termbin/src/main/java/de/gurkengewuerz/termbin/Server/DataHandler.java

package de.gurkengewuerz.termbin.Server;

import de.gurkengewuerz.termbin.Termbin;
import de.gurkengewuerz.termbin.Utils.SQLInjectionEscaper;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.AbstractHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * Created by gurkengewuerz.de on 02.07.2017.
 */
public class DataHandler extends AbstractHandler {

    @Override
    public void handle(String s, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Logger.getLogger(getClass().getName()).log(Level.INFO, "API Request by " + request.getHeader("User-Agent") + " " + request.getRemoteAddr() + "@" + s);
        Termbin.getAccesslog().log(Level.INFO, request.getRemoteAddr() + " - - " + request.getHeader("User-Agent") + " - " + s);

        if (Termbin.getConfig().isBanned(request.getRemoteAddr())) {
            request.setHandled(true);
            Logger.getLogger(getClass().getName()).log(Level.INFO, "Request by " + request.getRemoteAddr() + "@" + s + " closed BANNED");
            return;
        }

        request.setCharacterEncoding("UTF-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        try {
            ResultSet rs = Termbin.getDatabase().executeQuery("SELECT * FROM data WHERE uniqueid = '" + SQLInjectionEscaper.escapeString(s.substring(1), false) + "' LIMIT 1;");

            boolean found = false;
            httpServletResponse.setStatus(HttpServletResponse.SC_OK);
            while (rs.next()) {
                if ((((System.currentTimeMillis() / 1000) - rs.getFloat("timestamp")) / 60 / 60) > Termbin.getConfig().getInt("uploadlifetime"))
                    break;
                found = true;
                httpServletResponse.setContentType(rs.getString("filetype"));
                if (rs.getString("filetype").equals("text/plain")) {
                    httpServletResponse.getOutputStream().write(rs.getString("text").getBytes("UTF-8"));
                } else {
                    httpServletResponse.setContentLength(rs.getBytes("rawData").length);
                    httpServletResponse.getOutputStream().write(rs.getBytes("rawData"));
                }
            }

            if (!found) {
                httpServletResponse.setStatus(HttpServletResponse.SC_NOT_FOUND);
                httpServletResponse.setContentType("text/html");
                httpServletResponse.getOutputStream().write("<html><body><img src='https://http.cat/404'/></body></html>".getBytes("UTF-8"));
            }

        } catch (SQLException e) {
            Logger.getLogger(getClass().getName()).log(Level.SEVERE, null, e);
            httpServletResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            httpServletResponse.setContentType("text/html");
            httpServletResponse.getOutputStream().write("<html><body><img src='https://http.cat/500'/></body></html>".getBytes("UTF-8"));

        }

        request.setHandled(true);
    }
}