package org.opencastproject.uiconfig;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.AccessDeniedException;
import java.nio.file.Paths;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.util.ConfigurationException;
import org.opencastproject.util.MimeTypes;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.doc.rest.RestParameter;
import org.opencastproject.util.doc.rest.RestQuery;
import org.opencastproject.util.doc.rest.RestResponse;
import org.opencastproject.util.doc.rest.RestService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
@RestService(name = "UIConfigEndpoint", title = "UI Config Endpoint", abstractText = "Serves the configuration of the UI", notes = {"All paths above are relative to the REST endpoint base (something like http://your.server/files)", "If the service is down or not working it will return a status 503, this means the the underlying service is not working and is either restarting or has failed", "A status code 500 means a general failure has occurred which is not recoverable and was not anticipated.In other words, there is a bug! You should file an error report with your server logs from the timewhen the error occurred: <a href=\"https://github.com/opencast/opencast/issues\">Opencast Issue Tracker</a>"})
/* loaded from: input_file:org/opencastproject/uiconfig/UIConfigRest.class */
public class UIConfigRest {
    private static final Logger logger = LoggerFactory.getLogger(UIConfigRest.class);
    static final String UI_CONFIG_FOLDER_PROPERTY = "org.opencastproject.uiconfig.folder";
    private static final String UI_CONFIG_FOLDER_DEFAULT = "ui-config";
    private String uiConfigFolder = "";
    private SecurityService securityService;

    protected void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public void activate(ComponentContext componentContext) throws ConfigurationException {
        this.uiConfigFolder = componentContext.getBundleContext().getProperty(UI_CONFIG_FOLDER_PROPERTY);
        if (StringUtils.isEmpty(this.uiConfigFolder)) {
            String property = componentContext.getBundleContext().getProperty("karaf.etc");
            if (StringUtils.isBlank(property)) {
                throw new ConfigurationException("org.opencastproject.uiconfig.folder not set and unable to fall back to default location based on ${karaf.etc}");
            }
            this.uiConfigFolder = new File(property, UI_CONFIG_FOLDER_DEFAULT).getAbsolutePath();
        }
        logger.info("UI configuration folder is '{}'", this.uiConfigFolder);
    }

    @GET
    @Path("{component}/{filename}")
    @Produces({"*/*"})
    @RestQuery(name = "getConfigFile", description = "Returns the requested configuration file (json, css, etc..)", pathParameters = {@RestParameter(description = "Name of the component, which the configuration file belongs to", isRequired = true, name = "component", type = RestParameter.Type.STRING), @RestParameter(description = "Name of the configuration file", isRequired = true, name = "filename", type = RestParameter.Type.STRING)}, responses = {@RestResponse(description = "the requested configuration file", responseCode = 200), @RestResponse(description = "if the configuration file doesn't exist", responseCode = 404)}, returnDescription = "")
    public Response getConfigFile(@PathParam("component") String str, @PathParam("filename") String str2) throws IOException, NotFoundException {
        String id = this.securityService.getOrganization().getId();
        File file = Paths.get(this.uiConfigFolder, id, str, str2).toFile();
        try {
            String canonicalPath = new File(this.uiConfigFolder, id).getCanonicalPath();
            String canonicalPath2 = file.getCanonicalPath();
            if (canonicalPath2.startsWith(canonicalPath)) {
                return Response.ok(new FileInputStream(file)).header("Content-Length", Long.valueOf(file.length())).header("Content-Type", MimeTypes.getMimeType(str2)).build();
            }
            logger.warn("Directory traversal prevented (trying to access '{}')", file.getPath());
            throw new AccessDeniedException(canonicalPath2);
        } catch (FileNotFoundException e) {
            logger.debug("Could not find requested configuration file '{}'", file.getPath(), e);
            throw new NotFoundException();
        }
    }
}
