From 57370fc96b12f9087302288eb70308d2a94473b1 Mon Sep 17 00:00:00 2001
From: Laurent <laurent.crema@gmail.com>
Date: Thu, 4 Dec 2025 14:47:20 +0100
Subject: [PATCH] Add verb verification to interceptor

---
 .../httpServer/src/annotations/Intercept.java |  1 +
 .../src/handlers/RequestHandler.java          | 26 +++++--------------
 .../src/interceptors/RequestInterceptor.java  | 26 ++++++++++++++++---
 3 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/src/main/java/httpsServer/httpServer/src/annotations/Intercept.java b/src/main/java/httpsServer/httpServer/src/annotations/Intercept.java
index 62c9d31..eecc256 100644
--- a/src/main/java/httpsServer/httpServer/src/annotations/Intercept.java
+++ b/src/main/java/httpsServer/httpServer/src/annotations/Intercept.java
@@ -5,4 +5,5 @@ import java.lang.annotation.*;
 @Retention(RetentionPolicy.RUNTIME)
 @Target(ElementType.METHOD)
 public @interface Intercept {
+    String allowedMethods() default "GET";
 }
\ No newline at end of file
diff --git a/src/main/java/httpsServer/httpServer/src/handlers/RequestHandler.java b/src/main/java/httpsServer/httpServer/src/handlers/RequestHandler.java
index 059f4f1..f6dc777 100644
--- a/src/main/java/httpsServer/httpServer/src/handlers/RequestHandler.java
+++ b/src/main/java/httpsServer/httpServer/src/handlers/RequestHandler.java
@@ -15,34 +15,28 @@ public class RequestHandler implements IRequestHandler {
 
     final AuthorizedClients authorizedClients = new AuthorizedClients();
 
-    @Intercept
+    @Intercept(allowedMethods = "GET")
     public void handleRoot(HttpExchange exchange)  {
-        Logger.displayReceived("/ request");
         try{
             respondToGet(exchange, "./assets/pages/index.html");
         } catch(Exception e){
-
+            e.printStackTrace();
         }
     }
 
-    @Intercept
+    @Intercept(allowedMethods = "GET")
     public void handlePayment(HttpExchange exchange) {
         Logger.displayReceived("/payment request");
         try{
             respondToGet(exchange, "./assets/pages/payment.html");
         } catch(Exception e){
-
+            e.printStackTrace();
         }
     }
 
-    @Intercept
+    @Intercept(allowedMethods = "POST")
     public void handleLogin(HttpExchange exchange) {
         try {
-            if (isUnauthorizedVerb(exchange, "POST")) {
-                exchange.sendResponseHeaders(405, -1);
-                return;
-            }
-
             InputStream is = exchange.getRequestBody();
             String body = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))
                     .lines()
@@ -61,14 +55,10 @@ public class RequestHandler implements IRequestHandler {
 
             exchange.getResponseBody().close();
         } catch (Exception e){
-
+            e.printStackTrace();
         }
     }
     private void respondToGet(HttpExchange exchange, String pagePath) throws IOException {
-        if(isUnauthorizedVerb(exchange, "GET")){
-            exchange.sendResponseHeaders(405, -1);
-            return;
-        }
 
         try{
             final HtmlManager htmlManager = new HtmlManager();
@@ -87,10 +77,6 @@ public class RequestHandler implements IRequestHandler {
         }
     }
 
-    private boolean isUnauthorizedVerb(HttpExchange exchange, String verb) throws IOException {
-        return !verb.equalsIgnoreCase(exchange.getRequestMethod());
-    }
-
     private void send(HttpExchange exchange, byte[] data) throws IOException {
         try (OutputStream os = exchange.getResponseBody()) {
             os.write(data);
diff --git a/src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java b/src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
index 09002ed..1a872cc 100644
--- a/src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
+++ b/src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
@@ -1,5 +1,7 @@
 package httpsServer.httpServer.src.interceptors;
 
+import com.sun.net.httpserver.HttpExchange;
+import common.common.src.logger.Logger;
 import httpsServer.httpServer.src.annotations.Intercept;
 
 import java.lang.reflect.*;
@@ -16,10 +18,28 @@ public class RequestInterceptor implements InvocationHandler {
     public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
 
         Method realMethod = target.getClass().getMethod(method.getName(), method.getParameterTypes());
-        if (realMethod.isAnnotationPresent(Intercept.class)) {
-            System.out.println(">>> Intercepted call to " + method.getName());
+        if (!realMethod.isAnnotationPresent(Intercept.class)) return null;
+
+        Logger.displayReceived("/ request");
+
+        HttpExchange exchange = (HttpExchange)args[0];
+
+        Intercept annotation = realMethod.getAnnotation(Intercept.class);
+        String allowedVerb = annotation.allowedMethods();
+        String receivedVerb = exchange.getRequestMethod();
+
+        if(isAuthorizedVerb(allowedVerb, receivedVerb)) {
+            return method.invoke(target, args);
+        } else {
+            exchange.sendResponseHeaders(405, -1);
+            exchange.getResponseBody().close();
+            return null;
         }
 
-        return method.invoke(target, args); // call original method
     }
+
+    private boolean isAuthorizedVerb(String baseVerb, String receivedVerb) {
+        return baseVerb.equalsIgnoreCase(receivedVerb);
+    }
+
 }