implement external-libraries API

(cherry picked from commit 99b526b)

Author: eng-dedalus

knowage-api/src/main/java/it/eng/knowage/resourcemanager/resource/ExternalLibrariesResource.java

@@ -0,0 +1,90 @@
+/*
+ * Knowage, Open Source Business Intelligence suite
+ * Copyright (C) 2021 Engineering Ingegneria Informatica S.p.A.
+ *
+ * Knowage is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Knowage is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package it.eng.knowage.resourcemanager.resource;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+
+import javax.activation.MimetypesFileTypeMap;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import it.eng.knowage.boot.context.BusinessRequestContext;
+import it.eng.knowage.boot.error.KnowageBusinessException;
+import it.eng.knowage.boot.error.KnowageRuntimeException;
+import it.eng.knowage.knowageapi.utils.PathTraversalChecker;
+import it.eng.knowage.resourcemanager.service.ResourceManagerAPI;
+import it.eng.spagobi.services.security.SpagoBIUserProfile;
+
+@Path("/2.0/resources/external-libraries")
+@Component
+public class ExternalLibrariesResource {
+
+	@Autowired
+	ResourceManagerAPI resourceManagerAPIservice;
+
+	@Autowired
+	BusinessRequestContext businessContext;
+
+	@GET
+	@Produces(MediaType.APPLICATION_OCTET_STREAM)
+	public Response downloadExternalLibrary(@QueryParam("libraryName") String libraryName) throws KnowageBusinessException {
+		if (libraryName == null || libraryName.trim().isEmpty()) {
+			return Response.status(Response.Status.BAD_REQUEST).entity("Missing libraryName").build();
+		}
+
+		String requestedLibraryName = libraryName.trim();
+		try {
+			PathTraversalChecker.isValidFileName(requestedLibraryName);
+		} catch (KnowageRuntimeException e) {
+			return Response.status(Response.Status.BAD_REQUEST).entity("Invalid libraryName").build();
+		}
+
+		SpagoBIUserProfile profile = businessContext.getUserProfile();
+		try {
+			java.nio.file.Path externalLibraryPath = resourceManagerAPIservice.getExternalLibraryPath(requestedLibraryName, profile);
+			File externalLibrary = externalLibraryPath.toFile();
+			String mimeType = Files.probeContentType(externalLibraryPath);
+			if (mimeType == null || mimeType.trim().isEmpty()) {
+				mimeType = new MimetypesFileTypeMap().getContentType(externalLibrary.getName());
+			}
+			if (mimeType == null || mimeType.trim().isEmpty()) {
+				mimeType = MediaType.APPLICATION_OCTET_STREAM;
+			}
+
+			return Response.ok(externalLibrary, mimeType)
+					.header("Content-length", String.valueOf(Files.size(externalLibraryPath)))
+					.header("Content-Disposition", String.format("attachment; filename=\"%s\"", externalLibrary.getName()))
+					.build();
+		} catch (KnowageBusinessException e) {
+			throw new KnowageBusinessException(e, businessContext.getLocale());
+		} catch (IOException e) {
+			throw new KnowageRuntimeException("Error calculating file size for " + requestedLibraryName, e);
+		} catch (Exception e) {
+			throw new KnowageRuntimeException(e);
+		}
+	}
+}

knowage-api/src/main/java/it/eng/knowage/resourcemanager/service/ResourceManagerAPI.java

@@ -49,6 +49,8 @@ public interface ResourceManagerAPI {
 
 	java.nio.file.Path getDownloadFilePath(List<String> path, SpagoBIUserProfile profile, boolean multi) throws ImpossibleToDownloadFileException;
 
+	Path getExternalLibraryPath(String libraryName, SpagoBIUserProfile profile) throws ImpossibleToReadFilesListException;
+
 	boolean canSee(Path path, SpagoBIUserProfile profile) throws IOException;
 
 	void importFile(InputStream archiveInputStream, String path, SpagoBIUserProfile profile)

knowage-api/src/main/java/it/eng/knowage/resourcemanager/service/impl/ResourceManagerAPIImpl.java

@@ -62,6 +62,7 @@
 import it.eng.knowage.knowageapi.error.ImpossibleToReadMetadataException;
 import it.eng.knowage.knowageapi.error.ImpossibleToSaveMetadataException;
 import it.eng.knowage.knowageapi.error.ImpossibleToUploadFileException;
+import it.eng.knowage.knowageapi.utils.PathTraversalChecker;
 import it.eng.knowage.resourcemanager.resource.dto.FileDTO;
 import it.eng.knowage.resourcemanager.resource.dto.FolderDTO;
 import it.eng.knowage.resourcemanager.resource.dto.MetadataDTO;
@@ -78,7 +79,8 @@ public class ResourceManagerAPIImpl implements ResourceManagerAPI {
 	private static final String METADATA_JSON = "metadata.json";
 	private static final String MODELS = "models";
 	private static final Logger LOGGER = Logger.getLogger(ResourceManagerAPIImpl.class);
-    private static final String DOCS_FOLDER = "docs";
+	private static final String DOCS_FOLDER = "docs";
+	private static final String EXTERNAL_LIBRARIES_FOLDER = "external-libraries";
 	private static Map<String, List<String>> foldersForDevs = new HashMap<>();
 	private final Map<String, HashMap<String, Object>> cachedNodesInfo = new HashMap<>();
 
@@ -345,6 +347,46 @@ public Path getDownloadFilePath(List<String> path, SpagoBIUserProfile profile, b
 		return pathToReturn;
 	}
 
+	@Override
+	public Path getExternalLibraryPath(String libraryName, SpagoBIUserProfile profile)
+			throws ImpossibleToReadFilesListException {
+		try {
+			PathTraversalChecker.isValidFileName(libraryName);
+
+			Path workDirectory = getWorkDirectory(profile).normalize();
+			Path externalLibrariesDirectory = workDirectory.resolve(EXTERNAL_LIBRARIES_FOLDER).normalize();
+			if (!Files.isDirectory(externalLibrariesDirectory)) {
+				throw new ImpossibleToReadFilesListException("External libraries folder not found");
+			}
+
+			Path realWorkDirectory = workDirectory.toRealPath();
+			Path realExternalLibrariesDirectory = externalLibrariesDirectory.toRealPath();
+			if (!realExternalLibrariesDirectory.startsWith(realWorkDirectory)) {
+				throw new ImpossibleToReadFilesListException("Invalid external libraries folder");
+			}
+			Path candidatePath = realExternalLibrariesDirectory.resolve(libraryName).normalize();
+			if (!candidatePath.startsWith(realExternalLibrariesDirectory)) {
+				throw new ImpossibleToReadFilesListException("Invalid library name");
+			}
+			if (!Files.exists(candidatePath) || !Files.isRegularFile(candidatePath)) {
+				throw new ImpossibleToReadFilesListException("External library not found: " + libraryName);
+			}
+
+			Path realCandidatePath = candidatePath.toRealPath();
+			if (!realCandidatePath.startsWith(realExternalLibrariesDirectory)) {
+				throw new ImpossibleToReadFilesListException("Invalid library name");
+			}
+
+			return realCandidatePath;
+		} catch (ImpossibleToReadFilesListException e) {
+			throw e;
+		} catch (KnowageRuntimeException e) {
+			throw new ImpossibleToReadFilesListException("Invalid library name", e);
+		} catch (IOException e) {
+			throw new ImpossibleToReadFilesListException("Error while resolving external library " + libraryName, e);
+		}
+	}
+
 	public Path getFullRootByPath(String path, SpagoBIUserProfile profile) throws IOException {
 		String separator = File.separator.equals("\\") ? "\\\\" : File.separator;
 		String rootElement = path.split(separator)[0];