From 323c71402b48a5c8315a691b8e7c466395fabd7d Mon Sep 17 00:00:00 2001 From: Flokster Date: Tue, 18 Nov 2025 15:06:43 +0100 Subject: [PATCH 1/8] Commit for Delete sql --- .idea/misc.xml | 1 - .idea/workspace.xml | 43 ++++++++-- .../upr/famnit/managers/DatabaseManager.java | 63 +++++++++++++++ .../managers/connections/Management.java | 80 ++++++++++++++++++- 4 files changed, 180 insertions(+), 7 deletions(-) diff --git a/.idea/misc.xml b/.idea/misc.xml index 89c3cbb..f5d2b78 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -1,4 +1,3 @@ - diff --git a/.idea/workspace.xml b/.idea/workspace.xml index 251fc88..fee8c49 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -10,10 +10,33 @@ + + + - - - + + + + + + + + + + + + + + + + + + + + + + + - diff --git a/src/main/java/upr/famnit/managers/DatabaseManager.java b/src/main/java/upr/famnit/managers/DatabaseManager.java index d92eb6e..f4063dc 100644 --- a/src/main/java/upr/famnit/managers/DatabaseManager.java +++ b/src/main/java/upr/famnit/managers/DatabaseManager.java @@ -124,6 +124,36 @@ public static synchronized Key getKeyByValue(String value) throws SQLException { } } } + /** + * Retrieves a {@link Key} from the {@code keys} table based on its Name. + * + *

This method searches for a key with the specified value and returns the corresponding + * {@link Key} object if found. If no matching key is found, it returns {@code null}.

+ * + * @param name the value of the key to be retrieved + * @return the {@link Key} object if found; {@code null} otherwise + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ + public static synchronized Key getKeyByName(String name) throws SQLException { + String sql = "SELECT * FROM keys WHERE name = ?"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, name); + ResultSet rs = stmt.executeQuery(); + if (rs.next()) { + Key key = new Key( + rs.getInt("id"), + rs.getString("name"), + rs.getString("value"), + rs.getString("role") + ); + Logger.info("Key retrieved: " + key.getName()); + return key; + } else { + Logger.warn("No key found with name: " + name); + return null; + } + } + } /** * Retrieves all {@link Key} entries from the {@code keys} table. @@ -152,4 +182,37 @@ public static synchronized ArrayList getAllKeys() throws SQLException { } return keys; } + + + public static synchronized boolean deleteKeyByName(String name) throws SQLException { + String sql = "DELETE FROM keys WHERE name = ?"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, name); + int affectedRows = stmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Key deleted: " + name); + return true; + } else { + Logger.warn("No key found to delete with name: " + name); + return false; + } + } + } + public static synchronized boolean deleteKeyByValue(String value) throws SQLException{ + String sql = "DELETE FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, value); + int affectedRows = stmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Key deleted: " + value); + return true; + } else { + Logger.warn("No key found to delete with name: " + value); + return false; + } + } + } + + } + diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index 7b37ab6..86f82ae 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -2,6 +2,8 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; import upr.famnit.authentication.*; import upr.famnit.components.*; import upr.famnit.managers.DatabaseManager; @@ -9,6 +11,7 @@ import upr.famnit.util.Logger; import upr.famnit.util.StreamUtil; +import javax.xml.crypto.Data; import java.io.IOException; import java.net.Socket; import java.nio.charset.StandardCharsets; @@ -108,6 +111,8 @@ public void run() { } catch (IOException e) { Logger.error("Error handling proxy management request: " + e.getMessage()); + } catch (SQLException e) { + throw new RuntimeException(e); } Logger.success("Management request finished"); } @@ -135,10 +140,11 @@ private void handleQueueRoute() throws IOException { * * @throws IOException if an I/O error occurs during response transmission */ - private void handleKeyRoute() throws IOException { + private void handleKeyRoute() throws IOException, SQLException { switch (clientRequest.getRequest().getMethod()) { case "GET" -> handleListKeysRequest(); case "POST" -> handleInsertKeyRequest(); + case "DELETE"->handleDeleteKeyRequest(); case null, default -> respond(ResponseFactory.NotFound()); } } @@ -326,6 +332,78 @@ private void handleInsertKeyRequest() throws IOException { respond(ResponseFactory.Ok(validKey.getValue().getBytes(StandardCharsets.UTF_8))); } + /** + * Handles DELETE requests to delete a authentication key from the system if you are not trying. + * to delete ADMIN + *

This method performs the following actions: + *

    + *
  1. Parses the incoming JSON body to create a {@link SubmittedKey} object.
    2. + *
  2. Converts the submitted key into a {@link Key} object.
    3. + *
  3. Deletes the whole record with that key {@link DatabaseManager}.
    4. + *
  4. Sends a successful response containing the key's value.
    5. + *
+ *

+ * + * @throws IOException if an I/O error occurs during request processing or response transmission + */ + private void handleDeleteKeyRequest() throws IOException, SQLException { + Gson gson = new GsonBuilder().create(); + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + + JsonObject jsonObject = JsonParser.parseString(body).getAsJsonObject(); + + String authValue = jsonObject.get("auth").getAsString(); + Key requester = DatabaseManager.getKeyByValue(authValue); + + if (requester == null || (requester.getRole())!=Role.Admin) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + + String value = jsonObject.has("value") ? jsonObject.get("value").getAsString().trim() : ""; + String name = jsonObject.has("name") ? jsonObject.get("name").getAsString().trim() : ""; + Key key = null; + boolean deleteByValue = false; + + + try { + if(!value.isEmpty()){ + key=DatabaseManager.getKeyByValue(value); + deleteByValue=true; + } + if(key==null&&!name.isEmpty()) { + key = DatabaseManager.getKeyByName(name); + } + + if (key != null) { + if(deleteByValue){ + boolean deleted=DatabaseManager.deleteKeyByValue(key.getValue()); + } + else if (!deleteByValue&&key.getRole()!=Role.Admin) { + // Key exists and is NOT Admin → delete it + Logger.log(key.toString()); + boolean deleted = DatabaseManager.deleteKeyByName(key.getName()); + + if (deleted) { + System.out.println("Key deleted: " + key.getName()); + } else { + System.out.println("Failed to delete key: " + key.getName()); + } + } else { + // Admin key → do not delete + System.out.println("Cannot delete Admin key: " + key.getName()); + } + } else { + // Key does not exist + System.out.println("Key not found: " + name); + } + } catch (SQLException e) { + e.printStackTrace(); + } + respond(ResponseFactory.Ok(name.getBytes())); + } + + /** * Handles GET requests to list all authentication keys in the system. * From a4e91fd0d548e268ce51a75c0751c651c9a2accc Mon Sep 17 00:00:00 2001 From: Flokster Date: Wed, 19 Nov 2025 16:28:48 +0100 Subject: [PATCH 2/8] Commit for update to delete and mostly done on update, it still has a few problems. Started working on the solution for Allowed models table and and update database function. Fixed all of the Code comments Documentation still to do --- .idea/workspace.xml | 6 +- .../authentication/AllowedModelsTable.java | 23 ++++ .../java/upr/famnit/authentication/Role.java | 18 +++ .../upr/famnit/authentication/RoleUtil.java | 3 + .../upr/famnit/managers/DatabaseManager.java | 99 ++++++++++++++- .../managers/connections/Management.java | 120 ++++++++++++++---- 6 files changed, 242 insertions(+), 27 deletions(-) create mode 100644 src/main/java/upr/famnit/authentication/AllowedModelsTable.java diff --git a/.idea/workspace.xml b/.idea/workspace.xml index fee8c49..b98e0e0 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -12,8 +12,9 @@ - + + @@ -212,7 +213,8 @@ - + + diff --git a/src/main/java/upr/famnit/authentication/AllowedModelsTable.java b/src/main/java/upr/famnit/authentication/AllowedModelsTable.java new file mode 100644 index 0000000..0b722d4 --- /dev/null +++ b/src/main/java/upr/famnit/authentication/AllowedModelsTable.java @@ -0,0 +1,23 @@ +package upr.famnit.authentication; + +import upr.famnit.components.NodeData; +import upr.famnit.components.WorkerVersion; +import upr.famnit.managers.connections.Worker; + +import java.util.ArrayList; +import java.util.List; + +public class AllowedModelsTable { + private Key key; + private ArrayListtagsAllowed; + + public void SetKey(Key kateri){ + this.key=kateri; + } + public Key getKey(Key kateri){ + return key; + } + public void getArr(){ + + } +} diff --git a/src/main/java/upr/famnit/authentication/Role.java b/src/main/java/upr/famnit/authentication/Role.java index 7e4ce69..e633ca8 100644 --- a/src/main/java/upr/famnit/authentication/Role.java +++ b/src/main/java/upr/famnit/authentication/Role.java @@ -10,6 +10,7 @@ *
  • {@code Client}: Represents a standard client with limited access rights.
    • *
  • {@code Worker}: Represents a worker entity with elevated permissions.
    • *
  • {@code Admin}: Represents an administrator with full access rights.
    • + *
  • {@code Researcher}: Represents an administrator with full access rights.
    • *
  • {@code Unknown}: Represents an undefined or unrecognized role.
    • * *

    @@ -35,6 +36,11 @@ public enum Role { */ Admin, + /** + * Represents a researcher with lower priority queing + */ + Researcher, + /** * Represents an undefined or unrecognized role. */ @@ -60,9 +66,21 @@ public String toString() { case Admin -> { return "Admin"; } + case Researcher ->{ + return "Researcher"; + } default -> { return "Unknown"; } } } + public static Role fromString(String a) { + if (a == null) return null; + try { + return Role.valueOf(a.trim()); + } catch (IllegalArgumentException e) { + return null; // unknown string + } + } + } diff --git a/src/main/java/upr/famnit/authentication/RoleUtil.java b/src/main/java/upr/famnit/authentication/RoleUtil.java index be1a072..ee1bec8 100644 --- a/src/main/java/upr/famnit/authentication/RoleUtil.java +++ b/src/main/java/upr/famnit/authentication/RoleUtil.java @@ -47,6 +47,9 @@ public static Role fromString(String role) { case "admin" -> { return Role.Admin; } + case "researcher"->{ + return Role.Researcher; + } default -> { return Role.Unknown; } diff --git a/src/main/java/upr/famnit/managers/DatabaseManager.java b/src/main/java/upr/famnit/managers/DatabaseManager.java index f4063dc..7b1c773 100644 --- a/src/main/java/upr/famnit/managers/DatabaseManager.java +++ b/src/main/java/upr/famnit/managers/DatabaseManager.java @@ -1,6 +1,7 @@ package upr.famnit.managers; import upr.famnit.authentication.Key; +import upr.famnit.authentication.Role; import upr.famnit.util.Logger; import java.sql.*; @@ -74,6 +75,31 @@ public static synchronized void createKeysTable() throws SQLException { } } + /** + * Creates the {@code AllowedModelsTable} table in the database if it does not already exist. + * + *

    The {@code keys} table stores information about authentication keys, including their + * unique identifier, name, value, and associated role. This method ensures that the + * table structure is in place before any key-related operations are performed.

    + * + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ + /*public static synchronized void createAllowedModelsTable() throws SQLException { + String sql = "CREATE TABLE IF NOT EXISTS allowed_models (\n" + + " key_value TEXT NOT NULL,\n" + + " model_name TEXT NOT NULL,\n" + + " PRIMARY KEY (key_value, model_name)\n" + + ");"; + + try (Connection conn = connect(); Statement statement = conn.createStatement()) { + statement.execute(sql); + Logger.info("Allowed models table created or already exists."); + } + } + + */ + + /** * Inserts a new {@link Key} into the {@code keys} table. * @@ -206,12 +232,79 @@ public static synchronized boolean deleteKeyByValue(String value) throws SQLExce if (affectedRows > 0) { Logger.info("Key deleted: " + value); return true; - } else { - Logger.warn("No key found to delete with name: " + value); - return false; + } + + } + return false; + } + public static synchronized boolean changeKeyNameByName(String oldName, String newName) throws SQLException { + String sql = "UPDATE keys SET name = ? WHERE name = ?"; + + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, newName); + stmt.setString(2, oldName); + + int affectedRows = stmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Key name updated: " + oldName + " → " + newName); + return true; } } + return false; } + public static synchronized boolean changeKeyRoleByName(String name, Role newRole) throws SQLException { + String sql = "UPDATE keys SET role = ? WHERE name = ?"; + + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, newRole.toString()); + stmt.setString(2, name); + + int affectedRows = stmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Key role updated: " + name + " → " + newRole); + return true; + } + } + return false; + } + + public static synchronized boolean changeKeyRoleByAuth(String val, Role newRole) throws SQLException { + String sql = "UPDATE keys SET role = ? WHERE value = ?"; + + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, newRole.name()); + stmt.setString(2, val); + + int affectedRows = stmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Key role updated: " + val + " → " + newRole); + return true; + } + } + return false; + } + + + public static synchronized boolean changeKeyNameByAuth(String value, String newName) throws SQLException { + String sql = "UPDATE keys SET value = ? WHERE name = ?"; + + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, newName); + stmt.setString(2, value); + + int affectedRows = stmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Key name updated: " + value + " → " + newName); + return true; + } + } + return false; + } + } diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index 86f82ae..00ada48 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -8,6 +8,7 @@ import upr.famnit.components.*; import upr.famnit.managers.DatabaseManager; import upr.famnit.managers.Overseer; +import upr.famnit.util.LogLevel; import upr.famnit.util.Logger; import upr.famnit.util.StreamUtil; @@ -118,7 +119,6 @@ public void run() { } - /** * Handles requests to the "/queue" route, managing operations related to the request queue. * @@ -144,7 +144,8 @@ private void handleKeyRoute() throws IOException, SQLException { switch (clientRequest.getRequest().getMethod()) { case "GET" -> handleListKeysRequest(); case "POST" -> handleInsertKeyRequest(); - case "DELETE"->handleDeleteKeyRequest(); + case "DELETE" -> handleDeleteKeyRequest(); + case "UPDATE" -> handleKeyChangeReq(); case null, default -> respond(ResponseFactory.NotFound()); } } @@ -209,7 +210,7 @@ private void handleWorkerHiveVersionRoute() throws IOException { } } - private void handleWorkerCommandRoute() throws IOException { + private void handleWorkerCommandRoute() throws IOException { switch (clientRequest.getRequest().getMethod()) { case "POST" -> handleWorkersCommandRequest(); case null, default -> respond(ResponseFactory.NotFound()); @@ -355,7 +356,7 @@ private void handleDeleteKeyRequest() throws IOException, SQLException { String authValue = jsonObject.get("auth").getAsString(); Key requester = DatabaseManager.getKeyByValue(authValue); - if (requester == null || (requester.getRole())!=Role.Admin) { + if (requester == null || (requester.getRole()) != Role.Admin) { respond(ResponseFactory.MethodNotAllowed()); return; } @@ -367,40 +368,39 @@ private void handleDeleteKeyRequest() throws IOException, SQLException { try { - if(!value.isEmpty()){ - key=DatabaseManager.getKeyByValue(value); - deleteByValue=true; + if (!value.isEmpty()) { + key = DatabaseManager.getKeyByValue(value); + deleteByValue = true; } - if(key==null&&!name.isEmpty()) { + if (key == null && !name.isEmpty()) { key = DatabaseManager.getKeyByName(name); } if (key != null) { - if(deleteByValue){ - boolean deleted=DatabaseManager.deleteKeyByValue(key.getValue()); - } - else if (!deleteByValue&&key.getRole()!=Role.Admin) { + if (deleteByValue) { + boolean deleted = DatabaseManager.deleteKeyByValue(key.getValue()); + Logger.log("Key deleted by value: " + key.getValue(), LogLevel.success); + respond(ResponseFactory.Ok(value.getBytes())); + return; + } else if (!deleteByValue && key.getRole() != Role.Admin) { // Key exists and is NOT Admin → delete it Logger.log(key.toString()); boolean deleted = DatabaseManager.deleteKeyByName(key.getName()); if (deleted) { - System.out.println("Key deleted: " + key.getName()); - } else { - System.out.println("Failed to delete key: " + key.getName()); + Logger.log("Key deleted: " + key.getName(), LogLevel.success); + respond(ResponseFactory.Ok(name.getBytes())); + return; + } - } else { - // Admin key → do not delete - System.out.println("Cannot delete Admin key: " + key.getName()); } - } else { - // Key does not exist - System.out.println("Key not found: " + name); } + respond(ResponseFactory.NotFound()); + Logger.log("Key could not be deleted", LogLevel.error); } catch (SQLException e) { e.printStackTrace(); + //respond(ResponseFactory.BadRequest()); } - respond(ResponseFactory.Ok(name.getBytes())); } @@ -437,6 +437,82 @@ private void handleListKeysRequest() throws IOException { respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); } + private void handleKeyChangeReq() throws IOException, SQLException { + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + + JsonObject jsonObject = JsonParser.parseString(body).getAsJsonObject(); + + String authValue = jsonObject.get("auth").getAsString(); + Key requester = DatabaseManager.getKeyByValue(authValue); + boolean update = false; + + if (requester == null || (requester.getRole()) != Role.Admin) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + String auth = jsonObject.has("value") ? jsonObject.get("value").getAsString().trim() : ""; + String name = jsonObject.has("name") ? jsonObject.get("name").getAsString().trim() : ""; + String newRole = jsonObject.has("roleNew") ? jsonObject.get("roleNew").getAsString().trim() : ""; + String newName = jsonObject.has("newName") ? jsonObject.get("newName").getAsString().trim() : ""; + boolean isnewName = !newName.isEmpty(); + boolean hasNewRole = !newRole.isEmpty(); + boolean bothChange = isnewName && hasNewRole; + try { + + + if (!auth.isEmpty() && name.isEmpty()) { + + if (bothChange) { + update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + update = DatabaseManager.changeKeyNameByAuth(auth, newName); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + Logger.log("Change of name and role succesfull", LogLevel.success); + return; + } else if (isnewName) { + update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + return; + + } else if (hasNewRole) { + update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + return; + } + respond(ResponseFactory.BadRequest()); + Logger.log("Cant update", LogLevel.error); + + } else if (!name.isEmpty() && auth.isEmpty()) { + if (bothChange) { + update = DatabaseManager.changeKeyRoleByName(name, Role.fromString(newRole)); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + update = DatabaseManager.changeKeyNameByName(name, newName); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + Logger.log("Change of name and role succesfull", LogLevel.success); + return; + } else if (isnewName) { + update = DatabaseManager.changeKeyRoleByName(name, Role.fromString(newRole)); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + return; + + } else if (hasNewRole) { + update = DatabaseManager.changeKeyRoleByName(name, Role.fromString(newRole)); + respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); + return; + } + respond(ResponseFactory.BadRequest()); + Logger.log("Cant update", LogLevel.error); + return; + + } + }catch (SQLException e){ + e.printStackTrace(); + } + if (!update){ + respond(ResponseFactory.BadRequest()); + } + } + /** * Determines whether the incoming request is from an authenticated administrator. * From 167ab834f7a80c9e8dbbcb3e0fd99272a1dcc03d Mon Sep 17 00:00:00 2001 From: Flokster Date: Thu, 20 Nov 2025 17:48:46 +0100 Subject: [PATCH 3/8] Fix for update//Now uses Fetch and is working Changed the Request to incorporate get head --- .idea/workspace.xml | 6 +- .../java/upr/famnit/components/Request.java | 11 +++ .../upr/famnit/managers/DatabaseManager.java | 71 +++++++++++++++++++ .../managers/connections/Management.java | 64 ++++++++++++++--- 4 files changed, 138 insertions(+), 14 deletions(-) diff --git a/.idea/workspace.xml b/.idea/workspace.xml index b98e0e0..dc90b16 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -13,8 +13,7 @@ - - + @@ -214,7 +213,8 @@ - + + diff --git a/src/main/java/upr/famnit/components/Request.java b/src/main/java/upr/famnit/components/Request.java index 89c53f7..148537f 100644 --- a/src/main/java/upr/famnit/components/Request.java +++ b/src/main/java/upr/famnit/components/Request.java @@ -204,6 +204,17 @@ public byte[] getBody() { return body != null ? body.clone() : null; } + /** + * Retrieves the head of the request. + * + * @return the request head as a String, or {@code null} if no head is present + */ + public String getHeader(String name) { + if (name == null) return null; + return headers.get(name.toLowerCase()); + } + + /** * Logs the details of the request using the {@link Logger}. * diff --git a/src/main/java/upr/famnit/managers/DatabaseManager.java b/src/main/java/upr/famnit/managers/DatabaseManager.java index 7b1c773..60ba698 100644 --- a/src/main/java/upr/famnit/managers/DatabaseManager.java +++ b/src/main/java/upr/famnit/managers/DatabaseManager.java @@ -209,6 +209,17 @@ public static synchronized ArrayList getAllKeys() throws SQLException { return keys; } + /** + * Deletes a key from the {@code keys} table based on its name. + * + *

    This method attempts to remove a key whose {@code name} matches the specified value. + * It is commonly used for administrative cleanup operations or key management tasks.

    + * + * @param name the name of the key to delete + * @return {@code true} if a key with the given name was successfully deleted, + * {@code false} if no matching key was found + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ public static synchronized boolean deleteKeyByName(String name) throws SQLException { String sql = "DELETE FROM keys WHERE name = ?"; @@ -224,6 +235,18 @@ public static synchronized boolean deleteKeyByName(String name) throws SQLExcept } } } + + /** + * Deletes a key from the {@code keys} table based on its value. + * + *

    This method removes a key whose {@code value} field matches the specified authentication + * token. It is typically used when invalidating or rotating API keys or credentials.

    + * + * @param value the key value (token) to delete + * @return {@code true} if a key with the given value was deleted, {@code false} otherwise + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ + public static synchronized boolean deleteKeyByValue(String value) throws SQLException{ String sql = "DELETE FROM keys WHERE value = ?"; try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { @@ -237,6 +260,18 @@ public static synchronized boolean deleteKeyByValue(String value) throws SQLExce } return false; } + /** + * Updates the name of a key in the {@code keys} table based on its current name. + * + *

    This method locates a key using its existing {@code name} and updates it to the + * provided {@code newName}. It is useful for renaming keys in administrative settings.

    + * + * @param oldName the current name of the key to update + * @param newName the new name to assign to the key + * @return {@code true} if the key name was successfully updated, {@code false} if no matching key was found + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ + public static synchronized boolean changeKeyNameByName(String oldName, String newName) throws SQLException { String sql = "UPDATE keys SET name = ? WHERE name = ?"; @@ -253,6 +288,18 @@ public static synchronized boolean changeKeyNameByName(String oldName, String ne } return false; } + /** + * Updates the role of a key in the {@code keys} table based on its name. + * + *

    This method changes the {@code role} associated with a key identified by its {@code name}. + * It is often used to modify permissions or access levels dynamically.

    + * + * @param name the name of the key whose role should be updated + * @param newRole the new {@link Role} to assign to the key + * @return {@code true} if the role was successfully updated, {@code false} otherwise + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ + public static synchronized boolean changeKeyRoleByName(String name, Role newRole) throws SQLException { String sql = "UPDATE keys SET role = ? WHERE name = ?"; @@ -269,6 +316,18 @@ public static synchronized boolean changeKeyRoleByName(String name, Role newRole } return false; } + /** + * Updates the role of a key in the {@code keys} table based on its authentication value. + * + *

    This method locates a key using its {@code value} (typically an authentication token) + * and assigns it a new {@link Role}. It is useful for adjusting access permissions tied + * directly to API keys or tokens.

    + * + * @param val the authentication value of the key whose role should be changed + * @param newRole the new {@link Role} to assign + * @return {@code true} if the key's role was updated, {@code false} if no matching key was found + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ public static synchronized boolean changeKeyRoleByAuth(String val, Role newRole) throws SQLException { String sql = "UPDATE keys SET role = ? WHERE value = ?"; @@ -287,6 +346,18 @@ public static synchronized boolean changeKeyRoleByAuth(String val, Role newRole) return false; } + /** + * Updates the stored authentication value of a key based on its name. + * + *

    This method identifies a key by its {@code name} and updates the {@code value} + * field (typically representing the authentication token). It is used when rotating + * or regenerating key values.

    + * + * @param value the current name of the key to update + * @param newName the new authentication value to assign to the key + * @return {@code true} if the key value was successfully updated, {@code false} otherwise + * @throws SQLException if a database access error occurs or the SQL statement is invalid + */ public static synchronized boolean changeKeyNameByAuth(String value, String newName) throws SQLException { String sql = "UPDATE keys SET value = ? WHERE name = ?"; diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index 00ada48..94ff225 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -145,7 +145,7 @@ private void handleKeyRoute() throws IOException, SQLException { case "GET" -> handleListKeysRequest(); case "POST" -> handleInsertKeyRequest(); case "DELETE" -> handleDeleteKeyRequest(); - case "UPDATE" -> handleKeyChangeReq(); + case "PATCH" -> handleKeyChangeReq(); case null, default -> respond(ResponseFactory.NotFound()); } } @@ -437,23 +437,61 @@ private void handleListKeysRequest() throws IOException { respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); } + /** + * Handles a request to modify an existing key's properties such as its name or role. + * + *

    This method processes an incoming JSON request from the client containing one or more + * modification instructions. Depending on the provided fields, the method can update a key's: + *

      + *
    • role — via {@code roleNew}
      • + *
    • name — via {@code newName}
      • + *
    • or both
      • + *
    + * + *

    The request must include an authentication value ({@code auth}) belonging to a key with + * {@link Role#Admin} privileges; otherwise, the operation is rejected.

    + * + *

    Valid update combinations:

    + *
      + *
    • Identify key by authentication value ({@code value})
      • + *
    • Identify key by name ({@code name})
      • + *
    • Optionally update role, name, or both
      • + *
    + * + *

    Depending on the requested changes, this method delegates updates to the appropriate + * {@link DatabaseManager} methods, sends an HTTP response via {@link ResponseFactory}, + * and logs the operation outcome.

    + * + * @throws IOException if reading the request body or writing the response fails + * @throws SQLException if a database operation triggered by the update fails + */ + private void handleKeyChangeReq() throws IOException, SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + respond(ResponseFactory.BadRequest()); + return; + } + + String token = authHeader.substring("Bearer ".length()).trim(); + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); JsonObject jsonObject = JsonParser.parseString(body).getAsJsonObject(); - String authValue = jsonObject.get("auth").getAsString(); - Key requester = DatabaseManager.getKeyByValue(authValue); + Key requester = DatabaseManager.getKeyByValue(token); boolean update = false; if (requester == null || (requester.getRole()) != Role.Admin) { respond(ResponseFactory.MethodNotAllowed()); return; } - String auth = jsonObject.has("value") ? jsonObject.get("value").getAsString().trim() : ""; - String name = jsonObject.has("name") ? jsonObject.get("name").getAsString().trim() : ""; - String newRole = jsonObject.has("roleNew") ? jsonObject.get("roleNew").getAsString().trim() : ""; - String newName = jsonObject.has("newName") ? jsonObject.get("newName").getAsString().trim() : ""; + String auth = getJsonString(jsonObject, "value"); + String name = getJsonString(jsonObject, "name"); + String newRole = getJsonString(jsonObject, "roleNew"); + String newName = getJsonString(jsonObject, "newName"); + boolean isnewName = !newName.isEmpty(); boolean hasNewRole = !newRole.isEmpty(); boolean bothChange = isnewName && hasNewRole; @@ -464,13 +502,12 @@ private void handleKeyChangeReq() throws IOException, SQLException { if (bothChange) { update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); - respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); update = DatabaseManager.changeKeyNameByAuth(auth, newName); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); Logger.log("Change of name and role succesfull", LogLevel.success); return; } else if (isnewName) { - update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); + update = DatabaseManager.changeKeyNameByAuth(auth,newName); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); return; @@ -485,13 +522,12 @@ private void handleKeyChangeReq() throws IOException, SQLException { } else if (!name.isEmpty() && auth.isEmpty()) { if (bothChange) { update = DatabaseManager.changeKeyRoleByName(name, Role.fromString(newRole)); - respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); update = DatabaseManager.changeKeyNameByName(name, newName); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); Logger.log("Change of name and role succesfull", LogLevel.success); return; } else if (isnewName) { - update = DatabaseManager.changeKeyRoleByName(name, Role.fromString(newRole)); + update = DatabaseManager.changeKeyNameByName(name,newName); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); return; @@ -550,4 +586,10 @@ private boolean isAdminRequest() { private void respond(Response response) throws IOException { StreamUtil.sendResponse(clientRequest.getClientSocket().getOutputStream(), response); } + private String getJsonString(JsonObject obj, String key) { + return obj.has(key) && !obj.get(key).isJsonNull() + ? obj.get(key).getAsString().trim() + : ""; + } + } From f75006fecf6e42abf0718ade569f9031e2ebd5f2 Mon Sep 17 00:00:00 2001 From: Flokster Date: Wed, 26 Nov 2025 13:12:33 +0100 Subject: [PATCH 4/8] Hot fix za ModelBlock pa testirane funkcije --- .idea/workspace.xml | 6 +- src/main/java/upr/famnit/Main.java | 1 + .../upr/famnit/managers/DatabaseManager.java | 256 +++++++++++++++++- .../managers/connections/Management.java | 190 ++++++++++++- 4 files changed, 435 insertions(+), 18 deletions(-) diff --git a/.idea/workspace.xml b/.idea/workspace.xml index dc90b16..04948b0 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -13,7 +13,7 @@ - + @@ -214,7 +214,9 @@ - + + + diff --git a/src/main/java/upr/famnit/Main.java b/src/main/java/upr/famnit/Main.java index a9e06c3..6bead8c 100644 --- a/src/main/java/upr/famnit/Main.java +++ b/src/main/java/upr/famnit/Main.java @@ -16,6 +16,7 @@ public static void main(String[] args) { try { Config.init(); DatabaseManager.createKeysTable(); + DatabaseManager.createBlockedModelsTable(); WorkerServer workerServer = new WorkerServer(); ClientServer clientServer = new ClientServer(); diff --git a/src/main/java/upr/famnit/managers/DatabaseManager.java b/src/main/java/upr/famnit/managers/DatabaseManager.java index 60ba698..67cf790 100644 --- a/src/main/java/upr/famnit/managers/DatabaseManager.java +++ b/src/main/java/upr/famnit/managers/DatabaseManager.java @@ -38,17 +38,42 @@ public class DatabaseManager { /** * Establishes a connection to the SQLite database using the configured database URL. * - *

    If a connection already exists and is open, it returns the existing connection. - * Otherwise, it creates a new connection and returns it.

    + *

    This method follows a singleton pattern: if a connection already exists and is open, + * it reuses that connection. Otherwise, it creates a new connection to the database.

    + * + *

    It also configures SQLite to use WAL (Write-Ahead Logging) mode, which allows: + *

      + *
    • Concurrent reads and writes without blocking each other.
      • + *
    • Faster commits because changes are written to a log instead of directly overwriting the main database.
      • + *
    • Reduced chances of hitting SQLITE_BUSY errors when multiple threads access the database.
      • + *
    + *

    + * + *

    The {@code busy_timeout} PRAGMA is also set to 2000ms (2 seconds), which tells SQLite + * to wait up to 2 seconds for a locked database to become available instead of immediately + * throwing an SQLITE_BUSY exception.

    + *

    The timeout is to avoid SQL DB lockout

    + * + *

    Overall, this setup is essential for multithreaded applications that share a single + * SQLite database connection, like your server handling multiple POST requests simultaneously.

    * * @return the {@link Connection} object for interacting with the database * @throws SQLException if a database access error occurs or the URL is invalid */ + public static Connection connect() throws SQLException { if (connection == null || connection.isClosed()) { connection = DriverManager.getConnection(DATABASE_URL); Logger.info("Database connection established."); } + + try (Statement stmt = connection.createStatement()) { + stmt.execute("PRAGMA journal_mode=WAL;"); + stmt.execute("PRAGMA synchronous=NORMAL;"); + stmt.execute("PRAGMA busy_timeout = 2000;"); + } + + Logger.info("Database connection established."); return connection; } @@ -76,29 +101,35 @@ public static synchronized void createKeysTable() throws SQLException { } /** - * Creates the {@code AllowedModelsTable} table in the database if it does not already exist. + * Creates the {@code blocked_models} table in the database if it does not already exist. * - *

    The {@code keys} table stores information about authentication keys, including their - * unique identifier, name, value, and associated role. This method ensures that the - * table structure is in place before any key-related operations are performed.

    + *

    The {@code blocked_models} table stores model usage restrictions for each key. + * Each entry links a key (via its {@code key_id}) to a model name that the key is + * not allowed to access. This allows fine-grained control over which models a user + * or API key can use.

    + * + *

    The table uses a composite primary key consisting of {@code key_id} and + * {@code model_name} to ensure that the same model cannot be blocked twice for the + * same key. A foreign key constraint references the {@code keys} table, ensuring that + * restrictions are automatically removed if a key is deleted.

    * * @throws SQLException if a database access error occurs or the SQL statement is invalid */ - /*public static synchronized void createAllowedModelsTable() throws SQLException { - String sql = "CREATE TABLE IF NOT EXISTS allowed_models (\n" + + public static synchronized void createBlockedModelsTable() throws SQLException { + String sql = "CREATE TABLE IF NOT EXISTS blocked_models (\n" + " key_value TEXT NOT NULL,\n" + " model_name TEXT NOT NULL,\n" - + " PRIMARY KEY (key_value, model_name)\n" + + " PRIMARY KEY (key_value, model_name),\n" + + " FOREIGN KEY (key_value) REFERENCES keys(value) ON DELETE CASCADE\n" + ");"; try (Connection conn = connect(); Statement statement = conn.createStatement()) { statement.execute(sql); - Logger.info("Allowed models table created or already exists."); + Logger.info("Blocked models table created or already exists."); } } - */ - /** * Inserts a new {@link Key} into the {@code keys} table. @@ -375,8 +406,209 @@ public static synchronized boolean changeKeyNameByAuth(String value, String newN } return false; } + /** + * Blocks access to a specific model for the given key in the {@code blocked_models} table. + * + *

    This method first retrieves the key's role from the {@code keys} table. If the key + * has a role of {@code admin}, the operation is not allowed and an {@link IllegalStateException} + * is thrown. This ensures that admin keys always retain access to all models.

    + * + *

    If the key exists and is not an admin, a new entry is inserted into the + * {@code blocked_models} table linking the {@code key_id} with the {@code model_name}. + * This effectively prevents the key from using the specified model.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Warnings are logged if the key does not exist or is an admin
      • + *
    • Info is logged when a model is successfully blocked for a key
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to block for this key + * + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if attempting to block a model for an admin key + */ + public static synchronized void blockModelForKey(String keyValue, String modelName) throws SQLException { + // First: check the user's role + String roleSql = "SELECT role FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement roleStmt = conn.prepareStatement(roleSql)) { + roleStmt.setString(1, keyValue); + ResultSet rs = roleStmt.executeQuery(); + + if (rs.next()) { + String role = rs.getString("role"); + + // Prevent blocking for admin users + if ("admin".equalsIgnoreCase(role)) { + Logger.warn("Attempted to block a model for admin key ID: " + keyValue); + throw new IllegalStateException("Admin keys cannot have models blocked."); + } + } else { + Logger.warn("No key found with value: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Insert into blocked_models table + String insertSql = "INSERT INTO blocked_models (key_value, model_name) VALUES (?, ?)"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(insertSql)) { + stmt.setString(1, keyValue); + stmt.setString(2, modelName); + stmt.executeUpdate(); + Logger.info("Blocked model '" + modelName + "' for key ID " + keyValue); + } + catch (SQLException e){ + e.printStackTrace(); + Logger.log("Something went wrong"); + } + } + + /** + * Removes a blocked model entry for the given key in the {@code blocked_models} table. + * + *

    This method allows previously blocked models to be unblocked for a specific key. + * It first checks if the key exists in the {@code keys} table. If the key does not exist, + * an {@link IllegalStateException} is thrown.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Warnings are logged if the key does not exist or the model was not blocked
      • + *
    • Info is logged when a model is successfully unblocked for a key
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to unblock for this key + * + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if the key does not exist + */ + public static synchronized void unblockModelForKey(String keyValue, String modelName) throws SQLException { + // Check if key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + // Delete the blocked model + String deleteSql = "DELETE FROM blocked_models WHERE key_value = ? AND model_name = ?"; + try (Connection conn = connect(); PreparedStatement deleteStmt = conn.prepareStatement(deleteSql)) { + deleteStmt.setString(1, keyValue); + deleteStmt.setString(2, modelName); + + int affectedRows = deleteStmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Unblocked model '" + modelName + "' for key ID " + keyValue); + } else { + Logger.warn("Model '" + modelName + "' was not blocked for key ID " + keyValue); + } + } + } + /** + * Checks whether a given key is allowed to use a specific model. + * + *

    This method queries the {@code blocked_models} table to determine if the key + * has a restriction for the given model. If there is no entry in {@code blocked_models} + * for the key and model, the key is allowed to use it.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Info is logged whether the key is allowed or blocked for the model
      • + *
    • Warnings are logged if the key does not exist
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to check + * + * @return {@code true} if the key can use the model, {@code false} if blocked + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if the key does not exist + */ + public static synchronized boolean canKeyUseModel(String keyValue, String modelName) throws SQLException { + // Check if the key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Check if the model is blocked + String sql = "SELECT COUNT(*) AS count FROM blocked_models WHERE key_value = ? AND model_name = ?"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, keyValue); + stmt.setString(2, modelName); + ResultSet rs = stmt.executeQuery(); + + rs.next(); + boolean allowed = rs.getInt("count") == 0; + + if (allowed) { + Logger.info("Key ID " + keyValue + " is allowed to use model '" + modelName + "'."); + } else { + Logger.info("Key ID " + keyValue + " is BLOCKED from using model '" + modelName + "'."); + } + + return allowed; + } + } + /** + * Retrieves a list of models that the given key is allowed to use. + * + *

    This method queries all models from the {@code models} table and excludes any + * that are blocked for the given key in the {@code blocked_models} table. The result + * is a list of models the key can actually access.

    + * + *

    Logging is performed: + *

      + *
    • Warnings if the key does not exist
      • + *
    • Info showing how many models are allowed
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @return a {@link ArrayList} of model names that the key is allowed to use + * @throws SQLException if a database access error occurs + * @throws IllegalStateException if the key does not exist + */ + public static synchronized ArrayList getBlockedModelsForKey(String keyValue) throws SQLException { + // Check if the key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + String sql = "SELECT model_name FROM blocked_models WHERE key_value = ?"; + + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, keyValue); + ResultSet rs = stmt.executeQuery(); + + ArrayList allowedModels = new ArrayList<>(); + while (rs.next()) { + allowedModels.add(rs.getString("model_name")); + } + + Logger.info("Key ID " + keyValue + " is allowed to use " + allowedModels.size() + " models."); + return allowedModels; + } + } } diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index 94ff225..fab4960 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -1,9 +1,6 @@ package upr.famnit.managers.connections; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; +import com.google.gson.*; import upr.famnit.authentication.*; import upr.famnit.components.*; import upr.famnit.managers.DatabaseManager; @@ -107,6 +104,7 @@ public void run() { case "/worker/versions" -> handleWorkerHiveVersionRoute(); case "/worker/command" -> handleWorkerCommandRoute(); case "/queue" -> handleQueueRoute(); + case "/block" -> handleWorkerBlockRoute(); case null, default -> respond(ResponseFactory.NotFound()); } @@ -198,6 +196,185 @@ private void handleWorkerTagsRoute() throws IOException { } } + private void handleWorkerBlockRoute() throws IOException, SQLException { + switch (clientRequest.getRequest().getMethod()){ + case "GET" -> getAllBlock(); + case "POST"-> insertModelBlock(); + case "DELETE"-> deleteModelBlock(); + } + } + + private void deleteModelBlock() throws IOException, SQLException { + + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + // Validate Authorization header + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + respond(ResponseFactory.BadRequest()); + return; + } + + String token = authHeader.substring("Bearer ".length()).trim(); + + Key requester = DatabaseManager.getKeyByValue(token); + + if (requester == null) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + if(!isAdminRequest()){ + respond(ResponseFactory.BadRequest()); + Logger.log("Only admin can Delete allowed models"); + return; + } + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + }try { + if(jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + Key targetKey=DatabaseManager.getKeyByValue(String.valueOf(targetKeyValue)); + if(jsonObject.has("blockedModels")&&jsonObject.get("blockedModels").isJsonNull()){ + respond(ResponseFactory.BadRequest()); + Logger.log("No models to delete from table",LogLevel.error); + return; + } + String allowedModelStr=jsonObject.get("blockedModels").getAsString(); + ArrayList targetModelList = new ArrayList<>(Arrays.asList(allowedModelStr.split(","))); + for (String model:targetModelList){ + boolean allowed=DatabaseManager.canKeyUseModel(targetKeyValue,model); + if(!allowed){ + DatabaseManager.blockModelForKey(targetKeyValue,model); + continue; + } + Logger.log("Skipping this model, Model is already allowed",LogLevel.info); + } + } + + } catch (SQLException | IOException e) { + e.printStackTrace(); + Logger.log("There was something wrong with getting the data from the database"); + } + + + } + + private void insertModelBlock() throws IOException, SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + // Validate Authorization header + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + respond(ResponseFactory.BadRequest()); + return; + } + + String token = authHeader.substring("Bearer ".length()).trim(); + + // Get the key from the token + Key requester = DatabaseManager.getKeyByValue(token); + + if (requester == null) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + if(!isAdminRequest()){ + respond(ResponseFactory.BadRequest()); + Logger.log("Only admin can insert allowed models"); + return; + } + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + }try { + + if(jsonObject != null&&jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + //Key targetKey=DatabaseManager.getKeyByValue(targetKeyValue); + if(!jsonObject.has("blockedModels")&&jsonObject.get("blockedModels").isJsonNull()){ + respond(ResponseFactory.BadRequest()); + Logger.log("No models to add to table",LogLevel.error); + return; + } + String allowedModelStr=jsonObject.get("blockedModels").getAsString(); + ArrayList targetModelList = new ArrayList<>(Arrays.asList(allowedModelStr.split(","))); + for (String model:targetModelList){ + DatabaseManager.blockModelForKey(targetKeyValue,model); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("allowedModels",jsonObject); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + } + respond(ResponseFactory.Ok()); + } catch (SQLException e) { + e.printStackTrace(); + Logger.log("There was something wrong with getting the data from the database"); + } + + } + + private void getAllBlock() throws IOException,SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + // Validate Authorization header + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + respond(ResponseFactory.BadRequest()); + return; + } + + String token = authHeader.substring("Bearer ".length()).trim(); + + // Get the key from the token + Key requester = DatabaseManager.getKeyByValue(token); + + if (requester == null) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + boolean isAdmin = isAdminRequest(); + Key targetKey; + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + } + + try { + if(jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + if(!targetKeyValue.equals(token)&&requester.getRole()!=Role.Admin){ + respond(ResponseFactory.MethodNotAllowed()); + Logger.log("Unauthorized attempt to view another key's blocked models", LogLevel.warn); + Logger.log("Admin can view all, others cannot"); + return; + } + //Check target key de se prepričam de obstaja + targetKey=DatabaseManager.getKeyByValue(targetKeyValue); + if (targetKey==null){ + respond(ResponseFactory.BadRequest()); + Logger.log("Target key not found: "+targetKeyValue,LogLevel.error); + return; + } + //Nucam ArrayList de lažje loopam skoz object pa tud za response generation + ArrayListallowedModels=getAllowed(targetKeyValue); + JsonArray responseArray=new JsonArray(); + for(String model:allowedModels){ + responseArray.add(model); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("blockedModels",responseArray); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + Logger.log("Retrieved: "+allowedModels.size() + " blocked models for key " + requester.getName(), LogLevel.info); + } + }catch (SQLException e){ + e.printStackTrace(); + respond(ResponseFactory.InternalServerError()); + } + } + /** * Handles requests to the "/worker/version/hive" route, providing the Hive versions of active workers. * @@ -592,4 +769,9 @@ private String getJsonString(JsonObject obj, String key) { : ""; } + private ArrayList getAllowed(String keyId) throws SQLException { + return DatabaseManager.getBlockedModelsForKey(keyId); + } + + } From cdca17e3f5ceac41f9a73c93fc9251b2e9999e5e Mon Sep 17 00:00:00 2001 From: Flokster Date: Tue, 2 Dec 2025 14:30:17 +0100 Subject: [PATCH 5/8] Comit for few updates Core implementation still lacking worker base queue processing Whitelist implemented --- .idea/workspace.xml | 5 +- sqlite.db-shm | Bin 0 -> 32768 bytes sqlite.db-wal | Bin 0 -> 57712 bytes src/main/java/upr/famnit/Main.java | 2 + .../upr/famnit/managers/DatabaseManager.java | 308 +++++++++- .../java/upr/famnit/managers/Overseer.java | 1 - .../managers/connections/Management.java | 544 ++++++++++++++++-- 7 files changed, 796 insertions(+), 64 deletions(-) create mode 100644 sqlite.db-shm create mode 100644 sqlite.db-wal diff --git a/.idea/workspace.xml b/.idea/workspace.xml index 04948b0..134bfd9 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -15,6 +15,7 @@ + @@ -216,7 +217,9 @@ - + + + diff --git a/sqlite.db-shm b/sqlite.db-shm new file mode 100644 index 0000000000000000000000000000000000000000..ce0c8d8f223735ae629199a677441b487798163a GIT binary patch literal 32768 zcmeI)Eee7`5CG8e_wyg4H!ukXqg^l>JcZTd8BE^8Vir7$M-aR2iip)B3U6SUWm#s1 zcYqn3N0FmQrxelerQAqo*}e?Nr`cq`tsi#VYq43)kCnxAJ^1i{D)oq5_x2Xg=U2-8 zbKg(%tAGmu0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C&AW(`* z)Y6{OX0)UG1M?Vx!1n~oQH^@qwA+eKnNsuFX3M(dBtQZ?)7&hQ~jw@qLl7TAJ^B^ zAU}Wi3tnYgTbrie3^mHdvM(SC3<3xsfB*srAbAt`}y+B{( z?YWEAjg0gHVI2$53k2*>&(}o&0R#|0009ILKmY**5I`VQdoR#<_tDa?cLTH13$QQ1 zzY+onAbHYerlFpAfm=)UtoOGFPtxc00IagfB*srAbmXnp z0c0)XQ~#$IsKh3Y^?nJLr5CVO-)b+Q7YqUjAb~@3VFl0?)L!8IS}&lN3<3xsfB*srAbk{mgCzF|&!0Y}+Y zy?}nhAbThis method performs the following actions: + *
      + *
    1. Defines a SQL statement to create the allowed_models table with columns: + *
        + *
      • key_value (TEXT, NOT NULL)
        • + *
      • model_name (TEXT, NOT NULL)
        • + *
      + *
      2. + *
    2. Sets a composite primary key on (key_value, model_name).
      3. + *
    3. Creates a foreign key constraint linking key_value to the keys table, + * with cascading delete.
      4. + *
    4. Executes the SQL statement using a new database connection.
      5. + *
    5. Logs a message indicating that the table was successfully created.
      6. + *
    + *

    + * + *

    This method is synchronized to prevent concurrent creation attempts from multiple threads.

    + * + * @throws SQLException If a database access error occurs while creating the table. + */ + + public static synchronized void createWhiteListTable() throws SQLException{ + String sql = "CREATE TABLE IF NOT EXISTS allowed_models (\n" + + " key_value TEXT NOT NULL,\n" + + " model_name TEXT NOT NULL,\n" + + " PRIMARY KEY (key_value, model_name),\n" + + " FOREIGN KEY (key_value) REFERENCES keys(value) ON DELETE CASCADE\n" + + ");"; + try (Connection conn = connect(); Statement statement = conn.createStatement()){ + statement.execute(sql); + Logger.info("Allowed models table created"); + } + } + /** * Inserts a new {@link Key} into the {@code keys} table. @@ -308,12 +345,12 @@ public static synchronized boolean changeKeyNameByName(String oldName, String ne try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { - stmt.setString(1, newName); - stmt.setString(2, oldName); + stmt.setString (1, newName); + stmt.setString (2, oldName); int affectedRows = stmt.executeUpdate(); if (affectedRows > 0) { - Logger.info("Key name updated: " + oldName + " → " + newName); + Logger.info ("Key name updated: " + oldName + " → " + newName); return true; } } @@ -360,7 +397,7 @@ public static synchronized boolean changeKeyRoleByName(String name, Role newRole * @throws SQLException if a database access error occurs or the SQL statement is invalid */ - public static synchronized boolean changeKeyRoleByAuth(String val, Role newRole) throws SQLException { + public static synchronized boolean changeKeyRoleByValue(String val, Role newRole) throws SQLException { String sql = "UPDATE keys SET role = ? WHERE value = ?"; try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { @@ -390,7 +427,7 @@ public static synchronized boolean changeKeyRoleByAuth(String val, Role newRole) * @throws SQLException if a database access error occurs or the SQL statement is invalid */ - public static synchronized boolean changeKeyNameByAuth(String value, String newName) throws SQLException { + public static synchronized boolean changeKeyNameByValue(String value, String newName) throws SQLException { String sql = "UPDATE keys SET value = ? WHERE name = ?"; try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { @@ -531,7 +568,7 @@ public static synchronized void unblockModelForKey(String keyValue, String model * @throws SQLException if a database access error occurs or the SQL statement is invalid * @throws IllegalStateException if the key does not exist */ - public static synchronized boolean canKeyUseModel(String keyValue, String modelName) throws SQLException { + public static synchronized boolean canKeyUseModelBlack(String keyValue, String modelName) throws SQLException { // Check if the key exists String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { @@ -563,6 +600,60 @@ public static synchronized boolean canKeyUseModel(String keyValue, String modelN return allowed; } } + + /** + * Checks whether a given key is allowed to use a specific model. + * + *

    This method queries the {@code blocked_models} table to determine if the key + * has a restriction for the given model. If there is no entry in {@code blocked_models} + * for the key and model, the key is allowed to use it.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Info is logged whether the key is allowed or blocked for the model
      • + *
    • Warnings are logged if the key does not exist
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to check + * + * @return {@code true} if the key can use the model, {@code false} if blocked + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if the key does not exist + */ + public static synchronized boolean canKeyUseModelWhiteDataBase(String keyValue, String modelName) throws SQLException { + // Check if the key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Check if the model is blocked + String sql = "SELECT COUNT(*) AS count FROM allowed_models WHERE key_value = ? AND model_name = ?"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, keyValue); + stmt.setString(2, modelName); + ResultSet rs = stmt.executeQuery(); + + rs.next(); + boolean allowed = rs.getInt("count") == 0; + + if (allowed) { + Logger.info("Key ID " + keyValue + " is allowed to use model '" + modelName + "'."); + } else { + Logger.info("Key ID " + keyValue + " is BLOCKED from using model '" + modelName + "'."); + } + + return allowed; + } + } + /** * Retrieves a list of models that the given key is allowed to use. * @@ -610,5 +701,210 @@ public static synchronized ArrayList getBlockedModelsForKey(String keyVa } } + /** + * Blocks access to a specific model for the given key in the {@code allowed_models} table. + * + *

    This method first retrieves the key's role from the {@code keys} table. If the key + * has a role of {@code admin}, the operation is not allowed and an {@link IllegalStateException} + * is thrown. This ensures that admin keys always retain access to all models.

    + * + *

    If the key exists and is not an admin, a new entry is inserted into the + * {@code allowed_modles} table linking the {@code key_value} with the {@code model_name}. + * This effectively ensures the key is able to use this model.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Warnings are logged if the key does not exist or is an admin
      • + *
    • Info is logged when a model is successfully blocked for a key
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to block for this key + * + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if attempting to block a model for an admin key + */ + + public static synchronized void allowModelForKey(String keyValue, String modelName) throws SQLException { + // First: check the user's role + String roleSql = "SELECT role FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement roleStmt = conn.prepareStatement(roleSql)) { + roleStmt.setString(1, keyValue); + ResultSet rs = roleStmt.executeQuery(); + + if (rs.next()) { + String role = rs.getString("role"); + + // Prevent blocking for admin users + if ("admin".equalsIgnoreCase(role)) { + Logger.warn("Attempted to block a model for admin key ID: " + keyValue); + throw new IllegalStateException("Admin keys cannot have models blocked."); + } + } else { + Logger.warn("No key found with value: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Insert into allowed_models table + String insertSql = "INSERT INTO allowed_models (key_value, model_name) VALUES (?, ?)"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(insertSql)) { + stmt.setString(1, keyValue); + stmt.setString(2, modelName); + stmt.executeUpdate(); + Logger.info("Allowed model: '" + modelName + "' for key ID " + keyValue); + } + catch (SQLException e){ + e.printStackTrace(); + Logger.log("Something went wrong"); + } + } + + + /** + * Removes an allowed model entry for the given key in the {@code allowed_models} table. + * + *

    This method allows previously allowed models to be blocked for a specific key. + * It first checks if the key exists in the {@code keys} table. If the key does not exist, + * an {@link IllegalStateException} is thrown.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Warnings are logged if the key does not exist or the model was not blocked
      • + *
    • Info is logged when a model is successfully unblocked for a key
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to unblock for this key + * + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if the key does not exist + */ + public static synchronized void deleteFromWhiteList(String keyValue, String modelName) throws SQLException { + // Check if key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Delete the blocked model + String deleteSql = "DELETE FROM allowed_models WHERE key_value = ? AND model_name = ?"; + try (Connection conn = connect(); PreparedStatement deleteStmt = conn.prepareStatement(deleteSql)) { + deleteStmt.setString(1, keyValue); + deleteStmt.setString(2, modelName); + + int affectedRows = deleteStmt.executeUpdate(); + if (affectedRows > 0) { + Logger.info("Unblocked model '" + modelName + "' for key ID " + keyValue); + } else { + Logger.warn("Model '" + modelName + "' was not blocked for key ID " + keyValue); + } + } + } + /** + * Checks whether a given key is allowed to use a specific model. + * + *

    This method queries the {@code allowed_models} table to determine if the key + * has a restriction for the given model. If there is an entry in {@code allowed_models} + * for the key and model, the key is allowed to use it.

    + * + *

    Logging is performed at each stage: + *

      + *
    • Info is logged whether the key is allowed or blocked for the model
      • + *
    • Warnings are logged if the key does not exist
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @param modelName the name of the model to check + * + * @return {@code true} if the key can use the model, {@code false} if blocked + * @throws SQLException if a database access error occurs or the SQL statement is invalid + * @throws IllegalStateException if the key does not exist + */ + public static synchronized boolean canKeyUseModelWhite(String keyValue, String modelName) throws SQLException { + // Check if the key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Check if the model is blocked + String sql = "SELECT COUNT(*) AS count FROM blocked_models WHERE key_value = ? AND model_name = ?"; + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, keyValue); + stmt.setString(2, modelName); + ResultSet rs = stmt.executeQuery(); + + rs.next(); + boolean allowed = rs.getInt("count") == 0; + + if (allowed) { + Logger.info("Key ID " + keyValue + " is allowed to use model '" + modelName + "'."); + } else { + Logger.info("Key ID " + keyValue + " is BLOCKED from using model '" + modelName + "'."); + } + + return allowed; + } + } + + /** + * Retrieves a list of models that the given key is allowed to use. + * + *

    This method queries all models from the {@code models} table and excludes any + * that are blocked for the given key in the {@code blocked_models} table. The result + * is a list of models the key can actually access.

    + * + *

    Logging is performed: + *

      + *
    • Warnings if the key does not exist
      • + *
    • Info showing how many models are allowed
      • + *

    + * + * @param keyValue the unique ID of the key in the {@code keys} table + * @return a {@link ArrayList} of model names that the key is allowed to use + * @throws SQLException if a database access error occurs + * @throws IllegalStateException if the key does not exist + */ + public static synchronized ArrayList getAllowedModelsForKey(String keyValue) throws SQLException { + // Check if the key exists + String keyCheckSql = "SELECT value FROM keys WHERE value = ?"; + try (Connection conn = connect(); PreparedStatement checkStmt = conn.prepareStatement(keyCheckSql)) { + checkStmt.setString(1, keyValue); + ResultSet rs = checkStmt.executeQuery(); + + if (!rs.next()) { + Logger.warn("No key found with ID: " + keyValue); + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + String sql = "SELECT model_name FROM allowed_models WHERE key_value = ?"; + + try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, keyValue); + ResultSet rs = stmt.executeQuery(); + + ArrayList allowedModels = new ArrayList<>(); + while (rs.next()) { + allowedModels.add(rs.getString("model_name")); + } + + Logger.info("Key ID " + keyValue + " is allowed to use " + allowedModels.size() + " models."); + return allowedModels; + } + } } diff --git a/src/main/java/upr/famnit/managers/Overseer.java b/src/main/java/upr/famnit/managers/Overseer.java index 253f8d0..7fc48dd 100644 --- a/src/main/java/upr/famnit/managers/Overseer.java +++ b/src/main/java/upr/famnit/managers/Overseer.java @@ -330,7 +330,6 @@ public static Response sendCommand(WorkerCommand workerCommand, Socket senderReq if (workerRef == null) { return ResponseFactory.NotFound(); } - Request r = null; switch (workerCommand.command) { case "UPDATE" -> { diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index fab4960..3362374 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -105,6 +105,7 @@ public void run() { case "/worker/command" -> handleWorkerCommandRoute(); case "/queue" -> handleQueueRoute(); case "/block" -> handleWorkerBlockRoute(); + case "/allow"->handleWorkerWhiteList(); case null, default -> respond(ResponseFactory.NotFound()); } @@ -196,6 +197,22 @@ private void handleWorkerTagsRoute() throws IOException { } } + /** + * Routes incoming requests related to blocked models (blacklist) to the appropriate handler + * based on the HTTP method. + * + *

    This method performs the following actions: + *

      + *
    1. If the method is GET, it retrieves all blocked models via {@link #getAllBlock()}.
      2. + *
    2. If the method is POST, it inserts new blocked models via {@link #insertModelBlock()}.
      3. + *
    3. If the method is DELETE, it removes blocked models via {@link #deleteModelBlock()}.
      4. + *
    + *

    + * + * @throws IOException If an error occurs while sending the response. + * @throws SQLException If a database access error occurs while handling the request. + */ + private void handleWorkerBlockRoute() throws IOException, SQLException { switch (clientRequest.getRequest().getMethod()){ case "GET" -> getAllBlock(); @@ -204,29 +221,62 @@ private void handleWorkerBlockRoute() throws IOException, SQLException { } } - private void deleteModelBlock() throws IOException, SQLException { - - String authHeader = clientRequest.getRequest().getHeader("Authorization"); + /** + * Routes incoming requests related to allowed models (whitelist) to the appropriate handler + * based on the HTTP method. + * + *

    This method performs the following actions: + *

      + *
    1. If the method is GET, it retrieves all allowed models via {@link #getAllAllowed()}.
      2. + *
    2. If the method is POST, it inserts new allowed models via {@link #insertAllowance()}.
      3. + *
    3. If the method is DELETE, it removes allowed models via {@link #deleteAllowedModel()}.
      4. + *
    + *

    + * + * @throws IOException If an error occurs while sending the response. + * @throws SQLException If a database access error occurs while handling the request. + */ - // Validate Authorization header - if (authHeader == null || !authHeader.startsWith("Bearer ")) { - respond(ResponseFactory.BadRequest()); - return; + private void handleWorkerWhiteList() throws IOException,SQLException{ + switch (clientRequest.getRequest().getMethod()){ + case "GET" -> getAllAllowed(); + case "POST" -> insertAllowance(); + case "DELETE" -> deleteAllowedModel(); } + } + /** + * Handles the deletion of one or more allowed models from a target key's whitelist. + * + *

    This method performs the following actions: + *

      + *
    1. Extracts and validates the Authorization header to authenticate the requester.
      2. + *
    2. Parses the incoming JSON body to obtain the target key and the models to remove.
      3. + *
    3. Validates that the required fields (`targetKeyValue` and `modelName`) are present and correctly formatted.
      4. + *
    4. Iterates over each provided model and removes it from the target key's whitelist if it is currently disallowed.
      5. + *
    5. Logs the status of each removal attempt, including skipped models that are already allowed.
      6. + *
    6. Sends an appropriate HTTP response indicating success or failure, including JSON details of processed models.
      7. + *
    + *

    + * + *

    If an SQL or I/O error occurs during processing, the method logs the exception + * and returns without performing additional actions.

    + * + * @throws IOException If an error occurs while reading the request body or sending a response. + * @throws SQLException If a database access error occurs during authorization or model deletion. + */ + + private void deleteAllowedModel() throws IOException, SQLException { + + String authHeader = clientRequest.getRequest().getHeader("Authorization"); String token = authHeader.substring("Bearer ".length()).trim(); Key requester = DatabaseManager.getKeyByValue(token); - if (requester == null) { - respond(ResponseFactory.MethodNotAllowed()); - return; - } - if(!isAdminRequest()){ - respond(ResponseFactory.BadRequest()); - Logger.log("Only admin can Delete allowed models"); + if(!getAuthorization(authHeader,requester)){ return; } + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); JsonObject jsonObject = null; if (!body.isEmpty()) { @@ -235,21 +285,31 @@ private void deleteModelBlock() throws IOException, SQLException { if(jsonObject.has("targetKeyValue")){ String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); Key targetKey=DatabaseManager.getKeyByValue(String.valueOf(targetKeyValue)); - if(jsonObject.has("blockedModels")&&jsonObject.get("blockedModels").isJsonNull()){ + if(jsonObject.has("modelName")&&jsonObject.get("modelName").isJsonNull()){ respond(ResponseFactory.BadRequest()); Logger.log("No models to delete from table",LogLevel.error); return; } - String allowedModelStr=jsonObject.get("blockedModels").getAsString(); + boolean allGood=false; + String allowedModelStr=jsonObject.get("modelName").getAsString(); ArrayList targetModelList = new ArrayList<>(Arrays.asList(allowedModelStr.split(","))); for (String model:targetModelList){ - boolean allowed=DatabaseManager.canKeyUseModel(targetKeyValue,model); + boolean allowed=DatabaseManager.canKeyUseModelWhiteDataBase(targetKeyValue,model); if(!allowed){ - DatabaseManager.blockModelForKey(targetKeyValue,model); + DatabaseManager.deleteFromWhiteList(targetKeyValue,model); + allGood=true; continue; } Logger.log("Skipping this model, Model is already allowed",LogLevel.info); } + if(!allGood){ + respond(ResponseFactory.BadRequest()); + Logger.log("Something went wrong",LogLevel.error); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("Not allowed models: ",jsonObject); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); } } catch (SQLException | IOException e) { @@ -258,29 +318,262 @@ private void deleteModelBlock() throws IOException, SQLException { } + } - private void insertModelBlock() throws IOException, SQLException { + /** + * Adds one or more models to a target key's whitelist, granting that key permission to use them. + * + *

    This method performs the following actions: + *

      + *
    1. Extracts and validates the Authorization header to authenticate the requester.
      2. + *
    2. Parses the request body as JSON to retrieve the target key and list of models to allow.
      3. + *
    3. Validates that the required fields (`targetKeyValue` and `modelName`) are present and non-null.
      4. + *
    4. Splits the comma-separated list of models and inserts each into the target key's whitelist.
      5. + *
    5. Constructs a JSON response confirming the allowed models and returns it to the client.
      6. + *
    6. Logs errors and stops execution if invalid data or database issues occur.
      7. + *
    + *

    + * + *

    If a database or I/O exception occurs at any point, the method logs the issue and + * terminates processing without completing the insert operations.

    + * + * @throws IOException If an error occurs while reading the request body or sending a response. + * @throws SQLException If a database error occurs while allowing models for a key. + */ + + private void insertAllowance() throws IOException, SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); - // Validate Authorization header - if (authHeader == null || !authHeader.startsWith("Bearer ")) { - respond(ResponseFactory.BadRequest()); + + String token = authHeader.substring("Bearer ".length()).trim(); + + // Get the key from the token + Key requester = DatabaseManager.getKeyByValue(token); + + + if(!getAuthorization(authHeader,requester)){ return; } + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + }try { + + if(jsonObject != null&&jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + //Key targetKey=DatabaseManager.getKeyByValue(targetKeyValue); + if(!jsonObject.has("modelName")&&jsonObject.get("modelName").isJsonNull()){ + respond(ResponseFactory.BadRequest()); + Logger.log("No models to add to table",LogLevel.error); + return; + } + String allowedModelStr=jsonObject.get("modelName").getAsString(); + ArrayList targetModelList = new ArrayList<>(Arrays.asList(allowedModelStr.split(","))); + for (String model:targetModelList){ + DatabaseManager.allowModelForKey(targetKeyValue,model); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("allowedModels",jsonObject); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + } + respond(ResponseFactory.Ok()); + } catch (SQLException e) { + e.printStackTrace(); + Logger.log("There was something wrong with getting the data from the database"); + } + + + } + + /** + * Retrieves all models allowed for a specified key, returning them as a JSON array. + * + *

    This method performs the following actions: + *

      + *
    1. Extracts and validates the Authorization header to authenticate the requester.
      2. + *
    2. Parses the incoming JSON body to obtain the targetKeyValue.
      3. + *
    3. Ensures that only administrators—or the key owner—may view another key's allowed models.
      4. + *
    4. Verifies that the specified target key exists in the database.
      5. + *
    5. Fetches all models allowed for the target key and converts them into a JSON response.
      6. + *
    6. Sends a successful response containing the list of allowed models.
      7. + *
    7. Logs important actions, including unauthorized attempts or retrieval statistics.
      8. + *
    + *

    + * + *

    If a database error occurs during processing, the method sends an internal server error + * response and logs the exception.

    + * + * @throws IOException If an error occurs while reading the request body or sending the response. + * @throws SQLException If a database access error occurs during authorization or model retrieval. + */ + + private void getAllAllowed() throws IOException, SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + // Validate Authorization header + String token = authHeader.substring("Bearer ".length()).trim(); // Get the key from the token Key requester = DatabaseManager.getKeyByValue(token); - if (requester == null) { - respond(ResponseFactory.MethodNotAllowed()); + if ( !getAuthorization (authHeader, requester)){ return; } - if(!isAdminRequest()){ - respond(ResponseFactory.BadRequest()); - Logger.log("Only admin can insert allowed models"); + + boolean isAdmin = isAdminRequest(); + Key targetKey; + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + } + + try { + if(jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + if(!targetKeyValue.equals(token)&&requester.getRole()!=Role.Admin){ + respond(ResponseFactory.MethodNotAllowed()); + Logger.log("Unauthorized attempt to view another key's blocked models", LogLevel.warn); + Logger.log("Admin can view all, others cannot"); + return; + } + //Check target key de se prepričam de obstaja + targetKey=DatabaseManager.getKeyByValue(targetKeyValue); + if (targetKey==null){ + respond(ResponseFactory.BadRequest()); + Logger.log("Target key not found: "+targetKeyValue,LogLevel.error); + return; + } + //Nucam ArrayList de lažje loopam skoz object pa tud za response generation + ArrayListallowedModels=getAllowedWhite(targetKeyValue); + JsonArray responseArray=new JsonArray(); + for(String model:allowedModels){ + responseArray.add(model); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("blockedModels",responseArray); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + Logger.log("Retrieved: "+allowedModels.size() + " blocked models for key " + requester.getName(), LogLevel.info); + } + }catch (SQLException e){ + e.printStackTrace(); + respond(ResponseFactory.InternalServerError()); + } + + } + + /** + * Removes one or more blocked models from a target key's blacklist, effectively unblocking them. + * + *

    This method performs the following actions: + *

      + *
    1. Extracts and validates the Authorization header to authenticate the requester.
      2. + *
    2. Parses the incoming JSON body to retrieve the targetKeyValue and models to unblock.
      3. + *
    3. Validates that the modelName field exists and is not null.
      4. + *
    4. Iterates through the provided models and unblocks any that are currently blocked for the target key.
      5. + *
    5. Logs actions, including skipped models that are not currently blocked.
      6. + *
    6. Constructs a JSON response confirming the unblocked models and sends it back to the client.
      7. + *
    + *

    + * + *

    If no models were successfully unblocked or an error occurs, the method responds + * with a 400 Bad Request and logs the issue. Database or I/O exceptions + * are logged without further retries.

    + * + * @throws IOException If an error occurs while reading the request body or sending a response. + * @throws SQLException If a database access error occurs while checking or unblocking models. + */ + private void deleteModelBlock() throws IOException, SQLException { + + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + String token = authHeader.substring("Bearer ".length()).trim(); + + Key requester = DatabaseManager.getKeyByValue(token); + + if(!getAuthorization(authHeader,requester)){ + return; + } + + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + }try { + if(jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + Key targetKey=DatabaseManager.getKeyByValue(String.valueOf(targetKeyValue)); + if(jsonObject.has("modelName")&&jsonObject.get("modelName").isJsonNull()){ + respond(ResponseFactory.BadRequest()); + Logger.log("No models to delete from table",LogLevel.error); + return; + } + boolean allGood=false; + String allowedModelStr=jsonObject.get("modelName").getAsString(); + ArrayList targetModelList = new ArrayList<>(Arrays.asList(allowedModelStr.split(","))); + for (String model:targetModelList){ + boolean allowed=DatabaseManager.canKeyUseModelBlack(targetKeyValue,model); + if(!allowed){ + DatabaseManager.unblockModelForKey(targetKeyValue,model); + allGood=true; + continue; + } + Logger.log("Skipping this model, Model is already allowed",LogLevel.info); + } + if(!allGood){ + respond(ResponseFactory.BadRequest()); + Logger.log("Something went wrong",LogLevel.error); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("UnblockedModels",jsonObject); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + } + + } catch (SQLException | IOException e) { + e.printStackTrace(); + Logger.log("There was something wrong with getting the data from the database"); + } + + } + + /** + * Blocks one or more models for a specified key, preventing that key from using them. + * + *

    This method performs the following actions: + *

      + *
    1. Extracts and validates the Authorization header to authenticate the requester.
      2. + *
    2. Parses the JSON request body to obtain the target key and list of models to block.
      3. + *
    3. Ensures that the required fields (targetKeyValue and modelName) are present and non-null.
      4. + *
    4. Splits the comma-separated list of model names and adds each to the target key's block list.
      5. + *
    5. Constructs a JSON response confirming the blocked models and sends it back to the client.
      6. + *
    6. Logs errors when invalid data is provided or if a database issue occurs.
      7. + *
    + *

    + * + *

    If a database exception occurs during model insertion, the method logs the error and + * terminates processing without completing the full update.

    + * + * @throws IOException If an error occurs while reading the request body or sending a response. + * @throws SQLException If a database error occurs while blocking models for a key. + */ + + private void insertModelBlock() throws IOException, SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + String token = authHeader.substring("Bearer ".length()).trim(); + + // Get the key from the token + Key requester = DatabaseManager.getKeyByValue(token); + + if(!getAuthorization(authHeader,requester)){ return; } String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); @@ -292,12 +585,12 @@ private void insertModelBlock() throws IOException, SQLException { if(jsonObject != null&&jsonObject.has("targetKeyValue")){ String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); //Key targetKey=DatabaseManager.getKeyByValue(targetKeyValue); - if(!jsonObject.has("blockedModels")&&jsonObject.get("blockedModels").isJsonNull()){ + if(!jsonObject.has("modelName")&&jsonObject.get("modelName").isJsonNull()){ respond(ResponseFactory.BadRequest()); Logger.log("No models to add to table",LogLevel.error); return; } - String allowedModelStr=jsonObject.get("blockedModels").getAsString(); + String allowedModelStr=jsonObject.get("modelName").getAsString(); ArrayList targetModelList = new ArrayList<>(Arrays.asList(allowedModelStr.split(","))); for (String model:targetModelList){ DatabaseManager.blockModelForKey(targetKeyValue,model); @@ -315,24 +608,42 @@ private void insertModelBlock() throws IOException, SQLException { } + /** + * Retrieves all models blocked for a specified key and returns them as a JSON array. + * + *

    This method performs the following actions: + *

      + *
    1. Extracts and validates the Authorization header to authenticate the requester.
      2. + *
    2. Parses the JSON request body to obtain the targetKeyValue.
      3. + *
    3. Ensures that only administrators—or the key owner—may view another key's blocked models.
      4. + *
    4. Verifies that the specified target key exists in the database.
      5. + *
    5. Fetches all models blocked for the target key and converts them into a JSON response.
      6. + *
    6. Sends a success response containing the list of blocked models.
      7. + *
    7. Logs key events, including unauthorized access attempts and retrieval statistics.
      8. + *
    + *

    + * + *

    If a database error occurs during processing, the method logs the exception and + * responds with an internal server error.

    + * + * @throws IOException If an error occurs while reading the request body or sending the response. + * @throws SQLException If a database access error occurs during model retrieval. + */ + private void getAllBlock() throws IOException,SQLException { String authHeader = clientRequest.getRequest().getHeader("Authorization"); // Validate Authorization header - if (authHeader == null || !authHeader.startsWith("Bearer ")) { - respond(ResponseFactory.BadRequest()); - return; - } String token = authHeader.substring("Bearer ".length()).trim(); // Get the key from the token Key requester = DatabaseManager.getKeyByValue(token); - if (requester == null) { - respond(ResponseFactory.MethodNotAllowed()); + if ( !getAuthorization (authHeader, requester)){ return; } + boolean isAdmin = isAdminRequest(); Key targetKey; String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); @@ -358,7 +669,7 @@ private void getAllBlock() throws IOException,SQLException { return; } //Nucam ArrayList de lažje loopam skoz object pa tud za response generation - ArrayListallowedModels=getAllowed(targetKeyValue); + ArrayListallowedModels=getAllowedBlack(targetKeyValue); JsonArray responseArray=new JsonArray(); for(String model:allowedModels){ responseArray.add(model); @@ -387,6 +698,24 @@ private void handleWorkerHiveVersionRoute() throws IOException { } } + /** + * Routes incoming worker-related requests to the appropriate handler based on the HTTP method. + * + *

    This method performs the following actions: + *

      + *
    1. Reads the HTTP method from the incoming {@link ClientRequest}.
      2. + *
    2. If the method is POST, it delegates processing to + * {@link #handleWorkersCommandRequest()}.
      3. + *
    3. For unsupported or missing methods, it responds with a 404 Not Found status.
      4. + *
    + *

    + * + *

    This routing method ensures that only valid worker-command operations are processed, + * while invalid methods are rejected in a consistent and predictable way.

    + * + * @throws IOException If an error occurs while sending the HTTP response. + */ + private void handleWorkerCommandRoute() throws IOException { switch (clientRequest.getRequest().getMethod()) { case "POST" -> handleWorkersCommandRequest(); @@ -394,6 +723,26 @@ private void handleWorkerCommandRoute() throws IOException { } } + /** + * Handles an incoming worker command request by parsing the request body, + * logging the command, and forwarding it to the Overseer for execution. + * + *

    This method performs the following actions: + *

      + *
    1. Parses the JSON request body into a {@link WorkerCommand} object.
      2. + *
    2. Logs the worker identifier and the command received for debugging and audit purposes.
      3. + *
    3. Delegates the command to {@link Overseer#sendCommand(WorkerCommand, java.net.Socket)} + * for processing.
      4. + *
    4. If the Overseer returns a response, it is immediately sent back to the client.
      5. + *
    + *

    + * + *

    This method does not perform authentication or validation—such checks + * are expected to occur earlier in the request-handling pipeline.

    + * + * @throws IOException If an error occurs while reading the request body or sending the response. + */ + private void handleWorkersCommandRequest() throws IOException { Gson gson = new GsonBuilder().create(); String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); @@ -532,12 +881,11 @@ private void handleDeleteKeyRequest() throws IOException, SQLException { String authValue = jsonObject.get("auth").getAsString(); Key requester = DatabaseManager.getKeyByValue(authValue); - - if (requester == null || (requester.getRole()) != Role.Admin) { - respond(ResponseFactory.MethodNotAllowed()); + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + String token = authHeader.substring("Bearer ".length()).trim(); + if(!getAuthorization(authHeader,requester)){ return; } - String value = jsonObject.has("value") ? jsonObject.get("value").getAsString().trim() : ""; String name = jsonObject.has("name") ? jsonObject.get("name").getAsString().trim() : ""; Key key = null; @@ -559,7 +907,7 @@ private void handleDeleteKeyRequest() throws IOException, SQLException { Logger.log("Key deleted by value: " + key.getValue(), LogLevel.success); respond(ResponseFactory.Ok(value.getBytes())); return; - } else if (!deleteByValue && key.getRole() != Role.Admin) { + } else if (key.getRole() != Role.Admin) { // Key exists and is NOT Admin → delete it Logger.log(key.toString()); boolean deleted = DatabaseManager.deleteKeyByName(key.getName()); @@ -645,25 +993,20 @@ private void handleListKeysRequest() throws IOException { private void handleKeyChangeReq() throws IOException, SQLException { String authHeader = clientRequest.getRequest().getHeader("Authorization"); - - if (authHeader == null || !authHeader.startsWith("Bearer ")) { - respond(ResponseFactory.BadRequest()); + String token = authHeader.substring("Bearer ".length()).trim(); + Key requester = DatabaseManager.getKeyByValue(token); + if(!getAuthorization(authHeader,requester)){ return; } - String token = authHeader.substring("Bearer ".length()).trim(); String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); JsonObject jsonObject = JsonParser.parseString(body).getAsJsonObject(); - Key requester = DatabaseManager.getKeyByValue(token); boolean update = false; - if (requester == null || (requester.getRole()) != Role.Admin) { - respond(ResponseFactory.MethodNotAllowed()); - return; - } + String auth = getJsonString(jsonObject, "value"); String name = getJsonString(jsonObject, "name"); String newRole = getJsonString(jsonObject, "roleNew"); @@ -678,18 +1021,18 @@ private void handleKeyChangeReq() throws IOException, SQLException { if (!auth.isEmpty() && name.isEmpty()) { if (bothChange) { - update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); - update = DatabaseManager.changeKeyNameByAuth(auth, newName); + update = DatabaseManager.changeKeyRoleByValue(auth, Role.fromString(newRole)); + update = DatabaseManager.changeKeyNameByValue(auth, newName); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); Logger.log("Change of name and role succesfull", LogLevel.success); return; } else if (isnewName) { - update = DatabaseManager.changeKeyNameByAuth(auth,newName); + update = DatabaseManager.changeKeyNameByValue(auth,newName); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); return; } else if (hasNewRole) { - update = DatabaseManager.changeKeyRoleByAuth(auth, Role.fromString(newRole)); + update = DatabaseManager.changeKeyRoleByValue(auth, Role.fromString(newRole)); respond(ResponseFactory.Ok(body.getBytes(StandardCharsets.UTF_8))); return; } @@ -763,14 +1106,103 @@ private boolean isAdminRequest() { private void respond(Response response) throws IOException { StreamUtil.sendResponse(clientRequest.getClientSocket().getOutputStream(), response); } + + /** + * Safely retrieves a string value from a {@link JsonObject} for the given key. + * + *

    This method checks whether the JSON object contains the specified key and that + * the associated value is not null. If the value exists, it is returned + * as a trimmed string. If the key is missing or the value is null, + * an empty string is returned.

    + * + * @param obj The JSON object to read from. + * @param key The name of the field whose string value should be retrieved. + * + * @return The trimmed string value associated with the key, or an empty string if + * the key is missing or its value is null. + */ + private String getJsonString(JsonObject obj, String key) { return obj.has(key) && !obj.get(key).isJsonNull() ? obj.get(key).getAsString().trim() : ""; } - private ArrayList getAllowed(String keyId) throws SQLException { - return DatabaseManager.getBlockedModelsForKey(keyId); + /** + * Retrieves all models that are blocked (blacklisted) for the specified key. + * + *

    This method simply delegates to the {@link DatabaseManager} to fetch + * the list of blocked models associated with the provided key value.

    + * + * @param keyValue The value of the key whose blocked models should be retrieved. + * @return An {@link ArrayList} containing the names of all blocked models. + * + * @throws SQLException If a database error occurs while retrieving the models. + */ + private ArrayList getAllowedBlack(String keyValue) throws SQLException { + return DatabaseManager.getBlockedModelsForKey(keyValue); + } + + /** + * Retrieves all models that are allowed (whitelisted) for the specified key. + * + *

    This method delegates to the {@link DatabaseManager} to obtain the list of + * allowed models associated with the given key value.

    + * + * @param keyValue The value of the key whose allowed models should be retrieved. + * @return An {@link ArrayList} containing the names of all allowed models. + * + * @throws SQLException If a database error occurs while retrieving the models. + */ + private ArrayList getAllowedWhite(String keyValue) throws SQLException { + return DatabaseManager.getAllowedModelsForKey(keyValue); + } + + /** + * Validates the authorization header and ensures that the requester has administrative privileges. + * + *

    This method performs the following actions: + *

      + *
    1. Validates that the Authorization header exists and begins with the expected "Bearer" format.
      2. + *
    2. Ensures that the requester key is valid and corresponds to a real API key.
      3. + *
    3. Checks whether the requester is an administrator, as only admins may perform certain actions.
      4. + *
    4. Sends the appropriate HTTP response when validation fails.
      5. + *
    + *

    + * + *

    If validation succeeds, the method returns true, allowing the caller + * to proceed with the requested operation.

    + * + * @param authHeader The raw Authorization header sent by the client. + * @param requester The key object associated with the extracted token. + * + * @return true if authorization is valid and the requester is an admin; + * false otherwise. + * + * @throws IOException If an error occurs while sending an error response. + */ + + private boolean getAuthorization(String authHeader,Key requester) throws IOException { + + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + respond(ResponseFactory.BadRequest()); + return false; + } + + String token = authHeader.substring("Bearer ".length()).trim(); + + // + + if (requester == null) { + respond(ResponseFactory.MethodNotAllowed()); + return false; + } + if(!isAdminRequest()){ + respond(ResponseFactory.BadRequest()); + Logger.log("Only admin can insert allowed models"); + return false; + } + return true; } From 2706b91f6144d46926cb34423bc938e3377c6205 Mon Sep 17 00:00:00 2001 From: Flokster Date: Tue, 9 Dec 2025 10:17:57 +0100 Subject: [PATCH 6/8] Commit for code review and everything discussed beside the model priority queue. Still working on it CodeReview,Add to que, check before que... --- .idea/workspace.xml | 11 ++- sqlite.db-shm | Bin 32768 -> 0 bytes sqlite.db-wal | Bin 57712 -> 0 bytes .../upr/famnit/components/RequestQue.java | 87 +++++++++++++++++- .../famnit/managers/connections/Client.java | 31 ++++--- .../famnit/managers/connections/Worker.java | 30 ++++++ 6 files changed, 139 insertions(+), 20 deletions(-) delete mode 100644 sqlite.db-shm delete mode 100644 sqlite.db-wal diff --git a/.idea/workspace.xml b/.idea/workspace.xml index 134bfd9..6a7f1f3 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -13,10 +13,11 @@ - - - - + + + + + @@ -219,7 +220,7 @@ - + diff --git a/sqlite.db-shm b/sqlite.db-shm deleted file mode 100644 index ce0c8d8f223735ae629199a677441b487798163a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 32768 zcmeI)Eee7`5CG8e_wyg4H!ukXqg^l>JcZTd8BE^8Vir7$M-aR2iip)B3U6SUWm#s1 zcYqn3N0FmQrxelerQAqo*}e?Nr`cq`tsi#VYq43)kCnxAJ^1i{D)oq5_x2Xg=U2-8 zbKg(%tAGmu0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C&AW(`* z)Y6{OX0)UG1M?Vx!1n~oQH^@qwA+eKnNsuFX3M(dBtQZ?)7&hQ~jw@qLl7TAJ^B^ zAU}Wi3tnYgTbrie3^mHdvM(SC3<3xsfB*srAbAt`}y+B{( z?YWEAjg0gHVI2$53k2*>&(}o&0R#|0009ILKmY**5I`VQdoR#<_tDa?cLTH13$QQ1 zzY+onAbHYerlFpAfm=)UtoOGFPtxc00IagfB*srAbmXnp z0c0)XQ~#$IsKh3Y^?nJLr5CVO-)b+Q7YqUjAb~@3VFl0?)L!8IS}&lN3<3xsfB*srAbk{mgCzF|&!0Y}+Y zy?}nhAb nodeNames, Set< return null; } + /** + * Extracts the model name from the JSON request body. + * + *

    This expects the request body to contain a JSON key named {@code "model"}. + * If the key is missing or unreadable, {@code null} is returned.

    + * + * @param request the {@link ClientRequest} whose model should be extracted + * @return the model name, or {@code null} if not found + */ + public static String extractModel(ClientRequest request) { + return StreamUtil.getValueFromJSONBody("model", request.getRequest().getBody()); + } + + /** + * Extracts a Bearer token from the request's {@code Authorization} header. + * + *

    The header must be in the format:

    + * 
    +     * Authorization: Bearer <token>
+     *
    + * + *

    If the header is missing, malformed, or does not begin with "Bearer ", + * {@code null} is returned.

    + * + * @param request the {@link ClientRequest} containing the Authorization header + * @return the extracted token, or {@code null} if not present or invalid + */ + public static String extractToken(ClientRequest request) { + String auth = request.getRequest().getHeaders().get("Authorization"); + if (auth == null) return null; + if (!auth.startsWith("Bearer ")) return null; + return auth.substring("Bearer ".length()).trim(); + } + + /** + * Determines whether a given token is allowed to access a specific model. + * + *

    The permission rules are as follows:

    + * + *
      + *
    • Blacklist overrides everything:
      + * If the model is in the token's blacklist, access is denied.
      • + * + *
    • Whitelist restricts access only when it is non-empty:
      + * If the whitelist contains entries, then the model must appear in the + * whitelist. If the whitelist is empty, all non-blacklisted models are allowed.
      • + * + *
    • If the model is in neither whitelist nor blacklist:
      + * It is allowed as long as the whitelist is empty.
      • + *
    + * + *

    This method fetches the allow- and block-lists from the database on each call.

    + * + * @param model the model being requested + * @param token the client's authentication token + * @return {@code true} if access is permitted; {@code false} otherwise + * @throws SQLException if permission data cannot be retrieved + */ + private static boolean isAllowedForModel(String model, String token) throws SQLException { + // TODO: call your real permission system + ArrayList block=DatabaseManager.getBlockedModelsForKey(token); + ArrayList allow=DatabaseManager.getAllowedModelsForKey(token); + boolean allowed=true; + if (block.contains(model)) { + return false; + } + + if (!allow.isEmpty() && !allow.contains(model)) { + return false; + } + + return true; + } + } diff --git a/src/main/java/upr/famnit/managers/connections/Client.java b/src/main/java/upr/famnit/managers/connections/Client.java index f1f30fd..47ff703 100644 --- a/src/main/java/upr/famnit/managers/connections/Client.java +++ b/src/main/java/upr/famnit/managers/connections/Client.java @@ -9,6 +9,7 @@ import java.io.OutputStream; import java.net.ServerSocket; import java.net.Socket; +import java.sql.SQLException; /** * The {@code ClientConnectionManager} class is responsible for handling incoming client connections. @@ -77,20 +78,24 @@ public void run() { return; } - if (!RequestQue.addTask(cr)) { - Logger.error("Closing request due to invalid structure (" + clientSocket.getRemoteSocketAddress() + ")"); - Response failedResponse = ResponseFactory.MethodNotAllowed(); - try { - StreamUtil.sendResponse(cr.getClientSocket().getOutputStream(), failedResponse); - } catch (IOException e) { - Logger.error("Unable to respond to the client (" + clientSocket.getRemoteSocketAddress() + "): " + e.getMessage()); - } - try { - cr.getClientSocket().close(); - } catch (IOException e) { - Logger.error("Unable to close connection to the client (" + clientSocket.getRemoteSocketAddress() + "): " + e.getMessage()); + try { + if (!RequestQue.addTask(cr)) { + Logger.error("Closing request due to invalid structure (" + clientSocket.getRemoteSocketAddress() + ")"); + Response failedResponse = ResponseFactory.MethodNotAllowed(); + try { + StreamUtil.sendResponse(cr.getClientSocket().getOutputStream(), failedResponse); + } catch (IOException e) { + Logger.error("Unable to respond to the client (" + clientSocket.getRemoteSocketAddress() + "): " + e.getMessage()); + } + try { + cr.getClientSocket().close(); + } catch (IOException e) { + Logger.error("Unable to close connection to the client (" + clientSocket.getRemoteSocketAddress() + "): " + e.getMessage()); + } + cr.getRequest().log(); } - cr.getRequest().log(); + } catch (SQLException e) { + throw new RuntimeException(e); } } diff --git a/src/main/java/upr/famnit/managers/connections/Worker.java b/src/main/java/upr/famnit/managers/connections/Worker.java index c27b8a9..dc743ec 100644 --- a/src/main/java/upr/famnit/managers/connections/Worker.java +++ b/src/main/java/upr/famnit/managers/connections/Worker.java @@ -357,6 +357,34 @@ private ClientRequest defaultPolling(Request request) { return null; } + /* + kinda threw out this shit + private ClientRequest defaultPolling(Request request) throws SQLException { + data.tagsTestAndSet(request.getUri()); + String[] models = request.getUri().split(";"); + + for (String model : models) { + ClientRequest clientRequest = RequestQue.getTask(model, data.getNodeName()); + if (clientRequest != null) { + String token = null; + Map headers = clientRequest.getRequest().getHeaders(); + String authHeader = headers.get("Authorization"); // or headers.get("authorization") + + if (authHeader != null && authHeader.startsWith("Bearer ")) { + // Extract the token by removing "Bearer " and trimming whitespace + token = authHeader.substring("Bearer ".length()).trim(); + } + if(!isModelAllowedForKey(model,token)){ + Logger.log("Not allowed to use", LogLevel.error); + continue; + } + return clientRequest; + } + } + return null; + } + */ + /** * Performs sequenced polling to optimize model sequencing and reduce model swaps. * @@ -405,6 +433,8 @@ private ClientRequest sequencedPolling(Request request) { return clientRequest; } + + /** * Checks whether the connection to the worker node is still open and valid. * From d18c6732c5399cc2b6cf37213bee4ee549c02ce5 Mon Sep 17 00:00:00 2001 From: Flokster Date: Thu, 18 Dec 2025 11:44:22 +0100 Subject: [PATCH 7/8] Commit for all the changes regarding exclusivity table :) Not fully tested but functional --- .idea/workspace.xml | 12 +- src/main/java/upr/famnit/Main.java | 1 + .../upr/famnit/components/RequestQue.java | 56 ++-- .../upr/famnit/managers/DatabaseManager.java | 284 ++++++++++++++++-- .../famnit/managers/connections/Client.java | 26 +- .../managers/connections/Management.java | 283 +++++++++++++++++ 6 files changed, 616 insertions(+), 46 deletions(-) diff --git a/.idea/workspace.xml b/.idea/workspace.xml index 6a7f1f3..3753645 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -13,11 +13,11 @@ - - + + - + @@ -59,6 +59,9 @@ + + { "associatedIndex": 8 } @@ -220,7 +223,8 @@ - + + diff --git a/src/main/java/upr/famnit/Main.java b/src/main/java/upr/famnit/Main.java index bed7a3b..bbf1e9c 100644 --- a/src/main/java/upr/famnit/Main.java +++ b/src/main/java/upr/famnit/Main.java @@ -19,6 +19,7 @@ public static void main(String[] args) { DatabaseManager.createKeysTable(); DatabaseManager.createBlockedModelsTable(); DatabaseManager.createWhiteListTable(); + DatabaseManager.createExclusiveModelsTable(); WorkerServer workerServer = new WorkerServer(); ClientServer clientServer = new ClientServer(); diff --git a/src/main/java/upr/famnit/components/RequestQue.java b/src/main/java/upr/famnit/components/RequestQue.java index 42aa42c..4e3428b 100644 --- a/src/main/java/upr/famnit/components/RequestQue.java +++ b/src/main/java/upr/famnit/components/RequestQue.java @@ -280,44 +280,54 @@ public static String extractToken(ClientRequest request) { } /** - * Determines whether a given token is allowed to access a specific model. + * Determines whether a given key is allowed to access a specific model. * - *

    The permission rules are as follows:

    + *

    Permission rules (evaluated in order of precedence):

    * - *
      - *
    • Blacklist overrides everything:
      - * If the model is in the token's blacklist, access is denied.
      • + *
        + *
      1. Global exclusivity (strongest rule):
        + * If the model is exclusive to a different key, access is denied. + * If the model is not exclusive or is exclusive to this key, evaluation continues.
        2. * - *
      2. Whitelist restricts access only when it is non-empty:
        - * If the whitelist contains entries, then the model must appear in the - * whitelist. If the whitelist is empty, all non-blacklisted models are allowed.
        3. + *
      3. Block list (hard deny):
        + * If the model appears in the key's block list, access is denied.
        4. * - *
      4. If the model is in neither whitelist nor blacklist:
        - * It is allowed as long as the whitelist is empty.
        5. - *
    + *
  • Allow list (conditional whitelist):
    + * If the allow list is non-empty, the model must be present in it. + * If the allow list is empty, all non-blocked models are permitted.
    • + * * - *

    This method fetches the allow- and block-lists from the database on each call.

    + *

    This method retrieves exclusivity, allow-list, and block-list data + * from the database on each invocation.

    + * + * @param keyValue the key requesting access to the model + * @param modelName the model being requested * - * @param model the model being requested - * @param token the client's authentication token * @return {@code true} if access is permitted; {@code false} otherwise - * @throws SQLException if permission data cannot be retrieved + * + * @throws SQLException if permission or exclusivity data cannot be retrieved */ - private static boolean isAllowedForModel(String model, String token) throws SQLException { - // TODO: call your real permission system - ArrayList block=DatabaseManager.getBlockedModelsForKey(token); - ArrayList allow=DatabaseManager.getAllowedModelsForKey(token); - boolean allowed=true; - if (block.contains(model)) { + public static synchronized boolean isAllowedForModel(String keyValue, String modelName ) throws SQLException { + //Vičič special + String exclusiveOwner = DatabaseManager.getExclusiveOwnerForModel(modelName); + if (exclusiveOwner != null && !exclusiveOwner.equals(keyValue)) { + Logger.warn("Model '" + modelName + "' is exclusive to another key."); + return false; + } + //Black list + if (DatabaseManager.getBlockedModelsForKey(keyValue).contains(modelName)) { + Logger.info("Model '" + modelName + "' is blocked for key " + keyValue); return false; } - if (!allow.isEmpty() && !allow.contains(model)) { + //White list + ArrayList allow = DatabaseManager.getAllowedModelsForKey(keyValue); + if (!allow.isEmpty() && !allow.contains(modelName)) { + Logger.info("Model '" + modelName + "' not in allow list for key " + keyValue); return false; } return true; } - } diff --git a/src/main/java/upr/famnit/managers/DatabaseManager.java b/src/main/java/upr/famnit/managers/DatabaseManager.java index 3694ce1..6ec370c 100644 --- a/src/main/java/upr/famnit/managers/DatabaseManager.java +++ b/src/main/java/upr/famnit/managers/DatabaseManager.java @@ -167,6 +167,24 @@ public static synchronized void createWhiteListTable() throws SQLException{ } } + public static synchronized void createExclusiveModelsTable() throws SQLException { + String sql = """ + CREATE TABLE IF NOT EXISTS model_exclusive ( + model_name TEXT PRIMARY KEY, + key_value TEXT NOT NULL, + FOREIGN KEY (key_value) REFERENCES keys(value) ON DELETE CASCADE + ); + """; + + try (Connection conn = connect(); + Statement stmt = conn.createStatement()) { + + stmt.execute(sql); + Logger.info("Model exclusivity table created or already exists."); + } + } + + /** * Inserts a new {@link Key} into the {@code keys} table. @@ -602,24 +620,27 @@ public static synchronized boolean canKeyUseModelBlack(String keyValue, String m } /** - * Checks whether a given key is allowed to use a specific model. - * - *

    This method queries the {@code blocked_models} table to determine if the key - * has a restriction for the given model. If there is no entry in {@code blocked_models} - * for the key and model, the key is allowed to use it.

    + * Determines whether a key is permitted to use a given model by consulting the database. * - *

    Logging is performed at each stage: + *

    This method enforces the following policy:

    *
      - *
    • Info is logged whether the key is allowed or blocked for the model
      • - *
    • Warnings are logged if the key does not exist
      • - *

    + *
  • First, the key must exist in the {@code keys} table; if it does not, an + * {@link IllegalStateException} is thrown.
    • + *
  • Then the method queries {@code allowed_models} for a row matching + * {@code (key_value, model_name)}.
    • + *
  • If such a row exists, the key is treated as blocked for that model.
    • + *
  • If no matching row exists, the key is treated as allowed for that model.
    • + * * - * @param keyValue the unique ID of the key in the {@code keys} table - * @param modelName the name of the model to check + *

    Note: despite the table name {@code allowed_models}, the current logic uses it as a + * block list (presence = blocked, absence = allowed). If this is not intended, + * the SQL/boolean logic should be inverted or the table renamed to reflect its role.

    * - * @return {@code true} if the key can use the model, {@code false} if blocked - * @throws SQLException if a database access error occurs or the SQL statement is invalid - * @throws IllegalStateException if the key does not exist + * @param keyValue the key identifier from the {@code keys} table + * @param modelName the model name to check + * @return {@code true} if the key is allowed to use the model; {@code false} if it is blocked + * @throws SQLException if a database access error occurs or the SQL is invalid + * @throws IllegalStateException if the key does not exist in {@code keys} */ public static synchronized boolean canKeyUseModelWhiteDataBase(String keyValue, String modelName) throws SQLException { // Check if the key exists @@ -642,7 +663,7 @@ public static synchronized boolean canKeyUseModelWhiteDataBase(String keyValue, ResultSet rs = stmt.executeQuery(); rs.next(); - boolean allowed = rs.getInt("count") == 0; + boolean allowed = rs.getInt("count") > 0; if (allowed) { Logger.info("Key ID " + keyValue + " is allowed to use model '" + modelName + "'."); @@ -841,14 +862,14 @@ public static synchronized boolean canKeyUseModelWhite(String keyValue, String m } // Check if the model is blocked - String sql = "SELECT COUNT(*) AS count FROM blocked_models WHERE key_value = ? AND model_name = ?"; + String sql = "SELECT COUNT(*) AS count FROM allowed_models WHERE key_value = ? AND model_name = ?"; try (Connection conn = connect(); PreparedStatement stmt = conn.prepareStatement(sql)) { stmt.setString(1, keyValue); stmt.setString(2, modelName); ResultSet rs = stmt.executeQuery(); rs.next(); - boolean allowed = rs.getInt("count") == 0; + boolean allowed = rs.getInt("count") > 0; if (allowed) { Logger.info("Key ID " + keyValue + " is allowed to use model '" + modelName + "'."); @@ -906,5 +927,234 @@ public static synchronized ArrayList getAllowedModelsForKey(String keyVa return allowedModels; } } + + /** + * Assigns exclusive access of a model to a target key. + * + *

    Authorization: Only keys with the {@code admin} role may call this method.

    + * + *

    Behavior: + *

      + *
    • If the model is not currently exclusive, it becomes exclusive to {@code targetKey}.
      • + *
    • If the model is already exclusive, ownership is reassigned to {@code targetKey}.
      • + *
    • At most one key may own a model at any time.
      • + *
    + * + *

    This operation is atomic and enforced at the database level.

    + * + * @param requestingKey the admin key performing the operation + * @param targetKey the key that will gain exclusive access to the model + * @param modelName the model to be made exclusive + * + * @throws SecurityException if {@code requestingKey} is not an admin key + * @throws SQLException if a database error occurs + */ + public static synchronized void setExclusiveModelForKey(String requestingKey, String targetKey, String modelName) throws SQLException { + + if (!isAdminKey(requestingKey)) { + throw new SecurityException("Only admin keys can assign exclusive models."); + } + + String sql = """ + INSERT INTO model_exclusive (model_name, key_value) + VALUES (?, ?) + ON CONFLICT(model_name) + DO UPDATE SET key_value = excluded.key_value + """; + + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, modelName); + stmt.setString(2, targetKey); + stmt.executeUpdate(); + } + } + + /** + * Removes exclusive access from a model. + * + *

    Authorization: Only keys with the {@code admin} role may call this method.

    + * + *

    If the model is not currently exclusive, this method performs no changes.

    + * + * @param requestingKey the admin key performing the removal + * @param modelName the model whose exclusivity should be removed + * + * @throws SecurityException if {@code requestingKey} is not an admin key + * @throws SQLException if a database error occurs + */ + public static synchronized void removeExclusiveModel(String requestingKey, String modelName) throws SQLException { + + // 🔒 Authorization check + if (!isAdminKey(requestingKey)) { + throw new SecurityException("Only admin keys can remove model exclusivity."); + } + + String sql = "DELETE FROM model_exclusive WHERE model_name = ?"; + + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, modelName); + int rows = stmt.executeUpdate(); + + if (rows > 0) { + Logger.info("Admin key " + requestingKey + + " removed exclusivity for model " + modelName); + } else { + Logger.warn("Model '" + modelName + "' had no exclusivity set."); + } + } + } + + /** + * Determines whether a key is the exclusive owner of a given model. + * + *

    This method checks global exclusivity only. + * It does not consider allow or block lists.

    + * + *

    A model is considered usable by a key if: + *

      + *
    • The model is exclusive and owned by the key, OR
      • + *
    • The model is not exclusive at all
      • + *
    + * + * @param keyValue the key attempting to use the model + * @param modelName the model being checked + * + * @return {@code true} if the model is either not exclusive + * or exclusive to {@code keyValue}; + * {@code false} if the model is exclusive to another key + * + * @throws IllegalStateException if the key does not exist + * @throws SQLException if a database error occurs + */ + public static synchronized boolean canKeyUseExclusive(String keyValue, String modelName) throws SQLException { + + // Verify key exists + String keyCheckSql = "SELECT 1 FROM keys WHERE value = ?"; + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(keyCheckSql)) { + + stmt.setString(1, keyValue); + ResultSet rs = stmt.executeQuery(); + + if (!rs.next()) { + throw new IllegalStateException("Key does not exist: " + keyValue); + } + } + + // Check exclusivity ownership + String sql = "SELECT key_value FROM model_exclusive WHERE model_name = ?"; + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, modelName); + ResultSet rs = stmt.executeQuery(); + + // Not exclusive → usable + if (!rs.next()) { + return true; + } + + // Exclusive → must match owner + return keyValue.equals(rs.getString("key_value")); + } + } + + /** + * Retrieves all models that are exclusively assigned to a given key. + * + *

    This method does not perform authorization checks and is intended + * for administrative or informational use.

    + * + * @param keyValue the key whose exclusive models should be returned + * + * @return a list of model names exclusively owned by the key; + * the list is empty if none exist + * + * @throws SQLException if a database error occurs + */ + public static synchronized ArrayList getExclusiveModelsForKey(String keyValue) + throws SQLException { + + String sql = "SELECT model_name FROM model_exclusive WHERE key_value = ?"; + + ArrayList models = new ArrayList<>(); + + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, keyValue); + ResultSet rs = stmt.executeQuery(); + + while (rs.next()) { + models.add(rs.getString("model_name")); + } + } + + return models; + } + + /** + * Retrieves the key that owns exclusive access to a given model. + * + *

    If the model is not exclusive, this method returns {@code null}.

    + * + * @param modelName the model to check + * + * @return the key that owns the model exclusively, or {@code null} + * if the model is not exclusive + * + * @throws SQLException if a database error occurs + */ + + public static synchronized String getExclusiveOwnerForModel(String modelName) + throws SQLException { + + String sql = "SELECT key_value FROM model_exclusive WHERE model_name = ?"; + + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, modelName); + ResultSet rs = stmt.executeQuery(); + + return rs.next() ? rs.getString("key_value") : null; + } + } + + /** + * Determines whether a key has administrative privileges. + * + *

    A key is considered an admin if its role in the {@code keys} table + * is {@code "admin"} (case-insensitive).

    + * + * @param keyValue the key to check + * + * @return {@code true} if the key has admin privileges, + * {@code false} otherwise + * + * @throws SQLException if a database error occurs + */ + + public static boolean isAdminKey(String keyValue) throws SQLException { + String sql = "SELECT role FROM keys WHERE value = ?"; + + try (Connection conn = connect(); + PreparedStatement stmt = conn.prepareStatement(sql)) { + + stmt.setString(1, keyValue); + ResultSet rs = stmt.executeQuery(); + + return rs.next() && "admin".equalsIgnoreCase(rs.getString("role")); + } + } + + + + } + diff --git a/src/main/java/upr/famnit/managers/connections/Client.java b/src/main/java/upr/famnit/managers/connections/Client.java index 47ff703..7960d7f 100644 --- a/src/main/java/upr/famnit/managers/connections/Client.java +++ b/src/main/java/upr/famnit/managers/connections/Client.java @@ -1,6 +1,7 @@ package upr.famnit.managers.connections; import upr.famnit.components.*; +import upr.famnit.util.LogLevel; import upr.famnit.util.Logger; import upr.famnit.util.StreamUtil; @@ -77,7 +78,6 @@ public void run() { Logger.error("Failed reading client request (" + clientSocket.getRemoteSocketAddress() + "): " + e.getMessage()); return; } - try { if (!RequestQue.addTask(cr)) { Logger.error("Closing request due to invalid structure (" + clientSocket.getRemoteSocketAddress() + ")"); @@ -95,7 +95,8 @@ public void run() { cr.getRequest().log(); } } catch (SQLException e) { - throw new RuntimeException(e); + Logger.log("Rejecting request because the database failed from:" +clientSocket.getRemoteSocketAddress()+ " "+e.getMessage() ); + rejectRequest(clientSocket); } } @@ -115,4 +116,25 @@ private void rejectRequest(Socket clientSocket) { Logger.error("Could not send rejection response to socket: " + clientSocket.getInetAddress()); } } + + private void rejectInvalidRequest(ClientRequest cr) { + Logger.error("Closing request due to invalid structure (" + + cr.getClientSocket().getRemoteSocketAddress() + ")"); + Response failed = ResponseFactory.MethodNotAllowed(); + + try { + StreamUtil.sendResponse(cr.getClientSocket().getOutputStream(), failed); + } catch (IOException e) { + Logger.error("Unable to respond to client: " + e.getMessage()); + } + + try { + cr.getClientSocket().close(); + } catch (IOException e) { + Logger.error("Unable to close client socket: " + e.getMessage()); + } + + cr.getRequest().log(); + } + } diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index 3362374..05e3848 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -106,6 +106,7 @@ public void run() { case "/queue" -> handleQueueRoute(); case "/block" -> handleWorkerBlockRoute(); case "/allow"->handleWorkerWhiteList(); + case "/exclusive"->handleExclusiveList(); case null, default -> respond(ResponseFactory.NotFound()); } @@ -118,6 +119,284 @@ public void run() { } + /** + * Routes requests for the exclusive list endpoint based on HTTP method. + *

    + * Supported methods: + *

      + *
    • GET – Retrieves exclusive (blocked) models
      • + *
    • POST – Adds models to the exclusive list
      • + *
    • DELETE – Removes models from the exclusive list
      • + *
    + * + * @throws SQLException if a database access error occurs + * @throws IOException if request or response I/O fails + */ + + private void handleExclusiveList() throws SQLException, IOException { + switch (clientRequest.getRequest().getMethod()){ + case "GET" -> getExclusive(); + case "POST"->addToExclusive(); + case "DELETE"->deleteFromExclusive(); + } + } + + + + /** + * Handles GET requests for retrieving exclusive (blocked) models for a key. + *

    + * Behavior: + *

      + *
    • Extracts and validates the Authorization bearer token
      • + *
    • Determines the requesting key and checks authorization
      • + *
    • Allows admins to view blocked models for any key
      • + *
    • Restricts non-admin users to viewing only their own blocked models
      • + *
    • Returns a JSON array of blocked model names
      • + *
    + * + * Expected JSON body (optional): + * 
    +     * {
+     *   "targetKeyValue": "key-value"
+     * }
+     *
    + * + * Response JSON: + * 
    +     * {
+     *   "blockedModels": ["modelA", "modelB"]
+     * }
+     *
    + * + * @throws SQLException if database access fails + * @throws IOException if request or response I/O fails + */ + private void getExclusive() throws SQLException, IOException { + + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + // Validate Authorization header + + + String token = authHeader.substring("Bearer ".length()).trim(); + + // Get the key from the token + Key requester = DatabaseManager.getKeyByValue(token); + + if ( !getAuthorization (authHeader, requester)){ + return; + } + + boolean isAdmin = isAdminRequest(); + Key targetKey; + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + } + + try { + if(jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + if(!targetKeyValue.equals(token)&&requester.getRole()!=Role.Admin){ + respond(ResponseFactory.MethodNotAllowed()); + Logger.log("Unauthorized attempt to view another key's blocked models", LogLevel.warn); + Logger.log("Admin can view all, others cannot"); + return; + } + //Check target key de se prepričam de obstaja + targetKey=DatabaseManager.getKeyByValue(targetKeyValue); + if (targetKey==null){ + respond(ResponseFactory.BadRequest()); + Logger.log("Target key not found: "+targetKeyValue,LogLevel.error); + return; + } + //Nucam ArrayList de lažje loopam skoz object pa tud za response generation + ArrayListexclusiveModels=getExclusiveModels(targetKeyValue); + JsonArray responseArray=new JsonArray(); + for(String model:exclusiveModels){ + responseArray.add(model); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("blockedModels",responseArray); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + Logger.log("Retrieved: "+exclusiveModels.size() + " blocked models for key " + requester.getName(), LogLevel.info); + } + }catch (SQLException e){ + e.printStackTrace(); + respond(ResponseFactory.InternalServerError()); + } + + } + + + /** + * Handles POST requests for adding models to a key's exclusive list. + *

    + * Behavior: + *

      + *
    • Extracts and validates the Authorization bearer token
      • + *
    • Checks requester authorization
      • + *
    • Parses model names from the request body
      • + *
    • Adds one or more models as exclusive for the target key
      • + *
    + * + * Expected JSON body: + * 
    +     * {
+     *   "targetKeyValue": "key-value",
+     *   "modelName": "modelA,modelB,modelC"
+     * }
+     *
    + * + * Response JSON: + * 
    +     * {
+     *   "allowedModels": { ...request body... }
+     * }
+     *
    + * + * @throws SQLException if database access fails + * @throws IOException if request or response I/O fails + */ + + private void addToExclusive() throws SQLException,IOException{ + + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + + String token = authHeader.substring("Bearer ".length()).trim(); + + // Get the key from the token + Key requester = DatabaseManager.getKeyByValue(token); + + + if(!getAuthorization(authHeader,requester)){ + return; + } + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + }try { + + if(jsonObject != null&&jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + //Key targetKey=DatabaseManager.getKeyByValue(targetKeyValue); + if(!jsonObject.has("modelName")&&jsonObject.get("modelName").isJsonNull()){ + respond(ResponseFactory.BadRequest()); + Logger.log("No models to add to table",LogLevel.error); + return; + } + String exclusiveModelStr=jsonObject.get("modelName").getAsString(); + ArrayList targetModelList = new ArrayList<>(Arrays.asList(exclusiveModelStr.split(","))); + for (String model:targetModelList){ + DatabaseManager.setExclusiveModelForKey(requester.getValue(),targetKeyValue,model); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("allowedModels",jsonObject); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + } + respond(ResponseFactory.Ok()); + } catch (SQLException e) { + e.printStackTrace(); + Logger.log("There was something wrong with getting the data from the database"); + } + + + } + + + /** + * Handles DELETE requests for removing models from a key's exclusive list. + *

    + * Behavior: + *

      + *
    • Extracts and validates the Authorization bearer token
      • + *
    • Checks requester authorization
      • + *
    • Verifies whether each model is currently exclusive
      • + *
    • Removes exclusive restrictions for valid models
      • + *
    • Skips models that are already allowed
      • + *
    + * + * Expected JSON body: + * 
    +     * {
+     *   "targetKeyValue": "key-value",
+     *   "modelName": "modelA,modelB"
+     * }
+     *
    + * + * Response JSON: + * 
    +     * {
+     *   "UnblockedModels": { ...request body... }
+     * }
+     *
    + * + * @throws SQLException if database access fails + * @throws IOException if request or response I/O fails + */ + private void deleteFromExclusive() throws SQLException,IOException{ + + + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + String token = authHeader.substring("Bearer ".length()).trim(); + + Key requester = DatabaseManager.getKeyByValue(token); + + if(!getAuthorization(authHeader,requester)){ + return; + } + + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = null; + if (!body.isEmpty()) { + jsonObject = JsonParser.parseString(body).getAsJsonObject(); + }try { + if(jsonObject.has("targetKeyValue")){ + String targetKeyValue=jsonObject.get("targetKeyValue").getAsString(); + Key targetKey=DatabaseManager.getKeyByValue(String.valueOf(targetKeyValue)); + if(jsonObject.has("modelName")&&jsonObject.get("modelName").isJsonNull()){ + respond(ResponseFactory.BadRequest()); + Logger.log("No models to delete from table",LogLevel.error); + return; + } + boolean allGood=false; + String exclusiveModelStr=jsonObject.get("modelName").getAsString(); + ArrayList targetModelList = new ArrayList<>(Arrays.asList(exclusiveModelStr.split(","))); + for (String model:targetModelList){ + boolean exclusive=DatabaseManager.canKeyUseExclusive(targetKeyValue,model); + if(exclusive){ + DatabaseManager.removeExclusiveModel(requester.getValue(),model); + allGood=true; + continue; + } + Logger.log("Skipping this model, Model is already allowed",LogLevel.info); + } + if(!allGood){ + respond(ResponseFactory.BadRequest()); + Logger.log("Something went wrong",LogLevel.error); + } + JsonObject responseJson=new JsonObject(); + responseJson.add("UnblockedModels",jsonObject); + byte[] responseBytes=responseJson.toString().getBytes(StandardCharsets.UTF_8); + respond(ResponseFactory.Ok(responseBytes)); + } + + } catch (SQLException | IOException e) { + e.printStackTrace(); + Logger.log("There was something wrong with getting the data from the database"); + } + + + } + + /** * Handles requests to the "/queue" route, managing operations related to the request queue. * @@ -1158,6 +1437,10 @@ private ArrayList getAllowedWhite(String keyValue) throws SQLException { return DatabaseManager.getAllowedModelsForKey(keyValue); } + private ArrayList getExclusiveModels(String keyValue) throws SQLException { + return DatabaseManager.getExclusiveModelsForKey(keyValue); + } + /** * Validates the authorization header and ensures that the requester has administrative privileges. * From fa3b3cac1fe2a6076759cda289e2a11d8eb5c4ab Mon Sep 17 00:00:00 2001 From: Flokster Date: Thu, 5 Feb 2026 10:25:51 +0100 Subject: [PATCH 8/8] Commit for final Hive Core update Tested and working also with exclusivity getter --- .idea/workspace.xml | 6 +- .../managers/connections/Management.java | 122 ++++++++++++++++++ 2 files changed, 123 insertions(+), 5 deletions(-) diff --git a/.idea/workspace.xml b/.idea/workspace.xml index 3753645..4703a31 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -13,10 +13,6 @@ - - - - @@ -224,7 +220,7 @@ - + diff --git a/src/main/java/upr/famnit/managers/connections/Management.java b/src/main/java/upr/famnit/managers/connections/Management.java index 05e3848..bcc3a57 100644 --- a/src/main/java/upr/famnit/managers/connections/Management.java +++ b/src/main/java/upr/famnit/managers/connections/Management.java @@ -106,6 +106,7 @@ public void run() { case "/queue" -> handleQueueRoute(); case "/block" -> handleWorkerBlockRoute(); case "/allow"->handleWorkerWhiteList(); + case "/allow/list"-> handleAllowInfo(); case "/exclusive"->handleExclusiveList(); case null, default -> respond(ResponseFactory.NotFound()); } @@ -118,6 +119,127 @@ public void run() { Logger.success("Management request finished"); } + private void handleAllowInfo() throws SQLException, IOException { + switch (clientRequest.getRequest().getMethod()){ + case "GET" -> getInfo(); + } + } + + + /** + * Handles a request to retrieve information about an API key. + *

    + * The requester must provide a valid {@code Authorization} header using the + * {@code Bearer } scheme. The token is used to identify the requesting key. + *

    + * + *

    + * By default, the requester can only retrieve information about their own key. + * If the requester has the {@link Role#Admin} role, they may optionally specify + * a different target key in the request body. + *

    + * + *

    + * Optional JSON request body format: + * 

    +     * {
+     *   "targetKeyValue": "some-key-value"
+     * }
+     *
    + *

    + * + *

    + * The response contains: + *

      + *
    • The target key name
      • + *
    • A list of allowed models
      • + *
    • A list of exclusive models
      • + *
    + *

    + * + *

    + * Error responses: + *

      + *
    • {@code 400 Bad Request} – missing/invalid authorization header or target key not found
      • + *
    • {@code 405 Method Not Allowed} – invalid token or insufficient permissions
      • + *
    + *

    + * + * @throws IOException if an I/O error occurs while reading the request or sending the response + * @throws SQLException if a database access error occurs while retrieving key or model data + */ + + private void getInfo() throws IOException, SQLException { + String authHeader = clientRequest.getRequest().getHeader("Authorization"); + + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + respond(ResponseFactory.BadRequest()); + return; + } + + String token = authHeader.substring("Bearer ".length()).trim(); + Key requester = DatabaseManager.getKeyByValue(token); + + if (requester == null) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + + // Read optional body + String body = new String(clientRequest.getRequest().getBody(), StandardCharsets.UTF_8); + JsonObject jsonObject = body.isEmpty() ? null : JsonParser.parseString(body).getAsJsonObject(); + + Key targetKey = requester; + + // Optional: admin can query another key + if (jsonObject != null && jsonObject.has("targetKeyValue")) { + String targetKeyValue = jsonObject.get("targetKeyValue").getAsString(); + + // Non-admins can only query themselves + if (!targetKeyValue.equals(token) && requester.getRole() != Role.Admin) { + respond(ResponseFactory.MethodNotAllowed()); + return; + } + + targetKey = DatabaseManager.getKeyByValue(targetKeyValue); + if (targetKey == null) { + respond(ResponseFactory.BadRequest()); + return; + } + } + String val = targetKey.getValue(); + + + ArrayList allowedModels = + DatabaseManager.getAllowedModelsForKey(val); + + JsonArray modelsArray = new JsonArray(); + for (String model : allowedModels) { + modelsArray.add(model); + } + ArrayList exclusiveModels= + DatabaseManager.getExclusiveModelsForKey(val); + JsonArray exclusiveModel = new JsonArray(); + for(String model: exclusiveModels){ + exclusiveModel.add(model); + } + + JsonObject response = new JsonObject(); + response.addProperty("keyName", targetKey.getName()); + response.add("allowedModels", modelsArray); + response.add("Exclusive models", exclusiveModel); + + respond(ResponseFactory.Ok( + response.toString().getBytes(StandardCharsets.UTF_8) + )); + + Logger.log( + "Returned " + allowedModels.size() + " allowed models for key " + targetKey.getName(), + LogLevel.info + ); + } + + /** * Routes requests for the exclusive list endpoint based on HTTP method.