LDEV-694 x-vdir support, create mappings for webserver virtual directories

https://luceeserver.atlassian.net/browse/LDEV-694

Author: zspitzer

ant/build-core.xml

@@ -762,6 +762,7 @@
       <jvmarg value="-Dlucee.ssl.checkserveridentity=false"/>
       <jvmarg value="-DLUCEE_BUILD_ENV=${LUCEE_BUILD_ENV}"/>
       <jvmarg value="-Dlucee.enable.bundle.download=true"/>
+      <jvmarg value="-Dlucee.vdirs.sharedkey=testsecret"/>
 
       <jvmarg value="-XX:+UnlockExperimentalVMOptions" if:true="${UseEpsilonGC}"/>
       <jvmarg value="-XX:+UseEpsilonGC" if:true="${UseEpsilonGC}"/>

core/src/main/java/lucee/runtime/config/ConfigUtil.java

@@ -1216,6 +1216,30 @@ private static Object[] getSources(PageContext pc, ConfigPro config, Mapping[] m
 			}
 		}
 
+		// virtual directory mappings from x-vdirs header (mod_cfml)
+		if (pc != null && config instanceof ConfigWebImpl) {
+			Mapping[] vdirMappings = ((ConfigWebImpl) config).getVirtualDirectoryMappings( pc );
+			if (vdirMappings != null) {
+				for (int i = 0; i < vdirMappings.length; i++) {
+					mapping = vdirMappings[i];
+					if ((!onlyTopLevel || mapping.isTopLevel()) && lcRealPath.startsWith(mapping.getVirtualLowerCaseWithSlash(), 0)) {
+						if (asPageSource) {
+							ps = mapping.getPageSource(realPath.substring(mapping.getVirtual().length()));
+							if (onlyFirstMatch) return new PageSource[] { ps };
+							else list.add(ps);
+						}
+						else {
+							if (mapping instanceof MappingImpl) res = ((MappingImpl) mapping).getResource(realPath.substring(mapping.getVirtual().length()));
+							else res = mapping.getPageSource(realPath.substring(mapping.getVirtual().length())).getResource();
+
+							if (onlyFirstMatch) return new Resource[] { res };
+							else list.add(res);
+						}
+					}
+				}
+			}
+		}
+
 		if (useDefaultMapping) {
 			if (rootApp != null) mapping = rootApp;
 			else mapping = thisMappings[thisMappings.length - 1];
@@ -1325,6 +1349,23 @@ public static PageSource getPageSourceExisting(PageContext pc, ConfigPro config,
 			}
 		}
 
+		// virtual directory mappings from x-vdirs header (mod_cfml)
+		if (pc != null && config instanceof ConfigWebImpl) {
+			Mapping[] vdirMappings = ((ConfigWebImpl) config).getVirtualDirectoryMappings( pc );
+			if (vdirMappings != null) {
+				for (int i = 0; i < vdirMappings.length; i++) {
+					mapping = vdirMappings[i];
+					if ((!onlyTopLevel || mapping.isTopLevel()) && lcRealPath.startsWith(mapping.getVirtualLowerCaseWithSlash(), 0)) {
+						ps = mapping.getPageSource(realPath.substring(mapping.getVirtual().length()));
+						if (onlyPhysicalExisting) {
+							if (ps.physcalExists()) return ps;
+						}
+						else if (ps.exists()) return ps;
+					}
+				}
+			}
+		}
+
 		if (useDefaultMapping) {
 			if (rootApp != null) mapping = rootApp;
 			else mapping = thisMappings[thisMappings.length - 1];

core/src/main/java/lucee/runtime/config/ConfigWebImpl.java

@@ -129,6 +129,7 @@ public final class ConfigWebImpl extends ConfigBase implements ConfigWebPro {
 	private ComponentPathCache componentPathCache = new ComponentPathCache();
 	private Map<String, Log> logs = new ConcurrentHashMap<>();
 	private lucee.runtime.rest.Mapping[] restMappings;
+	private VirtualDirectoryManager virtualDirectoryManager;
 
 	public ConfigWebImpl(CFMLFactoryImpl factory, ConfigServerImpl cs, ServletConfig config) {
 		setInstance(factory, cs, config, false);
@@ -140,6 +141,7 @@ public ConfigWebPro setInstance(CFMLFactoryImpl factory, ConfigServerImpl cs, Se
 		this.cs = cs;
 		this.config = config;
 		helper = new ConfigWebHelper(cs, this);
+		this.virtualDirectoryManager = new VirtualDirectoryManager(this);
 
 		if (reload) reload();
 		return this;
@@ -1786,6 +1788,17 @@ public Mapping[] getMappings() {
 		return mappings;
 	}
 
+	/**
+	 * Gets virtual directory mappings for the current request from x-vdirs header.
+	 * Returns null if feature is disabled or no virtual directories in request.
+	 *
+	 * @param pc PageContext for current request
+	 * @return Array of virtual directory Mapping objects, or null
+	 */
+	public Mapping[] getVirtualDirectoryMappings( PageContext pc ) {
+		return virtualDirectoryManager != null ? virtualDirectoryManager.getVirtualDirectoryMappings( pc ) : null;
+	}
+
 	@Override
 	public ConfigWebImpl resetMappings() {
 		if (mappings != null) {

core/src/main/java/lucee/runtime/config/VirtualDirectoryManager.java

@@ -0,0 +1,169 @@
+package lucee.runtime.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import lucee.commons.io.SystemUtil;
+import lucee.commons.io.log.Log;
+import lucee.commons.io.res.Resource;
+import lucee.commons.io.res.util.ResourceUtil;
+import lucee.commons.lang.StringUtil;
+import lucee.runtime.Mapping;
+import lucee.runtime.MappingImpl;
+import lucee.runtime.PageContext;
+
+/**
+ * Manages virtual directory mappings from x-vdirs header (mod_cfml).
+ *
+ * Virtual directories are parsed from the x-vdirs header format:
+ * /virtual1,/physical/path1;/virtual2,/physical/path2;
+ *
+ * Security: Requires x-vdirs-sharedkey header to match lucee.vdirs.sharedkey configuration.
+ * Feature is disabled if lucee.vdirs.sharedkey is not configured.
+ */
+public class VirtualDirectoryManager {
+
+	private static final String CONFIGURED_SHARED_KEY = SystemUtil.getSystemPropOrEnvVar( "lucee.vdirs.sharedkey",
+			"" );
+
+	private final ConfigWeb config;
+
+	// Cache: x-vdirs header value hash -> array of Mapping objects
+	private final Map<Integer, Mapping[]> cache = new ConcurrentHashMap<>( 4 );
+
+	private volatile boolean invalidKeyWarned = false;
+
+	public VirtualDirectoryManager( ConfigWeb config ) {
+		this.config = config;
+	}
+
+	/**
+	 * Gets virtual directory mappings for the current request.
+	 * Returns null if feature is disabled or validation fails.
+	 *
+	 * @param pc PageContext for current request
+	 * @return Array of Mapping objects, or null
+	 */
+	public Mapping[] getVirtualDirectoryMappings( PageContext pc ) {
+		// Feature disabled if no shared key configured
+		if ( StringUtil.isEmpty( CONFIGURED_SHARED_KEY ) ) {
+			return null;
+		}
+
+		// Read x-vdirs header directly from servlet request (avoids lazy-loading CGI scope)
+		String xVdirs = pc.getHttpServletRequest().getHeader( "x-vdirs" );
+
+		// No virtual directories in this request
+		if ( StringUtil.isEmpty( xVdirs ) ) {
+			return null;
+		}
+
+		// Validate shared key
+		String xVdirsSharedKey = pc.getHttpServletRequest().getHeader( "x-vdirs-sharedkey" );
+		if ( StringUtil.isEmpty( xVdirsSharedKey ) || !CONFIGURED_SHARED_KEY.equals( xVdirsSharedKey ) ) {
+			if ( !invalidKeyWarned ) {
+				invalidKeyWarned = true;
+				Log log = config.getLog( "application" );
+				if ( log != null ) {
+					log.error( "VirtualDirectoryManager",
+							"x-vdirs header received but x-vdirs-sharedkey is missing or doesn't match configured shared key. Ignoring virtual directories." );
+				}
+			}
+			return null;
+		}
+
+		// Check cache
+		int cacheKey = xVdirs.hashCode();
+		Mapping[] cached = cache.get( cacheKey );
+		if ( cached != null ) {
+			return cached;
+		}
+
+		// Parse and cache
+		Mapping[] mappings = parseVirtualDirectories( xVdirs );
+		if ( mappings != null && mappings.length > 0 ) {
+			cache.put( cacheKey, mappings );
+		}
+
+		return mappings;
+	}
+
+	/**
+	 * Parses x-vdirs header format: /virtual1,/physical1;/virtual2,/physical2;
+	 *
+	 * @param xVdirs Header value
+	 * @return Array of Mapping objects
+	 */
+	private Mapping[] parseVirtualDirectories( String xVdirs ) {
+		if ( StringUtil.isEmpty( xVdirs ) ) {
+			return null;
+		}
+
+		// Split by semicolon
+		String[] entries = xVdirs.split( ";" );
+		if ( entries.length == 0 ) {
+			return null;
+		}
+
+		// Parse each entry
+		List<Mapping> mappings = new ArrayList<>();
+		for ( String entry : entries ) {
+			entry = entry.trim();
+			if ( entry.isEmpty() ) {
+				continue;
+			}
+
+			// Split by comma
+			String[] parts = entry.split( ",", 2 );
+			if ( parts.length != 2 ) {
+				continue;
+			}
+
+			String virtual = parts[0].trim();
+			String physical = parts[1].trim();
+
+			// Skip invalid entries
+			if ( virtual.length() <= 1 || physical.length() <= 1 ) {
+				continue;
+			}
+
+			// Convert Windows backslashes to forward slashes
+			physical = physical.replace( '\\', '/' );
+
+			// Create mapping
+			try {
+				Resource physicalResource = ResourceUtil.toResourceExisting( config, physical );
+				if ( physicalResource != null && physicalResource.exists() ) {
+					Mapping mapping = new MappingImpl( config, virtual, physical, null, Config.INSPECT_UNDEFINED, ConfigPro.INSPECT_INTERVAL_UNDEFINED,
+							ConfigPro.INSPECT_INTERVAL_UNDEFINED, true, false, true, true, false, false, null, -1, -1 );
+					mappings.add( mapping );
+				}
+			}
+			catch ( Exception e ) {
+				// Log and skip invalid mappings
+				Log log = config.getLog( "application" );
+				if ( log != null ) {
+					log.error( "VirtualDirectoryManager", "Failed to create virtual directory mapping: " + virtual + " -> " + physical, e );
+				}
+			}
+		}
+
+		return mappings.isEmpty() ? null : mappings.toArray( new Mapping[0] );
+	}
+
+	/**
+	 * Clears the cache. Called when configuration changes or for testing.
+	 */
+	public void clearCache() {
+		cache.clear();
+	}
+
+	/**
+	 * Returns true if virtual directory feature is enabled (shared key is configured).
+	 */
+	public boolean isEnabled() {
+		return !StringUtil.isEmpty( CONFIGURED_SHARED_KEY );
+	}
+}

core/src/main/java/resource/setting/sysprop-envvar.json

@@ -971,6 +971,14 @@
 		"type": "string",
 		"default": null
 	},
+	{
+		"sysprop": "lucee.vdirs.sharedkey",
+		"envvar": "LUCEE_VDIRS_SHAREDKEY",
+		"desc": "Shared secret key for validating x-vdirs header from mod_cfml. When set, enables automatic virtual directory mapping from Apache/IIS aliases. The x-vdirs-sharedkey header must match this value for virtual directories to be processed",
+		"category": "security",
+		"type": "string",
+		"default": null
+	},
 	{
 		"sysprop": "lucee.version",
 		"envvar": "LUCEE_VERSION",

test/tickets/LDEV0694.cfc

@@ -0,0 +1,48 @@
+component extends="org.lucee.cfml.test.LuceeTestCase" labels="vdirs" {
+
+	function run( testResults, testBox ) {
+		describe( "LDEV-694: Virtual directory mappings from x-vdirs header", function() {
+
+			it( "should resolve virtual directory path via expandPath", function() {
+				var testDir = getDirectoryFromPath( getCurrentTemplatePath() ) & "LDEV0694/";
+				var physicalPath = testDir & "virtual";
+
+				// Use internalRequest to simulate mod_cfml sending x-vdirs header
+				var result = internalRequest(
+					template = createURI( "LDEV0694/test.cfm" ),
+					headers = {
+						"x-vdirs" = "/vdir,#physicalPath#",
+						"x-vdirs-sharedkey" = "testsecret"
+					}
+				);
+
+				expect( result.status ).toBe( 200 );
+				expect( result.filecontent ).toInclude( 4 );
+				expect( result.filecontent ).toInclude( "SUCCESS" );
+			});
+
+			it( "should reject invalid shared key", function() {
+				var testDir = getDirectoryFromPath( getCurrentTemplatePath() ) & "LDEV0694/";
+				var physicalPath = testDir & "virtual";
+
+				// Use internalRequest with wrong shared key
+				var result = internalRequest(
+					template = createURI( "LDEV0694/test-reject.cfm" ),
+					headers = {
+						"x-vdirs" = "/vdir,#physicalPath#",
+						"x-vdirs-sharedkey" = "wrongkey"
+					}
+				);
+
+				expect( result.filecontent ).toInclude( "FAIL", "Invalid shared key should be rejected" );
+			});
+
+		});
+	}
+
+	private string function createURI( string calledName ) {
+		var baseURI = "/test/#listLast( getDirectoryFromPath( getCurrentTemplatePath() ), "\/" )#/";
+		return baseURI & calledName;
+	}
+
+}

test/tickets/LDEV0694/test-reject.cfm

@@ -0,0 +1,11 @@
+<cfscript>
+	// Test that virtual directory is rejected with wrong shared key
+	try {
+		include "/vdir/index.cfm";
+		writeOutput( "FAIL: Virtual directory accessible with wrong key" );
+	}
+	catch ( any e ) {
+		// Expected: should fail to resolve with wrong key
+		writeOutput( "FAIL: " & e.message );
+	}
+</cfscript>

test/tickets/LDEV0694/test.cfm

@@ -0,0 +1,10 @@
+<cfscript>
+	// Test that virtual directory CFML execution works via include
+	try {
+		include "/vdir/index.cfm";
+		writeOutput( "SUCCESS: " );
+	}
+	catch ( any e ) {
+		writeOutput( "FAIL: " & e.message );
+	}
+</cfscript>

test/tickets/LDEV0694/virtual/index.cfm

@@ -0,0 +1 @@
+<cfoutput>#2*2#</cfoutput>