wave/src/main/java/org/waveprotocol/box/server/rpc/FetchServlet.java - incubator-retired-wave - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.waveprotocol.box.server.rpc;

 import com.google.common.annotations.VisibleForTesting;
 import com.google.inject.Inject;
 import com.google.protobuf.MessageLite;

 import org.waveprotocol.box.common.comms.WaveClientRpc.DocumentSnapshot;
 import org.waveprotocol.box.common.comms.WaveClientRpc.WaveViewSnapshot;
 import org.waveprotocol.box.server.authentication.SessionManager;
 import org.waveprotocol.box.server.common.SnapshotSerializer;
 import org.waveprotocol.box.server.frontend.CommittedWaveletSnapshot;
 import org.waveprotocol.box.server.rpc.ProtoSerializer.SerializationException;
 import org.waveprotocol.box.server.waveserver.WaveServerException;
 import org.waveprotocol.box.server.waveserver.WaveletProvider;
 import org.waveprotocol.wave.model.id.ModernIdSerialiser;
 import org.waveprotocol.wave.model.id.WaveletId;
 import org.waveprotocol.wave.model.id.WaveletName;
 import org.waveprotocol.wave.model.wave.ParticipantId;
 import org.waveprotocol.wave.model.wave.data.ReadableWaveletData;
 import org.waveprotocol.wave.model.waveref.InvalidWaveRefException;
 import org.waveprotocol.wave.model.waveref.WaveRef;
 import org.waveprotocol.wave.util.escapers.jvm.JavaWaverefEncoder;
 import org.waveprotocol.wave.util.logging.Log;

 import java.io.IOException;

 import javax.inject.Singleton;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 /**
  * A servlet for static fetching of wave data. Typically, the servlet will be
  * hosted on /fetch/*. A document, a wavelet, or a whole wave can be specified
  * in the URL.
  *
  *  Valid request formats are: Fetch a wave: GET /fetch/wavedomain.com/waveid
  * Fetch a wavelet: GET /fetch/wavedomain.com/waveid/waveletdomain.com/waveletid
  * Fetch a document: GET
  * /fetch/wavedomain.com/waveid/waveletdomain.com/waveletid/b+abc123
  *
  *  The format of the returned information is the protobuf-JSON format used by
  * the websocket interface.
  */
 @SuppressWarnings("serial")
 @Singleton
 public final class FetchServlet extends HttpServlet {
   private static final Log LOG = Log.get(FetchServlet.class);

   @Inject
   public FetchServlet(
       WaveletProvider waveletProvider, ProtoSerializer serializer, SessionManager sessionManager) {
     this.waveletProvider = waveletProvider;
     this.serializer = serializer;
     this.sessionManager = sessionManager;
   }

   private final ProtoSerializer serializer;
   private final WaveletProvider waveletProvider;
   private final SessionManager sessionManager;

   /**
    * Create an http response to the fetch query. Main entrypoint for this class.
    */
   @Override
   @VisibleForTesting
   protected void doGet(HttpServletRequest req, HttpServletResponse response) throws IOException {
     ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false));

     // This path will look like "/example.com/w+abc123/foo.com/conv+root
     // Strip off the leading '/'.
     String urlPath = req.getPathInfo().substring(1);

     // Extract the name of the wavelet from the URL
     WaveRef waveref;
     try {
       waveref = JavaWaverefEncoder.decodeWaveRefFromPath(urlPath);
     } catch (InvalidWaveRefException e) {
       // The URL contains an invalid waveref. There's no document at this path.
       response.sendError(HttpServletResponse.SC_NOT_FOUND);
       return;
     }

     renderSnapshot(waveref, user, response);
   }

   private void serializeObjectToServlet(MessageLite message, HttpServletResponse dest)
       throws IOException {
     if (message == null) {
       // Snapshot is null. It would be nice to 404 here, but we can't let
       // clients guess valid wavelet ids that they're not authorized to access.
       dest.sendError(HttpServletResponse.SC_FORBIDDEN);
     } else {
       dest.setStatus(HttpServletResponse.SC_OK);
       dest.setContentType("application/json");

       // This is a hack to make sure the fetched data is fresh.
       // TODO(josephg): Change this so that browsers can cache wave snapshots. Probably need:
       // 'Cache-Control: must-revalidate, private' and an ETag with the wave[let]'s version.
       dest.setHeader("Cache-Control", "no-store");

       try {
         dest.getWriter().append(serializer.toJson(message).toString());
       } catch (SerializationException e) {
         throw new IOException(e);
       }
     }
   }

   /**
    * Render the requested waveref out to the HttpServletResponse dest.
    *
    * @param waveref The referenced wave. Could be a whole wave, a wavelet or
    *        just a document.
    * @param dest The servlet response to render the snapshot out to.
    * @throws IOException
    */
   private void renderSnapshot(WaveRef waveref, ParticipantId requester, HttpServletResponse dest)
       throws IOException {
     // TODO(josephg): Its currently impossible to fetch all wavelets inside a
     // wave that are visible to the user. Until this is fixed, if no wavelet is
     // specified we'll just return the conv+root.
     WaveletId waveletId = waveref.hasWaveletId() ? waveref.getWaveletId() : WaveletId.of(
         waveref.getWaveId().getDomain(), "conv+root");

     WaveletName waveletName = WaveletName.of(waveref.getWaveId(), waveletId);

     CommittedWaveletSnapshot committedSnapshot;
     try {
       if (!waveletProvider.checkAccessPermission(waveletName, requester)) {
         dest.sendError(HttpServletResponse.SC_FORBIDDEN);
         return;
       }
       LOG.info("Fetching snapshot of wavelet " + waveletName);
       committedSnapshot = waveletProvider.getSnapshot(waveletName);
     } catch (WaveServerException e) {
       throw new IOException(e);
     }
     if (committedSnapshot != null) {
       ReadableWaveletData snapshot = committedSnapshot.snapshot;
       if (waveref.hasDocumentId()) {
         // We have a wavelet id and document id. Find the document in the
         // snapshot and return it.
         DocumentSnapshot docSnapshot = null;
         for (String docId : snapshot.getDocumentIds()) {
           if (docId.equals(waveref.getDocumentId())) {
             docSnapshot = SnapshotSerializer.serializeDocument(snapshot.getDocument(docId));
             break;
           }
         }
         serializeObjectToServlet(docSnapshot, dest);
       } else if (waveref.hasWaveletId()) {
         // We have a wavelet id. Pull up the wavelet snapshot and return it.
         serializeObjectToServlet(SnapshotSerializer.serializeWavelet(snapshot,
             snapshot.getHashedVersion()), dest);
       } else {
         // Wrap the conv+root we fetched earlier in a WaveSnapshot object and
         // send it.
         WaveViewSnapshot waveSnapshot = WaveViewSnapshot.newBuilder()
             .setWaveId(ModernIdSerialiser.INSTANCE.serialiseWaveId(waveref.getWaveId()))
             .addWavelet(SnapshotSerializer.serializeWavelet(snapshot, snapshot.getHashedVersion()))
             .build();
         serializeObjectToServlet(waveSnapshot, dest);
       }
     } else {
       dest.sendError(HttpServletResponse.SC_FORBIDDEN);
     }
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.waveprotocol.box.server.rpc;

	import com.google.common.annotations.VisibleForTesting;
	import com.google.inject.Inject;
	import com.google.protobuf.MessageLite;

	import org.waveprotocol.box.common.comms.WaveClientRpc.DocumentSnapshot;
	import org.waveprotocol.box.common.comms.WaveClientRpc.WaveViewSnapshot;
	import org.waveprotocol.box.server.authentication.SessionManager;
	import org.waveprotocol.box.server.common.SnapshotSerializer;
	import org.waveprotocol.box.server.frontend.CommittedWaveletSnapshot;
	import org.waveprotocol.box.server.rpc.ProtoSerializer.SerializationException;
	import org.waveprotocol.box.server.waveserver.WaveServerException;
	import org.waveprotocol.box.server.waveserver.WaveletProvider;
	import org.waveprotocol.wave.model.id.ModernIdSerialiser;
	import org.waveprotocol.wave.model.id.WaveletId;
	import org.waveprotocol.wave.model.id.WaveletName;
	import org.waveprotocol.wave.model.wave.ParticipantId;
	import org.waveprotocol.wave.model.wave.data.ReadableWaveletData;
	import org.waveprotocol.wave.model.waveref.InvalidWaveRefException;
	import org.waveprotocol.wave.model.waveref.WaveRef;
	import org.waveprotocol.wave.util.escapers.jvm.JavaWaverefEncoder;
	import org.waveprotocol.wave.util.logging.Log;

	import java.io.IOException;

	import javax.inject.Singleton;
	import javax.servlet.http.HttpServlet;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	/**
	* A servlet for static fetching of wave data. Typically, the servlet will be
	* hosted on /fetch/*. A document, a wavelet, or a whole wave can be specified
	* in the URL.
	*
	* Valid request formats are: Fetch a wave: GET /fetch/wavedomain.com/waveid
	* Fetch a wavelet: GET /fetch/wavedomain.com/waveid/waveletdomain.com/waveletid
	* Fetch a document: GET
	* /fetch/wavedomain.com/waveid/waveletdomain.com/waveletid/b+abc123
	*
	* The format of the returned information is the protobuf-JSON format used by
	* the websocket interface.
	*/
	@SuppressWarnings("serial")
	@Singleton
	public final class FetchServlet extends HttpServlet {
	private static final Log LOG = Log.get(FetchServlet.class);

	@Inject
	public FetchServlet(
	WaveletProvider waveletProvider, ProtoSerializer serializer, SessionManager sessionManager) {
	this.waveletProvider = waveletProvider;
	this.serializer = serializer;
	this.sessionManager = sessionManager;
	}

	private final ProtoSerializer serializer;
	private final WaveletProvider waveletProvider;
	private final SessionManager sessionManager;

	/**
	* Create an http response to the fetch query. Main entrypoint for this class.
	*/
	@Override
	@VisibleForTesting
	protected void doGet(HttpServletRequest req, HttpServletResponse response) throws IOException {
	ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false));

	// This path will look like "/example.com/w+abc123/foo.com/conv+root
	// Strip off the leading '/'.
	String urlPath = req.getPathInfo().substring(1);

	// Extract the name of the wavelet from the URL
	WaveRef waveref;
	try {
	waveref = JavaWaverefEncoder.decodeWaveRefFromPath(urlPath);
	} catch (InvalidWaveRefException e) {
	// The URL contains an invalid waveref. There's no document at this path.
	response.sendError(HttpServletResponse.SC_NOT_FOUND);
	return;
	}

	renderSnapshot(waveref, user, response);
	}

	private void serializeObjectToServlet(MessageLite message, HttpServletResponse dest)
	throws IOException {
	if (message == null) {
	// Snapshot is null. It would be nice to 404 here, but we can't let
	// clients guess valid wavelet ids that they're not authorized to access.
	dest.sendError(HttpServletResponse.SC_FORBIDDEN);
	} else {
	dest.setStatus(HttpServletResponse.SC_OK);
	dest.setContentType("application/json");

	// This is a hack to make sure the fetched data is fresh.
	// TODO(josephg): Change this so that browsers can cache wave snapshots. Probably need:
	// 'Cache-Control: must-revalidate, private' and an ETag with the wave[let]'s version.
	dest.setHeader("Cache-Control", "no-store");

	try {
	dest.getWriter().append(serializer.toJson(message).toString());
	} catch (SerializationException e) {
	throw new IOException(e);
	}
	}
	}

	/**
	* Render the requested waveref out to the HttpServletResponse dest.
	*
	* @param waveref The referenced wave. Could be a whole wave, a wavelet or
	* just a document.
	* @param dest The servlet response to render the snapshot out to.
	* @throws IOException
	*/
	private void renderSnapshot(WaveRef waveref, ParticipantId requester, HttpServletResponse dest)
	throws IOException {
	// TODO(josephg): Its currently impossible to fetch all wavelets inside a
	// wave that are visible to the user. Until this is fixed, if no wavelet is
	// specified we'll just return the conv+root.
	WaveletId waveletId = waveref.hasWaveletId() ? waveref.getWaveletId() : WaveletId.of(
	waveref.getWaveId().getDomain(), "conv+root");

	WaveletName waveletName = WaveletName.of(waveref.getWaveId(), waveletId);

	CommittedWaveletSnapshot committedSnapshot;
	try {
	if (!waveletProvider.checkAccessPermission(waveletName, requester)) {
	dest.sendError(HttpServletResponse.SC_FORBIDDEN);
	return;
	}
	LOG.info("Fetching snapshot of wavelet " + waveletName);
	committedSnapshot = waveletProvider.getSnapshot(waveletName);
	} catch (WaveServerException e) {
	throw new IOException(e);
	}
	if (committedSnapshot != null) {
	ReadableWaveletData snapshot = committedSnapshot.snapshot;
	if (waveref.hasDocumentId()) {
	// We have a wavelet id and document id. Find the document in the
	// snapshot and return it.
	DocumentSnapshot docSnapshot = null;
	for (String docId : snapshot.getDocumentIds()) {
	if (docId.equals(waveref.getDocumentId())) {
	docSnapshot = SnapshotSerializer.serializeDocument(snapshot.getDocument(docId));
	break;
	}
	}
	serializeObjectToServlet(docSnapshot, dest);
	} else if (waveref.hasWaveletId()) {
	// We have a wavelet id. Pull up the wavelet snapshot and return it.
	serializeObjectToServlet(SnapshotSerializer.serializeWavelet(snapshot,
	snapshot.getHashedVersion()), dest);
	} else {
	// Wrap the conv+root we fetched earlier in a WaveSnapshot object and
	// send it.
	WaveViewSnapshot waveSnapshot = WaveViewSnapshot.newBuilder()
	.setWaveId(ModernIdSerialiser.INSTANCE.serialiseWaveId(waveref.getWaveId()))
	.addWavelet(SnapshotSerializer.serializeWavelet(snapshot, snapshot.getHashedVersion()))
	.build();
	serializeObjectToServlet(waveSnapshot, dest);
	}
	} else {
	dest.sendError(HttpServletResponse.SC_FORBIDDEN);
	}
	}
	}