-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathGHttpsRestSvrJWTPrj_1.dpr
More file actions
216 lines (192 loc) · 6.48 KB
/
GHttpsRestSvrJWTPrj_1.dpr
File metadata and controls
216 lines (192 loc) · 6.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
program GHttpsRestSvrJWTPrj_1;
{$APPTYPE CONSOLE}
uses
System.SysUtils,
System.Classes,
System.JSON,
GHTTPConstants in 'GHTTPConstants.pas',
HTTPRequest in 'HTTPRequest.pas',
HTTPResponseBuilder in 'HTTPResponseBuilder.pas',
HttpServerUtils in 'HttpServerUtils.pas',
Logger in 'Logger.pas',
GHTTPSServer in 'GHTTPSServer.pas',
GHTTPServer in 'GHTTPServer.pas',
OpenSSLWrapper in 'OpenSSLWrapper.pas';
type
TGHttpsJWTServer = class
private
FServer: TGHTTPSServer;
HttpLogger : THttpLogger;
public
constructor Create;
destructor Destroy; override;
procedure Start;
procedure HandleTokenRequest(Sender: TObject;
ARequestParser: THTTPRequestParser;
AResponseBuilder: THTTPResponseBuilder;
AServer: TGHTTPServer);
procedure HandleProtectedEndpoint(Sender: TObject;
ARequestParser: THTTPRequestParser;
AResponseBuilder: THTTPResponseBuilder;
AServer: TGHTTPServer);
end;
var
Application: TGHttpsJWTServer;
constructor TGHttpsJWTServer.Create;
begin
inherited Create;
HttpLogger := THttpLogger.Create();
HttpLogger.OnNewLogLineProc :=
procedure(Sender: TObject; const LogLine: string)
begin
WriteLn(LogLine);
end;
FServer := TGHTTPSServer.Create(nil, 8443, 200, HttpLogger);
FServer.ConfigureJWT('1234567890abc', 'GHttpsJWTServer', 60);
FServer.AddEndpoint('/api/token', 'POST', HandleTokenRequest, atNone, []);
FServer.AddEndpoint('/api/autotest', 'GET', HandleProtectedEndpoint, atJWTBearer, []);
end;
destructor TGHttpsJWTServer.Destroy;
begin
FServer.Free;
HttpLogger.free;
inherited;
end;
procedure TGHttpsJWTServer.HandleTokenRequest(Sender: TObject;
ARequestParser: THTTPRequestParser; AResponseBuilder: THTTPResponseBuilder;
AServer: TGHTTPServer);
var
RequestBody: string;
RequestJson, ResponseJson: TJSONObject;
Username, Password: string;
CustomClaims: TJSONObject;
RolesArray: TJSONArray;
Token: string;
begin
try
RequestBody := ARequestParser.BodyValue;
if RequestBody = '' then
begin
AResponseBuilder.SetStatus(400, 'Bad Request');
AResponseBuilder.AddTextContent('error', 'application/json', '{"error":"Empty request body"}');
Exit;
end;
try
RequestJson := TJSONObject.ParseJSONValue(RequestBody) as TJSONObject;
if not Assigned(RequestJson) then
begin
AResponseBuilder.SetStatus(400, 'Bad Request');
AResponseBuilder.AddTextContent('error', '{"error":"Invalid JSON"}', 'application/json');
Exit;
end;
try
Username := RequestJson.GetValue<string>('username', '');
Password := RequestJson.GetValue<string>('password', '');
if (Username = 'admin') and (Password = 'admin') then
begin
CustomClaims := TJSONObject.Create;
RolesArray := TJSONArray.Create;
try
RolesArray.Add('admin');
RolesArray.Add('user');
CustomClaims.AddPair('roles', RolesArray);
Token := AServer.JWTManager.CreateToken(Username, CustomClaims);
ResponseJson := TJSONObject.Create;
try
ResponseJson.AddPair('token', Token);
ResponseJson.AddPair('token_type', 'Bearer');
ResponseJson.AddPair('expires_in', TJSONNumber.Create(60 * 60));
AResponseBuilder.SetStatus(200, 'OK');
var rejson := ResponseJson.Format(2);
AResponseBuilder.AddTextContent('response', 'application/json', rejson);
finally
ResponseJson.Free;
end;
finally
CustomClaims.Free;
end;
end
else
begin
AResponseBuilder.SetStatus(401, 'Unauthorized');
AResponseBuilder.AddTextContent( 'error', '{"error":"Invalid username or password"}', 'application/json');
end;
finally
RequestJson.Free;
end;
except
on E: Exception do
begin
AResponseBuilder.SetStatus(400, 'Bad Request');
AResponseBuilder.AddTextContent('error', 'application/json', Format('{"error":"JSON parsing error: %s"}', [E.Message]));
end;
end;
except
on E: Exception do
begin
AResponseBuilder.SetStatus(500, 'Internal Server Error');
AResponseBuilder.AddTextContent('error', 'application/json', Format('{"error":"%s"}', [E.Message]));
end;
end;
end;
procedure TGHttpsJWTServer.HandleProtectedEndpoint(Sender: TObject;
ARequestParser: THTTPRequestParser; AResponseBuilder: THTTPResponseBuilder;
AServer: TGHTTPServer);
var
ResponseJson: TJSONObject;
AuthHeader: string;
begin
AuthHeader := ARequestParser.GetHeader('Authorization');
ResponseJson := TJSONObject.Create;
try
ResponseJson.AddPair('status', 'success');
ResponseJson.AddPair('message', 'You have successfully accessed the protected endpoint!');
ResponseJson.AddPair('timestamp', FormatDateTime('yyyy-mm-dd hh:nn:ss', Now));
if AuthHeader <> '' then
ResponseJson.AddPair('auth_header_length', TJSONNumber.Create(Length(AuthHeader)));
AResponseBuilder.SetStatus(200, 'OK');
AResponseBuilder.AddTextContent('response', 'application/json', ResponseJson.ToString);
finally
ResponseJson.Free;
end;
end;
procedure TGHttpsJWTServer.Start;
begin
try
WriteLn('=======================================');
WriteLn(' GRestSvrJWTPrj_1');
WriteLn('=======================================');
WriteLn('Server running on https://localhost:8443');
WriteLn;
WriteLn('Available endpoints:');
WriteLn('1. POST /api/token - Generate JWT token');
WriteLn(' - Send JSON body with: {"username":"admin","password":"admin"}');
WriteLn;
WriteLn('2. GET /api/autotest - Endpoint requiring authorization');
WriteLn(' - Requires valid JWT token in Authorization header');
WriteLn(' - Format: Authorization: Bearer <token>');
WriteLn;
WriteLn('Press Ctrl+C to stop the server');
WriteLn('=======================================');
WriteLn;
FServer.Start;
except
on E: Exception do
begin
WriteLn('Error starting server: ', E.Message);
end;
end;
end;
begin
try
Application := TGHttpsJWTServer.Create;
try
Application.Start;
finally
Application.Free;
end;
except
on E: Exception do
WriteLn(E.ClassName, ': ', E.Message);
end;
end.