The clientRequire endpoint. Used by client side loaders (SystemJS for example) to emulate commonJS require

Security note: It is very important to prevent loading a server-side logic to the client - server-side logic MUST be hidden from clients

To do this clientRequire endpoint:

• allow access only to modules inside application node_modules folder
• in case requested module is a UnityBase model (present in ubConfig.json) then restrict access to non-public part of such model

So developer should list all the modules that contain a sensitive server-side business logic inside the application config and set a moduleName parameter correctly for such models.

On the production where nginx is used as a reverse proxy requests to /clientRequire is intercepted by nginx and returns a static file previously linked by ubcli linkStatic command, which uses the same resolve algorithm as described above

The getAppInfo endpoint. Responsible for return an information about application required for an initial client side connectivity and UI setup

Models can extend response by subscribes to App.on('getAppInfo') event and modify a payload object - see example in getAppInfo event doc

The getDomainInfo endpoint. Return JSON representation of application Domain according to caller rights

The models endpoint. Responsible for return a static files content from a model publicPath folders

For example request GET http://host:port/models/modelName/fileName will return a file from a public folder of a model modelName

Execute entity level method with direct access to the HTTP request and response. Client calls such methods using POST /rest/entityCode/methodCode.

The main purpose is to create an entity-level method what accept a binary request body or returns a binary response

REST methods handler is called with 3 parameters: (ctxt: null, req: THTTPRequest, resp: THTTPResponse) and should fill a resp object props properly.

Endpoint verify user has access to method.

  
      // define entity method what can be called either using `/rest` or usong `/ubql`
me.entity.addMethod('getCertificate')
me.getCertificate = function (ctxt, req, resp) {
  let certID
  if (req) { // endpoint is called as rest/uba_usercertificate/getCertificate?ID=1231
    if (!req.parsedParameters.ID) {
      return resp.badRequest('Missed ID; Expext URL to be rest/uba_usercertificate/getCertificate?ID=1231')
    }
    certID = req.parsedParameters.ID
  } else {
    certID = ctxt.mParams.ID
  }
  const store = UB.Repository('uba_usercertificate')
    .attrs(['ID', 'certificate'])
    .where('ID', '=', certID).select()
  if (store.eof) throw new Error('not found')

  let certificate = store.getAsBuffer('certificate')
  if (req) { // called as rest
    resp.writeEnd(certificate)
    resp.writeHead('Content-Type: application/x-x509-user-cert')
    resp.statusCode = 200
  } else {
    certificate = Buffer.from(certificate)
    certificate = certificate.toString('base64')
    ctxt.dataStore.initialize({ fieldCount: 1, values: ['certificate', certificate], rowCount: 1 })
  }
}

// on client side
// call using rest:
const certResp = await UB.connection.get('/rest/uba_usercertificate/getCertificate?ID=334607980199937')
const certBin = certResp.data
// call using ubql:
const certResp = await UB.connection.query({entity: 'uba_usercertificate', method: 'getCertificate', ID:334607980199937})
const certBase64 = certResp.resultData.data[0][0]
  

Default endpoint. Will be called in case URL do not start form a known endpoint. Current implementation will handle static files from ServerConfig.HTTPServer.inetPub folder