There is a webscript in share for creating a site in Alfresco (‘service/modules/create-site’).
In the body of the request you can define :
- visibility: ‘PUBLIC’, ‘MODERATED’ and ‘PRIVATE’
- title: The name of the site,
- shortName: The short name for the site, this parameter will appear in the URL, it should be a valid shortName.
- description: A description of the site.
- sitePreset: The template for creating the site, typically ‘site-dashboard’
The problem with using this webscript like that is that you will receive an error:
javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/service/modules/create-site
One possibility is to disable CSRF for any request from a particular trusted server
That methodoly is described in:
http://docs.alfresco.com/5.1/concepts/csrf-policy.html
The second one is to provide an appropriated CSRF header. To achieve this you will run three HTTP Request in order.
- /share/page/dologin POST: This will authenticate you and will give you a session
- /share/page/user/admin/dashboard GET : This will give you the CSRF header
- /share/service/modules/create-site POST : This finally will create the site. You should put the CSRF in the header ‘alfresco-csrftoken’
It is important to noticed that you have to carry all the cookies from one request to another.
Code example in node Javascript:
———–
var querystring = require('querystring'); var http = require('http'); // BEGIN configuration var username = 'admin'; var password = 'admin'; var url = 'localhost'; var port = '8080'; var site_title= 'My Site Title'; // name of the site var site_shortName = 'my_site'; // should be a valid shortName var site_description = 'This site is an example'; // description of the site var site_sitePreset = 'site-dashboard"'; // // END configuration /** ** login http request ** @param {function} callback function called when request success */ function httpRequestLogin(callback) { var path = '/share/page/dologin'; var options = { 'method': 'POST', 'hostname': url, 'port': port, 'path': path, 'headers': { 'content-type': 'application/x-www-form-urlencoded', 'origin': 'http://' + url + ':' + port, 'cache-control': 'no-cache' } }; var request = http.request(options, function (response) { response.on('data', function () { }); response.on('end', function () { var cookiesManager = new CookiesManager(); cookiesManager.addCookies(response); if (response.statusCode === 302) { callback(cookiesManager); } else { console.error('error request: ' + path + ' message:' + response.statusCode); } }); response.on('error', function (err) { console.error('error request: ' + path + ' message:' + response.statusCode); console.error(err.stack); }); }); var query = querystring.stringify({ username: username, password: password, success: '/share/page/', failure: '/share/page/?error=true' }); request.write(query); request.end(); } /** ** call dashboard http request, it is important to do this query for receiving ** the csrf cookie ** @param {CookiesManager} cookie manager ** @param {function} callback function called when request success */ function httpRequestDashboard(cookiesManager, callback) { var options = { 'method': 'GET', 'hostname': url, 'port': port, 'path': '/share/page/user/admin/dashboard', 'headers': { 'Cookie': cookiesManager.toString(), 'origin': 'http://' + url + ':' + port, 'cache-control': 'no-cache' } }; var request = http.request(options, function (response) { response.on('data', function () { }); response.on('end', function () { cookiesManager.addCookies(response); if (response.statusCode === 200) { callback(cookiesManager); } else { console.error('error request: ' + path + ' message:' + response.statusCode); } }); response.on('error', function (err) { console.error('error request: ' + path + ' message:' + response.statusCode); console.error(err.stack); }); }); request.end(); } /** ** create site http request ** @param {CookiesManager} cookie manager ** @param {function} callback function called when request success */ function httpRequestCreateSite(cookiesManager, callback) { var csrf = cookiesManager.getCookie('Alfresco-CSRFToken'); csrf = unescape(csrf); var options = { 'method': 'POST', 'hostname': url, 'port': port, 'path': '/share/service/modules/create-site', 'headers': { 'Cookie': cookiesManager.toString() , 'content-type': 'application/json', 'alfresco-csrftoken': csrf, 'referer': 'http://' + url + ':' + port + '/share/page/user/admin/dashboard', 'cache-control': 'no-cache', } }; var request = http.request(options, function (response) { var chunks = []; response.on('data', function (chunk) { chunks.push(chunk); }); response.on('end', function () { var body = Buffer.concat(chunks); callback(body.toString()); }); }); var body = JSON.stringify({ visibility: 'PUBLIC', title: site_title, shortName: site_shortName, description: site_description, sitePreset: site_sitePreset, siteTemplate: '' }); request.write(body); request.end(); } /** ** cookie Manager class */ function CookiesManager() { this.arr = {}; } /** ** add to the current cookies the cookies in the response ** @param {response} http response */ CookiesManager.prototype.addCookies = function(response) { var this_ = this; var cookiesResponse = response.headers['set-cookie']; if ( cookiesResponse ) { cookiesResponse.forEach( function ( cookieStr ) { if (cookieStr) { var path = cookieStr.split(/[=;]/); var name = path[0]; var value = path[1]; this_.arr[name] = value; } } ); } } /** ** get cookie value ** @param {string} cookie name */ CookiesManager.prototype.getCookie= function(name) { return this.arr[name]; } /** ** concatenate the cookies */ CookiesManager.prototype.toString= function() { var text = ''; for (var key in this.arr) { if(! this.arr.hasOwnProperty(key)){ continue }; text += key + '=' + this.arr[key] + '; '; } return text; } // start program console.log('init program'); httpRequestLogin(function(cookiesManager){ console.log('finish login'); httpRequestDashboard(cookiesManager, function(cookiesManager) { console.log('finish dashboard'); httpRequestCreateSite(cookiesManager, function(message) { console.log('Create Site Response:'); console.log(message); }); }); });