon Sep 17 00:00:00 2001 From: Konrad Rosenbaum Date: Sun, 21 Jul 2013 14:20:38 +0200 Subject: [PATCH] implement nolog parameter for transactions --- doc/wolf-comm.html | 9 +++++++++ qtbase/include/transaction.h | 5 +++++ qtbase/src/transaction.cpp | 21 +++++++++++++++++---- woc/proc/proctrans.cpp | 9 +++++++++ woc/proc/proctrans.h | 14 ++++++++++++++ woc/qt/qtctrans.cpp | 13 +++++++++++++ woc/qt/qtctrans.h | 2 ++ woc/qt/qtstrans.cpp | 13 +++++++++++++ woc/qt/qtstrans.h | 2 ++ 9 files changed, 84 insertions(+), 4 deletions(-) diff --git a/doc/wolf-comm.html b/doc/wolf-comm.html index 7ec54a6..d07f7ae 100644 --- a/doc/wolf-comm.html +++ b/doc/wolf-comm.html @@ -113,6 +113,7 @@ Transaction attributes: namethe name of the transaction mode(optional, default=checked) can be used to require less restrictive privileges, see below for values updatingoptional, tells woc whether the transaction is to be considered writing to the database - the default is given in the global "Database" tag. +nologoptional, if given it excludes the request and/or response from the log file (currently: Qt implementation only), use this for transactions that carry passwords or other sensitive information, see below

Transaction modes: @@ -123,6 +124,14 @@ Transaction modes: openno session is necessary for this to work; usually this is only done for login

+NoLog values: + + + + + +
ValueDescription
"request" (or: req)excludes the request body from logging
"response" (or: rsp)excludes the response body from logging
"any" (or: "all" or: "request,response")neither request nor response bodies are logged (only the fact that the transaction happened is logged)

+ Input defines the input parameters (Var tag) of the transaction (ie. what is sent to the server).

Output defines the data (Var tag) sent back to the client.

diff --git a/qtbase/include/transaction.h b/qtbase/include/transaction.h index e4f902f..e642150 100644 --- a/qtbase/include/transaction.h +++ b/qtbase/include/transaction.h @@ -128,6 +128,11 @@ class WOLF_BASE_EXPORT WTransaction:public WHelper friend class WTransaction::LogWrap; friend class WTransaction_Private; WTransaction_Private *d; + + ///internal: returns true if this transaction can log requests (default: true) + virtual bool canLogRequest()const; + ///internal: returns true if this transaction can log responses (default: true) + virtual bool canLogResponse()const; }; #endif diff --git a/qtbase/src/transaction.cpp b/qtbase/src/transaction.cpp index b239a1b..f5d6d7a 100644 --- a/qtbase/src/transaction.cpp +++ b/qtbase/src/transaction.cpp @@ -275,6 +275,9 @@ QByteArray WTransaction::encodeError()const return doc.toByteArray(); } +bool WTransaction::canLogRequest()const{return true;} +bool WTransaction::canLogResponse()const{return true;} + /*****************************************************************************/ static int logid=0; @@ -314,8 +317,13 @@ void WTransaction::Log::outStr(const QString&s) void WTransaction::Log::setRequ(const QString&h,const QString&d) { if(lvl<=WInterface::LogInfo)return; - QString r=QString("Transaction %1, Request:\n--Header--\n%2\n--Body--\n%3\n--End--") - .arg(trn).arg(h).arg(d); + QString r; + if(parent && parent->canLogRequest()) + r=QString("Transaction %1, Request:\n--Header--\n%2\n--Body--\n%3\n--End--") + .arg(trn).arg(h).arg(d); + else + r=QString("Transaction %1, Request:\n--Header--\n%2\n--Cannot Log Body: Log Forbidden--") + .arg(trn).arg(h); if(lvl==WInterface::LogDetailed) outStr(r); else @@ -326,8 +334,13 @@ void WTransaction::Log::setRequ(const QString&h,const QString&d) void WTransaction::Log::setResp(const QString&h,const QString&d) { if(lvl<=WInterface::LogInfo)return; - QString r=QString("Transaction %1, Response:\n--Header--\n%2\n--Body--\n%3\n--End--") - .arg(trn).arg(h).arg(d); + QString r; + if(parent && parent->canLogResponse()) + r=QString("Transaction %1, Response:\n--Header--\n%2\n--Body--\n%3\n--End--") + .arg(trn).arg(h).arg(d); + else + r=QString("Transaction %1, Response:\n--Header--\n%2\n--Cannot Log Body: Log Forbidden--") + .arg(trn).arg(h); if(lvl==WInterface::LogDetailed) outStr(r); else diff --git a/woc/proc/proctrans.cpp b/woc/proc/proctrans.cpp index 1f92e23..0a83897 100644 --- a/woc/proc/proctrans.cpp +++ b/woc/proc/proctrans.cpp @@ -24,6 +24,7 @@ WocTransaction::WocTransaction(const QDomElement&root) { m_valid=true; m_mode=Checked; + m_logmode=LogAll; QRegExp rval("[a-z][a-z0-9_]*",Qt::CaseInsensitive); //get basics m_name=root.attribute("name"); @@ -44,6 +45,14 @@ WocTransaction::WocTransaction(const QDomElement&root) return; } } + if(root.hasAttribute("nolog")){ + QStringList nl=root.attribute("nolog").toLower().split(","); + if(nl.contains("request")||nl.contains("req"))m_logmode=NoLogRequest; + if(nl.contains("response")||nl.contains("rsp")) + m_logmode=NoLogMode(m_logmode|NoLogResponse); + if(nl.contains("all")||nl.contains("any")) + m_logmode=NoLogAny; + } if(root.hasAttribute("updating")) m_update=str2bool(root.attribute("updating")); else diff --git a/woc/proc/proctrans.h b/woc/proc/proctrans.h index 98abfe3..ee8b87e 100644 --- a/woc/proc/proctrans.h +++ b/woc/proc/proctrans.h @@ -56,6 +56,19 @@ class WocTransaction }; AuthMode authMode()const{return m_mode;} + ///Log Mode: signals what kind of logging is forbidden + enum NoLogMode { + ///default: all logging is allowed + LogAll=0, + ///logging the request is forbidden + NoLogRequest=1, + ///logging the response is forbidden + NoLogResponse=2, + ///logging any data is forbidden + NoLogAny=3 + }; + NoLogMode logMode()const{return m_logmode;} + /**returns true if the type given is a list*/ static bool isListType(QString t){return t.startsWith("List:");} /**returns the type without list or xml qualifiers*/ @@ -107,6 +120,7 @@ class WocTransaction QString m_name; bool m_valid,m_update; AuthMode m_mode; + NoLogMode m_logmode; QMap > m_call; QList >m_input,m_output; QStringList m_privileges; diff --git a/woc/qt/qtctrans.cpp b/woc/qt/qtctrans.cpp index f6b4b0f..01cfac6 100644 --- a/woc/qt/qtctrans.cpp +++ b/woc/qt/qtctrans.cpp @@ -115,6 +115,9 @@ void WocQtClientTransaction::newTransaction(const WocTransaction&trn) //create scripting genScripting(ct); + + //create log control + genLogCtrl(ct); //button class up ct.hcd+="};\n\n"; @@ -326,6 +329,16 @@ void WocQtClientTransaction::genScripting(QtCTrans& ct) ); } +void WocQtClientTransaction::genLogCtrl(QtCTrans& ct) +{ + if(ct.trn.logMode()==WocTransaction::LogAll)return; + ct.hcd+=" protected:\n"; + if(ct.trn.logMode()&WocTransaction::NoLogRequest) + ct.hcd+="\tvirtual bool canLogRequest()const{return false;}\n"; + if(ct.trn.logMode()&WocTransaction::NoLogResponse) + ct.hcd+="\tvirtual bool canLogResponse()const{return false;}\n"; +} + QString WocQtClientTransaction::trnInput(const WocTransaction&trn) { QString code; diff --git a/woc/qt/qtctrans.h b/woc/qt/qtctrans.h index 0533dd3..5c943bf 100644 --- a/woc/qt/qtctrans.h +++ b/woc/qt/qtctrans.h @@ -45,6 +45,8 @@ class WocQtClientTransaction:public WocQtTransaction void genGetters(QtCTrans&); ///helper: generate QtScript glue code void genScripting(QtCTrans&); + ///helper: generate log control + void genLogCtrl(QtCTrans&); ///helper: initialize data in the transaction wrapper void initList(QtCTrans&); diff --git a/woc/qt/qtstrans.cpp b/woc/qt/qtstrans.cpp index 1231b0c..b131a7b 100644 --- a/woc/qt/qtstrans.cpp +++ b/woc/qt/qtstrans.cpp @@ -99,6 +99,9 @@ void WocQtServerTransaction::newTransaction(const WocTransaction&trn) //create scripting genScripting(ct); + + //create log control + genLogCtrl(ct); //button class up ct.hcd+="};\n\n"; @@ -289,6 +292,16 @@ void WocQtServerTransaction::genScripting(QtSTrans& ct) ); } +void WocQtServerTransaction::genLogCtrl(QtSTrans& ct) +{ + if(ct.trn.logMode()==WocTransaction::LogAll)return; + ct.hcd+=" protected:\n"; + if(ct.trn.logMode()&WocTransaction::NoLogRequest) + ct.hcd+="\tvirtual bool canLogRequest()const{return false;}\n"; + if(ct.trn.logMode()&WocTransaction::NoLogResponse) + ct.hcd+="\tvirtual bool canLogResponse()const{return false;}\n"; +} + QString WocQtServerTransaction::trnOutput(const WocTransaction&trn) { QString code; diff --git a/woc/qt/qtstrans.h b/woc/qt/qtstrans.h index 260cca1..656a59d 100644 --- a/woc/qt/qtstrans.h +++ b/woc/qt/qtstrans.h @@ -42,6 +42,8 @@ class WocQtServerTransaction:public WocQtTransaction void genSetters(QtSTrans&); ///helper: generate QtScript glue code void genScripting(QtSTrans&); + ///helper: generate log control + void genLogCtrl(QtSTrans&); }; #endif -- 1.7.2.5