fix: 积木报表 API 数据集解析时 token 未正确解析的问题

2023-01-07 02:08:22 +08:00 · 2023-01-07 02:08:22 +08:00 · ee454ace9d
parent 717dd1ab7c
commit ee454ace9d
5 changed files with 151 additions and 28 deletions
--- a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java
+++ b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java
@ -2,7 +2,7 @@ package cn.iocoder.yudao.framework.common.enums;

 /**
 * Web 过滤器顺序的枚举类，保证过滤器按照符合我们的预期
- *
+ * <p>
 * 考虑到每个 starter 都需要用到该工具类，所以放到 common 模块下的 enums 包下
 *
 * @author 芋道源码
@ -17,6 +17,8 @@ public interface WebFilterOrderEnum {

    // OrderedRequestContextFilter 默认为 -105，用于国际化上下文等等

+    int JM_TOKEN_FILTER = -105; // 需要保证在  Spring Security 过滤前面
+
    int TENANT_CONTEXT_FILTER = -104; // 需要保证在 ApiAccessLogFilter 前面

    int API_ACCESS_LOG_FILTER = -103; // 需要保证在 RequestBodyCacheFilter 后面
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java
@ -20,8 +20,6 @@ public class SecurityProperties {
    @NotEmpty(message = "Token Header 不能为空")
    private String tokenHeader = "Authorization";

-    private String jmTokenHeader = "X-Access-Token";
-
    /**
     * mock 模式的开关
     */
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
@ -21,7 +21,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Optional;

 /**
 * Token 过滤器，验证 token 的有效性
@ -63,25 +62,6 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
                return;
            }
        }
-        // 积木请求头
-        String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader());
-        if (StrUtil.isNotEmpty(jmTokenHeader)) {
-            try {
-                OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader);
-                Optional<LoginUser> optUser = Optional.ofNullable(accessToken)
-                        .map(
-                                t -> new LoginUser().setId(t.getUserId())
-                                        .setUserType(t.getUserType())
-                                        .setTenantId(t.getTenantId())
-                                        .setScopes(t.getScopes())
-                        );
-                if (optUser.isPresent()) {
-                    SecurityFrameworkUtils.setLoginUser(optUser.get(), request);
-                }
-            } catch (ServiceException ignored) {
-                // do nothing：如果报错，说明认证失败，忽略即可
-            }
-        }

        // 继续过滤链
        chain.doFilter(request, response);
@ -108,7 +88,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {

    /**
     * 模拟登录用户，方便日常开发调试
-     * <p>
+     *
     * 注意，在线上环境下，一定要关闭该功能！！！
     *
     * @param request 请求
--- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java
+++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java
@ -1,8 +1,11 @@
 package cn.iocoder.yudao.module.visualization.framework.jmreport.config;

+import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum;
 import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl;
+import cn.iocoder.yudao.module.visualization.framework.jmreport.core.web.JmReportTokenFilter;
 import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
@ -22,4 +25,12 @@ public class JmReportConfiguration {
        return new JmReportTokenServiceImpl(oAuth2TokenApi);
    }

+    @Bean
+    @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
+    public FilterRegistrationBean<JmReportTokenFilter> registerMyAnotherFilter(OAuth2TokenApi oAuth2TokenApi){
+        FilterRegistrationBean<JmReportTokenFilter> bean = new FilterRegistrationBean<>();
+        bean.setOrder(WebFilterOrderEnum.JM_TOKEN_FILTER);
+        bean.setFilter(new JmReportTokenFilter(oAuth2TokenApi));
+        return bean;
+    }
 }
--- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java
+++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java
@ -0,0 +1,132 @@
+package cn.iocoder.yudao.module.visualization.framework.jmreport.core.web;
+
+import cn.hutool.core.util.StrUtil;
+import cn.iocoder.yudao.framework.security.core.LoginUser;
+import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
+import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import lombok.RequiredArgsConstructor;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * 积木报表 token 处理，将积木报表请求头中的 token 转换成 spring security 的 auth head
+ */
+@RequiredArgsConstructor
+public class JmReportTokenFilter implements Filter {
+    /**
+     * 积木 token 请求头
+     */
+    private static final String JM_TOKEN_HEADER = "X-Access-Token";
+    /**
+     * 系统内置请求头
+     */
+    private static final String TOKEN_HEADER = "Authorization";
+    /**
+     * auth 相关格式
+     */
+    private static final String AUTHORIZATION_FORMAT = "Bearer %s";
+
+    private final OAuth2TokenApi oauth2TokenApi;
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        // 积木请求头
+        HttpServletRequest req = (HttpServletRequest) servletRequest;
+        String token = req.getHeader(JM_TOKEN_HEADER);
+        if (StrUtil.isNotEmpty(token)) {
+            // 1. 增加请求头
+            HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req);
+            requestWrapper.addHeader(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token));
+
+            OAuth2AccessTokenCheckRespDTO resp = oauth2TokenApi.checkAccessToken(token);
+            Optional<LoginUser> optUser = Optional.ofNullable(resp)
+                    .map(
+                            t -> new LoginUser().setId(t.getUserId())
+                                    .setUserType(t.getUserType())
+                                    .setTenantId(t.getTenantId())
+                                    .setScopes(t.getScopes())
+                    );
+            if (optUser.isPresent()) {
+                // 2. 设置登录用户类型
+                WebFrameworkUtils.setLoginUserType(servletRequest, optUser.get().getUserType());
+                filterChain.doFilter(requestWrapper, servletResponse);
+                return;
+            }
+        }
+        filterChain.doFilter(servletRequest, servletResponse);
+    }
+
+    /**
+     * request 包装类，用于修改 head
+     *
+     * <a href="https://stackoverflow.com/questions/2811769/adding-an-http-header-to-the-request-in-a-servlet-filter">add request head</a>
+     */
+    public class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
+        /**
+         * construct a wrapper for this request
+         *
+         * @param request
+         */
+        public HeaderMapRequestWrapper(HttpServletRequest request) {
+            super(request);
+        }
+
+        private Map<String, String> headerMap = new HashMap<String, String>();
+
+        /**
+         * add a header with given name and value
+         *
+         * @param name
+         * @param value
+         */
+        public void addHeader(String name, String value) {
+            headerMap.put(name, value);
+        }
+
+        @Override
+        public String getHeader(String name) {
+            String headerValue = super.getHeader(name);
+            if (headerMap.containsKey(name)) {
+                headerValue = headerMap.get(name);
+            }
+            return headerValue;
+        }
+
+        /**
+         * get the Header names
+         */
+        @Override
+        public Enumeration<String> getHeaderNames() {
+            List<String> names = Collections.list(super.getHeaderNames());
+            for (String name : headerMap.keySet()) {
+                names.add(name);
+            }
+            return Collections.enumeration(names);
+        }
+
+        @Override
+        public Enumeration<String> getHeaders(String name) {
+            List<String> values = Collections.list(super.getHeaders(name));
+            if (headerMap.containsKey(name)) {
+                values.add(headerMap.get(name));
+            }
+            return Collections.enumeration(values);
+        }
+
+    }
+
+}