From b095bae329c0539e446fc803afc5c5aad590026f Mon Sep 17 00:00:00 2001
From: Thomas <gltron3000@gmail.com>
Date: Wed, 20 May 2020 12:28:09 +0200
Subject: [PATCH] Proper config & download files fix
---
.../src/main/java/mozen/auth/WebSecurity.java | 20 ++++++++++++-----
.../java/mozen/business/IModelManager.java | 4 +++-
.../java/mozen/business/ModelManager.java | 12 +++++++---
.../java/mozen/business/TagRepository.java | 2 +-
.../main/java/mozen/business/UserManager.java | 2 +-
.../java/mozen/business/UserRepository.java | 2 +-
.../main/java/mozen/model/CustomLayer.java | 18 +++++++++++++--
mozen/src/main/java/mozen/model/Model.java | 2 +-
.../main/java/mozen/web/ModelController.java | 22 ++++++++++++++++++-
.../src/main/resources/application.properties | 17 ++++++++++----
10 files changed, 81 insertions(+), 20 deletions(-)
diff --git a/mozen/src/main/java/mozen/auth/WebSecurity.java b/mozen/src/main/java/mozen/auth/WebSecurity.java
index 014bb26..259f5e8 100644
--- a/mozen/src/main/java/mozen/auth/WebSecurity.java
+++ b/mozen/src/main/java/mozen/auth/WebSecurity.java
@@ -4,6 +4,7 @@ import java.util.Arrays;
import java.util.Collections;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -26,18 +27,27 @@ public class WebSecurity extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.cors().and().csrf().disable().authorizeRequests()
+ http
+ .httpBasic()
+ .and()
+ .csrf().disable()
+ .cors()
+ .and()
+ .authorizeRequests()
+ .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers(HttpMethod.POST, "/user/signup").permitAll()
.antMatchers(HttpMethod.GET, "/search").permitAll()
.antMatchers(HttpMethod.GET, "/models").permitAll()
.antMatchers(HttpMethod.GET, "/models/tags").permitAll()
+ .antMatchers(HttpMethod.GET, "/models/download").permitAll()
+ .antMatchers(HttpMethod.GET, "/models/downloadLayer").permitAll()
.antMatchers(HttpMethod.GET, "/user/list").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/model/list").hasRole("ADMIN")
.anyRequest().authenticated()
- .and()
- .addFilter(new JwtAuthenticationFilter(authenticationManager()))
- .addFilter(new JwtAuthorizationFilter(authenticationManager()))
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+ .and()
+ .addFilter(new JwtAuthenticationFilter(authenticationManager()))
+ .addFilter(new JwtAuthorizationFilter(authenticationManager()))
+ .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
diff --git a/mozen/src/main/java/mozen/business/IModelManager.java b/mozen/src/main/java/mozen/business/IModelManager.java
index b559eb8..1823817 100644
--- a/mozen/src/main/java/mozen/business/IModelManager.java
+++ b/mozen/src/main/java/mozen/business/IModelManager.java
@@ -6,6 +6,7 @@ import org.springframework.web.multipart.MultipartFile;
import mozen.messages.ModelMessage;
import mozen.messages.TagMessage;
+import mozen.model.CustomLayer;
import mozen.model.Model;
import mozen.messages.SearchResult;
import mozen.model.TagCategory;
@@ -25,7 +26,8 @@ public interface IModelManager {
Model getModel(long id);
Collection<Model> getModels();
Collection<TagCategory> getTags();
- SearchResult findModel(String name, int page, int size, String sort);
+ CustomLayer getLayer(long id);
+ SearchResult findModel(String name, int page, int size, String sort);
SearchResult findModelWithTags(String name, int page, int size, String sort, Collection<String> tags);
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/business/ModelManager.java b/mozen/src/main/java/mozen/business/ModelManager.java
index dcaeed6..48897ec 100644
--- a/mozen/src/main/java/mozen/business/ModelManager.java
+++ b/mozen/src/main/java/mozen/business/ModelManager.java
@@ -51,7 +51,7 @@ public class ModelManager implements IModelManager {
if (message.getTags() != null) {
Set<Tag> tags = new HashSet<Tag>();
for (String tagName : message.getTags()) {
- Tag tag = tagRepo.findByName(tagName).get(0);
+ Tag tag = tagRepo.findByName(tagName);
tags.add(tag);
}
model.setTags(tags);
@@ -77,6 +77,8 @@ public class ModelManager implements IModelManager {
if (model == null)
throw new Exception("Unknown model");
+ if (!isModelAuthor(model, user))
+ throw new Exception("Not the author");
model.setFile(file.getBytes());
model.setFileType(file.getContentType());
@@ -149,6 +151,7 @@ public class ModelManager implements IModelManager {
CustomLayer layer = new CustomLayer();
layer.setName(name);
layer.setFile(file.getBytes());
+ layer.setFileType(file.getContentType());
layer.setModel(model);
model.getCustomLayers().add(layer);
@@ -183,8 +186,6 @@ public class ModelManager implements IModelManager {
@Override
public Collection<TagCategory> getTags() {
- // Collection<TagCategory> categories = new ArrayList<TagCategory>();
- // tagCategoryRepo.findAll().forEach(categories::add);
return tagCategoryRepo.findAll();
}
@@ -226,4 +227,9 @@ public class ModelManager implements IModelManager {
return modelRepo.findAll();
}
+ @Override
+ public CustomLayer getLayer(long id) {
+ return layerRepo.findById(id).get();
+ }
+
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/business/TagRepository.java b/mozen/src/main/java/mozen/business/TagRepository.java
index 219a579..5e1038f 100644
--- a/mozen/src/main/java/mozen/business/TagRepository.java
+++ b/mozen/src/main/java/mozen/business/TagRepository.java
@@ -8,6 +8,6 @@ import org.springframework.data.repository.CrudRepository;
import mozen.model.Tag;
public interface TagRepository extends CrudRepository<Tag, Long>{
- List<Tag> findByName(String name);
+ Tag findByName(String name);
List<Tag> findByNameIn(Collection<String> name);
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/business/UserManager.java b/mozen/src/main/java/mozen/business/UserManager.java
index 6cbfb61..fb71d8e 100644
--- a/mozen/src/main/java/mozen/business/UserManager.java
+++ b/mozen/src/main/java/mozen/business/UserManager.java
@@ -63,7 +63,7 @@ public class UserManager implements IUserManager {
@Override
public User getUserByUsername(String username) {
- return repo.findByUsername(username).get(0);
+ return repo.findByUsername(username);
}
@Override
diff --git a/mozen/src/main/java/mozen/business/UserRepository.java b/mozen/src/main/java/mozen/business/UserRepository.java
index e02411a..dbbe318 100644
--- a/mozen/src/main/java/mozen/business/UserRepository.java
+++ b/mozen/src/main/java/mozen/business/UserRepository.java
@@ -7,6 +7,6 @@ import org.springframework.data.repository.PagingAndSortingRepository;
import mozen.model.User;
public interface UserRepository extends PagingAndSortingRepository<User, Long> {
- List<User> findByUsername(String username);
+ User findByUsername(String username);
List<User> findAll();
}
\ No newline at end of file
diff --git a/mozen/src/main/java/mozen/model/CustomLayer.java b/mozen/src/main/java/mozen/model/CustomLayer.java
index 752c58a..071cb7f 100644
--- a/mozen/src/main/java/mozen/model/CustomLayer.java
+++ b/mozen/src/main/java/mozen/model/CustomLayer.java
@@ -30,9 +30,13 @@ public class CustomLayer implements Serializable{
private String name;
@Lob
- @Column
+ @Column(columnDefinition="BLOB")
private byte[] file;
+ @Basic
+ @Column
+ private String fileType;
+
@Basic
@ManyToOne(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
private Model model;
@@ -40,10 +44,11 @@ public class CustomLayer implements Serializable{
public CustomLayer() {
}
- public CustomLayer(Long id, String name, byte[] file, Model model) {
+ public CustomLayer(Long id, String name, byte[] file, String fileType, Model model) {
this.id = id;
this.name = name;
this.file = file;
+ this.fileType = fileType;
this.model = model;
}
@@ -72,6 +77,15 @@ public class CustomLayer implements Serializable{
this.file = file;
}
+ @JsonIgnore
+ public String getFileType() {
+ return this.fileType;
+ }
+
+ public void setFileType(String fileType) {
+ this.fileType = fileType;
+ }
+
@JsonIgnore
public Model getModel() {
return this.model;
diff --git a/mozen/src/main/java/mozen/model/Model.java b/mozen/src/main/java/mozen/model/Model.java
index 886e266..70eab80 100644
--- a/mozen/src/main/java/mozen/model/Model.java
+++ b/mozen/src/main/java/mozen/model/Model.java
@@ -65,7 +65,7 @@ public class Model implements Serializable{
private int votes;
@Lob
- @Column
+ @Column(columnDefinition="BLOB")
private byte[] file;
@Basic
diff --git a/mozen/src/main/java/mozen/web/ModelController.java b/mozen/src/main/java/mozen/web/ModelController.java
index 8a19b40..61a8bea 100644
--- a/mozen/src/main/java/mozen/web/ModelController.java
+++ b/mozen/src/main/java/mozen/web/ModelController.java
@@ -21,6 +21,7 @@ import org.springframework.web.multipart.MultipartFile;
import mozen.business.IModelManager;
import mozen.business.IUserManager;
+import mozen.model.CustomLayer;
import mozen.model.Model;
import mozen.messages.ModelMessage;
import mozen.messages.ResponseMessage;
@@ -152,7 +153,7 @@ public class ModelController {
return ResponseEntity.ok(response);
}
- @PostMapping("/download")
+ @GetMapping("/download")
public ResponseEntity<?> downloadModelFile(@RequestParam(value = "id", required = true) Long id) {
ResponseMessage response = new ResponseMessage(false, "");
@@ -170,6 +171,24 @@ public class ModelController {
return ResponseEntity.ok(response);
}
+ @GetMapping("/downloadLayer")
+ public ResponseEntity<?> downloadLayerFile(@RequestParam(value = "id", required = true) Long id) {
+ ResponseMessage response = new ResponseMessage(false, "");
+
+ try {
+ CustomLayer layer = modelManager.getLayer(id);
+ return ResponseEntity.ok()
+ .contentType(MediaType.parseMediaType(layer.getFileType()))
+ .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + layer.getName() + "\"")
+ .body(new ByteArrayResource(layer.getFile()));
+ } catch (Exception e) {
+ response.setError(true);
+ response.setMessage(e.getMessage());
+ }
+
+ return ResponseEntity.ok(response);
+ }
+
@PostMapping("/uploadLayer")
public ResponseEntity<ResponseMessage> uploadLayerFile(
@RequestParam("file") MultipartFile file,
@@ -198,6 +217,7 @@ public class ModelController {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
+ if (auth.getPrincipal() instanceof org.springframework.security.core.userdetails.User) return null;
String username = (String) auth.getPrincipal();
return userManager.getUserByUsername(username);
} else {
diff --git a/mozen/src/main/resources/application.properties b/mozen/src/main/resources/application.properties
index 46f90db..8904fb7 100644
--- a/mozen/src/main/resources/application.properties
+++ b/mozen/src/main/resources/application.properties
@@ -1,10 +1,19 @@
server.port=8181
-datasource.driverName=org.hsqldb.jdbcDriver
-datasource.url=jdbc:hsqldb:mem:mydb
-datasource.username=SA
-datasource.password=
+# H2
+spring.datasource.driverClassName=org.hsqldb.jdbcDriver
+spring.datasource.url=jdbc:hsqldb:mem:mydb
+spring.datasource.username=SA
+spring.datasource.password=
+spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
+
+# MySQL
+#spring.datasource.url=jdbc:mysql://localhost:3306/test
+#spring.datasource.username=dbuser
+#spring.datasource.password=dbpass
+#spring.datasource.driver-class-name=com.mysql.jdbc.Driver
+#spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
spring.jackson.serialization.fail-on-empty-beans=false
--
GitLab