OAuthAuthenticationFilter.java

/*
 * This file is part of anycook. The new internet cookbook
 * Copyright (C) 2014 Jan Graßegger
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see [http://www.gnu.org/licenses/].
 */

package de.anycook.api.filter;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import java.net.URI;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.ext.Provider;

@Provider
public class OAuthAuthenticationFilter implements ContainerRequestFilter {

    private final Logger logger;

    public OAuthAuthenticationFilter() {
        logger = LogManager.getLogger(getClass());
    }


    @Override
    public void filter(ContainerRequestContext containerRequest) {
        URI uri = containerRequest.getUriInfo().getRequestUri();
//		URI referer;
//		try {
//			String refererStr = containerRequest.getHeaderValue("referer");
//			referer = new URI(refererStr);
//		} catch (URISyntaxException | NullPointerException e) {
//			throw new WebApplicationException(401);
//		}
//		String refererDomain = referer.getHost();
//		if(refererDomain.endsWith("anycook.de")){
//			return containerRequest;
//		}

        //use path to check if de.anycook.oauth is needed
        /*String path = uri.getPath();
		logger.debug(path);
		if(path.startsWith("oauth"))
			containerReque     */

//		logger.debug(uri);

//		DBApps db = new DBApps();
//		String appSecret = db.getAppSecretByDomain(refererDomain);
//		Integer appID = db.getAppIDbyDomain(refererDomain);
//		db.close();
//		if(appSecret == null || appID == null){
//			throw new WebApplicationException(401);
//		}
//		
//		String clientAppIDStr = containerRequest.getQueryParameters().getFirst("appid");
//		
//		if(clientAppIDStr == null){
//			throw new WebApplicationException(401);
//		}
//		
//		Integer clientAppID = Integer.parseInt(clientAppIDStr);
//		if(clientAppID != appID)
//			throw new WebApplicationException(401);
//		
//		
//		// Read the OAuth parameters from the request
//        OAuthServerRequest request = new OAuthServerRequest(containerRequest);
//        OAuthParameters params = new OAuthParameters();
//        params.readRequest(request);
//        
//        // Set the secret(s), against which we will verify the request
//        OAuthSecrets secrets = new OAuthSecrets();
//        secrets.setTokenSecret(appSecret);
//        secrets.setConsumerSecret(appID.toString());
//        
//        // TODO... secret setting code ...
//        
//        // Check that the timestamp has not expired
//        String timestampStr = params.getTimestamp();
//        // ... timestamp checking code ...
//        
//        // Verify the signature
////        try {
////            if(!OAuthSignature.verify(request, params, secrets)) {
////                throw new WebApplicationException(401);
////            }
////        } catch (OAuthSignatureException e) {
////            throw new WebApplicationException(e, 401);
////        }
//        
//        // Return the request
//        db.close();
        //return containerRequest;
    }

}