mirror of
https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
synced 2024-12-02 12:09:13 +08:00
refactor: 后台服务间调用不使用apikey
This commit is contained in:
parent
e148a7a84e
commit
41e7f8bffe
@ -1,19 +1,16 @@
|
||||
package io.metersphere.commons.utils;
|
||||
|
||||
import io.metersphere.base.domain.User;
|
||||
import io.metersphere.base.domain.UserKey;
|
||||
import io.metersphere.commons.constants.ApiKeyConstants;
|
||||
import io.metersphere.commons.constants.SessionConstants;
|
||||
import io.metersphere.commons.exception.MSException;
|
||||
import io.metersphere.commons.user.SessionUser;
|
||||
import io.metersphere.dto.UserDTO;
|
||||
import io.metersphere.service.BaseUserService;
|
||||
import io.metersphere.service.UserKeyService;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.MediaType;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* 服务之间调用,需要添加HttpHeader,获取的时候注意当前线程的位置
|
||||
@ -57,33 +54,19 @@ public class HttpHeaderUtils {
|
||||
|
||||
User user = sessionUserThreadLocal.get();
|
||||
if (user != null) {
|
||||
UserKey userKey = getUserKey(user);
|
||||
accessKey = userKey.getAccessKey();
|
||||
String secretKey = userKey.getSecretKey();
|
||||
headers.add(SessionConstants.ACCESS_KEY, accessKey);
|
||||
headers.add(SessionConstants.SIGNATURE, CodingUtil.aesDecrypt(accessKey + "|" + System.currentTimeMillis(), secretKey, accessKey));
|
||||
headers.remove(HttpHeaders.COOKIE);
|
||||
UserDTO userDTO = new UserDTO();
|
||||
BeanUtils.copyProperties(user, userDTO);
|
||||
SessionUser sessionUser = SessionUser.fromUser(userDTO, UUID.randomUUID().toString());
|
||||
|
||||
headers.add(SessionConstants.HEADER_TOKEN, sessionUser.getSessionId());
|
||||
headers.add(SessionConstants.CSRF_TOKEN, sessionUser.getCsrfToken());
|
||||
headers.add(SessionConstants.CURRENT_PROJECT, sessionUser.getLastProjectId());
|
||||
headers.add(SessionConstants.CURRENT_WORKSPACE, sessionUser.getLastWorkspaceId());
|
||||
}
|
||||
|
||||
return headers;
|
||||
}
|
||||
|
||||
private static UserKey getUserKey(User user) {
|
||||
UserKeyService userKeyService = CommonBeanFactory.getBean(UserKeyService.class);
|
||||
List<UserKey> userKeys = userKeyService.getUserKeysInfo(user.getId());
|
||||
UserKey userKey;
|
||||
if (CollectionUtils.isEmpty(userKeys)) {
|
||||
userKey = userKeyService.generateUserKey(user.getId());
|
||||
} else {
|
||||
Optional<UserKey> ukOp = userKeys.stream().filter(uk -> StringUtils.equals(uk.getStatus(), ApiKeyConstants.ACTIVE.name())).findAny();
|
||||
if (ukOp.isEmpty()) {
|
||||
MSException.throwException("用户[" + user.getId() + "]至少需要开启一个ApiKey");
|
||||
}
|
||||
userKey = ukOp.get();
|
||||
}
|
||||
return userKey;
|
||||
}
|
||||
|
||||
public static void runAsUser(User user) {
|
||||
if (user != null) {
|
||||
if (StringUtils.isBlank(user.getId())) {
|
||||
|
@ -6,17 +6,11 @@ import io.metersphere.commons.utils.CodingUtil;
|
||||
import io.metersphere.commons.utils.LogUtil;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
public class ApiKeySessionHandler {
|
||||
|
||||
public static final String SSO_SOURCE_ID = "sourceId";
|
||||
|
||||
public static String random = UUID.randomUUID() + UUID.randomUUID().toString();
|
||||
|
||||
public static String validate(HttpServletRequest request) {
|
||||
@ -32,49 +26,6 @@ public class ApiKeySessionHandler {
|
||||
return null;
|
||||
}
|
||||
|
||||
public static void logout(HttpServletRequest request, HttpServletResponse response, String... remainSessionId) {
|
||||
try {
|
||||
Set<String> remainSessionIdSet = new HashSet<>();
|
||||
int len$;
|
||||
int i$;
|
||||
if (remainSessionId != null && remainSessionId.length > 0) {
|
||||
String[] arr$ = remainSessionId;
|
||||
len$ = remainSessionId.length;
|
||||
|
||||
for (i$ = 0; i$ < len$; ++i$) {
|
||||
String s = arr$[i$];
|
||||
if (s != null && !StringUtils.EMPTY.equals(s)) {
|
||||
remainSessionIdSet.add(s.toLowerCase());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (request.getCookies() != null) {
|
||||
Cookie[] arr$ = request.getCookies();
|
||||
len$ = arr$.length;
|
||||
|
||||
for (i$ = 0; i$ < len$; ++i$) {
|
||||
Cookie cookie = arr$[i$];
|
||||
if (!cookie.getName().toLowerCase().contains("rememberme") && (remainSessionIdSet.size() == 0 || !remainSessionIdSet.contains(cookie.getName().toLowerCase()))) {
|
||||
cookie.setValue("deleteMe");
|
||||
cookie.setPath("/");
|
||||
cookie.setMaxAge(0);
|
||||
response.addCookie(cookie);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Cookie cookie = new Cookie("MS_SESSION_ID", "deleteMe");
|
||||
cookie.setPath("/");
|
||||
cookie.setMaxAge(0);
|
||||
response.addCookie(cookie);
|
||||
}
|
||||
request.logout();
|
||||
} catch (Exception var8) {
|
||||
LogUtil.error("failed to logout", var8);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private static String validate(String csrfToken) {
|
||||
csrfToken = CodingUtil.aesDecrypt(csrfToken, SessionUser.secret, SessionUser.iv);
|
||||
String[] signatureArray = StringUtils.split(StringUtils.trimToNull(csrfToken), "|");
|
||||
@ -83,5 +34,4 @@ public class ApiKeySessionHandler {
|
||||
}
|
||||
return signatureArray[0];
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user