Here is the updated declaration of the class:
TSQLRestServerTest = class(TSQLRestServerDB) published function Sum(var aParams: TSQLRestServerCallBackParams): Integer; end;
This method name will be used for the URL encoding, and will be called here
with ModelRoot/Sum URL. The ModelRoot is the one defined in
the Root
parameter of the model used by the
application.
This method, like all Server-side methods, MUST have all parameters of the
TSQLRestServerCallBack
prototype:
type TSQLRestServerCallBack = function(var aParams: TSQLRestServerCallBackParams): Integer of object;
Then we implement this method:
function TSQLRestServerTest.Sum(var aParams: TSQLRestServerCallBackParams): Integer; var a,b: Extended; begin if not UrlDecodeNeedParameters(aParams.Parameters,'A,B') then begin result := 404; // invalid Request exit; end; while aParameters<>nil do begin UrlDecodeExtended(aParams.Parameters,'A=',a); UrlDecodeExtended(aParams.Parameters,'B=',b,@aParams.Parameters); end; aParams.Resp := JSONEncodeResult([a+b]); // same as : aResp := JSONEncode(['result',a+b],TempMemoryStream); result := 200; // success end;
On the Server side, you can use the UrlDecodeNeedParameters
function to check that an expected parameters were supplied by the caller, then
call UrlDecodeInteger / UrlDecodeInt64 / UrlDecodeExtended /
UrlDecodeValue
functions (all defined in SynCommons.pas
) to
retrieve each individual parameter as standard JSON content. The powerful
UrlDecodeObject
function (defined in
SQLite3Commons.pas
) can be used to unserialize most class instance
from its textual JSON representation. Note that due to this implementation
pattern, the mORMot service implementation is very fast, and not sensitive to
the "Hash collision attack" security issue, as reported with Apache -
see this blog
entry for details.
The aParams.Session
parameter may contain at calling time the
current session identifier. If authentication is not used, this parameter is
meaningless. Server-side implementation can use the
TSQLRestServer.SessionGetUser
method to retrieve the corresponding
user details (the returned TSQLAuthUser
instance is a local
thread-safe copy which shall be freed when done).
The aParams.Head
parameter may be overridden on the server side
to set a custom header which will be provided to the client - it may be useful
for instance to specify another mime-type than the default constant
JSON_CONTENT_TYPE
, i.e. 'application/json;
charset=UTF-8'
.