diff --git a/web/app/controllers/SaveConfig.java b/web/app/controllers/SaveConfig.java
index 4c67b964b3378675f27d68a3ebd3583450aa9905..40fa61e2b2e0d9901730e1046a53f4c14cede5cd 100644
--- a/web/app/controllers/SaveConfig.java
+++ b/web/app/controllers/SaveConfig.java
@@ -13,89 +13,76 @@ import models.*;
public class SaveConfig extends Controller {
- private static String TMP_DIR = "/tmp/";
+ private static long MAX_FILE_LENGTH = 10 * 1024 * 1024;
public static Result get(String inep, String macaddr) {
try {
if (!School.checkMachineBelongsToSchool(inep, macaddr))
- return forbidden();
+ return forbidden("You do not have permission to access this file.");
}
catch (java.sql.SQLException e) {
e.printStackTrace();
- return internalServerError();
+ return internalServerError("Authentication failure.");
}
- String filename = "config_"+inep+".bz2";
- File f = new File(TMP_DIR+filename);
+ String filename = "config_"+inep+".tar.bz2";
+ InputStream in = SavedConfig.get(inep);
- if (f.exists()) {
- response().setHeader("Content-Disposition", "attachment; filename="+filename);
- return ok(f);
- }
- else
+ if (in == null)
return notFound();
+
+ response().setHeader("Content-Disposition", "attachment; filename="+filename);
+ return ok(in);
}
public static Result put(String inep, String macaddr) {
try {
if (!School.checkMachineBelongsToSchool(inep, macaddr))
- return forbidden();
+ return forbidden("You do not have permission to access this file.");
}
catch (java.sql.SQLException e) {
e.printStackTrace();
- return internalServerError();
+ return internalServerError("Authentication failure.");
}
- String filename = "config_"+inep+".bz2";
- File f = new File(TMP_DIR+filename);
-
- InputStream src = null;
- OutputStream dst = null;
-
try {
- if(!f.exists()) {
- f.createNewFile();
- }
-
MultipartFormData body = request().body().asMultipartFormData();
+
FilePart uploadPart = body.getFile("config");
- if ((uploadPart == null) || (uploadPart.getFile() == null))
- throw new Exception("failed to get file");
+ if (uploadPart == null)
+ throw new Exception("Failed to upload configuration.");
- src = new FileInputStream(uploadPart.getFile());
- dst = new FileOutputStream(f);
+ File uploadFile = uploadPart.getFile();
+ if (uploadFile == null)
+ throw new Exception("Failed to upload configuration.");
- byte[] buf = new byte[4096];
- int len;
- while ((len = src.read(buf)) > 0) {
- dst.write(buf, 0, len);
- }
+ if (uploadFile.length() > MAX_FILE_LENGTH)
+ throw new Exception("Configuration file is too large (>10MB).");
- src.close();
- dst.close();
+ InputStream src = new FileInputStream(uploadFile);
+
+ if ( ! SavedConfig.put(inep, src, uploadFile.length()) )
+ throw new Exception("Failure to save configuration to the database.");
}
catch (Exception e) {
e.printStackTrace();
- return internalServerError();
+ return internalServerError(e.getMessage());
}
- return ok("config saved");
+ return ok(); // no news is good news
}
public static Result exists(String inep, String macaddr) {
try {
if (!School.checkMachineBelongsToSchool(inep, macaddr))
- return forbidden();
+ return forbidden("You do not have permission to access this file.");
}
catch (java.sql.SQLException e) {
e.printStackTrace();
- return internalServerError();
+ return internalServerError("Authentication failure.");
}
- String filename = "config_"+inep+".bz2";
- File f = new File(TMP_DIR+filename);
-
- if (f.exists())
+ if (SavedConfig.exists(inep))
return ok("true");
else
return ok("false");
diff --git a/web/app/models/SavedConfig.java b/web/app/models/SavedConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..c279a519018d37622ebaaa070d4c1dc54c3037d9
--- /dev/null
+++ b/web/app/models/SavedConfig.java
@@ -0,0 +1,89 @@
+package models;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.sql.*;
+
+import play.db.*;
+import play.libs.Json;
+import play.cache.Cache;
+
+import org.codehaus.jackson.node.*;
+
+public class SavedConfig implements java.io.Serializable {
+ private static final long serialVersionUID = 19156549873156770L;
+
+ public static boolean put(String inep, InputStream in, long length) {
+ Connection conn = DB.getConnection("le_save_config");
+ PreparedStatement st;
+
+ try {
+ st = conn.prepareStatement(
+ "DELETE FROM school_config WHERE inep=?");
+ st.setString(1, inep);
+ st.executeUpdate();
+
+ st = conn.prepareStatement(
+ "INSERT INTO school_config (inep, config) VALUES (?,?);");
+ st.setString(1, inep);
+ st.setBinaryStream(2, in, (int) length);
+ st.executeUpdate();
+
+ st.close();
+ conn.close();
+
+ return true;
+ }
+ catch (SQLException e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public static InputStream get(String inep) {
+ Connection conn = DB.getConnection("le_save_config");
+ PreparedStatement st;
+ InputStream in = null;
+
+ try {
+ st = conn.prepareStatement(
+ "SELECT config FROM school_config WHERE inep=?;");
+ st.setString(1, inep);
+
+ ResultSet res = st.executeQuery();
+
+ if (res.next())
+ in = res.getBinaryStream(1);
+
+ st.close();
+ conn.close();
+ }
+ catch (SQLException e) {
+ e.printStackTrace();
+ }
+
+ return in;
+ }
+
+ public static boolean exists(String inep) {
+ Connection conn = DB.getConnection("le_save_config");
+ PreparedStatement st;
+ boolean ret = false;
+
+ try {
+ st = conn.prepareStatement(
+ "SELECT 1 FROM school_config WHERE inep=?;");
+ st.setString(1, inep);
+
+ ResultSet res = st.executeQuery();
+
+ if (res.next())
+ ret = true;
+ }
+ catch (SQLException e) {
+ e.printStackTrace();
+ }
+
+ return ret;
+ }
+}