fix: 积木报表 API 数据集解析时 token 未正确解析的问题

3 years ago · 93686c7b60
parent ee454ace9d
commit 93686c7b60
3 changed files with 29 additions and 144 deletions
--- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java
+++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java
@ -1,11 +1,8 @@
 package cn.iocoder.yudao.module.visualization.framework.jmreport.config;

-import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum;
 import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl;
-import cn.iocoder.yudao.module.visualization.framework.jmreport.core.web.JmReportTokenFilter;
 import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
@ -25,12 +22,4 @@ public class JmReportConfiguration {
        return new JmReportTokenServiceImpl(oAuth2TokenApi);
    }

-    @Bean
-    @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
-    public FilterRegistrationBean<JmReportTokenFilter> registerMyAnotherFilter(OAuth2TokenApi oAuth2TokenApi){
-        FilterRegistrationBean<JmReportTokenFilter> bean = new FilterRegistrationBean<>();
-        bean.setOrder(WebFilterOrderEnum.JM_TOKEN_FILTER);
-        bean.setFilter(new JmReportTokenFilter(oAuth2TokenApi));
-        return bean;
-    }
 }
--- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java
+++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java
@ -2,6 +2,7 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.core.service;

 import cn.hutool.core.util.StrUtil;
 import cn.iocoder.yudao.framework.common.exception.ServiceException;
+import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
 import cn.iocoder.yudao.framework.security.core.LoginUser;
 import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
 import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
@ -10,6 +11,9 @@ import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
 import lombok.RequiredArgsConstructor;
 import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
+import org.springframework.http.HttpHeaders;
+
+import javax.servlet.http.HttpServletRequest;

 /**
 * {@link JmReportTokenServiceI} 实现类，提供积木报表的 Token 校验、用户信息的查询等功能
@ -18,9 +22,33 @@ import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
 */
@RequiredArgsConstructor
 public class JmReportTokenServiceImpl implements JmReportTokenServiceI {
+    private static final String JM_TOKEN_HEADER = "X-Access-Token";
+    /**
+     * 系统内置请求头
+     */
+    private static final String TOKEN_HEADER = "Authorization";
+    /**
+     * auth 相关格式
+     */
+    private static final String AUTHORIZATION_FORMAT = "Bearer %s";

    private final OAuth2TokenApi oauth2TokenApi;

+    /**
+     * 修改请求的 head
+     *
+     * @return 新 head
+     */
+    @Override
+    public HttpHeaders customApiHeader() {
+        HttpHeaders header = new HttpHeaders();
+        HttpServletRequest request = ServletUtils.getRequest();
+        String token = request.getHeader(JM_TOKEN_HEADER);
+
+        header.add(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token));
+        return header;
+    }
+
    /**
     * 校验 Token 是否有效，即验证通过
     *
@ -62,7 +90,7 @@ public class JmReportTokenServiceImpl implements JmReportTokenServiceI {

    /**
     * 获得用户编号
-     *
+     * <p>
     * 虽然方法名获得的是 username，实际对应到项目中是用户编号
     *
     * @param token JmReport 前端传递的 token
--- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java
+++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java
@ -1,132 +0,0 @@
-package cn.iocoder.yudao.module.visualization.framework.jmreport.core.web;
-
-import cn.hutool.core.util.StrUtil;
-import cn.iocoder.yudao.framework.security.core.LoginUser;
-import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
-import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
-import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
-import lombok.RequiredArgsConstructor;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import java.io.IOException;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-
-/**
- * 积木报表 token 处理，将积木报表请求头中的 token 转换成 spring security 的 auth head
- */
-@RequiredArgsConstructor
-public class JmReportTokenFilter implements Filter {
-    /**
-     * 积木 token 请求头
-     */
-    private static final String JM_TOKEN_HEADER = "X-Access-Token";
-    /**
-     * 系统内置请求头
-     */
-    private static final String TOKEN_HEADER = "Authorization";
-    /**
-     * auth 相关格式
-     */
-    private static final String AUTHORIZATION_FORMAT = "Bearer %s";
-
-    private final OAuth2TokenApi oauth2TokenApi;
-
-    @Override
-    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
-        // 积木请求头
-        HttpServletRequest req = (HttpServletRequest) servletRequest;
-        String token = req.getHeader(JM_TOKEN_HEADER);
-        if (StrUtil.isNotEmpty(token)) {
-            // 1. 增加请求头
-            HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req);
-            requestWrapper.addHeader(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token));
-
-            OAuth2AccessTokenCheckRespDTO resp = oauth2TokenApi.checkAccessToken(token);
-            Optional<LoginUser> optUser = Optional.ofNullable(resp)
-                    .map(
-                            t -> new LoginUser().setId(t.getUserId())
-                                    .setUserType(t.getUserType())
-                                    .setTenantId(t.getTenantId())
-                                    .setScopes(t.getScopes())
-                    );
-            if (optUser.isPresent()) {
-                // 2. 设置登录用户类型
-                WebFrameworkUtils.setLoginUserType(servletRequest, optUser.get().getUserType());
-                filterChain.doFilter(requestWrapper, servletResponse);
-                return;
-            }
-        }
-        filterChain.doFilter(servletRequest, servletResponse);
-    }
-
-    /**
-     * request 包装类，用于修改 head
-     *
-     * <a href="https://stackoverflow.com/questions/2811769/adding-an-http-header-to-the-request-in-a-servlet-filter">add request head</a>
-     */
-    public class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
-        /**
-         * construct a wrapper for this request
-         *
-         * @param request
-         */
-        public HeaderMapRequestWrapper(HttpServletRequest request) {
-            super(request);
-        }
-
-        private Map<String, String> headerMap = new HashMap<String, String>();
-
-        /**
-         * add a header with given name and value
-         *
-         * @param name
-         * @param value
-         */
-        public void addHeader(String name, String value) {
-            headerMap.put(name, value);
-        }
-
-        @Override
-        public String getHeader(String name) {
-            String headerValue = super.getHeader(name);
-            if (headerMap.containsKey(name)) {
-                headerValue = headerMap.get(name);
-            }
-            return headerValue;
-        }
-
-        /**
-         * get the Header names
-         */
-        @Override
-        public Enumeration<String> getHeaderNames() {
-            List<String> names = Collections.list(super.getHeaderNames());
-            for (String name : headerMap.keySet()) {
-                names.add(name);
-            }
-            return Collections.enumeration(names);
-        }
-
-        @Override
-        public Enumeration<String> getHeaders(String name) {
-            List<String> values = Collections.list(super.getHeaders(name));
-            if (headerMap.containsKey(name)) {
-                values.add(headerMap.get(name));
-            }
-            return Collections.enumeration(values);
-        }
-
-    }
-
-}