001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019package org.apache.wiki.attachment; 020 021import org.apache.commons.lang3.StringUtils; 022import org.apache.logging.log4j.LogManager; 023import org.apache.wiki.api.core.Attachment; 024import org.apache.wiki.api.core.Context; 025import org.apache.wiki.api.core.Page; 026import org.apache.wiki.api.exceptions.ProviderException; 027import org.apache.wiki.api.exceptions.WikiException; 028import org.apache.wiki.api.providers.AttachmentProvider; 029import org.apache.wiki.api.providers.WikiProvider; 030 031import java.io.File; 032import java.io.IOException; 033import java.io.InputStream; 034import java.nio.file.Files; 035import java.util.Collection; 036import java.util.List; 037 038 039/** 040 * Provides facilities for handling attachments. All attachment handling goes through this class. 041 * <p> 042 * The AttachmentManager provides a facade towards the current WikiAttachmentProvider that is in use. 043 * It is created by the Engine as a singleton object, and can be requested through the Engine. 044 * 045 * @since 1.9.28 046 */ 047public interface AttachmentManager { 048 049 /** The property name for defining the attachment provider class name. */ 050 String PROP_PROVIDER = "jspwiki.attachment.provider"; 051 052 /** The property name for defining the attachment provider class name. */ 053 @Deprecated String PROP_PROVIDER_DEPRECATED = "jspwiki.attachmentProvider"; 054 055 /** The maximum size of attachments that can be uploaded. */ 056 String PROP_MAXSIZE = "jspwiki.attachment.maxsize"; 057 058 /** A space-separated list of attachment types which can be uploaded */ 059 String PROP_ALLOWEDEXTENSIONS = "jspwiki.attachment.allowed"; 060 061 /** A space-separated list of attachment types which cannot be uploaded */ 062 String PROP_FORBIDDENEXTENSIONS = "jspwiki.attachment.forbidden"; 063 064 /** A space-separated list of attachment types which will never open in the browser. */ 065 String PROP_FORCEDOWNLOAD = "jspwiki.attachment.forceDownload"; 066 067 /** 068 * Returns true, if attachments are enabled and running. 069 * 070 * @return A boolean value indicating whether attachment functionality is enabled. 071 */ 072 boolean attachmentsEnabled(); 073 074 /** 075 * Gets info on a particular attachment, latest version. 076 * 077 * @param name A full attachment name. 078 * @return Attachment, or null, if no such attachment exists. 079 * @throws ProviderException If something goes wrong. 080 */ 081 default Attachment getAttachmentInfo( final String name ) throws ProviderException { 082 return getAttachmentInfo( name, WikiProvider.LATEST_VERSION ); 083 } 084 085 /** 086 * Gets info on a particular attachment with the given version. 087 * 088 * @param name A full attachment name. 089 * @param version A version number. 090 * @return Attachment, or null, if no such attachment or version exists. 091 * @throws ProviderException If something goes wrong. 092 */ 093 094 default Attachment getAttachmentInfo( final String name, final int version ) throws ProviderException { 095 if( name == null ) { 096 return null; 097 } 098 099 return getAttachmentInfo( null, name, version ); 100 } 101 102 /** 103 * Figures out the full attachment name from the context and attachment name. 104 * 105 * @param context The current WikiContext 106 * @param attachmentname The file name of the attachment. 107 * @return Attachment, or null, if no such attachment exists. 108 * @throws ProviderException If something goes wrong. 109 */ 110 default Attachment getAttachmentInfo( final Context context, final String attachmentname ) throws ProviderException { 111 return getAttachmentInfo( context, attachmentname, WikiProvider.LATEST_VERSION ); 112 } 113 114 /** 115 * Figures out the full attachment name from the context and attachment name. 116 * 117 * @param context The current WikiContext 118 * @param attachmentname The file name of the attachment. 119 * @param version A particular version. 120 * @return Attachment, or null, if no such attachment or version exists. 121 * @throws ProviderException If something goes wrong. 122 */ 123 Attachment getAttachmentInfo( Context context, String attachmentname, int version ) throws ProviderException; 124 125 /** 126 * Figures out the full attachment name from the context and attachment name. 127 * 128 * @param context The current WikiContext 129 * @param attachmentname The file name of the attachment. 130 * @return Attachment, or null, if no such attachment exists. 131 */ 132 String getAttachmentInfoName( Context context, String attachmentname ); 133 134 /** 135 * Returns the list of attachments associated with a given wiki page. If there are no attachments, returns an empty Collection. 136 * 137 * @param wikipage The wiki page from which you are seeking attachments for. 138 * @return a valid collection of attachments. 139 * @throws ProviderException If there was something wrong in the backend. 140 */ 141 List< Attachment > listAttachments( Page wikipage ) throws ProviderException; 142 143 /** 144 * Returns true, if the page has any attachments at all. This is a convenience method. 145 * 146 * @param wikipage The wiki page from which you are seeking attachments for. 147 * @return True, if the page has attachments, else false. 148 */ 149 default boolean hasAttachments( final Page wikipage ) { 150 try { 151 return !listAttachments(wikipage).isEmpty(); 152 } catch( final Exception e ) { 153 LogManager.getLogger( AttachmentManager.class ).info( e.getMessage(), e ); 154 } 155 156 return false; 157 } 158 159 /** 160 * Check if attachement link should force a download iso opening the attachment in the browser. 161 * 162 * @param name Name of attachment to be checked 163 * @return true, if the attachment should be downloaded when clicking the link 164 * @since 2.11.0 M4 165 */ 166 boolean forceDownload( String name ); 167 168 /** 169 * Finds a (real) attachment from the repository as an {@link InputStream}. 170 * 171 * @param att Attachment 172 * @return An InputStream to read from. May return null, if attachments are disabled. 173 * @throws IOException If the stream cannot be opened 174 * @throws ProviderException If the backend fails due to some other reason. 175 */ 176 default InputStream getAttachmentStream( final Attachment att ) throws IOException, ProviderException { 177 return getAttachmentStream( null, att ); 178 } 179 180 /** 181 * Returns an attachment stream using the particular WikiContext. This method should be used instead of 182 * {@link #getAttachmentStream(Attachment)}, since it also allows the DynamicAttachments to function. 183 * 184 * @param ctx The Wiki Context 185 * @param att The Attachment to find 186 * @return An InputStream. May return null, if attachments are disabled. You must take care of closing it. 187 * @throws ProviderException If the backend fails due to some reason 188 * @throws IOException If the stream cannot be opened 189 */ 190 InputStream getAttachmentStream( Context ctx, Attachment att ) throws ProviderException, IOException; 191 192 /** 193 * Stores a dynamic attachment. Unlike storeAttachment(), this just stores the attachment in the memory. 194 * 195 * @param ctx A WikiContext 196 * @param att An attachment to store 197 */ 198 void storeDynamicAttachment( Context ctx, DynamicAttachment att ); 199 200 /** 201 * Finds a DynamicAttachment. Normally, you should just use {@link #getAttachmentInfo(String)} , since that will find also 202 * {@link DynamicAttachment}s. 203 * 204 * @param name The name of the attachment to look for 205 * @return An Attachment, or null. 206 * @see #getAttachmentInfo(String) 207 */ 208 DynamicAttachment getDynamicAttachment( String name ); 209 210 /** 211 * Stores an attachment that lives in the given file. If the attachment did not exist previously, this method will create it. 212 * If it did exist, it stores a new version. 213 * 214 * @param att Attachment to store this under. 215 * @param source A file to read from. 216 * 217 * @throws IOException If writing the attachment failed. 218 * @throws ProviderException If something else went wrong. 219 */ 220 default void storeAttachment( final Attachment att, final File source ) throws IOException, ProviderException { 221 try( final InputStream in = Files.newInputStream( source.toPath() ) ) { 222 storeAttachment( att, in ); 223 } 224 } 225 226 /** 227 * Stores an attachment directly from a stream. If the attachment did not exist previously, this method will create it. 228 * If it did exist, it stores a new version. 229 * 230 * @param att Attachment to store this under. 231 * @param in InputStream from which the attachment contents will be read. 232 * @throws IOException If writing the attachment failed. 233 * @throws ProviderException If something else went wrong. 234 */ 235 void storeAttachment( Attachment att, InputStream in ) throws IOException, ProviderException; 236 237 /** 238 * Returns a list of versions of the attachment. 239 * 240 * @param attachmentName A fully qualified name of the attachment. 241 * 242 * @return A list of Attachments. May return null, if attachments are 243 * disabled. 244 * @throws ProviderException If the provider fails for some reason. 245 */ 246 List< Attachment > getVersionHistory( String attachmentName ) throws ProviderException; 247 248 /** 249 * Returns a collection of Attachments, containing each and every attachment that is in this Wiki. 250 * 251 * @return A collection of attachments. If attachments are disabled, will return an empty collection. 252 * @throws ProviderException If something went wrong with the backend 253 */ 254 Collection< Attachment > getAllAttachments() throws ProviderException; 255 256 /** 257 * Returns the current attachment provider. 258 * 259 * @return The current provider. May be null, if attachments are disabled. 260 */ 261 AttachmentProvider getCurrentProvider(); 262 263 /** 264 * Deletes the given attachment version. 265 * 266 * @param att The attachment to delete 267 * @throws ProviderException If something goes wrong with the backend. 268 */ 269 void deleteVersion( Attachment att ) throws ProviderException; 270 271 /** 272 * Deletes all versions of the given attachment. 273 * 274 * @param att The Attachment to delete. 275 * @throws ProviderException if something goes wrong with the backend. 276 */ 277 void deleteAttachment( Attachment att ) throws ProviderException; 278 279 /** 280 * Validates the filename and makes sure it is legal. It trims and splits and replaces bad characters. 281 * 282 * @param filename file name to validate. 283 * @return A validated name with annoying characters replaced. 284 * @throws WikiException If the filename is not legal (e.g. empty) 285 */ 286 static String validateFileName( String filename ) throws WikiException { 287 if( filename == null || filename.trim().isEmpty() ) { 288 LogManager.getLogger( AttachmentManager.class ).error( "Empty file name given." ); 289 290 // the caller should catch the exception and use the exception text as an i18n key 291 throw new WikiException( "attach.empty.file" ); 292 } 293 294 // Some browsers send the full path info with the filename, so we need 295 // to remove it here by simply splitting along slashes and then taking the path. 296 final String[] splitpath = filename.split( "[/\\\\]" ); 297 filename = splitpath[splitpath.length-1]; 298 299 // Should help with IE 5.22 on OSX 300 filename = filename.trim(); 301 302 // If file name ends with .jsp or .jspf, the user is being naughty! 303 if( filename.toLowerCase().endsWith( ".jsp" ) || filename.toLowerCase().endsWith( ".jspf" ) ) { 304 LogManager.getLogger( AttachmentManager.class ) 305 .info( "Attempt to upload a file with a .jsp/.jspf extension. In certain cases this " + 306 "can trigger unwanted security side effects, so we're preventing it." ); 307 308 // the caller should catch the exception and use the exception text as an i18n key 309 throw new WikiException( "attach.unwanted.file" ); 310 } 311 312 // Remove any characters that might be a problem. Most importantly - characters that might stop processing of the URL. 313 return StringUtils.replaceChars( filename, "#?\"'", "____" ); 314 } 315 316}