Skip to content

Commit

Permalink
Add authorization settings for API (#1017)
Browse files Browse the repository at this point in the history
* Add authorization for file entry APIs

* Changed not to expose other users' perftest running information

* Add authorization for perftest APIs
  • Loading branch information
imbyungjun authored May 20, 2024
1 parent cac2c82 commit 2e44e04
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
import org.springframework.data.domain.Pageable;
import org.springframework.data.domain.Sort;
import org.springframework.data.web.PageableDefault;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.net.URL;
Expand Down Expand Up @@ -74,6 +75,7 @@
@RestController
@RequestMapping("/perftest/api")
@RequiredArgsConstructor
@PreAuthorize("hasAnyRole('A', 'S', 'U')")
public class PerfTestApiController {

private final PerfTestService perfTestService;
Expand Down Expand Up @@ -337,6 +339,7 @@ public Map<String, Object> refreshTestRunning(User user, @PathVariable long id)
}

@GetMapping("/{id}/detail_report")
@PreAuthorize("permitAll")
public Map<String, Object> getReport(@PathVariable long id) {
Map<String, Object> model = newHashMap();
model.put("test", perfTestService.getOne(id));
Expand Down Expand Up @@ -531,7 +534,7 @@ public Map<String, Object> getStatuses(User user, @RequestParam(defaultValue = "
.collect(toList());

return buildMap(
"perfTestInfo", perfTestService.getCurrentPerfTestStatistics(),
"runningTestsCount", perfTestService.getCurrentPerfTestStatistics().size(),
"status", statuses
);
}
Expand Down Expand Up @@ -601,6 +604,7 @@ public List<String> getLogs(User user, @PathVariable long id) {
* @return perf test result list.
*/
@GetMapping({"/{id}/perf", "/{id}/graph"})
@PreAuthorize("permitAll")
public Map<String, Object> getPerfGraph(@PathVariable long id,
@RequestParam(defaultValue = "") String dataType,
@RequestParam(defaultValue = "false") boolean onlyTotal,
Expand Down Expand Up @@ -630,6 +634,7 @@ private Map<String, Object> getPerfGraphData(Long id, String[] dataTypes, boolea
* @return json message
*/
@GetMapping("/{id}/monitor")
@PreAuthorize("permitAll")
public Map<String, Object> getMonitorGraph(@PathVariable long id,
@RequestParam String targetIP, @RequestParam int imgWidth) {
int interval = perfTestService.getMonitorGraphInterval(id, targetIP, imgWidth);
Expand All @@ -649,6 +654,7 @@ public Map<String, Object> getMonitorGraph(@PathVariable long id,
* @return json message
*/
@GetMapping("/{id}/plugin/{plugin}")
@PreAuthorize("permitAll")
public Map<String, Object> getPluginGraph(@PathVariable long id,
@PathVariable String plugin,
@RequestParam String kind,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import org.ngrinder.infra.spring.RemainedPath;
import org.ngrinder.model.*;
import org.ngrinder.perftest.service.PerfTestService;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.*;
Expand All @@ -44,6 +45,7 @@
@RequestMapping("/perftest")
@GlobalControllerModel
@RequiredArgsConstructor
@PreAuthorize("hasAnyRole('A', 'S', 'U')")
public class PerfTestController {

private final PerfTestService perfTestService;
Expand Down Expand Up @@ -150,6 +152,7 @@ public void showLog(User user, @PathVariable("id") long id, @RemainedPath String
* @return perftest/detail_report
*/
@GetMapping({"/{id}/detail_report", /* for backward compatibility */"/{id}/report"})
@PreAuthorize("permitAll")
public String getReport(@PathVariable long id) {
return "app";
}
Expand All @@ -162,6 +165,7 @@ public String getReport(@PathVariable long id) {
*/
@SuppressWarnings("UnusedParameters")
@GetMapping("/{id}/detail_report/perf")
@PreAuthorize("permitAll")
public String getDetailPerfReport(@PathVariable("id") long id) {
return "perftest/detail_report/perf";
}
Expand All @@ -176,6 +180,7 @@ public String getDetailPerfReport(@PathVariable("id") long id) {
*/
@SuppressWarnings("UnusedParameters")
@GetMapping("/{id}/detail_report/monitor")
@PreAuthorize("permitAll")
public String getDetailMonitorReport(@PathVariable("id") long id, @RequestParam("targetIP") String targetIP,
ModelMap modelMap) {
modelMap.addAttribute("targetIP", targetIP);
Expand All @@ -192,6 +197,7 @@ public String getDetailMonitorReport(@PathVariable("id") long id, @RequestParam(
*/
@SuppressWarnings("UnusedParameters")
@GetMapping("/{id}/detail_report/plugin/{plugin}")
@PreAuthorize("permitAll")
public String getDetailPluginReport(@PathVariable("id") long id,
@PathVariable("plugin") String plugin, @RequestParam("kind") String kind, ModelMap modelMap) {
modelMap.addAttribute("plugin", plugin);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.context.MessageSource;
import org.springframework.http.ContentDisposition;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;

Expand All @@ -65,6 +66,7 @@
@RestController
@RequestMapping("/script/api")
@RequiredArgsConstructor
@PreAuthorize("hasAnyRole('A', 'S', 'U')")
public class FileEntryApiController {

private static final Logger LOG = LoggerFactory.getLogger(FileEntryApiController.class);
Expand Down
2 changes: 1 addition & 1 deletion ngrinder-frontend/src/js/components/perftest/list/List.vue
Original file line number Diff line number Diff line change
Expand Up @@ -420,7 +420,7 @@
}
this.tests[target.index].status = updatedStatus;
this.runningSummary = `${res.data.perfTestInfo.length} ${this.i18n('perfTest.list.runningSummary')}`;
this.runningSummary = `${res.data.runningTestsCount} ${this.i18n('perfTest.list.runningSummary')}`;
});
}).finally(() => this.updateStatusTimeoutId = setTimeout(this.updatePerftestStatus, 2000));
} else {
Expand Down

0 comments on commit 2e44e04

Please sign in to comment.