Enhance JSON page to optionally require a form password.

diff --git a/src/main/java/net/pterodactylus/sone/web/WebInterface.java b/src/main/java/net/pterodactylus/sone/web/WebInterface.java
index ec20785..0f6e21a 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/WebInterface.java
+++ b/src/main/java/net/pterodactylus/sone/web/WebInterface.java
@@ -225,7 +225,7 @@ public class WebInterface extends AbstractService {
                pageToadlets.add(pageToadletFactory.createPageToadlet(new StaticPage("javascript/", "/static/javascript/", "text/javascript")));
                pageToadlets.add(pageToadletFactory.createPageToadlet(new StaticPage("images/", "/static/images/", "image/png")));
                pageToadlets.add(pageToadletFactory.createPageToadlet(new GetTranslationPage(this)));
-               pageToadlets.add(pageToadletFactory.createPageToadlet(new GetSoneStatusPage(core())));
+               pageToadlets.add(pageToadletFactory.createPageToadlet(new GetSoneStatusPage(this)));
 
                ToadletContainer toadletContainer = sonePlugin.pluginRespirator().getToadletContainer();
                toadletContainer.getPageMaker().addNavigationCategory("/Sone/index.html", "Navigation.Menu.Name", "Navigation.Menu.Tooltip", sonePlugin);

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java
index 3f1bbca..3b619cc 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java
@@ -20,9 +20,9 @@ package net.pterodactylus.sone.web.ajax;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 
-import net.pterodactylus.sone.core.Core;
 import net.pterodactylus.sone.core.Core.SoneStatus;
 import net.pterodactylus.sone.data.Sone;
+import net.pterodactylus.sone.web.WebInterface;
 import net.pterodactylus.util.json.JsonObject;
 
 /**
@@ -33,29 +33,37 @@ import net.pterodactylus.util.json.JsonObject;
  */
 public class GetSoneStatusPage extends JsonPage {
 
-       /** The Sone core. */
-       private final Core core;
-
        /**
         * Creates a new AJAX sone status handler.
         *
-        * @param core
-        *            The Sone core
+        * @param webInterface
+        *            The Sone web interface
         */
-       public GetSoneStatusPage(Core core) {
-               super("ajax/getSoneStatus.ajax");
-               this.core = core;
+       public GetSoneStatusPage(WebInterface webInterface) {
+               super("ajax/getSoneStatus.ajax", webInterface);
        }
 
+       //
+       // JSONPAGE METHODS
+       //
+
        /**
         * {@inheritDoc}
         */
        @Override
        protected JsonObject createJsonObject(Request request) {
                String soneId = request.getHttpRequest().getParam("sone");
-               Sone sone = core.getSone(soneId);
-               SoneStatus soneStatus = core.getSoneStatus(sone);
+               Sone sone = webInterface.core().getSone(soneId);
+               SoneStatus soneStatus = webInterface.core().getSoneStatus(sone);
                return new JsonObject().put("status", soneStatus.name()).put("modified", sone.getModificationCounter() > 0).put("lastUpdated", new SimpleDateFormat("MMM d, yyyy, HH:mm:ss").format(new Date(sone.getTime()))).put("age", (System.currentTimeMillis() - sone.getTime()) / 1000);
        }
 
+       /**
+        * {@inheritDoc}
+        */
+       @Override
+       protected boolean needsFormPassword() {
+               return false;
+       }
+
 }

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java
index 21ec083..68f1777 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java
@@ -27,9 +27,6 @@ import net.pterodactylus.util.json.JsonObject;
  */
 public class GetTranslationPage extends JsonPage {
 
-       /** The Sone web interface. */
-       private WebInterface webInterface;
-
        /**
         * Creates a new translation page.
         *
@@ -37,10 +34,13 @@ public class GetTranslationPage extends JsonPage {
         *            The Sone web interface
         */
        public GetTranslationPage(WebInterface webInterface) {
-               super("ajax/getTranslation.ajax");
-               this.webInterface = webInterface;
+               super("ajax/getTranslation.ajax", webInterface);
        }
 
+       //
+       // JSONPAGE METHODS
+       //
+
        /**
         * {@inheritDoc}
         */
@@ -51,4 +51,12 @@ public class GetTranslationPage extends JsonPage {
                return new JsonObject().put("value", translation);
        }
 
+       /**
+        * {@inheritDoc}
+        */
+       @Override
+       protected boolean needsFormPassword() {
+               return false;
+       }
+
 }

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
index 20ddfc6..6b5d614 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
@@ -17,6 +17,7 @@
 
 package net.pterodactylus.sone.web.ajax;
 
+import net.pterodactylus.sone.web.WebInterface;
 import net.pterodactylus.sone.web.page.Page;
 import net.pterodactylus.util.json.JsonObject;
 import net.pterodactylus.util.json.JsonUtils;
@@ -32,14 +33,20 @@ public abstract class JsonPage implements Page {
        /** The path of the page. */
        private final String path;
 
+       /** The Sone web interface. */
+       protected final WebInterface webInterface;
+
        /**
         * Creates a new JSON page at the given path.
         *
         * @param path
         *            The path of the page
+        * @param webInterface
+        *            The Sone web interface
         */
-       public JsonPage(String path) {
+       public JsonPage(String path, WebInterface webInterface) {
                this.path = path;
+               this.webInterface = webInterface;
        }
 
        //
@@ -56,6 +63,17 @@ public abstract class JsonPage implements Page {
         */
        protected abstract JsonObject createJsonObject(Request request);
 
+       /**
+        * Returns whether this command needs the form password for authentication
+        * and to prevent abuse.
+        *
+        * @return {@code true} if the form password (given as “formPassword”) is
+        *         required, {@code false} otherwise
+        */
+       protected boolean needsFormPassword() {
+               return true;
+       }
+
        //
        // PAGE METHODS
        //
@@ -73,6 +91,12 @@ public abstract class JsonPage implements Page {
         */
        @Override
        public Response handleRequest(Request request) {
+               if (needsFormPassword()) {
+                       String formPassword = request.getHttpRequest().getParam("formPassword");
+                       if (!webInterface.formPassword().equals(formPassword)) {
+                               return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false)));
+                       }
+               }
                JsonObject jsonObject = createJsonObject(request);
                return new Response(200, "OK", "application/json", JsonUtils.format(jsonObject));
        }