@Override public void start() throws Exception { Router router = Router.router(vertx); router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(routingContext -> { Session session = routingContext.session(); Integer cnt = session.get("hitcount"); cnt = (cnt == null ? 0 : cnt) + 1; session.put("hitcount", cnt); routingContext.response().putHeader("content-type", "text/html") .end("<html><body><h1>Hitcount: " + cnt + "</h1></body></html>"); }); vertx.createHttpServer().requestHandler(router).listen(8080); } }
router.route().handler(CookieHandler.create());
router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route().handler(CookieHandler.create()); router.route().handler(BodyHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route().handler(CookieHandler.create()); router.route().handler(BodyHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route().handler(CookieHandler.create()); router.route().handler(BodyHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
@Override public void setUp() throws Exception { super.setUp(); router.route().handler(CookieHandler.create()); }
@Override public void init(Router router) { router.routeWithRegex(PATTERN_ANY).handler(CookieHandler.create()); router.routeWithRegex(PATTERN_ANY).handler(createBodyHandler()); router.routeWithRegex(PATTERN_ANY).failureHandler(this::onFailure).handler(this::onRequest); }
@Override public void init(Router router) { router.route().handler(CookieHandler.create()); router.route().handler(createBodyHandler()); router.route().failureHandler(this::failureHandler).handler(this::onRequest); }
@Test public void testGetCookie() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(CSRFHandler.create("Abracadabra")); router.get().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { List<String> cookies = resp.headers().getAll("set-cookie"); assertEquals(1, cookies.size()); assertEquals(CSRFHandler.DEFAULT_COOKIE_NAME, cookies.get(0).substring(0, cookies.get(0).indexOf('='))); }, 200, "OK", null); }
@Test public void testIssue172_setnull() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); AtomicReference<Session> rid = new AtomicReference<>(); router.route().handler(rc -> { rid.set(rc.session()); rc.session().put("foo", null); vertx.setTimer(1000, tid -> rc.response().end()); }); testRequest(HttpMethod.GET, "/", 200, "OK"); }
@Test public void testPostWithoutHeader() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(CSRFHandler.create("Abracadabra")); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.POST, "/", null, null, 403, "Forbidden", null); }
@Test public void testSessionCookieSecureFlagAndHttpOnlyFlags() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookiePath() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setSessionCookiePath("/path")); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("Path=/path")); }, 200, "OK", null); }
@Test public void testSessionCookieHttpOnlyFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookieName() throws Exception { router.route().handler(CookieHandler.create()); String sessionCookieName = "acme.sillycookie"; router.route().handler(SessionHandler.create(store).setSessionCookieName(sessionCookieName)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.startsWith(sessionCookieName + "=")); }, 200, "OK", null); }
@Test public void testSessionCookieSecureFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); }, 200, "OK", null); }
@Test public void testPostWithExpiredCookie() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(CSRFHandler.create("Abracadabra").setTimeout(1)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.POST, "/", req -> req.putHeader(CSRFHandler.DEFAULT_HEADER_NAME, "4CYp9vQsr2VSQEsi/oVsMu35Ho9TlR0EovcYovlbiBw=.1437037602082.41jwU0FPl/n7ZNZAZEA07GyIUnpKSTKQ8Eju7Nicb34="), null, 403, "Forbidden", null); }
@Test public void testPostWithCustomResponseBody() throws Exception { final String expectedResponseBody = "Expected response body"; router.route().handler(CookieHandler.create()); router.route().handler(CSRFHandler.create("Abracadabra").setTimeout(1).setResponseBody(expectedResponseBody)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.POST, "/", req -> req.putHeader(CSRFHandler.DEFAULT_HEADER_NAME, "4CYp9vQsr2VSQEsi/oVsMu35Ho9TlR0EovcYovlbiBw=.1437037602082.41jwU0FPl/n7ZNZAZEA07GyIUnpKSTKQ8Eju7Nicb34="), null, 403, "Forbidden", expectedResponseBody); } }
@Test public void testSessionCookieAttack() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); // faking that there was some auth error router.route().handler(rc -> rc.fail(401)); testRequest(HttpMethod.GET, "/", null, resp -> assertNull(resp.headers().get("set-cookie")), 401, "Unauthorized", null); }