/*
* Start with an HttpRequest.
* Throw if there are any attacks in the query.
* Throw if there are any attacks in the post body.
* Build up OAuth parameter list
* Sign it.
* Add OAuth parameters to new request
* Send it.
*/
public sRequest sanitizeAndSign(sRequest basereq, List <OAuth.Parameter> parameters)
{
if (parameters == null)
{
parameters = new List <OAuth.Parameter>();
}
UriBuilder target = new UriBuilder(basereq.getUri());
String query = target.getQuery();
target.setQuery(null);
parameters.AddRange(sanitize(OAuth.decodeForm(query)));
if (OAuth.isFormEncoded(basereq.ContentType))
{
parameters.AddRange(sanitize(OAuth.decodeForm(basereq.getPostBodyAsString())));
}
addIdentityParams(parameters);
addSignatureParams(parameters);
try
{
OAuthMessage signed = accessorInfo.getAccessor().newRequestMessage(
basereq.getMethod(), target.ToString(), parameters);
sRequest oauthHttpRequest = createHttpRequest(basereq, selectOAuthParams(signed));
// Following 302s on OAuth responses is unlikely to be productive.
oauthHttpRequest.FollowRedirects = false;
return(oauthHttpRequest);
}
catch (Exception e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Error signing message", e);
}
}
protected static Uri ValidateUrl(String urlToValidate)
{
if (urlToValidate == null)
{
throw new Exception("url parameter is missing.");
}
try
{
UriBuilder url = UriBuilder.parse(urlToValidate);
if (!"http".Equals(url.getScheme()) && !"https".Equals(url.getScheme()))
{
throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
"Invalid request url scheme in url: " + HttpUtility.UrlEncode(urlToValidate) +
"; only \"http\" and \"https\" supported.");
}
if (string.IsNullOrEmpty(url.getPath()))
{
url.setPath("/");
}
return(url.toUri());
}
catch
{
throw new Exception("url parameter is not a valid url.");
}
}
/**
* Render the gadget into a string by performing the following steps:
*
* - Retrieve gadget specification information (GadgetSpec, MessageBundle, etc.)
*
* - Fetch any preloaded data needed to handle the request, as handled by Preloader.
*
* - Perform rewriting operations on the output content, handled by Rewriter.
*
* @param gadget The gadget for the rendering operation.
* @return The rendered gadget content
* @throws RenderingException if any issues arise that prevent rendering.
*/
public String render(Gadget gadget)
{
try
{
View view = gadget.getCurrentView();
GadgetContext context = gadget.getContext();
GadgetSpec spec = gadget.getSpec();
IPreloads preloads = preloader.preload(context, spec,
PreloaderService.PreloadPhase.HTML_RENDER);
gadget.setPreloads(preloads);
String content;
if (view.getHref() == null)
{
content = view.getContent();
}
else
{
// TODO: Add current url to GadgetContext to support transitive proxying.
UriBuilder uri = new UriBuilder(view.getHref());
uri.addQueryParameter("lang", context.getLocale().getLanguage());
uri.addQueryParameter("country", context.getLocale().getCountry());
sRequest request = new sRequest(uri.toUri())
.setIgnoreCache(context.getIgnoreCache())
.setOAuthArguments(new OAuthArguments(view))
.setAuthType(view.getAuthType())
.setSecurityToken(context.getToken())
.setContainer(context.getContainer())
.setGadget(spec.getUrl());
sResponse response = DefaultHttpCache.Instance.getResponse(request);
if (response == null || response.isStale())
{
sRequest proxyRequest = createPipelinedProxyRequest(gadget, request);
response = requestPipeline.execute(proxyRequest);
DefaultHttpCache.Instance.addResponse(request, response);
}
if (response.isError())
{
throw new RenderingException("Unable to reach remote host. HTTP status " +
response.getHttpStatusCode());
}
content = response.responseString;
}
return rewriter.rewriteGadget(gadget, content);
}
catch (GadgetException e)
{
throw new RenderingException(e.Message, e);
}
}
/**
* Render the gadget into a string by performing the following steps:
*
* - Retrieve gadget specification information (GadgetSpec, MessageBundle, etc.)
*
* - Fetch any preloaded data needed to handle the request, as handled by Preloader.
*
* - Perform rewriting operations on the output content, handled by Rewriter.
*
* @param gadget The gadget for the rendering operation.
* @return The rendered gadget content
* @throws RenderingException if any issues arise that prevent rendering.
*/
public String render(Gadget gadget)
{
try
{
View view = gadget.getCurrentView();
GadgetContext context = gadget.getContext();
GadgetSpec spec = gadget.getSpec();
IPreloads preloads = preloader.preload(context, spec,
PreloaderService.PreloadPhase.HTML_RENDER);
gadget.setPreloads(preloads);
String content;
if (view.getHref() == null)
{
content = view.getContent();
}
else
{
// TODO: Add current url to GadgetContext to support transitive proxying.
UriBuilder uri = new UriBuilder(view.getHref());
uri.addQueryParameter("lang", context.getLocale().getLanguage());
uri.addQueryParameter("country", context.getLocale().getCountry());
sRequest request = new sRequest(uri.toUri())
.setIgnoreCache(context.getIgnoreCache())
.setOAuthArguments(new OAuthArguments(view))
.setAuthType(view.getAuthType())
.setSecurityToken(context.getToken())
.setContainer(context.getContainer())
.setGadget(spec.getUrl());
sResponse response = DefaultHttpCache.Instance.getResponse(request);
if (response == null || response.isStale())
{
sRequest proxyRequest = createPipelinedProxyRequest(gadget, request);
response = requestPipeline.execute(proxyRequest);
DefaultHttpCache.Instance.addResponse(request, response);
}
if (response.isError())
{
throw new RenderingException("Unable to reach remote host. HTTP status " +
response.getHttpStatusCode());
}
content = response.responseString;
}
return(rewriter.rewriteGadget(gadget, content));
}
catch (GadgetException e)
{
throw new RenderingException(e.Message, e);
}
}
/*
Start with an HttpRequest.
Throw if there are any attacks in the query.
Throw if there are any attacks in the post body.
Build up OAuth parameter list
Sign it.
Add OAuth parameters to new request
Send it.
*/
public sRequest sanitizeAndSign(sRequest basereq, List<OAuth.Parameter> parameters)
{
if (parameters == null)
{
parameters = new List<OAuth.Parameter>();
}
UriBuilder target = new UriBuilder(basereq.getUri());
String query = target.getQuery();
target.setQuery(null);
parameters.AddRange(sanitize(OAuth.decodeForm(query)));
if (OAuth.isFormEncoded(basereq.ContentType))
{
parameters.AddRange(sanitize(OAuth.decodeForm(basereq.getPostBodyAsString())));
}
addIdentityParams(parameters);
addSignatureParams(parameters);
try
{
OAuthMessage signed = accessorInfo.getAccessor().newRequestMessage(
basereq.getMethod(), target.ToString(), parameters);
sRequest oauthHttpRequest = createHttpRequest(basereq, selectOAuthParams(signed));
// Following 302s on OAuth responses is unlikely to be productive.
oauthHttpRequest.FollowRedirects = false;
return oauthHttpRequest;
}
catch (Exception e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Error signing message", e);
}
}
