Search in sources :

Example 1 with Status

use of org.onebusaway.users.services.ApiKeyPermissionService.Status in project onebusaway-application-modules by camsys.

the class ApiKeyInterceptor method isAllowed.

// package private for unit tests
int isAllowed(ActionInvocation invocation) {
    ActionContext context = invocation.getInvocationContext();
    Map<String, Object> parameters = context.getParameters();
    String[] keys = (String[]) parameters.get("key");
    if (keys == null || keys.length == 0) {
        // 401:  we couldn't find the api key
        return HttpServletResponse.SC_UNAUTHORIZED;
    }
    Status status = _keyService.getPermission(keys[0], "api");
    if (status == Status.AUTHORIZED) {
        return HttpServletResponse.SC_OK;
    }
    if (status == Status.RATE_EXCEEDED) {
        return RESPONSE_TOO_MANY_REQUESTS;
    }
    // fall through is 403 Forbidden (we understood the key, but auth failed)
    return HttpServletResponse.SC_FORBIDDEN;
}
Also used : Status(org.onebusaway.users.services.ApiKeyPermissionService.Status) ServletActionContext(org.apache.struts2.ServletActionContext) ActionContext(com.opensymphony.xwork2.ActionContext)

Example 2 with Status

use of org.onebusaway.users.services.ApiKeyPermissionService.Status in project onebusaway-application-modules by camsys.

the class GtfsRealtimePlaybackController method tripUpdates.

@RequestMapping(value = "/gtfs-realtime/{path:trip-updates|vehicle-positions}")
public void tripUpdates(ServletRequest request, HttpServletResponse response, @RequestParam(value = "key", required = true) String key, @RequestParam(value = "timestamp", required = false) Long timestampInSeconds, @RequestParam(value = "time", required = false) String simpleDate, @RequestParam(value = "interval", required = false, defaultValue = "30") long interval, @PathVariable String path) throws IOException {
    Status status = isAllowed(key);
    if (Status.RATE_EXCEEDED == status) {
        response.sendError(TOO_MANY_REQUESTS);
        return;
    }
    if (Status.AUTHORIZED != status) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    if (simpleDate != null) {
        Date parsed;
        try {
            parsed = DATE_FORMAT.parse(simpleDate);
            timestampInSeconds = parsed.getTime() / 1000;
        } catch (ParseException e) {
        // bury
        }
    }
    if (timestampInSeconds == null) {
        response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED, "time or timestamp parameters required");
        return;
    }
    EntityType type = path.equals("trip-updates") ? EntityType.TRIP : EntityType.VEHICLE;
    // will not create new session if time is the same
    Date requestedDate = new Date(timestampInSeconds * 1000);
    _timeService.setCurrentTime(key, requestedDate);
    Date endDate = _timeService.getCurrentTime(key);
    Date startDate = new Date((endDate.getTime() - (interval * 1000)));
    FeedMessage tripUpdates = _gtfsRealtimeRetriever.getFeedMessage(type, startDate, endDate);
    render(request, response, tripUpdates);
}
Also used : Status(org.onebusaway.users.services.ApiKeyPermissionService.Status) EntityType(org.onebusaway.gtfs_realtime.archiver.service.GtfsRealtimeRetriever.EntityType) FeedMessage(com.google.transit.realtime.GtfsRealtime.FeedMessage) ParseException(java.text.ParseException) Date(java.util.Date) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with Status

use of org.onebusaway.users.services.ApiKeyPermissionService.Status in project onebusaway-application-modules by camsys.

the class GtfsRealtimePlaybackController method clear.

@RequestMapping(value = "/gtfs-realtime/clear")
@ResponseBody
public String clear(HttpServletResponse response, @RequestParam(value = "key", required = true) String key) throws IOException {
    Status status = isAllowed(key);
    if (Status.AUTHORIZED == status) {
        _timeService.clear(key);
        return "SUCCESS\n";
    }
    if (Status.RATE_EXCEEDED == status) {
        response.sendError(TOO_MANY_REQUESTS);
        return "rate limit exceeded";
    }
    response.sendError(HttpServletResponse.SC_FORBIDDEN);
    return "permission denied";
}
Also used : Status(org.onebusaway.users.services.ApiKeyPermissionService.Status) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

Status (org.onebusaway.users.services.ApiKeyPermissionService.Status)3 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 FeedMessage (com.google.transit.realtime.GtfsRealtime.FeedMessage)1 ActionContext (com.opensymphony.xwork2.ActionContext)1 ParseException (java.text.ParseException)1 Date (java.util.Date)1 ServletActionContext (org.apache.struts2.ServletActionContext)1 EntityType (org.onebusaway.gtfs_realtime.archiver.service.GtfsRealtimeRetriever.EntityType)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1