Proper config & download files fix

b095bae3 · Thomas · ef4577ac · b095bae3 · b095bae3 · b095bae3
Commit b095bae3 authored 5 years ago by Thomas
--- a/mozen/src/main/java/mozen/auth/WebSecurity.java
+++ b/mozen/src/main/java/mozen/auth/WebSecurity.java
@@ -4,6 +4,7 @@ import java.util.Arrays;
 import java.util.Collections;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -26,11 +27,20 @@ public class WebSecurity extends WebSecurityConfigurerAdapter{

  @Override
  protected void configure(HttpSecurity http) throws Exception {
-    http.cors().and().csrf().disable().authorizeRequests()
+    http
+      .httpBasic()
+    .and()
+      .csrf().disable()
+      .cors()
+    .and()
+      .authorizeRequests() 
+        .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
        .antMatchers(HttpMethod.POST, "/user/signup").permitAll()
        .antMatchers(HttpMethod.GET, "/search").permitAll()
        .antMatchers(HttpMethod.GET, "/models").permitAll()
        .antMatchers(HttpMethod.GET, "/models/tags").permitAll()
+        .antMatchers(HttpMethod.GET, "/models/download").permitAll()
+        .antMatchers(HttpMethod.GET, "/models/downloadLayer").permitAll()
        .antMatchers(HttpMethod.GET, "/user/list").hasRole("ADMIN")
        .antMatchers(HttpMethod.GET, "/model/list").hasRole("ADMIN")
        .anyRequest().authenticated()

--- a/mozen/src/main/java/mozen/business/IModelManager.java
+++ b/mozen/src/main/java/mozen/business/IModelManager.java
@@ -6,6 +6,7 @@ import org.springframework.web.multipart.MultipartFile;

 import mozen.messages.ModelMessage;
 import mozen.messages.TagMessage;
+import mozen.model.CustomLayer;
 import mozen.model.Model;
 import mozen.messages.SearchResult;
 import mozen.model.TagCategory;
@@ -25,7 +26,8 @@ public interface IModelManager {
  Model getModel(long id);
  Collection<Model> getModels();
  Collection<TagCategory> getTags();
-  SearchResult findModel(String name, int page, int size, String sort);
+  CustomLayer getLayer(long id);

+  SearchResult findModel(String name, int page, int size, String sort);
  SearchResult findModelWithTags(String name, int page, int size, String sort, Collection<String> tags);
 }
\ No newline at end of file
--- a/mozen/src/main/java/mozen/business/ModelManager.java
+++ b/mozen/src/main/java/mozen/business/ModelManager.java
@@ -51,7 +51,7 @@ public class ModelManager implements IModelManager {
    if (message.getTags() != null) {
      Set<Tag> tags = new HashSet<Tag>();
      for (String tagName : message.getTags()) {
-        Tag tag = tagRepo.findByName(tagName).get(0);
+        Tag tag = tagRepo.findByName(tagName);
        tags.add(tag);
      }
      model.setTags(tags);
@@ -77,6 +77,8 @@ public class ModelManager implements IModelManager {

    if (model == null)
      throw new Exception("Unknown model");
+    if (!isModelAuthor(model, user))
+      throw new Exception("Not the author");

    model.setFile(file.getBytes());
    model.setFileType(file.getContentType());
@@ -149,6 +151,7 @@ public class ModelManager implements IModelManager {
    CustomLayer layer = new CustomLayer();
    layer.setName(name);
    layer.setFile(file.getBytes());
+    layer.setFileType(file.getContentType());
    layer.setModel(model);

    model.getCustomLayers().add(layer);
@@ -183,8 +186,6 @@ public class ModelManager implements IModelManager {

  @Override
  public Collection<TagCategory> getTags() {
-    // Collection<TagCategory> categories = new ArrayList<TagCategory>();
-    // tagCategoryRepo.findAll().forEach(categories::add);
    return tagCategoryRepo.findAll();
  }

@@ -226,4 +227,9 @@ public class ModelManager implements IModelManager {
    return modelRepo.findAll();
  }

+  @Override
+  public CustomLayer getLayer(long id) {
+    return layerRepo.findById(id).get();
+  }
+
 }
\ No newline at end of file
--- a/mozen/src/main/java/mozen/business/TagRepository.java
+++ b/mozen/src/main/java/mozen/business/TagRepository.java
@@ -8,6 +8,6 @@ import org.springframework.data.repository.CrudRepository;
 import mozen.model.Tag;

 public interface TagRepository extends CrudRepository<Tag, Long>{
-  List<Tag> findByName(String name);
+  Tag findByName(String name);
  List<Tag> findByNameIn(Collection<String> name);
 }
\ No newline at end of file
--- a/mozen/src/main/java/mozen/business/UserManager.java
+++ b/mozen/src/main/java/mozen/business/UserManager.java
@@ -63,7 +63,7 @@ public class UserManager implements IUserManager {

  @Override
  public User getUserByUsername(String username) {
-    return repo.findByUsername(username).get(0);
+    return repo.findByUsername(username);
  }

  @Override

--- a/mozen/src/main/java/mozen/business/UserRepository.java
+++ b/mozen/src/main/java/mozen/business/UserRepository.java
@@ -7,6 +7,6 @@ import org.springframework.data.repository.PagingAndSortingRepository;
 import mozen.model.User;

 public interface UserRepository extends PagingAndSortingRepository<User, Long> {
-  List<User> findByUsername(String username);
+  User findByUsername(String username);
  List<User> findAll();
 }
\ No newline at end of file
--- a/mozen/src/main/java/mozen/model/CustomLayer.java
+++ b/mozen/src/main/java/mozen/model/CustomLayer.java
@@ -30,9 +30,13 @@ public class CustomLayer implements Serializable{
  private String name;
  
  @Lob
-	@Column
+	@Column(columnDefinition="BLOB")
  private byte[] file;

+  @Basic
+	@Column
+  private String fileType;
+
  @Basic
  @ManyToOne(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
  private Model model;
@@ -40,10 +44,11 @@ public class CustomLayer implements Serializable{
  public CustomLayer() {
  }

-  public CustomLayer(Long id, String name, byte[] file, Model model) {
+  public CustomLayer(Long id, String name, byte[] file, String fileType, Model model) {
    this.id = id;
    this.name = name;
    this.file = file;
+    this.fileType = fileType;
    this.model = model;
  }

@@ -72,6 +77,15 @@ public class CustomLayer implements Serializable{
    this.file = file;
  }

+  @JsonIgnore
+  public String getFileType() {
+    return this.fileType;
+  }
+
+  public void setFileType(String fileType) {
+    this.fileType = fileType;
+  }
+
  @JsonIgnore
  public Model getModel() {
    return this.model;

--- a/mozen/src/main/java/mozen/model/Model.java
+++ b/mozen/src/main/java/mozen/model/Model.java
@@ -65,7 +65,7 @@ public class Model implements Serializable{
  private int votes;

  @Lob
-	@Column
+	@Column(columnDefinition="BLOB")
  private byte[] file;

  @Basic

--- a/mozen/src/main/java/mozen/web/ModelController.java
+++ b/mozen/src/main/java/mozen/web/ModelController.java
@@ -21,6 +21,7 @@ import org.springframework.web.multipart.MultipartFile;

 import mozen.business.IModelManager;
 import mozen.business.IUserManager;
+import mozen.model.CustomLayer;
 import mozen.model.Model;
 import mozen.messages.ModelMessage;
 import mozen.messages.ResponseMessage;
@@ -152,7 +153,7 @@ public class ModelController {
    return ResponseEntity.ok(response);
  }

-  @PostMapping("/download")
+  @GetMapping("/download")
  public ResponseEntity<?> downloadModelFile(@RequestParam(value = "id", required = true) Long id) {
    ResponseMessage response = new ResponseMessage(false, "");
  
@@ -170,6 +171,24 @@ public class ModelController {
    return ResponseEntity.ok(response);
  }

+  @GetMapping("/downloadLayer")
+  public ResponseEntity<?> downloadLayerFile(@RequestParam(value = "id", required = true) Long id) {
+    ResponseMessage response = new ResponseMessage(false, "");
+  
+    try {
+      CustomLayer layer = modelManager.getLayer(id);
+      return ResponseEntity.ok()
+        .contentType(MediaType.parseMediaType(layer.getFileType()))
+        .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + layer.getName() + "\"")
+        .body(new ByteArrayResource(layer.getFile()));
+    } catch (Exception e) {
+      response.setError(true);
+      response.setMessage(e.getMessage());
+    }
+
+    return ResponseEntity.ok(response);
+  }
+
  @PostMapping("/uploadLayer")
  public ResponseEntity<ResponseMessage> uploadLayerFile(
    @RequestParam("file") MultipartFile file, 
@@ -198,6 +217,7 @@ public class ModelController {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    if (!(auth instanceof AnonymousAuthenticationToken)) {
+      if (auth.getPrincipal() instanceof org.springframework.security.core.userdetails.User) return null;
      String username = (String) auth.getPrincipal();
      return userManager.getUserByUsername(username);
    } else {

--- a/mozen/src/main/resources/application.properties
+++ b/mozen/src/main/resources/application.properties

 server.port=8181

-datasource.driverName=org.hsqldb.jdbcDriver
-datasource.url=jdbc:hsqldb:mem:mydb
-datasource.username=SA
-datasource.password=
+# H2
+spring.datasource.driverClassName=org.hsqldb.jdbcDriver
+spring.datasource.url=jdbc:hsqldb:mem:mydb
+spring.datasource.username=SA
+spring.datasource.password=
+spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
+
+# MySQL
+#spring.datasource.url=jdbc:mysql://localhost:3306/test
+#spring.datasource.username=dbuser
+#spring.datasource.password=dbpass
+#spring.datasource.driver-class-name=com.mysql.jdbc.Driver
+#spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect

 spring.jackson.serialization.fail-on-empty-beans=false