Security fixes, enterprise stuff and more (#3241)

# Description of Changes Please provide a summary of the changes, including: - Enable user to add custom JAVA ops with env JAVA_CUSTOM_OPTS - Added support for prometheus (enabled via JAVA_CUSTOM_OPTS + enterprise license) - Changed settings from enterprise naming to 'Premium' - KeygenLicense Check to support offline licenses - Disable URL-to-PDF due to huge security bug - Remove loud Split PDF logs - addUsers renamed to adminSettings - Added Usage analytics page - Add user button to only be enabled based on total users free - Improve Merge memory usage Closes #(issue_number) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: Connor Yoh <con.yoh13@gmail.com>
2026-04-22 23:08:53 +02:00 · 2025-03-25 17:57:17 +00:00
parent 86becc61de
commit e151286337
35 changed files with 1603 additions and 267 deletions
--- a/src/main/java/stirling/software/SPDF/config/AppConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/AppConfig.java
@@ -182,7 +182,7 @@ public class AppConfig {
    @Bean(name = "analyticsEnabled")
    @Scope("request")
    public boolean analyticsEnabled() {
-        if (applicationProperties.getEnterpriseEdition().isEnabled()) return true;
+        if (applicationProperties.getPremium().isEnabled()) return true;
        return applicationProperties.getSystem().isAnalyticsEnabled();
    }

--- a/src/main/java/stirling/software/SPDF/config/ConfigInitializer.java
+++ b/src/main/java/stirling/software/SPDF/config/ConfigInitializer.java
@@ -9,6 +9,7 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
+import java.util.List;

 import lombok.extern.slf4j.Slf4j;

@@ -56,6 +57,8 @@ public class ConfigInitializer {
            YamlHelper settingsTemplateFile = new YamlHelper(tempTemplatePath);
            YamlHelper settingsFile = new YamlHelper(settingTempPath);

+            migrateEnterpriseEditionToPremium(settingsFile, settingsTemplateFile);
+
            boolean changesMade =
                    settingsTemplateFile.updateValuesFromYaml(settingsFile, settingsTemplateFile);
            if (changesMade) {
@@ -76,4 +79,46 @@ public class ConfigInitializer {
            log.info("Created custom_settings file: {}", customSettingsPath.toString());
        }
    }
+
+    // TODO: Remove post migration
+    private void migrateEnterpriseEditionToPremium(YamlHelper yaml, YamlHelper template) {
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "enabled") != null) {
+            template.updateValue(
+                    List.of("premium", "enabled"),
+                    yaml.getValueByExactKeyPath("enterpriseEdition", "enabled"));
+        }
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "key") != null) {
+            template.updateValue(
+                    List.of("premium", "key"),
+                    yaml.getValueByExactKeyPath("enterpriseEdition", "key"));
+        }
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "SSOAutoLogin") != null) {
+            template.updateValue(
+                    List.of("premium", "proFeatures", "SSOAutoLogin"),
+                    yaml.getValueByExactKeyPath("enterpriseEdition", "SSOAutoLogin"));
+        }
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "autoUpdateMetadata")
+                != null) {
+            template.updateValue(
+                    List.of("premium", "proFeatures", "CustomMetadata", "autoUpdateMetadata"),
+                    yaml.getValueByExactKeyPath(
+                            "enterpriseEdition", "CustomMetadata", "autoUpdateMetadata"));
+        }
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "author") != null) {
+            template.updateValue(
+                    List.of("premium", "proFeatures", "CustomMetadata", "author"),
+                    yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "author"));
+        }
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "creator") != null) {
+            template.updateValue(
+                    List.of("premium", "proFeatures", "CustomMetadata", "creator"),
+                    yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "creator"));
+        }
+        if (yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "producer")
+                != null) {
+            template.updateValue(
+                    List.of("premium", "proFeatures", "CustomMetadata", "producer"),
+                    yaml.getValueByExactKeyPath("enterpriseEdition", "CustomMetadata", "producer"));
+        }
+    }
 }
--- a/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
@@ -8,6 +8,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;

 import lombok.extern.slf4j.Slf4j;
@@ -22,10 +23,14 @@ public class EndpointConfiguration {
    private final ApplicationProperties applicationProperties;
    private Map<String, Boolean> endpointStatuses = new ConcurrentHashMap<>();
    private Map<String, Set<String>> endpointGroups = new ConcurrentHashMap<>();
+    private final boolean runningEE;

    @Autowired
-    public EndpointConfiguration(ApplicationProperties applicationProperties) {
+    public EndpointConfiguration(
+            ApplicationProperties applicationProperties,
+            @Qualifier("runningEE") boolean runningEE) {
        this.applicationProperties = applicationProperties;
+        this.runningEE = runningEE;
        init();
        processEnvironmentConfigs();
    }
@@ -281,6 +286,13 @@ public class EndpointConfiguration {
                }
            }
        }
+        if (!runningEE) {
+            disableGroup("enterprise");
+        }
+
+        if (!applicationProperties.getSystem().getEnableUrlToPDF()) {
+            disableEndpoint("url-to-pdf");
+        }
    }

    public Set<String> getEndpointsForGroup(String group) {
--- a/src/main/java/stirling/software/SPDF/config/EndpointInspector.java
+++ b/src/main/java/stirling/software/SPDF/config/EndpointInspector.java
@@ -36,7 +36,6 @@ public class EndpointInspector implements ApplicationListener<ContextRefreshedEv
        if (!endpointsDiscovered) {
            discoverEndpoints();
            endpointsDiscovered = true;
-            logger.info("Discovered {} valid GET endpoints", validGetEndpoints.size());
        }
    }

--- a/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java
+++ b/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java
@@ -6,7 +6,10 @@ import org.springframework.web.servlet.HandlerInterceptor;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;

+import lombok.extern.slf4j.Slf4j;
+
@Component
+@Slf4j
 public class EndpointInterceptor implements HandlerInterceptor {

    private final EndpointConfiguration endpointConfiguration;
--- a/src/main/java/stirling/software/SPDF/config/EnterpriseEndpointFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/EnterpriseEndpointFilter.java
@@ -0,0 +1,38 @@
+package stirling.software.SPDF.config;
+
+import java.io.IOException;
+
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class EnterpriseEndpointFilter extends OncePerRequestFilter {
+    private final boolean runningEE;
+
+    public EnterpriseEndpointFilter(@Qualifier("runningEE") boolean runningEE) {
+        this.runningEE = runningEE;
+    }
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        if (!runningEE && isPrometheusEndpointRequest(request)) {
+            response.setStatus(HttpStatus.NOT_FOUND.value());
+            return;
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private boolean isPrometheusEndpointRequest(HttpServletRequest request) {
+        return request.getRequestURI().contains("/actuator/");
+    }
+}