source: DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/DebugResource.java @ 5892

Last change on this file since 5892 was 5892, checked in by olhsha@mpi.nl, 9 years ago

removed (commented) insecure api that allowed to download pictures from the Internet (URL) to the database

File size: 8.3 KB
Line 
1/*
2 * Copyright (C) 2013 DASISH
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
17 */
18package eu.dasish.annotation.backend.rest;
19
20import eu.dasish.annotation.backend.BackendConstants;
21import eu.dasish.annotation.backend.Helpers;
22import eu.dasish.annotation.backend.NotInDataBaseException;
23import eu.dasish.annotation.backend.Resource;
24import eu.dasish.annotation.schema.AnnotationInfo;
25import eu.dasish.annotation.schema.AnnotationInfoList;
26import eu.dasish.annotation.schema.ObjectFactory;
27import java.io.BufferedReader;
28import java.io.FileReader;
29import java.io.IOException;
30import java.util.ArrayList;
31import java.util.List;
32import java.util.Random;
33import java.util.UUID;
34import javax.servlet.http.HttpServletResponse;
35import javax.ws.rs.GET;
36import javax.ws.rs.PUT;
37import javax.ws.rs.Path;
38import javax.ws.rs.PathParam;
39import javax.ws.rs.Produces;
40import javax.ws.rs.core.MediaType;
41import javax.xml.bind.JAXBElement;
42import org.springframework.stereotype.Component;
43import org.springframework.transaction.annotation.Transactional;
44
45/**
46 *
47 * @author olhsha
48 */
49@Component
50@Path("/debug")
51public class DebugResource extends ResourceResource {
52
53    public static final String developer = "developer";
54   
55   
56    @GET
57    @Produces(MediaType.TEXT_PLAIN)
58    @Path("uuid")
59    public String generateUUID() throws IOException {
60       return (Helpers.generateUUID()).toString();
61    }
62
63    @GET
64    @Produces(MediaType.TEXT_XML)
65    @Path("annotations")
66    @Transactional(readOnly = true)
67    public JAXBElement<AnnotationInfoList> getAllAnnotations() throws IOException {
68        Number remotePrincipalID = this.getPrincipalID();
69        if (remotePrincipalID == null) {
70            return new ObjectFactory().createAnnotationInfoList(new AnnotationInfoList());
71        }
72        String typeOfAccount = dbDispatcher.getTypeOfPrincipalAccount(remotePrincipalID);
73        if (typeOfAccount.equals(admin) || typeOfAccount.equals(developer)) {
74            final AnnotationInfoList annotationInfoList = dbDispatcher.getAllAnnotationInfos();
75            return new ObjectFactory().createAnnotationInfoList(annotationInfoList);
76        } else {
77            this.DEVELOPER_RIGHTS_EXPECTED();
78            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
79            return new ObjectFactory().createAnnotationInfoList(new AnnotationInfoList());
80        }
81    }
82   
83   
84
85    @GET
86    @Produces(MediaType.TEXT_PLAIN)
87    @Path("/logDatabase/{n}")
88    @Transactional(readOnly = true)
89    public String getDasishBackendLog(@PathParam("n") int n) throws IOException {
90        Number remotePrincipalID = this.getPrincipalID();
91        if (remotePrincipalID == null) {
92            return " ";
93        }
94        String typeOfAccount = dbDispatcher.getTypeOfPrincipalAccount(remotePrincipalID);
95        if (typeOfAccount.equals(admin) || typeOfAccount.equals(developer)) {
96            return logFile("eu.dasish.annotation.backend.logDatabaseLocation", n);
97        } else {
98            this.DEVELOPER_RIGHTS_EXPECTED();
99            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
100            return "Coucou.";
101        }
102    }
103
104    @GET
105    @Produces(MediaType.TEXT_PLAIN)
106    @Path("/remoteID")
107    @Transactional(readOnly = true)
108    public String getLoggedInRemoteID() {
109        return (httpServletRequest.getRemoteUser() != null) ? httpServletRequest.getRemoteUser() : "Null";
110    }
111
112    /////
113    @GET
114    @Produces(MediaType.TEXT_PLAIN)
115    @Path("/logServer/{n}")
116    @Transactional(readOnly = true)
117    public String getDasishServerLog(@PathParam("n") int n) throws IOException {
118        Number remotePrincipalID = this.getPrincipalID();
119        if (remotePrincipalID == null) {
120            return " ";
121        }
122        String typeOfAccount = dbDispatcher.getTypeOfPrincipalAccount(remotePrincipalID);
123        if (typeOfAccount.equals(admin) || typeOfAccount.equals(developer)) {
124            return logFile("eu.dasish.annotation.backend.logServerLocation", n);
125        } else {
126            this.DEVELOPER_RIGHTS_EXPECTED();
127            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
128            return "Coucou.";
129        }
130    }
131
132    //////////////////////////////////
133    @PUT
134    @Produces(MediaType.TEXT_XML)
135    @Path("/account/{principalId}/make/{account}")
136    @Transactional(readOnly = true)
137    public String updatePrincipalsAccount(@PathParam("principalId") String principalId, @PathParam("account") String account) throws IOException {
138        Number remotePrincipalID = this.getPrincipalID();
139        if (remotePrincipalID == null) {
140            return " ";
141        }
142        String typeOfAccount = dbDispatcher.getTypeOfPrincipalAccount(remotePrincipalID);
143        if (typeOfAccount.equals(admin)) {
144            try {
145                final boolean update = dbDispatcher.updateAccount(UUID.fromString(principalId), account);
146                return (update ? "The account is updated" : "The account is not updated, see the log.");
147            } catch (NotInDataBaseException e) {
148                httpServletResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
149                return e.toString();
150            }
151        } else {
152            this.ADMIN_RIGHTS_EXPECTED();
153            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
154            return "Coucou.";
155        }
156
157    }
158   
159    //////////////////////////////////
160    @PUT
161    @Produces(MediaType.TEXT_XML)
162    @Path("/resource/{resource}/{oldId: " + BackendConstants.regExpIdentifier + "}/newid/{newId:" + BackendConstants.regExpIdentifier + "}")
163    public String updateResourceIdentifier(@PathParam("resource") String resource, @PathParam("oldId") String oldExternalId, @PathParam("newId") String newExternalId) throws IOException {
164        Number remotePrincipalID = this.getPrincipalID();
165        if (remotePrincipalID == null) {
166            return "null inlogged principal";
167        }
168        String typeOfAccount = dbDispatcher.getTypeOfPrincipalAccount(remotePrincipalID);
169        if (typeOfAccount.equals(admin)) {
170            try {
171                final boolean update = dbDispatcher.updateResourceIdentifier(Resource.valueOf(resource), UUID.fromString(oldExternalId), UUID.fromString(newExternalId));
172                return (update ? "The identifier is updated" : "The account is not updated, see the log.");
173            } catch (NotInDataBaseException e) {
174                httpServletResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
175                return e.toString();
176            }
177        } else {
178            this.ADMIN_RIGHTS_EXPECTED();
179            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
180            return "Dooooeeeii!!";
181        }
182
183    }
184
185    ///////////////////////////////////////////////////
186    private String logFile(String location, int n) throws IOException {
187        BufferedReader read = new BufferedReader(new FileReader(context.getInitParameter(location)));
188        List<String> lines = new ArrayList<String>();
189        StringBuilder result = new StringBuilder();
190        int i = 0;
191        String line;
192        while ((line = read.readLine()) != null) {
193            lines.add(line);
194            i++;
195        }
196        // want to read the last n rows, i.e. the rows (i-1), (i-1-1),...,(i-1-(n-1))
197        int last = (i > n) ? (i - n) : 0;
198        for (int j = i - 1; j >= last; j--) {
199            result.append(lines.get(j)).append("\n");
200        }
201        return result.toString();
202    }
203   
204    private void DEVELOPER_RIGHTS_EXPECTED() throws IOException {
205        loggerServer.debug("The request can be performed only by the principal with the developer's or admin rights. The logged in principal does not have either developer's or admin rights.");
206    }
207}
Note: See TracBrowser for help on using the repository browser.