From a4795ed74a85a24b59a0aa81614a1c7c35f214fe Mon Sep 17 00:00:00 2001
From: blavenie <benoit.lavenier@e-is.pro>
Date: Wed, 8 Feb 2017 17:37:48 +0100
Subject: [PATCH] Security: Allow to post on <currency>/block/_search
---
.../src/main/assembly/config/elasticsearch.yml | 2 +-
.../src/test/es-home/config/elasticsearch.yml | 2 +-
.../main/java/org/duniter/elasticsearch/PluginInit.java | 9 ++++++++-
.../rest/security/RestSecurityController.java | 4 ++++
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/duniter4j-es-assembly/src/main/assembly/config/elasticsearch.yml b/duniter4j-es-assembly/src/main/assembly/config/elasticsearch.yml
index 743b8bcb..31be3af2 100644
--- a/duniter4j-es-assembly/src/main/assembly/config/elasticsearch.yml
+++ b/duniter4j-es-assembly/src/main/assembly/config/elasticsearch.yml
@@ -151,7 +151,7 @@ duniter.security.enable: true
# Should synchronize data using P2P
#
duniter.data.sync.enable: true
-duniter.data.sync.host: data.duniter.fr
+duniter.data.sync.host: data.gtest.duniter.fr
duniter.data.sync.port: 80
# ---------------------------------- Duniter4j SMTP server -------------------------
diff --git a/duniter4j-es-assembly/src/test/es-home/config/elasticsearch.yml b/duniter4j-es-assembly/src/test/es-home/config/elasticsearch.yml
index 3b4f087e..850b5ddd 100644
--- a/duniter4j-es-assembly/src/test/es-home/config/elasticsearch.yml
+++ b/duniter4j-es-assembly/src/test/es-home/config/elasticsearch.yml
@@ -127,7 +127,7 @@ duniter.blockchain.sync.enable: true
# Duniter node to synchronize
#
-duniter.host: gtest.duniter.fr
+duniter.host: gtest.duniter.org
duniter.port: 10900
#
diff --git a/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/PluginInit.java b/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/PluginInit.java
index a35f55c7..b8d4bde5 100644
--- a/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/PluginInit.java
+++ b/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/PluginInit.java
@@ -116,13 +116,20 @@ public class PluginInit extends AbstractLifecycleComponent<PluginInit> {
// Index (or refresh) node's currency
Currency currency = injector.getInstance(CurrencyService.class).indexCurrencyFromPeer(peer, true);
- // Add access to currency index
+ // Add access to currency/block index
injector.getInstance(RestSecurityController.class).allowIndexType(RestRequest.Method.GET,
currency.getCurrency(),
BlockchainService.BLOCK_TYPE);
+ injector.getInstance(RestSecurityController.class).allowPostSearchIndexType(
+ currency.getCurrency(),
+ BlockchainService.BLOCK_TYPE);
+ // Add access to currency/peer index
injector.getInstance(RestSecurityController.class).allowIndexType(RestRequest.Method.GET,
currency.getCurrency(),
BlockchainService.PEER_TYPE);
+ injector.getInstance(RestSecurityController.class).allowPostSearchIndexType(
+ currency.getCurrency(),
+ BlockchainService.PEER_TYPE);
// Index blocks (and listen if new block appear)
injector.getInstance(BlockchainService.class)
diff --git a/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/rest/security/RestSecurityController.java b/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/rest/security/RestSecurityController.java
index 19600410..6da9bb84 100644
--- a/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/rest/security/RestSecurityController.java
+++ b/duniter4j-es-core/src/main/java/org/duniter/elasticsearch/rest/security/RestSecurityController.java
@@ -57,6 +57,10 @@ public class RestSecurityController extends AbstractLifecycleComponent<RestSecur
return allow(method, String.format("/%s/%s(/.*)?", index, type));
}
+ public RestSecurityController allowPostSearchIndexType(String index, String type) {
+ return allow(RestRequest.Method.POST, String.format("/%s/%s/_search", index, type));
+ }
+
public RestSecurityController allowImageAttachment(String index, String type, String field) {
return allow(RestRequest.Method.GET, String.format("/%s/%s/[^/]+/_image/%s.*", index, type, field));
}
--
GitLab