Allowed external http and https targets for LinkNodes

9e244f14 · Nicola Fulvio Calabria · 1907e7fb · 9e244f14 · 9e244f14 · 9e244f14
Commit 9e244f14 authored 3 years ago by Nicola Fulvio Calabria
--- a/src/main/java/it/inaf/oats/vospace/BaseNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/BaseNodeController.java
@@ -19,11 +19,11 @@ public abstract class BaseNodeController {

    @Autowired
    private HttpServletRequest servletRequest;
-    
+
    @Value("${vospace-authority}")
    protected String authority;
-        
-    protected String getPath() {       
+
+    protected String getPath() {
        String requestURL = servletRequest.getRequestURL().toString();
        try {
            return NodeUtils.getPathFromRequestURLString(requestURL);
@@ -35,7 +35,7 @@ public abstract class BaseNodeController {
    protected String getParentPath(String path) {
        return NodeUtils.getParentPath(path);
    }
-    
+
    protected void validateAndCheckPayloadURIConsistence(Node node) {
        // Get Node path (and validates it too)
        String decodedURIPathFromNode = URIUtils.returnVosPathFromNodeURI(node.getUri(), this.authority);
@@ -45,16 +45,27 @@ public abstract class BaseNodeController {
        if (!decodedURIPathFromNode.equals(this.getPath())) {
            throw new InvalidURIException(decodedURIPathFromNode, requestPath);
        }
-        
+
    }
-    
-    protected void validateInternalLinkNode(LinkNode linkNode) {
+
+    protected void validateLinkNode(LinkNode linkNode) {
        String target = linkNode.getTarget();
        // I validate it here to add context easily
        if (target == null) {
            throw new InvalidArgumentException("LinkNode in payload has no target element specified");
        }

-        URIUtils.returnVosPathFromNodeURI(linkNode.getTarget(), authority);
+        if (URIUtils.isURIInternal(target)) {
+            URIUtils.returnVosPathFromNodeURI(linkNode.getTarget(), authority);
+        } else {
+            // Let's discuss if we need to combine this validation with
+            // protocol endpoints management (URIService, ProtocolType)
+            // Let's start with http and https only for now
+            if (!(target.toLowerCase().startsWith("http://")
+                    || target.toLowerCase().startsWith("https://"))) {
+                throw new InvalidArgumentException("LinkNode target malformed or unsupported protocol: " + target);
+            }
+
+        }
    }
 }
--- a/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
@@ -44,7 +44,7 @@ public class CreateNodeController extends BaseNodeController {
    private void validateInputNode(Node node) {

        if (node instanceof LinkNode) {
-            this.validateInternalLinkNode((LinkNode) node);
+            this.validateLinkNode((LinkNode) node);
        }

    }

--- a/src/main/java/it/inaf/oats/vospace/SetNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/SetNodeController.java
@@ -73,7 +73,7 @@ public class SetNodeController extends BaseNodeController {
        if (node instanceof DataNode) {
            checkViews((DataNode) node, (DataNode) toBeModifiedNode);
        } else if(node instanceof LinkNode) {
-            this.validateInternalLinkNode((LinkNode) node);            
+            this.validateLinkNode((LinkNode) node);            
        }

        //The service SHOULD throw a HTTP 500 status code including an InternalFault fault