stopPush API add Basic Auth

Adjust the revision exception
sofastack · Nov 21, 2023 · 3f8d150 · 3f8d150
1 parent 13b476e
commit 3f8d150
Show file tree

Hide file tree

Showing 7 changed files with 130 additions and 9 deletions.
diff --git a/...n/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java b/...n/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java
@@ -156,6 +156,9 @@ public class ValueConstants {
           "change_push_task.delay.config",
           SESSION_PROVIDE_DATA_INSTANCE_ID,
           SESSION_PROVIDE_DATA_GROUP);
+  public static final String ADMIN_API_TOKEN_DATA_ID =
+      DataInfo.toDataInfoId(
+          "admin.api.token", SESSION_PROVIDE_DATA_INSTANCE_ID, SESSION_PROVIDE_DATA_GROUP);
 
   public static final String DISABLE_DATA_ID_CASE_SENSITIVE_SWITCH =
       "disable.dataId.case.sensitive";

diff --git a/...src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java b/...src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java
@@ -64,6 +64,7 @@
 import com.alipay.sofa.registry.server.meta.resource.SlotSyncResource;
 import com.alipay.sofa.registry.server.meta.resource.SlotTableResource;
 import com.alipay.sofa.registry.server.meta.resource.StopPushDataResource;
+import com.alipay.sofa.registry.server.meta.resource.filter.AuthRestFilter;
 import com.alipay.sofa.registry.server.meta.resource.filter.LeaderAwareFilter;
 import com.alipay.sofa.registry.server.meta.slot.status.SlotTableStatusService;
 import com.alipay.sofa.registry.server.shared.config.CommonConfig;
@@ -335,6 +336,11 @@ public LeaderAwareFilter leaderAwareFilter() {
       return new LeaderAwareFilter();
     }
 
+    @Bean
+    public AuthRestFilter authRestFilter() {
+      return new AuthRestFilter();
+    }
+
     @Bean
     public ProvideDataResource provideDataResource() {
       return new ProvideDataResource();

diff --git a/...eta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java b/...eta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java
@@ -27,6 +27,7 @@
 import com.alipay.sofa.registry.log.LoggerFactory;
 import com.alipay.sofa.registry.server.meta.provide.data.DefaultProvideDataNotifier;
 import com.alipay.sofa.registry.server.meta.provide.data.ProvideDataService;
+import com.alipay.sofa.registry.server.meta.resource.filter.AuthRestController;
 import com.alipay.sofa.registry.server.meta.resource.filter.LeaderAwareRestController;
 import com.alipay.sofa.registry.util.JsonUtils;
 import com.fasterxml.jackson.core.JsonProcessingException;
@@ -59,6 +60,7 @@ public class StopPushDataResource {
   @GET
   @Path("open")
   @Produces(MediaType.APPLICATION_JSON)
+  @AuthRestController
   public Result closePush() {
     boolean ret;
     Result result = new Result();

diff --git a/...rc/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java b/...rc/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alipay.sofa.registry.server.meta.resource.filter;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import javax.ws.rs.NameBinding;
+
+/**
+ * @author jiangcun.hlc
+ *     <p>Nov 17, 2023
+ */
+@NameBinding
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(value = RetentionPolicy.RUNTIME)
+public @interface AuthRestController {}
diff --git a/...ta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java b/...ta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alipay.sofa.registry.server.meta.resource.filter;
+
+import static com.alipay.sofa.registry.common.model.constants.ValueConstants.ADMIN_API_TOKEN_DATA_ID;
+
+import com.alipay.sofa.registry.common.model.console.PersistenceData;
+import com.alipay.sofa.registry.log.Logger;
+import com.alipay.sofa.registry.log.LoggerFactory;
+import com.alipay.sofa.registry.server.meta.provide.data.ProvideDataService;
+import com.alipay.sofa.registry.store.api.DBResponse;
+import com.alipay.sofa.registry.store.api.OperationStatus;
+import java.io.IOException;
+import javax.annotation.Priority;
+import javax.ws.rs.Priorities;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.Provider;
+import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * @author jiangcun.hlc
+ *     <p>Nov 17, 2023
+ */
+@Provider
+@AuthRestController
+@Priority(Priorities.USER)
+public class AuthRestFilter implements ContainerRequestFilter {
+  private static final Logger LOGGER = LoggerFactory.getLogger(AuthRestFilter.class);
+
+  @Autowired private ProvideDataService provideDataService;
+
+  @Override
+  public void filter(ContainerRequestContext containerRequestContext) throws IOException {
+    boolean authAllow;
+    DBResponse<PersistenceData> queryResponse =
+        provideDataService.queryProvideData(ADMIN_API_TOKEN_DATA_ID);
+    if (queryResponse.getOperationStatus() == OperationStatus.SUCCESS) {
+      authAllow =
+          StringUtils.equals(
+              queryResponse.getEntity().getData(), getAuthToken(containerRequestContext));
+    } else {
+      authAllow = true;
+    }
+    if (!authAllow) {
+      Response response =
+          Response.status(Response.Status.BAD_REQUEST)
+              .header("reason", "auth check failed!")
+              .build();
+      LOGGER.error(
+          "[filter] url: %s, auth check fail!", containerRequestContext.getUriInfo().getPath());
+      containerRequestContext.abortWith(response);
+    }
+  }
+
+  public String getAuthToken(ContainerRequestContext context) {
+    String token = context.getHeaderString("x-apiauth-token");
+    if (StringUtils.isNotBlank(token)) {
+      return token;
+    }
+    return "unknown";
+  }
+}
diff --git a/...jdbc/exception/RevisionNotExistError.java → .../exception/RevisionNotExistException.java b/...jdbc/exception/RevisionNotExistError.java → .../exception/RevisionNotExistException.java
@@ -20,9 +20,9 @@
  * @author xiaojian.xj
  * @version $Id: RevisionNotExistException.java, v 0.1 2021年02月03日 15:59 xiaojian.xj Exp $
  */
-public class RevisionNotExistError extends Error {
+public class RevisionNotExistException extends RuntimeException {
 
-  public RevisionNotExistError(String revision) {
+  public RevisionNotExistException(String revision) {
     super(String.format("revision: %s not exist.", revision));
   }
 }
diff --git a/...rc/main/java/com/alipay/sofa/registry/jdbc/repository/impl/AppRevisionJdbcRepository.java b/...rc/main/java/com/alipay/sofa/registry/jdbc/repository/impl/AppRevisionJdbcRepository.java
@@ -26,7 +26,7 @@
 import com.alipay.sofa.registry.jdbc.constant.TableEnum;
 import com.alipay.sofa.registry.jdbc.convertor.AppRevisionDomainConvertor;
 import com.alipay.sofa.registry.jdbc.domain.AppRevisionDomain;
-import com.alipay.sofa.registry.jdbc.exception.RevisionNotExistError;
+import com.alipay.sofa.registry.jdbc.exception.RevisionNotExistException;
 import com.alipay.sofa.registry.jdbc.informer.BaseInformer;
 import com.alipay.sofa.registry.jdbc.mapper.AppRevisionMapper;
 import com.alipay.sofa.registry.log.Logger;
@@ -45,7 +45,6 @@
 import com.google.common.cache.LoadingCache;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
-import com.google.common.util.concurrent.ExecutionError;
 import java.util.*;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ScheduledExecutorService;
@@ -102,14 +101,14 @@ public AppRevision load(String revision) throws InterruptedException {
                     List<AppRevisionDomain> revisionDomains =
                         appRevisionMapper.queryRevision(dataCenters, revision);
                     if (CollectionUtils.isEmpty(revisionDomains)) {
-                      throw new RevisionNotExistError(revision);
+                      throw new RevisionNotExistException(revision);
                     }
                     for (AppRevisionDomain revisionDomain : revisionDomains) {
                       if (!revisionDomain.isDeleted()) {
                         return AppRevisionDomainConvertor.convert2Revision(revisionDomain);
                       }
                     }
-                    throw new RevisionNotExistError(revision);
+                    throw new RevisionNotExistException(revision);
                   }
                 });
     CacheCleaner.autoClean(localRevisions, 1000 * 60 * 10);
@@ -175,9 +174,9 @@ public AppRevision queryRevision(String revision) {
     } catch (ExecutionException e) {
       LOG.error("jdbc query revision error, revision: {}", revision, e);
       throw new RuntimeException("jdbc refresh revision failed", e);
-    } catch (ExecutionError e) {
-      if (e.getCause() instanceof RevisionNotExistError) {
-        LOG.info("jdbc query revision failed, revision: {} not exist in db", revision, e);
+    } catch (Throwable t) {
+      if (t.getCause() instanceof RevisionNotExistException) {
+        LOG.info("jdbc query revision failed, revision: {} not exist in db", revision, t);
       }
     }
     return null;