Examples with BadCookieException org.webpieces.router.api.exceptions.BadCookieException used on opensource projects

Example 1 with BadCookieException

use of org.webpieces.router.api.exceptions.BadCookieException in project webpieces by deanhiller.

the class RequestStreamWriter method handleCompleteRequest.

CompletableFuture<Void> handleCompleteRequest() {
    for (Http2Header h : requestHeaders.getHeaders()) {
        if (!headersSupported.contains(h.getKnownName()))
            log.error("This webserver has not thought about supporting header=" + h.getName() + " quite yet.  value=" + h.getValue() + " Please let us know and we can quickly add support");
    }
    RouterRequest routerRequest = new RouterRequest();
    routerRequest.orginalRequest = requestHeaders;
    //TODO(dhiller): figure out the firewall way to config when firewall terminates the ssl and we receive http
    //or the secure routes will not show up
    //We could add configuration to checking the terminating server socket locally as the firewall could
    //be defined to terminate ssl and drive to a specific port then.  the info is in stream.getSocket.getSvrSocketAddress
    routerRequest.isHttps = stream.getSocket().isHttps();
    String domain = requestHeaders.getAuthority();
    if (domain == null) {
        throw new IllegalArgumentException("Must contain Host(http1.1) or :authority(http2) header");
    }
    int port = 80;
    if (routerRequest.isHttps)
        port = 443;
    //if there is a firewall this port is wrong....and the above or below is right
    //int port = socketInfo.getLocalBoundAddress().getPort();
    int index2 = domain.indexOf(":");
    //TODO(dhiller): find when user is used and test implement
    if (index2 >= 0) {
        port = Integer.parseInt(domain.substring(index2 + 1));
        domain = domain.substring(0, index2);
    }
    String methodString = requestHeaders.getMethodString();
    HttpMethod method = HttpMethod.lookup(methodString);
    if (method == null)
        throw new UnsupportedOperationException("method not supported=" + methodString);
    parseCookies(requestHeaders, routerRequest);
    parseAcceptLang(requestHeaders, routerRequest);
    parseAccept(requestHeaders, routerRequest);
    routerRequest.encodings = headerParser.parseAcceptEncoding(requestHeaders);
    String referHeader = requestHeaders.getSingleHeaderValue(Http2HeaderName.REFERER);
    if (referHeader != null)
        routerRequest.referrer = referHeader;
    String xRequestedWithHeader = requestHeaders.getSingleHeaderValue(Http2HeaderName.X_REQUESTED_WITH);
    if ("XMLHttpRequest".equals(xRequestedWithHeader))
        routerRequest.isAjaxRequest = true;
    String fullPath = requestHeaders.getPath();
    if (fullPath == null)
        throw new IllegalArgumentException(":path header(http2) or path in request line(http1.1) is required");
    parseBody(requestHeaders, routerRequest);
    routerRequest.method = method;
    routerRequest.domain = domain;
    routerRequest.port = port;
    int index = fullPath.indexOf("?");
    if (index > 0) {
        routerRequest.relativePath = fullPath.substring(0, index);
        String postfix = fullPath.substring(index + 1);
        facade.urlEncodeParse(postfix, routerRequest);
    } else {
        routerRequest.queryParams = new HashMap<>();
        routerRequest.relativePath = fullPath;
    }
    //http1.1 so no...
    routerRequest.isSendAheadNextResponses = false;
    if (routerRequest.relativePath.contains("?"))
        throw new UnsupportedOperationException("not supported yet");
    ProxyResponse streamer = facade.createProxyResponse();
    try {
        streamer.init(routerRequest, requestHeaders, stream, facade.getBufferPool());
        return facade.incomingCompleteRequest(routerRequest, streamer);
    } catch (BadCookieException e) {
        log.warn("This occurs if secret key changed, or you booted another webapp with different key on same port or someone modified the cookie", e);
        streamer.sendRedirectAndClearCookie(routerRequest, e.getCookieName());
        return CompletableFuture.completedFuture(null);
    }
}

Example 2 with BadCookieException

use of org.webpieces.router.api.exceptions.BadCookieException in project webpieces by deanhiller.

the class AbstractRouterService method incomingCompleteRequest.

@Override
public final CompletableFuture<Void> incomingCompleteRequest(RouterRequest routerRequest, ResponseStreamer responseCb) {
    try {
        if (!started)
            throw new IllegalStateException("Either start was not called by client or start threw an exception that client ignored and must be fixed");
        ;
        Session session = (Session) cookieTranslator.translateCookieToScope(routerRequest, new SessionImpl(translator));
        FlashSub flash = (FlashSub) cookieTranslator.translateCookieToScope(routerRequest, new FlashImpl(translator));
        Validation validation = (Validation) cookieTranslator.translateCookieToScope(routerRequest, new ValidationImpl(translator));
        RequestContext requestCtx = new RequestContext(validation, flash, session, routerRequest);
        return processRequest(requestCtx, responseCb);
    } catch (BadCookieException e) {
        throw e;
    } catch (Throwable e) {
        log.warn("uncaught exception", e);
        return responseCb.failureRenderingInternalServerErrorPage(e);
    }
}

Example 3 with BadCookieException

use of org.webpieces.router.api.exceptions.BadCookieException in project webpieces by deanhiller.

the class CookieTranslator method cookieToScope.

private CookieScope cookieToScope(RouterRequest req, CookieScopeImpl data) throws UnsupportedEncodingException {
    RouterCookie routerCookie = req.cookies.get(data.getName());
    if (routerCookie == null) {
        data.setExisted(false);
        return data;
    }
    data.setExisted(true);
    Map<String, String> dataMap = new HashMap<>();
    String value = routerCookie.value;
    int colonIndex = value.indexOf(":");
    String version = value.substring(0, colonIndex);
    String keyValuePairs = value.substring(colonIndex + 1);
    if (data instanceof SecureCookie) {
        String[] pair = version.split("-");
        version = pair[0];
        String expectedHash = pair[1];
        String hash = security.sign(config.getSecretKey(), keyValuePairs);
        if (!hash.equals(expectedHash))
            throw new BadCookieException("hashes don't match...This occurs if secret key" + " was switched, or loaded different webapp on same port or someone" + " created an invalid cookie and sent to your webserver", data.getName());
    }
    if (!VERSION.equals(version))
        throw new BadCookieException("versions don't match...This occurs if secret key" + " was switched, or loaded different webapp on same port or someone" + " created an invalid cookie and sent to your webserver", data.getName());
    String[] pieces = keyValuePairs.split("&");
    for (String piece : pieces) {
        String[] split = piece.split("=");
        if (split.length == 2) {
            String key = URLDecoder.decode(split[0], config.getUrlEncoding().name());
            String val = URLDecoder.decode(split[1], config.getUrlEncoding().name());
            dataMap.put(key, val);
        } else {
            String key = URLDecoder.decode(split[0], config.getUrlEncoding().name());
            dataMap.put(key, "");
        }
    }
    data.setMapData(dataMap);
    return data;
}