files fix

3 weeks ago · 2ce40f837c
4 changed files with 28 additions and 2 deletions
--- a/src/main/java/app/annotations/impl/PermitionFlagAspect.java
+++ b/src/main/java/app/annotations/impl/PermitionFlagAspect.java
@ -32,9 +32,14 @@ public class PermitionFlagAspect {
    @Autowired
    private HttpServletRequest request;

+    private final boolean enabled;
+
    @Autowired
    public PermitionFlagAspect(ProfileService profileService) {
        this.profileService = profileService;
+        this.enabled = !"true".equals(System.getenv("DISABLE_AUTH"));
+        if (!this.enabled)
+            this.logger.warn("PERMITION FLAG CHECK IS DISABLED, ALLOW ALL ACTIONS");
    }

    public boolean ValidateAdmin(String steam64, String flag) {
@ -48,6 +53,11 @@ public class PermitionFlagAspect {
    public void before(JoinPoint joinPoint){
        String flag = ((MethodSignature) joinPoint.getSignature()).getMethod().getAnnotation(CheckPermitionFlag.class).flag();
        logger.info("check permition flag, requested: {}", flag);
+        if (!this.enabled) {
+            logger.warn("bypass request, permition check is disabled");
+            return;
+        }
+
        if(!(request instanceof HttpServletRequest)) {
            throw new RuntimeException("invalid request");
        }
--- a/src/main/java/app/controllers/FileController.java
+++ b/src/main/java/app/controllers/FileController.java
@ -22,6 +22,7 @@ import org.springframework.web.multipart.MultipartFile;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.sql.Timestamp;
@ -88,6 +89,7 @@ public class FileController {
        dbFile.setTimestamp(timestamp);
        dbFile.setId(uuid);
        dbFile.setTags(tags);
+        dbFile.setDeleted(false);
        fileRepository.save(dbFile);
        return ResponseEntity.ok(uuid.toString());
    }
@ -97,12 +99,17 @@ public class FileController {
        DbFile dbFile = fileRepository.findById(UUID.fromString(uuid)).orElse(null);
        if (dbFile == null) return ResponseEntity.notFound().build();

+        MediaType mediaType = MediaType.APPLICATION_OCTET_STREAM;
+        try {
+            mediaType = MediaType.valueOf(URLConnection.guessContentTypeFromName(dbFile.getFilename()));
+        } catch (Exception ignored) {}
+
        HttpHeaders headers = new HttpHeaders();
        headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + encodeFileName(dbFile.getFilename()));
        return ResponseEntity.ok()
                .headers(headers)
                .contentLength(dbFile.getFilesize())
-                .contentType(MediaType.APPLICATION_OCTET_STREAM)
+                .contentType(mediaType)
                .body(new InputStreamResource(new ByteArrayInputStream(dbFile.getData())));
    }

@ -111,6 +118,9 @@ public class FileController {
    @CheckPermitionFlag(flag = "z")
    @CollectStatistic(stage = CollectStages.COMBINED)
    public Page<DbFile> getFiles(Pageable pageable, @RequestBody(required = false) SearchFilter searchFilter) {
+        if (searchFilter == null)
+            searchFilter = new SearchFilter();
+
        String steam64_ids = searchFilter.getAccountsSteam64(profileService);

        return filePSRepository.getFiles(pageable,
--- a/src/main/java/app/entities/db/DbFile.java
+++ b/src/main/java/app/entities/db/DbFile.java
@ -3,6 +3,7 @@ package app.entities.db;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import jakarta.persistence.*;
 import lombok.Data;
+import org.apache.commons.compress.utils.FileNameUtils;

 import java.sql.Timestamp;
 import java.util.UUID;
@ -35,8 +36,13 @@ public class DbFile {
    private Timestamp timestamp;

    @Column(name = "deleted")
+    @JsonIgnore
    private Boolean deleted;

    @Column(name = "tags")
    private String tags;
+
+    public String getExtension() {
+        return this.filename == null ? null : FileNameUtils.getExtension(this.filename);
+    }
 }
--- a/src/main/java/app/repositories/FilePSRepository.java
+++ b/src/main/java/app/repositories/FilePSRepository.java
@ -11,7 +11,7 @@ import java.util.UUID;

 public interface FilePSRepository extends PagingAndSortingRepository<DbFile, UUID> {

-    @Query("select f from DbFile f where f.deleted = false and " +
+    @Query("select f from DbFile f where (f.deleted = false or f.deleted is null) and " +
            "(:steam64_non_exists = true or position(f.uploader in :steam64_ids) > 0) and " +
            "(:begin_date is null or DATE_PART('EPOCH', f.timestamp) >= :begin_date) and " +
            "(:end_date is null or :end_date >= DATE_PART('EPOCH', f.timestamp)) " +