private static String buildContentTypeText(Collection mimeTypes) {
StringBuilder sb = null;
for (Object o : mimeTypes) {
MimeType mt = (MimeType) o;
if (sb == null) {
sb = new StringBuilder();
} else {
sb.append(",");
}
sb.append(mt.toString());
}
if (sb == null) {
return "";
} else {
return sb.toString();
}
}
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse rsp)
throws IOException {
String keyStr = req.getPathInfo();
// We shouldn't have to do this extra decode pass, but somehow we
// are now receiving our "^1" suffix as "%5E1", which confuses us
// downstream. Other times we get our embedded "," as "%2C", which
// is equally bad. And yet when these happen a "%2F" is left as-is,
// rather than escaped as "%252F", which makes me feel really really
// uncomfortable with a blind decode right here.
//
keyStr = URLDecoder.decode(keyStr, "UTF-8");
if (!keyStr.startsWith("/")) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
keyStr = keyStr.substring(1);
final Patch.Key patchKey;
final int side;
{
final int c = keyStr.lastIndexOf('^');
if (c == 0) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
if (c < 0) {
side = 0;
} else {
try {
side = Integer.parseInt(keyStr.substring(c + 1));
keyStr = keyStr.substring(0, c);
} catch (NumberFormatException e) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
}
try {
patchKey = Patch.Key.parse(keyStr);
} catch (NumberFormatException e) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
}
final Change.Id changeId = patchKey.getParentKey().getParentKey();
final Project project;
final PatchSet patchSet;
try {
final ReviewDb db = requestDb.get();
final ChangeControl control = changeControl.validateFor(changeId);
project = control.getProject();
patchSet = db.patchSets().get(patchKey.getParentKey());
if (patchSet == null) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
} catch (NoSuchChangeException e) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
} catch (OrmException e) {
getServletContext().log("Cannot query database", e);
rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
final Repository repo;
try {
repo = repoManager.openRepository(project.getNameKey());
} catch (RepositoryNotFoundException e) {
getServletContext().log("Cannot open repository", e);
rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
final ObjectLoader blobLoader;
final RevCommit fromCommit;
final String suffix;
final String path = patchKey.getFileName();
try {
final ObjectReader reader = repo.newObjectReader();
try {
final RevWalk rw = new RevWalk(reader);
final RevCommit c;
final TreeWalk tw;
c = rw.parseCommit(ObjectId.fromString(patchSet.getRevision().get()));
if (side == 0) {
fromCommit = c;
suffix = "new";
} else if (1 <= side && side - 1 < c.getParentCount()) {
fromCommit = rw.parseCommit(c.getParent(side - 1));
if (c.getParentCount() == 1) {
suffix = "old";
} else {
suffix = "old" + side;
}
} else {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
tw = TreeWalk.forPath(reader, path, fromCommit.getTree());
if (tw == null) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
if (tw.getFileMode(0).getObjectType() == Constants.OBJ_BLOB) {
blobLoader = reader.open(tw.getObjectId(0), Constants.OBJ_BLOB);
} else {
rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
} finally {
reader.release();
}
} catch (IOException e) {
getServletContext().log("Cannot read repository", e);
rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
} catch (RuntimeException e) {
getServletContext().log("Cannot read repository", e);
rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
} finally {
repo.close();
}
final byte[] raw = blobLoader.isLarge() ? null : blobLoader.getCachedBytes();
final long when = fromCommit.getCommitTime() * 1000L;
rsp.setDateHeader("Last-Modified", when);
rsp.setDateHeader("Expires", 0L);
rsp.setHeader("Pragma", "no-cache");
rsp.setHeader("Cache-Control", "no-cache, must-revalidate");
OutputStream out;
ZipOutputStream zo;
final MimeType contentType = registry.getMimeType(path, raw);
if (!registry.isSafeInline(contentType)) {
// The content may not be safe to transmit inline, as a browser might
// interpret it as HTML or JavaScript hosted by this site. Such code
// might then run in the site's security domain, and may be able to use
// the user's cookies to perform unauthorized actions.
//
// Usually, wrapping the content into a ZIP file forces the browser to
// save the content to the local system instead.
//
rsp.setContentType(ZIP.toString());
rsp.setHeader(
"Content-Disposition",
"attachment; filename=\"" + safeFileName(path, suffix) + ".zip" + "\"");
zo = new ZipOutputStream(rsp.getOutputStream());
final ZipEntry e = new ZipEntry(safeFileName(path, rand(req, suffix)));
e.setComment(fromCommit.name() + ":" + path);
e.setSize(blobLoader.getSize());
e.setTime(when);
zo.putNextEntry(e);
out = zo;
} else {
rsp.setContentType(contentType.toString());
rsp.setHeader("Content-Length", "" + blobLoader.getSize());
out = rsp.getOutputStream();
zo = null;
}
if (raw != null) {
out.write(raw);
} else {
blobLoader.copyTo(out);
}
if (zo != null) {
zo.closeEntry();
}
out.close();
}
public static String findAcceptableContentType(String mime, String preferredList) {
MimeType mt = MimeUtil.getPreferedMimeType(preferredList, mime);
return mt.toString();
}
