center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

fix: 公共链接验证长链接

Browse Source
This commit is contained in:
fit2cloud-chenyw 2024-01-25 11:43:47 +08:00
parent cbb677f791
commit a1290c04cc
2 changed files with 53 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
core/backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java
View File

@ -5,16 +5,17 @@ import com.auth0.jwt.interfaces.DecodedJWT;
import io.dataease.auth.filter.F2CLinkFilter; import io.dataease.auth.filter.F2CLinkFilter;
import io.dataease.commons.constants.SysLogConstants; import io.dataease.commons.constants.SysLogConstants;
import io.dataease.commons.utils.DeLogUtils; import io.dataease.commons.utils.DeLogUtils;
import io.dataease.plugins.common.base.domain.PanelGroupWithBLOBs;
import io.dataease.plugins.common.base.domain.PanelLink;
import io.dataease.controller.panel.api.LinkApi; import io.dataease.controller.panel.api.LinkApi;
import io.dataease.controller.request.chart.ChartExtRequest; import io.dataease.controller.request.chart.ChartExtRequest;
import io.dataease.controller.request.panel.link.*; import io.dataease.controller.request.panel.link.*;
import io.dataease.dto.panel.link.GenerateDto; import io.dataease.dto.panel.link.GenerateDto;
import io.dataease.dto.panel.link.ValidateDto; import io.dataease.dto.panel.link.ValidateDto;
import io.dataease.plugins.common.base.domain.PanelGroupWithBLOBs;
import io.dataease.plugins.common.base.domain.PanelLink;
import io.dataease.service.chart.ChartViewService; import io.dataease.service.chart.ChartViewService;
import io.dataease.service.panel.PanelLinkService; import io.dataease.service.panel.PanelLinkService;
import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
@ -25,6 +26,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource; import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.net.URLDecoder; import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Map; import java.util.Map;
@RestController @RestController
@ -65,22 +67,32 @@ public class LinkServer implements LinkApi {
@Override @Override
public ValidateDto validate(@RequestBody LinkValidateRequest request) throws Exception { public ValidateDto validate(@RequestBody LinkValidateRequest request) throws Exception {
String link = request.getLink(); String link = request.getLink();
link = URLDecoder.decode(link, "UTF-8"); link = URLDecoder.decode(link, StandardCharsets.UTF_8);
String json = panelLinkService.decryptParam(link); String json = panelLinkService.decryptParam(link);
String[] jsonArray = json.split(",");
String uuid = null;
int len = jsonArray.length;
if (len > 1) {
uuid = jsonArray[1];
}
String user = request.getUser(); String user = request.getUser();
user = URLDecoder.decode(user, "UTF-8"); user = URLDecoder.decode(user, StandardCharsets.UTF_8);
user = panelLinkService.decryptParam(user); user = panelLinkService.decryptParam(user);
ValidateDto dto = new ValidateDto(); ValidateDto dto = new ValidateDto();
dto.setUserId(user); dto.setUserId(user);
String resourceId = json; String resourceId = jsonArray[0];
PanelLink one = panelLinkService.findOne(resourceId, Long.valueOf(user)); PanelLink one = panelLinkService.findOne(resourceId, Long.valueOf(user));
dto.setResourceId(resourceId); dto.setResourceId(resourceId);
if (ObjectUtils.isEmpty(one)) { if (ObjectUtils.isEmpty(one)) {
dto.setValid(false); dto.setValid(false);
return dto; return dto;
} }
String mappingUuid = panelLinkService.getMappingUuid(one);
if (!StringUtils.equals(uuid, mappingUuid)) {
dto.setValid(false);
return dto;
}
dto.setValid(one.getValid()); dto.setValid(one.getValid());
dto.setEnablePwd(one.getEnablePwd()); dto.setEnablePwd(one.getEnablePwd());
dto.setPassPwd(panelLinkService.validateHeads(one)); dto.setPassPwd(panelLinkService.validateHeads(one));
@ -94,8 +106,8 @@ public class LinkServer implements LinkApi {
} }
@Override @Override
public Object resourceDetail(@PathVariable String resourceId,@PathVariable String userId) { public Object resourceDetail(@PathVariable String resourceId, @PathVariable String userId) {
return panelLinkService.resourceInfo(resourceId,userId); return panelLinkService.resourceInfo(resourceId, userId);
} }
@Override @Override
@ -125,7 +137,7 @@ public class LinkServer implements LinkApi {
operateType = SysLogConstants.OPERATE_TYPE.MB_VIEW; operateType = SysLogConstants.OPERATE_TYPE.MB_VIEW;
} }
if (ObjectUtils.isEmpty(userId)) return; if (ObjectUtils.isEmpty(userId)) return;
PanelGroupWithBLOBs panelGroupWithBLOBs = panelLinkService.resourceInfo(panelId,String.valueOf(userId)); PanelGroupWithBLOBs panelGroupWithBLOBs = panelLinkService.resourceInfo(panelId, String.valueOf(userId));
String pid = panelGroupWithBLOBs.getPid(); String pid = panelGroupWithBLOBs.getPid();
DeLogUtils.save(operateType, SysLogConstants.SOURCE_TYPE.LINK, panelId, pid, userId, SysLogConstants.SOURCE_TYPE.USER); DeLogUtils.save(operateType, SysLogConstants.SOURCE_TYPE.LINK, panelId, pid, userId, SysLogConstants.SOURCE_TYPE.USER);
} }

44
core/backend/src/main/java/io/dataease/service/panel/PanelLinkService.java
View File

@ -4,7 +4,10 @@ import io.dataease.auth.config.RsaProperties;
import io.dataease.auth.util.JWTUtils; import io.dataease.auth.util.JWTUtils;
import io.dataease.auth.util.RsaUtil; import io.dataease.auth.util.RsaUtil;
import io.dataease.commons.constants.SysLogConstants; import io.dataease.commons.constants.SysLogConstants;
import io.dataease.commons.utils.*; import io.dataease.commons.utils.AuthUtils;
import io.dataease.commons.utils.CodingUtil;
import io.dataease.commons.utils.DeLogUtils;
import io.dataease.commons.utils.ServletUtils;
import io.dataease.controller.request.panel.link.EnablePwdRequest; import io.dataease.controller.request.panel.link.EnablePwdRequest;
import io.dataease.controller.request.panel.link.LinkRequest; import io.dataease.controller.request.panel.link.LinkRequest;
import io.dataease.controller.request.panel.link.OverTimeRequest; import io.dataease.controller.request.panel.link.OverTimeRequest;
@ -127,6 +130,16 @@ public class PanelLinkService {
} }
} }
public String getMappingUuid(PanelLink link) {
String resourceId = link.getResourceId();
Long userId = link.getUserId();
PanelLinkMappingExample example = new PanelLinkMappingExample();
example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(userId);
List<PanelLinkMapping> mappings = panelLinkMappingMapper.selectByExample(example);
if (CollectionUtils.isNotEmpty(mappings)) return mappings.get(0).getUuid();
return null;
}
@Transactional @Transactional
public GenerateDto currentGenerate(String resourceId) { public GenerateDto currentGenerate(String resourceId) {
PanelLink one = findOne(resourceId, AuthUtils.getUser().getUserId()); PanelLink one = findOne(resourceId, AuthUtils.getUser().getUserId());
@ -143,14 +156,17 @@ public class PanelLinkService {
PanelLinkMappingExample example = new PanelLinkMappingExample(); PanelLinkMappingExample example = new PanelLinkMappingExample();
example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(AuthUtils.getUser().getUserId()); example.createCriteria().andResourceIdEqualTo(resourceId).andUserIdEqualTo(AuthUtils.getUser().getUserId());
List<PanelLinkMapping> mappings = panelLinkMappingMapper.selectByExample(example); List<PanelLinkMapping> mappings = panelLinkMappingMapper.selectByExample(example);
PanelLinkMapping mapping = null;
if (CollectionUtils.isEmpty(mappings)) { if (CollectionUtils.isEmpty(mappings)) {
PanelLinkMapping mapping = new PanelLinkMapping(); mapping = new PanelLinkMapping();
mapping.setResourceId(resourceId); mapping.setResourceId(resourceId);
mapping.setUserId(AuthUtils.getUser().getUserId()); mapping.setUserId(AuthUtils.getUser().getUserId());
mapping.setUuid(CodingUtil.shortUuid()); mapping.setUuid(CodingUtil.shortUuid());
panelLinkMappingMapper.insert(mapping); panelLinkMappingMapper.insert(mapping);
} else {
mapping = mappings.get(0);
} }
return convertDto(one); return convertDto(one, mapping.getUuid());
} }
public void deleteByResourceId(String resourceId) { public void deleteByResourceId(String resourceId) {
@ -177,20 +193,24 @@ public class PanelLinkService {
return null; return null;
} }
private String buildLinkParam(PanelLink link) { private String buildLinkParam(PanelLink link, String uuid) {
String linkParam = encrypt(link.getResourceId()); String resourceId = link.getResourceId();
if (StringUtils.isNotBlank(uuid)) {
resourceId += ("," + uuid);
}
String linkParam = encrypt(resourceId);
if (link.getUserId() != null) { if (link.getUserId() != null) {
linkParam = linkParam + USERPARAM + encrypt(link.getUserId().toString()); linkParam = linkParam + USERPARAM + encrypt(link.getUserId().toString());
} }
return linkParam; return linkParam;
} }
private GenerateDto convertDto(PanelLink link) { private GenerateDto convertDto(PanelLink link, String uuid) {
GenerateDto result = new GenerateDto(); GenerateDto result = new GenerateDto();
result.setValid(link.getValid()); result.setValid(link.getValid());
result.setEnablePwd(link.getEnablePwd()); result.setEnablePwd(link.getEnablePwd());
result.setPwd(link.getPwd()); result.setPwd(link.getPwd());
result.setUri(BASEURL + buildLinkParam(link)); result.setUri(BASEURL + buildLinkParam(link, uuid));
result.setOverTime(link.getOverTime()); result.setOverTime(link.getOverTime());
return result; return result;
} }
@ -237,8 +257,8 @@ public class PanelLinkService {
return pass; return pass;
} }
public PanelGroupDTO resourceInfo(String resourceId,String userId) { public PanelGroupDTO resourceInfo(String resourceId, String userId) {
PanelGroupDTO result = extPanelGroupMapper.findOneWithPrivileges(resourceId,userId); PanelGroupDTO result = extPanelGroupMapper.findOneWithPrivileges(resourceId, userId);
result.setWatermarkInfo(panelWatermarkMapper.selectByPrimaryKey("system_default")); result.setWatermarkInfo(panelWatermarkMapper.selectByPrimaryKey("system_default"));
return result; return result;
} }
@ -261,7 +281,7 @@ public class PanelLinkService {
if (StringUtils.isNotBlank(mapping.getUuid())) { if (StringUtils.isNotBlank(mapping.getUuid())) {
one.setResourceId("error-resource-id"); one.setResourceId("error-resource-id");
} }
return convertDto(one).getUri(); return convertDto(one, mapping.getUuid()).getUri();
} }
public String getUrlByUuid(String uuid) { public String getUrlByUuid(String uuid) {
@ -271,12 +291,12 @@ public class PanelLinkService {
if (CollectionUtils.isEmpty(mappings)) { if (CollectionUtils.isEmpty(mappings)) {
PanelLink panelLink = new PanelLink(); PanelLink panelLink = new PanelLink();
panelLink.setResourceId("error-resource-id"); panelLink.setResourceId("error-resource-id");
return BASEURL + buildLinkParam(panelLink); return BASEURL + buildLinkParam(panelLink, null);
} }
PanelLinkMapping mapping = mappings.get(0); PanelLinkMapping mapping = mappings.get(0);
String resourceId = mapping.getResourceId(); String resourceId = mapping.getResourceId();
Long userId = mapping.getUserId(); Long userId = mapping.getUserId();
PanelLink one = findOne(resourceId, userId); PanelLink one = findOne(resourceId, userId);
return convertDto(one).getUri(); return convertDto(one, uuid).getUri();
} }
} }