Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
lzh_me
Sureness
提交
6039ac50
Sureness
项目概览
lzh_me
/
Sureness
与 Fork 源项目一致
Fork自
sureness / Sureness
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Sureness
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
6039ac50
编写于
5月 10, 2021
作者:
sinat_25235033
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
simplify ktor-sureness demo's api,auth data
上级
991355f7
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
50 addition
and
85 deletion
+50
-85
samples/ktor-sureness/resources/sureness.yml
samples/ktor-sureness/resources/sureness.yml
+25
-32
samples/ktor-sureness/src/Application.kt
samples/ktor-sureness/src/Application.kt
+25
-53
未找到文件。
samples/ktor-sureness/resources/sureness.yml
浏览文件 @
6039ac50
...
...
@@ -2,49 +2,42 @@
# load api resource which need be protected, config role who can access these resource.
# resources that are not configured are also authenticated and protected by default, but not authorized
# eg: /api/v
2/host===post===[role2,role3,role4] means /api/v2/host===post can be access by role2,role3,role4
# eg: /api/v
1/getSource3===get===[] means /api/v1/getSource3===get
can not be access by any role
# eg: /api/v
1/bar===post===[role1] means /api/v1/bar===post can be access by role1
# eg: /api/v
3/foo===get===[] means /api/v3/foo===*
can not be access by any role
resourceRole
:
-
/api/v2/host===post===[role2,role3,role4]
-
/api/v2/host===get===[role2,role3,role4]
-
/api/v2/host===delete===[role2,role3,role4]
-
/api/v2/host===put===[role2,role3,role4]
-
/api/mi/**===put===[role2,role3,role4]
-
/api/v1/getSource1===get===[role1,role2]
-
/api/v2/getSource2/*/*===get===[role2]
-
/api/v1/source1===get===[role2]
-
/api/v1/source1===post===[role1]
-
/api/v1/source1===delete===[role3]
-
/api/v1/source1===put===[role1,role2]
-
/api/v1/source2===get===[]
-
/api/v1/bar/*===get===[role1,role2,role3]
-
/api/v1/bar===post===[role1]
-
/api/v2/bar===put===[role2]
-
/api/v2/foo===get===[role3]
-
/api/v3/foo===get===[]
# load api resource which do not need be protected, means them need be excluded.
# these api resource can be access by everyone
# eg: /**/*.png===* means get/post/put/delete/patch any url suffixed with `.png` can be access by everyone
excludedResource
:
-
/api/v3/host===get
-
/api/v3/book===get
-
/api/v1/account/auth===post
-
/api/v2/foo===delete
-
/**/*.html===get
-
/**/*.js===get
-
/**/*.css===get
-
/**/*.ico===get
-
/**/*.ico===*
-
/**/*.png===*
# account info
# there are three account:
admin, root, tom
# eg:
admin has [role1,role2] ROLE, unencrypted password is admin, encrypted password is 0192023A7BBD73250516F069DF18B500
# eg:
root has role1, unencrypted password is 23456
# eg:
tom has role3, unencrypted password is 3211
3
# there are three account:
sam, tom, lisa
# eg:
sam has [role1,role2,role3], password is sam123, has salt -> 123
# eg:
tom has role2, password is tom123
# eg:
lisa has role3, password is lisa12
3
account
:
-
appId
:
admin
# if add salt, the password is encrypted password - the result: MD5(password+salt)
# digest auth not support encrypted password
# if no salt, the password is unencrypted password
credential
:
0192023A7BBD73250516F069DF18B500
-
appId
:
sam
# if add salt, the credential is encrypted by md5 - result is: MD5(password+salt)
# digest auth not support encrypted credential
credential
:
1B9E9136628CB1B161AE47132DD7AF19
salt
:
123
role
:
[
role1
,
role2
]
-
appId
:
root
credential
:
23456
role
:
[
role1
]
role
:
[
role1
,
role2
,
role3
]
-
appId
:
tom
credential
:
32113
credential
:
tom123
role
:
[
role2
]
-
appId
:
lisa
credential
:
lisa123
role
:
[
role3
]
\ No newline at end of file
samples/ktor-sureness/src/Application.kt
浏览文件 @
6039ac50
...
...
@@ -8,20 +8,20 @@ import io.ktor.application.Application
import
io.ktor.application.ApplicationCallPipeline
import
io.ktor.application.call
import
io.ktor.application.log
import
io.ktor.http.ContentType
import
io.ktor.http.HttpStatusCode
import
io.ktor.response.header
import
io.ktor.response.respondText
import
io.ktor.http.*
import
io.ktor.request.*
import
io.ktor.response.*
import
io.ktor.routing.*
import
io.ktor.server.engine.EngineAPI
import
io.ktor.server.engine.embeddedServer
import
io.ktor.server.servlet.AsyncServletApplicationRequest
import
io.ktor.server.tomcat.Tomcat
import
java.util.*
@EngineAPI
fun
main
(
args
:
Array
<
String
>)
{
embeddedServer
(
Tomcat
,
port
=
808
1
){
main
()}.
start
(
wait
=
true
)
embeddedServer
(
Tomcat
,
port
=
808
0
){
main
()}.
start
(
wait
=
true
)
}
...
...
@@ -40,28 +40,18 @@ fun Application.main() {
log
.
debug
(
"auth success!"
)
}
}
catch
(
e4
:
UnknownAccountException
)
{
log
.
debug
(
"this request is illegal"
)
call
.
respondText
(
e4
.
localizedMessage
)
return
@intercept
finish
()
}
catch
(
e2
:
DisabledAccountException
)
{
log
.
debug
(
"the account is disabled"
)
call
.
respondText
(
e2
.
localizedMessage
)
return
@intercept
finish
()
}
catch
(
e2
:
ExcessiveAttemptsException
)
{
log
.
debug
(
"the account is disabled"
)
call
.
respondText
(
e2
.
localizedMessage
)
log
.
debug
(
"this request account info is illegal"
)
call
.
respond
(
HttpStatusCode
.
Unauthorized
,
e4
.
localizedMessage
)
return
@intercept
finish
()
}
catch
(
e3
:
IncorrectCredentialsException
)
{
log
.
debug
(
"this account credential is incorrect
or expired
"
)
call
.
respond
Text
(
e3
.
localizedMessage
)
log
.
debug
(
"this account credential is incorrect"
)
call
.
respond
(
HttpStatusCode
.
Unauthorized
,
e3
.
localizedMessage
)
return
@intercept
finish
()
}
catch
(
e3
:
ExpiredCredentialsException
)
{
log
.
debug
(
"this account credential is
incorrect or
expired"
)
call
.
respond
Text
(
e3
.
localizedMessage
)
log
.
debug
(
"this account credential is expired"
)
call
.
respond
(
HttpStatusCode
.
Unauthorized
,
e3
.
localizedMessage
)
return
@intercept
finish
()
}
catch
(
e4
:
NeedDigestInfoException
)
{
...
...
@@ -73,52 +63,34 @@ fun Application.main() {
}
catch
(
e5
:
UnauthorizedException
)
{
log
.
debug
(
"this account can not access this resource"
)
call
.
respond
Text
(
e5
.
localizedMessage
)
call
.
respond
(
HttpStatusCode
.
Forbidden
,
e5
.
localizedMessage
)
return
@intercept
finish
()
}
catch
(
e
:
RuntimeException
)
{
log
.
error
(
"other exception happen: "
,
e
)
call
.
respond
Text
(
e
.
localizedMessage
)
call
.
respond
(
HttpStatusCode
.
Conflict
,
e
.
localizedMessage
)
return
@intercept
finish
()
}
}
routing
{
get
(
"/api/v3/host"
)
{
call
.
respondText
(
"Hello World!"
,
ContentType
.
Text
.
Plain
)
}
get
(
"/api/v2/host"
)
{
call
.
respondText
(
"get /api/v2/host"
)
}
post
(
"/api/v2/host"
)
{
call
.
respondText
(
"post /api/v2/host"
)
}
put
(
"/api/v2/host"
)
{
call
.
respondText
(
"put /api/v2/host"
)
}
delete
(
"/api/v2/host"
)
{
call
.
respondText
(
"delete /api/v2/host"
)
}
put
(
"/api/mi/tom"
)
{
call
.
respondText
(
"put /api/mi/tom"
)
}
get
(
"/api/v1/getSource1"
)
{
call
.
respondText
(
"get /api/v1/getSource1"
)
get
(
"/api/v1/bar/{id}"
)
{
call
.
respondText
(
"access "
+
call
.
request
.
uri
+
" success"
)
}
get
(
"/api/v2/getSource2/book
"
)
{
call
.
respondText
(
"
get /api/v2/getSource2/book
"
)
post
(
"/api/v1/bar
"
)
{
call
.
respondText
(
"
access "
+
call
.
request
.
uri
+
" success
"
)
}
get
(
"/api/v1/source1
"
)
{
call
.
respondText
(
"
get /api/v1/source1
"
)
put
(
"/api/v2/bar
"
)
{
call
.
respondText
(
"
access "
+
call
.
request
.
uri
+
" success
"
)
}
post
(
"/api/v1/source1
"
)
{
call
.
respondText
(
"
post /api/v1/source1
"
)
get
(
"/api/v2/foo
"
)
{
call
.
respondText
(
"
access "
+
call
.
request
.
uri
+
" success
"
)
}
put
(
"/api/v1/source1
"
)
{
call
.
respondText
(
"
put /api/v1/source1
"
)
delete
(
"/api/v2/foo
"
)
{
call
.
respondText
(
"
access "
+
call
.
request
.
uri
+
" success
"
)
}
delete
(
"/api/v1/source1
"
)
{
call
.
respondText
(
"
delete /api/v1/source1
"
)
get
(
"/api/v3/foo
"
)
{
call
.
respondText
(
"
access "
+
call
.
request
.
uri
+
" success
"
)
}
}
}
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录