Beispiel #1
0
        public void ProcessRequest(HttpContext context)
        {
            try
            {
                IResult r_object = ObjectBuilder.CreateFrom(WebShellConfig.GetCommandType("dispatcher"));
                if (r_object.Success)
                {
                    if (System.Text.RegularExpressions.Regex.IsMatch(context.Request.Url.AbsolutePath, "\\w*\\.\\w+$"))
                    {
                        //TODO: normalize forbidden extensions => low
                        string strForbiddenExt = ".exe.dll.cs.config.log";
                        string strFilePath     = context.Server.MapPath(context.Request.Url.AbsolutePath);
                        string strExt          = System.IO.Path.GetExtension(strFilePath);
                        if (!strForbiddenExt.Contains(strExt))
                        {
                            //context.Response.Clear();
                            context.Response.ContentType = "text/" + strExt.Replace(".", "");
                            context.Response.TransmitFile(context.Server.MapPath(context.Request.Url.AbsolutePath));
                            //context.Response.Flush();
                        }
                    }
                    else
                    {
                        ICommand command    = (ICommand)r_object.Data;
                        string   strVirPath = context.Request.ApplicationPath;
                        string   strCommand = context.Request.Url.AbsolutePath.ToLower();
                        if (strCommand.StartsWith(strVirPath.ToLower()))
                        {
                            strCommand = strCommand.Remove(0, strVirPath.Length);
                        }
                        if (strCommand.StartsWith("/"))
                        {
                            strCommand = strCommand.Remove(0, 1);
                        }
                        if (strCommand == string.Empty)
                        {
                            strCommand = "home";
                        }

                        IResult result = command.Execute(strCommand);

                        if (result.Success == true)
                        {
                            context.Response.Write(result.Data);
                        }
                        else
                        {
                            //TODO: if result not succeeded so appropriate action should be taken => High Priority
                            context.Response.Write("Command Result is not trusted.");
                        }
                    }
                }
                else
                {
                    //TODO: manage response to be more meaningful
                    context.Response.Write("Resource not found.");
                }
            }
            catch (Exception ex)
            {
                //TODO: Redirect to Error Page -> High
                context.Response.Write("Website error");
                WebShell.Utilities.Log.Write(this.ToString(), "handler error", ex.StackTrace);
                throw ex;
            }
        }
        /// <summary>
        /// dispatcher will fire corresponding command according to the incoming URL
        /// </summary>
        /// <param name="command">request command by URL</param>
        /// <returns></returns>
        public IResult Execute(string command)
        {
            string   strCommand = GetCommand(command);
            ICommand iCommand   = null;
            Result   comResult  = new Result();

            comResult.Success = false;
            IResult oResult = ObjectBuilder.CreateFrom(WebShellConfig.GetCommandType(strCommand));

            if (oResult.Success)
            {
                iCommand = oResult.Data as ICommand;

                bool          isValidUser   = false;
                object[]      oArr          = iCommand.GetType().GetCustomAttributes(typeof(LoginRequired), true);
                LoginRequired loginRequired = null;
                if (oArr.Length > 0)
                {
                    loginRequired = oArr[0] as LoginRequired;
                    if (loginRequired.Active == true)
                    {
                        ISecurity iSecurity = ObjectBuilder.CreateFrom(WebShellConfig.GetCommandType("security")).Data as ISecurity;
                        isValidUser = iSecurity.IsValidUser();
                    }
                    else
                    {
                        isValidUser = true;
                    }
                }
                else
                {
                    isValidUser = true;
                }

                if (isValidUser)
                {
                    command = command.Remove(0, strCommand.Length);
                    if (command.StartsWith("/"))
                    {
                        command = command.Remove(0, 1);
                    }
                    comResult = iCommand.Execute(command) as Result;
                }
                else if (!isValidUser && loginRequired != null)
                {
                    string message = "try to access \"login required\" form \r\n command url:" + HttpContext.Current.Request.RawUrl;
                    WebShell.Utilities.Log.Write(this.ToString(), "not authorized user", message);
                    if (loginRequired.RedirectTo != null)
                    {
                        HttpContext.Current.Response.Redirect(AppData.GetBaseUrl() + "security/login/?r=" + loginRequired.RedirectTo);
                    }
                    else
                    {
                        HttpContext.Current.Response.Redirect(AppData.GetBaseUrl() + "security/login/?r=" + command);
                    }
                }
                else
                {
                    //may be not reachable
                    comResult.Data = "You are not authorized user";
                    WebShell.Utilities.Log.Write(this.ToString(), "not autorized user", "command url:" + HttpContext.Current.Request.RawUrl);
                }
            }


            return(comResult);
        }