@Test
public void testFetch_noToken() throws Exception {
Uri uri = Uri.parse("http://host?p=1");
HttpRequest request = createMock(HttpRequest.class);
expect(request.getUri()).andReturn(uri);
expect(request.setUri(Uri.parse("http://host?p=1&st=default%3Anull"))).andReturn(request);
replay(request);
HttpResponse response = new HttpResponse();
HttpFetcher fetcher = createMock(HttpFetcher.class);
expect(fetcher.fetch(request)).andReturn(response);
replay(fetcher);
FakeUserHttpFetcher fakeFetcher;
fakeFetcher = new FakeUserHttpFetcher(config, fetcher, crypter);
fakeFetcher.fetch(request);
verify(request);
verify(fetcher);
}
@Test
public void testFetch_withToken() throws Exception {
Uri uri = Uri.parse("http://host?p=1&st=sometoken");
// We should get the request untouched.
HttpRequest request = createMock(HttpRequest.class);
expect(request.getUri()).andReturn(uri);
replay(request);
HttpResponse response = new HttpResponse();
HttpFetcher fetcher = createMock(HttpFetcher.class);
expect(fetcher.fetch(request)).andReturn(response);
replay(fetcher);
FakeUserHttpFetcher fakeFetcher;
fakeFetcher = new FakeUserHttpFetcher(config, fetcher, crypter);
fakeFetcher.fetch(request);
verify(request);
verify(fetcher);
}
@Override
public void fetch(HttpServletRequest request, HttpServletResponse response)
throws IOException, GadgetException {
if (request.getHeader("If-Modified-Since") != null) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
}
String host = request.getHeader("Host");
if (!lockedDomainService.isSafeForOpenProxy(host)) {
// Force embedded images and the like to their own domain to avoid XSS
// in gadget domains.
String msg =
"Embed request for url "
+ getParameter(request, URL_PARAM, "")
+ " made to wrong domain "
+ host;
logger.info(msg);
throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, msg);
}
HttpRequest rcr = buildHttpRequest(request);
HttpResponse results = fetcher.fetch(rcr);
if (contentRewriterRegistry != null) {
results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
}
setResponseHeaders(request, response, results);
for (Map.Entry<String, List<String>> entry : results.getHeaders().entrySet()) {
String name = entry.getKey();
if (!DISALLOWED_RESPONSE_HEADERS.contains(name.toLowerCase())) {
for (String value : entry.getValue()) {
response.addHeader(name, value);
}
}
}
if (rcr.getRewriteMimeType() != null) {
response.setContentType(rcr.getRewriteMimeType());
}
if (results.getHttpStatusCode() != HttpResponse.SC_OK) {
response.sendError(results.getHttpStatusCode());
}
IOUtils.copy(results.getResponse(), response.getOutputStream());
}