re add jar loader

Author: SentryMan

avaje-jex/src/main/java/io/avaje/jex/AbstractStaticHandler.java

@@ -12,7 +12,7 @@
 import io.avaje.jex.http.NotFoundException;
 
 abstract sealed class AbstractStaticHandler implements ExchangeHandler
-    permits StaticFileHandler, StaticClassResourceHandler {
+    permits StaticFileHandler, PathResourceHandler, JarResourceHandler {
 
   protected final Map<String, String> mimeTypes;
   protected final String filesystemRoot;

avaje-jex/src/main/java/io/avaje/jex/StaticClassResourceHandler.java renamed to avaje-jex/src/main/java/io/avaje/jex/JarResourceHandler.java

@@ -6,13 +6,13 @@
 import java.util.Map;
 import java.util.function.Predicate;
 
-final class StaticClassResourceHandler extends AbstractStaticHandler implements ExchangeHandler {
+final class JarResourceHandler extends AbstractStaticHandler implements ExchangeHandler {
 
   private final URL indexFile;
   private final URL singleFile;
   private final ClassResourceLoader resourceLoader;
 
-  StaticClassResourceHandler(
+  JarResourceHandler(
       String urlPrefix,
       String filesystemRoot,
       Map<String, String> mimeTypes,

avaje-jex/src/main/java/io/avaje/jex/PathResourceHandler.java

@@ -0,0 +1,92 @@
+package io.avaje.jex;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Map;
+import java.util.function.Predicate;
+
+import io.avaje.jex.spi.SpiContext;
+
+final class PathResourceHandler extends AbstractStaticHandler implements ExchangeHandler {
+
+  private final Path indexFile;
+  private final Path singleFile;
+
+  PathResourceHandler(
+      String urlPrefix,
+      String filesystemRoot,
+      Map<String, String> mimeTypes,
+      Map<String, String> headers,
+      Predicate<Context> skipFilePredicate,
+      Path indexFile,
+      Path singleFile) {
+    super(urlPrefix, filesystemRoot, mimeTypes, headers, skipFilePredicate);
+
+    this.indexFile = indexFile;
+    this.singleFile = singleFile;
+  }
+
+  @Override
+  public void handle(Context ctx) throws IOException {
+
+    if (singleFile != null) {
+      sendPathIS(ctx, singleFile.toString(), singleFile);
+      return;
+    }
+
+    final var jdkExchange = ctx.exchange();
+    if (skipFilePredicate.test(ctx)) {
+      throw404(jdkExchange);
+    }
+
+    final String wholeUrlPath = jdkExchange.getRequestURI().getPath();
+
+    if (wholeUrlPath.endsWith("/") || wholeUrlPath.equals(urlPrefix)) {
+      sendPathIS(ctx, indexFile.toString(), indexFile);
+
+      return;
+    }
+
+    final String urlPath = wholeUrlPath.substring(urlPrefix.length());
+
+    Path path;
+    try {
+      path = Path.of(filesystemRoot, urlPath).toRealPath();
+
+    } catch (final IOException e) {
+      // This may be more benign (i.e. not an attack, just a 403),
+      // but we don't want an attacker to be able to discern the difference.
+      reportPathTraversal();
+      return;
+    }
+
+    final String canonicalPath = path.toString();
+    if (!canonicalPath.startsWith(filesystemRoot)) {
+      reportPathTraversal();
+    }
+
+    sendPathIS(ctx, urlPath, path);
+  }
+
+  private void sendPathIS(Context ctx, String urlPath, Path path) throws IOException {
+    final var exchange = ctx.exchange();
+    final String mimeType = lookupMime(urlPath);
+    ctx.header("Content-Type", mimeType);
+    ctx.headers(headers);
+
+    try (var fis = Files.newInputStream(path);
+        var os = exchange.getResponseBody()) {
+      var spiCtx = (SpiContext) ctx;
+
+      if (!spiCtx.compressionEnabled()) {
+        exchange.sendResponseHeaders(200, Files.size(path));
+        fis.transferTo(os);
+      } else {
+        spiCtx.write(fis);
+      }
+    } catch (final Exception e) {
+      throw404(ctx.exchange());
+    }
+  }
+}

avaje-jex/src/main/java/io/avaje/jex/StaticFileHandler.java

@@ -9,6 +9,8 @@
 
 import com.sun.net.httpserver.HttpExchange;
 
+import io.avaje.jex.spi.SpiContext;
+
 final class StaticFileHandler extends AbstractStaticHandler implements ExchangeHandler {
 
   private final File indexFile;
@@ -77,7 +79,15 @@ private void sendFile(Context ctx, HttpExchange jdkExchange, String urlPath, Fil
       String mimeType = lookupMime(urlPath);
       ctx.header("Content-Type", mimeType);
       ctx.headers(headers);
-      ctx.write(fis);
+      var spiCtx = (SpiContext) ctx;
+
+      if (!spiCtx.compressionEnabled()) {
+        jdkExchange.sendResponseHeaders(200, canonicalFile.length());
+        fis.transferTo(jdkExchange.getResponseBody());
+      } else {
+        spiCtx.write(fis);
+      }
+
     } catch (FileNotFoundException e) {
       throw404(jdkExchange);
     }

avaje-jex/src/main/java/io/avaje/jex/StaticResourceHandlerBuilder.java

@@ -3,7 +3,11 @@
 import static io.avaje.jex.ResourceLocation.CLASS_PATH;
 
 import java.io.File;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -16,12 +20,13 @@ final class StaticResourceHandlerBuilder implements StaticContentConfig {
   private static final String DIRECTORY_INDEX_FAILURE =
       "Failed to locate Directory Index Resource: ";
   private static final Predicate<Context> NO_OP_PREDICATE = ctx -> false;
-  private static final ClassResourceLoader DEFAULT_LOADER = new DefaultResourceLoader();
+  private static final ClassResourceLoader DEFALT_LOADER =
+      ClassResourceLoader.fromClass(StaticResourceHandlerBuilder.class);
 
   private String path = "/";
   private String root = "/public/";
   private String directoryIndex = null;
-  private ClassResourceLoader resourceLoader = DEFAULT_LOADER;
+  private ClassResourceLoader resourceLoader = DEFALT_LOADER;
   private final Map<String, String> mimeTypes = new HashMap<>();
   private final Map<String, String> headers = new HashMap<>();
   private Predicate<Context> skipFilePredicate = NO_OP_PREDICATE;
@@ -153,17 +158,71 @@ private ExchangeHandler fileLoader(Function<String, File> fileLoader) {
   }
 
   private ExchangeHandler classPathHandler() {
+    Function<String, URL> urlFunc = resourceLoader::loadResource;
 
-    URL dirIndex = null;
-    URL singleFile = null;
+    Function<String, URI> loaderFunc = urlFunc.andThen(this::toURI);
+    String fsRoot;
+    Path dirIndex = null;
+    Path singleFile = null;
     if (directoryIndex != null) {
-      dirIndex = resourceLoader.loadResource(root.transform(this::appendSlash) + directoryIndex);
+      try {
+        var uri = loaderFunc.apply(root.transform(this::appendSlash) + directoryIndex);
+
+        if ("jar".equals(uri.getScheme())) {
+
+          var url = uri.toURL();
+          return jarLoader(url.toString().transform(this::getJARRoot), url, null);
+        }
+        dirIndex = Paths.get(uri).toRealPath();
+        fsRoot = Paths.get(uri).getParent().toString();
 
+      } catch (Exception e) {
+
+        throw new IllegalStateException(
+            DIRECTORY_INDEX_FAILURE + root.transform(this::appendSlash) + directoryIndex, e);
+      }
     } else {
-      singleFile = resourceLoader.loadResource(root);
+      try {
+        var uri = loaderFunc.apply(root);
+
+        if ("jar".equals(uri.getScheme())) {
+
+          var url = uri.toURL();
+
+          return jarLoader(url.toString().transform(this::getJARRoot), null, uri.toURL());
+        }
+
+        singleFile = Paths.get(uri).toRealPath();
+
+        fsRoot = singleFile.getParent().toString();
+
+      } catch (Exception e) {
+
+        throw new IllegalStateException(FAILED_TO_LOCATE_FILE + root, e);
+      }
     }
 
-    return new StaticClassResourceHandler(
-        path, root, mimeTypes, headers, skipFilePredicate, resourceLoader, dirIndex, singleFile);
+    return new PathResourceHandler(
+        path, fsRoot, mimeTypes, headers, skipFilePredicate, dirIndex, singleFile);
+  }
+
+  private String getJARRoot(String s) {
+    return s.substring(0, s.lastIndexOf("/")).substring(s.indexOf("jar!") + 4);
+  }
+
+  private ExchangeHandler jarLoader(String fsRoot, URL dirIndex, URL singleFile) {
+
+    return new JarResourceHandler(
+        path, fsRoot, mimeTypes, headers, skipFilePredicate, resourceLoader, dirIndex, singleFile);
+  }
+
+  private URI toURI(URL url) {
+
+    try {
+
+      return url.toURI();
+    } catch (URISyntaxException e) {
+      throw new IllegalStateException(e);
+    }
   }
 }

avaje-jex/src/main/java/io/avaje/jex/jdk/JdkContext.java

@@ -502,4 +502,9 @@ private static BasicAuthCredentials getBasicAuthCredentials(String authorization
 
     return new BasicAuthCredentials(credentials[0], credentials[1]);
   }
+
+  @Override
+  public boolean compressionEnabled() {
+    return compressionConfig.compressionEnabled();
+  }
 }

avaje-jex/src/main/java/io/avaje/jex/spi/SpiContext.java

@@ -2,6 +2,7 @@
 
 import io.avaje.jex.Context;
 import io.avaje.jex.Routing;
+import io.avaje.jex.compression.CompressionConfig;
 
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -18,6 +19,9 @@ public interface SpiContext extends Context {
   String APPLICATION_JSON = "application/json";
   String APPLICATION_X_JSON_STREAM = "application/x-json-stream";
 
+  /** Return whether compression is enabled. */
+  boolean compressionEnabled();
+
   /**
    * Return the response outputStream to write content to.
    */