简柏林 / thingskit · Commits

Commit 6d5d9a55c9b119d7a2e70793672b291f0b49ebe6

Authored by Andrii Shvaika
1 parent 07c1e680

Minor security improvements

Inline Side-by-side
Showing 5 changed files with 85 additions and 3 deletions
@@ -160,7 +160,7 @@ public class RuleChainController extends BaseController { @@ -160,7 +160,7 @@ public class RuleChainController extends BaseController {
160 public RuleChain saveRuleChain(@RequestBody DefaultRuleChainCreateRequest request) throws ThingsboardException { 160 public RuleChain saveRuleChain(@RequestBody DefaultRuleChainCreateRequest request) throws ThingsboardException {
161 try { 161 try {
162 checkNotNull(request); 162 checkNotNull(request);
163 - checkNotNull(request.getName()); 163 + checkParameter(request.getName(), "name");
164 164
165 RuleChain savedRuleChain = installScripts.createDefaultRuleChain(getCurrentUser().getTenantId(), request.getName()); 165 RuleChain savedRuleChain = installScripts.createDefaultRuleChain(getCurrentUser().getTenantId(), request.getName());
166 166
@@ -50,6 +50,7 @@ import org.thingsboard.server.queue.scheduler.SchedulerComponent; @@ -50,6 +50,7 @@ import org.thingsboard.server.queue.scheduler.SchedulerComponent;
50 import org.thingsboard.server.queue.util.TbCoreComponent; 50 import org.thingsboard.server.queue.util.TbCoreComponent;
51 import org.thingsboard.server.service.profile.TbTenantProfileCache; 51 import org.thingsboard.server.service.profile.TbTenantProfileCache;
52 import org.thingsboard.server.service.queue.TbClusterService; 52 import org.thingsboard.server.service.queue.TbClusterService;
  53 +import org.thingsboard.server.service.telemetry.InternalTelemetryService;
53 import org.thingsboard.server.service.telemetry.TelemetrySubscriptionService; 54 import org.thingsboard.server.service.telemetry.TelemetrySubscriptionService;
54 55
55 import javax.annotation.PostConstruct; 56 import javax.annotation.PostConstruct;
@@ -82,7 +83,7 @@ public class DefaultTbApiUsageStateService implements TbApiUsageStateService { @@ -82,7 +83,7 @@ public class DefaultTbApiUsageStateService implements TbApiUsageStateService {
82 private final TenantService tenantService; 83 private final TenantService tenantService;
83 private final ApiUsageStateService apiUsageStateService; 84 private final ApiUsageStateService apiUsageStateService;
84 private final TimeseriesService tsService; 85 private final TimeseriesService tsService;
85 - private final TelemetrySubscriptionService tsWsService; 86 + private final InternalTelemetryService tsWsService;
86 private final SchedulerComponent scheduler; 87 private final SchedulerComponent scheduler;
87 private final TbTenantProfileCache tenantProfileCache; 88 private final TbTenantProfileCache tenantProfileCache;
88 89
@@ -116,6 +116,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer @@ -116,6 +116,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer
116 116
117 @Override 117 @Override
118 public void saveAndNotify(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, long ttl, FutureCallback<Void> callback) { 118 public void saveAndNotify(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, long ttl, FutureCallback<Void> callback) {
  119 + checkInternalEntity(entityId);
  120 + saveAndNotifyInternal(tenantId, entityId, ts, ttl, callback);
  121 + }
  122 +
  123 + @Override
  124 + public void saveAndNotifyInternal(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, long ttl, FutureCallback<Void> callback) {
119 ListenableFuture<List<Void>> saveFuture = tsService.save(tenantId, entityId, ts, ttl); 125 ListenableFuture<List<Void>> saveFuture = tsService.save(tenantId, entityId, ts, ttl);
120 addMainCallback(saveFuture, callback); 126 addMainCallback(saveFuture, callback);
121 addWsCallback(saveFuture, success -> onTimeSeriesUpdate(tenantId, entityId, ts)); 127 addWsCallback(saveFuture, success -> onTimeSeriesUpdate(tenantId, entityId, ts));
@@ -176,6 +182,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer @@ -176,6 +182,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer
176 182
177 @Override 183 @Override
178 public void saveAndNotify(TenantId tenantId, EntityId entityId, String scope, List<AttributeKvEntry> attributes, boolean notifyDevice, FutureCallback<Void> callback) { 184 public void saveAndNotify(TenantId tenantId, EntityId entityId, String scope, List<AttributeKvEntry> attributes, boolean notifyDevice, FutureCallback<Void> callback) {
  185 + checkInternalEntity(entityId);
  186 + saveAndNotifyInternal(tenantId, entityId, scope, attributes, notifyDevice, callback);
  187 + }
  188 +
  189 + @Override
  190 + public void saveAndNotifyInternal(TenantId tenantId, EntityId entityId, String scope, List<AttributeKvEntry> attributes, boolean notifyDevice, FutureCallback<Void> callback) {
179 ListenableFuture<List<Void>> saveFuture = attrService.save(tenantId, entityId, scope, attributes); 191 ListenableFuture<List<Void>> saveFuture = attrService.save(tenantId, entityId, scope, attributes);
180 addMainCallback(saveFuture, callback); 192 addMainCallback(saveFuture, callback);
181 addWsCallback(saveFuture, success -> onAttributesUpdate(tenantId, entityId, scope, attributes, notifyDevice)); 193 addWsCallback(saveFuture, success -> onAttributesUpdate(tenantId, entityId, scope, attributes, notifyDevice));
@@ -183,6 +195,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer @@ -183,6 +195,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer
183 195
184 @Override 196 @Override
185 public void saveLatestAndNotify(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, FutureCallback<Void> callback) { 197 public void saveLatestAndNotify(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, FutureCallback<Void> callback) {
  198 + checkInternalEntity(entityId);
  199 + saveLatestAndNotifyInternal(tenantId, entityId, ts, callback);
  200 + }
  201 +
  202 + @Override
  203 + public void saveLatestAndNotifyInternal(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, FutureCallback<Void> callback) {
186 ListenableFuture<List<Void>> saveFuture = tsService.saveLatest(tenantId, entityId, ts); 204 ListenableFuture<List<Void>> saveFuture = tsService.saveLatest(tenantId, entityId, ts);
187 addMainCallback(saveFuture, callback); 205 addMainCallback(saveFuture, callback);
188 addWsCallback(saveFuture, success -> onTimeSeriesUpdate(tenantId, entityId, ts)); 206 addWsCallback(saveFuture, success -> onTimeSeriesUpdate(tenantId, entityId, ts));
@@ -190,6 +208,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer @@ -190,6 +208,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer
190 208
191 @Override 209 @Override
192 public void deleteAndNotify(TenantId tenantId, EntityId entityId, String scope, List<String> keys, FutureCallback<Void> callback) { 210 public void deleteAndNotify(TenantId tenantId, EntityId entityId, String scope, List<String> keys, FutureCallback<Void> callback) {
  211 + checkInternalEntity(entityId);
  212 + deleteAndNotifyInternal(tenantId, entityId, scope, keys, callback);
  213 + }
  214 +
  215 + @Override
  216 + public void deleteAndNotifyInternal(TenantId tenantId, EntityId entityId, String scope, List<String> keys, FutureCallback<Void> callback) {
193 ListenableFuture<List<Void>> deleteFuture = attrService.removeAll(tenantId, entityId, scope, keys); 217 ListenableFuture<List<Void>> deleteFuture = attrService.removeAll(tenantId, entityId, scope, keys);
194 addMainCallback(deleteFuture, callback); 218 addMainCallback(deleteFuture, callback);
195 addWsCallback(deleteFuture, success -> onAttributesDelete(tenantId, entityId, scope, keys)); 219 addWsCallback(deleteFuture, success -> onAttributesDelete(tenantId, entityId, scope, keys));
@@ -197,6 +221,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer @@ -197,6 +221,12 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer
197 221
198 @Override 222 @Override
199 public void deleteLatest(TenantId tenantId, EntityId entityId, List<String> keys, FutureCallback<Void> callback) { 223 public void deleteLatest(TenantId tenantId, EntityId entityId, List<String> keys, FutureCallback<Void> callback) {
  224 + checkInternalEntity(entityId);
  225 + deleteLatestInternal(tenantId, entityId, keys, callback);
  226 + }
  227 +
  228 + @Override
  229 + public void deleteLatestInternal(TenantId tenantId, EntityId entityId, List<String> keys, FutureCallback<Void> callback) {
200 ListenableFuture<List<Void>> deleteFuture = tsService.removeLatest(tenantId, entityId, keys); 230 ListenableFuture<List<Void>> deleteFuture = tsService.removeLatest(tenantId, entityId, keys);
201 addMainCallback(deleteFuture, callback); 231 addMainCallback(deleteFuture, callback);
202 } 232 }
@@ -296,4 +326,11 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer @@ -296,4 +326,11 @@ public class DefaultTelemetrySubscriptionService extends AbstractSubscriptionSer
296 } 326 }
297 }, tsCallBackExecutor); 327 }, tsCallBackExecutor);
298 } 328 }
  329 +
  330 + private void checkInternalEntity(EntityId entityId) {
  331 + if (EntityType.API_USAGE_STATE.equals(entityId.getEntityType())) {
  332 + throw new RuntimeException("Can't update API Usage State!");
  333 + }
  334 + }
  335 +
299 } 336 }
  1 +/**
  2 + * Copyright © 2016-2020 The Thingsboard Authors
  3 + *
  4 + * Licensed under the Apache License, Version 2.0 (the "License");
  5 + * you may not use this file except in compliance with the License.
  6 + * You may obtain a copy of the License at
  7 + *
  8 + * http://www.apache.org/licenses/LICENSE-2.0
  9 + *
  10 + * Unless required by applicable law or agreed to in writing, software
  11 + * distributed under the License is distributed on an "AS IS" BASIS,
  12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 + * See the License for the specific language governing permissions and
  14 + * limitations under the License.
  15 + */
  16 +package org.thingsboard.server.service.telemetry;
  17 +
  18 +import com.google.common.util.concurrent.FutureCallback;
  19 +import org.thingsboard.rule.engine.api.RuleEngineTelemetryService;
  20 +import org.thingsboard.server.common.data.id.EntityId;
  21 +import org.thingsboard.server.common.data.id.TenantId;
  22 +import org.thingsboard.server.common.data.kv.AttributeKvEntry;
  23 +import org.thingsboard.server.common.data.kv.TsKvEntry;
  24 +
  25 +import java.util.List;
  26 +
  27 +/**
  28 + * Created by ashvayka on 27.03.18.
  29 + */
  30 +public interface InternalTelemetryService extends RuleEngineTelemetryService {
  31 +
  32 + void saveAndNotifyInternal(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, long ttl, FutureCallback<Void> callback);
  33 +
  34 + void saveAndNotifyInternal(TenantId tenantId, EntityId entityId, String scope, List<AttributeKvEntry> attributes, boolean notifyDevice, FutureCallback<Void> callback);
  35 +
  36 + void saveLatestAndNotifyInternal(TenantId tenantId, EntityId entityId, List<TsKvEntry> ts, FutureCallback<Void> callback);
  37 +
  38 + void deleteAndNotifyInternal(TenantId tenantId, EntityId entityId, String scope, List<String> keys, FutureCallback<Void> callback);
  39 +
  40 + void deleteLatestInternal(TenantId tenantId, EntityId entityId, List<String> keys, FutureCallback<Void> callback);
  41 +
  42 +
  43 +
  44 +}
@@ -22,6 +22,6 @@ import org.thingsboard.server.queue.discovery.PartitionChangeEvent; @@ -22,6 +22,6 @@ import org.thingsboard.server.queue.discovery.PartitionChangeEvent;
22 /** 22 /**
23 * Created by ashvayka on 27.03.18. 23 * Created by ashvayka on 27.03.18.
24 */ 24 */
25 -public interface TelemetrySubscriptionService extends RuleEngineTelemetryService, ApplicationListener<PartitionChangeEvent> { 25 +public interface TelemetrySubscriptionService extends InternalTelemetryService, ApplicationListener<PartitionChangeEvent> {
26 26
27 } 27 }