Class: Alf::Rack::Query

Inherits:

Object

• Object
• Alf::Rack::Query

Includes:

Helpers

Defined in:

lib/alf/rack/query.rb

Overview

This Rack application allows client to query your database by simply sending Alf queries as body of POST requests. It automatically run those queries on the current connection and encodes the result according to the HTTP_ACCEPT header.

IMPORTANT: Alf has no true parser for now. In order to mitigate the risk of exposing serious attack vectors, you MUST take care of installing the safer parser on your database, as illustrated below. This seriously makes attacks harder, unfortunately without any guarantee…

By default, this class catches all errors (e.g. syntax, type-checking security, runtime query execution) and return a 400 response with the error message. A side-effect is that all tuples are loaded in memory before returning the response, to ensure that any error is discovered immediately. When setting ‘catch_all` to false, this class sets a relvar instance as response body and let all errors percolate up the Rack stack. This means that errors may occur later, during actual query execution.

Example:

“‘ # in a config.ru or something

# Create a database with a safer parser than usual require ‘alf/lang/parser/safer’ DB = Alf::Database.new(…){|opts|

opts.parser = Alf::Lang::Parser::Safer

}

Connect the database on every request use Alf::Rack::Connect{|cfg|

cfg.database = DB

}

# let the query engine run under ‘/’ run Alf::Rack::Query.new{|q|

q.type_check = false  # to bypass expressions type-checking
q.catch_all  = false  # to let errors percolate

} “‘

Constant Summary

NOT_FOUND =

Rack response when not found

[404, {}, []]

RECOGNIZED_URLS_RX =

Recognized URLs

/^(\/(data|metadata|logical|physical)?)?$/

Instance Attribute Summary

• #catch_all ⇒ Object (also: #catch_all?)

  Catch all errors or let them percolate up the stack (default to true)?.

• #env ⇒ Object readonly

  Returns the value of attribute env.

• #type_check ⇒ Object (also: #type_check?)

  Apply type checking (defaults to true)?.

Instance Method Summary

• #_call(env) ⇒ Object

  Set the environment, execute the query and encode the response.

• #call(env) ⇒ Object

  Call on a duplicated instance.

• #initialize {|_self| ... } ⇒ Query constructor

  Creates an application instance.

Methods included from Helpers

#alf_config, #alf_connection, #relvar, #tuple_extract

Constructor Details

#initialize {|_self| ... } ⇒ Query

Creates an application instance

Yields:

• (_self)

Yield Parameters:

• _self (Alf::Rack::Query) —

  the object that the method was called on

# File 'lib/alf/rack/query.rb', line 62

def initialize
  @type_check = true
  @catch_all  = true
  yield(self) if block_given?
end

Instance Attribute Details

#catch_all ⇒ Object Also known as: catch_all?

Catch all errors or let them percolate up the stack (default to true)?

# File 'lib/alf/rack/query.rb', line 58

def catch_all
  @catch_all
end

#env ⇒ Object (readonly)

Returns the value of attribute env.

# File 'lib/alf/rack/query.rb', line 82

def env
  @env
end

#type_check ⇒ Object Also known as: type_check?

Apply type checking (defaults to true)?

# File 'lib/alf/rack/query.rb', line 54

def type_check
  @type_check
end

Instance Method Details

#_call(env) ⇒ Object

Set the environment, execute the query and encode the response.

# File 'lib/alf/rack/query.rb', line 76

def _call(env)
  @env = env
  Alf::Rack::Response.new(env){|r|
    safe(r){ execute }
  }.finish
end

#call(env) ⇒ Object

Call on a duplicated instance

# File 'lib/alf/rack/query.rb', line 69

def call(env)
  return NOT_FOUND unless env['REQUEST_METHOD'] == 'POST'
  return NOT_FOUND unless env['PATH_INFO'] =~ RECOGNIZED_URLS_RX
  dup._call(env)
end