Added example project for generating a custom REST rewriter and REST modules

Author: rjrudin

examples/custom-rest-rewriter-project/.gitignore

@@ -0,0 +1,6 @@
+.gradle
+build
+.idea
+*.iml
+src/main/ml-modules/root/custom-rest-rewriter
+src/main/ml-modules/root/noauth-rewriter.xml

examples/custom-rest-rewriter-project/README.md

@@ -0,0 +1,76 @@
+This project shows one approach for when you'd like to use the MarkLogic REST API for an app server, but you need
+to do some pre-processing on every request. A common need is to use application layer security for the app server
+with a default user that has minimum privileges, and then perform an xdmp:login call based on e.g. the value of an 
+HTTP header. That approach is shown in this example project, but you can apply this approach for generating a custom
+rewriter and REST modules to perform any kind of pre-processing that you need. 
+
+## Generating the custom rewriter modules
+
+To try this out locally, first run the custom Gradle task for generating a copy of every REST API dispatch modules and
+a custom REST XML rewriter that invokes each of the dispatch modules:
+
+    ./gradlew generateCustomRewriterModules
+    
+This will write several dozen modules to src/main/ml-modules/root/custom-rest-rewriter (which is gitignore'd so that you
+can generate these yourself). If you look at one of the modules, you'll see the following code:
+
+    xquery version '1.0-ml';
+    import module namespace login = 'org:example' at '/login-lib.xqy';
+    login:login-noauth-user(),
+    xdmp:invoke('/MarkLogic/rest-api/default.xqy')
+
+In this example, every module has a call to "login:login-noauth-user", which handles making an xdmp:login call based
+on the value of an HTTP header, and then invokes the appropriate MarkLogic REST module to handle the request. 
+
+These modules are generated via 3 files in the root of this directory:
+
+- rewriter-original.xml = a copy of the default REST XML rewriter, as of MarkLogic 9.0-7
+- rewriter-modify-dispatches.xsl = an XSL transform that modifies the value of each dispatch element in the rewriter
+- rewriter-extract-dispatches.xsl = an XSL transform that returns the value of every dispatch element in a simple XML
+structure that is easy to manipulate within Groovy
+
+You are free to store these files wherever you want, they don't have to be in the root directory. Just be sure to 
+update the Gradle task to account for any changes you make. 
+
+
+## Deploy the application
+
+Next, deploy the application:
+
+     ./gradlew -i mlDeploy
+
+The application deploys two REST servers - a standard one on port 8228 that uses digest authentication, and then a
+"no authentication" one on port 8229 that uses application layer authentication and the custom rewriter. 
+
+## Test the application
+
+To test the difference between the two servers, try a simple request to the search endpoint on 8228 using your admin user
+(change the admin password as needed):
+
+     curl --anyauth --user admin:admin http://localhost:8228/v1/search
+  
+This will work fine, you'll get an XML search response back. But if you try the same request on port 8229:
+
+    curl --anyauth --user admin:admin http://localhost:8229/v1/search
+
+You'll get an error stating "You do not have permission to this method and URL.". That's because the admin user/password
+are ignored with application level security, and the default user - "custom-rest-rewriter-user" - isn't getting any
+roles via the xdmp:login that give it permission. 
+
+We can fix this by specifying the header that login-lib.xqy is looking for (and there's no point in specifying a user 
+because it'll be ignored in favor of the default user):
+
+    curl -H "X-my-marklogic-role: rest-admin" http://localhost:8229/v1/search
+
+The value of the header - "rest-admin" - will be added as a role to the request, thus allowing the search request to 
+succeed. 
+
+Note that this is just a demonstration of how to generate a custom XML rewriter with a set of custom endpoints that 
+call a function performing any logic that you wish. For this particular example, you'd want to ensure that no system
+could access the "noauth" REST server except those known to have already authenticated a user. But your function wouldn't
+have to call xdmp:login - it could perform some custom logging, or do any sort of pre-processing that you wish. The key
+is that this project shows an easy to insert that pre-processing into an XML rewriter. 
+
+After you finish testing this out, you can get rid of the app:
+
+    ./gradlew -Pconfirm=true -i mlUndeploy

examples/custom-rest-rewriter-project/build.gradle

@@ -0,0 +1,46 @@
+plugins {
+	id "com.marklogic.ml-gradle" version "3.9.0"
+}
+
+task generateCustomRewriterModules {
+	description = "Uses XSL transforms to modify the default REST rewriter so that it uses custom endpoints that perform an xdmp.login. " +
+		"This should only be run at development time to generate code; it is not run as part of a deployment."
+	doLast {
+		def modifiedRewriterPath = "src/main/ml-modules/root/noauth-rewriter.xml"
+		def transformerFactory = javax.xml.transform.TransformerFactory.newInstance()
+
+		def transform = file("rewriter-modify-dispatches.xsl").text
+		def originalRewriter = file("rewriter-original.xml").text
+		def transformer = transformerFactory.newTransformer(new javax.xml.transform.stream.StreamSource(new StringReader(transform)))
+		transformer.setParameter("restModulePrefix", restModulePrefix)
+		def outputStream = new FileOutputStream(modifiedRewriterPath)
+		transformer.transform(new javax.xml.transform.stream.StreamSource(new StringReader(originalRewriter)), new javax.xml.transform.stream.StreamResult(outputStream))
+		outputStream.close()
+
+		transform = file("rewriter-extract-dispatches.xsl").text
+		transformer = transformerFactory.newTransformer(new javax.xml.transform.stream.StreamSource(new StringReader(transform)))
+		outputStream = new ByteArrayOutputStream()
+		def modifiedRewriter = file(modifiedRewriterPath).text
+		transformer.transform(new javax.xml.transform.stream.StreamSource(new StringReader(modifiedRewriter)), new javax.xml.transform.stream.StreamResult(outputStream))
+
+		def xml = new XmlSlurper().parseText(new String(outputStream.toByteArray()))
+		xml.dispatch.each {
+			def modifiedModule = it.text()
+			def originalModule = modifiedModule.replace(restModulePrefix, "")
+
+			/**
+			 * When adapting this for your own project, modify the generated code here to invoke whatever function you want.
+			 * The login-lib.xqy module is just an example for a common use case.
+			 */
+			def moduleFile = new File("src/main/ml-modules/root" + modifiedModule)
+			def content = "xquery version '1.0-ml';\nimport module namespace login = 'org:example' at '/login-lib.xqy';\nlogin:login-noauth-user(),\nxdmp:invoke('" + originalModule + "')"
+			if (modifiedModule.endsWith(".sjs")) {
+				content = "const login = require('/login-lib.xqy');\nlogin.loginNoauthUser();\nxdmp.invoke('" + originalModule + "')"
+			}
+			def file = file(moduleFile)
+			file.getParentFile().mkdirs()
+			println "Writing modified endpoint: " + file
+			file.write content
+		}
+	}
+}

examples/custom-rest-rewriter-project/gradle.properties

@@ -0,0 +1,13 @@
+mlAppName=custom-rest-rewriter
+mlRestPort=8228
+mlNoauthRestPort=8229
+mlUsername=admin
+mlPassword=admin
+
+# Defines the prefix added to every custom REST module that's based on an OOTB ML REST module
+restModulePrefix=/custom-rest-rewriter
+
+# Defines username/password for the default user for the application layer ("noauth") REST server
+noauthUsername=custom-rest-rewriter-user
+noauthPassword=changeme
+

examples/custom-rest-rewriter-project/gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.2-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

examples/custom-rest-rewriter-project/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,172 @@
+#!/usr/bin/env sh
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+  cd "$(dirname "$0")"
+fi
+
+exec "$JAVACMD" "$@"