1

I am developing an API REST but I faced the following problem: in some cases, the ID of my resources are URLs.

The API is used for both, a software where the IDs are in UUID format, and a FileSystem where the only way of identifying resources is by using their path.

So, to retrieve a resource, I use a GET statement like that: - http://localhost/files/{id}

When I am retrieving a document stored in the database of the software, {id} is something like "2ab89005-b938-46c8-9d22-3a12a3c40672", but when the document is in a FileSystem, the {id} can be something like "/documents/2018/april/myfile.pdf".

How can I manage this situation? Until now, I am doing a GET request over the URL "http://localhost/files/" (without {id}) and including the required information in the body in JSON format:

{
    "id": {id}
}

Of course, I know this is not a good practice, but I don't know how can I implement REST architecture in this situation. I am using Java + Spring Boot.

Thank you.

SOLUTION IMPLEMENTED: At the end, I have created the following endpoint: http://localhost/files/?id={id}. The reson of doing this is because the application that is calling me doesn't know if it is asking for a resource stored in a FileSystem or in my database. If the application knows it, I think it is better to implement two endpoints: http://localhost/files/?id={id} (for FileSystem) and http://localhost/files/{id} (for database).

Rodri
  • 11
  • 4

1 Answers1

2

It's realy bad idea to take ability for user chose file in FS because of Path Manipulation Vulnerability.

But if you want to do that, you cat set String as a path variable, and decode your request string:

@RestController
@RequestMapping("test")
public class MainController {

    @GetMapping("/{id}")
    public Mono<String> main(@PathVariable("id") String id){
        return Mono.just(id);
    }
}

enter image description here

Konstantin Pozhidaev
  • 457
  • 4
  • 13
  • Hello. I am having a problem with your solution, as when I put an URL like yours in Postman (in my case: %2Fdocuments%2Finvoice20190112.pdf) the server replies me: HTTP Status 400 – Bad Request. However, I've used "public String main(@PathVariable("id") String id)". Thank you. – Rodri Feb 27 '19 at 15:31
  • May be you just forgot slash somewhere in request or did not mapped url correctly, 4XX responses tell about client side error. – Konstantin Pozhidaev Feb 27 '19 at 15:42
  • No, I didn't forget anything. I just copied your example too, and I got the same error. I think it is because of Apache: https://stackoverflow.com/questions/4069002/receive-an-http-400-error-if-2f-is-part-of-the-get-url-in-jboss – Rodri Mar 01 '19 at 10:02
  • Of course, I ran it on Netty. Also, as you can see, it uses reactor library. – Konstantin Pozhidaev Mar 01 '19 at 22:45
  • Try to use base64 encoded string or sha encription, but in this case you should to use something like virtual collumn in your db. – Konstantin Pozhidaev Mar 01 '19 at 22:58
  • Thanks for the idea. As I don't have a db for the FileSystem, I think I am going to generate two services; one where the {id} is a common UUID, and other where the {id} is a path. But in the second case, I will use @GetMapping("/?id={id}"). – Rodri Mar 05 '19 at 16:54
  • On this case you can just use @RequestParam: https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/htmlsingle/spring-framework-reference.html#mvc-ann-requestparam and wrap it in Optional, if it java 8 or later. – Konstantin Pozhidaev Mar 05 '19 at 18:10