Merge pull request #8 from agorapulse/feature/better-security-advisor…

…-display-names

moved advisors to separate classes for better feedback

libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java

@@ -0,0 +1,52 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright 2020 Agorapulse.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.agorapulse.micronaut.console.advisors;
+
+import com.agorapulse.micronaut.console.ConsoleConfiguration;
+import com.agorapulse.micronaut.console.Script;
+import com.agorapulse.micronaut.console.SecurityAdvisor;
+import io.micronaut.context.annotation.Requires;
+
+import javax.inject.Singleton;
+
+@Singleton
+@Requires(property = "console.addresses")
+public class AddressAdvisor implements SecurityAdvisor {
+
+    private final ConsoleConfiguration configuration;
+
+    public AddressAdvisor(ConsoleConfiguration configuration) {
+        this.configuration = configuration;
+    }
+
+    @Override
+    public boolean isExecutionAllowed(Script script) {
+        if (script.getUser() == null || script.getUser().getAddress() == null) {
+            // address must be known
+            return false;
+        }
+        return configuration.getAddresses().contains(script.getUser().getAddress());
+    }
+
+    @Override
+    public String toString() {
+        return "Address advisor for addresses " + String.join(", ", configuration.getAddresses());
+    }
+
+}
+

libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java

@@ -0,0 +1,60 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright 2020 Agorapulse.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.agorapulse.micronaut.console.advisors;
+
+import com.agorapulse.micronaut.console.ConsoleConfiguration;
+import com.agorapulse.micronaut.console.Script;
+import com.agorapulse.micronaut.console.SecurityAdvisor;
+import io.micronaut.context.ApplicationContext;
+import io.micronaut.context.env.Environment;
+
+import javax.inject.Singleton;
+
+@Singleton
+public class CloudAdvisor implements SecurityAdvisor {
+
+    private final ConsoleConfiguration configuration;
+    private final ApplicationContext context;
+
+    public CloudAdvisor(ConsoleConfiguration configuration, ApplicationContext context) {
+        this.configuration = configuration;
+        this.context = context;
+    }
+
+    @Override
+    public boolean isExecutionAllowed(Script script) {
+        if (configuration.isEnabled()) {
+            return true;
+        }
+
+        // functions has their own security checks
+        if (context.getEnvironment().getActiveNames().contains(Environment.FUNCTION)) {
+            return true;
+        }
+
+        // disable by default for the cloud environment (deployed apps)
+        return !context.getEnvironment().getActiveNames().contains(Environment.CLOUD);
+    }
+
+    @Override
+    public String toString() {
+        return "Cloud advisor for environments " + String.join(", ", context.getEnvironment().getActiveNames()) + ", enabled = " + configuration.isEnabled();
+    }
+
+}
+

libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java

@@ -0,0 +1,49 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright 2020 Agorapulse.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.agorapulse.micronaut.console.advisors;
+
+import com.agorapulse.micronaut.console.ConsoleConfiguration;
+import com.agorapulse.micronaut.console.Script;
+import com.agorapulse.micronaut.console.SecurityAdvisor;
+import io.micronaut.context.annotation.Requires;
+
+import javax.inject.Singleton;
+import java.time.Instant;
+
+@Singleton
+@Requires(property = "console.until")
+public class UntilAdvisor implements SecurityAdvisor {
+
+    private final ConsoleConfiguration configuration;
+
+    public UntilAdvisor(ConsoleConfiguration configuration) {
+        this.configuration = configuration;
+    }
+
+    @Override
+    public boolean isExecutionAllowed(Script script) {
+        return Instant.now().isBefore(configuration.convertUntil());
+    }
+
+    @Override
+    public String toString() {
+        return "Until advisor for date before " + configuration.convertUntil();
+    }
+
+}
+

libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java

@@ -0,0 +1,52 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright 2020 Agorapulse.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.agorapulse.micronaut.console.advisors;
+
+import com.agorapulse.micronaut.console.ConsoleConfiguration;
+import com.agorapulse.micronaut.console.Script;
+import com.agorapulse.micronaut.console.SecurityAdvisor;
+import io.micronaut.context.annotation.Requires;
+
+import javax.inject.Singleton;
+
+@Singleton
+@Requires(property = "console.users")
+public class UsersAdvisor implements SecurityAdvisor {
+
+    private final ConsoleConfiguration configuration;
+
+    public UsersAdvisor(ConsoleConfiguration configuration) {
+        this.configuration = configuration;
+    }
+
+    @Override
+    public boolean isExecutionAllowed(Script script) {
+        if (script.getUser() == null || script.getUser().getId() == null) {
+            // id must be known
+            return false;
+        }
+        return configuration.getUsers().contains(script.getUser().getId());
+    }
+
+    @Override
+    public String toString() {
+        return "Users advisor for user IDs " + String.join(", ", configuration.getUsers());
+    }
+
+}
+