From 7aa1a29e337350ea61423f6cabb73e994534baf8 Mon Sep 17 00:00:00 2001 From: luc Date: Fri, 8 Jan 2016 23:18:13 +0100 Subject: [PATCH] Return more accurate HTTP status 400 with detail message when some error occurs on ViewImage : - missing required parameters - url licence invalid --- htroot/ViewImage.java | 44 +++++++++------- .../yacy/data/InvalidURLLicenceException.java | 52 +++++++++++++++++++ .../TemplateMissingParameterException.java | 52 +++++++++++++++++++ .../http/servlets/YaCyDefaultServlet.java | 16 +++++- 4 files changed, 144 insertions(+), 20 deletions(-) create mode 100644 source/net/yacy/data/InvalidURLLicenceException.java create mode 100644 source/net/yacy/http/servlets/TemplateMissingParameterException.java diff --git a/htroot/ViewImage.java b/htroot/ViewImage.java index ba75dc62f..45dd15c31 100644 --- a/htroot/ViewImage.java +++ b/htroot/ViewImage.java @@ -49,7 +49,9 @@ import net.yacy.cora.protocol.HeaderFramework; import net.yacy.cora.protocol.RequestHeader; import net.yacy.cora.storage.ConcurrentARC; import net.yacy.cora.util.ConcurrentLog; +import net.yacy.data.InvalidURLLicenceException; import net.yacy.data.URLLicense; +import net.yacy.http.servlets.TemplateMissingParameterException; import net.yacy.kelondro.util.FileUtils; import net.yacy.kelondro.util.MemoryControl; import net.yacy.kelondro.workflow.WorkflowProcessor; @@ -69,7 +71,7 @@ public class ViewImage { private static byte[] defaulticonb = null; /** - * Try parsing image from post "url" parameter or from "code" parameter. + * Try parsing image from post "url" parameter (authenticated users) or from "code" parameter (non authenticated users). * When image format is not supported, return directly image data. When * image could be parsed, try encoding to target format specified by header * "EXT". @@ -95,12 +97,9 @@ public class ViewImage { final Switchboard sb = (Switchboard) env; - // the url to the image can be either submitted with an url in clear - // text, or using a license key - // if the url is given as clear text, the user must be authorized as - // admin - // the license can be used also from non-authorized users - + if(post == null) { + throw new TemplateMissingParameterException("please fill at least url or code parameter"); + } String urlString = post.get("url", ""); final String urlLicense = post.get("code", ""); String ext = header.get("EXT", null); @@ -108,20 +107,27 @@ public class ViewImage { || sb.verifyAuthentication(header); // handle access rights DigestURL url = null; - if ((urlString.length() > 0) && (auth)) { - url = new DigestURL(urlString); - } - - if ((url == null) && (urlLicense.length() > 0)) { - urlString = URLLicense.releaseLicense(urlLicense); - if (urlString != null) { + if(auth) { + /* Authenticated user : rely on url parameter*/ + if (urlString.length() > 0) { url = new DigestURL(urlString); - } else { // license is gone (e.g. released/remove in prev calls) - ConcurrentLog.fine("ViewImage", "image urlLicense not found key=" + urlLicense); - /* Return an empty EncodedImage. Caller is responsible for handling this correctly (500 status code response) */ - return new EncodedImage(new byte[0], ext, post.getBoolean("isStatic")); // TODO: maybe favicon accessed again, check - // iconcache + } else { + throw new TemplateMissingParameterException("missing required url parameter"); } + } else { + /* Non authenticated user : rely on urlLicense parameter */ + if((urlLicense.length() > 0)) { + urlString = URLLicense.releaseLicense(urlLicense); + if (urlString != null) { + url = new DigestURL(urlString); + } else { // license is gone (e.g. released/remove in prev calls) + ConcurrentLog.fine("ViewImage", "image urlLicense not found key=" + urlLicense); + /* Caller is responsible for handling this with appropriate HTTP status code */ + throw new InvalidURLLicenceException(); + } + } else { + throw new TemplateMissingParameterException("missing required code parameter"); + } } // get the image as stream diff --git a/source/net/yacy/data/InvalidURLLicenceException.java b/source/net/yacy/data/InvalidURLLicenceException.java new file mode 100644 index 000000000..9d06abe3f --- /dev/null +++ b/source/net/yacy/data/InvalidURLLicenceException.java @@ -0,0 +1,52 @@ +// InvalidURLLicenceException.java +// (C) 2007 by Michael Peter Christen; mc@yacy.net, Frankfurt a. M., Germany +// first published 03.07.2007 on http://yacy.net +// +// This is a part of YaCy, a peer-to-peer based web search engine +// +// $LastChangedDate$ +// $LastChangedRevision$ +// $LastChangedBy$ +// +// LICENSE +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +package net.yacy.data; + +/** + * Exception indicating a URLLicense is not valid. + * @author luc + * + */ +public class InvalidURLLicenceException extends RuntimeException { + + private static final long serialVersionUID = 388769934848447613L; + + /** + * Default constructor : use generic message + */ + public InvalidURLLicenceException() { + super("Url license code is not valid or empty"); + } + + /** + * @param message detail message + */ + public InvalidURLLicenceException(String message) { + super(message); + } + +} diff --git a/source/net/yacy/http/servlets/TemplateMissingParameterException.java b/source/net/yacy/http/servlets/TemplateMissingParameterException.java new file mode 100644 index 000000000..d9405ffd2 --- /dev/null +++ b/source/net/yacy/http/servlets/TemplateMissingParameterException.java @@ -0,0 +1,52 @@ +// TemplateMissingParameterException.java +// (C) 2007 by Michael Peter Christen; mc@yacy.net, Frankfurt a. M., Germany +// first published 03.07.2007 on http://yacy.net +// +// This is a part of YaCy, a peer-to-peer based web search engine +// +// $LastChangedDate$ +// $LastChangedRevision$ +// $LastChangedBy$ +// +// LICENSE +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +package net.yacy.http.servlets; + +/** + * Use this to indicates a required parameter is missing for a template. Allows finer grained exception handling. + * @author luc + * + */ +public class TemplateMissingParameterException extends IllegalArgumentException { + + private static final long serialVersionUID = -3443324572847193267L; + + /** + * Default constructor : use generic message. + */ + public TemplateMissingParameterException() { + super("Missing required parameters"); + } + + /** + * @param message detail message + */ + public TemplateMissingParameterException(String message) { + super(message); + } + +} diff --git a/source/net/yacy/http/servlets/YaCyDefaultServlet.java b/source/net/yacy/http/servlets/YaCyDefaultServlet.java index ef849300b..4d65e7e4a 100644 --- a/source/net/yacy/http/servlets/YaCyDefaultServlet.java +++ b/source/net/yacy/http/servlets/YaCyDefaultServlet.java @@ -66,6 +66,7 @@ import net.yacy.cora.protocol.HeaderFramework; import net.yacy.cora.protocol.RequestHeader; import net.yacy.cora.util.ByteBuffer; import net.yacy.cora.util.ConcurrentLog; +import net.yacy.data.InvalidURLLicenceException; import net.yacy.data.UserDB.AccessRight; import net.yacy.data.UserDB.Entry; import net.yacy.http.ProxyHandler; @@ -828,7 +829,20 @@ public class YaCyDefaultServlet extends HttpServlet { } else { tmp = invokeServlet(targetClass, legacyRequestHeader, args); } - } catch (InvocationTargetException | IllegalArgumentException | IllegalAccessException e) { + } catch(InvocationTargetException e) { + if(e.getCause() instanceof InvalidURLLicenceException) { + /* A non authaurized user is trying to fetch a image with a bad or already released license code */ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getCause().getMessage()); + return; + } + if(e.getCause() instanceof TemplateMissingParameterException) { + /* A template is used but miss some required parameter */ + response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getCause().getMessage()); + return; + } + ConcurrentLog.logException(e); + throw new ServletException(targetFile.getAbsolutePath()); + } catch (IllegalArgumentException | IllegalAccessException e) { ConcurrentLog.logException(e); throw new ServletException(targetFile.getAbsolutePath()); }