diff --git a/pom.xml b/pom.xml index 8e562d1de..64c20a4a6 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ Provides a modern and scalable web server as SIRIUS module - 13.20 + 14.0 diff --git a/src/main/java/sirius/tagliatelle/compiler/Compiler.java b/src/main/java/sirius/tagliatelle/compiler/Compiler.java index 9aa367419..569064eea 100644 --- a/src/main/java/sirius/tagliatelle/compiler/Compiler.java +++ b/src/main/java/sirius/tagliatelle/compiler/Compiler.java @@ -130,7 +130,6 @@ private List processCollectedErrors() throws CompileException { return compileErrors; } - /** * Verifies all macro calls to ensure their integrity. */ @@ -148,7 +147,7 @@ private void verifyMacros() { private Expression verifyMacro(Position pos, Expression expr) { if (expr instanceof MacroCall) { try { - ((MacroCall) expr).verify(context,pos); + ((MacroCall) expr).verify(context, pos); } catch (IllegalArgumentException ex) { context.error(pos, "Invalid parameters for macro: %s: %s", expr, ex.getMessage()); } @@ -195,11 +194,10 @@ protected CompositeEmitter parseBlock(@Nullable TagHandler parentHandler, @Nulla return block; } - if (processTag(parentHandler, block, staticText) || processExpression(block)) { - if (!reader.current().isEndOfInput()) { - staticText = new ConstantEmitter(reader.current()); - block.addChild(staticText); - } + if ((processTag(parentHandler, block, staticText) || processExpression(block)) && !reader.current() + .isEndOfInput()) { + staticText = new ConstantEmitter(reader.current()); + block.addChild(staticText); } } @@ -405,7 +403,7 @@ private void handleTag(TagHandler handler, CompositeEmitter block) { private void parseAttributes(TagHandler handler) { while (true) { skipWhitespaces(); - if (reader.current().isEndOfInput() || reader.current().is('>','/')) { + if (reader.current().isEndOfInput() || reader.current().is('>', '/')) { break; } String name = parseName(); diff --git a/src/main/java/sirius/tagliatelle/compiler/Parser.java b/src/main/java/sirius/tagliatelle/compiler/Parser.java index d957bb03e..c400b2300 100644 --- a/src/main/java/sirius/tagliatelle/compiler/Parser.java +++ b/src/main/java/sirius/tagliatelle/compiler/Parser.java @@ -454,11 +454,12 @@ private Expression handleSpecialMethods(Expression self, String methodName, List } } - if ("is".equals(methodName) && parameters.size() == 1 && (parameters.get(0) instanceof ConstantClass)) { - if (!Transformable.class.isAssignableFrom(self.getType())) { - Class type = (Class) parameters.get(0).eval(null); - return new InstanceCheck(self, type); - } + if ("is".equals(methodName) + && parameters.size() == 1 + && (parameters.get(0) instanceof ConstantClass) + && !Transformable.class.isAssignableFrom(self.getType())) { + Class type = (Class) parameters.get(0).eval(null); + return new InstanceCheck(self, type); } return null; diff --git a/src/main/java/sirius/tagliatelle/expression/MethodCall.java b/src/main/java/sirius/tagliatelle/expression/MethodCall.java index 8a9db681f..c10942dc9 100644 --- a/src/main/java/sirius/tagliatelle/expression/MethodCall.java +++ b/src/main/java/sirius/tagliatelle/expression/MethodCall.java @@ -9,6 +9,7 @@ package sirius.tagliatelle.expression; import parsii.tokenizer.Char; +import sirius.kernel.commons.Explain; import sirius.kernel.commons.Strings; import sirius.kernel.health.Exceptions; import sirius.tagliatelle.Tagliatelle; @@ -253,10 +254,8 @@ private Method findMethod(Class type, String name, Class[] parameterTypes) // Try to find an appropriate method using coercions known to the system... for (Method m : type.getMethods()) { - if (signatureMatch(m, name, parameterTypes)) { - if (checkSandbox(m)) { - return m; - } + if (signatureMatch(m, name, parameterTypes) && checkSandbox(m)) { + return m; } } @@ -299,20 +298,39 @@ private boolean signatureMatch(Method method, String name, Class[] parameterT return ensureEnoughParameters(method, parameterTypes); } + @SuppressWarnings("squid:S3776") + @Explain("As this involves a stateful complex check, we rather keep all checks in one place.") private boolean checkParameterTypes(Method method, Class[] parameterTypes) { Class varargType = null; for (int i = 0; i < parameterTypes.length; i++) { Class parameterType = parameterTypes[i]; - if (i == method.getParameterCount() - 1 && method.getParameterTypes()[i].isArray()) { - varargType = method.getParameterTypes()[i].getComponentType(); - } - if (i >= method.getParameterCount() || !Tagliatelle.isAssignableTo(parameterType, - method.getParameterTypes()[i])) { - if (varargType == null || !Tagliatelle.isAssignableTo(parameterType, varargType)) { + Class methodParameterType = i < method.getParameterCount() ? method.getParameterTypes()[i] : varargType; + + // If the last parameter is an array, we have to determine its component type as this might be + // a var-arg call... + if (method.isVarArgs() && i == method.getParameterCount() - 1 && methodParameterType.isArray()) { + varargType = methodParameterType.getComponentType(); + + // For a var-arg parameter, the last parameter has either to be the exact same type (an array) + // or it has to match the vararg type + if (!Tagliatelle.isAssignableTo(parameterType, methodParameterType) && !Tagliatelle.isAssignableTo( + parameterType, + varargType)) { return false; } + + // If we matched the original array type, we cannot support additional vararg parameters, + // therefore the argument count must match... + if (!Tagliatelle.isAssignableTo(parameterType, varargType) + && parameterTypes.length > method.getParameterCount()) { + return false; + } + } else if (methodParameterType == null || !Tagliatelle.isAssignableTo(parameterType, methodParameterType)) { + // For all other parameters (than the last) we simply ensure, that the parameter type is assignable... + return false; } } + return true; } @@ -320,17 +338,11 @@ private boolean ensureEnoughParameters(Method method, Class[] parameterTypes) // The method accepts all given parameters, now ensure, that we also provide enough parameters for the method... if (!method.isVarArgs()) { // No varargs -> parameters must match exactly... - if (method.getParameterTypes().length != parameterTypes.length) { - return false; - } + return method.getParameterTypes().length == parameterTypes.length; } else { // Varary -> we can at most skip the last parameter... - if (parameterTypes.length < method.getParameterTypes().length - 1) { - return false; - } + return parameterTypes.length >= method.getParameterTypes().length - 1; } - - return true; } @Override diff --git a/src/main/java/sirius/web/controller/ControllerDispatcher.java b/src/main/java/sirius/web/controller/ControllerDispatcher.java index 66f8ae9a8..5536c3edc 100644 --- a/src/main/java/sirius/web/controller/ControllerDispatcher.java +++ b/src/main/java/sirius/web/controller/ControllerDispatcher.java @@ -121,13 +121,13 @@ private void preparePerformRoute(WebContext ctx, List params, InputStreamHandler inputStreamHandler) { try { - if (firewall != null && !route.getMethod().isAnnotationPresent(Unlimited.class)) { - if (firewall.handleRateLimiting(ctx, - Optional.ofNullable(route.getMethod().getAnnotation(Limited.class)) - .map(Limited::value) - .orElse(Limited.HTTP))) { - return; - } + if (firewall != null + && !route.getMethod().isAnnotationPresent(Unlimited.class) + && firewall.handleRateLimiting(ctx, + Optional.ofNullable(route.getMethod().getAnnotation(Limited.class)) + .map(Limited::value) + .orElse(Limited.HTTP))) { + return; } // Inject WebContext as first parameter... diff --git a/src/main/java/sirius/web/controller/Page.java b/src/main/java/sirius/web/controller/Page.java index 7023735e1..cf179f68b 100644 --- a/src/main/java/sirius/web/controller/Page.java +++ b/src/main/java/sirius/web/controller/Page.java @@ -11,7 +11,6 @@ import com.google.common.collect.Lists; import sirius.kernel.cache.ValueComputer; import sirius.kernel.commons.Limit; -import sirius.kernel.commons.Monoflop; import sirius.kernel.commons.Strings; import sirius.kernel.nls.NLS; import sirius.web.http.WebContext; @@ -449,62 +448,4 @@ public boolean hasFacets() { public int getPageSize() { return pageSize; } - - private boolean addQueryToQueryString(String field, - String value, - StringBuilder queryStringBuilder, - Monoflop ampersandPlaced) { - if (PARAM_QUERY.equals(field)) { - queryStringBuilder.append(ampersandPlaced.firstCall() ? "" : "&"); - queryStringBuilder.append("query="); - queryStringBuilder.append(Strings.urlEncode(value)); - return true; - } - - if (Strings.isFilled(query)) { - queryStringBuilder.append(ampersandPlaced.firstCall() ? "" : "&"); - queryStringBuilder.append("query="); - queryStringBuilder.append(Strings.urlEncode(query)); - } - return false; - } - - private boolean addStartToQueryString(String field, - String value, - StringBuilder queryStringBuilder, - Monoflop ampersandPlaced) { - queryStringBuilder.append(ampersandPlaced.firstCall() ? "" : "&"); - queryStringBuilder.append("start="); - if (PARAM_START.equals(field)) { - queryStringBuilder.append(value); - return true; - } else { - queryStringBuilder.append(start); - return false; - } - } - - private boolean createQueryStringForFacets(String field, - String value, - StringBuilder queryStringBuilder, - Monoflop ampersandPlaced) { - boolean fieldFound = false; - for (Facet f : getFacets()) { - if (Strings.areEqual(field, f.getName())) { - fieldFound = true; - if (Strings.isFilled(value)) { - queryStringBuilder.append(ampersandPlaced.firstCall() ? "" : "&"); - queryStringBuilder.append(field); - queryStringBuilder.append("="); - queryStringBuilder.append(Strings.urlEncode(value)); - } - } else if (Strings.isFilled(f.getValue())) { - queryStringBuilder.append(ampersandPlaced.firstCall() ? "" : "&"); - queryStringBuilder.append(f.getName()); - queryStringBuilder.append("="); - queryStringBuilder.append(Strings.urlEncode(f.getValue())); - } - } - return fieldFound; - } } diff --git a/src/main/java/sirius/web/dispatch/AssetsDispatcher.java b/src/main/java/sirius/web/dispatch/AssetsDispatcher.java index 52ae28e16..0252fd24a 100644 --- a/src/main/java/sirius/web/dispatch/AssetsDispatcher.java +++ b/src/main/java/sirius/web/dispatch/AssetsDispatcher.java @@ -172,9 +172,7 @@ private boolean trySASS(WebContext ctx, String uri, Response response) { try { compileSASS(scssUri, file); } catch (Exception t) { - if (!file.delete()) { - Templates.LOG.WARN("Cannot delete temporary file: %s", file.getAbsolutePath()); - } + Files.delete(file); ctx.respondWith().error(HttpResponseStatus.INTERNAL_SERVER_ERROR, Exceptions.handle(Templates.LOG, t)); return true; } diff --git a/src/main/java/sirius/web/dispatch/HelpDispatcher.java b/src/main/java/sirius/web/dispatch/HelpDispatcher.java index f4aaac5f2..df4dbbf5b 100644 --- a/src/main/java/sirius/web/dispatch/HelpDispatcher.java +++ b/src/main/java/sirius/web/dispatch/HelpDispatcher.java @@ -86,10 +86,8 @@ public boolean dispatch(WebContext ctx) throws Exception { Tuple langAndTopic = Strings.split(uri.substring(HELP_PREFIX_LENGTH), "/"); boolean languageFound = setupLang(langAndTopic.getFirst()); - if (!languageFound || Strings.isFilled(langAndTopic.getSecond())) { - if (serveTopic(ctx, uri)) { - return true; - } + if ((!languageFound || Strings.isFilled(langAndTopic.getSecond())) && serveTopic(ctx, uri)) { + return true; } if (!languageFound || Strings.areEqual(langAndTopic.getFirst(), NLS.getDefaultLanguage())) { diff --git a/src/main/java/sirius/web/http/HttpPipeliningHandler.java b/src/main/java/sirius/web/http/HttpPipeliningHandler.java index 0bda13b7a..c1cde6977 100644 --- a/src/main/java/sirius/web/http/HttpPipeliningHandler.java +++ b/src/main/java/sirius/web/http/HttpPipeliningHandler.java @@ -55,11 +55,9 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception // If a conflicting request was put aside in the bufferedRequests list, we can safely // ignore the empty LastHttpContent for it - we will emulate this in write - if (msg instanceof LastHttpContent) { - if (((LastHttpContent) msg).content().readableBytes() == 0) { - ((LastHttpContent) msg).release(); - return; - } + if (msg instanceof LastHttpContent && ((LastHttpContent) msg).content().readableBytes() == 0) { + ((LastHttpContent) msg).release(); + return; } // If any other content is received (that would be another POST for example, we give up!) There diff --git a/src/main/java/sirius/web/http/LowLevelHandler.java b/src/main/java/sirius/web/http/LowLevelHandler.java index 4b59662a8..b64380f50 100644 --- a/src/main/java/sirius/web/http/LowLevelHandler.java +++ b/src/main/java/sirius/web/http/LowLevelHandler.java @@ -35,15 +35,13 @@ public void connect(ChannelHandlerContext ctx, WebServer.connections.set(0); } IPRange.RangeSet filter = WebServer.getIPFilter(); - if (!filter.isEmpty()) { - if (!filter.accepts(((InetSocketAddress) remoteAddress).getAddress())) { - if (WebServer.blocks.incrementAndGet() < 0) { - WebServer.blocks.set(0); - } - ctx.channel().close(); - future.setSuccess(); - return; + if (!filter.isEmpty() && !filter.accepts(((InetSocketAddress) remoteAddress).getAddress())) { + if (WebServer.blocks.incrementAndGet() < 0) { + WebServer.blocks.set(0); } + ctx.channel().close(); + future.setSuccess(); + return; } super.connect(ctx, remoteAddress, localAddress, future); } diff --git a/src/main/java/sirius/web/http/Response.java b/src/main/java/sirius/web/http/Response.java index 8f343202f..be2d2887e 100644 --- a/src/main/java/sirius/web/http/Response.java +++ b/src/main/java/sirius/web/http/Response.java @@ -9,6 +9,7 @@ package sirius.web.http; import com.google.common.base.Charsets; +import com.google.common.collect.ImmutableSet; import com.ning.http.client.AsyncHttpClient; import com.ning.http.client.AsyncHttpClientConfig; import io.netty.buffer.ByteBuf; @@ -54,6 +55,7 @@ import sirius.web.resources.Resources; import sirius.web.services.JSONStructuredOutput; +import javax.annotation.Nonnull; import javax.annotation.Nullable; import java.io.File; import java.io.OutputStream; @@ -67,6 +69,7 @@ import java.util.Locale; import java.util.Map; import java.util.Optional; +import java.util.Set; import java.util.TimeZone; import java.util.concurrent.TimeUnit; import java.util.function.Consumer; @@ -100,15 +103,16 @@ public class Response { */ private static final String SIRIUS_DEBUG_COOKIE = "SIRIUS.WEB.DEBUG.LEVEL"; - /* - * Caches the GMT TimeZone (lookup is synchronized) + /** + * Contains a set of parameter names which are censored in any output as we do not want to log user passwords etc. */ - private static final TimeZone TIME_ZONE_GMT = TimeZone.getTimeZone("GMT"); + private static final Set CENSORED_LOWERCASE_PARAMETER_NAMES = + ImmutableSet.of("password", "passphrase", "secret", "secretKey"); /* - * Contains the file extension used by HTML + * Caches the GMT TimeZone (lookup is synchronized) */ - private static final String FILETYPE_HTML = ".html"; + private static final TimeZone TIME_ZONE_GMT = TimeZone.getTimeZone("GMT"); /* * Contains the content type used for html @@ -339,10 +343,8 @@ private void updateStatistics(HttpResponseStatus status) { if (WebServer.serverErrors.incrementAndGet() < 0) { WebServer.serverErrors.set(0); } - } else if (status.code() >= 400) { - if (WebServer.clientErrors.incrementAndGet() < 0) { - WebServer.clientErrors.set(0); - } + } else if (status.code() >= 400 && WebServer.clientErrors.incrementAndGet() < 0) { + WebServer.clientErrors.set(0); } } @@ -473,12 +475,21 @@ private void updateResponseTimeMetrics(CallContext callContext) { wc.getRequestedURL(), wc.getParameterNames() .stream() - .map(param -> param + ": " + Strings.limit(wc.get(param).asString(), 50)) + .map(param -> param + ": " + censor(param)) .collect(Collectors.joining("\n")), callContext); } } + @Nonnull + private String censor(@Nonnull String parameterName) { + if (CENSORED_LOWERCASE_PARAMETER_NAMES.contains(parameterName.toLowerCase())) { + return "(censored)"; + } else { + return Strings.limit(wc.get(parameterName).asString(), 50); + } + } + private void handleKeepalive(boolean keepalive, ChannelFuture future) { if (!keepalive) { if (WebServer.LOG.isFINE()) { @@ -520,14 +531,12 @@ private void completeAndClose(ChannelFuture future) { */ public boolean handleIfModifiedSince(long lastModifiedInMillis) { long ifModifiedSinceDateSeconds = wc.getDateHeader(HttpHeaderNames.IF_MODIFIED_SINCE) / 1000; - if (ifModifiedSinceDateSeconds > 0 && lastModifiedInMillis > 0) { - if (ifModifiedSinceDateSeconds >= lastModifiedInMillis / 1000) { - setDateAndCacheHeaders(lastModifiedInMillis, - cacheSeconds == null ? HTTP_CACHE : cacheSeconds, - isPrivate); - status(HttpResponseStatus.NOT_MODIFIED); - return true; - } + if (ifModifiedSinceDateSeconds > 0 + && lastModifiedInMillis > 0 + && ifModifiedSinceDateSeconds >= lastModifiedInMillis / 1000) { + setDateAndCacheHeaders(lastModifiedInMillis, cacheSeconds == null ? HTTP_CACHE : cacheSeconds, isPrivate); + status(HttpResponseStatus.NOT_MODIFIED); + return true; } return false; @@ -1172,15 +1181,6 @@ public void template(HttpResponseStatus status, Template template, Object... par } } - private void setupContentType(Template template) { - String fileName = template.getEffectiveFileName(); - if (fileName.endsWith(FILETYPE_HTML)) { - setHeader(HttpHeaderNames.CONTENT_TYPE, CONTENT_TYPE_HTML); - } else { - setContentTypeHeader(fileName); - } - } - private void handleTemplateError(String name, Exception e) { throw Exceptions.handle() .to(Tagliatelle.LOG) diff --git a/src/main/java/sirius/web/http/SmartHttpContentCompressor.java b/src/main/java/sirius/web/http/SmartHttpContentCompressor.java index f2416e7de..f830951e0 100644 --- a/src/main/java/sirius/web/http/SmartHttpContentCompressor.java +++ b/src/main/java/sirius/web/http/SmartHttpContentCompressor.java @@ -35,10 +35,11 @@ class SmartHttpContentCompressor extends HttpContentCompressor { @Override protected Result beginEncode(HttpResponse res, String acceptEncoding) throws Exception { - if (!(res instanceof FullHttpResponse)) { - if (!res.headers().contains(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.CHUNKED, true)) { - return null; - } + if (!(res instanceof FullHttpResponse) && !res.headers() + .contains(HttpHeaderNames.TRANSFER_ENCODING, + HttpHeaderValues.CHUNKED, + true)) { + return null; } // If the content type is not compressable (jpg, png ...), we skip compression diff --git a/src/main/java/sirius/web/http/WebContext.java b/src/main/java/sirius/web/http/WebContext.java index 778d33f30..3000b074f 100644 --- a/src/main/java/sirius/web/http/WebContext.java +++ b/src/main/java/sirius/web/http/WebContext.java @@ -15,7 +15,7 @@ import com.google.common.collect.Maps; import com.google.common.collect.Sets; import com.google.common.hash.Hashing; -import com.google.common.io.Files; +import com.google.common.io.ByteStreams; import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBufInputStream; import io.netty.channel.ChannelHandlerContext; @@ -37,6 +37,7 @@ import sirius.kernel.async.CallContext; import sirius.kernel.async.SubContext; import sirius.kernel.commons.Callback; +import sirius.kernel.commons.Files; import sirius.kernel.commons.Strings; import sirius.kernel.commons.Tuple; import sirius.kernel.commons.Value; @@ -1691,11 +1692,13 @@ public File getContentAsCopy() throws IOException { } File result = File.createTempFile("http", ""); - if (!content.isInMemory()) { - Files.copy(content.getFile(), result); - } else { - try (FileOutputStream outputStream = new FileOutputStream(result)) { + try (FileOutputStream outputStream = new FileOutputStream(result)) { + if (content.isInMemory()) { outputStream.write(content.get()); + } else { + try (FileInputStream inputStream = new FileInputStream(content.getFile())) { + ByteStreams.copy(inputStream, outputStream); + } } } @@ -1773,15 +1776,15 @@ public JSONObject getJSONContent() { .withSystemErrorMessage("Expected a valid JSON map as body of this request.") .handle(); } - if (!content.isInMemory()) { - if (content.getFile().length() > maxStructuredInputSize && maxStructuredInputSize > 0) { - throw Exceptions.handle() - .to(WebServer.LOG) - .withSystemErrorMessage( - "Request body is too large to parse as JSON. The limit is %d bytes", - maxStructuredInputSize) - .handle(); - } + if (!content.isInMemory() + && content.getFile().length() > maxStructuredInputSize + && maxStructuredInputSize > 0) { + throw Exceptions.handle() + .to(WebServer.LOG) + .withSystemErrorMessage( + "Request body is too large to parse as JSON. The limit is %d bytes", + maxStructuredInputSize) + .handle(); } return JSON.parseObject(content.getString(getRequestEncoding())); } catch (HandledException e) { @@ -1947,24 +1950,12 @@ private void cleanupFiles() { } for (File file : filesToCleanup) { - saveDeleteFile(file); + Files.delete(file); } filesToCleanup = null; } - private void saveDeleteFile(File file) { - try { - if (file != null && file.exists()) { - if (!file.delete()) { - WebServer.LOG.WARN("Cannot delete temporary file: %s", file.getAbsolutePath()); - } - } - } catch (Exception e) { - Exceptions.handle(WebServer.LOG, e); - } - } - /** * Returns a token which can be added to dynamic asset-URLS (/asset/dynamic/TOKEN/...). *

@@ -2006,7 +1997,7 @@ public String toString() { if (request == null) { return result; } - + return result + request.toString(); } diff --git a/src/main/java/sirius/web/http/WebServerHandler.java b/src/main/java/sirius/web/http/WebServerHandler.java index 04efa2ed2..5f809517b 100644 --- a/src/main/java/sirius/web/http/WebServerHandler.java +++ b/src/main/java/sirius/web/http/WebServerHandler.java @@ -231,10 +231,9 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exc * @return true if keepalive is still supported, false otherwise. */ public boolean shouldKeepAlive() { - if (!WebServer.getProxyIPs().isEmpty()) { - if (WebServer.getProxyIPs().accepts(((InetSocketAddress) this.remoteAddress).getAddress())) { - return true; - } + if (!WebServer.getProxyIPs().isEmpty() && WebServer.getProxyIPs() + .accepts(((InetSocketAddress) this.remoteAddress).getAddress())) { + return true; } return numKeepAlive-- > 0; @@ -300,10 +299,8 @@ private void channelReadHttpContent(Object msg) throws IOException { return; } boolean last = msg instanceof LastHttpContent; - if (!last) { - if (WebServer.chunks.incrementAndGet() < 0) { - WebServer.chunks.set(0); - } + if (!last && WebServer.chunks.incrementAndGet() < 0) { + WebServer.chunks.set(0); } if (currentContext.contentHandler != null) { CallContext.setCurrent(currentCall); @@ -561,13 +558,12 @@ private void processContent(HttpContent chunk) { File file = currentContext.content.getFile(); checkUploadFileLimits(file); } - } else if (!(chunk instanceof LastHttpContent)) { - if (!HttpMethod.POST.equals(currentRequest.method()) - && !HttpMethod.PUT.equals(currentRequest.method())) { - currentContext.respondWith() - .error(HttpResponseStatus.BAD_REQUEST, "Only POST or PUT may sent chunked data"); - currentRequest = null; - } + } else if (!(chunk instanceof LastHttpContent) + && !HttpMethod.POST.equals(currentRequest.method()) + && !HttpMethod.PUT.equals(currentRequest.method())) { + currentContext.respondWith() + .error(HttpResponseStatus.BAD_REQUEST, "Only POST or PUT may sent chunked data"); + currentRequest = null; } } catch (Exception ex) { currentContext.respondWith() @@ -629,12 +625,6 @@ private boolean preDispatch() { return getPipeline().preDispatch(currentContext); } - private void logPredispatched(String msg) { - if (WebServer.LOG.isFINE()) { - WebServer.LOG.FINE(msg); - } - } - /* * Dispatches the completely read request. */ diff --git a/src/main/java/sirius/web/resources/LocalPathResolver.java b/src/main/java/sirius/web/resources/LocalPathResolver.java index 12bc98cce..9cbec6785 100644 --- a/src/main/java/sirius/web/resources/LocalPathResolver.java +++ b/src/main/java/sirius/web/resources/LocalPathResolver.java @@ -86,10 +86,8 @@ private boolean isReady() { baseDirFound = false; } else { getBaseDir(); - if (!baseDir.exists()) { - if (!DEFAULT_BASE_DIR.equals(localResourcePath)) { - Resources.LOG.WARN(CHECK_MSG, localResourcePath, baseDir.getAbsolutePath()); - } + if (!baseDir.exists() && !DEFAULT_BASE_DIR.equals(localResourcePath)) { + Resources.LOG.WARN(CHECK_MSG, localResourcePath, baseDir.getAbsolutePath()); } baseDirFound = baseDir.exists(); } diff --git a/src/main/java/sirius/web/security/Permissions.java b/src/main/java/sirius/web/security/Permissions.java index 5458b6e99..87d86bd10 100644 --- a/src/main/java/sirius/web/security/Permissions.java +++ b/src/main/java/sirius/web/security/Permissions.java @@ -12,7 +12,6 @@ import sirius.kernel.Sirius; import sirius.kernel.commons.Explain; import sirius.kernel.commons.Strings; -import sirius.kernel.di.std.ConfigValue; import sirius.kernel.health.Log; import sirius.kernel.nls.NLS; import sirius.kernel.settings.Extension; diff --git a/src/main/java/sirius/web/security/ScopeInfo.java b/src/main/java/sirius/web/security/ScopeInfo.java index e35355505..bd2f586d1 100644 --- a/src/main/java/sirius/web/security/ScopeInfo.java +++ b/src/main/java/sirius/web/security/ScopeInfo.java @@ -179,7 +179,6 @@ public boolean is(@Nonnull Class type) { return super.is(type); } - @SuppressWarnings("unchecked") @Override public Optional tryAs(@Nonnull Class adapterType) { Transformable userObject = getScopeObject(Transformable.class); @@ -420,9 +419,9 @@ private static void collectDefaultConfigFiles(Map configFiles, V public UserSettings getSettings() { if (settings == null) { if (configSupplier != null) { - settings = new UserSettings(configSupplier.apply(this).withFallback(getScopeDefaultConfig())); + settings = new UserSettings(configSupplier.apply(this).withFallback(getScopeDefaultConfig()), false); } else { - settings = new UserSettings(getScopeDefaultConfig()); + settings = new UserSettings(getScopeDefaultConfig(), false); } } diff --git a/src/main/java/sirius/web/security/UserSettings.java b/src/main/java/sirius/web/security/UserSettings.java index b80354af6..6ad68bdad 100644 --- a/src/main/java/sirius/web/security/UserSettings.java +++ b/src/main/java/sirius/web/security/UserSettings.java @@ -21,9 +21,11 @@ public class UserSettings extends ExtendedSettings { * Creates a new wrapper for the given config. * * @param config the config to wrap + * @param strict determines if the config is strict. A strict config will log an error if an unkown path is + * requested */ - public UserSettings(Config config) { - super(config); + public UserSettings(Config config, boolean strict) { + super(config, strict); } /** diff --git a/src/main/java/sirius/web/services/ServiceDispatcher.java b/src/main/java/sirius/web/services/ServiceDispatcher.java index 2b52d6b35..1d8e818b8 100644 --- a/src/main/java/sirius/web/services/ServiceDispatcher.java +++ b/src/main/java/sirius/web/services/ServiceDispatcher.java @@ -102,14 +102,13 @@ private Tuple parsePath(WebContext ctx, String u private void invokeService(WebContext ctx, ServiceCall call, StructuredService serv) { TaskContext.get().setSystem(SYSTEM_SERVICE).setSubSystem(serv.getClass().getSimpleName()); - // Check firewall - if (firewall != null && !serv.getClass().isAnnotationPresent(Unlimited.class)) { - if (firewall.handleRateLimiting(ctx, - Optional.ofNullable(serv.getClass().getAnnotation(Limited.class)) - .map(Limited::value) - .orElse(Limited.HTTP))) { - return; - } + if (firewall != null + && !serv.getClass().isAnnotationPresent(Unlimited.class) + && firewall.handleRateLimiting(ctx, + Optional.ofNullable(serv.getClass().getAnnotation(Limited.class)) + .map(Limited::value) + .orElse(Limited.HTTP))) { + return; } // ... and check permissions