kangaroo-and-rabbit/karideo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DEV] securisation is in good way...

Browse Source
This commit is contained in:
Edouard DUPIN 2022-05-24 01:26:48 +02:00
parent 4e4ac74948
commit 1a0d9fb1e4
19 changed files with 139 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
back/src/org/kar/karideo/AuthenticationFilter.java
View File

@ -41,10 +41,12 @@ public class AuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
/*
System.out.println("-----------------------------------------------------");
System.out.println("---- Check if have authorization ----");
System.out.println("-----------------------------------------------------");
System.out.println(" for:" + requestContext.getUriInfo().getPath());
System.out.println(" for:" + requestContext.getUriInfo().getPath());
*/
Method method = resourceInfo.getResourceMethod();
// Access denied for all
if(method.isAnnotationPresent(DenyAll.class)) {
@ -69,7 +71,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
// Get the Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
System.out.println("authorizationHeader: " + authorizationHeader);
//System.out.println("authorizationHeader: " + authorizationHeader);
if(authorizationHeader == null && method.isAnnotationPresent(PermitTokenInURI.class)) {
MultivaluedMap<String, String> quaryparam = requestContext.getUriInfo().getQueryParameters();
for (Entry<String, List<String>> item: quaryparam.entrySet()) {
@ -81,7 +83,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
}
}
}
System.out.println("authorizationHeader: " + authorizationHeader);
//System.out.println("authorizationHeader: " + authorizationHeader);
/*
@ -174,16 +176,16 @@ public class AuthenticationFilter implements ContainerRequestFilter {
}
private User validateToken(String authorization) throws Exception {
System.out.println("-----------------------------------------------------");
//System.out.println("-----------------------------------------------------");
System.out.println("---- TODO validate token ----");
System.out.println("-----------------------------------------------------");
//System.out.println("-----------------------------------------------------");
// Check if the token was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
String[] value = authorization.split(":");
long user = Long.valueOf(value[0]);
String token = value[1];
UserSmall userOAuth = UserDB.getUserOAuth(user, token);
System.out.println("Get local userOAuth : " + userOAuth);
//System.out.println("Get local userOAuth : " + userOAuth);
// TODO: Set here the way of the default create user or need to have right to access on this website...
return UserDB.getUserOrCreate(userOAuth);
}

20
back/src/org/kar/karideo/CacheFilter.java Normal file
View File

@ -0,0 +1,20 @@
package org.kar.karideo;
public class CacheFilter {
@Override
public List<ResourceFilter> create(AbstractMethod am) {
if (am.isAnnotationPresent(CacheMaxAge.class)) {
CacheMaxAge maxAge = am.getAnnotation(CacheMaxAge.class);
return newCacheFilter("max-age: " + maxAge.unit().toSeconds(maxAge.time()));
} else if (am.isAnnotationPresent(NoCache.class)) {
return newCacheFilter("no-cache");
} else {
return Collections.emptyList();
}
}
private List<ResourceFilter> newCacheFilter(String content) {
return Collections
.<ResourceFilter> singletonList(new CacheResponseFilter(content));
}
}

3
back/src/org/kar/karideo/api/DataResource.java
View File

@ -13,6 +13,7 @@ import org.kar.karideo.model.DataSmall;
import javax.annotation.security.RolesAllowed;
import javax.imageio.ImageIO;
import javax.ws.rs.*;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
@ -32,6 +33,7 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Date;
import java.util.concurrent.TimeUnit;
// https://stackoverflow.com/questions/35367113/jersey-webservice-scalable-approach-to-download-file-and-reply-to-client
@ -370,6 +372,7 @@ public class DataResource {
@RolesAllowed("USER")
@PermitTokenInURI
@Produces(MediaType.APPLICATION_OCTET_STREAM)
//@CacheMaxAge(time = 10, unit = TimeUnit.DAYS)
public Response retriveDataThumbnailId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");

4
back/src/org/kar/karideo/model/User.java
View File

@ -49,7 +49,9 @@ public class User {
this.lastConnection = rs.getTimestamp(iii++);
this.login = rs.getString(iii++);
this.email = rs.getString(iii++);
this.admin = Boolean.getBoolean(rs.getString(iii++));
String adminValue = rs.getString(iii++);
System.out.println("Admin value = '" + adminValue + "'");
this.admin = Boolean.getBoolean(adminValue);
this.blocked = Boolean.getBoolean(rs.getString(iii++));
this.removed = Boolean.getBoolean(rs.getString(iii++));
this.avatar = rs.getLong(iii++);

2
front/src/app/app.component.html
View File

@ -6,5 +6,5 @@
<div class="main-modal" ng-include="currentModal" ng-if="currentModal != ''" ></div> <!-- (click)="onOutModal()" -->
-->
<div class="main-content">
<router-outlet></router-outlet>
<router-outlet *ngIf="isConnected"></router-outlet>
</div>

8
front/src/app/app.component.ts
View File

@ -17,7 +17,9 @@ import { CookiesService } from './service/cookies';
]
})
export class AppComponent implements OnInit {
title = 'Karideo';
title: string = 'Karideo';
isConnected: boolean = false;
constructor(private cookiesService: CookiesService,
private userService: UserService,
private sessionService: SessionService) {
@ -27,6 +29,7 @@ export class AppComponent implements OnInit {
ngOnInit() {
let login = this.cookiesService.get('yota-login');
let password = this.cookiesService.get('yota-password');
this.isConnected = false;
if(login !== '' &&
password !== '' &&
password.length > 40) {
@ -40,11 +43,14 @@ export class AppComponent implements OnInit {
response.email,
response.admin,
response.avatar);
this.isConnected = true;
// self.router.navigate(['home']);
}).catch((response: any) => {
console.log('auto log ==> Error');
self.cookiesService.remove('yota-login');
self.cookiesService.remove('yota-password');
this.isConnected = true;
// this force the need to refresh after connection ...
});
}
}

6
front/src/app/component/data-image/data-image.ts
View File

@ -4,7 +4,7 @@
* @license PROPRIETARY (see license file)
*/
import { Injectable, Component, OnInit, Input } from '@angular/core';
//import { ModelResponseHttp } from '../../service/http-wrapper';
import { ModelResponseHttp } from '../../service/http-wrapper';
import { DataService } from '../../service/data';
@Component({
@ -45,13 +45,13 @@ export class ElementDataImageComponent implements OnInit {
//ctx.drawImage(img, 0, 0)
}
let imageUrl = URL.createObjectURL(value);
img.src = imageUrl;
console.log(`get new image url blob: ${imageUrl}`);
//img.src = imageUrl;
})
}).catch(()=>{
console.log("plop ---> ");
});
//img.src = "../../assets/aCRF-PRV111_CLN-001 v1.4-images/aCRF-PRV111_CLN-001 v1.4-blank_0.jpg";
//ctx.drawImage(img, 10, 10, 250, 250);
*/

3
front/src/app/component/element-season/element-season.html
View File

@ -1,7 +1,8 @@
<div class="imgContainer-small">
<div *ngIf="cover">
<data-image id="{{cover}}"></data-image>
<!--<data-image id="{{cover}}"></data-image>-->
<img src="{{cover}}"/>
</div>
<div *ngIf="!cover" class="noImage">

3
front/src/app/component/element-series/element-series.html
View File

@ -6,7 +6,8 @@
</div>
<div class="imgContainer-small">
<div *ngIf="cover">
<data-image id="{{cover}}"></data-image>
<!--<data-image id="{{cover}}"></data-image>-->
<img src="{{cover}}"/>
</div>
<div *ngIf="!cover" class="noImage">

4
front/src/app/component/element-series/element-series.ts
View File

@ -43,9 +43,9 @@ export class ElementSeriesComponent implements OnInit {
self.cover = null;
// self.covers = [];
} else {
self.cover = response.covers[0];//self.seriesService.getCoverThumbnailUrl(response.covers[0]);
self.cover = self.seriesService.getCoverThumbnailUrl(response.covers[0]);
for(let iii = 0; iii < response.covers.length; iii++) {
self.covers.push(response.covers[iii]);//self.seriesService.getCoverThumbnailUrl(response.covers[iii]));
self.covers.push(self.seriesService.getCoverThumbnailUrl(response.covers[iii]));
}
}
}).catch((response) => {

4
front/src/app/component/element-video/element-video.html
View File

@ -1,8 +1,8 @@
<div>
<div class="videoImgContainer">
<div *ngIf="cover">
<data-image id="{{cover}}"></data-image>
<!--<img src="{{cover}}"/>-->
<!--<data-image id="{{cover}}"></data-image>-->
<img src="{{cover}}"/>-->
</div>
<div *ngIf="!cover" class="noImage">

6
front/src/app/scene/video/video.html
View File

@ -22,9 +22,7 @@
<div class="cover-image" *ngIf="cover != null">
<img src="{{cover}}"/>
</div>
<div class="cover-no-image" *ngIf="cover == null">
<img src="{{cover}}"/>
</div>
<div class="cover-no-image" *ngIf="cover == null"></div>
<div class="cover-button">
<button (click)="onRequirePlay()">
<i class="material-icons big-button">play_circle_outline</i>
@ -65,7 +63,7 @@
(mousemove)="startHideTimer()"
(fullscreenchange)="onFullscreenChange($event)">
<div class="video-elem">
<video src="{{videoSource}}/{{generatedName}}"
<video src="{{videoSource}}"
#videoPlayer
preload
(play)="changeStateToPlay()"

30
front/src/app/scene/video/video.ts
View File

@ -73,10 +73,18 @@ export class VideoScene implements OnInit {
durationDisplay:string = '00';
volumeValue:number = 100;
displayNeedHide:boolean = false;
timeLeft: number = 10;
interval = null;
constructor(private route: ActivatedRoute,
private videoService: VideoService,
private seriesService: SeriesService,
private seasonService: SeasonService,
private httpService: HttpWrapperService,
private arianeService: ArianeService) {
}
startHideTimer() {
this.displayNeedHide = false;
this.timeLeft = 5;
@ -110,16 +118,6 @@ export class VideoScene implements OnInit {
this.arianeService.navigateVideo(this.havePrevious.id, event.which === 2, event.ctrlKey);
this.arianeService.setVideo(this.havePrevious.id);
}
constructor(private route: ActivatedRoute,
private videoService: VideoService,
private seriesService: SeriesService,
private seasonService: SeasonService,
private httpService: HttpWrapperService,
private arianeService: ArianeService) {
}
generateName() {
this.generatedName = '';
if(this.seriesName !== undefined) {
@ -142,6 +140,11 @@ export class VideoScene implements OnInit {
this.generatedName = this.generatedName + this.name;
this.generatedName = this.generatedName.replace(new RegExp('&', 'g'), '_');
this.generatedName = this.generatedName.replace(new RegExp('/', 'g'), '_');
// update the path of the uri request
this.videoSource = this.httpService.createRESTCall2({
api: `data/${ this.dataId}/${this.generatedName}`,
addURLToken: true,
});
}
myPeriodicCheckFunction() {
@ -207,7 +210,10 @@ export class VideoScene implements OnInit {
self.time = response.time;
self.generatedName = response.generatedName;
if(self.dataId !== -1) {
self.videoSource = self.httpService.createRESTCall(`data/${ self.dataId}`);
self.videoSource = self.httpService.createRESTCall2({
api: `data/${ self.dataId}/${self.generatedName}`,
addURLToken: true,
});
} else {
self.videoSource = '';
}

14
front/src/app/service/data.ts
View File

@ -52,11 +52,17 @@ export class DataService {
});
}
getCoverUrl(coverId:number):any {
return this.http.createRESTCall(`data/${ coverId}`);
getCoverUrl(coverId: number):any {
return this.http.createRESTCall2({
api: `data/${coverId}`,
addURLToken: true,
});
}
getCoverThumbnailUrl(coverId:number):any {
return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
getCoverThumbnailUrl(coverId: number):any {
return this.http.createRESTCall2({
api: `data/thumbnail/${coverId}`,
addURLToken: true,
});
}
}

30
front/src/app/service/http-wrapper.ts
View File

@ -66,8 +66,8 @@ export class HttpWrapperService {
addTokenIfNeeded(headerOption:any): any {
if(this.session.sessionData !== null) {
if(headerOption.authorization === undefined) {
headerOption.authorization = `Yota ${ this.session.sessionData.userId }:${ this.session.sessionData.token}`;
if(headerOption.Authorization === undefined) {
headerOption.Authorization = `Yota ${ this.session.sessionData.userId }:${ this.session.sessionData.token}`;
}
}
return headerOption;
@ -83,12 +83,14 @@ export class HttpWrapperService {
});
let headers: any = {
'Accept': properties.accept,
'Content-Type': properties.contentType,
'authorization': properties.authorization,
//'Content-Type': properties.contentType,
}
if (properties.authorization !== undefined && properties.authorization !== null) {
headers['Authorization'] = properties.authorization;
}
if (properties.requestType !== HTTPRequestModel.GET) {
headers['Content-Type'] = properties.contentType;
}
/*if (properties.requestType === HTTPRequestModel.GET) {
headers['Content-Type'] = undefined;
}*/
console.log(`disble tocken : ${JSON.stringify(properties)} properties.disableTocken=${properties.disableTocken}`);
if (properties.disableTocken === undefined || properties.disableTocken === null || properties.disableTocken === true) {
headers = this.addTokenIfNeeded(headers);
@ -161,7 +163,7 @@ export class HttpWrapperService {
}
createRESTCall2({ api, server, inputOptions }: { server?: string; api: string; inputOptions?: any[]; }) {
createRESTCall2({ api, server, inputOptions, addURLToken }: { server?: string; api: string; inputOptions?: any[]; addURLToken?:boolean }) {
let basePage = environment.apiUrl;
if (server === "karauth") {
basePage = environment.apiOAuthUrl;
@ -182,10 +184,20 @@ export class HttpWrapperService {
}
out = out + options[iii];
}
if(this.session.sessionData !== null) {
if (addURLToken !== undefined && addURLToken === true) {
if(first === false) {
out = `${out }&`;
} else {
out = `${out }?`;
}
out = out + `Authorization=Yota ${this.session.sessionData.userId}:${this.session.sessionData.token}`;
}
}
return out;
}
// Deprecated ...
createRESTCall(api: string, inputOptions?: any) {
let basePage = environment.apiUrl;
let addressServerRest = `${basePage }/`;

12
front/src/app/service/season.ts
View File

@ -85,12 +85,18 @@ export class SeasonService {
let ret = this.http.deleteSpecific(this.serviceName, id);
return this.bdd.delete(this.serviceName, id, ret);
}
// deprecated ???
getCoverUrl(coverId:number):any {
return this.http.createRESTCall(`data/${ coverId}`);
return this.http.createRESTCall2({
api: `data/${coverId}`,
addURLToken: true,
});
}
getCoverThumbnailUrl(coverId:number):any {
return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
return this.http.createRESTCall2({
api: `data/thumbnail/${coverId}`,
addURLToken: true,
});
}
deleteCover(nodeId:number,
coverId:number) {

10
front/src/app/service/series.ts
View File

@ -138,11 +138,17 @@ export class SeriesService {
}
getCoverUrl(coverId:number):any {
return this.http.createRESTCall(`data/${ coverId}`);
return this.http.createRESTCall2({
api: `data/${coverId}`,
addURLToken: true,
});
}
getCoverThumbnailUrl(coverId:number):any {
return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
return this.http.createRESTCall2({
api: `data/thumbnail/${coverId}`,
addURLToken: true,
});
}
getLike(nameSeries:string):any {

14
front/src/app/service/type.ts
View File

@ -170,11 +170,17 @@ export class TypeService {
});
}
getCoverUrl(_coverId:number):any {
return this.http.createRESTCall(`data/${ _coverId}`);
getCoverUrl(coverId:number):any {
return this.http.createRESTCall2({
api: `data/${coverId}`,
addURLToken: true,
});
}
getCoverThumbnailUrl(_coverId:number):any {
return this.http.createRESTCall(`data/thumbnail/${ _coverId}`);
getCoverThumbnailUrl(coverId:number):any {
return this.http.createRESTCall2({
api: `data/thumbnail/${coverId}`,
addURLToken: true,
});
}
}

10
front/src/app/service/video.ts
View File

@ -48,10 +48,16 @@ export class VideoService {
return this.bdd.delete(this.serviceName, id, ret);
}
getCoverUrl(coverId:number):any {
return this.http.createRESTCall(`data/${ coverId}`);
return this.http.createRESTCall2({
api: `data/${coverId}`,
addURLToken: true,
});
}
getCoverThumbnailUrl(coverId:number):any {
return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
return this.http.createRESTCall2({
api: `data/thumbnail/${coverId}`,
addURLToken: true,
});
}
uploadFile(file:File,