SystemJspBean.java

/*
 * Copyright (c) 2002-2022, City of Paris
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *  1. Redistributions of source code must retain the above copyright notice
 *     and the following disclaimer.
 *
 *  2. Redistributions in binary form must reproduce the above copyright notice
 *     and the following disclaimer in the documentation and/or other materials
 *     provided with the distribution.
 *
 *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
 *     contributors may be used to endorse or promote products derived from
 *     this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * License 1.0
 */
package fr.paris.lutece.portal.web.system;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import fr.paris.lutece.portal.service.admin.AccessDeniedException;
import fr.paris.lutece.portal.service.admin.AdminUserService;
import fr.paris.lutece.portal.service.datastore.DatastoreService;
import fr.paris.lutece.portal.service.datastore.LocalizedData;
import fr.paris.lutece.portal.service.datastore.LocalizedDataGroup;
import fr.paris.lutece.portal.service.i18n.I18nService;
import fr.paris.lutece.portal.service.security.SecurityTokenService;
import fr.paris.lutece.portal.service.site.properties.SitePropertiesService;
import fr.paris.lutece.portal.service.template.AppTemplateService;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
import fr.paris.lutece.util.html.HtmlTemplate;
import fr.paris.lutece.util.http.SecurityUtil;

/**
 * This class provides the user interface to manage system features ( manage logs, view system files, ... ).
 */
public class SystemJspBean extends AdminFeaturesPageJspBean
{
    // Right
    public static final String RIGHT_PROPERTIES_MANAGEMENT = "CORE_PROPERTIES_MANAGEMENT";
    public static final String RIGHT_LOGS_VISUALISATION = "CORE_LOGS_VISUALISATION";

    // Jsp definition
    public static final String JSP_MANAGE_PROPERTIES = "ManageProperties.jsp";

    /** serial id */
    private static final long serialVersionUID = 3770485521087669430L;

    // Markers
    private static final String MARK_FILES_LIST = "files_list";
    private static final String MARK_FILES_SYSTEM_DIRECTORY = "files_system_directory";
    private static final String MARK_FILES_SYSTEM_NAME = "file_system_name";
    private static final String MARK_FILE_SYSTEM_DATA = "file_system_data";
    private static final String MARK_PROPERTIES_GROUPS_LIST = "groups_list";

    // Template Files path
    private static final String TEMPLATE_MANAGE_FILES_SYSTEM = "admin/system/manage_files_system.html";
    private static final String TEMPLATE_VIEW_FILES_SYSTEM = "admin/system/view_files_system.html";
    private static final String TEMPLATE_VIEW_FILE = "admin/system/view_file.html";

    private static final String TEMPLATE_MODIFY_PROPERTIES = "admin/system/modify_properties.html";

    // Parameters
    private static final String PARAMETER_FILE = "file";
    private static final String PARAMETER_DIRECTORY = "directory";
    private static final String PARAMETER_DIR = "dir";

    // Properties file definition
    private static final String PROPERTY_FILES_SYSTEM_LIST = "system.list";
    private static final String PROPERTY_TITLE_MANAGE_FILES_SYSTEM = "portal.system.manage_files_system.pageTitle";
    private static final String PROPERTY_FILE_DESCRIPTION = "portal.system.manage_files_system.description.";
    private static final String PROPERTY_FILE_NAME = "portal.system.manage_files_system.name.";
    private static final String PROPERTY_TITLE_VIEW_FILES_SYSTEM = "portal.system.view_files_system.pageTitle";
    private static final String PROPERTY_TITLE_VIEW_FILE = "portal.system.view_file.pageTitle";
    private static final String MARK_WEBAPP_URL = "webapp_url";
    private static final String MARK_LOCALE = "locale";

    /**
     * Returns ViewLogs page
     *
     * @param request
     *            The HTTP request.
     * @return The HTML code
     */
    public String getManageFilesSystem( HttpServletRequest request )
    {
        setPageTitleProperty( PROPERTY_TITLE_MANAGE_FILES_SYSTEM );
        ArrayList<SystemFile> list = new ArrayList<>( );

        for ( String strDirectory : getDirectories( ) )
        {
            SystemFile file = new SystemFile( );
            file.setName( I18nService.getLocalizedString( PROPERTY_FILE_NAME + strDirectory, request.getLocale( ) ) );
            file.setDescription( I18nService.getLocalizedString( PROPERTY_FILE_DESCRIPTION + strDirectory, request.getLocale( ) ) );
            file.setDirectory( AppPropertiesService.getProperty( "system." + strDirectory + ".directory" ) );
            list.add( file );
        }

        Map<String, Collection<SystemFile>> model = new HashMap<>( );
        model.put( MARK_FILES_LIST, list );

        HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_FILES_SYSTEM, getLocale( ), model );

        return getAdminPage( template.getHtml( ) );
    }

    /**
     * Get directory list
     *
     * @param request
     *            The request
     * @return The html code
     */
    public String getManageFilesSystemDir( HttpServletRequest request )
    {
        setPageTitleProperty( PROPERTY_TITLE_VIEW_FILES_SYSTEM );
        String strDir = request.getParameter( PARAMETER_DIR );

        if ( !isValidDirectoryPath( strDir ) )
        {
            return getManageFilesSystem( request );
        }

        String strDirectory = AppPathService.getWebAppPath( ) + strDir;
        File directory = new File( strDirectory );
        ArrayList<SystemFile> listFiles = new ArrayList<>( );
        for ( File file : directory.listFiles( ) )
        {
            SystemFile sFile = new SystemFile( );
            sFile.setName( file.getName( ) );
            sFile.setDirectory( strDir );
            sFile.setSize( (int) ( file.length( ) / 1000 ) + 1 );
            sFile.setDate( new Date( file.lastModified( ) ) );
            listFiles.add( sFile );
        }
        Collections.sort( listFiles );

        Map<String, Serializable> model = new HashMap<>( );
        model.put( MARK_FILES_LIST, listFiles );
        model.put( MARK_FILES_SYSTEM_DIRECTORY, strDir );

        HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_VIEW_FILES_SYSTEM, getLocale( ), model );

        return getAdminPage( template.getHtml( ) );
    }

    // //////////////////////////////////////////////////////////////////////////
    // Methods to display a system file
    /**
     * Returns a FileView page
     *
     * @param request
     *            The HTTP request.
     * @return The HTML code
     */
    public String getFileView( HttpServletRequest request )
    {
        Map<String, Object> model = new HashMap<>( );
        setPageTitleProperty( PROPERTY_TITLE_VIEW_FILE );

        String strFileData;
        String strFile = request.getParameter( PARAMETER_FILE );
        String strDirectory = request.getParameter( PARAMETER_DIRECTORY );

        if ( strFile == null )
        {
            strFileData = "ERROR : No file selected !";
        }
        else
            if ( !isValidDirectoryPath( strDirectory ) )
            {
                strFileData = "ERROR : Invalid directory !";
            }
            else
            {
                String strFilePath = AppPathService.getWebAppPath( );

                if ( strFilePath != null && !SecurityUtil.containsPathManipulationChars( request, strFile ) )
                {
                    strFileData = getFileData( strFilePath + strDirectory + strFile );
                }
                else
                {
                    strFileData = "ERROR : " + strFile + " not found !";
                }
            }

        model.put( MARK_FILES_SYSTEM_NAME, strDirectory + strFile );
        model.put( MARK_FILE_SYSTEM_DATA, strFileData );
        model.put( MARK_FILES_SYSTEM_DIRECTORY, strDirectory );

        HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_VIEW_FILE, getLocale( ), model );

        return getAdminPage( template.getHtml( ) );
    }

    /**
     * Returns the form to update info about the webmaster.properties
     *
     * @param request
     *            The Http request
     * @return The HTML form to update info
     */
    public String getManageProperties( HttpServletRequest request )
    {
        Map<String, Object> model = new HashMap<>( );
        model.put( MARK_PROPERTIES_GROUPS_LIST, SitePropertiesService.getGroups( getLocale( ) ) );
        model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
        model.put( MARK_LOCALE, getLocale( ).getLanguage( ) );
        model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_MODIFY_PROPERTIES ) );

        HtmlTemplate templateList = AppTemplateService.getTemplate( TEMPLATE_MODIFY_PROPERTIES, getLocale( ), model );

        return getAdminPage( templateList.getHtml( ) );
    }

    /**
     * Process the change form of the webmaster.properties
     *
     * @param request
     *            The Http request
     * @param context
     *            The context
     * @return The Jsp URL of the process result
     * @throws AccessDeniedException
     *             if the security token is invalid
     */
    public static String doModifyProperties( HttpServletRequest request, ServletContext context ) throws AccessDeniedException
    {
        if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_MODIFY_PROPERTIES ) )
        {
            throw new AccessDeniedException( ERROR_INVALID_TOKEN );
        }
        List<LocalizedDataGroup> groups = SitePropertiesService.getGroups( AdminUserService.getAdminUser( request ).getLocale( ) );

        for ( LocalizedDataGroup group : groups )
        {
            List<LocalizedData> datas = group.getLocalizedDataList( );

            for ( LocalizedData data : datas )
            {
                String strValue = request.getParameter( data.getKey( ) );

                if ( ( strValue != null ) && !data.getValue( ).equals( strValue ) )
                {
                    DatastoreService.setDataValue( data.getKey( ), strValue );
                }
            }
        }

        // if the operation occurred well, redirects towards the view of the Properties
        return JSP_MANAGE_PROPERTIES;
    }

    // /////////////////////////////////////////////////////////////////////////////
    // Private Implementation
    /**
     * Returns the content of a file.
     *
     * @param strFilePath
     *            The file Path
     * @return The content of the file.
     */
    private static String getFileData( String strFilePath )
    {
        StringBuilder sbData = new StringBuilder( );

        try ( FileInputStream fis = new FileInputStream( strFilePath ) )
        {
            int chr = 0;

            while ( chr != -1 )
            {
                chr = fis.read( );
                sbData.append( (char) chr );
            }

            // we delete the end of file character
            sbData.setLength( sbData.length( ) - 1 );
        }
        catch( FileNotFoundException e )
        {
            sbData.append( "ERROR : File " ).append( strFilePath ).append( " not found" );
        }
        catch( IOException e )
        {
            sbData.append( "ERROR : Error reading the file : " ).append( strFilePath );
        }
        return sbData.toString( );
    }

    /**
     * Returns all authorized directories
     * 
     * @return a directories array
     */
    private String [ ] getDirectories( )
    {
        String strDirectories = AppPropertiesService.getProperty( PROPERTY_FILES_SYSTEM_LIST );
        return strDirectories.split( "," );
    }

    /**
     * Checks if a given path is among the authorized list
     * 
     * @param strPath
     *            The path to check
     * @return true if authorized
     */
    private boolean isValidDirectoryPath( String strPath )
    {
        for ( String strFileSystemName : getDirectories( ) )
        {
            String strDirectoryPath = AppPropertiesService.getProperty( "system." + strFileSystemName + ".directory" );

            if ( strDirectoryPath.equals( strPath ) )
            {
                return true;
            }
        }
        return false;
    }

}