/*
* Seldon -- open source prediction engine
* =======================================
*
* Copyright 2011-2015 Seldon Technologies Ltd and Rummble Ltd (http://www.seldon.io/)
*
* ********************************************************************************************
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ********************************************************************************************
*/
package io.seldon.api.interceptor;
import io.seldon.api.APIException;
import io.seldon.api.logging.ApiLogger;
import io.seldon.api.logging.MDCKeys;
import io.seldon.api.resource.ConsumerBean;
import io.seldon.api.resource.ErrorBean;
import io.seldon.api.resource.ScopedConsumerBean;
import io.seldon.api.service.AuthorizationServer;
import io.seldon.api.service.TokenScope;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.fasterxml.jackson.databind.ObjectMapper;
/**
* Created by: marc on 13/08/2012 at 15:24
*/
abstract public class GenericScopedInterceptor extends HandlerInterceptorAdapter implements ScopedInterceptor {
private static final Logger logger = Logger.getLogger(GenericScopedInterceptor.class);
private static final String START_TIME = "startTime";
@Autowired
private AuthorizationServer authorizationServer;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
final String requestURI = request.getRequestURI();
if (logger.isDebugEnabled())
logger.debug("Scoped interceptor for: " + requestURI);
Date start = new Date();
request.setAttribute("startTime", start);
try {
final ConsumerBean consumerBean = authorise(request);
final HttpSession session = request.getSession();
session.setAttribute("consumer", consumerBean);
return super.preHandle(request, response, handler);
} catch (APIException e) {
exceptionResponse(request, response, e);
String apiKey = request.getServletPath().replaceAll("/", "\\."); //Asumes no user/item ids in path!!!!
ApiLogger.log(apiKey,start, request, null);
} catch (Throwable t) {
logger.error("GenericScopedInterceptor#preHandle: " + t.getMessage(), t);
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
Date start = (Date)request.getAttribute(START_TIME);
final HttpSession session = request.getSession();
final ConsumerBean consumerBean = (ConsumerBean) session.getAttribute("consumer");
String apiKey = request.getServletPath().replaceAll("/", "\\."); //Asumes no user/item ids in path!!!!
ApiLogger.log(apiKey,start, request, consumerBean);
super.postHandle(request, response, handler, modelAndView);
}
protected void exceptionResponse(HttpServletRequest request, HttpServletResponse response, APIException e) throws IOException {
ErrorBean bean = new ErrorBean(e);
logger.error("GenericScopedInterceptor#exceptionResponse: " + e.getMessage(), e);
final ObjectMapper objectMapper = new ObjectMapper();
response.setContentType("application/json");
objectMapper.writeValue(response.getOutputStream(), bean);
}
private ScopedConsumerBean authorise(HttpServletRequest request) {
final ScopedConsumerBean scopedConsumerBean = authorizationServer.getConsumer(request);
if (scopedConsumerBean != null)
MDCKeys.addKeysConsumer(scopedConsumerBean);
final TokenScope.Scope tokenScope = TokenScope.fromString(scopedConsumerBean.getScope());
final String requestURI = request.getRequestURI();
final String queryString = request.getQueryString();
final String requestInfo = requestURI + ", " + queryString;
if (tokenScope == getScope() && validReferrer(request, scopedConsumerBean)) {
if (logger.isDebugEnabled())
logger.debug("Scope and referrer valid for request: " + requestInfo);
return scopedConsumerBean;
} else {
logger.warn("Incorrect scope of invalid referrer in request for: " + requestInfo);
throw new APIException(APIException.METHOD_NOT_AUTHORIZED); // create additional error code?
}
}
private boolean validReferrer(HttpServletRequest request, ScopedConsumerBean scopedConsumerBean) {
final String referrer = request.getHeader("Referer"); // sic.; incorrect spelling due to spec
String referringDomain = referrerDomain(referrer);
if (logger.isDebugEnabled())
logger.debug("Checking " + referringDomain + " (from " + referrer + ") against authorised domains.");
final String commaSeparatedUrls = scopedConsumerBean.getUrl();
if (commaSeparatedUrls == null) {
if (logger.isDebugEnabled())
logger.debug("No URLs specified for consumer: " + scopedConsumerBean.getShort_name() + "; valid referrer.");
return true;
}
final String[] validDomains = StringUtils.split(commaSeparatedUrls, ",");
for (String validDomain : validDomains) {
if (logger.isDebugEnabled())
logger.debug("-> Comparing against domain: " + validDomain);
if (referringDomain.equals(validDomain)) {
return true;
}
}
logger.warn(referringDomain + " is invalid. Matched against "+commaSeparatedUrls);
return false;
}
private String referrerDomain(String referrer) {
Pattern topLevelDomain = Pattern.compile(".*?([^.]+\\.[^.]+)");
Pattern ipAddress = Pattern.compile("^\\d+\\.\\d+\\.\\d+\\.\\d+");
if ( StringUtils.isBlank(referrer) ) {
return "";
}
try {
final URI referrerUri = new URI(referrer);
final String host = referrerUri.getHost();
if (StringUtils.isBlank(host)){
return "";
}
final Matcher ipMatcher = ipAddress.matcher(host);
if (ipMatcher.matches()) {
return host;
}
final Matcher tldMatcher = topLevelDomain.matcher(host);
if (tldMatcher.matches()) {
return tldMatcher.group(1);
}
return host;
} catch (URISyntaxException e) {
return referrer;
}
}
}