Search in sources :

Example 1 with ApiManagementException

use of com.bluenimble.platform.api.ApiManagementException in project serverless by bluenimble.

the class ScriptableApiServiceSpi method onStop.

@Override
public void onStop(Api api, ApiService service, ApiContext context) throws ApiManagementException {
    SpecAndSpiPair apiHelper = (SpecAndSpiPair) api.getHelper();
    if (apiHelper == null) {
        throw new ApiManagementException("api '" + api.getNamespace() + "' doesn't support scripting");
    }
    Object jsApi = apiHelper.spec();
    if (jsApi == null) {
        throw new ApiManagementException("api '" + api.getNamespace() + "' doesn't support scripting");
    }
    SpecAndSpiPair serviceHelper = (SpecAndSpiPair) service.getHelper();
    Object spi = serviceHelper.spi();
    if (spi == null) {
        return;
    }
    ScriptingEngine engine = api.space().feature(ScriptingEngine.class, ApiSpace.Features.Default, context);
    if (!engine.has(spi, Functions.OnStop)) {
        return;
    }
    // invoke onStop
    try {
        engine.invoke(spi, Functions.OnStop, jsApi, serviceHelper.spec(), context);
    } catch (ScriptingEngineException ex) {
        api.tracer().log(Level.Error, Lang.BLANK, ex);
    }
}
Also used : ScriptingEngineException(com.bluenimble.platform.scripting.ScriptingEngineException) JsonObject(com.bluenimble.platform.json.JsonObject) ScriptingEngine(com.bluenimble.platform.scripting.ScriptingEngine) ApiManagementException(com.bluenimble.platform.api.ApiManagementException)

Example 2 with ApiManagementException

use of com.bluenimble.platform.api.ApiManagementException in project serverless by bluenimble.

the class ScriptableApiSpi method onStart.

@Override
public void onStart(Api api, ApiContext context) throws ApiManagementException {
    String script = Json.getString(api.getRuntime(), Api.Spec.Runtime.Function);
    if (Lang.isNullOrEmpty(script)) {
        throw new ApiManagementException("function not defined in " + ApiUtils.RuntimeKey);
    }
    String[] path = Lang.split(script, Lang.SLASH);
    ApiResource rScript = null;
    try {
        rScript = api.getResourcesManager().get(path);
    } catch (ApiResourcesManagerException ex) {
        throw new ApiManagementException(ex.getMessage(), ex);
    }
    if (rScript == null) {
        throw new ApiManagementException("function '" + Lang.join(path, Lang.SLASH) + "' not found");
    }
    ScriptingEngine engine = api.space().feature(ScriptingEngine.class, ApiSpace.Features.Default, context);
    // create the spi
    Object jsSpi = null;
    try {
        jsSpi = engine.eval(Supported.Javascript, api, rScript, ScriptContext.Empty);
    } catch (Exception ex) {
        throw new ApiManagementException(ex.getMessage(), ex);
    }
    if (jsSpi == null) {
        throw new ApiManagementException("function returned an undefined object");
    }
    // create the api object
    Object jsApi = null;
    try {
        jsApi = engine.invoke(null, Api.class.getSimpleName(), api);
    } catch (Exception ex) {
        throw new ApiManagementException(ex.getMessage(), ex);
    }
    if (jsApi == null) {
        throw new ApiManagementException("can't create 'api spec' js object");
    }
    api.setHelper(new SpecAndSpiPair(jsApi, jsSpi));
    if (!engine.has(jsSpi, Functions.OnStart)) {
        return;
    }
    // invoke onStart
    try {
        engine.invoke(jsSpi, Functions.OnStart, jsApi, context);
    } catch (ScriptingEngineException ex) {
        ex.setScript(script);
        throw new ApiManagementException(ex.getMessage(), ex);
    }
}
Also used : ApiResource(com.bluenimble.platform.api.ApiResource) ScriptingEngineException(com.bluenimble.platform.scripting.ScriptingEngineException) JsonObject(com.bluenimble.platform.json.JsonObject) ScriptingEngine(com.bluenimble.platform.scripting.ScriptingEngine) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiResourcesManagerException(com.bluenimble.platform.api.ApiResourcesManagerException) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ScriptingEngineException(com.bluenimble.platform.scripting.ScriptingEngineException) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) ApiResourcesManagerException(com.bluenimble.platform.api.ApiResourcesManagerException)

Example 3 with ApiManagementException

use of com.bluenimble.platform.api.ApiManagementException in project serverless by bluenimble.

the class CookieConsumerResolver method authorize.

@Override
public ApiConsumer authorize(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    JsonObject auth = Json.getObject(Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName), Api.Spec.Security.Auth);
    if (auth == null || auth.isEmpty()) {
        return consumer;
    }
    String token = (String) consumer.get(ApiConsumer.Fields.Token);
    // decrypt token
    String decrypted = null;
    JsonObject secrets;
    try {
        secrets = api.space().getSecrets(Json.getString(auth, Spec.Auth.Secrets));
    } catch (ApiManagementException e) {
        throw new ApiAuthenticationException(e.getMessage(), e);
    }
    if (secrets != null && secrets.containsKey(ApiSpace.Spec.secrets.Key)) {
        String key = Json.getString(secrets, ApiSpace.Spec.secrets.Key);
        Crypto.Algorithm alg = Crypto.Algorithm.AES;
        try {
            alg = Crypto.Algorithm.valueOf(Json.getString(secrets, ApiSpace.Spec.secrets.Algorithm, Crypto.Algorithm.AES.name()).toUpperCase());
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
        try {
            decrypted = new String(Crypto.decrypt(Lang.decodeHex(token.toCharArray()), key, alg));
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
    }
    boolean isServiceSecure = Json.getBoolean(service.getSecurity(), ApiService.Spec.Security.Enabled, true);
    if (decrypted == null) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid token");
        } else {
            return consumer;
        }
    }
    String[] idAndExpiry = Lang.split(decrypted, Lang.SPACE);
    if (idAndExpiry.length > 1) {
        long expiry = Long.valueOf(idAndExpiry[1]);
        if (expiry < System.currentTimeMillis()) {
            if (isServiceSecure) {
                throw new ApiAuthenticationException("token expired");
            }
        }
        consumer.set(ApiConsumer.Fields.ExpiryDate, Lang.toUTC(new Date(expiry)));
    }
    consumer.set(ApiConsumer.Fields.Id, idAndExpiry[0]);
    consumer.set(ApiConsumer.Fields.Permissions, secrets.get(ApiConsumer.Fields.Permissions));
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return consumer;
}
Also used : Crypto(com.bluenimble.platform.Crypto) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) JsonObject(com.bluenimble.platform.json.JsonObject) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) Date(java.util.Date)

Example 4 with ApiManagementException

use of com.bluenimble.platform.api.ApiManagementException in project serverless by bluenimble.

the class TokenConsumerResolver method authorize.

@Override
public ApiConsumer authorize(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    JsonObject auth = Json.getObject(Json.getObject(Json.getObject(api.getSecurity(), Api.Spec.Security.Schemes), MethodName), Api.Spec.Security.Auth);
    if (auth == null || auth.isEmpty()) {
        return consumer;
    }
    String token = (String) consumer.get(ApiConsumer.Fields.Token);
    // decrypt token
    String decrypted = null;
    JsonObject secrets;
    try {
        secrets = api.space().getSecrets(Json.getString(auth, Spec.Auth.Secrets));
    } catch (ApiManagementException e) {
        throw new ApiAuthenticationException(e.getMessage(), e);
    }
    if (secrets != null && secrets.containsKey(ApiSpace.Spec.secrets.Key)) {
        String key = Json.getString(secrets, ApiSpace.Spec.secrets.Key);
        Crypto.Algorithm alg = Crypto.Algorithm.AES;
        try {
            alg = Crypto.Algorithm.valueOf(Json.getString(secrets, ApiSpace.Spec.secrets.Algorithm, Crypto.Algorithm.AES.name()).toUpperCase());
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
        try {
            decrypted = new String(Crypto.decrypt(Lang.decodeHex(token.toCharArray()), key, alg));
        } catch (Exception ex) {
            api.tracer().log(Tracer.Level.Error, Lang.BLANK, ex);
        // IGNORE - > invalid token
        }
    }
    boolean isServiceSecure = Json.getBoolean(service.getSecurity(), ApiService.Spec.Security.Enabled, true);
    if (decrypted == null) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid token");
        } else {
            return consumer;
        }
    }
    int indexOfSpace = decrypted.indexOf(Lang.SPACE);
    if (indexOfSpace < 0) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("invalid token");
        } else {
            return consumer;
        }
    }
    String sExpiry = decrypted.substring(0, indexOfSpace);
    long expiry = Long.valueOf(sExpiry);
    if (expiry < System.currentTimeMillis()) {
        if (isServiceSecure) {
            throw new ApiAuthenticationException("token expired");
        }
    }
    consumer.set(ApiConsumer.Fields.ExpiryDate, Lang.toUTC(new Date(expiry)));
    String sInfo = decrypted.substring(indexOfSpace + 1);
    JsonArray fields = Json.getArray(api.getSecurity(), Api.Spec.Security.Encrypt);
    if (fields == null || fields.isEmpty()) {
        consumer.set(ApiConsumer.Fields.Id, sInfo);
    } else {
        String[] values = Lang.split(sInfo, Lang.SEMICOLON);
        for (int i = 0; i < fields.count(); i++) {
            if (i >= values.length) {
                break;
            }
            consumer.set((String) fields.get(i), values[i]);
        }
    }
    consumer.set(ApiConsumer.Fields.Permissions, secrets.get(ApiConsumer.Fields.Permissions));
    consumer.set(ApiConsumer.Fields.Anonymous, false);
    return consumer;
}
Also used : JsonObject(com.bluenimble.platform.json.JsonObject) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException) Date(java.util.Date) JsonArray(com.bluenimble.platform.json.JsonArray) Crypto(com.bluenimble.platform.Crypto) ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)

Example 5 with ApiManagementException

use of com.bluenimble.platform.api.ApiManagementException in project serverless by bluenimble.

the class CreateSpaceSpi method execute.

@Override
public ApiOutput execute(Api api, ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
    String namespace = (String) request.get(Spec.Space);
    JsonObject oSpace = (JsonObject) spaceModel.duplicate().set(ApiSpace.Spec.Namespace, namespace);
    // set default secrets
    JsonObject defaultSecrets = Json.getObject(Json.getObject(oSpace, ApiSpace.Spec.secrets.class.getSimpleName()), ApiSpace.Secrets.Default);
    if (defaultSecrets != null) {
        defaultSecrets.set(ApiSpace.Spec.secrets.Key, Lang.UUID(16));
    }
    // create space
    ApiSpace newSpace = null;
    try {
        newSpace = api.space().create(oSpace);
    } catch (ApiManagementException e) {
        throw new ApiServiceExecutionException(e.getMessage(), e);
    }
    // create root keys
    Map<String, Object> properties = new HashMap<String, Object>();
    properties.put(CommonSpec.Role, Role.ADMIN.name());
    List<KeyPair> keys = null;
    try {
        keys = newSpace.keystore().create(1, null, properties);
    } catch (Exception e) {
        throw new ApiServiceExecutionException(e.getMessage(), e);
    }
    JsonObject result = newSpace.describe(DescribeOption.Info);
    if (keys != null) {
        result.set(CommonOutput.Keys, keys.get(0).toJson());
    }
    return new JsonApiOutput(result);
}
Also used : KeyPair(com.bluenimble.platform.security.KeyPair) HashMap(java.util.HashMap) JsonObject(com.bluenimble.platform.json.JsonObject) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiResourcesManagerException(com.bluenimble.platform.api.ApiResourcesManagerException) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) ApiManagementException(com.bluenimble.platform.api.ApiManagementException) ApiSpace(com.bluenimble.platform.api.ApiSpace) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) JsonObject(com.bluenimble.platform.json.JsonObject) CommonSpec(com.bluenimble.platform.apis.mgm.CommonSpec) JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)

Aggregations

ApiManagementException (com.bluenimble.platform.api.ApiManagementException)23 JsonObject (com.bluenimble.platform.json.JsonObject)13 ApiServiceExecutionException (com.bluenimble.platform.api.ApiServiceExecutionException)8 PluginRegistryException (com.bluenimble.platform.plugins.PluginRegistryException)8 ApiSpace (com.bluenimble.platform.api.ApiSpace)6 ApiResourcesManagerException (com.bluenimble.platform.api.ApiResourcesManagerException)5 IOException (java.io.IOException)5 ApiAccessDeniedException (com.bluenimble.platform.api.ApiAccessDeniedException)4 ApiAuthenticationException (com.bluenimble.platform.api.security.ApiAuthenticationException)4 ScriptingEngine (com.bluenimble.platform.scripting.ScriptingEngine)4 ScriptingEngineException (com.bluenimble.platform.scripting.ScriptingEngineException)4 Crypto (com.bluenimble.platform.Crypto)3 ApiResource (com.bluenimble.platform.api.ApiResource)3 JsonApiOutput (com.bluenimble.platform.api.impls.JsonApiOutput)3 File (java.io.File)3 Date (java.util.Date)3 Api (com.bluenimble.platform.api.Api)2 ApiSpaceImpl (com.bluenimble.platform.api.impls.ApiSpaceImpl)2 ApiRequestSignerException (com.bluenimble.platform.api.security.ApiRequestSignerException)2 SpaceKeyStoreException (com.bluenimble.platform.security.SpaceKeyStoreException)2