Allow serving static files from RouterFunctions

This commit adds the ability to serve Resources (static files) through a
RouterFunction. Two methods have been added to RouterFunctions: one that
exposes a given directory given a path pattern, and a generic method
that requires a lookup function.

Issue: SPR-14913

Author: poutsma

spring-web-reactive/src/main/java/org/springframework/web/reactive/function/DefaultServerResponseBuilder.java

@@ -25,6 +25,7 @@
 import java.util.LinkedHashSet;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -55,12 +56,12 @@
  */
 class DefaultServerResponseBuilder implements ServerResponse.BodyBuilder {
 
-	private final int statusCode;
+	private final HttpStatus statusCode;
 
 	private final HttpHeaders headers = new HttpHeaders();
 
 
-	public DefaultServerResponseBuilder(int statusCode) {
+	public DefaultServerResponseBuilder(HttpStatus statusCode) {
 		this.statusCode = statusCode;
 	}
 
@@ -87,6 +88,12 @@ public ServerResponse.BodyBuilder allow(HttpMethod... allowedMethods) {
 		return this;
 	}
 
+	@Override
+	public ServerResponse.BodyBuilder allow(Set<HttpMethod> allowedMethods) {
+		this.headers.setAllow(allowedMethods);
+		return this;
+	}
+
 	@Override
 	public ServerResponse.BodyBuilder contentLength(long contentLength) {
 		this.headers.setContentLength(contentLength);
@@ -144,9 +151,7 @@ public ServerResponse.BodyBuilder varyBy(String... requestHeaders) {
 
 	@Override
 	public ServerResponse<Void> build() {
-		return body(BodyInserter.of(
-				(response, context) -> response.setComplete(),
-				() -> null));
+		return body(BodyInserters.empty());
 	}
 
 	@Override
@@ -194,20 +199,20 @@ private Map<String, Object> toModelMap(Object[] modelAttributes) {
 	}
 
 
-	private static abstract class AbstractServerResponse<T> implements ServerResponse<T> {
+	static abstract class AbstractServerResponse<T> implements ServerResponse<T> {
 
-		private final int statusCode;
+		private final HttpStatus statusCode;
 
 		private final HttpHeaders headers;
 
-		protected AbstractServerResponse(int statusCode, HttpHeaders headers) {
+		protected AbstractServerResponse(HttpStatus statusCode, HttpHeaders headers) {
 			this.statusCode = statusCode;
 			this.headers = HttpHeaders.readOnlyHttpHeaders(headers);
 		}
 
 		@Override
 		public final HttpStatus statusCode() {
-			return HttpStatus.valueOf(this.statusCode);
+			return this.statusCode;
 		}
 
 		@Override
@@ -216,7 +221,7 @@ public final HttpHeaders headers() {
 		}
 
 		protected void writeStatusAndHeaders(ServerHttpResponse response) {
-			response.setStatusCode(HttpStatus.valueOf(this.statusCode));
+			response.setStatusCode(this.statusCode);
 			HttpHeaders responseHeaders = response.getHeaders();
 
 			if (!this.headers.isEmpty()) {
@@ -233,7 +238,7 @@ private static final class BodyInserterServerResponse<T> extends AbstractServerR
 
 		private final BodyInserter<T, ? super ServerHttpResponse> inserter;
 
-		public BodyInserterServerResponse(int statusCode, HttpHeaders headers,
+		public BodyInserterServerResponse(HttpStatus statusCode, HttpHeaders headers,
 				BodyInserter<T, ? super ServerHttpResponse> inserter) {
 
 			super(statusCode, headers);
@@ -267,7 +272,9 @@ private static final class RenderingServerResponse extends AbstractServerRespons
 
 		private final Rendering rendering;
 
-		public RenderingServerResponse(int statusCode, HttpHeaders headers, String name, Map<String, Object> model) {
+		public RenderingServerResponse(HttpStatus statusCode, HttpHeaders headers, String name,
+				Map<String, Object> model) {
+
 			super(statusCode, headers);
 			this.name = name;
 			this.model = model;

spring-web-reactive/src/main/java/org/springframework/web/reactive/function/HandlerFilterFunction.java

@@ -16,6 +16,8 @@
 
 package org.springframework.web.reactive.function;
 
+import java.util.function.Function;
+
 import org.springframework.util.Assert;
 import org.springframework.web.reactive.function.support.ServerRequestWrapper;
 
@@ -70,4 +72,31 @@ default HandlerFunction<R> apply(HandlerFunction<T> handler) {
 		return request -> this.filter(request, handler);
 	}
 
+	/**
+	 * Adapt the given request processor function to a filter function that only operates on the
+	 * {@code ClientRequest}.
+	 * @param requestProcessor the request processor
+	 * @return the filter adaptation of the request processor
+	 */
+	static HandlerFilterFunction<?, ?> ofRequestProcessor(Function<ServerRequest,
+				ServerRequest> requestProcessor) {
+
+		Assert.notNull(requestProcessor, "'requestProcessor' must not be null");
+		return (request, next) -> next.handle(requestProcessor.apply(request));
+	}
+
+	/**
+	 * Adapt the given response processor function to a filter function that only operates on the
+	 * {@code ClientResponse}.
+	 * @param responseProcessor the response processor
+	 * @return the filter adaptation of the request processor
+	 */
+	static <T, R> HandlerFilterFunction<T, R> ofResponseProcessor(Function<ServerResponse<T>,
+			ServerResponse<R>> responseProcessor) {
+
+		Assert.notNull(responseProcessor, "'responseProcessor' must not be null");
+		return (request, next) -> responseProcessor.apply(next.handle(request));
+	}
+
+
 }

spring-web-reactive/src/main/java/org/springframework/web/reactive/function/PathResourceLookupFunction.java

@@ -0,0 +1,159 @@
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.web.reactive.function;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Optional;
+import java.util.function.Function;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.UrlResource;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
+import org.springframework.util.ResourceUtils;
+import org.springframework.util.StringUtils;
+import org.springframework.web.util.UriUtils;
+
+/**
+ * Lookup function used by {@link RouterFunctions#resources(String, Resource)}.
+ *
+ * @author Arjen Poutsma
+ * @since 5.0
+ */
+class PathResourceLookupFunction implements Function<ServerRequest, Optional<Resource>> {
+
+	private static final PathMatcher PATH_MATCHER = new AntPathMatcher();
+
+	private final String pattern;
+
+	private final Resource location;
+
+	public PathResourceLookupFunction(String pattern, Resource location) {
+		this.pattern = pattern;
+		this.location = location;
+	}
+
+	@Override
+	public Optional<Resource> apply(ServerRequest request) {
+		String path = processPath(request.path());
+		if (path.contains("%")) {
+			path = UriUtils.decode(path, StandardCharsets.UTF_8);
+		}
+		if (!StringUtils.hasLength(path) || isInvalidPath(path)) {
+			return Optional.empty();
+		}
+		if (!PATH_MATCHER.match(this.pattern, path)) {
+			return Optional.empty();
+		}
+		else {
+			path = PATH_MATCHER.extractPathWithinPattern(this.pattern, path);
+		}
+		try {
+			Resource resource = this.location.createRelative(path);
+			if (resource.exists() && resource.isReadable() && isResourceUnderLocation(resource)) {
+				return Optional.of(resource);
+			}
+			else {
+				return Optional.empty();
+			}
+		}
+		catch (IOException ex) {
+			throw new UncheckedIOException(ex);
+		}
+	}
+
+	private static String processPath(String path) {
+		boolean slash = false;
+		for (int i = 0; i < path.length(); i++) {
+			if (path.charAt(i) == '/') {
+				slash = true;
+			}
+			else if (path.charAt(i) > ' ' && path.charAt(i) != 127) {
+				if (i == 0 || (i == 1 && slash)) {
+					return path;
+				}
+				path = slash ? "/" + path.substring(i) : path.substring(i);
+				return path;
+			}
+		}
+		return (slash ? "/" : "");
+	}
+
+	private static boolean isInvalidPath(String path) {
+		if (path.contains("WEB-INF") || path.contains("META-INF")) {
+			return true;
+		}
+		if (path.contains(":/")) {
+			String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path);
+			if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) {
+				return true;
+			}
+		}
+		if (path.contains("..")) {
+			path = StringUtils.cleanPath(path);
+			if (path.contains("../")) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	private boolean isResourceUnderLocation(Resource resource) throws
+			IOException {
+		if (resource.getClass() != this.location.getClass()) {
+			return false;
+		}
+
+		String resourcePath;
+		String locationPath;
+
+		if (resource instanceof UrlResource) {
+			resourcePath = resource.getURL().toExternalForm();
+			locationPath = StringUtils.cleanPath(this.location.getURL().toString());
+		}
+		else if (resource instanceof ClassPathResource) {
+			resourcePath = ((ClassPathResource) resource).getPath();
+			locationPath = StringUtils.cleanPath(((ClassPathResource) this.location).getPath());
+		}
+		else {
+			resourcePath = resource.getURL().getPath();
+			locationPath = StringUtils.cleanPath(this.location.getURL().getPath());
+		}
+
+		if (locationPath.equals(resourcePath)) {
+			return true;
+		}
+		locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath :
+				locationPath + "/");
+		if (!resourcePath.startsWith(locationPath)) {
+			return false;
+		}
+
+		if (resourcePath.contains("%")) {
+			if (UriUtils.decode(resourcePath, "UTF-8").contains("../")) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+
+}