lsmyrnaios
/
UrlsWorker
1
0
Fork 1
Code Issues Pull Requests Releases 12 Wiki Activity

Remove the "shutDownOrCancelCode" from security checks, since we have an IP whitelisting mechanism in place.

This commit is contained in:
Lampros Smyrnaios 2023-05-03 15:15:46 +03:00
parent 4eac7c5c66
commit 29a54f0b30
2 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/java/eu/openaire/urls_worker/controllers/GeneralController.java
View File

@ -8,7 +8,6 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@ -23,11 +22,9 @@ public class GeneralController {
private final String controllerIp;
private final String shutdownOrCancelCode;
public GeneralController(@Value("${info.controllerIp}") String controllerIp, @Value("${info.shutdownOrCancelCode}") String shutdownOrCancelCode) {
public GeneralController(@Value("${info.controllerIp}") String controllerIp) {
this.controllerIp = controllerIp;
this.shutdownOrCancelCode = shutdownOrCancelCode;
}
@ -40,11 +37,11 @@ public class GeneralController {
public static boolean shouldShutdownWorker = false;
@GetMapping("shutdownWorker/{shutdownCode}")
public ResponseEntity<?> shutdownWorkerGracefully(@PathVariable String shutdownCode, HttpServletRequest request)
@GetMapping("shutdownWorker")
public ResponseEntity<?> shutdownWorkerGracefully(HttpServletRequest request)
{
String initMsg = "Received a \"shutdownWorker\" request.";
ResponseEntity<?> responseEntity = passSecurityChecks(request, shutdownCode, initMsg);
ResponseEntity<?> responseEntity = passSecurityChecks(request, initMsg);
if ( responseEntity != null )
return responseEntity;
@ -60,11 +57,11 @@ public class GeneralController {
}
@GetMapping("cancelShutdownWorker/{cancelCode}")
public ResponseEntity<?> cancelShutdownWorkerGracefully(@PathVariable String cancelCode, HttpServletRequest request)
@GetMapping("cancelShutdownWorker")
public ResponseEntity<?> cancelShutdownWorkerGracefully(HttpServletRequest request)
{
String initMsg = "Received a \"cancelShutdownWorker\" request.";
ResponseEntity<?> responseEntity = passSecurityChecks(request, cancelCode, initMsg);
ResponseEntity<?> responseEntity = passSecurityChecks(request, initMsg);
if ( responseEntity != null )
return responseEntity;
@ -82,7 +79,7 @@ public class GeneralController {
}
public ResponseEntity<?> passSecurityChecks(HttpServletRequest request, String code, String initMsg)
public ResponseEntity<?> passSecurityChecks(HttpServletRequest request, String initMsg)
{
if ( request == null ) {
logger.error(initMsg + " The \"HttpServletRequest\" is null!");
@ -97,12 +94,6 @@ public class GeneralController {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
if ( !code.equals(this.shutdownOrCancelCode) ) {
String errorMsg = initMsg + " But, it contains an invalid code: " + code;
logger.error(errorMsg);
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(errorMsg);
}
return null; // The checks are passing.
}

1
src/main/resources/application.properties
View File

@ -25,7 +25,6 @@ info.maxAssignmentsBatchesToHandleBeforeShutdown = 0
info.controllerIp = XX
info.controllerPort = XX
info.controllerBaseUrl = http://${info.controllerIp}:${info.controllerPort}/api/
info.shutdownOrCancelCode = XX
# LOGGING LEVELS