BE: Allow smart filters endpoint in r/o mode (kafbat#277)

kafbat · Apr 10, 2024 · 38c446d · 38c446d
1 parent 42c6a43
commit 38c446d
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/api/src/main/java/io/kafbat/ui/config/ReadOnlyModeFilter.java b/api/src/main/java/io/kafbat/ui/config/ReadOnlyModeFilter.java
@@ -5,6 +5,7 @@
 import io.kafbat.ui.service.ClustersStorage;
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
+import java.util.Set;
 import java.util.regex.Pattern;
 import lombok.RequiredArgsConstructor;
 import org.jetbrains.annotations.NotNull;
@@ -23,6 +24,10 @@ public class ReadOnlyModeFilter implements WebFilter {
   private static final Pattern CLUSTER_NAME_REGEX =
       Pattern.compile("/api/clusters/(?<clusterName>[^/]++)");
 
+  private static final Set<Pattern> SAFE_ENDPOINTS = Set.of(
+      Pattern.compile("/api/clusters/[^/]+/topics/[^/]+/(smartfilters)$")
+  );
+
   private final ClustersStorage clustersStorage;
 
   @NotNull
@@ -35,10 +40,12 @@ public Mono<Void> filter(ServerWebExchange exchange, @NotNull WebFilterChain cha
 
     var path = exchange.getRequest().getPath().pathWithinApplication().value();
     var decodedPath = URLDecoder.decode(path, StandardCharsets.UTF_8);
+
     var matcher = CLUSTER_NAME_REGEX.matcher(decodedPath);
     if (!matcher.find()) {
       return chain.filter(exchange);
     }
+
     var clusterName = matcher.group("clusterName");
     var kafkaCluster = clustersStorage.getClusterByName(clusterName)
         .orElseThrow(
@@ -49,6 +56,15 @@ public Mono<Void> filter(ServerWebExchange exchange, @NotNull WebFilterChain cha
       return chain.filter(exchange);
     }
 
+    var isSafeEndpoint = SAFE_ENDPOINTS
+        .stream()
+        .parallel()
+        .anyMatch(endpoint -> endpoint.matcher(decodedPath).matches());
+
+    if (isSafeEndpoint) {
+      return chain.filter(exchange);
+    }
+
     return Mono.error(ReadOnlyModeException::new);
   }
 }