Browse Source
dashboard: Improve the ACL checking mechanism (#1042)
* Add `@AuthAction` annotation supportmaster
Roshi
Eric Zhao
5 years ago
13 changed files with 196 additions and 166 deletions
+ 34
- 0
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthAction.java
View File
| @@ -0,0 +1,34 @@ | |||||
| /* | |||||
| * Copyright 1999-2018 Alibaba Group Holding Ltd. | |||||
| * | |||||
| * Licensed under the Apache License, Version 2.0 (the "License"); | |||||
| * you may not use this file except in compliance with the License. | |||||
| * You may obtain a copy of the License at | |||||
| * | |||||
| * http://www.apache.org/licenses/LICENSE-2.0 | |||||
| * | |||||
| * Unless required by applicable law or agreed to in writing, software | |||||
| * distributed under the License is distributed on an "AS IS" BASIS, | |||||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||||
| * See the License for the specific language governing permissions and | |||||
| * limitations under the License. | |||||
| */ | |||||
| package com.alibaba.csp.sentinel.dashboard.auth; | |||||
| import java.lang.annotation.Documented; | |||||
| import java.lang.annotation.ElementType; | |||||
| import java.lang.annotation.Retention; | |||||
| import java.lang.annotation.RetentionPolicy; | |||||
| import java.lang.annotation.Target; | |||||
| @Retention(RetentionPolicy.RUNTIME) | |||||
| @Documented | |||||
| @Target({ElementType.METHOD}) | |||||
| public @interface AuthAction { | |||||
| AuthService.PrivilegeType value(); | |||||
| String targetName() default "app"; | |||||
| String message() default "No privilege"; | |||||
| } | |||||
+ 66
- 0
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthInterceptor.java
View File
| @@ -0,0 +1,66 @@ | |||||
| /* | |||||
| * Copyright 1999-2018 Alibaba Group Holding Ltd. | |||||
| * | |||||
| * Licensed under the Apache License, Version 2.0 (the "License"); | |||||
| * you may not use this file except in compliance with the License. | |||||
| * You may obtain a copy of the License at | |||||
| * | |||||
| * http://www.apache.org/licenses/LICENSE-2.0 | |||||
| * | |||||
| * Unless required by applicable law or agreed to in writing, software | |||||
| * distributed under the License is distributed on an "AS IS" BASIS, | |||||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||||
| * See the License for the specific language governing permissions and | |||||
| * limitations under the License. | |||||
| */ | |||||
| package com.alibaba.csp.sentinel.dashboard.auth; | |||||
| import com.alibaba.csp.sentinel.dashboard.domain.Result; | |||||
| import com.alibaba.fastjson.JSON; | |||||
| import org.springframework.beans.factory.annotation.Autowired; | |||||
| import org.springframework.stereotype.Component; | |||||
| import org.springframework.web.method.HandlerMethod; | |||||
| import org.springframework.web.servlet.HandlerInterceptor; | |||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import javax.servlet.http.HttpServletResponse; | |||||
| import java.io.IOException; | |||||
| import java.lang.reflect.Method; | |||||
| @Component | |||||
| public class AuthInterceptor implements HandlerInterceptor { | |||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @Override | |||||
| public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) | |||||
| throws Exception { | |||||
| if (handler.getClass().isAssignableFrom(HandlerMethod.class)) { | |||||
| Method method = ((HandlerMethod) handler).getMethod(); | |||||
| AuthAction authAction = method.getAnnotation(AuthAction.class); | |||||
| if (authAction != null) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| if (authUser == null) { | |||||
| responseNoPrivilegeMsg(response, authAction.message()); | |||||
| return false; | |||||
| } | |||||
| String target = request.getParameter(authAction.targetName()); | |||||
| if (!authUser.authTarget(target, authAction.value())) { | |||||
| responseNoPrivilegeMsg(response, authAction.message()); | |||||
| return false; | |||||
| } | |||||
| } | |||||
| } | |||||
| return true; | |||||
| } | |||||
| private void responseNoPrivilegeMsg(HttpServletResponse response, String message) throws IOException { | |||||
| Result result = Result.ofFail(-1, message); | |||||
| response.addHeader("Content-Type", "application/json;charset=UTF-8"); | |||||
| response.getOutputStream().write(JSON.toJSONBytes(result)); | |||||
| } | |||||
| } | |||||
+ 10
- 0
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/config/WebConfig.java
View File
| @@ -16,6 +16,7 @@ | |||||
| package com.alibaba.csp.sentinel.dashboard.config; | package com.alibaba.csp.sentinel.dashboard.config; | ||||
| import com.alibaba.csp.sentinel.adapter.servlet.CommonFilter; | import com.alibaba.csp.sentinel.adapter.servlet.CommonFilter; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthInterceptor; | |||||
| import com.alibaba.csp.sentinel.dashboard.filter.AuthFilter; | import com.alibaba.csp.sentinel.dashboard.filter.AuthFilter; | ||||
| import org.slf4j.Logger; | import org.slf4j.Logger; | ||||
| import org.slf4j.LoggerFactory; | import org.slf4j.LoggerFactory; | ||||
| @@ -23,6 +24,7 @@ import org.springframework.beans.factory.annotation.Autowired; | |||||
| import org.springframework.boot.web.servlet.FilterRegistrationBean; | import org.springframework.boot.web.servlet.FilterRegistrationBean; | ||||
| import org.springframework.context.annotation.Bean; | import org.springframework.context.annotation.Bean; | ||||
| import org.springframework.context.annotation.Configuration; | import org.springframework.context.annotation.Configuration; | ||||
| import org.springframework.web.servlet.config.annotation.InterceptorRegistry; | |||||
| import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; | import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; | ||||
| import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; | import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; | ||||
| import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; | ||||
| @@ -40,6 +42,14 @@ public class WebConfig implements WebMvcConfigurer { | |||||
| @Autowired | @Autowired | ||||
| private AuthFilter authFilter; | private AuthFilter authFilter; | ||||
| @Autowired | |||||
| private AuthInterceptor authInterceptor; | |||||
| @Override | |||||
| public void addInterceptors(InterceptorRegistry registry) { | |||||
| registry.addInterceptor(authInterceptor).addPathPatterns("/**"); | |||||
| } | |||||
| @Override | @Override | ||||
| public void addResourceHandlers(ResourceHandlerRegistry registry) { | public void addResourceHandlers(ResourceHandlerRegistry registry) { | ||||
| registry.addResourceHandler("/**").addResourceLocations("classpath:/resources/"); | registry.addResourceHandler("/**").addResourceLocations("classpath:/resources/"); | ||||
+ 9
- 22
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/AuthorityRuleController.java
View File
| @@ -18,12 +18,9 @@ package com.alibaba.csp.sentinel.dashboard.controller; | |||||
| import java.util.Date; | import java.util.Date; | ||||
| import java.util.List; | import java.util.List; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; | import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | ||||
| import com.alibaba.csp.sentinel.slots.block.RuleConstant; | import com.alibaba.csp.sentinel.slots.block.RuleConstant; | ||||
| import com.alibaba.csp.sentinel.util.StringUtil; | import com.alibaba.csp.sentinel.util.StringUtil; | ||||
| @@ -60,16 +57,11 @@ public class AuthorityRuleController { | |||||
| @Autowired | @Autowired | ||||
| private RuleRepository<AuthorityRuleEntity, Long> repository; | private RuleRepository<AuthorityRuleEntity, Long> repository; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @GetMapping("/rules") | @GetMapping("/rules") | ||||
| public Result<List<AuthorityRuleEntity>> apiQueryAllRulesForMachine(HttpServletRequest request, | |||||
| @RequestParam String app, | |||||
| @AuthAction(PrivilegeType.READ_RULE) | |||||
| public Result<List<AuthorityRuleEntity>> apiQueryAllRulesForMachine(@RequestParam String app, | |||||
| @RequestParam String ip, | @RequestParam String ip, | ||||
| @RequestParam Integer port) { | @RequestParam Integer port) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.READ_RULE); | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app cannot be null or empty"); | return Result.ofFail(-1, "app cannot be null or empty"); | ||||
| } | } | ||||
| @@ -119,10 +111,8 @@ public class AuthorityRuleController { | |||||
| } | } | ||||
| @PostMapping("/rule") | @PostMapping("/rule") | ||||
| public Result<AuthorityRuleEntity> apiAddAuthorityRule(HttpServletRequest request, | |||||
| @RequestBody AuthorityRuleEntity entity) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<AuthorityRuleEntity> apiAddAuthorityRule(@RequestBody AuthorityRuleEntity entity) { | |||||
| Result<AuthorityRuleEntity> checkResult = checkEntityInternal(entity); | Result<AuthorityRuleEntity> checkResult = checkEntityInternal(entity); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| return checkResult; | return checkResult; | ||||
| @@ -144,11 +134,9 @@ public class AuthorityRuleController { | |||||
| } | } | ||||
| @PutMapping("/rule/{id}") | @PutMapping("/rule/{id}") | ||||
| public Result<AuthorityRuleEntity> apiUpdateParamFlowRule(HttpServletRequest request, | |||||
| @PathVariable("id") Long id, | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<AuthorityRuleEntity> apiUpdateParamFlowRule(@PathVariable("id") Long id, | |||||
| @RequestBody AuthorityRuleEntity entity) { | @RequestBody AuthorityRuleEntity entity) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| if (id == null || id <= 0) { | if (id == null || id <= 0) { | ||||
| return Result.ofFail(-1, "Invalid id"); | return Result.ofFail(-1, "Invalid id"); | ||||
| } | } | ||||
| @@ -176,8 +164,8 @@ public class AuthorityRuleController { | |||||
| } | } | ||||
| @DeleteMapping("/rule/{id}") | @DeleteMapping("/rule/{id}") | ||||
| public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id") Long id) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.DELETE_RULE) | |||||
| public Result<Long> apiDeleteRule(@PathVariable("id") Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id cannot be null"); | return Result.ofFail(-1, "id cannot be null"); | ||||
| } | } | ||||
| @@ -185,7 +173,6 @@ public class AuthorityRuleController { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| } catch (Exception e) { | } catch (Exception e) { | ||||
+ 11
- 22
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/DegradeController.java
View File
| @@ -18,12 +18,9 @@ package com.alibaba.csp.sentinel.dashboard.controller; | |||||
| import java.util.Date; | import java.util.Date; | ||||
| import java.util.List; | import java.util.List; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; | import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | ||||
| import com.alibaba.csp.sentinel.slots.block.RuleConstant; | import com.alibaba.csp.sentinel.slots.block.RuleConstant; | ||||
| import com.alibaba.csp.sentinel.util.StringUtil; | import com.alibaba.csp.sentinel.util.StringUtil; | ||||
| @@ -54,14 +51,10 @@ public class DegradeController { | |||||
| @Autowired | @Autowired | ||||
| private SentinelApiClient sentinelApiClient; | private SentinelApiClient sentinelApiClient; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @ResponseBody | @ResponseBody | ||||
| @RequestMapping("/rules.json") | @RequestMapping("/rules.json") | ||||
| public Result<List<DegradeRuleEntity>> queryMachineRules(HttpServletRequest request, String app, String ip, Integer port) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.READ_RULE); | |||||
| @AuthAction(PrivilegeType.READ_RULE) | |||||
| public Result<List<DegradeRuleEntity>> queryMachineRules(String app, String ip, Integer port) { | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| @@ -84,12 +77,9 @@ public class DegradeController { | |||||
| @ResponseBody | @ResponseBody | ||||
| @RequestMapping("/new.json") | @RequestMapping("/new.json") | ||||
| public Result<DegradeRuleEntity> add(HttpServletRequest request, | |||||
| String app, String ip, Integer port, String limitApp, String resource, | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<DegradeRuleEntity> add(String app, String ip, Integer port, String limitApp, String resource, | |||||
| Double count, Integer timeWindow, Integer grade) { | Double count, Integer timeWindow, Integer grade) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.WRITE_RULE); | |||||
| if (StringUtil.isBlank(app)) { | if (StringUtil.isBlank(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| } | } | ||||
| @@ -143,10 +133,9 @@ public class DegradeController { | |||||
| @ResponseBody | @ResponseBody | ||||
| @RequestMapping("/save.json") | @RequestMapping("/save.json") | ||||
| public Result<DegradeRuleEntity> updateIfNotNull(HttpServletRequest request, | |||||
| Long id, String app, String limitApp, String resource, | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<DegradeRuleEntity> updateIfNotNull(Long id, String app, String limitApp, String resource, | |||||
| Double count, Integer timeWindow, Integer grade) { | Double count, Integer timeWindow, Integer grade) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -159,7 +148,7 @@ public class DegradeController { | |||||
| if (entity == null) { | if (entity == null) { | ||||
| return Result.ofFail(-1, "id " + id + " dose not exist"); | return Result.ofFail(-1, "id " + id + " dose not exist"); | ||||
| } | } | ||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| if (StringUtil.isNotBlank(app)) { | if (StringUtil.isNotBlank(app)) { | ||||
| entity.setApp(app.trim()); | entity.setApp(app.trim()); | ||||
| } | } | ||||
| @@ -195,8 +184,8 @@ public class DegradeController { | |||||
| @ResponseBody | @ResponseBody | ||||
| @RequestMapping("/delete.json") | @RequestMapping("/delete.json") | ||||
| public Result<Long> delete(HttpServletRequest request, Long id) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.DELETE_RULE) | |||||
| public Result<Long> delete(Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -205,7 +194,7 @@ public class DegradeController { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| } catch (Throwable throwable) { | } catch (Throwable throwable) { | ||||
+ 11
- 21
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/FlowControllerV1.java
View File
| @@ -18,10 +18,7 @@ package com.alibaba.csp.sentinel.dashboard.controller; | |||||
| import java.util.Date; | import java.util.Date; | ||||
| import java.util.List; | import java.util.List; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | ||||
| import com.alibaba.csp.sentinel.util.StringUtil; | import com.alibaba.csp.sentinel.util.StringUtil; | ||||
| @@ -57,19 +54,15 @@ public class FlowControllerV1 { | |||||
| @Autowired | @Autowired | ||||
| private InMemoryRuleRepositoryAdapter<FlowRuleEntity> repository; | private InMemoryRuleRepositoryAdapter<FlowRuleEntity> repository; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @Autowired | @Autowired | ||||
| private SentinelApiClient sentinelApiClient; | private SentinelApiClient sentinelApiClient; | ||||
| @GetMapping("/rules") | @GetMapping("/rules") | ||||
| public Result<List<FlowRuleEntity>> apiQueryMachineRules(HttpServletRequest request, | |||||
| @RequestParam String app, | |||||
| @AuthAction(PrivilegeType.READ_RULE) | |||||
| public Result<List<FlowRuleEntity>> apiQueryMachineRules(@RequestParam String app, | |||||
| @RequestParam String ip, | @RequestParam String ip, | ||||
| @RequestParam Integer port) { | @RequestParam Integer port) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.READ_RULE); | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| @@ -138,10 +131,8 @@ public class FlowControllerV1 { | |||||
| } | } | ||||
| @PostMapping("/rule") | @PostMapping("/rule") | ||||
| public Result<FlowRuleEntity> apiAddFlowRule(HttpServletRequest request, @RequestBody FlowRuleEntity entity) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<FlowRuleEntity> apiAddFlowRule(@RequestBody FlowRuleEntity entity) { | |||||
| Result<FlowRuleEntity> checkResult = checkEntityInternal(entity); | Result<FlowRuleEntity> checkResult = checkEntityInternal(entity); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| return checkResult; | return checkResult; | ||||
| @@ -165,14 +156,12 @@ public class FlowControllerV1 { | |||||
| } | } | ||||
| @PutMapping("/save.json") | @PutMapping("/save.json") | ||||
| public Result<FlowRuleEntity> updateIfNotNull(HttpServletRequest request, Long id, String app, | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<FlowRuleEntity> updateIfNotNull(Long id, String app, | |||||
| String limitApp, String resource, Integer grade, | String limitApp, String resource, Integer grade, | ||||
| Double count, Integer strategy, String refResource, | Double count, Integer strategy, String refResource, | ||||
| Integer controlBehavior, Integer warmUpPeriodSec, | Integer controlBehavior, Integer warmUpPeriodSec, | ||||
| Integer maxQueueingTimeMs) { | Integer maxQueueingTimeMs) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.WRITE_RULE); | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -246,8 +235,9 @@ public class FlowControllerV1 { | |||||
| } | } | ||||
| @DeleteMapping("/delete.json") | @DeleteMapping("/delete.json") | ||||
| public Result<Long> delete(HttpServletRequest request, Long id) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<Long> delete(Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -255,7 +245,7 @@ public class FlowControllerV1 { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| } catch (Exception e) { | } catch (Exception e) { | ||||
+ 11
- 22
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/ParamFlowRuleController.java
View File
| @@ -21,18 +21,15 @@ import java.util.Optional; | |||||
| import java.util.concurrent.CompletableFuture; | import java.util.concurrent.CompletableFuture; | ||||
| import java.util.concurrent.ExecutionException; | import java.util.concurrent.ExecutionException; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.client.CommandNotFoundException; | import com.alibaba.csp.sentinel.dashboard.client.CommandNotFoundException; | ||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.discovery.AppManagement; | import com.alibaba.csp.sentinel.dashboard.discovery.AppManagement; | ||||
| import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; | import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | ||||
| import com.alibaba.csp.sentinel.slots.block.RuleConstant; | import com.alibaba.csp.sentinel.slots.block.RuleConstant; | ||||
| import com.alibaba.csp.sentinel.util.StringUtil; | import com.alibaba.csp.sentinel.util.StringUtil; | ||||
| import com.alibaba.csp.sentinel.dashboard.datasource.entity.SentinelVersion; | import com.alibaba.csp.sentinel.dashboard.datasource.entity.SentinelVersion; | ||||
| import com.alibaba.csp.sentinel.dashboard.datasource.entity.rule.ParamFlowRuleEntity; | import com.alibaba.csp.sentinel.dashboard.datasource.entity.rule.ParamFlowRuleEntity; | ||||
| import com.alibaba.csp.sentinel.dashboard.domain.Result; | import com.alibaba.csp.sentinel.dashboard.domain.Result; | ||||
| @@ -69,9 +66,6 @@ public class ParamFlowRuleController { | |||||
| @Autowired | @Autowired | ||||
| private RuleRepository<ParamFlowRuleEntity, Long> repository; | private RuleRepository<ParamFlowRuleEntity, Long> repository; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| private boolean checkIfSupported(String app, String ip, int port) { | private boolean checkIfSupported(String app, String ip, int port) { | ||||
| try { | try { | ||||
| return Optional.ofNullable(appManagement.getDetailApp(app)) | return Optional.ofNullable(appManagement.getDetailApp(app)) | ||||
| @@ -86,12 +80,10 @@ public class ParamFlowRuleController { | |||||
| } | } | ||||
| @GetMapping("/rules") | @GetMapping("/rules") | ||||
| public Result<List<ParamFlowRuleEntity>> apiQueryAllRulesForMachine(HttpServletRequest request, | |||||
| @RequestParam String app, | |||||
| @AuthAction(PrivilegeType.READ_RULE) | |||||
| public Result<List<ParamFlowRuleEntity>> apiQueryAllRulesForMachine(@RequestParam String app, | |||||
| @RequestParam String ip, | @RequestParam String ip, | ||||
| @RequestParam Integer port) { | @RequestParam Integer port) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.READ_RULE); | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app cannot be null or empty"); | return Result.ofFail(-1, "app cannot be null or empty"); | ||||
| } | } | ||||
| @@ -127,10 +119,8 @@ public class ParamFlowRuleController { | |||||
| } | } | ||||
| @PostMapping("/rule") | @PostMapping("/rule") | ||||
| public Result<ParamFlowRuleEntity> apiAddParamFlowRule(HttpServletRequest request, | |||||
| @RequestBody ParamFlowRuleEntity entity) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<ParamFlowRuleEntity> apiAddParamFlowRule(@RequestBody ParamFlowRuleEntity entity) { | |||||
| Result<ParamFlowRuleEntity> checkResult = checkEntityInternal(entity); | Result<ParamFlowRuleEntity> checkResult = checkEntityInternal(entity); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| return checkResult; | return checkResult; | ||||
| @@ -198,10 +188,9 @@ public class ParamFlowRuleController { | |||||
| } | } | ||||
| @PutMapping("/rule/{id}") | @PutMapping("/rule/{id}") | ||||
| public Result<ParamFlowRuleEntity> apiUpdateParamFlowRule(HttpServletRequest request, | |||||
| @PathVariable("id") Long id, | |||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<ParamFlowRuleEntity> apiUpdateParamFlowRule(@PathVariable("id") Long id, | |||||
| @RequestBody ParamFlowRuleEntity entity) { | @RequestBody ParamFlowRuleEntity entity) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| if (id == null || id <= 0) { | if (id == null || id <= 0) { | ||||
| return Result.ofFail(-1, "Invalid id"); | return Result.ofFail(-1, "Invalid id"); | ||||
| } | } | ||||
| @@ -209,7 +198,7 @@ public class ParamFlowRuleController { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofFail(-1, "id " + id + " does not exist"); | return Result.ofFail(-1, "id " + id + " does not exist"); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| Result<ParamFlowRuleEntity> checkResult = checkEntityInternal(entity); | Result<ParamFlowRuleEntity> checkResult = checkEntityInternal(entity); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| return checkResult; | return checkResult; | ||||
| @@ -239,8 +228,8 @@ public class ParamFlowRuleController { | |||||
| } | } | ||||
| @DeleteMapping("/rule/{id}") | @DeleteMapping("/rule/{id}") | ||||
| public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id") Long id) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.DELETE_RULE) | |||||
| public Result<Long> apiDeleteRule(@PathVariable("id") Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id cannot be null"); | return Result.ofFail(-1, "id cannot be null"); | ||||
| } | } | ||||
| @@ -248,7 +237,7 @@ public class ParamFlowRuleController { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| publishRules(oldEntity.getApp(), oldEntity.getIp(), oldEntity.getPort()).get(); | publishRules(oldEntity.getApp(), oldEntity.getIp(), oldEntity.getPort()).get(); | ||||
+ 11
- 21
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/SystemController.java
View File
| @@ -18,10 +18,7 @@ package com.alibaba.csp.sentinel.dashboard.controller; | |||||
| import java.util.Date; | import java.util.Date; | ||||
| import java.util.List; | import java.util.List; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | ||||
| import com.alibaba.csp.sentinel.dashboard.repository.rule.RuleRepository; | import com.alibaba.csp.sentinel.dashboard.repository.rule.RuleRepository; | ||||
| import com.alibaba.csp.sentinel.util.StringUtil; | import com.alibaba.csp.sentinel.util.StringUtil; | ||||
| @@ -51,8 +48,6 @@ public class SystemController { | |||||
| private RuleRepository<SystemRuleEntity, Long> repository; | private RuleRepository<SystemRuleEntity, Long> repository; | ||||
| @Autowired | @Autowired | ||||
| private SentinelApiClient sentinelApiClient; | private SentinelApiClient sentinelApiClient; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| private <R> Result<R> checkBasicParams(String app, String ip, Integer port) { | private <R> Result<R> checkBasicParams(String app, String ip, Integer port) { | ||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| @@ -71,11 +66,9 @@ public class SystemController { | |||||
| } | } | ||||
| @GetMapping("/rules.json") | @GetMapping("/rules.json") | ||||
| public Result<List<SystemRuleEntity>> apiQueryMachineRules(HttpServletRequest request, String app, String ip, | |||||
| @AuthAction(PrivilegeType.READ_RULE) | |||||
| public Result<List<SystemRuleEntity>> apiQueryMachineRules(String app, String ip, | |||||
| Integer port) { | Integer port) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.READ_RULE); | |||||
| Result<List<SystemRuleEntity>> checkResult = checkBasicParams(app, ip, port); | Result<List<SystemRuleEntity>> checkResult = checkBasicParams(app, ip, port); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| return checkResult; | return checkResult; | ||||
| @@ -101,11 +94,10 @@ public class SystemController { | |||||
| } | } | ||||
| @RequestMapping("/new.json") | @RequestMapping("/new.json") | ||||
| public Result<SystemRuleEntity> apiAdd(HttpServletRequest request, String app, String ip, Integer port, | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<SystemRuleEntity> apiAdd(String app, String ip, Integer port, | |||||
| Double highestSystemLoad, Double highestCpuUsage, Long avgRt, | Double highestSystemLoad, Double highestCpuUsage, Long avgRt, | ||||
| Long maxThread, Double qps) { | Long maxThread, Double qps) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.WRITE_RULE); | |||||
| Result<SystemRuleEntity> checkResult = checkBasicParams(app, ip, port); | Result<SystemRuleEntity> checkResult = checkBasicParams(app, ip, port); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| @@ -168,10 +160,9 @@ public class SystemController { | |||||
| } | } | ||||
| @GetMapping("/save.json") | @GetMapping("/save.json") | ||||
| public Result<SystemRuleEntity> apiUpdateIfNotNull(HttpServletRequest request, | |||||
| Long id, String app, Double highestSystemLoad, Double highestCpuUsage, | |||||
| Long avgRt, Long maxThread, Double qps) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.WRITE_RULE) | |||||
| public Result<SystemRuleEntity> apiUpdateIfNotNull(Long id, String app, Double highestSystemLoad, | |||||
| Double highestCpuUsage, Long avgRt, Long maxThread, Double qps) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -179,7 +170,7 @@ public class SystemController { | |||||
| if (entity == null) { | if (entity == null) { | ||||
| return Result.ofFail(-1, "id " + id + " dose not exist"); | return Result.ofFail(-1, "id " + id + " dose not exist"); | ||||
| } | } | ||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| if (StringUtil.isNotBlank(app)) { | if (StringUtil.isNotBlank(app)) { | ||||
| entity.setApp(app.trim()); | entity.setApp(app.trim()); | ||||
| } | } | ||||
| @@ -231,8 +222,8 @@ public class SystemController { | |||||
| } | } | ||||
| @RequestMapping("/delete.json") | @RequestMapping("/delete.json") | ||||
| public Result<?> delete(HttpServletRequest request, Long id) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.DELETE_RULE) | |||||
| public Result<?> delete(Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -240,7 +231,6 @@ public class SystemController { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| } catch (Throwable throwable) { | } catch (Throwable throwable) { | ||||
+ 8
- 18
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiController.java
View File
| @@ -15,6 +15,7 @@ | |||||
| */ | */ | ||||
| package com.alibaba.csp.sentinel.dashboard.controller.gateway; | package com.alibaba.csp.sentinel.dashboard.controller.gateway; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | ||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.ApiDefinitionEntity; | import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.ApiDefinitionEntity; | ||||
| @@ -55,13 +56,9 @@ public class GatewayApiController { | |||||
| @Autowired | @Autowired | ||||
| private SentinelApiClient sentinelApiClient; | private SentinelApiClient sentinelApiClient; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @GetMapping("/list.json") | @GetMapping("/list.json") | ||||
| public Result<List<ApiDefinitionEntity>> queryApis(HttpServletRequest request, String app, String ip, Integer port) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, AuthService.PrivilegeType.READ_RULE); | |||||
| @AuthAction(AuthService.PrivilegeType.READ_RULE) | |||||
| public Result<List<ApiDefinitionEntity>> queryApis(String app, String ip, Integer port) { | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| @@ -84,16 +81,14 @@ public class GatewayApiController { | |||||
| } | } | ||||
| @PostMapping("/new.json") | @PostMapping("/new.json") | ||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<ApiDefinitionEntity> addApi(HttpServletRequest request, @RequestBody AddApiReqVo reqVo) { | public Result<ApiDefinitionEntity> addApi(HttpServletRequest request, @RequestBody AddApiReqVo reqVo) { | ||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| String app = reqVo.getApp(); | String app = reqVo.getApp(); | ||||
| if (StringUtil.isBlank(app)) { | if (StringUtil.isBlank(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| } | } | ||||
| authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE); | |||||
| ApiDefinitionEntity entity = new ApiDefinitionEntity(); | ApiDefinitionEntity entity = new ApiDefinitionEntity(); | ||||
| entity.setApp(app.trim()); | entity.setApp(app.trim()); | ||||
| @@ -169,16 +164,13 @@ public class GatewayApiController { | |||||
| } | } | ||||
| @PostMapping("/save.json") | @PostMapping("/save.json") | ||||
| public Result<ApiDefinitionEntity> updateApi(HttpServletRequest request, @RequestBody UpdateApiReqVo reqVo) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<ApiDefinitionEntity> updateApi(@RequestBody UpdateApiReqVo reqVo) { | |||||
| String app = reqVo.getApp(); | String app = reqVo.getApp(); | ||||
| if (StringUtil.isBlank(app)) { | if (StringUtil.isBlank(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| } | } | ||||
| authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE); | |||||
| Long id = reqVo.getId(); | Long id = reqVo.getId(); | ||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| @@ -235,9 +227,9 @@ public class GatewayApiController { | |||||
| } | } | ||||
| @PostMapping("/delete.json") | @PostMapping("/delete.json") | ||||
| public Result<Long> deleteApi(HttpServletRequest request, Long id) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(AuthService.PrivilegeType.DELETE_RULE) | |||||
| public Result<Long> deleteApi(Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| } | } | ||||
| @@ -247,8 +239,6 @@ public class GatewayApiController { | |||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), AuthService.PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| } catch (Throwable throwable) { | } catch (Throwable throwable) { | ||||
+ 9
- 19
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleController.java
View File
| @@ -16,6 +16,7 @@ | |||||
| package com.alibaba.csp.sentinel.dashboard.controller.gateway; | package com.alibaba.csp.sentinel.dashboard.controller.gateway; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | ||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.GatewayFlowRuleEntity; | import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.GatewayFlowRuleEntity; | ||||
| @@ -32,7 +33,6 @@ import org.slf4j.LoggerFactory; | |||||
| import org.springframework.beans.factory.annotation.Autowired; | import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | import org.springframework.web.bind.annotation.*; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import java.util.Arrays; | import java.util.Arrays; | ||||
| import java.util.Date; | import java.util.Date; | ||||
| import java.util.List; | import java.util.List; | ||||
| @@ -59,13 +59,9 @@ public class GatewayFlowRuleController { | |||||
| @Autowired | @Autowired | ||||
| private SentinelApiClient sentinelApiClient; | private SentinelApiClient sentinelApiClient; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @GetMapping("/list.json") | @GetMapping("/list.json") | ||||
| public Result<List<GatewayFlowRuleEntity>> queryFlowRules(HttpServletRequest request, String app, String ip, Integer port) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, AuthService.PrivilegeType.READ_RULE); | |||||
| @AuthAction(AuthService.PrivilegeType.READ_RULE) | |||||
| public Result<List<GatewayFlowRuleEntity>> queryFlowRules(String app, String ip, Integer port) { | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| @@ -88,16 +84,14 @@ public class GatewayFlowRuleController { | |||||
| } | } | ||||
| @PostMapping("/new.json") | @PostMapping("/new.json") | ||||
| public Result<GatewayFlowRuleEntity> addFlowRule(HttpServletRequest request, @RequestBody AddFlowRuleReqVo reqVo) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<GatewayFlowRuleEntity> addFlowRule(@RequestBody AddFlowRuleReqVo reqVo) { | |||||
| String app = reqVo.getApp(); | String app = reqVo.getApp(); | ||||
| if (StringUtil.isBlank(app)) { | if (StringUtil.isBlank(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| } | } | ||||
| authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE); | |||||
| GatewayFlowRuleEntity entity = new GatewayFlowRuleEntity(); | GatewayFlowRuleEntity entity = new GatewayFlowRuleEntity(); | ||||
| entity.setApp(app.trim()); | entity.setApp(app.trim()); | ||||
| @@ -258,16 +252,14 @@ public class GatewayFlowRuleController { | |||||
| } | } | ||||
| @PostMapping("/save.json") | @PostMapping("/save.json") | ||||
| public Result<GatewayFlowRuleEntity> updateFlowRule(HttpServletRequest request, @RequestBody UpdateFlowRuleReqVo reqVo) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<GatewayFlowRuleEntity> updateFlowRule(@RequestBody UpdateFlowRuleReqVo reqVo) { | |||||
| String app = reqVo.getApp(); | String app = reqVo.getApp(); | ||||
| if (StringUtil.isBlank(app)) { | if (StringUtil.isBlank(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| } | } | ||||
| authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE); | |||||
| Long id = reqVo.getId(); | Long id = reqVo.getId(); | ||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| @@ -408,8 +400,8 @@ public class GatewayFlowRuleController { | |||||
| @PostMapping("/delete.json") | @PostMapping("/delete.json") | ||||
| public Result<Long> deleteFlowRule(HttpServletRequest request, Long id) { | |||||
| AuthService.AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(AuthService.PrivilegeType.DELETE_RULE) | |||||
| public Result<Long> deleteFlowRule(Long id) { | |||||
| if (id == null) { | if (id == null) { | ||||
| return Result.ofFail(-1, "id can't be null"); | return Result.ofFail(-1, "id can't be null"); | ||||
| @@ -420,8 +412,6 @@ public class GatewayFlowRuleController { | |||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), AuthService.PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| } catch (Throwable throwable) { | } catch (Throwable throwable) { | ||||
+ 11
- 19
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/v2/FlowControllerV2.java
View File
| @@ -18,10 +18,8 @@ package com.alibaba.csp.sentinel.dashboard.controller.v2; | |||||
| import java.util.Date; | import java.util.Date; | ||||
| import java.util.List; | import java.util.List; | ||||
| import javax.servlet.http.HttpServletRequest; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthAction; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType; | ||||
| import com.alibaba.csp.sentinel.util.StringUtil; | import com.alibaba.csp.sentinel.util.StringUtil; | ||||
| @@ -67,13 +65,9 @@ public class FlowControllerV2 { | |||||
| @Qualifier("flowRuleDefaultPublisher") | @Qualifier("flowRuleDefaultPublisher") | ||||
| private DynamicRulePublisher<List<FlowRuleEntity>> rulePublisher; | private DynamicRulePublisher<List<FlowRuleEntity>> rulePublisher; | ||||
| @Autowired | |||||
| private AuthService<HttpServletRequest> authService; | |||||
| @GetMapping("/rules") | @GetMapping("/rules") | ||||
| public Result<List<FlowRuleEntity>> apiQueryMachineRules(HttpServletRequest request, @RequestParam String app) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(app, PrivilegeType.READ_RULE); | |||||
| @AuthAction(PrivilegeType.READ_RULE) | |||||
| public Result<List<FlowRuleEntity>> apiQueryMachineRules(@RequestParam String app) { | |||||
| if (StringUtil.isEmpty(app)) { | if (StringUtil.isEmpty(app)) { | ||||
| return Result.ofFail(-1, "app can't be null or empty"); | return Result.ofFail(-1, "app can't be null or empty"); | ||||
| @@ -141,9 +135,8 @@ public class FlowControllerV2 { | |||||
| } | } | ||||
| @PostMapping("/rule") | @PostMapping("/rule") | ||||
| public Result<FlowRuleEntity> apiAddFlowRule(HttpServletRequest request, @RequestBody FlowRuleEntity entity) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| @AuthAction(value = AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<FlowRuleEntity> apiAddFlowRule(@RequestBody FlowRuleEntity entity) { | |||||
| Result<FlowRuleEntity> checkResult = checkEntityInternal(entity); | Result<FlowRuleEntity> checkResult = checkEntityInternal(entity); | ||||
| if (checkResult != null) { | if (checkResult != null) { | ||||
| @@ -166,10 +159,10 @@ public class FlowControllerV2 { | |||||
| } | } | ||||
| @PutMapping("/rule/{id}") | @PutMapping("/rule/{id}") | ||||
| public Result<FlowRuleEntity> apiUpdateFlowRule(HttpServletRequest request, | |||||
| @PathVariable("id") Long id, | |||||
| @AuthAction(AuthService.PrivilegeType.WRITE_RULE) | |||||
| public Result<FlowRuleEntity> apiUpdateFlowRule(@PathVariable("id") Long id, | |||||
| @RequestBody FlowRuleEntity entity) { | @RequestBody FlowRuleEntity entity) { | ||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| if (id == null || id <= 0) { | if (id == null || id <= 0) { | ||||
| return Result.ofFail(-1, "Invalid id"); | return Result.ofFail(-1, "Invalid id"); | ||||
| } | } | ||||
| @@ -180,7 +173,6 @@ public class FlowControllerV2 { | |||||
| if (entity == null) { | if (entity == null) { | ||||
| return Result.ofFail(-1, "invalid body"); | return Result.ofFail(-1, "invalid body"); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.WRITE_RULE); | |||||
| entity.setApp(oldEntity.getApp()); | entity.setApp(oldEntity.getApp()); | ||||
| entity.setIp(oldEntity.getIp()); | entity.setIp(oldEntity.getIp()); | ||||
| @@ -208,8 +200,8 @@ public class FlowControllerV2 { | |||||
| } | } | ||||
| @DeleteMapping("/rule/{id}") | @DeleteMapping("/rule/{id}") | ||||
| public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id") Long id) { | |||||
| AuthUser authUser = authService.getAuthUser(request); | |||||
| @AuthAction(PrivilegeType.DELETE_RULE) | |||||
| public Result<Long> apiDeleteRule(@PathVariable("id") Long id) { | |||||
| if (id == null || id <= 0) { | if (id == null || id <= 0) { | ||||
| return Result.ofFail(-1, "Invalid id"); | return Result.ofFail(-1, "Invalid id"); | ||||
| } | } | ||||
| @@ -217,7 +209,7 @@ public class FlowControllerV2 { | |||||
| if (oldEntity == null) { | if (oldEntity == null) { | ||||
| return Result.ofSuccess(null); | return Result.ofSuccess(null); | ||||
| } | } | ||||
| authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE); | |||||
| try { | try { | ||||
| repository.delete(id); | repository.delete(id); | ||||
| publishRules(oldEntity.getApp()); | publishRules(oldEntity.getApp()); | ||||
+ 2
- 1
sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiControllerTest.java
View File
| @@ -15,6 +15,7 @@ | |||||
| */ | */ | ||||
| package com.alibaba.csp.sentinel.dashboard.controller.gateway; | package com.alibaba.csp.sentinel.dashboard.controller.gateway; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthInterceptor; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.FakeAuthServiceImpl; | import com.alibaba.csp.sentinel.dashboard.auth.FakeAuthServiceImpl; | ||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.ApiDefinitionEntity; | import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.ApiDefinitionEntity; | ||||
| @@ -60,7 +61,7 @@ import static org.mockito.BDDMockito.*; | |||||
| */ | */ | ||||
| @RunWith(SpringRunner.class) | @RunWith(SpringRunner.class) | ||||
| @WebMvcTest(GatewayApiController.class) | @WebMvcTest(GatewayApiController.class) | ||||
| @Import({FakeAuthServiceImpl.class, InMemApiDefinitionStore.class, AppManagement.class, SimpleMachineDiscovery.class}) | |||||
| @Import({FakeAuthServiceImpl.class, InMemApiDefinitionStore.class, AppManagement.class, SimpleMachineDiscovery.class, AuthInterceptor.class}) | |||||
| public class GatewayApiControllerTest { | public class GatewayApiControllerTest { | ||||
| private static final String TEST_APP = "test_app"; | private static final String TEST_APP = "test_app"; | ||||
+ 3
- 1
sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleControllerTest.java
View File
| @@ -15,6 +15,7 @@ | |||||
| */ | */ | ||||
| package com.alibaba.csp.sentinel.dashboard.controller.gateway; | package com.alibaba.csp.sentinel.dashboard.controller.gateway; | ||||
| import com.alibaba.csp.sentinel.dashboard.auth.AuthInterceptor; | |||||
| import com.alibaba.csp.sentinel.dashboard.auth.FakeAuthServiceImpl; | import com.alibaba.csp.sentinel.dashboard.auth.FakeAuthServiceImpl; | ||||
| import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient; | ||||
| import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.GatewayFlowRuleEntity; | import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.GatewayFlowRuleEntity; | ||||
| @@ -63,7 +64,8 @@ import static org.mockito.BDDMockito.*; | |||||
| */ | */ | ||||
| @RunWith(SpringRunner.class) | @RunWith(SpringRunner.class) | ||||
| @WebMvcTest(GatewayFlowRuleController.class) | @WebMvcTest(GatewayFlowRuleController.class) | ||||
| @Import({FakeAuthServiceImpl.class, InMemGatewayFlowRuleStore.class, AppManagement.class, SimpleMachineDiscovery.class}) | |||||
| @Import({FakeAuthServiceImpl.class, InMemGatewayFlowRuleStore.class, AppManagement.class, SimpleMachineDiscovery.class, | |||||
| AuthInterceptor.class }) | |||||
| public class GatewayFlowRuleControllerTest { | public class GatewayFlowRuleControllerTest { | ||||
| private static final String TEST_APP = "test_app"; | private static final String TEST_APP = "test_app"; | ||||
Loading…