floraachy
/
console
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: make certain system indices accessible in visualization data api

This commit is contained in:
liugq 2024-03-26 12:20:44 +08:00
parent 585a6fbe6b
commit 63cd503c38
1 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
plugin/api/insight/metadata.go
View File

@ -8,15 +8,20 @@ import (
"bytes" "bytes"
"github.com/Knetic/govaluate" "github.com/Knetic/govaluate"
log "github.com/cihub/seelog" log "github.com/cihub/seelog"
"text/template" "infini.sh/console/model/alerting"
"infini.sh/console/model/insight" "infini.sh/console/model/insight"
httprouter "infini.sh/framework/core/api/router" httprouter "infini.sh/framework/core/api/router"
"infini.sh/framework/core/elastic" "infini.sh/framework/core/elastic"
"infini.sh/framework/core/event"
"infini.sh/framework/core/global"
"infini.sh/framework/core/orm" "infini.sh/framework/core/orm"
"infini.sh/framework/core/radix"
"infini.sh/framework/core/util" "infini.sh/framework/core/util"
"math" "math"
"net/http" "net/http"
"strings" "strings"
"sync"
"text/template"
) )
func (h *InsightAPI) HandleGetPreview(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { func (h *InsightAPI) HandleGetPreview(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
@ -181,9 +186,12 @@ func (h *InsightAPI) HandleGetMetricData(w http.ResponseWriter, req *http.Reques
} }
clusterID := ps.MustGetParameter("id") clusterID := ps.MustGetParameter("id")
if !h.IsIndexAllowed(req, clusterID, reqBody.IndexPattern){ if !h.IsIndexAllowed(req, clusterID, reqBody.IndexPattern){
allowedSystemIndices := getAllowedSystemIndices()
if clusterID != global.MustLookupString(elastic.GlobalSystemElasticsearchID) || !radix.Compile(allowedSystemIndices...).Match(reqBody.IndexPattern){
h.WriteError(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) h.WriteError(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return return
} }
}
reqBody.ClusterId = clusterID reqBody.ClusterId = clusterID
metricData, err := getMetricData(&reqBody) metricData, err := getMetricData(&reqBody)
if err != nil { if err != nil {
@ -195,6 +203,21 @@ func (h *InsightAPI) HandleGetMetricData(w http.ResponseWriter, req *http.Reques
h.WriteJSON(w, metricData, http.StatusOK) h.WriteJSON(w, metricData, http.StatusOK)
} }
var (
allowedSystemIndicesOnce sync.Once
allowedSystemIndices []string
)
func getAllowedSystemIndices() []string {
allowedSystemIndicesOnce.Do(func() {
metricIndexName := orm.GetWildcardIndexName(event.Event{})
activityIndexName := orm.GetIndexName(event.Activity{})
clusterIndexName := orm.GetIndexName(elastic.ElasticsearchConfig{})
alertMessageIndexName := orm.GetIndexName(alerting.AlertMessage{})
allowedSystemIndices = []string{metricIndexName, activityIndexName, clusterIndexName, alertMessageIndexName}
})
return allowedSystemIndices
}
func getMetricData(metric *insight.Metric) (interface{}, error) { func getMetricData(metric *insight.Metric) (interface{}, error) {
query, err := GenerateQuery(metric) query, err := GenerateQuery(metric)
if err != nil { if err != nil {