All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.exist.repo.Deployment Maven / Gradle / Ivy

/*
 *  eXist Open Source Native XML Database
 *  Copyright (C) 2001-2015 The eXist Project
 *  http://exist-db.org
 *
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public License
 *  as published by the Free Software Foundation; either version 2
 *  of the License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
package org.exist.repo;

import com.evolvedbinary.j8fu.Either;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.SystemProperties;
import org.exist.collections.Collection;
import org.exist.collections.IndexInfo;
import org.exist.collections.triggers.TriggerException;
import org.exist.dom.QName;
import org.exist.dom.memtree.*;
import org.exist.dom.persistent.BinaryDocument;
import org.exist.security.Permission;
import org.exist.security.PermissionDeniedException;
import org.exist.security.PermissionFactory;
import org.exist.security.UnixStylePermission;
import org.exist.security.internal.aider.GroupAider;
import org.exist.security.internal.aider.UserAider;
import org.exist.source.FileSource;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.Txn;
import org.exist.util.*;
import org.exist.util.serializer.AttrList;
import org.exist.xmldb.XmldbURI;
import org.exist.xquery.*;
import org.exist.xquery.util.DocUtils;
import org.exist.xquery.value.DateTimeValue;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceIterator;
import org.exist.xquery.value.Type;
import org.expath.pkg.repo.*;
import org.expath.pkg.repo.Package;
import org.expath.pkg.repo.deps.DependencyVersion;
import org.expath.pkg.repo.tui.BatchUserInteraction;
import org.w3c.dom.Element;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.*;
import java.util.jar.JarEntry;
import java.util.jar.JarInputStream;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/**
 * Deploy a .xar package into the database using the information provided
 * in expath-pkg.xml and repo.xml.
 */
public class Deployment {

    public final static String PROPERTY_APP_ROOT = "repo.root-collection";

    private final static Logger LOG = LogManager.getLogger(Deployment.class);

    public final static String PROCESSOR_NAME = "http://exist-db.org";

    private final static String REPO_NAMESPACE = "http://exist-db.org/xquery/repo";
    private final static String PKG_NAMESPACE = "http://expath.org/ns/pkg";

    private final static QName SETUP_ELEMENT = new QName("setup", REPO_NAMESPACE);
    private static final QName PRE_SETUP_ELEMENT = new QName("prepare", REPO_NAMESPACE);
    private static final QName POST_SETUP_ELEMENT = new QName("finish", REPO_NAMESPACE);
    private static final QName TARGET_COLL_ELEMENT = new QName("target", REPO_NAMESPACE);
    private static final QName PERMISSIONS_ELEMENT = new QName("permissions", REPO_NAMESPACE);
    private static final QName CLEANUP_ELEMENT = new QName("cleanup", REPO_NAMESPACE);
    private static final QName DEPLOYED_ELEMENT = new QName("deployed", REPO_NAMESPACE);
    private static final QName DEPENDENCY_ELEMENT = new QName("dependency", PKG_NAMESPACE);
    private static final QName RESOURCES_ELEMENT = new QName("resources", REPO_NAMESPACE);
    private static final String RESOURCES_PATH_ATTRIBUTE = "path";

    private static class RequestedPerms {
        final String user;
        final String password;
        final Optional group;
        final Either permissions;

        private RequestedPerms(final String user, final String password, final Optional group, final Either permissions) {
            this.user = user;
            this.password = password;
            this.group = group;
            this.permissions = permissions;
        }
    }

//    private Optional requestedPerms = Optional.empty();

    protected Optional getPackageDir(final String pkgName, final Optional repo) throws PackageException {
        Optional packageDir = Optional.empty();

        if (repo.isPresent()) {
            for (final Packages pp : repo.get().getParentRepo().listPackages()) {
                final org.expath.pkg.repo.Package pkg = pp.latest();
                if (pkg.getName().equals(pkgName)) {
                    packageDir = Optional.of(getPackageDir(pkg));
                }
            }
        }
        return packageDir;
    }

    protected Path getPackageDir(final Package pkg) {
        final FileSystemStorage.FileSystemResolver resolver = (FileSystemStorage.FileSystemResolver) pkg.getResolver();
        return resolver.resolveResourceAsFile("");
    }

    protected Optional getPackage(final String pkgName, final Optional repo) throws PackageException {
        if (repo.isPresent()) {
            for (final Packages pp : repo.get().getParentRepo().listPackages()) {
                final org.expath.pkg.repo.Package pkg = pp.latest();
                if (pkg.getName().equals(pkgName)) {
                    return Optional.ofNullable(pkg);
                }
            }
        }
        return Optional.empty();
    }

    protected DocumentImpl getRepoXML(final DBBroker broker, final Path packageDir) throws PackageException {
        // find and parse the repo.xml descriptor
        final Path repoFile = packageDir.resolve("repo.xml");
        if (!Files.isReadable(repoFile)) {
            return null;
        }
        try(final InputStream is = Files.newInputStream(repoFile)) {
            return DocUtils.parse(broker.getBrokerPool(), null, is);
        } catch (final XPathException | IOException e) {
            throw new PackageException("Failed to parse repo.xml: " + e.getMessage(), e);
        }
    }

    public Optional installAndDeploy(final DBBroker broker, final Txn transaction, final XarSource xar, final PackageLoader loader) throws PackageException, IOException {
        return installAndDeploy(broker, transaction, xar, loader, true);
    }

    /**
     * Install and deploy a give xar archive. Dependencies are installed from
     * the PackageLoader.
     *
     * @param broker the broker to use
     * @param transaction the transaction for this deployment task
     * @param xar the .xar file to install
     * @param loader package loader to use
     * @param enforceDeps when set to true, the method will throw an exception if a dependency could not be resolved
     *                    or an older version of the required dependency is installed and needs to be replaced.
     * @return the collection path to which the package was deployed or Optional.empty if not deployed
     * @throws PackageException if package installation failed
     * @throws IOException in case of an IO error
     */
    public Optional installAndDeploy(final DBBroker broker, final Txn transaction, final XarSource xar, final PackageLoader loader, boolean enforceDeps) throws PackageException, IOException {
        final Optional descriptor = getDescriptor(broker, xar);
        if(!descriptor.isPresent()) {
            throw new PackageException("Missing descriptor from package: " + xar.getURI());
        }
        final DocumentImpl document = descriptor.get();

        final ElementImpl root = (ElementImpl) document.getDocumentElement();
        final String name = root.getAttribute("name");
        final String pkgVersion = root.getAttribute("version");

        final Optional repo = broker.getBrokerPool().getExpathRepo();
	    if (repo.isPresent()) {
            final Packages packages = repo.get().getParentRepo().getPackages(name);

            if (packages != null && (!enforceDeps || pkgVersion.equals(packages.latest().getVersion()))) {
                LOG.info("Application package " + name + " already installed. Skipping.");
                final Package pkg = packages.latest();
                return Optional.of(getTargetCollection(broker, pkg, getPackageDir(pkg)));
            }

            InMemoryNodeSet deps;
            try {
                deps = findElements(root, DEPENDENCY_ELEMENT);
                for (final SequenceIterator i = deps.iterate(); i.hasNext(); ) {
                    final Element dependency = (Element) i.nextItem();
                    final String pkgName = dependency.getAttribute("package");
                    final String processor = dependency.getAttribute("processor");
                    final String versionStr = dependency.getAttribute("version");
                    final String semVer = dependency.getAttribute("semver");
                    final String semVerMin = dependency.getAttribute("semver-min");
                    final String semVerMax = dependency.getAttribute("semver-max");
                    PackageLoader.Version version = null;
                    if (semVer != null) {
                        version = new PackageLoader.Version(semVer, true);
                    } else if (semVerMax != null || semVerMin != null) {
                        version = new PackageLoader.Version(semVerMin, semVerMax);
                    } else if (pkgVersion != null) {
                        version = new PackageLoader.Version(versionStr, false);
                    }

                    if (processor != null && processor.equals(PROCESSOR_NAME) && version != null) {
                        checkProcessorVersion(version);
                    } else if (pkgName != null) {
                        LOG.info("Package " + name + " depends on " + pkgName);
                        boolean isInstalled = false;
                        if (repo.get().getParentRepo().getPackages(pkgName) != null) {
                            LOG.debug("Package " + pkgName + " already installed");
                            Packages pkgs = repo.get().getParentRepo().getPackages(pkgName);
                            // check if installed package matches required version
                            if (pkgs != null) {
                                if (version != null) {
                                    Package latest = pkgs.latest();
                                    DependencyVersion depVersion = version.getDependencyVersion();
                                    if (depVersion.isCompatible(latest.getVersion())) {
                                        isInstalled = true;
                                    } else {
                                        LOG.debug("Package " + pkgName + " needs to be upgraded");
                                        if (enforceDeps) {
                                            throw new PackageException("Package requires version " + version.toString() +
                                                " of package " + pkgName +
                                                ". Installed version is " + latest.getVersion() + ". Please upgrade!");
                                        }
                                    }
                                } else {
                                    isInstalled = true;
                                }
                                if (isInstalled) {
                                    LOG.debug("Package " + pkgName + " already installed");
                                }
                            }
                        }
                        if (!isInstalled && loader != null) {
                            final XarSource depFile = loader.load(pkgName, version);
                            if (depFile != null) {
                                installAndDeploy(broker, transaction, depFile, loader);
                            } else {
                                if (enforceDeps) {
                                    LOG.warn("Missing dependency: package " + pkgName + " could not be resolved. This error " +
                                            "is not fatal, but the package may not work as expected");
                                } else {
                                    throw new PackageException("Missing dependency: package " + pkgName + " could not be resolved.");
                                }
                            }
                        }
                    }
                }
            } catch (final XPathException e) {
                throw new PackageException("Invalid descriptor found in " + xar.getURI());
            }

            // installing the xar into the expath repo
            LOG.info("Installing package " + xar.getURI());
            final UserInteractionStrategy interact = new BatchUserInteraction();
            final org.expath.pkg.repo.Package pkg = repo.get().getParentRepo().installPackage(xar, true, interact);
            final ExistPkgInfo info = (ExistPkgInfo) pkg.getInfo("exist");
            if (info != null && !info.getJars().isEmpty()) {
                ClasspathHelper.updateClasspath(broker.getBrokerPool(), pkg);
            }
            broker.getBrokerPool().getXQueryPool().clear();
            final String pkgName = pkg.getName();
            // signal status
            broker.getBrokerPool().reportStatus("Installing app: " + pkg.getAbbrev());
            repo.get().reportAction(ExistRepository.Action.INSTALL, pkg.getName());

            LOG.info("Deploying package " + pkgName);
            return deploy(broker, transaction, pkgName, repo, null);
        }

	    // Totally unnecessary to do the above if repo is unavailable.
	    return Optional.empty();
    }

    private void checkProcessorVersion(final PackageLoader.Version version) throws PackageException {
        final String procVersion = SystemProperties.getInstance().getSystemProperty("product-version", "1.0");

        final DependencyVersion depVersion = version.getDependencyVersion();
        if (!depVersion.isCompatible(procVersion)) {
            throw new PackageException("Package requires eXist-db version " + version.toString() + ". " +
                "Installed version is " + procVersion);
        }
    }

    public Optional undeploy(final DBBroker broker, final Txn transaction, final String pkgName, final Optional repo) throws PackageException {
        final Optional maybePackageDir = getPackageDir(pkgName, repo);
        if (!maybePackageDir.isPresent()) {
            // fails silently if package dir is not found?
            return Optional.empty();
        }

        final Path packageDir = maybePackageDir.get();
        final Optional pkg = getPackage(pkgName, repo);
        final DocumentImpl repoXML;
        try {
            repoXML = getRepoXML(broker, packageDir);
        } catch (PackageException e) {
            if (pkg.isPresent()) {
                uninstall(broker, transaction, pkg.get(), Optional.empty());
            }
            throw new PackageException("Failed to remove package from database " +
                    "due to error in repo.xml: " + e.getMessage(), e);
        }
        if (repoXML != null) {
            try {
                final Optional cleanup = findElement(repoXML, CLEANUP_ELEMENT);
                if(cleanup.isPresent()) {
                    runQuery(broker, null, packageDir, cleanup.get().getStringValue(), pkgName, QueryPurpose.UNDEPLOY);
                }

                final Optional target = findElement(repoXML, TARGET_COLL_ELEMENT);
                if (pkg.isPresent()) {
                    uninstall(broker, transaction, pkg.get(), target);
                }

                return target.map(e -> Optional.ofNullable(e.getStringValue())).orElseGet(() -> Optional.of(getTargetFallback(pkg.get()).getCollectionPath()));
            } catch (final XPathException e) {
                throw new PackageException("Error found while processing repo.xml: " + e.getMessage(), e);
            } catch (final IOException e) {
                throw new PackageException("Error found while processing repo.xml: " + e.getMessage(), e);
            }
        } else {
            // we still may need to remove the copy of the package from /db/system/repo
            if (pkg.isPresent()) {
		        uninstall(broker, transaction, pkg.get(), Optional.empty());
	        }
        }
        return Optional.empty();
    }

    public Optional deploy(final DBBroker broker, final Txn transaction, final String pkgName, final Optional repo, final String userTarget) throws PackageException, IOException {
        final Optional maybePackageDir = getPackageDir(pkgName, repo);
        if (!maybePackageDir.isPresent()) {
            throw new PackageException("Package not found: " + pkgName);
        }

        final Path packageDir = maybePackageDir.get();

        final DocumentImpl repoXML = getRepoXML(broker, packageDir);
        if (repoXML == null) {
            return Optional.empty();
        }
        try {
            // if there's a  element, run the query it points to
            final Optional setup = findElement(repoXML, SETUP_ELEMENT);
            final Optional setupPath = setup.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());

            if (setupPath.isPresent()) {
                runQuery(broker, null, packageDir, setupPath.get(), pkgName, QueryPurpose.SETUP);
                return Optional.empty();
            } else {
                // otherwise copy all child directories to the target collection
                XmldbURI targetCollection = null;
                if (userTarget != null) {
                    try {
                        targetCollection = XmldbURI.create(userTarget);
                    } catch (final IllegalArgumentException e) {
                        throw new PackageException("Bad collection URI: " + userTarget, e);
                    }
                } else {
                    final Optional target = findElement(repoXML, TARGET_COLL_ELEMENT);
                    final Optional targetPath = target.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());

                    if (targetPath.isPresent()) {
                        // determine target collection
                        try {
                            targetCollection = XmldbURI.create(getTargetCollection(broker, targetPath.get()));
                        } catch (final IllegalArgumentException e) {
                            throw new PackageException("Bad collection URI for  element: " + targetPath.get(), e);
                        }
                    } else {
                        LOG.warn("EXPath Package '" + pkgName + "' does not contain a  in its repo.xml, no files will be deployed to /apps");
                    }
                }
                if (targetCollection == null) {
                    // no target means: package does not need to be deployed into database
                    // however, we need to preserve a copy for backup purposes
                    final Optional pkg = getPackage(pkgName, repo);
		            pkg.orElseThrow(() -> new XPathException("expath repository is not available so the package was not stored."));
                    final String pkgColl = pkg.get().getAbbrev() + "-" + pkg.get().getVersion();
                    targetCollection = XmldbURI.SYSTEM.append("repo/" + pkgColl);
                }

                // extract the permissions (if any)
                final Optional permissions = findElement(repoXML, PERMISSIONS_ELEMENT);
                final Optional requestedPerms = permissions.flatMap(elem -> {
                    final Optional> perms = Optional.ofNullable(elem.getAttribute("mode")).flatMap(mode -> {
                        try {
                            return Optional.of(Either.Left(Integer.parseInt(mode, 8)));
                        } catch(final NumberFormatException e) {
                            if(mode.matches("^[rwx-]{9}")) {
                                return Optional.of(Either.Right(mode));
                            } else {
                                return Optional.empty();
                            }
                        }
                    });

                    return perms.map(p -> new RequestedPerms(
                        elem.getAttribute("user"),
                        elem.getAttribute("password"),
                        Optional.ofNullable(elem.getAttribute("group")),
                        p
                    ));
                });

                //check that if there were permissions then we were able to parse them, a failure would be related to the mode string
                if(permissions.isPresent() && !requestedPerms.isPresent()) {
                    final String mode = permissions.map(elem -> elem.getAttribute("mode")).orElse(null);
                    throw new PackageException("Bad format for mode attribute in : " + mode);
                }

                // run the pre-setup query if present
                final Optional preSetup = findElement(repoXML, PRE_SETUP_ELEMENT);
                final Optional preSetupPath = preSetup.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());

                if(preSetupPath.isPresent()) {
                    runQuery(broker, targetCollection, packageDir, preSetupPath.get(), pkgName, QueryPurpose.PREINSTALL);
                }

                // any required users and group should have been created by the pre-setup query.
                // check for invalid users now.
                if(requestedPerms.isPresent()) {
                    checkUserSettings(broker, requestedPerms.get());
                }

                final InMemoryNodeSet resources = findElements(repoXML,RESOURCES_ELEMENT);

                // install
                final List errors = scanDirectory(broker, transaction, packageDir, targetCollection, resources, true, false,
                        requestedPerms);

                // run the post-setup query if present
                final Optional postSetup = findElement(repoXML, POST_SETUP_ELEMENT);
                final Optional postSetupPath = postSetup.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());

                if(postSetupPath.isPresent()) {
                    runQuery(broker, targetCollection, packageDir, postSetupPath.get(), pkgName, QueryPurpose.POSTINSTALL);
                }

                storeRepoXML(broker, transaction, repoXML, targetCollection, requestedPerms);

                // TODO: it should be safe to clean up the file system after a package
                // has been deployed. Might be enabled after 2.0
                //cleanup(pkgName, repo);

                if (!errors.isEmpty()) {
                    throw new PackageException("Deployment incomplete, " + errors.size() + " issues found: " +
                        errors.stream().collect(Collectors.joining("; ")));
                }
                return Optional.ofNullable(targetCollection.getCollectionPath());
            }
        } catch (final XPathException e) {
            throw new PackageException("Error found while processing repo.xml: " + e.getMessage(), e);
        }
    }

    /**
     * After deployment, clean up the package directory and remove all files which have been
     * stored into the db. They are not needed anymore. Only preserve the descriptors and the
     * contents directory.
     *
     * @param pkgName
     * @param repo
     * @throws PackageException
     */
    private void cleanup(final String pkgName, final Optional repo) throws PackageException {
        if (repo.isPresent()) {
            final Optional pkg = getPackage(pkgName, repo);
            final Optional maybePackageDir = pkg.map(this::getPackageDir);
            if (!maybePackageDir.isPresent()) {
                throw new PackageException("Cleanup: package dir for package " + pkgName + " not found");
            }

            final Path packageDir = maybePackageDir.get();
            final String abbrev = pkg.get().getAbbrev();

            try(final Stream filesToDelete = Files.find(packageDir, 1, (path, attrs) -> {
                    if(path.equals(packageDir)) {
                        return false;
                    }
                    final String name = FileUtils.fileName(path);
                    if (attrs.isDirectory()) {
                        return !(name.equals(abbrev) || name.equals("content"));
                    } else {
                        return !(name.equals("expath-pkg.xml") || name.equals("repo.xml") ||
                                "exist.xml".equals(name) || name.startsWith("icon"));
                    }
            })) {

                filesToDelete.forEach(path -> {
                    try {
                        Files.deleteIfExists(path);
                    } catch(final IOException ioe) {
                        LOG.warn("Cleanup: failed to delete file " + path.toAbsolutePath().toString() + " in package " + pkgName);
                    }
                });
            } catch (final IOException ioe) {
                LOG.warn("Cleanup: failed to delete files", ioe);
            }
        }
    }

    /**
     * Get the target collection for the given package, which resides in pkgDir.
     * Returns path to cached .xar for library packages.
     *
     * @param broker
     * @param pkg
     * @param pkgDir
     * @return
     * @throws PackageException
     */
    private String getTargetCollection(final DBBroker broker, final Package pkg, final Path pkgDir) throws PackageException {
        final DocumentImpl repoXML = getRepoXML(broker, pkgDir);
        if (repoXML != null) {
            try {
                final Optional target = findElement(repoXML, TARGET_COLL_ELEMENT);
                return target.map(ElementImpl::getStringValue).map(s -> getTargetCollection(broker, s)).map(XmldbURI::create).map(XmldbURI::getCollectionPath)
                        .orElseGet(() -> getTargetFallback(pkg).getCollectionPath());
            } catch (XPathException e) {
                throw new PackageException("Failed to determine target collection");
            }
        } else {
            return getTargetFallback(pkg).getCollectionPath();
        }
    }

    private XmldbURI getTargetFallback(final Package pkg) {
        final String pkgColl = pkg.getAbbrev() + "-" + pkg.getVersion();
        return XmldbURI.SYSTEM.append("repo/" + pkgColl);
    }

    private String getTargetCollection(final DBBroker broker, String targetFromRepo) {
        final String appRoot = (String) broker.getConfiguration().getProperty(PROPERTY_APP_ROOT);
        if (appRoot != null) {
            if (targetFromRepo.startsWith("/db/")) {
                targetFromRepo = targetFromRepo.substring(4);
            }
            return appRoot + targetFromRepo;
        }
        if (targetFromRepo.startsWith("/db")) {
            return targetFromRepo;
        } else {
            return "/db/" + targetFromRepo;
        }
    }

    /**
     * Delete the target collection of the package. If there's no repo.xml descriptor,
     * target will be null.
     *
     * @param pkg
     * @param target
     * @throws PackageException
     */
    private void uninstall(final DBBroker broker, final Txn transaction, final Package pkg, final Optional target)
            throws PackageException {
        // determine target collection
        final Optional targetPath = target.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());
        final XmldbURI targetCollection = targetPath.map(s -> XmldbURI.create(getTargetCollection(broker, s)))
                .orElseGet(() -> getTargetFallback(pkg));

        try {
            Collection collection = broker.getOrCreateCollection(transaction, targetCollection);
            if (collection != null) {
                broker.removeCollection(transaction, collection);
            }
            if (target != null) {
                final XmldbURI configCollection = XmldbURI.CONFIG_COLLECTION_URI.append(targetCollection);
                collection = broker.getOrCreateCollection(transaction, configCollection);
                if (collection != null) {
                    broker.removeCollection(transaction, collection);
                }
            }
        } catch (final PermissionDeniedException | IOException | TriggerException e) {
            LOG.error("Exception occurred while removing package.", e);
        }
    }

    /**
     * Store repo.xml into the db. Adds the time of deployment to the descriptor.
     *
     * @param repoXML
     * @param targetCollection
     * @throws XPathException
     */
    private void storeRepoXML(final DBBroker broker, final Txn transaction, final DocumentImpl repoXML, final XmldbURI targetCollection, final Optional requestedPerms)
            throws PackageException, XPathException {
        // Store repo.xml
        final DateTimeValue time = new DateTimeValue(new Date());
        final MemTreeBuilder builder = new MemTreeBuilder();
        builder.startDocument();
        final UpdatingDocumentReceiver receiver = new UpdatingDocumentReceiver(builder, time.getStringValue());
        try {
            repoXML.copyTo(broker, receiver);
        } catch (final SAXException e) {
            throw new PackageException("Error while updating repo.xml in-memory: " + e.getMessage(), e);
        }
        builder.endDocument();
        final DocumentImpl updatedXML = builder.getDocument();

        try {
            final Collection collection = broker.getOrCreateCollection(transaction, targetCollection);
            final XmldbURI name = XmldbURI.createInternal("repo.xml");
            final IndexInfo info = collection.validateXMLResource(transaction, broker, name, updatedXML);
            final Permission permission = info.getDocument().getPermissions();
            setPermissions(broker, requestedPerms, false, MimeType.XML_TYPE, permission);

            collection.store(transaction, broker, info, updatedXML);
        } catch (final PermissionDeniedException | IOException | SAXException | LockException | EXistException e) {
            throw new PackageException("Error while storing updated repo.xml: " + e.getMessage(), e);
        }
    }

    private void checkUserSettings(final DBBroker broker, final RequestedPerms requestedPerms) throws PackageException {
        final org.exist.security.SecurityManager secman = broker.getBrokerPool().getSecurityManager();
        try {
            if (requestedPerms.group.filter(g -> !secman.hasGroup(g)).isPresent()) {
                secman.addGroup(broker, new GroupAider(requestedPerms.group.get()));
            }

            if (!secman.hasAccount(requestedPerms.user)) {
                final UserAider aider = new UserAider(requestedPerms.user);
                aider.setPassword(requestedPerms.password);
                requestedPerms.group.ifPresent(groupName -> aider.addGroup(groupName));
                secman.addAccount(broker, aider);
            }
        } catch (final PermissionDeniedException | EXistException e) {
            throw new PackageException("Failed to create user: " + requestedPerms.user, e);
        }
    }

    private enum QueryPurpose {
        SETUP(" element"),
        PREINSTALL(" element"),
        POSTINSTALL(" element"),
        UNDEPLOY("undeploy");

        private final String purpose;

        QueryPurpose(final String purpose) {
            this.purpose = purpose;
        }

        public String getPurposeString() {
            return purpose;
        }
    }

    private Sequence runQuery(final DBBroker broker, final XmldbURI targetCollection, final Path tempDir,
            final String fileName, final String pkgName, final QueryPurpose purpose)
            throws PackageException, IOException, XPathException {
        final Path xquery = tempDir.resolve(fileName);
        if (!Files.isReadable(xquery)) {
            LOG.warn("The XQuery resource specified in the " + purpose.getPurposeString() + " was not found for EXPath Package: '" + pkgName + "'");
            return Sequence.EMPTY_SEQUENCE;
        }
        final XQuery xqs = broker.getBrokerPool().getXQueryService();
        final XQueryContext ctx = new XQueryContext(broker.getBrokerPool());
        ctx.declareVariable("dir", tempDir.toAbsolutePath().toString());
        final Optional home = broker.getConfiguration().getExistHome();
        if(home.isPresent()) {
            ctx.declareVariable("home", home.get().toAbsolutePath().toString());
        }

        if (targetCollection != null) {
            ctx.declareVariable("target", targetCollection.toString());
            ctx.setModuleLoadPath(XmldbURI.EMBEDDED_SERVER_URI + targetCollection.toString());
        } else
            {ctx.declareVariable("target", Sequence.EMPTY_SEQUENCE);}
        if (QueryPurpose.PREINSTALL == purpose) {
            // when running pre-setup scripts, base path should point to directory
            // because the target collection does not yet exist
            ctx.setModuleLoadPath(tempDir.toAbsolutePath().toString());
        }

        CompiledXQuery compiled;
        try {
            compiled = xqs.compile(broker, ctx, new FileSource(xquery, false));
            return xqs.execute(broker, compiled, null);
        } catch (final PermissionDeniedException e) {
            throw new PackageException(e.getMessage(), e);
        }
    }

    /**
     * Scan a directory and import all files and sub directories into the target
     * collection.
     *
     * @param broker
     * @param transaction
     * @param directory
     * @param target
     */
    private List scanDirectory(final DBBroker broker, final Txn transaction, final Path directory, final XmldbURI target, final InMemoryNodeSet resources,
                               final boolean inRootDir, final boolean isResourcesDir, final Optional requestedPerms) {
        return scanDirectory(broker, transaction, directory, target, resources, inRootDir, isResourcesDir, requestedPerms, new ArrayList<>());
    }

    private List scanDirectory(final DBBroker broker, final Txn transaction, final Path directory, final XmldbURI target, final InMemoryNodeSet resources,
                                       final boolean inRootDir, final boolean isResourcesDir, final
                                       Optional requestedPerms, final List errors) {
        Collection collection = null;
        try {
            collection = broker.getOrCreateCollection(transaction, target);
            setPermissions(broker, requestedPerms, true, null, collection.getPermissionsNoLock());
            broker.saveCollection(transaction, collection);
        } catch (final PermissionDeniedException | TriggerException | IOException e) {
            LOG.warn(e);
            errors.add(e.getMessage());
        }

        final boolean isResources = isResourcesDir || isResourceDir(target, resources);

        // the root dir is not allowed to be a resources directory
        if (!inRootDir && isResources) {
            try {
                storeBinaryResources(broker, transaction, directory, collection, requestedPerms, errors);
            } catch (Exception e) {
                LOG.error(e.getMessage(), e); 
            }
        } else {
            storeFiles(broker, transaction, directory, collection, inRootDir, requestedPerms, errors);
        }

        // scan sub directories
        try(final Stream subDirs = Files.find(directory, 1, (path, attrs) -> (!path.equals(directory)) && attrs.isDirectory())) {
            subDirs.forEach(path -> scanDirectory(broker, transaction, path, target.append(FileUtils.fileName(path)), resources, false,
                    isResources, requestedPerms, errors));
        } catch(final IOException ioe) {
            LOG.warn("Unable to scan sub-directories", ioe);
        }
        return errors;
    }

    private boolean isResourceDir(final XmldbURI target, final InMemoryNodeSet resources) {
        // iterate here or pass into scandirectory directly or even save as class property???
        for (final SequenceIterator i = resources.iterate(); i.hasNext(); ) {
            final ElementImpl child = (ElementImpl) i.nextItem();
            final String resourcePath = child.getAttribute(RESOURCES_PATH_ATTRIBUTE);
            if (target.toString().endsWith(resourcePath)) {
                return true;
            }
        }
        return false;
    }

    /**
     * Import all files in the given directory into the target collection
     *
     * @param broker
     * @param transaction
     * @param directory
     * @param targetCollection
     */
    private void storeFiles(final DBBroker broker, final Txn transaction, final Path directory, final Collection targetCollection, final boolean inRootDir,
            final Optional requestedPerms, final List errors) {
        List files;
        try {
            files = FileUtils.list(directory);
        } catch(final IOException ioe) {
            LOG.error(ioe);
            errors.add(FileUtils.fileName(directory) + ": " + ioe.getMessage());
            files = Collections.EMPTY_LIST;
        }

        final MimeTable mimeTab = MimeTable.getInstance();

        for (final Path file : files) {
            if (inRootDir && FileUtils.fileName(file).equals("repo.xml")) {
                continue;
            }
            if (!Files.isDirectory(file)) {
                MimeType mime = mimeTab.getContentTypeFor(FileUtils.fileName(file));
                if (mime == null) {
                    mime = MimeType.BINARY_TYPE;
                }
                final XmldbURI name = XmldbURI.create(FileUtils.fileName(file));

                try {
                    if (mime.isXMLType()) {
                        final InputSource is = new FileInputSource(file);
                        IndexInfo info = null;
                        try {
                            info = targetCollection.validateXMLResource(transaction, broker, name, is);
                        } catch (EXistException | PermissionDeniedException | LockException | SAXException | IOException e) {
                            //check for .html ending
                            if(mime.getName().equals(MimeType.HTML_TYPE.getName())){
                                //store it as binary resource
                                storeBinary(broker, transaction, targetCollection, file, mime, name, requestedPerms);
                            } else {
                                // could neither store as xml nor binary: give up and report failure in outer catch
                                throw new EXistException(FileUtils.fileName(file) + " cannot be stored");
                            }
                        }
                        if (info != null) {
                            info.getDocument().getMetadata().setMimeType(mime.getName());
                            final Permission permission = info.getDocument().getPermissions();
                            setPermissions(broker, requestedPerms, false, mime, permission);

                            targetCollection.store(transaction, broker, info, is);
                        }
                    } else {
                        final long size = Files.size(file);
                        try(final InputStream is = Files.newInputStream(file)) {
                            final BinaryDocument doc =
                                    targetCollection.addBinaryResource(transaction, broker, name, is, mime.getName(), size);

                            final Permission permission = doc.getPermissions();
                            setPermissions(broker, requestedPerms, false, mime, permission);
                            doc.getMetadata().setMimeType(mime.getName());
                            broker.storeXMLResource(transaction, doc);
                        }
                    }
                } catch (final SAXException | EXistException | PermissionDeniedException | LockException | IOException e) {
                    LOG.error(e.getMessage(), e);
                    errors.add(FileUtils.fileName(file) + ": " + e.getMessage());
                }
            }
        }
    }

    private void storeBinary(final DBBroker broker, final Txn transaction, final Collection targetCollection, final Path file, final MimeType mime, final XmldbURI name, final Optional requestedPerms) throws
            IOException, EXistException, PermissionDeniedException, LockException, TriggerException {
        final long size = Files.size(file);
        try (final InputStream is = Files.newInputStream(file)) {
            final BinaryDocument doc =
                    targetCollection.addBinaryResource(transaction, broker, name, is, mime.getName(), size);

            final Permission permission = doc.getPermissions();
            setPermissions(broker, requestedPerms, false, mime, permission);
            doc.getMetadata().setMimeType(mime.getName());
            broker.storeXMLResource(transaction, doc);
        }
    }

    private void storeBinaryResources(final DBBroker broker, final Txn transaction, final Path directory, final Collection targetCollection,
            final Optional requestedPerms, final List errors) throws IOException, EXistException,
            PermissionDeniedException, LockException, TriggerException {
        try(DirectoryStream stream = Files.newDirectoryStream(directory)) {
            for (final Path entry: stream) {
                if (!Files.isDirectory(entry)) {
                    final XmldbURI name = XmldbURI.create(FileUtils.fileName(entry));
                    try {
                        storeBinary(broker, transaction, targetCollection, entry, MimeType.BINARY_TYPE, name, requestedPerms);
                    } catch (final Exception e) {
                        LOG.error(e.getMessage(), e);
                        errors.add(e.getMessage());
                    }
                }  
            }
        }
    }

    /**
     * Set owner, group and permissions. For XQuery resources, always set the executable flag.
     * @param mime
     * @param permission
     */
    private void setPermissions(final DBBroker broker, final Optional requestedPerms, final boolean isCollection, final MimeType mime, final Permission permission) throws PermissionDeniedException {
        int mode = permission.getMode();
        if (requestedPerms.isPresent()) {
            final RequestedPerms perms = requestedPerms.get();

            PermissionFactory.chown(broker, permission, Optional.of(perms.user), perms.group);

            mode = perms.permissions.map(permStr -> {
                try {
                    final UnixStylePermission other = new UnixStylePermission(broker.getBrokerPool().getSecurityManager());
                    other.setMode(permStr);
                    return other.getMode();
                } catch (final PermissionDeniedException | SyntaxException e) {
                    LOG.warn("Unable to set permissions string: " + permStr + ". Falling back to default.");
                    return permission.getMode();
                }
            }).fold(l -> l, r -> r);
        }

        if (isCollection || (mime != null && mime.getName().equals(MimeType.XQUERY_TYPE.getName()))) {
            mode = mode | 0111;     //TODO(AR) Whoever did this - this is a really bad idea. You are circumventing the security of the system
        }

        PermissionFactory.chmod(broker, permission, Optional.of(mode), Optional.empty());
    }

    private Optional findElement(final NodeImpl root, final QName qname) throws XPathException {
        final InMemoryNodeSet setupNodes = new InMemoryNodeSet();
        root.selectDescendants(false, new NameTest(Type.ELEMENT, qname), setupNodes);
        if (setupNodes.getItemCount() == 0) {
            return Optional.empty();
        }
        return Optional.of((ElementImpl) setupNodes.itemAt(0));
    }

    private InMemoryNodeSet findElements(final NodeImpl root, final QName qname) throws XPathException {
        final InMemoryNodeSet setupNodes = new InMemoryNodeSet();
        root.selectDescendants(false, new NameTest(Type.ELEMENT, qname), setupNodes);
        return setupNodes;
    }

    public Optional getNameFromDescriptor(final DBBroker broker, final XarSource xar) throws IOException, PackageException {
        final Optional doc = getDescriptor(broker, xar);
        return doc.map(DocumentImpl::getDocumentElement).map(root -> root.getAttribute("name"));
    }

    public Optional getDescriptor(final DBBroker broker, final XarSource xar) throws IOException, PackageException {
        try(final JarInputStream jis = new JarInputStream(xar.newInputStream())) {
            JarEntry entry;
            while ((entry = jis.getNextJarEntry()) != null) {
                if (!entry.isDirectory() && "expath-pkg.xml".equals(entry.getName())) {
                    try {
                        return Optional.of(DocUtils.parse(broker.getBrokerPool(), null, jis));
                    } catch (final XPathException e) {
                        throw new PackageException("Error while parsing expath-pkg.xml: " + e.getMessage(), e);
                    }
                }
            }
        }
        return Optional.empty();
    }

    /**
     * Update repo.xml while copying it. For security reasons, make sure
     * any default password is removed before uploading.
     */
    private static class UpdatingDocumentReceiver extends DocumentBuilderReceiver {
        private final String time;
        private final Deque stack = new ArrayDeque<>();

        public UpdatingDocumentReceiver(final MemTreeBuilder builder, final String time) {
            super(builder, false);
            this.time = time;
        }

        @Override
        public void startElement(final QName qname, final AttrList attribs) {
            stack.push(qname.getLocalPart());
            AttrList newAttrs = attribs;
            if (attribs != null && "permissions".equals(qname.getLocalPart())) {
                newAttrs = new AttrList();
                for (int i = 0; i < attribs.getLength(); i++) {
                    if (!"password". equals(attribs.getQName(i).getLocalPart())) {
                        newAttrs.addAttribute(attribs.getQName(i), attribs.getValue(i), attribs.getType(i));
                    }
                }
            }

            if (!"deployed".equals(qname.getLocalPart())) {
                super.startElement(qname, newAttrs);
            }
        }

        @Override
        public void startElement(final String namespaceURI, final String localName,
                                 final String qName, final Attributes attrs) throws SAXException {
            stack.push(localName);
            if (!"deployed".equals(localName)) {
                super.startElement(namespaceURI, localName, qName, attrs);
            }
        }

        @Override
        public void endElement(final QName qname) throws SAXException {
            stack.pop();
            if ("meta".equals(qname.getLocalPart())) {
                addDeployTime();
            }
            if (!"deployed".equals(qname.getLocalPart())) {
                super.endElement(qname);
            }
        }

        @Override
        public void endElement(final String uri, final String localName, final String qName) throws SAXException {
            stack.pop();
            if ("meta".equals(localName)) {
                addDeployTime();
            }
            if (!"deployed".equals(localName)) {
                super.endElement(uri, localName, qName);
            }
        }

        @Override
        public void attribute(final QName qname, final String value) throws SAXException {
            final String current = stack.peek();
            if (!("permissions".equals(current) && "password".equals(qname.getLocalPart()))) {
                super.attribute(qname, value);
            }
        }

        @Override
        public void characters(final char[] ch, final int start, final int len) throws SAXException {
            final String current = stack.peek();
            if (!"deployed".equals(current)) {
                super.characters(ch, start, len);
            }
        }

        @Override
        public void characters(final CharSequence seq) throws SAXException {
            final String current = stack.peek();
            if (!"deployed".equals(current)) {
                super.characters(seq);
            }
        }

        private void addDeployTime() throws SAXException {
            super.startElement(DEPLOYED_ELEMENT, null);
            super.characters(time);
            super.endElement(DEPLOYED_ELEMENT);
        }
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy