From a2eab9e5abd9a6c66eb96d173675dfa45abd3b64 Mon Sep 17 00:00:00 2001 From: 710leo <710leo@gmail.com> Date: Fri, 20 Aug 2021 19:45:17 +0800 Subject: [PATCH] refactor: delete csrf check and some v1 api --- http/router.go | 155 +++++++------------------------------------------ 1 file changed, 21 insertions(+), 134 deletions(-) diff --git a/http/router.go b/http/router.go index 3cb6db6d..c9e048c1 100644 --- a/http/router.go +++ b/http/router.go @@ -7,19 +7,20 @@ import ( "github.com/gin-contrib/gzip" "github.com/gin-contrib/pprof" "github.com/gin-gonic/gin" - "github.com/toolkits/csrf" "github.com/didi/nightingale/v5/config" ) func configRoutes(r *gin.Engine) { - csrfMid := csrf.Middleware(csrf.Options{ - Secret: config.Config.HTTP.CsrfSecret, - ErrorFunc: func(c *gin.Context) { - c.JSON(452, gin.H{"err": "csrf token mismatch"}) - c.Abort() - }, - }) + /* + csrfMid := csrf.Middleware(csrf.Options{ + Secret: config.Config.HTTP.CsrfSecret, + ErrorFunc: func(c *gin.Context) { + c.JSON(452, gin.H{"err": "csrf token mismatch"}) + c.Abort() + }, + }) + */ if config.Config.HTTP.Pprof { pprof.Register(r, "/api/debug/pprof") @@ -51,12 +52,14 @@ func configRoutes(r *gin.Engine) { } // for brower, expose location in nginx.conf - pages := r.Group("/api/n9e", csrfMid) + pages := r.Group("/api/n9e") { - pages.GET("/csrf", func(c *gin.Context) { - renderData(c, csrf.GetToken(c), nil) - }) + /* + pages.GET("/csrf", func(c *gin.Context) { + renderData(c, csrf.GetToken(c), nil) + }) + */ pages.GET("/roles", rolesGet) pages.GET("/self/profile", selfProfileGet) @@ -180,7 +183,7 @@ func configRoutes(r *gin.Engine) { } // for brower, expose location in nginx.conf - pagesV2 := r.Group("/api/n9e/v2", csrfMid) + pagesV2 := r.Group("/api/n9e/v2") { pagesV2.POST("/collect-rules", login(), collectRulesAdd) } @@ -188,135 +191,19 @@ func configRoutes(r *gin.Engine) { // for thirdparty, do not expose location in nginx.conf v1 := r.Group("/v1/n9e") { - v1.GET("/roles", rolesGet) - v1.GET("/self/profile", selfProfileGet) - v1.PUT("/self/profile", selfProfilePut) - v1.PUT("/self/password", selfPasswordPut) - v1.GET("/self/token", selfTokenGets) - v1.POST("/self/token", selfTokenPost) - v1.PUT("/self/token", selfTokenPut) - v1.GET("/users", login(), userGets) - v1.POST("/users", admin(), userAddPost) - v1.GET("/user/:id/profile", login(), userProfileGet) - v1.PUT("/user/:id/profile", admin(), userProfilePut) - v1.PUT("/user/:id/status", admin(), userStatusPut) - v1.PUT("/user/:id/password", admin(), userPasswordPut) - v1.DELETE("/user/:id", admin(), userDel) - - v1.GET("/user-groups", login(), userGroupListGet) - v1.GET("/user-groups/mine", login(), userGroupMineGet) - v1.POST("/user-groups", login(), userGroupAdd) - v1.PUT("/user-group/:id", login(), userGroupPut) - v1.GET("/user-group/:id", login(), userGroupGet) - v1.POST("/user-group/:id/members", login(), userGroupMemberAdd) - v1.DELETE("/user-group/:id/members", login(), userGroupMemberDel) - v1.DELETE("/user-group/:id", login(), userGroupDel) - - v1.GET("/classpaths", login(), classpathListGets) - v1.POST("/classpaths", login(), classpathAdd) - v1.PUT("/classpath/:id", login(), classpathPut) - v1.DELETE("/classpath/:id", login(), classpathDel) - v1.POST("/classpath/:id/resources", login(), classpathAddResources) - v1.DELETE("/classpath/:id/resources", login(), classpathDelResources) - v1.GET("/classpath/:id/resources", login(), classpathGetsResources) - - v1.GET("/classpaths/favorites", login(), classpathFavoriteGet) - v1.POST("/classpath/:id/favorites", login(), classpathFavoriteAdd) - v1.DELETE("/classpath/:id/favorites", login(), classpathFavoriteDel) - - v1.GET("/resources", login(), resourcesQuery) - v1.PUT("/resources/note", resourceNotePut) - v1.PUT("/resources/tags", resourceTagsPut) - v1.PUT("/resources/classpaths", resourceClasspathsPut) - v1.PUT("/resources/mute", resourceMutePut) - v1.GET("/resource/:id", login(), resourceGet) - v1.DELETE("/resource/:id", login(), resourceDel) - - v1.GET("/classpath/:id/collect-rules", login(), collectRuleGets) - - v1.GET("/mutes", login(), muteGets) - v1.POST("/mutes", login(), muteAdd) - v1.GET("/mute/:id", login(), muteGet) - v1.DELETE("/mute/:id", login(), muteDel) - - v1.GET("/dashboards", login(), dashboardGets) - v1.POST("/dashboards", login(), dashboardAdd) - v1.GET("/dashboard/:id", login(), dashboardGet) - v1.PUT("/dashboard/:id", login(), dashboardPut) - v1.DELETE("/dashboard/:id", login(), dashboardDel) - v1.POST("/dashboard/:id/favorites", login(), dashboardFavoriteAdd) - v1.DELETE("/dashboard/:id/favorites", login(), dashboardFavoriteDel) - v1.GET("/dashboard/:id/chart-groups", login(), chartGroupGets) - v1.POST("/dashboard/:id/chart-groups", login(), chartGroupAdd) - - v1.PUT("/chart-groups", login(), chartGroupsPut) - v1.DELETE("/chart-group/:id", login(), chartGroupDel) - v1.GET("/chart-group/:id/charts", login(), chartGets) - v1.POST("/chart-group/:id/charts", login(), chartAdd) - v1.PUT("/chart/:id", login(), chartPut) - v1.DELETE("/chart/:id", login(), chartDel) - v1.PUT("/charts/configs", login(), chartConfigsPut) - v1.GET("/charts/tmps", login(), chartTmpGets) - v1.POST("/charts/tmps", login(), chartTmpAdd) - - v1.GET("/alert-rule-groups", login(), alertRuleGroupGets) - v1.POST("/alert-rule-groups", login(), alertRuleGroupAdd) - v1.GET("/alert-rule-group/:id", login(), alertRuleGroupGet) - v1.PUT("/alert-rule-group/:id", login(), alertRuleGroupPut) - v1.DELETE("/alert-rule-group/:id", login(), alertRuleGroupDel) - - v1.GET("/alert-rule-groups/favorites", login(), alertRuleGroupFavoriteGet) - v1.DELETE("/alert-rule-group/:id/favorites", login(), alertRuleGroupFavoriteDel) - v1.POST("/alert-rule-group/:id/favorites", login(), alertRuleGroupFavoriteAdd) - - v1.GET("/alert-rule-group/:id/alert-rules", login(), alertRuleOfGroupGet) - v1.DELETE("/alert-rule-group/:id/alert-rules", login(), alertRuleOfGroupDel) - - v1.POST("/alert-rules", login(), alertRuleAdd) - v1.PUT("/alert-rules/status", login(), alertRuleStatusPut) - v1.PUT("/alert-rules/notify-groups", login(), alertRuleNotifyGroupsPut) - v1.PUT("/alert-rules/notify-channels", login(), alertRuleNotifyChannelsPut) - v1.PUT("/alert-rules/append-tags", login(), alertRuleAppendTagsPut) - v1.GET("/alert-rule/:id", login(), alertRuleGet) - v1.PUT("/alert-rule/:id", login(), alertRulePut) - v1.DELETE("/alert-rule/:id", login(), alertRuleDel) - - v1.GET("/alert-events", login(), alertEventGets) - v1.DELETE("/alert-events", login(), alertEventsDel) - v1.GET("/alert-event/:id", login(), alertEventGet) - v1.DELETE("/alert-event/:id", login(), alertEventDel) - - v1.GET("/history-alert-events", login(), historyAlertEventGets) - v1.GET("/history-alert-event/:id", login(), historyAlertEventGet) - - v1.POST("/collect-rules", login(), collectRuleAdd) - v1.DELETE("/collect-rules", login(), collectRuleDel) - v1.PUT("/collect-rule/:id", login(), collectRulePut) - v1.GET("/collect-rules-belong-to-ident", collectRuleGetsByIdent) - v1.GET("/collect-rules-summary", collectRuleSummaryGetByIdent) - - v1.GET("/metric-descriptions", metricDescriptionGets) - v1.POST("/metric-descriptions", login(), metricDescriptionAdd) - v1.DELETE("/metric-descriptions", login(), metricDescriptionDel) - v1.PUT("/metric-description/:id", login(), metricDescriptionPut) - - v1.GET("/contact-channels", contactChannelsGet) - v1.GET("/notify-channels", notifyChannelsGet) - - v1.POST("/push", PushData) - - v1.GET("/status", Status) - v1.POST("/query", GetData) v1.POST("/instant-query", GetDataInstant) v1.POST("/tag-keys", GetTagKeys) v1.POST("/tag-values", GetTagValues) - v1.POST("/tag-metrics", GetMetrics) v1.POST("/tag-pairs", GetTagPairs) - v1.GET("/check-promql", checkPromeQl) + v1.POST("/tag-metrics", GetMetrics) v1.GET("/can-do-op-by-name", login(), canDoOpByName) v1.GET("/can-do-op-by-token", login(), canDoOpByToken) + v1.POST("/push", PushData) + + v1.GET("/collect-rules-belong-to-ident", collectRuleGetsByIdent) + v1.GET("/collect-rules-summary", collectRuleSummaryGetByIdent) } push := r.Group("/v1/n9e/series").Use(gzip.Gzip(gzip.DefaultCompression))