mirror of
https://github.com/google/nomulus.git
synced 2025-07-25 03:58:34 +02:00
Move truely public endpoints to a separate Auth (#2200)
This allows us to more easily refactor public endpoints that still use the legacy auth mechanism to identify logged-in users (for the legacy console).
This commit is contained in:
Lai Jiang
GitHub
parent
1d6b119340
commit
9330e3a50d
6 changed files with 30 additions and 22 deletions
|
|
@ -30,16 +30,14 @@ public enum Auth {
|
|||
* <p>If a user is logged in, will authenticate (and return) them. Otherwise, access is still
|
||||
* granted, but NOT_AUTHENTICATED is returned.
|
||||
*
|
||||
* <p>This is used for public HTML endpoints like RDAP, the check API, and web WHOIS.
|
||||
*
|
||||
* <p>User-facing legacy console endpoints (those that extend {@link HtmlAction}) also use it.
|
||||
* They need to allow requests from signed-out users so that they can redirect users to the login
|
||||
* page. After a user is logged in, they check if the user actually has access to the specific
|
||||
* console using {@link AuthenticatedRegistrarAccessor}.
|
||||
* <p>User-facing legacy console endpoints (those that extend {@link HtmlAction}) use it. They
|
||||
* need to allow requests from signed-out users so that they can redirect users to the login page.
|
||||
* After a user is logged in, they check if the user actually has access to the specific console
|
||||
* using {@link AuthenticatedRegistrarAccessor}.
|
||||
*
|
||||
* @see HtmlAction
|
||||
*/
|
||||
AUTH_PUBLIC(
|
||||
AUTH_PUBLIC_LEGACY(
|
||||
ImmutableList.of(AuthMethod.API, AuthMethod.LEGACY), AuthLevel.NONE, UserPolicy.PUBLIC),
|
||||
|
||||
/**
|
||||
|
|
@ -52,6 +50,13 @@ public enum Auth {
|
|||
AUTH_PUBLIC_LOGGED_IN(
|
||||
ImmutableList.of(AuthMethod.API, AuthMethod.LEGACY), AuthLevel.USER, UserPolicy.PUBLIC),
|
||||
|
||||
/**
|
||||
* Allows anyone to access.
|
||||
*
|
||||
* <p>This is used for public HTML endpoints like RDAP, the check API, and web WHOIS.
|
||||
*/
|
||||
AUTH_PUBLIC(ImmutableList.of(AuthMethod.API), AuthLevel.NONE, UserPolicy.PUBLIC),
|
||||
|
||||
/**
|
||||
* Allows only the app itself (via service accounts) or admins to access.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ import javax.inject.Named;
|
|||
service = Action.Service.DEFAULT,
|
||||
path = ConsoleOteSetupAction.PATH,
|
||||
method = {Method.POST, Method.GET},
|
||||
auth = Auth.AUTH_PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_LEGACY)
|
||||
public final class ConsoleOteSetupAction extends HtmlAction {
|
||||
|
||||
public static final String PATH = "/registrar-ote-setup";
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ import org.joda.money.CurrencyUnit;
|
|||
service = Service.DEFAULT,
|
||||
path = ConsoleRegistrarCreatorAction.PATH,
|
||||
method = {Method.POST, Method.GET},
|
||||
auth = Auth.AUTH_PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_LEGACY)
|
||||
public final class ConsoleRegistrarCreatorAction extends HtmlAction {
|
||||
|
||||
private static final int PASSWORD_LENGTH = 16;
|
||||
|
|
|
|||
|
|
@ -41,7 +41,10 @@ import java.util.Optional;
|
|||
import javax.inject.Inject;
|
||||
|
||||
/** Action that serves Registrar Console single HTML page (SPA). */
|
||||
@Action(service = Action.Service.DEFAULT, path = ConsoleUiAction.PATH, auth = Auth.AUTH_PUBLIC)
|
||||
@Action(
|
||||
service = Action.Service.DEFAULT,
|
||||
path = ConsoleUiAction.PATH,
|
||||
auth = Auth.AUTH_PUBLIC_LEGACY)
|
||||
public final class ConsoleUiAction extends HtmlAction {
|
||||
|
||||
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
service = Action.Service.DEFAULT,
|
||||
path = RegistryLockVerifyAction.PATH,
|
||||
auth = Auth.AUTH_PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_LEGACY)
|
||||
public final class RegistryLockVerifyAction extends HtmlAction {
|
||||
|
||||
public static final String PATH = "/registry-lock-verify";
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
PATH CLASS METHODS OK AUTH_METHODS MIN USER_POLICY
|
||||
/_dr/whois WhoisAction POST n API APP ADMIN
|
||||
/check CheckApiAction GET n API,LEGACY NONE PUBLIC
|
||||
/rdap/autnum/(*) RdapAutnumAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/domain/(*) RdapDomainAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/domains RdapDomainSearchAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/entities RdapEntitySearchAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/entity/(*) RdapEntityAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/help(*) RdapHelpAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/ip/(*) RdapIpAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/rdap/nameservers RdapNameserverSearchAction GET,HEAD n API,LEGACY NONE PUBLIC
|
||||
/whois/(*) WhoisHttpAction GET n API,LEGACY NONE PUBLIC
|
||||
/check CheckApiAction GET n API NONE PUBLIC
|
||||
/rdap/autnum/(*) RdapAutnumAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/domain/(*) RdapDomainAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/domains RdapDomainSearchAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/entities RdapEntitySearchAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/entity/(*) RdapEntityAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/help(*) RdapHelpAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/ip/(*) RdapIpAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n API NONE PUBLIC
|
||||
/rdap/nameservers RdapNameserverSearchAction GET,HEAD n API NONE PUBLIC
|
||||
/whois/(*) WhoisHttpAction GET n API NONE PUBLIC
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue