From c90bbe97cf524b6757bf5b9a7882405c5f855bab Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Thu, 24 Aug 2023 00:00:51 +0800 Subject: [PATCH 1/7] white api --- .../api/filter/AuthenticationFilter.java | 63 +++++-- .../hugegraph/api/profile/WhiteIpAPI.java | 154 ++++++++++++++++++ .../hugegraph/config/ServerOptions.java | 8 + .../apache/hugegraph/auth/AuthManager.java | 8 + .../hugegraph/auth/StandardAuthManager.java | 45 ++++- 5 files changed, 252 insertions(+), 26 deletions(-) create mode 100644 hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java index f534a0ac9a..e81741b14a 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java @@ -23,36 +23,38 @@ import java.util.List; import java.util.Map; -import jakarta.annotation.Priority; -import jakarta.ws.rs.BadRequestException; -import jakarta.ws.rs.NotAuthorizedException; -import jakarta.ws.rs.Priorities; -import jakarta.ws.rs.container.ContainerRequestContext; -import jakarta.ws.rs.container.ContainerRequestFilter; -import jakarta.ws.rs.container.PreMatching; -import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.SecurityContext; -import jakarta.ws.rs.core.UriInfo; -import jakarta.ws.rs.ext.Provider; import javax.xml.bind.DatatypeConverter; import org.apache.commons.lang3.StringUtils; -import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException; -import org.glassfish.grizzly.http.server.Request; -import org.glassfish.grizzly.utils.Charsets; -import org.slf4j.Logger; - import org.apache.hugegraph.auth.HugeAuthenticator; import org.apache.hugegraph.auth.HugeAuthenticator.RequiredPerm; import org.apache.hugegraph.auth.HugeAuthenticator.RolePerm; import org.apache.hugegraph.auth.HugeAuthenticator.User; import org.apache.hugegraph.auth.RolePermission; +import org.apache.hugegraph.config.HugeConfig; import org.apache.hugegraph.core.GraphManager; import org.apache.hugegraph.util.E; import org.apache.hugegraph.util.Log; +import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException; +import org.glassfish.grizzly.http.server.Request; +import org.glassfish.grizzly.utils.Charsets; +import org.slf4j.Logger; + import com.google.common.collect.ImmutableList; +import jakarta.annotation.Priority; +import jakarta.ws.rs.BadRequestException; +import jakarta.ws.rs.NotAuthorizedException; +import jakarta.ws.rs.Priorities; +import jakarta.ws.rs.container.ContainerRequestContext; +import jakarta.ws.rs.container.ContainerRequestFilter; +import jakarta.ws.rs.container.PreMatching; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.SecurityContext; +import jakarta.ws.rs.core.UriInfo; +import jakarta.ws.rs.ext.Provider; + @Provider @PreMatching @Priority(Priorities.AUTHENTICATION) @@ -68,12 +70,19 @@ public class AuthenticationFilter implements ContainerRequestFilter { "versions" ); + private static String whiteIpStatus; + + private static String STRING_WHITE_IP_LIST = "whiteiplist"; + @Context private jakarta.inject.Provider managerProvider; @Context private jakarta.inject.Provider requestProvider; + @Context + private jakarta.inject.Provider configProvider; + @Override public void filter(ContainerRequestContext context) throws IOException { if (AuthenticationFilter.isWhiteAPI(context)) { @@ -102,6 +111,26 @@ protected User authenticate(ContainerRequestContext context) { path = request.getRequestURI(); } + //if (whiteIpStatus == null) { + // whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS); + //} + // + //if (Objects.equals(whiteIpStatus, "enable") && request != null) { + // peer = request.getRemoteAddr() + ":" + request.getRemotePort(); + // path = request.getRequestURI(); + // + // // check white ip + // String remoteIp = request.getRemoteAddr(); + // List whiteIpList = manager.authManager().listWhiteIp(); + // boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); + // if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && + // !whiteIpList.contains(remoteIp)) { + // throw new ForbiddenException( + // String.format("Remote ip '%s' is not permitted", + // remoteIp)); + // } + //} + Map credentials = new HashMap<>(); // Extract authentication credentials String auth = context.getHeaderString(HttpHeaders.AUTHORIZATION); diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java new file mode 100644 index 0000000000..c8d68abc18 --- /dev/null +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java @@ -0,0 +1,154 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ + +package org.apache.hugegraph.api.profile; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.apache.hugegraph.api.API; +import org.apache.hugegraph.api.filter.StatusFilter; +import org.apache.hugegraph.auth.AuthManager; +import org.apache.hugegraph.core.GraphManager; +import org.apache.hugegraph.server.RestServer; +import org.apache.hugegraph.util.E; +import org.apache.hugegraph.util.Log; +import org.slf4j.Logger; + +import com.codahale.metrics.annotation.Timed; +import com.google.common.collect.ImmutableMap; + +import jakarta.annotation.security.RolesAllowed; +import jakarta.inject.Singleton; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.GET; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.PUT; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; +import jakarta.ws.rs.QueryParam; +import jakarta.ws.rs.core.Context; + +@Path("whiteiplist") +@Singleton +public class WhiteIpAPI extends API { + + private static final Logger LOG = Log.logger(RestServer.class); + + @GET + @Timed + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed("admin") + public Map list(@Context GraphManager manager) { + LOG.debug("List white ips"); + AuthManager authManager = manager.authManager(); + List whiteIpList = authManager.listWhiteIp(); + return ImmutableMap.of("whiteIpList", whiteIpList); + } + + @POST + @Timed + @StatusFilter.Status(StatusFilter.Status.ACCEPTED) + @Consumes(APPLICATION_JSON) + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed("admin") + public Map batch(@Context GraphManager manager, + Map actionMap) { + E.checkArgument(actionMap != null, + "Missing argument: actionMap"); + List whiteIpList = manager.authManager().listWhiteIp(); + List ipList = (List) actionMap.get("ips"); + Object value = actionMap.get("action"); + E.checkArgument(value != null, + "Missing argument: action"); + E.checkArgument(value instanceof String, + "Invalid action type '%s', must be string", + value.getClass()); + String action = (String) value; + E.checkArgument(StringUtils.isNotEmpty(action), + "Missing argument: action"); + List existed = new ArrayList<>(); + List loaded = new ArrayList<>(); + List illegalIps = new ArrayList<>(); + Map result = new HashMap<>(); + for (String ip : ipList) { + if (whiteIpList.contains(ip)) { + existed.add(ip); + continue; + } + if ("load".equals(action)) { + boolean rightIp = checkIp(ip) ? loaded.add(ip) : illegalIps.add(ip); + } + } + switch (action) { + case "load": + LOG.debug("Load to white ip list"); + result.put("existed", existed); + result.put("loaded", loaded); + if (!illegalIps.isEmpty()) { + result.put("illegalIps", illegalIps); + } + whiteIpList.addAll(loaded); + break; + case "remove": + LOG.debug("Remove from white ip list"); + result.put("removed", existed); + result.put("nonexistent", loaded); + whiteIpList.removeAll(existed); + break; + default: + throw new AssertionError(String.format("Invalid action '%s', " + + "supported action is " + + "'load' or 'remove'", + action)); + } + manager.authManager().setWhiteIpList(whiteIpList); + return result; + } + + @PUT + @Timed + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed("admin") + public Map update(@Context GraphManager manager, + @QueryParam("status") String status) { + LOG.debug("Enable or disable white ip list"); + E.checkArgument("true".equals(status) || + "false".equals(status), + "Invalid status, valid status is 'true' or 'false'"); + boolean open = Boolean.parseBoolean(status); + manager.authManager().setWhiteIpStatus(open); + Map map = new HashMap<>(); + map.put("WhiteIpListOpen", open); + return map; + } + + private boolean checkIp(String ipStr) { + String ip = "^(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[1-9])\\." + + "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)\\." + + "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)\\." + + "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)$"; + Pattern pattern = Pattern.compile(ip); + Matcher matcher = pattern.matcher(ipStr); + return matcher.matches(); + } +} diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java b/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java index 95a53faa39..6e41ae87c0 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java @@ -264,4 +264,12 @@ public static synchronized ServerOptions instance() { disallowEmpty(), true ); + + public static final ConfigOption WHITE_IP_STATUS = + new ConfigOption<>( + "white_ip.status", + "The status of whether enable white ip.", + disallowEmpty(), + "disable" + ); } diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java index 2dba7c7a15..16f133d582 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java @@ -126,4 +126,12 @@ public interface AuthManager { UserWithRole validateUser(String username, String password); UserWithRole validateUser(String token); + + public List listWhiteIp(); + + public void setWhiteIpList(List whiteIpList); + + public boolean getWhiteIpStatus(); + + public void setWhiteIpStatus(boolean status); } diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index 910f19cdc5..d71cfbd000 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -27,31 +27,30 @@ import javax.security.sasl.AuthenticationException; -import jakarta.ws.rs.ForbiddenException; - import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.apache.hugegraph.HugeException; +import org.apache.hugegraph.HugeGraphParams; +import org.apache.hugegraph.auth.HugeUser.P; +import org.apache.hugegraph.auth.SchemaDefine.AuthElement; import org.apache.hugegraph.backend.cache.Cache; import org.apache.hugegraph.backend.cache.CacheManager; import org.apache.hugegraph.backend.id.Id; import org.apache.hugegraph.backend.id.IdGenerator; import org.apache.hugegraph.config.AuthOptions; +import org.apache.hugegraph.config.HugeConfig; import org.apache.hugegraph.type.define.Directions; +import org.apache.hugegraph.util.E; import org.apache.hugegraph.util.LockUtil; +import org.apache.hugegraph.util.Log; import org.apache.hugegraph.util.StringEncoding; import org.slf4j.Logger; -import org.apache.hugegraph.HugeException; -import org.apache.hugegraph.HugeGraphParams; -import org.apache.hugegraph.auth.HugeUser.P; -import org.apache.hugegraph.auth.SchemaDefine.AuthElement; -import org.apache.hugegraph.config.HugeConfig; -import org.apache.hugegraph.util.E; -import org.apache.hugegraph.util.Log; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import io.jsonwebtoken.Claims; +import jakarta.ws.rs.ForbiddenException; public class StandardAuthManager implements AuthManager { @@ -77,6 +76,10 @@ public class StandardAuthManager implements AuthManager { private final TokenGenerator tokenGenerator; private final long tokenExpire; + private List ipWhiteList; + + private Boolean whiteIpStatus; + public StandardAuthManager(HugeGraphParams graph) { E.checkNotNull(graph, "graph"); HugeConfig config = graph.configuration(); @@ -104,6 +107,10 @@ public StandardAuthManager(HugeGraphParams graph) { HugeAccess::fromEdge); this.tokenGenerator = new TokenGenerator(config); + + this.ipWhiteList = new ArrayList<>(); + + this.whiteIpStatus = false; } private Cache cache(String prefix, long capacity, @@ -689,6 +696,26 @@ public UserWithRole validateUser(String token) { return new UserWithRole(user.id(), username, this.rolePermission(user)); } + @Override + public List listWhiteIp() { + return ipWhiteList; + } + + @Override + public void setWhiteIpList(List ipWhiteList) { + this.ipWhiteList = ipWhiteList; + } + + @Override + public boolean getWhiteIpStatus() { + return this.whiteIpStatus; + } + + @Override + public void setWhiteIpStatus(boolean status) { + this.whiteIpStatus = status; + } + /** * Maybe can define an proxy class to choose forward or call local */ From 03583fa5c03d4b72aa350ee1bf0abacb7b797237 Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Sat, 26 Aug 2023 18:28:44 +0800 Subject: [PATCH 2/7] feat:white api when choose auth mode --- .../api/filter/AuthenticationFilter.java | 47 ++++++++++--------- .../hugegraph/api/profile/WhiteIpAPI.java | 7 ++- .../hugegraph/auth/HugeGraphAuthProxy.java | 20 ++++++++ .../apache/hugegraph/auth/AuthManager.java | 8 ++-- 4 files changed, 55 insertions(+), 27 deletions(-) diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java index e81741b14a..b3c5581a4d 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java @@ -17,15 +17,17 @@ package org.apache.hugegraph.api.filter; +import static org.apache.hugegraph.config.ServerOptions.WHITE_IP_STATUS; + import java.io.IOException; import java.security.Principal; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Objects; import javax.xml.bind.DatatypeConverter; -import org.apache.commons.lang3.StringUtils; import org.apache.hugegraph.auth.HugeAuthenticator; import org.apache.hugegraph.auth.HugeAuthenticator.RequiredPerm; import org.apache.hugegraph.auth.HugeAuthenticator.RolePerm; @@ -40,10 +42,12 @@ import org.glassfish.grizzly.utils.Charsets; import org.slf4j.Logger; +import com.alipay.remoting.util.StringUtils; import com.google.common.collect.ImmutableList; import jakarta.annotation.Priority; import jakarta.ws.rs.BadRequestException; +import jakarta.ws.rs.ForbiddenException; import jakarta.ws.rs.NotAuthorizedException; import jakarta.ws.rs.Priorities; import jakarta.ws.rs.container.ContainerRequestContext; @@ -72,7 +76,8 @@ public class AuthenticationFilter implements ContainerRequestFilter { private static String whiteIpStatus; - private static String STRING_WHITE_IP_LIST = "whiteiplist"; + private static final String STRING_WHITE_IP_LIST = "whiteiplist"; + private static final String STRING_ENABLE = "enable"; @Context private jakarta.inject.Provider managerProvider; @@ -111,25 +116,25 @@ protected User authenticate(ContainerRequestContext context) { path = request.getRequestURI(); } - //if (whiteIpStatus == null) { - // whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS); - //} - // - //if (Objects.equals(whiteIpStatus, "enable") && request != null) { - // peer = request.getRemoteAddr() + ":" + request.getRemotePort(); - // path = request.getRequestURI(); - // - // // check white ip - // String remoteIp = request.getRemoteAddr(); - // List whiteIpList = manager.authManager().listWhiteIp(); - // boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); - // if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && - // !whiteIpList.contains(remoteIp)) { - // throw new ForbiddenException( - // String.format("Remote ip '%s' is not permitted", - // remoteIp)); - // } - //} + // Check whiteIp + if (whiteIpStatus == null) { + whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS); + } + + if (Objects.equals(whiteIpStatus, STRING_ENABLE) && request != null) { + peer = request.getRemoteAddr() + ":" + request.getRemotePort(); + path = request.getRequestURI(); + + String remoteIp = request.getRemoteAddr(); + List whiteIpList = manager.authManager().listWhiteIp(); + boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); + if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && + !whiteIpList.contains(remoteIp)) { + throw new ForbiddenException( + String.format("Remote ip '%s' is not permitted", + remoteIp)); + } + } Map credentials = new HashMap<>(); // Extract authentication credentials diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java index c8d68abc18..ce81bb971b 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java @@ -74,9 +74,12 @@ public Map list(@Context GraphManager manager) { public Map batch(@Context GraphManager manager, Map actionMap) { E.checkArgument(actionMap != null, - "Missing argument: actionMap"); + "Missing argument: actionMap"); List whiteIpList = manager.authManager().listWhiteIp(); - List ipList = (List) actionMap.get("ips"); + Object ips = actionMap.get("ips"); + E.checkArgument(ips instanceof List, + "Invalid ips type '%s', must be list", ips.getClass()); + List ipList = (List) ips; Object value = actionMap.get("action"); E.checkArgument(value != null, "Missing argument: action"); diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java index 04cfac30d7..c0ce6dbdfa 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java @@ -1568,6 +1568,26 @@ public UserWithRole validateUser(String token) { } } + @Override + public List listWhiteIp() { + return this.authManager.listWhiteIp(); + } + + @Override + public void setWhiteIpList(List whiteIpList) { + this.authManager.setWhiteIpList(whiteIpList); + } + + @Override + public boolean getWhiteIpStatus() { + return this.authManager.getWhiteIpStatus(); + } + + @Override + public void setWhiteIpStatus(boolean status) { + this.authManager.setWhiteIpStatus(status); + } + @Override public String loginUser(String username, String password) { try { diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java index 16f133d582..736747750e 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java @@ -127,11 +127,11 @@ public interface AuthManager { UserWithRole validateUser(String token); - public List listWhiteIp(); + List listWhiteIp(); - public void setWhiteIpList(List whiteIpList); + void setWhiteIpList(List whiteIpList); - public boolean getWhiteIpStatus(); + boolean getWhiteIpStatus(); - public void setWhiteIpStatus(boolean status); + void setWhiteIpStatus(boolean status); } From 2b04f68d8316ab64218e1d03b786f2807a6369d3 Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Thu, 21 Sep 2023 00:00:47 +0800 Subject: [PATCH 3/7] better code --- .../api/filter/AuthenticationFilter.java | 2 +- .../{WhiteIpAPI.java => WhiteIpListAPI.java} | 58 +++++++++---------- .../hugegraph/auth/HugeGraphAuthProxy.java | 12 ++-- .../apache/hugegraph/auth/AuthManager.java | 6 +- .../hugegraph/auth/StandardAuthManager.java | 14 ++--- 5 files changed, 46 insertions(+), 46 deletions(-) rename hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/{WhiteIpAPI.java => WhiteIpListAPI.java} (76%) diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java index b3c5581a4d..094debd139 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java @@ -126,7 +126,7 @@ protected User authenticate(ContainerRequestContext context) { path = request.getRequestURI(); String remoteIp = request.getRemoteAddr(); - List whiteIpList = manager.authManager().listWhiteIp(); + List whiteIpList = manager.authManager().listWhiteIPs(); boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && !whiteIpList.contains(remoteIp)) { diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java similarity index 76% rename from hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java rename to hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java index ce81bb971b..901b7a5aad 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpAPI.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java @@ -50,7 +50,7 @@ @Path("whiteiplist") @Singleton -public class WhiteIpAPI extends API { +public class WhiteIpListAPI extends API { private static final Logger LOG = Log.logger(RestServer.class); @@ -61,7 +61,7 @@ public class WhiteIpAPI extends API { public Map list(@Context GraphManager manager) { LOG.debug("List white ips"); AuthManager authManager = manager.authManager(); - List whiteIpList = authManager.listWhiteIp(); + List whiteIpList = authManager.listWhiteIPs(); return ImmutableMap.of("whiteIpList", whiteIpList); } @@ -71,52 +71,52 @@ public Map list(@Context GraphManager manager) { @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) @RolesAllowed("admin") - public Map batch(@Context GraphManager manager, + public Map updateWhiteIPs(@Context GraphManager manager, Map actionMap) { E.checkArgument(actionMap != null, "Missing argument: actionMap"); - List whiteIpList = manager.authManager().listWhiteIp(); - Object ips = actionMap.get("ips"); - E.checkArgument(ips instanceof List, - "Invalid ips type '%s', must be list", ips.getClass()); - List ipList = (List) ips; - Object value = actionMap.get("action"); - E.checkArgument(value != null, + List whiteIpList = manager.authManager().listWhiteIPs(); + Object ipListRaw = actionMap.get("ips"); + E.checkArgument(ipListRaw instanceof List, + "Invalid ips type '%s', must be list", ipListRaw.getClass()); + List ipList = (List) ipListRaw; + Object actionRaw = actionMap.get("action"); + E.checkArgument(actionRaw != null, "Missing argument: action"); - E.checkArgument(value instanceof String, + E.checkArgument(actionRaw instanceof String, "Invalid action type '%s', must be string", - value.getClass()); - String action = (String) value; + actionRaw.getClass()); + String action = (String) actionRaw; E.checkArgument(StringUtils.isNotEmpty(action), "Missing argument: action"); - List existed = new ArrayList<>(); - List loaded = new ArrayList<>(); - List illegalIps = new ArrayList<>(); + List existedIPs = new ArrayList<>(); + List loadedIPs = new ArrayList<>(); + List illegalIPs = new ArrayList<>(); Map result = new HashMap<>(); for (String ip : ipList) { if (whiteIpList.contains(ip)) { - existed.add(ip); + existedIPs.add(ip); continue; } if ("load".equals(action)) { - boolean rightIp = checkIp(ip) ? loaded.add(ip) : illegalIps.add(ip); + boolean rightIp = checkIp(ip) ? loadedIPs.add(ip) : illegalIPs.add(ip); } } switch (action) { case "load": LOG.debug("Load to white ip list"); - result.put("existed", existed); - result.put("loaded", loaded); - if (!illegalIps.isEmpty()) { - result.put("illegalIps", illegalIps); + result.put("existed_ips", existedIPs); + result.put("loaded_ips", loadedIPs); + if (!illegalIPs.isEmpty()) { + result.put("illegal_ips", illegalIPs); } - whiteIpList.addAll(loaded); + whiteIpList.addAll(loadedIPs); break; case "remove": LOG.debug("Remove from white ip list"); - result.put("removed", existed); - result.put("nonexistent", loaded); - whiteIpList.removeAll(existed); + result.put("removed", existedIPs); + result.put("nonexistent", loadedIPs); + whiteIpList.removeAll(existedIPs); break; default: throw new AssertionError(String.format("Invalid action '%s', " + @@ -124,7 +124,7 @@ public Map batch(@Context GraphManager manager, "'load' or 'remove'", action)); } - manager.authManager().setWhiteIpList(whiteIpList); + manager.authManager().setWhiteIPs(whiteIpList); return result; } @@ -132,14 +132,14 @@ public Map batch(@Context GraphManager manager, @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) @RolesAllowed("admin") - public Map update(@Context GraphManager manager, + public Map updateStatus(@Context GraphManager manager, @QueryParam("status") String status) { LOG.debug("Enable or disable white ip list"); E.checkArgument("true".equals(status) || "false".equals(status), "Invalid status, valid status is 'true' or 'false'"); boolean open = Boolean.parseBoolean(status); - manager.authManager().setWhiteIpStatus(open); + manager.authManager().enabledWhiteIpList(open); Map map = new HashMap<>(); map.put("WhiteIpListOpen", open); return map; diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java index c0ce6dbdfa..b418ef49e6 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java @@ -1569,13 +1569,13 @@ public UserWithRole validateUser(String token) { } @Override - public List listWhiteIp() { - return this.authManager.listWhiteIp(); + public List listWhiteIPs() { + return this.authManager.listWhiteIPs(); } @Override - public void setWhiteIpList(List whiteIpList) { - this.authManager.setWhiteIpList(whiteIpList); + public void setWhiteIPs(List whiteIpList) { + this.authManager.setWhiteIPs(whiteIpList); } @Override @@ -1584,8 +1584,8 @@ public boolean getWhiteIpStatus() { } @Override - public void setWhiteIpStatus(boolean status) { - this.authManager.setWhiteIpStatus(status); + public void enabledWhiteIpList(boolean status) { + this.authManager.enabledWhiteIpList(status); } @Override diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java index 736747750e..c744900f64 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java @@ -127,11 +127,11 @@ public interface AuthManager { UserWithRole validateUser(String token); - List listWhiteIp(); + List listWhiteIPs(); - void setWhiteIpList(List whiteIpList); + void setWhiteIPs(List whiteIpList); boolean getWhiteIpStatus(); - void setWhiteIpStatus(boolean status); + void enabledWhiteIpList(boolean status); } diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index d71cfbd000..05d8a698fa 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -78,7 +78,7 @@ public class StandardAuthManager implements AuthManager { private List ipWhiteList; - private Boolean whiteIpStatus; + private Boolean ipWhiteListEnabled; public StandardAuthManager(HugeGraphParams graph) { E.checkNotNull(graph, "graph"); @@ -110,7 +110,7 @@ public StandardAuthManager(HugeGraphParams graph) { this.ipWhiteList = new ArrayList<>(); - this.whiteIpStatus = false; + this.ipWhiteListEnabled = false; } private Cache cache(String prefix, long capacity, @@ -697,23 +697,23 @@ public UserWithRole validateUser(String token) { } @Override - public List listWhiteIp() { + public List listWhiteIPs() { return ipWhiteList; } @Override - public void setWhiteIpList(List ipWhiteList) { + public void setWhiteIPs(List ipWhiteList) { this.ipWhiteList = ipWhiteList; } @Override public boolean getWhiteIpStatus() { - return this.whiteIpStatus; + return this.ipWhiteListEnabled; } @Override - public void setWhiteIpStatus(boolean status) { - this.whiteIpStatus = status; + public void enabledWhiteIpList(boolean status) { + this.ipWhiteListEnabled = status; } /** From 8c430490c6d62db2b6dc0eb0ddc3ce49141ad0e8 Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Sat, 23 Sep 2023 18:15:05 +0800 Subject: [PATCH 4/7] better code --- .../apache/hugegraph/api/profile/WhiteIpListAPI.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java index 901b7a5aad..5e8acab0b9 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java @@ -71,8 +71,7 @@ public Map list(@Context GraphManager manager) { @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) @RolesAllowed("admin") - public Map updateWhiteIPs(@Context GraphManager manager, - Map actionMap) { + public Map updateWhiteIPs(@Context GraphManager manager, Map actionMap) { E.checkArgument(actionMap != null, "Missing argument: actionMap"); List whiteIpList = manager.authManager().listWhiteIPs(); @@ -106,7 +105,7 @@ public Map updateWhiteIPs(@Context GraphManager manager, case "load": LOG.debug("Load to white ip list"); result.put("existed_ips", existedIPs); - result.put("loaded_ips", loadedIPs); + result.put("added_ips", loadedIPs); if (!illegalIPs.isEmpty()) { result.put("illegal_ips", illegalIPs); } @@ -114,8 +113,8 @@ public Map updateWhiteIPs(@Context GraphManager manager, break; case "remove": LOG.debug("Remove from white ip list"); - result.put("removed", existedIPs); - result.put("nonexistent", loadedIPs); + result.put("removed_ips", existedIPs); + result.put("non_existed_ips", loadedIPs); whiteIpList.removeAll(existedIPs); break; default: @@ -132,8 +131,7 @@ public Map updateWhiteIPs(@Context GraphManager manager, @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) @RolesAllowed("admin") - public Map updateStatus(@Context GraphManager manager, - @QueryParam("status") String status) { + public Map updateStatus(@Context GraphManager manager, @QueryParam("status") String status) { LOG.debug("Enable or disable white ip list"); E.checkArgument("true".equals(status) || "false".equals(status), From a4f364408cbff70f369cbe67bf934ae1b59b59c1 Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Sat, 23 Sep 2023 18:25:32 +0800 Subject: [PATCH 5/7] chore(api): better code for white ip list --- .../hugegraph/api/filter/AuthenticationFilter.java | 3 ++- .../hugegraph/api/profile/WhiteIpListAPI.java | 13 +++++++------ .../apache/hugegraph/auth/HugeGraphAuthProxy.java | 4 ++-- .../java/org/apache/hugegraph/auth/AuthManager.java | 4 ++-- .../apache/hugegraph/auth/StandardAuthManager.java | 8 ++++---- 5 files changed, 17 insertions(+), 15 deletions(-) diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java index 094debd139..464e695fef 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java @@ -25,6 +25,7 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; import javax.xml.bind.DatatypeConverter; @@ -126,7 +127,7 @@ protected User authenticate(ContainerRequestContext context) { path = request.getRequestURI(); String remoteIp = request.getRemoteAddr(); - List whiteIpList = manager.authManager().listWhiteIPs(); + Set whiteIpList = manager.authManager().listWhiteIPs(); boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus(); if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled && !whiteIpList.contains(remoteIp)) { diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java index 5e8acab0b9..8715abbcb5 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java @@ -17,10 +17,11 @@ package org.apache.hugegraph.api.profile; -import java.util.ArrayList; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -61,7 +62,7 @@ public class WhiteIpListAPI extends API { public Map list(@Context GraphManager manager) { LOG.debug("List white ips"); AuthManager authManager = manager.authManager(); - List whiteIpList = authManager.listWhiteIPs(); + Set whiteIpList = authManager.listWhiteIPs(); return ImmutableMap.of("whiteIpList", whiteIpList); } @@ -74,7 +75,7 @@ public Map list(@Context GraphManager manager) { public Map updateWhiteIPs(@Context GraphManager manager, Map actionMap) { E.checkArgument(actionMap != null, "Missing argument: actionMap"); - List whiteIpList = manager.authManager().listWhiteIPs(); + Set whiteIpList = manager.authManager().listWhiteIPs(); Object ipListRaw = actionMap.get("ips"); E.checkArgument(ipListRaw instanceof List, "Invalid ips type '%s', must be list", ipListRaw.getClass()); @@ -88,9 +89,9 @@ public Map updateWhiteIPs(@Context GraphManager manager, Map existedIPs = new ArrayList<>(); - List loadedIPs = new ArrayList<>(); - List illegalIPs = new ArrayList<>(); + Set existedIPs = new HashSet<>(); + Set loadedIPs = new HashSet<>(); + Set illegalIPs = new HashSet<>(); Map result = new HashMap<>(); for (String ip : ipList) { if (whiteIpList.contains(ip)) { diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java index b418ef49e6..2435e2667a 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java @@ -1569,12 +1569,12 @@ public UserWithRole validateUser(String token) { } @Override - public List listWhiteIPs() { + public Set listWhiteIPs() { return this.authManager.listWhiteIPs(); } @Override - public void setWhiteIPs(List whiteIpList) { + public void setWhiteIPs(Set whiteIpList) { this.authManager.setWhiteIPs(whiteIpList); } diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java index c744900f64..908eed01f1 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java @@ -127,9 +127,9 @@ public interface AuthManager { UserWithRole validateUser(String token); - List listWhiteIPs(); + Set listWhiteIPs(); - void setWhiteIPs(List whiteIpList); + void setWhiteIPs(Set whiteIpList); boolean getWhiteIpStatus(); diff --git a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index 05d8a698fa..123c8e9ffd 100644 --- a/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -76,7 +76,7 @@ public class StandardAuthManager implements AuthManager { private final TokenGenerator tokenGenerator; private final long tokenExpire; - private List ipWhiteList; + private Set ipWhiteList; private Boolean ipWhiteListEnabled; @@ -108,7 +108,7 @@ public StandardAuthManager(HugeGraphParams graph) { this.tokenGenerator = new TokenGenerator(config); - this.ipWhiteList = new ArrayList<>(); + this.ipWhiteList = new HashSet<>(); this.ipWhiteListEnabled = false; } @@ -697,12 +697,12 @@ public UserWithRole validateUser(String token) { } @Override - public List listWhiteIPs() { + public Set listWhiteIPs() { return ipWhiteList; } @Override - public void setWhiteIPs(List ipWhiteList) { + public void setWhiteIPs(Set ipWhiteList) { this.ipWhiteList = ipWhiteList; } From 73b4c3b5d08b09778b2e69f2ac81c5d2ebb318f0 Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Wed, 27 Sep 2023 20:58:57 +0800 Subject: [PATCH 6/7] chore(api): better code for white ip list --- .../java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java index 8715abbcb5..7503e13822 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java @@ -30,7 +30,6 @@ import org.apache.hugegraph.api.filter.StatusFilter; import org.apache.hugegraph.auth.AuthManager; import org.apache.hugegraph.core.GraphManager; -import org.apache.hugegraph.server.RestServer; import org.apache.hugegraph.util.E; import org.apache.hugegraph.util.Log; import org.slf4j.Logger; @@ -53,7 +52,7 @@ @Singleton public class WhiteIpListAPI extends API { - private static final Logger LOG = Log.logger(RestServer.class); + private static final Logger LOG = Log.logger(WhiteIpListAPI.class); @GET @Timed From 05a861fce0248968e789952d2b31fbc980a3f9be Mon Sep 17 00:00:00 2001 From: 1289220708 <1289220708@qq.com> Date: Sun, 1 Oct 2023 09:15:59 +0800 Subject: [PATCH 7/7] chore(api): better code for white ip list --- .../main/java/org/apache/hugegraph/config/ServerOptions.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java b/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java index 7bf9cc6a24..6e41ae87c0 100644 --- a/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java +++ b/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java @@ -272,4 +272,4 @@ public static synchronized ServerOptions instance() { disallowEmpty(), "disable" ); -} \ No newline at end of file +}