Commit c9e931eb authored by Enriko Käsper's avatar Enriko Käsper
Browse files

Merge branch 'hotfix/TEIS-1741' into 'master'

Release: merge 'hotfix-teis-1741' into 'master' created by Enriko Käsper

See merge request teis/common-api-gateway!156
parents 39179f1a d9236c50
# Changelog # Changelog
## [1.15.1] - 2020-12-02
* fixed file max size validation in file upload functionality.
## [1.15.0] - 2020-11-27 ## [1.15.0] - 2020-11-27
Updates in the following API's: Updates in the following API's:
......
...@@ -15,6 +15,7 @@ import lombok.extern.slf4j.Slf4j; ...@@ -15,6 +15,7 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.tomcat.util.http.fileupload.FileItemIterator; import org.apache.tomcat.util.http.fileupload.FileItemIterator;
import org.apache.tomcat.util.http.fileupload.FileItemStream; import org.apache.tomcat.util.http.fileupload.FileItemStream;
import org.apache.tomcat.util.http.fileupload.IOUtils; import org.apache.tomcat.util.http.fileupload.IOUtils;
import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload; import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.apache.tomcat.util.http.fileupload.util.Streams; import org.apache.tomcat.util.http.fileupload.util.Streams;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
...@@ -29,10 +30,12 @@ import java.util.List; ...@@ -29,10 +30,12 @@ import java.util.List;
import java.util.UUID; import java.util.UUID;
import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletableFuture;
import static ee.sm.ti.teis.commongateway.file.FileObjectType.RISK_FACTOR;
import static ee.sm.ti.teis.errors.CommonErrorCode.BAD_REQUEST; import static ee.sm.ti.teis.errors.CommonErrorCode.BAD_REQUEST;
import static ee.sm.ti.teis.errors.CommonErrorCode.UNSUPPORTED_MEDIA_TYPE; import static ee.sm.ti.teis.errors.CommonErrorCode.UNSUPPORTED_MEDIA_TYPE;
import static java.util.concurrent.TimeUnit.MILLISECONDS; import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.apache.commons.io.FilenameUtils.getExtension; import static org.apache.commons.io.FilenameUtils.getExtension;
import static org.springframework.http.HttpStatus.PAYLOAD_TOO_LARGE;
@Service @Service
@Slf4j @Slf4j
...@@ -49,6 +52,8 @@ public class FileContentService { ...@@ -49,6 +52,8 @@ public class FileContentService {
private int fileReferenceUpdateTimeout; private int fileReferenceUpdateTimeout;
@Value("${minio.bucket}") @Value("${minio.bucket}")
private String bucketName; private String bucketName;
@Value("${teis.file.upload.max-http-request-header-size}")
private int maxHttpRequestHeaderSize;
public FileReferenceDto updateContext(FileReferenceDto fileReferenceDto, String objectType, public FileReferenceDto updateContext(FileReferenceDto fileReferenceDto, String objectType,
RequestMetaDTO requestMetaDTO) { RequestMetaDTO requestMetaDTO) {
...@@ -69,7 +74,18 @@ public class FileContentService { ...@@ -69,7 +74,18 @@ public class FileContentService {
try { try {
ServletFileUpload upload = new ServletFileUpload(); ServletFileUpload upload = new ServletFileUpload();
setMaxFileSize(objectType, requestMetaDTO, upload); setMaxFileSize(objectType, requestMetaDTO, upload);
FileItemIterator iteratorStream = upload.getItemIterator(request); FileItemIterator iteratorStream;
try {
iteratorStream = upload.getItemIterator(request);
} catch (SizeLimitExceededException e) {
log.debug("File size exceeded limit: {}", e.getMessage());
throw new TeisRestException(ErrorDTO.builder()
.code(String.valueOf(PAYLOAD_TOO_LARGE.value()))
.requestId(requestMetaDTO.getRequestId())
.httpResponse(PAYLOAD_TOO_LARGE)
.message("File too large")
.build());
}
String fileName = null; String fileName = null;
String contentType = null; String contentType = null;
...@@ -145,11 +161,17 @@ public class FileContentService { ...@@ -145,11 +161,17 @@ public class FileContentService {
} }
private void setMaxFileSize(FileObjectType objectType, RequestMetaDTO requestMetaDTO, ServletFileUpload upload) { private void setMaxFileSize(FileObjectType objectType, RequestMetaDTO requestMetaDTO, ServletFileUpload upload) {
if (objectType == FileObjectType.RISK_FACTOR) { long maxFileSize;
upload.setSizeMax(parameterService.getMaxFileUploadSize(requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE_FOR_RISK_FACTOR_IMAGE));
if (objectType == RISK_FACTOR) {
maxFileSize = parameterService.getMaxFileUploadSize(
requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE_FOR_RISK_FACTOR_IMAGE);
} else { } else {
upload.setSizeMax(parameterService.getMaxFileUploadSize(requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE)); maxFileSize = parameterService.getMaxFileUploadSize(
requestMetaDTO, FileParameterType.FILE_UPLOAD_MAX_SIZE);
} }
upload.setSizeMax(maxFileSize + maxHttpRequestHeaderSize);
} }
private void validateCreateBucket() throws Exception { private void validateCreateBucket() throws Exception {
...@@ -170,7 +192,7 @@ public class FileContentService { ...@@ -170,7 +192,7 @@ public class FileContentService {
void validateFileExtensionAllowed(String fileName, FileObjectType objectType, RequestMetaDTO requestMetaDTO) { void validateFileExtensionAllowed(String fileName, FileObjectType objectType, RequestMetaDTO requestMetaDTO) {
List<String> allowedExtensions; List<String> allowedExtensions;
if (objectType == FileObjectType.RISK_FACTOR) { if (objectType == RISK_FACTOR) {
allowedExtensions = parameterService.getAllowedExtensions(requestMetaDTO, FileParameterType.FILE_UPLOAD_ALLOWED_RISK_FACTOR_IMAGE_EXTENSIONS); allowedExtensions = parameterService.getAllowedExtensions(requestMetaDTO, FileParameterType.FILE_UPLOAD_ALLOWED_RISK_FACTOR_IMAGE_EXTENSIONS);
} else { } else {
allowedExtensions = parameterService.getAllowedExtensions(requestMetaDTO, FileParameterType.FILE_UPLOAD_ALLOWED_EXTENSIONS); allowedExtensions = parameterService.getAllowedExtensions(requestMetaDTO, FileParameterType.FILE_UPLOAD_ALLOWED_EXTENSIONS);
...@@ -180,6 +202,7 @@ public class FileContentService { ...@@ -180,6 +202,7 @@ public class FileContentService {
if (!allowedExtensions.contains(extension.toLowerCase())) { if (!allowedExtensions.contains(extension.toLowerCase())) {
throw new TeisRestException(ErrorDTO.builder() throw new TeisRestException(ErrorDTO.builder()
.code(UNSUPPORTED_MEDIA_TYPE.getCode()) .code(UNSUPPORTED_MEDIA_TYPE.getCode())
.requestId(requestMetaDTO.getRequestId())
.httpResponse(HttpStatus.UNSUPPORTED_MEDIA_TYPE) .httpResponse(HttpStatus.UNSUPPORTED_MEDIA_TYPE)
.message("File extension not allowed") .message("File extension not allowed")
.build()); .build());
......
...@@ -58,8 +58,11 @@ teis: ...@@ -58,8 +58,11 @@ teis:
file: file:
file-reference: file-reference:
update-timeout: ${RABBIT_TEMPLATE_GW_EXCHANGE_REPLY_TIMEOUT:6000} update-timeout: ${RABBIT_TEMPLATE_GW_EXCHANGE_REPLY_TIMEOUT:6000}
upload:
max-http-request-header-size: ${FILE_UPLOAD_MAX_HTTP_REQUEST_HEADER_SIZE:1024000}
parameter: parameter:
cache-duration: PT30S cache-duration: PT30S
minio: minio:
url: ${S3_HOST:localhost} url: ${S3_HOST:localhost}
access-key: ${S3_ACCESS_KEY:s3MinioAccessKey} access-key: ${S3_ACCESS_KEY:s3MinioAccessKey}
......
theGroup=ee.sm.ti.teis theGroup=ee.sm.ti.teis
//commonApiGatewayVersion=forSearch ^commonApiGatewayVersion=.*?-SNAPSHOT //commonApiGatewayVersion=forSearch ^commonApiGatewayVersion=.*?-SNAPSHOT
theVersion=1.15.0 theVersion=1.15.1
commonsVersion=1.15.0 commonsVersion=1.15.0
pluginVersion=1.2.0 pluginVersion=1.2.0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment