FileFighter · open-schnick · Apr 2, 2021 · Apr 3, 2021 · Apr 4, 2021
diff --git a/.run/RestApplication-debug.run.xml b/.run/RestApplication-debug.run.xml
@@ -0,0 +1,13 @@
+<component name="ProjectRunConfigurationManager">
+    <configuration default="false" name="RestApplication[DEBUG]" type="SpringBootApplicationConfigurationType"
+                   factoryName="Spring Boot">
+        <module name="RestApi"/>
+        <option name="SPRING_BOOT_MAIN_CLASS" value="de.filefighter.rest.RestApplication"/>
+        <option name="ACTIVE_PROFILES" value="debug"/>
+        <option name="ALTERNATIVE_JRE_PATH"/>
+        <method v="2">
+            <option name="Maven.BeforeRunTask" enabled="true" file="$PROJECT_DIR$/pom.xml" goal="clean compile"/>
+            <option name="Make" enabled="true"/>
+        </method>
+    </configuration>
+</component>
diff --git a/src/main/java/de/filefighter/rest/configuration/CorsConfig.java b/src/main/java/de/filefighter/rest/configuration/CorsConfig.java
@@ -25,7 +25,7 @@ public CorsConfig() {
     }
 
     @Bean
-    @Profile({"dev","stage"})
+    @Profile({"dev", "stage", "debug"})
     public CorsFilter corsFilterDev() {
         final CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
         ArrayList<String> allowedOrigins = new ArrayList<>();
@@ -39,7 +39,7 @@ public CorsFilter corsFilterDev() {
     }
 
     @Bean
-    @Profile({"prod","test"})
+    @Profile({"prod"})
     public CorsFilter corsFilterProd() {
         final CorsConfiguration config = new CorsConfiguration();
         config.setAllowedMethods(allowedMethods);

diff --git a/src/main/java/de/filefighter/rest/configuration/PrepareDataBase.java b/src/main/java/de/filefighter/rest/configuration/PrepareDataBase.java
@@ -45,7 +45,7 @@ public class PrepareDataBase {
     String date;
 
     @Bean
-    @Profile({"dev", "prod, stage"})
+    @Profile({"dev", "prod, stage", "debug"})
     @Autowired
     CommandLineRunner veryImportantFileFighterStartScript(Environment environment) {
         return args -> {
@@ -70,12 +70,6 @@ CommandLineRunner veryImportantFileFighterStartScript(Environment environment) {
             System.out.println();
             System.out.println("-------------------------------< REST API >-------------------------------");
             System.out.println();
-
-            /*
-            System.out.println("╭---╮")
-            System.out.println("|   |")
-            System.out.println("╰---╯")
-            */
         };
     }
 
@@ -91,26 +85,28 @@ CommandLineRunner initDataBaseProd(UserRepository userRepository, FileSystemRepo
                 addDefaultAdminAndRuntimeUser(userRepository);
                 log.info("Inserting Home directories and default structure: {} {}.", fileSystemRepository.save(FileSystemEntity
                                 .builder()
-                                .createdByUserId(RUNTIME_USER_ID)
+                                .lastUpdatedBy(RUNTIME_USER_ID)
+                                .lastUpdated(Instant.now().getEpochSecond())
+                                .ownerId(1)
                                 .fileSystemId(0)
                                 .isFile(false)
                                 .path("/")
                                 .itemIds(new long[0])
-                                .lastUpdated(Instant.now().getEpochSecond())
-                                .name("HOME_Admin")
+                                .name("HOME_1")
                                 .size(420)
                                 .typeId(FOLDER.getId())
                                 .visibleForGroupIds(new long[]{UNDEFINED.getGroupId(), FAMILY.getGroupId(), ADMIN.getGroupId()})
                                 .itemIds(new long[]{1})
                                 .build()),
                         fileSystemRepository.save(FileSystemEntity.builder()
-                                .createdByUserId(1)
-                                .fileSystemId(1)
-                                .isFile(true)
+                                .lastUpdatedBy(RUNTIME_USER_ID)
                                 .lastUpdated(Instant.now().getEpochSecond())
+                                .ownerId(1).fileSystemId(1)
+                                .isFile(true)
                                 .name("dummyFile.txt")
                                 .size(420)
                                 .typeId(TEXT.getId())
+                                .mimeType("text/plain")
                                 .editableFoGroupIds(new long[]{FAMILY.getGroupId()})
                                 .visibleForGroupIds(new long[]{FAMILY.getGroupId()})
                                 .build()));
@@ -136,7 +132,7 @@ CommandLineRunner initDataBaseProd(UserRepository userRepository, FileSystemRepo
     }
 
     @Bean
-    @Profile("dev")
+    @Profile({"dev", "debug"})
     CommandLineRunner initDataBaseDev(UserRepository userRepository, AccessTokenRepository accessTokenRepository, FileSystemRepository fileSystemRepository) {
         return args -> {
             log.info("Starting with clean user collection.");
@@ -268,71 +264,84 @@ private void addDefaultAdminAndRuntimeUser(UserRepository userRepository) {
     private void addTestingFileSystemItems(FileSystemRepository fileSystemRepository) {
         log.info("Inserting default fsItems:\n {}\n {}\n {}\n {}\n {}\n {}.",
                 fileSystemRepository.save(FileSystemEntity.builder()
-                        .createdByUserId(RUNTIME_USER_ID)
+                        .lastUpdatedBy(RUNTIME_USER_ID)
+                        .ownerId(1)
+                        .lastUpdated(Instant.now().getEpochSecond())
                         .fileSystemId(0)
                         .isFile(false)
                         .path("/")
-                        .itemIds(new long[]{2, 3})
-                        .lastUpdated(Instant.now().getEpochSecond())
-                        .name("HOME_User")
+                        .name("HOME_1")
                         .size(4866)
                         .typeId(FOLDER.getId())
+                        .itemIds(new long[]{2, 3})
                         .visibleForGroupIds(new long[]{FAMILY.getGroupId(), ADMIN.getGroupId()})
+                        .visibleForUserIds(new long[]{0})
+                        .editableForUserIds(new long[]{0})
                         .build()),
                 fileSystemRepository.save(FileSystemEntity.builder()
-                        .createdByUserId(RUNTIME_USER_ID)
+                        .lastUpdatedBy(RUNTIME_USER_ID)
+                        .lastUpdated(Instant.now().getEpochSecond())
+                        .ownerId(2)
                         .fileSystemId(1)
                         .isFile(false)
                         .path("/")
-                        .lastUpdated(Instant.now().getEpochSecond())
-                        .name("HOME_User1")
+                        .name("HOME_2")
                         .size(0)
                         .typeId(FOLDER.getId())
                         .visibleForGroupIds(new long[]{UNDEFINED.getGroupId(), FAMILY.getGroupId(), ADMIN.getGroupId()})
+                        .visibleForUserIds(new long[]{1})
+                        .editableForUserIds(new long[]{1})
                         .build()),
                 fileSystemRepository.save(FileSystemEntity.builder()
-                        .createdByUserId(1)
+                        .lastUpdatedBy(1)
+                        .lastUpdated(Instant.now().getEpochSecond())
+                        .ownerId(1)
                         .fileSystemId(2)
                         .isFile(true)
-                        .lastUpdated(Instant.now().getEpochSecond())
                         .name("dummyFile.txt")
                         .size(420)
                         .typeId(TEXT.getId())
+                        .mimeType("text/plain")
                         .editableFoGroupIds(new long[]{FAMILY.getGroupId()})
                         .visibleForGroupIds(new long[]{FAMILY.getGroupId()})
                         .build()),
                 fileSystemRepository.save(FileSystemEntity.builder()
-                        .createdByUserId(1)
+                        .lastUpdatedBy(1)
+                        .lastUpdated(Instant.now().getEpochSecond())
+                        .ownerId(1)
                         .fileSystemId(3)
                         .isFile(false)
                         .path("/somefolder")
                         .name("SomeFolder")
-                        .lastUpdated(Instant.now().getEpochSecond())
                         .size(4446)
                         .typeId(FOLDER.getId())
                         .editableFoGroupIds(new long[]{FAMILY.getGroupId()})
                         .visibleForGroupIds(new long[]{FAMILY.getGroupId()})
                         .itemIds(new long[]{4, 5})
                         .build()),
                 fileSystemRepository.save(FileSystemEntity.builder()
-                        .createdByUserId(1)
+                        .lastUpdatedBy(1)
+                        .lastUpdated(Instant.now().getEpochSecond())
+                        .ownerId(1)
                         .fileSystemId(4)
                         .isFile(true)
-                        .lastUpdated(Instant.now().getEpochSecond())
                         .name("secretFileInSomeFolder.txt")
                         .size(3214)
                         .typeId(TEXT.getId())
+                        .mimeType("text/plain")
                         .editableFoGroupIds(new long[]{FAMILY.getGroupId()})
                         .visibleForGroupIds(new long[]{FAMILY.getGroupId()})
                         .build()),
                 fileSystemRepository.save(FileSystemEntity.builder()
-                        .createdByUserId(1)
+                        .lastUpdatedBy(1)
+                        .lastUpdated(Instant.now().getEpochSecond())
+                        .ownerId(1)
                         .fileSystemId(5)
                         .isFile(true)
-                        .lastUpdated(Instant.now().getEpochSecond())
                         .name("definitelyNotPorn.mp4")
                         .size(1232)
                         .typeId(VIDEO.getId())
+                        .mimeType("video/mp4")
                         .editableFoGroupIds(new long[]{FAMILY.getGroupId()})
                         .visibleForGroupIds(new long[]{FAMILY.getGroupId()})
                         .build())

diff --git a/src/main/java/de/filefighter/rest/domain/authentication/AuthenticationBusinessService.java b/src/main/java/de/filefighter/rest/domain/authentication/AuthenticationBusinessService.java
@@ -1,6 +1,6 @@
 package de.filefighter.rest.domain.authentication;
 
-import de.filefighter.rest.domain.common.exceptions.InputSanitizerService;
+import de.filefighter.rest.domain.common.InputSanitizerService;
 import de.filefighter.rest.domain.common.exceptions.RequestDidntMeetFormalRequirementsException;
 import de.filefighter.rest.domain.token.data.dto.AccessToken;
 import de.filefighter.rest.domain.user.business.UserDTOService;
@@ -21,10 +21,12 @@ public class AuthenticationBusinessService {
 
     private final UserRepository userRepository;
     private final UserDTOService userDtoService;
+    private final InputSanitizerService inputSanitizerService;
 
-    public AuthenticationBusinessService(UserRepository userRepository, UserDTOService userDtoService) {
+    public AuthenticationBusinessService(UserRepository userRepository, UserDTOService userDtoService, InputSanitizerService inputSanitizerService) {
         this.userRepository = userRepository;
         this.userDtoService = userDtoService;
+        this.inputSanitizerService = inputSanitizerService;
     }
 
     public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndPassword) {
@@ -42,8 +44,8 @@ public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndP
         if (split.length != 2)
             throw new RequestDidntMeetFormalRequirementsException("Credentials didnt meet formal requirements.");
 
-        String lowerCaseUsername = InputSanitizerService.sanitizeString(split[0].toLowerCase());
-        String password = InputSanitizerService.sanitizeString(split[1]);
+        String lowerCaseUsername = inputSanitizerService.sanitizeString(split[0].toLowerCase());
+        String password = inputSanitizerService.sanitizeString(split[1]);
 
         UserEntity userEntity = userRepository.findByLowercaseUsernameAndPassword(lowerCaseUsername, password);
         if (null == userEntity)

diff --git a/src/main/java/de/filefighter/rest/domain/authentication/AuthenticationService.java b/src/main/java/de/filefighter/rest/domain/authentication/AuthenticationService.java
@@ -1,6 +1,6 @@
 package de.filefighter.rest.domain.authentication;
 
-import de.filefighter.rest.domain.common.exceptions.InputSanitizerService;
+import de.filefighter.rest.domain.common.InputSanitizerService;
 import de.filefighter.rest.domain.token.business.AccessTokenBusinessService;
 import de.filefighter.rest.domain.token.data.dto.AccessToken;
 import de.filefighter.rest.domain.user.data.dto.User;

diff --git a/...mon/exceptions/InputSanitizerService.java → .../domain/common/InputSanitizerService.java b/...mon/exceptions/InputSanitizerService.java → .../domain/common/InputSanitizerService.java
@@ -1,7 +1,11 @@
-package de.filefighter.rest.domain.common.exceptions;
+package de.filefighter.rest.domain.common;
 
+import de.filefighter.rest.domain.common.exceptions.RequestDidntMeetFormalRequirementsException;
 import org.springframework.stereotype.Service;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 @Service
 public class InputSanitizerService {
 
@@ -10,18 +14,25 @@ public static boolean stringIsValid(String s) {
     }
 
     /**
-     *
      * Sanitizes a String, so it can be used.
+     *
      * @param string String that needs to be sanitized.
      * @return string without whitespaces and without illegal characters.
      * @throws RequestDidntMeetFormalRequirementsException when string was empty.
      */
-    public static String sanitizeString(String string) {
-        if(!InputSanitizerService.stringIsValid(string))
+    public String sanitizeString(String string) {
+        if (!InputSanitizerService.stringIsValid(string))
             throw new RequestDidntMeetFormalRequirementsException("String was empty.");
         return string.replaceAll("\\s", "");
     }
 
+    public String sanitizePath(String path) {
+        if (!pathIsValid(path))
+            throw new RequestDidntMeetFormalRequirementsException("Path was not valid.");
+
+        return sanitizeString(path);
+    }
+
     public String sanitizeRequestHeader(String header, String testString) {
         if (!(stringIsValid(testString) && stringIsValid(header)))
             throw new RequestDidntMeetFormalRequirementsException("Header does not contain a valid String.");
@@ -32,7 +43,18 @@ public String sanitizeRequestHeader(String header, String testString) {
         return split[1];
     }
 
-    public String sanitizeTokenValue(String tokenValue){
-        return InputSanitizerService.sanitizeString(tokenValue);
+    public boolean pathIsValid(String path) {
+        String validString = sanitizeString(path);
+
+        Pattern pattern = Pattern.compile("[~#@*+:!?&%<>|\"^\\\\]");
+        Matcher matcher = pattern.matcher(validString);
+
+        boolean stringContainsDoubleSlash = validString.contains("//");
+
+        return !(matcher.find() || stringContainsDoubleSlash);
+    }
+
+    public String sanitizeTokenValue(String tokenValue) {
+        return this.sanitizeString(tokenValue);
     }
 }