Example 1 with WebUser
use of com.djrapitops.plan.delivery.web.resolver.request.WebUser in project Plan by plan-player-analytics.
the class RequestHandler method buildRequest.
private Request buildRequest(HttpExchange exchange) {
String requestMethod = exchange.getRequestMethod();
URIPath path = new URIPath(exchange.getRequestURI().getPath());
URIQuery query = new URIQuery(exchange.getRequestURI().getRawQuery());
byte[] requestBody = readRequestBody(exchange);
WebUser user = getWebUser(exchange);
Map<String, String> headers = getRequestHeaders(exchange);
return new Request(requestMethod, path, query, user, headers, requestBody);
}Example 2 with WebUser
use of com.djrapitops.plan.delivery.web.resolver.request.WebUser in project Plan by plan-player-analytics.
the class PlayerJSONResolver method canAccess.
@Override
public boolean canAccess(Request request) {
WebUser user = request.getUser().orElse(new WebUser(""));
if (user.hasPermission("page.player.other"))
return true;
if (user.hasPermission("page.player.self")) {
try {
UUID webUserUUID = identifiers.getPlayerUUID(user.getName());
UUID playerUUID = identifiers.getPlayerUUID(request);
return playerUUID.equals(webUserUUID);
} catch (BadRequestException userDoesntExist) {
// Don't give away who has played on the server to someone with level 2 access
return false;
}
}
return false;
}
Also used :
BadRequestException(com.djrapitops.plan.delivery.web.resolver.exception.BadRequestException)
WebUser(com.djrapitops.plan.delivery.web.resolver.request.WebUser)
UUID(java.util.UUID)
Example 3 with WebUser
use of com.djrapitops.plan.delivery.web.resolver.request.WebUser in project Plan by plan-player-analytics.
the class ResponseResolver method tryToGetResponse.
/**
* @throws NotFoundException In some cases when page was not found, not all.
* @throws ForbiddenException If the user is not allowed to see the page
* @throws BadRequestException If the request did not have required things.
*/
private Response tryToGetResponse(Request request) {
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
return Response.builder().setStatus(204).build();
}
Optional<WebUser> user = request.getUser();
List<Resolver> foundResolvers = resolverService.getResolvers(request.getPath().asString());
if (foundResolvers.isEmpty())
return responseFactory.pageNotFound404();
for (Resolver resolver : foundResolvers) {
boolean isAuthRequired = webServer.get().isAuthRequired() && resolver.requiresAuth(request);
if (isAuthRequired) {
if (!user.isPresent()) {
if (webServer.get().isUsingHTTPS()) {
throw new WebUserAuthException(FailReason.NO_USER_PRESENT);
} else {
return responseFactory.forbidden403();
}
}
if (resolver.canAccess(request)) {
Optional<Response> resolved = resolver.resolve(request);
if (resolved.isPresent())
return resolved.get();
} else {
return responseFactory.forbidden403();
}
} else {
Optional<Response> resolved = resolver.resolve(request);
if (resolved.isPresent())
return resolved.get();
}
}
return responseFactory.pageNotFound404();
}
Also used :
Response(com.djrapitops.plan.delivery.web.resolver.Response)
RootJSONResolver(com.djrapitops.plan.delivery.webserver.resolver.json.RootJSONResolver)
Resolver(com.djrapitops.plan.delivery.web.resolver.Resolver)
NoAuthResolver(com.djrapitops.plan.delivery.web.resolver.NoAuthResolver)
WebUserAuthException(com.djrapitops.plan.exceptions.WebUserAuthException)
WebUser(com.djrapitops.plan.delivery.web.resolver.request.WebUser)
Example 4 with WebUser
use of com.djrapitops.plan.delivery.web.resolver.request.WebUser in project Plan by plan-player-analytics.
the class PlayerPageResolver method canAccess.
@Override
public boolean canAccess(Request request) {
URIPath path = request.getPath();
WebUser user = request.getUser().orElse(new WebUser(""));
boolean isOwnPage = path.getPart(1).map(nameOrUUID -> {
// name matches user
if (user.getName().equalsIgnoreCase(nameOrUUID))
return true;
return // uuid matches user
uuidUtility.getNameOf(nameOrUUID).map(user.getName()::equalsIgnoreCase).orElse(// uuid or name don't match
false);
}).orElse(// No name or UUID given
true);
return user.hasPermission("page.player.other") || user.hasPermission("page.player.self") && isOwnPage;
}
Also used :
URIPath(com.djrapitops.plan.delivery.web.resolver.request.URIPath)
PlanConfig(com.djrapitops.plan.settings.config.PlanConfig)
Request(com.djrapitops.plan.delivery.web.resolver.request.Request)
Html(com.djrapitops.plan.delivery.rendering.html.Html)
UUID(java.util.UUID)
Singleton(javax.inject.Singleton)
Response(com.djrapitops.plan.delivery.web.resolver.Response)
StringUtils(org.apache.commons.lang3.StringUtils)
ResponseFactory(com.djrapitops.plan.delivery.webserver.ResponseFactory)
Inject(javax.inject.Inject)
PluginSettings(com.djrapitops.plan.settings.config.paths.PluginSettings)
Resolver(com.djrapitops.plan.delivery.web.resolver.Resolver)
WebUser(com.djrapitops.plan.delivery.web.resolver.request.WebUser)
Optional(java.util.Optional)
UUIDUtility(com.djrapitops.plan.identification.UUIDUtility)
URIPath(com.djrapitops.plan.delivery.web.resolver.request.URIPath)
WebUser(com.djrapitops.plan.delivery.web.resolver.request.WebUser)
Example 5 with WebUser
use of com.djrapitops.plan.delivery.web.resolver.request.WebUser in project Plan by plan-player-analytics.
the class RootPageResolver method getResponse.
private Response getResponse(Request request) {
Server server = serverInfo.getServer();
if (!webServer.get().isAuthRequired()) {
String redirectTo = server.isProxy() ? "network" : "server/" + Html.encodeToURL(server.getIdentifiableName());
return responseFactory.redirectResponse(redirectTo);
}
WebUser user = request.getUser().orElseThrow(() -> new WebUserAuthException(FailReason.EXPIRED_COOKIE));
if (user.hasPermission("page.server")) {
return responseFactory.redirectResponse(server.isProxy() ? "network" : "server/" + Html.encodeToURL(server.getIdentifiableName()));
} else if (user.hasPermission("page.players")) {
return responseFactory.redirectResponse("players");
} else if (user.hasPermission("page.player.self")) {
return responseFactory.redirectResponse("player/" + Html.encodeToURL(user.getName()));
} else {
return responseFactory.forbidden403(user.getName() + " has insufficient permissions to be redirected to any page. Needs one of: 'page.server', 'page.players' or 'page.player.self'");
}
}
Also used :
Server(com.djrapitops.plan.identification.Server)
WebServer(com.djrapitops.plan.delivery.webserver.WebServer)
WebUserAuthException(com.djrapitops.plan.exceptions.WebUserAuthException)
WebUser(com.djrapitops.plan.delivery.web.resolver.request.WebUser)
Aggregations
WebUser (com.djrapitops.plan.delivery.web.resolver.request.WebUser)7
WebUserAuthException (com.djrapitops.plan.exceptions.WebUserAuthException)3
Resolver (com.djrapitops.plan.delivery.web.resolver.Resolver)2
Response (com.djrapitops.plan.delivery.web.resolver.Response)2
Request (com.djrapitops.plan.delivery.web.resolver.request.Request)2
URIPath (com.djrapitops.plan.delivery.web.resolver.request.URIPath)2
UUID (java.util.UUID)2
Html (com.djrapitops.plan.delivery.rendering.html.Html)1
NoAuthResolver (com.djrapitops.plan.delivery.web.resolver.NoAuthResolver)1
BadRequestException (com.djrapitops.plan.delivery.web.resolver.exception.BadRequestException)1
URIQuery (com.djrapitops.plan.delivery.web.resolver.request.URIQuery)1
ResponseFactory (com.djrapitops.plan.delivery.webserver.ResponseFactory)1
WebServer (com.djrapitops.plan.delivery.webserver.WebServer)1
RootJSONResolver (com.djrapitops.plan.delivery.webserver.resolver.json.RootJSONResolver)1
Server (com.djrapitops.plan.identification.Server)1
UUIDUtility (com.djrapitops.plan.identification.UUIDUtility)1
PlanConfig (com.djrapitops.plan.settings.config.PlanConfig)1
PluginSettings (com.djrapitops.plan.settings.config.paths.PluginSettings)1
HashMap (java.util.HashMap)1
Optional (java.util.Optional)1
