"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "flow-server/src/main/java/com/vaadin/flow/internal/ResponseWriter.java" between
vaadin-flow-4.0.7.tar.gz and vaadin-flow-4.0.8.tar.gz

About: Vaadin flow is a Java framework binding Vaadin 17 web components to Java.

ResponseWriter.java  (vaadin-flow-4.0.7):ResponseWriter.java  (vaadin-flow-4.0.8)
skipping to change at line 32 skipping to change at line 32
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.Closeable; import java.io.Closeable;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.Serializable; import java.io.Serializable;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
import java.net.URLConnection; import java.net.URLConnection;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Stack;
import java.util.UUID; import java.util.UUID;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import com.vaadin.flow.function.DeploymentConfiguration; import com.vaadin.flow.function.DeploymentConfiguration;
import static com.vaadin.flow.server.Constants.VAADIN_BUILD_FILES_PATH; import static com.vaadin.flow.server.Constants.VAADIN_BUILD_FILES_PATH;
/** /**
* The class that handles writing the response data into the response. * The class that handles writing the response data into the response.
* *
* @author Vaadin Ltd * @author Vaadin Ltd
* @since 1.0. * @since 1.0.
*/ */
public class ResponseWriter implements Serializable { public class ResponseWriter implements Serializable {
private static final int DEFAULT_BUFFER_SIZE = 32 * 1024; private static final int DEFAULT_BUFFER_SIZE = 32 * 1024;
private static final Pattern RANGE_HEADER_PATTERN = Pattern.compile("^bytes= private static final Pattern RANGE_HEADER_PATTERN = Pattern.compile(
(([0-9]*-[0-9]*,?\\s*)+)$"); "^bytes=((\\d*-\\d*\\s*,\\s*)*\\d*-\\d*\\s*)$");
private static final Pattern BYTE_RANGE_PATTERN = Pattern.compile("([0-9]*)- private static final Pattern BYTE_RANGE_PATTERN = Pattern.compile(
([0-9]*)"); "(\\d*)-(\\d*)");
/**
* Maximum number of ranges accepted in a single Range header. Remaining ran
ges will be ignored.
*/
private static final int MAX_RANGE_COUNT = 16;
/**
* Maximum number of overlapping ranges allowed. The request will be denied
if above this threshold.
*/
private static final int MAX_OVERLAPPING_RANGE_COUNT = 2;
private final int bufferSize; private final int bufferSize;
private final boolean brotliEnabled; private final boolean brotliEnabled;
/** /**
* Create a response writer with the given deployment configuration. * Create a response writer with the given deployment configuration.
* *
* @param deploymentConfiguration * @param deploymentConfiguration
* the deployment configuration to use, not <code>null</code> * the deployment configuration to use, not <code>null</code>
*/ */
skipping to change at line 199 skipping to change at line 211
if (!headerMatcher.matches()) { if (!headerMatcher.matches()) {
response.setContentLengthLong(0L); response.setContentLengthLong(0L);
response.setStatus(416); // Range Not Satisfiable response.setStatus(416); // Range Not Satisfiable
return; return;
} }
String byteRanges = headerMatcher.group(1); String byteRanges = headerMatcher.group(1);
long resourceLength = connection.getContentLengthLong(); long resourceLength = connection.getContentLengthLong();
Matcher rangeMatcher = BYTE_RANGE_PATTERN.matcher(byteRanges); Matcher rangeMatcher = BYTE_RANGE_PATTERN.matcher(byteRanges);
List<Pair<Long, Long>> ranges = new ArrayList<>(); Stack<Pair<Long, Long>> ranges = new Stack<>();
while (rangeMatcher.find()) { while (rangeMatcher.find() && ranges.size() < MAX_RANGE_COUNT) {
String startGroup = rangeMatcher.group(1); String startGroup = rangeMatcher.group(1);
String endGroup = rangeMatcher.group(2); String endGroup = rangeMatcher.group(2);
if (startGroup.isEmpty() && endGroup.isEmpty()) { if (startGroup.isEmpty() && endGroup.isEmpty()) {
response.setContentLengthLong(0L); response.setContentLengthLong(0L);
response.setStatus(416); // Range Not Satisfiable response.setStatus(416); // Range Not Satisfiable
getLogger().info("received a malformed range: '{}'", rangeMatche r.group());
return; return;
} }
long start = startGroup.isEmpty() ? 0L : Long.parseLong(startGroup); long start = startGroup.isEmpty() ? 0L : Long.parseLong(startGroup);
long end = endGroup.isEmpty() ? Long.MAX_VALUE long end = endGroup.isEmpty() ? Long.MAX_VALUE
: Long.parseLong(endGroup); : Long.parseLong(endGroup);
if (end < start if (end < start
|| (resourceLength >= 0 && start >= resourceLength)) { || (resourceLength >= 0 && start >= resourceLength)) {
// illegal range -> 416 // illegal range -> 416
getLogger().info("received an illegal range '{}' for resource '{
}'",
rangeMatcher.group(), resourceURL);
response.setContentLengthLong(0L); response.setContentLengthLong(0L);
response.setStatus(416); response.setStatus(416);
return; return;
} }
ranges.add(new Pair<>(start, end)); ranges.push(new Pair<>(start, end));
if (!verifyRangeLimits(ranges)) {
ranges.pop();
getLogger().info("serving only {} ranges for resource '{}' even
though more were requested",
ranges.size(), resourceURL);
break;
}
} }
response.setStatus(206); response.setStatus(206);
if (ranges.size() == 1) { if (ranges.size() == 1) {
ServletOutputStream outputStream = response.getOutputStream(); ServletOutputStream outputStream = response.getOutputStream();
// single range: calculate Content-Length // single range: calculate Content-Length
long start = ranges.get(0).getFirst(); long start = ranges.get(0).getFirst();
long end = ranges.get(0).getSecond(); long end = ranges.get(0).getSecond();
skipping to change at line 317 skipping to change at line 339
private void setContentLength(HttpServletResponse response, private void setContentLength(HttpServletResponse response,
long contentLength) { long contentLength) {
try { try {
response.setContentLengthLong(contentLength); response.setContentLengthLong(contentLength);
} catch (Exception e) { } catch (Exception e) {
getLogger().debug("Error setting the content length", e); getLogger().debug("Error setting the content length", e);
} }
} }
/**
* Returns true if the number of ranges in <code>ranges</code> is less than
the
* upper limit and the number that overlap (= have at least one byte in comm
on)
* with the range <code>[start, end]</code> are less than the upper limit.
*/
private boolean verifyRangeLimits(List<Pair<Long, Long>> ranges) {
if (ranges.size() > MAX_RANGE_COUNT) {
getLogger().info("more than {} ranges requested", MAX_RANGE_COUNT);
return false;
}
int count = 0;
for (int i = 0; i < ranges.size(); i++) {
for (int j = i + 1; j < ranges.size(); j++) {
if (ranges.get(i).getFirst() <= ranges.get(j).getSecond()
&& ranges.get(j).getFirst() <= ranges.get(i).getSecond()
) {
count++;
}
}
}
if (count > MAX_OVERLAPPING_RANGE_COUNT) {
getLogger().info("more than {} overlapping ranges requested", MAX_OV
ERLAPPING_RANGE_COUNT);
return false;
}
return true;
}
private URL getResource(HttpServletRequest request, String resource) private URL getResource(HttpServletRequest request, String resource)
throws MalformedURLException { throws MalformedURLException {
URL url = request.getServletContext().getResource(resource); URL url = request.getServletContext().getResource(resource);
if (url != null) { if (url != null) {
return url; return url;
} else if (resource.startsWith("/" + VAADIN_BUILD_FILES_PATH) } else if (resource.startsWith("/" + VAADIN_BUILD_FILES_PATH)
&& isAllowedVAADINBuildUrl(resource)) { && isAllowedVAADINBuildUrl(resource)) {
url = request.getServletContext().getClassLoader() url = request.getServletContext().getClassLoader()
.getResource("META-INF" + resource); .getResource("META-INF" + resource);
} }
 End of changes. 8 change blocks. 
8 lines changed or deleted 62 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)