2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
38 package org.onap.portalsdk.core.onboarding.crossapi;
40 import java.io.BufferedReader;
41 import java.io.IOException;
42 import java.io.InputStream;
43 import java.io.InputStreamReader;
44 import java.io.PrintWriter;
45 import java.io.StringWriter;
46 import java.util.List;
49 import javax.servlet.ServletException;
50 import javax.servlet.annotation.WebServlet;
51 import javax.servlet.http.HttpServlet;
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpServletResponse;
55 import org.apache.commons.logging.Log;
56 import org.apache.commons.logging.LogFactory;
57 import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
58 import org.onap.portalsdk.core.onboarding.listener.PortalTimeoutHandler;
59 import org.onap.portalsdk.core.onboarding.rest.RestWebServiceClient;
60 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
61 import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
62 import org.onap.portalsdk.core.restful.domain.EcompRole;
63 import org.onap.portalsdk.core.restful.domain.EcompUser;
64 import org.owasp.esapi.ESAPI;
66 import com.fasterxml.jackson.core.JsonProcessingException;
67 import com.fasterxml.jackson.core.type.TypeReference;
68 import com.fasterxml.jackson.databind.DeserializationFeature;
69 import com.fasterxml.jackson.databind.ObjectMapper;
72 * This servlet performs the functions described below. It listens on a path
73 * like "/api" (see {@link PortalApiConstants#API_PREFIX}). The servlet checks
74 * for authorized access and rejects unauthorized requests.
76 * <LI>Proxies user (i.e., browser) requests for web analytics. The GET method
77 * fetches javascript from the Portal and returns it. The POST method forwards
78 * data sent by the browser on to Portal. These requests are checked for a valid
79 * User UID in a header; these requests do NOT use the application
80 * username-password header.</LI>
81 * <LI>Responds to ECOMP Portal API requests to query and update user, role and
82 * user-role information. The servlet proxies all requests on to a local Java
83 * class that implements {@link IPortalRestAPIService}. These requests must have
84 * the application username-password header.</LI>
86 * This servlet will not start if the required portal.properties file is not
87 * found on the classpath.
90 @WebServlet(urlPatterns = { PortalApiConstants.API_PREFIX + "/*" })
91 public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPIService {
93 private static final long serialVersionUID = 1L;
95 private static final String APPLICATION_JSON = "application/json";
97 private static final Log logger = LogFactory.getLog(PortalRestAPIProxy.class);
100 * Mapper for JSON to object etc.
102 private final ObjectMapper mapper = new ObjectMapper();
105 * Client-supplied class that implements our interface.
107 private static IPortalRestAPIService portalRestApiServiceImpl;
108 private static final String isAccessCentralized = PortalApiProperties
109 .getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED);
110 private static final String errorMessage = "Access Management is not allowed for Centralized applications." ;
111 private static final String isCentralized = "remote";
114 public PortalRestAPIProxy() {
115 // Ensure that any additional fields sent by the Portal
116 // will be ignored when creating objects.
117 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
121 public void init() throws ServletException {
122 String className = PortalApiProperties.getProperty(PortalApiConstants.PORTAL_API_IMPL_CLASS);
123 if (className == null)
124 throw new ServletException(
125 "init: Failed to find class name property " + PortalApiConstants.PORTAL_API_IMPL_CLASS);
127 logger.debug("init: creating instance of class " + className);
128 Class<?> implClass = Class.forName(className);
129 if (!isCentralized.equals(isAccessCentralized))
130 portalRestApiServiceImpl = (IPortalRestAPIService) (implClass.getConstructor().newInstance());
132 portalRestApiServiceImpl = new PortalRestAPICentralServiceImpl();
134 } catch (Exception ex) {
135 throw new ServletException("init: Failed to find or instantiate class " + className, ex);
140 protected void doPost(HttpServletRequest request, HttpServletResponse response)
141 throws IOException, ServletException {
142 if (portalRestApiServiceImpl == null) {
143 // Should never happen due to checks in init()
144 logger.error("doPost: no service class instance");
145 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
146 response.getWriter().write(buildJsonResponse(false, "Misconfigured - no instance of service class"));
149 String requestUri = request.getRequestURI();
150 String responseJson = "";
151 String storeAnalyticsContextPath = "/storeAnalytics";
152 if (requestUri.endsWith(PortalApiConstants.API_PREFIX + storeAnalyticsContextPath)) {
155 userId = getUserId(request);
156 } catch (PortalAPIException e) {
157 logger.error("Issue with invoking getUserId implemenation !!! ", e);
158 throw new ServletException(e);
160 if (userId == null || userId.length() == 0) {
161 logger.debug("doPost: userId is null or empty");
162 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
163 responseJson = buildJsonResponse(false, "Not authorized for " + storeAnalyticsContextPath);
165 // User ID obtained from request
167 String appUserName = "";
168 String appPassword = "";
171 for (Map.Entry<String, String> entry : getCredentials().entrySet()) {
173 if (entry.getKey().equalsIgnoreCase("username")) {
174 appUserName = entry.getValue();
175 } else if (entry.getKey().equalsIgnoreCase("password")) {
176 appPassword = entry.getValue();
178 appName = entry.getValue();
182 String credential = PortalApiProperties.getProperty(PortalApiConstants.UEB_APP_KEY);
183 // for now lets also pass uebkey as user name and password
184 String requestBody = readRequestBody(request);
185 @SuppressWarnings("unchecked")
186 Map<String, String> bodyMap = mapper.readValue(requestBody, Map.class);
188 bodyMap.put("userid", userId);
189 requestBody = mapper.writeValueAsString(bodyMap);
190 responseJson = RestWebServiceClient.getInstance().postPortalContent(storeAnalyticsContextPath,
191 userId, appName, null, appUserName, appPassword, "application/json", requestBody, true);
192 logger.debug("doPost: postPortalContent returns " + responseJson);
193 response.setStatus(HttpServletResponse.SC_OK);
194 } catch (Exception ex) {
195 logger.error("doPost: " + storeAnalyticsContextPath + " caught exception", ex);
196 responseJson = buildJsonResponse(ex);
197 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
200 writeAndFlush(response, APPLICATION_JSON, responseJson);
204 boolean secure = false;
206 secure = isAppAuthenticated(request);
207 } catch (PortalAPIException ex) {
208 logger.error("doPost: isAppAuthenticated threw exception", ex);
209 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
210 response.getWriter().write(buildJsonResponse(false, "Failed to authenticate request"));
214 logger.debug("doPost: isAppAuthenticated answered false");
215 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
216 writeAndFlush(response, APPLICATION_JSON, buildJsonResponse(false, "Not authorized"));
221 String requestBody = readRequestBody(request);
222 if (logger.isDebugEnabled())
223 logger.debug("doPost: URI = " + requestUri + ", payload = " + requestBody);
228 * 1. /user <-- save user
230 * 2. /user/{loginId} <-- edit user
232 * 3. /user/{loginId}/roles <-- save roles for user
235 // On success return the empty string.
237 if (requestUri.endsWith("/updateSessionTimeOuts")) {
238 if (updateSessionTimeOuts(requestBody)) {
239 logger.debug("doPost: updated session timeouts");
240 response.setStatus(HttpServletResponse.SC_OK);
242 String msg = "Failed to update session time outs";
243 logger.error("doPost: " + msg);
244 responseJson = buildJsonResponse(false, msg);
245 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
247 } else if (requestUri.endsWith("/timeoutSession")) {
248 String portalJSessionId = request.getParameter("portalJSessionId");
249 if (portalJSessionId == null) {
250 portalJSessionId = "";
252 if (timeoutSession(portalJSessionId)) {
253 logger.debug("doPost: timed out session");
254 response.setStatus(HttpServletResponse.SC_OK);
256 String msg = "Failed to timeout session";
257 logger.error("doPost: " + msg);
258 responseJson = buildJsonResponse(false, msg);
259 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
262 // Example: /user <-- create user
263 if (requestUri.endsWith(PortalApiConstants.API_PREFIX + "/user")) {
265 EcompUser user = mapper.readValue(requestBody, EcompUser.class);
267 if (logger.isDebugEnabled())
268 logger.debug("doPost: pushUser: success");
269 responseJson = buildJsonResponse(true, "user saved successfully");
270 response.setStatus(HttpServletResponse.SC_OK);
271 } catch (Exception ex) {
272 responseJson = buildJsonResponse(ex);
273 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
274 logger.error("doPost: pushUser: caught exception", ex);
277 // Example: /user/abc <-- edit user abc
278 if (requestUri.contains(PortalApiConstants.API_PREFIX + "/user/") && !(requestUri.endsWith("/roles"))) {
279 String loginId = requestUri.substring(requestUri.lastIndexOf('/') + 1);
281 EcompUser user = mapper.readValue(requestBody, EcompUser.class);
282 editUser(loginId, user);
283 if (logger.isDebugEnabled())
284 logger.debug("doPost: editUser: success");
285 responseJson = buildJsonResponse(true, "user saved successfully");
286 response.setStatus(HttpServletResponse.SC_OK);
287 } catch (Exception ex) {
288 responseJson = buildJsonResponse(ex);
289 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
290 logger.error("doPost: editUser: caught exception", ex);
293 // Example: /user/{loginId}/roles <-- save roles for user
294 if (requestUri.contains(PortalApiConstants.API_PREFIX + "/user/") && requestUri.endsWith("/roles")) {
295 String loginId = requestUri.substring(requestUri.indexOf("/user/") + ("/user").length() + 1,
296 requestUri.lastIndexOf('/'));
298 if (isCentralized.equals(isAccessCentralized)) {
299 responseJson = buildJsonResponse(true, errorMessage);
300 response.setStatus(HttpServletResponse.SC_OK);
302 TypeReference<List<EcompRole>> typeRef = new TypeReference<List<EcompRole>>() {
304 List<EcompRole> roles = mapper.readValue(requestBody, typeRef);
305 pushUserRole(loginId, roles);
306 if (logger.isDebugEnabled())
307 logger.debug("doPost: pushUserRole: success");
308 responseJson = buildJsonResponse(true, "saveRoles is successful");
309 response.setStatus(HttpServletResponse.SC_OK);
311 } catch (Exception ex) {
312 responseJson = buildJsonResponse(ex);
313 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
314 logger.error("doPost: pushUserRole: caught exception", ex);
317 String msg = "doPost: no match for request " + requestUri;
318 logger.warn( ESAPI.encoder().encodeForHTML(msg));
319 responseJson = buildJsonResponse(false, msg);
320 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
322 } catch (Exception ex) {
323 logger.error("doPost: Failed to process request " + ESAPI.encoder().encodeForHTML(requestUri), ex);
324 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
325 responseJson = buildJsonResponse(ex);
328 writeAndFlush(response, APPLICATION_JSON, responseJson);
333 protected void doGet(HttpServletRequest request, HttpServletResponse response)
334 throws IOException, ServletException {
336 if (portalRestApiServiceImpl == null) {
337 // Should never happen due to checks in init()
338 logger.error("doGet: no service class instance");
339 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
340 writeAndFlush(response, APPLICATION_JSON,
341 buildJsonResponse(false, "Misconfigured - no instance of service class"));
345 String requestUri = request.getRequestURI();
346 String contentType = APPLICATION_JSON;
347 String webAnalyticsContextPath = "/analytics";
348 if (requestUri.endsWith(PortalApiConstants.API_PREFIX + webAnalyticsContextPath)) {
349 String responseString;
352 userId = getUserId(request);
353 } catch (PortalAPIException e) {
354 logger.error("Issue with invoking getUserId implemenation !!! ", e);
355 throw new ServletException(e);
357 if (userId == null || userId.length() == 0) {
358 logger.debug("doGet: userId is null or empty");
359 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
360 responseString = buildJsonResponse(false, "Not authorized for " + webAnalyticsContextPath);
362 // User ID obtained from request
364 String appUserName = "";
365 String appPassword = "";
368 for (Map.Entry<String, String> entry : getCredentials().entrySet()) {
370 if (entry.getKey().equalsIgnoreCase("username")) {
371 appUserName = entry.getValue();
372 } else if (entry.getKey().equalsIgnoreCase("password")) {
373 appPassword = entry.getValue();
375 appName = entry.getValue();
378 String credential = PortalApiProperties.getProperty(PortalApiConstants.UEB_APP_KEY);
379 // for now lets also pass uebkey as user name and password
380 contentType = "text/javascript";
382 responseString = RestWebServiceClient.getInstance().getPortalContent(webAnalyticsContextPath,
383 userId, appName, null, appUserName, appPassword, true);
385 if (logger.isDebugEnabled())
386 logger.debug("doGet: " + webAnalyticsContextPath + ": " + responseString);
387 response.setStatus(HttpServletResponse.SC_OK);
388 } catch (Exception ex) {
389 responseString = buildJsonResponse(ex);
390 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
391 logger.error("doGet: " + webAnalyticsContextPath + " caught exception", ex);
394 writeAndFlush(response, contentType, responseString);
398 boolean secure = false;
400 secure = isAppAuthenticated(request);
401 } catch (PortalAPIException ex) {
402 logger.error("doGet: isAppAuthenticated threw exception", ex);
403 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
404 writeAndFlush(response, APPLICATION_JSON, buildJsonResponse(false, "Failed to authenticate request"));
409 if (logger.isDebugEnabled())
410 logger.debug("doGet: isAppAuthenticated answered false");
411 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
412 writeAndFlush(response, APPLICATION_JSON, buildJsonResponse(false, "Not authorized"));
416 String responseJson = null;
418 // Ignore any request body in a GET.
419 logger.debug("doGet: URI = " + requestUri);
422 * 1. /roles <-- get roles
424 * 2. /user/{loginId} <-- get user
426 * 3. /users <-- get all users
428 * 4. /user/{loginId}/roles <-- get roles for user
431 if (requestUri.endsWith("/sessionTimeOuts")) {
433 responseJson = getSessionTimeOuts();
434 logger.debug("doGet: got session timeouts");
435 response.setStatus(HttpServletResponse.SC_OK);
436 } catch(Exception ex) {
437 String msg = "Failed to get session time outs";
438 logger.error("doGet: " + msg);
439 responseJson = buildJsonResponse(false, msg);
440 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
443 // Example: /users <-- get all users
444 if (requestUri.endsWith(PortalApiConstants.API_PREFIX + "/users")) {
446 List<EcompUser> users = getUsers();
447 responseJson = mapper.writeValueAsString(users);
448 if (logger.isDebugEnabled())
449 logger.debug("doGet: getUsers: " + responseJson);
450 } catch (Exception ex) {
451 responseJson = buildShortJsonResponse(ex);
452 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
453 logger.error("doGet: getUsers: caught exception", ex);
456 // Example: /roles <-- get all roles
458 if (requestUri.endsWith(PortalApiConstants.API_PREFIX + "/roles")) {
460 List<EcompRole> roles = getAvailableRoles(getUserId(request));
461 responseJson = mapper.writeValueAsString(roles);
462 if (logger.isDebugEnabled())
463 logger.debug("doGet: getAvailableRoles: " + responseJson);
464 } catch (Exception ex) {
465 responseJson = buildJsonResponse(ex);
466 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
467 logger.error("doGet: getAvailableRoles: caught exception", ex);
470 // Example: /user/abc <-- get user abc
471 if (requestUri.contains(PortalApiConstants.API_PREFIX + "/user/") && !requestUri.endsWith("/roles")) {
472 String loginId = requestUri.substring(requestUri.lastIndexOf('/') + 1);
474 EcompUser user = getUser(loginId);
475 responseJson = mapper.writeValueAsString(user);
476 if (logger.isDebugEnabled())
477 logger.debug("doGet: getUser: " + responseJson);
478 } catch (Exception ex) {
479 responseJson = buildJsonResponse(ex);
480 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
481 logger.error("doGet: getUser: caught exception", ex);
484 // Example: /user/abc/roles <-- get roles for user abc
485 else if (requestUri.contains(PortalApiConstants.API_PREFIX + "/user/") && requestUri.endsWith("/roles")) {
486 String loginId = requestUri.substring(requestUri.indexOf("/user/") + ("/user").length() + 1,
487 requestUri.lastIndexOf('/'));
489 List<EcompRole> roles = getUserRoles(loginId);
490 responseJson = mapper.writeValueAsString(roles);
491 if (logger.isDebugEnabled())
492 logger.debug("doGet: getUserRoles: " + responseJson);
493 } catch (Exception ex) {
494 responseJson = buildJsonResponse(ex);
495 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
496 logger.error("doGet: getUserRoles: caught exception", ex);
500 logger.warn("doGet: no match found for request");
501 responseJson = buildJsonResponse(false, "No match for request");
502 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
504 } catch (Exception ex) {
505 logger.error("doGet: Failed to process request", ex);
506 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
507 responseJson = buildJsonResponse(ex);
509 writeAndFlush(response, APPLICATION_JSON, responseJson);
512 public String getSessionTimeOuts() {
513 return PortalTimeoutHandler.gatherSessionExtensions();
516 public boolean timeoutSession(String portalJSessionId) {
517 return PortalTimeoutHandler.invalidateSession(portalJSessionId);
520 public boolean updateSessionTimeOuts(String sessionMap) {
521 return PortalTimeoutHandler.updateSessionExtensions(sessionMap);
525 public void pushUser(EcompUser user) throws PortalAPIException {
526 portalRestApiServiceImpl.pushUser(user);
530 public void editUser(String loginId, EcompUser user) throws PortalAPIException {
531 portalRestApiServiceImpl.editUser(loginId, user);
535 public EcompUser getUser(String loginId) throws PortalAPIException {
536 return portalRestApiServiceImpl.getUser(loginId);
540 public List<EcompUser> getUsers() throws PortalAPIException {
541 return portalRestApiServiceImpl.getUsers();
545 public List<EcompRole> getAvailableRoles(String requestedLoginId) throws PortalAPIException {
546 return portalRestApiServiceImpl.getAvailableRoles(requestedLoginId);
550 public void pushUserRole(String loginId, List<EcompRole> roles) throws PortalAPIException {
551 portalRestApiServiceImpl.pushUserRole(loginId, roles);
555 public List<EcompRole> getUserRoles(String loginId) throws PortalAPIException {
556 return portalRestApiServiceImpl.getUserRoles(loginId);
560 public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException {
561 return portalRestApiServiceImpl.isAppAuthenticated(request);
565 * Sets the content type and writes the response.
569 * @param responseBody
570 * @throws IOException
572 private void writeAndFlush(HttpServletResponse response, String contentType, String responseBody)
574 response.setContentType(contentType);
575 PrintWriter out = response.getWriter();
576 out.print(responseBody);
581 * Reads the request body and closes the input stream.
584 * @return String read from the request, the empty string if nothing is read.
585 * @throws IOException
587 private static String readRequestBody(HttpServletRequest request) throws IOException {
590 StringBuilder stringBuilder = new StringBuilder();
591 BufferedReader bufferedReader = null;
593 InputStream inputStream = request.getInputStream();
594 if (inputStream != null) {
595 bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
596 char[] charBuffer = new char[1024];
598 while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
599 stringBuilder.append(charBuffer, 0, bytesRead);
602 stringBuilder.append("");
605 if (bufferedReader != null) {
607 bufferedReader.close();
608 } catch (IOException ex) {
609 logger.error("readRequestBody", ex);
613 body = stringBuilder.toString();
618 * Builds JSON object with status + message response body.
621 * True to indicate success, false to signal failure.
623 * Message to include in the response object; ignored if null.
627 * { "status" : "ok" (or "error"), "message": "some explanation" }
630 private String buildJsonResponse(boolean success, String msg) {
631 PortalAPIResponse response = new PortalAPIResponse(success, msg);
634 json = mapper.writeValueAsString(response);
635 } catch (JsonProcessingException ex) {
636 // Truly should never, ever happen
637 logger.error("buildJsonResponse", ex);
638 json = "{ \"status\": \"error\",\"message\":\"" + ex.toString() + "\" }";
644 * Builds JSON object with status of error and message containing stack trace
645 * for the specified throwable.
648 * Throwable with stack trace to use as message
653 * { "status" : "error", "message": "some-big-stacktrace" }
656 private String buildJsonResponse(Throwable t) {
657 StringWriter sw = new StringWriter();
658 PrintWriter pw = new PrintWriter(sw);
659 t.printStackTrace(pw);
660 return buildJsonResponse(false, sw.toString());
663 private String buildShortJsonResponse(Throwable t)
665 String errorMessage = t.getMessage();
666 return buildJsonResponse(false, errorMessage);
670 public String getUserId(HttpServletRequest request) throws PortalAPIException {
671 return portalRestApiServiceImpl.getUserId(request);
674 public static IPortalRestAPIService getPortalRestApiServiceImpl() {
675 return portalRestApiServiceImpl;
678 public static void setPortalRestApiServiceImpl(IPortalRestAPIService portalRestApiServiceImpl) {
679 PortalRestAPIProxy.portalRestApiServiceImpl = portalRestApiServiceImpl;
683 public Map<String, String> getCredentials() throws PortalAPIException {
684 return portalRestApiServiceImpl.getCredentials();
Code Review / portal / sdk.git / blob