Hi Christian,
Many thanks for your reply. Pre and Post Hooks would be great
Here is some crazy stuff I thought of (just a skeleton). It should allow say a code search for %((rest)|(ws)).*:((path)|(connect))to ensure that all endpoints have permissions middleware of some sort.
Hope it is not too silly.
Adam /--------------------------------- import module namespace authMiddleware = 'http://middleware..auth' at '[...].xqm'
declare
%rest:preHook:(authMiddleware:authoriseFail2BanRest):path("/main/admin"):result($vs_authKeyResult) %rest:postHook:(noCaching:noCacheFunc):(htmlTextConversion:text2HTMLFunc) %output:method("text") function local:admin($vs_authKeyResult) { let $authorized := 'Welcome to the admin page' let $unauthorized := 'Your IP has been logged with fail2ban' let $result := if ($vs_authKeyResult=true()) then $authorized else $unauthorized return $result };
declare
%ws:preHook:(authMiddleware:authoriseFail2BanWS):connect('/'):result($vs_authKeyResult) function local:connect($vs_authKeyResult) as empty-sequence() { let $id := ws:id() let $message := json:serialize(map { 'type': 'Connect', 'id': $id }) return if ($vs_authKeyResult=true()) then ws:broadcast($message) else () };
/--------------------------------- module namespace authMiddleware = 'http://middleware.auth';
import module namespace loggingMiddleware = 'http://middleware.logging' at '[...].xqm'
declare %preHook:(loggingMiddleware:functionLog):result($vs_logResult) (:a postHook here would be before the calling function local:admin :) %rest:query-param("vs_authKey", " {$vs_authKey}") function authMiddleware:authoriseFail2BanRest($vs_authKey,$vs_logResult) { let $result := if ($vs_authKey='YKJKhh') then true() else false() let $result := if ($vs_logResult='override') then true() else result() return $result };
/--------------------------------- module namespace loggingMiddleware = 'http://middleware.logging'; module namespace myUpdatingOutput = 'http://function.updatingOutput';
declare %rest:query-param("vs_logAside", " {$vs_logAside}") function loggingMiddleware:functionLog($vs_logAside) { let $result := if (vs_logAside != 'adminOverride*75x4558') then myUpdatingOutput:logwrite(request:remote-address()) else 'override' return $result };