sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#3939 API: Implement trusted source handling.

Browse Source
ipeshinskaya/InvoiceTemplate5
Andreas Granig 11 years ago
parent 1cc0aa69f4
commit b0993b62b9
5 changed files with 557 additions and 0 deletions
Show Stats Download Patch File Download Diff File

208
lib/NGCP/Panel/Controller/API/TrustedSources.pm
Unescape View File

@ -0,0 +1,208 @@
package NGCP::Panel::Controller::API::TrustedSources;
use Sipwise::Base;
use namespace::sweep;
use boolean qw(true);
use Data::HAL qw();
use Data::HAL::Link qw();
use HTTP::Headers qw();
use HTTP::Status qw(:constants);
use MooseX::ClassAttribute qw(class_has);
use NGCP::Panel::Utils::DateTime;
use Path::Tiny qw(path);
use Safe::Isa qw($_isa);
BEGIN { extends 'Catalyst::Controller::ActionRole'; }
require Catalyst::ActionRole::ACL;
require Catalyst::ActionRole::CheckTrailingSlash;
require Catalyst::ActionRole::HTTPMethods;
require Catalyst::ActionRole::RequireSSL;
class_has 'api_description' => (
is => 'ro',
isa => 'Str',
default =>
'Defines trusted sources for subscribers to bypass SIP authentication.',
);
class_has 'query_params' => (
is => 'ro',
isa => 'ArrayRef',
default => sub {[
{
param => 'subscriber_id',
description => 'Filter for trusted sources of a specific subscriber',
query => {
first => sub {
my $q = shift;
return { 'voip_subscriber.id' => $q };
},
second => sub {
return {
join => { subscriber => 'voip_subscriber' }
};
},
},
},
]},
);
with 'NGCP::Panel::Role::API::TrustedSources';
class_has('resource_name', is => 'ro', default => 'trustedsources');
class_has('dispatch_path', is => 'ro', default => '/api/trustedsources/');
class_has('relation', is => 'ro', default => 'http://purl.org/sipwise/ngcp-api/#rel-trustedsources');
__PACKAGE__->config(
action => {
map { $_ => {
ACLDetachTo => '/api/root/invalid_user',
AllowedRole => [qw/admin reseller/],
Args => 0,
Does => [qw(ACL CheckTrailingSlash RequireSSL)],
Method => $_,
Path => __PACKAGE__->dispatch_path,
} } @{ __PACKAGE__->allowed_methods }
},
action_roles => [qw(HTTPMethods)],
);
sub auto :Private {
my ($self, $c) = @_;
$self->set_body($c);
$self->log_request($c);
}
sub GET :Allow {
my ($self, $c) = @_;
my $page = $c->request->params->{page} // 1;
my $rows = $c->request->params->{rows} // 10;
{
my $items = $self->item_rs($c);
my $total_count = int($items->count);
$items = $items->search(undef, {
page => $page,
rows => $rows,
});
my (@embedded, @links);
my $form = $self->get_form($c);
for my $item ($items->search({}, {order_by => {-asc => 'me.id'}})->all) {
push @embedded, $self->hal_from_item($c, $item, $form);
push @links, Data::HAL::Link->new(
relation => 'ngcp:'.$self->resource_name,
href => sprintf('/%s%d', $c->request->path, $item->id),
);
}
push @links,
Data::HAL::Link->new(
relation => 'curies',
href => 'http://purl.org/sipwise/ngcp-api/#rel-{rel}',
name => 'ngcp',
templated => true,
),
Data::HAL::Link->new(relation => 'profile', href => 'http://purl.org/sipwise/ngcp-api/'),
Data::HAL::Link->new(relation => 'self', href => sprintf('/%s?page=%s&rows=%s', $c->request->path, $page, $rows));
if(($total_count / $rows) > $page ) {
push @links, Data::HAL::Link->new(relation => 'next', href => sprintf('/%s?page=%d&rows=%d', $c->request->path, $page + 1, $rows));
}
if($page > 1) {
push @links, Data::HAL::Link->new(relation => 'prev', href => sprintf('/%s?page=%d&rows=%d', $c->request->path, $page - 1, $rows));
}
my $hal = Data::HAL->new(
embedded => [@embedded],
links => [@links],
);
$hal->resource({
total_count => $total_count,
});
my $response = HTTP::Response->new(HTTP_OK, undef,
HTTP::Headers->new($hal->http_headers(skip_links => 1)), $hal->as_json);
$c->response->headers($response->headers);
$c->response->body($response->content);
return;
}
return;
}
sub HEAD :Allow {
my ($self, $c) = @_;
$c->forward(qw(GET));
$c->response->body(q());
return;
}
sub OPTIONS :Allow {
my ($self, $c) = @_;
my $allowed_methods = $self->allowed_methods;
$c->response->headers(HTTP::Headers->new(
Allow => $allowed_methods->join(', '),
Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name,
));
$c->response->content_type('application/json');
$c->response->body(JSON::to_json({ methods => $allowed_methods })."\n");
return;
}
sub POST :Allow {
my ($self, $c) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
my $resource = $self->get_valid_post_data(
c => $c,
media_type => 'application/json',
);
last unless $resource;
my $form = $self->get_form($c);
last unless $self->validate_form(
c => $c,
resource => $resource,
form => $form,
exceptions => [ "subscriber_id" ],
);
my $sub_rs = $c->model('DB')->resultset('voip_subscribers')->search({
id => $resource->{subscriber_id},
});
if($c->user->roles eq "reseller") {
$sub_rs = $sub_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
},{
join => { contract => 'contact' },
});
}
my $sub = $sub_rs->first;
unless($sub && $sub->provisioning_voip_subscriber) {
$c->log->error("invalid subscriber_id '$$resource{subscriber_id}'"); # TODO: user, message, trace, ...
$self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Subscriber does not exist");
last;
}
$resource->{subscriber_id} = $sub->provisioning_voip_subscriber->id;
$resource->{uuid} = $sub->uuid;
my $item;
try {
$item = $c->model('DB')->resultset('voip_trusted_sources')->create($resource);
} catch($e) {
$c->log->error("failed to create trusted source: $e"); # TODO: user, message, trace, ...
$self->error($c, HTTP_INTERNAL_SERVER_ERROR, "Failed to create trusted source.");
last;
}
$guard->commit;
$c->response->status(HTTP_CREATED);
$c->response->header(Location => sprintf('/%s%d', $c->request->path, $item->id));
$c->response->body(q());
}
return;
}
sub end : Private {
my ($self, $c) = @_;
$self->log_response($c);
}
# vim: set tabstop=4 expandtab:

191
lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm
Unescape View File

@ -0,0 +1,191 @@
package NGCP::Panel::Controller::API::TrustedSourcesItem;
use Sipwise::Base;
use namespace::sweep;
use HTTP::Headers qw();
use HTTP::Status qw(:constants);
use MooseX::ClassAttribute qw(class_has);
use NGCP::Panel::Utils::DateTime;
use NGCP::Panel::Utils::ValidateJSON qw();
use Path::Tiny qw(path);
use Safe::Isa qw($_isa);
BEGIN { extends 'Catalyst::Controller::ActionRole'; }
require Catalyst::ActionRole::ACL;
require Catalyst::ActionRole::HTTPMethods;
require Catalyst::ActionRole::RequireSSL;
with 'NGCP::Panel::Role::API::TrustedSources';
class_has('resource_name', is => 'ro', default => 'trustedsources');
class_has('dispatch_path', is => 'ro', default => '/api/trustedsources/');
class_has('relation', is => 'ro', default => 'http://purl.org/sipwise/ngcp-api/#rel-trustedsources');
__PACKAGE__->config(
action => {
map { $_ => {
ACLDetachTo => '/api/root/invalid_user',
AllowedRole => [qw/admin reseller/],
Args => 1,
Does => [qw(ACL RequireSSL)],
Method => $_,
Path => __PACKAGE__->dispatch_path,
} } @{ __PACKAGE__->allowed_methods }
},
action_roles => [qw(HTTPMethods)],
);
sub auto :Private {
my ($self, $c) = @_;
$self->set_body($c);
$self->log_request($c);
}
sub GET :Allow {
my ($self, $c, $id) = @_;
{
last unless $self->valid_id($c, $id);
my $item = $self->item_by_id($c, $id);
last unless $self->resource_exists($c, trustedsource => $item);
my $hal = $self->hal_from_item($c, $item);
my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new(
(map { # XXX Data::HAL must be able to generate links with multiple relations
s|rel="(http://purl.org/sipwise/ngcp-api/#rel-resellers)"|rel="item $1"|;
s/rel=self/rel="item self"/;
$_
} $hal->http_headers),
), $hal->as_json);
$c->response->headers($response->headers);
$c->response->body($response->content);
return;
}
return;
}
sub HEAD :Allow {
my ($self, $c, $id) = @_;
$c->forward(qw(GET));
$c->response->body(q());
return;
}
sub OPTIONS :Allow {
my ($self, $c, $id) = @_;
my $allowed_methods = $self->allowed_methods;
$c->response->headers(HTTP::Headers->new(
Allow => $allowed_methods->join(', '),
Accept_Patch => 'application/json-patch+json',
));
$c->response->content_type('application/json');
$c->response->body(JSON::to_json({ methods => $allowed_methods })."\n");
return;
}
sub PATCH :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
my $preference = $self->require_preference($c);
last unless $preference;
my $json = $self->get_valid_patch_data(
c => $c,
id => $id,
media_type => 'application/json-patch+json',
);
last unless $json;
my $item = $self->item_by_id($c, $id);
last unless $self->resource_exists($c, trustedsource => $item);
my $form = $self->get_form($c);
my $old_resource = $self->resource_from_item($c, $item, $form);
my $resource = $self->apply_patch($c, $old_resource, $json);
last unless $resource;
$item = $self->update_item($c, $item, $old_resource, $resource, $form);
last unless $item;
$guard->commit;
if ('minimal' eq $preference) {
$c->response->status(HTTP_NO_CONTENT);
$c->response->header(Preference_Applied => 'return=minimal');
$c->response->body(q());
} else {
my $hal = $self->hal_from_item($c, $item, $form);
my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new(
$hal->http_headers,
), $hal->as_json);
$c->response->headers($response->headers);
$c->response->header(Preference_Applied => 'return=representation');
$c->response->body($response->content);
}
}
return;
}
sub PUT :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
my $preference = $self->require_preference($c);
last unless $preference;
my $item = $self->item_by_id($c, $id);
last unless $self->resource_exists($c, trustedsource => $item);
my $resource = $self->get_valid_put_data(
c => $c,
id => $id,
media_type => 'application/json',
);
last unless $resource;
my $form = $self->get_form($c);
my $old_resource = $self->resource_from_item($c, $item, $form);
$item = $self->update_item($c, $item, $old_resource, $resource, $form);
last unless $item;
$guard->commit;
if ('minimal' eq $preference) {
$c->response->status(HTTP_NO_CONTENT);
$c->response->header(Preference_Applied => 'return=minimal');
$c->response->body(q());
} else {
my $hal = $self->hal_from_item($c, $item, $form);
my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new(
$hal->http_headers,
), $hal->as_json);
$c->response->headers($response->headers);
$c->response->header(Preference_Applied => 'return=representation');
$c->response->body($response->content);
}
}
return;
}
sub DELETE :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
my $item = $self->item_by_id($c, $id);
last unless $self->resource_exists($c, trustedsource => $item);
$item->delete;
$guard->commit;
$c->response->status(HTTP_NO_CONTENT);
$c->response->body(q());
}
return;
}
sub end : Private {
my ($self, $c) = @_;
$self->log_response($c);
}
# vim: set tabstop=4 expandtab:

12
lib/NGCP/Panel/Form/Subscriber/TrustedSource.pm
Unescape View File

@ -17,6 +17,10 @@ has_field 'src_ip' => (
type => 'Text', type => 'Text',
label => 'Source IP', label => 'Source IP',
required => 1, required => 1,
element_attr => {
rel => ['tooltip'],
title => ['The source IP address.']
},
); );
has_field 'protocol' => ( has_field 'protocol' => (
@ -29,12 +33,20 @@ has_field 'protocol' => (
{ label => 'TLS', value => 'TLS' }, { label => 'TLS', value => 'TLS' },
{ label => 'ANY', value => 'ANY' }, { label => 'ANY', value => 'ANY' },
], ],
element_attr => {
rel => ['tooltip'],
title => ['The transport protocol (one of UDP, TCP, TLS, ANY).']
},
); );
has_field 'from_pattern' => ( has_field 'from_pattern' => (
type => 'Text', type => 'Text',
label => 'From Pattern', label => 'From Pattern',
required => 0, required => 0,
element_attr => {
rel => ['tooltip'],
title => ['A regular expression matching the From URI.']
},
); );
has_field 'save' => ( has_field 'save' => (

23
lib/NGCP/Panel/Form/Subscriber/TrustedSourceAPI.pm
Unescape View File

@ -0,0 +1,23 @@
package NGCP::Panel::Form::Subscriber::TrustedSourceAPI;
use HTML::FormHandler::Moose;
extends 'NGCP::Panel::Form::Subscriber::TrustedSource';
use Moose::Util::TypeConstraints;
has_field 'subscriber_id' => (
type => 'PosInteger',
required => 1,
element_attr => {
rel => ['tooltip'],
title => ['The subscriber this trusted source belongs to.']
},
);
has_block 'fields' => (
tag => 'div',
class => [qw/modal-body/],
render_list => [qw/src_ip protocol from_pattern subscriber_id/],
);
1;
# vim: set tabstop=4 expandtab:

123
lib/NGCP/Panel/Role/API/TrustedSources.pm
Unescape View File

@ -0,0 +1,123 @@
package NGCP::Panel::Role::API::TrustedSources;
use Moose::Role;
use Sipwise::Base;
with 'NGCP::Panel::Role::API' => {
-alias =>{ item_rs => '_item_rs', },
-excludes => [ 'item_rs' ],
};
use boolean qw(true);
use TryCatch;
use Data::HAL qw();
use Data::HAL::Link qw();
use HTTP::Status qw(:constants);
use NGCP::Panel::Form::Subscriber::TrustedSourceAPI;
sub item_rs {
my ($self, $c) = @_;
my $item_rs = $c->model('DB')->resultset('voip_trusted_sources');
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id
},{
join => { subscriber => { voip_subscriber => { contract => 'contact' } } },
});
}
return $item_rs;
}
sub get_form {
my ($self, $c) = @_;
return NGCP::Panel::Form::Subscriber::TrustedSourceAPI->new;
}
sub hal_from_item {
my ($self, $c, $item, $form) = @_;
$form //= $self->get_form($c);
my $resource = $self->resource_from_item($c, $item, $form);
my $hal = Data::HAL->new(
links => [
Data::HAL::Link->new(
relation => 'curies',
href => 'http://purl.org/sipwise/ngcp-api/#rel-{rel}',
name => 'ngcp',
templated => true,
),
Data::HAL::Link->new(relation => 'collection', href => sprintf("/api/%s/", $self->resource_name)),
Data::HAL::Link->new(relation => 'profile', href => 'http://purl.org/sipwise/ngcp-api/'),
Data::HAL::Link->new(relation => 'self', href => sprintf("%s%d", $self->dispatch_path, $item->id)),
Data::HAL::Link->new(relation => 'ngcp:subscribers', href => sprintf("/api/subscribers/%d", $item->subscriber->voip_subscriber->id)),
],
relation => 'ngcp:'.$self->resource_name,
);
$self->validate_form(
c => $c,
resource => $resource,
form => $form,
run => 0,
exceptions => [ "subscriber_id" ],
);
$resource->{id} = int($item->id);
$hal->resource($resource);
return $hal;
}
sub resource_from_item {
my ($self, $c, $item, $form) = @_;
my $resource = { $item->get_inflated_columns };
$resource->{subscriber_id} = int($item->subscriber->voip_subscriber->id);
return $resource;
}
sub item_by_id {
my ($self, $c, $id) = @_;
my $item_rs = $self->item_rs($c);
return $item_rs->find($id);
}
sub update_item {
my ($self, $c, $item, $old_resource, $resource, $form) = @_;
$form //= $self->get_form($c);
return unless $self->validate_form(
c => $c,
form => $form,
resource => $resource,
exceptions => [ "subscriber_id" ],
);
my $sub_rs = $c->model('DB')->resultset('voip_subscribers')->search({
id => $resource->{subscriber_id},
});
if($c->user->roles eq "reseller") {
$sub_rs = $sub_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
},{
join => { contract => 'contact' },
});
}
my $sub = $sub_rs->first;
unless($sub && $sub->provisioning_voip_subscriber) {
$c->log->error("invalid subscriber_id '$$resource{subscriber_id}'"); # TODO: user, message, trace, ...
$self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Subscriber does not exist");
return;
}
$resource->{subscriber_id} = $sub->provisioning_voip_subscriber->id;
$resource->{uuid} = $sub->uuid;
$item->update($resource);
return $item;
}
1;
# vim: set tabstop=4 expandtab:
Write Preview
Loading…
Cancel
Save