dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added domain validation (#12248)

Browse Source 
* added domain validation

* deleted empty line

* fixed controller test

* deleted redundant check
This commit is contained in:
Daria Shevchenko 2024-12-16 11:45:57 +02:00 committed by GitHub
parent 7776533e85
commit fc905e4e09
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dao/src/main/java/org/thingsboard/server/dao/domain/DomainServiceImpl.java
View File

@ -35,6 +35,7 @@ import org.thingsboard.server.dao.entity.AbstractEntityService;
import org.thingsboard.server.dao.eventsourcing.DeleteEntityEvent; import org.thingsboard.server.dao.eventsourcing.DeleteEntityEvent;
import org.thingsboard.server.dao.eventsourcing.SaveEntityEvent; import org.thingsboard.server.dao.eventsourcing.SaveEntityEvent;
import org.thingsboard.server.dao.oauth2.OAuth2ClientDao; import org.thingsboard.server.dao.oauth2.OAuth2ClientDao;
import org.thingsboard.server.dao.service.validator.DomainDataValidator;
import java.util.Comparator; import java.util.Comparator;
import java.util.List; import java.util.List;
@ -53,11 +54,14 @@ public class DomainServiceImpl extends AbstractEntityService implements DomainSe
private OAuth2ClientDao oauth2ClientDao; private OAuth2ClientDao oauth2ClientDao;
@Autowired @Autowired
private DomainDao domainDao; private DomainDao domainDao;
@Autowired
private DomainDataValidator domainDataValidator;
@Override @Override
public Domain saveDomain(TenantId tenantId, Domain domain) { public Domain saveDomain(TenantId tenantId, Domain domain) {
log.trace("Executing saveDomain [{}]", domain); log.trace("Executing saveDomain [{}]", domain);
try { try {
domainDataValidator.validate(domain, Domain::getTenantId);
Domain savedDomain = domainDao.save(tenantId, domain); Domain savedDomain = domainDao.save(tenantId, domain);
eventPublisher.publishEvent(SaveEntityEvent.builder().tenantId(tenantId).entityId(savedDomain.getId()).entity(savedDomain).build()); eventPublisher.publishEvent(SaveEntityEvent.builder().tenantId(tenantId).entityId(savedDomain.getId()).entity(savedDomain).build());
return savedDomain; return savedDomain;

15
dao/src/main/java/org/thingsboard/server/dao/service/DataValidator.java
View File

@ -43,7 +43,10 @@ public abstract class DataValidator<D extends BaseData<?>> {
Pattern.compile("^[A-Z0-9_!#$%&'*+/=?`{|}~^.-]+@[A-Z0-9.-]+\\.[A-Z]{2,}$", Pattern.CASE_INSENSITIVE); Pattern.compile("^[A-Z0-9_!#$%&'*+/=?`{|}~^.-]+@[A-Z0-9.-]+\\.[A-Z]{2,}$", Pattern.CASE_INSENSITIVE);
private static final Pattern QUEUE_PATTERN = Pattern.compile("^[a-zA-Z0-9_.\\-]+$"); private static final Pattern QUEUE_PATTERN = Pattern.compile("^[a-zA-Z0-9_.\\-]+$");
private static final String DOMAIN_REGEX = "^(((?!-))(xn--|_)?[a-z0-9-]{0,61}[a-z0-9]{1,1}\\.)*(xn--)?([a-z0-9][a-z0-9\\-]{0,60}|[a-z0-9-]{1,30}\\.[a-z]{2,})$";
private static final Pattern DOMAIN_PATTERN = Pattern.compile(DOMAIN_REGEX);
private static final String LOCALHOST_REGEX = "^localhost(:\\d{1,5})?$";
private static final Pattern LOCALHOST_PATTERN = Pattern.compile(LOCALHOST_REGEX);
private static final String NAME = "name"; private static final String NAME = "name";
private static final String TOPIC = "topic"; private static final String TOPIC = "topic";
@ -171,4 +174,14 @@ public abstract class DataValidator<D extends BaseData<?>> {
} }
} }
public static boolean isValidDomain(String domainName) {
if (domainName == null) {
return false;
}
if (LOCALHOST_PATTERN.matcher(domainName).matches()) {
return true;
}
return DOMAIN_PATTERN.matcher(domainName).matches();
}
} }

32
dao/src/main/java/org/thingsboard/server/dao/service/validator/DomainDataValidator.java Normal file
View File

@ -0,0 +1,32 @@
/**
* Copyright © 2016-2024 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.dao.service.validator;
import org.springframework.stereotype.Component;
import org.thingsboard.server.common.data.domain.Domain;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.dao.exception.IncorrectParameterException;
@Component
public class DomainDataValidator extends AbstractHasOtaPackageValidator<Domain> {
@Override
protected void validateDataImpl(TenantId tenantId, Domain domain) {
if (!isValidDomain(domain.getName())) {
throw new IncorrectParameterException("Domain name " + domain.getName() + " is invalid");
}
}
}

2
dao/src/test/java/org/thingsboard/server/dao/service/DomainServiceTest.java
View File

@ -90,7 +90,7 @@ public class DomainServiceTest extends AbstractServiceTest {
public void testGetTenantDomains() { public void testGetTenantDomains() {
List<Domain> domains = new ArrayList<>(); List<Domain> domains = new ArrayList<>();
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
Domain oAuth2Client = constructDomain(TenantId.SYS_TENANT_ID, StringUtils.randomAlphabetic(5), true, false); Domain oAuth2Client = constructDomain(TenantId.SYS_TENANT_ID, StringUtils.randomAlphabetic(5).toLowerCase(), true, false);
Domain savedOauth2Client = domainService.saveDomain(SYSTEM_TENANT_ID, oAuth2Client); Domain savedOauth2Client = domainService.saveDomain(SYSTEM_TENANT_ID, oAuth2Client);
domains.add(savedOauth2Client); domains.add(savedOauth2Client);
} }