THttpClientSocket token验证

THttpClientSocket

uses SynCrtSock
非WINHTTP.DLL里面的控件，可以用于手机端。

function Client(const SQL: RawUTF8): RawUTF8;
var Http: THttpClientSocket;
URI: AnsiString;
begin
if ParamCount<>0 then
URI := AnsiString(ParamStr(1)) else
URI := 'localhost';
Http := OpenHttp(URI,'888');
if Http<>nil then
try
Http.Post('root',SQL,TEXT_CONTENT_TYPE);
result := Http.Content;
finally
Http.Free;
end else
result := '';
end;

令牌验证：

procedure Tfmain.ToolButton6Click(Sender: TObject);
var
h: THttpClientSocket;
begin
h := OpenHttp('localhost','2006');
if h = nil then exit;
h.GetAuth('localhost', 'test');  // HTTP HEADER会增加 Authorization: Bearer test
h.Post('','1',TEXT_CONTENT_TYPE);
end;

服务端收到HTTP HEADER：

//'Connection: Close'#$D#$A'Content-Length: 0'#$D#$A'Accept: */*'#$D#$A'Authorization: Bearer test'#$D#$A'Host: localhost:2006'#$D#$A'User-Agent: Mozilla/5.0 (Windows; mORMot 1.18 THttpClientSocket)'#$D#$A'RemoteIP: 127.0.0.1'#$D#$A

根据这个HEADER，服务端可以验证客户端HTTP REQUEST的是否合法。

// cxg 2017-12-18

unit ufun;

interface

uses
SysUtils, Dialogs, Classes
,SynCommons, mORMotMidasVCL, SynCrtSock, SynDB, SynDBRemote, SynDBDataset, SynDBMidasVCL
;

type
TRest = class
private
procedure httpGet(const ip, port, token, indata: SockString; var data: SockString);
function urlEncodeParams(strings: TStrings): SockString;
procedure httpPost(const ip, port, token, url: SockString; params: TStrings; var data: SockString);
public
procedure getQry(const ip, port, token: SockString; const sql: RawUTF8; var data: SockString);
procedure postQry(const ip, port, token: SockString; const sql: RawUTF8; var data: SockString);
end;

implementation

{ TRest }

procedure TRest.getQry(const ip, port, token: SockString;
const sql: RawUTF8; var data: SockString);
var
indata: SockString;
begin
indata := 'query?sql=' + UrlEncode(sql);
httpGet(ip, port, token, indata, data);
end;

procedure TRest.httpGet(const ip, port, token, indata: SockString;
var data: SockString);
var
http: THttpClientSocket;
begin
http := OpenHttp(ip, port);
try
if http = nil then
Abort;
http.GetAuth(indata, token);
if http.Get(indata) = 404 then
begin
ShowMessage('404 error');
Abort;
end;
data := http.Content;
finally
if http <> nil then
http.Free;
end;
end;

procedure TRest.httpPost(const ip, port, token, url: SockString;
params: TStrings; var data: SockString);
var
http: THttpClientSocket;
begin
http := OpenHttp(ip, port);
try
if http = nil then
Abort;
http.GetAuth(url, token);
if http.Post(url, urlEncodeParams(params), TEXT_CONTENT_TYPE) = 404 then
begin
ShowMessage('404 error');
Abort;
end;
data := http.Content;
finally
http.Free;
end;
end;

procedure TRest.postQry(const ip, port, token: SockString;
const sql: RawUTF8; var data: SockString);
var
params: TStrings;
begin
params := TStringList.Create;
try
params.Add('sql=' + sql);
HttpPost(ip, port, token, 'query', params, data);
finally
params.Free;
end;
end;

function TRest.urlEncodeParams(strings: TStrings): SockString;
var
i: Integer;
S: string;
begin
for i := 0 to strings.Count - 1 do
begin
S := strings.Names[i];
if Length(strings.Values[S]) > 0 then
begin
strings.Values[S] := UrlEncode(strings.Values[S]);
end;
if Result = '' then
Result := strings[i]
else
Result := Result + '&' + strings[i];
end;
end;

end.