Supporting custom contentTypes for service invoker

merge-requests/7/head
Rasika Perera 8 years ago
parent 036ed6fe41
commit b8f623e04a

@ -27,6 +27,12 @@ var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var serviceInvokers = require("/app/modules/oauth/token-protected-service-invokers.js")["invokers"]; var serviceInvokers = require("/app/modules/oauth/token-protected-service-invokers.js")["invokers"];
if (uriMatcher.match("/{context}/api/invoker/execute/")) { if (uriMatcher.match("/{context}/api/invoker/execute/")) {
//NOTE: We are only interested in Content-Type headers. Appending all request headers to the back-end call
// will cause unforeseen security issues.
var contentType = request.getHeader(constants.CONTENT_TYPE_IDENTIFIER);
var requestHeaders = [];
requestHeaders.push({"name": constants.CONTENT_TYPE_IDENTIFIER, "value" : contentType});
var restAPIRequestDetails = request.getContent(); var restAPIRequestDetails = request.getContent();
var requestMethod = restAPIRequestDetails["requestMethod"]; var requestMethod = restAPIRequestDetails["requestMethod"];
@ -57,7 +63,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
if (restAPIResponse["responseText"]) { if (restAPIResponse["responseText"]) {
response["content"] = restAPIResponse["responseText"]; response["content"] = restAPIResponse["responseText"];
} }
} },
requestHeaders
); );
break; break;
case constants["HTTP_POST"]: case constants["HTTP_POST"]:
@ -69,7 +76,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
if (restAPIResponse["responseText"]) { if (restAPIResponse["responseText"]) {
response["content"] = restAPIResponse["responseText"]; response["content"] = restAPIResponse["responseText"];
} }
} },
requestHeaders
); );
break; break;
case constants["HTTP_PUT"]: case constants["HTTP_PUT"]:
@ -81,7 +89,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
if (restAPIResponse["responseText"]) { if (restAPIResponse["responseText"]) {
response["content"] = restAPIResponse["responseText"]; response["content"] = restAPIResponse["responseText"];
} }
} },
requestHeaders
); );
break; break;
case constants["HTTP_DELETE"]: case constants["HTTP_DELETE"]:
@ -92,13 +101,17 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
if (restAPIResponse["responseText"]) { if (restAPIResponse["responseText"]) {
response["content"] = restAPIResponse["responseText"]; response["content"] = restAPIResponse["responseText"];
} }
} },
requestHeaders
); );
break; break;
} }
} catch (e) { } catch (e) {
//Since this is an API we'll log the error message.
log.error(e.message); // JavaScript error message
log.error(e.stack); // Executed JavaScript file stack
throw new Error("Exception occurred while trying to access " + throw new Error("Exception occurred while trying to access " +
"backend REST API services from Jaggery API invoker layer", e); "backend REST API services from Jaggery API invoker layer", e);
} }
} }
%> %>

@ -73,11 +73,26 @@ var invokers = function () {
var xmlHttpRequest = new XMLHttpRequest(); var xmlHttpRequest = new XMLHttpRequest();
xmlHttpRequest.open(httpMethod, endpoint); xmlHttpRequest.open(httpMethod, endpoint);
var contentTypeFound = false;
var acceptTypeFound = false;
for (var i in headers) { for (var i in headers) {
xmlHttpRequest.setRequestHeader(headers[i].name, headers[i].value); xmlHttpRequest.setRequestHeader(headers[i].name, headers[i].value);
if(constants["CONTENT_TYPE_IDENTIFIER"] == headers[i].name){
contentTypeFound = true;
}
if(constants["ACCEPT_IDENTIFIER"] == headers[i].name){
acceptTypeFound = true;
}
}
if (!contentTypeFound) {
xmlHttpRequest.setRequestHeader(constants["CONTENT_TYPE_IDENTIFIER"], constants["APPLICATION_JSON"]);
}
if (!acceptTypeFound) {
xmlHttpRequest.setRequestHeader(constants["ACCEPT_IDENTIFIER"], constants["APPLICATION_JSON"]);
} }
xmlHttpRequest.setRequestHeader(constants["CONTENT_TYPE_IDENTIFIER"], constants["APPLICATION_JSON"]);
xmlHttpRequest.setRequestHeader(constants["ACCEPT_IDENTIFIER"], constants["APPLICATION_JSON"]);
if (devicemgtProps["isOAuthEnabled"]) { if (devicemgtProps["isOAuthEnabled"]) {
var accessToken = privateMethods.getAccessToken(); var accessToken = privateMethods.getAccessToken();
@ -284,23 +299,37 @@ var invokers = function () {
//noinspection JSUnresolvedVariable //noinspection JSUnresolvedVariable
var Header = Packages.org.apache.commons.httpclient.Header; var Header = Packages.org.apache.commons.httpclient.Header;
var contentTypeFound = false;
var acceptTypeFound = false;
for (var i in headers) { for (var i in headers) {
var header = new Header(); var header = new Header();
header.setName(headers[i].name); header.setName(headers[i].name);
header.setValue(headers[i].value); header.setValue(headers[i].value);
httpMethodObject.addRequestHeader(header); httpMethodObject.addRequestHeader(header);
if(constants["CONTENT_TYPE_IDENTIFIER"] == headers[i].name){
contentTypeFound = true;
}
if(constants["ACCEPT_IDENTIFIER"] == headers[i].name){
acceptTypeFound = true;
}
} }
var header = new Header(); var header = new Header();
header.setName(constants["CONTENT_TYPE_IDENTIFIER"]); if(!contentTypeFound){
header.setValue(constants["APPLICATION_JSON"]); header.setName(constants["CONTENT_TYPE_IDENTIFIER"]);
//noinspection JSUnresolvedFunction header.setValue(constants["APPLICATION_JSON"]);
httpMethodObject.addRequestHeader(header); //noinspection JSUnresolvedFunction
header = new Header(); httpMethodObject.addRequestHeader(header);
header.setName(constants["ACCEPT_IDENTIFIER"]); }
header.setValue(constants["APPLICATION_JSON"]);
//noinspection JSUnresolvedFunction if(!acceptTypeFound) {
httpMethodObject.addRequestHeader(header); header = new Header();
header.setName(constants["ACCEPT_IDENTIFIER"]);
header.setValue(constants["APPLICATION_JSON"]);
//noinspection JSUnresolvedFunction
httpMethodObject.addRequestHeader(header);
}
if (devicemgtProps["isOAuthEnabled"]) { if (devicemgtProps["isOAuthEnabled"]) {
var accessToken = privateMethods.getAccessToken(); var accessToken = privateMethods.getAccessToken();

Loading…
Cancel
Save