fix: 增加接口校验

2025-02-25 20:42:55 +08:00 · 2022-03-28 15:23:22 +08:00 · 2022-03-28 15:23:22 +08:00 · fc1a92d04e
commit fc1a92d04e
parent 252f88bbba
11 changed files with 88 additions and 39 deletions
--- a/backend/src/main/java/io/dataease/base/domain/Datasource.java
+++ b/backend/src/main/java/io/dataease/base/domain/Datasource.java
@ -9,11 +9,11 @@ import lombok.Data;
 public class Datasource implements Serializable {
    @ApiModelProperty("ID")
    private String id;
-    @ApiModelProperty("名称")
+    @ApiModelProperty(value = "名称",required = true)
    private String name;
    @ApiModelProperty("描述")
    private String desc;
-    @ApiModelProperty("类型")
+    @ApiModelProperty(value = "类型", required = true)
    private String type;
    @ApiModelProperty("创建时间")
    private Long createTime;
@ -23,7 +23,7 @@ public class Datasource implements Serializable {
    private String createBy;
    @ApiModelProperty("状态")
    private String status;
-    @ApiModelProperty("配置详情")
+    @ApiModelProperty(value = "配置详情", required = true)
    private String configuration;
    private static final long serialVersionUID = 1L;
--- a/backend/src/main/java/io/dataease/base/domain/DeEngine.java
+++ b/backend/src/main/java/io/dataease/base/domain/DeEngine.java
@ -1,6 +1,8 @@
 package io.dataease.base.domain;
 import java.io.Serializable;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@Data
@ -21,6 +23,7 @@ public class DeEngine implements Serializable {
    private String status;
    @ApiModelProperty(value = "详细信息", required = true)
    private String configuration;
    private static final long serialVersionUID = 1L;
--- a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java
+++ b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java
@ -7,6 +7,7 @@ import io.dataease.commons.constants.DePermissionType;
 import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.commons.utils.AuthUtils;
 import io.dataease.controller.ResultHolder;
 import io.dataease.controller.datasource.request.UpdataDsRequest;
 import io.dataease.controller.request.DatasourceUnionRequest;
 import io.dataease.controller.request.datasource.ApiDefinition;
 import io.dataease.dto.datasource.DBTableDTO;
@ -39,8 +40,7 @@ public class DatasourceController {
        return datasourceService.addDatasource(datasource);
    }
-    @RequiresPermissions("datasource:read")
+    @ApiIgnore
    @ApiOperation("验证数据源")
    @PostMapping("/validate")
    public ResultHolder validate(@RequestBody DatasourceDTO datasource) throws Exception {
        return datasourceService.validate(datasource);
@ -80,15 +80,15 @@ public class DatasourceController {
    @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE)
    @ApiOperation("更新数据源")
    @PostMapping("/update")
-    public void updateDatasource(@RequestBody Datasource Datasource) {
+    public void updateDatasource(@RequestBody UpdataDsRequest dsRequest) throws Exception{
-        datasourceService.updateDatasource(Datasource);
+        datasourceService.updateDatasource(dsRequest);
    }
-    @DePermission(type = DePermissionType.DATASOURCE, value = "id")
+    @DePermission(type = DePermissionType.DATASOURCE)
    @ApiOperation("查询数据源下属所有表")
-    @PostMapping("/getTables")
+    @PostMapping("/getTables/{id}")
-    public List<DBTableDTO> getTables(@RequestBody Datasource datasource) throws Exception {
+    public List<DBTableDTO> getTables(@PathVariable String id) throws Exception {
-        return datasourceService.getTables(datasource);
+        return datasourceService.getTables(id);
    }
    @ApiIgnore
--- a/backend/src/main/java/io/dataease/controller/engine/EngineController.java
+++ b/backend/src/main/java/io/dataease/controller/engine/EngineController.java
@ -4,6 +4,8 @@ import io.dataease.base.domain.DeEngine;
 import io.dataease.controller.ResultHolder;
 import io.dataease.dto.DatasourceDTO;
 import io.dataease.service.engine.EngineService;
 import io.swagger.annotations.ApiOperation;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
@ -23,7 +25,8 @@ public class EngineController {
        return engineService.mode();
    }
-    @ApiIgnore
+    @RequiresPermissions("sysparam:read")
    @ApiOperation("引擎信息")
    @GetMapping("/info")
    public DeEngine info() throws Exception{
        return engineService.info();
@ -36,7 +39,8 @@ public class EngineController {
    }
-    @ApiIgnore
+    @RequiresPermissions("sysparam:read")
    @ApiOperation("新增/编辑")
    @PostMapping("/save")
    public ResultHolder save(@RequestBody DeEngine engine) throws Exception {
        return engineService.save(engine);
--- a/backend/src/main/java/io/dataease/controller/engine/KettleController.java
+++ b/backend/src/main/java/io/dataease/controller/engine/KettleController.java
@ -18,6 +18,7 @@ import io.dataease.plugins.xpack.auth.dto.request.DataSetColumnPermissionsDTO;
 import io.dataease.plugins.xpack.auth.service.ColumnPermissionService;
 import io.dataease.service.kettle.KettleService;
 import io.swagger.annotations.ApiOperation;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
@ -33,32 +34,36 @@ public class KettleController {
    @Resource
    private KettleService kettleService;
-    @ApiIgnore
+    @RequiresPermissions("sysparam:read")
    @ApiOperation("新增/编辑")
    @PostMapping("save")
    public ResultHolder save(@RequestBody DeEngine engine) throws Exception{
        return kettleService.save(engine);
    }
    @ApiIgnore
    @PostMapping("validate")
    public  void validate(@RequestBody KettleDTO kettleDTO) throws Exception{
         kettleService.validate(kettleDTO);
    }
-    @ApiIgnore
+    @RequiresPermissions("sysparam:read")
    @ApiOperation("校验")
    @PostMapping("validate/{id}")
    public ResultHolder validate(@PathVariable String id) throws Exception{
        return kettleService.validate(id);
    }
    @RequiresPermissions("sysparam:read")
    @ApiOperation("查询")
    @PostMapping("/pageList/{goPage}/{pageSize}")
    public Pager<List<DeEngine>> pageList( @PathVariable int goPage, @PathVariable int pageSize) {
        Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
        return PageUtils.setPageInfo(page, kettleService.pageList());
    }
-    @ApiIgnore
+    @RequiresPermissions("sysparam:read")
    @ApiOperation("删除")
    @DeleteMapping("delete/{id}")
    public void delete(@PathVariable String id) throws Exception{
        kettleService.delete(id);
--- a/backend/src/main/java/io/dataease/dto/KettleDTO.java
+++ b/backend/src/main/java/io/dataease/dto/KettleDTO.java
@ -1,11 +1,16 @@
 package io.dataease.dto;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
@Data
 public class KettleDTO {
    @ApiModelProperty(value = "Kettle 地址", required = true)
    private String carte;
    @ApiModelProperty(value = "Kettle 端口", required = true)
    private String port;
    @ApiModelProperty(value = "Kettle 用户名", required = true)
    private String user;
    @ApiModelProperty(value = "Kettle 密码", required = true)
    private String passwd;
 }
--- a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
@ -853,6 +853,9 @@ public class DataSetTableService {
    public Map<String, Object> getSQLPreview(DataSetTableRequest dataSetTableRequest) throws Exception {
        Datasource ds = datasourceMapper.selectByPrimaryKey(dataSetTableRequest.getDataSourceId());
        if(ds == null){
            throw new Exception(Translator.get("i18n_invalid_ds"));
        }
        DatasourceProvider datasourceProvider = ProviderFactory.getProvider(ds.getType());
        DatasourceRequest datasourceRequest = new DatasourceRequest();
        datasourceRequest.setDatasource(ds);
--- a/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
+++ b/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
@ -17,6 +17,7 @@ import io.dataease.commons.utils.AuthUtils;
 import io.dataease.commons.utils.CommonThreadPool;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.controller.ResultHolder;
 import io.dataease.controller.datasource.request.UpdataDsRequest;
 import io.dataease.controller.request.DatasourceUnionRequest;
 import io.dataease.controller.request.datasource.ApiDefinition;
 import io.dataease.controller.request.datasource.DatasourceRequest;
@ -56,15 +57,14 @@ public class DatasourceService {
    private DataSetGroupService dataSetGroupService;
    @Resource
    private CommonThreadPool commonThreadPool;
    private static List<String> dsTypes = Arrays.asList("excel", "mysql", "hive", "impala", "mariadb", "ds_doris", "pg", "sqlServer", "oracle", "mongo", "ck", "db2", "es", "redshift", "api");
    @DeCleaner(DePermissionType.DATASOURCE)
    public Datasource addDatasource(Datasource datasource) throws Exception{
-        try{
+        if(!dsTypes.contains(datasource.getType())){
-            DatasourceTypes datasourceType = DatasourceTypes.valueOf(datasource.getType());
+            throw new Exception("Datasource type not supported.");
        }catch (Exception e){
            throw e;
        }
-        checkName(datasource);
+        checkName(datasource.getName(),datasource.getType(), datasource.getId());
        long currentTimeMillis = System.currentTimeMillis();
        datasource.setId(UUID.randomUUID().toString());
        datasource.setUpdateTime(currentTimeMillis);
@ -181,12 +181,21 @@ public class DatasourceService {
        return ResultHolder.success("success");
    }
-    public void updateDatasource(Datasource datasource) {
+    public void updateDatasource(UpdataDsRequest updataDsRequest)throws Exception{
-        checkName(datasource);
+        if(!dsTypes.contains(updataDsRequest.getType())){
            throw new Exception("Datasource type not supported.");
        }
        checkName(updataDsRequest.getName(),updataDsRequest.getType(),updataDsRequest.getId());
        Datasource datasource = new Datasource();
        datasource.setName(updataDsRequest.getName());
        datasource.setDesc(updataDsRequest.getDesc());
        datasource.setConfiguration(updataDsRequest.getConfiguration());
        datasource.setCreateTime(null);
        datasource.setUpdateTime(System.currentTimeMillis());
        checkAndUpdateDatasourceStatus(datasource);
-        datasourceMapper.updateByPrimaryKeySelective(datasource);
+        DatasourceExample example = new DatasourceExample();
        example.createCriteria().andIdEqualTo(updataDsRequest.getId());
        datasourceMapper.updateByExampleSelective(datasource, example);
        handleConnectionPool(datasource, "edit");
    }
@ -276,8 +285,8 @@ public class DatasourceService {
        return datasourceProvider.getSchema(datasourceRequest);
    }
-    public List<DBTableDTO> getTables(Datasource datasource) throws Exception {
+    public List<DBTableDTO> getTables(String id) throws Exception {
-        Datasource ds = datasourceMapper.selectByPrimaryKey(datasource.getId());
+        Datasource ds = datasourceMapper.selectByPrimaryKey(id);
        DatasourceProvider datasourceProvider = ProviderFactory.getProvider(ds.getType());
        DatasourceRequest datasourceRequest = new DatasourceRequest();
        datasourceRequest.setDatasource(ds);
@ -337,13 +346,13 @@ public class DatasourceService {
        });
    }
-    private void checkName(Datasource datasource) {
+    private void checkName(String datasourceName, String type, String id) {
        DatasourceExample example = new DatasourceExample();
        DatasourceExample.Criteria criteria = example.createCriteria();
-        criteria.andNameEqualTo(datasource.getName());
+        criteria.andNameEqualTo(datasourceName);
-        criteria.andTypeEqualTo(datasource.getType());
+        criteria.andTypeEqualTo(type);
-        if (StringUtils.isNotEmpty(datasource.getId())) {
+        if (StringUtils.isNotEmpty(id)) {
-            criteria.andIdNotEqualTo(datasource.getId());
+            criteria.andIdNotEqualTo(id);
        }
        if (CollectionUtils.isNotEmpty(datasourceMapper.selectByExample(example))) {
            DEException.throwException(Translator.get("i18n_ds_name_exists"));
--- a/backend/src/main/java/io/dataease/service/engine/EngineService.java
+++ b/backend/src/main/java/io/dataease/service/engine/EngineService.java
@ -15,6 +15,7 @@ import io.dataease.controller.ResultHolder;
 import io.dataease.controller.request.datasource.DatasourceRequest;
 import io.dataease.dto.DatasourceDTO;
 import io.dataease.dto.datasource.DorisConfiguration;
 import io.dataease.dto.datasource.MysqlConfiguration;
 import io.dataease.listener.util.CacheUtils;
 import io.dataease.provider.ProviderFactory;
 import io.dataease.provider.datasource.DatasourceProvider;
@ -26,10 +27,8 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import javax.annotation.Resource;
-import java.util.Base64;
+import java.sql.Array;
-import java.util.List;
+import java.util.*;
 import java.util.Optional;
 import java.util.UUID;
@Service
@Transactional(rollbackFor = Exception.class)
@ -41,6 +40,10 @@ public class EngineService {
    @Resource
    private DatasourceService datasource;
    static private List<String>simple_engine = Arrays.asList("engine_mysql");
    static private List<String>cluster_engine = Arrays.asList("engine_doris");
    public Boolean isLocalMode() {
        return env.getProperty("engine_mode", "local").equalsIgnoreCase("local");
    }
@ -71,7 +74,7 @@ public class EngineService {
        return deEngines.get(0);
    }
-    public ResultHolder validate(DatasourceDTO datasource) throws Exception {
+    public ResultHolder validate(Datasource datasource) throws Exception {
        if (StringUtils.isEmpty(datasource.getType()) || StringUtils.isEmpty(datasource.getConfiguration())) {
            throw new Exception("未完整设置数据引擎");
        }
@ -119,6 +122,7 @@ public class EngineService {
    }
    public ResultHolder save(DeEngine engine) throws Exception {
        checkValid(engine);
        if (StringUtils.isEmpty(engine.getId())) {
            engine.setId(UUID.randomUUID().toString());
            deEngineMapper.insert(engine);
@ -131,6 +135,22 @@ public class EngineService {
        return ResultHolder.success(engine);
    }
    private void checkValid(DeEngine engine)throws Exception{
        if(isLocalMode()){
            throw new Exception("Setting engine is not supported.");
        }
        if(isSimpleMode()){
            if(!simple_engine.contains(engine.getType())){
                throw new Exception("Engine type not supported.");
            }
        }
        if(isClusterMode()){
            if(!cluster_engine.contains(engine.getType())){
                throw new Exception("Engine type not supported.");
            }
        }
    }
    private void setDs(DeEngine engine) {
        Datasource datasource = new Datasource();
        BeanUtils.copyBean(datasource, engine);
--- a/frontend/src/views/dataset/add/AddApi.vue
+++ b/frontend/src/views/dataset/add/AddApi.vue
@ -94,7 +94,7 @@ export default {
  watch: {
    dataSource(val) {
      if (val) {
-        post('/datasource/getTables', { id: val }).then(response => {
+        post('/datasource/getTables/' + val, {}).then(response => {
          this.tables = response.data
          this.tableData = JSON.parse(JSON.stringify(this.tables))
        })
--- a/frontend/src/views/dataset/add/AddDB.vue
+++ b/frontend/src/views/dataset/add/AddDB.vue
@ -100,7 +100,7 @@ export default {
  watch: {
    dataSource(val) {
      if (val) {
-        post('/datasource/getTables', {id: val}).then(response => {
+        post('/datasource/getTables/' + val, {}).then(response => {
          this.tables = response.data
          this.tableData = JSON.parse(JSON.stringify(this.tables))
        })