protected void setCaching(HttpExchange he, String type, File f) { if (Settings.getInstance().enable("Caching.Enabled")) { // We're cool, so cache publically by default he.setResponseHeader("Last-Modified", HttpFields.formatDate(f.lastModified())); if (type.startsWith("text/") || Settings.getInstance().enable("Caching.MandatoryRecheck")) { he.setResponseHeader("Cache-Control", "public, max-age=0"); } else { // Content files do not need to be rechecked every time he.setResponseHeader("Cache-Control", "public, max-age=86400"); } } }
@Override public void handle(HttpExchange he) throws IOException { String requestMethod = he.getRequestMethod(); if (requestMethod.equalsIgnoreCase("GET")) { try (OutputStream responseBody = he.getResponseBody()) { String requestURI = ""; if (ppi != null) { requestURI = ppi.getRewrittenPath(he.getRequestURI()); } else { requestURI = he.getRequestURI(); } if (requestURI.equals("/") && searchForIndex) { requestURI += "index.html"; } String filePath = getRootFolder() + requestURI; // Strip out ../ and ./ Path normalized = Paths.get(filePath); normalized = normalized.normalize(); path = normalized.toString(); File f = new File(filePath); if (!f.exists() || f.isDirectory()) { Logger.getLogger(getClass()).log(Level.INFO, "404 " + filePath); he.sendResponseHeaders(404); he.close(); return; } Session session = Sessions.getInstance().getSession(he.getRequest().getSession().getId()); boolean authorized = false; if (session != null) { authorized = Authorize.path(requestURI, session.getTicket()); } else { authorized = Authorize.path(requestURI, null); } if (!authorized) { Logger.getLogger(getClass()).log(Level.INFO, "403 " + filePath); he.sendResponseHeaders(403); he.close(); return; } if (Settings.getInstance().enable("Caching.Enabled") && he.getRequest().getHeader("If-Modified-Since") != null) { long lms = HttpFields.parseDate(he.getRequestHeader("If-Modified-Since")); if (f.lastModified() <= lms) { he.sendResponseHeaders(304); return; } } // Try to determine MIME type in a way that does not blow up in our face MagicMatch match = null; String type = ""; try { match = Magic.getMagicMatch(f, true); } catch (MagicParseException | MagicMatchNotFoundException | MagicException ex) { // Magic failed - but well just ignore this for the time being } finally { if (match != null) { type = match.getMimeType(); } else { type = "text/html"; } } byte[] file = null; type = reconsiderType(type, f); if (type.equals("text/markdown")) { file = Processor.process(f).getBytes("UTF-8"); } if (file == null) { file = getBytesFromFile(f); } // file = tryToDeflate(he, type, file); he.setResponseHeader("Content-Type", type + "; charset=UTF-8"); he.setResponseHeader("Server", "W Application Server"); setCaching(he, type, f); // X-tra headers he.setResponseHeader("X-Pandas-FTW", "true"); he.setResponseHeader("X-UA-Compatible", "IE=edge,chrome=1"); he.setResponseHeader("X-XSS-Protection", "1; mode=block"); he.sendResponseHeaders(200); responseBody.write(file); file = null; } catch (IOException ex) { Logger.getLogger(DefaultApplication.class.getName()).log(Level.INFO, "Response failed", ex); } } }