Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/tanlang/add api protection / 增加接口保护 #140

Merged
merged 4 commits into from
Feb 22, 2023
Merged

Feat/tanlang/add api protection / 增加接口保护 #140

merged 4 commits into from
Feb 22, 2023

Conversation

LinZexiao
Copy link
Collaborator

@LinZexiao LinZexiao commented Feb 10, 2023
edited
Loading

关联的Issues (Related Issues)

ref filecoin-project/venus#4870

改动 (Proposed Changes)

改动较多,参见索引的issue

附注 (Additional Info)

存在版本兼容性问题=

自查清单 (Checklist)

在你认为本 PR 满足被审阅的标准之前,需要确保 / Before you mark the PR ready for review, please make sure that:

  • 符合Venus项目管理规范中关于PR的相关标准 / The PR follows the PR standards set out in the Venus project management guidelines
  • 具有清晰明确的commit message / All commits have a clear commit message.
  • 包含相关的的测试用例或者不需要新增测试用例 / This PR has tests for new functionality or change in behaviour or not need to add new tests.
  • 包含相关的的指南以及文档或者不需要新增文档 / This PR has updated usage guidelines and documentation or not need
  • 通过必要的检查项 / All checks are green

实现

增加 用户身份 和 权限 的检查如下:

  • Read 权限
    Verify(ctx context.Context, token string) (*JWTPayload, error) // read

  • Admin 权限:
    GenerateToken(ctx context.Context, cp *JWTPayload) (string, error)
    Tokens(ctx context.Context, skip, limit int64) ([]*TokenInfo, error)
    GetToken(c context.Context, token string) (*TokenInfo, error)
    CreateUser(ctx context.Context, req *CreateUserRequest) (*CreateUserResponse, error)
    VerifyUsers(ctx context.Context, req *VerifyUsersReq) error
    ListUsers(ctx context.Context, req *ListUsersRequest) (ListUsersResponse, error)
    HasUser(ctx context.Context, req *HasUserRequest) (bool, error)
    UpdateUser(ctx context.Context, req *UpdateUserRequest) error
    DeleteUser(ctx *gin.Context, req *DeleteUserRequest) error
    RecoverUser(ctx *gin.Context, req *RecoverUserRequest) error
    GetUserRateLimits(ctx context.Context, req *GetUserRateLimitsReq) (GetUserRateLimitResponse, error)
    UpsertUserRateLimit(ctx context.Context, req *UpsertUserRateLimitReq) (string, error)
    DelUserRateLimit(ctx context.Context, req *DelUserRateLimitReq) error
    HasMiner(ctx context.Context, req *HasMinerRequest) (bool, error)
    GetUserByMiner(ctx context.Context, req *GetUserByMinerRequest) (*OutputUser, error)
    RegisterSigners(ctx context.Context, req *RegisterSignersReq) error
    UnregisterSigners(ctx context.Context, req *UnregisterSignersReq) error
    HasSigner(ctx context.Context, req *HasSignerReq) (bool, error)
    GetUserBySigner(ctx context.Context, req *GetUserBySignerReq) ([]*OutputUser, error)
    UpsertMiner(ctx context.Context, req *UpsertMinerReq) (bool, error)

  • Admin 权限 或者 目标数据拥有者 (意味着这部分接口会对部分非admin权限开放)
    RemoveToken(ctx context.Context, token string) error // +tokenOwner
    RecoverToken(ctx context.Context, token string) error // +tokenOwner
    GetTokenByName(c context.Context, name string) ([]*TokenInfo, error) // +tokenOwner
    GetUser(ctx context.Context, req *GetUserRequest) (*OutputUser, error) // +userOwner
    MinerExistInUser(ctx context.Context, req *MinerExistInUserRequest) (bool, error) // +userOwner
    ListMiners(ctx context.Context, req *ListMinerReq) (ListMinerResp, error) // +userOwner
    DelMiner(ctx context.Context, req *DelMinerReq) (bool, error) // +minerOwner
    SignerExistInUser(ctx context.Context, req *SignerExistInUserReq) (bool, error) // +userOwner
    ListSigner(ctx context.Context, req *ListSignerReq) (ListSignerResp, error) // +userOwner
    DelSigner(ctx context.Context, req *DelSignerReq) (bool, error) // +signerOwner

兼容性设计

启动时, 增加 "--disable-perm-check" ,暂时不启用接口权限检查的特性

@codecov-commenter
Copy link

codecov-commenter commented Feb 10, 2023
edited
Loading

Codecov Report

Merging #140 (c2bff5e) into dev/v1.11.0 (29b995a) will increase coverage by 1.37%.
The diff coverage is 50.00%.

Additional details and impacted files

Impacted file tree graph

@@               Coverage Diff               @@
##           dev/v1.11.0     #140      +/-   ##
===============================================
+ Coverage        45.35%   46.72%   +1.37%     
===============================================
  Files               35       36       +1     
  Lines             3819     4079     +260     
===============================================
+ Hits              1732     1906     +174     
- Misses            1874     1943      +69     
- Partials           213      230      +17
Flag Coverage Δ
unittests 46.72% <50.00%> (+1.37%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
cli/api.go 0.00% <0.00%> (ø)
cli/repo.go 0.00% <0.00%> (ø)
cli/run.go 0.00% <0.00%> (ø)
cli/token.go 0.00% <0.00%> (ø)
cmd/mock/main.go 0.00% <0.00%> (ø)
cmd/server/main.go 0.00% <ø> (ø)
config/config.go 55.40% <ø> (+5.40%) ⬆️
core/const.go 59.45% <0.00%> (+10.81%) ⬆️
storage/mysql.go 55.13% <0.00%> (ø)
auth/app.go 51.99% <47.61%> (-0.25%) ⬇️
... and 11 more

@LinZexiao LinZexiao requested review from simlecode, hunjixin and diwufeiwen and removed request for simlecode February 10, 2023 03:12
hunjixin
hunjixin reviewed Feb 13, 2023
View reviewed changes
core/const.go Outdated Show resolved Hide resolved
hunjixin
hunjixin reviewed Feb 13, 2023
View reviewed changes
auth/route.go Outdated Show resolved Hide resolved
hunjixin
hunjixin reviewed Feb 13, 2023
View reviewed changes
auth/app.go Outdated Show resolved Hide resolved
hunjixin
hunjixin reviewed Feb 13, 2023
View reviewed changes
auth/route.go Outdated Show resolved Hide resolved
hunjixin
hunjixin reviewed Feb 13, 2023
View reviewed changes
auth/route.go Outdated Show resolved Hide resolved
hunjixin
hunjixin reviewed Feb 13, 2023
View reviewed changes
auth/jwt.go Show resolved Hide resolved
@LinZexiao LinZexiao force-pushed the feat/tanlang/add-api-protection branch 2 times, most recently from fbdc1d1 to 33092b6 Compare February 14, 2023 02:36
diwufeiwen
diwufeiwen reviewed Feb 14, 2023
View reviewed changes
auth/app.go Outdated Show resolved Hide resolved
diwufeiwen
diwufeiwen approved these changes Feb 14, 2023
View reviewed changes
Copy link
Contributor

@diwufeiwen diwufeiwen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@LinZexiao LinZexiao force-pushed the feat/tanlang/add-api-protection branch from c2bff5e to 71076c0 Compare February 15, 2023 01:46
@hunjixin hunjixin merged commit 5cf7a44 into dev/v1.11.0 Feb 22, 2023
@hunjixin hunjixin deleted the feat/tanlang/add-api-protection branch February 22, 2023 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diwufeiwen diwufeiwen diwufeiwen approved these changes

@simlecode simlecode Awaiting requested review from simlecode

@hunjixin hunjixin Awaiting requested review from hunjixin

Assignees
No one assigned
Labels
None yet
Projects
Venus Team Project(s)
Status: In Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@LinZexiao @codecov-commenter @diwufeiwen @hunjixin