Mercurial > pub > Impl
annotate Lib/IMPL/Web/Application/Action.pm @ 340:c090d9102a38
web application security refactoring
| author | cin |
|---|---|
| date | Fri, 21 Jun 2013 02:43:56 +0400 |
| parents | 97628101b765 |
| children | ec58c47edb52 |
| rev | line source |
|---|---|
| 52 | 1 package IMPL::Web::Application::Action; |
| 55 | 2 use strict; |
| 52 | 3 |
| 206 | 4 use Carp qw(carp); |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
5 use URI; |
| 321 | 6 use JSON; |
| 238 | 7 |
|
339
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
8 use IMPL::lang; |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
9 use IMPL::Const qw(:prop); |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
10 use IMPL::Web::CGIWrapper(); |
| 238 | 11 use IMPL::declare { |
|
339
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
12 require => { |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
13 Disposable => '-IMPL::Object::Disposable' |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
14 }, |
| 238 | 15 base => [ |
| 16 'IMPL::Object' => undef, | |
|
339
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
17 'IMPL::Object::Autofill' => '@_', |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
18 'IMPL::Object::Disposable' => undef |
| 238 | 19 ], |
| 20 props => [ | |
| 324 | 21 application => PROP_RW, |
| 340 | 22 security => PROP_RW, |
| 244 | 23 query => PROP_RO, |
| 321 | 24 context => PROP_RW, |
| 25 _jsonData => PROP_RW, | |
| 238 | 26 ] |
| 27 }; | |
| 55 | 28 |
| 65 | 29 sub CTOR { |
| 194 | 30 my ($this) = @_; |
| 244 | 31 |
| 32 $this->context({}); | |
| 340 | 33 $this->security($this->application->security->new()) |
| 34 if $this->application->security; | |
| 65 | 35 } |
|
63
76b878ad6596
Added serialization support for the IMPL::Object::List
wizard
parents:
62
diff
changeset
|
36 |
|
144
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
37 sub cookie { |
| 194 | 38 my ($this,$name,$rx) = @_; |
| 39 | |
| 40 $this->_launder(scalar( $this->query->cookie($name) ), $rx ); | |
|
144
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
41 } |
|
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
42 |
|
320
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
43 sub header { |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
44 my ($this,$header) = @_; |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
45 |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
46 $this->query->https ? $this->query->https($header) : $this->query->http($header); |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
47 } |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
48 |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
49 sub isSecure { |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
50 shift->query->https ? 1 : 0; |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
51 } |
|
28eba7e0c592
*web application action: added method to access HTTP request header.
sergey
parents:
268
diff
changeset
|
52 |
|
323
b56b1ec33b59
minor changes to support JSON in transformation from a query to an object
sergey
parents:
322
diff
changeset
|
53 sub isJson { |
|
b56b1ec33b59
minor changes to support JSON in transformation from a query to an object
sergey
parents:
322
diff
changeset
|
54 return shift->contentType =~ m{^application/json} ? 1 : 0; |
|
b56b1ec33b59
minor changes to support JSON in transformation from a query to an object
sergey
parents:
322
diff
changeset
|
55 } |
|
b56b1ec33b59
minor changes to support JSON in transformation from a query to an object
sergey
parents:
322
diff
changeset
|
56 |
|
144
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
57 sub param { |
| 194 | 58 my ($this,$name,$rx) = @_; |
| 59 | |
| 245 | 60 my $value; |
| 61 | |
| 62 if ( | |
| 63 $this->requestMethod eq 'GET' | |
| 64 or | |
| 321 | 65 $this->contentType eq 'multipart/form-data' |
| 245 | 66 or |
| 321 | 67 $this->contentType eq 'application/x-www-form-urlencoded' |
| 245 | 68 ) { |
| 69 $value = scalar( $this->query->param($name) ); | |
| 70 } else { | |
| 71 $value = scalar( $this->query->url_param($name) ); | |
| 72 } | |
| 73 | |
| 74 $this->_launder($value, $rx ); | |
|
144
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
75 } |
|
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
76 |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
77 sub urlParam { |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
78 my ($this,$name,$rx) = @_; |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
79 |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
80 $this->_launder(scalar( $this->query->url_param($name) ), $rx); |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
81 } |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
82 |
| 322 | 83 sub urlParams { |
| 84 shift->query->url_param(); | |
| 85 } | |
| 86 | |
|
256
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
87 sub rawData { |
| 321 | 88 my ($this, $decode) = @_; |
|
256
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
89 |
| 321 | 90 local $IMPL::Web::CGIWrapper::NO_DECODE = $decode ? 0 : 1; |
|
256
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
91 if ($this->requestMethod eq 'POST') { |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
92 return $this->query->param('POSTDATA'); |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
93 } elsif($this->requestMethod eq 'PUT') { |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
94 return $this->query->param('PUTDATA'); |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
95 } |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
96 } |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
97 |
| 321 | 98 sub jsonData { |
| 99 my ($this) = @_; | |
| 100 | |
|
323
b56b1ec33b59
minor changes to support JSON in transformation from a query to an object
sergey
parents:
322
diff
changeset
|
101 if ($this->isJson ) { |
| 321 | 102 my $data = $this->_jsonData; |
| 103 unless($data) { | |
| 104 $data = JSON->new()->decode($this->rawData('decode encoding')); | |
| 105 $this->_jsonData($data); | |
| 106 } | |
| 107 | |
| 108 return $data; | |
| 109 } | |
| 110 | |
| 111 return; | |
| 112 } | |
| 113 | |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
114 sub requestMethod { |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
115 my ($this) = @_; |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
116 return $this->query->request_method; |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
117 } |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
118 |
|
256
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
119 sub contentType { |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
120 return shift->query->content_type(); |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
121 } |
|
32aceba4ee6d
corrected ViewHandlers to handle cookies and headers.
sergey
parents:
245
diff
changeset
|
122 |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
123 sub pathInfo { |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
124 my ($this) = @_; |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
125 return $this->query->path_info; |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
126 } |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
127 |
| 238 | 128 sub baseUrl { |
| 129 my ($this) = @_; | |
| 130 | |
| 131 return $this->query->url(-base => 1); | |
| 132 } | |
| 133 | |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
134 sub applicationUrl { |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
135 shift->application->baseUrl; |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
136 } |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
137 |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
138 sub applicationFullUrl { |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
139 my ($this) = @_; |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
140 |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
141 return URI->new_abs($this->application->baseUrl, $this->query->url(-base => 1)); |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
142 } |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
143 |
|
268
4abda21186cd
*refactoring IMPL::Web: added 'application' property to resources
cin
parents:
266
diff
changeset
|
144 # creates an url that contains server, schema and path parts |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
145 sub CreateFullUrl { |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
146 my ($this,$path) = @_; |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
147 |
|
268
4abda21186cd
*refactoring IMPL::Web: added 'application' property to resources
cin
parents:
266
diff
changeset
|
148 return $path ? URI->new_abs($path,$this->applicationFullUrl) : $this->applicationFullUrl; |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
149 } |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
150 |
|
268
4abda21186cd
*refactoring IMPL::Web: added 'application' property to resources
cin
parents:
266
diff
changeset
|
151 # creates an url that contains only a path part |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
152 sub CreateAbsoluteUrl { |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
153 my ($this,$path) = @_; |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
154 |
|
268
4abda21186cd
*refactoring IMPL::Web: added 'application' property to resources
cin
parents:
266
diff
changeset
|
155 return $path ? URI->new_abs($path,$this->applicationUrl) : $this->applicationUrl; |
|
266
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
156 } |
|
89179bb8c388
*corrected TTView to handle plain (and undefined) values
cin
parents:
256
diff
changeset
|
157 |
|
144
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
158 sub _launder { |
| 194 | 159 my ($this,$value,$rx) = @_; |
| 160 | |
| 161 if ( $value ) { | |
| 162 if ($rx) { | |
| 163 if ( my @result = ($value =~ m/$rx/) ) { | |
| 164 return @result > 1 ? \@result : $result[0]; | |
| 165 } else { | |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
166 return; |
| 194 | 167 } |
| 168 } else { | |
| 169 return $value; | |
| 170 } | |
| 171 } else { | |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
172 return; |
| 194 | 173 } |
|
144
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
174 } |
|
b56ebc31bf18
Empty nodes no more created while transforming a post request to the DOM document
wizard
parents:
67
diff
changeset
|
175 |
|
339
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
176 sub Dispose { |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
177 my ($this) = @_; |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
178 |
| 340 | 179 $this->security->Dispose() |
| 180 if $this->security and $this->security->can('Dispose'); | |
| 181 | |
|
339
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
182 $_->Dispose() foreach grep is($_,Disposable), values %{$this->context}; |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
183 |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
184 $this->next::method(); |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
185 } |
|
97628101b765
refactoring: application now holds a security object factory rather than a security object
cin
parents:
324
diff
changeset
|
186 |
| 52 | 187 1; |
| 188 | |
| 189 __END__ | |
| 190 | |
| 191 =pod | |
| 192 | |
| 67 | 193 =head1 NAME |
| 194 | |
| 180 | 195 C<IMPL::Web::Application::Action> - Обертка вокруг C<CGI> запроса. |
| 67 | 196 |
| 52 | 197 =head1 DESCRIPTION |
| 198 | |
| 67 | 199 C<[Infrastructure]> |
| 206 | 200 Свзяывет CGI запрос, приложение, орабатывающее его и ответ, который будет отправлен клиенту. |
| 52 | 201 |
| 67 | 202 =head1 MEMBERS |
| 203 | |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
204 =head2 C<CTOR(%args)> |
| 67 | 205 |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
206 Инициализирует новый экземпляр. Именованными параметрами передаются значения |
|
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
207 свойств. |
| 67 | 208 |
|
229
47f77e6409f7
heavily reworked the resource model of the web application:
sergey
parents:
206
diff
changeset
|
209 =head2 C< [get]application> |
| 67 | 210 |
| 180 | 211 Экземпляр приложения создавшего текущий объект |
| 67 | 212 |
| 213 =item C< [get] query > | |
| 214 | |
| 180 | 215 Экземпляр C<CGI> запроса |
| 67 | 216 |
| 217 =back | |
| 218 | |
| 219 | |
| 180 | 220 =cut |