higress-group · jameszhangyukun · Feb 23, 2023 · CH3CHO · Feb 27, 2023
@@ -15,6 +15,18 @@
 import javax.annotation.Resource;
 import javax.validation.constraints.NotBlank;
 
+import com.alibaba.higress.console.controller.dto.CommonPageQuery;
+import com.alibaba.higress.console.controller.dto.Domain;
+import com.alibaba.higress.console.controller.dto.PaginatedResponse;
+import com.alibaba.higress.console.controller.dto.RoutePageQuery;
+import com.alibaba.higress.console.controller.dto.Route;
+import com.alibaba.higress.console.controller.dto.Response;
+import com.alibaba.higress.console.controller.dto.TlsCertificate;
+import com.alibaba.higress.console.service.TlsCertificateService;
+import com.alibaba.higress.console.controller.exception.ValidationException;
+import com.alibaba.higress.console.controller.util.ControllerUtil;
+import com.alibaba.higress.console.service.DomainService;
+import com.alibaba.higress.console.service.RouteService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.annotation.Validated;
@@ -27,16 +39,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.alibaba.higress.console.controller.dto.CommonPageQuery;
-import com.alibaba.higress.console.controller.dto.Domain;
-import com.alibaba.higress.console.controller.dto.PaginatedResponse;
-import com.alibaba.higress.console.controller.dto.Response;
-import com.alibaba.higress.console.controller.dto.Route;
-import com.alibaba.higress.console.controller.dto.RoutePageQuery;
-import com.alibaba.higress.console.controller.exception.ValidationException;
-import com.alibaba.higress.console.controller.util.ControllerUtil;
-import com.alibaba.higress.console.service.DomainService;
-import com.alibaba.higress.console.service.RouteService;
+import java.util.Objects;
 
 @RestController("DomainsController")
 @RequestMapping("/v1/domains")
@@ -49,13 +52,17 @@ public class DomainsController {
     @Resource
     private RouteService routeService;
 
+    @Resource
+    private TlsCertificateService tlsCertificateService;
+
     @GetMapping
     public ResponseEntity<PaginatedResponse<Domain>> list(CommonPageQuery query) {
         return ControllerUtil.buildResponseEntity(domainService.list(query));
     }
 
     @PostMapping
     public ResponseEntity<Response<Domain>> add(@RequestBody Domain domain) {
+        checkDomainValid(domain);
         return ControllerUtil.buildResponseEntity(domainService.add(domain));
     }
 
@@ -66,23 +73,37 @@ public ResponseEntity<Response<Domain>> query(@PathVariable("name") @NotBlank St
 
     @PutMapping("/{name}")
     public ResponseEntity<Response<Domain>> put(@PathVariable("name") @NotBlank String domainName,
-        @RequestBody Domain domain) {
+                                                @RequestBody Domain domain) {
         if (StringUtils.isEmpty(domain.getName())) {
             domain.setName(domainName);
         } else if (!StringUtils.equals(domainName, domain.getName())) {
             throw new ValidationException("Domain name in the URL doesn't match the one in the body.");
         }
+        checkDomainValid(domain);
         return ControllerUtil.buildResponseEntity(domainService.put(domain));
     }
 
+    private void checkDomainValid(Domain domain) {
+        String message = domain.valid();
+        if (StringUtils.isNotEmpty(message)) {
+            throw new ValidationException("Domain is invalid. Because " + message);
+        }
+        if (domain.getEnableHttps().equals(Domain.EnableHttps.ON.getValue())) {
+            TlsCertificate certificate = tlsCertificateService.query(domain.getCertIdentifier());
+            if (Objects.isNull(certificate)) {
+                throw new ValidationException("domain certificate is not exits.");
+            }
+        }
+    }
+
     @DeleteMapping("/{name}")
     public void delete(@PathVariable("name") @NotBlank String name) {
         domainService.delete(name);
     }
 
     @GetMapping(value = "/{name}/routes")
     public ResponseEntity<PaginatedResponse<Route>> queryRoutes(@PathVariable("name") @NotBlank String name,
-        CommonPageQuery commonPageQuery) {
+                                                                CommonPageQuery commonPageQuery) {
         RoutePageQuery routePageQuery = new RoutePageQuery();
         routePageQuery.setDomainName(name);
         if (commonPageQuery != null) {

@@ -50,17 +50,25 @@ public ResponseEntity<PaginatedResponse<Route>> list(RoutePageQuery query) {
 
     @PostMapping
     public ResponseEntity<Response<Route>> add(@RequestBody Route route) {
+        String message = route.valid();
+        if (StringUtils.isNotEmpty(message)) {
+            throw new ValidationException("Route is invalid. Because " + message);
+        }
         return ControllerUtil.buildResponseEntity(routeService.add(route));
     }
 
     @PutMapping("/{name}")
     public ResponseEntity<Response<Route>> update(@PathVariable("name") @NotBlank String routeName,
-        @RequestBody Route route) {
+                                                  @RequestBody Route route) {
         if (StringUtils.isEmpty(route.getName())) {
             route.setName(routeName);
         } else if (!StringUtils.equals(routeName, route.getName())) {
             throw new ValidationException("Route name in the URL doesn't match the one in the body.");
         }
+        String message = route.valid();
+        if (StringUtils.isNotEmpty(message)) {
+            throw new ValidationException("Route is invalid. Because " + message);
+        }
         return ControllerUtil.buildResponseEntity(routeService.update(route));
     }
 

@@ -60,6 +60,10 @@ public ResponseEntity<PaginatedResponse<TlsCertificate>> list(CommonPageQuery qu
 
     @PostMapping
     public ResponseEntity<Response<TlsCertificate>> add(@RequestBody TlsCertificate certificate) {
+        String message = certificate.valid();
+        if (StringUtils.isNotEmpty(message)) {
+            throw new ValidationException("certificate is not valid. Because " + message);
+        }
         TlsCertificate newCertificate = tlsCertificateService.add(certificate);
         stripSensitiveInfo(newCertificate);
         return ControllerUtil.buildResponseEntity(newCertificate);
@@ -74,12 +78,16 @@ public ResponseEntity<Response<TlsCertificate>> query(@PathVariable("name") @Not
 
     @PutMapping("/{name}")
     public ResponseEntity<Response<TlsCertificate>> put(@PathVariable("name") @NotBlank String certificateName,
-        @RequestBody TlsCertificate certificate) {
+                                                        @RequestBody TlsCertificate certificate) {
         if (StringUtils.isNotEmpty(certificate.getName())) {
             certificate.setName(certificateName);
         } else if (!StringUtils.equals(certificateName, certificate.getName())) {
             throw new ValidationException("TlsCertificate name in the URL doesn't match the one in the body.");
         }
+        String message = certificate.valid();
+        if (StringUtils.isNotEmpty(message)) {
+            throw new ValidationException("certificate is not valid. Because " + message);
+        }
         TlsCertificate updatedCertificate = tlsCertificateService.update(certificate);
         stripSensitiveInfo(updatedCertificate);
         return ControllerUtil.buildResponseEntity(updatedCertificate);

@@ -16,7 +16,11 @@
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
+import lombok.Getter;
 import lombok.NoArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.Objects;
 
 @Data
 @Builder
@@ -25,10 +29,34 @@
 @ApiModel("Gateway Domain")
 public class Domain {
 
-    public static class EnableHttps {
-        public static final String OFF = "off";
-        public static final String ON = "on";
-        public static final String FORCE = "force";
+    @Getter
+    @AllArgsConstructor
+    public enum EnableHttps {
+        /**
+         * OFF
+         */
+        OFF("off"),
+        /**
+         * ON
+         */
+        ON("on"),
+        /**
+         * FORCE
+         */
+        FORCE("force");
+        /**
+         * value is enable http value
+         */
+        private final String value;
+
+        public static EnableHttps getEnum(String value) {
+            for (EnableHttps enableHttps : values()) {
+                if (Objects.equals(enableHttps.value, value)) {
+                    return enableHttps;
+                }
+            }
+            return null;
+        }
     }
 
     private String name;
@@ -38,4 +66,16 @@ public static class EnableHttps {
     private String enableHttps;
 
     private String certIdentifier;
+
+    public String valid() {
+        if (StringUtils.isAnyBlank(name, version)) {
+            return "name and version must be not empty";
+        }
+        if (StringUtils.isNotEmpty(enableHttps)) {
+            if(Objects.isNull(EnableHttps.getEnum(enableHttps))){
+                return "enableHttps must be on or force or off";
+            }
+        }
+        return "";
+    }
 }
@@ -13,6 +13,7 @@
 package com.alibaba.higress.console.controller.dto;
 
 import java.util.List;
+import java.util.Objects;
 
 import com.alibaba.higress.console.controller.dto.route.CorsConfig;
 import com.alibaba.higress.console.controller.dto.route.HeaderControlConfig;
@@ -29,14 +30,15 @@
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 
 @Data
 @Builder
 @NoArgsConstructor
 @AllArgsConstructor
 @ApiModel("Gateway Route")
 public class Route {
-
     private String name;
 
     private String version;
@@ -80,4 +82,20 @@ public class Route {
     private HeaderControlConfig requestHeaderControl;
 
     private HeaderControlConfig responseHeaderControl;
+
+    public String valid() {
+        if (StringUtils.isAnyBlank(name, version)) {
+            return "name, version must be not empty";
+        }
+        if (CollectionUtils.isEmpty(domains)) {
+            return "domains must be not empty";
+        }
+        if (Objects.isNull(path)) {
+            return "path must be not null";
+        }
+        if (StringUtils.isAnyEmpty(path.getMatchType(), path.getMatchValue())) {
+            return "path matchType, matchValue must be not empty";
+        }
+        return "";
+    }
 }
@@ -12,8 +12,10 @@
  */
 package com.alibaba.higress.console.controller.dto;
 
+import java.util.List;
 import java.util.Map;
 
+import com.alibaba.higress.console.util.TypeUtil;
 import org.apache.commons.lang3.StringUtils;
 
 import com.alibaba.higress.console.controller.util.ValidateUtil;
@@ -53,17 +55,26 @@ public boolean valid() {
         if (null == this.getPort() || null == this.getProperties() || !ValidateUtil.checkPort(this.getPort())) {
             return false;
         }
+        if (!ValidateUtil.checkIp(domain) || !ValidateUtil.checkDomain(domain)) {
+            return false;
+        }
         if ((V1McpBridge.REGISTRY_TYPE_NACOS.equals(this.getType())
-            || V1McpBridge.REGISTRY_TYPE_NACOS2.equals(this.getType()))
-            && (null == this.getProperties().get(V1McpBridge.REGISTRY_TYPE_NACOS_NACOSNAMESPACEID) || StringUtils
-                .isBlank((String)this.getProperties().get(V1McpBridge.REGISTRY_TYPE_NACOS_NACOSNAMESPACEID)))) {
+                || V1McpBridge.REGISTRY_TYPE_NACOS2.equals(this.getType()))
+                && (null == this.getProperties().get(V1McpBridge.REGISTRY_TYPE_NACOS_NACOSNAMESPACEID) || StringUtils
+                .isBlank((String) this.getProperties().get(V1McpBridge.REGISTRY_TYPE_NACOS_NACOSNAMESPACEID)))) {
             return false;
         }
-
+        Object zkServicePathObject = this.getProperties().get(V1McpBridge.REGISTRY_TYPE_ZK_ZKSERVICESPATH);
         if (V1McpBridge.REGISTRY_TYPE_ZK.equals(this.getType())
-            && null == this.getProperties().get(V1McpBridge.REGISTRY_TYPE_ZK_ZKSERVICESPATH)) {
+                && null == zkServicePathObject) {
             return false;
         }
+        List<String> zkServicePathList = TypeUtil.object2List(zkServicePathObject, String.class);
+        for (String path : zkServicePathList) {
+            if (!ValidateUtil.checkZkPath(path)) {
+                return false;
+            }
+        }
         return true;
     }
 }
@@ -15,12 +15,15 @@
 import java.time.LocalDateTime;
 import java.util.List;
 
+import com.alibaba.higress.console.controller.util.ValidateUtil;
 import com.fasterxml.jackson.annotation.JsonFormat;
 import io.swagger.annotations.ApiModel;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 
 @Data
 @Builder
@@ -44,4 +47,19 @@ public class TlsCertificate {
 
     @JsonFormat(pattern = "yyyy/MM/dd HH:mm:ss")
     private LocalDateTime validityEnd;
+
+    public String valid() {
+        if (StringUtils.isAnyBlank(name, version, cert, key)) {
+            return "TlsCertificate name, version, cert, key must be not empty";
+        }
+        if (CollectionUtils.isEmpty(domains)) {
+            return "TlsCertificate domains must be not empty";
+        }
+        for (String domain : domains) {
+            if (!ValidateUtil.checkDomain(domain)) {
+                return "domain " + domain + " is not a valid domain";
+            }
+        }
+        return "";
+    }
 }
@@ -22,7 +22,6 @@
 @NoArgsConstructor
 @AllArgsConstructor
 public class RoutePredicate {
-
     /**
      * @see RoutePredicateTypeEnum
      */

@@ -12,11 +12,19 @@
  */
 package com.alibaba.higress.console.controller.util;
 
+import com.google.common.net.InetAddresses;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 public class ValidateUtil {
+    private static final String DOMAIN_PATTERN_REGEX = "^(?!-)[A-Za-z0-9-]{1,63}(?<!-)$";
+    private static final Pattern DOMAIN_PATTERN = Pattern.compile(DOMAIN_PATTERN_REGEX);
 
     /**
      * Validate port number: 1 ~ 65535
-     * 
+     *
      * @param port
      * @return
      */
@@ -26,4 +34,20 @@ public static boolean checkPort(Integer port) {
         }
         return port > 1 && port < 65535;
     }
+
+    public static boolean checkIp(String ip) {
+        return InetAddresses.isInetAddress(ip);
+    }
+
+    public static boolean checkDomain(String domain) {
+        Matcher matcher = DOMAIN_PATTERN.matcher(domain);
+        return matcher.matches();
+    }
+
+    public static boolean checkZkPath(String zkPath) {
+        if (StringUtils.isEmpty(zkPath)) {
+            return false;
+        }
+        return zkPath.startsWith("/");
+    }
 }