fix: 公共链接验证长链接

2024-01-25 11:43:47 +08:00 · 2024-01-25 11:43:47 +08:00 · a1290c04cc
commit a1290c04cc
parent cbb677f791
2 changed files with 53 additions and 21 deletions
--- a/core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java
+++ b/core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java
@ -5,16 +5,17 @@ import com.auth0.jwt.interfaces.DecodedJWT;
 import io.dataease.auth.filter.F2CLinkFilter;
 import io.dataease.commons.constants.SysLogConstants;
 import io.dataease.commons.utils.DeLogUtils;
-import io.dataease.plugins.common.base.domain.PanelGroupWithBLOBs;
-import io.dataease.plugins.common.base.domain.PanelLink;
 import io.dataease.controller.panel.api.LinkApi;
 import io.dataease.controller.request.chart.ChartExtRequest;
 import io.dataease.controller.request.panel.link.*;
 import io.dataease.dto.panel.link.GenerateDto;
 import io.dataease.dto.panel.link.ValidateDto;
+import io.dataease.plugins.common.base.domain.PanelGroupWithBLOBs;
+import io.dataease.plugins.common.base.domain.PanelLink;
 import io.dataease.service.chart.ChartViewService;
 import io.dataease.service.panel.PanelLinkService;
 import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@ -25,6 +26,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.util.Map;

@RestController
@ -65,22 +67,32 @@ public class LinkServer implements LinkApi {
    @Override
    public ValidateDto validate(@RequestBody LinkValidateRequest request) throws Exception {
        String link = request.getLink();
-        link = URLDecoder.decode(link, "UTF-8");
+        link = URLDecoder.decode(link, StandardCharsets.UTF_8);
        String json = panelLinkService.decryptParam(link);
-
+        String[] jsonArray = json.split(",");
+        String uuid = null;
+        int len = jsonArray.length;
+        if (len > 1) {
+            uuid = jsonArray[1];
+        }
        String user = request.getUser();
-        user = URLDecoder.decode(user, "UTF-8");
+        user = URLDecoder.decode(user, StandardCharsets.UTF_8);
        user = panelLinkService.decryptParam(user);

        ValidateDto dto = new ValidateDto();
        dto.setUserId(user);
-        String resourceId = json;
+        String resourceId = jsonArray[0];
        PanelLink one = panelLinkService.findOne(resourceId, Long.valueOf(user));
        dto.setResourceId(resourceId);
        if (ObjectUtils.isEmpty(one)) {
            dto.setValid(false);
            return dto;
        }
+        String mappingUuid = panelLinkService.getMappingUuid(one);
+        if (!StringUtils.equals(uuid, mappingUuid)) {
+            dto.setValid(false);
+            return dto;
+        }
        dto.setValid(one.getValid());
        dto.setEnablePwd(one.getEnablePwd());
        dto.setPassPwd(panelLinkService.validateHeads(one));
@ -94,8 +106,8 @@ public class LinkServer implements LinkApi {
    }

    @Override
-    public Object resourceDetail(@PathVariable String resourceId,@PathVariable String userId) {
-        return panelLinkService.resourceInfo(resourceId,userId);
+    public Object resourceDetail(@PathVariable String resourceId, @PathVariable String userId) {
+        return panelLinkService.resourceInfo(resourceId, userId);
    }

    @Override
@ -125,7 +137,7 @@ public class LinkServer implements LinkApi {
            operateType = SysLogConstants.OPERATE_TYPE.MB_VIEW;
        }
        if (ObjectUtils.isEmpty(userId)) return;
-        PanelGroupWithBLOBs panelGroupWithBLOBs = panelLinkService.resourceInfo(panelId,String.valueOf(userId));
+        PanelGroupWithBLOBs panelGroupWithBLOBs = panelLinkService.resourceInfo(panelId, String.valueOf(userId));
        String pid = panelGroupWithBLOBs.getPid();
        DeLogUtils.save(operateType, SysLogConstants.SOURCE_TYPE.LINK, panelId, pid, userId, SysLogConstants.SOURCE_TYPE.USER);
    }
--- a/core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java
+++ b/core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java
@ -4,7 +4,10 @@ import io.dataease.auth.config.RsaProperties;
 import io.dataease.auth.util.JWTUtils;
 import io.dataease.auth.util.RsaUtil;
 import io.dataease.commons.constants.SysLogConstants;
-import io.dataease.commons.utils.*;
+import io.dataease.commons.utils.AuthUtils;
+import io.dataease.commons.utils.CodingUtil;
+import io.dataease.commons.utils.DeLogUtils;
+import io.dataease.commons.utils.ServletUtils;
 import io.dataease.controller.request.panel.link.EnablePwdRequest;
 import io.dataease.controller.request.panel.link.LinkRequest;
 import io.dataease.controller.request.panel.link.OverTimeRequest;
@ -127,6 +130,16 @@ public class PanelLinkService {
        }
    }

+    public String getMappingUuid(PanelLink link) {
+        String resourceId = link.getResourceId();
+        Long userId = link.getUserId();
+        PanelLinkMappingExample example = new PanelLinkMappingExample();
+        example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(userId);
+        List<PanelLinkMapping> mappings = panelLinkMappingMapper.selectByExample(example);
+        if (CollectionUtils.isNotEmpty(mappings)) return mappings.get(0).getUuid();
+        return null;
+    }
+
    @Transactional
    public GenerateDto currentGenerate(String resourceId) {
        PanelLink one = findOne(resourceId, AuthUtils.getUser().getUserId());
@ -143,14 +156,17 @@ public class PanelLinkService {
        PanelLinkMappingExample example = new PanelLinkMappingExample();
        example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(AuthUtils.getUser().getUserId());
        List<PanelLinkMapping> mappings = panelLinkMappingMapper.selectByExample(example);
+        PanelLinkMapping mapping = null;
        if (CollectionUtils.isEmpty(mappings)) {
-            PanelLinkMapping mapping = new PanelLinkMapping();
+            mapping = new PanelLinkMapping();
            mapping.setResourceId(resourceId);
            mapping.setUserId(AuthUtils.getUser().getUserId());
            mapping.setUuid(CodingUtil.shortUuid());
            panelLinkMappingMapper.insert(mapping);
+        } else {
+            mapping = mappings.get(0);
        }
-        return convertDto(one);
+        return convertDto(one, mapping.getUuid());
    }

    public void deleteByResourceId(String resourceId) {
@ -177,20 +193,24 @@ public class PanelLinkService {
        return null;
    }

-    private String buildLinkParam(PanelLink link) {
-        String linkParam = encrypt(link.getResourceId());
+    private String buildLinkParam(PanelLink link, String uuid) {
+        String resourceId = link.getResourceId();
+        if (StringUtils.isNotBlank(uuid)) {
+            resourceId += ("," + uuid);
+        }
+        String linkParam = encrypt(resourceId);
        if (link.getUserId() != null) {
            linkParam = linkParam + USERPARAM + encrypt(link.getUserId().toString());
        }
        return linkParam;
    }

-    private GenerateDto convertDto(PanelLink link) {
+    private GenerateDto convertDto(PanelLink link, String uuid) {
        GenerateDto result = new GenerateDto();
        result.setValid(link.getValid());
        result.setEnablePwd(link.getEnablePwd());
        result.setPwd(link.getPwd());
-        result.setUri(BASEURL + buildLinkParam(link));
+        result.setUri(BASEURL + buildLinkParam(link, uuid));
        result.setOverTime(link.getOverTime());
        return result;
    }
@ -237,8 +257,8 @@ public class PanelLinkService {
        return pass;
    }

-    public PanelGroupDTO resourceInfo(String resourceId,String userId) {
-        PanelGroupDTO result = extPanelGroupMapper.findOneWithPrivileges(resourceId,userId);
+    public PanelGroupDTO resourceInfo(String resourceId, String userId) {
+        PanelGroupDTO result = extPanelGroupMapper.findOneWithPrivileges(resourceId, userId);
        result.setWatermarkInfo(panelWatermarkMapper.selectByPrimaryKey("system_default"));
        return result;
    }
@ -261,7 +281,7 @@ public class PanelLinkService {
        if (StringUtils.isNotBlank(mapping.getUuid())) {
            one.setResourceId("error-resource-id");
        }
-        return convertDto(one).getUri();
+        return convertDto(one, mapping.getUuid()).getUri();
    }

    public String getUrlByUuid(String uuid) {
@ -271,12 +291,12 @@ public class PanelLinkService {
        if (CollectionUtils.isEmpty(mappings)) {
            PanelLink panelLink = new PanelLink();
            panelLink.setResourceId("error-resource-id");
-            return BASEURL + buildLinkParam(panelLink);
+            return BASEURL + buildLinkParam(panelLink, null);
        }
        PanelLinkMapping mapping = mappings.get(0);
        String resourceId = mapping.getResourceId();
        Long userId = mapping.getUserId();
        PanelLink one = findOne(resourceId, userId);
-        return convertDto(one).getUri();
+        return convertDto(one, uuid).getUri();
    }
 }