/*******************************************************************************
* HelloNzb -- The Binary Usenet Tool
* Copyright (C) 2010-2013 Matthias F. Brandstetter
* https://sourceforge.net/projects/hellonzb/
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
******************************************************************************/
package me.mabra.hellonzb.httpserver.nioengine;
import me.mabra.hellonzb.AppConnector;
import me.mabra.hellonzb.httpserver.HelloNzbHttpSrvMgr;
import me.mabra.hellonzb.util.MyLogger;
import org.jboss.netty.buffer.ChannelBuffer;
import org.jboss.netty.buffer.ChannelBuffers;
import org.jboss.netty.channel.*;
import org.jboss.netty.handler.codec.http.*;
import org.jboss.netty.util.CharsetUtil;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URLDecoder;
import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static org.jboss.netty.handler.codec.http.HttpHeaders.Names.*;
import static org.jboss.netty.handler.codec.http.HttpHeaders.isKeepAlive;
import static org.jboss.netty.handler.codec.http.HttpResponseStatus.*;
import static org.jboss.netty.handler.codec.http.HttpVersion.HTTP_1_1;
public class HttpServerHandler extends SimpleChannelUpstreamHandler
{
private HttpRequest request;
private final HttpGetHandler getHandler;
private final HttpNzbFileReceiver fileReceiver;
protected final String homeUrl;
private String cookieToSend;
public HttpServerHandler(HttpGetHandler getHandler, HttpNzbFileReceiver fileReceiver, String home)
{
this.homeUrl = home;
this.getHandler = getHandler;
this.fileReceiver = fileReceiver;
this.cookieToSend = null;
}
@Override
public void messageReceived(ChannelHandlerContext ctx, MessageEvent e) throws Exception
{
HttpRequest request = this.request = (HttpRequest) e.getMessage();
// check whether client is authenticated
if( !request.getUri().equals("/") &&
!request.getUri().equals("/index.html") &&
!request.getUri().equals("/login") &&
!request.getUri().endsWith(".css"))
{
if(!checkAuth(((InetSocketAddress) ctx.getChannel().getRemoteAddress()).getAddress().getHostAddress()))
{
// user not authenticated, redirect to login page
AppConnector._instance()._getLogger().msg("Unauthenticated client connected, redirecting to login page.", MyLogger.SEV_INFO);
redirect(e, homeUrl + "/index.html");
return;
}
}
// check if request comes from login page (with user and pass)
if(request.getUri().equals("/login"))
{
if(!checkLogin(((InetSocketAddress) ctx.getChannel().getRemoteAddress()).getAddress().getHostAddress()))
{
// user login failed
AppConnector._instance()._getLogger().msg("Invalid User/Pass combination, redirecting to login page.", MyLogger.SEV_INFO);
redirect(e, homeUrl + "/index.html");
return;
}
else
{
// user has successfully logged in
redirect(e, homeUrl + "/start.html");
return;
}
}
// determine request method and pass to GET/POST handler
String method = request.getMethod().toString();
if(method.equals("GET"))
getHandler.messageReceived(this, e, request);
else if(method.equals("POST"))
{
if(requestedPage().equals("uploadnzb"))
fileReceiver.messageReceived(this, e, request);
else
pageNotFound(e);
}
else
invalidRequestMethod(e, "GET", "POST");
}
private boolean checkAuth(String client)
{
// check cookie from client
String cookieString = request.getHeader(COOKIE);
if(cookieString != null)
{
CookieDecoder cookieDecoder = new CookieDecoder();
Set<Cookie> cookies = cookieDecoder.decode(cookieString);
for(Cookie cookie : cookies)
{
String val = cookie.getValue();
if(HttpServer.authClients.containsKey(val) && HttpServer.authClients.get(val).equals(client))
return true;
}
}
return false;
}
private boolean checkLogin(String client)
{
ChannelBuffer content = request.getContent();
if(content.readable())
{
String contentStr = URLDecoder.decode(content.toString(CharsetUtil.UTF_8));
String [] loginData = contentStr.split("&");
if(loginData[0].equals("username=") || loginData[1].equals("password="))
return false;
String username = loginData[0].split("=")[1];
String password = loginData[1].split("=")[1];
if(username.equals(HelloNzbHttpSrvMgr.authUser()) && password.equals(HelloNzbHttpSrvMgr.authPass()))
{
String authID = "";
try
{
// generate unique ID
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String base = sdf.format(Calendar.getInstance().getTime()) + client;
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(base.getBytes());
byte [] digest = md.digest();
StringBuffer sb = new StringBuffer();
for(byte b : digest) sb.append(Integer.toHexString((int) (b & 0xff)));
authID = sb.toString();
}
catch(Exception ex)
{
// fallback
authID = "sdjc0s98cj0s98djcs980jcs98duc9s8jsd9";
}
// auth. successful, set cookie and save client IP for this session
CookieEncoder cookieEncoder = new CookieEncoder(true);
cookieEncoder.addCookie("authID", authID);
cookieToSend = cookieEncoder.encode();
HttpServer.authClients.put(authID, client);
return true;
}
else
return false;
}
else
return false;
}
protected String requestedPage()
{
String uri = request.getUri();
String [] parts = uri.split("/");
if(parts.length > 1)
return parts[1].contains("?") ? parts[1].split("\\?")[0] : parts[1];
else
return null;
}
protected Map<String, List<String>> getQueryParams()
{
QueryStringDecoder queryStringDecoder = new QueryStringDecoder(request.getUri());
return queryStringDecoder.getParameters();
}
protected void invalidRequestMethod(MessageEvent e, String ... allowedMethods) throws IOException
{
// invalid request method detected!
HttpResponse response = new DefaultHttpResponse(HTTP_1_1, METHOD_NOT_ALLOWED);
response.setHeader(CONTENT_TYPE, "text/plain; charset=UTF-8");
response.setHeader(PRAGMA, "no-cache");
for(String method : allowedMethods)
response.setHeader(ALLOW, method);
response.setContent(ChannelBuffers.copiedBuffer("405 Method not allowed", CharsetUtil.UTF_8));
// Write the response.
ChannelFuture future = e.getChannel().write(response);
// Close the non-keep-alive connection after the write operation is done.
future.addListener(ChannelFutureListener.CLOSE);
}
protected void pageNotFound(MessageEvent e) throws IOException
{
// requested page not found!
HttpResponse response = new DefaultHttpResponse(HTTP_1_1, NOT_FOUND);
response.setHeader(CONTENT_TYPE, "text/plain; charset=UTF-8");
response.setHeader(PRAGMA, "no-cache");
response.setContent(ChannelBuffers.copiedBuffer("404 Not found", CharsetUtil.UTF_8));
// Write the response.
ChannelFuture future = e.getChannel().write(response);
// Close the non-keep-alive connection after the write operation is done.
future.addListener(ChannelFutureListener.CLOSE);
}
protected void redirect(MessageEvent e, String targetUrl) throws IOException
{
// redirect to given URL
HttpResponse response = new DefaultHttpResponse(HTTP_1_1, SEE_OTHER);
response.setHeader(CONTENT_TYPE, "text/plain; charset=UTF-8");
response.setHeader(PRAGMA, "no-cache");
response.setHeader(LOCATION, targetUrl);
if(cookieToSend != null)
{
// send cookie with auth ID to client
response.addHeader(SET_COOKIE, cookieToSend);
cookieToSend = null;
}
response.setContent(ChannelBuffers.copiedBuffer("303 See Other", CharsetUtil.UTF_8));
// Write the response.
ChannelFuture future = e.getChannel().write(response);
// Close the non-keep-alive connection after the write operation is done.
future.addListener(ChannelFutureListener.CLOSE);
}
protected void writeResponse(MessageEvent e, String contentType, String responseText)
{
// Decide whether to close the connection or not.
boolean keepAlive = isKeepAlive(request);
// Build the response object.
HttpResponse response = new DefaultHttpResponse(HTTP_1_1, OK);
response.setHeader(PRAGMA, "no-cache");
if(contentType.endsWith("/png") || contentType.endsWith("/jpeg"))
{
response.setHeader(CONTENT_TYPE, contentType);
response.setHeader(CONTENT_ENCODING, "base64");
response.setContent(ChannelBuffers.copiedBuffer(responseText, CharsetUtil.US_ASCII));
}
else
{
response.setHeader(CONTENT_TYPE, contentType + "; charset=UTF-8");
response.setContent(ChannelBuffers.copiedBuffer(responseText, CharsetUtil.UTF_8));
}
if(keepAlive)
{
// Add 'Content-Length' header only for a keep-alive connection.
response.setHeader(CONTENT_LENGTH, response.getContent().readableBytes());
// Add keep alive header as per:
// - http://www.w3.org/Protocols/HTTP/1.1/draft-ietf-http-v11-spec-01.html#Connection
response.setHeader(CONNECTION, HttpHeaders.Values.KEEP_ALIVE);
}
// Write the response.
ChannelFuture future = e.getChannel().write(response);
// Close the non-keep-alive connection after the write operation is done.
if(!keepAlive)
{
future.addListener(ChannelFutureListener.CLOSE);
}
}
@Override
public void channelOpen(ChannelHandlerContext ctx, ChannelStateEvent e)
{
HttpServer.allChannels.add(e.getChannel());
}
@Override
public void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception
{
e.getCause().printStackTrace();
e.getChannel().close();
}
}