Habari Client libraries release 2019.08

Habarisoft released the 2019.08 version of its Object Pascal STOMP client libraries for application integration with open source message brokers Apache ActiveMQ, Artemis, OpenMQ and RabbitMQ. The release includes

About Habari Client libraries

habari_logo_2016Habari Client libraries enable Object Pascal applications to take advantage of message broker / message queue technology – which is distributed, loosely coupled, reliable and asynchronous – to build integrated systems, using peer-to-peer and publish-subscribe communication models.

Advertisements

How to: Let’s Encrypt certificates with Indy HTTP Server

This article guides you through the setup for a simple HTTPS server using Let’s Encrypt certificates.

Download the project source

The example project is included in the Daraja demo folder at https://github.com/michaelJustin/daraja-framework/tree/master/demo/https. You may use the project IndyHttpsTest with Delphi 6 or later, or with the Lazarus IDE. This stand-alone project only requires the Indy library, it does not depend on the Daraja HTTP framework.
Three lines in the project specifiy the domain certificate, the domain certificate key and the intermediate certificate:

...

IOHandler := TIdServerIOHandlerSSLOpenSSL.Create;
IOHandler.SSLOptions.CertFile := 'cert.pem';  // domain certificate
IOHandler.SSLOptions.KeyFile := 'key.pem';  // domain key
IOHandler.SSLOptions.RootCertFile := 'cacert.pem'; // intermediate certificate
IOHandler.SSLOptions.Mode := sslmServer;

...

Install the OpenSSL DLLs

The OpenSSL libraries can be downloaded from https://indy.fulgan.com/SSL/ (note that there are different versions for 32 and 64 bit applications). Extract the archive and copy the DLLs to the daraja-framework\demo\https folder.

Intermediate certificate

Let’s Encrypt uses an intermediate certificate which is available for download at https://letsencrypt.org/certificates/

From the Intermediate Certificates section, download the active intermediate certificate, copy it to the daraja-framework\demo\https folder, and rename it to cacert.pem

Server certificate and key

Now you need your server certificate and key files. An easy way to do this is the free ‘SSL Certificate Wizard‘ at https://zerossl.com/ – this service allows to create Let’s Encrypt certificates for your web domain.

Domain verification

Before you can download server certificate and key, the ZeroSSL certificate wizard must verify that the domain is under your control. Verification options are HTTP or DNS based. To verify domain ownership using HTTP verification, you will need to create appropriate files with specific text strings under your “<webroot>/.well-known/acme-challenge/” directory. Only after ZeroSSL checked these files, your certificate will be issued.

Finally, you need to download the files domain-crt.txt and domain-key.txt from the last page of the SSL Certificate Wizard.

Certificate installation

Copy the files domain-crt.txt and domain-key.txt to the project daraja-framework\demo\https folder with the names cert.pem and key.pem

Ready to launch

Verify the certificate chain

You may inspect the certificate properties in Windows if you copy or rename domain-crt.txt to domain.crt and double-click to open it. The certificate information window willl show the certificate properties (validity period etc.) and the certification chain:

Local test

Compile and start the IndyHttpsTest project in the folder daraja-framework\demo\https. The program will launch your default web browser and navigate to https://127.0.0.1. As the certificate is not issued for 127.0.0.1, the browser will display a security warning which displays the name mismatch.

Only if the server runs on the web server which the certificate has been issued for, browsers will accept the certificate without warnings.

Disclaimer

Please understand that this how to guide is only meant to be a short introduction into SSL/TLS certificate usage and you should always be aware of potential security risks.

Daraja HTTP Framework 2.0 released

dj

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy).

The 2.0 release uses const parameters in the Handle method of the IHandler interface and its implementing classes.

old:
- procedure Handle(Target: string; Context: TdjServerContext; Request:
- TdjRequest; Response: TdjResponse);

new:
+ procedure Handle(const Target: string; Context: TdjServerContext; Request:
+ TdjRequest; Response: TdjResponse);

Note: this is a breaking change for code which declares custom handler implementations. Such code must now use a const parameter.

“Using const allows the compiler to optimize code for structured – and string-type parameters. It also provides a safeguard against unintentionally passing a parameter by reference to another routine.”

More information

– GitHub: https://github.com/michaelJustin/daraja-framework
– API documentation: https://michaeljustin.github.io/daraja-framework/
– Resources: https://www.habarisoft.com/daraja_framework.html
– Wiki: https://github.com/michaelJustin/daraja-framework/wiki

Habari Client libraries release 2019.06

Habarisoft released the 2019.06 version of its Object Pascal STOMP client libraries for application integration with open source message brokers Apache ActiveMQ, Artemis, OpenMQ and RabbitMQ. The release includes

About Habari Client libraries

habari_logo_2016Habari Client libraries enable Object Pascal applications to take advantage of message broker / message queue technology – which is distributed, loosely coupled, reliable and asynchronous – to build integrated systems, using peer-to-peer and publish-subscribe communication models.

Daraja HTTP Framework 2.0.rc1 released

dj

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy).

The 2.0.rc1 release uses const parameters in the Handle method of the IHandler interface and its implementing classes.

old:
- procedure Handle(Target: string; Context: TdjServerContext; Request:
- TdjRequest; Response: TdjResponse);

new:
+ procedure Handle(const Target: string; Context: TdjServerContext; Request:
+ TdjRequest; Response: TdjResponse);

Note: this is a breaking change for code which declares custom handler implementations. Such code must now use a const parameter.

“Using const allows the compiler to optimize code for structured – and string-type parameters. It also provides a safeguard against unintentionally passing a parameter by reference to another routine.”

More information

– GitHub: https://github.com/michaelJustin/daraja-framework
– API documentation: https://michaeljustin.github.io/daraja-framework/
– Resources: https://www.habarisoft.com/daraja_framework.html
– Wiki: https://github.com/michaelJustin/daraja-framework/wiki

Habari Client libraries release 2019.06 preview

Habarisoft released the first preview for the upcoming 2019.06 release of its Object Pascal STOMP client libraries for open source message brokers (Apache ActiveMQ, ActiveMQ Artemis, Eclipse OpenMQ and Pivotal RabbitMQ).

Resources

Home page: https://www.habarisoft.com/index.html

Feature matrix: https://www.habarisoft.com/index.html#feature_matrix

FAQ: https://www.habarisoft.com/index.html#faq

Versions

The 2019.06 release preview includes:

The development snapshots are now available for download by registered users.

Upgrade discount

For existing users, upgrade discounts are available.

About Habari Client libraries

habari_logo_2016Habari Client libraries enable Object Pascal applications to take advantage of message broker / message queue technology – which is distributed, loosely coupled, reliable and asynchronous – to build integrated systems, using peer-to-peer and publish-subscribe communication models.

Daraja HTTP Framework 1.2.10 released

dj

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy). The 1.2.10 release contains a new method in the TdjWebComponent class, OnGetLastModified.

Caching support

WebComponents may override the new OnGetLastModified method to indicate the last change date of the resource. If a web client sends a HTTP request with a If-Modified-Since request header, the Daraja framework will check to see if the resource has been modified since the last time the client accessed the resource. If the answer is yes, the server returns a new copy of the resource to the client, if no, the server responds with a 304 Not Modified and the browser can retrieve the content from its cache.

Example

The OnGetLastModified code in the example below returns the current local date without time:

function TCachedGetComponent.OnGetLastModified(Request: 
           TdjRequest): TDateTime;
begin
  Result := Date;
end;

This indicates that the resource has been last updated at 00:00 of the day. A client may use a cached copy of the resource, and will receive new resource content on the next day.

Unit test

The DUnit / FPCUnit test suite includes a test for the new feature in unit ConfigAPITests.

References

This feature is based on original code in TIdHTTPResponseInfo.SmartServeFile.

See also: https://www.keycdn.com/support/304-not-modified

More information
– GitHub: https://github.com/michaelJustin/daraja-framework
– API documentation: https://michaeljustin.github.io/daraja-framework/
– Resources: https://www.habarisoft.com/daraja_framework.html
– Wiki: https://github.com/michaelJustin/daraja-framework/wiki

Daraja HTTP Framework 1.2.9 released

dj

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy). The 1.2.9 release contains a new example project and improved example code:

The example projects can be used with Delphi 2009+ and with the Lazarus IDE. For Delphi, the SuperObject library is required. Also, OpenSSL libraries are required for GitHub API access.

More information
– GitHub: https://github.com/michaelJustin/daraja-framework
– API documentation: https://michaeljustin.github.io/daraja-framework/
– Resources: https://www.habarisoft.com/daraja_framework.html
– Wiki: https://github.com/michaelJustin/daraja-framework/wiki

GitHub API access with OAuth 2.0 authorization for web applications

The develop branch of the Daraja HTTP Framework contains a new tutorial which contains the full source code for a web server application which implements OAuth 2.0 authorization to access the GitHub REST API. The example calls the user API  to display the user profile in JSON format.

Requirements

OAuth App configuration

You need a OAuth App in the GitHub developer settings screen. If you created it, copy the Client ID and the Client Secret to the source file GitHubHelper.pas.

config

Callback URL

In the GitHub developer settings screen, configure the callback URL http://localhost/oauth2callback. The GitHub authorization flow will send a redirect to this URL.

callback

What it does

  1. the program starts the local web server on localhost
  2. the program launches your web browser and navigates to http://localhost/index.html
  3. the start page redirects to the GitHub server which asks to log in and give permission to access user data
  4. after the user signed in, the code sends a request to the GitHub API and displays the result

Authorization screen

The example program requests read-only access to the user profile by specifying only the scopes read:user and read:email:

  • read:user grants access to read a user’s profile data.
  • user:email grants read access to a user’s email addresses

For more details about scopes, see https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/

With these scopes, the authorization prompt indicates that the app requests read access to your private profile information:

authorize

 

Example Response

{
  "login" : "michaelJustin",
  "id" : ****,
  "node_id" : "****",
  "avatar_url" : "https://avatars0.githubusercontent.com/u/****?v=4",
  "gravatar_id" : "",
  "url" : "https://api.github.com/users/michaelJustin",
  "html_url" : "https://github.com/michaelJustin",
  ...
  }
}

GitHub OAuth 2.0 Apps

Read more about GitHub OAuth apps: https://developer.github.com/apps/about-apps/#about-oauth-apps

Usage as Identity Provider

OAuth2 is a protocol that lets external applications request authorization to private details in a user’s GitHub account without accessing their password.

An OAuth App can be used as an identity provider by enabling a “Login with GitHub” for the authenticated user.

Security note

After testing, you should revoke the user tokens. To do so, go to the OAuth App settings screen and click on “Revoke all user tokens”.

About Daraja HTTP Framework

dj

The Daraja HTTP Framework is a free open source library for Object Pascal (Free Pascal 3.0.4, Delphi 2009+), based on the stand-alone HTTP server component in Internet Direct (Indy).

Project GitHub page:
–  https://github.com/michaelJustin/daraja-framework

Resources