From 3f8d1500c0722944db02c3eaac51936a04c1fd18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B1=9F=E6=9D=91?= Date: Mon, 20 Nov 2023 15:45:21 +0800 Subject: [PATCH] stopPush API add Basic Auth Adjust the revision exception --- .../model/constants/ValueConstants.java | 3 + .../bootstrap/MetaServerConfiguration.java | 6 ++ .../meta/resource/StopPushDataResource.java | 2 + .../resource/filter/AuthRestController.java | 32 ++++++++ .../meta/resource/filter/AuthRestFilter.java | 79 +++++++++++++++++++ ...or.java => RevisionNotExistException.java} | 4 +- .../impl/AppRevisionJdbcRepository.java | 13 ++- 7 files changed, 130 insertions(+), 9 deletions(-) create mode 100644 server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java create mode 100644 server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java rename server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/{RevisionNotExistError.java => RevisionNotExistException.java} (89%) diff --git a/server/common/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java b/server/common/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java index fbfe5ff3d..01b04a7eb 100644 --- a/server/common/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java +++ b/server/common/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java @@ -156,6 +156,9 @@ public class ValueConstants { "change_push_task.delay.config", SESSION_PROVIDE_DATA_INSTANCE_ID, SESSION_PROVIDE_DATA_GROUP); + public static final String ADMIN_API_TOKEN_DATA_ID = + DataInfo.toDataInfoId( + "admin.api.token", SESSION_PROVIDE_DATA_INSTANCE_ID, SESSION_PROVIDE_DATA_GROUP); public static final String DISABLE_DATA_ID_CASE_SENSITIVE_SWITCH = "disable.dataId.case.sensitive"; diff --git a/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java index 4703fea47..43c7e512d 100644 --- a/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java +++ b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java @@ -64,6 +64,7 @@ import com.alipay.sofa.registry.server.meta.resource.SlotSyncResource; import com.alipay.sofa.registry.server.meta.resource.SlotTableResource; import com.alipay.sofa.registry.server.meta.resource.StopPushDataResource; +import com.alipay.sofa.registry.server.meta.resource.filter.AuthRestFilter; import com.alipay.sofa.registry.server.meta.resource.filter.LeaderAwareFilter; import com.alipay.sofa.registry.server.meta.slot.status.SlotTableStatusService; import com.alipay.sofa.registry.server.shared.config.CommonConfig; @@ -335,6 +336,11 @@ public LeaderAwareFilter leaderAwareFilter() { return new LeaderAwareFilter(); } + @Bean + public AuthRestFilter authRestFilter() { + return new AuthRestFilter(); + } + @Bean public ProvideDataResource provideDataResource() { return new ProvideDataResource(); diff --git a/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java index d46ed6dd0..707bc380d 100644 --- a/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java +++ b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java @@ -27,6 +27,7 @@ import com.alipay.sofa.registry.log.LoggerFactory; import com.alipay.sofa.registry.server.meta.provide.data.DefaultProvideDataNotifier; import com.alipay.sofa.registry.server.meta.provide.data.ProvideDataService; +import com.alipay.sofa.registry.server.meta.resource.filter.AuthRestController; import com.alipay.sofa.registry.server.meta.resource.filter.LeaderAwareRestController; import com.alipay.sofa.registry.util.JsonUtils; import com.fasterxml.jackson.core.JsonProcessingException; @@ -59,6 +60,7 @@ public class StopPushDataResource { @GET @Path("open") @Produces(MediaType.APPLICATION_JSON) + @AuthRestController public Result closePush() { boolean ret; Result result = new Result(); diff --git a/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java new file mode 100644 index 000000000..fad7b431e --- /dev/null +++ b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.alipay.sofa.registry.server.meta.resource.filter; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; +import javax.ws.rs.NameBinding; + +/** + * @author jiangcun.hlc + *

Nov 17, 2023 + */ +@NameBinding +@Target({ElementType.TYPE, ElementType.METHOD}) +@Retention(value = RetentionPolicy.RUNTIME) +public @interface AuthRestController {} diff --git a/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java new file mode 100644 index 000000000..feddb25f0 --- /dev/null +++ b/server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.alipay.sofa.registry.server.meta.resource.filter; + +import static com.alipay.sofa.registry.common.model.constants.ValueConstants.ADMIN_API_TOKEN_DATA_ID; + +import com.alipay.sofa.registry.common.model.console.PersistenceData; +import com.alipay.sofa.registry.log.Logger; +import com.alipay.sofa.registry.log.LoggerFactory; +import com.alipay.sofa.registry.server.meta.provide.data.ProvideDataService; +import com.alipay.sofa.registry.store.api.DBResponse; +import com.alipay.sofa.registry.store.api.OperationStatus; +import java.io.IOException; +import javax.annotation.Priority; +import javax.ws.rs.Priorities; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.Response; +import javax.ws.rs.ext.Provider; +import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +/** + * @author jiangcun.hlc + *

Nov 17, 2023 + */ +@Provider +@AuthRestController +@Priority(Priorities.USER) +public class AuthRestFilter implements ContainerRequestFilter { + private static final Logger LOGGER = LoggerFactory.getLogger(AuthRestFilter.class); + + @Autowired private ProvideDataService provideDataService; + + @Override + public void filter(ContainerRequestContext containerRequestContext) throws IOException { + boolean authAllow; + DBResponse queryResponse = + provideDataService.queryProvideData(ADMIN_API_TOKEN_DATA_ID); + if (queryResponse.getOperationStatus() == OperationStatus.SUCCESS) { + authAllow = + StringUtils.equals( + queryResponse.getEntity().getData(), getAuthToken(containerRequestContext)); + } else { + authAllow = true; + } + if (!authAllow) { + Response response = + Response.status(Response.Status.BAD_REQUEST) + .header("reason", "auth check failed!") + .build(); + LOGGER.error( + "[filter] url: %s, auth check fail!", containerRequestContext.getUriInfo().getPath()); + containerRequestContext.abortWith(response); + } + } + + public String getAuthToken(ContainerRequestContext context) { + String token = context.getHeaderString("x-apiauth-token"); + if (StringUtils.isNotBlank(token)) { + return token; + } + return "unknown"; + } +} diff --git a/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/RevisionNotExistError.java b/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/RevisionNotExistException.java similarity index 89% rename from server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/RevisionNotExistError.java rename to server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/RevisionNotExistException.java index cad1a02a3..395847294 100644 --- a/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/RevisionNotExistError.java +++ b/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/exception/RevisionNotExistException.java @@ -20,9 +20,9 @@ * @author xiaojian.xj * @version $Id: RevisionNotExistException.java, v 0.1 2021年02月03日 15:59 xiaojian.xj Exp $ */ -public class RevisionNotExistError extends Error { +public class RevisionNotExistException extends RuntimeException { - public RevisionNotExistError(String revision) { + public RevisionNotExistException(String revision) { super(String.format("revision: %s not exist.", revision)); } } diff --git a/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/repository/impl/AppRevisionJdbcRepository.java b/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/repository/impl/AppRevisionJdbcRepository.java index 4e6050896..b8ec963a2 100644 --- a/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/repository/impl/AppRevisionJdbcRepository.java +++ b/server/store/jdbc/src/main/java/com/alipay/sofa/registry/jdbc/repository/impl/AppRevisionJdbcRepository.java @@ -26,7 +26,7 @@ import com.alipay.sofa.registry.jdbc.constant.TableEnum; import com.alipay.sofa.registry.jdbc.convertor.AppRevisionDomainConvertor; import com.alipay.sofa.registry.jdbc.domain.AppRevisionDomain; -import com.alipay.sofa.registry.jdbc.exception.RevisionNotExistError; +import com.alipay.sofa.registry.jdbc.exception.RevisionNotExistException; import com.alipay.sofa.registry.jdbc.informer.BaseInformer; import com.alipay.sofa.registry.jdbc.mapper.AppRevisionMapper; import com.alipay.sofa.registry.log.Logger; @@ -45,7 +45,6 @@ import com.google.common.cache.LoadingCache; import com.google.common.collect.Maps; import com.google.common.collect.Sets; -import com.google.common.util.concurrent.ExecutionError; import java.util.*; import java.util.concurrent.ExecutionException; import java.util.concurrent.ScheduledExecutorService; @@ -102,14 +101,14 @@ public AppRevision load(String revision) throws InterruptedException { List revisionDomains = appRevisionMapper.queryRevision(dataCenters, revision); if (CollectionUtils.isEmpty(revisionDomains)) { - throw new RevisionNotExistError(revision); + throw new RevisionNotExistException(revision); } for (AppRevisionDomain revisionDomain : revisionDomains) { if (!revisionDomain.isDeleted()) { return AppRevisionDomainConvertor.convert2Revision(revisionDomain); } } - throw new RevisionNotExistError(revision); + throw new RevisionNotExistException(revision); } }); CacheCleaner.autoClean(localRevisions, 1000 * 60 * 10); @@ -175,9 +174,9 @@ public AppRevision queryRevision(String revision) { } catch (ExecutionException e) { LOG.error("jdbc query revision error, revision: {}", revision, e); throw new RuntimeException("jdbc refresh revision failed", e); - } catch (ExecutionError e) { - if (e.getCause() instanceof RevisionNotExistError) { - LOG.info("jdbc query revision failed, revision: {} not exist in db", revision, e); + } catch (Throwable t) { + if (t.getCause() instanceof RevisionNotExistException) { + LOG.info("jdbc query revision failed, revision: {} not exist in db", revision, t); } } return null;