Examples with UploadUnauthorized io.gravitee.rest.api.service.exceptions.UploadUnauthorized used on opensource projects

Search in sources :

Example 1 with UploadUnauthorized

use of io.gravitee.rest.api.service.exceptions.UploadUnauthorized in project gravitee-management-rest-api by gravitee-io.

the class PortalPageMediaResource method attachPortalPageMedia.

@POST
@ApiOperation(value = "Attach a media to a portal page ", notes = "User must have the ENVIRONMENT_DOCUMENTATION[UPDATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Media successfully added", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_DOCUMENTATION, acls = RolePermissionAction.UPDATE) })
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public Response attachPortalPageMedia(@Context final HttpServletRequest request, @FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body, @FormDataParam("fileName") String fileName) throws IOException {
    final String mediaId;
    if (request.getContentLength() > this.mediaService.getMediaMaxSize()) {
        throw new UploadUnauthorized("Max size is " + this.mediaService.getMediaMaxSize() + "bytes. Actual size is " + request.getContentLength() + "bytes.");
    }
    final String originalFileName = fileDetail.getFileName();
    MediaEntity mediaEntity = new MediaEntity();
    mediaEntity.setSize(fileDetail.getSize());
    mediaEntity.setType(body.getMediaType().getType());
    mediaEntity.setSubType(body.getMediaType().getSubtype());
    mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
    mediaEntity.setFileName(originalFileName);
    mediaId = mediaService.savePortalMedia(mediaEntity);
    pageService.attachMedia(page, mediaId, fileName == null ? originalFileName : fileName);
    // remove data before sending entity
    mediaEntity.setData(null);
    return Response.ok(mediaEntity).build();
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 2 with UploadUnauthorized

use of io.gravitee.rest.api.service.exceptions.UploadUnauthorized in project gravitee-management-rest-api by gravitee-io.

the class ApiPageMediaResource method attachApiPageMedia.

@POST
@ApiOperation(value = "Attach a media to an API page ", notes = "User must have the API_DOCUMENTATION[UPDATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Media successfully added", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.UPDATE) })
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public Response attachApiPageMedia(@Context final HttpServletRequest request, @FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body, @FormDataParam("fileName") final String fileName) throws IOException {
    final String mediaId;
    if (request.getContentLength() > this.mediaService.getMediaMaxSize()) {
        throw new UploadUnauthorized("Max size is " + this.mediaService.getMediaMaxSize() + "bytes. Actual size is " + request.getContentLength() + "bytes.");
    }
    final String originalFileName = fileDetail.getFileName();
    MediaEntity mediaEntity = new MediaEntity();
    mediaEntity.setSize(fileDetail.getSize());
    mediaEntity.setType(body.getMediaType().getType());
    mediaEntity.setSubType(body.getMediaType().getSubtype());
    mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
    mediaEntity.setFileName(originalFileName);
    mediaId = mediaService.saveApiMedia(api, mediaEntity);
    pageService.attachMedia(page, mediaId, fileName == null ? originalFileName : fileName);
    // remove data before sending entity
    mediaEntity.setData(null);
    return Response.ok(mediaEntity).build();
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 3 with UploadUnauthorized

use of io.gravitee.rest.api.service.exceptions.UploadUnauthorized in project gravitee-management-rest-api by gravitee-io.

the class ApiMediaResource method uploadApiMediaImage.

@POST
@ApiOperation(value = "Create a media for an API", notes = "User must have the API_DOCUMENTATION[CREATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Media successfully created", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.CREATE) })
@Path("/upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces("text/plain")
public Response uploadApiMediaImage(@FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body) throws IOException {
    final String mediaId;
    if (fileDetail.getSize() > this.mediaService.getMediaMaxSize()) {
        throw new UploadUnauthorized("Max size achieved " + fileDetail.getSize());
    } else {
        MediaEntity mediaEntity = new MediaEntity();
        mediaEntity.setSize(fileDetail.getSize());
        mediaEntity.setType(body.getMediaType().getType());
        mediaEntity.setSubType(body.getMediaType().getSubtype());
        mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
        mediaEntity.setFileName(fileDetail.getFileName());
        try {
            ImageUtils.verify(body.getMediaType().getType(), body.getMediaType().getSubtype(), mediaEntity.getData());
        } catch (InvalidImageException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity("Invalid image format").build();
        }
        mediaId = mediaService.saveApiMedia(api, mediaEntity);
    }
    return Response.status(200).entity(mediaId).build();
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) InvalidImageException(io.gravitee.rest.api.exception.InvalidImageException) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 4 with UploadUnauthorized

use of io.gravitee.rest.api.service.exceptions.UploadUnauthorized in project gravitee-management-rest-api by gravitee-io.

the class AbstractResource method checkAndScaleImage.

String checkAndScaleImage(final String encodedPicture) {
    if (encodedPicture != null) {
        // first check that the image is in a valid format to prevent from XSS attack
        checkImageFormat(encodedPicture);
        final String pictureType = encodedPicture.substring(0, encodedPicture.indexOf(','));
        final String base64Picture = encodedPicture.substring(encodedPicture.indexOf(',') + 1);
        final byte[] decodedPicture = Base64.getDecoder().decode(base64Picture);
        // then check that the image is not too big
        if (decodedPicture.length > 500_000) {
            throw new UploadUnauthorized("The image is too big");
        }
        try {
            ImageInputStream imageInputStream = ImageIO.createImageInputStream(decodedPicture);
            Iterator<ImageReader> imageReaders = ImageIO.getImageReaders(imageInputStream);
            while (imageReaders.hasNext()) {
                ImageReader reader = imageReaders.next();
                String discoveredType = reader.getFormatName();
                if ("svg".equals(discoveredType)) {
                    throw new UploadUnauthorized("SVG format is not supported");
                }
                reader.setInput(imageInputStream);
                reader.getNumImages(true);
                BufferedImage bufferedImage = reader.read(0);
                Image scaledImage = bufferedImage.getScaledInstance(200, 200, Image.SCALE_SMOOTH);
                BufferedImage bufferedScaledImage = new BufferedImage(200, 200, bufferedImage.getType());
                Graphics2D g2 = bufferedScaledImage.createGraphics();
                g2.drawImage(scaledImage, 0, 0, null);
                g2.dispose();
                ByteArrayOutputStream bos = new ByteArrayOutputStream();
                ImageIO.write(bufferedScaledImage, discoveredType, bos);
                return pictureType + "," + Base64.getEncoder().encodeToString(bos.toByteArray());
            }
        } catch (IOException e) {
            LOGGER.error(e.getMessage(), e);
            return null;
        }
    }
    return encodedPicture;
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) ImageInputStream(javax.imageio.stream.ImageInputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ImageReader(javax.imageio.ImageReader) BufferedImage(java.awt.image.BufferedImage) BufferedImage(java.awt.image.BufferedImage)

Example 5 with UploadUnauthorized

use of io.gravitee.rest.api.service.exceptions.UploadUnauthorized in project gravitee-management-rest-api by gravitee-io.

the class PortalMediaResource method uploadPortalMedia.

@POST
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_DOCUMENTATION, acls = RolePermissionAction.CREATE) })
@Path("/upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces("text/plain")
@ApiOperation(value = "Create a media for the portal", notes = "User must have the PORTAL_DOCUMENTATION[CREATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Media successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public Response uploadPortalMedia(@FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body) throws IOException {
    String mediaId;
    if (fileDetail.getSize() > this.mediaService.getMediaMaxSize()) {
        throw new UploadUnauthorized("Max size achieved " + fileDetail.getSize());
    } else {
        MediaEntity mediaEntity = new MediaEntity();
        mediaEntity.setSize(fileDetail.getSize());
        mediaEntity.setType(body.getMediaType().getType());
        mediaEntity.setSubType(body.getMediaType().getSubtype());
        mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
        mediaEntity.setFileName(fileDetail.getFileName());
        try {
            ImageUtils.verify(body.getMediaType().getType(), body.getMediaType().getSubtype(), mediaEntity.getData());
        } catch (InvalidImageException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity("Invalid image format").build();
        }
        mediaId = mediaService.savePortalMedia(mediaEntity);
    }
    return Response.status(200).entity(mediaId).build();
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) InvalidImageException(io.gravitee.rest.api.exception.InvalidImageException) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

UploadUnauthorized (io.gravitee.rest.api.service.exceptions.UploadUnauthorized)5 Permissions (io.gravitee.rest.api.management.rest.security.Permissions)4 MediaEntity (io.gravitee.rest.api.model.MediaEntity)4 InvalidImageException (io.gravitee.rest.api.exception.InvalidImageException)2 ApiOperation (io.swagger.annotations.ApiOperation)1 ApiResponses (io.swagger.annotations.ApiResponses)1 BufferedImage (java.awt.image.BufferedImage)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 ImageReader (javax.imageio.ImageReader)1 ImageInputStream (javax.imageio.stream.ImageInputStream)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial