From d251dccee1764ed0e7e85753f9a7f986f33a3cd4 Mon Sep 17 00:00:00 2001 From: masaimu Date: Wed, 27 Mar 2024 20:46:01 +0800 Subject: [PATCH] feat: alarm rule checker (#826) --- .../HoloinsightHomeConfiguration.java | 3 +- .../common/service/RequestContextAdapter.java | 2 + .../service/RequestContextAdapterImpl.java | 5 + .../home/dal/model/dto/AlarmBlockDTO.java | 63 +- .../server/home/facade/AlarmRuleDTO.java | 76 +-- .../server/home/facade/ApiSecurity.java | 179 ------ .../home/facade/trigger/DataSource.java | 4 - .../server/home/facade/trigger/Trigger.java | 2 - .../server/home/facade/utils/CreateCheck.java | 19 - .../server/home/facade/utils/ExistCheck.java | 21 - .../server/home/facade/utils/FieldCheck.java | 19 - .../home/facade/utils/ParaCheckUtil.java | 17 +- .../server/home/facade/utils/ReadCheck.java | 19 - .../server/home/facade/utils/UpdateCheck.java | 19 - .../home/web/common/ApiSecurityFactory.java | 116 ---- .../home/web/common/SecurityResource.java | 22 - .../web/controller/AlarmBlockFacadeImpl.java | 105 ++- .../AlarmDingDingRobotFacadeImpl.java | 3 - .../AlarmHistoryDetailFacadeImpl.java | 28 +- .../controller/AlarmHistoryFacadeImpl.java | 22 +- .../web/controller/AlarmRuleFacadeImpl.java | 157 +++-- .../home/web/controller/BaseFacade.java | 51 +- .../web/security}/ApiSecurityService.java | 2 +- .../web/security/ApiSecurityServiceImpl.java | 1 - .../web/security/LevelAuthorizationCheck.java | 2 +- .../LevelAuthorizationCheckException.java | 2 +- .../LevelAuthorizationCheckResult.java | 36 ++ .../LevelAuthorizationDecisionManager.java | 9 +- .../security/custom/AbstractQueryChecker.java | 107 +++ .../custom/AbstractResourceChecker.java | 24 +- .../custom/AlarmBlockFacadeImplChecker.java | 213 ++++++ .../AlarmDingDingRobotFacadeImplChecker.java | 95 ++- .../custom/AlarmHistoryFacadeImplChecker.java | 58 +- .../AlarmRuleLevelAuthorizationChecker.java | 607 +++++++++++++++++- .../AlertTemplateFacadeImplChecker.java | 94 ++- .../controller/AlarmRuleFacadeImplTest.java | 13 +- .../server/test/it/AlarmBlockFacadeIT.java | 18 +- .../server/test/it/AlertDingDingRobotIT.java | 2 + .../server/test/it/AlertRuleIT.java | 19 +- 39 files changed, 1325 insertions(+), 929 deletions(-) delete mode 100644 server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/ApiSecurity.java delete mode 100644 server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/CreateCheck.java delete mode 100644 server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ExistCheck.java delete mode 100644 server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/FieldCheck.java delete mode 100644 server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ReadCheck.java delete mode 100644 server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/UpdateCheck.java delete mode 100644 server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/ApiSecurityFactory.java delete mode 100644 server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/SecurityResource.java rename server/home/{home-facade/src/main/java/io/holoinsight/server/home/facade/utils => home-web/src/main/java/io/holoinsight/server/home/web/security}/ApiSecurityService.java (93%) create mode 100644 server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckResult.java create mode 100644 server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractQueryChecker.java create mode 100644 server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmBlockFacadeImplChecker.java diff --git a/server/home/home-boot/src/main/java/io/holoinsight/server/home/bootstrap/HoloinsightHomeConfiguration.java b/server/home/home-boot/src/main/java/io/holoinsight/server/home/bootstrap/HoloinsightHomeConfiguration.java index b16407a2f..d9b4ae464 100644 --- a/server/home/home-boot/src/main/java/io/holoinsight/server/home/bootstrap/HoloinsightHomeConfiguration.java +++ b/server/home/home-boot/src/main/java/io/holoinsight/server/home/bootstrap/HoloinsightHomeConfiguration.java @@ -24,14 +24,13 @@ import io.holoinsight.server.home.biz.service.EnvironmentService; import io.holoinsight.server.home.biz.service.TenantInitService; import io.holoinsight.server.home.biz.service.UserinfoVerificationService; -import io.holoinsight.server.home.biz.service.impl.AlarmHistoryServiceImpl; import io.holoinsight.server.home.biz.service.impl.AlertRuleServiceImpl; import io.holoinsight.server.home.biz.service.impl.DefaultEnvironmentServiceImpl; import io.holoinsight.server.home.biz.service.impl.DefaultTenantInitServiceImpl; import io.holoinsight.server.home.biz.service.impl.UserinfoVerificationServiceImpl; import io.holoinsight.server.home.common.service.RequestContextAdapter; import io.holoinsight.server.home.common.service.RequestContextAdapterImpl; -import io.holoinsight.server.home.facade.utils.ApiSecurityService; +import io.holoinsight.server.home.web.security.ApiSecurityService; import io.holoinsight.server.home.web.controller.TraceAgentFacadeImpl; import io.holoinsight.server.home.web.security.ApiSecurityServiceImpl; import io.holoinsight.server.home.web.security.ParameterSecurityService; diff --git a/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapter.java b/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapter.java index be5747086..094714358 100644 --- a/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapter.java +++ b/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapter.java @@ -32,4 +32,6 @@ public interface RequestContextAdapter { String getTenantFromContext(RequestContext.Context context); String getWorkspaceFromContext(RequestContext.Context context); + + String getSimpleWorkspaceFromContext(RequestContext.Context context); } diff --git a/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapterImpl.java b/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapterImpl.java index c996620b2..a74b4ed25 100644 --- a/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapterImpl.java +++ b/server/home/home-common/src/main/java/io/holoinsight/server/home/common/service/RequestContextAdapterImpl.java @@ -76,4 +76,9 @@ public String getTenantFromContext(RequestContext.Context context) { public String getWorkspaceFromContext(RequestContext.Context context) { return context.ms.workspace; } + + @Override + public String getSimpleWorkspaceFromContext(RequestContext.Context context) { + return getWorkspaceFromContext(context); + } } diff --git a/server/home/home-dal/src/main/java/io/holoinsight/server/home/dal/model/dto/AlarmBlockDTO.java b/server/home/home-dal/src/main/java/io/holoinsight/server/home/dal/model/dto/AlarmBlockDTO.java index 9d1cc42d6..95207a3e4 100644 --- a/server/home/home-dal/src/main/java/io/holoinsight/server/home/dal/model/dto/AlarmBlockDTO.java +++ b/server/home/home-dal/src/main/java/io/holoinsight/server/home/dal/model/dto/AlarmBlockDTO.java @@ -3,37 +3,19 @@ */ package io.holoinsight.server.home.dal.model.dto; -import io.holoinsight.server.home.common.service.SpringContext; -import io.holoinsight.server.home.facade.ApiSecurity; -import io.holoinsight.server.home.facade.utils.ApiSecurityService; -import io.holoinsight.server.home.facade.utils.CreateCheck; -import io.holoinsight.server.home.facade.utils.ExistCheck; -import io.holoinsight.server.home.facade.utils.ParaCheckUtil; -import io.holoinsight.server.home.facade.utils.UpdateCheck; import lombok.Data; -import lombok.EqualsAndHashCode; -import org.apache.commons.lang3.StringUtils; -import java.lang.reflect.Field; import java.util.Date; -import static io.holoinsight.server.home.facade.utils.CheckCategory.CUSTOM; -import static io.holoinsight.server.home.facade.utils.CheckCategory.IS_NULL; -import static io.holoinsight.server.home.facade.utils.CheckCategory.NOT_NULL; - /** * @author wangsiyuan * @date 2022/6/15 4:52 下午 */ -@EqualsAndHashCode(callSuper = true) @Data -public class AlarmBlockDTO extends ApiSecurity { +public class AlarmBlockDTO { /** * id */ - @CreateCheck(IS_NULL) - @UpdateCheck({NOT_NULL, CUSTOM}) - @ExistCheck(column = {"id", "tenant", "workspace"}, mapper = "alarmBlockMapper") private Long id; /** @@ -69,8 +51,6 @@ public class AlarmBlockDTO extends ApiSecurity { /** * 告警id */ - @CreateCheck(CUSTOM) - @UpdateCheck(CUSTOM) private String uniqueId; /** @@ -81,7 +61,6 @@ public class AlarmBlockDTO extends ApiSecurity { /** * 租户id */ - @UpdateCheck({NOT_NULL, CUSTOM}) private String tenant; /** @@ -108,44 +87,4 @@ public class AlarmBlockDTO extends ApiSecurity { * 结束时间 */ private Date endTime; - - @Override - public void customCheckRead(Field field, String tenant, String workspace) { - - } - - @Override - public void customCheckUpdate(Field field, String tenant, String workspace) { - ApiSecurityService apiSecurityService = SpringContext.getBean(ApiSecurityService.class); - String fieldName = field.getName(); - switch (fieldName) { - case "uniqueId": - if (StringUtils.isNotEmpty(this.uniqueId)) { - ParaCheckUtil.checkParaBoolean( - apiSecurityService.checkRuleTenantAndWorkspace(this.uniqueId, tenant, workspace), - "uniqueId do not belong to this tenant or workspace"); - } - break; - case "tenant": - if (!StringUtils.equals(this.tenant, tenant)) { - throwMonitorException("tenant is illegal"); - } - break; - } - } - - @Override - public void customCheckCreate(Field field, String tenant, String workspace) { - ApiSecurityService apiSecurityService = SpringContext.getBean(ApiSecurityService.class); - String fieldName = field.getName(); - switch (fieldName) { - case "uniqueId": - if (StringUtils.isNotEmpty(this.uniqueId)) { - ParaCheckUtil.checkParaBoolean( - apiSecurityService.checkRuleTenantAndWorkspace(this.uniqueId, tenant, workspace), - "uniqueId do not belong to this tenant or workspace"); - } - break; - } - } } diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/AlarmRuleDTO.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/AlarmRuleDTO.java index 1ee3ed0bd..db73a2c01 100644 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/AlarmRuleDTO.java +++ b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/AlarmRuleDTO.java @@ -9,12 +9,7 @@ import io.holoinsight.server.home.facade.trigger.DataSource; import io.holoinsight.server.home.facade.trigger.Filter; import io.holoinsight.server.home.facade.trigger.Trigger; -import io.holoinsight.server.home.facade.utils.ApiSecurityService; -import io.holoinsight.server.home.facade.utils.CreateCheck; -import io.holoinsight.server.home.facade.utils.ExistCheck; -import io.holoinsight.server.home.facade.utils.UpdateCheck; import lombok.Data; -import lombok.EqualsAndHashCode; import org.apache.commons.lang3.StringUtils; import org.springframework.util.CollectionUtils; @@ -28,24 +23,18 @@ import java.util.Map; import static io.holoinsight.server.home.facade.utils.CheckCategory.CUSTOM; -import static io.holoinsight.server.home.facade.utils.CheckCategory.IS_NULL; import static io.holoinsight.server.home.facade.utils.CheckCategory.NOT_NULL; -import static io.holoinsight.server.home.facade.utils.CheckCategory.SQL_NAME; /** * @author wangsiyuan * @date 2022/4/12 9:38 下午 */ -@EqualsAndHashCode(callSuper = true) @Data -public class AlarmRuleDTO extends ApiSecurity { +public class AlarmRuleDTO { /** * id */ - @CreateCheck(IS_NULL) - @UpdateCheck({NOT_NULL, CUSTOM}) - @ExistCheck(column = {"id", "tenant", "workspace"}, mapper = "alarmRuleMapper") private Long id; /** @@ -61,8 +50,6 @@ public class AlarmRuleDTO extends ApiSecurity { /** * 规则名称 */ - @CreateCheck({NOT_NULL, SQL_NAME}) - @UpdateCheck({SQL_NAME}) private String ruleName; /** @@ -83,7 +70,6 @@ public class AlarmRuleDTO extends ApiSecurity { /** * 告警级别 */ - @CreateCheck(NOT_NULL) private String alarmLevel; /** @@ -94,13 +80,11 @@ public class AlarmRuleDTO extends ApiSecurity { /** * 规则是否生效 */ - @CreateCheck(NOT_NULL) private Byte status; /** * 合并是否开启 */ - @CreateCheck(NOT_NULL) private Byte isMerge; /** @@ -111,7 +95,6 @@ public class AlarmRuleDTO extends ApiSecurity { /** * 恢复通知是否开启 */ - @CreateCheck(NOT_NULL) private Byte recover; /** @@ -127,7 +110,6 @@ public class AlarmRuleDTO extends ApiSecurity { /** * 租户id */ - @UpdateCheck({NOT_NULL, CUSTOM}) private String tenant; /** @@ -138,14 +120,11 @@ public class AlarmRuleDTO extends ApiSecurity { /** * 告警规则 */ - @CreateCheck({NOT_NULL, CUSTOM}) - @UpdateCheck({CUSTOM}) private Map rule; /** * 生效时间 */ - @CreateCheck(NOT_NULL) private Map timeFilter; /** @@ -324,57 +303,4 @@ public List getMetric() { } return filters; } - - @Override - public void customCheckRead(Field field, String tenant, String workspace) { - - } - - @Override - public void customCheckCreate(Field field, String tenant, String workspace) { - String fieldName = field.getName(); - switch (fieldName) { - case "rule": - checkMetrics(tenant, workspace); - break; - } - } - - @Override - public void customCheckUpdate(Field field, String tenant, String workspace) { - String fieldName = field.getName(); - switch (fieldName) { - case "tenant": - if (!StringUtils.equals(this.tenant, tenant)) { - throwMonitorException("tenant is illegal"); - } - break; - case "rule": - checkMetrics(tenant, workspace); - break; - } - } - - private void checkMetrics(String tenant, String workspace) { - List metrics = getMetric(); - if (CollectionUtils.isEmpty(metrics)) { - return; - } - ApiSecurityService apiSecurityService = SpringContext.getBean(ApiSecurityService.class); - for (String metric : metrics) { - if (apiSecurityService.isGlobalMetric(metric)) { - Map /* tagvs */> filter = getFilters(metric); - boolean checkResult = apiSecurityService.checkFilter(metric, filter, tenant, workspace); - if (!checkResult) { - throwMonitorException("the tenant or workspace of " + metric + " is invalid."); - } - } else { - boolean checkResult = - apiSecurityService.checkMetricTenantAndWorkspace(metric, tenant, workspace); - if (!checkResult) { - throwMonitorException("the tenant or workspace of " + metric + " is invalid."); - } - } - } - } } diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/ApiSecurity.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/ApiSecurity.java deleted file mode 100644 index 848130aba..000000000 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/ApiSecurity.java +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.facade; - - -import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; -import com.baomidou.mybatisplus.core.mapper.BaseMapper; -import io.holoinsight.server.home.common.service.RequestContextAdapter; -import io.holoinsight.server.home.common.service.SpringContext; -import io.holoinsight.server.home.common.util.MonitorException; -import io.holoinsight.server.home.facade.utils.CheckCategory; -import io.holoinsight.server.home.facade.utils.CreateCheck; -import io.holoinsight.server.home.facade.utils.ExistCheck; -import io.holoinsight.server.home.facade.utils.FieldCheck; -import io.holoinsight.server.home.facade.utils.ParaCheckUtil; -import io.holoinsight.server.home.facade.utils.ReadCheck; -import io.holoinsight.server.home.facade.utils.SecurityMethodCategory; -import io.holoinsight.server.home.facade.utils.UpdateCheck; -import lombok.Data; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; - -import java.lang.reflect.Field; - -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.create; -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.query; -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.update; - -/** - * @author masaimu - * @version 2023-11-21 20:30:00 - */ -@Slf4j -@Data -public abstract class ApiSecurity implements FieldCheck { - - - public void checkRead(String tenant, String workspace) { - - Field[] fields = this.getClass().getDeclaredFields(); - for (Field field : fields) { - ReadCheck checkAnnotation = field.getAnnotation(ReadCheck.class); - if (checkAnnotation != null) { - processField(field, checkAnnotation.value(), query, tenant, workspace); - } - ExistCheck existCheckAnnotation = field.getAnnotation(ExistCheck.class); - if (existCheckAnnotation != null) { - BaseMapper existBaseMapper = null; - Object existMapperObj = SpringContext.getBeanByName(existCheckAnnotation.mapper()); - if (existMapperObj instanceof BaseMapper) { - existBaseMapper = (BaseMapper) existMapperObj; - } - checkFieldExist(field, existCheckAnnotation.column(), tenant, workspace, existBaseMapper); - } - } - } - - private void checkFieldExist(Field field, String[] columns, String tenant, String workspace, - BaseMapper baseMapper) { - if (baseMapper == null) { - throwMonitorException("can not find mapper bean", field); - } - try { - Object v = field.get(this); - if (v == null) { - return; - } - QueryWrapper wrapper = new QueryWrapper<>(); - RequestContextAdapter requestContextAdapter = - SpringContext.getBean(RequestContextAdapter.class); - for (String column : columns) { - if ("tenant".equals(column)) { - requestContextAdapter.queryWrapperTenantAdapt(wrapper, tenant); - } else if ("workspace".equals(column)) { - requestContextAdapter.queryWrapperWorkspaceAdapt(wrapper, workspace); - } else { - wrapper.eq(column, v); - } - } - wrapper.last("LIMIT 1"); - Object objFromDB = baseMapper.selectOne(wrapper); - if (objFromDB == null) { - throwMonitorException("should exist.", field); - } - } catch (IllegalAccessException e) { - throwMonitorException(e.getMessage()); - } - } - - public void checkCreate(String tenant, String workspace) { - Field[] fields = this.getClass().getDeclaredFields(); - for (Field field : fields) { - CreateCheck checkAnnotation = field.getAnnotation(CreateCheck.class); - if (checkAnnotation != null) { - processField(field, checkAnnotation.value(), create, tenant, workspace); - } - } - } - - public void checkUpdate(String tenant, String workspace) { - Field[] fields = this.getClass().getDeclaredFields(); - for (Field field : fields) { - UpdateCheck updateAnnotation = field.getAnnotation(UpdateCheck.class); - if (updateAnnotation != null) { - processField(field, updateAnnotation.value(), update, tenant, workspace); - } - } - } - - protected void processField(Field field, CheckCategory[] categories, - SecurityMethodCategory methodCategory, String tenant, String workspace) { - if (categories == null) { - return; - } - for (CheckCategory category : categories) { - try { - field.setAccessible(true); - switch (category) { - case IS_NULL: - Object nullV = field.get(this); - if (nullV != null) { - throwMonitorException("should be empty.", field); - } - break; - case NOT_NULL: - Object notNullV = field.get(this); - if (notNullV == null) { - throwMonitorException("should not be empty.", field); - } - break; - case SQL_FIELD: - Object sqlFieldObj = field.get(this); - if (sqlFieldObj instanceof String) { - String sqlField = (String) sqlFieldObj; - if (StringUtils.isNotBlank(sqlField) && !ParaCheckUtil.sqlFieldCheck(sqlField)) { - throwMonitorException("invalid " + field.getName() - + ", please use a-z A-Z 0-9 Chinese - _ , . " + sqlField, field); - } - } - break; - case SQL_NAME: - Object sqlNameObj = field.get(this); - if (sqlNameObj instanceof String) { - String sqlName = (String) sqlNameObj; - if (StringUtils.isNotBlank(sqlName) && !ParaCheckUtil.sqlNameCheck(sqlName)) { - throwMonitorException("invalid " + field.getName() - + ", please use a-z A-Z 0-9 Chinese - _ , . spaces " + sqlName, field); - } - } - break; - case CUSTOM: - switch (methodCategory) { - case create: - customCheckCreate(field, tenant, workspace); - break; - case update: - customCheckUpdate(field, tenant, workspace); - break; - case query: - customCheckRead(field, tenant, workspace); - break; - } - } - } catch (IllegalAccessException e) { - throwMonitorException(e.getMessage()); - } - } - - } - - protected void throwMonitorException(String cause, Field field) { - throw new MonitorException("API_SECURITY fail to check " + field.getName() + " for " + cause); - } - - protected void throwMonitorException(String cause) { - throw new MonitorException("API_SECURITY fail to check for " + cause); - } -} diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/DataSource.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/DataSource.java index 36df1388f..b13f02446 100644 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/DataSource.java +++ b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/DataSource.java @@ -19,8 +19,6 @@ public class DataSource implements Serializable { private String product; // 产品 - private List position; - private String metric; // 监控项 private List groupBy; // 维度聚合 @@ -31,7 +29,5 @@ public class DataSource implements Serializable { private List filters; // 维度筛选 - private String fillType; // 数据补全逻辑 - private String aggregator; // 数据聚合函数 } diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/Trigger.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/Trigger.java index 19ee6193b..2aa6e177b 100644 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/Trigger.java +++ b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/trigger/Trigger.java @@ -45,8 +45,6 @@ public class Trigger { // compare config list private List compareConfigs; - private String triggerId; - // ai alert config private RuleConfig ruleConfig; diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/CreateCheck.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/CreateCheck.java deleted file mode 100644 index 62afed6af..000000000 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/CreateCheck.java +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.facade.utils; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @author masaimu - * @version 2023-12-06 16:21:00 - */ -@Target({ElementType.FIELD}) -@Retention(RetentionPolicy.RUNTIME) -public @interface CreateCheck { - CheckCategory[] value(); -} diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ExistCheck.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ExistCheck.java deleted file mode 100644 index 5612dee5b..000000000 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ExistCheck.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.facade.utils; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @author masaimu - * @version 2023-12-12 14:35:00 - */ -@Target({ElementType.FIELD}) -@Retention(RetentionPolicy.RUNTIME) -public @interface ExistCheck { - String[] column(); - - String mapper(); -} diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/FieldCheck.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/FieldCheck.java deleted file mode 100644 index 67ff0674f..000000000 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/FieldCheck.java +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.facade.utils; - -import java.lang.reflect.Field; - -/** - * @author masaimu - * @version 2023-12-06 17:41:00 - */ -public interface FieldCheck { - - void customCheckUpdate(Field field, String tenant, String workspace); - - void customCheckCreate(Field field, String tenant, String workspace); - - void customCheckRead(Field field, String tenant, String workspace); -} diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ParaCheckUtil.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ParaCheckUtil.java index fde36a847..02fd202bd 100644 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ParaCheckUtil.java +++ b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ParaCheckUtil.java @@ -18,10 +18,12 @@ */ public class ParaCheckUtil { + private static Pattern PATTERN_CN_SQL = + Pattern.compile("^[\\u00b7A-Za-z0-9\\u4e00-\\u9fa5\\u3000-\\u303f\\uFF0C\\-_ ,|:\\.]*$"); private static Pattern PATTERN_SQL = - Pattern.compile("^[\\u00b7A-Za-z0-9\\u4e00-\\u9fa5\\-_ ,\\.]*$"); + Pattern.compile("^[\\u00b7A-Za-z0-9\\u4e00-\\u9fa5\\-_ ,|:\\.]*$"); private static Pattern PATTERN_STRICT_SQL = - Pattern.compile("^[\\u00b7A-Za-z0-9\\u4e00-\\u9fa5\\-_, |:\\.]*$"); + Pattern.compile("^[\\u00b7A-Za-z0-9\\u4e00-\\u9fa5\\-_,|\\.]*$"); private static Pattern uniCodePattern = Pattern.compile("\\\\u[0-9a-f]{4}"); @@ -45,6 +47,17 @@ public static boolean sqlNameCheck(String param) { return false; } + public static boolean sqlCnNameCheck(String param) { + Matcher commonAllowed = PATTERN_CN_SQL.matcher(param); + if (commonAllowed.find()) { + if (!unicodeCheck(param)) { + return false; + } + return true; + } + return false; + } + public static boolean sqlFieldCheck(String param) { Matcher commonAllowed = PATTERN_STRICT_SQL.matcher(param); if (commonAllowed.find()) { diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ReadCheck.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ReadCheck.java deleted file mode 100644 index a0e182484..000000000 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ReadCheck.java +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.facade.utils; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @author masaimu - * @version 2023-12-12 11:14:00 - */ -@Target({ElementType.FIELD}) -@Retention(RetentionPolicy.RUNTIME) -public @interface ReadCheck { - CheckCategory[] value(); -} diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/UpdateCheck.java b/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/UpdateCheck.java deleted file mode 100644 index 708a8ab31..000000000 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/UpdateCheck.java +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.facade.utils; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @author masaimu - * @version 2023-12-06 17:10:00 - */ -@Target({ElementType.FIELD}) -@Retention(RetentionPolicy.RUNTIME) -public @interface UpdateCheck { - CheckCategory[] value(); -} diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/ApiSecurityFactory.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/ApiSecurityFactory.java deleted file mode 100644 index c5841a3f5..000000000 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/ApiSecurityFactory.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.web.common; - -import io.holoinsight.server.home.facade.ApiSecurity; -import io.holoinsight.server.home.facade.utils.SecurityMethodCategory; -import lombok.extern.slf4j.Slf4j; -import org.springframework.aop.framework.AopProxyUtils; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.stereotype.Component; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; - -import java.lang.reflect.Method; -import java.lang.reflect.Parameter; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * @author masaimu - * @version 2023-11-21 20:06:00 - */ -@Slf4j -@Component -public class ApiSecurityFactory implements BeanPostProcessor { - - public static final Map> createParameterMap = - new HashMap<>(); - public static final Map> updateParameterMap = - new HashMap<>(); - public static final Map> readParameterMap = - new HashMap<>(); - - - @Override - public Object postProcessBeforeInitialization(Object bean, String beanName) - throws BeansException { - final Class beanClass = AopProxyUtils.ultimateTargetClass(bean); - RestController restController = beanClass.getAnnotation(RestController.class); - if (restController != null) { - parseController(beanClass); - } - return bean; - } - - private void parseController(Class beanClass) { - RequestMapping requestMapping = beanClass.getAnnotation(RequestMapping.class); - if (requestMapping == null) { - return; - } - - String className = beanClass.getName(); - - Method[] methods = beanClass.getDeclaredMethods(); - for (Method method : methods) { - PostMapping postMapping = method.getAnnotation(PostMapping.class); - if (postMapping == null) { - continue; - } - String methodName = method.getName(); - String key = getFullMethodName(beanClass, method); - Parameter[] params = method.getParameters(); - for (Parameter parameter : params) { - SecurityResource securityResource = parameter.getAnnotation(SecurityResource.class); - if (securityResource == null) { - continue; - } - if (!ApiSecurity.class.isAssignableFrom(parameter.getType())) { - log.info("{} {} {} is not ApiSecurity", className, methodName, parameter.getName()); - continue; - } - SecurityMethodCategory m = securityResource.value(); - switch (m) { - case create: - log.info("ApiSecurityFactory init, add {} to createParameterMap", key); - List cl = - createParameterMap.computeIfAbsent(key, k -> new ArrayList<>()); - cl.add(parameter.getName()); - break; - case update: - log.info("ApiSecurityFactory init, add {} to updateParameterMap", key); - List ul = - updateParameterMap.computeIfAbsent(key, k -> new ArrayList<>()); - ul.add(parameter.getName()); - break; - case query: - log.info("ApiSecurityFactory init, add {} to readParameterMap", key); - List rl = - readParameterMap.computeIfAbsent(key, k -> new ArrayList<>()); - rl.add(parameter.getName()); - break; - } - } - - } - } - - public static String getFullMethodName(Class beanClass, Method method) { - String className = beanClass.getName(); - String methodName = method.getName(); - StringBuilder fullMethodName = new StringBuilder(className).append(".").append(methodName); - List paraNames = new ArrayList<>(); - - Class[] parameterTypes = method.getParameterTypes(); - for (Class paramType : parameterTypes) { - paraNames.add(paramType.getName()); - } - fullMethodName.append("(").append(String.join(",", paraNames)).append(")"); - return fullMethodName.toString(); - } -} diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/SecurityResource.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/SecurityResource.java deleted file mode 100644 index c5513fc08..000000000 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/common/SecurityResource.java +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. - */ -package io.holoinsight.server.home.web.common; - -import io.holoinsight.server.home.facade.utils.SecurityMethodCategory; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @author masaimu - * @version 2023-11-22 16:33:00 - */ -@Target({ElementType.PARAMETER}) -@Retention(RetentionPolicy.RUNTIME) -public @interface SecurityResource { - // create, update, select, delete - SecurityMethodCategory value(); -} diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmBlockFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmBlockFacadeImpl.java index 282c7fc25..dbfda7040 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmBlockFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmBlockFacadeImpl.java @@ -7,6 +7,7 @@ import io.holoinsight.server.common.JsonResult; import io.holoinsight.server.home.biz.service.AlertBlockService; import io.holoinsight.server.home.biz.service.UserOpLogService; +import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.common.util.scope.AuthTargetType; import io.holoinsight.server.home.common.util.scope.MonitorScope; import io.holoinsight.server.home.common.util.scope.MonitorUser; @@ -16,10 +17,9 @@ import io.holoinsight.server.home.dal.model.dto.AlarmBlockDTO; import io.holoinsight.server.home.facade.page.MonitorPageRequest; import io.holoinsight.server.home.facade.page.MonitorPageResult; -import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.web.common.ParaCheckUtil; -import io.holoinsight.server.home.web.common.SecurityResource; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; +import io.holoinsight.server.home.web.security.LevelAuthorizationAccess; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.DeleteMapping; @@ -33,9 +33,6 @@ import java.util.Date; -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.create; -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.update; - /** * @author wangsiyuan * @date 2022/4/1 10:27 上午 @@ -50,37 +47,38 @@ public class AlarmBlockFacadeImpl extends BaseFacade { @Autowired private UserOpLogService userOpLogService; + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!alarmBlockDTO"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmBlockFacadeImplChecker") @PostMapping("/create") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.EDIT) - public JsonResult save(@RequestBody @SecurityResource(create) AlarmBlockDTO alarmBlockDTO) { + public JsonResult save(@RequestBody AlarmBlockDTO alarmBlockDTO) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - check(alarmBlockDTO); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; + String tenant = tenant(); + String workspace = workspace(); MonitorUser mu = RequestContext.getContext().mu; if (null != mu) { alarmBlockDTO.setCreator(mu.getLoginName()); } - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - alarmBlockDTO.setTenant(ms.tenant); + if (StringUtils.isNotEmpty(tenant)) { + alarmBlockDTO.setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - alarmBlockDTO.setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + alarmBlockDTO.setWorkspace(workspace); } alarmBlockDTO.setGmtCreate(new Date()); alarmBlockDTO.setGmtModified(new Date()); Long id = alarmBlockService.save(alarmBlockDTO); - userOpLogService.append("alarm_block", id, OpType.CREATE, mu.getLoginName(), ms.getTenant(), - ms.getWorkspace(), J.toJson(alarmBlockDTO), null, null, "alarm_block_create"); + userOpLogService.append("alarm_block", id, OpType.CREATE, mu.getLoginName(), tenant, + workspace, J.toJson(alarmBlockDTO), null, null, "alarm_block_create"); JsonResult.createSuccessResult(result, id); } @@ -89,37 +87,36 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!alarmBlockDTO"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmBlockFacadeImplChecker") @PostMapping("/update") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.EDIT) - public JsonResult update( - @RequestBody @SecurityResource(update) AlarmBlockDTO alarmBlockDTO) { + public JsonResult update(@RequestBody AlarmBlockDTO alarmBlockDTO) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - check(alarmBlockDTO); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - AlarmBlockDTO item = - alarmBlockService.queryById(alarmBlockDTO.getId(), ms.getTenant(), ms.getWorkspace()); + String tenant = tenant(); + String workspace = workspace(); + AlarmBlockDTO item = alarmBlockService.queryById(alarmBlockDTO.getId(), tenant, workspace); MonitorUser mu = RequestContext.getContext().mu; if (null != mu) { alarmBlockDTO.setModifier(mu.getLoginName()); } - if (StringUtils.isNotBlank(ms.getWorkspace())) { - alarmBlockDTO.setWorkspace(ms.getWorkspace()); + if (StringUtils.isNotEmpty(workspace)) { + alarmBlockDTO.setWorkspace(workspace); } alarmBlockDTO.setGmtModified(new Date()); boolean save = alarmBlockService.updateById(alarmBlockDTO); userOpLogService.append("alarm_block", item.getId(), OpType.UPDATE, - RequestContext.getContext().mu.getLoginName(), ms.getTenant(), ms.getWorkspace(), - J.toJson(item), J.toJson(alarmBlockDTO), null, "alarm_block_update"); + RequestContext.getContext().mu.getLoginName(), tenant, workspace, J.toJson(item), + J.toJson(alarmBlockDTO), null, "alarm_block_update"); JsonResult.createSuccessResult(result, save); } @@ -128,6 +125,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!id"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmBlockFacadeImplChecker") @GetMapping("/query/{id}") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -135,14 +134,13 @@ public JsonResult queryById(@PathVariable("id") Long id) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(id, "id"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - AlarmBlockDTO save = alarmBlockService.queryById(id, ms.getTenant(), ms.getWorkspace()); + String tenant = tenant(); + String workspace = workspace(); + AlarmBlockDTO save = alarmBlockService.queryById(id, tenant, workspace); JsonResult.createSuccessResult(result, save); } }); @@ -150,28 +148,28 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!id"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmBlockFacadeImplChecker") @DeleteMapping(value = "/delete/{id}") @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.EDIT) public JsonResult deleteById(@PathVariable("id") Long id) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(id, "id"); - } + public void checkParameter() {} @Override public void doManage() { boolean rtn = false; - MonitorScope ms = RequestContext.getContext().ms; - AlarmBlockDTO alarmBlockDTO = - alarmBlockService.queryById(id, ms.getTenant(), ms.getWorkspace()); + String tenant = tenant(); + String workspace = workspace(); + AlarmBlockDTO alarmBlockDTO = alarmBlockService.queryById(id, tenant, workspace); if (alarmBlockDTO != null) { rtn = alarmBlockService.removeById(id); } userOpLogService.append("alarm_block", id, OpType.DELETE, - RequestContext.getContext().mu.getLoginName(), ms.getTenant(), ms.getWorkspace(), + RequestContext.getContext().mu.getLoginName(), tenant, workspace, J.toJson(alarmBlockDTO), null, null, "alarm_block_delete"); JsonResult.createSuccessResult(result, rtn); @@ -180,6 +178,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!pageRequest"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmBlockFacadeImplChecker") @PostMapping("/pageQuery") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -188,18 +188,17 @@ public JsonResult> pageQuery( final JsonResult> result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(pageRequest.getTarget(), "target"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - pageRequest.getTarget().setTenant(ms.tenant); + String tenant = tenant(); + String workspace = workspace(); + if (StringUtils.isNotEmpty(tenant)) { + pageRequest.getTarget().setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - pageRequest.getTarget().setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + pageRequest.getTarget().setWorkspace(workspace); } JsonResult.createSuccessResult(result, alarmBlockService.getListByPage(pageRequest)); } @@ -208,6 +207,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!ruleId"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmBlockFacadeImplChecker") @GetMapping("/queryByRuleId/{ruleId}") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -215,15 +216,11 @@ public JsonResult queryByRuleId(@PathVariable("ruleId") String ru final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(ruleId, "ruleId"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - AlarmBlockDTO save = - alarmBlockService.queryByRuleId(ruleId, ms.getTenant(), ms.getWorkspace()); + AlarmBlockDTO save = alarmBlockService.queryByRuleId(ruleId, tenant(), workspace()); JsonResult.createSuccessResult(result, save); } }); diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmDingDingRobotFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmDingDingRobotFacadeImpl.java index a381ad575..a501d5460 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmDingDingRobotFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmDingDingRobotFacadeImpl.java @@ -50,9 +50,6 @@ public class AlarmDingDingRobotFacadeImpl extends BaseFacade { @Autowired private UserOpLogService userOpLogService; - @Autowired - private RequestContextAdapter requestContextAdapter; - @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!alarmDingDingRobotDTO"}, levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmDingDingRobotFacadeImplChecker") @PostMapping("/create") diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryDetailFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryDetailFacadeImpl.java index e384d4b64..a53f85e53 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryDetailFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryDetailFacadeImpl.java @@ -5,21 +5,19 @@ import io.holoinsight.server.common.DateUtil; import io.holoinsight.server.common.J; +import io.holoinsight.server.common.JsonResult; import io.holoinsight.server.home.biz.service.AlarmHistoryDetailService; import io.holoinsight.server.home.common.service.query.QueryResponse; import io.holoinsight.server.home.common.service.query.Result; +import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.common.util.scope.AuthTargetType; -import io.holoinsight.server.home.common.util.scope.MonitorScope; import io.holoinsight.server.home.common.util.scope.PowerConstants; -import io.holoinsight.server.home.common.util.scope.RequestContext; import io.holoinsight.server.home.facade.AlarmHistoryDetailDTO; import io.holoinsight.server.home.facade.emuns.PeriodType; import io.holoinsight.server.home.facade.page.MonitorPageRequest; import io.holoinsight.server.home.facade.page.MonitorPageResult; -import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.web.common.ParaCheckUtil; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; -import io.holoinsight.server.common.JsonResult; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -64,12 +62,13 @@ public void checkParameter() { @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - pageRequest.getTarget().setTenant(ms.tenant); + String tenant = tenant(); + String workspace = workspace(); + if (StringUtils.isNotEmpty(tenant)) { + pageRequest.getTarget().setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - pageRequest.getTarget().setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + pageRequest.getTarget().setWorkspace(workspace); } JsonResult.createSuccessResult(result, alarmHistoryDetailService.getListByPage(pageRequest)); @@ -95,12 +94,13 @@ public void checkParameter() { @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - pageRequest.getTarget().setTenant(ms.tenant); + String tenant = tenant(); + String workspace = workspace(); + if (StringUtils.isEmpty(tenant)) { + pageRequest.getTarget().setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - pageRequest.getTarget().setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + pageRequest.getTarget().setWorkspace(workspace); } List> countMap = alarmHistoryDetailService.count(pageRequest); QueryResponse response = new QueryResponse(); diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryFacadeImpl.java index 89f70d574..e5ec96a35 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmHistoryFacadeImpl.java @@ -5,14 +5,12 @@ import io.holoinsight.server.common.JsonResult; import io.holoinsight.server.home.biz.service.AlarmHistoryService; +import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.common.util.scope.AuthTargetType; -import io.holoinsight.server.home.common.util.scope.MonitorScope; import io.holoinsight.server.home.common.util.scope.PowerConstants; -import io.holoinsight.server.home.common.util.scope.RequestContext; import io.holoinsight.server.home.facade.AlarmHistoryDTO; import io.holoinsight.server.home.facade.page.MonitorPageRequest; import io.holoinsight.server.home.facade.page.MonitorPageResult; -import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; import io.holoinsight.server.home.web.security.LevelAuthorizationAccess; import org.apache.commons.lang3.StringUtils; @@ -51,8 +49,7 @@ public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - AlarmHistoryDTO save = alarmHistoryService.queryById(id, ms.getTenant(), ms.getWorkspace()); + AlarmHistoryDTO save = alarmHistoryService.queryById(id, tenant(), workspace()); JsonResult.createSuccessResult(result, save); } }); @@ -73,10 +70,8 @@ public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; boolean rtn = false; - AlarmHistoryDTO alarmHistoryDTO = - alarmHistoryService.queryById(id, ms.getTenant(), ms.getWorkspace()); + AlarmHistoryDTO alarmHistoryDTO = alarmHistoryService.queryById(id, tenant(), workspace()); if (alarmHistoryDTO != null) { rtn = alarmHistoryService.deleteById(id); } @@ -102,13 +97,14 @@ public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - pageRequest.getTarget().setTenant(ms.tenant); + String tenant = tenant(); + String workspace = workspace(); + if (StringUtils.isNotEmpty(tenant)) { + pageRequest.getTarget().setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - pageRequest.getTarget().setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + pageRequest.getTarget().setWorkspace(workspace); } JsonResult.createSuccessResult(result, alarmHistoryService.getListByPage(pageRequest, pageRequest.getTarget().getUniqueIds())); diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImpl.java index e4dad884d..848c6a277 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImpl.java @@ -13,11 +13,10 @@ import io.holoinsight.server.home.biz.service.AlertRuleService; import io.holoinsight.server.home.biz.service.AlertSubscribeService; import io.holoinsight.server.home.biz.service.UserOpLogService; -import io.holoinsight.server.home.common.service.RequestContextAdapter; +import io.holoinsight.server.home.common.util.ManageCallback; import io.holoinsight.server.home.common.util.MonitorException; import io.holoinsight.server.home.common.util.scope.AuthTargetType; import io.holoinsight.server.home.common.util.scope.MonitorCookieUtil; -import io.holoinsight.server.home.common.util.scope.MonitorScope; import io.holoinsight.server.home.common.util.scope.MonitorUser; import io.holoinsight.server.home.common.util.scope.PowerConstants; import io.holoinsight.server.home.common.util.scope.RequestContext; @@ -33,13 +32,8 @@ import io.holoinsight.server.home.facade.AlarmRuleDTO; import io.holoinsight.server.home.facade.page.MonitorPageRequest; import io.holoinsight.server.home.facade.page.MonitorPageResult; -import io.holoinsight.server.home.common.util.ManageCallback; -import io.holoinsight.server.home.web.common.ParaCheckUtil; -import io.holoinsight.server.home.web.common.SecurityResource; import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth; -import io.holoinsight.server.home.web.security.CheckTypeEnum; import io.holoinsight.server.home.web.security.LevelAuthorizationAccess; -import io.holoinsight.server.home.web.security.ParameterSecurityService; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; @@ -64,8 +58,6 @@ import java.util.stream.Collectors; import static io.holoinsight.server.home.facade.AlarmRuleDTO.tryParseLink; -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.create; -import static io.holoinsight.server.home.facade.utils.SecurityMethodCategory.update; /** * @author wangsiyuan @@ -96,41 +88,33 @@ public class AlarmRuleFacadeImpl extends BaseFacade { @Resource protected AlarmRuleConverter alarmRuleConverter; - @Autowired - private RequestContextAdapter requestContextAdapter; - - @Autowired - private ParameterSecurityService parameterSecurityService; - @Value("${holoinsight.home.domain}") private String domain; @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!alarmRuleDTO"}, - contentContainer = "CUSTOM", checkType = CheckTypeEnum.CUSTOMCHECK, levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @PostMapping("/create") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.EDIT) - public JsonResult save(@RequestBody @SecurityResource(create) AlarmRuleDTO alarmRuleDTO) { + public JsonResult create(@RequestBody AlarmRuleDTO alarmRuleDTO) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - check(alarmRuleDTO); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; + String tenant = tenant(); + String workspace = workspace(); MonitorUser mu = RequestContext.getContext().mu; if (null != mu && StringUtils.isBlank(alarmRuleDTO.getCreator())) { alarmRuleDTO.setCreator(mu.getLoginName()); } - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - alarmRuleDTO.setTenant(ms.tenant); + if (StringUtils.isNotEmpty(tenant)) { + alarmRuleDTO.setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - alarmRuleDTO.setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + alarmRuleDTO.setWorkspace(workspace); } alarmRuleDTO.setGmtCreate(new Date()); alarmRuleDTO.setGmtModified(new Date()); @@ -143,8 +127,8 @@ public void doManage() { } Long id = alarmRuleService.save(alarmRuleDTO); - userOpLogService.append("alarm_rule", id, OpType.CREATE, mu.getLoginName(), ms.getTenant(), - ms.getWorkspace(), J.toJson(alarmRuleDTO), null, null, "alarm_rule_create"); + userOpLogService.append("alarm_rule", id, OpType.CREATE, mu.getLoginName(), tenant, + workspace, J.toJson(alarmRuleDTO), null, null, "alarm_rule_create"); JsonResult.createSuccessResult(result, id); } }); @@ -167,26 +151,21 @@ public static Map> getMetricPage() { } @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!alarmRuleDTO"}, - contentContainer = "CUSTOM", checkType = CheckTypeEnum.CUSTOMCHECK, - levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker", - contentTargetCollectClass = "") + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @PostMapping("/update") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.EDIT) - public JsonResult update( - @RequestBody @SecurityResource(update) AlarmRuleDTO alarmRuleDTO) { + public JsonResult update(@RequestBody AlarmRuleDTO alarmRuleDTO) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - check(alarmRuleDTO); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - AlarmRuleDTO item = - alarmRuleService.queryById(alarmRuleDTO.getId(), ms.getTenant(), ms.getWorkspace()); + String tenant = tenant(); + String workspace = workspace(); + AlarmRuleDTO item = alarmRuleService.queryById(alarmRuleDTO.getId(), tenant, workspace); if (null == item) { throw new MonitorException("cannot find record: " + alarmRuleDTO.getId()); @@ -201,8 +180,8 @@ public void doManage() { boolean save = alarmRuleService.updateById(alarmRuleDTO); userOpLogService.append("alarm_rule", alarmRuleDTO.getId(), OpType.UPDATE, - RequestContext.getContext().mu.getLoginName(), ms.getTenant(), ms.getWorkspace(), - J.toJson(item), J.toJson(alarmRuleDTO), null, "alarm_rule_update"); + RequestContext.getContext().mu.getLoginName(), tenant, workspace, J.toJson(item), + J.toJson(alarmRuleDTO), null, "alarm_rule_update"); JsonResult.createSuccessResult(result, save); } @@ -211,6 +190,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!id"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @GetMapping("/query/{id}") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -218,14 +199,13 @@ public JsonResult queryById(@PathVariable("id") Long id) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(id, "id"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - AlarmRuleDTO save = alarmRuleService.queryById(id, ms.getTenant(), ms.getWorkspace()); + String tenant = tenant(); + String workspace = workspace(); + AlarmRuleDTO save = alarmRuleService.queryById(id, tenant, workspace); JsonResult.createSuccessResult(result, save); } }); @@ -233,6 +213,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!ids"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @GetMapping("/queryByIds/{ids}") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -240,18 +222,17 @@ public JsonResult> queryByIds(@PathVariable("ids") String ids final JsonResult> result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(ids, "ids"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; + String tenant = tenant(); + String workspace = workspace(); List alarmRuleDTOS = new ArrayList<>(); String[] idArray = StringUtils.split(ids, ","); for (String id : idArray) { AlarmRuleDTO alarmRuleDTO = - alarmRuleService.queryById(Long.parseLong(id), ms.getTenant(), ms.getWorkspace()); + alarmRuleService.queryById(Long.parseLong(id), tenant, workspace); if (null == alarmRuleDTO) continue; alarmRuleDTOS.add(alarmRuleDTO); @@ -263,28 +244,29 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!id"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @DeleteMapping(value = "/delete/{id}") @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.EDIT) public JsonResult deleteById(@PathVariable("id") Long id) { final JsonResult result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(id, "id"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; + String tenant = tenant(); + String workspace = workspace(); boolean rtn = false; - AlarmRuleDTO alarmRule = alarmRuleService.queryById(id, ms.getTenant(), ms.getWorkspace()); + AlarmRuleDTO alarmRule = alarmRuleService.queryById(id, tenant, workspace); if (alarmRule != null) { rtn = alarmRuleService.deleteById(id); } userOpLogService.append("alarm_rule", id, OpType.DELETE, - RequestContext.getContext().mu.getLoginName(), ms.getTenant(), ms.getWorkspace(), - J.toJson(alarmRule), null, null, "alarm_rule_delete"); + RequestContext.getContext().mu.getLoginName(), tenant, workspace, J.toJson(alarmRule), + null, null, "alarm_rule_delete"); JsonResult.createSuccessResult(result, rtn); } @@ -292,6 +274,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!pageRequest"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @PostMapping("/pageQuery") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -300,18 +284,17 @@ public JsonResult> pageQuery( final JsonResult> result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(pageRequest.getTarget(), "target"); - } + public void checkParameter() {} @Override public void doManage() { - MonitorScope ms = RequestContext.getContext().ms; - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - pageRequest.getTarget().setTenant(ms.tenant); + String tenant = tenant(); + String workspace = workspace(); + if (StringUtils.isNotEmpty(tenant)) { + pageRequest.getTarget().setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - pageRequest.getTarget().setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + pageRequest.getTarget().setWorkspace(workspace); } JsonResult.createSuccessResult(result, alarmRuleService.getListByPage(pageRequest)); } @@ -320,6 +303,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!req"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @GetMapping(value = "/querySubscribeList") @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) public JsonResult> querySubscribeList( @@ -331,17 +316,19 @@ public void checkParameter() {} @Override public void doManage() { + String tenant = tenant(); + String workspace = workspace(); boolean myself = StringUtils.equals(req, "true"); Map map = new HashMap<>(); - List byIds = getRuleListBySubscribe(myself); + List byIds = getRuleListBySubscribe(myself, tenant, workspace); if (!CollectionUtils.isEmpty(byIds)) { byIds.forEach(byId -> { map.put(byId.getId(), byId); }); } - List byGroups = getRuleListByGroup(myself); + List byGroups = getRuleListByGroup(myself, tenant, workspace); if (!CollectionUtils.isEmpty(byGroups)) { byGroups.forEach(byGroup -> { map.put(byGroup.getId(), byGroup); @@ -355,6 +342,8 @@ public void doManage() { return result; } + @LevelAuthorizationAccess(paramConfigs = {"PARAMETER" + ":$!req", "PARAMETER" + ":$!pageRequest"}, + levelAuthorizationCheckeClass = "io.holoinsight.server.home.web.security.custom.AlarmRuleLevelAuthorizationChecker") @PostMapping(value = "/querySubAlarmHistory") @ResponseBody @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW) @@ -364,35 +353,35 @@ public JsonResult> querySubAlarmHistory( final JsonResult> result = new JsonResult<>(); facadeTemplate.manage(result, new ManageCallback() { @Override - public void checkParameter() { - ParaCheckUtil.checkParaNotNull(pageRequest.getTarget(), "target"); - } + public void checkParameter() {} @Override public void doManage() { + String tenant = tenant(); + String workspace = workspace(); boolean myself = StringUtils.equals(req, "true"); List alarmRuleDTOS = new ArrayList<>(); - List byIds = getRuleListBySubscribe(myself); + List byIds = getRuleListBySubscribe(myself, tenant, workspace); if (!CollectionUtils.isEmpty(byIds)) { alarmRuleDTOS.addAll(byIds); } - List byGroups = getRuleListByGroup(myself); + List byGroups = getRuleListByGroup(myself, tenant, workspace); if (!CollectionUtils.isEmpty(byGroups)) { alarmRuleDTOS.addAll(byGroups); } - if (CollectionUtils.isEmpty(alarmRuleDTOS)) + if (CollectionUtils.isEmpty(alarmRuleDTOS)) { return; + } - MonitorScope ms = RequestContext.getContext().ms; - if (null != ms && !StringUtils.isEmpty(ms.tenant)) { - pageRequest.getTarget().setTenant(ms.tenant); + if (StringUtils.isNotEmpty(tenant)) { + pageRequest.getTarget().setTenant(tenant); } - if (null != ms && !StringUtils.isEmpty(ms.workspace)) { - pageRequest.getTarget().setWorkspace(ms.workspace); + if (StringUtils.isNotEmpty(workspace)) { + pageRequest.getTarget().setWorkspace(workspace); } List uniqueIds = alarmRuleDTOS.stream() @@ -409,8 +398,7 @@ public void doManage() { return result; } - protected List getRuleListByGroup(boolean myself) { - RequestContext.getContext(); + protected List getRuleListByGroup(boolean myself, String tenant, String workspace) { String userId = RequestContext.getContext().mu.getUserId(); List listByUserLike = alarmGroupService.getListByUserLike(userId, MonitorCookieUtil.getTenantOrException()); @@ -423,8 +411,7 @@ protected List getRuleListByGroup(boolean myself) { QueryWrapper alarmSubscribeQueryWrapper = new QueryWrapper<>(); alarmSubscribeQueryWrapper.eq("group_id", alarmGroupDTO.getId()); - requestContextAdapter.queryWrapperTenantAdapt(alarmSubscribeQueryWrapper, - MonitorCookieUtil.getTenantOrException(), requestContextAdapter.getWorkspace(false)); + requestContextAdapter.queryWrapperTenantAdapt(alarmSubscribeQueryWrapper, tenant, workspace); List alarmSubscribeInfos = alarmSubscribeService.queryByMap(alarmSubscribeQueryWrapper); @@ -462,14 +449,14 @@ protected List getRuleListByGroup(boolean myself) { } - protected List getRuleListBySubscribe(boolean myself) { + protected List getRuleListBySubscribe(boolean myself, String tenant, + String workspace) { RequestContext.getContext(); String userId = RequestContext.getContext().mu.getUserId(); QueryWrapper alarmSubscribeQueryWrapper = new QueryWrapper<>(); alarmSubscribeQueryWrapper.eq("subscriber", userId); - requestContextAdapter.queryWrapperTenantAdapt(alarmSubscribeQueryWrapper, - MonitorCookieUtil.getTenantOrException(), requestContextAdapter.getWorkspace(false)); + requestContextAdapter.queryWrapperTenantAdapt(alarmSubscribeQueryWrapper, tenant, workspace); List alarmSubscribeInfos = alarmSubscribeService.queryByMap(alarmSubscribeQueryWrapper); diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/BaseFacade.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/BaseFacade.java index 59f11a5bc..1835288c3 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/BaseFacade.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/controller/BaseFacade.java @@ -4,11 +4,9 @@ package io.holoinsight.server.home.web.controller; import io.holoinsight.server.common.JsonResult; -import io.holoinsight.server.home.common.util.scope.MonitorScope; -import io.holoinsight.server.home.common.util.scope.RequestContext; -import io.holoinsight.server.home.facade.ApiSecurity; -import io.holoinsight.server.home.web.common.ApiSecurityFactory; +import io.holoinsight.server.home.common.service.RequestContextAdapter; import io.holoinsight.server.home.common.util.FacadeTemplate; +import io.holoinsight.server.home.common.util.scope.RequestContext; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.time.FastDateFormat; @@ -21,7 +19,6 @@ import org.springframework.web.bind.annotation.InitBinder; import java.beans.PropertyEditorSupport; -import java.lang.reflect.Method; import java.util.Date; import java.util.UUID; @@ -36,6 +33,8 @@ public class BaseFacade { @Autowired public FacadeTemplate facadeTemplate; + @Autowired + protected RequestContextAdapter requestContextAdapter; private static DatePropertyEditorSupport dateEditorSupport = new DatePropertyEditorSupport(); @@ -95,38 +94,20 @@ else if (length == FORMAT2.length()) { } - protected void check(ApiSecurity securityParam) { - StackTraceElement[] stackTraceElements = Thread.currentThread().getStackTrace(); - Class clazz = getClass(); - for (StackTraceElement element : stackTraceElements) { - String stackMethodName = String.join(".", element.getClassName(), element.getMethodName()); - log.info("[API_SECURITY] try to look for {} ", stackMethodName); - MonitorScope ms = RequestContext.getContext().ms; - for (Method m : clazz.getMethods()) { - String reflectedMethodName = String.join(".", clazz.getName(), m.getName()); - if (!StringUtils.equals(reflectedMethodName, stackMethodName)) { - continue; - } - String fullMethodName = ApiSecurityFactory.getFullMethodName(clazz, m); - log.info("[API_SECURITY] begin to check {}", fullMethodName); - if (ApiSecurityFactory.createParameterMap.containsKey(fullMethodName)) { - log.info("[API_SECURITY] check create method {}", fullMethodName); - securityParam.checkCreate(ms.getTenant(), ms.getWorkspace()); - } - if (ApiSecurityFactory.updateParameterMap.containsKey(fullMethodName)) { - log.info("[API_SECURITY] check update method {}", fullMethodName); - securityParam.checkUpdate(ms.getTenant(), ms.getWorkspace()); - } - if (ApiSecurityFactory.readParameterMap.containsKey(fullMethodName)) { - log.info("[API_SECURITY] check read method {}", fullMethodName); - securityParam.checkRead(ms.getTenant(), ms.getWorkspace()); - } - } - } - } - protected String createUuid() { return UUID.randomUUID().toString().replace("-", ""); } + protected String tenant() { + return this.requestContextAdapter.getTenantFromContext(RequestContext.getContext()); + } + + protected String workspace() { + return this.requestContextAdapter.getWorkspaceFromContext(RequestContext.getContext()); + } + + protected String simpleWorkspace() { + return this.requestContextAdapter.getSimpleWorkspaceFromContext(RequestContext.getContext()); + } + } diff --git a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ApiSecurityService.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityService.java similarity index 93% rename from server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ApiSecurityService.java rename to server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityService.java index 6428eac88..6565a7f5b 100644 --- a/server/home/home-facade/src/main/java/io/holoinsight/server/home/facade/utils/ApiSecurityService.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityService.java @@ -1,7 +1,7 @@ /* * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. */ -package io.holoinsight.server.home.facade.utils; +package io.holoinsight.server.home.web.security; import io.holoinsight.server.common.dao.entity.MetricInfo; diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityServiceImpl.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityServiceImpl.java index ec78ec088..07054fb9c 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityServiceImpl.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/ApiSecurityServiceImpl.java @@ -6,7 +6,6 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import io.holoinsight.server.common.dao.entity.MetricInfo; import io.holoinsight.server.common.dao.mapper.MetricInfoMapper; -import io.holoinsight.server.home.facade.utils.ApiSecurityService; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheck.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheck.java index e2c4359d0..0267bea12 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheck.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheck.java @@ -13,7 +13,7 @@ */ public interface LevelAuthorizationCheck { - public boolean check(LevelAuthorizationMetaData levelAuthMetaData, + LevelAuthorizationCheckResult check(LevelAuthorizationMetaData levelAuthMetaData, MethodInvocation methodInvocation); default boolean checkSqlField(String sqlField) { diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckException.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckException.java index 0ec799482..d03eef945 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckException.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckException.java @@ -10,6 +10,6 @@ public class LevelAuthorizationCheckException extends RuntimeException { public LevelAuthorizationCheckException(String message) { - super("SecurityCheckFailed:" + message); + super("SecurityCheckFailed: " + message); } } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckResult.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckResult.java new file mode 100644 index 000000000..beaadfd96 --- /dev/null +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationCheckResult.java @@ -0,0 +1,36 @@ +/* + * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. + */ +package io.holoinsight.server.home.web.security; + +import lombok.Data; + +/** + * @author masaimu + * @version 2024-03-25 17:29:00 + */ +@Data +public class LevelAuthorizationCheckResult { + private boolean success; + private String errorMsg; + + public static LevelAuthorizationCheckResult successCheckResult() { + LevelAuthorizationCheckResult checkResult = new LevelAuthorizationCheckResult(); + checkResult.setSuccess(true); + return checkResult; + } + + public static LevelAuthorizationCheckResult failCheckResult(String errorMsg) { + LevelAuthorizationCheckResult checkResult = new LevelAuthorizationCheckResult(); + checkResult.setSuccess(false); + checkResult.setErrorMsg(errorMsg); + return checkResult; + } + + public static LevelAuthorizationCheckResult failCheckResult(String format, Object... args) { + LevelAuthorizationCheckResult checkResult = new LevelAuthorizationCheckResult(); + checkResult.setSuccess(false); + checkResult.setErrorMsg(String.format(format, args)); + return checkResult; + } +} diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationDecisionManager.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationDecisionManager.java index f760dae93..acb72dd8a 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationDecisionManager.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/LevelAuthorizationDecisionManager.java @@ -134,11 +134,14 @@ public void singleDecide(LevelAuthorizationMetaData levelAuthMetaData, } if (StringUtils.equals(levelAuthorizationCheck.getClass().getName(), levelAuthMetaData.getLevelAuthorizationCheckeClass())) { - if (!levelAuthorizationCheck.check(levelAuthMetaData, methodInvocation)) { + LevelAuthorizationCheckResult checkResult = + levelAuthorizationCheck.check(levelAuthMetaData, methodInvocation); + if (!checkResult.isSuccess()) { // 抛异常 formatError(log, "LevelAuthorizationDecisionManager", "decide", "SecurityDecideFailed", - "pass=false", "Custom levelauthorization checker find risk, need to be blocked!"); - throw new LevelAuthorizationCheckException("security check failed!"); + "pass=false", "Custom levelauthorization checker find risk, need to be blocked! " + + checkResult.getErrorMsg()); + throw new LevelAuthorizationCheckException(checkResult.getErrorMsg()); } } } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractQueryChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractQueryChecker.java new file mode 100644 index 000000000..65e169f28 --- /dev/null +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractQueryChecker.java @@ -0,0 +1,107 @@ +/* + * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. + */ +package io.holoinsight.server.home.web.security.custom; + +import io.holoinsight.server.common.J; +import io.holoinsight.server.common.model.DataQueryRequest; +import io.holoinsight.server.home.facade.trigger.Filter; +import io.holoinsight.server.home.web.security.ApiSecurityService; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; + +/** + * @author masaimu + * @version 2024-02-28 18:39:00 + */ +public abstract class AbstractQueryChecker implements LevelAuthorizationCheck { + + @Autowired + protected ApiSecurityService apiSecurityService; + + protected LevelAuthorizationCheckResult checkMetricTableWithAlarmFilter(String metricTable, + String tenant, String workspace, List filters) { + if (!checkSqlField(metricTable)) { + return failCheckResult("invalid sql field for metric %s", metricTable); + } + if (apiSecurityService.isGlobalMetric(metricTable)) { + boolean result = apiSecurityService.checkFilter(metricTable, + getFilterMapFromAlarmFilter(filters), tenant, workspace); + if (!result) { + return failCheckResult("fail to check global metric %s with filters %s", metricTable, + J.toJson(filters)); + } + } else { + boolean result = + apiSecurityService.checkMetricTenantAndWorkspace(metricTable, tenant, workspace); + if (!result) { + return failCheckResult("fail to check metric %s with tenant %s workspace %s", metricTable, + tenant, workspace); + } + } + return successCheckResult(); + } + + protected boolean checkMetricTableWithQueryFilter(String metricTable, String tenant, + String workspace, List filters) { + if (!checkSqlField(metricTable)) { + return false; + } + if (apiSecurityService.isGlobalMetric(metricTable)) { + return apiSecurityService.checkFilter(metricTable, getFilterMap(filters), tenant, workspace); + } else { + return apiSecurityService.checkMetricTenantAndWorkspace(metricTable, tenant, workspace); + } + } + + protected Map> getFilterMap(List filters) { + Map> filterMap = new HashMap<>(); + if (CollectionUtils.isEmpty(filters)) { + return filterMap; + } + for (DataQueryRequest.QueryFilter filter : filters) { + String type = filter.getType(); + List values = filterMap.computeIfAbsent(filter.getName(), k -> new ArrayList<>()); + switch (type) { + case "literal_or": + values.addAll(Arrays.asList(filter.getValue().split("\\|"))); + break; + case "literal": + values.add(filter.getValue()); + break; + } + } + return filterMap; + } + + private Map> getFilterMapFromAlarmFilter(List filters) { + Map> filterMap = new HashMap<>(); + if (CollectionUtils.isEmpty(filters)) { + return filterMap; + } + for (Filter filter : filters) { + String type = filter.getType(); + List values = filterMap.computeIfAbsent(filter.getName(), k -> new ArrayList<>()); + switch (type) { + case "literal_or": + values.addAll(Arrays.asList(filter.getValue().split("\\|"))); + break; + case "literal": + values.add(filter.getValue()); + break; + } + } + return filterMap; + } +} diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java index e775f25e7..3d91748cd 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java @@ -4,34 +4,38 @@ package io.holoinsight.server.home.web.security.custom; import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.util.CollectionUtils; import java.util.List; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; + /** * @author masaimu * @version 2024-02-07 17:29:00 */ -@Slf4j -public abstract class AbstractResourceChecker implements LevelAuthorizationCheck { +public interface AbstractResourceChecker { - protected boolean checkIdNotNull(List parameters) { + default LevelAuthorizationCheckResult checkIdNotNull(List parameters) { if (CollectionUtils.isEmpty(parameters) || !StringUtils.isNumeric(parameters.get(0))) { - log.error("parameters {} is empty or is not numeric.", parameters); - return false; + return failCheckResult("parameters %s is empty or is not numeric.", parameters); } - return true; + return successCheckResult(); } - protected boolean checkIdExists(List parameters, String tenant, String workspace) { - if (!checkIdNotNull(parameters)) { - return false; + default LevelAuthorizationCheckResult checkIdExists(List parameters, String tenant, + String workspace) { + LevelAuthorizationCheckResult checkResult = checkIdNotNull(parameters); + if (!checkResult.isSuccess()) { + return checkResult; } Long id = Long.parseLong(parameters.get(0)); return checkIdExists(id, tenant, workspace); } - abstract boolean checkIdExists(Long id, String tenant, String workspace); + LevelAuthorizationCheckResult checkIdExists(Long id, String tenant, String workspace); } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmBlockFacadeImplChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmBlockFacadeImplChecker.java new file mode 100644 index 000000000..54e7a6aff --- /dev/null +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmBlockFacadeImplChecker.java @@ -0,0 +1,213 @@ +/* + * Copyright 2022 Holoinsight Project Authors. Licensed under Apache-2.0. + */ +package io.holoinsight.server.home.web.security.custom; + +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.google.common.reflect.TypeToken; +import io.holoinsight.server.common.J; +import io.holoinsight.server.home.common.service.RequestContextAdapter; +import io.holoinsight.server.home.common.util.scope.RequestContext; +import io.holoinsight.server.home.dal.mapper.AlarmBlockMapper; +import io.holoinsight.server.home.dal.mapper.AlarmRuleMapper; +import io.holoinsight.server.home.dal.model.AlarmBlock; +import io.holoinsight.server.home.dal.model.AlarmRule; +import io.holoinsight.server.home.dal.model.dto.AlarmBlockDTO; +import io.holoinsight.server.home.facade.page.MonitorPageRequest; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; +import io.holoinsight.server.home.web.security.LevelAuthorizationMetaData; +import lombok.extern.slf4j.Slf4j; +import org.aopalliance.intercept.MethodInvocation; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; + +import javax.annotation.Resource; +import java.util.List; +import java.util.Map; + +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; + +/** + * @author masaimu + * @version 2024-03-26 21:05:00 + */ +@Slf4j +@Service +public class AlarmBlockFacadeImplChecker + implements AbstractResourceChecker, LevelAuthorizationCheck { + + @Autowired + private RequestContextAdapter requestContextAdapter; + @Resource + private AlarmBlockMapper alarmBlockMapper; + @Resource + private AlarmRuleMapper alarmRuleMapper; + + @Override + public LevelAuthorizationCheckResult check(LevelAuthorizationMetaData levelAuthMetaData, + MethodInvocation methodInvocation) { + RequestContext.Context context = RequestContext.getContext(); + String workspace = this.requestContextAdapter.getWorkspaceFromContext(context); + String tenant = this.requestContextAdapter.getTenantFromContext(context); + + List parameters = levelAuthMetaData.getParameters(); + String methodName = methodInvocation.getMethod().getName(); + return checkParameters(methodName, parameters, tenant, workspace); + } + + private LevelAuthorizationCheckResult checkParameters(String methodName, List parameters, + String tenant, String workspace) { + switch (methodName) { + case "create": + case "update": + return checkAlarmBlockDTO(methodName, parameters, tenant, workspace); + case "queryById": + case "deleteById": + return checkIdExists(parameters, tenant, workspace); + case "pageQuery": + return checkPageRequest(methodName, parameters, tenant, workspace); + case "queryByRuleId": + return checkQueryByRuleId(methodName, parameters, tenant, workspace); + default: + return successCheckResult(); + } + } + + private LevelAuthorizationCheckResult checkPageRequest(String methodName, List parameters, + String tenant, String workspace) { + if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { + return failCheckResult("parameters is empty"); + } + String parameter = parameters.get(0); + MonitorPageRequest pageRequest = + J.fromJson(parameter, new TypeToken>() {}.getType()); + + if (pageRequest.getFrom() != null && pageRequest.getTo() != null) { + if (pageRequest.getFrom() > pageRequest.getTo()) { + return failCheckResult("fail to check time range for start %d larger than end %d", + pageRequest.getFrom(), pageRequest.getTo()); + } + } + + AlarmBlockDTO target = pageRequest.getTarget(); + if (target == null) { + return failCheckResult("fail to check target, target can not be null"); + } + return checkAlarmBlockDTO(methodName, target, tenant, workspace); + } + + private LevelAuthorizationCheckResult checkQueryByRuleId(String methodName, + List parameters, String tenant, String workspace) { + if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { + return failCheckResult("parameters is empty"); + } + String ruleId = J.fromJson(parameters.get(0), String.class); + if (!checkUniqueId(ruleId, tenant, workspace)) { + return failCheckResult("ruleId %s no exists for tenant %s workspace %s.", ruleId, tenant, + workspace); + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkAlarmBlockDTO(String methodName, + List parameters, String tenant, String workspace) { + if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { + return failCheckResult("parameters is empty"); + } + log.info("checkParameters {} parameter {}", methodName, parameters.get(0)); + AlarmBlockDTO alarmBlockDTO = J.fromJson(parameters.get(0), AlarmBlockDTO.class); + return checkAlarmBlockDTO(methodName, alarmBlockDTO, tenant, workspace); + } + + private LevelAuthorizationCheckResult checkAlarmBlockDTO(String methodName, + AlarmBlockDTO alarmBlockDTO, String tenant, String workspace) { + if (methodName.equals("create")) { + if (alarmBlockDTO.getId() != null) { + return failCheckResult("fail to check %s for id is not null", methodName); + } + } + + if (methodName.equals("update")) { + if (alarmBlockDTO.getId() == null) { + return failCheckResult("fail to check %s for id is null", methodName); + } + LevelAuthorizationCheckResult updateCheckResult = + checkIdExists(alarmBlockDTO.getId(), tenant, workspace); + if (!updateCheckResult.isSuccess()) { + return updateCheckResult; + } + } + + if (StringUtils.isNotEmpty(alarmBlockDTO.getExtra())) { + return failCheckResult("extra should be empty"); + } + if (StringUtils.isNotEmpty(alarmBlockDTO.getTags()) && !checkTags(alarmBlockDTO.getTags())) { + return failCheckResult("invalid tags %s", alarmBlockDTO.getTags()); + } + if (StringUtils.isNotEmpty(alarmBlockDTO.getTenant()) + && !StringUtils.equals(alarmBlockDTO.getTenant(), tenant)) { + return failCheckResult("invalid tenant %s, real tenant %s", alarmBlockDTO.getTenant(), + tenant); + } + if (StringUtils.isNotEmpty(alarmBlockDTO.getWorkspace()) + && !StringUtils.equals(alarmBlockDTO.getWorkspace(), workspace)) { + return failCheckResult("invalid workspace %s, real workspace %s", + alarmBlockDTO.getWorkspace(), workspace); + } + if (StringUtils.isNotEmpty(alarmBlockDTO.getReason())) { + return failCheckResult("reason should be empty"); + } + if (StringUtils.isNotEmpty(alarmBlockDTO.getUniqueId()) + && !checkUniqueId(alarmBlockDTO.getUniqueId(), tenant, workspace)) { + return failCheckResult("invalid uniqueId %s", alarmBlockDTO.getUniqueId()); + } + return successCheckResult(); + } + + private boolean checkUniqueId(String uniqueId, String tenant, String workspace) { + String[] arr = uniqueId.split("_", 2); + QueryWrapper queryWrapper = new QueryWrapper<>(); + queryWrapper.eq("rule_type", arr[0]); + queryWrapper.eq("id", Long.parseLong(arr[1])); + requestContextAdapter.queryWrapperTenantAdapt(queryWrapper, tenant, workspace); + List rules = this.alarmRuleMapper.selectList(queryWrapper); + if (CollectionUtils.isEmpty(rules)) { + return false; + } + return true; + } + + private boolean checkTags(String tags) { + if (StringUtils.isEmpty(tags)) { + return true; + } + try { + Map tagMap = + J.fromJson(tags, new TypeToken>() {}.getType()); + for (Map.Entry entry : tagMap.entrySet()) { + if (!checkSqlField(entry.getKey()) || !checkSqlField(entry.getValue())) { + return false; + } + } + } catch (Exception e) { + return false; + } + return true; + } + + @Override + public LevelAuthorizationCheckResult checkIdExists(Long id, String tenant, String workspace) { + QueryWrapper queryWrapper = new QueryWrapper<>(); + queryWrapper.eq("id", id); + this.requestContextAdapter.queryWrapperTenantAdapt(queryWrapper, tenant, workspace); + List exist = this.alarmBlockMapper.selectList(queryWrapper); + if (CollectionUtils.isEmpty(exist)) { + return failCheckResult("fail to check id for no existed %d %s %s", id, tenant, workspace); + } + return successCheckResult(); + } +} diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java index 2fdacf6df..db207f9c3 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java @@ -14,6 +14,8 @@ import io.holoinsight.server.home.dal.model.AlarmDingDingRobot; import io.holoinsight.server.home.dal.model.dto.AlarmDingDingRobotDTO; import io.holoinsight.server.home.facade.page.MonitorPageRequest; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; import io.holoinsight.server.home.web.security.LevelAuthorizationMetaData; import io.holoinsight.server.home.web.security.ParameterSecurityService; import lombok.extern.slf4j.Slf4j; @@ -27,6 +29,8 @@ import java.util.Map; import static io.holoinsight.server.home.web.controller.AlarmDingDingRobotFacadeImpl.dingdingUrlPrefix; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; /** * @author masaimu @@ -34,7 +38,8 @@ */ @Slf4j @Service -public class AlarmDingDingRobotFacadeImplChecker extends AbstractResourceChecker { +public class AlarmDingDingRobotFacadeImplChecker + implements AbstractResourceChecker, LevelAuthorizationCheck { @Autowired private AlarmDingDingRobotMapper alarmDingDingRobotMapper; @@ -45,7 +50,7 @@ public class AlarmDingDingRobotFacadeImplChecker extends AbstractResourceChecker private RequestContextAdapter requestContextAdapter; @Override - public boolean check(LevelAuthorizationMetaData levelAuthMetaData, + public LevelAuthorizationCheckResult check(LevelAuthorizationMetaData levelAuthMetaData, MethodInvocation methodInvocation) { MonitorScope ms = RequestContext.getContext().ms; String workspace = this.requestContextAdapter.getWorkspace(true); @@ -56,8 +61,8 @@ public boolean check(LevelAuthorizationMetaData levelAuthMetaData, return checkParameters(methodName, parameters, tenant, workspace); } - private boolean checkParameters(String methodName, List parameters, String tenant, - String workspace) { + private LevelAuthorizationCheckResult checkParameters(String methodName, List parameters, + String tenant, String workspace) { switch (methodName) { case "create": case "update": @@ -69,16 +74,16 @@ private boolean checkParameters(String methodName, List parameters, Stri case "pageQuery": return checkPageRequest(methodName, parameters, tenant, workspace); default: - return true; + return successCheckResult(); } } - private boolean checkPageRequest(String methodName, List parameters, String tenant, - String workspace) { + private LevelAuthorizationCheckResult checkPageRequest(String methodName, List parameters, + String tenant, String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { - return false; + return failCheckResult("parameters is empty"); } String parameter = parameters.get(0); MonitorPageRequest pageRequest = J.fromJson(parameter, @@ -86,95 +91,86 @@ private boolean checkPageRequest(String methodName, List parameters, Str if (pageRequest.getFrom() != null && pageRequest.getTo() != null) { if (pageRequest.getFrom() > pageRequest.getTo()) { - log.error("fail to check time range for start {} larger than end {}", pageRequest.getFrom(), - pageRequest.getTo()); - return false; + return failCheckResult("fail to check time range for start %d larger than end %d", + pageRequest.getFrom(), pageRequest.getTo()); } } AlarmDingDingRobotDTO target = pageRequest.getTarget(); if (target == null) { - log.error("fail to check target, target can not be null"); - return false; + return failCheckResult("fail to check target, target can not be null"); } return checkAlarmDingDingRobotDTO(methodName, target, tenant, workspace); } - - - private boolean checkAlarmDingDingRobotDTO(String methodName, List parameters, - String tenant, String workspace) { + private LevelAuthorizationCheckResult checkAlarmDingDingRobotDTO(String methodName, + List parameters, String tenant, String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { - return false; + return failCheckResult("parameters is empty"); } log.info("checkParameters {} parameter {}", methodName, parameters.get(0)); AlarmDingDingRobotDTO dto = J.fromJson(parameters.get(0), AlarmDingDingRobotDTO.class); return checkAlarmDingDingRobotDTO(methodName, dto, tenant, workspace); } - private boolean checkAlarmDingDingRobotDTO(String methodName, AlarmDingDingRobotDTO dto, - String tenant, String workspace) { + private LevelAuthorizationCheckResult checkAlarmDingDingRobotDTO(String methodName, + AlarmDingDingRobotDTO dto, String tenant, String workspace) { if (methodName.equals("create")) { if (dto.getId() != null) { - log.error("fail to check {} for id is not null", methodName); - return false; + return failCheckResult("fail to check %s for id is not null", methodName); } if (StringUtils.isBlank(dto.getGroupName())) { - log.error("group name can not be blank."); - return false; + return failCheckResult("group name can not be blank."); } } if (methodName.equals("update")) { if (dto.getId() == null) { - log.error("fail to check {} for id is null", methodName); - return false; + return failCheckResult("fail to check %s for id is null", methodName); } - if (!checkIdExists(dto.getId(), tenant, workspace)) { - return false; + LevelAuthorizationCheckResult checkResult = checkIdExists(dto.getId(), tenant, workspace); + if (!checkResult.isSuccess()) { + return checkResult; } } if (StringUtils.isNotEmpty(dto.getRobotUrl()) && !dto.getRobotUrl().startsWith(dingdingUrlPrefix)) { - log.error("invalid robotUrl {}", dto.getRobotUrl()); - return false; + return failCheckResult("invalid robotUrl %s", dto.getRobotUrl()); } if (StringUtils.isNotEmpty(dto.getCreator()) && !checkSqlField(dto.getCreator())) { - log.error("fail to check {} for invalid creator {}", methodName, dto.getCreator()); - return false; + return failCheckResult("fail to check %s for invalid creator %s", methodName, + dto.getCreator()); } if (StringUtils.isNotEmpty(dto.getModifier()) && !checkSqlField(dto.getModifier())) { - log.error("fail to check {} for invalid modifier {}", methodName, dto.getModifier()); - return false; + return failCheckResult("fail to check %s for invalid modifier %s", methodName, + dto.getModifier()); } - if (StringUtils.isNotEmpty(dto.getGroupName()) && !checkSqlField(dto.getGroupName())) { - log.error("fail to check {} for invalid group name {}", methodName, dto.getGroupName()); - return false; + if (StringUtils.isNotEmpty(dto.getGroupName()) && !checkSqlName(dto.getGroupName())) { + return failCheckResult("fail to check %s for invalid group name %s", methodName, + dto.getGroupName()); } if (StringUtils.isNotEmpty(dto.getTenant()) && !StringUtils.equals(dto.getTenant(), tenant)) { - log.error("fail to check {} for invalid tenant {} for valid tenant {}", methodName, - dto.getTenant(), tenant); - return false; + return failCheckResult("fail to check %s for invalid tenant %s for valid tenant %s", + methodName, dto.getTenant(), tenant); } if (StringUtils.isNotEmpty(dto.getWorkspace()) && !StringUtils.equals(dto.getWorkspace(), workspace)) { - log.error("fail to check {} for invalid workspace {} for valid workspace {}", methodName, - dto.getWorkspace(), workspace); - return false; + return failCheckResult("fail to check %s for invalid workspace %s for valid workspace %s", + methodName, dto.getWorkspace(), workspace); } if (StringUtils.isNotEmpty(dto.getExtra()) && !checkUserIds(dto.getExtra())) { - log.error("fail to check {} that userIds in extra {}", methodName, dto.getExtra()); - return false; + return failCheckResult("fail to check %s that userIds in extra %s", methodName, + dto.getExtra()); } - return true; + return successCheckResult(); } private boolean checkUserIds(String extra) { @@ -194,16 +190,15 @@ private boolean checkUserIds(String extra) { } @Override - boolean checkIdExists(Long id, String tenant, String workspace) { + public LevelAuthorizationCheckResult checkIdExists(Long id, String tenant, String workspace) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.eq("id", id); this.requestContextAdapter.queryWrapperTenantAdapt(queryWrapper, tenant, workspace); List exist = this.alarmDingDingRobotMapper.selectList(queryWrapper); if (CollectionUtils.isEmpty(exist)) { - log.error("fail to check id for no existed {} {} {}", id, tenant, workspace); - return false; + return failCheckResult("fail to check id for no existed %d %s %s", id, tenant, workspace); } - return true; + return successCheckResult(); } } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmHistoryFacadeImplChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmHistoryFacadeImplChecker.java index 2f88d0409..4128cbe9a 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmHistoryFacadeImplChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmHistoryFacadeImplChecker.java @@ -7,12 +7,13 @@ import com.google.common.reflect.TypeToken; import io.holoinsight.server.common.J; import io.holoinsight.server.home.common.service.RequestContextAdapter; -import io.holoinsight.server.home.common.util.scope.MonitorScope; import io.holoinsight.server.home.common.util.scope.RequestContext; import io.holoinsight.server.home.dal.mapper.AlarmHistoryMapper; import io.holoinsight.server.home.dal.model.AlarmHistory; import io.holoinsight.server.home.facade.AlarmHistoryDTO; import io.holoinsight.server.home.facade.page.MonitorPageRequest; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; import io.holoinsight.server.home.web.security.LevelAuthorizationMetaData; import lombok.extern.slf4j.Slf4j; import org.aopalliance.intercept.MethodInvocation; @@ -24,13 +25,17 @@ import javax.annotation.Resource; import java.util.List; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; + /** * @author masaimu * @version 2024-02-07 17:25:00 */ @Slf4j @Service -public class AlarmHistoryFacadeImplChecker extends AbstractResourceChecker { +public class AlarmHistoryFacadeImplChecker + implements AbstractResourceChecker, LevelAuthorizationCheck { @Resource private AlarmHistoryMapper alarmHistoryMapper; @@ -38,19 +43,19 @@ public class AlarmHistoryFacadeImplChecker extends AbstractResourceChecker { private RequestContextAdapter requestContextAdapter; @Override - public boolean check(LevelAuthorizationMetaData levelAuthMetaData, + public LevelAuthorizationCheckResult check(LevelAuthorizationMetaData levelAuthMetaData, MethodInvocation methodInvocation) { - MonitorScope ms = RequestContext.getContext().ms; - String workspace = ms.getWorkspace(); - String tenant = ms.getTenant(); + String workspace = + this.requestContextAdapter.getWorkspaceFromContext(RequestContext.getContext()); + String tenant = this.requestContextAdapter.getTenantFromContext(RequestContext.getContext()); List parameters = levelAuthMetaData.getParameters(); String methodName = methodInvocation.getMethod().getName(); return checkParameters(methodName, parameters, tenant, workspace); } - private boolean checkParameters(String methodName, List parameters, String tenant, - String workspace) { + private LevelAuthorizationCheckResult checkParameters(String methodName, List parameters, + String tenant, String workspace) { switch (methodName) { case "queryById": return checkIdNotNull(parameters); @@ -59,28 +64,27 @@ private boolean checkParameters(String methodName, List parameters, Stri case "pageQuery": return checkPageRequest(methodName, parameters, tenant, workspace); default: - return true; + return successCheckResult(); } } @Override - boolean checkIdExists(Long id, String tenant, String workspace) { + public LevelAuthorizationCheckResult checkIdExists(Long id, String tenant, String workspace) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.eq("id", id); this.requestContextAdapter.queryWrapperTenantAdapt(queryWrapper, tenant, workspace); List exist = this.alarmHistoryMapper.selectList(queryWrapper); if (CollectionUtils.isEmpty(exist)) { - log.error("fail to check id for no existed {} {} {}", id, tenant, workspace); - return false; + return failCheckResult("fail to check id for no existed %s %s %s", id, tenant, workspace); } - return true; + return successCheckResult(); } - private boolean checkPageRequest(String methodName, List parameters, String tenant, - String workspace) { + protected LevelAuthorizationCheckResult checkPageRequest(String methodName, + List parameters, String tenant, String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { - return false; + return failCheckResult("parameters is empty"); } String parameter = parameters.get(0); MonitorPageRequest pageRequest = @@ -88,36 +92,32 @@ private boolean checkPageRequest(String methodName, List parameters, Str if (pageRequest.getFrom() != null && pageRequest.getTo() != null) { if (pageRequest.getFrom() > pageRequest.getTo()) { - log.error("fail to check time range for start {} larger than end {}", pageRequest.getFrom(), - pageRequest.getTo()); - return false; + return failCheckResult("fail to check time range for start %d larger than end %d", + pageRequest.getFrom(), pageRequest.getTo()); } } AlarmHistoryDTO target = pageRequest.getTarget(); if (target == null) { - log.error("fail to check target, target can not be null"); - return false; + return failCheckResult("fail to check target, target can not be null"); } return checkAlarmHistoryDTO(methodName, target, tenant, workspace); } - private boolean checkAlarmHistoryDTO(String methodName, AlarmHistoryDTO target, String tenant, - String workspace) { + private LevelAuthorizationCheckResult checkAlarmHistoryDTO(String methodName, + AlarmHistoryDTO target, String tenant, String workspace) { if (StringUtils.isNotEmpty(target.getTenant()) && !StringUtils.equals(target.getTenant(), tenant)) { - log.error("fail to check {} for invalid tenant {}, valid tenant {}", methodName, + return failCheckResult("fail to check %s for invalid tenant %s, valid tenant %s", methodName, target.getTenant(), tenant); - return false; } if (StringUtils.isNotEmpty(target.getWorkspace()) && !StringUtils.equals(target.getWorkspace(), workspace)) { - log.error("fail to check {} for invalid workspace {}, valid workspace {}", methodName, - target.getWorkspace(), workspace); - return false; + return failCheckResult("fail to check %s for invalid workspace %s, valid workspace %s", + methodName, target.getWorkspace(), workspace); } - return true; + return successCheckResult(); } } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java index 71162babc..002159bd0 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java @@ -3,13 +3,51 @@ */ package io.holoinsight.server.home.web.security.custom; -import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.google.common.reflect.TypeToken; +import io.holoinsight.server.common.J; +import io.holoinsight.server.common.dao.entity.MetricInfo; +import io.holoinsight.server.home.common.service.RequestContextAdapter; +import io.holoinsight.server.home.common.util.scope.RequestContext; +import io.holoinsight.server.home.dal.mapper.AlarmRuleMapper; +import io.holoinsight.server.home.dal.mapper.AlertTemplateMapper; +import io.holoinsight.server.home.dal.model.AlarmRule; +import io.holoinsight.server.home.dal.model.AlertTemplate; +import io.holoinsight.server.home.facade.AlarmRuleDTO; +import io.holoinsight.server.home.facade.AlertRuleExtra; +import io.holoinsight.server.home.facade.AlertSilenceConfig; +import io.holoinsight.server.home.facade.NotificationConfig; +import io.holoinsight.server.home.facade.NotificationTemplate; +import io.holoinsight.server.home.facade.Rule; +import io.holoinsight.server.home.facade.TimeFilter; +import io.holoinsight.server.home.facade.emuns.TimeFilterEnum; +import io.holoinsight.server.home.facade.page.MonitorPageRequest; +import io.holoinsight.server.home.facade.trigger.CompareConfig; +import io.holoinsight.server.home.facade.trigger.DataSource; +import io.holoinsight.server.home.facade.trigger.Trigger; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; import io.holoinsight.server.home.web.security.LevelAuthorizationMetaData; import lombok.extern.slf4j.Slf4j; import org.aopalliance.intercept.MethodInvocation; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; +import javax.annotation.Resource; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import static io.holoinsight.server.home.facade.utils.ParaCheckUtil.sqlCnNameCheck; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; /** * @author masaimu @@ -17,13 +55,574 @@ */ @Slf4j @Service -public class AlarmRuleLevelAuthorizationChecker implements LevelAuthorizationCheck { +public class AlarmRuleLevelAuthorizationChecker extends AbstractQueryChecker + implements AbstractResourceChecker { + + @Autowired + private RequestContextAdapter requestContextAdapter; + @Resource + private AlarmRuleMapper alarmRuleMapper; + @Resource + private AlertTemplateMapper alertTemplateMapper; + @Autowired + private AlarmHistoryFacadeImplChecker historyFacadeImplChecker; + private static final Pattern timePattern = + Pattern.compile("^(?:[01]\\d|2[0-3]):(?:[0-5]\\d):(?:[0-5]\\d)$"); + + private static final Pattern downsamplePattern = Pattern.compile("^\\d+[mMhH]$"); + private static final Pattern calculatePattern = Pattern.compile("^[a-zA-Z]([+\\-*/][a-zA-Z])*$"); + private static final Set timeModes = + new HashSet<>(Arrays.asList(TimeFilterEnum.DAY.getDesc(), TimeFilterEnum.WEEK.getDesc(), + TimeFilterEnum.MONTH.getDesc())); + private static final Set ruleTypes = new HashSet<>(Arrays.asList("ai", "rule", "pql")); + private static final Set alarmLevels = + new HashSet<>(Arrays.asList("1", "2", "3", "4", "5")); + private static final Set sourceTypes = + new HashSet<>(Arrays.asList("custom", "cloudbase", "log", "hosting_system", "hosting_port", + "hosting_tbase", "hosting_spanner", "hosting_ob", "hosting_apm_ai", "hosting_spanner_ai", + "hosting_ob_ai", "hosting_tbase_ai", "hosting_system_ai", "hosting_disk", "iot", + "miniapp", "antiTemplate", "template", "hosting")); + + private static final Set silenceModes = + new HashSet<>(Arrays.asList("default", "gradual", "fixed")); + private static final Set aggregators = new HashSet<>(Arrays.asList("sum", "avg", "mix", + "max", "count", "none", "SUM", "AVG", "MIX", "MAX", "COUNT", "NONE")); + private static final Set metricTypes = + new HashSet<>(Arrays.asList("app", "cache", "log", "oss", "trace", "system", "metric", + "service", "function", "pg", "mongodb", "db", "miniProgram")); + private static final Set products = new HashSet<>(Arrays.asList("JVM", "Function", + "OceanBase", "Tbase", "PortCheck", "System", "MiniProgram", "Spanner", "IoT")); + @Override - public boolean check(LevelAuthorizationMetaData levelAuthMetaData, + public LevelAuthorizationCheckResult check(LevelAuthorizationMetaData levelAuthMetaData, MethodInvocation methodInvocation) { + RequestContext.Context context = RequestContext.getContext(); + String workspace = this.requestContextAdapter.getWorkspaceFromContext(context); + String tenant = this.requestContextAdapter.getTenantFromContext(context); + List parameters = levelAuthMetaData.getParameters(); String methodName = methodInvocation.getMethod().getName(); - log.info("AlarmRuleLevelAuthorizationChecker {} {}", methodName, parameters); + return checkParameters(methodName, parameters, tenant, workspace); + } + + private LevelAuthorizationCheckResult checkParameters(String methodName, List parameters, + String tenant, String workspace) { + switch (methodName) { + case "create": + case "update": + return checkAlarmRuleDTO(methodName, parameters, tenant, workspace); + case "queryById": + case "deleteById": + return checkIdExists(parameters, tenant, workspace); + case "queryByIds": + return checkIdsExists(parameters, tenant, workspace); + case "pageQuery": + return checkPageRequest(methodName, parameters, tenant, workspace); + case "querySubscribeList": + return checkSelfBool(methodName, parameters, tenant, workspace); + case "querySubAlarmHistory": + return checkQuerySubAlarmHistory(methodName, parameters, tenant, workspace); + default: + return successCheckResult(); + } + } + + private LevelAuthorizationCheckResult checkQuerySubAlarmHistory(String methodName, + List parameters, String tenant, String workspace) { + if (parameters.size() == 2) { + LevelAuthorizationCheckResult checkResult1 = checkSelfBool(methodName, + Collections.singletonList(parameters.get(0)), tenant, workspace); + if (!checkResult1.isSuccess()) { + return checkResult1; + } + LevelAuthorizationCheckResult checkResult2 = historyFacadeImplChecker.checkPageRequest( + methodName, Collections.singletonList(parameters.get(1)), tenant, workspace); + if (!checkResult2.isSuccess()) { + return checkResult2; + } + } else if (parameters.size() == 1) { + LevelAuthorizationCheckResult checkResult2 = historyFacadeImplChecker.checkPageRequest( + methodName, Collections.singletonList(parameters.get(0)), tenant, workspace); + if (!checkResult2.isSuccess()) { + return checkResult2; + } + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkSelfBool(String methodName, List parameters, + String tenant, String workspace) { + if (CollectionUtils.isEmpty(parameters)) { + return successCheckResult(); + } + String req = J.fromJson(parameters.get(0), String.class); + if (StringUtils.equals("true", req) || StringUtils.equals("false", req)) { + return successCheckResult(); + } + return failCheckResult("invalid req %s", req); + } + + private LevelAuthorizationCheckResult checkIdsExists(List parameters, String tenant, + String workspace) { + String[] idArray = StringUtils.split(parameters.get(0), ","); + for (String id : idArray) { + LevelAuthorizationCheckResult checkResult = + checkIdExists(Collections.singletonList(id), tenant, workspace); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkPageRequest(String methodName, List parameters, + String tenant, String workspace) { + if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { + return failCheckResult("empty parameters"); + } + String parameter = parameters.get(0); + MonitorPageRequest pageRequest = + J.fromJson(parameter, new TypeToken>() {}.getType()); + + if (pageRequest.getFrom() != null && pageRequest.getTo() != null) { + if (pageRequest.getFrom() > pageRequest.getTo()) { + return failCheckResult("fail to check time range for start %s larger than end %s", + pageRequest.getFrom(), pageRequest.getTo()); + } + } + + AlarmRuleDTO target = pageRequest.getTarget(); + if (target == null) { + return failCheckResult("fail to check target, target can not be null"); + } + return checkAlarmRuleDTO(methodName, target, tenant, workspace); + } + + private LevelAuthorizationCheckResult checkAlarmRuleDTO(String methodName, + List parameters, String tenant, String workspace) { + if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { + return failCheckResult("parameters is empty"); + } + log.info("checkParameters {} parameter {}", methodName, parameters.get(0)); + AlarmRuleDTO alarmRuleDTO = J.fromJson(parameters.get(0), AlarmRuleDTO.class); + return checkAlarmRuleDTO(methodName, alarmRuleDTO, tenant, workspace); + } + + private LevelAuthorizationCheckResult checkAlarmRuleDTO(String methodName, + AlarmRuleDTO alarmRuleDTO, String tenant, String workspace) { + if (methodName.equals("create")) { + if (alarmRuleDTO.getId() != null) { + return failCheckResult("fail to check %s for id is not null", methodName); + } + if (alarmRuleDTO.getStatus() == null) { + return failCheckResult("status can not be empty"); + } + if (alarmRuleDTO.getIsMerge() == null) { + return failCheckResult("isMerge can not be empty"); + } + if (alarmRuleDTO.getRecover() == null) { + return failCheckResult("recover can not be empty"); + } + } + + if (methodName.equals("update")) { + if (alarmRuleDTO.getId() == null) { + return failCheckResult("fail to check %s for id is null", methodName); + } + LevelAuthorizationCheckResult updateCheckResult = + checkIdExists(alarmRuleDTO.getId(), tenant, workspace); + if (!updateCheckResult.isSuccess()) { + return updateCheckResult; + } + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getRuleName()) + && !checkSqlName(alarmRuleDTO.getRuleName())) { + return failCheckResult( + "invalid ruleName %s, please use a-z A-Z 0-9 Chinese - _ , . : spaces ", + alarmRuleDTO.getRuleName()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getRuleType()) + && !ruleTypes.contains(alarmRuleDTO.getRuleType())) { + return failCheckResult("invalid rule type %s", alarmRuleDTO.getRuleType()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getAlarmLevel()) + && !alarmLevels.contains(alarmRuleDTO.getAlarmLevel())) { + return failCheckResult("invalid rule level %s", alarmRuleDTO.getAlarmLevel()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getRuleName()) + && !checkSqlName(alarmRuleDTO.getRuleName())) { + return failCheckResult("invalid ruleName %s", alarmRuleDTO.getRuleName()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getRuleDescribe()) + && !sqlCnNameCheck(alarmRuleDTO.getRuleDescribe())) { + return failCheckResult( + "invalid ruleDescribe %s, please use a-z A-Z 0-9 Chinese - _ , . : spaces ", + alarmRuleDTO.getRuleDescribe()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getMergeType())) { + return failCheckResult("mergeType %s should be empty", alarmRuleDTO.getMergeType()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getNoticeType())) { + return failCheckResult("noticeType %s should be empty", alarmRuleDTO.getMergeType()); + } + + if (!CollectionUtils.isEmpty(alarmRuleDTO.getAlarmContent())) { + return failCheckResult("alarmContent %s should be empty", alarmRuleDTO.getMergeType()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getTenant()) + && !StringUtils.equals(alarmRuleDTO.getTenant(), tenant)) { + return failCheckResult("invalid tenant %s for right tenant %s", alarmRuleDTO.getTenant(), + tenant); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getWorkspace()) + && !StringUtils.equals(alarmRuleDTO.getWorkspace(), workspace)) { + return failCheckResult("invalid workspace %s for right workspace %s", + alarmRuleDTO.getWorkspace(), workspace); + } + + if (!CollectionUtils.isEmpty(alarmRuleDTO.getRule())) { + LevelAuthorizationCheckResult ruleCheckResult = + checkRule(alarmRuleDTO.getRule(), tenant, workspace); + if (!ruleCheckResult.isSuccess()) { + return ruleCheckResult; + } + } + + if (!CollectionUtils.isEmpty(alarmRuleDTO.getTimeFilter())) { + LevelAuthorizationCheckResult timeFilterCheckResult = + checkTimeFilter(alarmRuleDTO.getTimeFilter(), tenant, workspace); + if (!timeFilterCheckResult.isSuccess()) { + return timeFilterCheckResult; + } + } + + if (alarmRuleDTO.getBlockId() != null) { + return failCheckResult("blockId %d should be empty", alarmRuleDTO.getBlockId()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getSourceType()) + && !checkSourceType(alarmRuleDTO.getSourceType())) { + return failCheckResult("invalid source type %s", alarmRuleDTO.getSourceType()); + } + + if (alarmRuleDTO.getExtra() != null) { + LevelAuthorizationCheckResult checkResult = + checkExtra(alarmRuleDTO.getExtra(), tenant, workspace); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getEnvType()) + && !checkEnvType(alarmRuleDTO.getEnvType(), workspace)) { + return failCheckResult("invalid env type %s", alarmRuleDTO.getEnvType()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getPql())) { + return failCheckResult("pql %s should be empty", alarmRuleDTO.getPql()); + } + + if (alarmRuleDTO.getAlertNotificationTemplateId() != null) { + return failCheckResult("alertNotificationTemplateId %d should be empty", + alarmRuleDTO.getAlertNotificationTemplateId()); + } + + if (StringUtils.isNotEmpty(alarmRuleDTO.getAlertTemplateUuid()) + && !checkAlertTemplateUuid(alarmRuleDTO.getAlertTemplateUuid(), tenant, workspace)) { + return failCheckResult("invalid alertTemplateUuid %s", alarmRuleDTO.getAlertTemplateUuid()); + } + + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkRule(Map ruleMap, String tenant, + String workspace) { + Rule rule = J.fromJson(J.toJson(ruleMap), Rule.class); + if (CollectionUtils.isEmpty(rule.getTriggers())) { + return successCheckResult(); + } + for (Trigger trigger : rule.getTriggers()) { + if (!CollectionUtils.isEmpty(trigger.getDatasources())) { + LevelAuthorizationCheckResult checkResult = + checkDatasources(trigger.getDatasources(), tenant, workspace); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + + if (StringUtils.isNotEmpty(trigger.getQuery()) && !checkQuery(trigger.getQuery())) { + return failCheckResult("fail to check query %s", trigger.getQuery()); + } + + if (StringUtils.isNotEmpty(trigger.getAggregator()) + && !aggregators.contains(trigger.getAggregator())) { + return failCheckResult("fail to check aggregator %s", trigger.getAggregator()); + } + + if (StringUtils.isNotEmpty(trigger.getTriggerContent()) + && !checkSqlName(trigger.getTriggerContent())) { + return failCheckResult("fail to check triggerContent %s", trigger.getTriggerContent()); + } + + if (!CollectionUtils.isEmpty(trigger.getDataResult())) { + return failCheckResult("dataResult in trigger should be empty"); + } + + if (StringUtils.isNotEmpty(trigger.getTriggerTitle()) + && !checkSqlName(trigger.getTriggerTitle())) { + return failCheckResult("fail to check triggerTitle %s", trigger.getTriggerTitle()); + } + + if (!CollectionUtils.isEmpty(trigger.getCompareConfigs())) { + LevelAuthorizationCheckResult checkResult = + checkCompareConfigs(trigger.getCompareConfigs()); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + + if (trigger.getRuleConfig() != null && !checkSqlField(trigger.getRuleConfig().keySet())) { + return failCheckResult("key of ruleConfig %s is invalid", + J.toJson(trigger.getRuleConfig().keySet())); + } + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkDatasources(List datasources, + String tenant, String workspace) { + for (DataSource dataSource : datasources) { + if (StringUtils.isNotEmpty(dataSource.getMetricType()) + && !metricTypes.contains(dataSource.getMetricType())) { + return failCheckResult("invalid metric type %s", dataSource.getMetricType()); + } + if (StringUtils.isNotEmpty(dataSource.getProduct()) + && !products.contains(dataSource.getProduct())) { + return failCheckResult("invalid product %s", dataSource.getProduct()); + } + if (StringUtils.isNotEmpty(dataSource.getMetric())) { + LevelAuthorizationCheckResult checkResult = checkMetricTableWithAlarmFilter( + dataSource.getMetric(), tenant, workspace, dataSource.getFilters()); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + if (!CollectionUtils.isEmpty(dataSource.getGroupBy())) { + LevelAuthorizationCheckResult checkResult = + checkGroupBy(dataSource.getMetric(), dataSource.getGroupBy()); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + if (StringUtils.isNotEmpty(dataSource.getDownsample()) + && !checkDownsample(dataSource.getDownsample())) { + return failCheckResult("fail to check downsample %s", dataSource.getDownsample()); + } + if (StringUtils.isNotEmpty(dataSource.getAggregator()) + && !aggregators.contains(dataSource.getAggregator())) { + return failCheckResult("fail to check aggregator %s", dataSource.getAggregator()); + } + } + return successCheckResult(); + } + + private boolean checkDownsample(String downsample) { + String[] arr = downsample.split("-"); + String timeDownsample = arr[0]; + String agg = null; + if (arr.length > 1) { + agg = arr[1]; + } + if (StringUtils.isNotEmpty(agg) && !aggregators.contains(agg)) { + return false; + } + Matcher matcher = downsamplePattern.matcher(timeDownsample); + return matcher.matches(); + } + + private LevelAuthorizationCheckResult checkGroupBy(String metric, List groupBys) { + MetricInfo metricInfo = apiSecurityService.getMetricInfo(metric); + if (metricInfo == null) { + return failCheckResult("metricInfo is null for metric %s", metric); + } + List tags = J.toList(metricInfo.getTags()); + for (String groupBy : groupBys) { + if (!tags.contains(groupBy)) { + return failCheckResult("groupby %s cannot be found in %s", groupBy, metricInfo.getTags()); + } + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkCompareConfigs(List compareConfigs) { + for (CompareConfig config : compareConfigs) { + if (StringUtils.isNotEmpty(config.getTriggerLevel()) + && !checkSqlName(config.getTriggerLevel())) { + return failCheckResult("fail to check triggerLevel in compareConfigs %s", + config.getTriggerLevel()); + } + if (StringUtils.isNotEmpty(config.getTriggerContent()) + && !checkSqlName(config.getTriggerContent())) { + return failCheckResult("fail to check triggerContent in compareConfigs %s", + config.getTriggerContent()); + } + } + return successCheckResult(); + } + + protected static boolean checkQuery(String query) { + Matcher matcher = calculatePattern.matcher(query); + return matcher.matches(); + } + + private LevelAuthorizationCheckResult checkTimeFilter(Map timeFilter, + String tenant, String workspace) { + TimeFilter tf = J.fromJson(J.toJson(timeFilter), TimeFilter.class); + if (StringUtils.isNotEmpty(tf.getFrom()) && !validTime(tf.getFrom())) { + return failCheckResult("from %s in timeFilter is invalid", tf.getFrom()); + } + if (StringUtils.isNotEmpty(tf.getTo()) && !validTime(tf.getTo())) { + return failCheckResult("to %s in timeFilter is invalid", tf.getTo()); + } + if (StringUtils.isNotEmpty(tf.getModel()) && !timeModes.contains(tf.getModel())) { + return failCheckResult("mode %s in timeFilter is invalid", tf.getModel()); + } + return successCheckResult(); + } + + protected static boolean validTime(String time) { + Matcher matcher = timePattern.matcher(time); + return matcher.matches(); + } + + private LevelAuthorizationCheckResult checkExtra(AlertRuleExtra extra, String tenant, + String workspace) { + if (StringUtils.isNotEmpty(extra.sourceLink)) { + return failCheckResult("sourceLink %s should be empty", extra.sourceLink); + } + if (StringUtils.isNotEmpty(extra.md5)) { + return failCheckResult("md5 %s should be empty", extra.md5); + } + if (!CollectionUtils.isEmpty(extra.alertTags) && !checkSqlField(extra.alertTags)) { + return failCheckResult("fail to check sql field in alertTags %s", J.toJson(extra.alertTags)); + } + + if (!CollectionUtils.isEmpty(extra.tagAlias) + && (!checkSqlField(extra.tagAlias.keySet()) || !checkSqlField(extra.tagAlias.values()))) { + return failCheckResult("fail to check sql field in tagAlias %s", J.toJson(extra.tagAlias)); + } + + if (extra.notificationConfig != null) { + LevelAuthorizationCheckResult checkResult = checkNotificationConfig(extra.notificationConfig); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + + if (extra.alertSilenceConfig != null) { + LevelAuthorizationCheckResult checkResult = checkAlertSilenceConfig(extra.alertSilenceConfig); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkAlertSilenceConfig( + AlertSilenceConfig alertSilenceConfig) { + if (StringUtils.isNotEmpty(alertSilenceConfig.getSilenceMode()) + && !silenceModes.contains(alertSilenceConfig.getSilenceMode())) { + return failCheckResult("invalid silenceMode %s ", alertSilenceConfig.getSilenceMode()); + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkNotificationConfig( + NotificationConfig notificationConfig) { + if (notificationConfig.dingtalkTemplate != null) { + LevelAuthorizationCheckResult checkResult = + checkNotificationTemplate(notificationConfig.dingtalkTemplate); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + if (notificationConfig.webhookTemplate != null) { + LevelAuthorizationCheckResult checkResult = + checkNotificationTemplate(notificationConfig.webhookTemplate); + if (!checkResult.isSuccess()) { + return checkResult; + } + } + return successCheckResult(); + } + + private LevelAuthorizationCheckResult checkNotificationTemplate(NotificationTemplate template) { + if (!CollectionUtils.isEmpty(template.fieldMap) && !checkSqlField(template.fieldMap.keySet())) { + return failCheckResult("invalid sql field in NotificationTemplate fieldMap %s", + J.toJson(template.fieldMap.keySet())); + } + if (!CollectionUtils.isEmpty(template.tagMap) + && (!checkSqlField(template.tagMap.keySet()) || !checkSqlField(template.tagMap.values()))) { + return failCheckResult("fail to check sql field in NotificationTemplate tagMap %s", + J.toJson(template.tagMap)); + } + if (StringUtils.isNotEmpty(template.text) + && !StringUtils.equals(template.text, template.getTemplateJson())) { + return failCheckResult("text %s in template not equal to fieldMap", template.text); + } + return successCheckResult(); + } + + private boolean checkSqlField(Collection collection) { + for (String item : collection) { + if (!checkSqlField(item)) { + return false; + } + } return true; } + + private boolean checkEnvType(String envType, String workspace) { + String[] arr = envType.split("_"); + if (arr.length != 2) { + return false; + } + return StringUtils.equals(String.join("__", arr[1], arr[0]), workspace); + } + + + private boolean checkSourceType(String sourceType) { + return checkSqlField(sourceType) + && (sourceTypes.contains(sourceType) || sourceType.startsWith("apm_")); + } + + private boolean checkAlertTemplateUuid(String alertTemplateUuid, String tenant, + String workspace) { + QueryWrapper queryWrapper = new QueryWrapper<>(); + queryWrapper.eq("uuid", alertTemplateUuid); + queryWrapper.eq("tenant", tenant); + queryWrapper.eq("workspace", workspace); + return !CollectionUtils.isEmpty(this.alertTemplateMapper.selectList(queryWrapper)); + } + + @Override + public LevelAuthorizationCheckResult checkIdExists(Long id, String tenant, String workspace) { + QueryWrapper queryWrapper = new QueryWrapper<>(); + queryWrapper.eq("id", id); + this.requestContextAdapter.queryWrapperTenantAdapt(queryWrapper, tenant, workspace); + List exist = this.alarmRuleMapper.selectList(queryWrapper); + if (CollectionUtils.isEmpty(exist)) { + return failCheckResult("fail to check id for no existed %s %s %s", id, tenant, workspace); + } + return successCheckResult(); + } } diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java index 180ac4bec..779e2e8a4 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java @@ -14,6 +14,7 @@ import io.holoinsight.server.home.facade.AlertTemplateDTO; import io.holoinsight.server.home.facade.page.MonitorPageRequest; import io.holoinsight.server.home.web.security.LevelAuthorizationCheck; +import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult; import io.holoinsight.server.home.web.security.LevelAuthorizationMetaData; import lombok.extern.slf4j.Slf4j; import org.aopalliance.intercept.MethodInvocation; @@ -27,6 +28,9 @@ import java.util.List; import java.util.Set; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.failCheckResult; +import static io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult.successCheckResult; + /** * @author masaimu * @version 2024-01-26 10:39:00 @@ -43,7 +47,7 @@ public class AlertTemplateFacadeImplChecker implements LevelAuthorizationCheck { private static final Set channelTypeSet = new HashSet<>(Arrays.asList("sms", "dingTalk")); @Override - public boolean check(LevelAuthorizationMetaData levelAuthMetaData, + public LevelAuthorizationCheckResult check(LevelAuthorizationMetaData levelAuthMetaData, MethodInvocation methodInvocation) { MonitorScope ms = RequestContext.getContext().ms; String workspace = ms.getWorkspace(); @@ -54,8 +58,8 @@ public boolean check(LevelAuthorizationMetaData levelAuthMetaData, return checkParameters(methodName, parameters, tenant, workspace); } - private boolean checkParameters(String methodName, List parameters, String tenant, - String workspace) { + private LevelAuthorizationCheckResult checkParameters(String methodName, List parameters, + String tenant, String workspace) { switch (methodName) { case "create": case "update": @@ -67,14 +71,14 @@ private boolean checkParameters(String methodName, List parameters, Stri case "pageQuery": return checkPageRequest(methodName, parameters, tenant, workspace); default: - return true; + return successCheckResult(); } } - private boolean checkPageRequest(String methodName, List parameters, String tenant, - String workspace) { + private LevelAuthorizationCheckResult checkPageRequest(String methodName, List parameters, + String tenant, String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { - return false; + return failCheckResult("parameters is empty"); } String parameter = parameters.get(0); MonitorPageRequest pageRequest = @@ -82,122 +86,116 @@ private boolean checkPageRequest(String methodName, List parameters, Str if (pageRequest.getFrom() != null && pageRequest.getTo() != null) { if (pageRequest.getFrom() > pageRequest.getTo()) { - log.error("fail to check time range for start {} larger than end {}", pageRequest.getFrom(), - pageRequest.getTo()); - return false; + return failCheckResult("fail to check time range for start %s larger than end %s", + pageRequest.getFrom(), pageRequest.getTo()); } } AlertTemplateDTO target = pageRequest.getTarget(); if (target == null) { - log.error("fail to check target, target can not be null"); - return false; + return failCheckResult("fail to check target, target can not be null"); } return checkAlertNotificationTemplateDTO(methodName, target, tenant, workspace); } - private boolean checkId(List parameters, String tenant, String workspace) { + private LevelAuthorizationCheckResult checkId(List parameters, String tenant, + String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { - return false; + return failCheckResult("parameters is empty"); } String uuid = J.fromJson(parameters.get(0), String.class); return checkId(uuid, tenant, workspace); } - private boolean checkId(String uuid, String tenant, String workspace) { + private LevelAuthorizationCheckResult checkId(String uuid, String tenant, String workspace) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.eq("uuid", uuid); queryWrapper.eq("tenant", tenant); queryWrapper.eq("workspace", workspace); List exist = this.alertTemplateMapper.selectList(queryWrapper); if (CollectionUtils.isEmpty(exist)) { - log.error("fail to check uuid for no existed {} {} {}", uuid, tenant, workspace); - return false; + return failCheckResult("fail to check uuid for no existed %s %s %s", uuid, tenant, workspace); } - return true; + return successCheckResult(); } - private boolean checkAlertNotificationTemplateDTO(String methodName, List parameters, - String tenant, String workspace) { + private LevelAuthorizationCheckResult checkAlertNotificationTemplateDTO(String methodName, + List parameters, String tenant, String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { - return false; + return failCheckResult("parameters is empty"); } log.info("checkParameters {} parameter {}", methodName, parameters.get(0)); AlertTemplateDTO templateDTO = J.fromJson(parameters.get(0), AlertTemplateDTO.class); return checkAlertNotificationTemplateDTO(methodName, templateDTO, tenant, workspace); } - private boolean checkAlertNotificationTemplateDTO(String methodName, AlertTemplateDTO templateDTO, - String tenant, String workspace) { + private LevelAuthorizationCheckResult checkAlertNotificationTemplateDTO(String methodName, + AlertTemplateDTO templateDTO, String tenant, String workspace) { if (methodName.equals("create")) { if (StringUtils.isNotEmpty(templateDTO.uuid)) { - log.error("fail to check {} for uuid is not null", methodName); - return false; + return failCheckResult("fail to check %s for uuid is not null", methodName); } } if (methodName.equals("update")) { if (StringUtils.isEmpty(templateDTO.uuid)) { - log.error("fail to check {} for uuid is null", methodName); - return false; + return failCheckResult("fail to check %s for uuid is null", methodName); } - if (!checkId(templateDTO.uuid, tenant, workspace)) { - return false; + LevelAuthorizationCheckResult checkResult = checkId(templateDTO.uuid, tenant, workspace); + if (!checkResult.isSuccess()) { + return checkResult; } } if (StringUtils.isNotEmpty(templateDTO.templateName) && !checkSqlName(templateDTO.templateName)) { - log.error("fail to check {} for invalid templateName {}", methodName, + return failCheckResult("fail to check %s for invalid templateName %s", methodName, templateDTO.templateName); - return false; } if (StringUtils.isNotEmpty(templateDTO.sceneType) && !sceneTypeSet.contains(templateDTO.sceneType)) { - log.error("fail to check {} for invalid sceneType {}", methodName, templateDTO.sceneType); - return false; + return failCheckResult("fail to check %s for invalid sceneType %s", methodName, + templateDTO.sceneType); } if (StringUtils.isNotEmpty(templateDTO.channelType) && !channelTypeSet.contains(templateDTO.channelType)) { - log.error("fail to check {} for invalid channelType {}", methodName, templateDTO.channelType); - return false; + return failCheckResult("fail to check %s for invalid channelType %s", methodName, + templateDTO.channelType); } if (StringUtils.isNotEmpty(templateDTO.tenant) && !StringUtils.equals(templateDTO.tenant, tenant)) { - log.error("fail to check {} for invalid tenant {}", methodName, templateDTO.tenant); - return false; + return failCheckResult("fail to check %s for invalid tenant %s", methodName, + templateDTO.tenant); } if (StringUtils.isNotEmpty(templateDTO.workspace) && !StringUtils.equals(templateDTO.workspace, workspace)) { - log.error("fail to check {} for invalid workspace {}", methodName, templateDTO.workspace); - return false; + return failCheckResult("fail to check %s for invalid workspace %s", methodName, + templateDTO.workspace); } MonitorUser mu = RequestContext.getContext().mu; if (StringUtils.isNotEmpty(templateDTO.creator) && !StringUtils.equals(templateDTO.creator, mu.getLoginName())) { - log.error("fail to check {} for invalid creator {} for login name {}", methodName, - templateDTO.creator, mu.getLoginName()); - return false; + return failCheckResult("fail to check %s for invalid creator %s for login name %s", + methodName, templateDTO.creator, mu.getLoginName()); } if (StringUtils.isNotEmpty(templateDTO.modifier) && !StringUtils.equals(templateDTO.modifier, mu.getLoginName())) { - log.error("fail to check {} for invalid modifier {} for login name {}", methodName, - templateDTO.modifier, mu.getLoginName()); - return false; + return failCheckResult("fail to check %s for invalid modifier %s for login name %s", + methodName, templateDTO.modifier, mu.getLoginName()); } if (StringUtils.isNotEmpty(templateDTO.description) && !checkSqlName(templateDTO.description)) { - log.error("fail to check {} for invalid description {}", methodName, templateDTO.description); - return false; + return failCheckResult("fail to check %s for invalid description %s", methodName, + templateDTO.description); } - return true; + return successCheckResult(); } } diff --git a/server/home/home-web/src/test/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImplTest.java b/server/home/home-web/src/test/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImplTest.java index 2ea0cc788..97125242b 100644 --- a/server/home/home-web/src/test/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImplTest.java +++ b/server/home/home-web/src/test/java/io/holoinsight/server/home/web/controller/AlarmRuleFacadeImplTest.java @@ -7,6 +7,7 @@ import io.holoinsight.server.home.biz.service.AlertGroupService; import io.holoinsight.server.home.biz.service.AlertRuleService; import io.holoinsight.server.home.biz.service.AlertSubscribeService; +import io.holoinsight.server.home.common.service.RequestContextAdapterImpl; import io.holoinsight.server.home.common.util.scope.MonitorScope; import io.holoinsight.server.home.common.util.scope.MonitorUser; import io.holoinsight.server.home.common.util.scope.RequestContext; @@ -44,6 +45,7 @@ public void setUp() throws Exception { facade.alarmSubscribeService = Mockito.mock(AlertSubscribeService.class); facade.alarmRuleService = Mockito.mock(AlertRuleService.class); facade.alarmRuleConverter = new AlarmRuleConverterImpl(); + facade.requestContextAdapter = new RequestContextAdapterImpl(); MonitorUser mu = new MonitorUser(); mu.setLoginName("test_loginName"); mu.setUserId("test_userId"); @@ -78,7 +80,8 @@ public void setUp() throws Exception { @Test public void testGetRuleListByGroup() { - List alarmRuleDTOList = facade.getRuleListByGroup(true); + List alarmRuleDTOList = + facade.getRuleListByGroup(true, "test_tenant", "workspace"); Mockito.verify(facade.alarmRuleService).list(argument.capture()); QueryWrapper queryWrapper = argument.getValue(); @@ -94,7 +97,7 @@ public void testGetRuleListByGroup() { @Test public void testGetRuleListByGroup_false() { - facade.getRuleListByGroup(false); + facade.getRuleListByGroup(false, "test_tenant", "workspace"); Mockito.verify(facade.alarmRuleService).list(argument.capture()); QueryWrapper queryWrapper = argument.getValue(); Assert.assertEquals("(id IN (#{ew.paramNameValuePairs.MPGENVAL1}))", @@ -103,7 +106,8 @@ public void testGetRuleListByGroup_false() { @Test public void testGetRuleListBySubscribe() { - List alarmRuleDTOList = facade.getRuleListBySubscribe(true); + List alarmRuleDTOList = + facade.getRuleListBySubscribe(true, "test_tenant", "workspace"); Mockito.verify(facade.alarmRuleService).list(argument.capture()); QueryWrapper queryWrapper = argument.getValue(); Assert.assertEquals( @@ -118,7 +122,8 @@ public void testGetRuleListBySubscribe() { @Test public void testGetRuleListBySubscribe_false() { - List alarmRuleDTOList = facade.getRuleListBySubscribe(false); + List alarmRuleDTOList = + facade.getRuleListBySubscribe(false, "test_tenant", "workspace"); Mockito.verify(facade.alarmRuleService).list(argument.capture()); QueryWrapper queryWrapper = argument.getValue(); Assert.assertEquals("(id IN (#{ew.paramNameValuePairs.MPGENVAL1}))", diff --git a/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlarmBlockFacadeIT.java b/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlarmBlockFacadeIT.java index 7e2603fc9..add094a21 100644 --- a/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlarmBlockFacadeIT.java +++ b/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlarmBlockFacadeIT.java @@ -13,6 +13,7 @@ import org.junit.jupiter.api.Order; import org.junit.jupiter.api.Test; +import java.util.Date; import java.util.Map; import java.util.Stack; import java.util.function.Supplier; @@ -60,15 +61,15 @@ public void test_alarm_block_create() { @Test public void test_alarm_block_update() { AlarmBlockDTO item = new AlarmBlockDTO(); - uniqueId = uniqueId + "0"; item.setId(id); item.setTenant(tenant); - item.setUniqueId(uniqueId); + item.setTags("{}"); given() // .body(new JSONObject(J.toMap(J.toJson(item)))) // .when() // .post("/webapi/alarmBlock/update") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .body("data", NOT_NULL); // @@ -86,15 +87,16 @@ public void test_custom_plugin_delete() { given() // .pathParam("id", id) // .when() // - .delete("/webapi/alarmBlock/delete/{id}").then() // + .delete("/webapi/alarmBlock/delete/{id}") // + .prettyPeek() // + .then() // .body("success", IS_TRUE) // .body("data", IS_TRUE); // Response response = queryById.get(); System.out.println(response.body().print()); response // .then() // - .body("success", IS_TRUE) // - .body("data", IS_NULL); // + .body("success", IS_FALSE); // } @Order(4) @@ -102,12 +104,13 @@ public void test_custom_plugin_delete() { public void test_custom_plugin_pageQuery() { Stack ids = new Stack<>(); AlarmBlockDTO item = new AlarmBlockDTO(); - item.setUniqueId(uniqueId); + item.setTenant(tenant); for (int i = 0; i < 10; i++) { Long id = ((Number) given() // .body(new JSONObject(J.toMap(J.toJson(item)))) // .when() // .post("/webapi/alarmBlock/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .extract() // @@ -116,7 +119,7 @@ public void test_custom_plugin_pageQuery() { } AlarmBlockDTO condition = new AlarmBlockDTO(); - condition.setUniqueId(uniqueId); + condition.setTenant(tenant); MonitorPageRequest pageRequest = new MonitorPageRequest<>(); pageRequest.setTarget(condition); pageRequest.setPageNum(0); @@ -125,6 +128,7 @@ public void test_custom_plugin_pageQuery() { .body(new JSONObject(J.toMap(J.toJson(pageRequest)))) // .when() // .post("/webapi/alarmBlock/pageQuery") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .root("data") diff --git a/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertDingDingRobotIT.java b/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertDingDingRobotIT.java index e2eeb0d87..d0f8d3f71 100644 --- a/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertDingDingRobotIT.java +++ b/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertDingDingRobotIT.java @@ -51,6 +51,7 @@ public void test_rule_create() { .body(new JSONObject(J.toMap(J.toJson(item)))) // .when() // .post("/webapi/alarmDingDingRobot/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .extract() // @@ -80,6 +81,7 @@ public void test_rule_update() { .body(new JSONObject(J.toMap(J.toJson(item)))) // .when() // .post("/webapi/alarmDingDingRobot/update") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .body("data", IS_TRUE); // diff --git a/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertRuleIT.java b/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertRuleIT.java index 2670d5e38..c5410d569 100644 --- a/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertRuleIT.java +++ b/test/server-e2e-test/src/main/java/io/holoinsight/server/test/it/AlertRuleIT.java @@ -75,6 +75,7 @@ public void test_rule_create() { .body(new JSONObject(J.toMap(J.toJson(alarmRuleDTO)))) // .when() // .post("/webapi/alarmRule/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .body("data", Matchers.any(Number.class)) // @@ -114,6 +115,7 @@ public void test_triggerContent() { .body(new JSONObject(J.toMap(J.toJson(alarmRuleDTO)))) // .when() // .post("/webapi/alarmRule/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .body("data", Matchers.any(Number.class)) // @@ -157,9 +159,10 @@ public void test_check_rule_name() { .body(new JSONObject(J.toMap(J.toJson(alarmRuleDTO)))) // .when() // .post("/webapi/alarmRule/create") // + .prettyPeek() // .then() // .body("success", IS_FALSE) // - .body("message", startsWith("API_SECURITY")); + .body("message", startsWith("SecurityCheckFailed")); invalidRuleName = name + "点击查看详情"; alarmRuleDTO = new AlarmRuleDTO(); @@ -170,9 +173,10 @@ public void test_check_rule_name() { .body(new JSONObject(J.toMap(J.toJson(alarmRuleDTO)))) // .when() // .post("/webapi/alarmRule/update") // + .prettyPeek() // .then() // .body("success", IS_FALSE) // - .body("message", startsWith("API_SECURITY")); + .body("message", startsWith("SecurityCheckFailed")); Response response = queryAlertRule.get(); System.out.println(response.body().print()); response // @@ -194,6 +198,7 @@ public void test_rule_update() { .body(new JSONObject(J.toMap(J.toJson(alarmRuleDTO)))) // .when() // .post("/webapi/alarmRule/update") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .body("data", IS_TRUE); @@ -216,8 +221,7 @@ public void test_rule_delete() { System.out.println(response.body().print()); response // .then() // - .body("success", IS_TRUE) // - .body("data", IS_NULL); + .body("success", IS_FALSE); } @Order(6) @@ -229,6 +233,7 @@ public void test_rule_pageQuery() { .body(new JSONObject(J.toMap(J.toJson(buildAlarmRule("hit_rule_" + i))))) // .when() // .post("/webapi/alarmRule/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .extract() // @@ -240,6 +245,7 @@ public void test_rule_pageQuery() { .body(new JSONObject(J.toMap(J.toJson(buildAlarmRule("miss_rule_" + i))))) // .when() // .post("/webapi/alarmRule/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE); } @@ -253,6 +259,7 @@ public void test_rule_pageQuery() { .body(new JSONObject(J.toMap(J.toJson(pageRequest)))) // .when() // .post("/webapi/alarmRule/pageQuery") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .root("data") @@ -274,6 +281,7 @@ public void test_alert_calculate() { .body(new JSONObject(J.toMap(J.toJson(buildAlarmRule("notification"))))) // .when() // .post("/webapi/alarmRule/create") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .body("data", Matchers.any(Number.class)) // @@ -310,6 +318,7 @@ public void test_alert_calculate() { .body(new JSONObject(J.toMap(J.toJson(detailPageRequest)))) // .when() // .post("/webapi/alarmHistoryDetail/countTrend") // + .prettyPeek() // .then() // .body("success", IS_TRUE) // .root("data") // @@ -415,7 +424,7 @@ private DataSource buildDataSource() { dataSource.setName("a"); dataSource.setAggregator("avg"); dataSource.setDownsample("1m-avg"); - dataSource.setGroupBy(Arrays.asList("hostname")); + // dataSource.setGroupBy(Arrays.asList("hostname")); dataSource.setFilters(Collections.singletonList(filter)); return dataSource; }