dba/login  library module
RPA

Summary

Code for logging in and out.
Authors
  • Christian Grün, BaseX Team 2005-23, BSD License
Related documents
ViewDescriptionFormat
xqdocxqDoc xml file from the source modulexml
xqparsexqparse xml file from the source modulexml

Imports

This module is imported by 0 modules. It imports 2 modules.

(None)
imports
dba/login
imports
dba/html

Variables

None

Functions

4.1 dba:accept

Arities: #2P

Summary
Registers a user and redirects to the main page.
Signatures
dba:accept ( $name as xs:string, $page as xs:string? ) as element(rest:response)
Parameters
  • name as xs:string entered username
  • page as xs:string? page to redirect to (optional)
Return
  • element(rest:response) redirection
Invoked by 0 functions from 0 modules
    Annotations (1)
    %private()
    Source ( 11 lines)
    function dba:accept(
  $name  as xs:string,
  $page  as xs:string?
) as element(rest:response) {
  (: register user, write log entry :)
  session:set($config:SESSION-KEY, $name),
  admin:write-log('Login: ' || $name, 'DBA'),

  (: redirect to supplied page or main page :)
  web:redirect(if($page) then $page else 'logs', html:parameters())
}

    4.2 dba:check

    Arities: #1A

    Summary
    Permissions: checks the user credentials. Redirects to the login page if a user is not logged in, or if the page is not public.
    Signatures
    dba:check ( $perm as map(*) ) as element(rest:response)?
    Parameters
    • perm as map(*) permission data
    Return
    • element(rest:response) ? redirection to login page or empty sequence
    Invoked by 0 functions from 0 modules
      Annotations (1)
      %perm:check('/dba','{$perm}')
      Source ( 18 lines)
      function dba:check(
  $perm  as map(*)
) as element(rest:response)? {
  let $path := $perm?path
  let $allow := $perm?allow
  return if ($allow = 'public') then (
    (: public function, register id for better log entries :)
    request:set-attribute('id', $allow)
  ) else if (session:get($config:SESSION-KEY)) then (
    (: everything fine, user is logged in :)
  ) else (
    (: normalize login path :)
    let $target := if(ends-with($path, '/dba')) then 'dba/login' else 'login'
    (: last visited page to redirect to (if there was one) :)
    let $page := replace($path, '^.*dba/?', '')[.]
    return web:redirect($target, html:parameters(map { 'page': $page }))
  )
}

      4.3 dba:login

      Arities: #3RA

      Summary
      Login page.
      Signatures
      dba:login ( $name as xs:string?, $error as xs:string?, $page as xs:string? ) as element()
      Parameters
      • name as xs:string? username (optional)
      • error as xs:string? error string (optional)
      • page as xs:string? page to redirect to (optional)
      Return
      • element() login page or redirection to main page
      Invoked by 0 functions from 0 modules
        Annotations (6)
        %rest:path('/dba/login')
        %rest:query-param('_name','{$name}')
        %rest:query-param('_error','{$error}')
        %rest:query-param('_page','{$page}')
        %output:method('html')
        %perm:allow('public')
        Source ( 41 lines)
        function dba:login(
  $name   as xs:string?,
  $error  as xs:string?,
  $page   as xs:string?
) as element() {
  (: user is already logged in: redirect to main page :)
  if(session:get($config:SESSION-KEY)) then web:redirect('/dba') else

  html:wrap(map { 'error': $error },
    <tr>
      <td>
        <form action='login-check' method='post'>
          <input type='hidden' name='_page' value='{ $page }'/>
          {
            map:for-each(html:parameters(), function($key, $value) {
              <input type='hidden' name='{ $key }' value='{ $value }'/>
            })
          }
          <div class='small'/>
          <table>
            <tr>
              <td><b>Name:</b></td>
              <td>
                <input type='text' name='_name' value='{ $name }' id='user'/>
                { html:focus('user') }
              </td>
            </tr>
            <tr>
              <td><b>Password:</b></td>
              <td>{
                <input type='password' name='_pass'/>,
                ' ',
                <input type='submit' value='Login'/>
              }</td>
            </tr>
          </table>
        </form>
      </td>
    </tr>
  )
}

        4.4 dba:login-check

        Arities: #3RA

        Summary
        Checks the user input and redirects to the main page, or back to the login page.
        Signatures
        dba:login-check ( $name as xs:string, $pass as xs:string, $page as xs:string? ) as element(rest:response)
        Parameters
        • name as xs:string username
        • pass as xs:string password
        • page as xs:string? page to redirect to (optional)
        Return
        • element(rest:response) redirection
        Invoked by 0 functions from 0 modules
          Annotations (6)
          %rest:POST()
          %rest:path('/dba/login-check')
          %rest:query-param('_name','{$name}')
          %rest:query-param('_pass','{$pass}')
          %rest:query-param('_page','{$page}')
          %perm:allow('public')
          Source ( 16 lines)
          function dba:login-check(
  $name  as xs:string,
  $pass  as xs:string,
  $page  as xs:string?
) as element(rest:response) {
  try {
    user:check($name, $pass),
    if(user:list-details($name)/@permission != 'admin') then (
      dba:reject($name, 'Admin credentials required', $page)
    ) else (
      dba:accept($name, $page)
    )
  } catch user:* {
    dba:reject($name, 'Please check your login data', $page)
  }
}

          4.5 dba:logout

          Arities: #0R

          Summary
          Ends a session and redirects to the login page.
          Signatures
          dba:logout ( ) as element(rest:response)
          Return
          • element(rest:response) redirection
          Invoked by 0 functions from 0 modules
            Annotations (1)
            %rest:path('/dba/logout')
            Source ( 11 lines)
            function dba:logout(
) as element(rest:response) {
  let $user := session:get($config:SESSION-KEY)
  return (
    (: write log entry, redirect to login page :)
    admin:write-log('Logout: ' || $user, 'DBA'),
    web:redirect('/dba/login', map { '_name': $user })
  ),
  (: deletes the session key :)
  session:delete($config:SESSION-KEY)
}

            4.6 dba:reject

            Arities: #3P

            Summary
            Rejects a user and redirects to the login page.
            Signatures
            dba:reject ( $name as xs:string, $error as xs:string, $page as xs:string? ) as element(rest:response)
            Parameters
            • name as xs:string entered username
            • error as xs:string error message
            • page as xs:string? page to redirect to (optional)
            Return
            • element(rest:response) redirection
            Invoked by 0 functions from 0 modules
              Annotations (1)
              %private()
              Source ( 12 lines)
              function dba:reject(
  $name   as xs:string,
  $error  as xs:string,
  $page   as xs:string?
) as element(rest:response) {
  (: write log entry, redirect to login page :)
  admin:write-log('Login denied: ' || $name, 'DBA'),
  web:redirect(
    'login',
    html:parameters(map { 'name': $name, 'error': $error, 'page': $page })
  )
}

              Namespaces

              The following namespaces are defined:

              PrefixUri
              adminhttp://basex.org/modules/admin
              configdba/config
              dbadba/login
              htmldba/html
              maphttp://www.w3.org/2005/xpath-functions/map
              outputhttp://www.w3.org/2010/xslt-xquery-serialization
              permhttp://basex.org/modules/perm
              resthttp://exquery.org/ns/restxq
              sessionhttp://basex.org/modules/session
              userhttp://basex.org/modules/user
              webhttp://basex.org/modules/web
              xshttp://www.w3.org/2001/XMLSchema

              6 RestXQ

              Paths defined 3.

              PathMethodFunction
              /dba/logindba:login#3
              /dba/login-checkPOSTdba:login-check#3
              /dba/logoutdba:logout#0

              Source Code

              (:~
 : Code for logging in and out.
 :
 : @author Christian Grün, BaseX Team 2005-23, BSD License
 :)
module namespace dba = 'dba/login';

import module namespace config = 'dba/config' at 'lib/config.xqm';
import module namespace html = 'dba/html' at 'lib/html.xqm';

(:~
 : Permissions: checks the user credentials.
 : Redirects to the login page if a user is not logged in, or if the page is not public.
 : @param  $perm  permission data
 : @return redirection to login page or empty sequence
 :)
declare
  %perm:check('/dba', '{$perm}')
function dba:check(
  $perm  as map(*)
) as element(rest:response)? {
  let $path := $perm?path
  let $allow := $perm?allow
  return if ($allow = 'public') then (
    (: public function, register id for better log entries :)
    request:set-attribute('id', $allow)
  ) else if (session:get($config:SESSION-KEY)) then (
    (: everything fine, user is logged in :)
  ) else (
    (: normalize login path :)
    let $target := if(ends-with($path, '/dba')) then 'dba/login' else 'login'
    (: last visited page to redirect to (if there was one) :)
    let $page := replace($path, '^.*dba/?', '')[.]
    return web:redirect($target, html:parameters(map { 'page': $page }))
  )
};

(:~
 : Login page.
 : @param  $name   username (optional)
 : @param  $error  error string (optional)
 : @param  $page   page to redirect to (optional)
 : @return login page or redirection to main page
 :)
declare
  %rest:path('/dba/login')
  %rest:query-param('_name',  '{$name}')
  %rest:query-param('_error', '{$error}')
  %rest:query-param('_page',  '{$page}')
  %output:method('html')
  %perm:allow('public')
function dba:login(
  $name   as xs:string?,
  $error  as xs:string?,
  $page   as xs:string?
) as element() {
  (: user is already logged in: redirect to main page :)
  if(session:get($config:SESSION-KEY)) then web:redirect('/dba') else

  html:wrap(map { 'error': $error },
    <tr>
      <td>
        <form action='login-check' method='post'>
          <input type='hidden' name='_page' value='{ $page }'/>
          {
            map:for-each(html:parameters(), function($key, $value) {
              <input type='hidden' name='{ $key }' value='{ $value }'/>
            })
          }
          <div class='small'/>
          <table>
            <tr>
              <td><b>Name:</b></td>
              <td>
                <input type='text' name='_name' value='{ $name }' id='user'/>
                { html:focus('user') }
              </td>
            </tr>
            <tr>
              <td><b>Password:</b></td>
              <td>{
                <input type='password' name='_pass'/>,
                ' ',
                <input type='submit' value='Login'/>
              }</td>
            </tr>
          </table>
        </form>
      </td>
    </tr>
  )
};

(:~
 : Checks the user input and redirects to the main page, or back to the login page.
 : @param  $name  username
 : @param  $pass  password
 : @param  $page  page to redirect to (optional)
 : @return redirection
 :)
declare
  %rest:POST
  %rest:path('/dba/login-check')
  %rest:query-param('_name', '{$name}')
  %rest:query-param('_pass', '{$pass}')
  %rest:query-param('_page', '{$page}')
  %perm:allow('public')
function dba:login-check(
  $name  as xs:string,
  $pass  as xs:string,
  $page  as xs:string?
) as element(rest:response) {
  try {
    user:check($name, $pass),
    if(user:list-details($name)/@permission != 'admin') then (
      dba:reject($name, 'Admin credentials required', $page)
    ) else (
      dba:accept($name, $page)
    )
  } catch user:* {
    dba:reject($name, 'Please check your login data', $page)
  }
};

(:~
 : Ends a session and redirects to the login page.
 : @return redirection
 :)
declare
  %rest:path('/dba/logout')
function dba:logout(
) as element(rest:response) {
  let $user := session:get($config:SESSION-KEY)
  return (
    (: write log entry, redirect to login page :)
    admin:write-log('Logout: ' || $user, 'DBA'),
    web:redirect('/dba/login', map { '_name': $user })
  ),
  (: deletes the session key :)
  session:delete($config:SESSION-KEY)
};

(:~
 : Registers a user and redirects to the main page.
 : @param  $name  entered username
 : @param  $page  page to redirect to (optional)
 : @return redirection
 :)
declare %private function dba:accept(
  $name  as xs:string,
  $page  as xs:string?
) as element(rest:response) {
  (: register user, write log entry :)
  session:set($config:SESSION-KEY, $name),
  admin:write-log('Login: ' || $name, 'DBA'),

  (: redirect to supplied page or main page :)
  web:redirect(if($page) then $page else 'logs', html:parameters())
};

(:~
 : Rejects a user and redirects to the login page.
 : @param  $name   entered username
 : @param  $error  error message
 : @param  $page   page to redirect to (optional)
 : @return redirection
 :)
declare %private function dba:reject(
  $name   as xs:string,
  $error  as xs:string,
  $page   as xs:string?
) as element(rest:response) {
  (: write log entry, redirect to login page :)
  admin:write-log('Login denied: ' || $name, 'DBA'),
  web:redirect(
    'login',
    html:parameters(map { 'name': $name, 'error': $error, 'page': $page })
  )
};

              Generated by xqDocA 0.9.0   on Saturday, 17th May 2025