add whitelist

planetarium · Oct 25, 2023 · 10700bf · 10700bf
1 parent cade52b
commit 10700bf
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 4 deletions.
diff --git a/Lib9c b/Lib9c
diff --git a/...onicles.Headless.AccessControlCenter/AccessControlService/IMutableAccessControlService.cs b/...onicles.Headless.AccessControlCenter/AccessControlService/IMutableAccessControlService.cs
@@ -8,6 +8,8 @@ public interface IMutableAccessControlService : IAccessControlService
     {
         void DenyAccess(Address address);
         void AllowAccess(Address address);
+        void DenyWhiteList(Address address);
+        void AllowWhiteList(Address address);
         List<Address> ListBlockedAddresses(int offset, int limit);
     }
 }
diff --git a/...les.Headless.AccessControlCenter/AccessControlService/MutableRedisAccessControlService.cs b/...les.Headless.AccessControlCenter/AccessControlService/MutableRedisAccessControlService.cs
@@ -18,14 +18,24 @@ public MutableRedisAccessControlService(string storageUri)
 
         public void DenyAccess(Address address)
         {
-            _db.StringSet(address.ToString(), "denied");
+            _db.StringSet(address.ToString(), "0");
         }
 
         public void AllowAccess(Address address)
         {
             _db.KeyDelete(address.ToString());
         }
 
+        public void DenyWhiteList(Address address)
+        {
+            _db.KeyDelete(address.ToString());
+        }
+
+        public void AllowWhiteList(Address address)
+        {
+            _db.StringSet(address.ToString(), "1");
+        }
+
         public List<Address> ListBlockedAddresses(int offset, int limit)
         {
             var server = _db.Multiplexer.GetServer(_db.Multiplexer.GetEndPoints().First());

diff --git a/...es.Headless.AccessControlCenter/AccessControlService/MutableSqliteAccessControlService.cs b/...es.Headless.AccessControlCenter/AccessControlService/MutableSqliteAccessControlService.cs
@@ -9,9 +9,13 @@ namespace NineChronicles.Headless.AccessControlCenter.AccessControlService
     public class MutableSqliteAccessControlService : SQLiteAccessControlService, IMutableAccessControlService
     {
         private const string DenyAccessSql =
-            "INSERT OR IGNORE INTO blocklist (address) VALUES (@Address)";
+            "INSERT OR IGNORE INTO blocklist (address) VALUES (@Address, 0)";
         private const string AllowAccessSql = "DELETE FROM blocklist WHERE address=@Address";
 
+        private const string AllowWhiteListSql =
+            "INSERT OR IGNORE INTO blocklist (address) VALUES (@Address, 0)";
+        private const string DenyWhiteListSql = "DELETE FROM blocklist WHERE address=@Address";
+
         public MutableSqliteAccessControlService(string connectionString) : base(connectionString)
         {
         }
@@ -38,6 +42,28 @@ public void AllowAccess(Address address)
             command.ExecuteNonQuery();
         }
 
+        public void DenyWhiteList(Address address)
+        {
+            using var connection = new SqliteConnection(_connectionString);
+            connection.Open();
+
+            using var command = connection.CreateCommand();
+            command.CommandText = DenyWhiteListSql;
+            command.Parameters.AddWithValue("@Address", address.ToString());
+            command.ExecuteNonQuery();
+        }
+
+        public void AllowWhiteList(Address address)
+        {
+            using var connection = new SqliteConnection(_connectionString);
+            connection.Open();
+
+            using var command = connection.CreateCommand();
+            command.CommandText = AllowWhiteListSql;
+            command.Parameters.AddWithValue("@Address", address.ToString());
+            command.ExecuteNonQuery();
+        }
+
         public List<Address> ListBlockedAddresses(int offset, int limit)
         {
             var blockedAddresses = new List<Address>();

diff --git a/NineChronicles.Headless.AccessControlCenter/Controllers/AccessControlServiceController.cs b/NineChronicles.Headless.AccessControlCenter/Controllers/AccessControlServiceController.cs
@@ -36,6 +36,20 @@ public ActionResult AllowAccess(string address)
             return Ok();
         }
 
+        [HttpPost("entries/{address}/deny-whitelist")]
+        public ActionResult DenyWhiteList(string address)
+        {
+            _accessControlService.DenyWhiteList(new Address(address));
+            return Ok();
+        }
+
+        [HttpPost("entries/{address}/allow-whitelist")]
+        public ActionResult AllowWhiteList(string address)
+        {
+            _accessControlService.AllowWhiteList(new Address(address));
+            return Ok();
+        }
+
         [HttpGet("entries")]
         public ActionResult<List<string>> ListBlockedAddresses(int offset, int limit)
         {

diff --git a/NineChronicles.Headless/Services/RedisAccessControlService.cs b/NineChronicles.Headless/Services/RedisAccessControlService.cs
@@ -1,5 +1,7 @@
+using System;
 using StackExchange.Redis;
 using Libplanet.Crypto;
+using Microsoft.AspNetCore.Mvc.Filters;
 using Nekoyume.Blockchain;
 using Serilog;
 
@@ -26,5 +28,16 @@ public bool IsAccessDenied(Address address)
 
             return result;
         }
+
+        public int GetAccessLevel(Address address)
+        {
+            RedisValue result = _db.StringGet(address.ToString());
+            if (result.IsNull)
+            {
+                result = "-1";
+            }
+
+            return Convert.ToInt32(result);
+        }
     }
 }
diff --git a/NineChronicles.Headless/Services/SQLiteAccessControlService.cs b/NineChronicles.Headless/Services/SQLiteAccessControlService.cs
@@ -1,3 +1,4 @@
+using System;
 using Microsoft.Data.Sqlite;
 using Libplanet.Crypto;
 using Nekoyume.Blockchain;
@@ -8,9 +9,11 @@ namespace NineChronicles.Headless.Services
     public class SQLiteAccessControlService : IAccessControlService
     {
         private const string CreateTableSql =
-            "CREATE TABLE IF NOT EXISTS blocklist (address VARCHAR(42))";
+            "CREATE TABLE IF NOT EXISTS blocklist (address VARCHAR(42), level INT)";
         private const string CheckAccessSql =
             "SELECT EXISTS(SELECT 1 FROM blocklist WHERE address=@Address)";
+        private const string CheckAccessLevelSql =
+            "SELECT level FROM blocklist WHERE address=@Address";
 
         protected readonly string _connectionString;
 
@@ -46,5 +49,19 @@ public bool IsAccessDenied(Address address)
 
             return result;
         }
+
+        public int GetAccessLevel(Address address)
+        {
+            using var connection = new SqliteConnection(_connectionString);
+            connection.Open();
+
+            using var command = connection.CreateCommand();
+            command.CommandText = CheckAccessLevelSql;
+            command.Parameters.AddWithValue("@Address", address.ToString());
+
+            var queryResult = command.ExecuteScalar() ?? "-1";
+
+            return Convert.ToInt32(queryResult);
+        }
     }
 }
+2 −0		Lib9c.Policy/AccessControlService/IAccessControlService.cs
+6 −2		Lib9c.Policy/NCStagePolicy.cs