Using ColdFusion as a proxy to a remote application

cookies.cfc

component extends="Controller" {

	/**
	 * Calls remote application with session cookies for this app and posting any form or get values. Returns cfhttp results struct.
	 * @app Model object containing info about remote app.
	 */
	private function callRemoteApp(app) {
		// HTTP method to call
		if (isPost()) {
			local.method = "post";
		}
		else {
			local.method = "get";
		}
		
		// Get remote URL to call
		local.remoteUrl = buildRemoteCallUrl(arguments.app, "remoteBaseUrl", params, cgi.query_string);
		
		// HTTP service to call
		local.httpService = new Http(url=local.remoteUrl, method=local.method, multipart=true, redirect=false);
		
		// Cookies
		local.cookiesListLen = ListLen(StructKeyList(session.remoteApps[params.appName].cookies));
		for (local.i = 1; local.i <= local.cookiesListLen; local.i++) {
			local.cookieKey = ListGetAt(StructKeyList(session.remoteApps[params.appName].cookies), local.i);
			local.httpService.addParam(type="cookie", name=local.cookieKey, value=session.remoteApps[params.appName].cookies[local.cookieKey]);
		}
		
		// Store an array of file names uploaded so we can delete them later
		local.uploadedFiles = [];
		
		// `POST` anything submitted via `POST`
		if (isPost() && ListLen(StructKeyList(form))) {
			local.fieldNameListLen = ListLen(form.FieldNames);
			for (local.i = 1; local.i <= local.fieldNameListLen; local.i = local.fieldData.nextPosition) {
				local.fieldData = getNextFormField(form.FieldNames, local.i);
				local.field = local.fieldData.field;
				
				// Re-upload any file uploads
				local.fieldIsUpload = ToString(form[local.field]).startsWith(GetTempDirectory())
					|| ListFindNoCase(form.FieldNames, Left(local.field, Len(local.field) - 1) & "&attachment]");
				// Railo file upload
				if (local.fieldIsUpload && StructKeyExists(server, "railo")) {
					// Upload file to `/files/uploads/`
					file
						action="upload"
						result="local.fileUpload"
						fileField=local.field
						destination=ExpandPath('./files/uploads')
						nameConflict="makeunique";
					
					// Send it as a `POST` variable
					local.tempFilename = "#local.fileUpload.ServerDirectory#/#local.fileUpload.ServerFile#";
					local.httpService.addParam(type="file", name=local.field, file=local.tempFilename);
					ArrayAppend(local.uploadedFiles, local.tempFilename);
				}
				// ColdFusion file upload
				else if (local.fieldIsUpload) {
					local.fileUpload = FileUpload(fileField=local.field, destination=ExpandPath('/files/uploads'), nameConflict="makeunique");
					
					// Send it as a `POST` variable
					local.tempFilename = "#local.fileUpload.ServerDirectory#/#local.fileUpload.ServerFile#";
					local.httpService.addParam(type="file", name=local.field, file=local.tempFilename);
					ArrayAppend(local.uploadedFiles, local.tempFilename);
				}
				// Don't send values called reload or password
				else if (!ListFind("reload,password", local.field)) {
					local.httpService.addParam(type="formfield", name=local.field, value=form[local.field]);
				}
			}
		}
		
		// Pass along any AJAX headers
		if (isAjax()) {
			local.httpService.addParam(type="header", name="http_x_requested_with", value="XMLHTTPRequest");
		}
		
		// Call it
		local.httpResult = local.httpService.send();
		
		// Delete any files sent
		deleteUploadFiles(local.uploadedFiles);
		
		return local.httpResult.GetPrefix();
	}

	/**
	 * Stores cookies set by the remote application in the user's session.
	 * @httpResult HTTP result data generated by a remote application call with `http`.
	 */
	private function storeRemoteCookies(struct httpResult) {
		if (StructKeyExists(arguments.httpResult, "ResponseHeader") && StructKeyExists(arguments.httpResult.ResponseHeader, "Set-Cookie")) {
			local.setCookie = arguments.httpResult.ResponseHeader['Set-Cookie'];
			// Multi cookie values are in a struct in Adobe ColdFusion
			if (IsStruct(local.setCookie)) {
				for (local.cookieKey in local.setCookie) {
					local.cookieVal = local.setCookie[local.cookieKey];
					
					local.cookieValListLen = ListLen(local.cookieVal, ";");
					for (local.i = 1; local.i <= local.cookieValListLen; local.i++) {
						if (ListFirst(local.cookieKeyVal, "=") != "expires" && ListFirst(local.cookieKeyVal, "=") != "path") {
							session.remoteApps[params.appName].cookies[ListFirst(local.cookieKeyVal, "=")] = ListLast(local.cookieKeyVal, "=");
						}
					}
				}
			}
			// Multi cookie values are in an array in Railo
			else if (IsArray(local.setCookie)) {
				for (local.cookieVal in local.setCookie) {
					local.cookieValListLen = ListLen(local.cookieVal, ";");
					for (local.i = 1; local.i <= local.cookieValListLen; local.i++) {
						local.cookieKeyVal = ListGetAt(local.cookieVal, local.i, ";");
						if (ListFirst(local.cookieKeyVal, "=") != "expires" && ListFirst(local.cookieKeyVal, "=") != "path") {
							session.remoteApps[params.appName].cookies[ListFirst(local.cookieKeyVal, "=")] = UrlDecode(ListLast(local.cookieKeyVal, "="));
						}
					}
				}
			}
			// Single cookie value is in a string
			else if (IsSimpleValue(local.setCookie)) {
				local.cookieKeyVal = local.setCookie;
				if (ListFirst(local.cookieKeyVal, "=") != "expires" && ListFirst(local.cookieKeyVal, "=") != "path") {
					session.remoteApps[params.appName].cookies[ListFirst(local.cookieKeyVal, "=")] = ListLast(local.cookieKeyVal, "=");
				}
			}
		}
	}
}