/// <summary>
/// Create a cache key for the specified request.
/// </summary>
///
/// <param name="request"></param>
public HttpCacheKey(sRequest request)
{
data = new Dictionary<String, String>();
Cacheable = isCacheable(request);
// In theory we only cache GET, but including the method in the cache
// key
// provides some additional insurance that we aren't mixing cache
// content.
set("method", request.getMethod());
set("url", request.getUri().ToString());
// TODO: We can go ahead and add authentication info here as well.
}
protected bool isCacheable(sRequest request)
{
if (request.IgnoreCache)
{
return(false);
}
if (!"GET".Equals(request.getMethod()) &&
!"GET".Equals(request.getHeader("X-Method-Override")))
{
return(false);
}
return(true);
}
/// <summary>
/// Create a cache key for the specified request.
/// </summary>
///
/// <param name="request"></param>
public HttpCacheKey(sRequest request)
{
data = new Dictionary <String, String>();
Cacheable = isCacheable(request);
// In theory we only cache GET, but including the method in the cache
// key
// provides some additional insurance that we aren't mixing cache
// content.
set("method", request.getMethod());
set("url", request.getUri().ToString());
// TODO: We can go ahead and add authentication info here as well.
}
protected bool isCacheable(sRequest request)
{
if (request.IgnoreCache)
{
return false;
}
if (!"GET".Equals(request.getMethod()) &&
!"GET".Equals(request.getHeader("X-Method-Override")))
{
return false;
}
return true;
}
private sRequest createHttpRequest(sRequest basereq, List<OAuth.Parameter> oauthParams)
{
AccessorInfo.OAuthParamLocation? paramLocation = accessorInfo.getParamLocation();
// paramLocation could be overriden by a run-time parameter to fetchRequest
sRequest result = new sRequest(basereq);
// If someone specifies that OAuth parameters go in the body, but then sends a request for
// data using GET, we've got a choice. We can throw some type of error, since a GET request
// can't have a body, or we can stick the parameters somewhere else, like, say, the header.
// We opt to put them in the header, since that stands some chance of working with some
// OAuth service providers.
if (paramLocation == AccessorInfo.OAuthParamLocation.POST_BODY &&
!result.getMethod().Equals("POST"))
{
paramLocation = AccessorInfo.OAuthParamLocation.AUTH_HEADER;
}
switch (paramLocation)
{
case AccessorInfo.OAuthParamLocation.AUTH_HEADER:
result.addHeader("Authorization", getAuthorizationHeader(oauthParams));
break;
case AccessorInfo.OAuthParamLocation.POST_BODY:
if (!OAuth.isFormEncoded(result.ContentType))
{
throw responseParams.oauthRequestException(OAuthError.INVALID_REQUEST,
"OAuth param location can only be post_body if post body is of " +
"type x-www-form-urlencoded");
}
String oauthData = OAuth.formEncode(oauthParams);
if (result.getPostBodyLength() == 0)
{
result.setPostBody(Encoding.UTF8.GetBytes(oauthData));
}
else
{
result.setPostBody(Encoding.UTF8.GetBytes(result.getPostBodyAsString() + '&' + oauthData));
}
break;
case AccessorInfo.OAuthParamLocation.URI_QUERY:
result.setUri(Uri.parse(OAuth.addParameters(result.getUri().ToString(), oauthParams)));
break;
}
return result;
}
/*
Start with an HttpRequest.
Throw if there are any attacks in the query.
Throw if there are any attacks in the post body.
Build up OAuth parameter list
Sign it.
Add OAuth parameters to new request
Send it.
*/
public sRequest sanitizeAndSign(sRequest basereq, List<OAuth.Parameter> parameters)
{
if (parameters == null)
{
parameters = new List<OAuth.Parameter>();
}
UriBuilder target = new UriBuilder(basereq.getUri());
String query = target.getQuery();
target.setQuery(null);
parameters.AddRange(sanitize(OAuth.decodeForm(query)));
if (OAuth.isFormEncoded(basereq.ContentType))
{
parameters.AddRange(sanitize(OAuth.decodeForm(basereq.getPostBodyAsString())));
}
addIdentityParams(parameters);
addSignatureParams(parameters);
try
{
OAuthMessage signed = accessorInfo.getAccessor().newRequestMessage(
basereq.getMethod(), target.ToString(), parameters);
sRequest oauthHttpRequest = createHttpRequest(basereq, selectOAuthParams(signed));
// Following 302s on OAuth responses is unlikely to be productive.
oauthHttpRequest.FollowRedirects = false;
return oauthHttpRequest;
}
catch (Exception e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Error signing message", e);
}
}
