From 7ba059acc79e6c51816c9212a280dbcfd36eeca4 Mon Sep 17 00:00:00 2001
From: Mirco Nasuti <mirco.nasuti@chuv.ch>
Date: Mon, 8 May 2017 14:58:57 +0200
Subject: [PATCH] add protected file download API

---
 .../java/eu/hbp/mip/controllers/FilesAPI.java | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 src/main/java/eu/hbp/mip/controllers/FilesAPI.java

diff --git a/src/main/java/eu/hbp/mip/controllers/FilesAPI.java b/src/main/java/eu/hbp/mip/controllers/FilesAPI.java
new file mode 100644
index 000000000..88e179bd2
--- /dev/null
+++ b/src/main/java/eu/hbp/mip/controllers/FilesAPI.java
@@ -0,0 +1,50 @@
+package eu.hbp.mip.controllers;
+
+import eu.hbp.mip.configuration.SecurityConfiguration;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.time.LocalDateTime;
+
+/**
+ * Created by mirco on 08.05.17.
+ */
+
+@RestController
+@RequestMapping(value = "/protected")
+@Api(value = "/protected", description = "the protected files API")
+public class FilesAPI {
+
+    private static final Logger LOGGER = Logger.getLogger(FilesAPI.class);
+
+    @Autowired
+    private SecurityConfiguration securityConfiguration;
+
+    @ApiOperation(value = "Get protected files")
+    @RequestMapping(value = "/{filename}" , method = RequestMethod.GET)
+    public ResponseEntity<Void> getProtectedFile(
+            @ApiParam(value = "filename", required = true) @PathVariable("filename") String filename
+    ) {
+        LOGGER.info("Get protected file");
+
+        String filepath = "/protected/" + filename;
+        String user = securityConfiguration.getUser().getUsername();
+        String time = LocalDateTime.now().toString();
+        LOGGER.info("User " + user + " downloaded " + filepath + " at "+ time);
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.add("X-Accel-Redirect", filepath);
+
+        return new ResponseEntity<>(headers, HttpStatus.OK);
+    }
+}
-- 
GitLab