hawkbit-ddi-resource: do not log range requests

Range requests can be extremely numerous, and logging them is counter
productive. The large number of messages can overflow the action history,
making it nearly useless. Worse this can trigger denial-of-service protection
limits, even on moderate artifact sizes.

Signed-off-by: Zygmunt Krynicki <[email protected]>

hawkbit-rest/hawkbit-ddi-resource/src/main/java/org/eclipse/hawkbit/ddi/rest/resource/DdiRootController.java

@@ -204,7 +204,7 @@ public ResponseEntity<InputStream> downloadArtifact(@PathVariable("tenant") fina
                 final ActionStatus action = checkAndLogDownload(requestResponseContextHolder.getHttpServletRequest(),
                         target, module.getId());
 
-                final Long statusId = action.getId();
+                final Long statusId = action != null ? action.getId() : Long.valueOf(0);
 
                 result = FileStreamingUtil.writeFileResponse(file, artifact.getFilename(), artifact.getCreatedAt(),
                         requestResponseContextHolder.getHttpServletResponse(),
@@ -226,13 +226,11 @@ private ActionStatus checkAndLogDownload(final HttpServletRequest request, final
         final String range = request.getHeader("Range");
 
         final String message;
-        if (range != null) {
-            message = RepositoryConstants.SERVER_MESSAGE_PREFIX + "Target downloads range " + range + " of: "
-                    + request.getRequestURI();
-        } else {
-            message = RepositoryConstants.SERVER_MESSAGE_PREFIX + "Target downloads " + request.getRequestURI();
+        if (range == null) {
+            return null;
         }
 
+        message = RepositoryConstants.SERVER_MESSAGE_PREFIX + "Target downloads " + request.getRequestURI();
         return controllerManagement.addInformationalActionStatus(
                 entityFactory.actionStatus().create(action.getId()).status(Status.DOWNLOAD).message(message));
     }