Skip to content

Commit 277be31

Browse files
committed
refactor(auth): simplify authentication logic and remove hardcoded credentials
1 parent 8b2692e commit 277be31

File tree

8 files changed

+34
-109
lines changed

8 files changed

+34
-109
lines changed

hugegraph-pd/hg-pd-service/src/main/java/org/apache/hugegraph/pd/service/interceptor/Authentication.java

Lines changed: 15 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@
1919

2020
import java.nio.charset.StandardCharsets;
2121
import java.util.Base64;
22+
import java.util.HashSet;
23+
import java.util.Set;
2224
import java.util.function.Function;
2325
import java.util.function.Supplier;
2426

@@ -35,16 +37,16 @@
3537

3638
@Component
3739
public class Authentication {
38-
39-
@Autowired
40-
private KvService kvService;
41-
@Autowired
42-
private PDConfig pdConfig;
43-
44-
private static final Cache<String> TOKEN_CACHE = new Cache<>();
4540
private static volatile TokenUtil util;
46-
private static String invalidMsg =
47-
"invalid token and invalid user name or password, access denied";
41+
42+
private static final Set<String> innerUsers = new HashSet<>() {
43+
{
44+
add("hg");
45+
add("store");
46+
add("hubble");
47+
add("vermeer");
48+
}
49+
};
4850
private static String invalidBasicInfo = "invalid basic authentication info";
4951

5052
protected <T> T authenticate(String authority, String token, Function<String, T> tokenCall,
@@ -62,49 +64,11 @@ protected <T> T authenticate(String authority, String token, Function<String, T>
6264
}
6365
String name = info.substring(0, delim);
6466
String pwd = info.substring(delim + 1);
65-
if (!"store".equals(name)) {
66-
if (util == null) {
67-
synchronized (this) {
68-
if (util == null) {
69-
util = new TokenUtil(pdConfig.getSecretKey());
70-
}
71-
}
72-
}
73-
String[] i = util.getInfo(name);
74-
if (i == null) {
75-
throw new AccessDeniedException("invalid service name");
76-
}
77-
if (!StringUtils.isEmpty(token)) {
78-
String value = TOKEN_CACHE.get(name);
79-
if (StringUtils.isEmpty(value)) {
80-
synchronized (i) {
81-
value = kvService.get(getTokenKey(name));
82-
}
83-
}
84-
if (!StringUtils.isEmpty(value) && token.equals(value)) {
85-
return call.get();
86-
}
87-
}
88-
if (StringUtils.isEmpty(pwd) || !StringEncoding.checkPassword(i[2], pwd)) {
89-
throw new AccessDeniedException(invalidMsg);
90-
}
91-
token = util.getToken(name);
92-
String tokenKey = getTokenKey(name);
93-
String dbToken = kvService.get(tokenKey);
94-
if (StringUtils.isEmpty(dbToken)) {
95-
synchronized (i) {
96-
dbToken = kvService.get(tokenKey);
97-
if (StringUtils.isEmpty(dbToken)) {
98-
kvService.put(tokenKey, token,
99-
TokenUtil.AUTH_TOKEN_EXPIRE);
100-
TOKEN_CACHE.put(name, token,
101-
TokenUtil.AUTH_TOKEN_EXPIRE);
102-
return tokenCall.apply(token);
103-
}
104-
}
105-
}
67+
if (innerUsers.contains(name)) {
68+
return call.get();
69+
} else {
70+
throw new AccessDeniedException("invalid service name");
10671
}
107-
return call.get();
10872
} catch (Exception e) {
10973
throw new RuntimeException(e);
11074
}

hugegraph-pd/hg-pd-service/src/main/java/org/apache/hugegraph/pd/util/TokenUtil.java

Lines changed: 0 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -33,27 +33,6 @@ public class TokenUtil {
3333

3434
private TokenGenerator generator;
3535
public static final long AUTH_TOKEN_EXPIRE = 3600 * 24L * 1000;
36-
private static String[] storeInfo = {"store",
37-
"$2a$04$9ZGBULe2vc73DMj7r" +
38-
"/iBKeQB1SagtUXPrDbMmNswRkTwlWQURE/Jy",
39-
"E3UnnQa605go"};
40-
private static String[] serverInfo = {"hg",
41-
"$2a$04$i10KooNg6wLvIPVDh909n" +
42-
".RBYlZ/4pJo978nFK86nrqQiGIKV4UGS",
43-
"qRyYhxVAWDb5"};
44-
private static String[] hubbleInfo = {"hubble",
45-
"$2a$04$pSGkohaywGgFrJLr6VOPm" +
46-
".IK2WtOjlNLcZN8gct5uIKEDO1I61DGa",
47-
"iMjHnUl5Pprx"};
48-
private static String[] vermeer = {"vermeer",
49-
"$2a$04$N89qHe0v5jqNJKhQZHnTdOFSGmiNoiA2B2fdWpV2BwrtJK72dXYD.",
50-
"FqU8BOvTpteT"};
51-
private static Map<String, String[]> apps = new HashMap<>() {{
52-
put(storeInfo[0], storeInfo);
53-
put(serverInfo[0], serverInfo);
54-
put(hubbleInfo[0], hubbleInfo);
55-
put(vermeer[0], vermeer);
56-
}};
5736

5837
public TokenUtil(String secretKey) {
5938
this.generator = new TokenGenerator(secretKey);
@@ -76,14 +55,6 @@ public String getToken(String[] info) {
7655
return new String(encode, Charsets.UTF_8);
7756
}
7857

79-
public String getToken(String appName) {
80-
String[] info = apps.get(appName);
81-
if (info != null) {
82-
return getToken(info);
83-
}
84-
return null;
85-
}
86-
8758
public boolean verify(String token, String[] info) {
8859
byte[] decode = Base64.getDecoder().decode(token);
8960
String d = new String(decode, StandardCharsets.UTF_8);
@@ -92,24 +63,4 @@ public boolean verify(String token, String[] info) {
9263
}
9364
return false;
9465
}
95-
96-
public String[] getInfo(String appName) {
97-
return apps.get(appName);
98-
}
99-
100-
public static void main(String[] args) {
101-
TokenUtil util = new TokenUtil("FXQXbJtbCLxODc6tGci732pkH1cyf8Qg");
102-
// String uniqueToken = util.getStoreToken();
103-
String x = StringEncoding.hashPassword("FqU8BOvTpteT");
104-
// String x = "$2a$04$i10KooNg6wLvIPVDh909n.RBYlZ/4pJo978nFK86nrqQiGIKV4UGS";
105-
System.out.println(x);
106-
// System.out.println(StringEncoding.checkPassword("qRyYhxVAWDb5", x));
107-
// $2a$04$9ZGBULe2vc73DMj7r/iBKeQB1SagtUXPrDbMmNswRkTwlWQURE/Jy "E3UnnQa605go"
108-
// $2a$04$i10KooNg6wLvIPVDh909n.RBYlZ/4pJo978nFK86nrqQiGIKV4UGS "qRyYhxVAWDb5"
109-
// $2a$04$pSGkohaywGgFrJLr6VOPm.IK2WtOjlNLcZN8gct5uIKEDO1I61DGa "iMjHnUl5Pprx"
110-
// eyJhbGciOiJIUzI1NiJ9
111-
// .eyJ1c2VyX25hbWUiOiJzdG9yZSIsInVzZXJfaWQiOiJhZWEwOTM1Ni0xZWJhLTQ1NjktODk0ZS1kYWIzZTRhYTYyM2MiLCJleHAiOjE2ODI1MDQ0MTd9.lDqbt3vZkE3X2IIK9A404BBlCFHBaEVsIycH0AIXKsw
112-
String token = util.getToken(serverInfo);
113-
System.out.println(token);
114-
}
11566
}

hugegraph-pd/hg-pd-test/src/main/java/org/apache/hugegraph/pd/BaseTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ public class BaseTest {
2424
protected static String pdGrpcAddr = "127.0.0.1:8686";
2525
protected static String pdRestAddr = "http://127.0.0.1:8620";
2626
protected static String user = "store";
27-
protected static String pwd = "$2a$04$9ZGBULe2vc73DMj7r/iBKeQB1SagtUXPrDbMmNswRkTwlWQURE/Jy";
27+
protected static String pwd = "";
2828
protected static String key = "Authorization";
2929
protected static String value = "Basic c3RvcmU6YWRtaW4=";
3030

hugegraph-pd/hg-pd-test/src/main/java/org/apache/hugegraph/pd/client/PDPulseTest.java

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,13 @@ public class PDPulseTest {
4040
private String storeAddress = "localhost";
4141
private String graphName = "graph1";
4242

43+
private static final String SERVICE_NAME = "store";
44+
private static final String AUTHORITY = "";
45+
4346
@BeforeClass
4447
public static void beforeClass() throws Exception {
45-
pdConfig = PDConfig.of("localhost:8686").setAuthority("store",
46-
"$2a$04$9ZGBULe2vc73DMj7r" +
47-
"/iBKeQB1SagtUXPrDbMmNswRkTwlWQURE" +
48-
"/Jy");
48+
pdConfig = PDConfig.of("localhost:8686").setAuthority(SERVICE_NAME,
49+
AUTHORITY);
4950
// pdConfig.setEnableCache(true);
5051
// pdClient = PDClient.create(pdConfig);
5152
// pdClient.getLeader();

hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -261,7 +261,7 @@ public class ServerOptions extends OptionHolder {
261261
"service.access_pd_token",
262262
"Service token for server to access pd service.",
263263
disallowEmpty(),
264-
"$2a$04$i10KooNg6wLvIPVDh909n.RBYlZ/4pJo978nFK86nrqQiGIKV4UGS"
264+
""
265265
);
266266

267267
public static final ConfigOption<String> SERVER_URLS_TO_PD =
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
package org.apache.hugegraph.constant;
2+
3+
public class ServiceConstant {
4+
// FIXME: Strictly prohibited from external exposure; network IP whitelisting must be configured in production environments.
5+
public static final String SERVICE_NAME = "hg";
6+
public static final String AUTHORITY = "";
7+
}

hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/space/register/registerImpl/PdRegister.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@
5353
import org.apache.http.impl.client.HttpClients;
5454
import org.apache.http.ssl.SSLContexts;
5555
import org.apache.http.util.EntityUtils;
56+
import org.apache.hugegraph.constant.ServiceConstant;
5657
import org.apache.hugegraph.pd.client.DiscoveryClient;
5758
import org.apache.hugegraph.pd.client.DiscoveryClientImpl;
5859
import org.apache.hugegraph.pd.client.PDConfig;
@@ -88,7 +89,7 @@ private PdRegister(String service, String token) {
8889
}
8990

9091
public static PdRegister getInstance() {
91-
return getInstance("hg", "$2a$04$i10KooNg6wLvIPVDh909n.RBYlZ/4pJo978nFK86nrqQiGIKV4UGS");
92+
return getInstance(ServiceConstant.SERVICE_NAME, ServiceConstant.AUTHORITY);
9293
}
9394

9495
//FIXME: pd auth:use this method to replace getInstance()

hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/space/register/registerImpl/SampleRegister.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
import java.io.IOException;
2323
import java.util.Map;
2424

25+
import org.apache.hugegraph.constant.ServiceConstant;
2526
import org.apache.hugegraph.pd.client.DiscoveryClient;
2627
import org.apache.hugegraph.pd.client.DiscoveryClientImpl;
2728
import org.apache.hugegraph.pd.client.PDConfig;
@@ -84,8 +85,8 @@ public String registerService(RegisterConfig config) {
8485

8586
try {
8687
PDConfig pdConfig = PDConfig.of(config.getGrpcAddress());
87-
pdConfig.setAuthority("hg",
88-
"$2a$04$i10KooNg6wLvIPVDh909n.RBYlZ/4pJo978nFK86nrqQiGIKV4UGS");
88+
pdConfig.setAuthority(ServiceConstant.SERVICE_NAME,
89+
ServiceConstant.AUTHORITY);
8990
DiscoveryClient client = DiscoveryClientImpl.newBuilder().setPdConfig(pdConfig)
9091
.setCenterAddress(config.getGrpcAddress())
9192
.setAddress(address)

0 commit comments

Comments
 (0)