From 4228411e3711e825d755e2042a22ced1db590208 Mon Sep 17 00:00:00 2001
From: Ludo Mikula <ludovit.mikula@mikori.sk>
Date: Thu, 28 Nov 2024 12:26:12 +0100
Subject: [PATCH 1/2] fix: return from authorization error

---
 .../framework/plugin/endpoint/PluginEndpointHandlerImpl.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/endpoint/PluginEndpointHandlerImpl.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/endpoint/PluginEndpointHandlerImpl.java
index 1e1b3c8e38..eeaf1d9117 100644
--- a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/endpoint/PluginEndpointHandlerImpl.java
+++ b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/endpoint/PluginEndpointHandlerImpl.java
@@ -132,7 +132,10 @@ public Mono<ServerResponse> runPluginEndpointMethod(PluginEndpoint endpoint, End
 		});
 
 		return decisionMono.<EndpointResponse>handle((authorizationDecision, sink) -> {
-			if(!authorizationDecision.isGranted()) sink.error(new BizException(NOT_AUTHORIZED, "NOT_AUTHORIZED"));
+			if(!authorizationDecision.isGranted()) {
+				sink.error(new BizException(NOT_AUTHORIZED, "NOT_AUTHORIZED"));
+				return;
+			}
 			try {
 				sink.next((EndpointResponse) handler.invoke(endpoint, PluginServerRequest.fromServerRequest(request)));
 			} catch (IllegalAccessException | InvocationTargetException e) {

From 176442b876ffc9ce991f3855cecb896c57e77317 Mon Sep 17 00:00:00 2001
From: Ludo Mikula <ludovit.mikula@mikori.sk>
Date: Fri, 29 Nov 2024 00:04:46 +0100
Subject: [PATCH 2/2] fix: plugin endpoint invocation

---
 .../org/lowcoder/infra/constant/NewUrl.java   |  2 ++
 .../org/lowcoder/sdk/exception/BizError.java  |  3 ++-
 .../exception/GlobalExceptionHandler.java     | 20 +++++++++++++++++++
 .../security/PluginAuthorizationManager.java  |  5 +++--
 4 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/server/api-service/lowcoder-infra/src/main/java/org/lowcoder/infra/constant/NewUrl.java b/server/api-service/lowcoder-infra/src/main/java/org/lowcoder/infra/constant/NewUrl.java
index 30eed2e579..01eb05ccff 100644
--- a/server/api-service/lowcoder-infra/src/main/java/org/lowcoder/infra/constant/NewUrl.java
+++ b/server/api-service/lowcoder-infra/src/main/java/org/lowcoder/infra/constant/NewUrl.java
@@ -34,4 +34,6 @@ private NewUrl() {
     public static final String MATERIAL_URL = PREFIX + "https://github.com/materials";
     public static final String CONTACT_SYNC = PREFIX + "https://github.com/sync";
     public static final String NPM_REGISTRY = PREFIX + "https://github.com/npm";
+
+    public static final String PLUGINS_URL = PREFIX + "https://github.com/plugins";
 }
diff --git a/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/exception/BizError.java b/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/exception/BizError.java
index eab8706056..fa280173dd 100644
--- a/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/exception/BizError.java
+++ b/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/exception/BizError.java
@@ -11,7 +11,7 @@ public enum BizError {
 
     // 5000 - 5100 general errorCode
     INTERNAL_SERVER_ERROR(500, 5000, VERBOSE),
-    NOT_AUTHORIZED(500, 5001),
+    NOT_AUTHORIZED(401, 5001),
     INVALID_PARAMETER(500, 5002),
     UNSUPPORTED_OPERATION(400, 5003),
     DUPLICATE_KEY(409, 5004, VERBOSE),
@@ -113,6 +113,7 @@ public enum BizError {
     PLUGIN_EXECUTION_TIMEOUT(504, 5800),
     INVALID_DATASOURCE_TYPE(500, 5801),
     PLUGIN_EXECUTION_TIMEOUT_WITHOUT_TIME(504, 5802, VERBOSE),
+    PLUGIN_ENDPOINT_ERROR(500, 5850),
 
     // business related, code range 5900 - 5999
     NOT_RELEASE(423, 5901),
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/exception/GlobalExceptionHandler.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/exception/GlobalExceptionHandler.java
index edd37f469e..5b6579e084 100644
--- a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/exception/GlobalExceptionHandler.java
+++ b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/exception/GlobalExceptionHandler.java
@@ -8,7 +8,9 @@
 import java.util.Map;
 import java.util.concurrent.TimeoutException;
 
+import org.apache.commons.lang3.StringUtils;
 import org.lowcoder.api.framework.view.ResponseView;
+import org.lowcoder.infra.constant.NewUrl;
 import org.lowcoder.infra.util.LogUtils;
 import org.lowcoder.sdk.exception.BaseException;
 import org.lowcoder.sdk.exception.BizError;
@@ -26,6 +28,7 @@
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.support.WebExchangeBindException;
+import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.ServerWebInputException;
 
@@ -133,6 +136,23 @@ public Mono<ResponseView<?>> catchServerException(ServerException e, ServerWebEx
         });
     }
 
+    @ExceptionHandler
+    @ResponseBody
+    public Mono<ResponseView<?>> catchResponseStatusException(ResponseStatusException e, ServerWebExchange exchange) {
+        if (StringUtils.startsWith(exchange.getRequest().getPath().toString(), NewUrl.PLUGINS_URL + "https://github.com/")) {
+            BizError bizError = BizError.PLUGIN_ENDPOINT_ERROR;
+            exchange.getResponse().setStatusCode(e.getStatusCode());
+            return Mono.deferContextual(ctx -> {
+                apiPerfHelper.perf(bizError, exchange.getRequest().getPath());
+                doLog(e, ctx, bizError.logVerbose());
+                return Mono.just(error(bizError.getBizErrorCode(), e.getMessage() + " - path: " + exchange.getRequest().getPath()));
+            });
+
+        } else {
+            return catchException(e, exchange);
+        }
+    }
+
     @ExceptionHandler
     @ResponseBody
     public Mono<ResponseView<?>> catchException(java.lang.Exception e, ServerWebExchange exchange) {
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/security/PluginAuthorizationManager.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/security/PluginAuthorizationManager.java
index 551d851575..71b75c3e08 100644
--- a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/security/PluginAuthorizationManager.java
+++ b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/plugin/security/PluginAuthorizationManager.java
@@ -31,11 +31,12 @@ public PluginAuthorizationManager()
 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, MethodInvocation invocation) 
 	{
 		log.info("Checking plugin reactive endpoint invocation security for {}", invocation.getMethod().getName());
-		
+
 		EndpointExtension endpointExtension = (EndpointExtension)invocation.getArguments()[1];
 		if (endpointExtension == null || StringUtils.isBlank(endpointExtension.authorize()))
 		{
-			return Mono.empty();
+			log.debug("Authorization expression is empty, proceeding without authorization - authorization granted.");
+			return Mono.just(new AuthorizationDecision(true));
 		}
 		
 		Expression authorizeExpression = this.expressionHandler.getExpressionParser()