Commit c9e931eb authored by Enriko Käsper's avatar Enriko Käsper
Browse files

Merge branch 'hotfix/TEIS-1741' into 'master'

Release: merge 'hotfix-teis-1741' into 'master' created by Enriko Käsper

See merge request teis/common-api-gateway!156
parents 39179f1a d9236c50
# Changelog
## [1.15.1] - 2020-12-02
* fixed file max size validation in file upload functionality.
## [1.15.0] - 2020-11-27
Updates in the following API's:
......
......@@ -15,6 +15,7 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.tomcat.util.http.fileupload.FileItemIterator;
import org.apache.tomcat.util.http.fileupload.FileItemStream;
import org.apache.tomcat.util.http.fileupload.IOUtils;
import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.apache.tomcat.util.http.fileupload.util.Streams;
import org.springframework.beans.factory.annotation.Value;
......@@ -29,10 +30,12 @@ import java.util.List;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import static ee.sm.ti.teis.commongateway.file.FileObjectType.RISK_FACTOR;
import static ee.sm.ti.teis.errors.CommonErrorCode.BAD_REQUEST;
import static ee.sm.ti.teis.errors.CommonErrorCode.UNSUPPORTED_MEDIA_TYPE;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.apache.commons.io.FilenameUtils.getExtension;
import static org.springframework.http.HttpStatus.PAYLOAD_TOO_LARGE;
@Service
@Slf4j
......@@ -49,6 +52,8 @@ public class FileContentService {
private int fileReferenceUpdateTimeout;
@Value("${minio.bucket}")
private String bucketName;
@Value("${teis.file.upload.max-http-request-header-size}")
private int maxHttpRequestHeaderSize;
public FileReferenceDto updateContext(FileReferenceDto fileReferenceDto, String objectType,
RequestMetaDTO requestMetaDTO) {
......@@ -69,7 +74,18 @@ public class FileContentService {
try {
ServletFileUpload upload = new ServletFileUpload();
setMaxFileSize(objectType, requestMetaDTO, upload);
FileItemIterator iteratorStream = upload.getItemIterator(request);
FileItemIterator iteratorStream;
try {
iteratorStream = upload.getItemIterator(request);
} catch (SizeLimitExceededException e) {
log.debug("File size exceeded limit: {}", e.getMessage());
throw new TeisRestException(ErrorDTO.builder()
.code(String.valueOf(PAYLOAD_TOO_LARGE.value()))
.requestId(requestMetaDTO.getRequestId())
.httpResponse(PAYLOAD_TOO_LARGE)
.message("File too large")
.build());
}
String fileName = null;
String contentType = null;
......@@ -145,11 +161,17 @@ public class FileContentService {
}
private void setMaxFileSize(FileObjectType objectType, RequestMetaDTO requestMetaDTO, ServletFileUpload upload) {
if (objectType == FileObjectType.RISK_FACTOR) {
upload.setSizeMax(parameterService.getMaxFileUploadSize(requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE_FOR_RISK_FACTOR_IMAGE));
long maxFileSize;
if (objectType == RISK_FACTOR) {
maxFileSize = parameterService.getMaxFileUploadSize(
requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE_FOR_RISK_FACTOR_IMAGE);
} else {
upload.setSizeMax(parameterService.getMaxFileUploadSize(requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE));
maxFileSize = parameterService.getMaxFileUploadSize(
requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE);
}
upload.setSizeMax(maxFileSize + maxHttpRequestHeaderSize);
}
private void validateCreateBucket() throws Exception {
......@@ -170,7 +192,7 @@ public class FileContentService {
void validateFileExtensionAllowed(String fileName, FileObjectType objectType, RequestMetaDTO requestMetaDTO) {
List<String> allowedExtensions;
if (objectType == FileObjectType.RISK_FACTOR) {
if (objectType == RISK_FACTOR) {
allowedExtensions = parameterService.getAllowedExtensions(requestMetaDTO, FileParameterType.FILE_UPLOAD_ALLOWED_RISK_FACTOR_IMAGE_EXTENSIONS);
} else {
allowedExtensions = parameterService.getAllowedExtensions(requestMetaDTO, FileParameterType.FILE_UPLOAD_ALLOWED_EXTENSIONS);
......@@ -180,6 +202,7 @@ public class FileContentService {
if (!allowedExtensions.contains(extension.toLowerCase())) {
throw new TeisRestException(ErrorDTO.builder()
.code(UNSUPPORTED_MEDIA_TYPE.getCode())
.requestId(requestMetaDTO.getRequestId())
.httpResponse(HttpStatus.UNSUPPORTED_MEDIA_TYPE)
.message("File extension not allowed")
.build());
......
......@@ -58,8 +58,11 @@ teis:
file:
file-reference:
update-timeout: ${RABBIT_TEMPLATE_GW_EXCHANGE_REPLY_TIMEOUT:6000}
upload:
max-http-request-header-size: ${FILE_UPLOAD_MAX_HTTP_REQUEST_HEADER_SIZE:1024000}
parameter:
cache-duration: PT30S
minio:
url: ${S3_HOST:localhost}
access-key: ${S3_ACCESS_KEY:s3MinioAccessKey}
......
theGroup=ee.sm.ti.teis
//commonApiGatewayVersion=forSearch ^commonApiGatewayVersion=.*?-SNAPSHOT
theVersion=1.15.0
theVersion=1.15.1
commonsVersion=1.15.0
pluginVersion=1.2.0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment