Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: IP white list #2299

Merged
merged 9 commits into from
Oct 2, 2023
Merged

Feat: IP white list #2299

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c90bbe9
white api
SunnyBoy-WYH Aug 23, 2023
03583fa
feat:white api when choose auth mode
SunnyBoy-WYH Aug 26, 2023
5470e17
Merge branch 'master' into feat-whitelist
SunnyBoy-WYH Aug 26, 2023
2b04f68
better code
SunnyBoy-WYH Sep 20, 2023
4419974
Merge branch 'master' into feat-whitelist
SunnyBoy-WYH Sep 23, 2023
8c43049
better code
SunnyBoy-WYH Sep 23, 2023
a4f3644
chore(api): better code for white ip list
SunnyBoy-WYH Sep 23, 2023
73b4c3b
chore(api): better code for white ip list
SunnyBoy-WYH Sep 27, 2023
05a861f
chore(api): better code for white ip list
SunnyBoy-WYH Oct 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,16 +122,16 @@
}

if (Objects.equals(whiteIpStatus, STRING_ENABLE) && request != null) {
peer = request.getRemoteAddr() + ":" + request.getRemotePort();
path = request.getRequestURI();

Check warning on line 126 in hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java#L125-L126 

Added lines #L125 - L126 were not covered by tests

String remoteIp = request.getRemoteAddr();
List<String> whiteIpList = manager.authManager().listWhiteIp();
List<String> whiteIpList = manager.authManager().listWhiteIPs();
boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus();

Check warning on line 130 in hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java#L128-L130 

Added lines #L128 - L130 were not covered by tests
if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled &&
!whiteIpList.contains(remoteIp)) {
throw new ForbiddenException(
String.format("Remote ip '%s' is not permitted",

Check warning on line 134 in hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java#L133-L134 

Added lines #L133 - L134 were not covered by tests
remoteIp));
}
}
Expand Down
58 changes: 29 additions & 29 deletions ...che/hugegraph/api/profile/WhiteIpAPI.java → ...hugegraph/api/profile/WhiteIpListAPI.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,19 @@

@Path("whiteiplist")
@Singleton
public class WhiteIpAPI extends API {
public class WhiteIpListAPI extends API {

Check warning on line 53 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L53 

Added line #L53 was not covered by tests

private static final Logger LOG = Log.logger(RestServer.class);

Check warning on line 55 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L55 

Added line #L55 was not covered by tests
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved

@GET
@Timed
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed("admin")
public Map<String, Object> list(@Context GraphManager manager) {
LOG.debug("List white ips");
AuthManager authManager = manager.authManager();
List<String> whiteIpList = authManager.listWhiteIp();
List<String> whiteIpList = authManager.listWhiteIPs();
return ImmutableMap.of("whiteIpList", whiteIpList);

Check warning on line 65 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L62-L65 

Added lines #L62 - L65 were not covered by tests
}

@POST
Expand All @@ -71,87 +71,87 @@
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed("admin")
public Map<String, Object> batch(@Context GraphManager manager,
public Map<String, Object> updateWhiteIPs(@Context GraphManager manager,
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved
Map<String, Object> actionMap) {
E.checkArgument(actionMap != null,
"Missing argument: actionMap");
List<String> whiteIpList = manager.authManager().listWhiteIp();
Object ips = actionMap.get("ips");
E.checkArgument(ips instanceof List,
"Invalid ips type '%s', must be list", ips.getClass());
List<String> ipList = (List<String>) ips;
Object value = actionMap.get("action");
E.checkArgument(value != null,
List<String> whiteIpList = manager.authManager().listWhiteIPs();
Object ipListRaw = actionMap.get("ips");
E.checkArgument(ipListRaw instanceof List,
"Invalid ips type '%s', must be list", ipListRaw.getClass());
List<String> ipList = (List<String>) ipListRaw;
Object actionRaw = actionMap.get("action");

Check warning on line 83 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L78-L83 

Added lines #L78 - L83 were not covered by tests
E.checkArgument(actionRaw != null,
"Missing argument: action");
E.checkArgument(value instanceof String,
E.checkArgument(actionRaw instanceof String,

Check warning on line 86 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L86 

Added line #L86 was not covered by tests
"Invalid action type '%s', must be string",
value.getClass());
String action = (String) value;
actionRaw.getClass());
String action = (String) actionRaw;
E.checkArgument(StringUtils.isNotEmpty(action),

Check warning on line 90 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L88-L90 

Added lines #L88 - L90 were not covered by tests
"Missing argument: action");
List<String> existed = new ArrayList<>();
List<String> loaded = new ArrayList<>();
List<String> illegalIps = new ArrayList<>();
List<String> existedIPs = new ArrayList<>();
List<String> loadedIPs = new ArrayList<>();
List<String> illegalIPs = new ArrayList<>();
Map<String, Object> result = new HashMap<>();

Check warning on line 95 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L92-L95 

Added lines #L92 - L95 were not covered by tests
for (String ip : ipList) {
if (whiteIpList.contains(ip)) {
existed.add(ip);
existedIPs.add(ip);
continue;

Check warning on line 99 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L98-L99 

Added lines #L98 - L99 were not covered by tests
}
if ("load".equals(action)) {
boolean rightIp = checkIp(ip) ? loaded.add(ip) : illegalIps.add(ip);
boolean rightIp = checkIp(ip) ? loadedIPs.add(ip) : illegalIPs.add(ip);
}
}

Check warning on line 104 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L104 

Added line #L104 was not covered by tests
switch (action) {
case "load":
LOG.debug("Load to white ip list");
result.put("existed", existed);
result.put("loaded", loaded);
if (!illegalIps.isEmpty()) {
result.put("illegalIps", illegalIps);
result.put("existed_ips", existedIPs);
result.put("loaded_ips", loadedIPs);

Check warning on line 109 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L107-L109 

Added lines #L107 - L109 were not covered by tests
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved
if (!illegalIPs.isEmpty()) {
result.put("illegal_ips", illegalIPs);

Check warning on line 111 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L111 

Added line #L111 was not covered by tests
}
whiteIpList.addAll(loaded);
whiteIpList.addAll(loadedIPs);
break;

Check warning on line 114 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L113-L114 

Added lines #L113 - L114 were not covered by tests
case "remove":
LOG.debug("Remove from white ip list");
result.put("removed", existed);
result.put("nonexistent", loaded);
whiteIpList.removeAll(existed);
result.put("removed", existedIPs);
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved
result.put("nonexistent", loadedIPs);
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved
whiteIpList.removeAll(existedIPs);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

try to set the type of whiteIpList to Set<String>

break;

Check warning on line 120 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L116-L120 

Added lines #L116 - L120 were not covered by tests
default:
throw new AssertionError(String.format("Invalid action '%s', " +

Check warning on line 122 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L122 

Added line #L122 was not covered by tests
"supported action is " +
"'load' or 'remove'",
action));
}
manager.authManager().setWhiteIpList(whiteIpList);
manager.authManager().setWhiteIPs(whiteIpList);
return result;

Check warning on line 128 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L127-L128 

Added lines #L127 - L128 were not covered by tests
}

@PUT
@Timed
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed("admin")
public Map<String, Object> update(@Context GraphManager manager,
public Map<String, Object> updateStatus(@Context GraphManager manager,
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved
@QueryParam("status") String status) {
LOG.debug("Enable or disable white ip list");

Check warning on line 137 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L137 

Added line #L137 was not covered by tests
E.checkArgument("true".equals(status) ||
"false".equals(status),
"Invalid status, valid status is 'true' or 'false'");
boolean open = Boolean.parseBoolean(status);
manager.authManager().setWhiteIpStatus(open);
manager.authManager().enabledWhiteIpList(open);
Map<String, Object> map = new HashMap<>();
map.put("WhiteIpListOpen", open);
return map;

Check warning on line 145 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L141-L145 

Added lines #L141 - L145 were not covered by tests
}

private boolean checkIp(String ipStr) {
String ip = "^(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[1-9])\\."

Check warning on line 149 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L149 

Added line #L149 was not covered by tests
+ "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)\\."
+ "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)\\."
+ "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)$";
Pattern pattern = Pattern.compile(ip);
Matcher matcher = pattern.matcher(ipStr);
return matcher.matches();

Check warning on line 155 in hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/WhiteIpListAPI.java#L153-L155 

Added lines #L153 - L155 were not covered by tests
}
}
12 changes: 6 additions & 6 deletions hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1569,24 +1569,24 @@
}

@Override
public List<String> listWhiteIp() {
return this.authManager.listWhiteIp();
public List<String> listWhiteIPs() {
return this.authManager.listWhiteIPs();

Check warning on line 1573 in hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java#L1573 

Added line #L1573 was not covered by tests
}

@Override
public void setWhiteIpList(List<String> whiteIpList) {
this.authManager.setWhiteIpList(whiteIpList);
public void setWhiteIPs(List<String> whiteIpList) {
this.authManager.setWhiteIPs(whiteIpList);
}

Check warning on line 1579 in hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java#L1578-L1579 

Added lines #L1578 - L1579 were not covered by tests

@Override
public boolean getWhiteIpStatus() {
return this.authManager.getWhiteIpStatus();

Check warning on line 1583 in hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java#L1583 

Added line #L1583 was not covered by tests
}

@Override
public void setWhiteIpStatus(boolean status) {
this.authManager.setWhiteIpStatus(status);
public void enabledWhiteIpList(boolean status) {
this.authManager.enabledWhiteIpList(status);
}

Check warning on line 1589 in hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java#L1588-L1589 

Added lines #L1588 - L1589 were not covered by tests

@Override
public String loginUser(String username, String password) {
Expand Down
6 changes: 3 additions & 3 deletions hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,11 @@ public interface AuthManager {

UserWithRole validateUser(String token);

List<String> listWhiteIp();
List<String> listWhiteIPs();

void setWhiteIpList(List<String> whiteIpList);
void setWhiteIPs(List<String> whiteIpList);

boolean getWhiteIpStatus();
SunnyBoy-WYH marked this conversation as resolved.
Show resolved Hide resolved

void setWhiteIpStatus(boolean status);
void enabledWhiteIpList(boolean status);
}
14 changes: 7 additions & 7 deletions hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@

private List<String> ipWhiteList;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mark final

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mark final maybe we cant change it anymore?

Copy link
Member

@imbajin imbajin Sep 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mark final maybe we cant change it anymore?

for Object, final/static will just fix the Memory Pointer Address, won't influence the inner value

just like the head pointer in the linked list

Copy link
Contributor Author

@SunnyBoy-WYH SunnyBoy-WYH Sep 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mark final maybe we cant change it anymore?

for Object, final/static will just fix the Memory Pointer Address, won't influence the inner value

just like the head pointer in the linked list

like this?

private final List<String> ipWhiteList;

public void setWhiteIPs(List<String> ipWhiteList) {
    this.ipWhiteList.clear();
    this.ipWhiteList.addAll(ipWhiteList);
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mark final maybe we cant change it anymore?

for Object, final/static will just fix the Memory Pointer Address, won't influence the inner value
just like the head pointer in the linked list

like this? we cant change object pointer. so we cant use this.ipWhiteList = ipWhiteList in setWhiteIPs func.

private final List<String> ipWhiteList;

public void setWhiteIPs(List<String> ipWhiteList) {
    this.ipWhiteList.clear();
    this.ipWhiteList.addAll(ipWhiteList);
}


private Boolean whiteIpStatus;
private Boolean ipWhiteListEnabled;

public StandardAuthManager(HugeGraphParams graph) {
E.checkNotNull(graph, "graph");
Expand Down Expand Up @@ -110,7 +110,7 @@

this.ipWhiteList = new ArrayList<>();

this.whiteIpStatus = false;
this.ipWhiteListEnabled = false;
}

private <V> Cache<Id, V> cache(String prefix, long capacity,
Expand Down Expand Up @@ -697,24 +697,24 @@
}

@Override
public List<String> listWhiteIp() {
public List<String> listWhiteIPs() {
return ipWhiteList;

Check warning on line 701 in hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java#L701 

Added line #L701 was not covered by tests
}

@Override
public void setWhiteIpList(List<String> ipWhiteList) {
public void setWhiteIPs(List<String> ipWhiteList) {
this.ipWhiteList = ipWhiteList;
}

Check warning on line 707 in hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java#L706-L707 

Added lines #L706 - L707 were not covered by tests

@Override
public boolean getWhiteIpStatus() {
return this.whiteIpStatus;
return this.ipWhiteListEnabled;

Check warning on line 711 in hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java#L711 

Added line #L711 was not covered by tests
}

@Override
public void setWhiteIpStatus(boolean status) {
this.whiteIpStatus = status;
public void enabledWhiteIpList(boolean status) {
this.ipWhiteListEnabled = status;
}

Check warning on line 717 in hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java

View check run for this annotation

Codecov / codecov/patch

hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java#L716-L717 

Added lines #L716 - L717 were not covered by tests

/**
* Maybe can define an proxy class to choose forward or call local
Expand Down
Loading