package net.pterodactylus.sone.web.ajax;
+import net.pterodactylus.sone.web.WebInterface;
import net.pterodactylus.sone.web.page.Page;
import net.pterodactylus.util.json.JsonObject;
import net.pterodactylus.util.json.JsonUtils;
/** The path of the page. */
private final String path;
+ /** The Sone web interface. */
+ protected final WebInterface webInterface;
+
/**
* Creates a new JSON page at the given path.
*
* @param path
* The path of the page
+ * @param webInterface
+ * The Sone web interface
*/
- public JsonPage(String path) {
+ public JsonPage(String path, WebInterface webInterface) {
this.path = path;
+ this.webInterface = webInterface;
}
//
*/
protected abstract JsonObject createJsonObject(Request request);
+ /**
+ * Returns whether this command needs the form password for authentication
+ * and to prevent abuse.
+ *
+ * @return {@code true} if the form password (given as “formPassword”) is
+ * required, {@code false} otherwise
+ */
+ protected boolean needsFormPassword() {
+ return true;
+ }
+
//
// PAGE METHODS
//
*/
@Override
public Response handleRequest(Request request) {
+ if (needsFormPassword()) {
+ String formPassword = request.getHttpRequest().getParam("formPassword");
+ if (!webInterface.formPassword().equals(formPassword)) {
+ return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false)));
+ }
+ }
JsonObject jsonObject = createJsonObject(request);
return new Response(200, "OK", "application/json", JsonUtils.format(jsonObject));
}