public virtual RewriterResults rewrite(sRequest request, sResponse original, MutableContent content)
{
ByteArrayOutputStream baos = new ByteArrayOutputStream((content.getContent().Length * 110) / 100);
OutputStreamWriter output = new OutputStreamWriter(baos);
String mimeType = original.getHeader("Content-Type");
if (request.RewriteMimeType != null)
{
mimeType = request.RewriteMimeType;
}
GadgetSpec spec = null;
if (request.Gadget != null)
{
spec = _specFactory.getGadgetSpec(request.Gadget.toJavaUri(), false);
}
if (rewrite(spec, request.getUri(),
content,
mimeType,
output))
{
content.setContent(Encoding.Default.GetString(baos.toByteArray()));
return RewriterResults.cacheableIndefinitely();
}
return null;
}
public sResponse execute(sRequest request)
{
sResponse response;
if (!request.IgnoreCache)
{
response = DefaultHttpCache.Instance.getResponse(request);
if (response != null && !response.isStale())
{
return(response);
}
}
if (request.AuthType == AuthType.NONE)
{
response = httpFetcher.fetch(request);
}
else if (request.AuthType == AuthType.OAUTH || request.AuthType == AuthType.SIGNED)
{
response = oauthRequestProvider.get().fetch(request);
}
else
{
return(sResponse.error());
}
if (!request.IgnoreCache && response.getHttpStatusCode() == (int)HttpStatusCode.OK)
{
DefaultHttpCache.Instance.addResponse(request, response);
}
return(response);
}
public sResponse execute(sRequest request)
{
sResponse response;
if (!request.IgnoreCache)
{
response = DefaultHttpCache.Instance.getResponse(request);
if (response != null && !response.isStale())
{
return response;
}
}
if (request.AuthType == AuthType.NONE)
{
response = httpFetcher.fetch(request);
}
else if (request.AuthType == AuthType.OAUTH || request.AuthType == AuthType.SIGNED)
{
response = oauthRequestProvider.get().fetch(request);
}
else
{
return sResponse.error();
}
if (!request.IgnoreCache && response.getHttpStatusCode() == (int)HttpStatusCode.OK)
{
DefaultHttpCache.Instance.addResponse(request, response);
}
return response;
}
protected static String getTokenName(sRequest request)
{
if (request.AuthType != AuthType.NONE)
{
return(request.getOAuthArguments().getTokenName());
}
// Requests that don't use authentication can share the result.
return(DEFAULT_KEY_VALUE);
}
protected static String getInstanceId(sRequest request)
{
if (request.AuthType != AuthType.NONE)
{
return(request.getSecurityToken().getModuleId().ToString());
}
// Requests that don't use authentication can share the result.
return(DEFAULT_KEY_VALUE);
}
protected static String getViewerId(sRequest request)
{
if (request.AuthType != AuthType.NONE &&
request.getOAuthArguments().getSignViewer())
{
return(request.getSecurityToken().getViewerId());
}
// Requests that don't use authentication can share the result.
return(DEFAULT_KEY_VALUE);
}
public sResponse removeResponse(sRequest request)
{
String keyString = createKey(request);
sResponse response = getResponseImpl(keyString);
removeResponseImpl(keyString);
if (responseStillUsable(response))
{
return response;
}
return null;
}
public static sRequest newHttpRequest(GadgetContext context,
RequestAuthenticationInfo authenticationInfo)
{
sRequest request = new sRequest(authenticationInfo.getHref())
.setSecurityToken(context.getToken())
.setOAuthArguments(new OAuthArguments(authenticationInfo))
.setAuthType(authenticationInfo.getAuthType())
.setContainer(context.getContainer())
.setGadget(Uri.fromJavaUri(context.getUrl()));
return request;
}
public sResponse removeResponse(sRequest request)
{
String keyString = createKey(request);
sResponse response = getResponseImpl(keyString);
removeResponseImpl(keyString);
if (responseStillUsable(response))
{
return(response);
}
return(null);
}
protected bool isCacheable(sRequest request)
{
if (request.IgnoreCache)
{
return(false);
}
if (!"GET".Equals(request.getMethod()) &&
!"GET".Equals(request.getHeader("X-Method-Override")))
{
return(false);
}
return(true);
}
public sResponse getResponse(sRequest request)
{
if (isCacheable(request))
{
String keyString = createKey(request);
sResponse cached = getResponseImpl(keyString);
if (responseStillUsable(cached))
{
return cached;
}
}
return null;
}
/// <summary>
/// Create a cache key for the specified request.
/// </summary>
///
/// <param name="request"></param>
public HttpCacheKey(sRequest request)
{
data = new Dictionary<String, String>();
Cacheable = isCacheable(request);
// In theory we only cache GET, but including the method in the cache
// key
// provides some additional insurance that we aren't mixing cache
// content.
set("method", request.getMethod());
set("url", request.getUri().ToString());
// TODO: We can go ahead and add authentication info here as well.
}
/// <summary>
/// Create a cache key for the specified request.
/// </summary>
///
/// <param name="request"></param>
public HttpCacheKey(sRequest request)
{
data = new Dictionary <String, String>();
Cacheable = isCacheable(request);
// In theory we only cache GET, but including the method in the cache
// key
// provides some additional insurance that we aren't mixing cache
// content.
set("method", request.getMethod());
set("url", request.getUri().ToString());
// TODO: We can go ahead and add authentication info here as well.
}
public sResponse getResponse(sRequest request)
{
if (isCacheable(request))
{
String keyString = createKey(request);
sResponse cached = getResponseImpl(keyString);
if (responseStillUsable(cached))
{
return(cached);
}
}
return(null);
}
protected static String getTokenOwner(sRequest request)
{
ISecurityToken st = request.getSecurityToken();
if (request.AuthType != AuthType.NONE &&
st.getOwnerId() != null &&
st.getOwnerId().Equals(st.getViewerId()) &&
request.getOAuthArguments().mayUseToken())
{
return(st.getOwnerId());
}
// Requests that don't use authentication can share the result.
return(DEFAULT_KEY_VALUE);
}
public sResponse fetch(sRequest request)
{
try
{
WebRequest req = request.getRequest();
req.ContentLength = request.getPostBodyLength();
if (request.getPostBodyLength() > 0)
{
req.GetRequestStream().Write(request.getPostBody(), 0, request.getPostBodyLength());
}
sResponse resp = makeResponse(req);
return(resp);
}
catch (Exception)
{
return(sResponse.error());
}
}
public sResponse addResponse(sRequest request, sResponse response)
{
if (isCacheable(request) && isCacheable(response))
{
// Both are cacheable. Check for forced cache TTL overrides.
HttpResponseBuilder responseBuilder = new HttpResponseBuilder(response);
int forcedTtl = request.CacheTtl;
if (forcedTtl != -1)
{
responseBuilder.setCacheTtl(forcedTtl);
}
response = responseBuilder.create();
String keyString = createKey(request);
addResponseImpl(keyString, response);
}
return(response);
}
public sResponse fetch(sRequest request)
{
try
{
WebRequest req = request.getRequest();
req.ContentLength = request.getPostBodyLength();
if (request.getPostBodyLength() > 0)
{
req.GetRequestStream().Write(request.getPostBody(),0,request.getPostBodyLength());
}
sResponse resp = makeResponse(req);
return resp;
}
catch (Exception)
{
return sResponse.error();
}
}
public sResponse addResponse(sRequest request, sResponse response)
{
if (isCacheable(request) && isCacheable(response))
{
// Both are cacheable. Check for forced cache TTL overrides.
HttpResponseBuilder responseBuilder = new HttpResponseBuilder(response);
int forcedTtl = request.CacheTtl;
if (forcedTtl != -1)
{
responseBuilder.setCacheTtl(forcedTtl);
}
response = responseBuilder.create();
String keyString = createKey(request);
addResponseImpl(keyString, response);
}
return response;
}
public ContentRewriterFeature get(sRequest request)
{
Uri gadgetUri = request.Gadget;
GadgetSpec spec;
if (gadgetUri != null)
{
URI gadgetJavaUri = gadgetUri.toJavaUri();
try
{
spec = specFactory.getGadgetSpec(gadgetJavaUri, false);
if (spec != null)
{
return get(spec);
}
}
catch (GadgetException)
{
return defaultFeature;
}
}
return defaultFeature;
}
/// <summary>
/// Clone an existing HttpRequest.
/// </summary>
///
public sRequest(sRequest srequest)
{
req = srequest.req;
uri = srequest.uri;
ignoreCache = srequest.ignoreCache;
cacheTtl = srequest.cacheTtl;
gadget = srequest.gadget;
container = srequest.container;
securityToken = srequest.securityToken;
if (srequest.postBody != null)
{
postBody = new byte[srequest.postBody.Length];
Array.Copy(srequest.postBody, postBody, srequest.postBody.Length);
}
if (srequest.oauthArguments != null)
{
oauthArguments = new OAuthArguments(srequest.oauthArguments);
}
authType = srequest.authType;
rewriteMimeType = srequest.rewriteMimeType;
followRedirects = srequest.followRedirects;
}
/**
* Produce a key from the given request.
*
* Relevant pieces of the cache key:
*
* - request URI
* - authentication type
* - owner id
* - viewer id
* - owner of the token
* - gadget url (from security token; we don't trust what's on the URI itself)
* - instance id
* - oauth service name
* - oauth token name
*
* Except for the first two, all of these may be "0" depending on authentication rules. See
* individual methods for details.
*/
protected String createKey(sRequest request)
{
String uri = request.getUri().ToString();
StringBuilder key = new StringBuilder(uri.Length * 2);
key.Append(request.getUri());
key.Append(KEY_SEPARATOR);
key.Append(request.AuthType);
key.Append(KEY_SEPARATOR);
key.Append(getOwnerId(request));
key.Append(KEY_SEPARATOR);
key.Append(getViewerId(request));
key.Append(KEY_SEPARATOR);
key.Append(getTokenOwner(request));
key.Append(KEY_SEPARATOR);
key.Append(getAppUrl(request));
key.Append(KEY_SEPARATOR);
key.Append(getInstanceId(request));
key.Append(KEY_SEPARATOR);
key.Append(getServiceName(request));
key.Append(KEY_SEPARATOR);
key.Append(getTokenName(request));
return(key.ToString());
}
protected static String getInstanceId(sRequest request)
{
if (request.AuthType != AuthType.NONE)
{
return request.getSecurityToken().getModuleId().ToString();
}
// Requests that don't use authentication can share the result.
return DEFAULT_KEY_VALUE;
}
protected static String getTokenName(sRequest request)
{
if (request.AuthType != AuthType.NONE)
{
return request.getOAuthArguments().getTokenName();
}
// Requests that don't use authentication can share the result.
return DEFAULT_KEY_VALUE;
}
protected static String getViewerId(sRequest request)
{
if (request.AuthType != AuthType.NONE &&
request.getOAuthArguments().getSignViewer())
{
return request.getSecurityToken().getViewerId();
}
// Requests that don't use authentication can share the result.
return DEFAULT_KEY_VALUE;
}
protected static String getTokenOwner(sRequest request)
{
ISecurityToken st = request.getSecurityToken();
if (request.AuthType != AuthType.NONE &&
st.getOwnerId() != null
&& st.getOwnerId().Equals(st.getViewerId())
&& request.getOAuthArguments().mayUseToken())
{
return st.getOwnerId();
}
// Requests that don't use authentication can share the result.
return DEFAULT_KEY_VALUE;
}
public RewriterResults rewrite(sRequest req, sResponse resp, MutableContent content)
{
return RewriterResults.cacheableIndefinitely();
}
/**
* Produce a key from the given request.
*
* Relevant pieces of the cache key:
*
* - request URI
* - authentication type
* - owner id
* - viewer id
* - owner of the token
* - gadget url (from security token; we don't trust what's on the URI itself)
* - instance id
* - oauth service name
* - oauth token name
*
* Except for the first two, all of these may be "0" depending on authentication rules. See
* individual methods for details.
*/
protected String createKey(sRequest request)
{
String uri = request.getUri().ToString();
StringBuilder key = new StringBuilder(uri.Length * 2);
key.Append(request.getUri());
key.Append(KEY_SEPARATOR);
key.Append(request.AuthType);
key.Append(KEY_SEPARATOR);
key.Append(getOwnerId(request));
key.Append(KEY_SEPARATOR);
key.Append(getViewerId(request));
key.Append(KEY_SEPARATOR);
key.Append(getTokenOwner(request));
key.Append(KEY_SEPARATOR);
key.Append(getAppUrl(request));
key.Append(KEY_SEPARATOR);
key.Append(getInstanceId(request));
key.Append(KEY_SEPARATOR);
key.Append(getServiceName(request));
key.Append(KEY_SEPARATOR);
key.Append(getTokenName(request));
return key.ToString();
}
/*
Start with an HttpRequest.
Throw if there are any attacks in the query.
Throw if there are any attacks in the post body.
Build up OAuth parameter list
Sign it.
Add OAuth parameters to new request
Send it.
*/
public sRequest sanitizeAndSign(sRequest basereq, List<OAuth.Parameter> parameters)
{
if (parameters == null)
{
parameters = new List<OAuth.Parameter>();
}
UriBuilder target = new UriBuilder(basereq.getUri());
String query = target.getQuery();
target.setQuery(null);
parameters.AddRange(sanitize(OAuth.decodeForm(query)));
if (OAuth.isFormEncoded(basereq.ContentType))
{
parameters.AddRange(sanitize(OAuth.decodeForm(basereq.getPostBodyAsString())));
}
addIdentityParams(parameters);
addSignatureParams(parameters);
try
{
OAuthMessage signed = accessorInfo.getAccessor().newRequestMessage(
basereq.getMethod(), target.ToString(), parameters);
sRequest oauthHttpRequest = createHttpRequest(basereq, selectOAuthParams(signed));
// Following 302s on OAuth responses is unlikely to be productive.
oauthHttpRequest.FollowRedirects = false;
return oauthHttpRequest;
}
catch (Exception e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Error signing message", e);
}
}
protected bool isCacheable(sRequest request)
{
if (request.IgnoreCache)
{
return false;
}
if (!"GET".Equals(request.getMethod()) &&
!"GET".Equals(request.getHeader("X-Method-Override")))
{
return false;
}
return true;
}
/**
* Generate a remote content request based on the parameters
* sent from the client.
* @throws GadgetException
*/
private sRequest buildHttpRequest(HttpRequestWrapper request)
{
Uri url = ValidateUrl(request.getParameter(URL_PARAM));
sRequest req = new sRequest(url)
.setMethod(GetParameter(request, METHOD_PARAM, "GET"))
.setPostBody(request.getRequest().ContentEncoding.GetBytes(GetParameter(request, POST_DATA_PARAM, "")))
.setContainer(getContainer(request));
String headerData = GetParameter(request, HEADERS_PARAM, "");
if (headerData.Length > 0)
{
String[] headerList = headerData.Split('&');
foreach(String header in headerList)
{
String[] parts = header.Split('=');
if (parts.Length != 2)
{
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
"Malformed header specified,");
}
req.addHeader(HttpUtility.UrlDecode(parts[0]), HttpUtility.UrlDecode(parts[1]));
}
}
//removeUnsafeHeaders(req);
req.setIgnoreCache("1".Equals(request.getParameter(NOCACHE_PARAM)));
if (request.getParameter(GADGET_PARAM) != null)
{
req.Gadget = Uri.parse(request.getParameter(GADGET_PARAM));
}
// Allow the rewriter to use an externally forced mime type. This is needed
// allows proper rewriting of <script src="x"/> where x is returned with
// a content type like text/html which unfortunately happens all too often
req.setRewriteMimeType(request.getParameter(REWRITE_MIME_TYPE_PARAM));
// Figure out whether authentication is required
AuthType auth = AuthType.Parse(GetParameter(request, AUTHZ_PARAM, null));
req.AuthType = auth;
if (auth != AuthType.NONE)
{
req.setSecurityToken(extractAndValidateToken(request.getContext()));
req.setOAuthArguments(new OAuthArguments(auth, request.getRequest()));
}
return req;
}
public RewriterResults rewrite(sRequest req, sResponse resp, MutableContent content)
{
return null;
}
protected MessageBundle fetchBundle(LocaleSpec locale, bool ignoreCache)
{
Uri url = locale.getMessages();
sRequest request = new sRequest(url).setIgnoreCache(ignoreCache);
// Since we don't allow any variance in cache time, we should just force the cache time
// globally. This ensures propagation to shared caches when this is set.
request.setCacheTtl((int)(refresh / 1000));
sResponse response = fetcher.fetch(request);
if (response.getHttpStatusCode() != (int)HttpStatusCode.OK)
{
throw new GadgetException(GadgetException.Code.FAILED_TO_RETRIEVE_CONTENT,
"Unable to retrieve message bundle xml. HTTP error " +
response.getHttpStatusCode());
}
MessageBundle bundle = new MessageBundle(locale, response.responseString);
return bundle;
}
/**
* OAuth authenticated fetch.
*/
public sResponse fetch(sRequest request)
{
realRequest = request;
clientState = new OAuthClientState(
fetcherConfig.getStateCrypter(),
request.getOAuthArguments().getOrigClientState());
responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter());
try
{
return fetchNoThrow();
}
catch (Exception e)
{
// We log here to record the request/response pairs that created the failure.
responseParams.logDetailedWarning("OAuth fetch unexpected fatal error", e);
throw e;
}
}
private void fetchRequestToken()
{
OAuthAccessor accessor = accessorInfo.getAccessor();
sRequest request = new sRequest(Uri.parse(accessor.consumer.serviceProvider.requestTokenURL));
request.setMethod(accessorInfo.getHttpMethod().ToString());
if (accessorInfo.getHttpMethod().CompareTo(AccessorInfo.HttpMethod.POST) == 0)
{
request.setContentType(OAuth.FORM_ENCODED);
}
sRequest signed = sanitizeAndSign(request, null);
OAuthMessage reply = sendOAuthMessage(signed);
accessor.requestToken = reply.getParameter(OAuth.OAUTH_TOKEN);
accessor.TokenSecret = reply.getParameter(OAuth.OAUTH_TOKEN_SECRET);
}
/**
* Creates a proxy request by fetching pipelined data and adding it to an existing request.
*
*/
private sRequest createPipelinedProxyRequest(Gadget gadget, sRequest original)
{
sRequest request = new sRequest(original);
request.setIgnoreCache(true);
GadgetSpec spec = gadget.getSpec();
GadgetContext context = gadget.getContext();
IPreloads proxyPreloads = preloader.preload(context, spec,
PreloaderService.PreloadPhase.PROXY_FETCH);
// TODO: Add current url to GadgetContext to support transitive proxying.
// POST any preloaded content
if ((proxyPreloads != null) && proxyPreloads.getData().Count != 0)
{
JsonArray array = new JsonArray();
foreach(PreloadedData preload in proxyPreloads.getData())
{
Dictionary<String, Object> dataMap = preload.toJson();
foreach(var entry in dataMap)
{
// TODO: the existing, supported content is JSONObjects that contain the
// key already. Discarding the key is odd.
array.Put(entry.Value);
}
}
String postContent = array.ToString();
// POST the preloaded content, with a method override of GET
// to enable caching
request.setMethod("POST")
.setPostBody(Encoding.UTF8.GetBytes(postContent))
.setHeader("Content-Type", "text/json;charset=utf-8");
}
return request;
}
/**
* Render the gadget into a string by performing the following steps:
*
* - Retrieve gadget specification information (GadgetSpec, MessageBundle, etc.)
*
* - Fetch any preloaded data needed to handle the request, as handled by Preloader.
*
* - Perform rewriting operations on the output content, handled by Rewriter.
*
* @param gadget The gadget for the rendering operation.
* @return The rendered gadget content
* @throws RenderingException if any issues arise that prevent rendering.
*/
public String render(Gadget gadget)
{
try
{
View view = gadget.getCurrentView();
GadgetContext context = gadget.getContext();
GadgetSpec spec = gadget.getSpec();
IPreloads preloads = preloader.preload(context, spec,
PreloaderService.PreloadPhase.HTML_RENDER);
gadget.setPreloads(preloads);
String content;
if (view.getHref() == null)
{
content = view.getContent();
}
else
{
// TODO: Add current url to GadgetContext to support transitive proxying.
UriBuilder uri = new UriBuilder(view.getHref());
uri.addQueryParameter("lang", context.getLocale().getLanguage());
uri.addQueryParameter("country", context.getLocale().getCountry());
sRequest request = new sRequest(uri.toUri())
.setIgnoreCache(context.getIgnoreCache())
.setOAuthArguments(new OAuthArguments(view))
.setAuthType(view.getAuthType())
.setSecurityToken(context.getToken())
.setContainer(context.getContainer())
.setGadget(spec.getUrl());
sResponse response = DefaultHttpCache.Instance.getResponse(request);
if (response == null || response.isStale())
{
sRequest proxyRequest = createPipelinedProxyRequest(gadget, request);
response = requestPipeline.execute(proxyRequest);
DefaultHttpCache.Instance.addResponse(request, response);
}
if (response.isError())
{
throw new RenderingException("Unable to reach remote host. HTTP status " +
response.getHttpStatusCode());
}
content = response.responseString;
}
return rewriter.rewriteGadget(gadget, content);
}
catch (GadgetException e)
{
throw new RenderingException(e.Message, e);
}
}
/**
* Sends OAuth request token and access token messages.
* @throws GadgetException
* @throws IOException
* @throws OAuthProtocolException
*/
private OAuthMessage sendOAuthMessage(sRequest request)
{
sResponse response = fetchFromServer(request);
checkForProtocolProblem(response);
OAuthMessage reply = new OAuthMessage(null, null, null);
reply.addParameters(OAuth.decodeForm(response.responseString));
reply = parseAuthHeader(reply, response);
if (OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN) == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"No oauthToken returned from service provider");
}
if (OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET) == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"No oauthToken_secret returned from service provider");
}
return reply;
}
private sRequest createHttpRequest(sRequest basereq, List<OAuth.Parameter> oauthParams)
{
AccessorInfo.OAuthParamLocation? paramLocation = accessorInfo.getParamLocation();
// paramLocation could be overriden by a run-time parameter to fetchRequest
sRequest result = new sRequest(basereq);
// If someone specifies that OAuth parameters go in the body, but then sends a request for
// data using GET, we've got a choice. We can throw some type of error, since a GET request
// can't have a body, or we can stick the parameters somewhere else, like, say, the header.
// We opt to put them in the header, since that stands some chance of working with some
// OAuth service providers.
if (paramLocation == AccessorInfo.OAuthParamLocation.POST_BODY &&
!result.getMethod().Equals("POST"))
{
paramLocation = AccessorInfo.OAuthParamLocation.AUTH_HEADER;
}
switch (paramLocation)
{
case AccessorInfo.OAuthParamLocation.AUTH_HEADER:
result.addHeader("Authorization", getAuthorizationHeader(oauthParams));
break;
case AccessorInfo.OAuthParamLocation.POST_BODY:
if (!OAuth.isFormEncoded(result.ContentType))
{
throw responseParams.oauthRequestException(OAuthError.INVALID_REQUEST,
"OAuth param location can only be post_body if post body is of " +
"type x-www-form-urlencoded");
}
String oauthData = OAuth.formEncode(oauthParams);
if (result.getPostBodyLength() == 0)
{
result.setPostBody(Encoding.UTF8.GetBytes(oauthData));
}
else
{
result.setPostBody(Encoding.UTF8.GetBytes(result.getPostBodyAsString() + '&' + oauthData));
}
break;
case AccessorInfo.OAuthParamLocation.URI_QUERY:
result.setUri(Uri.parse(OAuth.addParameters(result.getUri().ToString(), oauthParams)));
break;
}
return result;
}
private GadgetSpec FetchObjectAndCache(Uri url, bool ignoreCache)
{
sRequest request = new sRequest(url)
.setIgnoreCache(ignoreCache)
.setGadget(url);
// Since we don't allow any variance in cache time, we should just force the cache time
// globally. This ensures propagation to shared caches when this is set.
request.setCacheTtl((int)(refresh / 1000));
sResponse response = fetcher.fetch(request);
if (response.getHttpStatusCode() != (int)HttpStatusCode.OK)
{
throw new GadgetException(GadgetException.Code.FAILED_TO_RETRIEVE_CONTENT,
"Unable to retrieve gadget xml. HTTP error " +
response.getHttpStatusCode());
}
GadgetSpec spec = new GadgetSpec(url, response.responseString);
HttpRuntime.Cache.Insert(url.ToString(), spec, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromSeconds(refresh));
return spec;
}
/**
* Implements section 6.3 of the OAuth spec.
* @throws OAuthProtocolException
*/
private void exchangeRequestToken()
{
if (accessorInfo.getAccessor().accessToken != null)
{
// session extension per
// http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken;
accessorInfo.getAccessor().accessToken = null;
}
OAuthAccessor accessor = accessorInfo.getAccessor();
Uri accessTokenUri = Uri.parse(accessor.consumer.serviceProvider.accessTokenURL);
sRequest request = new sRequest(accessTokenUri);
request.setMethod(accessorInfo.getHttpMethod().ToString());
if (accessorInfo.getHttpMethod() == AccessorInfo.HttpMethod.POST)
{
request.setContentType(OAuth.FORM_ENCODED);
}
List<OAuth.Parameter> msgParams = new List<OAuth.Parameter>
{new OAuth.Parameter(OAuth.OAUTH_TOKEN, accessor.requestToken)};
if (accessorInfo.getSessionHandle() != null)
{
msgParams.Add(new OAuth.Parameter(OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle()));
}
sRequest signed = sanitizeAndSign(request, msgParams);
OAuthMessage reply = sendOAuthMessage(signed);
accessor.accessToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
accessor.TokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAUTH_SESSION_HANDLE));
accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN);
if (OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN) != null)
{
try
{
int expireSecs = int.Parse(OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN));
long expireMillis = DateTime.UtcNow.AddSeconds(expireSecs).Ticks;
accessorInfo.setTokenExpireMillis(expireMillis);
}
catch (FormatException)
{
// Hrm. Bogus server. We can safely ignore this, we'll just wait for the server to
// tell us when the access token has expired.
responseParams.logDetailedWarning("server returned bogus expiration");
}
}
// Clients may want to retrieve extra information returned with the access token. Several
// OAuth service providers (e.g. Yahoo, NetFlix) return a user id along with the access
// token, and the user id is required to use their APIs. Clients signal that they need this
// extra data by sending a fetch request for the access token URL.
//
// We don't return oauth* parameters from the response, because we know how to handle those
// ourselves and some of them (such as oauthToken_secret) aren't supposed to be sent to the
// client.
//
// Note that this data is not stored server-side. Clients need to cache these user-ids or
// other data themselves, probably in user prefs, if they expect to need the data in the
// future.
if (accessTokenUri.Equals(realRequest.getUri()))
{
accessTokenData = new Dictionary<string, string>();
foreach(var param in OAuthUtil.getParameters(reply))
{
if (!param.Key.StartsWith("oauth"))
{
accessTokenData.Add(param.Key, param.Value);
}
}
}
}
private sRequest buildHttpRequest(HttpRequestWrapper request)
{
Uri url = ValidateUrl(request.getParameter(URL_PARAM));
sRequest req = new sRequest(url);
req.Container = getContainer(request);
if (request.getParameter(GADGET_PARAM) != null)
{
req.setGadget(Uri.parse(request.getParameter(GADGET_PARAM)));
}
// Allow the rewriter to use an externally forced mime type. This is needed
// allows proper rewriting of <script src="x"/> where x is returned with
// a content type like text/html which unfortunately happens all too often
req.RewriteMimeType = request.getParameter(REWRITE_MIME_TYPE_PARAM);
req.setIgnoreCache(getIgnoreCache(request));
// If the proxy request specifies a refresh param then we want to force the min TTL for
// the retrieved entry in the cache regardless of the headers on the content when it
// is fetched from the original source.
if (request.getParameter(REFRESH_PARAM) != null)
{
int ttl = 0;
int.TryParse(request.getParameter(REFRESH_PARAM), out ttl);
req.CacheTtl = ttl;
}
return req;
}
private sResponse fetchFromServer(sRequest request)
{
sResponse response = null;
try
{
response = fetcher.fetch(request);
if (response == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"No response from server");
}
return response;
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(
OAuthError.UNKNOWN_PROBLEM, "No response from server", e);
}
finally
{
responseParams.addRequestTrace(request, response);
}
}
