WelcomeController.java example

Explorer

arsnova-backend-master
- src
  - main
    - java
      - de
        thm
        arsnova
        CASLogoutSuccessHandler.java
        CasUserDetailsService.java
        FeedbackStorage.java
        ImageUtils.java
        LoginAuthenticationFailureHandler.java
        LoginAuthenticationSucessHandler.java
        PaginationListDecorator.java
        aop
        RangeAspect.java
        UserSessionAspect.java
        package-info.java
        cache
        CacheBustListener.java
        CacheBuster.java
        ICacheBuster.java
        ScheduledCacheBuster.java
        package-info.java
        config
        AppConfig.java
        SecurityConfig.java
        package-info.java
        controller
        AbstractController.java
        AbstractControllerExceptionHandler.java
        AudienceQuestionController.java
        ConfigurationController.java
        ControllerExceptionHandler.java
        CourseController.java
        DefaultControllerExceptionHandler.java
        FeedbackController.java
        LecturerQuestionController.java
        LegacyController.java
        LoginController.java
        MotdController.java
        PaginationController.java
        SessionController.java
        SocketController.java
        StatisticsController.java
        UserController.java
        WelcomeController.java
        package-info.java
        dao
        CouchDBDao.java
        IDatabaseDao.java
        package-info.java
        domain
        CourseScore.java
        ILearningProgressFactory.java
        LearningProgress.java
        LearningProgressFactory.java
        LearningProgressListener.java
        PointBasedLearningProgress.java
        QuestionBasedLearningProgress.java
        QuestionScore.java
        UserScore.java
        VariantLearningProgress.java
        package-info.java
        entities
        Answer.java
        Authorize.java
        DbUser.java
        Feedback.java
        InterposedQuestion.java
        InterposedReadingCount.java
        LearningProgressOptions.java
        LogEntry.java
        LoggedIn.java
        Motd.java
        MotdList.java
        PossibleAnswer.java
        Question.java
        ServiceDescription.java
        Session.java
        SessionFeature.java
        SessionInfo.java
        Statistics.java
        User.java
        VisitedSession.java
        package-info.java
        transport
        Answer.java
        AnswerQueueElement.java
        ImportExportSession.java
        InterposedQuestion.java
        LearningProgressOptions.java
        LearningProgressValues.java
        package-info.java
        events
        ChangeLearningProgressEvent.java
        DeleteAllLectureAnswersEvent.java
        DeleteAllPreparationAnswersEvent.java
        DeleteAllQuestionsAnswersEvent.java
        DeleteAllQuestionsEvent.java
        DeleteAnswerEvent.java
        DeleteFeedbackForSessionsEvent.java
        DeleteInterposedQuestionEvent.java
        DeleteQuestionEvent.java
        DeleteSessionEvent.java
        FeatureChangeEvent.java
        FlipFlashcardsEvent.java
        LockFeedbackEvent.java
        LockQuestionEvent.java
        LockQuestionsEvent.java
        LockVoteEvent.java
        LockVotesEvent.java
        NewAnswerEvent.java
        NewFeedbackEvent.java
        NewInterposedQuestionEvent.java
        NewQuestionEvent.java
        NewSessionEvent.java
        NovaEvent.java
        NovaEventVisitor.java
        PiRoundCancelEvent.java
        PiRoundDelayedStartEvent.java
        PiRoundEndEvent.java
        PiRoundResetEvent.java
        SessionEvent.java
        StatusSessionEvent.java
        UnlockQuestionEvent.java
        UnlockQuestionsEvent.java
        UnlockVoteEvent.java
        UnlockVotesEvent.java
        package-info.java
        exceptions
        BadRequestException.java
        ForbiddenException.java
        NoContentException.java
        NotFoundException.java
        NotImplementedException.java
        PayloadTooLargeException.java
        PreconditionFailedException.java
        UnauthorizedException.java
        package-info.java
        package-info.java
        security
        ApplicationPermissionEvaluator.java
        CustomLdapUserDetailsMapper.java
        DbUserDetailsService.java
        package-info.java
        services
        FeedbackService.java
        IFeedbackService.java
        IMotdService.java
        IQuestionService.java
        ISessionService.java
        IStatisticsService.java
        IUserService.java
        MotdService.java
        QuestionService.java
        ResponseProviderService.java
        ResponseProviderServiceImpl.java
        SessionService.java
        StatisticsService.java
        UserService.java
        UserSessionService.java
        UserSessionServiceImpl.java
        package-info.java
        socket
        ARSnovaSocket.java
        ARSnovaSocketIOServer.java
        ARSnovaSocketListener.java
        message
        Feedback.java
        Question.java
        Session.java
        package-info.java
        package-info.java
        web
        CacheControl.java
        CacheControlInterceptorHandler.java
        CorsFilter.java
        DeprecatedApi.java
        DeprecatedApiInterceptorHandler.java
        Pagination.java
        ResponseInterceptorHandler.java
        package-info.java
      - org
        stagemonitor
        core
        metrics
        MonitorGauges.java
  - test
    - java
      - de
        thm
        arsnova
        ImageUtilsTest.java
        config
        AppConfigTest.java
        TestAppConfig.java
        TestSecurityConfig.java
        controller
        AbstractControllerTest.java
        CourseControllerTest.java
        FeedbackControllerTest.java
        LecturerQuestionControllerTest.java
        LoginControllerTest.java
        SessionControllerTest.java
        StatisticsControllerTest.java
        dao
        StubDatabaseDao.java
        domain
        PointBasedLearningProgressTest.java
        QuestionBasedLearningProgressTest.java
        entities
        FeedbackTest.java
        QuestionTest.java
        TestUser.java
        services
        FeedbackServiceTest.java
        QuestionServiceTest.java
        SessionServiceTest.java
        StubUserService.java
        UserServiceTest.java

/*
 * This file is part of ARSnova Backend.
 * Copyright (C) 2012-2017 The ARSnova Team
 *
 * ARSnova Backend is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * ARSnova Backend is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package de.thm.arsnova.controller;

import de.thm.arsnova.exceptions.BadRequestException;
import de.thm.arsnova.exceptions.NoContentException;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.view.RedirectView;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

/**
 * Default controller that handles requests which have not set a path.
 */
@Controller
public class WelcomeController extends AbstractController {

	@Value("${mobile.path}")
	private String mobileContextPath;

	@Resource(name = "versionInfoProperties")
	private Properties versionInfoProperties;

	@RequestMapping(value = "/", method = RequestMethod.GET)
	public View home(final HttpServletRequest request) {
		return new RedirectView(mobileContextPath + "/", false);
	}

	@RequestMapping(value = "/", method = RequestMethod.GET, produces = "application/json")
	@ResponseBody
	public Map<String, Object> jsonHome(final HttpServletRequest request) {
		Map<String, Object> response = new HashMap<>();
		Map<String, Object> version = new HashMap<>();

		version.put("string", versionInfoProperties.getProperty("version.string"));
		version.put("buildTime", versionInfoProperties.getProperty("version.build-time"));
		version.put("gitCommitId", versionInfoProperties.getProperty("version.git.commit-id"));
		version.put("gitDirty", Boolean.parseBoolean(versionInfoProperties.getProperty("version.git.dirty")));

		response.put("productName", "arsnova-backend");
		response.put("version", version);

		return response;
	}

	@RequestMapping(value = "/checkframeoptionsheader", method = RequestMethod.POST)
	@ResponseStatus(HttpStatus.OK)
	public void checkFrameOptionsHeader(
			@RequestParam final String url,
			final HttpServletRequest request
		) {
		/* Block requests from the server itself to prevent DoS attacks caused by request loops */
		if ("127.0.0.1".equals(request.getRemoteAddr())) {
			throw new BadRequestException("Access to localhost not allowed.");
		}
		/* Block requests to servers in private networks */
		try {
			final InetAddress addr = InetAddress.getByName(new URL(url).getHost());
			if (addr.isSiteLocalAddress()) {
				throw new BadRequestException("Access to site-local addresses not allowed.");
			}
		} catch (UnknownHostException | MalformedURLException e) {
			throw new BadRequestException();
		}

		RestTemplate restTemplate = new RestTemplate();
		SimpleClientHttpRequestFactory rf = (SimpleClientHttpRequestFactory) restTemplate.getRequestFactory();
		rf.setConnectTimeout(2000);
		rf.setReadTimeout(2000);

		try {
			HttpHeaders headers = restTemplate.headForHeaders(url);
			if (headers.isEmpty() || headers.containsKey("x-frame-options")) {
				throw new NoContentException();
			}
		} catch (RestClientException e) {
			throw new NoContentException();
		}
	}
}