Skip to content

Commit

Permalink
完善数据源防护功能
Browse files Browse the repository at this point in the history
  • Loading branch information
interestinglife committed Aug 31, 2021
1 parent 227470e commit ba6b8f0
Showing 9 changed files with 430 additions and 6 deletions.
2 changes: 2 additions & 0 deletions Roadmap.txt
Original file line number Diff line number Diff line change
@@ -20,6 +20,8 @@

待定:

修复在已登录状态下打开/login地址会死循环的BUG;
修复登录超时后打开页面内对话框未处理超时的BUG;
看板图表新增导出数据功能;
共享看板支持设置密码;
看板模板管理功能和内置看板模板;
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@

package org.datagear.management.service;

import org.datagear.management.domain.Schema;
import org.datagear.management.domain.SchemaGuard;

/**
@@ -17,4 +18,29 @@
*/
public interface SchemaGuardService extends EntityService<String, SchemaGuard>
{
/**
* 是否允许创建指定的{@linkplain Schema#getUrl()}。
* <p>
* 实现类应支持{@code *}(表示任意多个字符)匹配规则,例如:
* </p>
* <ul>
* <li>{@code *}<br>
* 匹配任意URL</li>
* <li>{@code *abc}<br>
* 匹配以{@code abc}结尾的URL</li>
* <li>{@code abc*}<br>
* 匹配以{@code abc}开头的URL</li>
* <li>{@code abc*def}<br>
* 匹配以{@code abc}开头、以{@code def}结尾的URL</li>
* <li>{@code *abc*def*}<br>
* 匹配依次包含{@code abc}、{@code def}的URL</li>
* </ul>
* <p>
* 另外,如果没有定义任何{@linkplain SchemaGuard},应返回{@code true}。
* </p>
*
* @param schemaURL
* @return
*/
boolean isPermitted(String schemaUrl);
}
Original file line number Diff line number Diff line change
@@ -7,6 +7,8 @@

package org.datagear.management.service.impl;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;

@@ -15,6 +17,9 @@
import org.datagear.management.domain.SchemaGuard;
import org.datagear.management.service.SchemaGuardService;
import org.datagear.management.util.dialect.MbSqlDialect;
import org.datagear.persistence.Query;
import org.datagear.util.AsteriskPatternMatcher;
import org.datagear.util.StringUtil;
import org.mybatis.spring.SqlSessionTemplate;

/**
@@ -28,6 +33,10 @@ public class SchemaGuardServiceImpl extends AbstractMybatisEntityService<String,
{
protected static final String SQL_NAMESPACE = SchemaGuard.class.getName();

private AsteriskPatternMatcher asteriskPatternMatcher = new AsteriskPatternMatcher();

private volatile List<SchemaGuard> _schemaGuardListCache = null;

public SchemaGuardServiceImpl()
{
super();
@@ -43,6 +52,77 @@ public SchemaGuardServiceImpl(SqlSessionTemplate sqlSessionTemplate, MbSqlDialec
super(sqlSessionTemplate, dialect);
}

public AsteriskPatternMatcher getAsteriskPatternMatcher()
{
return asteriskPatternMatcher;
}

public void setAsteriskPatternMatcher(AsteriskPatternMatcher asteriskPatternMatcher)
{
this.asteriskPatternMatcher = asteriskPatternMatcher;
}

@Override
public boolean isPermitted(String schemaUrl)
{
if (this._schemaGuardListCache == null)
{
List<SchemaGuard> schemaGuards = query("getAll", new Query(), buildParamMap(), true);
SchemaGuard.sortByPriority(schemaGuards);
this._schemaGuardListCache = Collections.unmodifiableList(new ArrayList<SchemaGuard>(schemaGuards));
}

// 默认为true,表示允许,比如当没有定义任何SchemaGuard时
boolean permitted = true;

for (SchemaGuard schemaGuard : this._schemaGuardListCache)
{
if (!schemaGuard.isEnabled())
continue;

String pattern = schemaGuard.getPattern();

if(StringUtil.isEmpty(pattern))
continue;

if (this.asteriskPatternMatcher.matches(pattern, schemaUrl))
{
permitted = schemaGuard.isPermitted();
break;
}
}

return permitted;
}

@Override
protected boolean update(SchemaGuard entity, Map<String, Object> params)
{
boolean re = super.update(entity, params);

this._schemaGuardListCache = null;

return re;
}

@Override
protected boolean deleteById(String id, Map<String, Object> params)
{
boolean re = super.deleteById(id, params);

this._schemaGuardListCache = null;

return re;
}

@Override
protected void add(SchemaGuard entity, Map<String, Object> params)
{
super.add(entity, params);

this._schemaGuardListCache = null;
}

@Override
protected List<SchemaGuard> query(String statement, Map<String, Object> params)
{
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@
import org.datagear.management.domain.User;
import org.datagear.management.service.AuthorizationService;
import org.datagear.management.service.PermissionDeniedException;
import org.datagear.management.service.SchemaGuardService;
import org.datagear.management.service.SchemaService;
import org.datagear.management.service.UserService;
import org.datagear.management.util.dialect.MbSqlDialect;
@@ -36,27 +37,31 @@ public class SchemaServiceImpl extends AbstractMybatisDataPermissionEntityServic

private UserService userService;

private SchemaGuardService schemaGuardService;

public SchemaServiceImpl()
{
super();
}

public SchemaServiceImpl(SqlSessionFactory sqlSessionFactory, MbSqlDialect dialect,
AuthorizationService authorizationService,
DriverEntityManager driverEntityManager, UserService userService)
DriverEntityManager driverEntityManager, UserService userService, SchemaGuardService schemaGuardService)
{
super(sqlSessionFactory, dialect, authorizationService);
this.driverEntityManager = driverEntityManager;
this.userService = userService;
this.schemaGuardService = schemaGuardService;
}

public SchemaServiceImpl(SqlSessionTemplate sqlSessionTemplate, MbSqlDialect dialect,
AuthorizationService authorizationService,
DriverEntityManager driverEntityManager, UserService userService)
DriverEntityManager driverEntityManager, UserService userService, SchemaGuardService schemaGuardService)
{
super(sqlSessionTemplate, dialect, authorizationService);
this.driverEntityManager = driverEntityManager;
this.userService = userService;
this.schemaGuardService = schemaGuardService;
}

public DriverEntityManager getDriverEntityManager()
@@ -79,6 +84,16 @@ public void setUserService(UserService userService)
this.userService = userService;
}

public SchemaGuardService getSchemaGuardService()
{
return schemaGuardService;
}

public void setSchemaGuardService(SchemaGuardService schemaGuardService)
{
this.schemaGuardService = schemaGuardService;
}

@Override
public String getResourceType()
{
@@ -157,8 +172,13 @@ protected void checkInput(Schema entity)
*/
protected void checkSaveUrlPermission(User user, String url) throws SaveSchemaUrlPermissionDeniedException
{
// TODO 新增数据源防护功能,管理员可设置URL白/黑名单,只允许新建名单允许的数据源
// throw new SaveSchemaUrlPermissionDeniedException();
if (user.isAdmin())
return;

if (this.schemaGuardService.isPermitted(url))
return;

throw new SaveSchemaUrlPermissionDeniedException();
}

@Override
Original file line number Diff line number Diff line change
@@ -41,6 +41,13 @@
T.${_iq_}id${_iq_} = #{id}
</select>

<select id="getAll" resultType="org.datagear.management.domain.SchemaGuard">
SELECT
T.*
FROM
(<include refid="queryView" />) T
</select>

<select id="query" resultType="org.datagear.management.domain.SchemaGuard">
SELECT
T.*
Loading

0 comments on commit ba6b8f0

Please sign in to comment.