fix: plugin endpoint invocation

ludomikula · ludomikula · commit 3a7fe8346707 · 2024-11-29T00:08:52.000+01:00
diff --git a/server/api-service/lowcoder-infra/src/main/java/org/lowcoder/infra/constant/NewUrl.java b/server/api-service/lowcoder-infra/src/main/java/org/lowcoder/infra/constant/NewUrl.java
@@ -34,4 +34,6 @@ private NewUrl() {
     public static final String MATERIAL_URL = PREFIX + "/materials";
     public static final String CONTACT_SYNC = PREFIX + "/sync";
     public static final String NPM_REGISTRY = PREFIX + "/npm";
+
+    public static final String PLUGINS_URL = PREFIX + "/plugins";
 }
diff --git a/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/exception/BizError.java b/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/exception/BizError.java
@@ -11,7 +11,7 @@ public enum BizError {
 
     // 5000 - 5100 general errorCode
     INTERNAL_SERVER_ERROR(500, 5000, VERBOSE),
-    NOT_AUTHORIZED(500, 5001),
+    NOT_AUTHORIZED(401, 5001),
     INVALID_PARAMETER(500, 5002),
     UNSUPPORTED_OPERATION(400, 5003),
     DUPLICATE_KEY(409, 5004, VERBOSE),
@@ -113,6 +113,7 @@ public enum BizError {
     PLUGIN_EXECUTION_TIMEOUT(504, 5800),
     INVALID_DATASOURCE_TYPE(500, 5801),
     PLUGIN_EXECUTION_TIMEOUT_WITHOUT_TIME(504, 5802, VERBOSE),
+    PLUGIN_ENDPOINT_ERROR(500, 5850),
 
     // business related, code range 5900 - 5999
     NOT_RELEASE(423, 5901),
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/exception/GlobalExceptionHandler.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/exception/GlobalExceptionHandler.java
@@ -8,7 +8,9 @@
 import java.util.Map;
 import java.util.concurrent.TimeoutException;
 
+import org.apache.commons.lang3.StringUtils;
 import org.lowcoder.api.framework.view.ResponseView;
+import org.lowcoder.infra.constant.NewUrl;
 import org.lowcoder.infra.util.LogUtils;
 import org.lowcoder.sdk.exception.BaseException;
 import org.lowcoder.sdk.exception.BizError;
@@ -26,6 +28,7 @@
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.support.WebExchangeBindException;
+import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.ServerWebInputException;
 
@@ -133,6 +136,23 @@ public Mono<ResponseView<?>> catchServerException(ServerException e, ServerWebEx
         });
     }
 
+    @ExceptionHandler
+    @ResponseBody
+    public Mono<ResponseView<?>> catchResponseStatusException(ResponseStatusException e, ServerWebExchange exchange) {
+        if (StringUtils.startsWith(exchange.getRequest().getPath().toString(), NewUrl.PLUGINS_URL + "/")) {
+            BizError bizError = BizError.PLUGIN_ENDPOINT_ERROR;
+            exchange.getResponse().setStatusCode(e.getStatusCode());
+            return Mono.deferContextual(ctx -> {
+                apiPerfHelper.perf(bizError, exchange.getRequest().getPath());
+                doLog(e, ctx, bizError.logVerbose());
+                return Mono.just(error(bizError.getBizErrorCode(), e.getMessage() + " - path: " + exchange.getRequest().getPath()));
+            });
+
+        } else {
+            return catchException(e, exchange);
+        }
+    }
+
     @ExceptionHandler
     @ResponseBody
     public Mono<ResponseView<?>> catchException(java.lang.Exception e, ServerWebExchange exchange) {
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/security/PluginAuthorizationManager.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/security/PluginAuthorizationManager.java
@@ -31,11 +31,12 @@ public PluginAuthorizationManager()
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, MethodInvocation invocation) 
 	{
 		log.info("Checking plugin reactive endpoint invocation security for {}", invocation.getMethod().getName());
-		
+
 		EndpointExtension endpointExtension = (EndpointExtension)invocation.getArguments()[1];
 		if (endpointExtension == null || StringUtils.isBlank(endpointExtension.authorize()))
 		{
-			return Mono.empty();
+			log.debug("Authorization expression is empty, proceeding without authorization - authorization granted.");
+			return Mono.just(new AuthorizationDecision(true));
 		}
 		
 		Expression authorizeExpression = this.expressionHandler.getExpressionParser()

Original file line number	Diff line number	Diff line change
`@@ -34,4 +34,6 @@ private NewUrl() {`
`34`	`34`	`public static final String MATERIAL_URL = PREFIX + "/materials";`
`35`	`35`	`public static final String CONTACT_SYNC = PREFIX + "/sync";`
`36`	`36`	`public static final String NPM_REGISTRY = PREFIX + "/npm";`
	`37`	`+`
	`38`	`+ public static final String PLUGINS_URL = PREFIX + "/plugins";`
`37`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,11 +31,12 @@ public PluginAuthorizationManager()`
`31`	`31`	`public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, MethodInvocation invocation)`
`32`	`32`	`{`
`33`	`33`	`log.info("Checking plugin reactive endpoint invocation security for {}", invocation.getMethod().getName());`
`34`		`-`
	`34`	`+`
`35`	`35`	`EndpointExtension endpointExtension = (EndpointExtension)invocation.getArguments()[1];`
`36`	`36`	`if (endpointExtension == null \|\| StringUtils.isBlank(endpointExtension.authorize()))`
`37`	`37`	`{`
`38`		`- return Mono.empty();`
	`38`	`+ log.debug("Authorization expression is empty, proceeding without authorization - authorization granted.");`
	`39`	`+ return Mono.just(new AuthorizationDecision(true));`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`Expression authorizeExpression = this.expressionHandler.getExpressionParser()`