allow share context for lacal maven run, refactor

Signed-off-by: Abhishek Kumar <[email protected]>

Author: shwstppr

client/conf/server.properties.in

@@ -73,8 +73,6 @@ share.enabled=true
 # share.base.dir=
 # The cache control header value to be used for shared files. Default is public,max-age=86400,immutable
 # share.cache.control=public,max-age=86400,immutable
-# Allow or disallow directory listing when accessing a directory. Default is false
-# share.dir.allowed=false
 # Secret key for securing links using HMAC signature. If not set then links will not be signed. Default is change-me
 # It is recommended to change this value to a strong secret key in production
 share.secret=change-me

client/src/main/java/org/apache/cloudstack/ServerDaemon.java

@@ -34,6 +34,7 @@
 
 import javax.servlet.DispatcherType;
 
+import org.apache.cloudstack.servlet.ShareSignedUrlFilter;
 import org.apache.cloudstack.utils.server.ServerPropertiesUtil;
 import org.apache.commons.daemon.Daemon;
 import org.apache.commons.daemon.DaemonContext;
@@ -125,12 +126,6 @@ public class ServerDaemon implements Daemon {
     private int minThreads;
     private int maxThreads;
 
-    private boolean shareEnabled = false;
-    private String shareBaseDir;
-    private String shareCacheCtl;
-    private boolean shareDirList = false;
-    private String shareSecret;
-
     //////////////////////////////////////////////////
     /////////////// Public methods ///////////////////
     //////////////////////////////////////////////////
@@ -141,22 +136,6 @@ public static void main(final String... anArgs) throws Exception {
         daemon.start();
     }
 
-    protected void initShareConfigFromProperties() {
-        setShareEnabled(ServerPropertiesUtil.getShareEnabled());
-        setShareBaseDir(ServerPropertiesUtil.getShareBaseDirectory());
-        setShareCacheCtl(ServerPropertiesUtil.getShareCacheControl());
-        setShareDirList(ServerPropertiesUtil.getShareDirAllowed());
-        setShareSecret(ServerPropertiesUtil.getShareSecret());
-
-        logger.info(String.format("/%s static context enabled=%s, baseDir=%s, dirList=%s, cacheCtl=%s, secret=%s",
-                ServerPropertiesUtil.SHARE_DIR,
-                shareEnabled,
-                shareBaseDir,
-                shareDirList,
-                shareCacheCtl,
-                (StringUtils.isNotBlank(shareSecret) ? "configured" : "not configured")));
-    }
-
     @Override
     public void init(final DaemonContext context) {
         final File confFile = PropertiesUtil.findConfigFile("server.properties");
@@ -189,7 +168,6 @@ public void init(final DaemonContext context) {
             setMaxFormKeys(Integer.valueOf(properties.getProperty(REQUEST_MAX_FORM_KEYS_KEY, String.valueOf(DEFAULT_REQUEST_MAX_FORM_KEYS))));
             setMinThreads(Integer.valueOf(properties.getProperty(THREADS_MIN, "10")));
             setMaxThreads(Integer.valueOf(properties.getProperty(THREADS_MAX, "500")));
-            initShareConfigFromProperties();
         } catch (final IOException e) {
             logger.warn("Failed to read configuration from server.properties file", e);
         } finally {
@@ -201,6 +179,13 @@ public void init(final DaemonContext context) {
         }
         logger.info(String.format("Initializing server daemon on %s, with http.enable=%s, http.port=%s, https.enable=%s, https.port=%s, context.path=%s",
                 bindInterface, httpEnable, httpPort, httpsEnable, httpsPort, contextPath));
+
+        if (ServerPropertiesUtil.getShareEnabled()) {
+            logger.info("/{} static context for file-sharing is enabled, baseDir={}, cacheCtl={}, secret={}",
+                    ServerPropertiesUtil.SHARE_DIR, ServerPropertiesUtil.getShareBaseDirectory(),
+                    ServerPropertiesUtil.getShareCacheControl(),
+                    (StringUtils.isNotBlank(ServerPropertiesUtil.getShareSecret()) ? "configured" : "not configured"));
+        }
     }
 
     @Override
@@ -332,12 +317,12 @@ private void createHttpsConnector(final HttpConfiguration httpConfig) {
      * @return a configured Handler or null if disabled.
      */
     private Handler createShareContextHandler() throws IOException {
-        if (!shareEnabled) {
+        if (!ServerPropertiesUtil.getShareEnabled()) {
             logger.info("/{} context not mounted", ServerPropertiesUtil.SHARE_DIR);
             return null;
         }
 
-        final Path base = Paths.get(shareBaseDir);
+        final Path base = Paths.get(ServerPropertiesUtil.getShareBaseDirectory());
         Files.createDirectories(base);
 
         final ServletContextHandler shareCtx = new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
@@ -346,9 +331,9 @@ private Handler createShareContextHandler() throws IOException {
 
         // Efficient static file serving
         ServletHolder def = shareCtx.addServlet(DefaultServlet.class, "/*");
-        def.setInitParameter("dirAllowed", Boolean.toString(shareDirList));
+        def.setInitParameter("dirAllowed", "false");
         def.setInitParameter("etags", "true");
-        def.setInitParameter("cacheControl", shareCacheCtl);
+        def.setInitParameter("cacheControl", ServerPropertiesUtil.getShareCacheControl());
         def.setInitParameter("useFileMappedBuffer", "true");
         def.setInitParameter("acceptRanges", "true");
 
@@ -360,12 +345,8 @@ private Handler createShareContextHandler() throws IOException {
                 "text/html", "text/plain", "text/css", "text/javascript",
                 "application/javascript", "application/json", "application/xml");
         gzipHandler.setHandler(shareCtx);
-
-        // Optional signed-URL guard (path + "|" + exp => HMAC-SHA256, base64url)
-        if (StringUtils.isNotBlank(shareSecret)) {
-            shareCtx.addFilter(new FilterHolder(new ShareSignedUrlFilter(shareSecret)),
-                    "/*", EnumSet.of(DispatcherType.REQUEST));
-        }
+        shareCtx.addFilter(new FilterHolder(new ShareSignedUrlFilter()), "/*",
+                EnumSet.of(DispatcherType.REQUEST));
 
         logger.info("Mounted /{} static context at baseDir={}", ServerPropertiesUtil.SHARE_DIR, base);
         return shareCtx;
@@ -506,24 +487,4 @@ public void setMinThreads(int minThreads) {
     public void setMaxThreads(int maxThreads) {
         this.maxThreads = maxThreads;
     }
-
-    public void setShareEnabled(boolean shareEnabled) {
-        this.shareEnabled = shareEnabled;
-    }
-
-    public void setShareBaseDir(String shareBaseDir) {
-        this.shareBaseDir = shareBaseDir;
-    }
-
-    public void setShareCacheCtl(String shareCacheCtl) {
-        this.shareCacheCtl = shareCacheCtl;
-    }
-
-    public void setShareDirList(boolean shareDirList) {
-        this.shareDirList = shareDirList;
-    }
-
-    public void setShareSecret(String shareSecret) {
-        this.shareSecret = shareSecret;
-    }
 }

client/src/main/webapp/WEB-INF/web.xml

@@ -54,6 +54,12 @@
         <load-on-startup>6</load-on-startup>
     </servlet>
 
+    <servlet>
+        <servlet-name>shareServlet</servlet-name>
+        <servlet-class>org.apache.cloudstack.servlet.ShareServlet</servlet-class>
+        <load-on-startup>7</load-on-startup>
+    </servlet>
+
     <servlet-mapping>
          <servlet-name>apiServlet</servlet-name>
          <url-pattern>/api/*</url-pattern>
@@ -64,9 +70,24 @@
          <url-pattern>/console</url-pattern>
     </servlet-mapping>
 
+    <servlet-mapping>
+        <servlet-name>shareServlet</servlet-name>
+        <url-pattern>/share/*</url-pattern>
+    </servlet-mapping>
+
     <error-page>
         <exception-type>java.lang.Exception</exception-type>
         <location>/error.html</location>
     </error-page>
 
+    <filter>
+        <filter-name>share-signed-url</filter-name>
+        <filter-class>org.apache.cloudstack.servlet.ShareSignedUrlFilter</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>share-signed-url</filter-name>
+        <url-pattern>/share/*</url-pattern>
+        <dispatcher>REQUEST</dispatcher>
+    </filter-mapping>
+
 </web-app>

framework/extensions/src/main/java/org/apache/cloudstack/framework/extensions/manager/ExtensionsFilesystemManagerImpl.java

@@ -150,7 +150,12 @@ protected static String getFileExtension(File file) {
         return (lastDot == -1) ? "" : name.substring(lastDot + 1);
     }
 
-    protected Path getExtensionRootPath(String extensionName) {
+    protected Path getExtensionRootPath(String extensionName, String extensionRelativePath) {
+        if (StringUtils.isNotBlank(extensionRelativePath)) {
+            Path extensionsPath = Paths.get(extensionsDirectory).toAbsolutePath().normalize();
+            Path relativePath = Paths.get(extensionRelativePath);
+            return extensionsPath.resolve(relativePath.getName(0)).normalize();
+        }
         final String normalizedName = Extension.getDirectoryName(extensionName);
         final String extensionDir = extensionsDirectory + File.separator + normalizedName;
         return Path.of(extensionDir);
@@ -187,7 +192,7 @@ public String getExtensionsPath() {
 
     @Override
     public Path getExtensionRootPath(Extension extension) {
-        return getExtensionRootPath(extension.getName());
+        return getExtensionRootPath(extension.getName(), extension.getRelativePath());
     }
 
     @Override
@@ -226,7 +231,7 @@ public Map<String, String> getChecksumMapForExtension(String extensionName, Stri
             return null;
         }
         try {
-            Path rootPath = getExtensionRootPath(extensionName);
+            Path rootPath = getExtensionRootPath(extensionName, relativePath);
             Map<String, String> fileChecksums = new TreeMap<>();
             java.util.List<Path> files = new java.util.ArrayList<>();
             try (Stream<Path> stream = Files.walk(rootPath)) {

framework/extensions/src/main/java/org/apache/cloudstack/framework/extensions/manager/ExtensionsShareManagerImpl.java

@@ -287,7 +287,7 @@ protected String generateSignedArchiveUrl(ManagementServerHost managementServer,
         final long expiresAtEpochSec = System.currentTimeMillis() / 1000L + shareLinkValidityInterval;
         final String secretKey = ServerPropertiesUtil.getShareSecret();
         String archiveName = archivePath.getFileName().toString();
-        String uriPath = String.format("/%s/%s/%s", ServerPropertiesUtil.SHARE_DIR, EXTENSIONS_SHARE_SUBDIR,
+        String uriPath = String.format("%s/%s/%s", ServerPropertiesUtil.getShareUriPath(), EXTENSIONS_SHARE_SUBDIR,
                 archiveName);
         String sig = "";
         if (StringUtils.isNotBlank(secretKey)) {

framework/extensions/src/test/java/org/apache/cloudstack/framework/extensions/manager/ExtensionsFilesystemManagerImplTest.java

@@ -302,7 +302,7 @@ public void getChecksumMapForExtensionReturnsChecksumsForAllFiles() throws IOExc
         Path rootPath = tempDir.toPath();
         Path file1 = Files.createFile(rootPath.resolve("file1.txt"));
         Path file2 = Files.createFile(rootPath.resolve("file2.txt"));
-        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName);
+        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName, "");
         doReturn(rootPath.toString()).when(extensionsFilesystemManager).getExtensionCheckedPath(extensionName, "");
 
         try (MockedStatic<DigestHelper> digestHelperMock = mockStatic(DigestHelper.class)) {
@@ -331,7 +331,7 @@ public void getChecksumMapForExtensionReturnsNullForBlankPath() {
     public void getChecksumMapForExtensionHandlesIOExceptionDuringFileWalk() {
         String extensionName = "test-extension";
         Path rootPath = tempDir.toPath();
-        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName);
+        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName, "");
         doReturn(rootPath.toString()).when(extensionsFilesystemManager).getExtensionCheckedPath(extensionName, "");
         try (MockedStatic<Files> filesMock = mockStatic(Files.class)) {
             filesMock.when(() -> Files.walk(rootPath)).thenThrow(new IOException("File walk error"));
@@ -345,7 +345,7 @@ public void getChecksumMapForExtensionHandlesChecksumCalculationFailure() throws
         String extensionName = "test-extension";
         Path rootPath = tempDir.toPath();
         Path file1 = Files.createFile(rootPath.resolve("file1.txt"));
-        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName);
+        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName, "");
         doReturn(rootPath.toString()).when(extensionsFilesystemManager).getExtensionCheckedPath(extensionName, "");
         try (MockedStatic<DigestHelper> digestHelperMock = mockStatic(DigestHelper.class)) {
             digestHelperMock.when(() -> DigestHelper.calculateChecksum(file1.toFile())).thenThrow(new CloudRuntimeException("Checksum error"));
@@ -358,7 +358,7 @@ public void getChecksumMapForExtensionHandlesChecksumCalculationFailure() throws
     public void getChecksumMapForExtensionReturnsEmptyMapWhenNoFilesExist() {
         String extensionName = "test-extension";
         Path rootPath = tempDir.toPath();
-        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName);
+        doReturn(rootPath).when(extensionsFilesystemManager).getExtensionRootPath(extensionName, "");
         doReturn(rootPath.toString()).when(extensionsFilesystemManager).getExtensionCheckedPath(extensionName, "");
         try (MockedStatic<Files> filesMock = mockStatic(Files.class)) {
             filesMock.when(() -> Files.walk(rootPath)).thenReturn(Stream.empty());

server/src/main/java/org/apache/cloudstack/servlet/ShareServlet.java

@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.BasicFileAttributes;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cloudstack.utils.server.ServerPropertiesUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.support.SpringBeanAutowiringSupport;
+
+/**
+ * A servlet to serve files from a configured share directory.
+ * This is used only for local maven run. For production deployments, share context handling is in ServerDaemon.
+ * Configuration properties read from server.properties:
+ * <ul>
+ *   <li>share.enabled - Enable or disable the share servlet.</li>
+ *   <li>share.base.dir - The base directory from which files will be served.</li>
+ *   <li>share.cache.control - Cache-Control header value for served files.</li>
+ * </ul>
+ */
+@Component("shareServlet")
+public class ShareServlet extends HttpServlet {
+    private static final Logger LOG = LogManager.getLogger(ShareServlet.class);
+
+    private Path baseDir;
+    private String cacheControl;
+
+    @Override
+    public void init(final ServletConfig config) throws ServletException {
+        super.init(config);
+        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, config.getServletContext());
+
+        if (!ServerPropertiesUtil.getShareEnabled()) {
+            LOG.info("ShareServlet: share disabled, skipping initialization");
+            return;
+        }
+
+        try {
+            baseDir = Paths.get(ServerPropertiesUtil.getShareBaseDirectory());
+            Files.createDirectories(baseDir);
+            cacheControl = ServerPropertiesUtil.getShareCacheControl();
+            LOG.info("ShareServlet initialized at baseDir={}, cacheControl={}", baseDir, cacheControl);
+        } catch (IOException e) {
+            throw new ServletException("Failed to initialize ShareServlet", e);
+        }
+    }
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        if (baseDir == null) {
+            resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "Share feature disabled");
+            return;
+        }
+
+        // Resolve relative path safely
+        final String relPath = StringUtils.removeStart(req.getPathInfo(), "/");
+        if (relPath == null) {
+            resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid path");
+            return;
+        }
+
+        final Path target = baseDir.resolve(relPath).normalize();
+        if (!target.startsWith(baseDir)) {
+            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+            return;
+        }
+
+        if (!Files.exists(target) || !Files.isRegularFile(target)) {
+            resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+            return;
+        }
+
+        // Add basic caching headers
+        if (StringUtils.isNotBlank(cacheControl)) {
+            resp.setHeader("Cache-Control", cacheControl);
+        }
+        resp.setHeader("Accept-Ranges", "bytes");
+
+        final BasicFileAttributes attrs = Files.readAttributes(target, BasicFileAttributes.class);
+        resp.setDateHeader("Last-Modified", attrs.lastModifiedTime().toMillis());
+        resp.setContentLengthLong(attrs.size());
+
+        final String mime = Files.probeContentType(target);
+        if (mime != null) {
+            resp.setContentType(mime);
+        }
+
+        try (OutputStream out = resp.getOutputStream()) {
+            Files.copy(target, out);
+        }
+    }
+}