Refactor WorkspaceService to use MultipartFile for file upload handling

- Replaced `Resource` with `MultipartFile` in `uploadWorkspaceFile` for improved flexibility.
- Updated related service, test, and integration test implementations to accommodate this change.
- Adjusted validations on file paths and names for enhanced security.
- Improved import paths for `RediSearchIndexer` in relevant modules.

Author: jreynard-code

run/src/main/kotlin/com/cosmotech/run/workflow/WorkflowService.kt

@@ -20,6 +20,7 @@ interface WorkflowService : HealthIndicator {
 
   /**
    * Launch a new Scenario run, using the request specified
+   *
    * @param runStartContainers the scenario run start request
    * @param executionTimeout the duration in which the workflow is allowed to run
    * @param alwaysPull the image pull policy
@@ -35,27 +36,31 @@ interface WorkflowService : HealthIndicator {
 
   /**
    * Find WorkflowStatus by label
+   *
    * @param labelSelector a label used to filter workflow
    * @return a list of all WorkflowStatus corresponding to the labelSelector
    */
   fun findWorkflowStatusByLabel(labelSelector: String): List<WorkflowStatus>
 
   /**
    * Get a Run status
+   *
    * @param run the Run
    * @return the Run status
    */
   fun getRunStatus(run: Run): RunStatus
 
   /**
    * Get all logs of a Run, as a structured object
+   *
    * @param run the Run
    * @return the RunLogs object
    */
   fun getRunLogs(run: Run): RunLogs
 
   /**
    * Stop the running workflow
+   *
    * @param run the run object
    * @return the Run status
    */

workspace/src/integrationTest/kotlin/com/cosmotech/workspace/service/WorkspaceServiceIntegrationTest.kt

@@ -36,7 +36,7 @@ import com.cosmotech.workspace.domain.WorkspaceAccessControl
 import com.cosmotech.workspace.domain.WorkspaceRole
 import com.cosmotech.workspace.domain.WorkspaceSecurity
 import com.cosmotech.workspace.domain.WorkspaceSolution
-import com.redis.om.spring.RediSearchIndexer
+import com.redis.om.spring.indexing.RediSearchIndexer
 import io.mockk.every
 import io.mockk.junit5.MockKExtension
 import io.mockk.mockkStatic
@@ -559,6 +559,7 @@ class WorkspaceServiceIntegrationTest : CsmRedisTestBase() {
         version = "1.0",
         ioTypes = listOf(IoTypesEnum.read))
   }
+
   fun makeDataset(
       organizationId: String = organizationSaved.id!!,
       name: String = "name",

workspace/src/integrationTest/kotlin/com/cosmotech/workspace/service/WorkspaceServiceRBACTest.kt

@@ -34,7 +34,7 @@ import com.cosmotech.workspace.domain.WorkspaceAccessControl
 import com.cosmotech.workspace.domain.WorkspaceRole
 import com.cosmotech.workspace.domain.WorkspaceSecurity
 import com.cosmotech.workspace.domain.WorkspaceSolution
-import com.redis.om.spring.RediSearchIndexer
+import com.redis.om.spring.indexing.RediSearchIndexer
 import io.mockk.every
 import io.mockk.impl.annotations.RelaxedMockK
 import io.mockk.junit5.MockKExtension
@@ -54,11 +54,11 @@ import org.junit.jupiter.api.extension.ExtendWith
 import org.junit.runner.RunWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.core.io.Resource
 import org.springframework.test.context.ActiveProfiles
 import org.springframework.test.context.junit.jupiter.SpringExtension
 import org.springframework.test.context.junit4.SpringRunner
 import org.springframework.test.util.ReflectionTestUtils
+import org.springframework.web.multipart.MultipartFile
 
 @ActiveProfiles(profiles = ["workspace-test"])
 @ExtendWith(MockKExtension::class)
@@ -71,7 +71,7 @@ class WorkspaceServiceRBACTest : CsmRedisTestBase() {
   val TEST_USER_MAIL = "[email protected]"
   val CONNECTED_ADMIN_USER = "[email protected]"
 
-  @RelaxedMockK private lateinit var resource: Resource
+  @RelaxedMockK private lateinit var resource: MultipartFile
 
   @RelaxedMockK private lateinit var resourceScanner: ResourceScanner
 
@@ -626,7 +626,11 @@ class WorkspaceServiceRBACTest : CsmRedisTestBase() {
                           role = ROLE_ADMIN))
               every { getCurrentAccountIdentifier(any()) } returns TEST_USER_MAIL
               ReflectionTestUtils.setField(workspaceApiService, "resourceScanner", resourceScanner)
-              every { resourceScanner.scanMimeTypes(any(), any()) } returns Unit
+              every { resource.originalFilename } returns "fakeName"
+              every {
+                resourceScanner.scanMimeTypes(
+                    "fakeName", any(), csmPlatformProperties.upload.authorizedMimeTypes.workspaces)
+              } returns Unit
 
               if (shouldThrow) {
                 val exception =
@@ -674,7 +678,11 @@ class WorkspaceServiceRBACTest : CsmRedisTestBase() {
                           role = role))
               every { getCurrentAccountIdentifier(any()) } returns TEST_USER_MAIL
               ReflectionTestUtils.setField(workspaceApiService, "resourceScanner", resourceScanner)
-              every { resourceScanner.scanMimeTypes(any(), any()) } returns Unit
+              every { resource.originalFilename } returns "fakeName"
+              every {
+                resourceScanner.scanMimeTypes(
+                    "fakeName", any(), csmPlatformProperties.upload.authorizedMimeTypes.workspaces)
+              } returns Unit
 
               if (shouldThrow) {
                 val exception =

workspace/src/main/kotlin/com/cosmotech/workspace/service/WorkspaceServiceImpl.kt

@@ -58,6 +58,7 @@ import org.springframework.data.domain.Pageable
 import org.springframework.data.repository.findByIdOrNull
 import org.springframework.scheduling.annotation.Async
 import org.springframework.stereotype.Service
+import org.springframework.web.multipart.MultipartFile
 
 @Service
 @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
@@ -208,36 +209,41 @@ internal class WorkspaceServiceImpl(
   override fun uploadWorkspaceFile(
       organizationId: String,
       workspaceId: String,
-      file: Resource,
+      file: MultipartFile,
       overwrite: Boolean,
       destination: String?
   ): WorkspaceFile {
-    if (destination?.contains("..") == true) {
-      throw IllegalArgumentException("Invalid destination: '$destination'. '..' is not allowed")
+    require(destination?.contains("..") != true) {
+      "Invalid destination: '$destination'. '..' is not allowed"
     }
+    require(file.originalFilename?.isBlank() != true) { "File name must not be blank" }
+    require(
+        file.originalFilename?.contains("..") != true &&
+            file.originalFilename?.startsWith("/") != true) {
+          "Invalid filename: '${file.originalFilename}'. '..' and '/' are not allowed"
+        }
     val workspace = getVerifiedWorkspace(organizationId, workspaceId, PERMISSION_WRITE)
-    if (file?.filename?.contains("..") == true || file?.filename?.contains("/") == true) {
-      throw IllegalArgumentException(
-          "Invalid filename: '${file.filename}'. '..' and '/' are not allowed")
-    }
 
     logger.debug(
         "Uploading file resource to workspace #{} ({}): {} => {}",
         workspace.id,
         workspace.name,
-        file.filename,
+        file.originalFilename,
         destination)
 
-    resourceScanner.scanMimeTypes(file, csmPlatformProperties.upload.authorizedMimeTypes.workspaces)
+    resourceScanner.scanMimeTypes(
+        file.originalFilename!!,
+        file.inputStream,
+        csmPlatformProperties.upload.authorizedMimeTypes.workspaces)
     val fileRelativeDestinationBuilder = StringBuilder()
     if (destination.isNullOrBlank()) {
-      fileRelativeDestinationBuilder.append(file.filename)
+      fileRelativeDestinationBuilder.append(file.originalFilename)
     } else {
       // Using multiple consecutive '/' in the path is not supported in the storage upload
       val destinationSanitized = destination.removePrefix("/").replace(Regex("(/)\\1+"), "/")
       fileRelativeDestinationBuilder.append(destinationSanitized)
       if (destinationSanitized.endsWith("/")) {
-        fileRelativeDestinationBuilder.append(file.filename)
+        fileRelativeDestinationBuilder.append(file.originalFilename)
       }
     }
 
@@ -548,6 +554,7 @@ internal class WorkspaceServiceImpl(
     this.eventPublisher.publishEvent(
         AddWorkspaceToDataset(this, organizationId, datasetId, workspaceId))
   }
+
   private fun sendDeleteHistoricalDataWorkspaceEvent(
       organizationId: String,
       it: Workspace,

workspace/src/test/kotlin/com/cosmotech/workspace/service/WorkspaceServiceImplTests.kt

@@ -62,8 +62,8 @@ import org.junit.jupiter.api.TestFactory
 import org.junit.jupiter.api.assertDoesNotThrow
 import org.junit.jupiter.api.assertThrows
 import org.junit.jupiter.api.extension.ExtendWith
-import org.springframework.core.io.Resource
 import org.springframework.data.repository.findByIdOrNull
+import org.springframework.web.multipart.MultipartFile
 
 const val ORGANIZATION_ID = "O-AbCdEf123"
 const val WORKSPACE_ID = "W-BcDeFg123"
@@ -145,8 +145,8 @@ class WorkspaceServiceImplTests {
     every { workspace.security } returns WorkspaceSecurity(ROLE_ADMIN, mutableListOf())
     every { workspaceRepository.findByIdOrNull(any()) } returns workspace
 
-    val file = mockk<Resource>(relaxed = true)
-    every { file.filename } returns "my_file.txt"
+    val file = mockk<MultipartFile>(relaxed = true)
+    every { file.originalFilename } returns "my_file.txt"
 
     val workspaceFile =
         workspaceServiceImpl.uploadWorkspaceFile(ORGANIZATION_ID, WORKSPACE_ID, file, false, null)
@@ -166,8 +166,8 @@ class WorkspaceServiceImplTests {
         mockk<Organization>()
     every { workspaceRepository.findByIdOrNull(any()) } returns workspace
 
-    val file = mockk<Resource>(relaxed = true)
-    every { file.filename } returns "my_file.txt"
+    val file = mockk<MultipartFile>(relaxed = true)
+    every { file.originalFilename } returns "my_file.txt"
 
     val workspaceFile =
         workspaceServiceImpl.uploadWorkspaceFile(ORGANIZATION_ID, WORKSPACE_ID, file, false, "  ")
@@ -185,8 +185,8 @@ class WorkspaceServiceImplTests {
     every { workspace.security } returns WorkspaceSecurity(ROLE_ADMIN, mutableListOf())
     every { workspaceRepository.findByIdOrNull(any()) } returns workspace
 
-    val file = mockk<Resource>(relaxed = true)
-    every { file.filename } returns "my_file.txt"
+    val file = mockk<MultipartFile>(relaxed = true)
+    every { file.originalFilename } returns "my_file.txt"
 
     val workspaceFile =
         workspaceServiceImpl.uploadWorkspaceFile(
@@ -207,8 +207,8 @@ class WorkspaceServiceImplTests {
     every { workspace.security } returns WorkspaceSecurity(ROLE_ADMIN, mutableListOf())
     every { workspaceRepository.findByIdOrNull(any()) } returns workspace
 
-    val file = mockk<Resource>(relaxed = true)
-    every { file.filename } returns "my_file.txt"
+    val file = mockk<MultipartFile>(relaxed = true)
+    every { file.originalFilename } returns "my_file.txt"
 
     val workspaceFile =
         workspaceServiceImpl.uploadWorkspaceFile(
@@ -228,8 +228,8 @@ class WorkspaceServiceImplTests {
     every { workspace.security } returns WorkspaceSecurity(ROLE_ADMIN, mutableListOf())
     every { workspaceRepository.findByIdOrNull(any()) } returns workspace
 
-    val file = mockk<Resource>(relaxed = true)
-    every { file.filename } returns "my_file.txt"
+    val file = mockk<MultipartFile>(relaxed = true)
+    every { file.originalFilename } returns "my_file.txt"
 
     val workspaceFile =
         workspaceServiceImpl.uploadWorkspaceFile(
@@ -443,8 +443,10 @@ class WorkspaceServiceImplTests {
           .map { (role, shouldThrow) ->
             rbacTest("Test RBAC upload workspace file: $role", role, shouldThrow) {
               every { workspaceRepository.findByIdOrNull(any()) } returns it.workspace
+              val file = mockk<MultipartFile>(relaxed = true)
+              every { file.originalFilename } returns "fakeName"
               workspaceServiceImpl.uploadWorkspaceFile(
-                  it.organization.id!!, it.workspace.id!!, mockk(relaxed = true), true, "name")
+                  it.organization.id!!, it.workspace.id!!, file, true, "name")
             }
           }
 
@@ -573,6 +575,7 @@ class WorkspaceServiceImplTests {
                   it.organization.id!!, it.workspace.id!!, "2$CONNECTED_DEFAULT_USER")
             }
           }
+
   @TestFactory
   fun `test RBAC get workspace security users`() =
       mapOf(