diff --git a/core/core-frontend/src/api/sync/syncTask.ts b/core/core-frontend/src/api/sync/syncTask.ts index 08a295e0b4..31462ef74c 100644 --- a/core/core-frontend/src/api/sync/syncTask.ts +++ b/core/core-frontend/src/api/sync/syncTask.ts @@ -208,7 +208,7 @@ export const addApi = (data: ITaskInfoInsertReq) => { } export const removeApi = (taskId: string) => { - return request.delete({ url: `/sync/task/remove/${taskId}` }) + return request.post({ url: `/sync/task/remove/${taskId}` }) } export const batchRemoveApi = (taskIds: string[]) => { diff --git a/core/core-frontend/src/api/sync/syncTaskLog.ts b/core/core-frontend/src/api/sync/syncTaskLog.ts index 28a470a95f..077ce2b0c3 100644 --- a/core/core-frontend/src/api/sync/syncTaskLog.ts +++ b/core/core-frontend/src/api/sync/syncTaskLog.ts @@ -8,7 +8,7 @@ export const getTaskLogListApi = (current: number, size: number, data: any) => { } export const removeApi = (logId: string) => { - return request.delete({ url: `/sync/task/log/delete/${logId}` }) + return request.post({ url: `/sync/task/log/delete/${logId}` }) } export const getTaskLogDetailApi = (logId: string, fromLineNum: number) => { diff --git a/core/core-frontend/src/api/visualization/dataVisualization.ts b/core/core-frontend/src/api/visualization/dataVisualization.ts index e9d48e7870..8084bede74 100644 --- a/core/core-frontend/src/api/visualization/dataVisualization.ts +++ b/core/core-frontend/src/api/visualization/dataVisualization.ts @@ -68,7 +68,7 @@ export const moveResource = data => request.post({ url: '/dataVisualization/move export const copyResource = data => request.post({ url: '/dataVisualization/copy', data }) export const deleteLogic = (dvId, busiFlag) => - request.delete({ url: '/dataVisualization/deleteLogic/' + dvId + '/' + busiFlag }) + request.post({ url: '/dataVisualization/deleteLogic/' + dvId + '/' + busiFlag }) export const querySubjectWithGroupApi = data => request.post({ url: '/visualizationSubject/querySubjectWithGroup', data }) @@ -76,7 +76,7 @@ export const querySubjectWithGroupApi = data => export const saveOrUpdateSubject = data => request.post({ url: '/visualizationSubject/update', data }) -export const deleteSubject = id => request.delete({ url: '/visualizationSubject/delete/' + id }) +export const deleteSubject = id => request.post({ url: '/visualizationSubject/delete/' + id }) export const dvNameCheck = async data => request.post({ url: '/dataVisualization/nameCheck', data }) diff --git a/sdk/api/api-base/src/main/java/io/dataease/api/ds/DatasourceDriverApi.java b/sdk/api/api-base/src/main/java/io/dataease/api/ds/DatasourceDriverApi.java index 08670ff4ed..11e5431465 100644 --- a/sdk/api/api-base/src/main/java/io/dataease/api/ds/DatasourceDriverApi.java +++ b/sdk/api/api-base/src/main/java/io/dataease/api/ds/DatasourceDriverApi.java @@ -33,13 +33,13 @@ public interface DatasourceDriverApi { @PostMapping("/update") DriveDTO update(@RequestBody DriveDTO datasourceDrive); - @DeleteMapping("/delete/{driverId}") + @PostMapping("/delete/{driverId}") void delete(@PathVariable("driverId") String driverId); @GetMapping("/listDriverJar/{driverId}") List listDriverJar(@PathVariable("driverId") String driverId); - @DeleteMapping("/deleteDriverJar/{jarId}") + @PostMapping("/deleteDriverJar/{jarId}") void deleteDriverJar(@PathVariable("jarId") String jarId); @PostMapping("/uploadJar") diff --git a/sdk/api/api-base/src/main/java/io/dataease/api/visualization/DataVisualizationApi.java b/sdk/api/api-base/src/main/java/io/dataease/api/visualization/DataVisualizationApi.java index 8b4644b13c..31d0e27ccc 100644 --- a/sdk/api/api-base/src/main/java/io/dataease/api/visualization/DataVisualizationApi.java +++ b/sdk/api/api-base/src/main/java/io/dataease/api/visualization/DataVisualizationApi.java @@ -41,7 +41,7 @@ public interface DataVisualizationApi { @GetMapping("/findCopyResource/{dvId}/{busiFlag}") @Operation(summary = "查询临时复制资源") - DataVisualizationVO findCopyResource(@PathVariable("dvId") Long dvId,@PathVariable("busiFlag") String busiFlag); + DataVisualizationVO findCopyResource(@PathVariable("dvId") Long dvId, @PathVariable("busiFlag") String busiFlag); @PostMapping("/saveCanvas") @@ -64,10 +64,10 @@ public interface DataVisualizationApi { @Operation(summary = "可视化资源基础信息更新") void updateBase(@RequestBody DataVisualizationBaseRequest request); - @DeleteMapping("/deleteLogic/{dvId}/{busiFlag}") + @PostMapping("/deleteLogic/{dvId}/{busiFlag}") @DePermit(value = {"#p0+':manage'"}, busiFlag = "#p1") @Operation(summary = "可视化资源删除") - void deleteLogic(@PathVariable("dvId") Long dvId,@PathVariable("busiFlag") String busiFlag); + void deleteLogic(@PathVariable("dvId") Long dvId, @PathVariable("busiFlag") String busiFlag); @PostMapping("/tree") @Operation(summary = "查询可视化资源树") @@ -98,7 +98,7 @@ public interface DataVisualizationApi { @GetMapping("/findDvType/{dvId}") @Operation(summary = "查询可视化资源类型") - String findDvType(@PathVariable("dvId")Long dvId); + String findDvType(@PathVariable("dvId") Long dvId); /** * 从模板解压可视化资源 模板来源包括 模板市场、内部模板管理 diff --git a/sdk/api/api-base/src/main/java/io/dataease/api/visualization/VisualizationSubjectApi.java b/sdk/api/api-base/src/main/java/io/dataease/api/visualization/VisualizationSubjectApi.java index 09775d4280..a7311779b3 100644 --- a/sdk/api/api-base/src/main/java/io/dataease/api/visualization/VisualizationSubjectApi.java +++ b/sdk/api/api-base/src/main/java/io/dataease/api/visualization/VisualizationSubjectApi.java @@ -5,7 +5,9 @@ import io.dataease.api.visualization.request.VisualizationSubjectRequest; import io.dataease.api.visualization.vo.VisualizationSubjectVO; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; import java.util.List; @@ -25,8 +27,8 @@ public interface VisualizationSubjectApi { @Operation(summary = "更新") void update(@RequestBody VisualizationSubjectRequest request); - @DeleteMapping("/delete/{id}") + @PostMapping("/delete/{id}") @Operation(summary = "删除") - void delete(@PathVariable String id); + void delete(@PathVariable("id") String id); } diff --git a/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskApi.java b/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskApi.java index f272b1a919..4538c6b8e2 100644 --- a/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskApi.java +++ b/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskApi.java @@ -28,7 +28,7 @@ public interface TaskApi { @PostMapping("/update") void update(@RequestBody TaskInfoDTO jobInfo) throws DEException; - @DeleteMapping("/remove/{id}") + @PostMapping("/remove/{id}") void remove(@PathVariable(value = "id") String id) throws DEException; @GetMapping("start/{id}") diff --git a/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskLogApi.java b/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskLogApi.java index 631d9befc0..4cdb661796 100644 --- a/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskLogApi.java +++ b/sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskLogApi.java @@ -27,10 +27,10 @@ public interface TaskLogApi { @PostMapping("/update") void updateLog(@RequestBody TaskLogVO logDetail); - @DeleteMapping("/deleteByJobId/{jobId}") + @PostMapping("/deleteByJobId/{jobId}") void deleteByJobId(@PathVariable("jobId") String jobId); - @DeleteMapping("/delete/{logId}") + @PostMapping("/delete/{logId}") void deleteById(@PathVariable("logId") String logId); @PostMapping("/clear") diff --git a/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java b/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java index aa91793b30..7e27e50782 100644 --- a/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java +++ b/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java @@ -5,6 +5,7 @@ import io.dataease.constant.AuthConstant; import io.dataease.utils.*; import jakarta.servlet.*; import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import java.io.IOException; @@ -16,6 +17,22 @@ public class TokenFilter implements Filter { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; + String method = request.getMethod(); + if (!StringUtils.equalsAny(method, "GET", "POST", "OPTIONS")) { + HttpServletResponse res = (HttpServletResponse) servletResponse; + res.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + return; + } + if (StringUtils.equalsIgnoreCase("OPTIONS", method)) { + String origin = request.getHeader("Origin"); + if (StringUtils.isBlank(origin)) { + HttpServletResponse res = (HttpServletResponse) servletResponse; + res.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + return; + } + filterChain.doFilter(servletRequest, servletResponse); + return; + } String requestURI = request.getRequestURI(); if (ModelUtils.isDesktop()) { @@ -28,10 +45,7 @@ public class TokenFilter implements Filter { filterChain.doFilter(servletRequest, servletResponse); return; } - if (StringUtils.equalsIgnoreCase("OPTIONS", ServletUtils.request().getMethod())) { - filterChain.doFilter(servletRequest, servletResponse); - return; - } + String executeVersion = null; if (StringUtils.isNotBlank(executeVersion = VersionUtil.getRandomVersion())) { Objects.requireNonNull(ServletUtils.response()).addHeader(AuthConstant.DE_EXECUTE_VERSION, executeVersion); diff --git a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java index 6aca15eed9..336f54420b 100644 --- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java +++ b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java @@ -1,12 +1,12 @@ package io.dataease.auth.interceptor; import io.dataease.constant.AuthConstant; -import jakarta.annotation.Resource; +import org.apache.commons.collections4.CollectionUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.config.annotation.CorsRegistration; import org.springframework.web.servlet.config.annotation.CorsRegistry; -import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.PathMatchConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -15,17 +15,11 @@ import java.util.List; @Configuration public class CorsConfig implements WebMvcConfigurer { - @Resource(name = "deCorsInterceptor") - private CorsInterceptor corsInterceptor; @Value("#{'${dataease.origin-list:http://127.0.0.1:8100}'.split(',')}") private List originList; - @Override - public void addInterceptors(InterceptorRegistry registry) { - corsInterceptor.addOriginList(originList); - registry.addInterceptor(corsInterceptor).addPathPatterns("/**"); - } + private CorsRegistration operateCorsRegistration; @Override public void configurePathMatch(PathMatchConfigurer configurer) { @@ -34,11 +28,21 @@ public class CorsConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") + operateCorsRegistration = registry.addMapping("/**") .allowCredentials(true) - .allowedOriginPatterns("*") + .allowedOrigins(originList.toArray(new String[0])) .allowedHeaders("*") .maxAge(3600) - .allowedMethods("*"); + .allowedMethods("GET", "POST"); + } + + public void addAllowedOrigins(List origins) { + if (CollectionUtils.isEmpty(origins)) { + return; + } + origins.addAll(originList); + List newOrigins = origins.stream().distinct().toList(); + String[] originArray = newOrigins.toArray(new String[0]); + operateCorsRegistration.allowedOrigins(originArray); } } diff --git a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java deleted file mode 100644 index 97078d3ac4..0000000000 --- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsInterceptor.java +++ /dev/null @@ -1,86 +0,0 @@ -package io.dataease.auth.interceptor; - -import io.dataease.utils.CommonBeanFactory; -import io.dataease.utils.DeReflectUtil; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.lang3.ObjectUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Component; -import org.springframework.util.ReflectionUtils; -import org.springframework.web.servlet.HandlerInterceptor; - -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.List; - -@Component("deCorsInterceptor") -public class CorsInterceptor implements HandlerInterceptor { - - - private final List originList; - - private final List busiOriginList = new ArrayList<>(); - - private Class aClass; - - private Object bean; - - - public CorsInterceptor(List originList) { - this.originList = originList; - } - - public void addOriginList(List list) { - List strings = list.stream().filter(item -> !originList.contains(item)).toList(); - originList.addAll(strings); - } - - - public void addOriginList() { - busiOriginList.clear(); - String className = "io.dataease.api.permissions.embedded.api.EmbeddedApi"; - String methodName = "domainList"; - if (ObjectUtils.isEmpty(aClass)) { - try { - aClass = Class.forName(className); - } catch (ClassNotFoundException e) { - return; - } - } - if (ObjectUtils.isEmpty(bean)) { - bean = CommonBeanFactory.getBean(aClass); - } - if (ObjectUtils.isNotEmpty(bean)) { - Method method = DeReflectUtil.findMethod(aClass, methodName); - Object result = ReflectionUtils.invokeMethod(method, bean); - if (ObjectUtils.isNotEmpty(result)) { - List list = (List) result; - if (CollectionUtils.isNotEmpty(list)) { - busiOriginList.addAll(list.stream().distinct().toList()); - } - } - } - } - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - addOriginList(); - String origin = request.getHeader("Origin"); - boolean embedded = StringUtils.startsWithAny(request.getRequestURI(), "/assets/", "/js/"); - if ((StringUtils.isNotBlank(origin) && originList.contains(origin)) || busiOriginList.contains(origin) || embedded) { - response.setHeader("Access-Control-Allow-Origin", embedded ? "*" : origin); - response.setHeader("Access-Control-Allow-Credentials", "true"); - response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS"); - response.setHeader("Access-Control-Allow-Headers", "*"); - response.setHeader("Access-Control-Max-Age", "3600"); - } - - if (StringUtils.equalsIgnoreCase(request.getMethod(), "options")) { - response.setStatus(200); - return false; - } - return true; - } -}