Add schematic validation to the HTTPD

This commit is contained in:
Telesphoreo 2024-01-25 15:59:27 -06:00
parent 94528860f2
commit ff9cf12acc
5 changed files with 44 additions and 15 deletions

View file

@ -30,16 +30,19 @@ repositories {
dependencies { dependencies {
implementation("org.projectlombok:lombok:1.18.30") implementation("org.projectlombok:lombok:1.18.30")
annotationProcessor("org.projectlombok:lombok:1.18.30") annotationProcessor("org.projectlombok:lombok:1.18.30")
implementation("io.papermc.paper:paper-api:1.20.2-R0.1-SNAPSHOT") implementation("io.papermc.paper:paper-api:1.20.4-R0.1-SNAPSHOT")
implementation("dev.plex:server:1.4-SNAPSHOT") implementation("dev.plex:server:1.4-SNAPSHOT")
implementation("org.json:json:20231013") implementation("org.json:json:20231013")
implementation("org.reflections:reflections:0.10.2") implementation("org.reflections:reflections:0.10.2")
implementation("org.eclipse.jetty:jetty-server:11.0.18") implementation("org.eclipse.jetty:jetty-server:11.0.19")
implementation("org.eclipse.jetty:jetty-servlet:11.0.18") implementation("org.eclipse.jetty:jetty-servlet:11.0.19")
implementation("org.eclipse.jetty:jetty-proxy:11.0.18") implementation("org.eclipse.jetty:jetty-proxy:11.0.19")
implementation("com.github.MilkBowl:VaultAPI:1.7.1") { implementation("com.github.MilkBowl:VaultAPI:1.7.1") {
exclude("org.bukkit", "bukkit") exclude("org.bukkit", "bukkit")
} }
implementation(platform("com.intellectualsites.bom:bom-newest:1.40")) // Ref: https://github.com/IntellectualSites/bom
compileOnly("com.fastasyncworldedit:FastAsyncWorldEdit-Core")
implementation("commons-io:commons-io:2.15.1")
} }
tasks.getByName<Jar>("jar") { tasks.getByName<Jar>("jar") {

Binary file not shown.

View file

@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
networkTimeout=10000 networkTimeout=10000
validateDistributionUrl=true validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME zipStoreBase=GRADLE_USER_HOME

3
gradlew vendored
View file

@ -83,7 +83,8 @@ done
# This is normally unused # This is normally unused
# shellcheck disable=SC2034 # shellcheck disable=SC2034
APP_BASE_NAME=${0##*/} APP_BASE_NAME=${0##*/}
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
# Use the maximum available, or set MAX_FD != -1 to use that value. # Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum MAX_FD=maximum

View file

@ -1,5 +1,7 @@
package dev.plex.request; package dev.plex.request;
import com.sk89q.worldedit.extent.clipboard.io.ClipboardFormat;
import com.sk89q.worldedit.extent.clipboard.io.ClipboardFormats;
import dev.plex.HTTPDModule; import dev.plex.HTTPDModule;
import dev.plex.cache.DataUtils; import dev.plex.cache.DataUtils;
import dev.plex.player.PlexPlayer; import dev.plex.player.PlexPlayer;
@ -9,16 +11,17 @@ import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.Part; import jakarta.servlet.http.Part;
import java.io.File; import org.apache.commons.io.FileUtils;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.Arrays;
import java.util.regex.Pattern;
import org.bukkit.Bukkit; import org.bukkit.Bukkit;
import org.bukkit.OfflinePlayer; import org.bukkit.OfflinePlayer;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.regex.Pattern;
public class SchematicUploadServlet extends HttpServlet public class SchematicUploadServlet extends HttpServlet
{ {
private static final Pattern schemNameMatcher = Pattern.compile("^[a-z0-9'!,_ -]{1,30}\\.schem(atic)?$", Pattern.CASE_INSENSITIVE); private static final Pattern schemNameMatcher = Pattern.compile("^[a-z0-9'!,_ -]{1,30}\\.schem(atic)?$", Pattern.CASE_INSENSITIVE);
@ -74,9 +77,31 @@ public class SchematicUploadServlet extends HttpServlet
return; return;
} }
InputStream inputStream = uploadPart.getInputStream(); InputStream inputStream = uploadPart.getInputStream();
Files.copy(inputStream, new File(worldeditFolder, filename).toPath(), StandardCopyOption.REPLACE_EXISTING); File schematicFile = new File(worldeditFolder, filename);
FileUtils.copyInputStreamToFile(inputStream, schematicFile);
ClipboardFormat schematicFormat = ClipboardFormats.findByFile(schematicFile);
if (schematicFormat == null)
{
PlexLog.log("IP Address: " + request.getRemoteAddr() + " FAILED to upload schematic with filename: " + filename);
response.getWriter().println(schematicUploadBadHTML("Schematic is not a valid format."));
FileUtils.deleteQuietly(schematicFile);
return;
}
try
{
schematicFormat.getReader(new FileInputStream(schematicFile));
}
catch (IOException e)
{
PlexLog.log("IP Address: " + request.getRemoteAddr() + " FAILED to upload schematic with filename: " + filename);
response.getWriter().println(schematicUploadBadHTML("Schematic is not a valid format."));
FileUtils.deleteQuietly(schematicFile);
return;
}
// Files.copy(inputStream, schematic.toPath(), StandardCopyOption.REPLACE_EXISTING);
inputStream.close(); inputStream.close();
response.getWriter().println(schematicUploadGoodHTML("Successfully uploaded <b>" + filename + ".")); response.getWriter().println(schematicUploadGoodHTML("Successfully uploaded <b>" + filename + "</b>."));
PlexLog.log("IP Address: " + request.getRemoteAddr() + " uploaded schematic with filename: " + filename);
} }
private String schematicUploadBadHTML(String message) private String schematicUploadBadHTML(String message)