Class: Alf::Rack::Query
- Inherits:
-
Object
- Object
- Alf::Rack::Query
- Includes:
- Helpers
- Defined in:
- lib/alf/rack/query.rb
Overview
This Rack application allows client to query your database by simply sending Alf queries as body of POST requests. It automatically run those queries on the current connection and encodes the result according to the HTTP_ACCEPT header.
IMPORTANT: Alf has no true parser for now. In order to mitigate the risk of exposing serious attack vectors, you MUST take care of installing the safer parser on your database, as illustrated below. This seriously makes attacks harder, unfortunately without any guarantee…
By default, this class catches all errors (e.g. syntax, type-checking security, runtime query execution) and return a 400 response with the error message. A side-effect is that all tuples are loaded in memory before returning the response, to ensure that any error is discovered immediately. When setting ‘catch_all` to false, this class sets a relvar instance as response body and let all errors percolate up the Rack stack. This means that errors may occur later, during actual query execution.
Example:
“‘ # in a config.ru or something
# Create a database with a safer parser than usual require ‘alf/lang/parser/safer’ DB = Alf::Database.new(…){|opts|
opts.parser = Alf::Lang::Parser::Safer
}
Connect the database on every request use Alf::Rack::Connect{|cfg|
cfg.database = DB
}
# let the query engine run under ‘/’ run Alf::Rack::Query.new{|q|
q.type_check = false # to bypass expressions type-checking
q.catch_all = false # to let errors percolate
} “‘
Constant Summary collapse
- NOT_FOUND =
Rack response when not found
[404, {}, []]
- RECOGNIZED_URLS_RX =
Recognized URLs
/^(\/(data|metadata|logical|physical)?)?$/
Instance Attribute Summary collapse
-
#catch_all ⇒ Object
(also: #catch_all?)
Catch all errors or let them percolate up the stack (default to true)?.
-
#env ⇒ Object
readonly
Returns the value of attribute env.
-
#type_check ⇒ Object
(also: #type_check?)
Apply type checking (defaults to true)?.
Instance Method Summary collapse
-
#_call(env) ⇒ Object
Set the environment, execute the query and encode the response.
-
#call(env) ⇒ Object
Call on a duplicated instance.
-
#initialize {|_self| ... } ⇒ Query
constructor
Creates an application instance.
Methods included from Helpers
#alf_config, #alf_connection, #relvar, #tuple_extract
Constructor Details
#initialize {|_self| ... } ⇒ Query
Creates an application instance
62 63 64 65 66 |
# File 'lib/alf/rack/query.rb', line 62 def initialize @type_check = true @catch_all = true yield(self) if block_given? end |
Instance Attribute Details
#catch_all ⇒ Object Also known as: catch_all?
Catch all errors or let them percolate up the stack (default to true)?
58 59 60 |
# File 'lib/alf/rack/query.rb', line 58 def catch_all @catch_all end |
#env ⇒ Object (readonly)
Returns the value of attribute env.
82 83 84 |
# File 'lib/alf/rack/query.rb', line 82 def env @env end |
#type_check ⇒ Object Also known as: type_check?
Apply type checking (defaults to true)?
54 55 56 |
# File 'lib/alf/rack/query.rb', line 54 def type_check @type_check end |
Instance Method Details
#_call(env) ⇒ Object
Set the environment, execute the query and encode the response.
76 77 78 79 80 81 |
# File 'lib/alf/rack/query.rb', line 76 def _call(env) @env = env Alf::Rack::Response.new(env){|r| safe(r){ execute } }.finish end |
#call(env) ⇒ Object
Call on a duplicated instance
69 70 71 72 73 |
# File 'lib/alf/rack/query.rb', line 69 def call(env) return NOT_FOUND unless env['REQUEST_METHOD'] == 'POST' return NOT_FOUND unless env['PATH_INFO'] =~ RECOGNIZED_URLS_RX dup._call(env) end |