metamug / mason Goto Github PK

some of my resources need to call other resources and use their output. I can use xrequest to achieve this but is there a better way to do this ?

How can we execute some logic. Using scriptlets would be a bad idea. What is the preferred mechanism for it ?

The router should hold the configuration to work with the datasource.

<filter>
  <filter-name>Router</filter-name>
  <filter-class>com.metamug.mason.Router</filter-class>
  <init-param>
    <param-name>datasource</param-name>
    <param-value>mason-ds</param-value>
  </init-param>
</filter>

Here's an example of how to achieve this.
http://www.java2s.com/Tutorial/Java/0400__Servlet/ServletFilterInitParameter.htm

When I try to pass the JSON in form body, the JSON is flattened. Can't use the flattened JSON in SQL nor Code Execution.

eg- form-body

{"foo":{"bar":123}}

is then converted to

{"foo.bar":123}

Build tag libraries for XRequest. https://metamug.com/docs/xrequest.php

Users from different countries may have requirement to receive API response in their native language.

Need to design a system that makes use of Accept-Language header to return the response payload in desired language.

Check this link
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language

Currently, the resources are kept directly in under /WEB-INF/resources. This may conflict with other top level folders in WEB-INF. Also other folders will be created for mason.

Ideally it should be

/WEB-INF/mason/resources
/WEB-INF/mason/sql.properties

JSON data must not be encapsulated in a string. It should be converted to json. Just like other data types are converted e.g. int, float, boolean

index-filter--->authentication-filter--->resource-filter

All these filters will contain special logic if they don't meet chain.doFilter
Right now all the code seems to be stuffed into rest router. F ilter chaining will cut short
so if its a root filter it will check for index, docs, and method calls on the root.
if not, it chains to the next filter that is authentication filter.
if that fails it will return an error. or if that passes it will take to resource-filter. To resolve which resource is requested and resolve that.

Initialize

<servlet>
     <servlet-name>Router</servlet-name>
     <init-param>
         <param-name>MTG_AUTH_BASIC</param-name>
         <param-value>
         <![CDATA[
             select r.user_id,r.role_name 
             from usr_role r inner join usr u on r.user_id=u.user_id 
             WHERE u.user_name=$user AND u.pass_word=$pass
         ]]>
         </param-value>
     </init-param>
     <init-param>
         <param-name>MTG_AUTH_BEARER</param-name>
         <param-value>
         <![CDATA[
             SELECT r.user_id as sub,r.role_name as aud 
             FROM usr_role r inner join usr u on  r.user_id=u.user_id 
             WHERE u.user_name=$user AND u.pass_word=$pass
         ]]>
         </param-value>
     </init-param>
</servlet>

https://stackoverflow.com/a/28393315/1097600

cors won’t allow them to access web apps on other domain. Cors config should be part of response. Based on context param. It will be set in ResourceTag

Forbidden error for normal request

https://gist.github.com/d3ep4k/b81577e517f7ddd5697515c51baeb808

The entry point servlets need Mockito.

https://stackoverflow.com/questions/5434419/how-to-test-my-servlet-using-junit

Jwt tokens live as long as they are valid. Need a mechanism to forcibly invalidate them.

The response part is common across all the methods, get(), post(), put(), delete(). Separate that out.
Also, okhttpclient object should be an instance variable of the class. Its repeated in each method.

https://github.com/metamug/mason/blob/develop/src/main/java/com/metamug/mason/services/XRequestService.java

Follow the same for other service classes.

Resource file exists check in each resource request. It works well when it's a 404. But for a normal request which is mostly the case, this check seems extra. It should let the container handle the 404.

Does it support HEAD and PATCH Requests?

This will not let the connection pool free up the connection.

Can lead to this error ORA-01000: maximum open cursors exceeded
https://stackoverflow.com/a/104123/1097600

Forbidden error for normal request
https://gist.github.com/d3ep4k/b81577e517f7ddd5697515c51baeb808

Setting up data for jsp should be done from the router. e.g. setting up content type, setting output map etc.

Null check is not performed before the value is accessed.

{
"sub": "1",
"aud": "baz",
"iss": "mason.metamug.net",
"exp": 1561449866,
"iat": 1553654066094,
"jti": "81cd5a36-fefb-4407-996e-b74939cd9faf"
}

"iat": 1553654066**094** this is extra

Describe the bug
I tried using the UploadEvent feature to process file that I've uploaded. But every time I hit API to upload the file it returns 512. Described below steps to reproduce the error.

To Reproduce
Steps to reproduce the behavior:

1. Create a backend.
2. Upload a maven project containing a class that implements UploadListener interface
3. Create a Resource file containing a POST request.
4. Try uploading a file on the resource created at Step 3.

Here is the error message I get:

System Info:

• OS: Win-8.1x64
• Metamug Version: 0.6.1

The user should be able to configure the URL endpoints #25 where they can obtain the bearer token and also invalidate #24 them.

Is there a way to insert/update multiple records in the database by sending JSON in the request?

I have requirement where the json structure should look like

{   
    "data":[],
    "message":"There is no data available",
    "timestamp":1534861617520,
    "status":false
}

Is there any provision to set my own template, so I can get all data in an attribute? I would like this structure to be retained even in case of an error.

https://github.com/metamug/mason/blob/develop/src/main/java/com/metamug/mason/entity/auth/JWebToken.java

the security Key says "FREE_MASON"
but this needs to be configurable
can he mention this in context

The endpoint gives 404 error message. Even when the JSP is generated correctly.

Is there a way when doing a post request we get 201 as response code and /customer/{id}

There is a delay in response occasionally and following logs are obtained

[http-nio-8080-exec-2] WARN com.zaxxer.hikari.pool.PoolBase - masonSamplePool - Failed to validate connection com.mysql.cj.jdbc.ConnectionImpl@3ad981f9 (No operations allowed after connection closed.). Possibly consider using a shorter maxLifetime value.

<m:request method="GET">
       <sql:query var="result" dataSource="${datasource}"> SELECT * from customer </sql:query>  
       <c:set target="${masonOutput}" property="getReq1" value="${result}"/>
</m:request>

How can I pass the result to code execute tag?

Currently mason doesn’t allow a mechanism to reuse queries. I have to rewrite same queries multiple times in different resources and may be in same resource for different methods.

Disable HTTP sessions and cookies.
https://stackoverflow.com/a/2256073/1097600

Since most servlet containers come with this feature preconfigured. They need to be disabled.
Container specific configuration is out of the scope of this issue. But within the JSP/servlet/Java Code, the issue can be addressed.

Is it possible to perform integration tests?

https://zsoltfabok.com/blog/2012/08/embedded-web-services-for-testing/
https://www.baeldung.com/maven-integration-test
https://www.eclipse.org/jetty/documentation/9.4.x/jetty-maven-plugin.html

when parsing GET request {"message":"Could not parse the body of the request according to the provided Content-Type.","status":422}

Fix Security Issue due to use of Statement.

Loading Queries don't need a context listener. They can be loaded when the router gets initialized(servlet init method). This will save an extra configuration in web.xml

<?xml version="1.0" encoding="UTF-8" ?>
<Resource xmlns="http://xml.metamug.net/resource/1.0" v="1.0">
<Request method="GET">
      <XRequest id="testReq" url="https://jsonplaceholder.typicode.com/todos/1"
                         method="GET" persist="false" >
             <Header name="Accept" value="application/json" />                
      </XRequest>
  	  <Query>select $header.Server </Query>  
</Request>
</Resource>

The above resource returns

{"message":"/WEB-INF/resources/v1.0/z.jsp (line: [6], column: [136]) Unterminated [<mtg:xrequest] tag","status":422}

So in router, set an attribute request.setAttribute("isRequestHandled", "false")

Check it in each request tag handler and set it to true if handled.
https://refactoring.com/catalog/replaceNestedConditionalWithGuardClauses.html

Single result output is wrapped inside an extra array which is unnecessary:
‘’’
[
[
{
"customer_name": "Adam Smith",
"customer_id": 1
},
{
"customer_name": "John Doe",
"customer_id": 2
}
]
]
‘’’

Implement JWT authentication with queries. https://metamug.com/docs/auth.php#token-based-auth

Refactor Mason request creation with a factory and use parameter extraction strategy inside the factory to build the object.

I cannot include mason as dependency in my maven project. Can someone please put this on maven central repo.

Is there a way to persist the inserted record id and use it in the later tags?

User should be able to configure the endpoint for REST API created using Mason.
Currently, the generated endpoint looks like
(eg: /appname/v1.0/customer)

The user should be able to add a custom path after his app name
(eg: /appname/api/v1.0/customer)