Merge branch 'master' of https://github.com/traccar/traccar

9 files changed, 316 insertions, 36 deletions

diff --git a/src/main/java/org/traccar/web/ConsoleServlet.java b/src/main/java/org/traccar/web/ConsoleServlet.java
index 902a4f7a9..0012ba077 100644
--- a/src/main/java/org/traccar/web/ConsoleServlet.java
+++ b/src/main/java/org/traccar/web/ConsoleServlet.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
 package org.traccar.web;
 
 import org.h2.server.web.ConnectionInfo;
-import org.h2.server.web.WebServlet;
+import org.h2.server.web.JakartaWebServlet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.traccar.config.Config;
@@ -26,7 +26,7 @@ import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 
-public class ConsoleServlet extends WebServlet {
+public class ConsoleServlet extends JakartaWebServlet {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ConsoleServlet.class);
 
@@ -41,7 +41,7 @@ public class ConsoleServlet extends WebServlet {
         super.init();
 
         try {
-            Field field = WebServlet.class.getDeclaredField("server");
+            Field field = JakartaWebServlet.class.getDeclaredField("server");
             field.setAccessible(true);
             org.h2.server.web.WebServer server = (org.h2.server.web.WebServer) field.get(this);
 
diff --git a/src/main/java/org/traccar/web/ModernDefaultServlet.java b/src/main/java/org/traccar/web/ModernDefaultServlet.java
new file mode 100644
index 000000000..a7c8cdb29
--- /dev/null
+++ b/src/main/java/org/traccar/web/ModernDefaultServlet.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2023 Anton Tananaev (anton@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.web;
+
+import org.eclipse.jetty.servlet.DefaultServlet;
+import org.eclipse.jetty.util.resource.Resource;
+import org.traccar.config.Config;
+import org.traccar.config.Keys;
+
+import jakarta.inject.Inject;
+import java.io.File;
+import java.io.IOException;
+
+public class ModernDefaultServlet extends DefaultServlet {
+
+    private Resource overrideResource;
+
+    @Inject
+    public ModernDefaultServlet(Config config) {
+        String override = config.getString(Keys.WEB_OVERRIDE);
+        if (override != null) {
+            overrideResource = Resource.newResource(new File(override));
+        }
+    }
+
+    @Override
+    public Resource getResource(String pathInContext) {
+        if (overrideResource != null) {
+            try {
+                Resource override = overrideResource.addPath(pathInContext);
+                if (override.exists()) {
+                    return override;
+                }
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        }
+        return super.getResource(pathInContext.indexOf('.') < 0 ? "/" : pathInContext);
+    }
+
+    @Override
+    public String getWelcomeFile(String pathInContext) {
+        return super.getWelcomeFile("/");
+    }
+
+}
diff --git a/src/main/java/org/traccar/web/OverrideFilter.java b/src/main/java/org/traccar/web/OverrideFilter.java
new file mode 100644
index 000000000..9780c9ede
--- /dev/null
+++ b/src/main/java/org/traccar/web/OverrideFilter.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2023 Anton Tananaev (anton@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.web;
+
+import com.google.inject.Provider;
+import org.traccar.api.security.PermissionsService;
+import org.traccar.model.Server;
+import org.traccar.storage.StorageException;
+
+import jakarta.inject.Inject;
+import jakarta.inject.Singleton;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Singleton
+public class OverrideFilter implements Filter {
+
+    private final Provider<PermissionsService> permissionsServiceProvider;
+
+    @Inject
+    public OverrideFilter(Provider<PermissionsService> permissionsServiceProvider) {
+        this.permissionsServiceProvider = permissionsServiceProvider;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+
+        if (((HttpServletRequest) request).getServletPath().startsWith("/api")) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        ResponseWrapper wrappedResponse = new ResponseWrapper((HttpServletResponse) response);
+
+        chain.doFilter(request, wrappedResponse);
+
+        byte[] bytes = wrappedResponse.getCapture();
+        if (bytes != null) {
+            if (wrappedResponse.getContentType() != null && wrappedResponse.getContentType().contains("text/html")
+                    || ((HttpServletRequest) request).getPathInfo().endsWith("manifest.webmanifest")) {
+
+                Server server;
+                try {
+                    server = permissionsServiceProvider.get().getServer();
+                } catch (StorageException e) {
+                    throw new RuntimeException(e);
+                }
+
+                String title = server.getString("title", "Traccar");
+                String description = server.getString("description", "Traccar GPS Tracking System");
+                String colorPrimary = server.getString("colorPrimary", "#1a237e");
+
+                String alteredContent = new String(wrappedResponse.getCapture())
+                        .replace("${title}", title)
+                        .replace("${description}", description)
+                        .replace("${colorPrimary}", colorPrimary);
+
+                byte[] data = alteredContent.getBytes();
+                response.setContentLength(data.length);
+                response.getOutputStream().write(data);
+
+            } else {
+                response.getOutputStream().write(bytes);
+            }
+        }
+    }
+
+}
diff --git a/src/main/java/org/traccar/web/ResponseWrapper.java b/src/main/java/org/traccar/web/ResponseWrapper.java
new file mode 100644
index 000000000..a0eaf6788
--- /dev/null
+++ b/src/main/java/org/traccar/web/ResponseWrapper.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2023 Anton Tananaev (anton@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.web;
+
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.WriteListener;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public class ResponseWrapper extends HttpServletResponseWrapper {
+
+    private final ByteArrayOutputStream capture;
+    private ServletOutputStream output;
+
+    public ResponseWrapper(HttpServletResponse response) {
+        super(response);
+        capture = new ByteArrayOutputStream(response.getBufferSize());
+    }
+
+    @Override
+    public ServletOutputStream getOutputStream() {
+        if (output == null) {
+            output = new ServletOutputStream() {
+                @Override
+                public boolean isReady() {
+                    return true;
+                }
+
+                @Override
+                public void setWriteListener(WriteListener writeListener) {
+                }
+
+                @Override
+                public void write(int b) {
+                    capture.write(b);
+                }
+
+                @Override
+                public void flush() throws IOException {
+                    capture.flush();
+                }
+
+                @Override
+                public void close() throws IOException {
+                    capture.close();
+                }
+            };
+        }
+        return output;
+    }
+
+    @Override
+    public void flushBuffer() throws IOException {
+        super.flushBuffer();
+        if (output != null) {
+            output.flush();
+        }
+    }
+
+    public byte[] getCapture() throws IOException {
+        if (output != null) {
+            output.close();
+            return capture.toByteArray();
+        }
+        return null;
+    }
+
+}
diff --git a/src/main/java/org/traccar/web/ThrottlingFilter.java b/src/main/java/org/traccar/web/ThrottlingFilter.java
index 054af652f..1bad33db6 100644
--- a/src/main/java/org/traccar/web/ThrottlingFilter.java
+++ b/src/main/java/org/traccar/web/ThrottlingFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,13 +19,13 @@ import org.eclipse.jetty.servlets.DoSFilter;
 import org.traccar.config.Config;
 import org.traccar.config.Keys;
 
-import javax.inject.Inject;
-import javax.inject.Singleton;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.inject.Inject;
+import jakarta.inject.Singleton;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 @Singleton
 public class ThrottlingFilter extends DoSFilter {
@@ -39,6 +39,7 @@ public class ThrottlingFilter extends DoSFilter {
         if (config.hasKey(Keys.WEB_MAX_REQUESTS_PER_SECOND)) {
             setMaxRequestsPerSec(config.getInteger(Keys.WEB_MAX_REQUESTS_PER_SECOND));
         }
+        setMaxRequestMs(config.getInteger(Keys.WEB_MAX_REQUEST_SECONDS) * 1000L);
     }
 
     @Override
diff --git a/src/main/java/org/traccar/web/WebInjectionManagerFactory.java b/src/main/java/org/traccar/web/WebInjectionManagerFactory.java
index 14d9d3dbc..3e73c41ad 100644
--- a/src/main/java/org/traccar/web/WebInjectionManagerFactory.java
+++ b/src/main/java/org/traccar/web/WebInjectionManagerFactory.java
@@ -23,7 +23,7 @@ import org.jvnet.hk2.guice.bridge.api.GuiceBridge;
 import org.jvnet.hk2.guice.bridge.api.GuiceIntoHK2Bridge;
 import org.traccar.Main;
 
-import javax.annotation.Priority;
+import jakarta.annotation.Priority;
 
 @Priority(20)
 public class WebInjectionManagerFactory implements InjectionManagerFactory {
diff --git a/src/main/java/org/traccar/web/WebModule.java b/src/main/java/org/traccar/web/WebModule.java
index 0722c5d1e..a32a6f447 100644
--- a/src/main/java/org/traccar/web/WebModule.java
+++ b/src/main/java/org/traccar/web/WebModule.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ public class WebModule extends ServletModule {
 
     @Override
     protected void configureServlets() {
+        filter("/*").through(OverrideFilter.class);
         filter("/api/*").through(ThrottlingFilter.class);
         filter("/api/media/*").through(MediaFilter.class);
         serve("/api/socket").with(AsyncSocketServlet.class);
diff --git a/src/main/java/org/traccar/web/WebRequestLog.java b/src/main/java/org/traccar/web/WebRequestLog.java
new file mode 100644
index 000000000..3f3286003
--- /dev/null
+++ b/src/main/java/org/traccar/web/WebRequestLog.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2023 Anton Tananaev (anton@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.web;
+
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.RequestLog;
+import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.util.DateCache;
+import org.eclipse.jetty.util.component.ContainerLifeCycle;
+import org.traccar.api.resource.SessionResource;
+
+import java.util.Locale;
+import java.util.TimeZone;
+
+public class WebRequestLog extends ContainerLifeCycle implements RequestLog {
+
+    private final Writer writer;
+
+    private final DateCache dateCache = new DateCache(
+            "dd/MMM/yyyy:HH:mm:ss ZZZ", Locale.getDefault(), TimeZone.getTimeZone("GMT"));
+
+    public WebRequestLog(Writer writer) {
+        this.writer = writer;
+        addBean(writer);
+    }
+
+    @Override
+    public void log(Request request, Response response) {
+        try {
+            Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
+            writer.write(String.format("%s - %s [%s] \"%s %s %s\" %d %d",
+                    request.getRemoteHost(),
+                    userId != null ? String.valueOf(userId) : "-",
+                    dateCache.format(request.getTimeStamp()),
+                    request.getMethod(),
+                    request.getOriginalURI(),
+                    request.getProtocol(),
+                    response.getCommittedMetaData().getStatus(),
+                    response.getHttpChannel().getBytesWritten()));
+        } catch (Throwable ignored) {
+        }
+    }
+
+}
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java
index 79d19cc9b..4759942b1 100644
--- a/src/main/java/org/traccar/web/WebServer.java
+++ b/src/main/java/org/traccar/web/WebServer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012 - 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2012 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import org.eclipse.jetty.http.HttpCookie;
 import org.eclipse.jetty.http.HttpMethod;
 import org.eclipse.jetty.http.HttpStatus;
 import org.eclipse.jetty.proxy.AsyncProxyServlet;
-import org.eclipse.jetty.server.CustomRequestLog;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.RequestLogWriter;
 import org.eclipse.jetty.server.Server;
@@ -52,19 +51,16 @@ import org.traccar.config.Config;
 import org.traccar.config.Keys;
 import org.traccar.helper.ObjectMapperContextResolver;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.ServletException;
-import javax.servlet.SessionCookieConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.SessionCookieConfig;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 import java.io.File;
 import java.io.IOException;
 import java.io.Writer;
 import java.net.InetSocketAddress;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.EnumSet;
 
 public class WebServer implements LifecycleObject {
@@ -103,14 +99,8 @@ public class WebServer implements LifecycleObject {
             @Override
             protected void handleErrorPage(
                     HttpServletRequest request, Writer writer, int code, String message) throws IOException {
-                Path index = Paths.get(config.getString(Keys.WEB_PATH), "index.html");
-                if (code == HttpStatus.NOT_FOUND_404
-                        && !request.getPathInfo().startsWith("/api/") && Files.exists(index)) {
-                    writer.write(Files.readString(index));
-                } else {
-                    writer.write("<!DOCTYPE><html><head><title>Error</title></head><html><body>"
-                            + code + " - " + HttpStatus.getMessage(code) + "</body></html>");
-                }
+                writer.write("<!DOCTYPE><html><head><title>Error</title></head><html><body>"
+                        + code + " - " + HttpStatus.getMessage(code) + "</body></html>");
             }
         });
 
@@ -124,8 +114,7 @@ public class WebServer implements LifecycleObject {
             RequestLogWriter logWriter = new RequestLogWriter(config.getString(Keys.WEB_REQUEST_LOG_PATH));
             logWriter.setAppend(true);
             logWriter.setRetainDays(config.getInteger(Keys.WEB_REQUEST_LOG_RETAIN_DAYS));
-            CustomRequestLog requestLog = new CustomRequestLog(logWriter, CustomRequestLog.NCSA_FORMAT);
-            server.setRequestLog(requestLog);
+            server.setRequestLog(new WebRequestLog(logWriter));
         }
     }
 
@@ -150,7 +139,7 @@ public class WebServer implements LifecycleObject {
     }
 
     private void initWebApp(ServletContextHandler servletHandler) {
-        ServletHolder servletHolder = new ServletHolder(DefaultServlet.class);
+        ServletHolder servletHolder = new ServletHolder(new ModernDefaultServlet(config));
         servletHolder.setInitParameter("resourceBase", new File(config.getString(Keys.WEB_PATH)).getAbsolutePath());
         servletHolder.setInitParameter("dirAllowed", "false");
         if (config.getBoolean(Keys.WEB_DEBUG)) {
@@ -202,14 +191,16 @@ public class WebServer implements LifecycleObject {
             sessionHandler.setSessionCache(sessionCache);
         }
 
+        SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig();
+
         int sessionTimeout = config.getInteger(Keys.WEB_SESSION_TIMEOUT);
         if (sessionTimeout > 0) {
             servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
+            sessionCookieConfig.setMaxAge(sessionTimeout);
         }
 
         String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE);
         if (sameSiteCookie != null) {
-            SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig();
             switch (sameSiteCookie.toLowerCase()) {
                 case "lax":
                     sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT);