protected User authenticate()

in hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java [105:184]

• 63 lines of code
• 16 McCabe index (conditional complexity)

    protected User authenticate(ContainerRequestContext context) {
        GraphManager manager = this.managerProvider.get();
        E.checkState(manager != null, "Context GraphManager is absent");

        if (!manager.requireAuthentication()) {
            // Return anonymous user with an admin role if disable authentication
            return User.ANONYMOUS;
        }

        // Get peer info
        Request request = this.requestProvider.get();
        String peer = null;
        String path = null;
        if (request != null) {
            peer = request.getRemoteAddr() + ":" + request.getRemotePort();
            path = request.getRequestURI();
        }

        // Check whiteIp
        if (enabledWhiteIpCheck == null) {
            String whiteIpStatus = this.configProvider.get().get(WHITE_IP_STATUS);
            enabledWhiteIpCheck = Objects.equals(whiteIpStatus, STRING_ENABLE);
        }

        if (enabledWhiteIpCheck && request != null) {
            peer = request.getRemoteAddr() + ":" + request.getRemotePort();
            path = request.getRequestURI();

            String remoteIp = request.getRemoteAddr();
            Set<String> whiteIpList = manager.authManager().listWhiteIPs();
            boolean whiteIpEnabled = manager.authManager().getWhiteIpStatus();
            if (!path.contains(STRING_WHITE_IP_LIST) && whiteIpEnabled &&
                !whiteIpList.contains(remoteIp)) {
                throw new ForbiddenException(String.format("Remote ip '%s' is not permitted",
                                                           remoteIp));
            }
        }

        Map<String, String> credentials = new HashMap<>();
        // Extract authentication credentials
        String auth = context.getHeaderString(HttpHeaders.AUTHORIZATION);
        if (auth == null) {
            throw new NotAuthorizedException("Authentication credentials are required",
                                             "Missing authentication credentials");
        }

        if (auth.startsWith(BASIC_AUTH_PREFIX)) {
            auth = auth.substring(BASIC_AUTH_PREFIX.length());
            auth = new String(DatatypeConverter.parseBase64Binary(auth), Charsets.ASCII_CHARSET);
            String[] values = auth.split(":");
            if (values.length != 2) {
                throw new BadRequestException("Invalid syntax for username and password");
            }

            final String username = values[0];
            final String password = values[1];

            if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
                throw new BadRequestException("Invalid syntax for username and password");
            }

            credentials.put(HugeAuthenticator.KEY_USERNAME, username);
            credentials.put(HugeAuthenticator.KEY_PASSWORD, password);
        } else if (auth.startsWith(BEARER_TOKEN_PREFIX)) {
            String token = auth.substring(BEARER_TOKEN_PREFIX.length());
            credentials.put(HugeAuthenticator.KEY_TOKEN, token);
        } else {
            throw new BadRequestException("Only HTTP Basic or Bearer authentication is supported");
        }

        credentials.put(HugeAuthenticator.KEY_ADDRESS, peer);
        credentials.put(HugeAuthenticator.KEY_PATH, path);

        // Validate the extracted credentials
        try {
            return manager.authenticate(credentials);
        } catch (AuthenticationException e) {
            throw new NotAuthorizedException("Authentication failed", e.getMessage());
        }
    }