From 896463c592837b09794fa9368accf105c0bb05be Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?= Date: Fri, 22 Oct 2010 16:05:39 +0200 Subject: [PATCH] Enhance JSON page to optionally require a form password. --- .../net/pterodactylus/sone/web/WebInterface.java | 2 +- .../sone/web/ajax/GetSoneStatusPage.java | 30 ++++++++++++++-------- .../sone/web/ajax/GetTranslationPage.java | 18 +++++++++---- .../net/pterodactylus/sone/web/ajax/JsonPage.java | 26 ++++++++++++++++++- 4 files changed, 58 insertions(+), 18 deletions(-) diff --git a/src/main/java/net/pterodactylus/sone/web/WebInterface.java b/src/main/java/net/pterodactylus/sone/web/WebInterface.java index ec20785..0f6e21a 100644 --- a/src/main/java/net/pterodactylus/sone/web/WebInterface.java +++ b/src/main/java/net/pterodactylus/sone/web/WebInterface.java @@ -225,7 +225,7 @@ public class WebInterface extends AbstractService { pageToadlets.add(pageToadletFactory.createPageToadlet(new StaticPage("javascript/", "/static/javascript/", "text/javascript"))); pageToadlets.add(pageToadletFactory.createPageToadlet(new StaticPage("images/", "/static/images/", "image/png"))); pageToadlets.add(pageToadletFactory.createPageToadlet(new GetTranslationPage(this))); - pageToadlets.add(pageToadletFactory.createPageToadlet(new GetSoneStatusPage(core()))); + pageToadlets.add(pageToadletFactory.createPageToadlet(new GetSoneStatusPage(this))); ToadletContainer toadletContainer = sonePlugin.pluginRespirator().getToadletContainer(); toadletContainer.getPageMaker().addNavigationCategory("/Sone/index.html", "Navigation.Menu.Name", "Navigation.Menu.Tooltip", sonePlugin); diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java index 3f1bbca..3b619cc 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/GetSoneStatusPage.java @@ -20,9 +20,9 @@ package net.pterodactylus.sone.web.ajax; import java.text.SimpleDateFormat; import java.util.Date; -import net.pterodactylus.sone.core.Core; import net.pterodactylus.sone.core.Core.SoneStatus; import net.pterodactylus.sone.data.Sone; +import net.pterodactylus.sone.web.WebInterface; import net.pterodactylus.util.json.JsonObject; /** @@ -33,29 +33,37 @@ import net.pterodactylus.util.json.JsonObject; */ public class GetSoneStatusPage extends JsonPage { - /** The Sone core. */ - private final Core core; - /** * Creates a new AJAX sone status handler. * - * @param core - * The Sone core + * @param webInterface + * The Sone web interface */ - public GetSoneStatusPage(Core core) { - super("ajax/getSoneStatus.ajax"); - this.core = core; + public GetSoneStatusPage(WebInterface webInterface) { + super("ajax/getSoneStatus.ajax", webInterface); } + // + // JSONPAGE METHODS + // + /** * {@inheritDoc} */ @Override protected JsonObject createJsonObject(Request request) { String soneId = request.getHttpRequest().getParam("sone"); - Sone sone = core.getSone(soneId); - SoneStatus soneStatus = core.getSoneStatus(sone); + Sone sone = webInterface.core().getSone(soneId); + SoneStatus soneStatus = webInterface.core().getSoneStatus(sone); return new JsonObject().put("status", soneStatus.name()).put("modified", sone.getModificationCounter() > 0).put("lastUpdated", new SimpleDateFormat("MMM d, yyyy, HH:mm:ss").format(new Date(sone.getTime()))).put("age", (System.currentTimeMillis() - sone.getTime()) / 1000); } + /** + * {@inheritDoc} + */ + @Override + protected boolean needsFormPassword() { + return false; + } + } diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java index 21ec083..68f1777 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/GetTranslationPage.java @@ -27,9 +27,6 @@ import net.pterodactylus.util.json.JsonObject; */ public class GetTranslationPage extends JsonPage { - /** The Sone web interface. */ - private WebInterface webInterface; - /** * Creates a new translation page. * @@ -37,10 +34,13 @@ public class GetTranslationPage extends JsonPage { * The Sone web interface */ public GetTranslationPage(WebInterface webInterface) { - super("ajax/getTranslation.ajax"); - this.webInterface = webInterface; + super("ajax/getTranslation.ajax", webInterface); } + // + // JSONPAGE METHODS + // + /** * {@inheritDoc} */ @@ -51,4 +51,12 @@ public class GetTranslationPage extends JsonPage { return new JsonObject().put("value", translation); } + /** + * {@inheritDoc} + */ + @Override + protected boolean needsFormPassword() { + return false; + } + } diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java index 20ddfc6..6b5d614 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java @@ -17,6 +17,7 @@ package net.pterodactylus.sone.web.ajax; +import net.pterodactylus.sone.web.WebInterface; import net.pterodactylus.sone.web.page.Page; import net.pterodactylus.util.json.JsonObject; import net.pterodactylus.util.json.JsonUtils; @@ -32,14 +33,20 @@ public abstract class JsonPage implements Page { /** The path of the page. */ private final String path; + /** The Sone web interface. */ + protected final WebInterface webInterface; + /** * Creates a new JSON page at the given path. * * @param path * The path of the page + * @param webInterface + * The Sone web interface */ - public JsonPage(String path) { + public JsonPage(String path, WebInterface webInterface) { this.path = path; + this.webInterface = webInterface; } // @@ -56,6 +63,17 @@ public abstract class JsonPage implements Page { */ protected abstract JsonObject createJsonObject(Request request); + /** + * Returns whether this command needs the form password for authentication + * and to prevent abuse. + * + * @return {@code true} if the form password (given as “formPassword”) is + * required, {@code false} otherwise + */ + protected boolean needsFormPassword() { + return true; + } + // // PAGE METHODS // @@ -73,6 +91,12 @@ public abstract class JsonPage implements Page { */ @Override public Response handleRequest(Request request) { + if (needsFormPassword()) { + String formPassword = request.getHttpRequest().getParam("formPassword"); + if (!webInterface.formPassword().equals(formPassword)) { + return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false))); + } + } JsonObject jsonObject = createJsonObject(request); return new Response(200, "OK", "application/json", JsonUtils.format(jsonObject)); } -- 2.7.4