From 9e244f147831824e43d71dcbe488a2833132d640 Mon Sep 17 00:00:00 2001
From: Nicola Fulvio Calabria <nicola.calabria@inaf.it>
Date: Fri, 8 Oct 2021 21:50:49 +0200
Subject: [PATCH] Allowed external http and https targets for LinkNodes
---
.../inaf/oats/vospace/BaseNodeController.java | 27 +++++++++++++------
.../oats/vospace/CreateNodeController.java | 2 +-
.../inaf/oats/vospace/SetNodeController.java | 2 +-
3 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/src/main/java/it/inaf/oats/vospace/BaseNodeController.java b/src/main/java/it/inaf/oats/vospace/BaseNodeController.java
index 81e2a8b..f180591 100644
--- a/src/main/java/it/inaf/oats/vospace/BaseNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/BaseNodeController.java
@@ -19,11 +19,11 @@ public abstract class BaseNodeController {
@Autowired
private HttpServletRequest servletRequest;
-
+
@Value("${vospace-authority}")
protected String authority;
-
- protected String getPath() {
+
+ protected String getPath() {
String requestURL = servletRequest.getRequestURL().toString();
try {
return NodeUtils.getPathFromRequestURLString(requestURL);
@@ -35,7 +35,7 @@ public abstract class BaseNodeController {
protected String getParentPath(String path) {
return NodeUtils.getParentPath(path);
}
-
+
protected void validateAndCheckPayloadURIConsistence(Node node) {
// Get Node path (and validates it too)
String decodedURIPathFromNode = URIUtils.returnVosPathFromNodeURI(node.getUri(), this.authority);
@@ -45,16 +45,27 @@ public abstract class BaseNodeController {
if (!decodedURIPathFromNode.equals(this.getPath())) {
throw new InvalidURIException(decodedURIPathFromNode, requestPath);
}
-
+
}
-
- protected void validateInternalLinkNode(LinkNode linkNode) {
+
+ protected void validateLinkNode(LinkNode linkNode) {
String target = linkNode.getTarget();
// I validate it here to add context easily
if (target == null) {
throw new InvalidArgumentException("LinkNode in payload has no target element specified");
}
- URIUtils.returnVosPathFromNodeURI(linkNode.getTarget(), authority);
+ if (URIUtils.isURIInternal(target)) {
+ URIUtils.returnVosPathFromNodeURI(linkNode.getTarget(), authority);
+ } else {
+ // Let's discuss if we need to combine this validation with
+ // protocol endpoints management (URIService, ProtocolType)
+ // Let's start with http and https only for now
+ if (!(target.toLowerCase().startsWith("http://")
+ || target.toLowerCase().startsWith("https://"))) {
+ throw new InvalidArgumentException("LinkNode target malformed or unsupported protocol: " + target);
+ }
+
+ }
}
}
diff --git a/src/main/java/it/inaf/oats/vospace/CreateNodeController.java b/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
index 7a6e047..4fa613f 100644
--- a/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/CreateNodeController.java
@@ -44,7 +44,7 @@ public class CreateNodeController extends BaseNodeController {
private void validateInputNode(Node node) {
if (node instanceof LinkNode) {
- this.validateInternalLinkNode((LinkNode) node);
+ this.validateLinkNode((LinkNode) node);
}
}
diff --git a/src/main/java/it/inaf/oats/vospace/SetNodeController.java b/src/main/java/it/inaf/oats/vospace/SetNodeController.java
index 7659ab9..aa712ec 100644
--- a/src/main/java/it/inaf/oats/vospace/SetNodeController.java
+++ b/src/main/java/it/inaf/oats/vospace/SetNodeController.java
@@ -73,7 +73,7 @@ public class SetNodeController extends BaseNodeController {
if (node instanceof DataNode) {
checkViews((DataNode) node, (DataNode) toBeModifiedNode);
} else if(node instanceof LinkNode) {
- this.validateInternalLinkNode((LinkNode) node);
+ this.validateLinkNode((LinkNode) node);
}
//The service SHOULD throw a HTTP 500 status code including an InternalFault fault
--
GitLab