diff --git a/src/main/java/stirling/software/SPDF/config/InitialSetup.java b/src/main/java/stirling/software/SPDF/config/InitialSetup.java index 0e0ad2be..294e31ef 100644 --- a/src/main/java/stirling/software/SPDF/config/InitialSetup.java +++ b/src/main/java/stirling/software/SPDF/config/InitialSetup.java @@ -1,11 +1,14 @@ package stirling.software.SPDF.config; import java.io.IOException; +import java.util.Properties; import java.util.UUID; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; import org.springframework.stereotype.Component; import io.micrometer.common.util.StringUtils; @@ -23,6 +26,18 @@ public class InitialSetup { @Autowired private ApplicationProperties applicationProperties; @PostConstruct + public void init() throws IOException { + initUUIDKey(); + + initSecretKey(); + + initEnableCSRFSecurity(); + + initLegalUrls(); + + initSetAppVersion(); + } + public void initUUIDKey() throws IOException { String uuid = applicationProperties.getAutomaticallyGenerated().getUUID(); if (!GeneralUtils.isValidUUID(uuid)) { @@ -32,7 +47,6 @@ public class InitialSetup { } } - @PostConstruct public void initSecretKey() throws IOException { String secretKey = applicationProperties.getAutomaticallyGenerated().getKey(); if (!GeneralUtils.isValidUUID(secretKey)) { @@ -42,13 +56,24 @@ public class InitialSetup { } } - @PostConstruct + public void initEnableCSRFSecurity() throws IOException { + if(GeneralUtils.isVersionHigher("0.36.0", applicationProperties.getAutomaticallyGenerated().getAppVersion())) { + Boolean csrf = applicationProperties.getSecurity().getCsrfDisabled(); + if (!csrf) { + GeneralUtils.saveKeyToConfig("security.csrfDisabled", false, false); + GeneralUtils.saveKeyToConfig("system.enableAnalytics", "true", false); + applicationProperties.getSecurity().setCsrfDisabled(false); + + } + } + } + public void initLegalUrls() throws IOException { // Initialize Terms and Conditions String termsUrl = applicationProperties.getLegal().getTermsAndConditions(); if (StringUtils.isEmpty(termsUrl)) { String defaultTermsUrl = "https://www.stirlingpdf.com/terms-and-conditions"; - GeneralUtils.saveKeyToConfig("legal.termsAndConditions", defaultTermsUrl); + GeneralUtils.saveKeyToConfig("legal.termsAndConditions", defaultTermsUrl, false); applicationProperties.getLegal().setTermsAndConditions(defaultTermsUrl); } @@ -56,8 +81,24 @@ public class InitialSetup { String privacyUrl = applicationProperties.getLegal().getPrivacyPolicy(); if (StringUtils.isEmpty(privacyUrl)) { String defaultPrivacyUrl = "https://www.stirlingpdf.com/privacy-policy"; - GeneralUtils.saveKeyToConfig("legal.privacyPolicy", defaultPrivacyUrl); + GeneralUtils.saveKeyToConfig("legal.privacyPolicy", defaultPrivacyUrl, false); applicationProperties.getLegal().setPrivacyPolicy(defaultPrivacyUrl); } } + + public void initSetAppVersion() throws IOException { + + String appVersion = "0.0.0"; + Resource resource = new ClassPathResource("version.properties"); + Properties props = new Properties(); + try { + props.load(resource.getInputStream()); + appVersion =props.getProperty("version"); + } catch(Exception e) { + + } + applicationProperties.getAutomaticallyGenerated().setAppVersion(appVersion); + GeneralUtils.saveKeyToConfig("AutomaticallyGenerated.appVersion", appVersion,false); + } + } diff --git a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java index 6d4d0a7f..48fe8914 100644 --- a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java +++ b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java @@ -285,6 +285,7 @@ public class ApplicationProperties { public static class AutomaticallyGenerated { @ToString.Exclude private String key; private String UUID; + private String appVersion; } @Data diff --git a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java index 8e56c8df..3f48997c 100644 --- a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java +++ b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java @@ -288,6 +288,10 @@ public class GeneralUtils { public static void saveKeyToConfig(String id, String key) throws IOException { saveKeyToConfig(id, key, true); } + public static void saveKeyToConfig(String id, boolean key) throws IOException { + saveKeyToConfig(id, key, true); + } + public static void saveKeyToConfig(String id, String key, boolean autoGenerated) throws IOException { @@ -306,6 +310,25 @@ public class GeneralUtils { } settingsYml.save(); } + + public static void saveKeyToConfig(String id, boolean key, boolean autoGenerated) + throws IOException { + Path path = Paths.get("configs", "settings.yml"); + + final YamlFile settingsYml = new YamlFile(path.toFile()); + DumperOptions yamlOptionssettingsYml = + ((SimpleYamlImplementation) settingsYml.getImplementation()).getDumperOptions(); + yamlOptionssettingsYml.setSplitLines(false); + + settingsYml.loadWithComments(); + + YamlFileWrapper writer = settingsYml.path(id).set(key); + if (autoGenerated) { + writer.comment("# Automatically Generated Settings (Do Not Edit Directly)"); + } + settingsYml.save(); + } + public static String generateMachineFingerprint() { try { @@ -349,4 +372,34 @@ public class GeneralUtils { return "GenericID"; } } + + public static boolean isVersionHigher(String currentVersion, String compareVersion) { + if (currentVersion == null || compareVersion == null) { + return false; + } + + // Split versions into components + String[] current = currentVersion.split("\\."); + String[] compare = compareVersion.split("\\."); + + // Get the length of the shorter version array + int length = Math.min(current.length, compare.length); + + // Compare each component + for (int i = 0; i < length; i++) { + int currentPart = Integer.parseInt(current[i]); + int comparePart = Integer.parseInt(compare[i]); + + if (currentPart > comparePart) { + return true; + } + if (currentPart < comparePart) { + return false; + } + } + + // If all components so far are equal, the longer version is considered higher + return current.length > compare.length; + } + } diff --git a/src/main/resources/settings.yml.template b/src/main/resources/settings.yml.template index eded10e7..a110744a 100644 --- a/src/main/resources/settings.yml.template +++ b/src/main/resources/settings.yml.template @@ -13,7 +13,7 @@ security: enableLogin: false # set to 'true' to enable login - csrfDisabled: true # set to 'true' to disable CSRF protection (not recommended for production) + csrfDisabled: false # set to 'true' to disable CSRF protection (not recommended for production) loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1 loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts loginMethod: all # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2) @@ -102,7 +102,8 @@ metrics: AutomaticallyGenerated: key: example UUID: example - + appVersion: 0.35.0 + processExecutor: sessionLimit: # Process executor instances limits libreOfficeSessionLimit: 1