package de.gurkengewuerz.termbin.Server; import de.gurkengewuerz.termbin.Termbin; import de.gurkengewuerz.termbin.Utils.ImageUtils; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.handler.AbstractHandler; import org.json.JSONArray; import org.json.JSONObject; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.PrintWriter; import java.sql.SQLException; import java.util.logging.Level; import java.util.logging.Logger; /** * Created by gurkengewuerz.de on 02.07.2017. */ public class APIHandler extends AbstractHandler { @Override public void handle(String s, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException { Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getHeader("User-Agent") + " " + request.getRemoteAddr() + "@" + s); Termbin.getAccesslog().log(Level.INFO, request.getRemoteAddr() + " - - " + request.getHeader("User-Agent") + " - api - " + s); if (Termbin.getConfig().isBanned(request.getRemoteAddr())) { request.setHandled(true); Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getRemoteAddr() + "@" + s + " closed BANNED"); return; } JSONObject returnObject = null; JSONArray returnArray = null; request.setCharacterEncoding("UTF-8"); httpServletResponse.setCharacterEncoding("UTF-8"); if (s.equals("/")) { // Describe yourself httpServletResponse.setStatus(HttpServletResponse.SC_OK); returnObject = new JSONObject(); returnObject.put("self", "/"); returnObject.put("upload", "/upload/"); } else if (s.startsWith("/upload")) { returnObject = new JSONObject(); httpServletResponse.setStatus(HttpServletResponse.SC_OK); ByteArrayOutputStream baos = new ByteArrayOutputStream(); boolean breaked = false; byte[] buff = new byte[1024]; while (true) { int n = httpServletRequest.getInputStream().read(buff); if (n < 0) break; baos.write(buff, 0, n); if (baos.size() > 1024 * Termbin.getConfig().getInt("maxkb")) { breaked = true; returnObject.put("error", "File too big"); Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getRemoteAddr() + "@" + s + " closed FILE TOO BIG"); break; } } if (!breaked) { byte[] data = baos.toByteArray(); if (data.length > 3) { String dataString = new String(data, "UTF-8"); Termbin.FileType ft = Termbin.FileType.TXT; if (ImageUtils.isValidPNG(data)) ft = Termbin.FileType.PNG; else if (ImageUtils.isValidJPEG(data)) ft = Termbin.FileType.JPG; else if (ImageUtils.isValidGIF(data)) ft = Termbin.FileType.GIF; try { String uploadID = Termbin.upload(request.getRemoteAddr(), dataString, data, ft); returnObject.put("key", uploadID); Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getRemoteAddr() + "@" + s + " closed SUCCESSFULL"); } catch (SQLException e) { Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getRemoteAddr() + "@" + s + " closed SERVER ERROR"); Logger.getLogger(getClass().getName()).log(Level.SEVERE, null, e); returnObject.put("error", "Server error"); } } else { returnObject.put("error", "data is empty"); Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getRemoteAddr() + "@" + s + " closed EMPTY"); } } } else { httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); } httpServletResponse.setContentType("application/json; charset=utf-8"); PrintWriter out = httpServletResponse.getWriter(); if (returnObject != null) { out.write(returnObject.toString()); } else if (returnArray != null) { out.write(returnArray.toString()); } else { returnObject = new JSONObject(); returnObject.put("error", "not found"); out.write(returnObject.toString()); } request.setHandled(true); } }