This is an ongoing effort to refactor current plugin system based on pf4j library.

for example:

- TODO: class(es) impelemting**LowcoderDatasource** interface

Methods of interest:

-**pluginId()** - unique plugin ID - if a plugin with such ID is already loaded, subsequent plugins whith this ID will be ignored

-**description()** - short plugin description

-**load(ApplicationContext parentContext)** - is called during plugin startup - this is the place where you should completely initialize your plugin. If initialization fails, return false

-**unload()** - is called during lowcoder API server shutdown - this is the place where you should release all resources

-**endpoints()** - needs to contain all initialized**PluginEndpoints** you want to expose, for example:

publicList<PluginEndpoint> endpoints()

{

List<PluginEndpoint> endpoints=newArrayList<>();

endpoints.add(newHelloWorldEndpoint());

return endpoints;

}

-**pluginInfo()** - should return a record object with additional information about your plugin. It is serialized to JSON as part of the**/plugins** listing (see**"info"** object in this example):

[

{

"id":"example-plugin",

"description":"Example plugin for lowcoder platform",

"info": {}

},

{

"id":"enterprise",

"description":"Lowcoder enterprise plugin",

"info": {

"enabledFeatures": [

]

}

}

]

1. Implement endpoint security - currently all plugin endpoints are public (probably by adding**security** attribute to**@EndpointExtension** and enforcing it)

1. currently the plugin endpoints are prefixed with**/plugin/{pluginId}/** - this is hardcoded, do we want to make it configurable?

<name>lowcoder-sdk</name>

<properties>

<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<java.version>17</java.version>

</properties>

<dependencies>

<dependency>

<groupId>org.springframework.boot</groupId>

<artifactId>validation-api</artifactId>

</dependency>

</dependencies>

<properties>

<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<java.version>17</java.version>

<maven.compiler.source>17</maven.compiler.source>

<maven.compiler.target>17</maven.compiler.target>

</properties>

<dependencyManagement>

<dependencies>

<dependency>

importorg.lowcoder.domain.application.model.ApplicationStatus;

importorg.lowcoder.domain.application.model.ApplicationType;

importorg.lowcoder.domain.permission.model.ResourceRole;

importorg.lowcoder.infra.event.EventType;

importorg.springframework.web.bind.annotation.PathVariable;

importorg.springframework.web.bind.annotation.RequestBody;

importorg.springframework.web.bind.annotation.RequestParam;

publicMono<ResponseView<ApplicationView>>getPublishedMarketPlaceApplication(@PathVariableStringapplicationId) {

returnapplicationApiService.getPublishedApplication(applicationId,ApplicationRequestType.PUBLIC_TO_MARKETPLACE)

.delayUntil(applicationView ->applicationApiService.updateUserApplicationLastViewTime(applicationId))

.delayUntil(applicationView ->businessEventPublisher.publishApplicationCommonEvent(applicationView,EventType.VIEW))

.delayUntil(applicationView ->businessEventPublisher.publishApplicationCommonEvent(applicationView,APPLICATION_VIEW))

.map(ResponseView::success);

}

publicMono<ResponseView<ApplicationView>>getAgencyProfileApplication(@PathVariableStringapplicationId) {

returnapplicationApiService.getPublishedApplication(applicationId,ApplicationRequestType.AGENCY_PROFILE)

.delayUntil(applicationView ->applicationApiService.updateUserApplicationLastViewTime(applicationId))

.delayUntil(applicationView ->businessEventPublisher.publishApplicationCommonEvent(applicationView,EventType.VIEW))

.delayUntil(applicationView ->businessEventPublisher.publishApplicationCommonEvent(applicationView,APPLICATION_VIEW))

.map(ResponseView::success);

}

packageorg.lowcoder.api.framework.plugin;

importjava.io.IOException;

importjava.io.InputStream;

importjava.net.MalformedURLException;

importjava.net.URL;

importjava.net.URLClassLoader;

privatestaticfinalClassLoaderbaseClassLoader =ClassLoader.getPlatformClassLoader();

privatefinalClassLoaderappClassLoader =Thread.currentThread().getContextClassLoader();

privatestaticfinalString[]excludedPaths =newString[] {

"org.lowcoder.plugin.api.",

};

publicPluginClassLoader(Stringname,PathpluginPath)

{

super(name,pathToURLs(pluginPath),baseClassLoader);

returnclazz;

}

if (name.startsWith("org.lowcoder.plugin.api."))

if (StringUtils.startsWithAny(name,excludedPaths))

{

{

publicURLgetResource(Stringname) {

Objects.requireNonNull(name);

if (StringUtils.startsWithAny(name,"org/lowcoder/plugin/api/","org.lowcoder.plugin.api."))

if (StringUtils.startsWithAny(name,excludedPaths))

{

returnappClassLoader.getResource(name);

}

publicEnumeration<URL>getResources(Stringname)throwsIOException

{

Objects.requireNonNull(name);

if (StringUtils.startsWithAny(name,"org/lowcoder/plugin/api/","org.lowcoder.plugin.api."))

if (StringUtils.startsWithAny(name,excludedPaths))

{

returnappClassLoader.getResources(name);

}

importorg.apache.commons.collections4.CollectionUtils;

importorg.apache.commons.lang3.StringUtils;

importorg.lowcoder.api.framework.plugin.data.PluginServerRequest;

importorg.lowcoder.api.framework.plugin.security.SecuredEndpoint;

importorg.lowcoder.plugin.api.EndpointExtension;

importorg.lowcoder.plugin.api.PluginEndpoint;

importorg.lowcoder.plugin.api.data.EndpointRequest;

importorg.lowcoder.plugin.api.data.EndpointResponse;

importorg.lowcoder.sdk.exception.BaseException;

importorg.springframework.aop.TargetSource;

importorg.springframework.aop.framework.ProxyFactoryBean;

importorg.springframework.aop.target.SimpleBeanTargetSource;

importorg.springframework.beans.factory.support.DefaultListableBeanFactory;

importorg.springframework.context.ApplicationContext;

importorg.springframework.context.support.GenericApplicationContext;

importorg.springframework.core.ResolvableType;

importorg.springframework.http.ResponseCookie;

importorg.springframework.security.access.prepost.PreAuthorize;

importorg.springframework.security.core.context.ReactiveSecurityContextHolder;

importorg.springframework.stereotype.Component;

importorg.springframework.web.reactive.function.server.HandlerFunction;

importorg.springframework.web.reactive.function.server.RequestPredicate;

importorg.springframework.web.reactive.function.server.RouterFunction;

importorg.springframework.web.reactive.function.server.ServerRequest;

privatevoidregisterEndpointHandler(StringurlPrefix,PluginEndpointendpoint,Methodhandler)

{

if (handler.isAnnotationPresent(EndpointExtension.class))

if (!handler.isAnnotationPresent(EndpointExtension.class) || !checkHandlerMethod(handler))

{

if (checkHandlerMethod(handler))

if (handler.isAnnotationPresent(EndpointExtension.class))

{

EndpointExtensionendpointMeta =handler.getAnnotation(EndpointExtension.class);

StringendpointName =endpoint.getClass().getSimpleName() +"_" +handler.getName();

RouterFunction<ServerResponse>routerFunction =route(createRequestPredicate(urlPrefix,endpointMeta),req ->

{

Mono<ServerResponse>result =null;

{

EndpointResponseresponse = (EndpointResponse)handler.invoke(endpoint,PluginServerRequest.fromServerRequest(req));

result =createServerResponse(response);

}

catch (IllegalAccessException |InvocationTargetExceptioncause)

{

thrownewBaseException("Error running handler for [ " +endpointMeta.method() +": " +endpointMeta.uri() +"] !");

}

returnresult;

});

routes.add(routerFunction);

registerRouterFunctionMapping(endpointName,routerFunction);

log.info("Registered endpoint: {} -> {}: {}",endpoint.getClass().getSimpleName(),endpointMeta.method(),urlPrefix +endpointMeta.uri());

}

{

log.error("Cannot register plugin endpoint: {} -> {}! Handler method must be defined as: public Mono<ServerResponse> {}(ServerRequest request)",endpoint.getClass().getSimpleName(),handler.getName(),handler.getName());

log.debug("Not registering plugin endpoint method: {} -> {}! Handler method must be defined as: public EndpointResponse methodName(EndpointRequest request)",endpoint.getClass().getSimpleName(),handler.getName(),handler.getName());

}

return;

}

EndpointExtensionendpointMeta =handler.getAnnotation(EndpointExtension.class);

StringendpointName =endpoint.getClass().getSimpleName() +"_" +handler.getName();

RouterFunction<ServerResponse>routerFunction =route(createRequestPredicate(urlPrefix,endpointMeta),req ->runPluginEndpointMethod(endpoint,endpointMeta,handler,req));

routes.add(routerFunction);

registerRouterFunctionMapping(endpointName,routerFunction);

log.info("Registered endpoint: {} -> {}: {}",endpoint.getClass().getSimpleName(),endpointMeta.method(),urlPrefix +endpointMeta.uri());

}

publicMono<ServerResponse>runPluginEndpointMethod(PluginEndpointendpoint,EndpointExtensionendpointMeta,Methodhandler,ServerRequestrequest)

{

Mono<ServerResponse>result =null;

{

log.info("Running plugin endpoint method {}\nRequest: {}",handler.getName(),request);

EndpointResponseresponse = (EndpointResponse)handler.invoke(endpoint,PluginServerRequest.fromServerRequest(request));

result =createServerResponse(response);

}

catch (IllegalAccessException |InvocationTargetExceptioncause)

{

thrownewBaseException("Error running handler for [ " +endpointMeta.method() +": " +endpointMeta.uri() +"] !");

}

returnresult;

}

privatevoidregisterRouterFunctionMapping(StringendpointName,RouterFunction<ServerResponse>routerFunction)

{

StringbeanName ="pluginEndpoint_" +endpointName +"_" +System.currentTimeMillis();

((GenericApplicationContext)applicationContext).registerBean(beanName,RouterFunction.class, () -> {

returnrouterFunction;

});

((GenericApplicationContext)applicationContext).registerBean(beanName,RouterFunction.class, () ->routerFunction );

log.debug("Registering RouterFunction bean definition: {}",beanName);

}

packageorg.lowcoder.api.framework.plugin.security;

importjava.util.function.Supplier;

importorg.aopalliance.intercept.MethodInvocation;

importorg.springframework.security.authorization.AuthorizationDecision;

importorg.springframework.security.authorization.AuthorizationManager;

importorg.springframework.security.core.Authentication;

importlombok.extern.slf4j.Slf4j;

publicclassEndpointAuthorizationManagerimplementsAuthorizationManager<MethodInvocation>

{

publicAuthorizationDecisioncheck(Supplier<Authentication>authentication,MethodInvocationinvocation)

{

log.info("Checking plugin endpoint invocation security for {}",invocation.getMethod().getName());

returnnewAuthorizationDecision(true);

}

}

importorg.aopalliance.intercept.MethodInvocation;

importorg.apache.commons.lang3.StringUtils;

importorg.lowcoder.plugin.api.EndpointExtension;

importorg.springframework.core.annotation.AnnotationUtils;

importorg.springframework.expression.EvaluationContext;

importorg.springframework.expression.EvaluationException;

importorg.springframework.expression.Expression;

importreactor.core.publisher.Mono;

publicclassPluginAuthorizationManagerimplementsReactiveAuthorizationManager<MethodInvocation>

{

privatefinalMethodSecurityExpressionHandlerexpressionHandler;

publicMono<AuthorizationDecision>check(Mono<Authentication>authentication,MethodInvocationinvocation)

{

log.info(" invocation::{}",invocation.getMethod());

log.info("Checking plugin reactive endpoint invocationsecurity for{}",invocation.getMethod().getName());

Methodmethod =invocation.getMethod();

EndpointExtensionendpointExtension =AnnotationUtils.findAnnotation(method,EndpointExtension.class);

EndpointExtensionendpointExtension = (EndpointExtension)invocation.getArguments()[1];

if (endpointExtension ==null ||StringUtils.isBlank(endpointExtension.authorize()))

{

returnMono.empty();

packageorg.lowcoder.api.framework.plugin.security;

importjava.lang.annotation.Documented;

importjava.lang.annotation.ElementType;

importjava.lang.annotation.Inherited;

importjava.lang.annotation.Retention;

importjava.lang.annotation.RetentionPolicy;

importjava.lang.annotation.Target;

@Target({ElementType.METHOD,ElementType.TYPE })

@Retention(RetentionPolicy.RUNTIME)

public @interfaceSecuredEndpoint {

}

<properties>

<revision>2.3.0-SNAPSHOT</revision>

<revision>2.4.0</revision>

<java.version>17</java.version>

<javadoc.disabled>true</javadoc.disabled>

<deploy.disabled>true</deploy.disabled>

<source.disabled>true</source.disabled>

<project.groupId>org.lowcoder</project.groupId>

<project.version>1.0-SNAPSHOT</project.version>

<skipDockerBuild>true</skipDockerBuild>

<log4j2.version>2.17.0</log4j2.version>

<maven.compiler.source>17</maven.compiler.source>

<maven.compiler.target>17</maven.compiler.target>

</properties>

<repositories>