Web applications built with Daraja can now use Web Filters to intercept HTTP requests which match defined URL patterns. Cross-cutting concerns – such as logging, authentication, validation, conversion – are easier to implement than in previous versions (new in 2.6.0).

For example, a filter which is mapped to a protected part of the application can check if the current request is authenticated, and then either allow or deny access, or forward the browser to a login page.

Updated tutorials

Tutorial 6 contains an example for form based login, using a Web Filter who performs the authentification check for specific resources. Here is the application in action:

Public page of the demo application

Login form

Secure page

Example code of the Web Filter

The filter checks wether the session is authenticated by verifying that the session value auth:username is not empty. If it is not empty, the filter lets the request pass. Otherwise, if the session value is still empty, the browser will be redirected to the login page.

 procedure TFormAuthFilter.DoFilter(Context: TdjServerContext;
    Request: TdjRequest; Response: TdjResponse; const Chain: IWebFilterChain);
  var
    IsLoggedIn: Boolean;
  begin
    IsLoggedIn := Request.Session.Content.Values['auth:username'] <> '';
    if IsLoggedIn then
    begin
      Chain.DoFilter(Context, Request, Response); // pass
    end
    else
    begin
      Request.Session.Content.Values['auth:target'] := Request.Document;
      Response.Redirect('/login');
    end;
  end;

Context configuration with auth and logging filter

The configuration code adds five Web Components to the context to serve the pages. Two Web Filters for authentication and logging are added; the first is mapped to the proteced page /admin, and the second is mapped to everything in the application context.

    Context.AddWebComponent(TPublicResource, '/index.html');
    Context.AddWebComponent(TSecuredResource, '/admin');
    Context.AddWebComponent(TLoginResource, '/login');
    Context.AddWebComponent(TLoginErrorResource, '/loginError');
    Context.AddWebComponent(TLogoutResource, '/logout');

    Context.AddFilterWithMapping(TFormAuthFilter, '/admin');
    Context.AddFilterWithMapping(TdjNCSALogFilter, '/*');

    Server.Add(Context);

    Server.Start;

Notes:

  • TdjNCSALogFilter replaces the former TdjNCSALogHandler, who required more setup code and did not allow path mapping. All example code is migrated to the new Web Filter.
  • The path mapping /admin is an absolute mapping (matching exactly one resource) while /* is a prefix mapping, which matches everything in the web application context. More details about mappings can be found in the “Getting Started” PDF.
dj

Daraja HTTP Framework is an open source library for Object Pascal, based on the stand-alone HTTP server component contained in Internet Direct (Indy). Daraja is the Swahili word for “bridge” (other meanings are “steps” or “rank”).

More information

– GitHub: https://github.com/michaelJustin/daraja-framework
– API documentation: https://michaeljustin.github.io/daraja-framework/
– Home page: https://www.habarisoft.com/daraja_framework.html

Discover more from Habarisoft Blog

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *