feat(rpc): support jsonp callbacks

This change introduces alternate rendering of text/javascript JSONP-compatible callback content. The `examples/jsonp.html` HTML document can be used to test this functionality against a running aurweb server. Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2021-10-31 00:28:55 -07:00 · 2021-10-31 00:28:55 -07:00 · 12b4269ba8
commit 12b4269ba8
parent 05e6cfca62
3 changed files with 107 additions and 7 deletions
--- a/aurweb/routers/rpc.py
+++ b/aurweb/routers/rpc.py
@ -67,7 +67,8 @@ async def rpc(request: Request,
              type: Optional[str] = Query(default=None),
              by: Optional[str] = Query(default=defaults.RPC_SEARCH_BY),
              arg: Optional[str] = Query(default=None),
-              args: Optional[List[str]] = Query(default=[], alias="arg[]")):
+              args: Optional[List[str]] = Query(default=[], alias="arg[]"),
+              callback: Optional[str] = Query(default=None)):

    # Create a handle to our RPC class.
    rpc = RPC(version=v, type=type)
@ -84,17 +85,28 @@ async def rpc(request: Request,

    # Serialize `data` into JSON in a sorted fashion. This way, our
    # ETag header produced below will never end up changed.
-    output = orjson.dumps(data, option=orjson.OPT_SORT_KEYS)
+    content = orjson.dumps(data, option=orjson.OPT_SORT_KEYS)

    # Produce an md5 hash based on `output`.
    md5 = hashlib.md5()
-    md5.update(output)
+    md5.update(content)
    etag = md5.hexdigest()

-    # Finally, return our JSONResponse with the ETag header.
+    # If `callback` was provided, produce a text/javascript response
+    # valid for the jsonp callback. Otherwise, by default, return
+    # application/json containing `output`.
+    # Note: Being the API hot path, `content` is not defaulted to
+    # avoid copying the JSON string in the case callback is provided.
+    content_type = "application/json"
+    if callback:
+        print("callback called")
+        content_type = "text/javascript"
+        content = f"/**/{callback}({content.decode()})"
+
    # The ETag header expects quotes to surround any identifier.
    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
-    return Response(output.decode(), headers={
-        "Content-Type": "application/json",
+    headers = {
+        "Content-Type": content_type,
        "ETag": f'"{etag}"'
-    })
+    }
+    return Response(content, headers=headers)
--- a/examples/jsonp.html
+++ b/examples/jsonp.html
@ -0,0 +1,74 @@
+<!DOCTYPE html>
+<!-- This file can be navigated to in a browser and used to
+test JSONP callback functionality in aurweb's RPC. -->
+<html lang="en">
+    <head>
+        <meta content="text/html;charset=utf-8" http-equiv="Content-Type">
+        <meta content="utf-8" http-equiv="encoding">
+
+        <title>JSONP Callback Test</title>
+            <style>
+            .container {
+                width: 460px;
+                margin: 0 auto;
+            }
+            .intro {
+                font-size: 14px;
+            }
+            .prefix-label, .search-label {
+                display: inline-block;
+                width: 200px;
+                text-align: right;
+            }
+            .button-wrapper {
+                text-align: center;
+                width: 460px;
+                margin-top: 10px;
+            }
+        </style>
+        <script type="text/javascript">
+            function rpcCallback(data) {
+                console.log(data);
+            }
+            function createJSONP(event) {
+                event.preventDefault();
+
+                let input = document.getElementById("arg").value;
+                let rpc = document.getElementById("prefix").value;
+                let s = document.createElement("script");
+                s.src = rpc + "?v=5&type=search&arg="+ input + "&callback=rpcCallback";
+                document.body.appendChild(s);
+
+                return false;
+            }
+        </script>
+    </head>
+
+    <body>
+        <form>
+            <div class="container">
+                <p class="intro">
+                    Searching with the following form uses a JSONP callback
+                    to log data out to the javascript console.
+                </p>
+
+                <div>
+                    <label class="prefix-label" for="prefix">RPC URL Prefix:</label>
+                    <input id="prefix" type="text" name="prefix"
+                           value="https://localhost:8444/rpc" />
+                </div>
+
+                <div>
+                    <label class="search-label" for="arg">Search:</label>
+                    <input id="arg" type="text" name="arg" />
+                </div>
+
+                <div class="button-wrapper">
+                    <button type="submit" onclick="return createJSONP(event)">
+                        Search via JSONP
+                    </button>
+                </div>
+            </div>
+        </form>
+    </body>
+</html>
--- a/test/test_rpc.py
+++ b/test/test_rpc.py
@ -1,3 +1,5 @@
+import re
+
 from http import HTTPStatus
 from unittest import mock

@ -610,3 +612,15 @@ def test_rpc_search_checkdepends():
 def test_rpc_incorrect_by():
    response = make_request("/rpc?v=5&type=search&by=fake&arg=big")
    assert response.json().get("error") == "Incorrect by field specified."
+
+
+def test_rpc_jsonp_callback():
+    """ Test the callback parameter.
+
+    For end-to-end verification, the `examples/jsonp.html` file can be
+    used to submit jsonp callback requests to the RPC.
+    """
+    response = make_request(
+        "/rpc?v=5&type=search&arg=big&callback=jsonCallback")
+    assert response.headers.get("content-type") == "text/javascript"
+    assert re.search(r'^/\*\*/jsonCallback\(.*\)$', response.text) is not None