/*******************************************************************************
* Copyright (c) 2011 The Board of Trustees of the Leland Stanford Junior University
* as Operator of the SLAC National Accelerator Laboratory.
* Copyright (c) 2011 Brookhaven National Laboratory.
* EPICS archiver appliance is distributed subject to a Software License Agreement found
* in file LICENSE that is included with this distribution.
*******************************************************************************/
package org.epics.archiverappliance.retrieval.bpl;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.epics.archiverappliance.common.BPLAction;
import org.epics.archiverappliance.config.ConfigService;
import org.epics.archiverappliance.retrieval.mimeresponses.MimeResponse;
import org.epics.archiverappliance.utils.ui.MimeTypeConstants;
/**
* Get a client configuration JSON file given the file name.
* @author mshankar
*
*/
public class GetClientConfiguration implements BPLAction {
private static Logger logger = Logger.getLogger(GetClientConfiguration.class.getName());
@Override
public void execute(HttpServletRequest req, HttpServletResponse resp, ConfigService configService) throws IOException {
if(!configService.getInstallationProperties().containsKey("org.epics.archiverappliance.retrieval.bpl.GetClientConfiguration.DocumentRoot")) {
logger.error("This installation has not been configured to serve archiver config files.");
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
String configFileName = req.getParameter("configFile");
if(configFileName == null || configFileName.equals("") || configFileName.contains("..")) {
logger.error("The config file has not been specified (correctly).");
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
Path documentRoot = Paths.get((String) configService.getInstallationProperties().get("org.epics.archiverappliance.retrieval.bpl.GetClientConfiguration.DocumentRoot"));
if(!Files.exists(documentRoot)) {
logger.error("The document root does not exist " + documentRoot.toString());
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
Path configFilePath = documentRoot.resolve(configFileName);
if(!configFilePath.startsWith(documentRoot)) {
logger.error("The final path to the config file " + configFilePath + " does not seem to be part of the document root. Denying access to the file as a security precaution.");
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
if(!Files.exists(configFilePath)) {
logger.error("The archive viewer config file does not exist on the file system " + configFilePath.toString());
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
resp.setContentType(MimeTypeConstants.APPLICATION_JSON);
// Allow applications served from other URL's to access the JSON data from this server.
resp.addHeader(MimeResponse.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
try (OutputStream out = resp.getOutputStream()) {
try(FileInputStream fis = new FileInputStream(configFilePath.toFile())) {
byte[] buf = new byte[10*1024];
int bytesRead = fis.read(buf);
while(bytesRead > 0) {
out.write(buf, 0, bytesRead);
bytesRead = fis.read(buf);
}
}
}
}
}