Tue, 11 May 2021 16:00:28 +0200
fixes #137 - leaking prepared statements
184 | 1 | /* |
2 | * Copyright 2021 Mike Becker. All rights reserved. | |
3 | * | |
4 | * Redistribution and use in source and binary forms, with or without | |
5 | * modification, are permitted provided that the following conditions are met: | |
6 | * | |
7 | * 1. Redistributions of source code must retain the above copyright | |
8 | * notice, this list of conditions and the following disclaimer. | |
9 | * | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | |
13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
17 | * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
20 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
21 | * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
22 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
23 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | |
25 | ||
26 | package de.uapcore.lightpit.servlet | |
27 | ||
28 | import de.uapcore.lightpit.AbstractServlet | |
29 | import de.uapcore.lightpit.HttpRequest | |
30 | import de.uapcore.lightpit.dao.DataAccessObject | |
31 | import de.uapcore.lightpit.entities.* | |
32 | import de.uapcore.lightpit.types.IssueCategory | |
33 | import de.uapcore.lightpit.types.IssueStatus | |
34 | import de.uapcore.lightpit.types.VersionStatus | |
35 | import de.uapcore.lightpit.types.WebColor | |
36 | import de.uapcore.lightpit.util.AllFilter | |
37 | import de.uapcore.lightpit.util.IssueFilter | |
38 | import de.uapcore.lightpit.util.SpecificFilter | |
39 | import de.uapcore.lightpit.viewmodel.* | |
40 | import java.sql.Date | |
41 | import javax.servlet.annotation.WebServlet | |
42 | ||
43 | @WebServlet(urlPatterns = ["/projects/*"]) | |
44 | class ProjectServlet : AbstractServlet() { | |
45 | ||
46 | init { | |
47 | get("/", this::projects) | |
48 | get("/%project", this::project) | |
49 | get("/%project/issues/%version/%component/", this::project) | |
50 | get("/%project/edit", this::projectForm) | |
51 | get("/-/create", this::projectForm) | |
52 | post("/-/commit", this::projectCommit) | |
53 | ||
54 | get("/%project/versions/", this::versions) | |
55 | get("/%project/versions/%version/edit", this::versionForm) | |
56 | get("/%project/versions/-/create", this::versionForm) | |
57 | post("/%project/versions/-/commit", this::versionCommit) | |
58 | ||
59 | get("/%project/components/", this::components) | |
60 | get("/%project/components/%component/edit", this::componentForm) | |
61 | get("/%project/components/-/create", this::componentForm) | |
62 | post("/%project/components/-/commit", this::componentCommit) | |
63 | ||
64 | get("/%project/issues/%version/%component/%issue", this::issue) | |
65 | get("/%project/issues/%version/%component/%issue/edit", this::issueForm) | |
186
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
66 | post("/%project/issues/%version/%component/%issue/comment", this::issueComment) |
184 | 67 | get("/%project/issues/%version/%component/-/create", this::issueForm) |
186
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
68 | post("/%project/issues/%version/%component/-/commit", this::issueCommit) |
184 | 69 | } |
70 | ||
71 | fun projects(http: HttpRequest, dao: DataAccessObject) { | |
72 | val projects = dao.listProjects() | |
73 | val projectInfos = projects.map { | |
74 | ProjectInfo( | |
75 | project = it, | |
76 | versions = dao.listVersions(it), | |
77 | components = emptyList(), // not required in this view | |
78 | issueSummary = dao.collectIssueSummary(it) | |
79 | ) | |
80 | } | |
81 | ||
82 | with(http) { | |
83 | view = ProjectsView(projectInfos) | |
84 | navigationMenu = projectNavMenu(projects) | |
85 | styleSheets = listOf("projects") | |
86 | render("projects") | |
87 | } | |
88 | } | |
89 | ||
90 | private fun activeProjectNavMenu( | |
91 | projects: List<Project>, | |
92 | projectInfo: ProjectInfo, | |
93 | selectedVersion: Version? = null, | |
94 | selectedComponent: Component? = null | |
95 | ) = | |
96 | projectNavMenu( | |
97 | projects, | |
98 | projectInfo.versions, | |
99 | projectInfo.components, | |
100 | projectInfo.project, | |
101 | selectedVersion, | |
102 | selectedComponent | |
103 | ) | |
104 | ||
105 | sealed class LookupResult<T> { | |
106 | class NotFound<T> : LookupResult<T>() | |
107 | data class Found<T>(val elem: T?) : LookupResult<T>() | |
108 | } | |
109 | ||
110 | private fun <T : HasNode> HttpRequest.lookupPathParam(paramName: String, list: List<T>): LookupResult<T> { | |
111 | val node = pathParams[paramName] | |
112 | return if (node == null || node == "-") { | |
113 | LookupResult.Found(null) | |
114 | } else { | |
115 | val result = list.find { it.node == node } | |
116 | if (result == null) { | |
117 | LookupResult.NotFound() | |
118 | } else { | |
119 | LookupResult.Found(result) | |
120 | } | |
121 | } | |
122 | } | |
123 | ||
124 | private fun obtainProjectInfo(http: HttpRequest, dao: DataAccessObject): ProjectInfo? { | |
125 | val project = dao.findProjectByNode(http.pathParams["project"] ?: "") ?: return null | |
126 | ||
127 | val versions: List<Version> = dao.listVersions(project) | |
128 | val components: List<Component> = dao.listComponents(project) | |
129 | ||
130 | return ProjectInfo( | |
131 | project, | |
132 | versions, | |
133 | components, | |
134 | dao.collectIssueSummary(project) | |
135 | ) | |
136 | } | |
137 | ||
138 | private fun sanitizeNode(name: String): String { | |
139 | val san = name.replace(Regex("[/\\\\]"), "-") | |
140 | return if (san.startsWith(".")) { | |
141 | "v$san" | |
142 | } else { | |
143 | san | |
144 | } | |
145 | } | |
146 | ||
147 | data class PathInfos( | |
148 | val projectInfo: ProjectInfo, | |
149 | val version: Version?, | |
150 | val component: Component? | |
151 | ) { | |
152 | val issuesHref by lazyOf("projects/${projectInfo.project.node}/issues/${version?.node ?: "-"}/${component?.node ?: "-"}/") | |
153 | } | |
154 | ||
155 | private fun withPathInfo(http: HttpRequest, dao: DataAccessObject): PathInfos? { | |
156 | val projectInfo = obtainProjectInfo(http, dao) | |
157 | if (projectInfo == null) { | |
158 | http.response.sendError(404) | |
159 | return null | |
160 | } | |
161 | ||
162 | val version = when (val result = http.lookupPathParam("version", projectInfo.versions)) { | |
163 | is LookupResult.NotFound -> { | |
164 | http.response.sendError(404) | |
165 | return null | |
166 | } | |
167 | is LookupResult.Found -> { | |
168 | result.elem | |
169 | } | |
170 | } | |
171 | val component = when (val result = http.lookupPathParam("component", projectInfo.components)) { | |
172 | is LookupResult.NotFound -> { | |
173 | http.response.sendError(404) | |
174 | return null | |
175 | } | |
176 | is LookupResult.Found -> { | |
177 | result.elem | |
178 | } | |
179 | } | |
180 | ||
181 | return PathInfos(projectInfo, version, component) | |
182 | } | |
183 | ||
184 | fun project(http: HttpRequest, dao: DataAccessObject) { | |
185 | withPathInfo(http, dao)?.run { | |
186 | val issues = dao.listIssues(IssueFilter( | |
187 | project = SpecificFilter(projectInfo.project), | |
188 | version = version?.let { SpecificFilter(it) } ?: AllFilter(), | |
189 | component = component?.let { SpecificFilter(it) } ?: AllFilter() | |
190 | )) | |
191 | ||
192 | with(http) { | |
193 | view = ProjectDetails(projectInfo, issues, version, component) | |
194 | navigationMenu = activeProjectNavMenu( | |
195 | dao.listProjects(), | |
196 | projectInfo, | |
197 | version, | |
198 | component | |
199 | ) | |
200 | styleSheets = listOf("projects") | |
201 | render("project-details") | |
202 | } | |
203 | } | |
204 | } | |
205 | ||
206 | fun projectForm(http: HttpRequest, dao: DataAccessObject) { | |
207 | val projectInfo = obtainProjectInfo(http, dao) | |
208 | if (projectInfo == null) { | |
209 | http.response.sendError(404) | |
210 | return | |
211 | } | |
212 | ||
213 | with(http) { | |
214 | view = ProjectEditView(projectInfo.project, dao.listUsers()) | |
215 | navigationMenu = activeProjectNavMenu( | |
216 | dao.listProjects(), | |
217 | projectInfo | |
218 | ) | |
219 | styleSheets = listOf("projects") | |
220 | render("project-form") | |
221 | } | |
222 | } | |
223 | ||
224 | fun projectCommit(http: HttpRequest, dao: DataAccessObject) { | |
225 | // TODO: replace defaults with throwing validator exceptions | |
226 | val project = Project(http.param("id")?.toIntOrNull() ?: -1).apply { | |
227 | name = http.param("name") ?: "" | |
228 | node = http.param("node") ?: "" | |
229 | description = http.param("description") ?: "" | |
230 | ordinal = http.param("ordinal")?.toIntOrNull() ?: 0 | |
231 | repoUrl = http.param("repoUrl") ?: "" | |
232 | owner = (http.param("owner")?.toIntOrNull() ?: -1).let { | |
233 | if (it < 0) null else dao.findUser(it) | |
234 | } | |
235 | // intentional defaults | |
236 | if (node.isBlank()) node = name | |
237 | // sanitizing | |
238 | node = sanitizeNode(node) | |
239 | } | |
240 | ||
241 | if (project.id < 0) { | |
242 | dao.insertProject(project) | |
243 | } else { | |
244 | dao.updateProject(project) | |
245 | } | |
246 | ||
247 | http.renderCommit("projects/${project.node}") | |
248 | } | |
249 | ||
250 | fun versions(http: HttpRequest, dao: DataAccessObject) { | |
251 | val projectInfo = obtainProjectInfo(http, dao) | |
252 | if (projectInfo == null) { | |
253 | http.response.sendError(404) | |
254 | return | |
255 | } | |
256 | ||
257 | with(http) { | |
258 | view = VersionsView( | |
259 | projectInfo, | |
260 | dao.listVersionSummaries(projectInfo.project) | |
261 | ) | |
262 | navigationMenu = activeProjectNavMenu( | |
263 | dao.listProjects(), | |
264 | projectInfo | |
265 | ) | |
266 | styleSheets = listOf("projects") | |
267 | render("versions") | |
268 | } | |
269 | } | |
270 | ||
271 | fun versionForm(http: HttpRequest, dao: DataAccessObject) { | |
272 | val projectInfo = obtainProjectInfo(http, dao) | |
273 | if (projectInfo == null) { | |
274 | http.response.sendError(404) | |
275 | return | |
276 | } | |
277 | ||
278 | val version: Version | |
279 | when (val result = http.lookupPathParam("version", projectInfo.versions)) { | |
280 | is LookupResult.NotFound -> { | |
281 | http.response.sendError(404) | |
282 | return | |
283 | } | |
284 | is LookupResult.Found -> { | |
285 | version = result.elem ?: Version(-1, projectInfo.project.id) | |
286 | } | |
287 | } | |
288 | ||
289 | with(http) { | |
290 | view = VersionEditView(projectInfo, version) | |
291 | navigationMenu = activeProjectNavMenu( | |
292 | dao.listProjects(), | |
293 | projectInfo, | |
294 | selectedVersion = version | |
295 | ) | |
296 | styleSheets = listOf("projects") | |
297 | render("version-form") | |
298 | } | |
299 | } | |
300 | ||
301 | fun versionCommit(http: HttpRequest, dao: DataAccessObject) { | |
302 | val id = http.param("id")?.toIntOrNull() | |
303 | val projectid = http.param("projectid")?.toIntOrNull() ?: -1 | |
304 | val project = dao.findProject(projectid) | |
305 | if (id == null || project == null) { | |
306 | http.response.sendError(400) | |
307 | return | |
308 | } | |
309 | ||
310 | // TODO: replace defaults with throwing validator exceptions | |
311 | val version = Version(id, projectid).apply { | |
312 | name = http.param("name") ?: "" | |
313 | node = http.param("node") ?: "" | |
314 | ordinal = http.param("ordinal")?.toIntOrNull() ?: 0 | |
315 | status = http.param("status")?.let(VersionStatus::valueOf) ?: VersionStatus.Future | |
316 | // intentional defaults | |
317 | if (node.isBlank()) node = name | |
318 | // sanitizing | |
319 | node = sanitizeNode(node) | |
320 | } | |
321 | ||
322 | if (id < 0) { | |
323 | dao.insertVersion(version) | |
324 | } else { | |
325 | dao.updateVersion(version) | |
326 | } | |
327 | ||
328 | http.renderCommit("projects/${project.node}/versions/") | |
329 | } | |
330 | ||
331 | fun components(http: HttpRequest, dao: DataAccessObject) { | |
332 | val projectInfo = obtainProjectInfo(http, dao) | |
333 | if (projectInfo == null) { | |
334 | http.response.sendError(404) | |
335 | return | |
336 | } | |
337 | ||
338 | with(http) { | |
339 | view = ComponentsView( | |
340 | projectInfo, | |
341 | dao.listComponentSummaries(projectInfo.project) | |
342 | ) | |
343 | navigationMenu = activeProjectNavMenu( | |
344 | dao.listProjects(), | |
345 | projectInfo | |
346 | ) | |
347 | styleSheets = listOf("projects") | |
348 | render("components") | |
349 | } | |
350 | } | |
351 | ||
352 | fun componentForm(http: HttpRequest, dao: DataAccessObject) { | |
353 | val projectInfo = obtainProjectInfo(http, dao) | |
354 | if (projectInfo == null) { | |
355 | http.response.sendError(404) | |
356 | return | |
357 | } | |
358 | ||
359 | val component: Component | |
360 | when (val result = http.lookupPathParam("component", projectInfo.components)) { | |
361 | is LookupResult.NotFound -> { | |
362 | http.response.sendError(404) | |
363 | return | |
364 | } | |
365 | is LookupResult.Found -> { | |
366 | component = result.elem ?: Component(-1, projectInfo.project.id) | |
367 | } | |
368 | } | |
369 | ||
370 | with(http) { | |
371 | view = ComponentEditView(projectInfo, component, dao.listUsers()) | |
372 | navigationMenu = activeProjectNavMenu( | |
373 | dao.listProjects(), | |
374 | projectInfo, | |
375 | selectedComponent = component | |
376 | ) | |
377 | styleSheets = listOf("projects") | |
378 | render("component-form") | |
379 | } | |
380 | } | |
381 | ||
382 | fun componentCommit(http: HttpRequest, dao: DataAccessObject) { | |
383 | val id = http.param("id")?.toIntOrNull() | |
384 | val projectid = http.param("projectid")?.toIntOrNull() ?: -1 | |
385 | val project = dao.findProject(projectid) | |
386 | if (id == null || project == null) { | |
387 | http.response.sendError(400) | |
388 | return | |
389 | } | |
390 | ||
391 | // TODO: replace defaults with throwing validator exceptions | |
392 | val component = Component(id, projectid).apply { | |
393 | name = http.param("name") ?: "" | |
394 | node = http.param("node") ?: "" | |
395 | ordinal = http.param("ordinal")?.toIntOrNull() ?: 0 | |
396 | color = WebColor(http.param("color") ?: "#000000") | |
397 | description = http.param("description") | |
398 | lead = (http.param("lead")?.toIntOrNull() ?: -1).let { | |
399 | if (it < 0) null else dao.findUser(it) | |
400 | } | |
401 | // intentional defaults | |
402 | if (node.isBlank()) node = name | |
403 | // sanitizing | |
404 | node = sanitizeNode(node) | |
405 | } | |
406 | ||
407 | if (id < 0) { | |
408 | dao.insertComponent(component) | |
409 | } else { | |
410 | dao.updateComponent(component) | |
411 | } | |
412 | ||
413 | http.renderCommit("projects/${project.node}/components/") | |
414 | } | |
415 | ||
416 | fun issue(http: HttpRequest, dao: DataAccessObject) { | |
417 | withPathInfo(http, dao)?.run { | |
418 | val issue = dao.findIssue(http.pathParams["issue"]?.toIntOrNull() ?: -1) | |
419 | if (issue == null) { | |
420 | http.response.sendError(404) | |
421 | return | |
422 | } | |
423 | ||
424 | val comments = dao.listComments(issue) | |
425 | ||
426 | with(http) { | |
427 | view = IssueDetailView(issue, comments, projectInfo.project, version, component) | |
428 | navigationMenu = activeProjectNavMenu( | |
429 | dao.listProjects(), | |
430 | projectInfo, | |
431 | version, | |
432 | component | |
433 | ) | |
434 | styleSheets = listOf("projects") | |
435 | render("issue-view") | |
436 | } | |
437 | } | |
438 | } | |
439 | ||
440 | fun issueForm(http: HttpRequest, dao: DataAccessObject) { | |
441 | withPathInfo(http, dao)?.run { | |
442 | val issue = dao.findIssue(http.pathParams["issue"]?.toIntOrNull() ?: -1) ?: Issue( | |
443 | -1, | |
444 | projectInfo.project, | |
445 | ) | |
446 | ||
447 | // pre-select component, if available in the path info | |
448 | issue.component = component | |
449 | ||
450 | with(http) { | |
451 | view = IssueEditView( | |
452 | issue, | |
453 | projectInfo.versions, | |
454 | projectInfo.components, | |
455 | dao.listUsers(), | |
456 | projectInfo.project, | |
457 | version, | |
458 | component | |
459 | ) | |
460 | navigationMenu = activeProjectNavMenu( | |
461 | dao.listProjects(), | |
462 | projectInfo, | |
463 | version, | |
464 | component | |
465 | ) | |
466 | styleSheets = listOf("projects") | |
467 | render("issue-form") | |
468 | } | |
469 | } | |
470 | } | |
471 | ||
472 | fun issueComment(http: HttpRequest, dao: DataAccessObject) { | |
473 | withPathInfo(http, dao)?.run { | |
474 | val issue = dao.findIssue(http.pathParams["issue"]?.toIntOrNull() ?: -1) | |
475 | if (issue == null) { | |
476 | http.response.sendError(404) | |
477 | return | |
478 | } | |
479 | ||
480 | // TODO: throw validator exception instead of using a default | |
481 | val comment = IssueComment(-1, issue.id).apply { | |
482 | author = http.remoteUser?.let { dao.findUserByName(it) } | |
483 | comment = http.param("comment") ?: "" | |
484 | } | |
485 | ||
486 | dao.insertComment(comment) | |
487 | ||
488 | http.renderCommit("${issuesHref}${issue.id}") | |
489 | } | |
490 | } | |
491 | ||
492 | fun issueCommit(http: HttpRequest, dao: DataAccessObject) { | |
493 | withPathInfo(http, dao)?.run { | |
494 | // TODO: throw validator exception instead of using defaults | |
495 | val issue = Issue( | |
496 | http.param("id")?.toIntOrNull() ?: -1, | |
497 | projectInfo.project | |
498 | ).apply { | |
499 | component = dao.findComponent(http.param("component")?.toIntOrNull() ?: -1) | |
500 | category = IssueCategory.valueOf(http.param("category") ?: "") | |
501 | status = IssueStatus.valueOf(http.param("status") ?: "") | |
502 | subject = http.param("subject") ?: "" | |
503 | description = http.param("description") ?: "" | |
504 | assignee = http.param("assignee")?.toIntOrNull()?.let { | |
505 | when (it) { | |
506 | -1 -> null | |
507 | -2 -> component?.lead | |
508 | else -> dao.findUser(it) | |
509 | } | |
510 | } | |
186
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
511 | eta = http.param("eta")?.let { if (it.isBlank()) null else Date.valueOf(it) } |
184 | 512 | |
513 | affectedVersions = http.paramArray("affected") | |
514 | .mapNotNull { param -> param.toIntOrNull()?.let { Version(it, projectInfo.project.id) } } | |
515 | resolvedVersions = http.paramArray("resolved") | |
516 | .mapNotNull { param -> param.toIntOrNull()?.let { Version(it, projectInfo.project.id) } } | |
517 | } | |
518 | ||
186
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
519 | val openId = if (issue.id < 0) { |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
520 | dao.insertIssue(issue) |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
521 | } else { |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
522 | dao.updateIssue(issue) |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
523 | issue.id |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
524 | } |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
525 | |
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
526 | if (http.param("more") != null) { |
185
5ec9fcfbdf9c
re-enables the "create another" feature
Mike Becker <universe@uap-core.de>
parents:
184
diff
changeset
|
527 | http.renderCommit("${issuesHref}-/create") |
5ec9fcfbdf9c
re-enables the "create another" feature
Mike Becker <universe@uap-core.de>
parents:
184
diff
changeset
|
528 | } else { |
186
05eec764facd
fixes some minor migration regressions
Mike Becker <universe@uap-core.de>
parents:
185
diff
changeset
|
529 | http.renderCommit("${issuesHref}${openId}") |
185
5ec9fcfbdf9c
re-enables the "create another" feature
Mike Becker <universe@uap-core.de>
parents:
184
diff
changeset
|
530 | } |
184 | 531 | } |
532 | } | |
533 | } |