stopPush API add Basic Auth

server/common/model/src/main/java/com/alipay/sofa/registry/common/model/constants/ValueConstants.java

@@ -151,11 +151,17 @@ public class ValueConstants {
           SESSION_PROVIDE_DATA_INSTANCE_ID,
           SESSION_PROVIDE_DATA_GROUP);
 
+<<<<<<< HEAD
   public static final String CHANGE_PUSH_TASK_DELAY_CONFIG_DATA_ID =
       DataInfo.toDataInfoId(
           "change_push_task.delay.config",
           SESSION_PROVIDE_DATA_INSTANCE_ID,
           SESSION_PROVIDE_DATA_GROUP);
+=======
+  public static final String ADMIN_API_TOKEN_DATA_ID =
+      DataInfo.toDataInfoId(
+          "admin.api.token", SESSION_PROVIDE_DATA_INSTANCE_ID, SESSION_PROVIDE_DATA_GROUP);
+>>>>>>> 1bc9b25d0 (stopPush API add Basic Auth)
 
   public static final String DISABLE_DATA_ID_CASE_SENSITIVE_SWITCH =
       "disable.dataId.case.sensitive";

server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/bootstrap/MetaServerConfiguration.java

@@ -49,6 +49,7 @@
 import com.alipay.sofa.registry.server.meta.remoting.handler.RegistryForbiddenServerHandler;
 import com.alipay.sofa.registry.server.meta.remoting.meta.LocalMetaExchanger;
 import com.alipay.sofa.registry.server.meta.remoting.meta.MetaServerRenewService;
+<<<<<<< HEAD
 import com.alipay.sofa.registry.server.meta.resource.BlacklistDataResource;
 import com.alipay.sofa.registry.server.meta.resource.CircuitBreakerResources;
 import com.alipay.sofa.registry.server.meta.resource.ClientManagerResource;
@@ -64,6 +65,10 @@
 import com.alipay.sofa.registry.server.meta.resource.SlotSyncResource;
 import com.alipay.sofa.registry.server.meta.resource.SlotTableResource;
 import com.alipay.sofa.registry.server.meta.resource.StopPushDataResource;
+=======
+import com.alipay.sofa.registry.server.meta.resource.*;
+import com.alipay.sofa.registry.server.meta.resource.filter.AuthRestFilter;
+>>>>>>> 1bc9b25d0 (stopPush API add Basic Auth)
 import com.alipay.sofa.registry.server.meta.resource.filter.LeaderAwareFilter;
 import com.alipay.sofa.registry.server.meta.slot.status.SlotTableStatusService;
 import com.alipay.sofa.registry.server.shared.config.CommonConfig;
@@ -335,6 +340,11 @@ public LeaderAwareFilter leaderAwareFilter() {
       return new LeaderAwareFilter();
     }
 
+    @Bean
+    public AuthRestFilter authRestFilter() {
+      return new AuthRestFilter();
+    }
+
     @Bean
     public ProvideDataResource provideDataResource() {
       return new ProvideDataResource();

server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/StopPushDataResource.java

@@ -27,6 +27,7 @@
 import com.alipay.sofa.registry.log.LoggerFactory;
 import com.alipay.sofa.registry.server.meta.provide.data.DefaultProvideDataNotifier;
 import com.alipay.sofa.registry.server.meta.provide.data.ProvideDataService;
+import com.alipay.sofa.registry.server.meta.resource.filter.AuthRestController;
 import com.alipay.sofa.registry.server.meta.resource.filter.LeaderAwareRestController;
 import com.alipay.sofa.registry.util.JsonUtils;
 import com.fasterxml.jackson.core.JsonProcessingException;
@@ -59,6 +60,7 @@ public class StopPushDataResource {
   @GET
   @Path("open")
   @Produces(MediaType.APPLICATION_JSON)
+  @AuthRestController
   public Result closePush() {
     boolean ret;
     Result result = new Result();

server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestController.java

@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alipay.sofa.registry.server.meta.resource.filter;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import javax.ws.rs.NameBinding;
+
+/**
+ * @author jiangcun.hlc
+ *     <p>Nov 17, 2023
+ */
+@NameBinding
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(value = RetentionPolicy.RUNTIME)
+public @interface AuthRestController {}

server/server/meta/src/main/java/com/alipay/sofa/registry/server/meta/resource/filter/AuthRestFilter.java

@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alipay.sofa.registry.server.meta.resource.filter;
+
+import static com.alipay.sofa.registry.common.model.constants.ValueConstants.ADMIN_API_TOKEN_DATA_ID;
+
+import com.alipay.sofa.registry.common.model.console.PersistenceData;
+import com.alipay.sofa.registry.log.Logger;
+import com.alipay.sofa.registry.log.LoggerFactory;
+import com.alipay.sofa.registry.server.meta.provide.data.ProvideDataService;
+import com.alipay.sofa.registry.store.api.DBResponse;
+import com.alipay.sofa.registry.store.api.OperationStatus;
+import java.io.IOException;
+import javax.annotation.Priority;
+import javax.ws.rs.Priorities;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.Provider;
+import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * @author jiangcun.hlc
+ *     <p>Nov 17, 2023
+ */
+@Provider
+@AuthRestController
+@Priority(Priorities.USER)
+public class AuthRestFilter implements ContainerRequestFilter {
+  private static final Logger LOGGER = LoggerFactory.getLogger(AuthRestFilter.class);
+
+  @Autowired private ProvideDataService provideDataService;
+
+  @Override
+  public void filter(ContainerRequestContext containerRequestContext) throws IOException {
+    boolean authAllow;
+    DBResponse<PersistenceData> queryResponse =
+        provideDataService.queryProvideData(ADMIN_API_TOKEN_DATA_ID);
+    if (queryResponse.getOperationStatus() == OperationStatus.SUCCESS) {
+      authAllow =
+          StringUtils.equals(
+              queryResponse.getEntity().getData(), getAuthToken(containerRequestContext));
+    } else {
+      authAllow = true;
+    }
+    if (!authAllow) {
+      Response response =
+          Response.status(Response.Status.BAD_REQUEST)
+              .header("reason", "auth check failed!")
+              .build();
+      LOGGER.error(
+          "[filter] url: %s, auth check fail!", containerRequestContext.getUriInfo().getPath());
+      containerRequestContext.abortWith(response);
+    }
+  }
+
+  public String getAuthToken(ContainerRequestContext context) {
+    String token = context.getHeaderString("x-apiauth-token");
+    if (StringUtils.isNotBlank(token)) {
+      return token;
+    }
+    return "unknown";
+  }
+}