protected static void SetResponseHeaders(HttpRequestWrapper request, HttpResponse response, sResponse results)
{
int refreshInterval;
if (results.isStrictNoCache())
{
refreshInterval = 0;
}
else if (request.getParameter(REFRESH_PARAM) != null)
{
int.TryParse(request.getParameter(REFRESH_PARAM), out refreshInterval);
}
else
{
refreshInterval = Math.Max(60 * 60, (int)(results.getCacheTtl() / 1000L));
}
HttpUtil.SetCachingHeaders(response, refreshInterval);
// We're skipping the content disposition header for flash due to an issue with Flash player 10
// This does make some sites a higher value phishing target, but this can be mitigated by
// additional referer checks.
if (!results.getHeader("Content-Type").ToLower().Equals("application/x-shockwave-flash"))
{
response.AddHeader("Content-Disposition", "attachment;filename=p.txt");
}
}
private String processFeed(String url, HttpRequestWrapper req, String xml)
{
bool getSummaries = Boolean.Parse(GetParameter(req, GET_SUMMARIES_PARAM, "false"));
int numEntries = int.Parse(GetParameter(req, NUM_ENTRIES_PARAM, DEFAULT_NUM_ENTRIES));
return(new FeedProcessor().process(url, xml, getSummaries, numEntries).ToString());
}
protected String getContainer(HttpRequestWrapper request)
{
String container = GetParameter(request, CONTAINER_PARAM, null) ??
GetParameter(request, SYND_PARAM, ContainerConfig.DEFAULT_CONTAINER);
return(container);
}
/**
* Format a response as JSON, including additional JSON inserted by
* chained content fetchers.
*/
private String convertResponseToJson(ISecurityToken authToken, HttpRequestWrapper request, sResponse results)
{
try
{
String originalUrl = request.getParameter(URL_PARAM);
String body = results.responseString;
if ("FEED".Equals(request.getParameter(CONTENT_TYPE_PARAM)))
{
body = processFeed(originalUrl, request, body);
}
JsonObject resp = FetchResponseUtils.getResponseAsJson(results, body);
if (authToken != null)
{
String updatedAuthToken = authToken.getUpdatedToken();
if (updatedAuthToken != null)
{
resp.Put("st", updatedAuthToken);
}
}
// Use raw param as key as URL may have to be decoded
return(new JsonObject().Put(originalUrl, resp).ToString());
}
catch (JsonException)
{
return("");
}
}
private bool getIgnoreCache(HttpRequestWrapper request)
{
String ignoreCache = request.getParameter(IGNORE_CACHE_PARAM);
if (ignoreCache == null)
{
return false;
}
return !ignoreCache.Equals("0");
}
public override void Fetch(HttpRequestWrapper request, HttpResponseWrapper response)
{
if (request.getHeaders("If-Modified-Since") != null)
{
if (!request.isConcat)
response.setStatus((int)HttpStatusCode.NotModified);
return;
}
String host = request.getHeaders("Host");
if (!lockedDomainService.isSafeForOpenProxy(host))
{
// Force embedded images and the like to their own domain to avoid XSS
// in gadget domains.
return;
}
sRequest rcr = buildHttpRequest(request);
sResponse results = fetcher.fetch(rcr);
if (contentRewriterRegistry != null)
{
results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
}
if (!request.isConcat)
{
SetResponseHeaders(request, response.getResponse(), results);
for (int i = 0; i < results.getHeaders().Count; i++)
{
String name = results.getHeaders().GetKey(i);
if (!DISALLOWED_RESPONSE_HEADERS.Contains(name.ToLower()))
{
foreach (String value in results.getHeaders().GetValues(i))
{
response.AddHeader(name, value);
}
}
}
}
if (request.getParameter("rewriteMime") != null)
{
response.setContentType(request.getParameter("rewriteMime"));
}
if (results.getHttpStatusCode() != (int)HttpStatusCode.OK)
{
response.setStatus((int)results.getHttpStatusCode());
}
else
{
response.setStatus((int)HttpStatusCode.OK);
}
response.Write(results.responseBytes);
}
/**
* Generate a remote content request based on the parameters
* sent from the client.
* @throws GadgetException
*/
private sRequest buildHttpRequest(HttpRequestWrapper request)
{
Uri url = ValidateUrl(request.getParameter(URL_PARAM));
sRequest req = new sRequest(url)
.setMethod(GetParameter(request, METHOD_PARAM, "GET"))
.setPostBody(request.getRequest().ContentEncoding.GetBytes(GetParameter(request, POST_DATA_PARAM, "")))
.setContainer(getContainer(request));
String headerData = GetParameter(request, HEADERS_PARAM, "");
if (headerData.Length > 0)
{
String[] headerList = headerData.Split('&');
foreach (String header in headerList)
{
String[] parts = header.Split('=');
if (parts.Length != 2)
{
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
"Malformed header specified,");
}
req.addHeader(HttpUtility.UrlDecode(parts[0]), HttpUtility.UrlDecode(parts[1]));
}
}
//removeUnsafeHeaders(req);
req.setIgnoreCache("1".Equals(request.getParameter(NOCACHE_PARAM)));
if (request.getParameter(GADGET_PARAM) != null)
{
req.Gadget = Uri.parse(request.getParameter(GADGET_PARAM));
}
// Allow the rewriter to use an externally forced mime type. This is needed
// allows proper rewriting of <script src="x"/> where x is returned with
// a content type like text/html which unfortunately happens all too often
req.setRewriteMimeType(request.getParameter(REWRITE_MIME_TYPE_PARAM));
// Figure out whether authentication is required
AuthType auth = AuthType.Parse(GetParameter(request, AUTHZ_PARAM, null));
req.AuthType = auth;
if (auth != AuthType.NONE)
{
req.setSecurityToken(extractAndValidateToken(request.getContext()));
req.setOAuthArguments(new OAuthArguments(auth, request.getRequest()));
}
return(req);
}
public override void Fetch(HttpRequestWrapper request, HttpResponseWrapper response)
{
sRequest rcr = buildHttpRequest(request);
// Serialize the response
sResponse results = requestPipeline.execute(rcr);
// Rewrite the response
if (contentRewriterRegistry != null)
{
results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
}
// Serialize the response
String output = convertResponseToJson(rcr.getSecurityToken(), request, results);
// Find and set the refresh interval
SetResponseHeaders(request, response.getResponse(), results);
response.setStatus((int)HttpStatusCode.OK);
response.setContentType("application/json");
response.getResponse().ContentEncoding = Encoding.UTF8;
response.Write(Encoding.UTF8.GetBytes(UNPARSEABLE_CRUFT + output));
}
protected static void SetResponseHeaders(HttpRequestWrapper request, HttpResponse response, sResponse results)
{
int refreshInterval;
if (results.isStrictNoCache())
{
refreshInterval = 0;
}
else if (request.getParameter(REFRESH_PARAM) != null)
{
int.TryParse(request.getParameter(REFRESH_PARAM), out refreshInterval);
}
else
{
refreshInterval = Math.Max(60 * 60, (int)(results.getCacheTtl() / 1000L));
}
HttpUtil.SetCachingHeaders(response, refreshInterval);
// We're skipping the content disposition header for flash due to an issue with Flash player 10
// This does make some sites a higher value phishing target, but this can be mitigated by
// additional referer checks.
if (!results.getHeader("Content-Type").ToLower().Equals("application/x-shockwave-flash"))
{
response.AddHeader("Content-Disposition", "attachment;filename=p.txt");
}
}
public override void Fetch(HttpRequestWrapper request, HttpResponseWrapper response)
{
sRequest rcr = buildHttpRequest(request);
// Serialize the response
sResponse results = requestPipeline.execute(rcr);
// Rewrite the response
if (contentRewriterRegistry != null)
{
results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
}
// Serialize the response
String output = convertResponseToJson(rcr.getSecurityToken(), request, results);
// Find and set the refresh interval
SetResponseHeaders(request, response.getResponse(), results);
response.setStatus((int)HttpStatusCode.OK);
response.setContentType("application/json");
response.getResponse().ContentEncoding = Encoding.UTF8;
response.Write(Encoding.UTF8.GetBytes(UNPARSEABLE_CRUFT + output));
}
private String processFeed(String url, HttpRequestWrapper req, String xml)
{
bool getSummaries = Boolean.Parse(GetParameter(req, GET_SUMMARIES_PARAM, "false"));
int numEntries = int.Parse(GetParameter(req, NUM_ENTRIES_PARAM, DEFAULT_NUM_ENTRIES));
return new FeedProcessor().process(url, xml, getSummaries, numEntries).ToString();
}
private sRequest buildHttpRequest(HttpRequestWrapper request)
{
Uri url = ValidateUrl(request.getParameter(URL_PARAM));
sRequest req = new sRequest(url);
req.Container = getContainer(request);
if (request.getParameter(GADGET_PARAM) != null)
{
req.setGadget(Uri.parse(request.getParameter(GADGET_PARAM)));
}
// Allow the rewriter to use an externally forced mime type. This is needed
// allows proper rewriting of <script src="x"/> where x is returned with
// a content type like text/html which unfortunately happens all too often
req.RewriteMimeType = request.getParameter(REWRITE_MIME_TYPE_PARAM);
req.setIgnoreCache(getIgnoreCache(request));
// If the proxy request specifies a refresh param then we want to force the min TTL for
// the retrieved entry in the cache regardless of the headers on the content when it
// is fetched from the original source.
if (request.getParameter(REFRESH_PARAM) != null)
{
int ttl = 0;
int.TryParse(request.getParameter(REFRESH_PARAM), out ttl);
req.CacheTtl = ttl;
}
return req;
}
protected static String GetParameter(HttpRequestWrapper request, String name, String defaultValue)
{
String ret = request.getParameter(name);
return ret ?? defaultValue;
}
protected String getContainer(HttpRequestWrapper request)
{
String container = GetParameter(request, CONTAINER_PARAM, null) ??
GetParameter(request, SYND_PARAM, ContainerConfig.DEFAULT_CONTAINER);
return container;
}
/**
* Processes the given request.
*/
abstract public void Fetch(HttpRequestWrapper request, HttpResponseWrapper response);
/**
* Generate a remote content request based on the parameters
* sent from the client.
* @throws GadgetException
*/
private sRequest buildHttpRequest(HttpRequestWrapper request)
{
Uri url = ValidateUrl(request.getParameter(URL_PARAM));
sRequest req = new sRequest(url)
.setMethod(GetParameter(request, METHOD_PARAM, "GET"))
.setPostBody(request.getRequest().ContentEncoding.GetBytes(GetParameter(request, POST_DATA_PARAM, "")))
.setContainer(getContainer(request));
String headerData = GetParameter(request, HEADERS_PARAM, "");
if (headerData.Length > 0)
{
String[] headerList = headerData.Split('&');
foreach(String header in headerList)
{
String[] parts = header.Split('=');
if (parts.Length != 2)
{
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
"Malformed header specified,");
}
req.addHeader(HttpUtility.UrlDecode(parts[0]), HttpUtility.UrlDecode(parts[1]));
}
}
//removeUnsafeHeaders(req);
req.setIgnoreCache("1".Equals(request.getParameter(NOCACHE_PARAM)));
if (request.getParameter(GADGET_PARAM) != null)
{
req.Gadget = Uri.parse(request.getParameter(GADGET_PARAM));
}
// Allow the rewriter to use an externally forced mime type. This is needed
// allows proper rewriting of <script src="x"/> where x is returned with
// a content type like text/html which unfortunately happens all too often
req.setRewriteMimeType(request.getParameter(REWRITE_MIME_TYPE_PARAM));
// Figure out whether authentication is required
AuthType auth = AuthType.Parse(GetParameter(request, AUTHZ_PARAM, null));
req.AuthType = auth;
if (auth != AuthType.NONE)
{
req.setSecurityToken(extractAndValidateToken(request.getContext()));
req.setOAuthArguments(new OAuthArguments(auth, request.getRequest()));
}
return req;
}
/**
* Format a response as JSON, including additional JSON inserted by
* chained content fetchers.
*/
private String convertResponseToJson(ISecurityToken authToken, HttpRequestWrapper request, sResponse results)
{
try
{
String originalUrl = request.getParameter(URL_PARAM);
String body = results.responseString;
if ("FEED".Equals(request.getParameter(CONTENT_TYPE_PARAM)))
{
body = processFeed(originalUrl, request, body);
}
JsonObject resp = FetchResponseUtils.getResponseAsJson(results, body);
if (authToken != null)
{
String updatedAuthToken = authToken.getUpdatedToken();
if (updatedAuthToken != null)
{
resp.Put("st", updatedAuthToken);
}
}
// Use raw param as key as URL may have to be decoded
return new JsonObject().Put(originalUrl, resp).ToString();
}
catch (JsonException)
{
return "";
}
}
/** * Processes the given request. */ abstract public void Fetch(HttpRequestWrapper request, HttpResponseWrapper response);
protected static String GetParameter(HttpRequestWrapper request, String name, String defaultValue)
{
String ret = request.getParameter(name);
return(ret ?? defaultValue);
}
