issue #4809 jwt blacklist implementation and stop play/ publish using

jwt. blacklist using already existed token db with flag
ant-media · Mar 2, 2023 · 19945a7 · 19945a7
1 parent fc28eed
commit 19945a7
Show file tree

Hide file tree

Showing 10 changed files with 246 additions and 137 deletions.
diff --git a/src/main/java/io/antmedia/datastore/db/DataStore.java b/src/main/java/io/antmedia/datastore/db/DataStore.java
@@ -427,25 +427,27 @@ public List<Token> listAllTokens (Map<String, String> tokenMap, String streamId,
 	public abstract boolean deleteToken (String tokenId);
 
 	/**
-	 * Delete specific token from blacklist.
+	 * Whitelist specific token.
 	 * @param tokenId id of the token
 	 */
-	public abstract boolean deleteTokenFromBlacklist (String tokenId);
+	public abstract boolean whiteListToken(String tokenId);
 
 	/**
-	 * Get all tokens from jwt blacklist.
+	 * Get all blacklisted tokens.
 	 */
-	public abstract List<String> getJwtBlacklist();
+	public abstract List<String> getBlackListedTokens();
 
 	/**
-	 * Delete all expired tokens from jwt blacklist.
+	 * Whitelist all expired tokens.
 	 */
-	public abstract Result deleteAllExpiredJwtFromBlacklist(ITokenService tokenService);
+	public abstract Result whiteListAllExpiredTokens(ITokenService tokenService);
 
 	/**
-	 * Delete all tokens from jwt blacklist.
+	 * Whitelist all blacklisted tokens.
+	 *
+	 * @return
 	 */
-	public abstract void clearJwtBlacklist();
+	public abstract boolean whiteListAllTokens();
 
 	/**
 	 * retrieve specific token
@@ -1377,16 +1379,16 @@ public List<WebRTCViewerInfo> getWebRTCViewerList(Map<String, String> webRTCView
 	public abstract boolean updateStreamMetaData(String streamId, String metaData);
 
 	/**
-	 * Add jwt token to black list.
-	 * @param token which will be added to black list.
+	 * Blacklist token.
+	 * @param token which will be blacklisted.
 	 */
-	public abstract boolean addTokenToBlacklist(Token token);
+	public abstract boolean blackListToken(Token token);
 
 	/**
-	 * Get token from black list.
+	 * Get token from blacklist.
 	 * @param tokenId id of the token.
 	 */
-	public abstract Token getTokenFromBlacklist(String tokenId);
+	public abstract Token getBlackListedToken(String tokenId);
 
 	//**************************************
 	//ATTENTION: Write function descriptions while adding new functions

diff --git a/src/main/java/io/antmedia/datastore/db/InMemoryDataStore.java b/src/main/java/io/antmedia/datastore/db/InMemoryDataStore.java
@@ -898,23 +898,23 @@ public boolean deleteToken(String tokenId) {
 	}
 
 	@Override
-	public boolean deleteTokenFromBlacklist(String tokenId) {
+	public boolean whiteListToken(String tokenId) {
 		return false;
 	}
 
 	@Override
-	public List<String> getJwtBlacklist() {
+	public List<String> getBlackListedTokens() {
 		return Collections.emptyList();
 	}
 
 	@Override
-	public Result deleteAllExpiredJwtFromBlacklist(ITokenService tokenService) {
+	public Result whiteListAllExpiredTokens(ITokenService tokenService) {
 		return null;
 	}
 
 	@Override
-	public void clearJwtBlacklist() {
-		throw new UnsupportedOperationException("JWT blacklist must be stored as map based db on disk, not in memory.");
+	public boolean whiteListAllTokens() {
+		throw new UnsupportedOperationException("");
 	}
 
 	@Override
@@ -1041,12 +1041,12 @@ public boolean updateStreamMetaData(String streamId, String metaData) {
 	}
 
 	@Override
-	public boolean addTokenToBlacklist(Token token) {
+	public boolean blackListToken(Token token) {
         return false;
     }
 
 	@Override
-	public Token getTokenFromBlacklist(String tokenId) {
+	public Token getBlackListedToken(String tokenId) {
 		return null;
 	}
 }
diff --git a/src/main/java/io/antmedia/datastore/db/MapBasedDataStore.java b/src/main/java/io/antmedia/datastore/db/MapBasedDataStore.java
@@ -44,8 +44,6 @@ public abstract class MapBasedDataStore extends DataStore {
 	protected Map<String, String> vodMap;
 	protected Map<String, String> detectionMap;
 	protected Map<String, String> tokenMap;
-	protected Map<String, String> tokenBlacklistMap;
-
 	protected Map<String, String> subscriberMap;
 	protected Map<String, String> conferenceRoomMap;
 	protected Map<String, String> webRTCViewerMap;
@@ -949,36 +947,43 @@ public boolean deleteToken(String tokenId) {
 	}
 
 	@Override
-	public boolean deleteTokenFromBlacklist(String tokenId) {
-		boolean result;
-
-		synchronized (this) {
-			result = tokenBlacklistMap.remove(tokenId) != null;
+	public boolean whiteListToken(String tokenId) {
+		synchronized (this){
+			Token token = getToken(tokenId);
+			if(token != null && token.isBlackListed()){
+				token.setBlackListed(false);
+				return saveToken(token);
+			}
 		}
-		return result;
+
+		return false;
 	}
 
 	@Override
-	public List<String> getJwtBlacklist(){
-
+	public List<String> getBlackListedTokens(){
+		ArrayList<String> tokenBlacklist = new ArrayList<>();
 		synchronized (this){
-			return new ArrayList<>(tokenBlacklistMap.keySet());
-
+			tokenMap.forEach((tokenId, tokenAsJson) -> {
+				Token token = gson.fromJson(tokenAsJson,Token.class);
+				if(token.isBlackListed()){
+					tokenBlacklist.add(tokenId);
+				}
+			});
+			return tokenBlacklist;
 		}
-
 	}
 
 	@Override
-	public Result deleteAllExpiredJwtFromBlacklist(ITokenService tokenService){
-		logger.info("Deleting all expired JWTs from black list.");
+	public Result whiteListAllExpiredTokens(ITokenService tokenService){
+		logger.info("Deleting all expired JWTs from blacklist.");
 		AtomicInteger deletedTokenCount = new AtomicInteger();
 
-		synchronized (this){
-			tokenBlacklistMap.forEach((key, value) -> {
-				Token token = gson.fromJson(value,Token.class);
-				String tokenId = token.getTokenId();
-				if(!tokenService.verifyJwt(tokenId,token.getStreamId(),token.getType())){
-					if(deleteTokenFromBlacklist(tokenId)){
+		synchronized (this) {
+
+			tokenMap.forEach((tokenId, tokenAsJson) -> {
+				Token token = gson.fromJson(tokenAsJson,Token.class);
+				if(token.isBlackListed() && !tokenService.verifyJwt(tokenId,token.getStreamId(),token.getType())){
+					if(whiteListToken(tokenId)){
 						deletedTokenCount.getAndIncrement();
 					}else{
 						logger.warn("Couldn't delete JWT:{}", tokenId);
@@ -988,23 +993,30 @@ public Result deleteAllExpiredJwtFromBlacklist(ITokenService tokenService){
 		}
 
 		if(deletedTokenCount.get() > 0){
-			final String successMsg = deletedTokenCount+" JWT deleted successfully from black list.";
+			final String successMsg = deletedTokenCount+" JWT deleted successfully from blacklist.";
 			logger.info(successMsg);
 			return new Result(true, successMsg);
 		}else{
-			final String failMsg = "No JWT deleted from black list.";
+			final String failMsg = "No JWT deleted from blacklist.";
 			logger.warn(failMsg);
 			return new Result(false, failMsg);
-
 		}
 
 	}
 
 	@Override
-	public void clearJwtBlacklist(){
+	public boolean whiteListAllTokens(){
+
 		synchronized (this) {
-			tokenBlacklistMap.clear();
+			tokenMap.forEach((tokenId, tokenAsJson) -> {
+				Token token = gson.fromJson(tokenAsJson,Token.class);
+				if(token.isBlackListed()){
+					whiteListToken(tokenId);
+				}
+			});
 		}
+		return true;
+
 	}
 
 	@Override
@@ -1120,29 +1132,27 @@ public Broadcast getBroadcastFromMap(String streamId)
 	}
 
 	@Override
-	public boolean addTokenToBlacklist(Token token) {
+	public boolean blackListToken(Token token) {
 		boolean result = false;
 
 		synchronized (this) {
 
 			if (token.getStreamId() != null && token.getTokenId() != null) {
-
-				try {
-					tokenBlacklistMap.put(token.getTokenId(), gson.toJson(token));
-					result = true;
-				} catch (Exception e) {
-					logger.error(ExceptionUtils.getStackTrace(e));
-				}
+				token.setBlackListed(true);
+				return saveToken(token);
 			}
 		}
 		return result;
 
 	}
 
 	@Override
-	public Token getTokenFromBlacklist(String tokenId) {
-		return super.getToken(tokenBlacklistMap, tokenId, gson);
-
+	public Token getBlackListedToken(String tokenId) {
+		Token token = getToken(tokenId);
+		if(token != null && token.isBlackListed()){
+			return token;
+		}
+		return null;
 	}
 
 }
diff --git a/src/main/java/io/antmedia/datastore/db/MapDBStore.java b/src/main/java/io/antmedia/datastore/db/MapDBStore.java
@@ -28,8 +28,6 @@ public class MapDBStore extends MapBasedDataStore {
 	private static final String VOD_MAP_NAME = "VOD";
 	private static final String DETECTION_MAP_NAME = "DETECTION";
 	private static final String TOKEN = "TOKEN";
-	private static final String TOKEN_BLACKLIST = "TOKEN_BLACKLIST";
-
 	private static final String SUBSCRIBER = "SUBSCRIBER";
 	private static final String CONFERENCE_ROOM_MAP_NAME = "CONFERENCE_ROOM";
 	private static final String WEBRTC_VIEWER = "WEBRTC_VIEWER";
@@ -70,9 +68,6 @@ public MapDBStore(String dbName, Vertx vertx) {
 		webRTCViewerMap = db.treeMap(WEBRTC_VIEWER).keySerializer(Serializer.STRING).valueSerializer(Serializer.STRING)
 				.counterEnable().createOrOpen();
 
-		tokenBlacklistMap = db.treeMap(TOKEN_BLACKLIST).keySerializer(Serializer.STRING).valueSerializer(Serializer.STRING)
-				.counterEnable().createOrOpen();
-
 
 		timerId = vertx.setPeriodic(5000, id ->