From c3113b601db4cf7dbcd0bdf43d4e037d509780cf Mon Sep 17 00:00:00 2001 From: Francis Dong Date: Mon, 25 Oct 2021 11:24:11 +0800 Subject: [PATCH] Add API doc set authorization plugin #362 --- .../plugin/apidoc/ApiDocAuthPluginFilter.java | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 fizz-plugin/src/main/java/we/plugin/apidoc/ApiDocAuthPluginFilter.java diff --git a/fizz-plugin/src/main/java/we/plugin/apidoc/ApiDocAuthPluginFilter.java b/fizz-plugin/src/main/java/we/plugin/apidoc/ApiDocAuthPluginFilter.java new file mode 100644 index 0000000..7dfcf28 --- /dev/null +++ b/fizz-plugin/src/main/java/we/plugin/apidoc/ApiDocAuthPluginFilter.java @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2021 the original author or authors. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package we.plugin.apidoc; + +import java.util.Map; + +import javax.annotation.Resource; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.server.reactive.ServerHttpResponse; +import org.springframework.stereotype.Component; +import org.springframework.web.server.ServerWebExchange; + +import reactor.core.publisher.Mono; +import we.api.pairing.ApiPairingDocSetService; +import we.plugin.FizzPluginFilter; +import we.plugin.FizzPluginFilterChain; +import we.util.ReactorUtils; +import we.util.WebUtils; + +/** + * + * @author Francis Dong + * + */ +@Component(ApiDocAuthPluginFilter.API_DOC_AUTH_PLUGIN_FILTER) +public class ApiDocAuthPluginFilter implements FizzPluginFilter { + + private static final Logger log = LoggerFactory.getLogger(ApiDocAuthPluginFilter.class); + + public static final String API_DOC_AUTH_PLUGIN_FILTER = "apiDocAuthPlugin"; + + @Resource + private ApiPairingDocSetService apiPairingDocSetService; + + @SuppressWarnings({ "unchecked", "rawtypes" }) + @Override + public Mono filter(ServerWebExchange exchange, Map config) { + try { + String appId = WebUtils.getAppId(exchange); + String service = WebUtils.getClientService(exchange); + String path = WebUtils.getClientReqPath(exchange); + HttpMethod method = exchange.getRequest().getMethod(); + if (apiPairingDocSetService.existsDocSetMatch(appId, method, service, path)) { + // Go to next plugin + Mono next = FizzPluginFilterChain.next(exchange); + return next.defaultIfEmpty(ReactorUtils.NULL).flatMap(nil -> { + doAfter(); + return Mono.empty(); + }); + } else { + // Auth failed + ServerHttpResponse response = exchange.getResponse(); + response.setStatusCode(HttpStatus.UNAUTHORIZED); + response.getHeaders().setCacheControl("no-store"); + response.getHeaders().setExpires(0); + String respJson = WebUtils.jsonRespBody(HttpStatus.UNAUTHORIZED.value(), + HttpStatus.UNAUTHORIZED.getReasonPhrase(), WebUtils.getTraceId(exchange)); + return WebUtils.buildDirectResponse(exchange, HttpStatus.UNAUTHORIZED, null, respJson); + } + } catch (Exception e) { + log.error("{} exception", API_DOC_AUTH_PLUGIN_FILTER, e); + String respJson = WebUtils.jsonRespBody(HttpStatus.INTERNAL_SERVER_ERROR.value(), + HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(), WebUtils.getTraceId(exchange)); + return WebUtils.buildDirectResponse(exchange, HttpStatus.INTERNAL_SERVER_ERROR, null, respJson); + } + } + + public void doAfter() { + + } + +}