metamug / mason Goto Github PK
View Code? Open in Web Editor NEWREST APIs with JSP tags, SQL and much more.
Home Page: https://metamug.github.io/mason
License: Other
REST APIs with JSP tags, SQL and much more.
Home Page: https://metamug.github.io/mason
License: Other
some of my resources need to call other resources and use their output. I can use xrequest to achieve this but is there a better way to do this ?
How can we execute some logic. Using scriptlets would be a bad idea. What is the preferred mechanism for it ?
The router should hold the configuration to work with the datasource.
<filter>
<filter-name>Router</filter-name>
<filter-class>com.metamug.mason.Router</filter-class>
<init-param>
<param-name>datasource</param-name>
<param-value>mason-ds</param-value>
</init-param>
</filter>
Here's an example of how to achieve this.
http://www.java2s.com/Tutorial/Java/0400__Servlet/ServletFilterInitParameter.htm
When I try to pass the JSON in form body, the JSON is flattened. Can't use the flattened JSON in SQL nor Code Execution.
eg- form-body
{"foo":{"bar":123}}
is then converted to
{"foo.bar":123}
Build tag libraries for XRequest. https://metamug.com/docs/xrequest.php
Users from different countries may have requirement to receive API response in their native language.
Need to design a system that makes use of Accept-Language header to return the response payload in desired language.
Check this link
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
Currently, the resources are kept directly in under /WEB-INF/resources. This may conflict with other top level folders in WEB-INF. Also other folders will be created for mason.
Ideally it should be
/WEB-INF/mason/resources
/WEB-INF/mason/sql.properties
JSON data must not be encapsulated in a string. It should be converted to json. Just like other data types are converted e.g. int, float, boolean
index-filter--->authentication-filter--->resource-filter
All these filters will contain special logic if they don't meet chain.doFilter
Right now all the code seems to be stuffed into rest router. F ilter chaining will cut short
so if its a root filter it will check for index, docs, and method calls on the root.
if not, it chains to the next filter that is authentication filter.
if that fails it will return an error. or if that passes it will take to resource-filter. To resolve which resource is requested and resolve that.
Initialize
<servlet>
<servlet-name>Router</servlet-name>
<init-param>
<param-name>MTG_AUTH_BASIC</param-name>
<param-value>
<![CDATA[
select r.user_id,r.role_name
from usr_role r inner join usr u on r.user_id=u.user_id
WHERE u.user_name=$user AND u.pass_word=$pass
]]>
</param-value>
</init-param>
<init-param>
<param-name>MTG_AUTH_BEARER</param-name>
<param-value>
<![CDATA[
SELECT r.user_id as sub,r.role_name as aud
FROM usr_role r inner join usr u on r.user_id=u.user_id
WHERE u.user_name=$user AND u.pass_word=$pass
]]>
</param-value>
</init-param>
</servlet>
cors won’t allow them to access web apps on other domain. Cors config should be part of response. Based on context param. It will be set in ResourceTag
Forbidden error for normal request
https://gist.github.com/d3ep4k/b81577e517f7ddd5697515c51baeb808
The entry point servlets need Mockito.
https://stackoverflow.com/questions/5434419/how-to-test-my-servlet-using-junit
Jwt tokens live as long as they are valid. Need a mechanism to forcibly invalidate them.
The response part is common across all the methods, get(), post(), put(), delete(). Separate that out.
Also, okhttpclient object should be an instance variable of the class. Its repeated in each method.
Follow the same for other service classes.
Resource file exists check in each resource request. It works well when it's a 404. But for a normal request which is mostly the case, this check seems extra. It should let the container handle the 404.
Does it support HEAD and PATCH Requests?
This will not let the connection pool free up the connection.
Can lead to this error ORA-01000: maximum open cursors exceeded
https://stackoverflow.com/a/104123/1097600
Forbidden error for normal request
https://gist.github.com/d3ep4k/b81577e517f7ddd5697515c51baeb808
Setting up data for jsp should be done from the router. e.g. setting up content type, setting output map etc.
Null check is not performed before the value is accessed.
{
"sub": "1",
"aud": "baz",
"iss": "mason.metamug.net",
"exp": 1561449866,
"iat": 1553654066094,
"jti": "81cd5a36-fefb-4407-996e-b74939cd9faf"
}
"iat": 1553654066**094**
this is extra
Describe the bug
I tried using the UploadEvent feature to process file that I've uploaded. But every time I hit API to upload the file it returns 512. Described below steps to reproduce the error.
To Reproduce
Steps to reproduce the behavior:
Here is the error message I get:
System Info:
Is there a way to insert/update multiple records in the database by sending JSON in the request?
I have requirement where the json structure should look like
{
"data":[],
"message":"There is no data available",
"timestamp":1534861617520,
"status":false
}
Is there any provision to set my own template, so I can get all data in an attribute? I would like this structure to be retained even in case of an error.
the security Key says "FREE_MASON"
but this needs to be configurable
can he mention this in context
The endpoint gives 404 error message. Even when the JSP is generated correctly.
Is there a way when doing a post request we get 201 as response code and /customer/{id}
There is a delay in response occasionally and following logs are obtained
[http-nio-8080-exec-2] WARN com.zaxxer.hikari.pool.PoolBase - masonSamplePool - Failed to validate connection com.mysql.cj.jdbc.ConnectionImpl@3ad981f9 (No operations allowed after connection closed.). Possibly consider using a shorter maxLifetime value.
<m:request method="GET">
<sql:query var="result" dataSource="${datasource}"> SELECT * from customer </sql:query>
<c:set target="${masonOutput}" property="getReq1" value="${result}"/>
</m:request>
How can I pass the result to code execute
tag?
Currently mason doesn’t allow a mechanism to reuse queries. I have to rewrite same queries multiple times in different resources and may be in same resource for different methods.
Disable HTTP sessions and cookies.
https://stackoverflow.com/a/2256073/1097600
Since most servlet containers come with this feature preconfigured. They need to be disabled.
Container specific configuration is out of the scope of this issue. But within the JSP/servlet/Java Code, the issue can be addressed.
when parsing GET request {"message":"Could not parse the body of the request according to the provided Content-Type.","status":422}
Fix Security Issue due to use of Statement.
Loading Queries don't need a context listener. They can be loaded when the router gets initialized(servlet init method). This will save an extra configuration in web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<Resource xmlns="http://xml.metamug.net/resource/1.0" v="1.0">
<Request method="GET">
<XRequest id="testReq" url="https://jsonplaceholder.typicode.com/todos/1"
method="GET" persist="false" >
<Header name="Accept" value="application/json" />
</XRequest>
<Query>select $header.Server </Query>
</Request>
</Resource>
The above resource returns
{"message":"/WEB-INF/resources/v1.0/z.jsp (line: [6], column: [136]) Unterminated [<mtg:xrequest] tag","status":422}
So in router, set an attribute request.setAttribute("isRequestHandled", "false")
Check it in each request tag handler and set it to true if handled.
https://refactoring.com/catalog/replaceNestedConditionalWithGuardClauses.html
Single result output is wrapped inside an extra array which is unnecessary:
‘’’
[
[
{
"customer_name": "Adam Smith",
"customer_id": 1
},
{
"customer_name": "John Doe",
"customer_id": 2
}
]
]
‘’’
Implement JWT authentication with queries. https://metamug.com/docs/auth.php#token-based-auth
Refactor Mason request creation with a factory and use parameter extraction strategy inside the factory to build the object.
I cannot include mason as dependency in my maven project. Can someone please put this on maven central repo.
Is there a way to persist the inserted record id and use it in the later tags?
User should be able to configure the endpoint for REST API created using Mason.
Currently, the generated endpoint looks like
(eg: /appname/v1.0/customer)
The user should be able to add a custom path after his app name
(eg: /appname/api/v1.0/customer)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.