-
Notifications
You must be signed in to change notification settings - Fork 0
/
controller.xql
183 lines (168 loc) · 8.07 KB
/
controller.xql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
xquery version "3.0";
import module namespace request="http://exist-db.org/xquery/request";
import module namespace login="http://exist-db.org/xquery/login" at "resource:org/exist/xquery/modules/persistentlogin/login.xql";
import module namespace config="http://apps.jmmc.fr/exist/apps/oidb/config" at "modules/config.xqm";
import module namespace restxq="http://exist-db.org/xquery/restxq" at "modules/restxq.xql";
import module namespace app="http://apps.jmmc.fr/exist/apps/oidb/templates" at "modules/app.xql";
import module namespace adql="http://apps.jmmc.fr/exist/apps/oidb/adql" at "modules/adql.xql";
import module namespace flash="http://apps.jmmc.fr/exist/apps/oidb/flash" at "modules/flash.xqm";
import module namespace jmmc-auth="http://exist.jmmc.fr/jmmc-resources/auth";
declare variable $exist:path external;
declare variable $exist:resource external;
declare variable $exist:controller external;
declare variable $exist:prefix external;
declare variable $exist:root external;
declare variable $domain := "fr.jmmc.oidb.login";
declare variable $login-max-age := xs:dayTimeDuration("P7D");
(: call login function before any use of protected code :)
(: app:user-admin() and app:user-allowed() uses this attributes :)
(: moving to 5.2 requires an additional call in our restxq module :)
(: TODO check if we can move/hide it in app module :)
declare variable $login := function () {
if ( request:get-parameter('logout', false()) ) then
(: let $store-flash := flash:info(<span xmlns="http://www.w3.org/1999/xhtml">You have successfully logged out.</span>) :)
let $set-user := login:set-user($domain, $login-max-age, false())
(: next lines throws a 500 Error moving to existdb 5 ... how can we get this feature back ? :)
(: let $do := flash:info(<span xmlns="http://www.w3.org/1999/xhtml">You have successfully logged out.</span>):)
return ()
else
let $set-user := login:set-user($domain, $login-max-age, false())
(: could sm:id() better replace request attribute ?? :)
let $user := request:get-attribute($domain || '.user')
let $superuser := request:set-attribute($domain || '.superuser', $user and jmmc-auth:check-credential($user, 'oidb'))
let $assert := util:eval(xs:anyURI('./modules/assert.xql'))
return ()
};
declare variable $cookie-agreement :=
let $cookie-name := "cookie-agreement" (: TODO move as config constant :)
return if ( exists(request:get-cookie-value($cookie-name)))
then
request:set-attribute($cookie-name, "true")
else if( exists(request:get-parameter('i_agree_to_conditions', ())) )
then
(
response:set-cookie($cookie-name,util:uuid(), xs:yearMonthDuration('P10Y'), false()),
request:set-attribute($cookie-name, "true")
)
else
();
(: we use following variable to simplifiy double proxy case (traefik on top of haproxy)... :)
let $exist-path := replace($exist:path, "//", "/")
let $store-res-name := request:set-attribute("exist:path", $exist:path)
return
if($exist:path eq '') then
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<redirect url="{concat(request:get-uri(), '/')}"/>
</dispatch>
else if($exist:path eq '/rss') then
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<forward url="rss.xql"/>
</dispatch>
else if ($exist:path eq "/") then
(: redirect root path to index.html :)
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<redirect url="index.html"/>
</dispatch>
else if ($exist:path eq '//') then
(: Special case for two level proxies :)
(: forward root path to /index.html :)
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<forward url="{$exist:controller}/index.html"/>
<view>
<forward url="{$exist:controller}/modules/view.xql"/>
</view>
</dispatch>
else if ($exist:path = ("/search.html", "/catalogs.html") and request:get-method() = 'POST') then
(: interception of POST requests from search page :)
(: serialize from form elements and redirect (303 See Other) :)
let $query-string := adql:to-query-string(app:serialize-query-string())
let $location := if($query-string = '') then '.' || $exist:path else '.' || $exist:path || '?' || $query-string
return (
response:set-status-code(303),
response:set-header('Location', $location)
)
else if (starts-with($exist-path, '/restxq/oidb')) then
let $login := $login()
let $path := substring-after($exist-path, '/restxq')
let $prefix := tokenize($exist-path, '[^a-zA-Z]')[4]
let $module-uri := 'http://apps.jmmc.fr/exist/apps/oidb/restxq/' || $prefix
let $location := 'modules/rest/' || $prefix || '.xqm'
return if (util:binary-doc-available($config:app-root || '/' || $location)) then
(
if (starts-with($exist-path, "/restxq/oidb/user") and not(app:user-admin()))
then
(
response:set-status-code(403), (: Forbidden :)
<response>your are missing the superadmin permission</response>
)
else
(
util:import-module($module-uri, $prefix, $location),
restxq:process($path, util:list-functions($module-uri))
)
)
else
(
response:set-status-code(400), (: Bad Request :)
<response>Unknown RESTXQ path</response>
)
(: login of user via AJAX :)
else if ($exist:resource eq 'login') then
let $login := $login()
return <status> {
if (app:user-allowed()) then
'success'
else
( response:set-status-code(401), 'fail' )
} </status>
else if (ends-with($exist:resource, ".html")) then
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
{
$login(),
if ($exist:path = ( '/submit.html', '/upload-vizier.html', '/upload.html', '/backoffice.html' )) then
if (not(app:user-allowed())) then
(: unknown user, log in first :)
<forward url="{$exist:controller}/login.html"/>
else if ($exist:path = '/backoffice.html' and not(app:user-admin())) then
(
(: no credentials for the page :)
flash:error(<span xmlns="http://www.w3.org/1999/xhtml"><strong>Access denied!</strong> You are not authorized to access the requested page.</span>),
<redirect url="index.html"/>
)
else
(: user logged in, can proceeed to page :)
()
else
(: no authentication required :)
()
}
<view>
<forward url="{$exist:controller}/modules/view.xql">
<set-header name="Cache-Control" value="no-cache, no-store, must-revalidate"/>
<set-header name="Pragma" value="no-cache"/>
<set-header name="Expires" value="0"/>
</forward>
</view>
<error-handler>
<forward url="{$exist:controller}/error-page.html" method="get"/>
<forward url="{$exist:controller}/modules/view.xql"/>
</error-handler>
</dispatch>
(: Resource paths starting with $shared are loaded from the shared-resources app :)
else if (contains($exist:path, "/$shared/")) then
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<forward url="/shared-resources/{substring-after($exist:path, '/$shared/')}">
<set-header name="Cache-Control" value="max-age=3600, must-revalidate"/>
</forward>
</dispatch>
else
(: everything else is passed through :)
(
response:set-header("debug-resource", $exist:resource),
response:set-header("debug-path", $exist:path),
response:set-header("debug-controller", $exist:controller),
response:set-header("debug-uri", request:get-uri()),
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<cache-control cache="yes"/>
</dispatch>
)