Skip to content

Commit

Permalink
chore: restrict all retrieval endpoints to service role
Browse files Browse the repository at this point in the history
  • Loading branch information
astappiev committed Aug 9, 2024
1 parent 38a60e8 commit 8793f90
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ private Roles() {
}

public static final String USER = "User"; // Auth by username and password
public static final String SERVICE = "Service"; // Auth by api key
public static final String APPLICATION = "Application"; // Auth by api key
}
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public Uni<SecurityIdentity> authenticate(ApiKeyAuthenticationRequest request, A
.setPrincipal(key.user)
.addCredential(key)
.setAnonymous(false)
.addRole(Roles.SERVICE)
.addRole(Roles.APPLICATION)
.build());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

import java.util.List;

import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.core.Context;

import io.quarkus.hibernate.reactive.panache.Panache;
import io.quarkus.security.Authenticated;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Uni;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
Expand All @@ -18,11 +18,12 @@
import de.l3s.interweb.core.chat.CompletionsQuery;
import de.l3s.interweb.core.chat.CompletionsResults;
import de.l3s.interweb.core.chat.Message;
import de.l3s.interweb.server.features.user.Token;
import de.l3s.interweb.server.Roles;
import de.l3s.interweb.server.features.user.ApiKey;

@Tag(name = "Chat", description = "OpenAI compatible chat completions")
@Path("/chat")
@Authenticated
@RolesAllowed({Roles.APPLICATION})
public class ChatResource {

@Inject
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@
import java.util.List;
import java.util.UUID;

import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.*;
import jakarta.ws.rs.core.Context;

import io.quarkus.security.Authenticated;
import io.quarkus.hibernate.reactive.panache.PanacheEntityBase;
import io.quarkus.hibernate.reactive.panache.common.WithTransaction;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Multi;
import io.smallrye.mutiny.Uni;
Expand All @@ -17,11 +19,12 @@
import de.l3s.interweb.core.chat.Conversation;
import de.l3s.interweb.core.chat.Role;
import de.l3s.interweb.core.util.StringUtils;
import de.l3s.interweb.server.features.user.Token;
import de.l3s.interweb.server.Roles;
import de.l3s.interweb.server.features.user.ApiKey;

@Tag(name = "Chats", description = "Retrieve and manage chats")
@Path("/chats")
@Authenticated
@RolesAllowed({Roles.APPLICATION})
public class ChatsResource {

@Context
Expand Down Expand Up @@ -75,4 +78,13 @@ public Uni<Conversation> chat(@PathParam("uuid") UUID id) {
return conversation;
});
}

@DELETE
@WithTransaction
@Path("{uuid}")
public Uni<Void> delete(@PathParam("uuid") UUID id) {
ApiKey apikey = securityIdentity.getCredential(ApiKey.class);

return Chat.findById(apikey, id).call(PanacheEntityBase::delete).replaceWithVoid();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import java.util.ArrayList;
import java.util.List;

import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.ValidationException;
Expand All @@ -11,7 +12,6 @@
import jakarta.ws.rs.Path;

import io.quarkus.cache.CacheResult;
import io.quarkus.security.Authenticated;
import io.smallrye.mutiny.Uni;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.resteasy.reactive.RestQuery;
Expand All @@ -20,10 +20,11 @@
import de.l3s.interweb.core.describe.DescribeQuery;
import de.l3s.interweb.core.describe.DescribeResults;
import de.l3s.interweb.core.util.StringUtils;
import de.l3s.interweb.server.Roles;

@Tag(name = "Describe", description = "Retrieve information about a resource (URL)")
@Path("/describe")
@Authenticated
@RolesAllowed({Roles.APPLICATION})
public class DescribeResource {

@Inject
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,22 @@

import java.util.List;

import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;

import io.quarkus.security.Authenticated;
import io.smallrye.mutiny.Uni;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;

import de.l3s.interweb.core.ObjectWrapper;
import de.l3s.interweb.core.models.Model;
import de.l3s.interweb.server.Roles;

@Tag(name = "Models", description = "List all available models")
@Path("/models")
@Authenticated
@RolesAllowed({Roles.APPLICATION})
public class ModelsResource {

@Inject
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import java.util.List;
import java.util.UUID;

import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.Max;
Expand All @@ -17,7 +18,6 @@
import jakarta.ws.rs.Path;
import jakarta.ws.rs.core.Context;

import io.quarkus.security.Authenticated;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Uni;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
Expand All @@ -26,10 +26,11 @@

import de.l3s.interweb.core.search.*;
import de.l3s.interweb.core.util.StringUtils;
import de.l3s.interweb.server.Roles;

@Tag(name = "Search", description = "Search internet by query")
@Path("/search")
@Authenticated
@RolesAllowed({Roles.APPLICATION})
public class SearchResource {
private static final String NO_CACHE = "no-cache";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import java.util.ArrayList;
import java.util.List;

import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotEmpty;
Expand All @@ -12,7 +13,6 @@
import jakarta.ws.rs.Path;

import io.quarkus.cache.CacheResult;
import io.quarkus.security.Authenticated;
import io.smallrye.mutiny.Uni;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.resteasy.reactive.RestQuery;
Expand All @@ -21,10 +21,11 @@
import de.l3s.interweb.core.suggest.SuggestQuery;
import de.l3s.interweb.core.suggest.SuggestResults;
import de.l3s.interweb.core.util.StringUtils;
import de.l3s.interweb.server.Roles;

@Tag(name = "Suggest", description = "Suggest completions for a query")
@Path("/suggest")
@Authenticated
@RolesAllowed({Roles.APPLICATION})
public class SuggestResource {

@Inject
Expand Down

0 comments on commit 8793f90

Please sign in to comment.