diff --git a/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/TenantInitService.java b/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/TenantInitService.java index c6e46218b..77ec246a0 100644 --- a/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/TenantInitService.java +++ b/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/TenantInitService.java @@ -3,15 +3,13 @@ */ package io.holoinsight.server.home.biz.service; -import io.holoinsight.server.apm.common.model.specification.sw.Tag; +import io.holoinsight.server.common.dao.entity.CloudMonitorRange; +import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO; import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO; import io.holoinsight.server.common.dao.entity.dto.TenantOpsStorage; -import io.holoinsight.server.home.biz.plugin.config.MetaLabel; import io.holoinsight.server.common.scope.MonitorScope; import io.holoinsight.server.common.scope.MonitorUser; -import io.holoinsight.server.common.dao.entity.CloudMonitorRange; -import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO; -import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO; +import io.holoinsight.server.home.biz.plugin.config.MetaLabel; import io.holoinsight.server.query.grpc.QueryProto.QueryFilter; import java.util.List; @@ -101,21 +99,13 @@ List getTenantFilters(String tenant, String workspace, String envir CloudMonitorRange getCollectMonitorRange(String table, String tenant, String workspace, List strings, MetaLabel metaLabel); - Boolean checkCookie(String tenant, String workspace, String environment); - - Boolean checkTraceTags(String tenant, String workspace, List tags); - - Boolean checkTraceParams(String tenant, String workspace, Map paramsMap); List getExtraGeneratedLists(); - Boolean checkIntegrationWorkspace(String workspace); - - Boolean checkCustomPluginLogConfParams(String tenant, String workspace, - CustomPluginDTO customPluginDTO); - List getAggCompletenessTags(); List getAggDefaultGroupByTags(); + Boolean checkIntegrationWorkspace(String workspace); + } diff --git a/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/DefaultTenantInitServiceImpl.java b/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/DefaultTenantInitServiceImpl.java index 268666da5..a4655c83a 100644 --- a/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/DefaultTenantInitServiceImpl.java +++ b/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/DefaultTenantInitServiceImpl.java @@ -3,17 +3,15 @@ */ package io.holoinsight.server.home.biz.service.impl; -import io.holoinsight.server.apm.common.model.specification.sw.Tag; +import io.holoinsight.server.common.dao.entity.CloudMonitorRange; +import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO; import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO; import io.holoinsight.server.common.dao.entity.dto.TenantOpsStorage; +import io.holoinsight.server.common.scope.MonitorScope; +import io.holoinsight.server.common.scope.MonitorUser; import io.holoinsight.server.home.biz.common.GaeaConvertUtil; import io.holoinsight.server.home.biz.plugin.config.MetaLabel; import io.holoinsight.server.home.biz.service.TenantInitService; -import io.holoinsight.server.common.scope.MonitorScope; -import io.holoinsight.server.common.scope.MonitorUser; -import io.holoinsight.server.common.dao.entity.CloudMonitorRange; -import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO; -import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO; import io.holoinsight.server.query.grpc.QueryProto.QueryFilter; import java.util.ArrayList; @@ -96,36 +94,12 @@ public CloudMonitorRange getCollectMonitorRange(String table, String tenant, Str return GaeaConvertUtil.convertCloudMonitorRange(table, metaLabel, strings); } - @Override - public Boolean checkCookie(String tenant, String workspace, String environment) { - return Boolean.TRUE; - } - - @Override - public Boolean checkTraceTags(String tenant, String workspace, List tags) { - return Boolean.TRUE; - } - - @Override - public Boolean checkTraceParams(String tenant, String workspace, Map paramsMap) { - return Boolean.TRUE; - } @Override public List getExtraGeneratedLists() { return new ArrayList<>(); } - @Override - public Boolean checkIntegrationWorkspace(String workspace) { - return Boolean.TRUE; - } - - @Override - public Boolean checkCustomPluginLogConfParams(String tenant, String workspace, - CustomPluginDTO customPluginDTO) { - return Boolean.TRUE; - } @Override public List getAggCompletenessTags() { @@ -137,4 +111,9 @@ public List getAggDefaultGroupByTags() { return new ArrayList<>(); } + + @Override + public Boolean checkIntegrationWorkspace(String workspace) { + return Boolean.TRUE; + } } diff --git a/server/home/home-task/src/main/java/io/holoinsight/server/home/task/TenantIntegrationGeneratedTask.java b/server/home/home-task/src/main/java/io/holoinsight/server/home/task/TenantIntegrationGeneratedTask.java index b62b621f8..4a82ed0c5 100644 --- a/server/home/home-task/src/main/java/io/holoinsight/server/home/task/TenantIntegrationGeneratedTask.java +++ b/server/home/home-task/src/main/java/io/holoinsight/server/home/task/TenantIntegrationGeneratedTask.java @@ -3,19 +3,21 @@ */ package io.holoinsight.server.home.task; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.TimeUnit; - import com.google.gson.reflect.TypeToken; import io.holoinsight.server.common.J; import io.holoinsight.server.common.MD5Hash; +import io.holoinsight.server.common.cache.local.CommonLocalCache; +import io.holoinsight.server.common.dao.converter.IntegrationGeneratedConverter; +import io.holoinsight.server.common.dao.entity.CloudMonitorRange; +import io.holoinsight.server.common.dao.entity.GaeaCollectRange; +import io.holoinsight.server.common.dao.entity.IntegrationGenerated; import io.holoinsight.server.common.dao.entity.TenantOps; +import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO; +import io.holoinsight.server.common.dao.entity.dto.IntegrationPluginDTO; +import io.holoinsight.server.common.model.TaskEnum; +import io.holoinsight.server.common.service.IntegrationGeneratedService; +import io.holoinsight.server.common.service.IntegrationPluginService; +import io.holoinsight.server.common.service.TenantOpsService; import io.holoinsight.server.home.biz.common.MetaDictKey; import io.holoinsight.server.home.biz.common.MetaDictType; import io.holoinsight.server.home.biz.common.MetaDictUtil; @@ -25,34 +27,30 @@ import io.holoinsight.server.home.biz.plugin.core.LogPlugin; import io.holoinsight.server.home.biz.plugin.model.Plugin; import io.holoinsight.server.home.biz.plugin.model.PluginType; -import io.holoinsight.server.common.service.IntegrationGeneratedService; -import io.holoinsight.server.common.service.IntegrationPluginService; import io.holoinsight.server.home.biz.service.MetaService; import io.holoinsight.server.home.biz.service.MetaService.AppModel; import io.holoinsight.server.home.biz.service.TenantInitService; -import io.holoinsight.server.common.service.TenantOpsService; -import io.holoinsight.server.common.model.TaskEnum; -import io.holoinsight.server.common.cache.local.CommonLocalCache; -import io.holoinsight.server.common.dao.converter.IntegrationGeneratedConverter; -import io.holoinsight.server.common.dao.entity.IntegrationGenerated; -import io.holoinsight.server.common.dao.entity.CloudMonitorRange; -import io.holoinsight.server.common.dao.entity.GaeaCollectRange; -import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO; -import io.holoinsight.server.common.dao.entity.dto.IntegrationPluginDTO; import io.holoinsight.server.meta.common.model.QueryExample; +import io.holoinsight.server.meta.facade.service.DataClientService; import lombok.extern.slf4j.Slf4j; - import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; -import io.holoinsight.server.meta.facade.service.DataClientService; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.TimeUnit; -import static io.holoinsight.server.home.biz.common.MetaDictKey.INTEGRATION_LOCAL_PRODUCT; -import static io.holoinsight.server.home.biz.common.MetaDictType.INTEGRATION_CONFIG; import static io.holoinsight.server.common.cache.local.CacheConst.APP_META_KEY; import static io.holoinsight.server.common.cache.local.CacheConst.INTEGRATION_GENERATED_CACHE_KEY; +import static io.holoinsight.server.home.biz.common.MetaDictKey.INTEGRATION_LOCAL_PRODUCT; +import static io.holoinsight.server.home.biz.common.MetaDictType.INTEGRATION_CONFIG; /** * diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AgentFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AgentFacadeImpl.java index 87e214f48..39a20df23 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AgentFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AgentFacadeImpl.java @@ -4,6 +4,7 @@ package io.holoinsight.server.home.web.controller; import io.holoinsight.server.common.JsonResult; +import io.holoinsight.server.common.ResultCodeEnum; import io.holoinsight.server.home.biz.common.MetaDictKey; import io.holoinsight.server.home.biz.common.MetaDictType; import io.holoinsight.server.home.biz.common.MetaDictUtil; @@ -19,6 +20,7 @@ import io.holoinsight.server.common.ManageCallback; import io.holoinsight.server.home.web.common.ParaCheckUtil; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; +import io.holoinsight.server.home.web.security.ParameterSecurityService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.GetMapping; @@ -47,6 +49,9 @@ public class AgentFacadeImpl extends BaseFacade { @Autowired private ApiKeyService apiKeyService; + @Autowired + private ParameterSecurityService parameterSecurityService; + @ResponseBody @GetMapping(value = "/vmAgent") @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -93,6 +98,10 @@ public JsonResult> listFiles( @Override public void checkParameter() { ParaCheckUtil.checkParaNotBlank(agentParamRequest.getLogpath(), "logpath"); + if (!parameterSecurityService.checkAgentLogPathPrefix(agentParamRequest.getLogpath())) { + throw new MonitorException( + "the logPath " + agentParamRequest.getLogpath() + "must start with /home/admin/logs"); + } } @Override @@ -122,6 +131,10 @@ public JsonResult> previewFile( @Override public void checkParameter() { ParaCheckUtil.checkParaNotBlank(agentParamRequest.getLogpath(), "logpath"); + if (!parameterSecurityService.checkAgentLogPath(agentParamRequest.getLogpath())) { + throw new MonitorException(ResultCodeEnum.PARAMETER_ILLEGAL, + "the logPath " + agentParamRequest.getLogpath() + "must end with .log"); + } } @Override diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/CustomPluginFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/CustomPluginFacadeImpl.java index f97ce900e..306317578 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/CustomPluginFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/CustomPluginFacadeImpl.java @@ -3,36 +3,36 @@ */ package io.holoinsight.server.home.web.controller; -import io.holoinsight.server.common.UtilMisc; -import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO; -import io.holoinsight.server.common.service.MetricInfoService; -import io.holoinsight.server.home.biz.plugin.core.LogPluginUtil; -import io.holoinsight.server.common.service.AlarmMetricService; -import io.holoinsight.server.home.biz.service.CustomPluginService; -import io.holoinsight.server.common.service.FolderService; -import io.holoinsight.server.home.biz.service.TenantInitService; -import io.holoinsight.server.common.service.UserOpLogService; +import io.holoinsight.server.common.J; +import io.holoinsight.server.common.JsonResult; +import io.holoinsight.server.common.ManageCallback; import io.holoinsight.server.common.MonitorException; +import io.holoinsight.server.common.MonitorPageRequest; +import io.holoinsight.server.common.MonitorPageResult; +import io.holoinsight.server.common.RequestContext; import io.holoinsight.server.common.ResultCodeEnum; +import io.holoinsight.server.common.UtilMisc; +import io.holoinsight.server.common.dao.entity.AlarmMetric; +import io.holoinsight.server.common.dao.entity.Folder; +import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO; import io.holoinsight.server.common.scope.AuthTargetType; import io.holoinsight.server.common.scope.MonitorCookieUtil; import io.holoinsight.server.common.scope.MonitorScope; import io.holoinsight.server.common.scope.MonitorUser; import io.holoinsight.server.common.scope.PowerConstants; -import io.holoinsight.server.common.RequestContext; -import io.holoinsight.server.common.dao.entity.AlarmMetric; -import io.holoinsight.server.common.dao.entity.Folder; +import io.holoinsight.server.common.service.AlarmMetricService; +import io.holoinsight.server.common.service.FolderService; +import io.holoinsight.server.common.service.MetricInfoService; +import io.holoinsight.server.common.service.UserOpLogService; +import io.holoinsight.server.home.biz.plugin.core.LogPluginUtil; +import io.holoinsight.server.home.biz.service.CustomPluginService; import io.holoinsight.server.home.dal.model.OpType; import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO; import io.holoinsight.server.home.dal.model.dto.conf.CollectMetric; -import io.holoinsight.server.common.MonitorPageRequest; -import io.holoinsight.server.common.MonitorPageResult; -import io.holoinsight.server.common.ManageCallback; import io.holoinsight.server.home.web.common.ParaCheckUtil; import io.holoinsight.server.home.web.controller.model.LogSplitReq; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; -import io.holoinsight.server.common.J; -import io.holoinsight.server.common.JsonResult; +import io.holoinsight.server.home.web.security.ParameterSecurityService; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -81,7 +81,7 @@ public class CustomPluginFacadeImpl extends BaseFacade { private MetricInfoService metricInfoService; @Autowired - private TenantInitService tenantInitService; + private ParameterSecurityService parameterSecurityService; @PostMapping("/update") @ResponseBody @@ -103,7 +103,7 @@ public void checkParameter() { MonitorScope ms = RequestContext.getContext().ms; ParaCheckUtil.checkEquals(customPluginDTO.getTenant(), ms.getTenant(), "tenant is illegal"); - Boolean aBoolean = tenantInitService.checkCustomPluginLogConfParams(ms.getTenant(), + Boolean aBoolean = parameterSecurityService.checkCustomPluginLogConfParams(ms.getTenant(), ms.getWorkspace(), customPluginDTO); if (!aBoolean) { throw new MonitorException("collectRange illegal"); @@ -167,7 +167,7 @@ public void checkParameter() { ParaCheckUtil.checkParaNotNull(customPluginDTO.conf, "conf"); ParaCheckUtil.checkParaId(customPluginDTO.getId()); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkCustomPluginLogConfParams(ms.getTenant(), + Boolean aBoolean = parameterSecurityService.checkCustomPluginLogConfParams(ms.getTenant(), ms.getWorkspace(), customPluginDTO); if (!aBoolean) { throw new MonitorException("collectRange illegal"); diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/InitFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/InitFacadeImpl.java index a4200f7a6..57803749d 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/InitFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/InitFacadeImpl.java @@ -18,6 +18,7 @@ import io.holoinsight.server.common.scope.PowerConstants; import io.holoinsight.server.home.web.common.ParaCheckUtil; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; +import io.holoinsight.server.home.web.security.ParameterSecurityService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; @@ -77,6 +78,9 @@ public class InitFacadeImpl extends BaseFacade { @Autowired private TenantInitService tenantInitService; + @Autowired + private ParameterSecurityService parameterSecurityService; + @ResponseBody @GetMapping(value = "/tenantCheck") public JsonResult tenantCheck() { @@ -125,7 +129,7 @@ public JsonResult tenantSwitch(@PathVariable("tenant") String tenant, @Override public void checkParameter() { ParaCheckUtil.checkParaNotNull(tenant, "tenant"); - tenantInitService.checkCookie(tenant, workspace, environment); + parameterSecurityService.checkCookie(tenant, workspace, environment); } @Override diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceAgentFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceAgentFacadeImpl.java index 6afc323d5..4f2276c6b 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceAgentFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceAgentFacadeImpl.java @@ -4,28 +4,29 @@ package io.holoinsight.server.home.web.controller; import com.fasterxml.jackson.databind.ObjectMapper; +import io.holoinsight.server.common.AesUtil; import io.holoinsight.server.common.JsonResult; -import io.holoinsight.server.home.biz.common.MetaDictKey; -import io.holoinsight.server.home.biz.common.MetaDictType; -import io.holoinsight.server.home.biz.common.MetaDictUtil; -import io.holoinsight.server.common.service.ApiKeyService; -import io.holoinsight.server.home.biz.service.TenantInitService; -import io.holoinsight.server.common.service.TraceAgentConfPropService; -import io.holoinsight.server.common.service.TraceAgentConfigurationService; +import io.holoinsight.server.common.ManageCallback; import io.holoinsight.server.common.MonitorException; -import io.holoinsight.server.common.scope.AuthTargetType; -import io.holoinsight.server.common.scope.MonitorScope; -import io.holoinsight.server.common.scope.MonitorUser; -import io.holoinsight.server.common.scope.PowerConstants; import io.holoinsight.server.common.RequestContext; import io.holoinsight.server.common.dao.entity.ApiKey; import io.holoinsight.server.common.dao.entity.TraceAgentConfProp; import io.holoinsight.server.common.dao.entity.TraceAgentConfiguration; -import io.holoinsight.server.common.AesUtil; -import io.holoinsight.server.common.ManageCallback; +import io.holoinsight.server.common.scope.AuthTargetType; +import io.holoinsight.server.common.scope.MonitorScope; +import io.holoinsight.server.common.scope.MonitorUser; +import io.holoinsight.server.common.scope.PowerConstants; +import io.holoinsight.server.common.service.ApiKeyService; +import io.holoinsight.server.common.service.TraceAgentConfPropService; +import io.holoinsight.server.common.service.TraceAgentConfigurationService; +import io.holoinsight.server.home.biz.common.MetaDictKey; +import io.holoinsight.server.home.biz.common.MetaDictType; +import io.holoinsight.server.home.biz.common.MetaDictUtil; +import io.holoinsight.server.home.biz.service.TenantInitService; import io.holoinsight.server.home.web.common.ParaCheckUtil; import io.holoinsight.server.home.web.config.TraceAuthEncryptConfiguration; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; +import io.holoinsight.server.home.web.security.ParameterSecurityService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; @@ -57,6 +58,9 @@ public class TraceAgentFacadeImpl extends BaseFacade { @Autowired private TenantInitService tenantInitService; + @Autowired + private ParameterSecurityService parameterSecurityService; + @Autowired private TraceAgentConfigurationService agentConfigurationService; @Autowired @@ -82,8 +86,8 @@ public JsonResult> traceAgent( @Override public void checkParameter() { MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = - tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), extendInfo); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), extendInfo); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -147,7 +151,7 @@ public void checkParameter() { "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; Boolean aBoolean = - tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), request); + parameterSecurityService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), request); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -192,7 +196,7 @@ public void checkParameter() { "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; Boolean aBoolean = - tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), request); + parameterSecurityService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), request); if (!aBoolean) { throw new MonitorException("term params is illegal"); } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceQueryFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceQueryFacadeImpl.java index e4870f016..631ac6853 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceQueryFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/TraceQueryFacadeImpl.java @@ -4,7 +4,6 @@ package io.holoinsight.server.home.web.controller; import io.holoinsight.server.apm.common.model.query.Endpoint; -import io.holoinsight.server.common.event.Event; import io.holoinsight.server.apm.common.model.query.QueryTraceRequest; import io.holoinsight.server.apm.common.model.query.Service; import io.holoinsight.server.apm.common.model.query.ServiceInstance; @@ -15,17 +14,19 @@ import io.holoinsight.server.apm.common.model.query.VirtualComponent; import io.holoinsight.server.apm.common.model.specification.sw.Trace; import io.holoinsight.server.common.JsonResult; -import io.holoinsight.server.home.biz.service.TenantInitService; -import io.holoinsight.server.home.common.service.QueryClientService; +import io.holoinsight.server.common.ManageCallback; import io.holoinsight.server.common.MonitorException; +import io.holoinsight.server.common.RequestContext; +import io.holoinsight.server.common.event.Event; import io.holoinsight.server.common.scope.AuthTargetType; import io.holoinsight.server.common.scope.MonitorScope; import io.holoinsight.server.common.scope.PowerConstants; -import io.holoinsight.server.common.RequestContext; -import io.holoinsight.server.common.ManageCallback; +import io.holoinsight.server.home.biz.service.TenantInitService; +import io.holoinsight.server.home.common.service.QueryClientService; import io.holoinsight.server.home.web.common.ParaCheckUtil; import io.holoinsight.server.home.web.common.TokenUrls; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; +import io.holoinsight.server.home.web.security.ParameterSecurityService; import io.holoinsight.server.query.grpc.QueryProto; import io.holoinsight.server.query.grpc.QueryProto.QueryMetaRequest.Builder; import io.holoinsight.server.query.grpc.QueryProto.QueryTopologyRequest; @@ -53,6 +54,9 @@ public class TraceQueryFacadeImpl extends BaseFacade { @Autowired private TenantInitService tenantInitService; + @Autowired + private ParameterSecurityService parameterSecurityService; + @PostMapping(value = "/query/basic") @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -68,8 +72,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = - tenantInitService.checkTraceTags(ms.getTenant(), ms.getWorkspace(), request.getTags()); + Boolean aBoolean = parameterSecurityService.checkTraceTags(ms.getTenant(), + ms.getWorkspace(), request.getTags()); if (!aBoolean) { throw new MonitorException("tags params is illegal"); } @@ -101,8 +105,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = - tenantInitService.checkTraceTags(ms.getTenant(), ms.getWorkspace(), request.getTags()); + Boolean aBoolean = parameterSecurityService.checkTraceTags(ms.getTenant(), + ms.getWorkspace(), request.getTags()); if (!aBoolean) { throw new MonitorException("tags params is illegal"); } @@ -134,8 +138,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = - tenantInitService.checkTraceTags(ms.getTenant(), ms.getWorkspace(), request.getTags()); + Boolean aBoolean = parameterSecurityService.checkTraceTags(ms.getTenant(), + ms.getWorkspace(), request.getTags()); if (!aBoolean) { throw new MonitorException("tags params is illegal"); } @@ -168,8 +172,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -215,8 +219,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -251,8 +255,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -295,8 +299,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -333,8 +337,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -375,8 +379,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -417,8 +421,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -457,8 +461,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -497,8 +501,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } @@ -530,8 +534,8 @@ public void checkParameter() { ParaCheckUtil.checkEquals(request.getTenant(), RequestContext.getContext().ms.getTenant(), "tenant is illegal"); MonitorScope ms = RequestContext.getContext().ms; - Boolean aBoolean = tenantInitService.checkTraceParams(ms.getTenant(), ms.getWorkspace(), - request.getTermParamsMap()); + Boolean aBoolean = parameterSecurityService.checkTraceParams(ms.getTenant(), + ms.getWorkspace(), request.getTermParamsMap()); if (!aBoolean) { throw new MonitorException("term params is illegal"); } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityService.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityService.java index 92e9b0b0d..2845dcf33 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityService.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityService.java @@ -3,8 +3,10 @@ */ package io.holoinsight.server.home.web.security; +import io.holoinsight.server.apm.common.model.specification.sw.Tag; import io.holoinsight.server.common.model.DataQueryRequest; import io.holoinsight.server.common.scope.MonitorUser; +import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO; import java.util.List; import java.util.Map; @@ -40,4 +42,20 @@ boolean checkFilterTenantAndWorkspace(String metricTable, Map tags); + + Boolean checkTraceParams(String tenant, String workspace, Map paramsMap); + + + + Boolean checkCustomPluginLogConfParams(String tenant, String workspace, + CustomPluginDTO customPluginDTO); } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityServiceImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityServiceImpl.java index 4189b2a19..b6fbc6458 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityServiceImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ParameterSecurityServiceImpl.java @@ -3,8 +3,10 @@ */ package io.holoinsight.server.home.web.security; +import io.holoinsight.server.apm.common.model.specification.sw.Tag; import io.holoinsight.server.common.model.DataQueryRequest; import io.holoinsight.server.common.scope.MonitorUser; +import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO; import org.apache.commons.lang3.StringUtils; import java.util.Collections; @@ -80,4 +82,38 @@ public boolean checkTenant(String target, String tenant) { public boolean checkSourceId(Long sourceId, String sourceType, String tenant, String workspace) { return true; } + + + @Override + public Boolean checkAgentLogPath(String logpath) { + return Boolean.TRUE; + } + + @Override + public Boolean checkAgentLogPathPrefix(String logpath) { + return Boolean.TRUE; + } + + + @Override + public Boolean checkCookie(String tenant, String workspace, String environment) { + return Boolean.TRUE; + } + + @Override + public Boolean checkTraceTags(String tenant, String workspace, List tags) { + return Boolean.TRUE; + } + + @Override + public Boolean checkTraceParams(String tenant, String workspace, Map paramsMap) { + return Boolean.TRUE; + } + + + @Override + public Boolean checkCustomPluginLogConfParams(String tenant, String workspace, + CustomPluginDTO customPluginDTO) { + return Boolean.TRUE; + } }