pagopa · MScarsella · Jan 15, 2025 · Jan 13, 2025 · Jan 13, 2025 · Jan 13, 2025
@@ -76,9 +76,12 @@ microservice-chart:
 
     SHARED_FOLDER_ROOT: "/shared"
 
+    ORGANIZATION_BASE_URL: "http://p4pa-organization-microservice-chart:8080"
+    AUTH_SERVER_BASE_URL: "http://p4pa-auth-microservice-chart:8080/payhub"
 
   envSecret:
     APPLICATIONINSIGHTS_CONNECTION_STRING: appinsights-connection-string
+    FILE_ENCRYPT_PASSWORD: file-encrypt-password
 
   # nodeSelector: {}
 

@@ -70,5 +70,6 @@ components:
           type: string
           enum:
             - INVALID_FILE
+            - FILE_UPLOAD_ERROR
         message:
           type: string
@@ -0,0 +1,29 @@
+package it.gov.pagopa.pu.fileshare.config;
+
+import it.gov.pagopa.pu.fileshare.dto.generated.IngestionFlowFileType;
+import java.util.Map;
+import java.util.Optional;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Slf4j
+@Getter
+@Setter
+@Configuration
+@ConfigurationProperties(prefix = "folders")
+public class FoldersPathsConfig {
+  private String shared;
+  private Map<IngestionFlowFileType,String> ingestionFlowFileTypePaths;
+
+  public String getIngestionFlowFilePath(IngestionFlowFileType ingestionFlowFileType) {
+    return Optional.ofNullable(
+        ingestionFlowFileTypePaths.get(ingestionFlowFileType))
+      .orElseThrow(()-> {
+        log.debug("No path configured for ingestionFlowFileType {}",ingestionFlowFileType);
+        return new UnsupportedOperationException();
+      });
+  }
+}
@@ -2,6 +2,7 @@
 
 import it.gov.pagopa.pu.fileshare.dto.generated.FileshareErrorDTO;
 import it.gov.pagopa.pu.fileshare.dto.generated.FileshareErrorDTO.CodeEnum;
+import it.gov.pagopa.pu.fileshare.exception.custom.FileUploadException;
 import it.gov.pagopa.pu.fileshare.exception.custom.InvalidFileException;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
@@ -26,6 +27,11 @@ public ResponseEntity<FileshareErrorDTO> handleInvalidFileError(RuntimeException
     return handleFileshareErrorException(ex, request, HttpStatus.BAD_REQUEST, CodeEnum.INVALID_FILE);
   }
 
+  @ExceptionHandler({FileUploadException.class})
+  public ResponseEntity<FileshareErrorDTO> handleFileStorageError(RuntimeException ex, HttpServletRequest request){
+    return handleFileshareErrorException(ex, request, HttpStatus.INTERNAL_SERVER_ERROR, CodeEnum.FILE_UPLOAD_ERROR);
+  }
+
   static ResponseEntity<FileshareErrorDTO> handleFileshareErrorException(RuntimeException ex, HttpServletRequest request, HttpStatus httpStatus, FileshareErrorDTO.CodeEnum errorEnum) {
     String message = logException(ex, request, httpStatus);
 

@@ -0,0 +1,7 @@
+package it.gov.pagopa.pu.fileshare.exception.custom;
+
+public class FileUploadException extends RuntimeException {
+  public FileUploadException(String message) {
+    super(message);
+  }
+}
@@ -1,6 +1,7 @@
 package it.gov.pagopa.pu.fileshare.service;
 
 import it.gov.pagopa.pu.fileshare.exception.custom.InvalidFileException;
+import java.util.stream.Stream;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
@@ -9,8 +10,26 @@
 @Slf4j
 @Service
 public class FileService {
+
   public void validateFile(MultipartFile ingestionFlowFile, String validFileExt) {
-    if( ingestionFlowFile == null || !StringUtils.defaultString(ingestionFlowFile.getOriginalFilename()).endsWith(validFileExt)){
+    if( ingestionFlowFile == null){
+      log.debug("Invalid ingestion flow file");
+      throw new InvalidFileException("Invalid file");
+    }
+    String filename = StringUtils.defaultString(ingestionFlowFile.getOriginalFilename());
+    validateFileExtension(validFileExt, filename);
+    validateFilename(filename);
+  }
+
+  public static void validateFilename(String filename) {
+    if(Stream.of("..", "\\", "/").anyMatch(filename::contains)){
+      log.debug("Invalid ingestion flow filename");
+      throw new InvalidFileException("Invalid filename");
+    }
+  }
+
+  private static void validateFileExtension(String validFileExt, String filename) {
+    if(!filename.endsWith(validFileExt)){
       log.debug("Invalid ingestion flow file extension");
       throw new InvalidFileException("Invalid file extension");
     }

@@ -0,0 +1,78 @@
+package it.gov.pagopa.pu.fileshare.service;
+
+import it.gov.pagopa.pu.fileshare.config.FoldersPathsConfig;
+import it.gov.pagopa.pu.fileshare.exception.custom.FileUploadException;
+import it.gov.pagopa.pu.fileshare.exception.custom.InvalidFileException;
+import it.gov.pagopa.pu.fileshare.util.AESUtils;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.web.multipart.MultipartFile;
+
+@Slf4j
+@Service
+public class FileStorerService {
+  private final FoldersPathsConfig foldersPathsConfig;
+  private final String fileEncryptPassword;
+
+  public FileStorerService(FoldersPathsConfig foldersPathsConfig,
+    @Value(("${app.fileEncryptPassword}")) String fileEncryptPassword) {
+    this.foldersPathsConfig = foldersPathsConfig;
+    this.fileEncryptPassword = fileEncryptPassword;
+  }
+
+  private Path getFilePath(String relativePath, String filename) {
+    String basePath = foldersPathsConfig.getShared()+relativePath;
+    Path fileLocation = Paths.get(basePath,filename).normalize();
+    if(!fileLocation.startsWith(basePath)){
+      log.debug("Invalid file path");
+      throw new InvalidFileException("Invalid file path");
+    }
+    return fileLocation;
+  }
+
+  public String saveToSharedFolder(MultipartFile file, String relativePath){
+    if(file==null){
+      log.debug("File is mandatory");
+      throw new FileUploadException("File is mandatory");
+    }
+
+    String sharedFolderRootPath = foldersPathsConfig.getShared();
+    String filename = org.springframework.util.StringUtils.cleanPath(
+      StringUtils.defaultString(file.getOriginalFilename()));
+    FileService.validateFilename(filename);
+    Path fileLocation = getFilePath(relativePath, filename);
+    //create missing parent folder, if any
+    try {
+      if (!Files.exists(fileLocation.getParent()))
+        Files.createDirectories(fileLocation.getParent());
+      encryptAndSaveFile(file, fileLocation);
+    }catch (Exception e) {
+      String errorMessage = "Error uploading file to folder %s%s".formatted(
+        sharedFolderRootPath,
+        relativePath);
+      log.debug(
+        errorMessage, e);
+      throw new FileUploadException(
+        errorMessage);
+    }
+    log.debug("File upload to folder %s%s completed".formatted(sharedFolderRootPath,
+      relativePath));
+    return Paths.get(relativePath,filename).toString();
+  }
+
+  private void encryptAndSaveFile(MultipartFile file, Path fileLocation)
+    throws IOException {
+    try(InputStream is = file.getInputStream();
+      InputStream cipherIs = AESUtils.encrypt(fileEncryptPassword, is)){
+      Files.copy(cipherIs, fileLocation, StandardCopyOption.REPLACE_EXISTING);
+    }
+  }
+}
@@ -1,7 +1,9 @@
 package it.gov.pagopa.pu.fileshare.service.ingestion;
 
+import it.gov.pagopa.pu.fileshare.config.FoldersPathsConfig;
 import it.gov.pagopa.pu.fileshare.dto.generated.IngestionFlowFileType;
 import it.gov.pagopa.pu.fileshare.service.FileService;
+import it.gov.pagopa.pu.fileshare.service.FileStorerService;
 import it.gov.pagopa.pu.fileshare.service.UserAuthorizationService;
 import it.gov.pagopa.pu.p4paauth.dto.generated.UserInfo;
 import lombok.extern.slf4j.Slf4j;
@@ -14,19 +16,28 @@
 public class IngestionFlowFileServiceImpl implements IngestionFlowFileService {
   private final UserAuthorizationService userAuthorizationService;
   private final FileService fileService;
+  private final FileStorerService fileStorerService;
+  private final FoldersPathsConfig foldersPathsConfig;
   private final String validIngestionFlowFileExt;
 
   public IngestionFlowFileServiceImpl(
     UserAuthorizationService userAuthorizationService, FileService fileService,
-    @Value("${uploads.ingestion-flow-file.valid-extension}") String validIngestionFlowFileExt) {
+    FileStorerService fileStorerService,
+    FoldersPathsConfig foldersPathsConfig,
+    @Value("${uploads.ingestion-flow-file.valid-extension}") String validIngestionFlowFileExt
+    ) {
     this.userAuthorizationService = userAuthorizationService;
     this.fileService = fileService;
+    this.fileStorerService = fileStorerService;
+    this.foldersPathsConfig = foldersPathsConfig;
     this.validIngestionFlowFileExt = validIngestionFlowFileExt;
   }
 
   @Override
   public void uploadIngestionFlowFile(Long organizationId, IngestionFlowFileType ingestionFlowFileType, MultipartFile ingestionFlowFile, UserInfo user, String accessToken) {
     userAuthorizationService.checkUserAuthorization(organizationId, user, accessToken);
     fileService.validateFile(ingestionFlowFile, validIngestionFlowFileExt);
+    fileStorerService.saveToSharedFolder(ingestionFlowFile,
+      foldersPathsConfig.getIngestionFlowFilePath(ingestionFlowFileType));
   }
 }
@@ -51,6 +51,13 @@ folders:
   process-target-sub-folders:
     archive: "\${PROCESS_TARGET_SUB_FOLDER_ARCHIVE:archive}"
     errors: "\${PROCESS_TARGET_SUB_FOLDER_ERRORS:errors}"
+  ingestion-flow-file-type-paths:
+    RECEIPT: "\${INGESTION_FLOW_FILE_RECEIPT_PATH:/receipt}"
+    PAYMENTS_REPORTING: "\${INGESTION_FLOW_FILE_PAYMENTS_REPORTING_PATH:/payments_reporting}"
+    OPI: "\${INGESTION_FLOW_FILE_OPI_PATH:/opi}"
+    TREASURY_CSV: "\${INGESTION_FLOW_FILE_TREASURY_CSV_PATH:/treasury_csv}"
+    TREASURY_XLS: "\${INGESTION_FLOW_FILE_TREASURY_XLS_PATH:/treasury_xls}"
+    TREASURY_POSTE: "\${INGESTION_FLOW_FILE_TREASURY_POSTE_PATH:/treasury_poste}"
 
 rest:
   default-timeout:
@@ -64,3 +71,6 @@ rest:
 uploads:
   ingestion-flow-file:
     valid-extension: "\${INGESTION_FLOW_FILE_VALID_EXTENSION:.zip}"
+
+app:
+  fileEncryptPassword: "\${FILE_ENCRYPT_PASSWORD:ENCR_PSW}"
@@ -0,0 +1,47 @@
+package it.gov.pagopa.pu.fileshare.config;
+
+import it.gov.pagopa.pu.fileshare.dto.generated.IngestionFlowFileType;
+import java.util.EnumMap;
+import java.util.Map;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+@ExtendWith(MockitoExtension.class)
+class FoldersPathsConfigTest {
+  private FoldersPathsConfig foldersPathsConfig;
+
+  @BeforeEach
+  void setUp() {
+    foldersPathsConfig = new FoldersPathsConfig();
+
+  }
+
+  @Test
+  void givenPopulatedPathWhenGetIngestionFlowFilePathThenOK(){
+    String expected = "/receipt";
+    Map<IngestionFlowFileType,String> paths = new EnumMap<>(
+      IngestionFlowFileType.class);
+    paths.put(IngestionFlowFileType.RECEIPT, "/receipt");
+    foldersPathsConfig.setIngestionFlowFileTypePaths(paths);
+
+    String result = foldersPathsConfig.getIngestionFlowFilePath(
+      IngestionFlowFileType.RECEIPT);
+
+    Assertions.assertEquals(expected,result);
+  }
+
+  @Test
+  void givenNoPathWhenGetIngestionFlowFilePathThenUnsupportedOperation(){
+    foldersPathsConfig.setIngestionFlowFileTypePaths(new EnumMap<>(IngestionFlowFileType.class));
+    try {
+      foldersPathsConfig.getIngestionFlowFilePath(
+        IngestionFlowFileType.RECEIPT);
+      Assertions.fail("Expected UnsupportedOperationException");
+    }catch (UnsupportedOperationException e){
+      //do nothing
+    }
+  }
+}
@@ -3,6 +3,7 @@
 import static org.mockito.Mockito.doThrow;
 
 import it.gov.pagopa.pu.fileshare.dto.generated.FileshareErrorDTO.CodeEnum;
+import it.gov.pagopa.pu.fileshare.exception.custom.FileUploadException;
 import it.gov.pagopa.pu.fileshare.exception.custom.InvalidFileException;
 import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.Test;
@@ -58,4 +59,17 @@ void handleInvalidFileException() throws Exception {
                 .andExpect(MockMvcResultMatchers.jsonPath("$.code").value(CodeEnum.INVALID_FILE.toString()))
                 .andExpect(MockMvcResultMatchers.jsonPath("$.message").value("Error"));
     }
+
+    @Test
+    void handleFileUploadException() throws Exception {
+        doThrow(new FileUploadException("Error")).when(testControllerSpy).testEndpoint(DATA);
+
+        mockMvc.perform(MockMvcRequestBuilders.get("/test")
+                        .param(DATA, DATA)
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .accept(MediaType.APPLICATION_JSON))
+                .andExpect(MockMvcResultMatchers.status().isInternalServerError())
+                .andExpect(MockMvcResultMatchers.jsonPath("$.code").value(CodeEnum.FILE_UPLOAD_ERROR.toString()))
+                .andExpect(MockMvcResultMatchers.jsonPath("$.message").value("Error"));
+    }
 }
@@ -31,6 +31,16 @@ void givenValidFileExtensionWhenValidateFileThenOk(){
     fileService.validateFile(file, VALID_FILE_EXTENSION);
   }
 
+  @Test
+  void givenNoFileWhenValidateFileThenInvalidFileException(){
+    try{
+      fileService.validateFile(null, VALID_FILE_EXTENSION);
+      Assertions.fail("Expected InvalidFileException");
+    }catch(InvalidFileException e){
+      //do nothing
+    }
+  }
+
   @Test
   void givenInvalidFileExtensionWhenValidateFileThenInvalidFileException(){
     MockMultipartFile file = new MockMultipartFile(
@@ -47,4 +57,21 @@ void givenInvalidFileExtensionWhenValidateFileThenInvalidFileException(){
       //do nothing
     }
   }
+
+  @Test
+  void givenInvalidFilenameWhenValidateFileThenInvalidFileException(){
+    MockMultipartFile file = new MockMultipartFile(
+      "ingestionFlowFile",
+      "../test.zip",
+      MediaType.TEXT_PLAIN_VALUE,
+      "this is a test file".getBytes()
+    );
+
+    try{
+      fileService.validateFile(file, VALID_FILE_EXTENSION);
+      Assertions.fail("Expected InvalidFileException");
+    }catch(InvalidFileException e){
+      //do nothing
+    }
+  }
 }