Exemplo n.º 1
0
        /// <summary>
        /// If there is a stream handler registered that can handle the
        /// request, then fine. If the request is not matched, do
        /// nothing.
        /// Note: The selection is case-insensitive
        /// </summary>

        private bool FindStreamHandler(OSHttpRequest request, OSHttpResponse response)
        {
            RequestData rdata = new RequestData(request, response, String.Empty);

            string bestMatch = String.Empty;
            string path      = String.Format("{0}:{1}", rdata.method, rdata.path).ToLower();

            Rest.Log.DebugFormat("{0} Checking for stream handler for <{1}>", MsgId, path);

            if (!IsEnabled)
            {
                return false;
            }

            foreach (string pattern in streamHandlers.Keys)
            {
                if (path.StartsWith(pattern))
                {
                    if (pattern.Length > bestMatch.Length)
                    {
                        bestMatch = pattern;
                    }
                }
            }

            // Handle using the best match available

            if (bestMatch.Length > 0)
            {
                Rest.Log.DebugFormat("{0} Stream-based handler matched with <{1}>", MsgId, bestMatch);
                RestStreamHandler handler = streamHandlers[bestMatch];
                rdata.buffer = handler.Handle(rdata.path, rdata.request.InputStream, rdata.request, rdata.response);
                rdata.AddHeader(rdata.response.ContentType,handler.ContentType);
                rdata.Respond("FindStreamHandler Completion");
            }

            return rdata.handled;
        }
Exemplo n.º 2
0
        // Inventory Handler

        private void DoTests(RequestData rdata)
        {
            if (!enabled)
                return;

            // Now that we know this is a serious attempt to 
            // access inventory data, we should find out who
            // is asking, and make sure they are authorized
            // to do so. We need to validate the caller's
            // identity before revealing anything about the
            // status quo. Authenticate throws an exception
            // via Fail if no identity information is present.
            //
            // With the present HTTP server we can't use the
            // builtin authentication mechanisms because they
            // would be enforced for all in-bound requests.
            // Instead we look at the headers ourselves and 
            // handle authentication directly.
 
            try
            {
                if (!rdata.IsAuthenticated)
                {
                    rdata.Fail(Rest.HttpStatusCodeNotAuthorized, 
                          String.Format("user \"{0}\" could not be authenticated", rdata.userName));
                }
            }
            catch (RestException e)
            {
                if (e.statusCode == Rest.HttpStatusCodeNotAuthorized)
                {
                    Rest.Log.WarnFormat("{0} User not authenticated", MsgId);
                    Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization"));
                }
                else
                {
                    Rest.Log.ErrorFormat("{0} User authentication failed", MsgId);
                    Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization"));
                }
                throw (e);
            }

            // Check that a test was specified

            if (rdata.Parameters.Length < 1)
            {
                Rest.Log.DebugFormat("{0} Insufficient parameters", MsgId);
                rdata.Fail(Rest.HttpStatusCodeBadRequest, "not enough parameters");
            }

            // Select the test

            foreach (ITest test in tests)
            {
                if (!rdata.handled)
                    test.Execute(rdata);
            }
        }