maddo/Catalog
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases 2 Packages Wiki Activity Actions

Added avalonia integration and remote proof of concept

Browse source
This commit is contained in:
MaddoScientisto 2026-02-28 15:30:57 +01:00
commit 4a0973b681
23 changed files with 2043 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

679
docs/openapi-race-upload.yaml Normal file
View file

@ -0,0 +1,679 @@
openapi: 3.0.3
info:
title: RUS Reverse-Engineered API (Races, Uploads, Auth)
version: 1.0.0
description: |
OpenAPI specification inferred from JSP/JS usage, `WEB-INF/web.xml`, and decompiled sources
in `WEB-INF/lib/*_src`.
This application is command-driven (`*.abl`) and many endpoints return server-rendered HTML.
Where the implementation returns JSON payloads (notably upload operations), schemas are modeled
explicitly from decompiled DTOs:
- `JsonUploadImageResponse { result, message, imgPath }`
- `JsonUploadFileResponse { result, message, fileName, fileNameLink }`
## Important caveats
- Authentication is session-cookie based (typically `JSESSIONID`), not JWT bearer.
- Some error branches in upload handlers still return `result: true` with an error message text.
Clients should validate both `result` and semantic fields (`imgPath`, `fileName`).
- Several command endpoints primarily render JSP/HTML, so response contracts are best-effort.
- Some deployments namespace admin page endpoints as `/admin/pg_RUS/*` instead of `/admin/pg/*`.
Example observed deployment: `https://www.regalamiunsorriso.it` links `/admin/pg_RUS/Gara.abl` from dashboard.
servers:
- url: https://your-host
description: Replace with your deployed host
tags:
- name: Authentication
description: Session login/logout and related command flows
- name: RaceAdmin
description: Admin race management (`/admin/pg/Gara.abl`) including uploads and command actions
- name: PhotoAdmin
description: Admin photo/type/log endpoints (command-driven)
- name: Media
description: Thumbnail/original photo retrieval
- name: Public
description: Public-facing login/user/photo endpoints mapped in web.xml
security:
- SessionCookieAuth: []
paths:
/admin/menu/Menu4.abl:
post:
tags: [Authentication]
summary: Admin login/logout/password command endpoint
description: |
Command-driven login servlet (`Menu4Svlt` extending `Logon4Svlt`).
Primary commands (`cmdIU`):
- `check` => login
- `login` => logout
- `np` => password-change flow
- `checkSso` => SSO branch (when enabled)
security: []
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/Menu4CommandRequest'
examples:
login:
summary: Login
value:
login: YOUR_USER
pwd: YOUR_PASSWORD
cmdIU: check
logout:
summary: Logout
value:
cmdIU: login
passwordChange:
summary: Password change flow
value:
cmdIU: np
login: YOUR_USER
pwd: YOUR_OLD_PASSWORD
responses:
'200':
description: |
Usually HTML/JSP response with redirect or rendered page; on successful login, session cookies are set.
headers:
Set-Cookie:
description: Session cookie(s), usually including `JSESSIONID`
schema:
type: string
content:
text/html:
schema:
type: string
examples:
loginOk:
summary: Typical successful login page/redirect body
value: "<html>...LOGIN_OK...</html>"
'401':
description: Authentication failure semantics are typically encoded in HTML/message, not strict HTTP 401.
/admin/pg/Gara.abl:
get:
tags: [RaceAdmin]
summary: Race admin endpoint (command/query rendering)
description: |
Command endpoint for race administration. GET is commonly used for page loads/search rendering.
Typical query parameters include `cmd`, `act`, `id_gara`, pagination fields.
parameters:
- $ref: '#/components/parameters/Cmd'
- $ref: '#/components/parameters/Act'
- $ref: '#/components/parameters/IdGara'
responses:
'200':
description: Server-rendered HTML/JSP response
content:
text/html:
schema:
type: string
post:
tags: [RaceAdmin]
summary: Race admin command endpoint (multipart and form-urlencoded)
description: |
Supports both:
1) `multipart/form-data` upload commands (`loadImg`, `removeImg`, `saveFile`)
2) `application/x-www-form-urlencoded` action commands (`addPuntoFoto`, `indexCsvPisa`, ...)
Source evidence:
- `AblServletSvlt._loadImg/_removeImg/_saveFile`
- `GaraSvlt` custom command methods
requestBody:
required: true
content:
multipart/form-data:
schema:
oneOf:
- $ref: '#/components/schemas/GaraLoadImgMultipartRequest'
- $ref: '#/components/schemas/GaraRemoveImgMultipartRequest'
- $ref: '#/components/schemas/GaraSaveFileMultipartRequest'
encoding:
imgFile:
contentType: image/*
fileName:
contentType: '*/*'
examples:
loadImg:
summary: Upload race image slot
value:
cmd: loadImg
id: 123
codImage: 1
totImgNumber: 3
removeImg:
summary: Remove race image slot
value:
cmd: removeImg
id: 123
codImage: 1
totImgNumber: 3
saveFile:
summary: Upload CSV/import file
value:
cmd: saveFile
codFile: 1
id: 0
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/GaraCommandRequest'
examples:
addPuntoFoto:
value:
cmd: addPuntoFoto
id_gara: 123
descrizionePuntoFoto: "Start"
pathRelativoFoto: "start/"
tipoPuntoFoto: "A"
indexFoto:
value:
cmd: indexFoto
id_gara: 123
id_puntoFotoIdx: 987
noIndexFoto:
value:
cmd: noIndexFoto
id_gara: 123
id_puntoFotoIdx: 987
creaPuntiFoto:
value:
cmd: creaPuntiFoto
id_gara: 123
indexCsvPisa:
value:
cmd: indexCsvPisa
id_gara: 123
salvaFileCsv:
value:
cmd: salvaFileCsv
id_gara: 123
fileNameOnServer_1: "punti-foto.csv"
responses:
'200':
description: |
Mixed response style depending on `cmd`.
- Upload commands generally return JSON array with one object.
- Many non-upload commands render HTML/JSP with server messages.
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/UploadImageResponseArray'
- $ref: '#/components/schemas/UploadFileResponseArray'
examples:
imageUploadOk:
value:
- result: true
message: "Immagine 1 Salvata"
imgPath: "../../_img/_gara/100/123_1_1700000000000.jpg"
imageUploadErrorStyle:
summary: Known caveat branch
value:
- result: true
message: "Immagine NON Salvata. Utente non valido"
imgPath: "../../"
fileUploadOk:
value:
- result: true
message: "File punti-foto.csv Salvato"
fileName: "punti-foto.csv"
fileNameLink: "../../tmp/punti-foto.csv"
text/html:
schema:
type: string
examples:
htmlCommandResponse:
value: "<html>...messaggi/bean rendering...</html>"
/admin/pg/Foto.abl:
get:
tags: [PhotoAdmin]
summary: Admin photo listing/search endpoint
responses:
'200':
description: Server-rendered HTML/JSP
content:
text/html:
schema:
type: string
post:
tags: [PhotoAdmin]
summary: Admin photo command endpoint
requestBody:
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/GenericCommandRequest'
responses:
'200':
description: Server-rendered HTML/JSP
content:
text/html:
schema:
type: string
/admin/pg/TipoGara.abl:
get:
tags: [PhotoAdmin]
summary: Admin race-type endpoint
responses:
'200':
description: Server-rendered HTML/JSP
content:
text/html:
schema:
type: string
post:
tags: [PhotoAdmin]
summary: Admin race-type command endpoint
requestBody:
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/GenericCommandRequest'
responses:
'200':
description: Server-rendered HTML/JSP
content:
text/html:
schema:
type: string
/admin/pg/LogFoto.abl:
get:
tags: [PhotoAdmin]
summary: Admin photo-log endpoint
responses:
'200':
description: Server-rendered HTML/JSP
content:
text/html:
schema:
type: string
post:
tags: [PhotoAdmin]
summary: Admin photo-log command endpoint
requestBody:
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/GenericCommandRequest'
responses:
'200':
description: Server-rendered HTML/JSP
content:
text/html:
schema:
type: string
/foto/{filename}:
get:
tags: [Media]
summary: Get thumbnail/photo by path; supports id_foto query
description: |
Mapped to `GetFileTnSvlt`.
Behavior:
- If `id_foto` is provided, photo is loaded by id.
- If missing, servlet may parse id from `{filename}` suffix pattern `name-<id>.<ext>`.
- If not found, fallback `_img/_imgNotFound.png`.
security:
- SessionCookieAuth: []
parameters:
- name: filename
in: path
required: true
schema:
type: string
description: Requested filename segment (also used for id parsing fallback)
- name: id_foto
in: query
required: false
schema:
type: integer
format: int64
description: Photo id (preferred)
responses:
'200':
description: Image bytes or HTML error text based on access checks
content:
image/jpeg:
schema:
type: string
format: binary
image/png:
schema:
type: string
format: binary
text/html:
schema:
type: string
examples:
blocked:
value: "Attenzione!. Questa Foto non puo' essere scaricata!!"
/fotoOriginali/{filename}:
get:
tags: [Media]
summary: Get original photo (with profile/account restrictions)
description: |
Mapped to `GetFileOrigSvlt` (delegates to original-file flow).
Includes additional checks:
- account validity/expiry/max-photo constraints
- filename marker restrictions (`_X`, `_Y`, `_Z`) by profile
- logs access events on successful original retrieval
security:
- SessionCookieAuth: []
parameters:
- name: filename
in: path
required: true
schema:
type: string
- name: id_foto
in: query
required: false
schema:
type: integer
format: int64
responses:
'200':
description: Image bytes or access-denied HTML text
content:
image/jpeg:
schema:
type: string
format: binary
image/png:
schema:
type: string
format: binary
text/html:
schema:
type: string
examples:
denied:
value: "Attenzione!. Account scaduto o raggiunto n. foto massimo"
/Logon.abl:
post:
tags: [Public]
summary: Public login endpoint
description: Mapped to `com.ablia.pg.servlet.Logon2Svlt`.
security: []
requestBody:
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/PublicLogonRequest'
responses:
'200':
description: HTML/JSP response with session handling
content:
text/html:
schema:
type: string
/Users.abl:
get:
tags: [Public]
summary: Public users endpoint
responses:
'200':
description: Implementation-specific output (usually HTML/JSP)
content:
text/html:
schema:
type: string
post:
tags: [Public]
summary: Public users command endpoint
requestBody:
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/GenericCommandRequest'
responses:
'200':
description: Implementation-specific output (usually HTML/JSP)
content:
text/html:
schema:
type: string
components:
securitySchemes:
SessionCookieAuth:
type: apiKey
in: cookie
name: JSESSIONID
description: |
Session cookie set by login endpoints. Some deployments can set additional cookies.
parameters:
Cmd:
name: cmd
in: query
required: false
schema:
type: string
description: Command token for the servlet command-dispatch model
Act:
name: act
in: query
required: false
schema:
type: string
description: Secondary action token used by page flows
IdGara:
name: id_gara
in: query
required: false
schema:
type: integer
format: int64
schemas:
Menu4CommandRequest:
type: object
properties:
login:
type: string
pwd:
type: string
format: password
cmdIU:
type: string
enum: [check, login, np, checkSso, checkCC, ckcclnk, cmcc, ni]
actIU:
type: string
cmd2:
type: string
act2:
type: string
sso:
type: string
required: [cmdIU]
PublicLogonRequest:
type: object
properties:
login:
type: string
pwd:
type: string
cmdIU:
type: string
enum: [check, login, np, checkSso, checkCC, ckcclnk, cmcc]
cmd:
type: string
description: May also route custom commands like `logout` in `Logon2Svlt`
GenericCommandRequest:
type: object
properties:
cmd:
type: string
act:
type: string
cmd2:
type: string
act2:
type: string
_id:
type: string
_id_name:
type: string
pageNumber:
type: integer
totPageNumber:
type: integer
flgReport:
type: string
additionalProperties: true
GaraCommandRequest:
allOf:
- $ref: '#/components/schemas/GenericCommandRequest'
- type: object
properties:
cmd:
type: string
enum:
- addPuntoFoto
- delPuntoFoto
- modPuntoFoto
- indexFoto
- noIndexFoto
- creaPuntiFoto
- indexCsvPisa
- salvaFileCsv
- aggiornaThreadMsg
- search
- md
- ni
- refresh
id_gara:
type: integer
format: int64
id_puntoFoto:
type: integer
format: int64
id_puntoFotoIdx:
type: integer
format: int64
descrizionePuntoFoto:
type: string
pathRelativoFoto:
type: string
tipoPuntoFoto:
type: string
fileNameOnServer_1:
type: string
pathBase:
type: string
descrizione:
type: string
dataGaraInizio:
type: string
format: date
dataGaraFine:
type: string
format: date
GaraLoadImgMultipartRequest:
type: object
required: [cmd, imgFile, id, codImage]
properties:
cmd:
type: string
enum: [loadImg]
imgFile:
type: string
format: binary
id:
type: integer
format: int64
description: Race id (maps to bean primary key in upload flow)
codImage:
type: integer
description: Image slot index (UI uses 1..3)
totImgNumber:
type: integer
description: Total image slots for timestamp rotation logic
GaraRemoveImgMultipartRequest:
type: object
required: [cmd, id, codImage]
properties:
cmd:
type: string
enum: [removeImg]
id:
type: integer
format: int64
codImage:
type: integer
totImgNumber:
type: integer
GaraSaveFileMultipartRequest:
type: object
required: [cmd, fileName]
properties:
cmd:
type: string
enum: [saveFile]
fileName:
type: string
format: binary
description: Field used by JS helper (`Ab.saveFile`)
codFile:
type: integer
id:
type: integer
format: int64
JsonUploadImageResponse:
type: object
properties:
result:
type: boolean
message:
type: string
imgPath:
type: string
required: [result, message, imgPath]
JsonUploadFileResponse:
type: object
properties:
result:
type: boolean
message:
type: string
fileName:
type: string
fileNameLink:
type: string
required: [result, message, fileName, fileNameLink]
UploadImageResponseArray:
type: array
minItems: 1
maxItems: 1
items:
$ref: '#/components/schemas/JsonUploadImageResponse'
UploadFileResponseArray:
type: array
minItems: 1
maxItems: 1
items:
$ref: '#/components/schemas/JsonUploadFileResponse'