Naaturel/masi-3ds-cypher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add verb verification to interceptor

Browse Source
This commit is contained in:
Laurent
2025-12-04 14:47:20 +01:00
parent 49b9891b1f
commit 57370fc96b
3 changed files with 30 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/httpsServer/httpServer/src/annotations/Intercept.java
View File

@@ -5,4 +5,5 @@ import java.lang.annotation.*;
@Retention(RetentionPolicy.RUNTIME) @Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD) @Target(ElementType.METHOD)
public @interface Intercept { public @interface Intercept {
String allowedMethods() default "GET";
} }

26
src/main/java/httpsServer/httpServer/src/handlers/RequestHandler.java
View File

@@ -15,34 +15,28 @@ public class RequestHandler implements IRequestHandler {
final AuthorizedClients authorizedClients = new AuthorizedClients(); final AuthorizedClients authorizedClients = new AuthorizedClients();
@Intercept @Intercept(allowedMethods = "GET")
public void handleRoot(HttpExchange exchange) { public void handleRoot(HttpExchange exchange) {
Logger.displayReceived("/ request");
try{ try{
respondToGet(exchange, "./assets/pages/index.html"); respondToGet(exchange, "./assets/pages/index.html");
} catch(Exception e){ } catch(Exception e){
e.printStackTrace();
} }
} }
@Intercept @Intercept(allowedMethods = "GET")
public void handlePayment(HttpExchange exchange) { public void handlePayment(HttpExchange exchange) {
Logger.displayReceived("/payment request"); Logger.displayReceived("/payment request");
try{ try{
respondToGet(exchange, "./assets/pages/payment.html"); respondToGet(exchange, "./assets/pages/payment.html");
} catch(Exception e){ } catch(Exception e){
e.printStackTrace();
} }
} }
@Intercept @Intercept(allowedMethods = "POST")
public void handleLogin(HttpExchange exchange) { public void handleLogin(HttpExchange exchange) {
try { try {
if (isUnauthorizedVerb(exchange, "POST")) {
exchange.sendResponseHeaders(405, -1);
return;
}
InputStream is = exchange.getRequestBody(); InputStream is = exchange.getRequestBody();
String body = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8)) String body = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))
.lines() .lines()
@@ -61,14 +55,10 @@ public class RequestHandler implements IRequestHandler {
exchange.getResponseBody().close(); exchange.getResponseBody().close();
} catch (Exception e){ } catch (Exception e){
e.printStackTrace();
} }
} }
private void respondToGet(HttpExchange exchange, String pagePath) throws IOException { private void respondToGet(HttpExchange exchange, String pagePath) throws IOException {
if(isUnauthorizedVerb(exchange, "GET")){
exchange.sendResponseHeaders(405, -1);
return;
}
try{ try{
final HtmlManager htmlManager = new HtmlManager(); final HtmlManager htmlManager = new HtmlManager();
@@ -87,10 +77,6 @@ public class RequestHandler implements IRequestHandler {
} }
} }
private boolean isUnauthorizedVerb(HttpExchange exchange, String verb) throws IOException {
return !verb.equalsIgnoreCase(exchange.getRequestMethod());
}
private void send(HttpExchange exchange, byte[] data) throws IOException { private void send(HttpExchange exchange, byte[] data) throws IOException {
try (OutputStream os = exchange.getResponseBody()) { try (OutputStream os = exchange.getResponseBody()) {
os.write(data); os.write(data);

26
src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
View File

@@ -1,5 +1,7 @@
package httpsServer.httpServer.src.interceptors; package httpsServer.httpServer.src.interceptors;
import com.sun.net.httpserver.HttpExchange;
import common.common.src.logger.Logger;
import httpsServer.httpServer.src.annotations.Intercept; import httpsServer.httpServer.src.annotations.Intercept;
import java.lang.reflect.*; import java.lang.reflect.*;
@@ -16,10 +18,28 @@ public class RequestInterceptor implements InvocationHandler {
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
Method realMethod = target.getClass().getMethod(method.getName(), method.getParameterTypes()); Method realMethod = target.getClass().getMethod(method.getName(), method.getParameterTypes());
if (realMethod.isAnnotationPresent(Intercept.class)) { if (!realMethod.isAnnotationPresent(Intercept.class)) return null;
System.out.println(">>> Intercepted call to " + method.getName());
Logger.displayReceived("/ request");
HttpExchange exchange = (HttpExchange)args[0];
Intercept annotation = realMethod.getAnnotation(Intercept.class);
String allowedVerb = annotation.allowedMethods();
String receivedVerb = exchange.getRequestMethod();
if(isAuthorizedVerb(allowedVerb, receivedVerb)) {
return method.invoke(target, args);
} else {
exchange.sendResponseHeaders(405, -1);
exchange.getResponseBody().close();
return null;
} }
return method.invoke(target, args); // call original method
} }
private boolean isAuthorizedVerb(String baseVerb, String receivedVerb) {
return baseVerb.equalsIgnoreCase(receivedVerb);
}
} }