Merge pull request #3775 from dataease/pr@dev@perf_api_doc

perf(api文档): 企业用户登录后才可以查看api

backend/src/main/java/io/dataease/auth/filter/F2CDocFilter.java

@@ -1,26 +1,99 @@
 package io.dataease.auth.filter;
 
-import org.apache.shiro.web.filter.authc.AnonymousFilter;
+import cn.hutool.core.util.ArrayUtil;
+import io.dataease.auth.entity.SysUserEntity;
+import io.dataease.auth.entity.TokenInfo;
+import io.dataease.auth.service.AuthUserService;
+import io.dataease.auth.util.JWTUtils;
+import io.dataease.commons.license.DefaultLicenseService;
+import io.dataease.commons.license.F2CLicenseResponse;
+import io.dataease.commons.utils.CommonBeanFactory;
+import io.dataease.commons.utils.LogUtil;
+import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.web.filter.AccessControlFilter;
 
-import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+
+import static io.dataease.commons.license.F2CLicenseResponse.Status;
+
+public class F2CDocFilter extends AccessControlFilter {
+
+    private static final String RESULT_URI_KEY = "result_uri_key";
+    private static final String NOLIC_PAGE = "nolic.html";
+    private static final String NO_LOGIN_PAGE = "/nologin.html";
+    private static final String DEFAULT_FAILED_PAGE = "/";
 
-public class F2CDocFilter extends AnonymousFilter {
 
     @Override
-    protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) {
-        HttpServletRequest req = (HttpServletRequest) request;
-        String path = "/deApi";
+    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
         try {
-            req.getRequestDispatcher(path).forward(req, response);
-        } catch (ServletException e) {
-            e.printStackTrace();
-        } catch (IOException e) {
-            e.printStackTrace();
+            DefaultLicenseService defaultLicenseService = CommonBeanFactory.getBean(DefaultLicenseService.class);
+            F2CLicenseResponse f2CLicenseResponse = defaultLicenseService.validateLicense();
+            Status status = f2CLicenseResponse.getStatus();
+            if (status != Status.valid) {
+                request.setAttribute(RESULT_URI_KEY, NOLIC_PAGE);
+                return false;
+            }
+        } catch (Exception e) {
+            request.setAttribute(RESULT_URI_KEY, NOLIC_PAGE);
+            LogUtil.error(e.getMessage(), e);
+            return false;
         }
+
+        try {
+            Boolean isLogin = validateLogin(request);
+            if (!isLogin) {
+                request.setAttribute(RESULT_URI_KEY, NO_LOGIN_PAGE);
+                return false;
+            }
+        } catch (Exception e) {
+            request.setAttribute(RESULT_URI_KEY, NO_LOGIN_PAGE);
+            LogUtil.error(e.getMessage(), e);
+            return false;
+        }
+
         return true;
     }
+
+    private Boolean validateLogin(HttpServletRequest request) throws Exception{
+        String authorization = request.getHeader("Authorization");
+        if (StringUtils.isBlank(authorization)) {
+            Cookie[] cookies = request.getCookies();
+            if (ArrayUtil.isNotEmpty(cookies)) {
+                Cookie cookie = Arrays.stream(cookies).filter(item -> StringUtils.equals(item.getName(), "Authorization")).findFirst().orElse(null);
+                if (ObjectUtils.isNotEmpty(cookie) && StringUtils.isNotBlank(cookie.getValue())) {
+                    authorization = cookie.getValue();
+                }
+            }
+        }
+        if (StringUtils.isBlank(authorization)) {
+            return false;
+        }
+        TokenInfo tokenInfo = JWTUtils.tokenInfoByToken(authorization);
+        AuthUserService authUserService = CommonBeanFactory.getBean(AuthUserService.class);
+        SysUserEntity user = authUserService.getUserById(tokenInfo.getUserId());
+        if (user == null) {
+            return false;
+        }
+        String password = user.getPassword();
+        boolean verify = JWTUtils.verify(authorization, tokenInfo, password);
+        return verify;
+    }
+
+    @Override
+    protected boolean onAccessDenied(ServletRequest req, ServletResponse res) throws Exception {
+        HttpServletResponse response = (HttpServletResponse) res;
+        HttpServletRequest request = (HttpServletRequest) req;
+        Object attribute = request.getAttribute(RESULT_URI_KEY);
+        String path = ObjectUtils.isNotEmpty(attribute) ? attribute.toString() : DEFAULT_FAILED_PAGE;
+        request.getRequestDispatcher(path).forward(request, response);
+        return false;
+    }
 }

backend/src/main/java/io/dataease/auth/filter/JWTFilter.java

@@ -1,5 +1,6 @@
 package io.dataease.auth.filter;
 
+import cn.hutool.core.util.URLUtil;
 import com.auth0.jwt.algorithms.Algorithm;
 import io.dataease.auth.entity.ASKToken;
 import io.dataease.auth.entity.JWTToken;
@@ -23,8 +24,10 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.nio.charset.Charset;
 
 
 public class JWTFilter extends BasicHttpAuthenticationFilter {
@@ -158,4 +161,18 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
         httpServletResponse.setHeader("authentication-status", "login_expire");
     }
 
+    @Override
+    protected boolean onAccessDenied(ServletRequest req, ServletResponse res, Object mappedValue) throws Exception {
+        HttpServletResponse response = (HttpServletResponse) res;
+        HttpServletRequest request = (HttpServletRequest) req;
+        String requestURI = request.getRequestURI();
+        String msg = requestURI + " has been denied";
+        String encode = URLUtil.encode(msg, Charset.forName("UTF-8"));
+        Cookie cookie_error = new Cookie("onAccessDeniedMsg", encode);
+        cookie_error.setPath("/");
+        response.addCookie(cookie_error);
+        response.sendRedirect("/");
+        return false;
+    }
+
 }

backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java

@@ -11,6 +11,7 @@ import java.util.Map;
 public class ShiroServiceImpl implements ShiroService {
 
     private final static String ANON = "anon";
+    private final static String DOC = "doc";
 
     @Override
     public Map<String, String> loadFilterChainDefinitionMap() {
@@ -20,15 +21,18 @@ public class ShiroServiceImpl implements ShiroService {
         // ----------------------------------------------------------
         // 放行Swagger2页面，需要放行这些
 
-        filterChainDefinitionMap.put("/doc.html**", "doc");
-        filterChainDefinitionMap.put("/deApi**", ANON);
+        filterChainDefinitionMap.put("/doc.html**", DOC);
+        filterChainDefinitionMap.put("/deApi**", DOC);
         filterChainDefinitionMap.put("/swagger-ui.html", ANON);
         filterChainDefinitionMap.put("/swagger-ui/**", ANON);
         filterChainDefinitionMap.put("/swagger/**", ANON);
         filterChainDefinitionMap.put("/webjars/**", ANON);
-        filterChainDefinitionMap.put("/swagger-resources/**", ANON);
-        filterChainDefinitionMap.put("/v2/**", ANON);
-        filterChainDefinitionMap.put("/v3/**", ANON);
+        filterChainDefinitionMap.put("/swagger-resources/**", DOC);
+        filterChainDefinitionMap.put("/v2/**", DOC);
+        filterChainDefinitionMap.put("/v3/**", DOC);
+
+        filterChainDefinitionMap.put("/**.gif", ANON);
+        filterChainDefinitionMap.put("/**.png", ANON);
 
         filterChainDefinitionMap.put("/static/**", ANON);
         filterChainDefinitionMap.put("/css/**", ANON);

backend/src/main/java/io/dataease/controller/IndexController.java

@@ -2,17 +2,16 @@ package io.dataease.controller;
 
 import io.dataease.commons.exception.DEException;
 import io.dataease.commons.license.DefaultLicenseService;
-import io.dataease.commons.license.F2CLicenseResponse;
 import io.dataease.commons.utils.CodingUtil;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.commons.utils.ServletUtils;
 import io.dataease.service.panel.PanelLinkService;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.http.HttpRequest;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+
 import javax.annotation.Resource;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -42,13 +41,7 @@ public class IndexController {
 
     @GetMapping("/deApi")
     public String deApi() {
-        F2CLicenseResponse f2CLicenseResponse = defaultLicenseService.validateLicense();
-        switch (f2CLicenseResponse.getStatus()) {
-            case valid:
-                return "doc.html";
-            default:
-                return "nolic.html";
-        }
+        return "doc.html";
     }
 
     @GetMapping("/link/{index}")
@@ -64,8 +57,8 @@ public class IndexController {
             // TODO 增加仪表板外部参数
             HttpServletRequest request = ServletUtils.request();
             String attachParams = request.getParameter("attachParams");
-            if(StringUtils.isNotEmpty(attachParams)){
-                url = url+"&attachParams="+attachParams;
+            if (StringUtils.isNotEmpty(attachParams)) {
+                url = url + "&attachParams=" + attachParams;
             }
             response.sendRedirect(url);
         } catch (IOException e) {

frontend/public/nolic.html

@@ -1,13 +1,46 @@
 <!DOCTYPE html>
 <html lang="zh">
+
 <head>
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width,initial-scale=1.0">
   <title>DataEase</title>
+  <style>
+    html,
+    body {
+      margin: 0 !important;
+      height: 100%;
+    }
+
+    .no-login-dynamic {
+      height: 100%;
+      background: url(./lic.png) no-repeat;
+      background-size: cover;
+      text-align: center;
+    }
+
+    span {
+      color: #000;
+      font-size: 25px;
+      font-weight: 500;
+      position: relative;
+      top: 130px;
+    }
+  </style>
 </head>
+
+
 <body style="height: 100%;">
-    <div>缺少许可</div>
+
+  <div class="no-login-dynamic">
+    <span>缺少许可</span>
+  </div>
 
 </body>
-</html>
+<script>
+  document.getElementsByTagName("body")
+</script>
+
+
+</html>

frontend/public/nologin.html

@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="zh">
+
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width,initial-scale=1.0">
+  <title>DataEase</title>
+  <style>
+    html,
+    body {
+      margin: 0 !important;
+      height: 100%;
+    }
+
+    .no-login-dynamic {
+      height: 100%;
+      background: url(./dynamic.gif) no-repeat;
+
+      background-size: cover;
+      text-align: center;
+    }
+
+    span {
+      color: #fff;
+      font-size: 25px;
+      font-weight: 500;
+      position: relative;
+      top: 30px;
+    }
+  </style>
+</head>
+
+
+<body style="height: 100%;">
+
+  <div id="de-nologin-div" class="no-login-dynamic">
+    <span>请先登录，即将跳转！</span>
+  </div>
+
+</body>
+<script>
+  const timer = setTimeout(() => {
+    window.location.href = "/";
+  }, 3500)
+
+</script>
+
+
+</html>