From 10700bf6895a87c81e5c14fe7105c7c5f1c96b0c Mon Sep 17 00:00:00 2001 From: area363 Date: Wed, 25 Oct 2023 16:12:38 +0900 Subject: [PATCH] add whitelist --- Lib9c | 2 +- .../IMutableAccessControlService.cs | 2 ++ .../MutableRedisAccessControlService.cs | 12 +++++++- .../MutableSqliteAccessControlService.cs | 28 ++++++++++++++++++- .../AccessControlServiceController.cs | 14 ++++++++++ .../Services/RedisAccessControlService.cs | 13 +++++++++ .../Services/SQLiteAccessControlService.cs | 19 ++++++++++++- 7 files changed, 86 insertions(+), 4 deletions(-) diff --git a/Lib9c b/Lib9c index aa95dcffd..d308cbde3 160000 --- a/Lib9c +++ b/Lib9c @@ -1 +1 @@ -Subproject commit aa95dcffd5f6dac64da413aa1b67bbf6a61b0be9 +Subproject commit d308cbde3f750d9c4f4ac0b56145712f20154fe7 diff --git a/NineChronicles.Headless.AccessControlCenter/AccessControlService/IMutableAccessControlService.cs b/NineChronicles.Headless.AccessControlCenter/AccessControlService/IMutableAccessControlService.cs index aa8207174..20fd00cb2 100644 --- a/NineChronicles.Headless.AccessControlCenter/AccessControlService/IMutableAccessControlService.cs +++ b/NineChronicles.Headless.AccessControlCenter/AccessControlService/IMutableAccessControlService.cs @@ -8,6 +8,8 @@ public interface IMutableAccessControlService : IAccessControlService { void DenyAccess(Address address); void AllowAccess(Address address); + void DenyWhiteList(Address address); + void AllowWhiteList(Address address); List
ListBlockedAddresses(int offset, int limit); } } diff --git a/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableRedisAccessControlService.cs b/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableRedisAccessControlService.cs index b3858de26..b38ef64c2 100644 --- a/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableRedisAccessControlService.cs +++ b/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableRedisAccessControlService.cs @@ -18,7 +18,7 @@ public MutableRedisAccessControlService(string storageUri) public void DenyAccess(Address address) { - _db.StringSet(address.ToString(), "denied"); + _db.StringSet(address.ToString(), "0"); } public void AllowAccess(Address address) @@ -26,6 +26,16 @@ public void AllowAccess(Address address) _db.KeyDelete(address.ToString()); } + public void DenyWhiteList(Address address) + { + _db.KeyDelete(address.ToString()); + } + + public void AllowWhiteList(Address address) + { + _db.StringSet(address.ToString(), "1"); + } + public List
ListBlockedAddresses(int offset, int limit) { var server = _db.Multiplexer.GetServer(_db.Multiplexer.GetEndPoints().First()); diff --git a/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableSqliteAccessControlService.cs b/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableSqliteAccessControlService.cs index 2c10ed525..02ccc967b 100644 --- a/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableSqliteAccessControlService.cs +++ b/NineChronicles.Headless.AccessControlCenter/AccessControlService/MutableSqliteAccessControlService.cs @@ -9,9 +9,13 @@ namespace NineChronicles.Headless.AccessControlCenter.AccessControlService public class MutableSqliteAccessControlService : SQLiteAccessControlService, IMutableAccessControlService { private const string DenyAccessSql = - "INSERT OR IGNORE INTO blocklist (address) VALUES (@Address)"; + "INSERT OR IGNORE INTO blocklist (address) VALUES (@Address, 0)"; private const string AllowAccessSql = "DELETE FROM blocklist WHERE address=@Address"; + private const string AllowWhiteListSql = + "INSERT OR IGNORE INTO blocklist (address) VALUES (@Address, 0)"; + private const string DenyWhiteListSql = "DELETE FROM blocklist WHERE address=@Address"; + public MutableSqliteAccessControlService(string connectionString) : base(connectionString) { } @@ -38,6 +42,28 @@ public void AllowAccess(Address address) command.ExecuteNonQuery(); } + public void DenyWhiteList(Address address) + { + using var connection = new SqliteConnection(_connectionString); + connection.Open(); + + using var command = connection.CreateCommand(); + command.CommandText = DenyWhiteListSql; + command.Parameters.AddWithValue("@Address", address.ToString()); + command.ExecuteNonQuery(); + } + + public void AllowWhiteList(Address address) + { + using var connection = new SqliteConnection(_connectionString); + connection.Open(); + + using var command = connection.CreateCommand(); + command.CommandText = AllowWhiteListSql; + command.Parameters.AddWithValue("@Address", address.ToString()); + command.ExecuteNonQuery(); + } + public List
ListBlockedAddresses(int offset, int limit) { var blockedAddresses = new List
(); diff --git a/NineChronicles.Headless.AccessControlCenter/Controllers/AccessControlServiceController.cs b/NineChronicles.Headless.AccessControlCenter/Controllers/AccessControlServiceController.cs index 65f3b6d59..946dc08fd 100644 --- a/NineChronicles.Headless.AccessControlCenter/Controllers/AccessControlServiceController.cs +++ b/NineChronicles.Headless.AccessControlCenter/Controllers/AccessControlServiceController.cs @@ -36,6 +36,20 @@ public ActionResult AllowAccess(string address) return Ok(); } + [HttpPost("entries/{address}/deny-whitelist")] + public ActionResult DenyWhiteList(string address) + { + _accessControlService.DenyWhiteList(new Address(address)); + return Ok(); + } + + [HttpPost("entries/{address}/allow-whitelist")] + public ActionResult AllowWhiteList(string address) + { + _accessControlService.AllowWhiteList(new Address(address)); + return Ok(); + } + [HttpGet("entries")] public ActionResult> ListBlockedAddresses(int offset, int limit) { diff --git a/NineChronicles.Headless/Services/RedisAccessControlService.cs b/NineChronicles.Headless/Services/RedisAccessControlService.cs index fb5e240aa..8ca09cec4 100644 --- a/NineChronicles.Headless/Services/RedisAccessControlService.cs +++ b/NineChronicles.Headless/Services/RedisAccessControlService.cs @@ -1,5 +1,7 @@ +using System; using StackExchange.Redis; using Libplanet.Crypto; +using Microsoft.AspNetCore.Mvc.Filters; using Nekoyume.Blockchain; using Serilog; @@ -26,5 +28,16 @@ public bool IsAccessDenied(Address address) return result; } + + public int GetAccessLevel(Address address) + { + RedisValue result = _db.StringGet(address.ToString()); + if (result.IsNull) + { + result = "-1"; + } + + return Convert.ToInt32(result); + } } } diff --git a/NineChronicles.Headless/Services/SQLiteAccessControlService.cs b/NineChronicles.Headless/Services/SQLiteAccessControlService.cs index e3dae9221..8a1eaeb1a 100644 --- a/NineChronicles.Headless/Services/SQLiteAccessControlService.cs +++ b/NineChronicles.Headless/Services/SQLiteAccessControlService.cs @@ -1,3 +1,4 @@ +using System; using Microsoft.Data.Sqlite; using Libplanet.Crypto; using Nekoyume.Blockchain; @@ -8,9 +9,11 @@ namespace NineChronicles.Headless.Services public class SQLiteAccessControlService : IAccessControlService { private const string CreateTableSql = - "CREATE TABLE IF NOT EXISTS blocklist (address VARCHAR(42))"; + "CREATE TABLE IF NOT EXISTS blocklist (address VARCHAR(42), level INT)"; private const string CheckAccessSql = "SELECT EXISTS(SELECT 1 FROM blocklist WHERE address=@Address)"; + private const string CheckAccessLevelSql = + "SELECT level FROM blocklist WHERE address=@Address"; protected readonly string _connectionString; @@ -46,5 +49,19 @@ public bool IsAccessDenied(Address address) return result; } + + public int GetAccessLevel(Address address) + { + using var connection = new SqliteConnection(_connectionString); + connection.Open(); + + using var command = connection.CreateCommand(); + command.CommandText = CheckAccessLevelSql; + command.Parameters.AddWithValue("@Address", address.ToString()); + + var queryResult = command.ExecuteScalar() ?? "-1"; + + return Convert.ToInt32(queryResult); + } } }