added ip filter

Author: Peter

graphhopper.sh

@@ -218,12 +218,14 @@ if [ "x$ACTION" = "xui" ] || [ "x$ACTION" = "xweb" ]; then
   RC_BASE=./web/src/main/webapp
 
   if [ "x$GH_FOREGROUND" = "x" ]; then
-    exec "$JAVA" $JAVA_OPTS -jar "$WEB_JAR" jetty.resourcebase=$RC_BASE jetty.port=$JETTY_PORT jetty.host=$JETTY_HOST config=$CONFIG \
-         $GH_WEB_OPTS graph.location="$GRAPH" osmreader.osm="$OSM_FILE"
+    exec "$JAVA" $JAVA_OPTS -jar "$WEB_JAR" jetty.resourcebase=$RC_BASE \
+	jetty.port=$JETTY_PORT jetty.host=$JETTY_HOST \
+    	config=$CONFIG $GH_WEB_OPTS graph.location="$GRAPH" osmreader.osm="$OSM_FILE"
     # foreground => we never reach this here
   else
-    exec "$JAVA" $JAVA_OPTS -jar "$WEB_JAR" jetty.resourcebase=$RC_BASE jetty.port=$JETTY_PORT jetty.host=$JETTY_HOST config=$CONFIG \
-         $GH_WEB_OPTS graph.location="$GRAPH" osmreader.osm="$OSM_FILE" <&- &
+    exec "$JAVA" $JAVA_OPTS -jar "$WEB_JAR" jetty.resourcebase=$RC_BASE \
+    	jetty.port=$JETTY_PORT jetty.host=$JETTY_HOST \
+    	config=$CONFIG $GH_WEB_OPTS graph.location="$GRAPH" osmreader.osm="$OSM_FILE" <&- &
     if [ "x$GH_PID_FILE" != "x" ]; then
        echo $! > $GH_PID_FILE
     fi

web/src/main/java/com/graphhopper/http/GHServer.java

@@ -112,7 +112,7 @@ protected void configure()
                 binder().requireExplicitBindings();
 
                 install(new DefaultModule(args));
-                install(new GHServletModule());
+                install(new GHServletModule(args));
 
                 bind(GuiceFilter.class);
             }

web/src/main/java/com/graphhopper/http/GHServletModule.java

@@ -18,6 +18,7 @@
 package com.graphhopper.http;
 
 import com.google.inject.servlet.ServletModule;
+import com.graphhopper.util.CmdArgs;
 import java.util.HashMap;
 import java.util.Map;
 import javax.inject.Singleton;
@@ -28,9 +29,11 @@
 public class GHServletModule extends ServletModule
 {
     protected Map<String, String> params = new HashMap<String, String>();
+    private final CmdArgs args;
 
-    public GHServletModule()
+    public GHServletModule( CmdArgs args )
     {
+        this.args = args;
         params.put("mimeTypes", "text/html,"
                 + "text/plain,"
                 + "text/xml,"
@@ -46,10 +49,13 @@ protected void configureServlets()
     {
         filter("*").through(GHGZIPHook.class, params);
         bind(GHGZIPHook.class).in(Singleton.class);
-        
+
         filter("*").through(CORSFilter.class, params);
         bind(CORSFilter.class).in(Singleton.class);
 
+        filter("*").through(IPFilter.class);
+        bind(IPFilter.class).toInstance(new IPFilter(args.get("jetty.whiteips", ""), args.get("jetty.blackips", "")));
+
         serve("/i18n*").with(I18NServlet.class);
         bind(I18NServlet.class).in(Singleton.class);
 

web/src/main/java/com/graphhopper/http/GraphHopperServlet.java

@@ -23,7 +23,6 @@
 import com.graphhopper.routing.util.FlagEncoder;
 import com.graphhopper.util.*;
 import com.graphhopper.util.Helper;
-import com.graphhopper.util.Translation;
 import com.graphhopper.util.shapes.GHPoint;
 import java.io.IOException;
 import java.util.*;

web/src/main/java/com/graphhopper/http/GuiceServletConfig.java

@@ -24,14 +24,27 @@
 import com.graphhopper.util.CmdArgs;
 
 /**
- * Replacement of web.xml
+ * Replacement of web.xml used only for container deployment. Preferred method is to use GHServer.
  * <p/>
  * http://code.google.com/p/google-guice/wiki/ServletModule
  * <p/>
  * @author Peter Karich
  */
 public class GuiceServletConfig extends GuiceServletContextListener
 {
+    private final CmdArgs args;
+
+    public GuiceServletConfig()
+    {
+        try
+        {
+            args = CmdArgs.readFromConfig("config.properties", "graphhopper.config");
+        } catch (Exception ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+
     @Override
     protected Injector getInjector()
     {
@@ -40,11 +53,11 @@ protected Injector getInjector()
 
     protected Module createDefaultModule()
     {
-        return new DefaultModule(new CmdArgs());
+        return new DefaultModule(args);
     }
 
     protected Module createServletModule()
     {
-        return new GHServletModule();
+        return new GHServletModule(args);
     }
 }

web/src/main/java/com/graphhopper/http/IPFilter.java

@@ -0,0 +1,116 @@
+package com.graphhopper.http;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * This IP filter class accepts a list of IPs for blacklisting OR for whitelisting (but not both).
+ * <p>
+ * Additionally to exact match a simple wildcard expression ala 1.2.3* or 1.*.3.4 is allowed.
+ * <p>
+ * The internal ip filter from jetty did not work (NP exceptions)
+ * <p>
+ * @author Peter Karich
+ */
+public class IPFilter implements Filter
+{
+    private final Logger logger = LoggerFactory.getLogger(getClass());
+    private final Set<String> whites;
+    private final Set<String> blacks;
+
+    public IPFilter( String whiteList, String blackList )
+    {
+        whites = createSet(whiteList.split(","));
+        blacks = createSet(blackList.split(","));
+        if (!whites.isEmpty())
+            logger.info("whitelist:" + whites);
+        if (!blackList.isEmpty())
+            logger.info("blacklist:" + blacks);
+
+        if (!blacks.isEmpty() && !whites.isEmpty())
+            throw new IllegalArgumentException("blacklist and whitelist at the same time?");
+    }
+
+    @Override
+    public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException
+    {
+        String ip = request.getRemoteAddr();
+        if (accept(ip))
+        {
+            chain.doFilter(request, response);
+        } else
+        {
+            logger.warn("Did not accept IP " + ip);
+            ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
+        }
+    }
+
+    public boolean accept( String ip )
+    {
+        if (whites.isEmpty() && blacks.isEmpty())
+            return true;
+
+        if (!whites.isEmpty())
+        {
+            for (String w : whites)
+            {
+                if (simpleMatch(ip, w))
+                    return true;
+            }
+            return false;
+        }
+
+        if (blacks.isEmpty())
+            throw new IllegalStateException("cannot happen");
+
+        for (String b : blacks)
+        {
+            if (simpleMatch(ip, b))
+                return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public void init( FilterConfig filterConfig ) throws ServletException
+    {
+    }
+
+    @Override
+    public void destroy()
+    {
+    }
+
+    private Set<String> createSet( String[] split )
+    {
+        Set<String> set = new HashSet<String>(split.length);
+        for (String str : split)
+        {
+            str = str.trim();
+            if (!str.isEmpty())
+                set.add(str);
+        }
+        return set;
+    }
+
+    public boolean simpleMatch( String ip, String pattern )
+    {
+        String[] ipParts = pattern.split("\\*");
+        for (String ipPart : ipParts)
+        {
+            int idx = ip.indexOf(ipPart);
+            if (idx == -1)
+                return false;
+
+            ip = ip.substring(idx + ipPart.length());
+        }
+
+        return true;
+    }
+}

web/src/main/java/com/graphhopper/http/WebHelper.java

@@ -94,6 +94,9 @@ public static PointList decodePolyline( String encoded, int initCap, boolean is3
     // https://developers.google.com/maps/documentation/utilities/polylinealgorithm?hl=de
     public static String encodePolyline( PointList poly )
     {
+        if (poly.isEmpty())
+            return "";
+        
         return encodePolyline(poly, poly.is3D());
     }
 

web/src/test/java/com/graphhopper/http/BaseServletTester.java

@@ -20,11 +20,9 @@
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Module;
-import com.google.inject.servlet.GuiceFilter;
 import com.graphhopper.util.CmdArgs;
 import com.graphhopper.util.Downloader;
 import org.json.JSONObject;
-import org.junit.AfterClass;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -62,7 +60,7 @@ private void bootJetty( CmdArgs args, int retryCount )
         server = new GHServer(args);
 
         if (injector == null)
-            setUpGuice(new DefaultModule(args), new GHServletModule());
+            setUpGuice(new DefaultModule(args), new GHServletModule(args));
 
         for (int i = 0; i < retryCount; i++)
         {

web/src/test/java/com/graphhopper/http/IPFilterTest.java

@@ -0,0 +1,55 @@
+package com.graphhopper.http;
+
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Peter Karich
+ */
+public class IPFilterTest
+{
+    @Test
+    public void testAcceptWhite()
+    {
+        IPFilter instance = new IPFilter("1.2.3.4, 4.5.67.1", "");
+        assertTrue(instance.accept("1.2.3.4"));
+        assertTrue(instance.accept("4.5.67.1"));
+        assertFalse(instance.accept("1.2.3.5"));
+
+        instance = new IPFilter("1.2.3*, 4.5.67.1, 7.8.*.3", "");
+        assertTrue(instance.accept("1.2.3.4"));
+        assertTrue(instance.accept("4.5.67.1"));
+        assertTrue(instance.accept("1.2.3.5"));
+        assertFalse(instance.accept("1.3.5.7"));
+
+        assertTrue(instance.accept("7.8.5.3"));
+        assertFalse(instance.accept("7.88.5.3"));
+    }
+
+    @Test
+    public void testAcceptBlack()
+    {
+        IPFilter instance = new IPFilter("", "1.2.3.4, 4.5.67.1");
+
+        assertFalse(instance.accept("1.2.3.4"));
+        assertFalse(instance.accept("4.5.67.1"));
+        assertTrue(instance.accept("1.2.3.5"));
+    }
+
+    @Test
+    public void testFilterSpecialCases()
+    {
+        IPFilter instance = new IPFilter("", "");
+        assertTrue(instance.accept("1.2.3.4"));
+
+        try
+        {
+            new IPFilter("1.2.3.4, 4.5.67.1", "8.9.7.3");
+            assertFalse("black and white", true);
+        } catch (Exception ex)
+        {
+
+        }
+    }
+}