http server backend

[mkurnia]

Hello danijel,

I need your suggestion for code http server that i edited a bit like this for backend system from this http://www.realthinclient.com/write-a-robust-cross-platform-server-in-199-lines/, my client use delphi, php, java, etc to build interface.

Code:

procedure TMyServer.DataProv_CheckRequest(Sender: TRtcConnection);
begin
  // Check Request headers and "Accept" all Requests
  // we want to handle with our Data Provider ...
  with TRtcDataServer(Sender) do
    if (Request.Method='POST') and  // we only want "POST" requests
       (Request.ContentLength<>0) then // ... with content body
        if (Request.URI='/json') then
          Accept; // Accept the Request
end;

procedure TMyServer.DataProv_DataReceived(Sender: TRtcConnection);
var
  t:TRtcRecord;
  rc,info: string;
  obj:TRtcValue;
begin
  with TRtcDataServer(Sender) do
  // We will start processing the request only if
  // we have received the complee request content body ...
  if Request.Complete then
  if Request.URI='/json' then
  begin
    t:=TRtcRecord.Create;
    try
      try
        obj:=TRtcValueResult.FromJSON(TRtcDataServer(Sender).Read);
        //code input balance to database here
        rc := InsertBalance(obj.asRecord.asString['accno'],obj.asRecord.asFloat['deposit']);
        info := GetInfo(rc);
        t.asText['ip']:=PeerAddr;
        t.asDateTime['trxtime']:=Now;
        t.asText['rc'] := rc;
        t.asText['info'] := info;
        t.asText['accno'] := obj.asRecord.asString['accno'];
        t.asFloat['deposit'] := obj.asRecord.asFloat['deposit'];
        if Request.URI='/json' then
        begin
          // Serialize to "JSON" ...
          Response.ContentType:='application/json';
          Write(t.toJSON);
        end;
      except
        on E: Exception do
          Writeln(E.ClassName, ': ', E.Message);
      end;
    finally
      t.Free;
      obj.Free;
    end;
  end
end;

thank you

[D.Tkalcec (RTC)]

What did you edit and why? I need more info on what you wanted to achieve. Comments in the CheckRequest event do not match what you are doing in code.

[mkurnia]

i am just edit little bit in DataProv_CheckRequest and DataProv_DataReceived, sorry in CheckRequest i'm forget to change Request.Method. but i have edited now.
if use rtcdatarequest i use this code:

Code:

procedure TForm1.Button2Click(Sender: TObject);
begin
With RtcDataRequest1 do
  begin
    Client:=RtcHttpClient1;
    Request.Host:='192.168.12.6';
    Request.Method:='POST';
    Request.FileName:='/json';
    Request['Content-Type']:='application/json';
    With Request.Info.newRecord('data') do
    begin
      asText['accno'] := edtacc.text;
      asFloat['deposit'] := strtofloat(edtdep.tex);
    end;
    Post;
  end;
end;

procedure TForm1.RtcDataRequest1BeginRequest(Sender: TRtcConnection);
begin
  With TRtcDataClient(Sender) do
  Write(Request.Info.asJSON['data']);
end;

procedure TForm1.RtcDataRequest1DataReceived(Sender: TRtcConnection);
begin
  With TrtcDataClient(Sender) do
   If Response.Done then
     Memo1.Text:=Read;
end;

i want all client with different tools can access thats API server create with rtchttpserver,
Which is my question whether the code like that is enough for the stability of the application server?

thank you

[D.Tkalcec (RTC)]

If your Server is supposed to work with any 3rd-party Client, you will need to handle a lot of situations which you wound't need to worry about in a closed setup.

For example, if you don't limit the maximum content length you are willing to acccept, but you buffer all the request content before you start processing it, a malicious Client could missuse this to bring your Server down simply by sending you a request with several GB in the request content body and your Server would end up using all of its RAM for a single Client and eventually crash. Then, there's a question of permissions. Unless you want to make everything available to everyone publicly, your Clients shoud send the Server some sort of authentication and the Server should check that before doing anyting.

Anyway ... even though I can answer any questions related to correct component usage (your code looks fine to me), what you are asking for now is consulting and this exceeds the level of support I can provide through the Forums.

[mkurnia]

If your Server is supposed to work with any 3rd-party Client, you will need to handle a lot of situations which you wound't need to worry about in a closed setup.

For example, if you don't limit the maximum content length you are willing to acccept, but you buffer all the request content before you start processing it, a malicious Client could missuse this to bring your Server down simply by sending you a request with several GB in the request content body and your Server would end up using all of its RAM for a single Client and eventually crash. Then, there's a question of permissions. Unless you want to make everything available to everyone publicly, your Clients shoud send the Server some sort of authentication and the Server should check that before doing anyting.

Thank you for the advice you gave, for the problem you described above I will handle all the possibilities that will hamper or make the server becomes stuck. Including authentication I will add as well.

Anyway ... even though I can answer any questions related to correct component usage (your code looks fine to me), what you are asking for now is consulting and this exceeds the level of support I can provide through the Forums.

If I have to get more support for you, I will contact you personally.

Thank you very much Danijel,