]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/Gigi.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix menu exploding (so that we don't need the id's anymore)
[gigi.git] / src / org / cacert / gigi / Gigi.java
diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index cef183495315a748cff19d96c8433d99679cb6ef..74bfd623218a8bb9ea0bd0e684bbf25d70674d7a 100644 (file)
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -1,12 +1,11 @@
 package org.cacert.gigi;
 
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
-import java.io.InputStreamReader;
+import java.io.PrintWriter;
 import java.util.Calendar;
 import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.Map;
 import java.util.Properties;
 
 import javax.servlet.ServletException;
@@ -16,142 +15,231 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.cacert.gigi.database.DatabaseConnection;
-import org.cacert.gigi.email.EmailProvider;
+import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.Form.CSRFException;
+import org.cacert.gigi.output.Menu;
+import org.cacert.gigi.output.Outputable;
+import org.cacert.gigi.output.PageMenuItem;
+import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.MainPage;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.pages.TestSecure;
 import org.cacert.gigi.pages.Verify;
-import org.cacert.gigi.pages.account.MailAdd;
-import org.cacert.gigi.pages.account.MailCertificates;
+import org.cacert.gigi.pages.account.CertificateAdd;
+import org.cacert.gigi.pages.account.Certificates;
+import org.cacert.gigi.pages.account.ChangePasswordPage;
+import org.cacert.gigi.pages.account.DomainOverview;
 import org.cacert.gigi.pages.account.MailOverview;
 import org.cacert.gigi.pages.account.MyDetails;
+import org.cacert.gigi.pages.error.PageNotFound;
 import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.pages.wot.AssurePage;
-import org.eclipse.jetty.util.log.Log;
+import org.cacert.gigi.util.ServerConstants;
 
 public class Gigi extends HttpServlet {
-       public static final String LOGGEDIN = "loggedin";
-       public static final String USER = "user";
-       private static final long serialVersionUID = -6386785421902852904L;
-       private String[] baseTemplate;
-       private HashMap<String, Page> pages = new HashMap<String, Page>();
-
-       public Gigi(Properties conf) {
-               EmailProvider.init(conf);
-               DatabaseConnection.init(conf);
-       }
-       @Override
-       public void init() throws ServletException {
-               pages.put("/login", new LoginPage("CACert - Login"));
-               pages.put("/", new MainPage("CACert - Home"));
-               pages.put("/secure", new TestSecure());
-               pages.put(Verify.PATH, new Verify());
-               pages.put(AssurePage.PATH + "/*", new AssurePage());
-               pages.put(MailCertificates.PATH, new MailCertificates());
-               pages.put(MyDetails.PATH, new MyDetails());
-               pages.put(RegisterPage.PATH, new RegisterPage());
-               pages.put(MailOverview.DEFAULT_PATH, new MailOverview(
-                               "My email addresses"));
-               pages.put(MailAdd.DEFAULT_PATH, new MailAdd("Add new email"));
-               String templ = "";
-               try (BufferedReader reader = new BufferedReader(new InputStreamReader(
-                               new FileInputStream(new File("templates/base.html"))))) {
-                       String tmp;
-                       while ((tmp = reader.readLine()) != null) {
-                               templ += tmp + "\n";
-                       }
-                       baseTemplate = templ.split("\\$content\\$");
-               } catch (Exception e) {
-                       Log.getLogger(Gigi.class).warn("Error loading template!", e);
-               }
-               super.init();
-
-       }
-       @Override
-       protected void service(HttpServletRequest req, HttpServletResponse resp)
-                       throws ServletException, IOException {
-               addXSSHeaders(resp);
-               if (req.getHeader("Origin") != null) {
-                       resp.getWriter().println("No cross domain access allowed.");
-                       return;
-               }
-               HttpSession hs = req.getSession();
-               if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
-                       if (hs != null) {
-                               hs.setAttribute(LOGGEDIN, null);
-                               hs.invalidate();
-                       }
-                       resp.sendRedirect("/");
-                       return;
-               }
-
-               Page p = getPage(req.getPathInfo());
-               if (p != null) {
-
-                       if (p.needsLogin() && hs.getAttribute("loggedin") == null) {
-                               String request = req.getPathInfo();
-                               request = request.split("\\?")[0];
-                               hs.setAttribute(LoginPage.LOGIN_RETURNPATH, request);
-                               resp.sendRedirect("/login");
-                               return;
-                       }
-                       if (p.beforeTemplate(req, resp)) {
-                               return;
-                       }
-
-                       String b0 = baseTemplate[0];
-                       b0 = makeDynTempl(b0, p);
-                       resp.setContentType("text/html; charset=utf-8");
-                       resp.getWriter().print(b0);
-                       if (req.getMethod().equals("POST")) {
-                               p.doPost(req, resp);
-                       } else {
-                               p.doGet(req, resp);
-                       }
-                       String b1 = baseTemplate[1];
-                       b1 = makeDynTempl(b1, p);
-                       resp.getWriter().print(b1);
-               } else {
-                       resp.sendError(404, "Page not found.");
-               }
-
-       }
-       private Page getPage(String pathInfo) {
-               if (pathInfo.endsWith("/") && !pathInfo.equals("/")) {
-                       pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
-               }
-               Page page = pages.get(pathInfo);
-               if (page != null) {
-                       return page;
-               }
-               page = pages.get(pathInfo + "/*");
-               if (page != null) {
-                       return page;
-               }
-               int idx = pathInfo.lastIndexOf('/');
-               pathInfo = pathInfo.substring(0, idx);
-
-               page = pages.get(pathInfo + "/*");
-               if (page != null) {
-                       return page;
-               }
-               return null;
-
-       }
-       private String makeDynTempl(String in, Page p) {
-               int year = Calendar.getInstance().get(Calendar.YEAR);
-               in = in.replaceAll("\\$title\\$", p.getTitle());
-               in = in.replaceAll("\\$year\\$", year + "");
-               return in;
-       }
-       public static void addXSSHeaders(HttpServletResponse hsr) {
-               hsr.addHeader("Access-Control-Allow-Origin",
-                               "http://cacert.org https://localhost");
-               hsr.addHeader("Access-Control-Max-Age", "60");
-               hsr.addHeader("Content-Security-Policy",
-                               "default-src 'self' https://www.cacert.org/*;frame-ancestors 'none'");
-               // ;report-uri https://felix.dogcraft.de/report.php
-
-       }
+
+    private boolean firstInstanceInited = false;
+
+    public static final String LOGGEDIN = "loggedin";
+
+    public static final String USER = "user";
+
+    private static final long serialVersionUID = -6386785421902852904L;
+
+    private Template baseTemplate;
+
+    private LinkedList<Menu> categories = new LinkedList<Menu>();
+
+    private HashMap<String, Page> pages = new HashMap<String, Page>();
+
+    private HashMap<Page, String> reveresePages = new HashMap<Page, String>();
+
+    private Menu rootMenu;
+
+    private static Gigi instance;
+
+    public Gigi(Properties conf) {
+        if (instance != null) {
+            new IllegalStateException("Multiple Gigi instances!");
+        }
+        instance = this;
+        DatabaseConnection.init(conf);
+    }
+
+    @Override
+    public void init() throws ServletException {
+        if ( !firstInstanceInited) {
+            putPage("/error", new PageNotFound(), null);
+            putPage("/login", new LoginPage("CACert - Login"), "Join CAcert.org");
+            putPage("/", new MainPage("CACert - Home"), null);
+            putPage(ChangePasswordPage.PATH, new ChangePasswordPage(), "My Account");
+            putPage("/secure", new TestSecure(), null);
+            putPage(Verify.PATH, new Verify(), null);
+            putPage(AssurePage.PATH + "/*", new AssurePage(), "CAcert Web of Trust");
+            putPage(Certificates.PATH + "/*", new Certificates(), "Certificates");
+            putPage(MyDetails.PATH, new MyDetails(), "My Account");
+            putPage(RegisterPage.PATH, new RegisterPage(), "Join CAcert.org");
+            putPage(CertificateAdd.PATH, new CertificateAdd(), "Certificates");
+            putPage(MailOverview.DEFAULT_PATH, new MailOverview("My email addresses"), "Certificates");
+            putPage(DomainOverview.PATH, new DomainOverview("Domains"), "Certificates");
+            baseTemplate = new Template(Gigi.class.getResource("Gigi.templ"));
+            rootMenu = new Menu("Main");
+            for (Menu menu : categories) {
+                menu.prepare();
+                rootMenu.addItem(menu);
+            }
+            rootMenu.prepare();
+            firstInstanceInited = true;
+        }
+        super.init();
+    }
+
+    private void putPage(String path, Page p, String category) {
+        pages.put(path, p);
+        reveresePages.put(p, path);
+        if (category == null) {
+            return;
+        }
+        Menu m = null;
+        for (Menu menu : categories) {
+            if (menu.getMenuName().equals(category)) {
+                m = menu;
+                break;
+            }
+        }
+        if (m == null) {
+            m = new Menu(category);
+            categories.add(m);
+        }
+        m.addItem(new PageMenuItem(p));
+
+    }
+
+    @Override
+    protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
+        addXSSHeaders(resp);
+        // if (req.getHeader("Origin") != null) {
+        // resp.getWriter().println("No cross domain access allowed.");
+        // return;
+        // }
+        HttpSession hs = req.getSession();
+        if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
+            if (hs != null) {
+                hs.setAttribute(LOGGEDIN, null);
+                hs.invalidate();
+            }
+            resp.sendRedirect("/");
+            return;
+        }
+
+        final Page p = getPage(req.getPathInfo());
+        if (p != null) {
+
+            User currentPageUser = LoginPage.getUser(req);
+            if ( !p.isPermitted(currentPageUser) && hs.getAttribute("loggedin") == null) {
+                String request = req.getPathInfo();
+                request = request.split("\\?")[0];
+                hs.setAttribute(LoginPage.LOGIN_RETURNPATH, request);
+                resp.sendRedirect("/login");
+                return;
+            }
+            if (p.beforeTemplate(req, resp)) {
+                return;
+            }
+            HashMap<String, Object> vars = new HashMap<String, Object>();
+
+            resp.setContentType("text/html; charset=utf-8");
+            Outputable content = new Outputable() {
+
+                @Override
+                public void output(PrintWriter out, Language l, Map<String, Object> vars) {
+                    try {
+                        if (req.getMethod().equals("POST")) {
+                            if (req.getQueryString() != null) {
+                                return;
+                            }
+                            p.doPost(req, resp);
+                        } else {
+                            p.doGet(req, resp);
+                        }
+                    } catch (CSRFException err) {
+                        try {
+                            resp.sendError(500, "CSRF invalid");
+                        } catch (IOException e) {
+                            e.printStackTrace();
+                        }
+                    } catch (IOException e) {
+                        e.printStackTrace();
+                    }
+
+                }
+            };
+            vars.put(Menu.USER_VALUE, currentPageUser);
+            vars.put("menu", rootMenu);
+            vars.put("title", p.getTitle());
+            vars.put("static", ServerConstants.getStaticHostNamePort());
+            vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
+            vars.put("content", content);
+            baseTemplate.output(resp.getWriter(), Page.getLanguage(req), vars);
+        } else {
+            resp.sendError(404, "Page not found.");
+        }
+
+    }
+
+    private Page getPage(String pathInfo) {
+        if (pathInfo.endsWith("/") && !pathInfo.equals("/")) {
+            pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
+        }
+        Page page = pages.get(pathInfo);
+        if (page != null) {
+            return page;
+        }
+        page = pages.get(pathInfo + "/*");
+        if (page != null) {
+            return page;
+        }
+        int idx = pathInfo.lastIndexOf('/');
+        pathInfo = pathInfo.substring(0, idx);
+
+        page = pages.get(pathInfo + "/*");
+        if (page != null) {
+            return page;
+        }
+        return null;
+
+    }
+
+    public static void addXSSHeaders(HttpServletResponse hsr) {
+        hsr.addHeader("Access-Control-Allow-Origin", "https://" + ServerConstants.getWwwHostNamePort() + " https://" + ServerConstants.getSecureHostNamePort());
+        hsr.addHeader("Access-Control-Max-Age", "60");
+
+        hsr.addHeader("Content-Security-Policy", getDefaultCSP());
+        hsr.addHeader("Strict-Transport-Security", "max-age=31536000");
+
+    }
+
+    private static String defaultCSP = null;
+
+    private static String getDefaultCSP() {
+        if (defaultCSP == null) {
+            StringBuffer csp = new StringBuffer();
+            csp.append("default-src 'none';");
+            csp.append("font-src https://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";img-src https://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";media-src 'none'; object-src 'none';");
+            csp.append("script-src https://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";style-src https://" + ServerConstants.getStaticHostNamePort());
+            csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
+            csp.append("report-url https://api.cacert.org/security/csp/report");
+            defaultCSP = csp.toString();
+        }
+        return defaultCSP;
+    }
+
+    public static String getPathByPage(Page p) {
+        return instance.reveresePages.get(p).replaceFirst("/?\\*$", "");
+    }
+
 }
WPIA Certificate Web Issuance Platform