diff --git a/core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java b/core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java index e23d9981bf..30acef6006 100644 --- a/core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java +++ b/core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java @@ -5,16 +5,17 @@ import com.auth0.jwt.interfaces.DecodedJWT; import io.dataease.auth.filter.F2CLinkFilter; import io.dataease.commons.constants.SysLogConstants; import io.dataease.commons.utils.DeLogUtils; -import io.dataease.plugins.common.base.domain.PanelGroupWithBLOBs; -import io.dataease.plugins.common.base.domain.PanelLink; import io.dataease.controller.panel.api.LinkApi; import io.dataease.controller.request.chart.ChartExtRequest; import io.dataease.controller.request.panel.link.*; import io.dataease.dto.panel.link.GenerateDto; import io.dataease.dto.panel.link.ValidateDto; +import io.dataease.plugins.common.base.domain.PanelGroupWithBLOBs; +import io.dataease.plugins.common.base.domain.PanelLink; import io.dataease.service.chart.ChartViewService; import io.dataease.service.panel.PanelLinkService; import org.apache.commons.lang3.ObjectUtils; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -25,6 +26,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; import java.util.Map; @RestController @@ -65,22 +67,32 @@ public class LinkServer implements LinkApi { @Override public ValidateDto validate(@RequestBody LinkValidateRequest request) throws Exception { String link = request.getLink(); - link = URLDecoder.decode(link, "UTF-8"); + link = URLDecoder.decode(link, StandardCharsets.UTF_8); String json = panelLinkService.decryptParam(link); - + String[] jsonArray = json.split(","); + String uuid = null; + int len = jsonArray.length; + if (len > 1) { + uuid = jsonArray[1]; + } String user = request.getUser(); - user = URLDecoder.decode(user, "UTF-8"); + user = URLDecoder.decode(user, StandardCharsets.UTF_8); user = panelLinkService.decryptParam(user); ValidateDto dto = new ValidateDto(); dto.setUserId(user); - String resourceId = json; + String resourceId = jsonArray[0]; PanelLink one = panelLinkService.findOne(resourceId, Long.valueOf(user)); dto.setResourceId(resourceId); if (ObjectUtils.isEmpty(one)) { dto.setValid(false); return dto; } + String mappingUuid = panelLinkService.getMappingUuid(one); + if (!StringUtils.equals(uuid, mappingUuid)) { + dto.setValid(false); + return dto; + } dto.setValid(one.getValid()); dto.setEnablePwd(one.getEnablePwd()); dto.setPassPwd(panelLinkService.validateHeads(one)); @@ -94,8 +106,8 @@ public class LinkServer implements LinkApi { } @Override - public Object resourceDetail(@PathVariable String resourceId,@PathVariable String userId) { - return panelLinkService.resourceInfo(resourceId,userId); + public Object resourceDetail(@PathVariable String resourceId, @PathVariable String userId) { + return panelLinkService.resourceInfo(resourceId, userId); } @Override @@ -125,7 +137,7 @@ public class LinkServer implements LinkApi { operateType = SysLogConstants.OPERATE_TYPE.MB_VIEW; } if (ObjectUtils.isEmpty(userId)) return; - PanelGroupWithBLOBs panelGroupWithBLOBs = panelLinkService.resourceInfo(panelId,String.valueOf(userId)); + PanelGroupWithBLOBs panelGroupWithBLOBs = panelLinkService.resourceInfo(panelId, String.valueOf(userId)); String pid = panelGroupWithBLOBs.getPid(); DeLogUtils.save(operateType, SysLogConstants.SOURCE_TYPE.LINK, panelId, pid, userId, SysLogConstants.SOURCE_TYPE.USER); } diff --git a/core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java b/core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java index d9baa4281c..4641f98315 100644 --- a/core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java +++ b/core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java @@ -4,7 +4,10 @@ import io.dataease.auth.config.RsaProperties; import io.dataease.auth.util.JWTUtils; import io.dataease.auth.util.RsaUtil; import io.dataease.commons.constants.SysLogConstants; -import io.dataease.commons.utils.*; +import io.dataease.commons.utils.AuthUtils; +import io.dataease.commons.utils.CodingUtil; +import io.dataease.commons.utils.DeLogUtils; +import io.dataease.commons.utils.ServletUtils; import io.dataease.controller.request.panel.link.EnablePwdRequest; import io.dataease.controller.request.panel.link.LinkRequest; import io.dataease.controller.request.panel.link.OverTimeRequest; @@ -127,6 +130,16 @@ public class PanelLinkService { } } + public String getMappingUuid(PanelLink link) { + String resourceId = link.getResourceId(); + Long userId = link.getUserId(); + PanelLinkMappingExample example = new PanelLinkMappingExample(); + example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(userId); + List mappings = panelLinkMappingMapper.selectByExample(example); + if (CollectionUtils.isNotEmpty(mappings)) return mappings.get(0).getUuid(); + return null; + } + @Transactional public GenerateDto currentGenerate(String resourceId) { PanelLink one = findOne(resourceId, AuthUtils.getUser().getUserId()); @@ -143,14 +156,17 @@ public class PanelLinkService { PanelLinkMappingExample example = new PanelLinkMappingExample(); example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(AuthUtils.getUser().getUserId()); List mappings = panelLinkMappingMapper.selectByExample(example); + PanelLinkMapping mapping = null; if (CollectionUtils.isEmpty(mappings)) { - PanelLinkMapping mapping = new PanelLinkMapping(); + mapping = new PanelLinkMapping(); mapping.setResourceId(resourceId); mapping.setUserId(AuthUtils.getUser().getUserId()); mapping.setUuid(CodingUtil.shortUuid()); panelLinkMappingMapper.insert(mapping); + } else { + mapping = mappings.get(0); } - return convertDto(one); + return convertDto(one, mapping.getUuid()); } public void deleteByResourceId(String resourceId) { @@ -177,20 +193,24 @@ public class PanelLinkService { return null; } - private String buildLinkParam(PanelLink link) { - String linkParam = encrypt(link.getResourceId()); + private String buildLinkParam(PanelLink link, String uuid) { + String resourceId = link.getResourceId(); + if (StringUtils.isNotBlank(uuid)) { + resourceId += ("," + uuid); + } + String linkParam = encrypt(resourceId); if (link.getUserId() != null) { linkParam = linkParam + USERPARAM + encrypt(link.getUserId().toString()); } return linkParam; } - private GenerateDto convertDto(PanelLink link) { + private GenerateDto convertDto(PanelLink link, String uuid) { GenerateDto result = new GenerateDto(); result.setValid(link.getValid()); result.setEnablePwd(link.getEnablePwd()); result.setPwd(link.getPwd()); - result.setUri(BASEURL + buildLinkParam(link)); + result.setUri(BASEURL + buildLinkParam(link, uuid)); result.setOverTime(link.getOverTime()); return result; } @@ -237,8 +257,8 @@ public class PanelLinkService { return pass; } - public PanelGroupDTO resourceInfo(String resourceId,String userId) { - PanelGroupDTO result = extPanelGroupMapper.findOneWithPrivileges(resourceId,userId); + public PanelGroupDTO resourceInfo(String resourceId, String userId) { + PanelGroupDTO result = extPanelGroupMapper.findOneWithPrivileges(resourceId, userId); result.setWatermarkInfo(panelWatermarkMapper.selectByPrimaryKey("system_default")); return result; } @@ -261,7 +281,7 @@ public class PanelLinkService { if (StringUtils.isNotBlank(mapping.getUuid())) { one.setResourceId("error-resource-id"); } - return convertDto(one).getUri(); + return convertDto(one, mapping.getUuid()).getUri(); } public String getUrlByUuid(String uuid) { @@ -271,12 +291,12 @@ public class PanelLinkService { if (CollectionUtils.isEmpty(mappings)) { PanelLink panelLink = new PanelLink(); panelLink.setResourceId("error-resource-id"); - return BASEURL + buildLinkParam(panelLink); + return BASEURL + buildLinkParam(panelLink, null); } PanelLinkMapping mapping = mappings.get(0); String resourceId = mapping.getResourceId(); Long userId = mapping.getUserId(); PanelLink one = findOne(resourceId, userId); - return convertDto(one).getUri(); + return convertDto(one, uuid).getUri(); } }