diff options
author | Yuuta Liang <yuuta@yuuta.moe> | 2022-07-13 11:16:27 -0700 |
---|---|---|
committer | Trumeet <yuuta@yuuta.moe> | 2022-07-13 11:16:27 -0700 |
commit | 85045e1e4a15e0a5657d189e83dd202a2c37f2b0 (patch) | |
tree | 944bc9ee7a86bd413dfc940e210f21d2434ec7d3 /src/main/java/moe/ymc/acron/auth/PolicyChecker.java | |
download | acron-85045e1e4a15e0a5657d189e83dd202a2c37f2b0.tar acron-85045e1e4a15e0a5657d189e83dd202a2c37f2b0.tar.gz acron-85045e1e4a15e0a5657d189e83dd202a2c37f2b0.tar.bz2 acron-85045e1e4a15e0a5657d189e83dd202a2c37f2b0.zip |
First Commit
Signed-off-by: Trumeet <yuuta@yuuta.moe>
Diffstat (limited to 'src/main/java/moe/ymc/acron/auth/PolicyChecker.java')
-rw-r--r-- | src/main/java/moe/ymc/acron/auth/PolicyChecker.java | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/main/java/moe/ymc/acron/auth/PolicyChecker.java b/src/main/java/moe/ymc/acron/auth/PolicyChecker.java new file mode 100644 index 0000000..5dea02a --- /dev/null +++ b/src/main/java/moe/ymc/acron/auth/PolicyChecker.java @@ -0,0 +1,39 @@ +package moe.ymc.acron.auth; + +import moe.ymc.acron.jvav.Pair; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.jetbrains.annotations.NotNull; + +public class PolicyChecker { + private static final Logger LOGGER = LogManager.getLogger(); + + public static Pair<Action, Boolean> check(@NotNull Client client, + @NotNull String command) { + for (int i = 0; i < client.rules().length; i++) { + final Rule rule = client.rules()[i]; + if (rule.cmdPattern().matcher(command).matches()) { + if (rule.action() == Action.DENY) { + LOGGER.warn("The command from client {}, `{}`, was " + + "explicitly denied by rule #{} (starting from 1).", + client.id(), + command, + i + 1); + } else { + LOGGER.warn("The command from client {}, `{}`, was " + + "explicitly allowed by rule #{} (starting from 1).", + client.id(), + command, + i + 1); + } + return new Pair<>(rule.action(), rule.display()); + } + } + LOGGER.warn("The command from client {}, `{}`, was " + + "implicitly {} by the default policy mode.", + client.id(), + command, + client.policyMode() == Action.ALLOW ? "allowed" : "denied"); + return new Pair<>(client.policyMode() == Action.ALLOW ? Action.ALLOW : Action.DENY, false); + } +} |