FMS服务端验证用户来源

load("N2Authoricator.asc")
application.onAppStart = function()
{
  this.authoricator = new N2Authoricator("allowedHTMLdomains.txt","allowedSWFdomains.txt");
}
application.onConnect = function(p_client)
{
  this.authoricator.checkClient(p_client) ? this.acceptConnection(p_client) : this.rejectConnection(p_client)
}

/*
-------------------------------------------------------------------------------------------------------------------
 allowedHTMLdomains.txt and allowedSWFdomains.txt
-------------------------------------------------------------------------------------------------------------------
# This configuration file can be used to specify the domains which are
# allowed to host an HTML file which can possibly embed a client .swf file
# for Live (out of the box) application. By default, this authentication is
# disabled
#
# - There can be at most one domain entry per line e.g. to add domains
# http://myhost1.com and https://www.abc.myhost2.com the corresponding entries should be:
#
#  myhost1.com
#  www.abc.myhost2.com
#     
#   NOTE: There must not be any space character in the line containing a domain entry.
#   Such entries are discarded by this application after logging a warning Message .
#
# - Adding an entry for a domain also allows all its subdomains to have file hosting
# permission.
#
# - An Asterisk (*) can be used to allow all domains to successfully authenticate.
#
# - Applicable only for the cases when the html page is accessed through http/https URL.
#
#
# To enable domain name based authentication for HTML file hosts, remove the following *
# and add new entries.
-------------------------------------------------------------------------------------------------------------------
*/
try { var dummy = N2Authoricator; } catch ( e ) {

load("N2StringUtils.asc")

N2Authoricator = function(htmlAuthFile,swfAuthFile)
{
  trace("#Authoricator# constructor ");
  this.HTMLDomainsAuth = this.SWFDomainsAuth = false
  if(htmlAuthFile!=undefined && htmlAuthFile!="")
  {
    this.HTMLDomainsAuth = true
   this.allowedHTMLDomains = this.readValidDomains(htmlAuthFile,"HTMLDomains");
  }
  if(swfAuthFile!=undefined && swfAuthFile !="")
  {
    this.SWFDomainsAuth = true
   this.allowedSWFDomains = this.readValidDomains(swfAuthFile,"SWFDomains");
  }
  
}

//public
N2Authoricator.prototype.checkClient = function (p_client)
{
 trace("## Authoricator pageUrl ## "+ p_client.pageUrl)
 trace("## Authoricator referrer ## "+ p_client.referrer)
  if(p_client.agent.indexOf("FME")==-1)
  {

    // Authenticating HTML file's domain for the request :
    // Don't call validate() when the request is from localhost
    // or HTML Domains Authentication is off.
    if ((p_client.ip != "127.0.0.1") && this.HTMLDomainsAuth
        && !this.validate( p_client.pageUrl, this.allowedHTMLDomains ) )
    {
      trace("unknown pageurl " + p_client.pageUrl + ", rejecting connection");
      return false;
    }
  
    // Authenticating the SWF file's domain for the request :
    // Don't call validate() when the request is from localhost
    // or SWF Domains Authentication is off.
    if ((p_client.ip != "127.0.0.1") && this.SWFDomainsAuth
        && !this.validate( p_client.referrer, this.allowedSWFDomains ) )
    {
      trace("unknown referrer " + p_client.referrer + ", rejecting connection");
      return false;
    }    
    return true
  }
}

// public
N2Authoricator.prototype.isFME = function (p_client)
{
  
 return p_client.agent.indexOf("FME")!= -1

}

//private
N2Authoricator.prototype.validate = function( url, patterns )
{
  // Convert to lower case
  url = url.toLowerCase();
  var domainStartPos = 0; // domain start position in the URL
  var domainEndPos = 0; // domain end position in the URL
  
  switch (url.indexOf( "://" ))
  {
    case 4:
      if(url.indexOf( "http://" ) ==0)
        domainStartPos = 7;
      break;
    case 5:
      if(url.indexOf( "https://" ) ==0)
        domainStartPos = 8;
      break;
  }
  if(domainStartPos == 0)
  {
    // URL must be HTTP or HTTPS protocol based
    return false;
  }
  domainEndPos = url.indexOf("/", domainStartPos);
  if(domainEndPos>0)
  {
    colonPos = url.indexOf(":", domainStartPos);
    if( (colonPos>0) && (domainEndPos > colonPos))
    {
      // probably URL contains a port number
      domainEndPos = colonPos; // truncate the port number in the URL
    }
  }
  for ( var i = 0; i < patterns.length; i++ )
  {
    var pos = url.lastIndexOf( patterns[i]);
    if ( (pos > 0) && (pos < domainEndPos) && (domainEndPos == (pos + patterns[i].length)) )
      return true;
  }
  return false;
}

//private
N2Authoricator.prototype.readValidDomains = function( fileName , domainsType )
{
  var domainFile = new File(fileName);
  var domainsArray = new Array();
  var index = 0;
  var lineCount = 0;
  var tempLine;
  domainFile.open("text", "read");
  
  // Read the file line-by-line and fill the domainsArray
  // with valid entries
  while (domainFile.isOpen && ! domainFile.eof() )
  {
    
    tempLine = domainFile.readln();
    lineCount++;
    if( !tempLine || tempLine.indexOf("#") == 0)
    {
      continue;
    }
    tempLine = N2StringUtils.trim(tempLine)
    //tempLine = tempLine.trim();
    if(tempLine.indexOf(" ")!=-1)
    {
      trace("undesired <space>, domain entry ignored. "+fileName+":"+(lineCount+1));
    }
    else
    {
      domainsArray[index] = tempLine.toLowerCase();
      index++;
      
      if(tempLine == "*")
      {
        switch (domainsType){
          
          case "HTMLDomains":
            trace ("Found wildcard (*) entry: disabling authentication for HTML file domains ")  ;
            this.HTMLDomainsAuth =  false;    
            break;
          
          case "SWFDomains":
            trace ("Found wildcard (*) entry: disabling authentication for SWF file domains ")  ;
            this.SWFDomainsAuth =  false;    
            break;
            
          default:
            // Do nothing
            break;  
        }
      }
    }
  } // End while
  
  // Something is wrong! the domains file must be accessible.
  if( !domainFile.isOpen){
    trace("Error: could not open '"+fileName+"', rejecting all clients except localhost. ");
    
  }
  else
  {
    domainFile.close();
  }

  return domainsArray;
}

}

try { var dummy = N2StringUtils; } catch ( e ) {
 
 N2StringUtils = function(){}
 
 N2StringUtils.trim = function (str)
 {  
  return str.replace(/^\s*/, "").replace(/\s*$/, "");
 }

 N2StringUtils.hiliteURLs = function(msg)
 {

    //+
    //escape all <
    //-
    var escaped = "";
    var ltPos = msg.indexOf("<");
    while (ltPos != -1) {
      escaped = msg.substring(0, ltPos) + "&lt;" + msg.substring(ltPos+1,msg.length);
      //trace ("escaped: "+escaped);
      msg = escaped;
      ltPos = msg.indexOf("<");
    }

    //+
    //escape all >
    //-
    var escaped = "";
    var ltPos = msg.indexOf(">");
    while (ltPos != -1) {
      escaped = msg.substring(0, ltPos) + "&gt;" + msg.substring(ltPos+1,msg.length);
      //trace ("escaped: "+escaped);
      msg = escaped;
      ltPos = msg.indexOf(">");
    }

    //+
    //highlight urls
    //-
    var url_begin = msg.indexOf("http:");
    if ( url_begin == -1 )
      url_begin = msg.indexOf("www.");

    if ( url_begin == -1 )
      return msg;

    var hilited = msg.substring(0, url_begin);
    var url_end = msg.indexOf( " ", url_begin );

    var urlstr = "";
    if ( url_end == -1 )
      urlstr = msg.substring(url_begin);
    else
      urlstr = msg.substring(url_begin, url_end);

    var urlref = urlstr;
    if ( urlstr.indexOf("www.") == 0 )
      urlref = "http://" + urlstr;

    var trailer = "";
    if ( url_end != -1 )
      trailer = this.hiliteURLs( msg.substring(url_end) );

    hilited += "<font color=\"#0000FF\"><u><a href=\"" + urlref + "\" target=\"_blank\">" + urlstr + "</a></u></font>" + trailer;
    //hilited += "<font color=\"#0000FF\"><u><a href=\"" + urlstr + "\">" + urlstr + "</a></u></font>" + trailer;

    return hilited;
  }
}