Add auth for some v2 api.

config/src/main/java/com/alibaba/nacos/config/server/controller/v2/HistoryControllerV2.java

@@ -43,10 +43,11 @@
 
 /**
  * config history management controller [v2].
+ *
  * @author dongyafei
  * @date 2022/7/25
+ * @since 2.2.0
  */
-
 @NacosApi
 @RestController
 @RequestMapping(Constants.HISTORY_CONTROLLER_V2_PATH)
@@ -61,18 +62,16 @@ public HistoryControllerV2(HistoryService historyService) {
     /**
      * Query the list history config. notes:
      *
-     * @param dataId   dataId string value [required].
-     * @param group    group string value [required].
-     * @param namespaceId   namespaceId.
-     * @param pageNo   pageNo integer value.
-     * @param pageSize pageSize integer value.
+     * @param dataId      dataId string value [required].
+     * @param group       group string value [required].
+     * @param namespaceId namespaceId.
+     * @param pageNo      pageNo integer value.
+     * @param pageSize    pageSize integer value.
      * @return the page of history config.
-     * @since 2.0.3 add {@link Secured} for history config permission check.
      */
     @GetMapping("/list")
     @Secured(action = ActionTypes.READ, signType = SignType.CONFIG)
-    public Result<Page<ConfigHistoryInfo>> listConfigHistory(
-            @RequestParam("dataId") String dataId,
+    public Result<Page<ConfigHistoryInfo>> listConfigHistory(@RequestParam("dataId") String dataId,
             @RequestParam("group") String group,
             @RequestParam(value = "namespaceId", required = false, defaultValue = StringUtils.EMPTY) String namespaceId,
             @RequestParam(value = "pageNo", required = false, defaultValue = "1") Integer pageNo,
@@ -84,17 +83,15 @@ public Result<Page<ConfigHistoryInfo>> listConfigHistory(
     /**
      * Query the detailed configuration history information. notes:
      *
-     * @param nid    history_config_info nid
-     * @param dataId dataId  @since 2.0.3
-     * @param group  groupId  @since 2.0.3
-     * @param namespaceId namespaceId  @since 2.0.3
+     * @param nid         history_config_info nid
+     * @param dataId      dataId
+     * @param group       groupId
+     * @param namespaceId namespaceId
      * @return history config info
-     * @since 2.0.3 add {@link Secured}, dataId, groupId and tenant for history config permission check.
      */
     @GetMapping
     @Secured(action = ActionTypes.READ, signType = SignType.CONFIG)
-    public Result<ConfigHistoryInfo> getConfigHistoryInfo(
-            @RequestParam("dataId") String dataId,
+    public Result<ConfigHistoryInfo> getConfigHistoryInfo(@RequestParam("dataId") String dataId,
             @RequestParam("group") String group,
             @RequestParam(value = "namespaceId", required = false, defaultValue = StringUtils.EMPTY) String namespaceId,
             @RequestParam("nid") Long nid) throws AccessException, NacosApiException {
@@ -111,17 +108,15 @@ public Result<ConfigHistoryInfo> getConfigHistoryInfo(
     /**
      * Query previous config history information. notes:
      *
-     * @param id     config_info id
-     * @param dataId dataId  @since 2.0.3
-     * @param group  groupId  @since 2.0.3
-     * @param namespaceId namespaceId  @since 2.0.3
+     * @param id          config_info id
+     * @param dataId      dataId
+     * @param group       groupId
+     * @param namespaceId namespaceId
      * @return history config info
-     * @since 2.0.3 add {@link Secured}, dataId, groupId and tenant for history config permission check.
      */
     @GetMapping(value = "/previous")
     @Secured(action = ActionTypes.READ, signType = SignType.CONFIG)
-    public Result<ConfigHistoryInfo> getPreviousConfigHistoryInfo(
-            @RequestParam("dataId") String dataId,
+    public Result<ConfigHistoryInfo> getPreviousConfigHistoryInfo(@RequestParam("dataId") String dataId,
             @RequestParam("group") String group,
             @RequestParam(value = "namespaceId", required = false, defaultValue = StringUtils.EMPTY) String namespaceId,
             @RequestParam("id") Long id) throws AccessException, NacosApiException {
@@ -140,7 +135,6 @@ public Result<ConfigHistoryInfo> getPreviousConfigHistoryInfo(
      *
      * @param namespaceId config_info namespace
      * @return list
-     * @since 2.1.1
      */
     @GetMapping(value = "/configs")
     @Secured(action = ActionTypes.READ, signType = SignType.CONFIG)

console/src/main/java/com/alibaba/nacos/console/controller/v2/NamespaceControllerV2.java

@@ -28,6 +28,7 @@
 import com.alibaba.nacos.console.model.form.NamespaceForm;
 import com.alibaba.nacos.console.service.NamespaceOperationService;
 import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
+import com.alibaba.nacos.plugin.auth.constant.SignType;
 import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -44,14 +45,15 @@
 
 /**
  * NamespaceControllerV2.
+ *
  * @author dongyafei
  * @date 2022/8/16
  */
 @NacosApi
 @RestController
 @RequestMapping(path = "/v2/console/namespace")
 public class NamespaceControllerV2 {
-
+    
     private final NamespaceOperationService namespaceOperationService;
 
     public NamespaceControllerV2(NamespaceOperationService namespaceOperationService) {
@@ -79,6 +81,8 @@ public Result<List<Namespace>> getNamespaceList() {
      * @return namespace all info
      */
     @GetMapping()
+    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX
+            + "namespaces", action = ActionTypes.READ, signType = SignType.CONSOLE)
     public Result<NamespaceAllInfo> getNamespace(@RequestParam("namespaceId") String namespaceId)
             throws NacosException {
         return Result.success(namespaceOperationService.getNamespace(namespaceId));
@@ -91,7 +95,8 @@ public Result<NamespaceAllInfo> getNamespace(@RequestParam("namespaceId") String
      * @return whether create ok
      */
     @PostMapping
-    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.WRITE)
+    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX
+            + "namespaces", action = ActionTypes.WRITE, signType = SignType.CONSOLE)
     public Result<Boolean> createNamespace(NamespaceForm namespaceForm) throws NacosException {
 
         namespaceForm.validate();
@@ -119,25 +124,28 @@ public Result<Boolean> createNamespace(NamespaceForm namespaceForm) throws Nacos
     /**
      * edit namespace.
      *
-     * @param namespaceForm       namespace params
+     * @param namespaceForm namespace params
      * @return whether edit ok
      */
     @PutMapping
-    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.WRITE)
+    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX
+            + "namespaces", action = ActionTypes.WRITE, signType = SignType.CONSOLE)
     public Result<Boolean> editNamespace(NamespaceForm namespaceForm) throws NacosException {
         namespaceForm.validate();
-        return Result.success(namespaceOperationService.editNamespace(namespaceForm.getNamespaceId(),
-                namespaceForm.getNamespaceName(), namespaceForm.getNamespaceDesc()));
+        return Result.success(namespaceOperationService
+                .editNamespace(namespaceForm.getNamespaceId(), namespaceForm.getNamespaceName(),
+                        namespaceForm.getNamespaceDesc()));
     }
 
     /**
      * delete namespace by id.
      *
-     * @param namespaceId   namespace ID
+     * @param namespaceId namespace ID
      * @return whether delete ok
      */
     @DeleteMapping
-    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.WRITE)
+    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX
+            + "namespaces", action = ActionTypes.WRITE, signType = SignType.CONSOLE)
     public Result<Boolean> deleteNamespace(@RequestParam("namespaceId") String namespaceId) {
         return Result.success(namespaceOperationService.removeNamespace(namespaceId));
     }

core/src/main/java/com/alibaba/nacos/core/controller/v2/CoreOpsV2Controller.java

@@ -27,6 +27,7 @@
 import com.alibaba.nacos.core.model.vo.IdGeneratorVO;
 import com.alibaba.nacos.core.utils.Commons;
 import com.alibaba.nacos.core.utils.Loggers;
+import com.alibaba.nacos.plugin.auth.constant.SignType;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
@@ -57,15 +58,20 @@ public CoreOpsV2Controller(ProtocolManager protocolManager, IdGeneratorManager i
         this.idGeneratorManager = idGeneratorManager;
     }
 
-    // Temporarily overpassed the raft operations interface
-    // {
-    //      "groupId": "xxx",
-    //      "command": "transferLeader or doSnapshot or resetRaftCluster or removePeer"
-    //      "value": "ip:{raft_port}"
-    // }
-
+    /**
+     * Temporarily overpassed the raft operations interface.
+     * <p>
+     *      {
+     *           "groupId": "xxx",
+     *           "command": "transferLeader or doSnapshot or resetRaftCluster or removePeer"
+     *           "value": "ip:{raft_port}"
+     *      }
+     * </p>
+     * @param commands transferLeader or doSnapshot or resetRaftCluster or removePeer
+     * @return {@link RestResult}
+     */
     @PostMapping(value = "/raft")
-    @Secured(action = ActionTypes.WRITE, resource = "nacos/admin")
+    @Secured(action = ActionTypes.WRITE, resource = "nacos/admin", signType = SignType.CONSOLE)
     public RestResult<String> raftOps(@RequestBody Map<String, String> commands) {
         return protocolManager.getCpProtocol().execute(commands);
     }
@@ -94,6 +100,7 @@ public RestResult<List<IdGeneratorVO>> ids() {
     }
 
     @PutMapping(value = "/log")
+    @Secured(action = ActionTypes.WRITE, resource = "nacos/admin", signType = SignType.CONSOLE)
     public RestResult<Void> updateLog(@RequestBody LogUpdateRequest logUpdateRequest) {
         Loggers.setLogLevel(logUpdateRequest.getLogName(), logUpdateRequest.getLogLevel());
         return RestResultUtils.success();

core/src/main/java/com/alibaba/nacos/core/controller/v2/NacosClusterControllerV2.java

@@ -21,6 +21,7 @@
 import com.alibaba.nacos.api.exception.api.NacosApiException;
 import com.alibaba.nacos.api.model.v2.ErrorCode;
 import com.alibaba.nacos.api.model.v2.Result;
+import com.alibaba.nacos.auth.annotation.Secured;
 import com.alibaba.nacos.common.model.RestResult;
 import com.alibaba.nacos.common.model.RestResultUtils;
 import com.alibaba.nacos.common.utils.StringUtils;
@@ -29,6 +30,8 @@
 import com.alibaba.nacos.core.model.request.LookupUpdateRequest;
 import com.alibaba.nacos.core.service.NacosClusterOperationService;
 import com.alibaba.nacos.core.utils.Commons;
+import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
+import com.alibaba.nacos.plugin.auth.constant.SignType;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -59,6 +62,7 @@ public NacosClusterControllerV2(NacosClusterOperationService nacosClusterOperati
     }
 
     @GetMapping(value = "/node/self")
+    @Secured(action = ActionTypes.READ, resource = "nacos/admin", signType = SignType.CONSOLE)
     public Result<Member> self() {
         return Result.success(nacosClusterOperationService.self());
     }
@@ -71,6 +75,7 @@ public Result<Member> self() {
      * @return members that matches condition
      */
     @GetMapping(value = "/node/list")
+    @Secured(action = ActionTypes.READ, resource = "nacos/admin", signType = SignType.CONSOLE)
     public Result<Collection<Member>> listNodes(@RequestParam(value = "address", required = false) String address,
             @RequestParam(value = "state", required = false) String state) throws NacosException {
 
@@ -86,6 +91,7 @@ public Result<Collection<Member>> listNodes(@RequestParam(value = "address", req
     }
 
     @GetMapping(value = "/node/self/health")
+    @Secured(action = ActionTypes.READ, resource = "nacos/admin", signType = SignType.CONSOLE)
     public Result<String> selfHealth() {
         return Result.success(nacosClusterOperationService.selfHealth());
     }
@@ -100,6 +106,7 @@ public Result<String> selfHealth() {
      * @return {@link RestResult}
      */
     @PutMapping(value = "/node/list")
+    @Secured(action = ActionTypes.WRITE, resource = "nacos/admin", signType = SignType.CONSOLE)
     public Result<Boolean> updateNodes(@RequestBody List<Member> nodes) throws NacosApiException {
         if (nodes == null || nodes.size() == 0) {
             throw new NacosApiException(HttpStatus.BAD_REQUEST.value(), ErrorCode.PARAMETER_MISSING,
@@ -115,6 +122,7 @@ public Result<Boolean> updateNodes(@RequestBody List<Member> nodes) throws Nacos
      * @return {@link RestResult}
      */
     @PutMapping(value = "/lookup")
+    @Secured(action = ActionTypes.WRITE, resource = "nacos/admin", signType = SignType.CONSOLE)
     public Result<Boolean> updateLookup(LookupUpdateRequest request) throws NacosException {
         if (request == null || request.getType() == null) {
             throw new NacosApiException(HttpStatus.BAD_REQUEST.value(), ErrorCode.PARAMETER_MISSING,
@@ -131,6 +139,7 @@ public Result<Boolean> updateLookup(LookupUpdateRequest request) throws NacosExc
      * @throws Exception throw {@link Exception}
      */
     @DeleteMapping("/nodes")
+    @Secured(action = ActionTypes.WRITE, resource = "nacos/admin", signType = SignType.CONSOLE)
     public RestResult<Void> deleteNodes(@RequestParam("addresses") List<String> addresses) throws Exception {
         return RestResultUtils.failed(405, null, "DELETE /v2/core/cluster/nodes API not allow to use temporarily.");