variables.enableAjaxProxyLogging = false; var result = StructNew(); var hasCommandError = 0; var hasProcessingError = 0; var callingFileName = "ajaxProxy.cfm"; var bean = ""; var method = ""; var appName = ""; var returnFormat = ""; var debug = 0; var query2array = 1; //default is true for backwards compatibility var params = StructNew(); var args = StructNew(); var debugRaw = ""; var debugProcessed = ""; var reDebugRaw = ""; var reDebugProcessed = ""; var passedSecurity = false; var json = ''; var strFormatsList = "string,plain,html,text,txt"; // list of parameters in request.params to exclude var argExcludeList = "bean,method,appName,addMainTable,returnFormat,debug,CSRF_Token"; var siteDevMode = application.ADF.siteDevMode; var siteCSRFSafeMode = application.ADF.csrfSafeMode; var proxyDebugLogging = application.ADF.proxyDebugLogging; var proxyDebugLogMsg = ''; // initalize the reString key of the result struct result.reString = ""; // Since we are relying on the request.params scope make sure the main params are available if ( StructKeyExists(request,"params") ) { params = request.params; if ( StructKeyExists(request.params,"bean") ) bean = request.params.bean; if ( StructKeyExists(request.params,"method") ) method = request.params.method; if ( StructKeyExists(request.params,"appName") ) appName = request.params.appName; if ( StructKeyExists(request.params,"returnFormat") ) returnFormat = request.params.returnFormat; if ( StructKeyExists(request.params,"debug") ) debug = request.params.debug; if ( StructKeyExists(request.params,"query2array") ) query2array = request.params.query2array; } if ( arguments.proxyFile NEQ callingFileName ) { // Check if siteCSRFSafeMode is enabled - if so, it will be required to validate the "CSRF_Token" for all ajaxProxy calls if ( siteCSRFSafeMode ) { // "CSRF_Token" - REQUIRED parameter!! - passed in and verified to protect against CSRF Vulnerability if ( !StructKeyExists(request.params,"CSRF_Token") OR !variables.csSecurity.validateCSRF_Token(requestToken=Request.Params.CSRF_Token) ) { result.reString = "Error: User session could not be validated!"; if ( siteDevMode ) result.reString = result.reString & " Request was rejected by ajaxProxy CSRF_Token validation!"; // Enable proxyDebugLogging to log CSRF token validation information if ( proxyDebugLogging ) { // Copy the current result.reString to proxyDebugLogMsg proxyDebugLogMsg = result.reString; // adds more robust CSRF validation details to the ajaxProxy Logging if ( StructKeyExists(request.params,"CSRF_Token") ) { proxyDebugLogMsg = proxyDebugLogMsg & " CSRF Validation: " & variables.csSecurity.validateCSRF_Token(requestToken=Request.Params.CSRF_Token); proxyDebugLogMsg = proxyDebugLogMsg & " URL: CSRF_Token: " & request.params.CSRF_Token; } proxyDebugLogMsg = proxyDebugLogMsg & " SERVER: CSRF_Token: " & variables.csSecurity.getCSRF_Token(); variables.log.logAppend("#request.formattedTimestamp# - #proxyDebugLogMsg#", "AjaxProxy.log"); if ( siteDevMode ) result.reString = proxyDebugLogMsg; } return result; } } // Verify if the bean and method combo are allowed to be accessed through the ajax proxy passedSecurity = variables.csSecurity.validateProxy(bean,method); if ( passedSecurity ) { // convert the params that are passed in to the args struct before passing them to runCommand method args = variables.utils.buildRunCommandArgs(request.params,argExcludeList); try { // Run the Bean, Method and Args and get a return value result.reString = variables.utils.runCommand(trim(bean),trim(method),args,trim(appName)); } catch( any e ) { debug = 1; hasCommandError = 1; // try/catch thows and error skip the runCommand return data processing // Set Error output to the return String result.reString = e; variables.utils.logAppend( msg=e, label='Error in AjaxProxy calling utils.runCommand()', logfile='adf-ajax-proxy.html' ); } // Build the DUMP for debugging the RAW value of result.reString if ( debug AND siteDevMode ) { // If the variable result.reString doesn't exist set the debug output to the string: void if ( !StructKeyExists(result,"reString") ){debugRaw="void";}else{debugRaw=result.reString;} reDebugRaw = variables.utils.doDump(debugRaw,"RAW OUTPUT",1,1); } // if runCommand throws an error skip processing jump down to the debug output if ( !hasCommandError ) { // Check to see if result.reString was destroyed by a method that returns void before attempting to process the return if ( StructKeyExists(result,"reString") ) { // Convert Query to an Array of Structs for Processing if ( IsQuery(result.reString) AND query2array EQ 1 ) { result.reString = variables.data.queryToArrayOfStructures(result.reString,true); if ( !isArray(result.reString) ) { hasProcessingError = 1; returnFormat = "plain"; result.reString = "Error: unable to convert the return query to an array of structures"; } } // if JSON is set as the returnFormat convert return data to an JSON if ( returnFormat eq "json" ) { json = server.ADF.objectFactory.getBean("json"); // when jsonp calls are made there will be a variable called "jsonpCallback" it will // represent the method in the caller to be executed - wrap the content in that function call if( structKeyExists(request.params, "jsonpCallback") ) result.reString = "#request.params.jsonpCallback#(" & json.encode(result.reString) & ");"; else { result.reString = json.encode(result.reString); if ( !IsJSON(result.reString) ) { hasProcessingError = 1; result.reString = "Error: unable to convert the return value to json"; } } } else if ( returnFormat eq "xml" ) { // convert return data to XML using CS internal serialize function result.reString = server.CommonSpot.UDF.util.serializeBean(result.reString,"data",0); //server.CommonSpot.UDF.util.serializeBean(Arguments.bean,Arguments.tagName,JavaCast("boolean",Arguments.forceLCase)); // make return is an XML string if ( IsXML(result.reString) ) result.reString = XmlParse(result.reString); if ( !IsXmlDoc(result.reString) ) { hasProcessingError = 1; result.reString = "Error: unable to convert the return value to xml"; } } if ( isStruct(result.reString) or isArray(result.reString) or isObject(result.reString) ) { hasProcessingError = 1; // 2012-03-10 - GAC - we need to check if we have a 'message' before we can output it if ( IsStruct(result.reString) AND StructKeyExists(result.reString,"message") AND siteDevMode ) result.reString = "Error: Unable to convert the return value into string. [" & result.reString.message & "]"; else result.reString = "Error: Unable to convert the return value into string."; } } else { // The method call returned void and destroyed the result.reString variable hasProcessingError = 0; // returning void is not considered an error // result.reString = "Error: return value came back as 'void'"; } } } else { hasProcessingError = 1; if ( !siteDevMode ) { result.reString = "Error: The request is not accessible remotely via Ajax Proxy."; // TODO: Do Proxy Logging } else { if ( len(trim(appName)) ) result.reString = "Error: The Bean: #bean# with method: #method# in the App: #appName# is not accessible remotely via Ajax Proxy."; else result.reString = "Error: The Bean: #bean# with method: #method# is not accessible remotely via Ajax Proxy."; } } // build the dump for debugging the Processed value of result.reString if ( debug AND siteDevMode AND passedSecurity AND ListFindNoCase(strFormatsList,returnformat) EQ 0 ) { // If the variable reString doesn't exist set the debug output to the string: void if ( !StructKeyExists(result,"reString") ){debugProcessed="void";}else{debugProcessed=result.reString;} reDebugProcessed = variables.utils.doDump(debugProcessed,"PROCESSED OUTPUT",1,1); } // pass the debug dumps to the reHTML for output if ( debug AND siteDevMode ) { if ( hasCommandError OR (IsSimpleValue(debugRaw) AND debugRaw EQ "void") ) { // if runCommand has error, return only the first DUMP which contains the CATCH info result.reString = reDebugRaw; } else if ( hasProcessingError ) { // if processing has an error, return the processing error and the first DUMP result.reHTML = result.reString & reDebugRaw; } else { // for a debug with no errors, return both the runCommand DUMP and the processing DUMP result.reString = reDebugRaw & reDebugProcessed; } } } else { result.reString = "Error: This method can not be called directly."; if ( siteDevMode ) result.reString = " Use the AjaxProxy.cfm file."; } return result;