FileServlet.java

/*

    This file is part of OpenMyEWB.

    OpenMyEWB is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    OpenMyEWB is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with OpenMyEWB.  If not, see <http://www.gnu.org/licenses/>.

    OpenMyEWB is Copyright 2005-2009 Nicolas Kruchten (nicolas@kruchten.com), Francis Kung, Engineers Without Borders Canada, Michael Trauttmansdorff, Jon Fishbein, David Kadish

*/

package ca.myewb.frame.servlet;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URLDecoder;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;
import org.hibernate.Session;

import ca.myewb.frame.ErrorMessage;
import ca.myewb.frame.HibernateUtil;
import ca.myewb.frame.Helpers;
import ca.myewb.frame.Controller;
import ca.myewb.frame.Permissions;
import ca.myewb.frame.RedirectionException;
import ca.myewb.model.GroupModel;
import ca.myewb.model.PostModel;
import ca.myewb.model.UserModel;
import ca.myewb.model.WhiteboardModel;


public class FileServlet extends HttpServlet
{
	public void doGet(HttpServletRequest req, HttpServletResponse res)
	           throws ServletException, IOException
	{
		
		Logger log = Logger.getLogger(this.getClass());
		log.info("****** (post/whiteboard file)");
		log.info("requestURI= " + req.getRequestURI());
		log.info("referer= " + req.getHeader("Referer"));
		log.info("user-agent= " + req.getHeader("User-Agent"));

		try
		{
			Session s = HibernateUtil.currentSession();
			HttpSession httpSession = req.getSession();
			log.info("request URI = " + req.getRequestURI());
			String[] path = Helpers.getURIComponents(req.getRequestURI());
			String prefix = path[0];
			String id = path[1];
			String file = "";
			
			log.info("Prefix: " + prefix + ", ID: " + id );
			
			for( int i = 2; i < path.length ; i++ )
			{
				file += "/" + path[i];
			}
			
			file = URLDecoder.decode(file, "UTF-8");
			
			UserModel currentUser = WrapperServlet.getUser(Helpers.getDefaultURL(),
                    log, s, httpSession);

			String internalFolder = "";
			if(prefix.equals("postfile") )
			{
				internalFolder = "/posts/";
				
				PostModel thePost = (PostModel)s.get(PostModel.class, new Integer(id));
				if((thePost == null) || !Permissions.canReadPost(currentUser, thePost))
				{
					log.debug((thePost == null)? "The post is null" : currentUser.getUsername() + " does not have permission to see post number " + thePost.getId() + " belonging to " + thePost.getGroup().getName());
					throw new RedirectionException(Controller.path + "/home/ShowPost/" + id);
				}
			}
			else if(prefix.equals("whiteboardfile"))
			{
				internalFolder = "/whiteboards/";

				WhiteboardModel theWhiteboard = (WhiteboardModel)s.get(WhiteboardModel.class, new Integer(id));
				if(theWhiteboard == null || !theWhiteboard.isEnabled())
				{			
					throw new RedirectionException(Controller.path + "/events/EditWhiteboard/-1");
				}
				
				if (!Permissions.canUpdateWhiteboard(currentUser,theWhiteboard))	
				{	
					throw new RedirectionException(Controller.path + "/events/EventInfo/" + theWhiteboard.getParentEvent().getId());
				}
			}
			else if(prefix.equals("groupfiles"))
			{
				if( currentUser.getUsername().equals("guest") )
				{
					log.info("A guest tried to get to files in group number " + id);
					throw new RedirectionException(Controller.path + "/mailing/ShowGroupFiles/" + id );
				}
				
				internalFolder = "/groupfiles/";

				GroupModel theGroup = (GroupModel)s.get(GroupModel.class, new Integer(id));
				
				if((theGroup == null) || !Permissions.canReadFilesInGroup(currentUser, theGroup))
				{				
					throw new RedirectionException(Controller.path + "/mailing/ListInfo/" + id);
				}
				
			}
			else
			{
				httpSession.setAttribute("message",
                        new ErrorMessage("The URL you requested is invalid."));
				throw new RedirectionException(Helpers.getDefaultURL());
			}
	
			/////// SECURITY CHECKS COMPLETE
			
			File theFile = new File(Helpers.getUserFilesDir() + internalFolder + id + file);		
			OutputStream out = res.getOutputStream();

			InputStream in = null;

			try
			{
				in = new BufferedInputStream(new FileInputStream(theFile));

				String name = theFile.getName();
				boolean forceDownload = true;
				
				if(name.endsWith(".doc"))
				{
					res.setContentType("application/msword");
				}
				else if(name.endsWith(".zip"))
				{
					res.setContentType("application/zip");
				}
				else if(name.endsWith(".html") || name.endsWith(".html"))
				{
					res.setContentType("text/html");
				}
				else if(name.endsWith(".xls"))
				{
					res.setContentType("application/vnd.ms-excel");
				}
				else if(name.endsWith(".ppt"))
				{
					res.setContentType("application/vnd.ms-powerpoint");
				}
				else if(name.endsWith(".ppt"))
				{
					res.setContentType("application/vnd.ms-powerpoint");
				}
				else if(name.endsWith(".pdf"))
				{
					res.setContentType("application/pdf");
					forceDownload = false;
				}
				else if(name.endsWith(".jpg")||name.endsWith(".jpeg"))
				{
					res.setContentType("image/jpeg");
					forceDownload = false;
				}
				else if(name.endsWith(".gif"))
				{
					res.setContentType("image/gif");
					forceDownload = false;
				}
				else if(name.endsWith(".png"))
				{
					res.setContentType("image/png");
					forceDownload = false;
				}
				else
				{
					res.setContentType("application/x-download");
				}
				
					
				if(forceDownload)
				{
					res.setHeader("Content-Disposition",
				              "attachment; filename=\"" + name + "\"");
				}

				res.setContentLength((int) theFile.length());
				
				byte[] buf = new byte[4 * 1024]; // 4K buffer
				int bytesRead;

				while ((bytesRead = in.read(buf)) != -1)
				{
					out.write(buf, 0, bytesRead);
				}
			}
			catch (FileNotFoundException ex)
			{
				// If it was not a subdirectory-related problem,
				// keep throwing the error
				if (file.indexOf('/') == -1)
					throw ex;
			}
			finally
			{
				if (in != null)
				{
					in.close();
				}
			}
		}
		catch (RedirectionException re)
		{
			log.info("Clean redirect: " + re.getTargetURL(), re);
			res.sendRedirect(re.getTargetURL());
		}
		catch (Exception e)
		{
			log.error("FileServletError!", e);
			res.sendError(500, e.toString());
		}
	}
}