From 3fa33d5784bfe1baa817476c2db705695c28bb25 Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Tue, 21 Nov 2023 12:21:14 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E5=B5=8C=E5=85=A5=E5=BC=8F=E5=BA=94?= =?UTF-8?q?=E7=94=A8=E8=B7=A8=E5=9F=9F=E8=AE=BE=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- de-xpack | 2 +- .../permissions/embedded/api/EmbeddedApi.java | 3 ++ .../dataease/auth/interceptor/CorsConfig.java | 7 ++- .../auth/interceptor/CorsInterceptor.java | 52 +++++++++++++++++-- 4 files changed, 59 insertions(+), 5 deletions(-) diff --git a/de-xpack b/de-xpack index 87157d06c5..411c21f322 160000 --- a/de-xpack +++ b/de-xpack @@ -1 +1 @@ -Subproject commit 87157d06c59e65f7e5fe41118f5c13725abadc04 +Subproject commit 411c21f3228c89e60cbf90d90ace4e1a905e9016 diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/embedded/api/EmbeddedApi.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/embedded/api/EmbeddedApi.java index 7f2ffb2eb9..0ebe6015ab 100644 --- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/embedded/api/EmbeddedApi.java +++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/embedded/api/EmbeddedApi.java @@ -27,4 +27,7 @@ public interface EmbeddedApi { @PostMapping("/reset") void reset(@RequestBody EmbeddedResetRequest request); + + @GetMapping("/domainList") + List domainList(); } diff --git a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java index 87b5988a67..63c5164187 100644 --- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java +++ b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java @@ -1,6 +1,7 @@ package io.dataease.auth.interceptor; import io.dataease.constant.AuthConstant; +import jakarta.annotation.Resource; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.web.bind.annotation.RestController; @@ -13,12 +14,16 @@ import java.util.List; @Configuration public class CorsConfig implements WebMvcConfigurer { + @Resource(name = "deCorsInterceptor") + private CorsInterceptor corsInterceptor; + @Value("#{'${dataease.origin-list}'.split(',')}") private List originList; @Override public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(new CorsInterceptor(originList)).addPathPatterns("/**"); + corsInterceptor.addOriginList(originList); + registry.addInterceptor(corsInterceptor).addPathPatterns("/**"); } @Override diff --git a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java index 2df181c17d..f37bb2eecb 100644 --- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java +++ b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java @@ -1,27 +1,73 @@ package io.dataease.auth.interceptor; +import cn.hutool.core.util.ReflectUtil; +import io.dataease.utils.CommonBeanFactory; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; +import java.util.ArrayList; import java.util.List; +@Component("deCorsInterceptor") public class CorsInterceptor implements HandlerInterceptor { - private List originList; + private final List originList; + + private final List busiOriginList = new ArrayList<>(); + + private Class aClass; + + private Object bean; + public CorsInterceptor(List originList) { this.originList = originList; } + public void addOriginList(List list) { + List strings = list.stream().filter(item -> !originList.contains(item)).toList(); + originList.addAll(strings); + } + + + public void addOriginList() { + String className = "io.dataease.api.permissions.embedded.api.EmbeddedApi"; + String methodName = "domainList"; + if (ObjectUtils.isEmpty(aClass)) { + try { + aClass = Class.forName(className); + } catch (ClassNotFoundException e) { + return; + } + } + if (ObjectUtils.isEmpty(bean)) { + bean = CommonBeanFactory.getBean(aClass); + } + if (ObjectUtils.isNotEmpty(bean)) { + Object result = ReflectUtil.invoke(bean, methodName); + if (ObjectUtils.isNotEmpty(result)) { + List list = (List) result; + if (CollectionUtils.isNotEmpty(list)) { + List strings = list.stream().filter(item -> !busiOriginList.contains(item)).toList(); + busiOriginList.addAll(strings); + } + + } + } + } + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + addOriginList(); String origin = request.getHeader("Origin"); boolean embedded = StringUtils.startsWithAny(request.getRequestURI(), "/assets/", "/js/"); - if ((StringUtils.isNotBlank(origin) && originList.contains(origin)) || embedded) { + if ((StringUtils.isNotBlank(origin) && originList.contains(origin)) || busiOriginList.contains(origin) || embedded) { response.setHeader("Access-Control-Allow-Origin", embedded ? "*" : origin); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS");