perf: 嵌入式应用跨域设置

2023-11-21 12:21:14 +08:00 · 2023-11-21 12:21:14 +08:00 · 3fa33d5784
commit 3fa33d5784
parent 07024cd7e5
4 changed files with 59 additions and 5 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 87157d06c59e65f7e5fe41118f5c13725abadc04
+Subproject commit 411c21f3228c89e60cbf90d90ace4e1a905e9016
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/embedded/api/EmbeddedApi.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/embedded/api/EmbeddedApi.java
@ -27,4 +27,7 @@ public interface EmbeddedApi {

    @PostMapping("/reset")
    void reset(@RequestBody EmbeddedResetRequest request);
+
+    @GetMapping("/domainList")
+    List<String> domainList();
 }
--- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java
+++ b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java
@ -1,6 +1,7 @@
 package io.dataease.auth.interceptor;

 import io.dataease.constant.AuthConstant;
+import jakarta.annotation.Resource;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.bind.annotation.RestController;
@ -13,12 +14,16 @@ import java.util.List;
@Configuration
 public class CorsConfig implements WebMvcConfigurer {

+    @Resource(name = "deCorsInterceptor")
+    private CorsInterceptor corsInterceptor;
+
    @Value("#{'${dataease.origin-list}'.split(',')}")
    private List<String> originList;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(new CorsInterceptor(originList)).addPathPatterns("/**");
+        corsInterceptor.addOriginList(originList);
+        registry.addInterceptor(corsInterceptor).addPathPatterns("/**");
    }

    @Override
--- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java
+++ b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java
@ -1,27 +1,73 @@
 package io.dataease.auth.interceptor;

+import cn.hutool.core.util.ReflectUtil;
+import io.dataease.utils.CommonBeanFactory;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;

+import java.util.ArrayList;
 import java.util.List;

+@Component("deCorsInterceptor")
 public class CorsInterceptor implements HandlerInterceptor {


-    private List<String> originList;
+    private final List<String> originList;
+
+    private final List<String> busiOriginList = new ArrayList<>();
+
+    private Class<?> aClass;
+
+    private Object bean;
+

    public CorsInterceptor(List<String> originList) {
        this.originList = originList;
    }

+    public void addOriginList(List<String> list) {
+        List<String> strings = list.stream().filter(item -> !originList.contains(item)).toList();
+        originList.addAll(strings);
+    }
+
+
+    public void addOriginList() {
+        String className = "io.dataease.api.permissions.embedded.api.EmbeddedApi";
+        String methodName = "domainList";
+        if (ObjectUtils.isEmpty(aClass)) {
+            try {
+                aClass = Class.forName(className);
+            } catch (ClassNotFoundException e) {
+                return;
+            }
+        }
+        if (ObjectUtils.isEmpty(bean)) {
+            bean = CommonBeanFactory.getBean(aClass);
+        }
+        if (ObjectUtils.isNotEmpty(bean)) {
+            Object result = ReflectUtil.invoke(bean, methodName);
+            if (ObjectUtils.isNotEmpty(result)) {
+                List<String> list = (List<String>) result;
+                if (CollectionUtils.isNotEmpty(list)) {
+                    List<String> strings = list.stream().filter(item -> !busiOriginList.contains(item)).toList();
+                    busiOriginList.addAll(strings);
+                }
+
+            }
+        }
+    }
+
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-
+        addOriginList();
        String origin = request.getHeader("Origin");
        boolean embedded = StringUtils.startsWithAny(request.getRequestURI(), "/assets/", "/js/");
-        if ((StringUtils.isNotBlank(origin) && originList.contains(origin)) || embedded) {
+        if ((StringUtils.isNotBlank(origin) && originList.contains(origin)) || busiOriginList.contains(origin) || embedded) {
            response.setHeader("Access-Control-Allow-Origin", embedded ? "*" : origin);
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS");