GetDefaultAllowedOriginsQuery.java

package org.ovirt.engine.core.bll.aaa;

import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.inject.Inject;

import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.bll.QueriesCommandBase;
import org.ovirt.engine.core.common.businessentities.VDS;
import org.ovirt.engine.core.common.queries.GetDefaultAllowedOriginsQueryParameters;
import org.ovirt.engine.core.dao.VdsDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Returns a list of origins which are allowed by default for CORS (see CORSSupportFilter).
 * Recently it's a list of all hosts.
 *
 * This is required to allow JavaScript/browser calls to REST API, like from Cockpit installed on hosts does.
 *
 * Please note, if either CORSSupport=false or CORSAllowDefaultOrigins=false, then this query is not executed.
 */
public class GetDefaultAllowedOriginsQuery<P extends GetDefaultAllowedOriginsQueryParameters>
        extends QueriesCommandBase<P> {
    private static final Logger log = LoggerFactory.getLogger(GetDefaultAllowedOriginsQuery.class);

    @Inject
    private VdsDao vdsDao;

    public GetDefaultAllowedOriginsQuery(P parameters) {
        super(parameters);
    }

    private List<String> getHostOrigins(String host, Set<String> suffixes) {
        List<String> origins = new LinkedList<>();
        suffixes.forEach(suffix -> origins.add(String.format("https://%s%s", host, suffix)));
        return origins;
    }

    private Set<String> getDefaultOrigins() {
        List<VDS> allVds = vdsDao.getAll(getUserID(), getParameters().isFiltered());
        Set<String> allowedOrigins = new HashSet<>();

        if (getParameters().getSuffixes().isEmpty()) {
            allVds.forEach(
                    vds -> allowedOrigins.add(String.format("https://%s", vds.getHostName())));
        } else {
            allVds.forEach(
                    vds -> allowedOrigins.addAll(getHostOrigins(vds.getHostName(), getParameters().getSuffixes())));
        }

        if (log.isDebugEnabled()) {
            log.debug("Default list of origins refreshed to: {}", StringUtils.join(allowedOrigins, ','));
        }
        return allowedOrigins;
    }

    @Override
    protected void executeQueryCommand() {
        getQueryReturnValue().setReturnValue(getDefaultOrigins());
    }
}