diff --git a/samples/ktor-sureness/resources/sureness.yml b/samples/ktor-sureness/resources/sureness.yml index 2f396072a3be9966ebbee6f1e6c8695bfdf8cf68..7a1f9c184f35f75f223830b617a7bd14ef4022fa 100644 --- a/samples/ktor-sureness/resources/sureness.yml +++ b/samples/ktor-sureness/resources/sureness.yml @@ -2,49 +2,42 @@ # load api resource which need be protected, config role who can access these resource. # resources that are not configured are also authenticated and protected by default, but not authorized -# eg: /api/v2/host===post===[role2,role3,role4] means /api/v2/host===post can be access by role2,role3,role4 -# eg: /api/v1/getSource3===get===[] means /api/v1/getSource3===get can not be access by any role +# eg: /api/v1/bar===post===[role1] means /api/v1/bar===post can be access by role1 +# eg: /api/v3/foo===get===[] means /api/v3/foo===* can not be access by any role resourceRole: - - /api/v2/host===post===[role2,role3,role4] - - /api/v2/host===get===[role2,role3,role4] - - /api/v2/host===delete===[role2,role3,role4] - - /api/v2/host===put===[role2,role3,role4] - - /api/mi/**===put===[role2,role3,role4] - - /api/v1/getSource1===get===[role1,role2] - - /api/v2/getSource2/*/*===get===[role2] - - /api/v1/source1===get===[role2] - - /api/v1/source1===post===[role1] - - /api/v1/source1===delete===[role3] - - /api/v1/source1===put===[role1,role2] - - /api/v1/source2===get===[] + - /api/v1/bar/*===get===[role1,role2,role3] + - /api/v1/bar===post===[role1] + - /api/v2/bar===put===[role2] + - /api/v2/foo===get===[role3] + - /api/v3/foo===get===[] # load api resource which do not need be protected, means them need be excluded. # these api resource can be access by everyone +# eg: /**/*.png===* means get/post/put/delete/patch any url suffixed with `.png` can be access by everyone excludedResource: - - /api/v3/host===get - - /api/v3/book===get - - /api/v1/account/auth===post + - /api/v2/foo===delete - /**/*.html===get - /**/*.js===get - /**/*.css===get - - /**/*.ico===get + - /**/*.ico===* + - /**/*.png===* + # account info -# there are three account: admin, root, tom -# eg: admin has [role1,role2] ROLE, unencrypted password is admin, encrypted password is 0192023A7BBD73250516F069DF18B500 -# eg: root has role1, unencrypted password is 23456 -# eg: tom has role3, unencrypted password is 32113 +# there are three account: sam, tom, lisa +# eg: sam has [role1,role2,role3], password is sam123, has salt -> 123 +# eg: tom has role2, password is tom123 +# eg: lisa has role3, password is lisa123 account: - - appId: admin - # if add salt, the password is encrypted password - the result: MD5(password+salt) - # digest auth not support encrypted password - # if no salt, the password is unencrypted password - credential: 0192023A7BBD73250516F069DF18B500 + - appId: sam + # if add salt, the credential is encrypted by md5 - result is: MD5(password+salt) + # digest auth not support encrypted credential + credential: 1B9E9136628CB1B161AE47132DD7AF19 salt: 123 - role: [role1,role2] - - appId: root - credential: 23456 - role: [role1] + role: [role1,role2,role3] - appId: tom - credential: 32113 + credential: tom123 + role: [role2] + - appId: lisa + credential: lisa123 role: [role3] \ No newline at end of file diff --git a/samples/ktor-sureness/src/Application.kt b/samples/ktor-sureness/src/Application.kt index d22eca2324ac7169d89fd54a65b8f84208f9a651..8060d365fed4539e7b7bb0dd109a34367f2cd1a8 100644 --- a/samples/ktor-sureness/src/Application.kt +++ b/samples/ktor-sureness/src/Application.kt @@ -8,20 +8,20 @@ import io.ktor.application.Application import io.ktor.application.ApplicationCallPipeline import io.ktor.application.call import io.ktor.application.log -import io.ktor.http.ContentType -import io.ktor.http.HttpStatusCode -import io.ktor.response.header -import io.ktor.response.respondText +import io.ktor.http.* +import io.ktor.request.* +import io.ktor.response.* import io.ktor.routing.* import io.ktor.server.engine.EngineAPI import io.ktor.server.engine.embeddedServer import io.ktor.server.servlet.AsyncServletApplicationRequest import io.ktor.server.tomcat.Tomcat +import java.util.* @EngineAPI fun main(args: Array) { - embeddedServer(Tomcat, port = 8081){main()}.start(wait = true) + embeddedServer(Tomcat, port = 8080){main()}.start(wait = true) } @@ -40,28 +40,18 @@ fun Application.main() { log.debug("auth success!") } } catch (e4: UnknownAccountException) { - log.debug("this request is illegal") - call.respondText(e4.localizedMessage) - return@intercept finish() - - } catch (e2: DisabledAccountException) { - log.debug("the account is disabled") - call.respondText(e2.localizedMessage) - return@intercept finish() - - } catch (e2: ExcessiveAttemptsException) { - log.debug("the account is disabled") - call.respondText(e2.localizedMessage) + log.debug("this request account info is illegal") + call.respond(HttpStatusCode.Unauthorized, e4.localizedMessage) return@intercept finish() } catch (e3: IncorrectCredentialsException) { - log.debug("this account credential is incorrect or expired") - call.respondText(e3.localizedMessage) + log.debug("this account credential is incorrect") + call.respond(HttpStatusCode.Unauthorized, e3.localizedMessage) return@intercept finish() } catch (e3: ExpiredCredentialsException) { - log.debug("this account credential is incorrect or expired") - call.respondText(e3.localizedMessage) + log.debug("this account credential is expired") + call.respond(HttpStatusCode.Unauthorized, e3.localizedMessage) return@intercept finish() } catch (e4: NeedDigestInfoException) { @@ -73,52 +63,34 @@ fun Application.main() { } catch (e5: UnauthorizedException) { log.debug("this account can not access this resource") - call.respondText(e5.localizedMessage) + call.respond(HttpStatusCode.Forbidden, e5.localizedMessage) return@intercept finish() } catch (e: RuntimeException) { log.error("other exception happen: ", e) - call.respondText(e.localizedMessage) + call.respond(HttpStatusCode.Conflict, e.localizedMessage) return@intercept finish() } } routing { - get("/api/v3/host") { - call.respondText("Hello World!", ContentType.Text.Plain) - } - get("/api/v2/host") { - call.respondText("get /api/v2/host") - } - post("/api/v2/host") { - call.respondText("post /api/v2/host") - } - put("/api/v2/host") { - call.respondText("put /api/v2/host") - } - delete("/api/v2/host") { - call.respondText("delete /api/v2/host") - } - put("/api/mi/tom") { - call.respondText("put /api/mi/tom") - } - get("/api/v1/getSource1") { - call.respondText("get /api/v1/getSource1") + get("/api/v1/bar/{id}") { + call.respondText("access " + call.request.uri + " success") } - get("/api/v2/getSource2/book") { - call.respondText("get /api/v2/getSource2/book") + post("/api/v1/bar") { + call.respondText("access " + call.request.uri + " success") } - get("/api/v1/source1") { - call.respondText("get /api/v1/source1") + put("/api/v2/bar") { + call.respondText("access " + call.request.uri + " success") } - post("/api/v1/source1") { - call.respondText("post /api/v1/source1") + get("/api/v2/foo") { + call.respondText("access " + call.request.uri + " success") } - put("/api/v1/source1") { - call.respondText("put /api/v1/source1") + delete("/api/v2/foo") { + call.respondText("access " + call.request.uri + " success") } - delete("/api/v1/source1") { - call.respondText("delete /api/v1/source1") + get("/api/v3/foo") { + call.respondText("access " + call.request.uri + " success") } } } \ No newline at end of file