update versions second try

CrescoEdge · Nov 11, 2023 · f61407d · f61407d
1 parent 697df66
commit f61407d
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 14 deletions.
diff --git a/src/main/java/io/cresco/wsapi/websockets/APISocket.java b/src/main/java/io/cresco/wsapi/websockets/APISocket.java
@@ -51,8 +51,7 @@ public void onWebSocketConnect(Session sess)
     }
 
     @OnMessage
-    public void onWebSocketText(Session sess, String message)
-    {
+    public void onWebSocketText(Session sess, String message) {
         String r;
 
         Map<String, Map<String, String>> incoming_message = gson.fromJson(message, type);
@@ -70,7 +69,6 @@ public void onWebSocketText(Session sess, String message)
                 r = gson.toJson(response.getParams());
 
             }
-
             sess.getAsyncRemote().sendObject(r);
         } else {
             plugin.msgOut(request);
@@ -237,7 +235,6 @@ private MsgEvent AgentMsgEvent(Map<String, String> messageInfo) {
         return request;
     }
 
-
     private MsgEvent PluginMsgEvent(Map<String, String> messageInfo) {
         MsgEvent request = null;
         try {
@@ -252,8 +249,6 @@ private MsgEvent PluginMsgEvent(Map<String, String> messageInfo) {
         return request;
     }
 
-
-
     @OnClose
     public void onWebSocketClose(Session sess, CloseReason reason)
     {

diff --git a/src/main/java/io/cresco/wsapi/websockets/AuthFilter.java b/src/main/java/io/cresco/wsapi/websockets/AuthFilter.java
@@ -8,12 +8,12 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Enumeration;
 
 public class AuthFilter implements Filter {
 
     private CLogger logger;
     private PluginBuilder plugin;
+    private String config_service_key;
 
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
@@ -22,6 +22,7 @@ public void init(FilterConfig filterConfig) throws ServletException {
             if(Plugin.pluginBuilder != null) {
                 plugin = Plugin.pluginBuilder;
                 logger = plugin.getLogger(AuthFilter.class.getName(), CLogger.Level.Info);
+                config_service_key = plugin.getConfig().getStringParam("cresco_service_key");
             }
         }
 
@@ -30,15 +31,28 @@ public void init(FilterConfig filterConfig) throws ServletException {
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 
-        //httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "your message goes here");
-        HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
-        String incoming_service_key = httpRequest.getHeader("cresco_service_key");
-        String config_service_key = plugin.getConfig().getStringParam("cresco_service_key","abc-8675309");
-        if(incoming_service_key.equals(config_service_key)) {
-            filterChain.doFilter(servletRequest, servletResponse);
+        if(config_service_key != null) {
+            HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
+            String incoming_service_key = httpRequest.getHeader("cresco_service_key");
+
+            if(incoming_service_key != null) {
+                if (incoming_service_key.equals(config_service_key)) {
+                    filterChain.doFilter(servletRequest, servletResponse);
+                } else {
+                    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
+                    httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "cresco_service_key mismatch");
+                    logger.info("Unauthorized Access: cresco_service_key mismatch");
+                }
+            } else {
+                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
+                httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Configuration error: Missing [cresco_service_key] request header");
+                logger.error("Configuration error: Configuration error: Missing [cresco_service_key] request header");
+            }
+
         } else {
             HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
-            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "cresco service key is incorrect");
+            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Configuration error: Missing server-side [cresco_service_key] configuration");
+            logger.error("Configuration error: Missing server-side [cresco_service_key] configuration");
         }
 
     }