saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-06-06 18:30:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update EndpointInterceptor.java

Browse Source
This commit is contained in:
Ludy87 2025-03-27 13:14:18 +01:00
parent 6529382d93
commit cb725ccf8c
No known key found for this signature in database
GPG Key ID: 92696155E0220F94
1 changed files with 68 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java
View File

@ -1,5 +1,6 @@
package stirling.software.SPDF.config; package stirling.software.SPDF.config;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.HandlerInterceptor;
@ -17,11 +18,15 @@ public class EndpointInterceptor implements HandlerInterceptor {
private final EndpointConfiguration endpointConfiguration; private final EndpointConfiguration endpointConfiguration;
private final SessionsInterface sessionsInterface; private final SessionsInterface sessionsInterface;
private boolean loginEnabled = true;
public EndpointInterceptor( public EndpointInterceptor(
EndpointConfiguration endpointConfiguration, SessionsInterface sessionsInterface) { EndpointConfiguration endpointConfiguration,
SessionsInterface sessionsInterface,
@Qualifier("loginEnabled") boolean loginEnabled) {
this.endpointConfiguration = endpointConfiguration; this.endpointConfiguration = endpointConfiguration;
this.sessionsInterface = sessionsInterface; this.sessionsInterface = sessionsInterface;
this.loginEnabled = loginEnabled;
} }
@Override @Override
@ -46,23 +51,81 @@ public class EndpointInterceptor implements HandlerInterceptor {
|| request.getRequestURI().contains("/error") || request.getRequestURI().contains("/error")
|| request.getRequestURI().contains("/session/status") || request.getRequestURI().contains("/session/status")
|| request.getRequestURI().contains("/session/expire") || request.getRequestURI().contains("/session/expire")
|| request.getRequestURI().contains("/session/expire-all") || request.getRequestURI().contains("/session/expire/")
|| request.getRequestURI().endsWith(".js") || request.getRequestURI().endsWith(".js")
|| request.getRequestURI().endsWith(".png") || request.getRequestURI().endsWith(".png")
|| request.getRequestURI().endsWith(".webmanifest") || request.getRequestURI().endsWith(".webmanifest")
|| request.getRequestURI().contains("/files/")) { || request.getRequestURI().contains("/files/")) {
return true; return true;
} else { } else {
String sessionId = session != null ? session.getId() : null; if (session == null) {
session = request.getSession(true);
}
final HttpSession finalSession = session;
String sessionId = finalSession.getId();
if (sessionId == null || !sessionsInterface.isSessionValid(sessionId)) { // Den aktuellen Benutzer (principalName) aus der Session ermitteln.
// Es wird angenommen, dass das Attribut "principalName" in der Session gesetzt
// wurde.
final String currentPrincipal =
finalSession.getAttribute("principalName") != null
? finalSession.getAttribute("principalName").toString()
: "unknown";
// Zähle alle nicht abgelaufenen Sessions des aktuellen Benutzers.
long userSessions =
sessionsInterface.getAllSessions().stream()
.filter(
s ->
!s.isExpired()
&& currentPrincipal.equals(
s.getPrincipalName()))
.count();
// Zähle alle nicht abgelaufenen Sessions in der Anwendung.
long totalSessions =
sessionsInterface.getAllSessions().stream()
.filter(s -> !s.isExpired())
.count();
log.info(
"Aktive Sessions für {}: {} (max: {}) | Gesamt: {} (max: {})",
currentPrincipal,
userSessions,
sessionsInterface.getMaxUserSessions(),
totalSessions,
sessionsInterface.getMaxApplicationSessions());
// Prüfe die Grenzen:
// Falls entweder die Benutzersessions oder die Anwendungssessions das Limit
// erreicht haben
// und die aktuelle Session noch NICHT registriert ist, dann wird ein Fehler
// zurückgegeben.
boolean isCurrentSessionRegistered =
sessionsInterface.getAllSessions().stream()
.filter(s -> !s.isExpired())
.anyMatch(s -> s.getSessionId().equals(sessionId));
if ((userSessions >= sessionsInterface.getMaxUserSessions()
|| totalSessions >= sessionsInterface.getMaxApplicationSessions())
&& !isCurrentSessionRegistered) {
response.sendError( response.sendError(
HttpServletResponse.SC_UNAUTHORIZED, HttpServletResponse.SC_UNAUTHORIZED,
"Max sessions reached for this user. To continue on this device, please close your session in another browser."); "Max sessions reached for this user. To continue on this device, please"
+ " close your session in another browser.");
return false; return false;
}
// Wenn die Session noch nicht registriert ist, registriere sie; andernfalls update
// den Last-Request.
if (!isCurrentSessionRegistered) {
log.info("Register session: {}", sessionId);
sessionsInterface.registerSession(finalSession);
} else { } else {
log.info("Update session last request: {}", sessionId);
sessionsInterface.updateSessionLastRequest(sessionId); sessionsInterface.updateSessionLastRequest(sessionId);
} }
return true;
} }
} }