helma/Global/functions.js



/**
  * scheduler function, runs global.appStat every minute
  */
function scheduler()	{
	appStat();
	return 60000;
}


/**
  * initializes app.requestStat storage on startup,
  * creates app.addressFilter
  */
function onStart()	{
	app.requestStat = new HopObject();
	app.addressFilter = createAddressFilter();
}

/**
  * initializes addressFilter from app.properties,
  * hostnames are converted, wildcards are only allowed in ip-addresses
  * (so, no network-names, sorry)
  */
function createAddressFilter()	{
	var filter = new Packages.helma.util.InetAddressFilter();
	var str = root.getProperty("allowadmin");
	if ( str!=null && str!="" )	{
		var arr = str.split(",");
		for ( var i in arr )	{
			var str = new java.lang.String(arr[i]);
			var result = tryEval("filter.addAddress(str.trim());");
			if ( result.error!=null )	{
				var str = java.net.InetAddress.getByName(str.trim()).getHostAddress();
				var result = tryEval("filter.addAddress(str);");
			}
			if ( result.error==null )	{
				app.__app__.logEvent( "allowed address for app manage: " + str );
			}
		}
	}	else	{
		app.__app__.logEvent("no addresses allowed for app manage, all access will be denied");
	}
	return filter;
}


/** 
  * updates the request stats in app.requestStat every 5 minutes
  */
function appStat()	{
	if ( app.requestStat==null )	{
		app.requestStat = new HopObject();
	}
	if( (new Date()-300000) < app.requestStat.lastRun )	{
		return;
	}
	var arr = root.getApplications();
	for ( var i=0; i<arr.length; i++ )	{
		var tmp = app.requestStat.get(arr[i].getName());
		if ( tmp==null )	{
			tmp = new HopObject();
			tmp.lastTotal = 0;
			tmp.last5Min  = 0;
		}
		var ct = arr[i].getRequestCount();
		tmp.last5Min = ct - tmp.lastTotal;
		tmp.lastTotal = ct;
		app.requestStat.set(arr[i].getName(), tmp);
	}
	app.requestStat.lastRun = new Date();
}


/**
  * utility function to sort object-arrays by name
  */
function sortByName(a,b)	{
	if ( a.name>b.name )
		return 1;
	else if ( a.name==b.name )
		return 0;
	else
		return -1;
}


/**
  * utility function to sort property-arrays by key
  */
function sortProps(a,b)	{
	if ( a>b )
		return 1;
	else if ( a==b )
		return 0;
	else
		return -1;
}

/**
  * check access to an application or the whole server, authenticate against md5-encrypted
  * properties of base-app or the particular application. if username or password aren't set
  * go into stealth-mode and return a 404. if username|password are wrong, prepare response-
  * object for http-auth and return false.
  * @arg appObj application object to check against (if adminUsername etc are set in app.properties)
  */
function checkAuth(appObj)	{
	var ok = false;

	// check against root
	var rootUsername = root.getProperty("adminusername");
	var rootPassword = root.getProperty("adminpassword");

	if ( rootUsername==null || rootUsername=="" || rootPassword==null || rootPassword=="" )	{
		return createAuth();
	}

	var uname = req.getUsername();
	var pwd   = req.getPassword();

	if ( uname==null || uname=="" || pwd==null || pwd=="" )
		return forceAuth();

	var md5username = Packages.helma.util.MD5Encoder.encode(uname);
	var md5password = Packages.helma.util.MD5Encoder.encode(pwd);

	if ( md5username==rootUsername && md5password==rootPassword )
		return true;

	if ( appObj!=null && appObj.isActive() )	{
		// check against application
		var appUsername = appObj.getProperty("adminusername");
		var appPassword = appObj.getProperty("adminpassword");
		if ( appUsername==null || appUsername=="" || appPassword==null || appPassword=="" )
			return forceStealth();
		if ( md5username==appUsername && md5password==appPassword )
			return true;
	}
	return forceAuth();
}


/**
  * check access to the base-app by ip-addresses
  */
function checkAddress()	{
	if ( !app.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) )	{
		app.__app__.logEvent("denied request from " + req.data.http_remotehost );
		return forceStealth();
	}	else	{
		return true;
	}
}


/**
  * response is reset to 401 / authorization required
  * @arg realm realm for http-auth
  */
function forceAuth(realm)	{
	res.reset();
	res.status = 401;
	res.realm = (realm!=null) ? realm : "helma";
	res.write ("Authorization Required. The server could not verify that you are authorized to access the requested page.");
	return false;
}

/**
  * response is reset to 404 / notfound
  */
function forceStealth()	{
	res.reset();
	res.status = 404;
	return false;
}


/** 
  * response is either a html form to enter auth data or input from
  * html form is saved to server.properties
  * access is only allowed if remote host is in the list of friendly
  * ip-adresses in server.properties
  */
function createAuth()	{
	if ( checkAddress()!=true )	{
		// double check
		return false;
	}
	var obj = new Object();
	obj.msg = "";
	
	if ( req.data.username!=null && req.data.password!=null && req.data.password2!=null )	{
		// we have input from webform
		if ( req.data.username=="" )
			obj.msg += "username can't be left empty!<br>";
		if ( req.data.password=="" )
			obj.msg += "password can't be left empty!<br>";
		else if ( req.data.password!=req.data.password2 )
			obj.msg += "password and re-typed password don't match!<br>";
		if ( obj.msg!="" )	{
			obj.username = req.data.username;
			res.reset();
			renderSkin("pwdform",obj);
			return false;
		}
		var f = new File(root.getHopHome().toString, "server.properties");
		var str = f.readAll();
		var sep = java.lang.System.getProperty("line.separator");
		str += sep + "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + sep;
		str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + sep;
		f.remove();
		f.open();
		f.write(str);
		f.close();
		app.__app__.logEvent( req.data.http_remotehost + " saved new adminUsername/adminPassword to server.properties");
		res.redirect ( root.href("main") );
	
	}	else	{
		// no input from webform, so print it
		res.reset();
		res.skin = "basic";
		res.title = "username & password on " + root.hostname_macro();
		res.head = renderSkinAsString("head");
		res.body = renderSkinAsString("pwdform",obj);
		return false;
	}
}
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00

			`/**`
			`* scheduler function, runs global.appStat every minute`
			`*/`
			`function scheduler() {`
			`appStat();`
			`return 60000;`
			`}`


			`/**`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`* initializes app.requestStat storage on startup,`
			`* creates app.addressFilter`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`*/`
			`function onStart() {`
			`app.requestStat = new HopObject();`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`app.addressFilter = createAddressFilter();`
			`}`

			`/**`
			`* initializes addressFilter from app.properties,`
			`* hostnames are converted, wildcards are only allowed in ip-addresses`
			`* (so, no network-names, sorry)`
			`*/`
			`function createAddressFilter() {`
			`var filter = new Packages.helma.util.InetAddressFilter();`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`var str = root.getProperty("allowadmin");`
			`if ( str!=null && str!="" ) {`
			`var arr = str.split(",");`
			`for ( var i in arr ) {`
			`var str = new java.lang.String(arr[i]);`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`var result = tryEval("filter.addAddress(str.trim());");`
			`if ( result.error!=null ) {`
			`var str = java.net.InetAddress.getByName(str.trim()).getHostAddress();`
			`var result = tryEval("filter.addAddress(str);");`
			`}`
			`if ( result.error==null ) {`
			`app.__app__.logEvent( "allowed address for app manage: " + str );`
			`}`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`}`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`} else {`
			`app.__app__.logEvent("no addresses allowed for app manage, all access will be denied");`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`}`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`return filter;`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`}`


			`/**`
			`* updates the request stats in app.requestStat every 5 minutes`
			`*/`
			`function appStat() {`
			`if ( app.requestStat==null ) {`
			`app.requestStat = new HopObject();`
			`}`
			`if( (new Date()-300000) < app.requestStat.lastRun ) {`
			`return;`
			`}`
			`var arr = root.getApplications();`
			`for ( var i=0; i<arr.length; i++ ) {`
			`var tmp = app.requestStat.get(arr[i].getName());`
			`if ( tmp==null ) {`
			`tmp = new HopObject();`
			`tmp.lastTotal = 0;`
			`tmp.last5Min = 0;`
			`}`
			`var ct = arr[i].getRequestCount();`
			`tmp.last5Min = ct - tmp.lastTotal;`
			`tmp.lastTotal = ct;`
			`app.requestStat.set(arr[i].getName(), tmp);`
			`}`
			`app.requestStat.lastRun = new Date();`
			`}`


			`/**`
			`* utility function to sort object-arrays by name`
			`*/`
			`function sortByName(a,b) {`
			`if ( a.name>b.name )`
			`return 1;`
			`else if ( a.name==b.name )`
			`return 0;`
			`else`
			`return -1;`
			`}`


			`/**`
			`* utility function to sort property-arrays by key`
			`*/`
			`function sortProps(a,b) {`
			`if ( a>b )`
			`return 1;`
			`else if ( a==b )`
			`return 0;`
			`else`
			`return -1;`
			`}`

			`/**`
			`* check access to an application or the whole server, authenticate against md5-encrypted`
			`* properties of base-app or the particular application. if username or password aren't set`
			`* go into stealth-mode and return a 404. if username\|password are wrong, prepare response-`
			`* object for http-auth and return false.`
added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`* @arg appObj application object to check against (if adminUsername etc are set in app.properties)`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`*/`
			`function checkAuth(appObj) {`
			`var ok = false;`

			`// check against root`
			`var rootUsername = root.getProperty("adminusername");`
			`var rootPassword = root.getProperty("adminpassword");`

improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`if ( rootUsername==null \|\| rootUsername=="" \|\| rootPassword==null \|\| rootPassword=="" ) {`
added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`return createAuth();`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`}`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00
			`var uname = req.getUsername();`
			`var pwd = req.getPassword();`

			`if ( uname==null \|\| uname=="" \|\| pwd==null \|\| pwd=="" )`
			`return forceAuth();`

improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`var md5username = Packages.helma.util.MD5Encoder.encode(uname);`
			`var md5password = Packages.helma.util.MD5Encoder.encode(pwd);`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00
			`if ( md5username==rootUsername && md5password==rootPassword )`
			`return true;`

			`if ( appObj!=null && appObj.isActive() ) {`
			`// check against application`
			`var appUsername = appObj.getProperty("adminusername");`
			`var appPassword = appObj.getProperty("adminpassword");`
			`if ( appUsername==null \|\| appUsername=="" \|\| appPassword==null \|\| appPassword=="" )`
			`return forceStealth();`
			`if ( md5username==appUsername && md5password==appPassword )`
			`return true;`
			`}`
			`return forceAuth();`
			`}`


			`/**`
			`* check access to the base-app by ip-addresses`
			`*/`
			`function checkAddress() {`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`if ( !app.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) ) {`
			`app.__app__.logEvent("denied request from " + req.data.http_remotehost );`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`return forceStealth();`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`} else {`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`return true;`
improved addressFilter, switched to helma embedded md5-function 2002-03-25 17:56:26 +00:00			`}`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`}`


			`/**`
			`* response is reset to 401 / authorization required`
added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`* @arg realm realm for http-auth`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`*/`
added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`function forceAuth(realm) {`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`res.reset();`
added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`res.status = 401;`
			`res.realm = (realm!=null) ? realm : "helma";`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00			`res.write ("Authorization Required. The server could not verify that you are authorized to access the requested page.");`
			`return false;`
			`}`

			`/**`
			`* response is reset to 404 / notfound`
			`*/`
			`function forceStealth() {`
			`res.reset();`
			`res.status = 404;`
			`return false;`
			`}`


added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`/**`
			`* response is either a html form to enter auth data or input from`
			`* html form is saved to server.properties`
			`* access is only allowed if remote host is in the list of friendly`
			`* ip-adresses in server.properties`
			`*/`
			`function createAuth() {`
			`if ( checkAddress()!=true ) {`
			`// double check`
			`return false;`
			`}`
			`var obj = new Object();`
			`obj.msg = "";`

			`if ( req.data.username!=null && req.data.password!=null && req.data.password2!=null ) {`
			`// we have input from webform`
			`if ( req.data.username=="" )`
			`obj.msg += "username can't be left empty!<br>";`
			`if ( req.data.password=="" )`
			`obj.msg += "password can't be left empty!<br>";`
			`else if ( req.data.password!=req.data.password2 )`
			`obj.msg += "password and re-typed password don't match!<br>";`
			`if ( obj.msg!="" ) {`
			`obj.username = req.data.username;`
			`res.reset();`
			`renderSkin("pwdform",obj);`
			`return false;`
			`}`
saving of username and password now works through appending and not by saving the whole properties list. 2002-03-26 19:00:03 +00:00			`var f = new File(root.getHopHome().toString, "server.properties");`
			`var str = f.readAll();`
			`var sep = java.lang.System.getProperty("line.separator");`
			`str += sep + "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + sep;`
			`str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + sep;`
			`f.remove();`
			`f.open();`
			`f.write(str);`
			`f.close();`
added createAuth() if no username/password are set and request comes from localhost checkAuth() now goes into createAuth() to let user enter uname/passwd combination. 2002-03-26 16:10:28 +00:00			`app.__app__.logEvent( req.data.http_remotehost + " saved new adminUsername/adminPassword to server.properties");`
			`res.redirect ( root.href("main") );`

			`} else {`
			`// no input from webform, so print it`
			`res.reset();`
			`res.skin = "basic";`
			`res.title = "username & password on " + root.hostname_macro();`
			`res.head = renderSkinAsString("head");`
			`res.body = renderSkinAsString("pwdform",obj);`
			`return false;`
			`}`
			`}`
This commit was generated by cvs2svn to compensate for changes in r2155, which included commits to RCS files with non-trunk default branches. 2002-03-11 13:49:50 +00:00