@Override public String getProjectOfApiKey(String apiKey, AccessKeyType type) { if (type == null) { throw new IllegalStateException(); } if (apiKey == null) { throw new RakamException(type.getKey() + " is missing", FORBIDDEN); } try (Connection conn = connectionPool.getConnection()) { PreparedStatement ps = conn.prepareStatement(format("SELECT lower(project) FROM api_key WHERE %s = ?", type.name())); ps.setString(1, apiKey); ResultSet resultSet = ps.executeQuery(); if (!resultSet.next()) { throw new RakamException(type.getKey() + " is invalid", FORBIDDEN); } return resultSet.getString(1); } catch (SQLException e) { throw Throwables.propagate(e); } }
private List<Set<String>> getKeys(Connection conn, String project) throws SQLException { Set<String> masterKeyList = new HashSet<>(); Set<String> readKeyList = new HashSet<>(); Set<String> writeKeyList = new HashSet<>(); Set<String>[] keys = Arrays.stream(AccessKeyType.values()).map(key -> new HashSet<String>()).toArray(Set[]::new); PreparedStatement ps = conn.prepareStatement("SELECT master_key, read_key, write_key from api_key WHERE project = ?"); ps.setString(1, project); ResultSet resultSet = ps.executeQuery(); while (resultSet.next()) { String apiKey; apiKey = resultSet.getString(1); if (apiKey != null) { masterKeyList.add(apiKey); } apiKey = resultSet.getString(2); if (apiKey != null) { readKeyList.add(apiKey); } apiKey = resultSet.getString(3); if (apiKey != null) { writeKeyList.add(apiKey); } } keys[MASTER_KEY.ordinal()] = Collections.unmodifiableSet(masterKeyList); keys[READ_KEY.ordinal()] = Collections.unmodifiableSet(readKeyList); keys[WRITE_KEY.ordinal()] = Collections.unmodifiableSet(writeKeyList); return Collections.unmodifiableList(Arrays.asList(keys)); }
public ProjectPermissionIRequestParameter(ApiKeyService apiKeyService, Method method) { final ApiOperation annotation = method.getAnnotation(ApiOperation.class); Authorization[] authorizations = annotation == null ? new Authorization[0] : Arrays.stream(annotation.authorizations()).filter(auth -> !auth.value().equals("")).toArray(value -> new Authorization[value]); if (authorizations.length == 0) { throw new IllegalStateException(method.toGenericString() + ": The permission check component requires endpoints to have authorizations definition in @ApiOperation. " + "Use @IgnorePermissionCheck to bypass security check in method " + method.toString()); } if (annotation != null && !annotation.consumes().isEmpty() && !annotation.consumes().equals("application/json")) { throw new IllegalStateException("The permission check component requires endpoint to consume application/json. " + "Use @IgnorePermissionCheck to bypass security check in method " + method.toString()); } Api clazzOperation = method.getDeclaringClass().getAnnotation(Api.class); if (authorizations.length == 0 && (clazzOperation == null || clazzOperation.authorizations().length == 0)) { throw new IllegalArgumentException(String.format("Authorization for method %s is not defined. " + "You must use @IgnorePermissionCheck if the endpoint doesn't need permission check", method.toString())); } if (authorizations.length != 1) { throw new IllegalArgumentException(); } type = ApiKeyService.AccessKeyType.fromKey(authorizations[0].value()); this.apiKeyService = apiKeyService; }
String apiKey; try { apiKey = getParam(request.params(), MASTER_KEY.getKey()); } catch (Exception e) { apiKey = request.headers().get(MASTER_KEY.getKey()); String apiKey = getParam(request.params(), MASTER_KEY.getKey()); String project = apiKeyService.getProjectOfApiKey(apiKey, MASTER_KEY); String collection = getParam(request.params(), "collection"); String apiKey = getParam(request.params(), MASTER_KEY.getKey()); String project = apiKeyService.getProjectOfApiKey(apiKey, MASTER_KEY); String collection = getParam(request.params(), "collection");
List<String> apiKey = request.params().get(keyType.getKey()); if (apiKey == null || data.isEmpty()) { String message = keyType.getKey() + " query parameter is required"; LogUtil.logException(request, new RakamException(message, BAD_REQUEST)); response.send("result", encode(errorMessage(message, BAD_REQUEST))).end();
@Override public Object extract(ObjectNode node, RakamHttpRequest request) { String apiKey = request.headers().get(type.getKey()); if (apiKey == null) { List<String> apiKeyList = request.params().get(type.getKey()); if (apiKeyList != null && !apiKeyList.isEmpty()) { apiKey = apiKeyList.get(0); } else { throw new RakamException(type.getKey() + " header or " + "query parameter is missing.", FORBIDDEN);
@Override public Key getProjectKey(int apiId, AccessKeyType type) { try (Connection conn = connectionPool.getConnection()) { PreparedStatement ps = conn.prepareStatement(String.format("SELECT lower(project), %s FROM api_key WHERE id = ?", type.getKey())); ps.setInt(1, apiId); ResultSet resultSet = ps.executeQuery(); if (!resultSet.next()) { throw new RakamException("api key is invalid", FORBIDDEN); } return new Key(resultSet.getString(1), resultSet.getString(2)); } catch (SQLException e) { throw Throwables.propagate(e); } }
@Override public int hashCode() { int result = key.hashCode(); result = 31 * result + type.hashCode(); return result; } }