RESTful image handling
The plug-in integrates the Froala framework with Oracle APEX RESTful service to handle image uploading, displaying uploaded images, and deleting images using the image browser.
The plug-in sample RESTful service implements handlers described in the table below.
|browse||GET||Display previously uploaded and stored in the database images.|
|delete||POST||Delete an uploaded image using the Froala image browser.|
|get/:fileid||GET||Display an uploaded image embedded in rich HTML text.|
|upload||POST||Upload images added to a rich text HTML on a page submission.|
The plug-in sample RESTful service handlers (except for displaying an image) are secured using an access token. The access token is created from a JSON object computed by the plug-in rendering procedure. The JSON object contains the following information:
- current APEX session ID
- time for how long an access token is valid
- the RESTful service URL displaying an image
Once the JSON object is created, it is transformed into plain text and encoded using a custom salt string. The access token can be decoded only using the same salt string.
The access token is valid when successfully decoded, and the defined validity time is not exceeded.
The plug-in sample RESTful service handlers browsing, deleting, and uploading images start with an access token validation check. If an access token is invalid (or not provided), a handler raises an error and cancels the requested image operation.
Learn more about error handling in the RESTful Service \ Error handling.
Using the plug-in access token to secure RESTful service is not mandatory, but it is strongly recommended as the primary security check.
The default salt string used to generate an access token is defined in the
UC_FROALA_SETTINGS package and should be changed after installing the plug-in.
create or replace package UC_FROALA_SETTINGS as
g_froala_access_token varchar2(64) := '17273F940549E5B88416BEFDBF9C4BD4CC0E1F98283BA89B4907F6777B853F56';