From 13f7d6ad1a2ede4761d4758617e939c5dc386d3c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 13 Aug 2015 18:18:46 +0200 Subject: [server] Validate lecture/imageversion dates, conditionally set isTemplate --- .../java/org/openslx/bwlp/sat/util/Sanitizer.java | 67 ++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java (limited to 'dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java') diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java new file mode 100644 index 00000000..5dd3b64e --- /dev/null +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java @@ -0,0 +1,67 @@ +package org.openslx.bwlp.sat.util; + +import org.openslx.bwlp.sat.RuntimeConfig; +import org.openslx.bwlp.thrift.iface.DateParamError; +import org.openslx.bwlp.thrift.iface.LectureWrite; +import org.openslx.bwlp.thrift.iface.TInvalidDateParam; + +public class Sanitizer { + + /** + * One day in milliseconds + */ + private final static long ONE_DAY = 86400l * 1000l; + + /** + * How far in the past can a date lie? Currently 180 days, no idea if anyone + * would ever need this feature, but don't error out right away + */ + private static final long LOWER_CUTOFF = 180l * ONE_DAY; + + private static final long MAX_IMAGE_EXPIRY = 10l * 365l * ONE_DAY; + + /** + * Sanitize start and end date of lecture. + * + * @param lecture Lecture to sanitize + * @throws TInvalidDateParam If start or end date have invalid values + */ + public static void handleLectureDates(LectureWrite lecture) throws TInvalidDateParam { + if (lecture.startTime > lecture.endTime) + throw new TInvalidDateParam(DateParamError.NEGATIVE_RANGE, "Start date past end date"); + final long now = System.currentTimeMillis(); + long lowLimit = now - LOWER_CUTOFF; + if (lecture.startTime < lowLimit) + throw new TInvalidDateParam(DateParamError.TOO_LOW, "Start date lies in the past"); + if (lecture.endTime < lowLimit) + throw new TInvalidDateParam(DateParamError.TOO_LOW, "End date lies in the past"); + long highLimit = now + RuntimeConfig.getMaxLectureValidityMs(); + if (lecture.startTime > highLimit) + throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Start date lies too far in the future"); + // Bonus: If the end date is just a little bit off, silently correct it, since it might be clock + // inaccuracies between server and client + if (lecture.endTime > highLimit) { + if (lecture.endTime - ONE_DAY > highLimit) + throw new TInvalidDateParam(DateParamError.TOO_HIGH, "End date lies too far in the future"); + lecture.endTime = highLimit; + } + } + + /** + * Check if given image expiry date is valid. Be liberal here, since only + * the super user can set it, and they should know what they're doing. + * + * @param unixTimestamp timestamp to check + * @throws TInvalidDateParam If the date is invalid + */ + public static void handleImageExpiryDate(long unixTimestamp) throws TInvalidDateParam { + final long now = System.currentTimeMillis(); + long lowLimit = now - LOWER_CUTOFF; + if (unixTimestamp < lowLimit) + throw new TInvalidDateParam(DateParamError.TOO_LOW, "Expiry date lies in the past"); + long highLimit = now + MAX_IMAGE_EXPIRY; + if (unixTimestamp > highLimit) + throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Expiry date lies too far in the future"); + } + +} -- cgit v1.2.3-55-g7522