Update EndpointInterceptor.java

2025-04-19 11:11:18 +00:00 · 2025-03-27 13:14:18 +01:00 · 2025-03-27 13:14:18 +01:00 · cb725ccf8c
commit cb725ccf8c
parent 6529382d93
1 changed files with 68 additions and 5 deletions
--- a/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java
+++ b/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java
@ -1,5 +1,6 @@
 package stirling.software.SPDF.config;

+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;

@ -17,11 +18,15 @@ public class EndpointInterceptor implements HandlerInterceptor {

    private final EndpointConfiguration endpointConfiguration;
    private final SessionsInterface sessionsInterface;
+    private boolean loginEnabled = true;

    public EndpointInterceptor(
-            EndpointConfiguration endpointConfiguration, SessionsInterface sessionsInterface) {
+            EndpointConfiguration endpointConfiguration,
+            SessionsInterface sessionsInterface,
+            @Qualifier("loginEnabled") boolean loginEnabled) {
        this.endpointConfiguration = endpointConfiguration;
        this.sessionsInterface = sessionsInterface;
+        this.loginEnabled = loginEnabled;
    }

    @Override
@ -46,23 +51,81 @@ public class EndpointInterceptor implements HandlerInterceptor {
                    || request.getRequestURI().contains("/error")
                    || request.getRequestURI().contains("/session/status")
                    || request.getRequestURI().contains("/session/expire")
-                    || request.getRequestURI().contains("/session/expire-all")
+                    || request.getRequestURI().contains("/session/expire/")
                    || request.getRequestURI().endsWith(".js")
                    || request.getRequestURI().endsWith(".png")
                    || request.getRequestURI().endsWith(".webmanifest")
                    || request.getRequestURI().contains("/files/")) {
                return true;
            } else {
-                String sessionId = session != null ? session.getId() : null;
+                if (session == null) {
+                    session = request.getSession(true);
+                }
+                final HttpSession finalSession = session;
+                String sessionId = finalSession.getId();

-                if (sessionId == null || !sessionsInterface.isSessionValid(sessionId)) {
+                // Den aktuellen Benutzer (principalName) aus der Session ermitteln.
+                // Es wird angenommen, dass das Attribut "principalName" in der Session gesetzt
+                // wurde.
+                final String currentPrincipal =
+                        finalSession.getAttribute("principalName") != null
+                                ? finalSession.getAttribute("principalName").toString()
+                                : "unknown";
+
+                // Zähle alle nicht abgelaufenen Sessions des aktuellen Benutzers.
+                long userSessions =
+                        sessionsInterface.getAllSessions().stream()
+                                .filter(
+                                        s ->
+                                                !s.isExpired()
+                                                        && currentPrincipal.equals(
+                                                                s.getPrincipalName()))
+                                .count();
+
+                // Zähle alle nicht abgelaufenen Sessions in der Anwendung.
+                long totalSessions =
+                        sessionsInterface.getAllSessions().stream()
+                                .filter(s -> !s.isExpired())
+                                .count();
+
+                log.info(
+                        "Aktive Sessions für {}: {} (max: {}) | Gesamt: {} (max: {})",
+                        currentPrincipal,
+                        userSessions,
+                        sessionsInterface.getMaxUserSessions(),
+                        totalSessions,
+                        sessionsInterface.getMaxApplicationSessions());
+
+                // Prüfe die Grenzen:
+                // Falls entweder die Benutzersessions oder die Anwendungssessions das Limit
+                // erreicht haben
+                // und die aktuelle Session noch NICHT registriert ist, dann wird ein Fehler
+                // zurückgegeben.
+                boolean isCurrentSessionRegistered =
+                        sessionsInterface.getAllSessions().stream()
+                                .filter(s -> !s.isExpired())
+                                .anyMatch(s -> s.getSessionId().equals(sessionId));
+
+                if ((userSessions >= sessionsInterface.getMaxUserSessions()
+                                || totalSessions >= sessionsInterface.getMaxApplicationSessions())
+                        && !isCurrentSessionRegistered) {
                    response.sendError(
                            HttpServletResponse.SC_UNAUTHORIZED,
-                            "Max sessions reached for this user. To continue on this device, please close your session in another browser.");
+                            "Max sessions reached for this user. To continue on this device, please"
+                                    + " close your session in another browser.");
                    return false;
+                }
+
+                // Wenn die Session noch nicht registriert ist, registriere sie; andernfalls update
+                // den Last-Request.
+                if (!isCurrentSessionRegistered) {
+                    log.info("Register session: {}", sessionId);
+                    sessionsInterface.registerSession(finalSession);
                } else {
+                    log.info("Update session last request: {}", sessionId);
                    sessionsInterface.updateSessionLastRequest(sessionId);
                }
+                return true;
            }
        }