void assertTenant(final RoutingContext ctx) { if (Device.class.isInstance(ctx.user())) { final Device device = (Device) ctx.user(); if (device.getTenantId().equals(getTenantParam(ctx))) { ctx.next(); } else { ctx.fail(new ClientErrorException(HttpURLConnection.HTTP_FORBIDDEN, "not authorized to upload data for device from other tenant")); } } else { handle401(ctx); } } }
void assertTenant(final RoutingContext ctx) { if (Device.class.isInstance(ctx.user())) { final Device device = (Device) ctx.user(); if (device.getTenantId().equals(getTenantParam(ctx))) { ctx.next(); } else { ctx.fail(new ClientErrorException(HttpURLConnection.HTTP_FORBIDDEN, "not authorized to upload data for device from other tenant")); } } else { handle401(ctx); } } }
HttpMethod.PUT, String.format("/control/res/:%s/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID, PARAM_COMMAND_REQUEST_ID)) .handler(ctx -> uploadCommandResponseMessage(ctx, getTenantParam(ctx), getDeviceIdParam(ctx), getCommandRequestIdParam(ctx), getCommandResponseStatusParam(ctx)));
private void addEventApiRoutes(final Router router, final Handler<RoutingContext> authHandler) { // support CORS headers for PUTing events router.routeWithRegex("\\/event\\/[^\\/]+\\/.*").handler(CorsHandler.create(getConfig().getCorsAllowedOrigin()) .allowedMethod(HttpMethod.PUT) .allowedHeader(Constants.HEADER_TIME_TIL_DISCONNECT) .allowedHeader(HttpHeaders.AUTHORIZATION.toString()) .allowedHeader(HttpHeaders.CONTENT_TYPE.toString())); if (getConfig().isAuthenticationRequired()) { // support CORS headers for POSTing events router.route("/event").handler(CorsHandler.create(getConfig().getCorsAllowedOrigin()) .allowedMethod(HttpMethod.POST) .allowedHeader(Constants.HEADER_TIME_TIL_DISCONNECT) .allowedHeader(HttpHeaders.AUTHORIZATION.toString()) .allowedHeader(HttpHeaders.CONTENT_TYPE.toString())); // require auth for POSTing events router.route(HttpMethod.POST, "/event").handler(authHandler); // route for posting events using tenant and device ID determined as part of // device authentication router.route(HttpMethod.POST, "/event").handler(this::handlePostEvent); // require auth for PUTing events router.route(HttpMethod.PUT, "/event/*").handler(authHandler); // route for asserting that authenticated device's tenant matches tenant from path variables router.route(HttpMethod.PUT, String.format("/event/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID)) .handler(this::assertTenant); } // route for sending event messages router.route(HttpMethod.PUT, String.format("/event/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID)) .handler(ctx -> uploadEventMessage(ctx, getTenantParam(ctx), getDeviceIdParam(ctx))); }
HttpMethod.PUT, String.format("/control/res/:%s/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID, PARAM_COMMAND_REQUEST_ID)) .handler(ctx -> uploadCommandResponseMessage(ctx, getTenantParam(ctx), getDeviceIdParam(ctx), getCommandRequestIdParam(ctx), getCommandResponseStatusParam(ctx)));
.handler(ctx -> uploadTelemetryMessage(ctx, getTenantParam(ctx), getDeviceIdParam(ctx)));
.handler(ctx -> uploadEventMessage(ctx, getTenantParam(ctx), getDeviceIdParam(ctx)));
.handler(ctx -> uploadTelemetryMessage(ctx, getTenantParam(ctx), getDeviceIdParam(ctx)));