X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fnet%2Fpterodactylus%2Fsone%2Fweb%2Fajax%2FJsonPage.java;h=e8cd3d5ac0af8a2687a8bed4b06dcd65d4884745;hb=bd2cbb229f68fb2535cf6010befa9c4a276d2ee6;hp=20ddfc63c508fea92cefbcaca5100411276ddab8;hpb=cb2f7e57a8ac1768da8f9c2a11d23118c1564f87;p=Sone.git diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java index 20ddfc6..e8cd3d5 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java @@ -17,9 +17,15 @@ package net.pterodactylus.sone.web.ajax; +import java.util.UUID; + +import net.pterodactylus.sone.data.Sone; +import net.pterodactylus.sone.web.WebInterface; import net.pterodactylus.sone.web.page.Page; import net.pterodactylus.util.json.JsonObject; import net.pterodactylus.util.json.JsonUtils; +import freenet.clients.http.SessionManager.Session; +import freenet.clients.http.ToadletContext; /** * A JSON page is a specialized {@link Page} that will always return a JSON @@ -32,14 +38,86 @@ public abstract class JsonPage implements Page { /** The path of the page. */ private final String path; + /** The Sone web interface. */ + protected final WebInterface webInterface; + /** * Creates a new JSON page at the given path. * * @param path * The path of the page + * @param webInterface + * The Sone web interface */ - public JsonPage(String path) { + public JsonPage(String path, WebInterface webInterface) { this.path = path; + this.webInterface = webInterface; + } + + // + // ACCESSORS + // + + /** + * Returns the current session, creating a new session if there is no + * current session. + * + * @param toadletContenxt + * The toadlet context + * @return The current session, or {@code null} if there is no current + * session + */ + protected Session getCurrentSession(ToadletContext toadletContenxt) { + return getCurrentSession(toadletContenxt, true); + } + + /** + * Returns the current session, creating a new session if there is no + * current session and {@code create} is {@code true}. + * + * @param toadletContenxt + * The toadlet context + * @param create + * {@code true} to create a new session if there is no current + * session, {@code false} otherwise + * @return The current session, or {@code null} if there is no current + * session + */ + protected Session getCurrentSession(ToadletContext toadletContenxt, boolean create) { + try { + Session session = webInterface.getSessionManager().useSession(toadletContenxt); + if (create && (session == null)) { + session = webInterface.getSessionManager().createSession(UUID.randomUUID().toString(), toadletContenxt); + } + return session; + } catch (freenet.clients.http.RedirectException re1) { + return null; + } + } + + /** + * Returns the currently logged in Sone. + * + * @param toadletContext + * The toadlet context + * @return The currently logged in Sone, or {@code null} if no Sone is + * currently logged in + */ + protected Sone getCurrentSone(ToadletContext toadletContext) { + Session session = getCurrentSession(toadletContext); + if (session == null) { + return null; + } + String soneId = (String) session.getAttribute("Sone.CurrentSone"); + if (soneId == null) { + return null; + } + for (Sone sone : webInterface.getCore().getSones()) { + if (sone.getId().equals(soneId)) { + return sone; + } + } + return null; } // @@ -56,6 +134,17 @@ public abstract class JsonPage implements Page { */ protected abstract JsonObject createJsonObject(Request request); + /** + * Returns whether this command needs the form password for authentication + * and to prevent abuse. + * + * @return {@code true} if the form password (given as “formPassword”) is + * required, {@code false} otherwise + */ + protected boolean needsFormPassword() { + return true; + } + // // PAGE METHODS // @@ -73,6 +162,12 @@ public abstract class JsonPage implements Page { */ @Override public Response handleRequest(Request request) { + if (needsFormPassword()) { + String formPassword = request.getHttpRequest().getParam("formPassword"); + if (!webInterface.getFormPassword().equals(formPassword)) { + return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + } + } JsonObject jsonObject = createJsonObject(request); return new Response(200, "OK", "application/json", JsonUtils.format(jsonObject)); }