epam · artsiomkorzun · Mar 5, 2024 · Mar 5, 2024 · Mar 5, 2024
@@ -13,6 +13,7 @@
 import com.epam.aidial.core.security.EncryptionService;
 import com.epam.aidial.core.service.InvitationService;
 import com.epam.aidial.core.service.LockService;
+import com.epam.aidial.core.service.PublicationService;
 import com.epam.aidial.core.service.ResourceService;
 import com.epam.aidial.core.service.ShareService;
 import com.epam.aidial.core.storage.BlobStorage;
@@ -51,8 +52,11 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Properties;
+import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
+import java.util.function.LongSupplier;
+import java.util.function.Supplier;
 
 @Slf4j
 @Setter
@@ -71,6 +75,10 @@ public class AiDial {
     private ResourceService resourceService;
     private InvitationService invitationService;
     private ShareService shareService;
+    private PublicationService publicationService;
+
+    private LongSupplier clock = System::currentTimeMillis;
+    private Supplier<String> generator = () -> UUID.randomUUID().toString().replace("-", "");
 
     @VisibleForTesting
     void start() throws Exception {
@@ -103,18 +111,18 @@ void start() throws Exception {
                 resourceService = new ResourceService(vertx, redis, storage, lockService, settings("resources"), storage.getPrefix());
                 invitationService = new InvitationService(resourceService, encryptionService, settings("invitations"));
                 shareService = new ShareService(resourceService, invitationService, encryptionService);
+                publicationService = new PublicationService(encryptionService, resourceService, storage, generator, clock);
             } else {
                 log.warn("Redis config is not found, some features may be unavailable");
             }
 
-            AccessService accessService = new AccessService(encryptionService, shareService);
-
+            AccessService accessService = new AccessService(encryptionService, shareService, publicationService);
             RateLimiter rateLimiter = new RateLimiter(vertx, resourceService);
 
             proxy = new Proxy(vertx, client, configStore, logStore,
                     rateLimiter, upstreamBalancer, accessTokenValidator,
                     storage, encryptionService, apiKeyStore, tokenStatsTracker, resourceService, invitationService,
-                    shareService, accessService);
+                    shareService, publicationService, accessService);
 
             server = vertx.createHttpServer(new HttpServerOptions(settings("server"))).requestHandler(proxy);
             open(server, HttpServer::listen);

@@ -13,6 +13,7 @@
 import com.epam.aidial.core.security.EncryptionService;
 import com.epam.aidial.core.security.ExtractedClaims;
 import com.epam.aidial.core.service.InvitationService;
+import com.epam.aidial.core.service.PublicationService;
 import com.epam.aidial.core.service.ResourceService;
 import com.epam.aidial.core.service.ShareService;
 import com.epam.aidial.core.storage.BlobStorage;
@@ -75,6 +76,7 @@ public class Proxy implements Handler<HttpServerRequest> {
     private final ResourceService resourceService;
     private final InvitationService invitationService;
     private final ShareService shareService;
+    private final PublicationService publicationService;
     private final AccessService accessService;
 
     @Override

@@ -54,12 +54,16 @@ public Future<?> handle(String resourceType, String bucket, String path) {
                             return true;
                         }
 
+                        if (proxy.getAccessService().isReviewResource(resource, context)) {
+                            return true;
+                        }
+
                         return proxy.getAccessService().isSharedResource(resource, context);
                     }
 
                     return false;
                 })
-                .map(hasAccess  -> {
+                .map(hasAccess -> {
                     if (hasAccess) {
                         handle(resource);
                     } else {

@@ -48,6 +48,7 @@ public class ControllerSelector {
     private static final Pattern SHARE_RESOURCE_OPERATIONS = Pattern.compile("^/v1/ops/resource/share/(create|list|discard|revoke)$");
     private static final Pattern INVITATIONS = Pattern.compile("^/v1/invitations$");
     private static final Pattern INVITATION = Pattern.compile("^/v1/invitations/([a-zA-Z0-9]+)$");
+    private static final Pattern PUBLICATIONS = Pattern.compile("^/v1/ops/publications/(list|get|create|delete)$");
 
     private static final Pattern DEPLOYMENT_LIMITS = Pattern.compile("^/v1/deployments/([^/]+)/limits$");
 
@@ -257,6 +258,20 @@ private static Controller selectPost(Proxy proxy, ProxyContext context, String p
             return () -> controller.handle(op);
         }
 
+        match = match(PUBLICATIONS, path);
+        if (match != null) {
+            String operation = match.group(1);
+            PublicationController controller = new PublicationController(proxy, context);
+
+            return switch (operation) {
+                case "list" -> controller::listPublications;
+                case "get"-> controller::getPublication;
+                case "create"-> controller::createPublication;
+                case "delete"-> controller::deletePublication;
+                default -> null;
+            };
+        }
+
         return null;
     }
 
@@ -280,7 +295,7 @@ private static Controller selectDelete(Proxy proxy, ProxyContext context, String
 
         match = match(INVITATION, path);
         if (match != null) {
-            String invitationId =  UrlUtil.decodePath(match.group(1));
+            String invitationId = UrlUtil.decodePath(match.group(1));
             InvitationController controller = new InvitationController(proxy, context);
             return () -> controller.deleteInvitation(invitationId);
         }

@@ -0,0 +1,142 @@
+package com.epam.aidial.core.controller;
+
+import com.epam.aidial.core.Proxy;
+import com.epam.aidial.core.ProxyContext;
+import com.epam.aidial.core.data.Publication;
+import com.epam.aidial.core.data.Publications;
+import com.epam.aidial.core.data.ResourceLink;
+import com.epam.aidial.core.data.ResourceType;
+import com.epam.aidial.core.security.EncryptionService;
+import com.epam.aidial.core.service.PublicationService;
+import com.epam.aidial.core.storage.BlobStorageUtil;
+import com.epam.aidial.core.storage.ResourceDescription;
+import com.epam.aidial.core.util.HttpException;
+import com.epam.aidial.core.util.HttpStatus;
+import com.epam.aidial.core.util.ProxyUtil;
+import io.vertx.core.Future;
+import io.vertx.core.Vertx;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@RequiredArgsConstructor
+public class PublicationController {
+
+    private final Vertx vertx;
+    private final EncryptionService encryptService;
+    private final PublicationService publicationService;
+    private final ProxyContext context;
+
+    public PublicationController(Proxy proxy, ProxyContext context) {
+        this.vertx = proxy.getVertx();
+        this.encryptService = proxy.getEncryptionService();
+        this.publicationService = proxy.getPublicationService();
+        this.context = context;
+    }
+
+    public Future<?> listPublications() {
+        context.getRequest()
+                .body()
+                .compose(body -> {
+                    String url = ProxyUtil.convertToObject(body, ResourceLink.class).url();
+                    ResourceDescription resource = decodePublication(url);
+                    checkAccess(resource);
+                    return vertx.executeBlocking(() -> publicationService.listPublications(resource));
+                })
+                .onSuccess(publications -> context.respond(HttpStatus.OK, new Publications(publications)))
+                .onFailure(error -> respond("Can't list publications", error));
+
+        return Future.succeededFuture();
+    }
+
+    public Future<?> getPublication() {
+        context.getRequest()
+                .body()
+                .compose(body -> {
+                    String url = ProxyUtil.convertToObject(body, ResourceLink.class).url();
+                    ResourceDescription resource = decodePublication(url);
+                    checkAccess(resource);
+                    return vertx.executeBlocking(() -> publicationService.getPublication(resource));
+                })
+                .onSuccess(publication -> {
+                    if (publication == null) {
+                        context.respond(HttpStatus.NOT_FOUND);
+                    } else {
+                        context.respond(HttpStatus.OK, publication);
+                    }
+                })
+                .onFailure(error -> respond("Can't get publication", error));
+
+        return Future.succeededFuture();
+    }
+
+    public Future<?> createPublication() {
+        context.getRequest()
+                .body()
+                .compose(body -> {
+                    Publication publication = ProxyUtil.convertToObject(body, Publication.class);
+                    ResourceDescription resource = decodePublication(publication.getUrl());
+                    checkAccess(resource);
+                    return vertx.executeBlocking(() -> publicationService.createPublication(resource, publication));
+                })
+                .onSuccess(publication -> context.respond(HttpStatus.OK, publication))
+                .onFailure(error -> respond("Can't create publication", error));
+
+        return Future.succeededFuture();
+    }
+
+    public Future<?> deletePublication() {
+        context.getRequest()
+                .body()
+                .compose(body -> {
+                    String url = ProxyUtil.convertToObject(body, ResourceLink.class).url();
+                    ResourceDescription resource = decodePublication(url);
+                    checkAccess(resource);
+                    return vertx.executeBlocking(() -> publicationService.deletePublication(resource));
+                })
+                .onSuccess(deleted -> context.respond(deleted ? HttpStatus.OK : HttpStatus.NOT_FOUND))
+                .onFailure(error -> respond("Can't delete publication", error));
+
+        return Future.succeededFuture();
+    }
+
+    private void respond(String message, Throwable error) {
+        HttpStatus status = HttpStatus.INTERNAL_SERVER_ERROR;
+        String body = null;
+
+        if (error instanceof HttpException e) {
+            status = e.getStatus();
+            body = e.getMessage();
+        } else if (error instanceof IllegalArgumentException e) {
+            status = HttpStatus.BAD_REQUEST;
+            body = e.getMessage();
+        } else {
+            log.warn(message, error);
+        }
+
+        context.respond(status, body == null ? "" : body);
+    }
+
+    private ResourceDescription decodePublication(String path) {
+        ResourceDescription resource;
+        try {
+            resource = ResourceDescription.fromLink(path, encryptService);
+        } catch (IllegalArgumentException e) {
+            throw new IllegalArgumentException("Invalid resource: " + path, e);
+        }
+
+        if (resource.getType() != ResourceType.PUBLICATION) {
+            throw new IllegalArgumentException("Invalid resource: " + path);
+        }
+
+        return resource;
+    }
+
+    private void checkAccess(ResourceDescription resource) {
+        String bucket = BlobStorageUtil.buildInitiatorBucket(context);
+
+        if (!resource.getBucketLocation().equals(bucket)) {
+            throw new HttpException(HttpStatus.FORBIDDEN, "Forbidden resource: " + resource.getUrl());
+        }
+    }
+}
@@ -0,0 +1,43 @@
+package com.epam.aidial.core.data;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import java.util.List;
+
+@Data
+@Accessors(chain = true)
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class Publication {
+    String url;
+    String sourceUrl;
+    String targetUrl;
+    Status status;
+    Long createdAt;
+    List<Resource> resources;
+    List<Rule> rules;
+
+    public enum Status {
+        PENDING, APPROVED, REJECTED
+    }
+
+    @Data
+    public static class Resource {
+        String sourceUrl;
+        String targetUrl;
+        String reviewUrl;
+        String version;
+    }
+
+    @Data
+    public static class Rule {
+        Function function;
+        String source;
+        List<String> targets;
+
+        public enum Function {
+            EQUAL, CONTAIN, REGEX,
+        }
+    }
+}
@@ -0,0 +1,6 @@
+package com.epam.aidial.core.data;
+
+import java.util.Collection;
+
+public record Publications(Collection<Publication> publications) {
+}
@@ -5,7 +5,8 @@
 @Getter
 public enum ResourceType {
     FILE("files"), CONVERSATION("conversations"), PROMPT("prompts"), LIMIT("limits"),
-    SHARED_WITH_ME("shared_with_me"), SHARED_BY_ME("shared_by_me"), INVITATION("invitations");
+    SHARED_WITH_ME("shared_with_me"), SHARED_BY_ME("shared_by_me"), INVITATION("invitations"),
+    PUBLICATION("publications");
 
     private final String group;
 
@@ -23,6 +24,7 @@ public static ResourceType of(String group) {
             case "conversations" -> CONVERSATION;
             case "prompts" -> PROMPT;
             case "invitations" -> INVITATION;
+            case "publications" -> PUBLICATION;
             default -> throw new IllegalArgumentException("Unsupported group: " + group);
         };
     }