Search in sources :

Example 36 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class HistoryController method getConfigHistoryInfo.

/**
 * Query the detailed configuration history information. notes:
 *
 * @param nid    history_config_info nid
 * @param dataId dataId  @since 2.0.3
 * @param group  groupId  @since 2.0.3
 * @param tenant tenantId  @since 2.0.3
 * @return history config info
 * @since 2.0.3 add {@link Secured}, dataId, groupId and tenant for history config permission check.
 */
@GetMapping
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG)
public ConfigHistoryInfo getConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("nid") Long nid) throws AccessException {
    ConfigHistoryInfo configHistoryInfo = persistService.detailConfigHistory(nid);
    if (Objects.isNull(configHistoryInfo)) {
        return null;
    }
    // check if history config match the input
    checkHistoryInfoPermission(configHistoryInfo, dataId, group, tenant);
    String encryptedDataKey = configHistoryInfo.getEncryptedDataKey();
    Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, configHistoryInfo.getContent());
    configHistoryInfo.setContent(pair.getSecond());
    return configHistoryInfo;
}
Also used : ConfigHistoryInfo(com.alibaba.nacos.config.server.model.ConfigHistoryInfo) GetMapping(org.springframework.web.bind.annotation.GetMapping) Secured(com.alibaba.nacos.auth.annotation.Secured)

Example 37 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class ConfigPublishRequestHandler method handle.

@Override
@TpsControl(pointName = "ConfigPublish", parsers = { ConfigPublishGroupKeyParser.class, ConfigPublishGroupParser.class })
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG)
public ConfigPublishResponse handle(ConfigPublishRequest request, RequestMeta meta) throws NacosException {
    try {
        String dataId = request.getDataId();
        String group = request.getGroup();
        String content = request.getContent();
        final String tenant = request.getTenant();
        final String srcIp = meta.getClientIp();
        final String requestIpApp = request.getAdditionParam("requestIpApp");
        final String tag = request.getAdditionParam("tag");
        final String appName = request.getAdditionParam("appName");
        final String type = request.getAdditionParam("type");
        final String srcUser = request.getAdditionParam("src_user");
        final String encryptedDataKey = request.getAdditionParam("encryptedDataKey");
        // check tenant
        ParamUtils.checkParam(dataId, group, "datumId", content);
        ParamUtils.checkParam(tag);
        Map<String, Object> configAdvanceInfo = new HashMap<String, Object>(10);
        MapUtil.putIfValNoNull(configAdvanceInfo, "config_tags", request.getAdditionParam("config_tags"));
        MapUtil.putIfValNoNull(configAdvanceInfo, "desc", request.getAdditionParam("desc"));
        MapUtil.putIfValNoNull(configAdvanceInfo, "use", request.getAdditionParam("use"));
        MapUtil.putIfValNoNull(configAdvanceInfo, "effect", request.getAdditionParam("effect"));
        MapUtil.putIfValNoNull(configAdvanceInfo, "type", type);
        MapUtil.putIfValNoNull(configAdvanceInfo, "schema", request.getAdditionParam("schema"));
        ParamUtils.checkParam(configAdvanceInfo);
        if (AggrWhitelist.isAggrDataId(dataId)) {
            Loggers.REMOTE_DIGEST.warn("[aggr-conflict] {} attempt to publish single data, {}, {}", srcIp, dataId, group);
            throw new NacosException(NacosException.NO_RIGHT, "dataId:" + dataId + " is aggr");
        }
        final Timestamp time = TimeUtils.getCurrentTime();
        ConfigInfo configInfo = new ConfigInfo(dataId, group, tenant, appName, content);
        configInfo.setMd5(request.getCasMd5());
        configInfo.setType(type);
        configInfo.setEncryptedDataKey(encryptedDataKey);
        String betaIps = request.getAdditionParam("betaIps");
        if (StringUtils.isBlank(betaIps)) {
            if (StringUtils.isBlank(tag)) {
                if (StringUtils.isNotBlank(request.getCasMd5())) {
                    boolean casSuccess = persistService.insertOrUpdateCas(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
                    if (!casSuccess) {
                        return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish fail,server md5 may have changed.");
                    }
                } else {
                    persistService.insertOrUpdate(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
                }
                ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, time.getTime()));
            } else {
                if (StringUtils.isNotBlank(request.getCasMd5())) {
                    boolean casSuccess = persistService.insertOrUpdateTagCas(configInfo, tag, srcIp, srcUser, time, false);
                    if (!casSuccess) {
                        return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish tag config fail,server md5 may have changed.");
                    }
                } else {
                    persistService.insertOrUpdateTag(configInfo, tag, srcIp, srcUser, time, false);
                }
                ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, tag, time.getTime()));
            }
        } else {
            // beta publish
            if (StringUtils.isNotBlank(request.getCasMd5())) {
                boolean casSuccess = persistService.insertOrUpdateBetaCas(configInfo, betaIps, srcIp, srcUser, time, false);
                if (!casSuccess) {
                    return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish beta config fail,server md5 may have changed.");
                }
            } else {
                persistService.insertOrUpdateBeta(configInfo, betaIps, srcIp, srcUser, time, false);
            }
            ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(true, dataId, group, tenant, time.getTime()));
        }
        ConfigTraceService.logPersistenceEvent(dataId, group, tenant, requestIpApp, time.getTime(), InetUtils.getSelfIP(), ConfigTraceService.PERSISTENCE_EVENT_PUB, content);
        return ConfigPublishResponse.buildSuccessResponse();
    } catch (Exception e) {
        Loggers.REMOTE_DIGEST.error("[ConfigPublishRequestHandler] publish config error ,request ={}", request, e);
        return ConfigPublishResponse.buildFailResponse((e instanceof NacosException) ? ((NacosException) e).getErrCode() : ResponseCode.FAIL.getCode(), e.getMessage());
    }
}
Also used : HashMap(java.util.HashMap) ConfigDataChangeEvent(com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent) ConfigInfo(com.alibaba.nacos.config.server.model.ConfigInfo) Timestamp(java.sql.Timestamp) NacosException(com.alibaba.nacos.api.exception.NacosException) NacosException(com.alibaba.nacos.api.exception.NacosException) Secured(com.alibaba.nacos.auth.annotation.Secured) TpsControl(com.alibaba.nacos.core.remote.control.TpsControl)

Example 38 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class GrpcProtocolAuthServiceTest method testParseResourceWithNonExistType.

@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
    Secured secured = getMethodSecure("testParseResourceWithNonExistType");
    Resource actual = protocolAuthService.parseResource(namingRequest, secured);
    assertEquals(Resource.EMPTY_RESOURCE, actual);
}
Also used : Secured(com.alibaba.nacos.auth.annotation.Secured) Resource(com.alibaba.nacos.plugin.auth.api.Resource) Test(org.junit.Test) Secured(com.alibaba.nacos.auth.annotation.Secured)

Example 39 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class HttpProtocolAuthServiceTest method testParseResourceWithNonExistType.

@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
    Secured secured = getMethodSecure("testParseResourceWithNonExistType");
    Resource actual = httpProtocolAuthService.parseResource(request, secured);
    assertEquals(Resource.EMPTY_RESOURCE, actual);
}
Also used : Secured(com.alibaba.nacos.auth.annotation.Secured) Resource(com.alibaba.nacos.plugin.auth.api.Resource) Test(org.junit.Test) Secured(com.alibaba.nacos.auth.annotation.Secured)

Example 40 with Secured

use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.

the class ConfigGrpcResourceParserTest method testParseWithoutDataId.

@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutDataId() throws NoSuchMethodException {
    Secured secured = getMethodSecure();
    Request request = mockConfigRequest("testNs", "testG", "");
    Resource actual = resourceParser.parse(request, secured);
    assertEquals("testNs", actual.getNamespaceId());
    assertEquals("testG", actual.getGroup());
    assertEquals(StringUtils.EMPTY, actual.getName());
    assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
Also used : Secured(com.alibaba.nacos.auth.annotation.Secured) ConfigPublishRequest(com.alibaba.nacos.api.config.remote.request.ConfigPublishRequest) ConfigBatchListenRequest(com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest) Request(com.alibaba.nacos.api.remote.request.Request) Resource(com.alibaba.nacos.plugin.auth.api.Resource) Test(org.junit.Test) Secured(com.alibaba.nacos.auth.annotation.Secured)

Aggregations

Secured (com.alibaba.nacos.auth.annotation.Secured)104 Resource (com.alibaba.nacos.plugin.auth.api.Resource)34 Test (org.junit.Test)32 GetMapping (org.springframework.web.bind.annotation.GetMapping)20 CanDistro (com.alibaba.nacos.naming.web.CanDistro)17 Instance (com.alibaba.nacos.api.naming.pojo.Instance)16 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)15 PostMapping (org.springframework.web.bind.annotation.PostMapping)13 PutMapping (org.springframework.web.bind.annotation.PutMapping)13 DeleteMapping (org.springframework.web.bind.annotation.DeleteMapping)12 ConfigDataChangeEvent (com.alibaba.nacos.config.server.model.event.ConfigDataChangeEvent)10 Timestamp (java.sql.Timestamp)10 NacosException (com.alibaba.nacos.api.exception.NacosException)8 AbstractNamingRequest (com.alibaba.nacos.api.naming.remote.request.AbstractNamingRequest)8 Request (com.alibaba.nacos.api.remote.request.Request)8 ConfigInfo (com.alibaba.nacos.config.server.model.ConfigInfo)8 ServiceMetadata (com.alibaba.nacos.naming.core.v2.metadata.ServiceMetadata)7 ConfigBatchListenRequest (com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest)6 HashMap (java.util.HashMap)6 ConfigAllInfo (com.alibaba.nacos.config.server.model.ConfigAllInfo)5