From 41e7f8bffe0646284fdd0d3f18e24105456e2302 Mon Sep 17 00:00:00 2001 From: CaptainB Date: Mon, 9 Jan 2023 14:31:40 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=90=8E=E5=8F=B0=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E9=97=B4=E8=B0=83=E7=94=A8=E4=B8=8D=E4=BD=BF=E7=94=A8?= =?UTF-8?q?apikey?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../commons/utils/HttpHeaderUtils.java | 41 +++++---------- .../security/ApiKeySessionHandler.java | 50 ------------------- 2 files changed, 12 insertions(+), 79 deletions(-) diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java index a670ee035f..bca8ac1d00 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java @@ -1,19 +1,16 @@ package io.metersphere.commons.utils; import io.metersphere.base.domain.User; -import io.metersphere.base.domain.UserKey; -import io.metersphere.commons.constants.ApiKeyConstants; import io.metersphere.commons.constants.SessionConstants; -import io.metersphere.commons.exception.MSException; +import io.metersphere.commons.user.SessionUser; +import io.metersphere.dto.UserDTO; import io.metersphere.service.BaseUserService; -import io.metersphere.service.UserKeyService; -import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.BeanUtils; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; -import java.util.List; -import java.util.Optional; +import java.util.UUID; /** * 服务之间调用,需要添加HttpHeader,获取的时候注意当前线程的位置 @@ -57,33 +54,19 @@ public class HttpHeaderUtils { User user = sessionUserThreadLocal.get(); if (user != null) { - UserKey userKey = getUserKey(user); - accessKey = userKey.getAccessKey(); - String secretKey = userKey.getSecretKey(); - headers.add(SessionConstants.ACCESS_KEY, accessKey); - headers.add(SessionConstants.SIGNATURE, CodingUtil.aesDecrypt(accessKey + "|" + System.currentTimeMillis(), secretKey, accessKey)); - headers.remove(HttpHeaders.COOKIE); + UserDTO userDTO = new UserDTO(); + BeanUtils.copyProperties(user, userDTO); + SessionUser sessionUser = SessionUser.fromUser(userDTO, UUID.randomUUID().toString()); + + headers.add(SessionConstants.HEADER_TOKEN, sessionUser.getSessionId()); + headers.add(SessionConstants.CSRF_TOKEN, sessionUser.getCsrfToken()); + headers.add(SessionConstants.CURRENT_PROJECT, sessionUser.getLastProjectId()); + headers.add(SessionConstants.CURRENT_WORKSPACE, sessionUser.getLastWorkspaceId()); } return headers; } - private static UserKey getUserKey(User user) { - UserKeyService userKeyService = CommonBeanFactory.getBean(UserKeyService.class); - List userKeys = userKeyService.getUserKeysInfo(user.getId()); - UserKey userKey; - if (CollectionUtils.isEmpty(userKeys)) { - userKey = userKeyService.generateUserKey(user.getId()); - } else { - Optional ukOp = userKeys.stream().filter(uk -> StringUtils.equals(uk.getStatus(), ApiKeyConstants.ACTIVE.name())).findAny(); - if (ukOp.isEmpty()) { - MSException.throwException("用户[" + user.getId() + "]至少需要开启一个ApiKey"); - } - userKey = ukOp.get(); - } - return userKey; - } - public static void runAsUser(User user) { if (user != null) { if (StringUtils.isBlank(user.getId())) { diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java index 7da4e84c71..e027df954f 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java @@ -6,17 +6,11 @@ import io.metersphere.commons.utils.CodingUtil; import io.metersphere.commons.utils.LogUtil; import org.apache.commons.lang3.StringUtils; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.HashSet; -import java.util.Set; import java.util.UUID; public class ApiKeySessionHandler { - public static final String SSO_SOURCE_ID = "sourceId"; - public static String random = UUID.randomUUID() + UUID.randomUUID().toString(); public static String validate(HttpServletRequest request) { @@ -32,49 +26,6 @@ public class ApiKeySessionHandler { return null; } - public static void logout(HttpServletRequest request, HttpServletResponse response, String... remainSessionId) { - try { - Set remainSessionIdSet = new HashSet<>(); - int len$; - int i$; - if (remainSessionId != null && remainSessionId.length > 0) { - String[] arr$ = remainSessionId; - len$ = remainSessionId.length; - - for (i$ = 0; i$ < len$; ++i$) { - String s = arr$[i$]; - if (s != null && !StringUtils.EMPTY.equals(s)) { - remainSessionIdSet.add(s.toLowerCase()); - } - } - } - - if (request.getCookies() != null) { - Cookie[] arr$ = request.getCookies(); - len$ = arr$.length; - - for (i$ = 0; i$ < len$; ++i$) { - Cookie cookie = arr$[i$]; - if (!cookie.getName().toLowerCase().contains("rememberme") && (remainSessionIdSet.size() == 0 || !remainSessionIdSet.contains(cookie.getName().toLowerCase()))) { - cookie.setValue("deleteMe"); - cookie.setPath("/"); - cookie.setMaxAge(0); - response.addCookie(cookie); - } - } - } else { - Cookie cookie = new Cookie("MS_SESSION_ID", "deleteMe"); - cookie.setPath("/"); - cookie.setMaxAge(0); - response.addCookie(cookie); - } - request.logout(); - } catch (Exception var8) { - LogUtil.error("failed to logout", var8); - } - - } - private static String validate(String csrfToken) { csrfToken = CodingUtil.aesDecrypt(csrfToken, SessionUser.secret, SessionUser.iv); String[] signatureArray = StringUtils.split(StringUtils.trimToNull(csrfToken), "|"); @@ -83,5 +34,4 @@ public class ApiKeySessionHandler { } return signatureArray[0]; } - }