public void ProcessRequest(HttpContext context)
{
try
{
IResult r_object = ObjectBuilder.CreateFrom(WebShellConfig.GetCommandType("dispatcher"));
if (r_object.Success)
{
if (System.Text.RegularExpressions.Regex.IsMatch(context.Request.Url.AbsolutePath, "\\w*\\.\\w+$"))
{
//TODO: normalize forbidden extensions => low
string strForbiddenExt = ".exe.dll.cs.config.log";
string strFilePath = context.Server.MapPath(context.Request.Url.AbsolutePath);
string strExt = System.IO.Path.GetExtension(strFilePath);
if (!strForbiddenExt.Contains(strExt))
{
//context.Response.Clear();
context.Response.ContentType = "text/" + strExt.Replace(".", "");
context.Response.TransmitFile(context.Server.MapPath(context.Request.Url.AbsolutePath));
//context.Response.Flush();
}
}
else
{
ICommand command = (ICommand)r_object.Data;
string strVirPath = context.Request.ApplicationPath;
string strCommand = context.Request.Url.AbsolutePath.ToLower();
if (strCommand.StartsWith(strVirPath.ToLower()))
{
strCommand = strCommand.Remove(0, strVirPath.Length);
}
if (strCommand.StartsWith("/"))
{
strCommand = strCommand.Remove(0, 1);
}
if (strCommand == string.Empty)
{
strCommand = "home";
}
IResult result = command.Execute(strCommand);
if (result.Success == true)
{
context.Response.Write(result.Data);
}
else
{
//TODO: if result not succeeded so appropriate action should be taken => High Priority
context.Response.Write("Command Result is not trusted.");
}
}
}
else
{
//TODO: manage response to be more meaningful
context.Response.Write("Resource not found.");
}
}
catch (Exception ex)
{
//TODO: Redirect to Error Page -> High
context.Response.Write("Website error");
WebShell.Utilities.Log.Write(this.ToString(), "handler error", ex.StackTrace);
throw ex;
}
}
/// <summary>
/// dispatcher will fire corresponding command according to the incoming URL
/// </summary>
/// <param name="command">request command by URL</param>
/// <returns></returns>
public IResult Execute(string command)
{
string strCommand = GetCommand(command);
ICommand iCommand = null;
Result comResult = new Result();
comResult.Success = false;
IResult oResult = ObjectBuilder.CreateFrom(WebShellConfig.GetCommandType(strCommand));
if (oResult.Success)
{
iCommand = oResult.Data as ICommand;
bool isValidUser = false;
object[] oArr = iCommand.GetType().GetCustomAttributes(typeof(LoginRequired), true);
LoginRequired loginRequired = null;
if (oArr.Length > 0)
{
loginRequired = oArr[0] as LoginRequired;
if (loginRequired.Active == true)
{
ISecurity iSecurity = ObjectBuilder.CreateFrom(WebShellConfig.GetCommandType("security")).Data as ISecurity;
isValidUser = iSecurity.IsValidUser();
}
else
{
isValidUser = true;
}
}
else
{
isValidUser = true;
}
if (isValidUser)
{
command = command.Remove(0, strCommand.Length);
if (command.StartsWith("/"))
{
command = command.Remove(0, 1);
}
comResult = iCommand.Execute(command) as Result;
}
else if (!isValidUser && loginRequired != null)
{
string message = "try to access \"login required\" form \r\n command url:" + HttpContext.Current.Request.RawUrl;
WebShell.Utilities.Log.Write(this.ToString(), "not authorized user", message);
if (loginRequired.RedirectTo != null)
{
HttpContext.Current.Response.Redirect(AppData.GetBaseUrl() + "security/login/?r=" + loginRequired.RedirectTo);
}
else
{
HttpContext.Current.Response.Redirect(AppData.GetBaseUrl() + "security/login/?r=" + command);
}
}
else
{
//may be not reachable
comResult.Data = "You are not authorized user";
WebShell.Utilities.Log.Write(this.ToString(), "not autorized user", "command url:" + HttpContext.Current.Request.RawUrl);
}
}
return(comResult);
}