admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a6585ef3f086a161b056805cd854ffa25deb9042
Facilitor/APPL/API/api.inc
Jos Groot Lipman b2393b2a65 FSN#33722 API1 ook basic authenticatie 
svn path=/Website/trunk/; revision=26418
2015-09-21 14:04:28 +00:00

142 lines
4.1 KiB
C++
Raw Blame History

<% /*
$Revision$
$Id$
File: api.inc
Description: Functies voor API's
Notes:
*/
function API_func()
{
this.APIname = getQParam("API");
var sql = "SELECT *"
+ " FROM fac_api"
+ " WHERE fac_api_name = " + safe.quoted_sql(this.APIname);
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
{
this.error("Invalid API: " + this.APIname);
oRs.Close();
Response.End;
}
if (user_key < 0)
{
this.APIKEY = getQParam("APIKEY", "");
if (!this.APIKEY && S("basic_auth_realm"))
{
Response.Status = "401 Unauthorized";
Response.AddHeader("WWW-Authenticate", "Basic realm=\"" + S("basic_auth_realm") + "\"");
Response.End;
}
else
{
var sql2 = "SELECT prs_perslid_key, prs_perslid_naam"
+ " FROM prs_perslid"
+ " WHERE prs_perslid_apikey = " + safe.quoted_sql(this.APIKEY)
+ " AND prs_perslid_verwijder IS NULL"; // Eigenlijk zou de trigger APIKEY moeten wissen bij verwijderen
var oRs2 = Oracle.Execute(sql2);
if (oRs2.Eof)
{
this.error("Invalid APIKEY: " + this.APIKEY);
oRs2.Close();
Response.End;
};
__Log("API User is: " + oRs2("prs_perslid_naam"));
user_key = oRs2("prs_perslid_key").Value;
oRs2.Close();
}
}
this.apidata =
{
APIname: this.APIname,
APIKEY: this.APIKEY,
file: oRs("fac_api_filepath").Value,
prs_perslid_key: user_key,
loglevel: oRs("fac_api_loglevel").Value,
usrrap_key: oRs("fac_usrrap_key").Value,
stylesheet: oRs("fac_api_stylesheet").Value,
import_app_key: oRs("fac_import_app_key").Value
};
try
{
this.apidata.options = eval("("+oRs("fac_api_options_json").Value+")");
}
catch (e)
{
__DoLog(e);
this.error("Invalid api 'options': " + e.description);
}
try
{
this.apidata.viewmapping = eval("("+oRs("fac_api_viewmapping_json").Value+")");
}
catch (e)
{
this.error("Invalid api 'viewmapping': " + e.description);
}
oRs.Close();
// Wij doen niets met eventuele prs_perslid_key; dat doet loginTry.asp maar voor ons
}
API_func.prototype.error = function (msg)
{
if (JSON_Result && JSON) // Merk op dat 'invalid APIKEY' al door /default.asp
{ // is onderschept en dus niet hier komt.
Response.Write(JSON.stringify({ success: false, message: msg }));
}
else
{
Response.Status = "500 Internal server error"; // 500_error.asp blijkt hier niet op in te grijpen
Response.Write(safe.html(msg));
// Op productie zie je bovenstaande Response.Write ook niet terug in Fiddler omdat
// 'detailed error messages' uit staat. Daarom ook maar loggen voor het gemak.
__DoLog(safe.html(msg), "ff0000");
}
Response.End;
}
// LET OP: Verwacht wordt dat de JSON-code in de body utf-8 encoded is, niet windows-1252!
// (in de praktijk moet je *moeite* doen om windows-1252 te krijgen dus dit is handiger)
function RequestJSON()
{
var jvraag;
if(Request.TotalBytes > 0)
{
var lngBytesCount = Request.TotalBytes;
jvraag = BytesToStr(Request.BinaryRead(lngBytesCount));
}
__Log("Vraag: " + jvraag);
try
{
var vraag = myJSON.parse(jvraag);
}
catch (e)
{
__DoLog("eval faalt met: {0}<br>{1}".format(e.description, jvraag), "ffff00");
return null;
}
return vraag;
}
function BytesToStr(bytes)
{
var stream = Server.CreateObject("ADODB.STREAM");
stream.type = 1;
stream.open;
stream.write(bytes);
stream.position = 0;
stream.type = 2; // Text
stream.charset = "utf-8";
var sOut = stream.readtext();
stream.close;
return sOut;
}
%>
View Git Blame Copy Permalink