diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/API.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/API.java index 3220cf6b02..1e4dca48db 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/API.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/API.java @@ -17,6 +17,7 @@ package org.apache.hugegraph.api; +import java.time.format.DateTimeFormatter; import java.util.Collection; import java.util.Map; import java.util.concurrent.Callable; @@ -89,6 +90,13 @@ public class API { private static final String STANDALONE_ERROR = "GraphSpace management is not supported in standalone mode"; + /** + * Shared date formatter for API response timestamps (thread-safe, reusable). + * Example output: {@code "2024-05-01 12:30:00"} + */ + protected static final DateTimeFormatter DATE_FORMATTER = + DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"); + public static HugeGraph graph(GraphManager manager, String graphSpace, String graph) { HugeGraph g = manager.graph(graphSpace, graph); @@ -282,6 +290,28 @@ public static void validPermission(boolean hasPermission, String user, } } + /** + * Returns {@code true} if the profile's {@code "name"} or {@code "nickname"} + * field starts with the given prefix. Returns {@code true} when prefix is + * null or empty (i.e. no filtering). + * + *

Used by {@code GraphsAPI.listProfile} and {@code GraphSpaceAPI.listProfile} + * to filter results by a user-supplied prefix string. + * + * @param profile a map containing at least a {@code "name"} key + * @param prefix the prefix to match against; ignored when blank + * @return whether the entry matches the prefix filter + */ + protected static boolean isPrefix(Map profile, String prefix) { + if (prefix == null || prefix.isEmpty()) { + return true; + } + String name = profile.get("name").toString(); + Object nicknameObj = profile.get("nickname"); + String nickname = nicknameObj != null ? nicknameObj.toString() : ""; + return name.startsWith(prefix) || nickname.startsWith(prefix); + } + public static class ApiMeasurer { public static final String EDGE_ITER = "edge_iterations"; diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/ManagerAPI.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/ManagerAPI.java index 071e4b8a66..5e42190993 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/ManagerAPI.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/ManagerAPI.java @@ -22,9 +22,12 @@ import java.util.ArrayList; import java.util.List; +import org.apache.commons.lang3.StringUtils; + import org.apache.hugegraph.api.API; import org.apache.hugegraph.api.filter.StatusFilter; import org.apache.hugegraph.auth.AuthManager; +import org.apache.hugegraph.auth.HugeDefaultRole; import org.apache.hugegraph.auth.HugeGraphAuthProxy; import org.apache.hugegraph.auth.HugePermission; import org.apache.hugegraph.core.GraphManager; @@ -259,6 +262,46 @@ public String getRolesInGs(@Context GraphManager manager, result)); } + @GET + @Timed + @Path("default") + @Consumes(APPLICATION_JSON) + public String checkDefaultRole(@Context GraphManager manager, + @QueryParam("graphspace") String graphSpace, + @QueryParam("role") String role, + @QueryParam("graph") String graph) { + LOG.debug("check if current user is default role: {} {} {}", + role, graphSpace, graph); + ensurePdModeEnabled(manager); + AuthManager authManager = manager.authManager(); + String user = HugeGraphAuthProxy.username(); + + E.checkArgument(StringUtils.isNotEmpty(role) && + StringUtils.isNotEmpty(graphSpace), + "Must pass graphspace and role params"); + + HugeDefaultRole defaultRole; + try { + defaultRole = HugeDefaultRole.valueOf(role.toUpperCase()); + } catch (IllegalArgumentException e) { + E.checkArgument(false, "Invalid role value '%s'", role); + defaultRole = null; // unreachable, satisfies compiler + } + boolean hasGraph = defaultRole.equals(HugeDefaultRole.OBSERVER); + E.checkArgument(!hasGraph || StringUtils.isNotEmpty(graph), + "Must set a graph for observer"); + + boolean result; + if (hasGraph) { + result = authManager.isDefaultRole(graphSpace, graph, user, + defaultRole); + } else { + result = authManager.isDefaultRole(graphSpace, user, + defaultRole); + } + return manager.serializer().writeMap(ImmutableMap.of("check", result)); + } + private void validUser(AuthManager authManager, String user) { E.checkArgument(authManager.findUser(user) != null || authManager.findGroup(user) != null, @@ -274,7 +317,7 @@ private void validType(HugePermission type) { private void validGraphSpace(GraphManager manager, String graphSpace) { E.checkArgument(manager.graphSpace(graphSpace) != null, - "The graph space is not exist"); + "The graph space '%s' does not exist", graphSpace); } private static class JsonManager implements Checkable { diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/UserAPI.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/UserAPI.java index de51e6955d..c8b7c4af58 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/UserAPI.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/UserAPI.java @@ -178,6 +178,9 @@ private static class JsonUser implements Checkable { @JsonProperty("user_password") @Schema(description = "The user password", required = true) private String password; + @JsonProperty("user_nickname") + @Schema(description = "The user nickname") + private String nickname; @JsonProperty("user_phone") @Schema(description = "The user phone number") private String phone; @@ -197,6 +200,9 @@ public HugeUser build(HugeUser user) { if (this.password != null) { user.password(StringEncoding.hashPassword(this.password)); } + if (this.nickname != null) { + user.nickname(this.nickname); + } if (this.phone != null) { user.phone(this.phone); } @@ -215,6 +221,7 @@ public HugeUser build(HugeUser user) { public HugeUser build() { HugeUser user = new HugeUser(this.name); user.password(StringEncoding.hashPassword(this.password)); + user.nickname(this.nickname); user.phone(this.phone); user.email(this.email); user.avatar(this.avatar); @@ -233,10 +240,12 @@ public void checkCreate(boolean isBatch) { @Override public void checkUpdate() { E.checkArgument(!StringUtils.isEmpty(this.password) || + this.nickname != null || this.phone != null || this.email != null || - this.avatar != null, - "Expect one of user password/phone/email/avatar]"); + this.avatar != null || + this.description != null, + "Expect one of user password/nickname/phone/email/avatar/description"); } } } diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java index 9316d7341b..d54f5af786 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/profile/GraphsAPI.java @@ -18,16 +18,22 @@ package org.apache.hugegraph.api.profile; import java.io.File; +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; import java.util.HashMap; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; - import org.apache.commons.lang3.StringUtils; import org.apache.hugegraph.HugeException; import org.apache.hugegraph.HugeGraph; import org.apache.hugegraph.api.API; import org.apache.hugegraph.api.filter.StatusFilter; +import org.apache.hugegraph.auth.AuthManager; import org.apache.hugegraph.auth.HugeAuthenticator.RequiredPerm; import org.apache.hugegraph.auth.HugeGraphAuthProxy; import org.apache.hugegraph.auth.HugePermission; @@ -36,6 +42,7 @@ import org.apache.hugegraph.space.GraphSpace; import org.apache.hugegraph.type.define.GraphMode; import org.apache.hugegraph.type.define.GraphReadMode; +import org.apache.hugegraph.util.ConfigUtil; import org.apache.hugegraph.util.E; import org.apache.hugegraph.util.JsonUtil; import org.apache.hugegraph.util.Log; @@ -74,6 +81,7 @@ public class GraphsAPI extends API { private static final String CONFIRM_DROP = "I'm sure to drop the graph"; private static final String GRAPH_DESCRIPTION = "description"; private static final String GRAPH_ACTION = "action"; + private static final String UPDATE = "update"; private static final String GRAPH_ACTION_RELOAD = "reload"; private static Map convConfig(Map config) { @@ -120,6 +128,86 @@ public Object list(@Context GraphManager manager, return ImmutableMap.of("graphs", filterGraphs); } + @GET + @Timed + @Path("profile") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public Object listProfile(@Context GraphManager manager, + @Parameter(description = "The graph space name") + @PathParam("graphspace") String graphSpace, + @Parameter(description = "Filter graphs by name or nickname prefix") + @QueryParam("prefix") String prefix, + @Context SecurityContext sc) { + LOG.debug("List graph profiles in graph space {}", graphSpace); + if (null == manager.graphSpace(graphSpace)) { + throw new HugeException("Graphspace not exist!"); + } + GraphSpace gs = manager.graphSpace(graphSpace); + // graphSpace.nickname() may be null in non-PD mode (GraphManager returns + // a placeholder GraphSpace without a nickname set) + String gsNickname = gs.nickname() != null ? gs.nickname() : graphSpace; + + AuthManager authManager = manager.authManager(); + String user = HugeGraphAuthProxy.username(); + // Default graph concept relies on PD meta storage; in non-PD standalone + // mode there is no persistent store for this, so we gracefully degrade. + Map defaultGraphs; + if (manager.isPDEnabled()) { + defaultGraphs = authManager.getDefaultGraph(graphSpace, user); + } else { + defaultGraphs = new HashMap<>(); + } + + Set graphs = manager.graphs(graphSpace); + List> profiles = new ArrayList<>(); + List> defaultProfiles = new ArrayList<>(); + for (String graph : graphs) { + String role = RequiredPerm.roleFor(graphSpace, graph, + HugePermission.READ); + if (!sc.isUserInRole(role)) { + continue; + } + try { + HugeGraph hg = graph(manager, graphSpace, graph); + HugeConfig config = (HugeConfig) hg.configuration(); + String configResp = ConfigUtil.writeConfigToString(config); + Map profile = + JsonUtil.fromJson(configResp, Map.class); + profile.put("name", graph); + profile.put("nickname", hg.nickname()); + if (!isPrefix(profile, prefix)) { + continue; + } + profile.put("graphspace_nickname", gsNickname); + + boolean isDefault = defaultGraphs.containsKey(graph); + profile.put("default", isDefault); + if (isDefault) { + profile.put("default_update_time", defaultGraphs.get(graph)); + } + + Date createTime = hg.createTime(); + if (createTime != null) { + LocalDateTime ldt = createTime.toInstant() + .atZone(ZoneId.systemDefault()).toLocalDateTime(); + profile.put("create_time", DATE_FORMATTER.format(ldt)); + } + + if (isDefault) { + defaultProfiles.add(profile); + } else { + profiles.add(profile); + } + } catch (ForbiddenException ignored) { + // ignore graphs the current user has no access to + } + } + defaultProfiles.addAll(profiles); + return defaultProfiles; + } + + @GET @Timed @Path("{name}") @@ -136,6 +224,76 @@ public Object get(@Context GraphManager manager, return ImmutableMap.of("name", g.name(), "backend", g.backend()); } + @POST + @Timed + @Path("{name}/default") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$owner=$name"}) + public Map setDefault(@Context GraphManager manager, + @Parameter(description = "The graph space name") + @PathParam("graphspace") String graphSpace, + @Parameter(description = "The graph name") + @PathParam("name") String name) { + LOG.debug("Set default graph '{}' in graph space '{}'", name, graphSpace); + E.checkArgument(manager.graph(graphSpace, name) != null, + "Graph '%s/%s' does not exist", graphSpace, name); + // Default graph persistence requires PD meta storage. + // In non-PD (standalone RocksDB) mode, gracefully return empty. + if (!manager.isPDEnabled()) { + return ImmutableMap.of("default_graph", Collections.emptySet()); + } + String user = HugeGraphAuthProxy.username(); + AuthManager authManager = manager.authManager(); + authManager.setDefaultGraph(graphSpace, name, user); + Map defaults = authManager.getDefaultGraph(graphSpace, user); + return ImmutableMap.of("default_graph", defaults.keySet()); + } + + @DELETE + @Timed + @Path("{name}/default") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$owner=$name"}) + public Map unsetDefault(@Context GraphManager manager, + @Parameter(description = "The graph space name") + @PathParam("graphspace") String graphSpace, + @Parameter(description = "The graph name") + @PathParam("name") String name) { + LOG.debug("Unset default graph '{}' in graph space '{}'", name, graphSpace); + E.checkArgument(manager.graph(graphSpace, name) != null, + "Graph '%s/%s' does not exist", graphSpace, name); + // Default graph persistence requires PD meta storage. + // In non-PD (standalone RocksDB) mode, gracefully return empty. + if (!manager.isPDEnabled()) { + return ImmutableMap.of("default_graph", Collections.emptySet()); + } + String user = HugeGraphAuthProxy.username(); + AuthManager authManager = manager.authManager(); + authManager.unsetDefaultGraph(graphSpace, name, user); + Map defaults = authManager.getDefaultGraph(graphSpace, user); + return ImmutableMap.of("default_graph", defaults.keySet()); + } + + @GET + @Timed + @Path("default") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public Map getDefault(@Context GraphManager manager, + @Parameter(description = "The graph space name") + @PathParam("graphspace") String graphSpace) { + LOG.debug("Get default graphs in graph space '{}'", graphSpace); + // Default graph persistence requires PD meta storage. + // In non-PD (standalone RocksDB) mode, return empty set. + if (!manager.isPDEnabled()) { + return ImmutableMap.of("default_graph", Collections.emptySet()); + } + String user = HugeGraphAuthProxy.username(); + AuthManager authManager = manager.authManager(); + Map defaults = authManager.getDefaultGraph(graphSpace, user); + return ImmutableMap.of("default_graph", defaults.keySet()); + } + @DELETE @Timed @Path("{name}") @@ -155,6 +313,61 @@ public void drop(@Context GraphManager manager, manager.dropGraph(graphSpace, name, true); } + @PUT + @Timed + @Path("{name}") + @Consumes(APPLICATION_JSON) + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space"}) + public Map manage(@Context GraphManager manager, + @Parameter(description = "The graph space name") + @PathParam("graphspace") String graphSpace, + @Parameter(description = "The graph name") + @PathParam("name") String name, + @Parameter(description = "Action map: {'action':'update','update':{...}}") + Map actionMap) { + LOG.debug("Manage graph '{}' with action '{}'", name, actionMap); + E.checkArgument(actionMap != null && actionMap.containsKey(GRAPH_ACTION), + "Invalid request body '%s'", actionMap); + Object value = actionMap.get(GRAPH_ACTION); + E.checkArgument(value instanceof String, + "Invalid action type '%s', must be string", + value.getClass()); + String action = (String) value; + switch (action) { + case UPDATE: + E.checkArgument(actionMap.containsKey(UPDATE), + "Please pass '%s' for graph update", + UPDATE); + value = actionMap.get(UPDATE); + E.checkArgument(value instanceof Map, + "The '%s' must be map, but got %s", + UPDATE, value.getClass()); + @SuppressWarnings("unchecked") + Map graphMap = (Map) value; + String graphName = (String) graphMap.get("name"); + E.checkArgument(graphName != null && graphName.equals(name), + "Different name in update body '%s' with path '%s'", + graphName, name); + HugeGraph exist = graph(manager, graphSpace, name); + String nickname = (String) graphMap.get("nickname"); + if (!Strings.isEmpty(nickname)) { + GraphManager.checkNickname(nickname); + E.checkArgument(!manager.isExistedGraphNickname(graphSpace, nickname) || + nickname.equals(exist.nickname()), + "Nickname '%s' has already existed in graphspace '%s'", + nickname, graphSpace); + // Delegate to GraphManager: handles both in-memory update and + // PD-mode persistence (non-PD mode is in-memory only). + manager.updateGraphNickname(graphSpace, name, nickname); + } + return ImmutableMap.of(name, "updated"); + default: + throw new AssertionError(String.format( + "Invalid graph action: '%s'", action)); + } + } + @PUT @Timed @Path("manage") @@ -207,11 +420,17 @@ public Object create(@Context GraphManager manager, if (StringUtils.isEmpty(clone)) { // Only check required parameters when creating new graph, not when cloning E.checkArgument(configs != null, "Config parameters cannot be null"); - String[] requiredKeys = {"backend", "serializer", "store"}; - for (String key : requiredKeys) { - Object value = configs.get(key); - E.checkArgument(value instanceof String && !StringUtils.isEmpty((String) value), - "Required parameter '%s' is missing or empty", key); + if (manager.isPDEnabled()) { + // Auto-fill HStore/PD mode defaults only when in distributed mode + configs.putIfAbsent("backend", "hstore"); + configs.putIfAbsent("serializer", "binary"); + } + // 'store' is safe to default to graph name in both PD and non-PD modes + configs.putIfAbsent("store", name); + // Map frontend 'schema' field to backend config key + Object schema = configs.remove("schema"); + if (schema != null && !schema.toString().isEmpty()) { + configs.put("schema.init_template", schema.toString()); } } @@ -220,13 +439,15 @@ public Object create(@Context GraphManager manager, if (StringUtils.isNotEmpty(clone)) { // Clone from existing graph LOG.debug("Clone graph '{}' to '{}' in graph space '{}'", clone, name, graphSpace); - graph = manager.cloneGraph(graphSpace, clone, name, convConfig(configs)); + Map cloneConfigs = configs != null ? configs : new HashMap<>(); + graph = manager.cloneGraph(graphSpace, clone, name, convConfig(cloneConfigs)); } else { // Create new graph graph = manager.createGraph(graphSpace, name, creator, convConfig(configs), true); } - String description = (String) configs.get(GRAPH_DESCRIPTION); + String description = (configs != null) ? + (String) configs.get(GRAPH_DESCRIPTION) : null; if (description == null) { description = Strings.EMPTY; } @@ -239,6 +460,37 @@ public Object create(@Context GraphManager manager, return result; } + /** + * Create graph via text/plain (hugegraph-client compatibility). + * Client sends: POST /graphspaces/{graphspace}/graphs/{name} + * with Content-Type: text/plain and body containing JSON config string. + */ + @POST + @Timed + @Path("{name}") + @StatusFilter.Status(StatusFilter.Status.CREATED) + @Consumes("text/plain") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space"}) + public Object createByText(@Context GraphManager manager, + @Parameter(description = "The graph space name") + @PathParam("graphspace") String graphSpace, + @Parameter(description = "The graph name to create") + @PathParam("name") String name, + @Parameter(description = "The graph name to clone from (optional)") + @QueryParam("clone_graph_name") String clone, + String configText) { + LOG.debug("Create graph {} with text config in graph space '{}'", + name, graphSpace); + Map configs = null; + if (configText != null && !configText.isEmpty()) { + configs = JsonUtil.fromJson(configText, Map.class); + } + return create(manager, graphSpace, name, clone, configs); + } + + + @GET @Timed @Path("{name}/conf") diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/GraphSpaceAPI.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/GraphSpaceAPI.java index 35bc40aed0..ad5b255cf2 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/GraphSpaceAPI.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/GraphSpaceAPI.java @@ -1,35 +1,38 @@ /* - * Copyright 2017 HugeGraph Authors - * * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with this - * work for additional information regarding copyright ownership. The ASF - * licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.apache.hugegraph.api.space; -import java.text.SimpleDateFormat; +import java.time.LocalDateTime; +import java.time.ZoneId; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang.StringUtils; + +import org.apache.hugegraph.HugeException; import org.apache.hugegraph.api.API; import org.apache.hugegraph.api.filter.StatusFilter.Status; import org.apache.hugegraph.auth.AuthManager; +import org.apache.hugegraph.auth.HugeDefaultRole; import org.apache.hugegraph.auth.HugeGraphAuthProxy; import org.apache.hugegraph.core.GraphManager; import org.apache.hugegraph.define.Checkable; @@ -42,6 +45,7 @@ import org.slf4j.Logger; import com.codahale.metrics.annotation.Timed; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; import com.google.common.collect.ImmutableMap; @@ -52,6 +56,7 @@ import jakarta.inject.Singleton; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.DELETE; +import jakarta.ws.rs.ForbiddenException; import jakarta.ws.rs.GET; import jakarta.ws.rs.POST; import jakarta.ws.rs.PUT; @@ -103,6 +108,141 @@ public Object get(@Context GraphManager manager, return gsInfo; } + @POST + @Timed + @Status(Status.CREATED) + @Consumes(APPLICATION_JSON) + @Produces(APPLICATION_JSON_WITH_CHARSET) + @Path("{graphspace}/role") + @RolesAllowed({"analyst"}) + public String setDefaultRole(@Context GraphManager manager, + @PathParam("graphspace") String name, + JsonDefaultRole jsonRole) { + E.checkArgumentNotNull(jsonRole, "Request body cannot be null"); + E.checkArgument(StringUtils.isNotEmpty(jsonRole.user), + "The 'user' field cannot be null or empty"); + E.checkArgument(StringUtils.isNotEmpty(jsonRole.role), + "The 'role' field cannot be null or empty"); + String user = jsonRole.user; + String graph = jsonRole.graph; + HugeDefaultRole role; + try { + role = HugeDefaultRole.valueOf(jsonRole.role.toUpperCase()); + } catch (IllegalArgumentException e) { + E.checkArgument(false, "Invalid role value '%s'", jsonRole.role); + role = null; // unreachable, satisfies compiler + } + LOG.debug("Create default role: {} {} {}", user, role, + name); + AuthManager authManager = manager.authManager(); + E.checkArgument(authManager.findUser(user) != null || + authManager.findGroup(user) != null, + "The user or group is not exist"); + // only admin can set space admin + if (!authManager.isAdminManager(HugeGraphAuthProxy.username()) && + role.equals(HugeDefaultRole.SPACE)) { + throw new ForbiddenException("Forbidden to set role " + role.toString()); + } + + boolean hasGraph = role.equals(HugeDefaultRole.OBSERVER); + + E.checkArgument(!hasGraph || StringUtils.isNotEmpty(graph), + "Must set a graph for observer"); + + Map result = new HashMap<>(); + result.put("user", user); + result.put("role", jsonRole.role); + result.put("graphSpace", name); + + if (hasGraph) { + authManager.createDefaultRole(name, user, role, graph); + result.put("graph", graph); + } else { + authManager.createSpaceDefaultRole(name, user, role); + } + + return manager.serializer().writeMap(result); + } + + @GET + @Timed + @Path("{graphspace}/role") + @Consumes(APPLICATION_JSON) + @RolesAllowed("analyst") + public String checkDefaultRole(@Context GraphManager manager, + @PathParam("graphspace") String name, + @QueryParam("user") String user, + @QueryParam("role") String role, + @QueryParam("graph") String graph) { + E.checkArgument(StringUtils.isNotEmpty(user), + "The 'user' query param cannot be null or empty"); + E.checkArgument(StringUtils.isNotEmpty(role), + "The 'role' query param cannot be null or empty"); + LOG.debug("Check space role: {} {} {}", user, role, + name); + AuthManager authManager = manager.authManager(); + + HugeDefaultRole defaultRole; + try { + defaultRole = HugeDefaultRole.valueOf(role.toUpperCase()); + } catch (IllegalArgumentException e) { + E.checkArgument(false, "Invalid role value '%s'", role); + defaultRole = null; // unreachable, satisfies compiler + } + boolean hasGraph = defaultRole.equals(HugeDefaultRole.OBSERVER); + E.checkArgument(!hasGraph || StringUtils.isNotEmpty(graph), + "Must set a graph for observer"); + + boolean result; + if (hasGraph) { + result = authManager.isDefaultRole(name, graph, user, + defaultRole); + } else { + result = authManager.isDefaultRole(name, user, + defaultRole); + } + return manager.serializer().writeMap(ImmutableMap.of("check", result)); + } + + @DELETE + @Timed + @Path("{graphspace}/role") + @Consumes(APPLICATION_JSON) + @RolesAllowed("analyst") + public void deleteDefaultRole(@Context GraphManager manager, + @PathParam("graphspace") String name, + @QueryParam("user") String user, + @QueryParam("role") String role, + @QueryParam("graph") String graph) { + E.checkArgument(StringUtils.isNotEmpty(user), + "The 'user' query param cannot be null or empty"); + E.checkArgument(StringUtils.isNotEmpty(role), + "The 'role' query param cannot be null or empty"); + LOG.debug("Delete space role: {} {} {}", user, role, + name); + + AuthManager authManager = manager.authManager(); + E.checkArgument(authManager.findUser(user) != null || + authManager.findGroup(user) != null, + "The user or group is not exist"); + + if (!authManager.isAdminManager(HugeGraphAuthProxy.username()) && + role.equalsIgnoreCase(HugeDefaultRole.SPACE.toString())) { + throw new ForbiddenException("Forbidden to delete role " + role); + } + + HugeDefaultRole defaultRole = + HugeDefaultRole.valueOf(role.toUpperCase()); + boolean hasGraph = defaultRole.equals(HugeDefaultRole.OBSERVER); + E.checkArgument(!hasGraph || StringUtils.isNotEmpty(graph), + "Must set a graph for observer"); + if (hasGraph) { + authManager.deleteDefaultRole(name, user, defaultRole, graph); + } else { + authManager.deleteDefaultRole(name, user, defaultRole); + } + } + @GET @Timed @Path("profile") @@ -113,7 +253,6 @@ public Object listProfile(@Context GraphManager manager, "name or nickname prefix") @QueryParam("prefix") String prefix, @Context SecurityContext sc) { - ensurePdModeEnabled(manager); Set spaces = manager.graphSpaces(); List> spaceList = new ArrayList<>(); List> result = new ArrayList<>(); @@ -121,7 +260,6 @@ public Object listProfile(@Context GraphManager manager, AuthManager authManager = manager.authManager(); // FIXME: defaultSpace related interface is not implemented // String defaultSpace = authManager.getDefaultSpace(user); - SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); for (String sp : spaces) { manager.getSpaceStorage(sp); GraphSpace gs = space(manager, sp); @@ -135,8 +273,12 @@ public Object listProfile(@Context GraphManager manager, gsProfile.put("authed", true); } - gsProfile.put("create_time", format.format(gs.createTime())); - gsProfile.put("update_time", format.format(gs.updateTime())); + gsProfile.put("create_time", + DATE_FORMATTER.format(LocalDateTime.ofInstant( + gs.createTime().toInstant(), ZoneId.systemDefault()))); + gsProfile.put("update_time", + DATE_FORMATTER.format(LocalDateTime.ofInstant( + gs.updateTime().toInstant(), ZoneId.systemDefault()))); if (!isPrefix(gsProfile, prefix)) { continue; } @@ -175,15 +317,6 @@ public String create(@Context GraphManager manager, return manager.serializer().writeGraphSpace(space); } - public boolean isPrefix(Map profile, String prefix) { - if (StringUtils.isEmpty(prefix)) { - return true; - } - // graph name or nickname is not empty - String name = profile.get("name").toString(); - String nickname = profile.get("nickname").toString(); - return name.startsWith(prefix) || nickname.startsWith(prefix); - } @PUT @Timed @@ -346,6 +479,7 @@ private boolean verifyPermission(String user, AuthManager authManager, String gr authManager.isSpaceMember(graphSpace, user); } + @JsonIgnoreProperties(ignoreUnknown = true) private static class JsonGraphSpace implements Checkable { @JsonProperty("name") diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/SchemaTemplateAPI.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/SchemaTemplateAPI.java new file mode 100644 index 0000000000..68e2850a74 --- /dev/null +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/space/SchemaTemplateAPI.java @@ -0,0 +1,212 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hugegraph.api.space; + +import java.util.Date; +import java.util.Set; + +import org.apache.commons.lang3.StringUtils; +import org.apache.hugegraph.HugeException; +import org.apache.hugegraph.api.API; +import org.apache.hugegraph.api.filter.StatusFilter; +import org.apache.hugegraph.auth.HugeGraphAuthProxy; +import org.apache.hugegraph.core.GraphManager; +import org.apache.hugegraph.define.Checkable; +import org.apache.hugegraph.server.RestServer; +import org.apache.hugegraph.space.SchemaTemplate; +import org.apache.hugegraph.util.E; +import org.apache.hugegraph.util.Log; +import org.slf4j.Logger; + +import com.codahale.metrics.annotation.Timed; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.google.common.collect.ImmutableMap; + +import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.annotation.security.RolesAllowed; +import jakarta.inject.Singleton; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.DELETE; +import jakarta.ws.rs.ForbiddenException; +import jakarta.ws.rs.GET; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.PUT; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.PathParam; +import jakarta.ws.rs.Produces; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.SecurityContext; + +@Path("graphspaces/{graphspace}/schematemplates") +@Singleton +@Tag(name = "SchemaTemplateAPI") +public class SchemaTemplateAPI extends API { + + private static final Logger LOG = Log.logger(RestServer.class); + + @GET + @Timed + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public Object list(@Context GraphManager manager, + @PathParam("graphspace") String graphSpace) { + LOG.debug("List all schema templates for graph space {}", graphSpace); + + Set templates = manager.schemaTemplates(graphSpace); + return ImmutableMap.of("schema_templates", templates); + } + + @GET + @Timed + @Path("{name}") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public Object get(@Context GraphManager manager, + @PathParam("graphspace") String graphSpace, + @PathParam("name") String name) { + LOG.debug("Get schema template by name '{}' for graph space {}", + name, graphSpace); + + return manager.serializer().writeSchemaTemplate( + schemaTemplate(manager, graphSpace, name)); + } + + @POST + @Timed + @StatusFilter.Status(StatusFilter.Status.CREATED) + @Consumes(APPLICATION_JSON) + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public String create(@Context GraphManager manager, + @PathParam("graphspace") String graphSpace, + JsonSchemaTemplate jsonSchemaTemplate) { + LOG.debug("Create schema template {} for graph space: '{}'", + jsonSchemaTemplate, graphSpace); + jsonSchemaTemplate.checkCreate(false); + + E.checkArgument(manager.graphSpace(graphSpace) != null, + "The graph space '%s' is not exist", graphSpace); + + SchemaTemplate template = jsonSchemaTemplate.toSchemaTemplate(); + template.create(new Date()); + template.creator(HugeGraphAuthProxy.username()); + manager.createSchemaTemplate(graphSpace, template); + return manager.serializer().writeSchemaTemplate(template); + } + + @DELETE + @Timed + @Path("{name}") + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public void delete(@Context GraphManager manager, + @PathParam("graphspace") String graphSpace, + @PathParam("name") String name, + @Context SecurityContext sc) { + LOG.debug("Remove schema template by name '{}' for graph space '{}'", + name, graphSpace); + E.checkArgument(manager.graphSpace(graphSpace) != null, + "The graph space '%s' is not exist", graphSpace); + + SchemaTemplate st = schemaTemplate(manager, graphSpace, name); + E.checkArgument(st != null, + "Schema template '%s' does not exist", name); + + String username = HugeGraphAuthProxy.username(); + boolean isSpace = manager.authManager() + .isSpaceManager(graphSpace, username); + if (st.creator().equals(username) || isSpace) { + manager.dropSchemaTemplate(graphSpace, name); + } else { + throw new ForbiddenException("No permission to delete schema template"); + } + } + + @PUT + @Timed + @Path("{name}") + @Consumes(APPLICATION_JSON) + @Produces(APPLICATION_JSON_WITH_CHARSET) + @RolesAllowed({"space_member", "$dynamic"}) + public String update(@Context GraphManager manager, + @PathParam("graphspace") String graphSpace, + @PathParam("name") String name, + @Context SecurityContext sc, + JsonSchemaTemplate jsonSchemaTemplate) { + jsonSchemaTemplate.checkUpdate(); + + SchemaTemplate old = schemaTemplate(manager, graphSpace, name); + if (null == old) { + throw new HugeException("Schema template '%s' does not exist", name); + } + + String username = HugeGraphAuthProxy.username(); + boolean isSpace = manager.authManager() + .isSpaceManager(graphSpace, username); + if (old.creator().equals(username) || isSpace) { + SchemaTemplate template = jsonSchemaTemplate.build(old); + template.creator(old.creator()); + template.create(old.create()); + template.refreshUpdateTime(); + + manager.updateSchemaTemplate(graphSpace, template); + return manager.serializer().writeSchemaTemplate(template); + } + throw new ForbiddenException("No permission to update schema template"); + + } + + private static class JsonSchemaTemplate implements Checkable { + + @JsonProperty("name") + public String name; + @JsonProperty("schema") + public String schema; + + @Override + public void checkCreate(boolean isBatch) { + E.checkArgument(this.name != null && !this.name.isEmpty(), + "The name of schema template can't be null or " + + "empty"); + + E.checkArgument(this.schema != null && !this.schema.isEmpty(), + "The schema can't be null or empty"); + } + + @Override + public void checkUpdate() { + E.checkArgument(this.schema != null && !this.schema.isEmpty(), + "The schema can't be null or empty"); + } + + public SchemaTemplate toSchemaTemplate() { + return new SchemaTemplate(this.name, this.schema); + } + + public SchemaTemplate build(SchemaTemplate old) { + E.checkArgument(StringUtils.isEmpty(this.name) || old.name().equals(this.name), + "The name of template can't be updated"); + return new SchemaTemplate(old.name(), this.schema); + } + + public String toString() { + return String.format("JsonSchemaTemplate{name=%s, schema=%s}", + this.name, this.schema); + } + } +} diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java index cf390b886e..2cbb0915d0 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeGraphAuthProxy.java @@ -24,6 +24,7 @@ import java.util.Date; import java.util.Iterator; import java.util.List; +import java.util.Map; import java.util.Objects; import java.util.Optional; import java.util.Set; @@ -1983,6 +1984,54 @@ public HugeGroup findGroup(String name) { return this.authManager.findGroup(name); } + @Override + public void setDefaultGraph(String graphSpace, String graph, String user) { + this.authManager.setDefaultGraph(graphSpace, graph, user); + } + + @Override + public void unsetDefaultGraph(String graphSpace, String graph, String user) { + this.authManager.unsetDefaultGraph(graphSpace, graph, user); + } + + @Override + public Map getDefaultGraph(String graphSpace, String user) { + return this.authManager.getDefaultGraph(graphSpace, user); + } + + @Override + public Id createDefaultRole(String graphSpace, String owner, HugeDefaultRole role, + String graph) { + return this.authManager.createDefaultRole(graphSpace, owner, role, graph); + } + + @Override + public Id createSpaceDefaultRole(String graphSpace, String owner, HugeDefaultRole role) { + return this.authManager.createSpaceDefaultRole(graphSpace, owner, role); + } + + @Override + public boolean isDefaultRole(String graphSpace, String owner, HugeDefaultRole role) { + return this.authManager.isDefaultRole(graphSpace, owner, role); + } + + @Override + public boolean isDefaultRole(String graphSpace, String graph, String owner, + HugeDefaultRole role) { + return this.authManager.isDefaultRole(graphSpace, graph, owner, role); + } + + @Override + public void deleteDefaultRole(String graphSpace, String owner, HugeDefaultRole role) { + this.authManager.deleteDefaultRole(graphSpace, owner, role); + } + + @Override + public void deleteDefaultRole(String graphSpace, String owner, HugeDefaultRole role, + String graph) { + this.authManager.deleteDefaultRole(graphSpace, owner, role, graph); + } + @Override public String loginUser(String username, String password) { return this.loginUser(username, password, -1L); diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java index 770e75cc74..3b71f45153 100644 --- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java +++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java @@ -2108,7 +2108,14 @@ public GraphSpace graphSpace(String name) { } GraphSpace space = this.graphSpaces.get(name); if (space == null) { + // Cache miss: try to load from etcd and populate the local cache + // so that subsequent calls (e.g. validGraphSpace checks) don't fail + // due to a race between the graphspace-create event and the listener + // updating this.graphSpaces. space = this.metaManager.graphSpace(name); + if (space != null) { + this.graphSpaces.putIfAbsent(name, space); + } } return space; } @@ -2136,9 +2143,27 @@ public boolean isExistedGraphNickname(String graphSpace, String nickname) { if (StringUtils.isEmpty(nickname)) { return false; } + if (!isPDEnabled()) { + // In non-PD mode, metaManager is not initialized. + // Check nickname against in-memory graphs (same pattern as graphs()). + for (Map.Entry entry : this.graphs.entrySet()) { + String key = entry.getKey(); + String[] parts = key.split(DELIMITER, 2); + if (parts.length == 2 && parts[0].equals(graphSpace) && + entry.getValue() instanceof HugeGraph) { + HugeGraph hg = (HugeGraph) entry.getValue(); + if (nickname.equals(hg.nickname())) { + return true; + } + } + } + return false; + } + // PD mode: check via metaManager for (Map graphConfig : this.metaManager.graphConfigs(graphSpace).values()) { - if (nickname.equals(graphConfig.get("nickname").toString())) { + Object nick = graphConfig.get("nickname"); + if (nick != null && nickname.equals(nick.toString())) { return true; } } @@ -2174,6 +2199,38 @@ public Map graphConfig(String graphSpace, return this.metaManager.getGraphConfig(graphSpace, graphName); } + /** + * Update the nickname of a graph. + * In non-PD mode (standalone RocksDB), only the in-memory instance is updated + * since local config files cannot be hot-reloaded. + * In PD mode, the change is also persisted to the meta storage so it + * survives restarts. + */ + public void updateGraphNickname(String graphSpace, String graphName, + String nickname) { + // Always update the in-memory graph instance first + HugeGraph g = this.graph(graphSpace, graphName); + if (g != null) { + g.nickname(nickname); + } + if (!isPDEnabled()) { + // Non-PD mode: in-memory only, acceptable for standalone RocksDB + return; + } + try { + Map configs = + this.metaManager.getGraphConfig(graphSpace, graphName); + if (configs != null) { + configs.put("nickname", nickname); + this.metaManager.updateGraphConfig(graphSpace, graphName, configs); + this.metaManager.notifyGraphUpdate(graphSpace, graphName); + } + } catch (Exception e) { + LOG.warn("Failed to persist nickname for graph '{}/{}': {}", + graphSpace, graphName, e.getMessage()); + } + } + public String pdPeers() { return this.pdPeers; } @@ -2182,6 +2239,27 @@ public String cluster() { return this.cluster; } + public Set schemaTemplates(String graphSpace) { + return this.metaManager.schemaTemplates(graphSpace); + } + + public void createSchemaTemplate(String graphSpace, SchemaTemplate template) { + checkSchemaTemplateName(template.name()); + this.metaManager.addSchemaTemplate(graphSpace, template); + } + + public void dropSchemaTemplate(String graphSpace, String name) { + this.metaManager.removeSchemaTemplate(graphSpace, name); + } + + public void updateSchemaTemplate(String graphSpace, SchemaTemplate template) { + this.metaManager.updateSchemaTemplate(graphSpace, template); + } + + private static void checkSchemaTemplateName(String name) { + checkName(name, "schema template"); + } + private enum PdRegisterType { NODE_PORT, DDS diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java index af0027c021..8b36dd9be4 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/AuthManager.java @@ -17,7 +17,9 @@ package org.apache.hugegraph.auth; +import java.util.Date; import java.util.List; +import java.util.Map; import java.util.Set; import javax.security.sasl.AuthenticationException; @@ -164,4 +166,28 @@ public interface AuthManager { boolean isAdminManager(String user); HugeGroup findGroup(String name); + + void setDefaultGraph(String graphSpace, String graph, String user); + + void unsetDefaultGraph(String graphSpace, String graph, String user); + + Map getDefaultGraph(String graphSpace, String user); + + Id createDefaultRole(String graphSpace, String owner, + HugeDefaultRole role, String graph); + + Id createSpaceDefaultRole(String graphSpace, String owner, + HugeDefaultRole role); + + boolean isDefaultRole(String graphSpace, String owner, + HugeDefaultRole role); + + boolean isDefaultRole(String graphSpace, String graph, String owner, + HugeDefaultRole role); + + void deleteDefaultRole(String graphSpace, String owner, + HugeDefaultRole role); + + void deleteDefaultRole(String graphSpace, String owner, + HugeDefaultRole role, String graph); } diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/HugeUser.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/HugeUser.java index 064e32656b..1bdcfda20b 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/HugeUser.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/HugeUser.java @@ -146,6 +146,9 @@ protected boolean property(String key, Object value) { case P.NAME: this.name = (String) value; break; + case P.NICKNAME: + this.nickname = (String) value; + break; case P.PASSWORD: this.password = (String) value; break; @@ -172,7 +175,7 @@ protected Object[] asArray() { E.checkState(this.name != null, "User name can't be null"); E.checkState(this.password != null, "User password can't be null"); - List list = new ArrayList<>(18); + List list = new ArrayList<>(20); list.add(T.label); list.add(P.USER); @@ -183,6 +186,11 @@ protected Object[] asArray() { list.add(P.PASSWORD); list.add(this.password); + if (this.nickname != null) { + list.add(P.NICKNAME); + list.add(this.nickname); + } + if (this.phone != null) { list.add(P.PHONE); list.add(this.phone); @@ -216,6 +224,10 @@ public Map asMap() { map.put(Hidden.unHide(P.NAME), this.name); map.put(Hidden.unHide(P.PASSWORD), this.password); + if (this.nickname != null) { + map.put(Hidden.unHide(P.NICKNAME), this.nickname); + } + if (this.phone != null) { map.put(Hidden.unHide(P.PHONE), this.phone); } @@ -253,6 +265,7 @@ public static final class P { public static final String LABEL = T.label.getAccessor(); public static final String NAME = "~user_name"; + public static final String NICKNAME = "~user_nickname"; public static final String PASSWORD = "~user_password"; public static final String PHONE = "~user_phone"; public static final String EMAIL = "~user_email"; @@ -287,7 +300,7 @@ public void initSchemaIfNeeded() { .properties(properties) .usePrimaryKeyId() .primaryKeys(P.NAME) - .nullableKeys(P.PHONE, P.EMAIL, P.AVATAR, P.DESCRIPTION) + .nullableKeys(P.NICKNAME, P.PHONE, P.EMAIL, P.AVATAR, P.DESCRIPTION) .enableLabelIndex(true) .build(); this.graph.schemaTransaction().addVertexLabel(label); @@ -297,6 +310,7 @@ private String[] initProperties() { List props = new ArrayList<>(); props.add(createPropertyKey(P.NAME)); + props.add(createPropertyKey(P.NICKNAME)); props.add(createPropertyKey(P.PASSWORD)); props.add(createPropertyKey(P.PHONE)); props.add(createPropertyKey(P.EMAIL)); diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index a3224811f3..ab598f5c99 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -19,6 +19,7 @@ import java.time.Duration; import java.util.ArrayList; +import java.util.Date; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.List; @@ -813,6 +814,207 @@ public HugeGroup findGroup(String name) { return null; } + /** + *

Design Note: Default graph / default role persistence (workaround)

+ * + *

We reuse the existing {@code HugeGroup} / {@code HugeBelong} auth entities as a storage + * mechanism to avoid introducing new schema or storage APIs. + * + *

How it works: + *

    + *
  • A "marker group" with a special prefixed name (e.g. {@code "~default_graph:gs:g"}) + * is created in the system graph to represent a (graphSpace, graph) binding.
    • + *
  • A {@code HugeBelong} edge from the user vertex to this marker group records which + * user has set which graph as their default.
    • + *
  • The Belong ID is deterministic: {@code "{userId}->ug->{groupId}"}, which lets us + * check existence without a full scan.
    • + *
+ * + *

Known limitations: + *

    + *
  1. These marker groups appear in {@code listGroups()} results and may confuse callers.
    2. + *
  2. This mechanism only works in PD mode (system graph backed by HStore). + * In non-PD (standalone RocksDB) mode, the API layer degrades gracefully + * by returning empty results (see {@code GraphsAPI.setDefault / getDefault}).
    3. + *
  3. The belong ID format depends on the internal convention {@code "{u}->ug->{g}"}.
    4. + *
+ * + * @todo Consider introducing a dedicated lightweight KV store or a separate + * vertex label for user-preference data to avoid polluting the auth graph. + */ + private static final String DEFAULT_GRAPH_MARKER = "~default_graph"; + + private String defaultGraphGroupName(String graphSpace, String graph) { + return DEFAULT_GRAPH_MARKER + ":" + graphSpace + ":" + graph; + } + + @Override + public void setDefaultGraph(String graphSpace, String graph, String user) { + // Use a special-named HugeGroup as a marker for the default graph, + // then create a HugeBelong (user -> marker-group) to persist the binding. + String markerName = defaultGraphGroupName(graphSpace, graph); + Id groupId = IdGenerator.of(markerName); + if (!this.groups.exists(groupId)) { + HugeGroup markerGroup = new HugeGroup(markerName); + markerGroup.creator(user); + this.groups.add(markerGroup); + } + Id userId = IdGenerator.of(user); + HugeBelong belong = new HugeBelong(userId, groupId); + belong.creator(user); + Id belongId = IdGenerator.of(userId.asString() + "->ug->" + groupId.asString()); + if (!this.belong.exists(belongId)) { + this.belong.add(belong); + } else { + belong.id(belongId); + this.belong.update(belong); + } + } + + @Override + public void unsetDefaultGraph(String graphSpace, String graph, String user) { + String markerName = defaultGraphGroupName(graphSpace, graph); + Id groupId = IdGenerator.of(markerName); + Id userId = IdGenerator.of(user); + Id belongId = IdGenerator.of(userId.asString() + "->ug->" + groupId.asString()); + if (this.belong.exists(belongId)) { + this.belong.delete(belongId); + } + } + + @Override + public Map getDefaultGraph(String graphSpace, String user) { + Id userId = IdGenerator.of(user); + List belongs = this.belong.list(userId, Directions.OUT, + HugeBelong.P.BELONG, -1); + String prefix = DEFAULT_GRAPH_MARKER + ":" + graphSpace + ":"; + Map result = new LinkedHashMap<>(); + for (HugeBelong b : belongs) { + String targetName = b.target().asString(); + if (targetName.startsWith(prefix)) { + String graphName = targetName.substring(prefix.length()); + result.put(graphName, b.update()); + } + } + return result; + } + + private static final String DEFAULT_ROLE_MARKER = "~default_role"; + + /** + * Build marker group name for a space-level role. + * Format: ~default_role:: + */ + private String defaultRoleGroupName(String graphSpace, String role) { + return DEFAULT_ROLE_MARKER + ":" + graphSpace + ":" + role; + } + + /** + * Build marker group name for a graph-level role (e.g. OBSERVER). + * Format: ~default_role::: + */ + private String defaultRoleGroupName(String graphSpace, String role, + String graph) { + return DEFAULT_ROLE_MARKER + ":" + graphSpace + ":" + role + + ":" + graph; + } + + private Id ensureMarkerGroup(String markerName, String creator) { + Id groupId = IdGenerator.of(markerName); + if (!this.groups.exists(groupId)) { + HugeGroup markerGroup = new HugeGroup(markerName); + markerGroup.creator(creator); + this.groups.add(markerGroup); + } + return groupId; + } + + private Id createBelongBinding(String owner, Id groupId) { + Id userId = IdGenerator.of(owner); + HugeBelong belong = new HugeBelong(userId, groupId); + belong.creator(owner); + Id belongId = IdGenerator.of( + userId.asString() + "->ug->" + groupId.asString()); + if (!this.belong.exists(belongId)) { + this.belong.add(belong); + } else { + belong.id(belongId); + this.belong.update(belong); + } + return belongId; + } + + private void removeBelongBinding(String owner, Id groupId) { + Id userId = IdGenerator.of(owner); + Id belongId = IdGenerator.of( + userId.asString() + "->ug->" + groupId.asString()); + if (this.belong.exists(belongId)) { + this.belong.delete(belongId); + } + } + + private boolean existsBelongBinding(String owner, Id groupId) { + Id userId = IdGenerator.of(owner); + Id belongId = IdGenerator.of( + userId.asString() + "->ug->" + groupId.asString()); + return this.belong.exists(belongId); + } + + @Override + public Id createDefaultRole(String graphSpace, String owner, + HugeDefaultRole role, String graph) { + LOG.debug("Create default role: {} {} {} {}", owner, role, + graphSpace, graph); + String markerName = defaultRoleGroupName(graphSpace, + role.toString(), graph); + Id groupId = ensureMarkerGroup(markerName, owner); + return createBelongBinding(owner, groupId); + } + + @Override + public Id createSpaceDefaultRole(String graphSpace, String owner, + HugeDefaultRole role) { + LOG.debug("Create space default role: {} {} {}", owner, role, + graphSpace); + String markerName = defaultRoleGroupName(graphSpace, role.toString()); + Id groupId = ensureMarkerGroup(markerName, owner); + return createBelongBinding(owner, groupId); + } + + @Override + public boolean isDefaultRole(String graphSpace, String owner, + HugeDefaultRole role) { + String markerName = defaultRoleGroupName(graphSpace, role.toString()); + Id groupId = IdGenerator.of(markerName); + return existsBelongBinding(owner, groupId); + } + + @Override + public boolean isDefaultRole(String graphSpace, String graph, + String owner, HugeDefaultRole role) { + String markerName = defaultRoleGroupName(graphSpace, + role.toString(), graph); + Id groupId = IdGenerator.of(markerName); + return existsBelongBinding(owner, groupId); + } + + @Override + public void deleteDefaultRole(String graphSpace, String owner, + HugeDefaultRole role) { + String markerName = defaultRoleGroupName(graphSpace, role.toString()); + Id groupId = IdGenerator.of(markerName); + removeBelongBinding(owner, groupId); + } + + @Override + public void deleteDefaultRole(String graphSpace, String owner, + HugeDefaultRole role, String graph) { + String markerName = defaultRoleGroupName(graphSpace, + role.toString(), graph); + Id groupId = IdGenerator.of(markerName); + removeBelongBinding(owner, groupId); + } + public R commit(Callable callable) { this.groups.autoCommit(false); this.access.autoCommit(false); diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManagerV2.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManagerV2.java index d2df45626c..9e574f41cd 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManagerV2.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManagerV2.java @@ -21,6 +21,7 @@ import java.time.Duration; import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; @@ -1510,6 +1511,189 @@ public HugeGroup findGroup(String name) { return result; } + @Override + public void setDefaultGraph(String graphSpace, String graph, String user) { + try { + HugeBelong belong = new HugeBelong(graphSpace, + IdGenerator.of(user), + IdGenerator.of(graph + + DEFAULT_SETTER_ROLE_KEY)); + this.tryInitDefaultGraph(graphSpace, graph); + this.updateCreator(belong); + belong.create(belong.update()); + this.metaManager.createBelong(graphSpace, belong); + this.invalidateUserCache(); + } catch (Exception e) { + throw new HugeException("Exception occurs when " + + "set default graph", e); + } + } + + @Override + public void unsetDefaultGraph(String graphSpace, String graph, String user) { + String role = graph + DEFAULT_SETTER_ROLE_KEY; + String belongId = this.metaManager.belongId(user, role); + try { + this.metaManager.deleteBelong(graphSpace, IdGenerator.of(belongId)); + this.invalidateUserCache(); + } catch (Exception e) { + throw new HugeException("Exception occurs when unset default " + + "graph", e); + } + } + + @Override + public Map getDefaultGraph(String graphSpace, String user) { + List belongs = this.listBelongBySource(graphSpace, + IdGenerator.of(user), + HugeBelong.UR, -1); + Map map = new HashMap<>(); + for (HugeBelong belong : belongs) { + String role = belong.target().asString(); + if (role.endsWith(DEFAULT_SETTER_ROLE_KEY) && + role.length() != DEFAULT_SETTER_ROLE_KEY.length()) { + map.put(role.substring(0, role.lastIndexOf( + DEFAULT_SETTER_ROLE_KEY)), belong.update()); + } + } + return map; + } + + @Override + public Id createDefaultRole(String graphSpace, String owner, + HugeDefaultRole role, String graph) { + String roleName = (role.isGraphRole()) ? + getGraphDefaultRole(graph, role.toString()) : role.toString(); + try { + HugeBelong belong; + if (HugeGroup.isGroup(owner)) { + belong = new HugeBelong(graphSpace, null, + IdGenerator.of(owner), + IdGenerator.of(roleName), + HugeBelong.GR); + } else { + belong = new HugeBelong(graphSpace, IdGenerator.of(owner), + null, IdGenerator.of(roleName), + HugeBelong.UR); + } + + this.tryInitDefaultRole(graphSpace, roleName, graph); + this.updateCreator(belong); + belong.create(belong.update()); + Id result = this.metaManager.createBelong(graphSpace, belong); + this.invalidateUserCache(); + return result; + } catch (Exception e) { + throw new HugeException("Exception occurs when " + + "create " + role + ".", e); + } + } + + @Override + public Id createSpaceDefaultRole(String graphSpace, String owner, + HugeDefaultRole role) { + return createDefaultRole(graphSpace, owner, role, ALL_GRAPHS); + } + + @Override + public boolean isDefaultRole(String graphSpace, String owner, + HugeDefaultRole role) { + return isDefaultRole(graphSpace, owner, role.toString()); + } + + @Override + public boolean isDefaultRole(String graphSpace, String graph, + String owner, HugeDefaultRole role) { + String roleName = getGraphDefaultRole(graph, role.toString()); + return isDefaultRole(graphSpace, owner, roleName); + } + + @Override + public void deleteDefaultRole(String graphSpace, String owner, + HugeDefaultRole role) { + deleteDefaultRoleByName(graphSpace, owner, role.toString()); + } + + @Override + public void deleteDefaultRole(String graphSpace, String owner, + HugeDefaultRole role, String graph) { + String roleName = getGraphDefaultRole(graph, role.toString()); + deleteDefaultRoleByName(graphSpace, owner, roleName); + } + + private boolean isDefaultRole(String graphSpace, String owner, + String role) { + try { + String belongId; + if (HugeGroup.isGroup(owner)) { + belongId = this.metaManager.belongId(owner, role, + HugeBelong.GR); + return this.metaManager.existBelong(graphSpace, + IdGenerator.of(belongId)); + } + + List groups = this.listGroupsByUser(owner, -1); + for (HugeGroup group : groups) { + String belongIdG = this.metaManager.belongId(group.name(), + role, + HugeBelong.GR); + if (this.metaManager.existBelong(graphSpace, + IdGenerator.of(belongIdG))) { + return true; + } + } + + belongId = this.metaManager.belongId(owner, role); + return this.metaManager.existBelong(graphSpace, + IdGenerator.of(belongId)); + } catch (Exception e) { + throw new HugeException("Exception occurs when check if is " + + role + ".", e); + } + } + + private void deleteDefaultRoleByName(String graphSpace, String owner, + String role) { + try { + String belongId; + if (HugeGroup.isGroup(owner)) { + belongId = this.metaManager.belongId(owner, role, + HugeBelong.GR); + } else { + belongId = this.metaManager.belongId(owner, role, + HugeBelong.UR); + } + this.metaManager.deleteBelong(graphSpace, + IdGenerator.of(belongId)); + this.invalidateUserCache(); + } catch (Exception e) { + throw new HugeException("Exception occurs when " + + "delete " + role + ".", e); + } + } + + private void tryInitDefaultGraph(String graphSpace, String graph) { + try { + HugeRole role = this.metaManager.findRole( + graphSpace, + IdGenerator.of(graph + DEFAULT_SETTER_ROLE_KEY)); + if (role != null) { + return; + } + role = new HugeRole(graph + DEFAULT_SETTER_ROLE_KEY, graphSpace); + this.updateCreator(role); + role.create(role.update()); + this.metaManager.createRole(graphSpace, role); + } catch (Exception e) { + throw new HugeException("Exception occurs when " + + "init default graph role", e); + } + } + + public String getGraphDefaultRole(String graph, String role) { + return graph + "_" + role; + } + private void tryInitDefaultRole(String graphSpace, String roleName, String graph) { diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/ConfigUtil.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/ConfigUtil.java index 8df1b3064f..5ed5d46c83 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/ConfigUtil.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/util/ConfigUtil.java @@ -23,9 +23,13 @@ import java.io.StringReader; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; + + import org.apache.commons.configuration2.FileBasedConfiguration; import org.apache.commons.configuration2.HierarchicalConfiguration; import org.apache.commons.configuration2.PropertiesConfiguration; @@ -188,4 +192,41 @@ private static void validateGraphName(String graphName) { "Graph name can only contain letters, numbers, hyphens and underscores: %s", graphName); } + + /** + * Serialize a HugeConfig to a JSON string for frontend consumption. + *

+ * Sensitive configuration keys (containing keywords such as "password", + * "secret", "token", "credential", "auth.key") are excluded to prevent + * accidental exposure of credentials through the API response. + */ + public static String writeConfigToString(HugeConfig config) { + Map configMap = new HashMap<>(); + Iterator iterator = config.getKeys(); + while (iterator.hasNext()) { + String key = iterator.next(); + if (isSensitiveKey(key)) { + continue; + } + configMap.put(key, config.getProperty(key)); + } + return JsonUtil.toJson(configMap); + } + + /** + * Returns true if the config key looks like it may contain sensitive data. + * Uses a case-insensitive keyword blacklist. + */ + private static boolean isSensitiveKey(String key) { + if (key == null) { + return false; + } + String lower = key.toLowerCase(); + return lower.contains("password") || + lower.contains("secret") || + lower.contains("token") || + lower.contains("credential") || + lower.contains("private_key") || + lower.contains("auth.key"); + } }