feat: 加密公共链接中的用户ID

backend/src/main/java/io/dataease/controller/panel/server/LinkServer.java

@@ -65,9 +65,14 @@ public class LinkServer implements LinkApi {
         link = URLDecoder.decode(link, "UTF-8");
         String json = panelLinkService.decryptParam(link);
 
+        String user = request.getUser();
+        user = URLDecoder.decode(user, "UTF-8");
+        user = panelLinkService.decryptParam(user);
+
         ValidateDto dto = new ValidateDto();
+        dto.setUserId(user);
         String resourceId = json;
-        PanelLink one = panelLinkService.findOne(resourceId, request.getUser());
+        PanelLink one = panelLinkService.findOne(resourceId, Long.valueOf(user));
         dto.setResourceId(resourceId);
         if (ObjectUtils.isEmpty(one)) {
             dto.setValid(false);

backend/src/main/java/io/dataease/controller/request/panel/link/LinkValidateRequest.java

@@ -8,5 +8,5 @@ import java.io.Serializable;
 public class LinkValidateRequest implements Serializable {
 
     private String link;
-    private Long user;
+    private String user;
 }

backend/src/main/java/io/dataease/dto/panel/link/ValidateDto.java

@@ -17,4 +17,6 @@ public class ValidateDto {
     private boolean passPwd;
     @ApiModelProperty("资源ID")
     private String resourceId;
+    @ApiModelProperty("用户ID")
+    private String userId;
 }

backend/src/main/java/io/dataease/service/panel/PanelLinkService.java

@@ -155,7 +155,7 @@ public class PanelLinkService {
     private String buildLinkParam(PanelLink link) {
         String linkParam = encrypt(link.getResourceId());
         if (link.getUserId() != null) {
-            linkParam = linkParam + USERPARAM + link.getUserId().toString();
+            linkParam = linkParam + USERPARAM + encrypt(link.getUserId().toString());
         }
         return linkParam;
     }

frontend/public/link.html

@@ -38,7 +38,7 @@
     url += '&terminal=' + terminal
   }
   if (user) {
-    url += '&user=' + user
+    url += '&user=' + encodeURIComponent(user)
   }
   if (attachParams) {
     url += '&attachParams=' + attachParams

frontend/src/views/link/index.vue

@@ -1,9 +1,9 @@
 <template>
   <div style="height: 100%;">
     <link-error v-if="showIndex===0" :resource-id="resourceId" />
-    <link-pwd v-if="showIndex===1" :resource-id="resourceId" :user="user" @fresh-token="refreshToken" />
+    <link-pwd v-if="showIndex===1" :resource-id="resourceId" :user="userId" @fresh-token="refreshToken" />
-    <link-view v-if="showIndex===2" :resource-id="resourceId" :user="user"/>
+    <link-view v-if="showIndex===2" :resource-id="resourceId" :user="userId"/>
-    <link-expire v-if="showIndex===3" :resource-id="resourceId" :user="user"/>
+    <link-expire v-if="showIndex===3" :resource-id="resourceId" :user="userId"/>
   </div>
 </template>
 <script>
@@ -21,6 +21,7 @@ export default {
   data() {
     return {
       resourceId: null,
+      userId: null,
       PARAMKEY: 'link',
       link: null,
       user: null,
@@ -46,10 +47,11 @@ export default {
         this.showError()
         return
       }
-      let params = this.user ? { link: encodeURIComponent(this.link), user: this.user} : { link: encodeURIComponent(this.link)};
+      let params = this.user ? { link: encodeURIComponent(this.link), user: encodeURIComponent(this.user)} : { link: encodeURIComponent(this.link)};
       validate(params).then(res => {
-        const { resourceId, valid, enablePwd, passPwd, expire } = res.data
+        const { resourceId, valid, enablePwd, passPwd, expire, userId} = res.data
         this.resourceId = resourceId
+        this.userId = userId
         // 如果链接无效 直接显示无效页面
         if (!valid || !resourceId) {
           this.showError()