[ISSUE-897] Add ANONYMOUS Permission

[seonWKim]

Motivation

If there is no sensitive information in a repository, users may want to make the repo public and allow access without an access token. ANONYMOUS could be added as a new permission in addition to OWNER, MEMBMER and GUEST.

Modification

• Add ProjectRole#ANONYMOUS
• Modify UI

Result

• Users will be able to add ANONYMOUS role to their project

Links

#897

[minwoox]

I wonder how we can allow anonymous users to access public repositories(without passing access token) with the Authorizer's token checking logic.

Let's create an anonymous user and set the user if the token is anoymous in the authorizer.

[seonWKim]

Let's create an anonymous user and set the user if the token is anoymouse in the authorizer.

@minwoox, please check if I've understood correctly 😄

• Add an anonymous user in com.linecorp.centraldogma.server.metadata.User
• Users will be able to add tokens with App Id of "anonymous". The Authorizer will set Anonymous user when token's App Id is "anonymous"

[minwoox]

Users will be able to add tokens with App Id of "anonymous".

Does "Users" mean the clients or the repository owners?

The repository owners do not have to add the tokens. All they have to do is adding the read permission to the anonymous role. Here is the flow:

• Add ANONONYMOUS to User:

  public class User {
    public static final User ANONYMOUS = ...

• Clients set the Authrorizaion: anonymous header to the request.
• The authorizer sets the anonymous user to the request context using AuthUtil.setCurrentUser.

  • centraldogma/server/src/main/java/com/linecorp/centraldogma/server/internal/api/auth/ApplicationTokenAuthorizer.java

    Line 59 in 9ecbb32

    final OAuth2Token token = AuthTokenExtractors.oAuth2().apply(data.headers());

• RequiresPermissionDecorator checks the permission:

  • centraldogma/server/src/main/java/com/linecorp/centraldogma/server/internal/api/auth/RequiresPermissionDecorator.java

    Line 48 in 2b07420

    public final class RequiresPermissionDecorator extends SimpleDecoratingHttpService {

  • centraldogma/server/src/main/java/com/linecorp/centraldogma/server/metadata/MetadataService.java

    Lines 766 to 777 in 3ddf67b

    	final RepositoryMetadata repositoryMetadata = metadata.repo(repoName);
    	final Member member = metadata.memberOrDefault(user.id(), null);
    	// If the member is guest.
    	if (member == null) {
    	return repositoryMetadata.perRolePermissions().guest();
    	}
    	final Collection<Permission> p = repositoryMetadata.perUserPermissions().get(member.id());
    	if (p != null) {
    	return p;
    	}
    	return findPerRolePermissions(repositoryMetadata, member.role());

Please let me know if you have any further questions. 😉

[seonWKim]

@minwoox, thank you so much for the detailed explanation. It helped me a lot 👍

It seems like com.linecorp.centraldogma.client.armeria.AbstractCentralDogmaBuilder sets com.linecorp.centraldogma.internal.CsrfToken#ANONYMOUS as accessToken by default(when no other accessToken is specified). So the question is, should we use CsrfToken#ANONYMOUS when checking anonymous token, or should we create a new ApplicationToken#ANONYMOUS?

[minwoox]

It's simply a string, so it doesn't matter what we use.
Let's remove this class and use CsrfToken#ANONYMOUS.

[seonWKim]

I've added a commit that uses CsrfToken#ANONYMOUS and remove ApplicationToken

[codecov]

Codecov Report

Attention: Patch coverage is 65.38462% with 9 lines in your changes are missing coverage. Please review.

❗ No coverage uploaded for pull request base (main@9ecb84d). Click here to learn what that means.
Report is 15 commits behind head on main.

❗ Current head 57d39a7 differs from pull request most recent head bb55dca. Consider uploading reports for the commit bb55dca to get more accurate results

Files	Patch %	Lines
.../centraldogma/server/metadata/MetadataService.java	42.85%	2 Missing and 2 partials ⚠️
...ntraldogma/server/metadata/PerRolePermissions.java	55.55%	2 Missing and 2 partials ⚠️
...om/linecorp/centraldogma/server/metadata/User.java	80.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #917   +/-   ##
=======================================
  Coverage        ?   66.80%           
  Complexity      ?     3522           
=======================================
  Files           ?      370           
  Lines           ?    14494           
  Branches        ?     1557           
=======================================
  Hits            ?     9683           
  Misses          ?     3931           
  Partials        ?      880           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[minwoox]

Looks great! Thanks! 👍 👍 👍

[minwoox]

Could you also check if the anonymous permission has the write permission? If so, we should raise an exception.

[seonWKim]

I've fixed to throw exception when trying to grant WRITE permission to anonymous user

[jrhee17]

Changes look reasonable to me 👍 Thanks @seonwoo960000 !

nit; we may need to update

centraldogma/site/src/sphinx/auth.rst

Line 293 in 2994712

later if not now

[trustin]

Excellent work, @seonwoo960000! 🙇

[ikhoon]

Thanks, @seonwoo960000! 🙇‍♂️🙇‍♂️ This would be a go-to feature for many users.

[minwoox]

@seonwoo960000 👍 👍 👍