simplify ktor-sureness demo's api,auth data

samples/ktor-sureness/resources/sureness.yml

@@ -2,49 +2,42 @@
 
 # load api resource which need be protected, config role who can access these resource.
 # resources that are not configured are also authenticated and protected by default, but not authorized
-# eg: /api/v2/host===post===[role2,role3,role4] means /api/v2/host===post can be access by role2,role3,role4
-# eg: /api/v1/getSource3===get===[] means /api/v1/getSource3===get can not be access by any role
+# eg: /api/v1/bar===post===[role1] means /api/v1/bar===post can be access by role1
+# eg: /api/v3/foo===get===[] means /api/v3/foo===* can not be access by any role
 resourceRole:
-  - /api/v2/host===post===[role2,role3,role4]
-  - /api/v2/host===get===[role2,role3,role4]
-  - /api/v2/host===delete===[role2,role3,role4]
-  - /api/v2/host===put===[role2,role3,role4]
-  - /api/mi/**===put===[role2,role3,role4]
-  - /api/v1/getSource1===get===[role1,role2]
-  - /api/v2/getSource2/*/*===get===[role2]
-  - /api/v1/source1===get===[role2]
-  - /api/v1/source1===post===[role1]
-  - /api/v1/source1===delete===[role3]
-  - /api/v1/source1===put===[role1,role2]
-  - /api/v1/source2===get===[]
+  - /api/v1/bar/*===get===[role1,role2,role3]
+  - /api/v1/bar===post===[role1]
+  - /api/v2/bar===put===[role2]
+  - /api/v2/foo===get===[role3]
+  - /api/v3/foo===get===[]
 
 # load api resource which do not need be protected, means them need be excluded.
 # these api resource can be access by everyone
+# eg: /**/*.png===* means get/post/put/delete/patch any url suffixed with `.png` can be access by everyone
 excludedResource:
-  - /api/v3/host===get
-  - /api/v3/book===get
-  - /api/v1/account/auth===post
+  - /api/v2/foo===delete
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
-  - /**/*.ico===get
+  - /**/*.ico===*
+  - /**/*.png===*
+
 
 # account info
-# there are three account: admin, root, tom
-# eg: admin has [role1,role2] ROLE, unencrypted password is admin, encrypted password is 0192023A7BBD73250516F069DF18B500
-# eg: root has role1, unencrypted password is 23456
-# eg: tom has role3, unencrypted password is 32113
+# there are three account: sam, tom, lisa
+# eg: sam has [role1,role2,role3], password is sam123, has salt -> 123
+# eg: tom has role2, password is tom123
+# eg: lisa has role3, password is lisa123
 account:
-  - appId: admin
-    # if add salt, the password is encrypted password - the result: MD5(password+salt)
-    # digest auth not support encrypted password
-    # if no salt, the password is unencrypted password
-    credential: 0192023A7BBD73250516F069DF18B500
+  - appId: sam
+    # if add salt, the credential is encrypted by md5 - result is: MD5(password+salt)
+    # digest auth not support encrypted credential
+    credential: 1B9E9136628CB1B161AE47132DD7AF19
     salt: 123
-    role: [role1,role2]
-  - appId: root
-    credential: 23456
-    role: [role1]
+    role: [role1,role2,role3]
   - appId: tom
-    credential: 32113
+    credential: tom123
+    role: [role2]
+  - appId: lisa
+    credential: lisa123
     role: [role3]
\ No newline at end of file

samples/ktor-sureness/src/Application.kt

@@ -8,20 +8,20 @@ import io.ktor.application.Application
 import io.ktor.application.ApplicationCallPipeline
 import io.ktor.application.call
 import io.ktor.application.log
-import io.ktor.http.ContentType
-import io.ktor.http.HttpStatusCode
-import io.ktor.response.header
-import io.ktor.response.respondText
+import io.ktor.http.*
+import io.ktor.request.*
+import io.ktor.response.*
 import io.ktor.routing.*
 import io.ktor.server.engine.EngineAPI
 import io.ktor.server.engine.embeddedServer
 import io.ktor.server.servlet.AsyncServletApplicationRequest
 import io.ktor.server.tomcat.Tomcat
+import java.util.*
 
 
 @EngineAPI
 fun main(args: Array<String>) {
-    embeddedServer(Tomcat, port = 8081){main()}.start(wait = true)
+    embeddedServer(Tomcat, port = 8080){main()}.start(wait = true)
 }
 
 
@@ -40,28 +40,18 @@ fun Application.main() {
                 log.debug("auth success!")
             }
         } catch (e4: UnknownAccountException) {
-            log.debug("this request is illegal")
-            call.respondText(e4.localizedMessage)
-            return@intercept finish()
-
-        } catch (e2: DisabledAccountException) {
-            log.debug("the account is disabled")
-            call.respondText(e2.localizedMessage)
-            return@intercept finish()
-
-        } catch (e2: ExcessiveAttemptsException) {
-            log.debug("the account is disabled")
-            call.respondText(e2.localizedMessage)
+            log.debug("this request account info is illegal")
+            call.respond(HttpStatusCode.Unauthorized, e4.localizedMessage)
             return@intercept finish()
 
         } catch (e3: IncorrectCredentialsException) {
-            log.debug("this account credential is incorrect or expired")
-            call.respondText(e3.localizedMessage)
+            log.debug("this account credential is incorrect")
+            call.respond(HttpStatusCode.Unauthorized, e3.localizedMessage)
             return@intercept finish()
 
         } catch (e3: ExpiredCredentialsException) {
-            log.debug("this account credential is incorrect or expired")
-            call.respondText(e3.localizedMessage)
+            log.debug("this account credential is expired")
+            call.respond(HttpStatusCode.Unauthorized, e3.localizedMessage)
             return@intercept finish()
 
         } catch (e4: NeedDigestInfoException) {
@@ -73,52 +63,34 @@ fun Application.main() {
 
         } catch (e5: UnauthorizedException) {
             log.debug("this account can not access this resource")
-            call.respondText(e5.localizedMessage)
+            call.respond(HttpStatusCode.Forbidden, e5.localizedMessage)
             return@intercept finish()
 
         } catch (e: RuntimeException) {
             log.error("other exception happen: ", e)
-            call.respondText(e.localizedMessage)
+            call.respond(HttpStatusCode.Conflict, e.localizedMessage)
             return@intercept finish()
         }
     }
 
     routing {
-        get("/api/v3/host") {
-            call.respondText("Hello World!", ContentType.Text.Plain)
-        }
-        get("/api/v2/host") {
-            call.respondText("get /api/v2/host")
-        }
-        post("/api/v2/host") {
-            call.respondText("post /api/v2/host")
-        }
-        put("/api/v2/host") {
-            call.respondText("put /api/v2/host")
-        }
-        delete("/api/v2/host") {
-            call.respondText("delete /api/v2/host")
-        }
-        put("/api/mi/tom") {
-            call.respondText("put /api/mi/tom")
-        }
-        get("/api/v1/getSource1") {
-            call.respondText("get /api/v1/getSource1")
+        get("/api/v1/bar/{id}") {
+            call.respondText("access " + call.request.uri + " success")
         }
-        get("/api/v2/getSource2/book") {
-            call.respondText("get /api/v2/getSource2/book")
+        post("/api/v1/bar") {
+            call.respondText("access " + call.request.uri + " success")
         }
-        get("/api/v1/source1") {
-            call.respondText("get /api/v1/source1")
+        put("/api/v2/bar") {
+            call.respondText("access " + call.request.uri + " success")
         }
-        post("/api/v1/source1") {
-            call.respondText("post /api/v1/source1")
+        get("/api/v2/foo") {
+            call.respondText("access " + call.request.uri + " success")
         }
-        put("/api/v1/source1") {
-            call.respondText("put /api/v1/source1")
+        delete("/api/v2/foo") {
+            call.respondText("access " + call.request.uri + " success")
         }
-        delete("/api/v1/source1") {
-            call.respondText("delete /api/v1/source1")
+        get("/api/v3/foo") {
+            call.respondText("access " + call.request.uri + " success")
         }
     }
 }
\ No newline at end of file