file download and other fixes

Author: sujoykd

src/main/frontend/assets/images/icons8-download-from-the-cloud.svg

@@ -24,7 +24,7 @@ export default function BreadCrumbs({path}: BreadcrumbProps) {
     const breadcrumbNavigateRoot = () => navigate("/browser");
 
     return <>
-        <div className="flex flex-row items-start gap-s pb-m">
+        <div className="flex flex-row flex-wrap items-start gap-s pb-m">
             <span className="breadcrumb" title="/">
                 <Icon src={folderIcon} onClick={() => breadcrumbNavigateRoot()}/>
                 <span className="ml-s text-secondary">/</span>

src/main/frontend/components/BreadCrumbs.tsx

@@ -2,16 +2,18 @@ import {ViewConfig} from "@vaadin/hilla-file-router/types.js";
 import {FileBrowserService} from "Frontend/generated/endpoints";
 import {useSignal} from "@vaadin/hilla-react-signals";
 import FileItem from "Frontend/generated/pro/homedns/filebrowser/model/FileItem";
-import {Grid, GridSortColumn, Icon} from "@vaadin/react-components";
+import {Grid, GridColumn, GridSortColumn, Icon} from "@vaadin/react-components";
 import {useEffect} from "react";
 
 import folderIcon from "@icons/icons8-folder.svg?url";
 import fileIcon from "@icons/icons8-file.svg?url";
+import downloadImage from "@images/icons8-download-from-the-cloud.svg?url";
 
 import {useNavigate, useParams} from "react-router";
 import BreadCrumbs from "Frontend/components/BreadCrumbs";
 import {formatDate} from "Frontend/util/dateFormat";
 
+
 export const config: ViewConfig = {
     title: 'File Browser',
     loginRequired: true,
@@ -37,7 +39,7 @@ export default function FileBrowserView() {
         <BreadCrumbs path={wildcardPath}/>
 
         <Grid items={fileItems.value}>
-            <GridSortColumn path="displayName" header="Name" renderer={
+            <GridSortColumn resizable path="displayName" header="Name" renderer={
                 ({item}) => (
                     <div className="flex gap-s items-center"
                          onClick={() => visitItem(item)}
@@ -47,16 +49,28 @@ export default function FileBrowserView() {
                     </div>
                 )}
             />
-            <GridSortColumn path="fileSize" header="Size" renderer={
+            <GridSortColumn resizable path="fileSize" header="Size" renderer={
                 ({item}) => (
                     <span className="text-s text-secondary">{item.fileSize}</span>
                 )}
             />
-            <GridSortColumn path="lastModifiedOn" header="Last Modified On" renderer={
+            <GridSortColumn resizable path="lastModifiedOn" header="Last Modified On" renderer={
                 ({item}) => (
                     <span className="text-s text-secondary">{formatDate(item.lastModifiedOn)}</span>
                 )}
             />
+            <GridColumn resizable frozenToEnd renderer={
+                ({item}) => (
+                    <>
+                        {item.directory ?
+                            <></> :
+                            <a href={`/download/${item.path}`} download>
+                                <img src={downloadImage} width="32" alt="Vaadin logo"/>
+                            </a>
+                        }
+                    </>
+                )}
+            />
         </Grid>
     </>;
 }

src/main/frontend/views/browser/{...path}.tsx

@@ -40,6 +40,9 @@ public class SecurityConfig extends VaadinWebSecurity {
     @Override
     protected void configure(final HttpSecurity http) throws Exception {
         http.oauth2Login(Customizer.withDefaults());
+
+        http.authorizeHttpRequests(authorize -> authorize.requestMatchers("/download/**").authenticated());
+
         super.configure(http);
     }
 

src/main/java/pro/homedns/filebrowser/config/SecurityConfig.java

@@ -0,0 +1,45 @@
+package pro.homedns.filebrowser.hilla;
+
+import java.io.IOException;
+
+import lombok.extern.log4j.Log4j2;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ByteArrayResource;
+import org.springframework.core.io.Resource;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+import pro.homedns.filebrowser.service.FileService;
+
+@Log4j2
+@RestController
+public class FileDownloadEndpoint {
+
+    private final FileService fileService;
+
+    @Autowired
+    public FileDownloadEndpoint(final FileService fileService) {
+        this.fileService = fileService;
+    }
+
+    @RequestMapping(value = "/download/{*filePath}", method = RequestMethod.GET)
+    public ResponseEntity<Resource> downloadFile(@PathVariable String filePath) {
+        final var normalizedFilePath = filePath.replaceFirst("^/", "");
+
+        try {
+            final var fileDownloadData = fileService.downloadFile(normalizedFilePath);
+            final var file = new ByteArrayResource(fileDownloadData.content());
+
+            return ResponseEntity.ok()
+                    .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + fileDownloadData.name() + "\"")
+                    .body(file);
+        } catch (IOException | IllegalArgumentException | SecurityException ex) {
+            log.error(ex.getMessage(), ex);
+        }
+
+        return ResponseEntity.notFound().build();
+    }
+}

src/main/java/pro/homedns/filebrowser/hilla/FileDownloadEndpoint.java

@@ -0,0 +1,4 @@
+package pro.homedns.filebrowser.model;
+
+public record FileDownloadData(String name, byte[] content) {
+}

src/main/java/pro/homedns/filebrowser/model/FileDownloadData.java

@@ -12,6 +12,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import pro.homedns.filebrowser.config.ApplicationProperties;
+import pro.homedns.filebrowser.model.FileDownloadData;
 import pro.homedns.filebrowser.model.FileItem;
 
 @Log4j2
@@ -61,4 +62,22 @@ public List<FileItem> getItems(final String pathString) {
         }
         return Collections.emptyList();
     }
+
+    public FileDownloadData downloadFile(String pathString) throws IOException {
+        final var rootPath = applicationProperties.root();
+        final var normalizedPath = rootPath.resolve(pathString).normalize();
+
+        if (!normalizedPath.startsWith(rootPath)) {
+            throw new SecurityException("Invalid file path: path traversal attempt detected.");
+        }
+
+        if (normalizedPath.toFile().isDirectory()) {
+            throw new IllegalArgumentException("Invalid file path: directory download not supported.");
+        }
+
+        final var content = Files.readAllBytes(normalizedPath);
+        final var name = normalizedPath.getFileName().toString();
+
+        return new FileDownloadData(name, content);
+    }
 }

src/main/java/pro/homedns/filebrowser/service/FileService.java

@@ -33,6 +33,9 @@
       "@icons/*": [
         "assets/icons/*"
       ],
+      "@images/*": [
+        "assets/images/*"
+      ],
       "Frontend/*": [
         "*"
       ]