Add a bulk-domain-action console endpoint (#2611)

For now it only includes two options (domain deletion and domain
suspension). In the future, as necessary, we can add other actions but
this seems like a relatively simple starting point (actions like bulk
updates are much more conceptually complex).

Author: gbrodman

core/src/main/java/google/registry/flows/ExtensionManager.java

@@ -105,7 +105,7 @@ private void checkForUndeclaredExtensions(
   }
 
   private static final ImmutableSet<EppRequestSource> ALLOWED_METADATA_EPP_REQUEST_SOURCES =
-      ImmutableSet.of(EppRequestSource.TOOL, EppRequestSource.BACKEND);
+      ImmutableSet.of(EppRequestSource.BACKEND, EppRequestSource.CONSOLE, EppRequestSource.TOOL);
 
   private void checkForRestrictedExtensions(
       ImmutableSet<Class<? extends CommandExtension>> suppliedExtensions)

core/src/main/java/google/registry/ui/server/console/ConsoleBulkDomainAction.java

@@ -0,0 +1,228 @@
+// Copyright 2024 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.ui.server.console;
+
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
+import static jakarta.servlet.http.HttpServletResponse.SC_OK;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.escape.Escaper;
+import com.google.common.xml.XmlEscapers;
+import com.google.gson.JsonElement;
+import com.google.gson.annotations.Expose;
+import google.registry.flows.EppController;
+import google.registry.flows.EppRequestSource;
+import google.registry.flows.PasswordOnlyTransportCredentials;
+import google.registry.flows.StatelessRequestSessionMetadata;
+import google.registry.model.console.ConsolePermission;
+import google.registry.model.console.User;
+import google.registry.model.eppcommon.ProtocolDefinition;
+import google.registry.model.eppoutput.EppOutput;
+import google.registry.model.eppoutput.Result;
+import google.registry.request.Action;
+import google.registry.request.OptionalJsonPayload;
+import google.registry.request.Parameter;
+import google.registry.request.auth.Auth;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import javax.inject.Inject;
+
+/**
+ * Console endpoint to perform the same action to a list of domains.
+ *
+ * <p>All requests must include the {@link BulkAction} to perform as well as a {@link
+ * BulkDomainList} of domains on which to apply the action. The remaining contents of the request
+ * body depend on the type of action -- some requests may require more data than others.
+ */
+@Action(
+    service = Action.GaeService.DEFAULT,
+    gkeService = Action.GkeService.CONSOLE,
+    path = ConsoleBulkDomainAction.PATH,
+    auth = Auth.AUTH_PUBLIC_LOGGED_IN)
+public class ConsoleBulkDomainAction extends ConsoleApiAction {
+
+  public static final String PATH = "/console-api/bulk-domain";
+
+  private static Escaper XML_ESCAPER = XmlEscapers.xmlContentEscaper();
+
+  public enum BulkAction {
+    DELETE,
+    SUSPEND
+  }
+
+  /** All requests must include at least a list of domain names on which to perform the action. */
+  public record BulkDomainList(@Expose List<String> domainList) {}
+
+  public record BulkDomainDeleteRequest(@Expose String reason) {}
+
+  public record BulkDomainSuspendRequest(@Expose String reason) {}
+
+  private static final String DOMAIN_DELETE_XML =
+      """
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <delete>
+      <domain:delete
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>%DOMAIN_NAME%</domain:name>
+      </domain:delete>
+    </delete>
+    <extension>
+      <metadata:metadata xmlns:metadata="urn:google:params:xml:ns:metadata-1.0">
+        <metadata:reason>%REASON%</metadata:reason>
+        <metadata:requestedByRegistrar>true</metadata:requestedByRegistrar>
+      </metadata:metadata>
+    </extension>
+    <clTRID>RegistryConsole</clTRID>
+  </command>
+</epp>""";
+
+  private static final String DOMAIN_SUSPEND_XML =
+      """
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<epp
+  xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <update>
+      <domain:update
+        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>%DOMAIN_NAME%</domain:name>
+        <domain:add>
+          <domain:status s="serverDeleteProhibited" lang="en"></domain:status>
+          <domain:status s="serverHold" lang="en"></domain:status>
+          <domain:status s="serverRenewProhibited" lang="en"></domain:status>
+          <domain:status s="serverTransferProhibited" lang="en"></domain:status>
+          <domain:status s="serverUpdateProhibited" lang="en"></domain:status>
+        </domain:add>
+        <domain:rem></domain:rem>
+      </domain:update>
+    </update>
+    <extension>
+      <metadata:metadata
+        xmlns:metadata="urn:google:params:xml:ns:metadata-1.0">
+        <metadata:reason>Console suspension: %REASON%</metadata:reason>
+        <metadata:requestedByRegistrar>false</metadata:requestedByRegistrar>
+      </metadata:metadata>
+    </extension>
+    <clTRID>RegistryTool</clTRID>
+  </command>
+</epp>""";
+
+  private final EppController eppController;
+  private final String registrarId;
+  private final String bulkDomainAction;
+  private final Optional<JsonElement> optionalJsonPayload;
+
+  @Inject
+  public ConsoleBulkDomainAction(
+      ConsoleApiParams consoleApiParams,
+      EppController eppController,
+      @Parameter("registrarId") String registrarId,
+      @Parameter("bulkDomainAction") String bulkDomainAction,
+      @OptionalJsonPayload Optional<JsonElement> optionalJsonPayload) {
+    super(consoleApiParams);
+    this.eppController = eppController;
+    this.registrarId = registrarId;
+    this.bulkDomainAction = bulkDomainAction;
+    this.optionalJsonPayload = optionalJsonPayload;
+  }
+
+  @Override
+  protected void postHandler(User user) {
+    BulkAction bulkAction = BulkAction.valueOf(bulkDomainAction);
+    JsonElement jsonPayload =
+        optionalJsonPayload.orElseThrow(
+            () -> new IllegalArgumentException("Bulk action payload must be present"));
+    BulkDomainList domainList = consoleApiParams.gson().fromJson(jsonPayload, BulkDomainList.class);
+    checkPermission(user, registrarId, ConsolePermission.EXECUTE_EPP_COMMANDS);
+    ImmutableMap<String, ConsoleEppOutput> result =
+        switch (bulkAction) {
+          case DELETE -> handleBulkDelete(jsonPayload, domainList, user);
+          case SUSPEND -> handleBulkSuspend(jsonPayload, domainList, user);
+        };
+    // Front end should parse situations where only some commands worked
+    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(result));
+    consoleApiParams.response().setStatus(SC_OK);
+  }
+
+  private ImmutableMap<String, ConsoleEppOutput> handleBulkDelete(
+      JsonElement jsonPayload, BulkDomainList domainList, User user) {
+    String reason =
+        consoleApiParams.gson().fromJson(jsonPayload, BulkDomainDeleteRequest.class).reason;
+    return runCommandOverDomains(
+        domainList,
+        DOMAIN_DELETE_XML,
+        new ImmutableMap.Builder<String, String>().put("REASON", reason),
+        user);
+  }
+
+  private ImmutableMap<String, ConsoleEppOutput> handleBulkSuspend(
+      JsonElement jsonPayload, BulkDomainList domainList, User user) {
+    String reason =
+        consoleApiParams.gson().fromJson(jsonPayload, BulkDomainSuspendRequest.class).reason;
+    return runCommandOverDomains(
+        domainList,
+        DOMAIN_SUSPEND_XML,
+        new ImmutableMap.Builder<String, String>().put("REASON", reason),
+        user);
+  }
+
+  /** Runs the provided XML template and substitutions over a provided list of domains. */
+  private ImmutableMap<String, ConsoleEppOutput> runCommandOverDomains(
+      BulkDomainList domainList,
+      String xmlTemplate,
+      ImmutableMap.Builder<String, String> replacements,
+      User user) {
+    return domainList.domainList.stream()
+        .collect(
+            toImmutableMap(
+                d -> d,
+                d ->
+                    executeEpp(
+                        fillSubstitutions(xmlTemplate, replacements.put("DOMAIN_NAME", d)), user)));
+  }
+
+  private ConsoleEppOutput executeEpp(String xml, User user) {
+    return ConsoleEppOutput.fromEppOutput(
+        eppController.handleEppCommand(
+            new StatelessRequestSessionMetadata(
+                registrarId, ProtocolDefinition.getVisibleServiceExtensionUris()),
+            new PasswordOnlyTransportCredentials(),
+            EppRequestSource.CONSOLE,
+            false,
+            user.getUserRoles().isAdmin(),
+            xml.getBytes(UTF_8)));
+  }
+
+  /** Fills the provided XML template with the replacement values, including escaping the values. */
+  private String fillSubstitutions(
+      String xmlTemplate, ImmutableMap.Builder<String, String> replacements) {
+    String xml = xmlTemplate;
+    for (Map.Entry<String, String> entry : replacements.buildKeepingLast().entrySet()) {
+      xml = xml.replaceAll("%" + entry.getKey() + "%", XML_ESCAPER.escape(entry.getValue()));
+    }
+    return xml;
+  }
+
+  public record ConsoleEppOutput(@Expose String message, @Expose int responseCode) {
+    static ConsoleEppOutput fromEppOutput(EppOutput eppOutput) {
+      Result result = eppOutput.getResponse().getResult();
+      return new ConsoleEppOutput(result.getMsg(), result.getCode().code);
+    }
+  }
+}

core/src/main/java/google/registry/ui/server/console/ConsoleModule.java

@@ -241,6 +241,12 @@ public static Optional<String> provideSearchTerm(HttpServletRequest req) {
     return extractOptionalParameter(req, "searchTerm");
   }
 
+  @Provides
+  @Parameter("bulkDomainAction")
+  public static String provideBulkDomainAction(HttpServletRequest req) {
+    return extractRequiredParameter(req, "bulkDomainAction");
+  }
+
   @Provides
   @Parameter("eppPasswordChangeRequest")
   public static Optional<EppPasswordData> provideEppPasswordChangeRequest(

core/src/test/java/google/registry/flows/ExtensionManagerTest.java

@@ -121,7 +121,7 @@ void testMetadataExtension_allowedForToolSource() throws Exception {
   void testMetadataExtension_forbiddenWhenNotToolSource() {
     ExtensionManager manager =
         new TestInstanceBuilder()
-            .setEppRequestSource(EppRequestSource.CONSOLE)
+            .setEppRequestSource(EppRequestSource.TLS)
             .setDeclaredUris()
             .setSuppliedExtensions(MetadataExtension.class)
             .build();