use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class HistoryController method getConfigHistoryInfo.
/**
* Query the detailed configuration history information. notes:
*
* @param nid history_config_info nid
* @param dataId dataId @since 2.0.3
* @param group groupId @since 2.0.3
* @param tenant tenantId @since 2.0.3
* @return history config info
* @since 2.0.3 add {@link Secured}, dataId, groupId and tenant for history config permission check.
*/
@GetMapping
@Secured(action = ActionTypes.READ, signType = SignType.CONFIG)
public ConfigHistoryInfo getConfigHistoryInfo(@RequestParam("dataId") String dataId, @RequestParam("group") String group, @RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant, @RequestParam("nid") Long nid) throws AccessException {
ConfigHistoryInfo configHistoryInfo = persistService.detailConfigHistory(nid);
if (Objects.isNull(configHistoryInfo)) {
return null;
}
// check if history config match the input
checkHistoryInfoPermission(configHistoryInfo, dataId, group, tenant);
String encryptedDataKey = configHistoryInfo.getEncryptedDataKey();
Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, configHistoryInfo.getContent());
configHistoryInfo.setContent(pair.getSecond());
return configHistoryInfo;
}
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class ConfigPublishRequestHandler method handle.
@Override
@TpsControl(pointName = "ConfigPublish", parsers = { ConfigPublishGroupKeyParser.class, ConfigPublishGroupParser.class })
@Secured(action = ActionTypes.WRITE, signType = SignType.CONFIG)
public ConfigPublishResponse handle(ConfigPublishRequest request, RequestMeta meta) throws NacosException {
try {
String dataId = request.getDataId();
String group = request.getGroup();
String content = request.getContent();
final String tenant = request.getTenant();
final String srcIp = meta.getClientIp();
final String requestIpApp = request.getAdditionParam("requestIpApp");
final String tag = request.getAdditionParam("tag");
final String appName = request.getAdditionParam("appName");
final String type = request.getAdditionParam("type");
final String srcUser = request.getAdditionParam("src_user");
final String encryptedDataKey = request.getAdditionParam("encryptedDataKey");
// check tenant
ParamUtils.checkParam(dataId, group, "datumId", content);
ParamUtils.checkParam(tag);
Map<String, Object> configAdvanceInfo = new HashMap<String, Object>(10);
MapUtil.putIfValNoNull(configAdvanceInfo, "config_tags", request.getAdditionParam("config_tags"));
MapUtil.putIfValNoNull(configAdvanceInfo, "desc", request.getAdditionParam("desc"));
MapUtil.putIfValNoNull(configAdvanceInfo, "use", request.getAdditionParam("use"));
MapUtil.putIfValNoNull(configAdvanceInfo, "effect", request.getAdditionParam("effect"));
MapUtil.putIfValNoNull(configAdvanceInfo, "type", type);
MapUtil.putIfValNoNull(configAdvanceInfo, "schema", request.getAdditionParam("schema"));
ParamUtils.checkParam(configAdvanceInfo);
if (AggrWhitelist.isAggrDataId(dataId)) {
Loggers.REMOTE_DIGEST.warn("[aggr-conflict] {} attempt to publish single data, {}, {}", srcIp, dataId, group);
throw new NacosException(NacosException.NO_RIGHT, "dataId:" + dataId + " is aggr");
}
final Timestamp time = TimeUtils.getCurrentTime();
ConfigInfo configInfo = new ConfigInfo(dataId, group, tenant, appName, content);
configInfo.setMd5(request.getCasMd5());
configInfo.setType(type);
configInfo.setEncryptedDataKey(encryptedDataKey);
String betaIps = request.getAdditionParam("betaIps");
if (StringUtils.isBlank(betaIps)) {
if (StringUtils.isBlank(tag)) {
if (StringUtils.isNotBlank(request.getCasMd5())) {
boolean casSuccess = persistService.insertOrUpdateCas(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
if (!casSuccess) {
return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish fail,server md5 may have changed.");
}
} else {
persistService.insertOrUpdate(srcIp, srcUser, configInfo, time, configAdvanceInfo, false);
}
ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, time.getTime()));
} else {
if (StringUtils.isNotBlank(request.getCasMd5())) {
boolean casSuccess = persistService.insertOrUpdateTagCas(configInfo, tag, srcIp, srcUser, time, false);
if (!casSuccess) {
return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish tag config fail,server md5 may have changed.");
}
} else {
persistService.insertOrUpdateTag(configInfo, tag, srcIp, srcUser, time, false);
}
ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(false, dataId, group, tenant, tag, time.getTime()));
}
} else {
// beta publish
if (StringUtils.isNotBlank(request.getCasMd5())) {
boolean casSuccess = persistService.insertOrUpdateBetaCas(configInfo, betaIps, srcIp, srcUser, time, false);
if (!casSuccess) {
return ConfigPublishResponse.buildFailResponse(ResponseCode.FAIL.getCode(), "Cas publish beta config fail,server md5 may have changed.");
}
} else {
persistService.insertOrUpdateBeta(configInfo, betaIps, srcIp, srcUser, time, false);
}
ConfigChangePublisher.notifyConfigChange(new ConfigDataChangeEvent(true, dataId, group, tenant, time.getTime()));
}
ConfigTraceService.logPersistenceEvent(dataId, group, tenant, requestIpApp, time.getTime(), InetUtils.getSelfIP(), ConfigTraceService.PERSISTENCE_EVENT_PUB, content);
return ConfigPublishResponse.buildSuccessResponse();
} catch (Exception e) {
Loggers.REMOTE_DIGEST.error("[ConfigPublishRequestHandler] publish config error ,request ={}", request, e);
return ConfigPublishResponse.buildFailResponse((e instanceof NacosException) ? ((NacosException) e).getErrCode() : ResponseCode.FAIL.getCode(), e.getMessage());
}
}
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class GrpcProtocolAuthServiceTest method testParseResourceWithNonExistType.
@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNonExistType");
Resource actual = protocolAuthService.parseResource(namingRequest, secured);
assertEquals(Resource.EMPTY_RESOURCE, actual);
}
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class HttpProtocolAuthServiceTest method testParseResourceWithNonExistType.
@Test
@Secured(signType = "non-exist")
public void testParseResourceWithNonExistType() throws NoSuchMethodException {
Secured secured = getMethodSecure("testParseResourceWithNonExistType");
Resource actual = httpProtocolAuthService.parseResource(request, secured);
assertEquals(Resource.EMPTY_RESOURCE, actual);
}
use of com.alibaba.nacos.auth.annotation.Secured in project nacos by alibaba.
the class ConfigGrpcResourceParserTest method testParseWithoutDataId.
@Test
@Secured(signType = Constants.Config.CONFIG_MODULE)
public void testParseWithoutDataId() throws NoSuchMethodException {
Secured secured = getMethodSecure();
Request request = mockConfigRequest("testNs", "testG", "");
Resource actual = resourceParser.parse(request, secured);
assertEquals("testNs", actual.getNamespaceId());
assertEquals("testG", actual.getGroup());
assertEquals(StringUtils.EMPTY, actual.getName());
assertEquals(Constants.Config.CONFIG_MODULE, actual.getType());
}
Aggregations