-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathCheckUserRole.js
More file actions
106 lines (88 loc) · 3.76 KB
/
CheckUserRole.js
File metadata and controls
106 lines (88 loc) · 3.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
userHasAccess();
function userHasAccess() {
var JSONArray = org.json.JSONArray;
var JSONObject = org.json.JSONObject;
var e = java.lang.Exception;
var String = java.lang.String;
var target = "query-pipelines/" + request.getParams().getFirst("lw.pipelineId") + "/collections";
var hasPermission = false;
var api = "http://localhost:8764/api/roles";
try {
if (request.getHeaders().get("Fusion-User-Role") !== null) {
var role = request.getHeaders().get("Fusion-User-Role").get(0);
var content = getUrlRequestContent(api);
var json = new JSONArray(content);
var obj, perm, perms, methods, path;
if (json !== null) {
obj = getUserRole(json, role);
if (obj !== null) {
perms = obj.getJSONArray("permissions");
for (var j = 0; j < perms.length(); j++) {
perm = perms.getJSONObject(j);
methods = perm.getJSONArray("methods");
path = perm.getString("path");
logger.info("Check Path: " + path);
if (methods.toString().contains("GET")) {
if (path.contains(target)
|| path.equals("/**")) { // user has permission if any are true
hasPermission = true;
break;
}
}
}
} else {
throw new Exception("Invalid Role: " + role);
}
} else {
throw new Exception("No roles found. ");
}
} else {
throw new Exception("No role in header. ");
}
if (!hasPermission) {
logger.warn("403 UNAUTHORIZED ACCESS...");
throw new Exception("403: Unauthorized. ");
} else {
logger.info("User has permission...");
}
} catch (e) {
logger.error(e);
}
return hasPermission;
}
function getUrlRequestContent(url) {
var BufferedReader = java.io.BufferedReader;
var InputStreamReader = java.io.InputStreamReader;
var userAgent = org.apache.http.HttpHeaders.USER_AGENT;
var HttpResponse = org.apache.http.HttpResponse;
var HttpClient = org.apache.http.client.HttpClient;
var HttpGet = org.apache.http.client.methods.HttpGet;
var HttpClientBuilder = org.apache.http.impl.client.HttpClientBuilder;
var StringBuffer = java.lang.StringBuffer;
var BasicCredentialsProvider = org.apache.http.impl.client.BasicCredentialsProvider;
var UsernamePasswordCredentials = org.apache.http.auth.UsernamePasswordCredentials;
var AuthScope = org.apache.http.auth.AuthScope;
var String = java.lang.String;
var e = java.lang.Exception;
result = new StringBuffer();
try {
var provider = new BasicCredentialsProvider();
var credentials = new UsernamePasswordCredentials("admin", "Ixion1964");
provider.setCredentials(AuthScope.ANY, credentials);
var client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build();
var request = new HttpGet(url);
request.addHeader("User-Agent", userAgent);
var response = client.execute(request);
logger.info("RESPONSE Code : " + response.getStatusLine().getStatusCode());
var rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
var result = new StringBuffer();
var line = "";
while ((line = rd.readLine()) !== null) {
result.append(line);
}
} catch (e) {
logger.error(e);
}
logger.info(result);
return result.toString();
}