BaseJsonPostServlet.java

/*
 * Copyright 2015 Evgeny Dolganov (evgenij.dolganov@gmail.com).
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package och.comp.web;


import static och.comp.web.JsonOps.*;
import static och.util.ExceptionUtil.*;
import static och.util.Util.*;
import static och.util.json.GsonUtil.*;
import static och.util.servlet.WebUtil.*;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import och.api.exception.ExpectedException;
import och.api.exception.ValidationException;
import och.api.model.BaseBean;
import och.util.ReflectionsUtil;
import och.util.sql.ConcurrentUpdateSqlException;



public abstract class BaseJsonPostServlet<I extends BaseBean, O> extends BaseJsonServlet {
	
	private static final long serialVersionUID = 1L;
	

	/** protect post-ajax from CSRF with form-post */
	protected boolean checkXReqHeader = true;
	protected boolean checkCSRFToken = true;
	protected boolean checkInputDataForEmpty = true;
	protected boolean printError = false;
	
	private Class<I> respType;
	
	public BaseJsonPostServlet() {
		respType = ReflectionsUtil.getFirstActualArgType(getClass());
		if(respType.equals(Object.class)) throw new IllegalStateException("can't get actual input type for "+getClass());
	}

	@Override
	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
		
		OutputWrapper out = createOutputWrapper(resp);
		
		if(checkXReqHeader){
			if( ! hasXReqHeader(req)){
				out.write(jsonValidationError("Expected only Ajax requests from the original site"));
				return;
			}
		}
		if(checkCSRFToken){
			if( ! isValid_CSRF_ProtectTokenInReq(req)){
				out.write(jsonValidationError("Invalid req token"));
				return;
			}
		}
		

		String data = req.getParameter("data");
		boolean isEmptyData = ! hasText(data) || "null".equals(data);
		if( isEmptyData && checkInputDataForEmpty){
			out.write(jsonValidationError("Empty json data"));
			return;
		}
		
		I dataObj = null;
		try {
			dataObj = isEmptyData? null : convertReqDataToObject(data);
		}catch (Throwable t) {
			out.write(jsonValidationError("Can't parse json data"));
			return;
		}
		
		if(dataObj != null){
			String errorMsg = dataObj.getErrorState();
			if(!isEmpty(errorMsg)){
				out.write(jsonValidationError(errorMsg));
				return;
			}
		}
		
		try {
			doJsonPost(req, resp, dataObj, out);
		}
		catch (ValidationException | ConcurrentUpdateSqlException e) {
			out.write(jsonValidationError(e));
			return;
		}
		catch (Throwable t) {
			ExpectedException.logError(log, t, "can't invoke doPost");
			out.write(jsonUnexpectedError( ! printError? "Server error" : "Server error:\n "+stackTraceToString(t)));
			return;
		}
	}

	public OutputWrapper createOutputWrapper(HttpServletResponse resp) throws IOException {
		return new OutputWrapper(resp.getOutputStream());
	}
	
	protected I convertReqDataToObject(String data){
		return data != null? defaultGson.fromJson(data, respType) : null;
	}
	
	
	protected void doJsonPost(HttpServletRequest req, HttpServletResponse resp, I data, OutputWrapper out) throws Throwable {
		O outData = doJsonPost(req, resp, data);
		if(outData == null) out.write(jsonOk());
		else out.write(jsonOk(outData));
	}
	
	protected O doJsonPost(HttpServletRequest req, HttpServletResponse resp, I data) throws Throwable {
		return null;
	}
	

	

	

}