octoleo
/
plantuml-server
mirror of https://github.com/octoleo/plantuml-server.git
1
0
Fork 0
Code Issues Releases Wiki Activity
plantuml-server/src/main/java/net/sourceforge/plantuml/servlet/ProxyServlet.java

196 lines
6.8 KiB
Java
Raw Blame History

/* ========================================================================
* PlantUML : a free UML diagram generator
* ========================================================================
*
* Project Info: https://plantuml.com
*
* This file is part of PlantUML.
*
* PlantUML is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* PlantUML distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA.
*/
package net.sourceforge.plantuml.servlet;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.stream.Collectors;
import javax.imageio.IIOException;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import net.sourceforge.plantuml.BlockUml;
import net.sourceforge.plantuml.FileFormat;
import net.sourceforge.plantuml.OptionFlags;
import net.sourceforge.plantuml.SourceStringReader;
import net.sourceforge.plantuml.core.Diagram;
import net.sourceforge.plantuml.core.UmlSource;
/**
* Proxy servlet of the webapp.
* This servlet retrieves the diagram source of a web resource (web html page)
* and renders it.
*/
@SuppressWarnings("SERIAL")
public class ProxyServlet extends HttpServlet {
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
public static boolean forbiddenURL(String full) {
if (full == null) {
return true;
}
if (full.startsWith("https://") == false && full.startsWith("http://") == false) {
return true;
}
if (full.matches("^https?://[-#.0-9:\\[\\]+]+/.*")) {
return true;
}
if (full.matches("^https?://[^.]+/.*")) {
return true;
}
if (full.matches("^https?://[^.]+$")) {
return true;
}
return false;
}
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
final String fmt = request.getParameter("fmt");
final String source = request.getParameter("src");
final String index = request.getParameter("idx");
// Check if the src URL is valid
final URL srcUrl;
try {
srcUrl = new URL(source);
} catch (MalformedURLException mue) {
mue.printStackTrace();
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "URL malformed.");
return;
}
// Check if URL is in a forbidden format (e.g. IP-Address)
if (forbiddenURL(source)) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Forbidden URL format.");
return;
}
// generate the response
String diagmarkup = getSource(srcUrl);
SourceStringReader reader = new SourceStringReader(diagmarkup);
int n = index == null ? 0 : Integer.parseInt(index);
List<BlockUml> blocks = reader.getBlocks();
BlockUml block = blocks.get(n);
Diagram diagram = block.getDiagram();
UmlSource umlSrc = diagram.getSource();
String uml = umlSrc.getPlainString("\n");
// generate the response
DiagramResponse dr = new DiagramResponse(response, getOutputFormat(fmt), request);
try {
// special handling for the MAP since it's not using "#sendDiagram()" like the other types
if ("map".equals(fmt)) {
dr.sendMap(uml, 0);
} else {
dr.sendDiagram(uml, 0);
}
} catch (IIOException e) {
// Browser has closed the connection, so the HTTP OutputStream is closed
// Silently catch the exception to avoid annoying log
}
}
/**
* Get textual uml diagram source from URL.
*
* @param url source URL
*
* @return textual uml diagram source
*
* @throws IOException if an input or output exception occurred
*/
private String getSource(final URL url) throws IOException {
HttpURLConnection conn = getConnection(url);
try (BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()))) {
return br.lines().collect(Collectors.joining("\n"));
}
}
/**
* Get {@link FileFormat} instance from string.
*
* @param format file format name
*
* @return corresponding file format instance,
* if {@code format} is null or unknown the default {@link FileFormat#PNG} will be returned
*/
private FileFormat getOutputFormat(String format) {
if (format == null) {
return FileFormat.PNG;
}
switch (format.toLowerCase()) {
case "png": return FileFormat.PNG;
case "svg": return FileFormat.SVG;
case "eps": return FileFormat.EPS;
case "epstext": return FileFormat.EPS_TEXT;
case "txt": return FileFormat.UTXT;
case "map": return FileFormat.UTXT;
case "pdf": return FileFormat.PDF;
default: return FileFormat.PNG;
}
}
/**
* Get open http connection from URL.
*
* @param url URL to open connection
*
* @return open http connection
*
* @throws IOException if an input or output exception occurred
*/
private HttpURLConnection getConnection(final URL url) throws IOException {
final HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
String token = System.getenv("HTTP_AUTHORIZATION");
if (token != null) {
conn.setRequestProperty("Authorization", token);
}
final String timeoutString = System.getenv("HTTP_PROXY_READ_TIMEOUT");
int timeout = 10000; // 10 seconds as default
if (timeoutString != null && timeoutString.matches("^\\d+$")) {
timeout = Integer.parseInt(timeoutString);
}
conn.setReadTimeout(timeout);
conn.connect();
return conn;
}
}
View Git Blame Copy Permalink