mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-15 02:54:06 +02:00
Security fixes, enterprise stuff and more (#3241)
# Description of Changes Please provide a summary of the changes, including: - Enable user to add custom JAVA ops with env JAVA_CUSTOM_OPTS - Added support for prometheus (enabled via JAVA_CUSTOM_OPTS + enterprise license) - Changed settings from enterprise naming to 'Premium' - KeygenLicense Check to support offline licenses - Disable URL-to-PDF due to huge security bug - Remove loud Split PDF logs - addUsers renamed to adminSettings - Added Usage analytics page - Add user button to only be enabled based on total users free - Improve Merge memory usage Closes #(issue_number) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: Connor Yoh <[email protected]>
This commit is contained in:
co-authored by
a <a>
pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
Connor Yoh
parent
86becc61de
commit
e151286337
@@ -118,11 +118,11 @@ public class AccountWebController {
|
||||
|
||||
if (securityProps.isSaml2Active()
|
||||
&& applicationProperties.getSystem().getEnableAlphaFunctionality()
|
||||
&& applicationProperties.getEnterpriseEdition().isEnabled()) {
|
||||
&& applicationProperties.getPremium().isEnabled()) {
|
||||
String samlIdp = saml2.getProvider();
|
||||
String saml2AuthenticationPath = "/saml2/authenticate/" + saml2.getRegistrationId();
|
||||
|
||||
if (applicationProperties.getEnterpriseEdition().isSsoAutoLogin()) {
|
||||
if (applicationProperties.getPremium().getProFeatures().isSsoAutoLogin()) {
|
||||
return "redirect:" + request.getRequestURL() + saml2AuthenticationPath;
|
||||
} else {
|
||||
providerList.put(saml2AuthenticationPath, samlIdp + " (SAML 2)");
|
||||
@@ -195,7 +195,13 @@ public class AccountWebController {
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
||||
@GetMapping("/addUsers")
|
||||
@GetMapping("/usage")
|
||||
public String showUsage() {
|
||||
return "usage";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
||||
@GetMapping("/adminSettings")
|
||||
public String showAddUserForm(
|
||||
HttpServletRequest request, Model model, Authentication authentication) {
|
||||
List<User> allUsers = userRepository.findAll();
|
||||
@@ -318,7 +324,9 @@ public class AccountWebController {
|
||||
model.addAttribute("totalUsers", allUsers.size());
|
||||
model.addAttribute("activeUsers", activeUsers);
|
||||
model.addAttribute("disabledUsers", disabledUsers);
|
||||
return "addUsers";
|
||||
|
||||
model.addAttribute("maxEnterpriseUsers", applicationProperties.getPremium().getMaxUsers());
|
||||
return "adminSettings";
|
||||
}
|
||||
|
||||
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
||||
|
||||
@@ -22,6 +22,7 @@ import jakarta.annotation.PostConstruct;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.SPDF.config.EndpointInspector;
|
||||
import stirling.software.SPDF.config.StartupApplicationListener;
|
||||
import stirling.software.SPDF.model.ApplicationProperties;
|
||||
|
||||
@@ -32,15 +33,17 @@ import stirling.software.SPDF.model.ApplicationProperties;
|
||||
public class MetricsController {
|
||||
|
||||
private final ApplicationProperties applicationProperties;
|
||||
|
||||
private final MeterRegistry meterRegistry;
|
||||
|
||||
private final EndpointInspector endpointInspector;
|
||||
private boolean metricsEnabled;
|
||||
|
||||
public MetricsController(
|
||||
ApplicationProperties applicationProperties, MeterRegistry meterRegistry) {
|
||||
ApplicationProperties applicationProperties,
|
||||
MeterRegistry meterRegistry,
|
||||
EndpointInspector endpointInspector) {
|
||||
this.applicationProperties = applicationProperties;
|
||||
this.meterRegistry = meterRegistry;
|
||||
this.endpointInspector = endpointInspector;
|
||||
}
|
||||
|
||||
@PostConstruct
|
||||
@@ -208,25 +211,43 @@ public class MetricsController {
|
||||
}
|
||||
|
||||
private double getRequestCount(String method, Optional<String> endpoint) {
|
||||
log.info(
|
||||
"Getting request count for method: {}, endpoint: {}",
|
||||
method,
|
||||
endpoint.orElse("all"));
|
||||
double count =
|
||||
meterRegistry.find("http.requests").tag("method", method).counters().stream()
|
||||
.filter(
|
||||
counter ->
|
||||
!endpoint.isPresent()
|
||||
|| endpoint.get()
|
||||
.equals(counter.getId().getTag("uri")))
|
||||
.mapToDouble(Counter::count)
|
||||
.sum();
|
||||
log.info("Request count: {}", count);
|
||||
return count;
|
||||
return meterRegistry.find("http.requests").tag("method", method).counters().stream()
|
||||
.filter(
|
||||
counter -> {
|
||||
String uri = counter.getId().getTag("uri");
|
||||
|
||||
// Apply filtering logic - Skip if uri is null
|
||||
if (uri == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// For POST requests, only include if they start with /api/v1
|
||||
if ("POST".equals(method) && !uri.contains("api/v1")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (uri.contains(".txt")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// For GET requests, validate if we have a list of valid endpoints
|
||||
final boolean validateGetEndpoints =
|
||||
endpointInspector.getValidGetEndpoints().size() != 0;
|
||||
if ("GET".equals(method)
|
||||
&& validateGetEndpoints
|
||||
&& !endpointInspector.isValidGetEndpoint(uri)) {
|
||||
log.debug("Skipping invalid GET endpoint: {}", uri);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Filter for specific endpoint if provided
|
||||
return !endpoint.isPresent() || endpoint.get().equals(uri);
|
||||
})
|
||||
.mapToDouble(Counter::count)
|
||||
.sum();
|
||||
}
|
||||
|
||||
private List<EndpointCount> getEndpointCounts(String method) {
|
||||
log.info("Getting endpoint counts for method: {}", method);
|
||||
Map<String, Double> counts = new HashMap<>();
|
||||
meterRegistry
|
||||
.find("http.requests")
|
||||
@@ -235,28 +256,72 @@ public class MetricsController {
|
||||
.forEach(
|
||||
counter -> {
|
||||
String uri = counter.getId().getTag("uri");
|
||||
|
||||
// Skip if uri is null
|
||||
if (uri == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
// For POST requests, only include if they start with /api/v1
|
||||
if ("POST".equals(method) && !uri.contains("api/v1")) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (uri.contains(".txt")) {
|
||||
return;
|
||||
}
|
||||
|
||||
// For GET requests, validate if we have a list of valid endpoints
|
||||
final boolean validateGetEndpoints =
|
||||
endpointInspector.getValidGetEndpoints().size() != 0;
|
||||
if ("GET".equals(method)
|
||||
&& validateGetEndpoints
|
||||
&& !endpointInspector.isValidGetEndpoint(uri)) {
|
||||
log.debug("Skipping invalid GET endpoint: {}", uri);
|
||||
return;
|
||||
}
|
||||
|
||||
counts.merge(uri, counter.count(), Double::sum);
|
||||
});
|
||||
List<EndpointCount> result =
|
||||
counts.entrySet().stream()
|
||||
.map(entry -> new EndpointCount(entry.getKey(), entry.getValue()))
|
||||
.sorted(Comparator.comparing(EndpointCount::getCount).reversed())
|
||||
.collect(Collectors.toList());
|
||||
log.info("Found {} endpoints with counts", result.size());
|
||||
return result;
|
||||
|
||||
return counts.entrySet().stream()
|
||||
.map(entry -> new EndpointCount(entry.getKey(), entry.getValue()))
|
||||
.sorted(Comparator.comparing(EndpointCount::getCount).reversed())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
private double getUniqueUserCount(String method, Optional<String> endpoint) {
|
||||
log.info(
|
||||
"Getting unique user count for method: {}, endpoint: {}",
|
||||
method,
|
||||
endpoint.orElse("all"));
|
||||
Set<String> uniqueUsers = new HashSet<>();
|
||||
meterRegistry.find("http.requests").tag("method", method).counters().stream()
|
||||
.filter(
|
||||
counter ->
|
||||
!endpoint.isPresent()
|
||||
|| endpoint.get().equals(counter.getId().getTag("uri")))
|
||||
counter -> {
|
||||
String uri = counter.getId().getTag("uri");
|
||||
|
||||
// Skip if uri is null
|
||||
if (uri == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// For POST requests, only include if they start with /api/v1
|
||||
if ("POST".equals(method) && !uri.contains("api/v1")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (uri.contains(".txt")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// For GET requests, validate if we have a list of valid endpoints
|
||||
final boolean validateGetEndpoints =
|
||||
endpointInspector.getValidGetEndpoints().size() != 0;
|
||||
if ("GET".equals(method)
|
||||
&& validateGetEndpoints
|
||||
&& !endpointInspector.isValidGetEndpoint(uri)) {
|
||||
log.debug("Skipping invalid GET endpoint: {}", uri);
|
||||
return false;
|
||||
}
|
||||
return !endpoint.isPresent() || endpoint.get().equals(uri);
|
||||
})
|
||||
.forEach(
|
||||
counter -> {
|
||||
String session = counter.getId().getTag("session");
|
||||
@@ -264,12 +329,10 @@ public class MetricsController {
|
||||
uniqueUsers.add(session);
|
||||
}
|
||||
});
|
||||
log.info("Unique user count: {}", uniqueUsers.size());
|
||||
return uniqueUsers.size();
|
||||
}
|
||||
|
||||
private List<EndpointCount> getUniqueUserCounts(String method) {
|
||||
log.info("Getting unique user counts for method: {}", method);
|
||||
Map<String, Set<String>> uniqueUsers = new HashMap<>();
|
||||
meterRegistry
|
||||
.find("http.requests")
|
||||
@@ -283,13 +346,10 @@ public class MetricsController {
|
||||
uniqueUsers.computeIfAbsent(uri, k -> new HashSet<>()).add(session);
|
||||
}
|
||||
});
|
||||
List<EndpointCount> result =
|
||||
uniqueUsers.entrySet().stream()
|
||||
.map(entry -> new EndpointCount(entry.getKey(), entry.getValue().size()))
|
||||
.sorted(Comparator.comparing(EndpointCount::getCount).reversed())
|
||||
.collect(Collectors.toList());
|
||||
log.info("Found {} endpoints with unique user counts", result.size());
|
||||
return result;
|
||||
return uniqueUsers.entrySet().stream()
|
||||
.map(entry -> new EndpointCount(entry.getKey(), entry.getValue().size()))
|
||||
.sorted(Comparator.comparing(EndpointCount::getCount).reversed())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@GetMapping("/uptime")
|
||||
|
||||
Reference in New Issue
Block a user