Mercurial Hosting > nabble
view src/nabble/view/web/embed/NabbleEmbed.java @ 66:3fbe9cb2e325 default tip
security
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Wed, 18 Sep 2024 03:51:47 -0600 |
parents | 7ecd1a4ef557 |
children |
line wrap: on
line source
package nabble.view.web.embed; import fschmidt.util.servlet.JtpContext; import nabble.model.Node; import nabble.model.Site; import nabble.view.lib.Jtp; import nabble.view.lib.UrlMappable; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; import java.util.HashMap; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; public final class NabbleEmbed extends HttpServlet implements UrlMappable { private static final Pattern URL_PATTERN = Pattern.compile("/embed/(f|p)?(\\d+)?$"); public String path(String type, String nodeId) { return "/embed/" + type + nodeId; } public Map<String, String[]> getParameterMapFromUrl(HttpServletRequest request,String mappedUrl) { Matcher m = URL_PATTERN.matcher(mappedUrl); if( !m.find() ) throw new RuntimeException(); Map<String,String[]> params = new HashMap<String,String[]>(); String type = m.group(1); String nodeId = m.group(2); params.put("type",new String[]{type}); params.put("node",new String[]{nodeId}); return params; } public Pattern getUrlPattern() { return URL_PATTERN; } protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { JtpContext jtpContext = (JtpContext)getServletContext().getAttribute(JtpContext.attrName); jtpContext.setEtag(request,response); response.setHeader("Content-Type","application/x-javascript"); PrintWriter out = response.getWriter(); long nodeId = Long.valueOf(request.getParameter("node")); Site site = Jtp.getSite(request); if (site == null) { response.sendError(HttpServletResponse.SC_NOT_FOUND, "Node not found"); return; } Node node = site.getNode(nodeId); if (node == null) { response.sendError(HttpServletResponse.SC_NOT_FOUND, "Node not found"); return; } jsLoadNode(site.getId(), nodeId, request, out); } static void invalidApp(PrintWriter out) { out.print( "\r\n document.write(\"<div style='margin:.5em 0'>\");\r\n document.write(\"<span style='color:#000;background:#FFF;padding:.5em'>\");\r\n document.write(\"<b>This forum doesn't exist.</b><br>\");\r\n " ); if (Jtp.supportUrl() != null) { out.print( "\r\n document.write(\"Please contact <a href='" ); out.print( (Jtp.supportUrl()) ); out.print( "'>Nabble Support</a> if you need help.\");\r\n " ); } out.print( "\r\n document.write(\"</span>\");\r\n document.write(\"</div>\");\r\n" ); } static void jsLoadNode(long siteId, long nodeId, HttpServletRequest request, PrintWriter out) { String base = Jtp.getBaseUrl(request); out.print( "\r\n var link=document.getElementById(\"nabblelink\");\r\nif (link != null) {\r\n link.style.display=\"none\";\r\n document.write(\"<div id='nabbleforum' style='width:100%'><div style='height:700px'><img src='" ); out.print( (base) ); out.print( "/images/loading.png' width='94' height='33' alt='Loading...'></div></div>\");\r\n var e = document.createElement(\"script\");\r\n e.src = '" ); out.print( (base) ); out.print( "/embed/JsEmbed.jtp?site=" ); out.print( (siteId) ); out.print( "&node=" ); out.print( (nodeId) ); out.print( "&url=' + encodeURIComponent(location.href);\r\n e.type=\"text/javascript\";\r\n document.getElementsByTagName(\"head\")[0].appendChild(e);\r\n}\r\n" ); } }