fix api signuature credential auth bug (#34)

* fix db scripts * fix api signuature credential auth bug
WeBankBlockchain · Sep 2, 2024 · 0b4e85f · 0b4e85f
1 parent 31cd399
commit 0b4e85f
Show file tree

Hide file tree

Showing 10 changed files with 56 additions and 15 deletions.
diff --git a/db/wedpr_admin_dml.sql b/db/wedpr_admin_dml.sql
@@ -0,0 +1,4 @@
+-- 管理端初始化
+insert into wedpr_user (username, password, status) values('admin', '{bcrypt}$2a$10$XuiuKLg23kxtC/ldvYN0/evt0Y3aoBC9iV29srhIBMMDORzCQiYA.', 0);
+insert into wedpr_user_role(username, role_id) values ('admin', '10');
+insert into wedpr_role_permission (role_id, role_name, permission_id) values ('10', 'admin_user', '1');
diff --git a/db/wedpr_db_drop.sql b/db/wedpr_db_drop.sql
@@ -4,8 +4,21 @@ drop table if exists `wedpr_sync_status_table`;
 drop table if exists `wedpr_authorization_table`;
 drop table if exists `wedpr_follower_table`;
 drop table if exists `wedpr_authorization_template_table`;
+drop table if exists `wedpr_job_dataset_relation`;
 drop table if exists `wedpr_project_table`;
 drop table if exists `wedpr_job_table`;
 drop table if exists `wedpr_setting_template`;
 drop table if exists `wedpr_dataset`;
-drop table if exists `wedpr_dataset_permission`;
+drop table if exists `wedpr_dataset_permission`;
+drop table if exists `wedpr_group`;
+drop table if exists `wedpr_group_detail`;
+drop table if exists `wedpr_user`;
+drop table if exists `wedpr_user_role`;
+drop table if exists `wedpr_role_permission`;
+drop table if exists `wedpr_permission`;
+drop table if exists `wedpr_agency`;
+drop table if exists `wedpr_cert`;
+drop table if exists `wedpr_api_credential_table`;
+drop table if exists `wedpr_published_service`;
+drop table if exists `wedpr_service_invoke_table`;
+drop table if exists `wedpr_jupyter_table`;
diff --git a/db/wedpr_dml.sql b/db/wedpr_dml.sql
@@ -16,10 +16,5 @@ insert into wedpr_group_detail (group_id, username, status) values('100000000000
 -- 站点端初始化
 insert into wedpr_user (username, password, status) values('admin', '{bcrypt}$2a$10$9ZhDOBp.sRKat4l14ygu/.LscxrMUcDAfeVOEPiYwbcRkoB09gCmi', 0);
 insert into wedpr_user_role(username, role_id) values ('admin', '1');
-insert into wedpr_role_permission (role_id, role_name, permission_id) values ('1', 'admin_user', '1')
-insert into wedpr_role_permission (role_id, role_name, permission_id) values ('2', 'original_user', '2')
-
--- 管理端初始化
-insert into wedpr_user (username, password, status) values('admin', '{bcrypt}$2a$10$XuiuKLg23kxtC/ldvYN0/evt0Y3aoBC9iV29srhIBMMDORzCQiYA.', 0);
-insert into wedpr_user_role(username, role_id) values ('admin', '10');
-insert into wedpr_role_permission (role_id, role_name, permission_id) values ('10', 'admin_user', '1')
+insert into wedpr_role_permission (role_id, role_name, permission_id) values ('1', 'admin_user', '1');
+insert into wedpr_role_permission (role_id, role_name, permission_id) values ('2', 'original_user', '2');
diff --git a/wedpr-adm/conf/application-wedpr.properties b/wedpr-adm/conf/application-wedpr.properties
@@ -94,3 +94,5 @@ quartz-cron-report-job=0/2 * * * * ? *
 
 springfox.documentation.enabled=true
 
+server.type=site_end
+
diff --git a/wedpr-admin/conf/application-wedpr.properties b/wedpr-admin/conf/application-wedpr.properties
@@ -89,4 +89,5 @@ wedpr.user.jwt.publicKey=
 wedpr.user.jwt.sessionKey=
 
 springfox.documentation.enabled=true
+server.type=admin_end
 
diff --git a/...main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java b/...main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java
@@ -28,7 +28,7 @@
 import org.slf4j.LoggerFactory;
 
 public class MemoryCredentialCache implements CredentialCache {
-    private static Logger logger = LoggerFactory.getLogger(MemoryCredentialCache.class);
+    private static final Logger logger = LoggerFactory.getLogger(MemoryCredentialCache.class);
 
     private final ApiCredentialMapper credentialMapper;
     private final CredentialToolkit credentialToolkit;
@@ -55,9 +55,18 @@ public MemoryCredentialCache(
         this.credentialToolkit = credentialToolkit;
     }
 
+    private ApiCredentialDO loadCache(String accessKeyID) {
+        try {
+            return cache.get(accessKeyID);
+        } catch (Exception e) {
+            logger.warn("get {} failed for ", accessKeyID, e);
+            return null;
+        }
+    }
+
     @Override
     public ApiCredentialDO getAccessKey(String accessKeyID) {
-        return cache.getIfPresent(accessKeyID);
+        return loadCache(accessKeyID);
     }
 
     public ApiCredentialDO fetchCredential(String accessKeyID) throws NoValueInCacheException {

diff --git a/...curity/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java b/...curity/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java
@@ -75,7 +75,7 @@ public MemoryUserCache(
                 new CacheLoader<String, UserToken>() {
                     @Override
                     public UserToken load(String username) throws NoValueInCacheException {
-                        logger.info("从数据库查询用户信息：{}", username);
+                        logger.info("fetch userInformation from DB：{}", username);
                         // check the existence of user
                         if (wedprUserService.getWedprUserByNameService(username) != null) {
                             return fetchUserToken(username);
@@ -96,7 +96,7 @@ public UserToken load(String username) throws NoValueInCacheException {
     public Pair<Boolean, UserToken> getUserToken(HttpServletRequest request) throws Exception {
         UserToken userToken = TokenUtils.getLoginUser(request);
         String username = userToken.getUsername();
-        UserToken latestUserToken = userCache.getIfPresent(username);
+        UserToken latestUserToken = loadUserToken(username);
         // the user not exists
         if (latestUserToken == null) {
             return null;
@@ -113,10 +113,19 @@ public Pair<Boolean, UserToken> getUserToken(HttpServletRequest request) throws
         return new ImmutablePair<>(false, userToken);
     }
 
+    private UserToken loadUserToken(String userName) {
+        try {
+            return userCache.get(userName);
+        } catch (Exception e) {
+            logger.warn("get record for {} failed, error: ", e.getMessage());
+            return null;
+        }
+    }
+
     @Override
     public UserToken getUserToken(String userName) throws Exception {
         wedprUserService.updateAllowedTimeAndTryCount(userName, 0L, 0);
-        return userCache.getIfPresent(userName);
+        return loadUserToken(userName);
     }
 
     @Override

diff --git a/...ity/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java b/...ity/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java
@@ -28,6 +28,7 @@
 import lombok.SneakyThrows;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.util.StringUtils;
 
 public class APISignatureAuthFilter extends BasicAuthenticationFilter {
     private final CredentialVerifier credentialVerifier;
@@ -47,6 +48,11 @@ public APISignatureAuthFilter(
     protected void doFilterInternal(
             HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
         try {
+            // auth by token
+            if (!StringUtils.isEmpty(request.getHeader(Constant.TOKEN_FIELD))) {
+                chain.doFilter(request, response);
+                return;
+            }
             ApiCredentialDO credential = this.credentialVerifier.verify(request);
             UserToken userToken = userCache.getUserToken(credential.getOwner());
             if (userToken == null) {

diff --git a/...ty/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java b/...ty/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java
@@ -74,9 +74,10 @@ protected void doFilterInternal(
             response.setHeader(Constant.TOKEN_FIELD, newJwt);
             chain.doFilter(request, response);
         } catch (Exception e) {
-            logger.info("认证已过期或token错误，请重新登录: ", e);
+            logger.info("jwt auth failed, error: ", e);
             String wedprResponse =
-                    new WeDPRResponse(Constant.WEDPR_FAILED, "认证已过期或token错误，请重新登录").serialize();
+                    new WeDPRResponse(Constant.WEDPR_FAILED, "auth failed for " + e.getMessage())
+                            .serialize();
             TokenUtils.responseToClient(response, wedprResponse, HttpServletResponse.SC_FORBIDDEN);
         }
     }

diff --git a/.../sync/src/main/java/com/webank/wedpr/components/sync/impl/BlockChainResourceSyncImpl.java b/.../sync/src/main/java/com/webank/wedpr/components/sync/impl/BlockChainResourceSyncImpl.java
@@ -170,6 +170,7 @@ private void switchToLeader(String leaderID) {
         EventSubParams eventSubParams = new EventSubParams();
         eventSubParams.setFromBlock(blockNumber);
         eventSubParams.setToBlock(BigInteger.valueOf(-1));
+        eventSubParams.addAddress(WeDPRSyncConfig.getResourceLogRecordFactoryContractAddress());
         int i = 0;
         for (String topic : topics) {
             eventSubParams.addTopic(i, topic);