stepus53/dhfs
1
0
Fork 0
mirror of https://github.com/usatiuk/dhfs.git synced 2025-10-28 20:47:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Server: fix for non-absolute WebUi paths

Browse Source
This commit is contained in:
Stepan Usatiuk
2025-03-16 00:11:52 +01:00
parent 842bd49246
commit 8499e20823
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dhfs-parent/server/src/main/java/com/usatiuk/dhfs/webui/WebUiRouter.java
View File

@@ -15,11 +15,14 @@ import java.util.Optional;
@ApplicationScoped
public class WebUiRouter {
@ConfigProperty(name = "dhfs.webui.root")
Optional<String> root;
private final Optional<String> _root;
public WebUiRouter(@ConfigProperty(name = "dhfs.webui.root") Optional<String> root) {
_root = root.map(s -> Path.of(s).normalize().toString());
}
void installRoute(@Observes StartupEvent startupEvent, Router router) {
root.ifPresent(r -> {
_root.ifPresent(r -> {
router.route().path("/").handler(ctx -> ctx.redirect("/webui"));
router.route()
.path("/webui/*")
@@ -28,7 +31,7 @@ public class WebUiRouter {
}
public void handle(RoutingContext event) {
var indexHtml = Paths.get(root.orElseThrow(() -> new IllegalStateException("Web ui root not set but handler called")), "index.html").toString();
var indexHtml = Paths.get(_root.orElseThrow(() -> new IllegalStateException("Web ui root not set but handler called")), "index.html").toString();
HttpServerRequest request = event.request();
String requestedPath = Path.of(event.currentRoute().getPath()).relativize(Path.of(event.normalizedPath())).toString();
@@ -38,8 +41,8 @@ public class WebUiRouter {
return;
}
Path requested = Paths.get(root.get(), requestedPath);
if (!requested.normalize().startsWith(Paths.get(root.get()))) {
Path requested = Paths.get(_root.get(), requestedPath);
if (!requested.normalize().startsWith(Paths.get(_root.get()))) {
request.response().setStatusCode(404).end();
return;
}