From 195ec5aed9e3a6a499cf5a21773235563806a0c1 Mon Sep 17 00:00:00 2001
From: Abyss777 <abyss@fox5.ru>
Date: Fri, 2 Feb 2018 11:15:12 +0500
Subject: - Move media servlet to api context - Cleanup and optimization

---
 src/org/traccar/api/MediaFilter.java | 41 +++++++++++++-----------------------
 1 file changed, 15 insertions(+), 26 deletions(-)

(limited to 'src/org/traccar/api/MediaFilter.java')

diff --git a/src/org/traccar/api/MediaFilter.java b/src/org/traccar/api/MediaFilter.java
index c07175d40..b3dcbbd66 100644
--- a/src/org/traccar/api/MediaFilter.java
+++ b/src/org/traccar/api/MediaFilter.java
@@ -36,24 +36,8 @@ import org.traccar.model.Device;
 
 public class MediaFilter implements Filter {
 
-    private boolean dirAllowed;
-
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
-        dirAllowed = Context.getConfig().getBoolean("media.dirAllowed");
-    }
-
-    private static void formatError(HttpServletResponse response, Exception e) throws IOException {
-        if (e instanceof SecurityException) {
-            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-        } else if (e instanceof IllegalArgumentException) {
-            response.setStatus(HttpServletResponse.SC_NOT_FOUND);
-        } else if (e instanceof NotAuthorizedException) {
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-        } else {
-            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
-        }
-        response.getWriter().println(Log.exceptionStack(e));
     }
 
     @Override
@@ -73,15 +57,10 @@ public class MediaFilter implements Filter {
                 throw new NotAuthorizedException("Not authorized");
             }
 
-            String[] parts = ((HttpServletRequest) request).getPathInfo().split("/");
-            if (parts.length < 2) {
-                if (dirAllowed) {
-                    Context.getPermissionsManager().checkAdmin(userId);
-                } else {
-                    throw new SecurityException("Wrong path");
-                }
-            } else if (parts.length == 2 && !dirAllowed) {
-                throw new SecurityException("Wrong path");
+            String path = ((HttpServletRequest) request).getPathInfo();
+            String[] parts = path.split("/");
+            if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) {
+                Context.getPermissionsManager().checkAdmin(userId);
             } else {
                 Device device = Context.getIdentityManager().getByUniqueId(parts[1]);
                 if (device != null) {
@@ -93,7 +72,17 @@ public class MediaFilter implements Filter {
 
             chain.doFilter(request, response);
         } catch (Exception e) {
-            formatError((HttpServletResponse) response, e);
+            HttpServletResponse httpResponse = (HttpServletResponse) response;
+            if (e instanceof SecurityException) {
+                httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            } else if (e instanceof IllegalArgumentException) {
+                httpResponse.setStatus(HttpServletResponse.SC_NOT_FOUND);
+            } else if (e instanceof NotAuthorizedException) {
+                httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            } else {
+                httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+            }
+            response.getWriter().println(Log.exceptionStack(e));
         }
     }
 
-- 
cgit v1.2.3