public ApiRequest(ApiServletContext requestServletContext, SchemaFactory schemaFactory) { super(); this.apiServletContext = requestServletContext; this.locale = requestServletContext == null ? null : requestServletContext.getRequest().getLocale(); this.schemaFactory = schemaFactory; }
public InputStream getInputStream() throws IOException { if (apiServletContext == null) { return null; } return apiServletContext.getRequest().getInputStream(); }
@Override public Account getAccount(ApiRequest request) { if (SecurityConstants.SECURITY.get()) { return null; } String authHeader = StringUtils.trim(request.getServletContext().getRequest().getHeader(ENFORCE_AUTH_HEADER)); if (StringUtils.equals("true", authHeader)) { return null; } return authDao.getAdminAccount(); }
public static String[] getUsernamePassword(ApiRequest request) { return getUsernamePassword(request.getServletContext().getRequest().getHeader(AUTH_HEADER)); }
@Override public boolean challenge(ApiRequest request) { if ("upgrade".equalsIgnoreCase(request.getServletContext().getRequest().getHeader(CONNECTION))) { return false; } if ("true".equalsIgnoreCase(request.getServletContext().getRequest().getHeader(NO_CHALLENGE_HEADER))) { return false; } HttpServletResponse response = request.getServletContext().getResponse(); String realm = REALM.get(); if (realm == null) { response.setHeader(CHALLENGE_HEADER, BASIC); } else { response.setHeader(CHALLENGE_HEADER, String.format(BASIC_REALM, realm)); } return true; }
@Override public boolean parse(ApiRequest apiRequest) throws IOException { HttpServletRequest request = apiRequest.getServletContext().getRequest(); String path = request.getServletPath(); String[] parts = path.split("/"); if (parts.length > 4 && "projects".equalsIgnoreCase(parts[2]) && !"projectMembers".equalsIgnoreCase(parts[4])) { String projectId = parts[3]; apiRequest.setSubContext(String.format("/%s/%s", parts[2], projectId)); String[] newPath = ArrayUtils.addAll(new String[]{"", parts[1]}, ArrayUtils.subarray(parts, 4, Integer.MAX_VALUE)); String servletPath = StringUtils.join(newPath, "/"); request = new ProjectHttpServletRequest(request, projectId, servletPath); apiRequest.getServletContext().setRequest(request); } return super.parse(apiRequest); }
protected String getStringHeader(ApiRequest request, Object response) { String result = header; URL schemaUrl = ApiContext.getUrlBuilder().resourceCollection(Schema.class); if (schemaUrl == null) { result = result.replace("%SCHEMAS%", ""); } else { result = result.replace("%SCHEMAS%", schemaUrl.toExternalForm()); } if ("true".equals(SettingsUtil.getSetting(settings, "api.dev", ""))) { Cookie[] cookies = request.getServletContext().getRequest().getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if ("js.url".equals(cookie.getName()) && !StringUtils.isEmpty(cookie.getValue())) { result = result.replace("%JS%", cookie.getValue()); } if ("css.url".equals(cookie.getName()) && !StringUtils.isEmpty(cookie.getValue())) { result = result.replace("%CSS%", cookie.getValue()); } } } } result = result.replace("%JS%", SettingsUtil.getSetting(settings, "api.js.url", getJsUrl())); result = result.replace("%CSS%", SettingsUtil.getSetting(settings, "api.css.url", getCssUrl())); String user = getUser(request, response); if (user == null) { user = ""; } result = result.replace("%USER%", user); return result; }
@Override public void handle(ApiRequest request) throws IOException { HttpServletRequest httpRequest = request.getServletContext().getRequest(); HttpServletResponse response = request.getServletContext().getResponse();
Cookie[] cookies = request.getServletContext().getRequest().getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { jwt = request.getServletContext().getRequest().getHeader(ProjectConstants.AUTH_HEADER); jwt = request.getServletContext().getRequest().getParameter(TOKEN);
@Override public Account getAccount(ApiRequest request) { String[] auth = getUsernamePassword(request.getServletContext().getRequest().getHeader(AUTH_HEADER)); if (auth == null) { return null; } Account account = authDao.getAccountByKeys(auth[0], auth[1], ApiContext.getContext().getTransformationService()); if (account != null) { return switchAccount(account, request); } else if (auth[0].toLowerCase().startsWith(ProjectConstants.OAUTH_BASIC.toLowerCase()) && SecurityConstants.SECURITY.get()) { String[] splits = auth[0].split("="); String projectId = splits.length == 2 ? splits[1] : null; request.setAttribute(ProjectConstants.PROJECT_HEADER, projectId); account = tokenAuthLookUp.getAccountAccess(ProjectConstants.AUTH_TYPE + auth[1], request); } else if (auth[0].toLowerCase().startsWith(ProjectConstants.OAUTH_BASIC.toLowerCase()) && !SecurityConstants.SECURITY.get()) { String[] splits = auth[0].split("="); String projectId = splits.length == 2 ? splits[1] : null; request.setAttribute(ProjectConstants.PROJECT_HEADER, projectId); account = adminAuthLookUp.getAccount(request); } return account; }
@Override public void handle(ApiRequest request) throws IOException { if (request.isCommitted()) return; if (!getResponseFormat().equals(request.getResponseFormat())) { return; } Object responseObject = getResponseObject(request); if (responseObject == null) return; request.setResponseContentType(getContentType()); JsonMapper jsonMapper = this.jsonMapper; if (request.getServletContext().getRequest().getHeader("X-API-Action-Links") != null) { jsonMapper = actionLinksMapper; } OutputStream os = request.getOutputStream(); BufferedOutputStream buf = new BufferedOutputStream(os); ByteArrayOutputStream baos = new ByteArrayOutputStream(); writeJson(jsonMapper, chunked ? buf : baos, responseObject, request); buf.flush(); if (!chunked) { byte[] bytes = baos.toByteArray(); request.getServletContext().getResponse().setContentLength(bytes.length); os.write(bytes); os.flush(); } }
String parsedProjectId = null; String projectId = request.getServletContext().getRequest().getHeader(ProjectConstants.PROJECT_HEADER); if (projectId == null || projectId.isEmpty()) { projectId = request.getServletContext().getRequest().getParameter("projectId"); String accessKey = request.getServletContext().getRequest().getHeader(ProjectConstants.CLIENT_ACCESS_KEY); if (StringUtils.isNotBlank(accessKey)) { Account account = authDao.getAccountByAccessKey(accessKey);
HttpServletRequest servletRequest = request.getServletContext().getRequest(); boolean setCurrentHost = Boolean.TRUE.equals(servletRequest.getAttribute(SET_HOST_CURRENT_HOST)); boolean redirects = !Boolean.FALSE.equals(servletRequest.getAttribute(REDIRECTS));
@Override protected void generate(final ApiRequest request) throws IOException { if (!"secret".equals(request.getType()) || !"POST".equals(request.getMethod())) { return; } if (!CONTENT_TYPE.equalsIgnoreCase(request.getServletContext().getRequest().getContentType())) { return; } String token = request.proxyRequestObject(Secret.class).getValue(); Map<String, Object> value = null; try { value = tokenService.getJsonPayload(token, false); } catch (TokenException e) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN); } String uuid = DataAccessor.fromMap(value).withKey("uuid").as(String.class); if (StringUtils.isBlank(uuid)) { throw new ClientVisibleException(ResponseCodes.NOT_FOUND); } InstanceAndHost ih = secretDao.getHostForInstanceUUIDAndAuthAccount(ApiUtils.getPolicy().getAccountId(), uuid); if (ih == null) { throw new ClientVisibleException(ResponseCodes.NOT_FOUND); } List<SecretReference> secrets = DataAccessor.fieldObjectList(ih.instance, InstanceConstants.FIELD_SECRETS, SecretReference.class, jsonMapper); List<SecretValue> values = secretsService.getValues(secrets, ih.host); jsonMapper.writeValue(request.getOutputStream(), values); request.setResponseObject(new Object()); }
@Override protected MessageWriter getMessageWriter(ApiRequest apiRequest) throws IOException { HttpServletRequest req = apiRequest.getServletContext().getRequest(); HttpServletResponse resp = apiRequest.getServletContext().getResponse(); Policy policy = ApiUtils.getPolicy();
@Override public boolean parse(ApiRequest apiRequest) throws IOException { HttpServletRequest request = apiRequest.getServletContext().getRequest(); apiRequest.setLocale(getLocale(apiRequest, request)); apiRequest.setMethod(parseMethod(apiRequest, request)); apiRequest.setAction(parseAction(apiRequest, request)); apiRequest.setRequestParams(parseParams(apiRequest, request)); apiRequest.setRequestUrl(parseRequestUrl(apiRequest, request)); apiRequest.setClientIp(parseClientIp(apiRequest, request)); apiRequest.setResponseUrlBase(parseResponseUrlBase(apiRequest, request)); apiRequest.setVersion(parseVersion(apiRequest, request)); apiRequest.setResponseFormat(parseResponseType(apiRequest, request)); apiRequest.setQueryString(parseQueryString(apiRequest, request)); parsePath(apiRequest, request); return true; }