[DEV] securisation is in good way...

back/src/org/kar/karideo/AuthenticationFilter.java

@@ -41,10 +41,12 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 
     @Override
     public void filter(ContainerRequestContext requestContext) throws IOException {
+        /*
         System.out.println("-----------------------------------------------------");
         System.out.println("----          Check if have authorization        ----");
         System.out.println("-----------------------------------------------------");
-        System.out.println("   for:" + requestContext.getUriInfo().getPath());        
+        System.out.println("   for:" + requestContext.getUriInfo().getPath());
+        */
         Method method = resourceInfo.getResourceMethod();
         // Access denied for all
         if(method.isAnnotationPresent(DenyAll.class)) {
@@ -69,7 +71,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 
         // Get the Authorization header from the request
         String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
-        System.out.println("authorizationHeader: " + authorizationHeader);
+        //System.out.println("authorizationHeader: " + authorizationHeader);
         if(authorizationHeader == null && method.isAnnotationPresent(PermitTokenInURI.class)) {
         	MultivaluedMap<String, String> quaryparam = requestContext.getUriInfo().getQueryParameters();
             for (Entry<String, List<String>> item: quaryparam.entrySet()) {
@@ -81,7 +83,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
             	}
             }
         }
-        System.out.println("authorizationHeader: " + authorizationHeader);
+        //System.out.println("authorizationHeader: " + authorizationHeader);
         
         
         /*
@@ -174,16 +176,16 @@ public class AuthenticationFilter implements ContainerRequestFilter {
     }
 
     private User validateToken(String authorization) throws Exception {
-        System.out.println("-----------------------------------------------------");
+        //System.out.println("-----------------------------------------------------");
         System.out.println("----          TODO validate token                ----");
-        System.out.println("-----------------------------------------------------");
+        //System.out.println("-----------------------------------------------------");
         // Check if the token was issued by the server and if it's not expired
         // Throw an Exception if the token is invalid
         String[] value = authorization.split(":");
         long user = Long.valueOf(value[0]);
         String token = value[1];
         UserSmall userOAuth = UserDB.getUserOAuth(user, token);
-        System.out.println("Get local userOAuth : " + userOAuth);
+        //System.out.println("Get local userOAuth : " + userOAuth);
         // TODO: Set here the way of the default create user or need to have right to access on this website...
         return UserDB.getUserOrCreate(userOAuth);
     }

back/src/org/kar/karideo/CacheFilter.java

@@ -0,0 +1,20 @@
+package org.kar.karideo;
+
+public class CacheFilter {
+	@Override
+	public List<ResourceFilter> create(AbstractMethod am) {
+	    if (am.isAnnotationPresent(CacheMaxAge.class)) {
+	        CacheMaxAge maxAge = am.getAnnotation(CacheMaxAge.class);
+	        return newCacheFilter("max-age: " + maxAge.unit().toSeconds(maxAge.time()));
+	    } else if (am.isAnnotationPresent(NoCache.class)) {
+	        return newCacheFilter("no-cache");
+	    } else {
+	        return Collections.emptyList();
+	    }
+	}
+
+	private List<ResourceFilter> newCacheFilter(String content) {
+	    return Collections
+	            .<ResourceFilter> singletonList(new CacheResponseFilter(content));
+	}
+}

back/src/org/kar/karideo/api/DataResource.java

@@ -13,6 +13,7 @@ import org.kar.karideo.model.DataSmall;
 import javax.annotation.security.RolesAllowed;
 import javax.imageio.ImageIO;
 import javax.ws.rs.*;
+import javax.ws.rs.core.CacheControl;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
@@ -32,6 +33,7 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.util.Date;
+import java.util.concurrent.TimeUnit;
 
 
 // https://stackoverflow.com/questions/35367113/jersey-webservice-scalable-approach-to-download-file-and-reply-to-client
@@ -370,6 +372,7 @@ public class DataResource {
     @RolesAllowed("USER")
     @PermitTokenInURI
     @Produces(MediaType.APPLICATION_OCTET_STREAM)
+    //@CacheMaxAge(time = 10, unit = TimeUnit.DAYS)
     public Response retriveDataThumbnailId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
         GenericContext gc = (GenericContext) sc.getUserPrincipal();
         System.out.println("===================================================");

back/src/org/kar/karideo/model/User.java

@@ -49,7 +49,9 @@ public class User {
             this.lastConnection = rs.getTimestamp(iii++);
             this.login = rs.getString(iii++);
             this.email = rs.getString(iii++);
-            this.admin = Boolean.getBoolean(rs.getString(iii++));
+            String adminValue = rs.getString(iii++);
+            System.out.println("Admin value = '" + adminValue + "'");
+            this.admin = Boolean.getBoolean(adminValue);
             this.blocked = Boolean.getBoolean(rs.getString(iii++));
             this.removed = Boolean.getBoolean(rs.getString(iii++));
             this.avatar = rs.getLong(iii++);

front/src/app/app.component.html

@@ -6,5 +6,5 @@
 <div class="main-modal" ng-include="currentModal" ng-if="currentModal != ''" ></div> <!-- (click)="onOutModal()" -->
 -->
 <div class="main-content">
-	<router-outlet></router-outlet>
+	<router-outlet *ngIf="isConnected"></router-outlet>
 </div>

front/src/app/app.component.ts

@@ -17,7 +17,9 @@ import { CookiesService } from './service/cookies';
 	]
 })
 export class AppComponent implements OnInit {
-	title = 'Karideo';
+	title: string = 'Karideo';
+	isConnected: boolean = false;
+
 	constructor(private cookiesService: CookiesService,
 	            private userService: UserService,
 	            private sessionService: SessionService) {
@@ -27,6 +29,7 @@ export class AppComponent implements OnInit {
 	ngOnInit() {
 		let login = this.cookiesService.get('yota-login');
 		let password = this.cookiesService.get('yota-password');
+		this.isConnected = false;
 		if(login !== '' &&
 		     password !== '' &&
 		     password.length > 40) {
@@ -40,11 +43,14 @@ export class AppComponent implements OnInit {
 				                           response.email,
 				                           response.admin,
 				                           response.avatar);
+					this.isConnected = true;
 				// self.router.navigate(['home']);
 				}).catch((response: any) => {
 					console.log('auto log ==> Error');
 					self.cookiesService.remove('yota-login');
 					self.cookiesService.remove('yota-password');
+					this.isConnected = true; 
+					// this force the need to refresh after connection ...
 				});
 		}
 	}

front/src/app/component/data-image/data-image.ts

@@ -4,7 +4,7 @@
  * @license PROPRIETARY (see license file)
  */
 import { Injectable, Component, OnInit, Input } from '@angular/core';
-//import { ModelResponseHttp } from '../../service/http-wrapper';
+import { ModelResponseHttp } from '../../service/http-wrapper';
 import { DataService } from '../../service/data';
 
 @Component({
@@ -45,13 +45,13 @@ export class ElementDataImageComponent implements OnInit {
 						//ctx.drawImage(img, 0, 0)
 					}
 					let imageUrl = URL.createObjectURL(value);
-					img.src = imageUrl;
+					console.log(`get new image url blob: ${imageUrl}`);
+					//img.src = imageUrl;
 				})
 
 			}).catch(()=>{
 				console.log("plop ---> ");
 			});
-		
 		//img.src = "../../assets/aCRF-PRV111_CLN-001 v1.4-images/aCRF-PRV111_CLN-001 v1.4-blank_0.jpg";
 		//ctx.drawImage(img, 10, 10, 250, 250);
 		*/

front/src/app/component/element-season/element-season.html

@@ -1,7 +1,8 @@
 
 <div class="imgContainer-small">
 	<div *ngIf="cover">
-		<data-image id="{{cover}}"></data-image>
+		<!--<data-image id="{{cover}}"></data-image>-->
+		<img src="{{cover}}"/>
 	</div>
 	<div *ngIf="!cover" class="noImage">
 		

front/src/app/component/element-series/element-series.html

@@ -6,7 +6,8 @@
 	</div>
 	<div class="imgContainer-small">
 		<div *ngIf="cover">
-			<data-image id="{{cover}}"></data-image>
+			<!--<data-image id="{{cover}}"></data-image>-->
+			<img src="{{cover}}"/>
 		</div>
 		<div *ngIf="!cover" class="noImage">
 			

front/src/app/component/element-series/element-series.ts

@@ -43,9 +43,9 @@ export class ElementSeriesComponent implements OnInit {
 					self.cover = null;
 					// self.covers = [];
 				} else {
-					self.cover = response.covers[0];//self.seriesService.getCoverThumbnailUrl(response.covers[0]);
+					self.cover = self.seriesService.getCoverThumbnailUrl(response.covers[0]);
 					for(let iii = 0; iii < response.covers.length; iii++) {
-						self.covers.push(response.covers[iii]);//self.seriesService.getCoverThumbnailUrl(response.covers[iii]));
+						self.covers.push(self.seriesService.getCoverThumbnailUrl(response.covers[iii]));
 					}
 				}
 			}).catch((response) => {

front/src/app/component/element-video/element-video.html

@@ -1,8 +1,8 @@
 <div>
 	<div class="videoImgContainer">
 		<div *ngIf="cover">
-			<data-image id="{{cover}}"></data-image>
+			<!--<data-image id="{{cover}}"></data-image>-->
-			<!--<img src="{{cover}}"/>-->
+			<img src="{{cover}}"/>-->
 		</div>
 		<div *ngIf="!cover" class="noImage">
 			

front/src/app/scene/video/video.html

@@ -22,9 +22,7 @@
 				<div class="cover-image" *ngIf="cover != null"> 
 					<img src="{{cover}}"/>
 				</div>
-				<div class="cover-no-image" *ngIf="cover == null"> 
+				<div class="cover-no-image" *ngIf="cover == null"></div>
-					<img src="{{cover}}"/>
-				</div>
 				<div class="cover-button"> 
 					<button (click)="onRequirePlay()">
 						<i class="material-icons big-button">play_circle_outline</i>
@@ -65,7 +63,7 @@
 		    (mousemove)="startHideTimer()"
 			(fullscreenchange)="onFullscreenChange($event)">
 			<div class="video-elem"> 
-				<video src="{{videoSource}}/{{generatedName}}"
+				<video src="{{videoSource}}"
 				    #videoPlayer
 				    preload
 				    (play)="changeStateToPlay()"

front/src/app/scene/video/video.ts

@@ -73,10 +73,18 @@ export class VideoScene implements OnInit {
 	durationDisplay:string = '00';
 	volumeValue:number = 100;
 
-
 	displayNeedHide:boolean = false;
 	timeLeft: number = 10;
 	interval = null;
+	constructor(private route: ActivatedRoute,
+	            private videoService: VideoService,
+	            private seriesService: SeriesService,
+	            private seasonService: SeasonService,
+	            private httpService: HttpWrapperService,
+	            private arianeService: ArianeService) {
+
+	}
+
 	startHideTimer() {
 		this.displayNeedHide = false;
 		this.timeLeft = 5;
@@ -110,16 +118,6 @@ export class VideoScene implements OnInit {
 		this.arianeService.navigateVideo(this.havePrevious.id, event.which === 2, event.ctrlKey);
 		this.arianeService.setVideo(this.havePrevious.id);
 	}
-
-	constructor(private route: ActivatedRoute,
-	            private videoService: VideoService,
-	            private seriesService: SeriesService,
-	            private seasonService: SeasonService,
-	            private httpService: HttpWrapperService,
-	            private arianeService: ArianeService) {
-
-	}
-
 	generateName() {
 		this.generatedName = '';
 		if(this.seriesName !== undefined) {
@@ -142,6 +140,11 @@ export class VideoScene implements OnInit {
 		this.generatedName = this.generatedName + this.name;
 		this.generatedName = this.generatedName.replace(new RegExp('&', 'g'), '_');
 		this.generatedName = this.generatedName.replace(new RegExp('/', 'g'), '_');
+		// update the path of the uri request
+		this.videoSource = this.httpService.createRESTCall2({
+			api: `data/${ this.dataId}/${this.generatedName}`,
+			addURLToken: true,
+		});
 	}
 
 	myPeriodicCheckFunction() {
@@ -207,7 +210,10 @@ export class VideoScene implements OnInit {
 				self.time = response.time;
 				self.generatedName = response.generatedName;
 				if(self.dataId !== -1) {
-					self.videoSource = self.httpService.createRESTCall(`data/${ self.dataId}`);
+					self.videoSource = self.httpService.createRESTCall2({
+						api: `data/${ self.dataId}/${self.generatedName}`,
+						addURLToken: true,
+					});
 				} else {
 					self.videoSource = '';
 				}

front/src/app/service/data.ts

@@ -52,11 +52,17 @@ export class DataService {
 		});
 	}
 
-	getCoverUrl(coverId:number):any {
+	getCoverUrl(coverId: number):any {
-		return this.http.createRESTCall(`data/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/${coverId}`,
+			addURLToken: true,
+		});
 	}
-	getCoverThumbnailUrl(coverId:number):any {
+	getCoverThumbnailUrl(coverId: number):any {
-		return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/thumbnail/${coverId}`,
+			addURLToken: true,
+		});
 	}
 }
 

front/src/app/service/http-wrapper.ts

@@ -66,8 +66,8 @@ export class HttpWrapperService {
 
 	addTokenIfNeeded(headerOption:any): any {
 		if(this.session.sessionData !== null) {
-			if(headerOption.authorization === undefined) {
+			if(headerOption.Authorization === undefined) {
-				headerOption.authorization = `Yota ${ this.session.sessionData.userId }:${ this.session.sessionData.token}`;
+				headerOption.Authorization = `Yota ${ this.session.sessionData.userId }:${ this.session.sessionData.token}`;
 			}
 		}
 		return headerOption;
@@ -83,12 +83,14 @@ export class HttpWrapperService {
 			});
 		let headers: any = {
 			'Accept': properties.accept,
-			'Content-Type': properties.contentType,
+			//'Content-Type': properties.contentType,
-			'authorization': properties.authorization,
+		}
+		if (properties.authorization !== undefined && properties.authorization !== null) {
+			headers['Authorization'] = properties.authorization;
+		}
+		if (properties.requestType !== HTTPRequestModel.GET) {
+			headers['Content-Type'] = properties.contentType;
 		}
-		/*if (properties.requestType === HTTPRequestModel.GET) {
-			headers['Content-Type'] = undefined;
-		}*/
 		console.log(`disble tocken : ${JSON.stringify(properties)}   properties.disableTocken=${properties.disableTocken}`);
 		if (properties.disableTocken === undefined || properties.disableTocken === null || properties.disableTocken === true) {
 			headers = this.addTokenIfNeeded(headers);
@@ -161,7 +163,7 @@ export class HttpWrapperService {
 	}
 
 
-	createRESTCall2({ api, server, inputOptions }: { server?: string; api: string; inputOptions?: any[]; }) {
+	createRESTCall2({ api, server, inputOptions, addURLToken }: { server?: string; api: string; inputOptions?: any[]; addURLToken?:boolean }) {
 		let basePage = environment.apiUrl;
 		if (server === "karauth") {
 			basePage = environment.apiOAuthUrl;
@@ -182,10 +184,20 @@ export class HttpWrapperService {
 			}
 			out = out + options[iii];
 		}
+		if(this.session.sessionData !== null) {
+			if (addURLToken !== undefined && addURLToken === true) {
+				if(first === false) {
+					out = `${out }&`;
+				} else {
+					out = `${out }?`;
+				}
+				out = out + `Authorization=Yota ${this.session.sessionData.userId}:${this.session.sessionData.token}`;
+			}
+		}
 		return out;
 	}
 
-
+	// Deprecated ...
 	createRESTCall(api: string, inputOptions?: any) {
 		let basePage = environment.apiUrl;
 		let addressServerRest = `${basePage }/`;

front/src/app/service/season.ts

@@ -85,12 +85,18 @@ export class SeasonService {
 		let ret = this.http.deleteSpecific(this.serviceName, id);
 		return this.bdd.delete(this.serviceName, id, ret);
 	}
-
+// deprecated ???	
 	getCoverUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/${coverId}`,
+			addURLToken: true,
+		});
 	}
 	getCoverThumbnailUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/thumbnail/${coverId}`,
+			addURLToken: true,
+		});
 	}
 	deleteCover(nodeId:number,
 		coverId:number) {

front/src/app/service/series.ts

@@ -138,11 +138,17 @@ export class SeriesService {
 	}
 
 	getCoverUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/${coverId}`,
+			addURLToken: true,
+		});
 	}
 
 	getCoverThumbnailUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/thumbnail/${coverId}`,
+			addURLToken: true,
+		});
 	}
 
 	getLike(nameSeries:string):any {

front/src/app/service/type.ts

@@ -170,11 +170,17 @@ export class TypeService {
 		});
 	}
 
-	getCoverUrl(_coverId:number):any {
+	getCoverUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/${ _coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/${coverId}`,
+			addURLToken: true,
+		});
 	}
-	getCoverThumbnailUrl(_coverId:number):any {
+	getCoverThumbnailUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/thumbnail/${ _coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/thumbnail/${coverId}`,
+			addURLToken: true,
+		});
 	}
 }
 

front/src/app/service/video.ts

@@ -48,10 +48,16 @@ export class VideoService {
 		return this.bdd.delete(this.serviceName, id, ret);
 	}
 	getCoverUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/${coverId}`,
+			addURLToken: true,
+		});
 	}
 	getCoverThumbnailUrl(coverId:number):any {
-		return this.http.createRESTCall(`data/thumbnail/${ coverId}`);
+		return this.http.createRESTCall2({
+			api: `data/thumbnail/${coverId}`,
+			addURLToken: true,
+		});
 	}
 
 	uploadFile(file:File,