Support functions

The Guardium® GUI Application Framework comes with several built-in routes, custom Jinja2 Flask functions, and other helper utilities that support app development.

Overview

All HTTP requests from client-side browsers that go to an app use the following format:

https://<sqlguard_ip>:8443/guardapp/{application_id}/{my_route}

The application_id is the integer value that is assigned during the process of using the installation RESTful endpoints for GUI app creation. The application_id value is recorded in the Application Creation Task state output that is returned when you run the grd_app_creator deploy command.

In the following example, the application ID is 1023.

Application Creation Task state: 
{'status': 'COMPLETED', 'application_id': '1023', 'error_messages': '[]'}

Routes

You can create your own targeted web requests to the app for the routes in the following table:

Table 1. Request routes
Route	Format	Description
GET /debug	`GET https://<sqlguard_ip>:8443/guardapp/ {application_id}/debug`	Download your /store/log/app.log file from inside the container for inspection.
GET /debug_view	`GET https://<sqlguard_ip>:8443/guardapp/ {application_id}/debug_view`	Display the contents of the /store/log/app.log file inside your browser window.
POST /log_level	`POST https://<sqlguard_ip>:8443/guardapp/ {application_id}/log_level form body: level = 'INFO' 'DEBUG' 'ERROR' 'WARNING' 'CRITICAL'`	Dynamically define the level of logging that you want your app to capture. Post a form, with an attribute level that is set to one of the log level values to this endpoint. Guardium dynamically resets the log collection levels in your /store/log/app.log file.

Accessing your Flask endpoints in views.py

You must use relative paths for your endpoints. Do not use the utility methods q_url_for and get_console_ip to create URLs to access your Flask endpoints. If a console uses a web URL instead of an IP address, all the Flask requests are denied because the request is cross-domain. In that case, your app might not work. If you want to access an endpoint from the main app template level, for an AJAX call, for example, to return some JSON data, use the following URL format:

url_cpu_data = 'cpu_data'

This format routes the method in views.py:

@app.route('/cpu_data', methods=['GET'])

If you are working from a folder at a deeper level, for example, use ../cpu_data to go back a level to reach this endpoint.

Do not use the following format to create a URL to access your endpoint:

url_cpu_data = "{{ q_url_for('cpu_data') }}"

As before, if you go from a web URL to an IP address, this request might be denied because the request is cross-domain and so your app might not work.

If you begin the URL with a slash, it starts the URL from this root: https://g-machineIPaddress/

Custom Flask methods

The following table describes the Flask custom methods that you can use:

Table 2. Custom Flask methods
Method	Format	Description
g_url_for()	`def g_url_for(endpoint,append_csrf_token=true, **values):`	Use this Python method inside your routes in your app's views.py or your Jinja2 templates. The method is essentially a wrapper around the Flask url_for(..) method. It applies a prefix that pertains to the correct application-specific path URL portion to get to your app's endpoint. In addition it appends the required CSRF token to the URL. See Guardium CSRF token. Guardium blocks requests that contain CSRF tokens in the URL (even if it was transferred also as a hidden param in the HTTP body). You can use set the optional parameter append_csrf_token=true to add the prefix and the URL; or append_csrf_token=false to add only the prefix. See the example in HTML Forms. If you use url_for in an HTTP POST, the system responds with HTTP Error 403 Forbidden, and ends your session. The following snippet shows how to use the method in a Jinja2 template to add the Guardium URL prefix of an image resource. `<img src="{{ g_url_for('static', filename = 'images/come_image.png') }}" width="256" height="256" alt="previous" title="Previous" border="0">` For more information about the Flask url_for(..) method, go to the Flask website.
getAppBaseURL()	`def getAppBaseUrl():`	Function to get the full URL through Guardium, that will proxy any request to the appropriate application plug-in servlet. This routine returns a URL string that can be appended to create a URL to reference resources in the application. Typically, the q_url_for() function is used for this purpose but getAppBaseURL() is also supplied for convenience.

Guardium CSRF token

The Guardium CSRF (cross-site request forgery) token is generated by Guardium and should be added to any form submit, link or Ajax request. You can use the built-in utility function grdlib.get_CSRF_token() to retrieve this token from the HTTP request and add it to the URL, as demonstrated in these examples.

In JavaScript Requests

When sending an AJAX request, add the X-CSRF-Token header to it. For example, in jQuery you can configure all requests to send the token.

<script type="text/javascript">
    var csrf_token = "{{ gpylib.get_CSRF_token() }}";

    $.ajaxSetup({
        beforeSend: function(xhr, settings) {
            if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
                xhr.setRequestHeader("X-CSRF-Token", csrf_token);
            }
        }
    });
</script>

HTML Forms

Render a hidden input with the token in the form.

<form method="post">
    <input type="hidden" name="org.apache.catalina.filters.CSRF_NONCE" value="{{ gpylib.get_CSRF_token() }}"/>
    <input type="submit" value="Submit">
</form>

If you want to submit the form to a different page, you should use relative link or invoke g_url_for

<form method="post" action={{g_url_for("differentPage.html",append_csrf_token=false)}}>
    <input type="hidden" name="org.apache.catalina.filters.CSRF_NONCE" value="{{ gpylib.get_CSRF_token() }}"/>
    <input type="submit" value="Submit">
</form>

Links

<a href={{g_url_for("debug_view" }}">Show Logs</a>