package net.pterodactylus.sone.web.ajax;
+import net.pterodactylus.sone.data.Sone;
+import net.pterodactylus.sone.web.WebInterface;
import net.pterodactylus.sone.web.page.Page;
import net.pterodactylus.util.json.JsonObject;
import net.pterodactylus.util.json.JsonUtils;
+import freenet.clients.http.SessionManager.Session;
+import freenet.clients.http.ToadletContext;
/**
* A JSON page is a specialized {@link Page} that will always return a JSON
/** The path of the page. */
private final String path;
+ /** The Sone web interface. */
+ protected final WebInterface webInterface;
+
/**
* Creates a new JSON page at the given path.
*
* @param path
* The path of the page
+ * @param webInterface
+ * The Sone web interface
*/
- public JsonPage(String path) {
+ public JsonPage(String path, WebInterface webInterface) {
this.path = path;
+ this.webInterface = webInterface;
+ }
+
+ //
+ // ACCESSORS
+ //
+
+ /**
+ * Returns the current session, creating a new session if there is no
+ * current session.
+ *
+ * @param toadletContenxt
+ * The toadlet context
+ * @return The current session, or {@code null} if there is no current
+ * session
+ */
+ protected Session getCurrentSession(ToadletContext toadletContenxt) {
+ return webInterface.getCurrentSession(toadletContenxt);
+ }
+
+ /**
+ * Returns the current session, creating a new session if there is no
+ * current session and {@code create} is {@code true}.
+ *
+ * @param toadletContenxt
+ * The toadlet context
+ * @param create
+ * {@code true} to create a new session if there is no current
+ * session, {@code false} otherwise
+ * @return The current session, or {@code null} if there is no current
+ * session
+ */
+ protected Session getCurrentSession(ToadletContext toadletContenxt, boolean create) {
+ return webInterface.getCurrentSession(toadletContenxt, create);
+ }
+
+ /**
+ * Returns the currently logged in Sone.
+ *
+ * @param toadletContext
+ * The toadlet context
+ * @return The currently logged in Sone, or {@code null} if no Sone is
+ * currently logged in
+ */
+ protected Sone getCurrentSone(ToadletContext toadletContext) {
+ return webInterface.getCurrentSone(toadletContext);
+ }
+
+ /**
+ * Returns the currently logged in Sone.
+ *
+ * @param toadletContext
+ * The toadlet context
+ * @param create
+ * {@code true} to create a new session if no session exists,
+ * {@code false} to not create a new session
+ * @return The currently logged in Sone, or {@code null} if no Sone is
+ * currently logged in
+ */
+ protected Sone getCurrentSone(ToadletContext toadletContext, boolean create) {
+ return webInterface.getCurrentSone(toadletContext, create);
}
//
*/
protected abstract JsonObject createJsonObject(Request request);
+ /**
+ * Returns whether this command needs the form password for authentication
+ * and to prevent abuse.
+ *
+ * @return {@code true} if the form password (given as “formPassword”) is
+ * required, {@code false} otherwise
+ */
+ protected boolean needsFormPassword() {
+ return true;
+ }
+
+ /**
+ * Returns whether this page requires the user to be logged in.
+ *
+ * @return {@code true} if the user needs to be logged in to use this page,
+ * {@code false} otherwise
+ */
+ protected boolean requiresLogin() {
+ return true;
+ }
+
+ //
+ // PROTECTED METHODS
+ //
+
+ /**
+ * Creates a success reply.
+ *
+ * @return A reply signaling success
+ */
+ protected JsonObject createSuccessJsonObject() {
+ return new JsonObject().put("success", true);
+ }
+
+ /**
+ * Creates an error reply.
+ *
+ * @param error
+ * The error that has occured
+ * @return The JSON object, signalling failure and the error code
+ */
+ protected JsonObject createErrorJsonObject(String error) {
+ return new JsonObject().put("success", false).put("error", error);
+ }
+
//
// PAGE METHODS
//
*/
@Override
public Response handleRequest(Request request) {
+ if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) {
+ return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+ }
+ if (needsFormPassword()) {
+ String formPassword = request.getHttpRequest().getParam("formPassword");
+ if (!webInterface.getFormPassword().equals(formPassword)) {
+ return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+ }
+ }
+ if (requiresLogin()) {
+ if (getCurrentSone(request.getToadletContext(), false) == null) {
+ return new Response(403, "Forbidden", "application/json", JsonUtils.format(createErrorJsonObject("auth-required")));
+ }
+ }
JsonObject jsonObject = createJsonObject(request);
return new Response(200, "OK", "application/json", JsonUtils.format(jsonObject));
}