(incubator-streampark) branch dev-2.1.5 updated: [Improve] openapi whitelist support

Sun, 28 Jul 2024 03:34:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev-2.1.5
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git


The following commit(s) were added to refs/heads/dev-2.1.5 by this push:
     new 9b1fcdd10 [Improve] openapi whitelist support
9b1fcdd10 is described below

commit 9b1fcdd10c3eda9b787a990b99441d881d894474
Author: benjobs <[email protected]>
AuthorDate: Sun Jul 28 18:34:33 2024 +0800

    [Improve] openapi whitelist support
---
 .../src/main/assembly/conf/config.yaml             |  2 +
 .../console/core/aspect/StreamParkAspect.java      | 44 +++++++++++++++++++---
 2 files changed, 41 insertions(+), 5 deletions(-)

diff --git 
a/streampark-console/streampark-console-service/src/main/assembly/conf/config.yaml
 
b/streampark-console/streampark-console-service/src/main/assembly/conf/config.yaml
index b51ce4db6..e51bb812f 100644
--- 
a/streampark-console/streampark-console-service/src/main/assembly/conf/config.yaml
+++ 
b/streampark-console/streampark-console-service/src/main/assembly/conf/config.yaml
@@ -65,6 +65,8 @@ streampark:
   project:
     # Number of projects allowed to be running at the same time , If there is 
no limit, -1 can be configured
     max-build: 16
+  #openapi white-list, You can define multiple openAPI, separated by spaces(" 
") or comma(,).
+  openapi.white-list:
 
 # flink on yarn or spark on yarn, when the hadoop cluster enable kerberos 
authentication, it is necessary to set Kerberos authentication parameters.
 security:
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
index 82c9cc484..0deacfecf 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
@@ -42,11 +42,20 @@ import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.DefaultParameterNameDiscoverer;
+import org.springframework.core.SpringProperties;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.HashSet;
+import java.util.Set;
 
 @Slf4j
 @Component
@@ -58,15 +67,33 @@ public class StreamParkAspect {
   @Autowired private MemberService memberService;
   @Autowired private ApplicationService applicationService;
 
+  private final Set<String> openapiWhitelist = new HashSet<>();
+
+  @PostConstruct
+  public void initOpenapiWhitelist() {
+    String whiteLists = 
SpringProperties.getProperty("streampark.openapi.white-list");
+    if (StringUtils.isNotBlank(whiteLists)) {
+      String[] whiteList = whiteLists.trim().split("\\s|,");
+      for (String order : whiteList) {
+        if (StringUtils.isNotBlank(order)) {
+          if (!order.startsWith("/")) {
+            order = "/" + order;
+          }
+          openapiWhitelist.add(order);
+        }
+      }
+    }
+  }
+
   @Pointcut(
       "execution(public"
           + " org.apache.streampark.console.base.domain.RestResponse"
-          + " org.apache.streampark.console.*.controller.*.*(..))")
-  public void apiAccess() {}
+          + " org.apache.streampark.console.core.controller.*.*(..))")
+  public void openAPI() {}
 
   @SuppressWarnings("checkstyle:SimplifyBooleanExpression")
-  @Around(value = "apiAccess()")
-  public RestResponse apiAccess(ProceedingJoinPoint joinPoint) throws 
Throwable {
+  @Around(value = "openAPI()")
+  public RestResponse openAPI(ProceedingJoinPoint joinPoint) throws Throwable {
     MethodSignature methodSignature = (MethodSignature) 
joinPoint.getSignature();
     log.debug("restResponse aspect, method:{}", methodSignature.getName());
     Boolean isApi =
@@ -74,7 +101,14 @@ public class StreamParkAspect {
     if (isApi != null && isApi) {
       OpenAPI openAPI = 
methodSignature.getMethod().getAnnotation(OpenAPI.class);
       if (openAPI == null) {
-        throw new ApiAlertException("current api unsupported!");
+        HttpServletRequest request =
+            ((ServletRequestAttributes) 
RequestContextHolder.getRequestAttributes()).getRequest();
+        String url = request.getRequestURI();
+        if (openapiWhitelist.contains(url)) {
+          log.info("request by openapi white-list: {} ", url);
+        } else {
+          throw new ApiAlertException("current api unsupported: " + url);
+        }
       }
     }
     return (RestResponse) joinPoint.proceed();

Reply via email to