xquery version "3.0";
declare namespace json="http://www.json.org";
import module namespace config="http://exist-db.org/xquery/apps/config" at "/db/apps/eXide2/modules/config.xqm";
declare variable $exist:path external;
declare variable $exist:resource external;
declare variable $exist:prefix external;
declare variable $exist:controller external;
(: Determine if the persistent login module is available :)
declare variable $login :=
let $tryImport :=
try {
util:import-module(xs:anyURI("http://exist-db.org/xquery/login"), "login", xs:anyURI("resource:org/exist/xquery/modules/persistentlogin/login.xql")),
true()
} catch * {
false()
}
return
if ($tryImport) then
function-lookup(xs:QName("login:set-user"), 3)
else
local:fallback-login#3
;
(:~
Fallback login function used when the persistent login module is not available.
Stores user/password in the HTTP session.
:)
declare function local:fallback-login($domain as xs:string, $maxAge as xs:dayTimeDuration?, $asDba as xs:boolean) {
let $durationParam := request:get-parameter("duration", ())
let $user := request:get-parameter("user", ())
let $password := request:get-parameter("password", ())
let $logout := request:get-parameter("logout", ())
return
if ($durationParam) then
error(xs:QName("login"), "Persistent login module not enabled in this version of eXist-db")
else if ($logout) then
session:invalidate()
else
if ($user) then
let $isLoggedIn := xmldb:login("/db", $user, $password, true())
return
if ($isLoggedIn and (not($asDba) or xmldb:is-admin-user($user))) then (
session:set-attribute("eXide.user", $user),
session:set-attribute("eXide.password", $password),
request:set-attribute($domain || ".user", $user),
request:set-attribute("xquery.user", $user),
request:set-attribute("xquery.password", $password)
) else
()
else
let $user := session:get-attribute("eXide.user")
let $password := session:get-attribute("eXide.password")
return (
request:set-attribute($domain || ".user", $user),
request:set-attribute("xquery.user", $user),
request:set-attribute("xquery.password", $password)
)
};
declare function local:user-allowed() {
(
request:get-attribute("org.exist.login.user") and
request:get-attribute("org.exist.login.user") != "guest"
) or config:get-configuration()/restrictions/@guest = "yes"
};
declare function local:query-execution-allowed() {
config:get-configuration()/restrictions/@execute-query = "yes"
and
local:user-allowed()
};
if ($exist:path eq '') then
else if ($exist:path eq '/') then
(:
: Login a user via AJAX. Just returns a 401 if login fails.
:)
else if ($exist:resource = 'login') then
let $loggedIn := $login("org.exist.login", (), false())
let $userAllowed := local:user-allowed()
return
try {
(
util:declare-option("exist:serialize", "method=json"),
if ($userAllowed) then
{request:get-attribute("org.exist.login.user")}
{ xmldb:is-admin-user((request:get-attribute("org.exist.login.user"),request:get-attribute("xquery.user"), 'nobody')[1]) }
else (
response:set-status-code(401),
fail
)
)
} catch * {
response:set-status-code(401),
{$err:description}
}
else if (starts-with($exist:path, "/store/")) then
let $resource := substring-after($exist:path, "/store")
return
{$login("org.exist.login", (), false())}
else if ($exist:resource = "index.html") then
(: Documentation :)
else if (matches($exist:path, "/docs/.*\.html")) then
else if ($exist:resource eq 'execute') then
let $query := request:get-parameter("qu", ())
let $base := request:get-parameter("base", ())
let $output := request:get-parameter("output", "xml")
let $startTime := util:system-time()
let $doLogin := $login("org.exist.login", (), false())
let $userAllowed := local:query-execution-allowed()
return
if ($userAllowed) then
switch ($output)
case "xml" return
{$login("org.exist.login", (), false())}
default return
{$login("org.exist.login", (), false())}
else
response:set-status-code(401)
(: Retrieve an item from the query results stored in the HTTP session. The
: format of the URL will be /sandbox/results/X, where X is the number of the
: item in the result set :)
else if (starts-with($exist:path, '/results/')) then
{$login("org.exist.login", (), false())}
else if ($exist:resource eq "outline") then
let $query := request:get-parameter("qu", ())
let $base := request:get-parameter("base", ())
return
{$login("org.exist.login", (), false())}
else if ($exist:resource eq "debug") then
{$login("org.exist.login", (), false())}
else if (ends-with($exist:path, ".xql")) then
{$login("org.exist.login", (), false())}
else if (contains($exist:path, "/$shared/")) then
else
(: everything else is passed through :)