-
-
Notifications
You must be signed in to change notification settings - Fork 256
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1355 from Giskard-AI/GSK-1623-secure-readonly-dem…
…o-space [GSK-1623] Secure Giskard readonly demo space at Hugging Face Spaces
- Loading branch information
Showing
32 changed files
with
433 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
backend/src/main/java/ai/giskard/security/GalleryDatabaseOperationListener.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package ai.giskard.security; | ||
|
||
import ai.giskard.service.GeneralSettingsService; | ||
import ai.giskard.service.InitService; | ||
import ai.giskard.web.rest.errors.GalleryDemoSpaceException; | ||
import jakarta.persistence.PrePersist; | ||
import jakarta.persistence.PreRemove; | ||
import jakarta.persistence.PreUpdate; | ||
import org.springframework.beans.factory.annotation.Configurable; | ||
|
||
@Configurable | ||
public class GalleryDatabaseOperationListener { | ||
@PrePersist | ||
@PreUpdate | ||
@PreRemove | ||
void beforeEntityModification(Object entity) { | ||
if (GeneralSettingsService.IS_RUNNING_IN_DEMO_HF_SPACES && !InitService.isUnlocked()) { | ||
throw new GalleryDemoSpaceException("This is a read-only Giskard Gallery instance. You cannot modify entities " + entity.getClass().getName()); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
backend/src/main/java/ai/giskard/utils/GalleryUnlockIndicator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package ai.giskard.utils; | ||
|
||
import lombok.Getter; | ||
import lombok.Setter; | ||
|
||
@Getter | ||
@Setter | ||
public class GalleryUnlockIndicator { | ||
private boolean isUnlocked = true; | ||
} |
15 changes: 15 additions & 0 deletions
15
backend/src/main/java/ai/giskard/web/dto/GalleryUnlockDTO.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package ai.giskard.web.dto; | ||
|
||
import com.dataiku.j2ts.annotations.UIModel; | ||
import lombok.Getter; | ||
import lombok.NoArgsConstructor; | ||
import lombok.Setter; | ||
|
||
@Getter | ||
@Setter | ||
@NoArgsConstructor | ||
@UIModel | ||
public class GalleryUnlockDTO { | ||
private String token; | ||
private boolean unlocked; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
backend/src/main/java/ai/giskard/web/rest/controllers/GalleryUnlockController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package ai.giskard.web.rest.controllers; | ||
|
||
import ai.giskard.config.ApplicationProperties; | ||
import ai.giskard.service.InitService; | ||
import ai.giskard.web.dto.GalleryUnlockDTO; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.http.HttpStatus; | ||
import org.springframework.util.StringUtils; | ||
import org.springframework.web.bind.annotation.*; | ||
import org.springframework.web.server.ResponseStatusException; | ||
|
||
import java.util.Objects; | ||
|
||
@RestController | ||
@RequiredArgsConstructor | ||
@RequestMapping("/api/v2/hfs/unlock") | ||
public class GalleryUnlockController { | ||
private final ApplicationProperties applicationProperties; | ||
|
||
@GetMapping("") | ||
public GalleryUnlockDTO getUnlockStatus() { | ||
GalleryUnlockDTO unlockDTO = new GalleryUnlockDTO(); | ||
unlockDTO.setUnlocked(InitService.isUnlocked()); | ||
unlockDTO.setToken(null); | ||
return unlockDTO; | ||
} | ||
|
||
@PostMapping("") | ||
public GalleryUnlockDTO setUnlockStatus(@RequestBody GalleryUnlockDTO unlockDTO) { | ||
if (StringUtils.hasText(unlockDTO.getToken()) && | ||
Objects.equals(unlockDTO.getToken(), applicationProperties.getHfDemoSpaceUnlockToken())) { | ||
InitService.setUnlocked(unlockDTO.isUnlocked()); | ||
unlockDTO.setUnlocked(InitService.isUnlocked()); | ||
unlockDTO.setToken(null); | ||
return unlockDTO; | ||
} | ||
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Invalid unlock token"); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.