Do not serve index.html for logfile/heapdump

fixes #1338

Author: joshiste

spring-boot-admin-server-ui/package-lock.json

@@ -16,10 +16,10 @@
     "@fortawesome/vue-fontawesome": "^0.1.9",
     "ansi_up": "^4.0.4",
     "autolinker": "^3.11.1",
-    "axios": "^0.19.0",
+    "axios": "^0.19.1",
     "bulma": "^0.8.0",
     "bulma-badge": "^3.0.1",
-    "core-js": "^3.6.0",
+    "core-js": "^3.6.3",
     "d3-array": "^2.4.0",
     "d3-axis": "^1.0.12",
     "d3-brush": "^1.1.5",
@@ -35,29 +35,29 @@
     "popper.js": "^1.16.0",
     "pretty-bytes": "^5.3.0",
     "resize-observer-polyfill": "^1.5.1",
-    "rxjs": "^6.5.3",
+    "rxjs": "^6.5.4",
     "vue": "^2.6.11",
     "vue-clickaway2": "^2.3.1",
     "vue-i18n": "^8.15.3",
     "vue-infinite-loading": "^2.4.4",
     "vue-router": "^3.1.2"
   },
   "devDependencies": {
-    "@vue/cli-plugin-babel": "^4.1.1",
-    "@vue/cli-plugin-eslint": "^4.1.1",
-    "@vue/cli-plugin-unit-jest": "^4.1.1",
-    "@vue/cli-service": "^4.1.1",
+    "@vue/cli-plugin-babel": "^4.1.2",
+    "@vue/cli-plugin-eslint": "^4.1.2",
+    "@vue/cli-plugin-unit-jest": "^4.1.2",
+    "@vue/cli-service": "^4.1.2",
     "@vue/eslint-config-standard": "^4.0.0",
     "@vue/test-utils": "^1.0.0-beta.30",
     "babel-core": "7.0.0-bridge.0",
     "babel-eslint": "^10.0.3",
     "babel-jest": "^24.9.0",
     "eslint": "^6.8.0",
-    "eslint-plugin-vue": "^6.0.1",
+    "eslint-plugin-vue": "^6.1.2",
     "html-loader": "^0.5.5",
     "jest": "^24.9.0",
     "node-sass": "^4.13.0",
-    "sass-loader": "^8.0.0",
+    "sass-loader": "^8.0.1",
     "vue-template-compiler": "^2.6.11",
     "webpack-bundle-analyzer": "^3.6.0"
   },

spring-boot-admin-server-ui/package.json

@@ -60,6 +60,9 @@ public class AdminServerUiAutoConfiguration {
 	private static final List<String> DEFAULT_UI_ROUTES = asList("/about/**", "/applications/**", "/instances/**",
 			"/journal/**", "/wallboard/**", "/external/**");
 
+	private static final List<String> DEFAULT_UI_EXCLUDED_ROUTE = asList("/instances/*/actuator/heapdump",
+			"/instances/*/actuator/logfile");
+
 	private final AdminServerUiProperties adminUi;
 
 	private final AdminServerProperties adminServer;
@@ -152,7 +155,8 @@ public de.codecentric.boot.admin.server.ui.web.reactive.HomepageForwardingFilter
 				List<String> routes = Stream.concat(DEFAULT_UI_ROUTES.stream(), extensionRoutes.stream())
 						.map(this.adminServer::path).collect(Collectors.toList());
 				String homepage = this.adminServer.path("/");
-				return new de.codecentric.boot.admin.server.ui.web.reactive.HomepageForwardingFilter(homepage, routes);
+				return new de.codecentric.boot.admin.server.ui.web.reactive.HomepageForwardingFilter(homepage, routes,
+						DEFAULT_UI_EXCLUDED_ROUTE);
 			}
 
 		}
@@ -197,7 +201,8 @@ public de.codecentric.boot.admin.server.ui.web.servlet.HomepageForwardingFilter
 				List<String> routes = Stream.concat(DEFAULT_UI_ROUTES.stream(), extensionRoutes.stream())
 						.map(this.adminServer::path).collect(Collectors.toList());
 				String homepage = this.adminServer.path("/");
-				return new de.codecentric.boot.admin.server.ui.web.servlet.HomepageForwardingFilter(homepage, routes);
+				return new de.codecentric.boot.admin.server.ui.web.servlet.HomepageForwardingFilter(homepage, routes,
+						DEFAULT_UI_EXCLUDED_ROUTE);
 			}
 
 		}

spring-boot-admin-server-ui/src/main/java/de/codecentric/boot/admin/server/ui/config/AdminServerUiAutoConfiguration.java

@@ -27,17 +27,21 @@
 
 public class HomepageForwardingMatcher<T> implements Predicate<T> {
 
-	private final List<Pattern> routes;
+	private final List<Pattern> includeRoutes;
+
+	private final List<Pattern> excludeRoutes;
 
 	private final Function<T, String> methodAccessor;
 
 	private final Function<T, String> pathAccessor;
 
 	private final Function<T, List<MediaType>> acceptsAccessor;
 
-	public HomepageForwardingMatcher(List<String> routes, Function<T, String> methodAccessor,
-			Function<T, String> pathAccessor, Function<T, List<MediaType>> acceptsAccessor) {
-		this.routes = toPatterns(routes);
+	public HomepageForwardingMatcher(List<String> includeRoutes, List<String> excludeRoutes,
+			Function<T, String> methodAccessor, Function<T, String> pathAccessor,
+			Function<T, List<MediaType>> acceptsAccessor) {
+		this.includeRoutes = toPatterns(includeRoutes);
+		this.excludeRoutes = toPatterns(excludeRoutes);
 		this.methodAccessor = methodAccessor;
 		this.pathAccessor = pathAccessor;
 		this.acceptsAccessor = acceptsAccessor;
@@ -48,16 +52,18 @@ public boolean test(T request) {
 			return false;
 		}
 
-		if (this.routes.stream().noneMatch((p) -> p.matcher(this.pathAccessor.apply(request)).matches())) {
+		String path = this.pathAccessor.apply(request);
+		if (this.excludeRoutes.stream().anyMatch((p) -> p.matcher(path).matches())
+				|| this.includeRoutes.stream().noneMatch((p) -> p.matcher(path).matches())) {
 			return false;
 		}
 
 		return this.acceptsAccessor.apply(request).stream().anyMatch((t) -> t.includes(MediaType.TEXT_HTML));
 	}
 
 	private List<Pattern> toPatterns(List<String> routes) {
-		return routes.stream().map((r) -> "^" + r.replaceAll("/[*][*]", "(/.*)?") + "$").map(Pattern::compile)
-				.collect(Collectors.toList());
+		return routes.stream().map((r) -> "^" + r.replaceAll("/[*][*]", "(/.*)?").replaceAll("/[*]/", "/[^/]+/") + "$")
+				.map(Pattern::compile).collect(Collectors.toList());
 	}
 
 }

spring-boot-admin-server-ui/src/main/java/de/codecentric/boot/admin/server/ui/web/HomepageForwardingMatcher.java

@@ -36,9 +36,9 @@ public class HomepageForwardingFilter implements WebFilter {
 
 	private final HomepageForwardingMatcher<ServerHttpRequest> matcher;
 
-	public HomepageForwardingFilter(String homepage, List<String> routes) {
+	public HomepageForwardingFilter(String homepage, List<String> routeIncludes, List<String> routeExcludes) {
 		this.homepage = homepage;
-		this.matcher = new HomepageForwardingMatcher<>(routes, ServerHttpRequest::getMethodValue,
+		this.matcher = new HomepageForwardingMatcher<>(routeIncludes, routeExcludes, ServerHttpRequest::getMethodValue,
 				(r) -> r.getPath().pathWithinApplication().toString(), (r) -> r.getHeaders().getAccept());
 	}
 

spring-boot-admin-server-ui/src/main/java/de/codecentric/boot/admin/server/ui/web/reactive/HomepageForwardingFilter.java

@@ -49,10 +49,10 @@ public class HomepageForwardingFilter implements Filter {
 
 	private final HomepageForwardingMatcher<HttpServletRequest> matcher;
 
-	public HomepageForwardingFilter(String homepage, List<String> routes) {
+	public HomepageForwardingFilter(String homepage, List<String> routes, List<String> excludedRoutes) {
 		this.homepage = homepage;
 		UrlPathHelper urlPathHelper = new UrlPathHelper();
-		this.matcher = new HomepageForwardingMatcher<>(routes, HttpServletRequest::getMethod,
+		this.matcher = new HomepageForwardingMatcher<>(routes, excludedRoutes, HttpServletRequest::getMethod,
 				urlPathHelper::getPathWithinApplication,
 				(r) -> MediaType.parseMediaTypes(r.getHeader(HttpHeaders.ACCEPT)));
 	}

spring-boot-admin-server-ui/src/main/java/de/codecentric/boot/admin/server/ui/web/servlet/HomepageForwardingFilter.java

@@ -17,6 +17,7 @@
 package de.codecentric.boot.admin.server.ui;
 
 import org.junit.Test;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
@@ -44,6 +45,17 @@ public void should_return_index() {
 		//@formatter:on
 	}
 
+	@Test
+	public void should_not_return_index_for_logfile() {
+		//@formatter:off
+		this.webClient.get()
+						.uri("/instances/a973ff14be49/actuator/logfile")
+						.accept(MediaType.TEXT_HTML, MediaType.ALL)
+						.exchange()
+						.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);
+		//@formatter:on
+	}
+
 	@Test
 	public void should_return_api() {
 		//@formatter:off

spring-boot-admin-server-ui/src/test/java/de/codecentric/boot/admin/server/ui/AbstractAdminUiApplicationTest.java

@@ -28,7 +28,8 @@
 public class HomepageForwardingMatcherTest {
 
 	private final HomepageForwardingMatcher<MockRequest> matcher = new HomepageForwardingMatcher<>(
-			singletonList("/viewRoute/**"), MockRequest::getMethod, MockRequest::getPath, MockRequest::getAccepts);
+			singletonList("/viewRoute/**"), singletonList("/viewRoute/*/exclude"), MockRequest::getMethod,
+			MockRequest::getPath, MockRequest::getAccepts);
 
 	@Test
 	public void should_return_false_when_method_is_not_get() {
@@ -47,6 +48,13 @@ public void should_return_false_when_accepts_does_not_match() {
 				.isFalse();
 	}
 
+	@Test
+	public void should_return_false_when_path_is_excluded() {
+		assertThat(this.matcher
+				.test(new MockRequest("GET", "/viewRoute/12345/exclude", singletonList(MediaType.TEXT_HTML))))
+						.isFalse();
+	}
+
 	@Test
 	public void should_return_true() {
 		assertThat(this.matcher