Skip to content

Commit

Permalink
Merge branch 'master' into feat-arthas-server
Browse files Browse the repository at this point in the history
# Conflicts:
#	hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java
  • Loading branch information
SunnyBoy-WYH committed Oct 7, 2023
2 parents 65c7120 + 30ef2f7 commit 8d11607
Show file tree
Hide file tree
Showing 31 changed files with 1,416 additions and 219 deletions.
1 change: 0 additions & 1 deletion .github/workflows/check-dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name: "3rd-party"
on:
push:
branches:
- master
- /^release-.*$/
pull_request:

Expand Down
7 changes: 5 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,10 @@ Billions of vertices and edges can be easily stored into and queried from HugeGr
We can use `docker run -itd --name=graph -p 8080:8080 hugegraph/hugegraph` to quickly start an inner
HugeGraph server with `RocksDB` in background.

Optional: use `docker exec -it graph bash` to enter the container to do some operations.
Optional:

1. use `docker exec -it graph bash` to enter the container to do some operations.
2. use `docker run -itd --name=graph -p 8080:8080 -e PRELOAD="true" hugegraph/hugegraph` to start with a **built-in** (example) graph.

### 2. Download Way

Expand All @@ -54,7 +57,7 @@ The project [doc page](https://hugegraph.apache.org/docs/) contains more informa
and provides detailed documentation for users. (Structure / Usage / API / Configs...)

And here are links of other **HugeGraph** component/repositories:
1. [hugegraph-toolchain](https://github.com/apache/incubator-hugegraph-toolchain) (graph **loader/dashboard/tool/client**)
1. [hugegraph-toolchain](https://github.com/apache/incubator-hugegraph-toolchain) (graph **[loader](https://github.com/apache/incubator-hugegraph-toolchain/tree/master/hugegraph-loader)/[dashboard](https://github.com/apache/incubator-hugegraph-toolchain/tree/master/hugegraph-hubble)/[tool](https://github.com/apache/incubator-hugegraph-toolchain/tree/master/hugegraph-tools)/[client](https://github.com/apache/incubator-hugegraph-toolchain/tree/master/hugegraph-client)**)
2. [hugegraph-computer](https://github.com/apache/incubator-hugegraph-computer) (matched **graph computing** system)
3. [hugegraph-commons](https://github.com/apache/incubator-hugegraph-commons) (**common & rpc** module)
4. [hugegraph-website](https://github.com/apache/incubator-hugegraph-doc) (**doc & website** code)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,38 @@

package org.apache.hugegraph.api.filter;

import static org.apache.hugegraph.config.ServerOptions.WHITE_IP_STATUS;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

import javax.xml.bind.DatatypeConverter;

import org.apache.hugegraph.auth.HugeAuthenticator;
import org.apache.hugegraph.auth.HugeAuthenticator.RequiredPerm;
import org.apache.hugegraph.auth.HugeAuthenticator.RolePerm;
import org.apache.hugegraph.auth.HugeAuthenticator.User;
import org.apache.hugegraph.auth.RolePermission;
import org.apache.hugegraph.config.HugeConfig;
import org.apache.hugegraph.core.GraphManager;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.Log;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.glassfish.grizzly.http.server.Request;
import org.glassfish.grizzly.utils.Charsets;
import org.slf4j.Logger;

import com.alipay.remoting.util.StringUtils;
import com.google.common.collect.ImmutableList;

import jakarta.annotation.Priority;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.Priorities;
import jakarta.ws.rs.container.ContainerRequestContext;
Expand All @@ -35,23 +59,6 @@
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo;
import jakarta.ws.rs.ext.Provider;
import javax.xml.bind.DatatypeConverter;

import org.apache.commons.lang3.StringUtils;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.glassfish.grizzly.http.server.Request;
import org.glassfish.grizzly.utils.Charsets;
import org.slf4j.Logger;

import org.apache.hugegraph.auth.HugeAuthenticator;
import org.apache.hugegraph.auth.HugeAuthenticator.RequiredPerm;
import org.apache.hugegraph.auth.HugeAuthenticator.RolePerm;
import org.apache.hugegraph.auth.HugeAuthenticator.User;
import org.apache.hugegraph.auth.RolePermission;
import org.apache.hugegraph.core.GraphManager;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.Log;
import com.google.common.collect.ImmutableList;

@Provider
@PreMatching
Expand All @@ -68,12 +75,20 @@ public class AuthenticationFilter implements ContainerRequestFilter {
"versions"
);

private static String whiteIpStatus;

private static final String STRING_WHITE_IP_LIST = "whiteiplist";
private static final String STRING_ENABLE = "enable";

@Context
private jakarta.inject.Provider<GraphManager> managerProvider;

@Context
private jakarta.inject.Provider<Request> requestProvider;

@Context
private jakarta.inject.Provider<HugeConfig> configProvider;

@Override
public void filter(ContainerRequestContext context) throws IOException {
if (AuthenticationFilter.isWhiteAPI(context)) {
Expand Down Expand Up @@ -102,6 +117,26 @@ protected User authenticate(ContainerRequestContext context) {
path = request.getRequestURI();
}

// Check whiteIp
if (whiteIpStatus == null) {
whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS);
}

if (Objects.equals(whiteIpStatus, STRING_ENABLE) && request != null) {
peer = request.getRemoteAddr() + ":" + request.getRemotePort();
path = request.getRequestURI();

String remoteIp = request.getRemoteAddr();
Set<String> whiteIpList = manager.authManager().listWhiteIPs();
boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus();
if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled &&
!whiteIpList.contains(remoteIp)) {
throw new ForbiddenException(
String.format("Remote ip '%s' is not permitted",
remoteIp));
}
}

Map<String, String> credentials = new HashMap<>();
// Extract authentication credentials
String auth = context.getHeaderString(HttpHeaders.AUTHORIZATION);
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with this
* work for additional information regarding copyright ownership. The ASF
* licenses this file to You under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/

package org.apache.hugegraph.api.profile;

import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.commons.lang.StringUtils;
import org.apache.hugegraph.api.API;
import org.apache.hugegraph.api.filter.StatusFilter;
import org.apache.hugegraph.auth.AuthManager;
import org.apache.hugegraph.core.GraphManager;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.Log;
import org.slf4j.Logger;

import com.codahale.metrics.annotation.Timed;
import com.google.common.collect.ImmutableMap;

import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Singleton;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;

@Path("whiteiplist")
@Singleton
public class WhiteIpListAPI extends API {

private static final Logger LOG = Log.logger(WhiteIpListAPI.class);

@GET
@Timed
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed("admin")
public Map<String, Object> list(@Context GraphManager manager) {
LOG.debug("List white ips");
AuthManager authManager = manager.authManager();
Set<String> whiteIpList = authManager.listWhiteIPs();
return ImmutableMap.of("whiteIpList", whiteIpList);
}

@POST
@Timed
@StatusFilter.Status(StatusFilter.Status.ACCEPTED)
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed("admin")
public Map<String, Object> updateWhiteIPs(@Context GraphManager manager, Map<String, Object> actionMap) {
E.checkArgument(actionMap != null,
"Missing argument: actionMap");
Set<String> whiteIpList = manager.authManager().listWhiteIPs();
Object ipListRaw = actionMap.get("ips");
E.checkArgument(ipListRaw instanceof List,
"Invalid ips type '%s', must be list", ipListRaw.getClass());
List<String> ipList = (List<String>) ipListRaw;
Object actionRaw = actionMap.get("action");
E.checkArgument(actionRaw != null,
"Missing argument: action");
E.checkArgument(actionRaw instanceof String,
"Invalid action type '%s', must be string",
actionRaw.getClass());
String action = (String) actionRaw;
E.checkArgument(StringUtils.isNotEmpty(action),
"Missing argument: action");
Set<String> existedIPs = new HashSet<>();
Set<String> loadedIPs = new HashSet<>();
Set<String> illegalIPs = new HashSet<>();
Map<String, Object> result = new HashMap<>();
for (String ip : ipList) {
if (whiteIpList.contains(ip)) {
existedIPs.add(ip);
continue;
}
if ("load".equals(action)) {
boolean rightIp = checkIp(ip) ? loadedIPs.add(ip) : illegalIPs.add(ip);
}
}
switch (action) {
case "load":
LOG.debug("Load to white ip list");
result.put("existed_ips", existedIPs);
result.put("added_ips", loadedIPs);
if (!illegalIPs.isEmpty()) {
result.put("illegal_ips", illegalIPs);
}
whiteIpList.addAll(loadedIPs);
break;
case "remove":
LOG.debug("Remove from white ip list");
result.put("removed_ips", existedIPs);
result.put("non_existed_ips", loadedIPs);
whiteIpList.removeAll(existedIPs);
break;
default:
throw new AssertionError(String.format("Invalid action '%s', " +
"supported action is " +
"'load' or 'remove'",
action));
}
manager.authManager().setWhiteIPs(whiteIpList);
return result;
}

@PUT
@Timed
@Produces(APPLICATION_JSON_WITH_CHARSET)
@RolesAllowed("admin")
public Map<String, Object> updateStatus(@Context GraphManager manager, @QueryParam("status") String status) {
LOG.debug("Enable or disable white ip list");
E.checkArgument("true".equals(status) ||
"false".equals(status),
"Invalid status, valid status is 'true' or 'false'");
boolean open = Boolean.parseBoolean(status);
manager.authManager().enabledWhiteIpList(open);
Map<String, Object> map = new HashMap<>();
map.put("WhiteIpListOpen", open);
return map;
}

private boolean checkIp(String ipStr) {
String ip = "^(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[1-9])\\."
+ "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)\\."
+ "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)\\."
+ "(00?\\d|1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|\\d)$";
Pattern pattern = Pattern.compile(ip);
Matcher matcher = pattern.matcher(ipStr);
return matcher.matches();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
import org.apache.hugegraph.traversal.algorithm.HugeTraverser;
import org.apache.hugegraph.traversal.algorithm.KneighborTraverser;
import org.apache.hugegraph.traversal.algorithm.records.KneighborRecords;
import org.apache.hugegraph.traversal.algorithm.steps.EdgeStep;
import org.apache.hugegraph.traversal.algorithm.steps.Steps;
import org.apache.hugegraph.type.define.Directions;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.Log;
Expand Down Expand Up @@ -120,17 +120,17 @@ public String post(@Context GraphManager manager,
E.checkArgumentNotNull(request, "The request body can't be null");
E.checkArgumentNotNull(request.source,
"The source of request can't be null");
E.checkArgument(request.step != null,
E.checkArgument(request.steps != null,
"The steps of request can't be null");
if (request.countOnly) {
E.checkArgument(!request.withVertex && !request.withPath && !request.withEdge,
"Can't return vertex, edge or path when count only");
}

LOG.debug("Graph [{}] get customized kneighbor from source vertex " +
"'{}', with step '{}', limit '{}', count_only '{}', " +
"'{}', with steps '{}', limit '{}', count_only '{}', " +
"with_vertex '{}', with_path '{}' and with_edge '{}'",
graph, request.source, request.step, request.limit,
graph, request.source, request.steps, request.limit,
request.countOnly, request.withVertex, request.withPath,
request.withEdge);

Expand All @@ -139,11 +139,11 @@ public String post(@Context GraphManager manager,
HugeGraph g = graph(manager, graph);
Id sourceId = HugeVertex.getIdValue(request.source);

EdgeStep step = step(g, request.step);
Steps steps = steps(g, request.steps);

KneighborRecords results;
try (KneighborTraverser traverser = new KneighborTraverser(g)) {
results = traverser.customizedKneighbor(sourceId, step,
results = traverser.customizedKneighbor(sourceId, steps,
request.maxDepth,
request.limit);
measure.addIterCount(traverser.vertexIterCounter.get(),
Expand Down Expand Up @@ -202,8 +202,8 @@ private static class Request {

@JsonProperty("source")
public Object source;
@JsonProperty("step")
public TraverserAPI.Step step;
@JsonProperty("steps")
public TraverserAPI.VESteps steps;
@JsonProperty("max_depth")
public int maxDepth;
@JsonProperty("limit")
Expand All @@ -219,9 +219,9 @@ private static class Request {

@Override
public String toString() {
return String.format("PathRequest{source=%s,step=%s,maxDepth=%s" +
return String.format("PathRequest{source=%s,steps=%s,maxDepth=%s" +
"limit=%s,countOnly=%s,withVertex=%s," +
"withPath=%s,withEdge=%s}", this.source, this.step,
"withPath=%s,withEdge=%s}", this.source, this.steps,
this.maxDepth, this.limit, this.countOnly,
this.withVertex, this.withPath, this.withEdge);
}
Expand Down
Loading

0 comments on commit 8d11607

Please sign in to comment.