예제 #1
0
        public virtual RewriterResults rewrite(sRequest request, sResponse original, MutableContent content)
        {
            ByteArrayOutputStream baos = new ByteArrayOutputStream((content.getContent().Length * 110) / 100);
            OutputStreamWriter output = new OutputStreamWriter(baos);
            String mimeType = original.getHeader("Content-Type");
            if (request.RewriteMimeType != null)
            {
                mimeType = request.RewriteMimeType;
            }
            GadgetSpec spec = null;
            if (request.Gadget != null)
            {
                spec = _specFactory.getGadgetSpec(request.Gadget.toJavaUri(), false);
            }
            if (rewrite(spec, request.getUri(),
                        content,
                        mimeType,
                        output))
            {
                content.setContent(Encoding.Default.GetString(baos.toByteArray()));
                return RewriterResults.cacheableIndefinitely();

            }

            return null;
        }
예제 #2
0
 /// <summary>
 /// Create a cache key for the specified request.
 /// </summary>
 ///
 /// <param name="request"></param>
 public HttpCacheKey(sRequest request)
 {
     data = new Dictionary<String, String>();
     Cacheable = isCacheable(request);
     
     // In theory we only cache GET, but including the method in the cache
     // key
     // provides some additional insurance that we aren't mixing cache
     // content.
     set("method", request.getMethod());
     set("url", request.getUri().ToString());
     // TODO: We can go ahead and add authentication info here as well.
 }
예제 #3
0
        /// <summary>
        /// Create a cache key for the specified request.
        /// </summary>
        ///
        /// <param name="request"></param>
        public HttpCacheKey(sRequest request)
        {
            data      = new Dictionary <String, String>();
            Cacheable = isCacheable(request);

            // In theory we only cache GET, but including the method in the cache
            // key
            // provides some additional insurance that we aren't mixing cache
            // content.
            set("method", request.getMethod());
            set("url", request.getUri().ToString());
            // TODO: We can go ahead and add authentication info here as well.
        }
예제 #4
0
        /**
         * Produce a key from the given request.
         *
         * Relevant pieces of the cache key:
         *
         * - request URI
         * - authentication type
         * - owner id
         * - viewer id
         * - owner of the token
         * - gadget url (from security token; we don't trust what's on the URI itself)
         * - instance id
         * - oauth service name
         * - oauth token name
         *
         * Except for the first two, all of these may be "0" depending on authentication rules. See
         * individual methods for details.
         */
        protected String createKey(sRequest request)
        {
            String        uri = request.getUri().ToString();
            StringBuilder key = new StringBuilder(uri.Length * 2);

            key.Append(request.getUri());
            key.Append(KEY_SEPARATOR);
            key.Append(request.AuthType);
            key.Append(KEY_SEPARATOR);
            key.Append(getOwnerId(request));
            key.Append(KEY_SEPARATOR);
            key.Append(getViewerId(request));
            key.Append(KEY_SEPARATOR);
            key.Append(getTokenOwner(request));
            key.Append(KEY_SEPARATOR);
            key.Append(getAppUrl(request));
            key.Append(KEY_SEPARATOR);
            key.Append(getInstanceId(request));
            key.Append(KEY_SEPARATOR);
            key.Append(getServiceName(request));
            key.Append(KEY_SEPARATOR);
            key.Append(getTokenName(request));
            return(key.ToString());
        }
예제 #5
0
 /**
  * Produce a key from the given request.
  *
  * Relevant pieces of the cache key:
  *
  * - request URI
  * - authentication type
  * - owner id
  * - viewer id
  * - owner of the token
  * - gadget url (from security token; we don't trust what's on the URI itself)
  * - instance id
  * - oauth service name
  * - oauth token name
  *
  * Except for the first two, all of these may be "0" depending on authentication rules. See
  * individual methods for details.
  */
 protected String createKey(sRequest request)
 {
     String uri = request.getUri().ToString();
     StringBuilder key = new StringBuilder(uri.Length * 2);
     key.Append(request.getUri());
     key.Append(KEY_SEPARATOR);
     key.Append(request.AuthType);
     key.Append(KEY_SEPARATOR);
     key.Append(getOwnerId(request));
     key.Append(KEY_SEPARATOR);
     key.Append(getViewerId(request));
     key.Append(KEY_SEPARATOR);
     key.Append(getTokenOwner(request));
     key.Append(KEY_SEPARATOR);
     key.Append(getAppUrl(request));
     key.Append(KEY_SEPARATOR);
     key.Append(getInstanceId(request));
     key.Append(KEY_SEPARATOR);
     key.Append(getServiceName(request));
     key.Append(KEY_SEPARATOR);
     key.Append(getTokenName(request));
     return key.ToString();
 }
예제 #6
0
        private sRequest createHttpRequest(sRequest basereq, List<OAuth.Parameter> oauthParams)
        {
            AccessorInfo.OAuthParamLocation? paramLocation = accessorInfo.getParamLocation();

            // paramLocation could be overriden by a run-time parameter to fetchRequest

            sRequest result = new sRequest(basereq);

            // If someone specifies that OAuth parameters go in the body, but then sends a request for
            // data using GET, we've got a choice.  We can throw some type of error, since a GET request
            // can't have a body, or we can stick the parameters somewhere else, like, say, the header.
            // We opt to put them in the header, since that stands some chance of working with some
            // OAuth service providers.
            if (paramLocation == AccessorInfo.OAuthParamLocation.POST_BODY &&
                !result.getMethod().Equals("POST"))
            {
                paramLocation = AccessorInfo.OAuthParamLocation.AUTH_HEADER;
            }

            switch (paramLocation)
            {
                case AccessorInfo.OAuthParamLocation.AUTH_HEADER:
                    result.addHeader("Authorization", getAuthorizationHeader(oauthParams));
                    break;

                case AccessorInfo.OAuthParamLocation.POST_BODY:
                    if (!OAuth.isFormEncoded(result.ContentType))
                    {
                        throw responseParams.oauthRequestException(OAuthError.INVALID_REQUEST,
                            "OAuth param location can only be post_body if post body is of " +
                            "type x-www-form-urlencoded");
                    }
                    String oauthData = OAuth.formEncode(oauthParams);
                    if (result.getPostBodyLength() == 0)
                    {
                        result.setPostBody(Encoding.UTF8.GetBytes(oauthData));
                    }
                    else
                    {
                        result.setPostBody(Encoding.UTF8.GetBytes(result.getPostBodyAsString() + '&' + oauthData));
                    }
                    break;

                case AccessorInfo.OAuthParamLocation.URI_QUERY:
                    result.setUri(Uri.parse(OAuth.addParameters(result.getUri().ToString(), oauthParams)));
                    break;
            }
            return result;
        }
예제 #7
0
        /*
        Start with an HttpRequest.
        Throw if there are any attacks in the query.
        Throw if there are any attacks in the post body.
        Build up OAuth parameter list
        Sign it.
        Add OAuth parameters to new request
        Send it.
        */
        public sRequest sanitizeAndSign(sRequest basereq, List<OAuth.Parameter> parameters)
        {
            if (parameters == null)
            {
                parameters = new List<OAuth.Parameter>();
            }
            UriBuilder target = new UriBuilder(basereq.getUri());
            String query = target.getQuery();
            target.setQuery(null);
            parameters.AddRange(sanitize(OAuth.decodeForm(query)));
            if (OAuth.isFormEncoded(basereq.ContentType))
            {
                parameters.AddRange(sanitize(OAuth.decodeForm(basereq.getPostBodyAsString())));
            }

            addIdentityParams(parameters);

            addSignatureParams(parameters);

            try
            {
                OAuthMessage signed = accessorInfo.getAccessor().newRequestMessage(
                    basereq.getMethod(), target.ToString(), parameters);
                sRequest oauthHttpRequest = createHttpRequest(basereq, selectOAuthParams(signed));
                // Following 302s on OAuth responses is unlikely to be productive.
                oauthHttpRequest.FollowRedirects = false;
                return oauthHttpRequest;
            }
            catch (Exception e)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                            "Error signing message", e);
            }
        }