Feat permission (#287)

* feat:temp save * feat:temp save * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: feedback save * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: AppAuthAspect * feat: DesensitizationResponseType --------- Co-authored-by: yushuwang <[email protected]>
arextest · Oct 16, 2023 · c1645e2 · c1645e2
1 parent 4b73fbd
commit c1645e2
Show file tree

Hide file tree

Showing 21 changed files with 277 additions and 21 deletions.
diff --git a/arex-web-api/src/main/java/com/arextest/web/api/service/aspect/AppAuthAspect.java b/arex-web-api/src/main/java/com/arextest/web/api/service/aspect/AppAuthAspect.java
@@ -0,0 +1,84 @@
+package com.arextest.web.api.service.aspect;
+
+import com.arextest.common.annotation.AppAuth;
+import com.arextest.common.context.ArexContext;
+import com.arextest.common.model.response.ResponseCode;
+import com.arextest.common.utils.JwtUtil;
+import com.arextest.common.utils.ResponseUtils;
+import com.arextest.config.model.dto.application.ApplicationConfiguration;
+import com.arextest.config.repository.impl.ApplicationConfigurationRepositoryImpl;
+import com.arextest.web.api.service.controller.Constants;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+
+/**
+ * @author wildeslam.
+ * @create 2023/10/8 17:12
+ */
+@Slf4j
+@Aspect
+@Component
+@ConditionalOnProperty(value = "arex.app.auth.switch", havingValue = "true")
+public class AppAuthAspect {
+    @Resource
+    private ApplicationConfigurationRepositoryImpl applicationConfigurationRepository;
+
+    @Pointcut("@annotation(com.arextest.common.annotation.AppAuth)")
+    public void appAuth(){}
+
+    @Around("appAuth() && @annotation(auth)")
+    public Object doAround(ProceedingJoinPoint point, AppAuth auth) throws Throwable {
+        ArexContext context = ArexContext.getContext();
+        ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        HttpServletRequest request = requestAttributes.getRequest();
+        String appId = request.getHeader("appId");
+        String accessToken = request.getHeader("access-token");
+        String userName = JwtUtil.getUserName(accessToken);
+        context.setAppId(appId);
+        context.setOperator(userName);
+        if (appId == null) {
+            LOGGER.error("header has no appId");
+            return reject(point, auth, Constants.NO_APPID);
+        }
+        List<ApplicationConfiguration> applications = applicationConfigurationRepository.listBy(context.getAppId());
+        if (CollectionUtils.isEmpty(applications)) {
+            LOGGER.error("error appId");
+            return reject(point, auth, Constants.ERROR_APPID);
+        }
+        ApplicationConfiguration application = applications.get(0);
+        Object result;
+        if (CollectionUtils.isEmpty(application.getOwners()) || application.getOwners().contains(userName)) {
+            context.setPassAuth(true);
+            result = point.proceed();
+        } else {
+            context.setPassAuth(false);
+            result =  reject(point, auth, Constants.NO_PERMISSION);
+        }
+        ArexContext.removeContext();
+        return result;
+    }
+
+    private Object reject(ProceedingJoinPoint point, AppAuth auth, String remark) throws Throwable {
+        switch (auth.rejectStrategy()) {
+            case FAIL_RESPONSE:
+                return ResponseUtils.errorResponse(remark, ResponseCode.AUTHENTICATION_FAILED);
+            case DOWNGRADE:
+                ArexContext.getContext().setPassAuth(false);
+            default:
+                return point.proceed();
+        }
+    }
+
+}
diff --git a/arex-web-api/src/main/java/com/arextest/web/api/service/controller/Constants.java b/arex-web-api/src/main/java/com/arextest/web/api/service/controller/Constants.java
@@ -4,4 +4,7 @@
 public class Constants {
     public static final String ACCESS_TOKEN = "access-token";
     public static final String NO_PERMISSION = "No permission";
+
+    public static final String NO_APPID = "No appId";
+    public static final String ERROR_APPID = "error appId";
 }
diff --git a/...-web-api/src/main/java/com/arextest/web/api/service/controller/ReplayQueryController.java b/...-web-api/src/main/java/com/arextest/web/api/service/controller/ReplayQueryController.java
@@ -0,0 +1,74 @@
+package com.arextest.web.api.service.controller;
+
+import com.arextest.common.annotation.AppAuth;
+import com.arextest.common.context.ArexContext;
+import com.arextest.common.enums.AuthRejectStrategy;
+import com.arextest.common.model.response.ResponseCode;
+import com.arextest.model.replay.ViewRecordRequestType;
+import com.arextest.model.replay.ViewRecordResponseType;
+import com.arextest.model.response.Response;
+import com.arextest.model.response.ResponseStatusType;
+import com.arextest.web.common.HttpUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author wildeslam.
+ * @create 2023/10/12 20:18
+ */
+@Controller
+@RequestMapping("/api/replay/query")
+public class ReplayQueryController {
+
+    @Value("${arex.storage.viewRecord.url}")
+    private String viewRecordUrl;
+
+    @ResponseBody
+    @GetMapping(value = "/viewRecord/")
+    public Response viewRecord(String recordId,
+                               @RequestParam(required = false) String category,
+                               @RequestParam(required = false, defaultValue = "Rolling") String srcProvider) {
+        ViewRecordRequestType recordRequestType = new ViewRecordRequestType();
+        recordRequestType.setRecordId(recordId);
+        recordRequestType.setSourceProvider(srcProvider);
+        recordRequestType.setCategoryType(category);
+        return viewRecord(recordRequestType);
+    }
+
+    @PostMapping("/viewRecord")
+    @ResponseBody
+    @AppAuth(rejectStrategy = AuthRejectStrategy.DOWNGRADE)
+    public Response viewRecord(@RequestBody ViewRecordRequestType requestType) {
+        ArexContext arexContext = ArexContext.getContext();
+        Map<String, String> headers = new HashMap<>();
+        boolean downgrade = Boolean.FALSE.equals(arexContext.getPassAuth());
+        headers.put("downgrade", Boolean.toString(downgrade));
+        ResponseEntity<ViewRecordResponseType> response = HttpUtils.post(viewRecordUrl, requestType,
+            ViewRecordResponseType.class, headers);
+        ViewRecordResponseType responseType = new ViewRecordResponseType();
+        ResponseStatusType responseStatusType = new ResponseStatusType();
+        responseStatusType.setTimestamp(System.currentTimeMillis());
+        if (response == null || response.getBody() == null) {
+            responseStatusType.setResponseDesc("call storage failed");
+            responseStatusType.setResponseCode(ResponseCode.REQUESTED_RESOURCE_NOT_FOUND.getCodeValue());
+            responseType.setResponseStatusType(responseStatusType);
+            return responseType;
+        }
+
+        responseStatusType.setResponseDesc("success");
+        responseStatusType.setResponseCode(ResponseCode.SUCCESS.getCodeValue());
+        responseType = response.getBody();
+        responseType.setResponseStatusType(responseStatusType);
+        return response.getBody();
+    }
+}
diff --git a/...-web-api/src/main/java/com/arextest/web/api/service/controller/ReportQueryController.java b/...-web-api/src/main/java/com/arextest/web/api/service/controller/ReportQueryController.java
@@ -4,6 +4,8 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 
+import com.arextest.common.annotation.AppAuth;
+import com.arextest.common.enums.AuthRejectStrategy;
 import com.arextest.web.common.HttpUtils;
 import com.arextest.web.model.contract.contracts.FeedbackSceneRequest;
 import com.arextest.web.model.contract.contracts.RemoveRecordsAndScenesRequest;
@@ -120,6 +122,7 @@ public class ReportQueryController {
     @Deprecated
     @PostMapping("/pushCompareResults")
     @ResponseBody
+    // from schedule
     public Response pushCompareResults(@Valid @RequestBody PushCompareResultsRequestType request) {
         PushCompareResultsResponseType response = new PushCompareResultsResponseType();
         response.setSuccess(reportService.saveCompareResults(request));
@@ -147,6 +150,7 @@ public Response reportInitial(@RequestBody ReportInitialRequestType request) {
 
     @PostMapping("/updateReportInfo")
     @ResponseBody
+    // from schedule
     public Response updateReportInfo(@Valid @RequestBody UpdateReportInfoRequestType request) {
         UpdateReportInfoResponseType response = new UpdateReportInfoResponseType();
         response.setSuccess(replayInfoService.updatePlan(request));
@@ -155,6 +159,7 @@ public Response updateReportInfo(@Valid @RequestBody UpdateReportInfoRequestType
 
     @PostMapping("/pushReplayStatus")
     @ResponseBody
+    // from schedule
     public Response changeReplayStatus(@Valid @RequestBody ChangeReplayStatusRequestType request) {
         ChangeReplayStatusResponseType response = new ChangeReplayStatusResponseType();
         response.setUpdateSuccess(reportService.changeReportStatus(request));
@@ -163,6 +168,7 @@ public Response changeReplayStatus(@Valid @RequestBody ChangeReplayStatusRequest
 
     @PostMapping("/removeRecordsAndScenes")
     @ResponseBody
+    // from schedule
     public Response removeFailedCases(@Valid @RequestBody RemoveRecordsAndScenesRequest request) {
         SuccessResponse response = new SuccessResponse();
         response.setSuccess(reportService.removeRecords(request) && sceneReportService.removeScene(request));
@@ -222,6 +228,7 @@ public Response queryDiffAggInfo(@RequestBody QueryDiffAggInfoRequestType reques
         return ResponseUtils.successResponse(response);
     }
 
+    @AppAuth(rejectStrategy = AuthRejectStrategy.DOWNGRADE)
     @PostMapping("/queryMsgWithDiff")
     @ResponseBody
     public Response queryMsgWithDiff(@RequestBody QueryMsgWithDiffRequestType request) {
@@ -250,20 +257,23 @@ public Response queryScenes(@Valid @RequestBody QueryScenesRequestType request)
         return ResponseUtils.successResponse(response);
     }
 
+    @AppAuth(rejectStrategy = AuthRejectStrategy.DOWNGRADE)
     @PostMapping("/queryFullLinkMsg")
     @ResponseBody
     public Response queryFullLinkMsg(@Valid @RequestBody QueryFullLinkMsgRequestType request) {
         QueryFullLinkMsgResponseType response = queryReplayMsgService.queryFullLinkMsg(request);
         return ResponseUtils.successResponse(response);
     }
 
+    @AppAuth(rejectStrategy = AuthRejectStrategy.DOWNGRADE)
     @PostMapping("/queryReplayMsg")
     @ResponseBody
     public Response queryReplayMsg(@Valid @RequestBody QueryReplayMsgRequestType request) {
         QueryReplayMsgResponseType response = queryReplayMsgService.queryReplayMsg(request);
         return ResponseUtils.successResponse(response);
     }
 
+    @AppAuth
     @PostMapping("/downloadReplayMsg")
     @ResponseBody
     public void downloadReplayMsg(@Valid @RequestBody DownloadReplayMsgRequestType request,
@@ -362,7 +372,7 @@ public Response countRecord(@Valid @RequestBody CountRecordRequestType requestTy
 
     @PostMapping("/listRecord")
     @ResponseBody
-    public Response countRecord(@Valid @RequestBody ListRecordRequestType requestType) {
+    public Response listRecord(@Valid @RequestBody ListRecordRequestType requestType) {
         if (requestType.getOperationType() == null) {
             return ResponseUtils.errorResponse("no operationType", ResponseCode.REQUESTED_PARAMETER_INVALID);
         }

diff --git a/...n/java/com/arextest/web/api/service/controller/config/AbstractConfigurableController.java b/...n/java/com/arextest/web/api/service/controller/config/AbstractConfigurableController.java
@@ -2,8 +2,10 @@
 
 import java.util.List;
 
+import com.arextest.common.annotation.AppAuth;
 import com.arextest.config.model.dto.AbstractConfiguration;
 import com.arextest.config.model.dto.ModifyType;
+import lombok.Getter;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.bind.annotation.*;
 
@@ -16,6 +18,7 @@
  * @since 2022/1/22
  */
 public abstract class AbstractConfigurableController<T extends AbstractConfiguration> {
+    @Getter
     protected final ConfigurableHandler<T> configurableHandler;
 
     protected AbstractConfigurableController(ConfigurableHandler<T> configurableHandler) {
@@ -28,7 +31,7 @@ public final Response useResult(@PathVariable String appId) {
         if (StringUtils.isEmpty(appId)) {
             return InvalidResponse.REQUESTED_APP_ID_IS_EMPTY;
         }
-        return ResponseUtils.successResponse(this.configurableHandler.useResult(appId));
+        return ResponseUtils.successResponse(getConfigurableHandler().useResult(appId));
     }
 
     @GetMapping("/useResultAsList/appId/{appId}")
@@ -37,7 +40,7 @@ public final Response useResultList(@PathVariable String appId) {
         if (StringUtils.isEmpty(appId)) {
             return InvalidResponse.REQUESTED_APP_ID_IS_EMPTY;
         }
-        return ResponseUtils.successResponse(this.configurableHandler.useResultAsList(appId));
+        return ResponseUtils.successResponse(getConfigurableHandler().useResultAsList(appId));
     }
 
     @GetMapping("/editList/appId/{appId}")
@@ -46,37 +49,39 @@ public final Response editList(@PathVariable String appId) {
         if (StringUtils.isEmpty(appId)) {
             return InvalidResponse.REQUESTED_APP_ID_IS_EMPTY;
         }
-        return ResponseUtils.successResponse(this.configurableHandler.editList(appId));
+        return ResponseUtils.successResponse(getConfigurableHandler().editList(appId));
     }
 
     @PostMapping("/modify/{modifyType}")
     @ResponseBody
+    @AppAuth
     public Response modify(@PathVariable ModifyType modifyType, @RequestBody T configuration) throws Exception {
         if (modifyType == ModifyType.INSERT) {
             configuration.validParameters();
-            return ResponseUtils.successResponse(this.configurableHandler.insert(configuration));
+            return ResponseUtils.successResponse(getConfigurableHandler().insert(configuration));
         }
         if (modifyType == ModifyType.UPDATE) {
-            return ResponseUtils.successResponse(this.configurableHandler.update(configuration));
+            return ResponseUtils.successResponse(getConfigurableHandler().update(configuration));
         }
         if (modifyType == ModifyType.REMOVE) {
-            return ResponseUtils.successResponse(this.configurableHandler.remove(configuration));
+            return ResponseUtils.successResponse(getConfigurableHandler().remove(configuration));
         }
         return ResponseUtils.resourceNotFoundResponse();
     }
 
     @PostMapping("/batchModify/{modifyType}")
     @ResponseBody
+    @AppAuth
     public final Response batchModify(@PathVariable ModifyType modifyType, @RequestBody List<T> configuration)
         throws Exception {
         if (modifyType == ModifyType.INSERT) {
             for (T item : configuration) {
                 item.validParameters();
             }
-            return ResponseUtils.successResponse(this.configurableHandler.insertList(configuration));
+            return ResponseUtils.successResponse(getConfigurableHandler().insertList(configuration));
         }
         if (modifyType == ModifyType.REMOVE) {
-            return ResponseUtils.successResponse(this.configurableHandler.removeList(configuration));
+            return ResponseUtils.successResponse(getConfigurableHandler().removeList(configuration));
         }
         return ResponseUtils.resourceNotFoundResponse();
     }

diff --git a/...ava/com/arextest/web/api/service/controller/config/ApplicationConfigurableController.java b/...ava/com/arextest/web/api/service/controller/config/ApplicationConfigurableController.java
@@ -26,7 +26,7 @@
  */
 @Controller
 @RequestMapping("/api/config/application")
-public final class ApplicationConfigurableController extends AbstractConfigurableController<ApplicationConfiguration> {
+public class ApplicationConfigurableController extends AbstractConfigurableController<ApplicationConfiguration> {
 
     @Resource
     private ScheduleConfigurableHandler scheduleHandler;

diff --git a/.../arextest/web/api/service/controller/config/ApplicationServiceConfigurableController.java b/.../arextest/web/api/service/controller/config/ApplicationServiceConfigurableController.java
@@ -12,7 +12,7 @@
  */
 @Controller
 @RequestMapping("/api/config/applicationService")
-public final class ApplicationServiceConfigurableController extends AbstractConfigurableController<ApplicationServiceConfiguration> {
+public class ApplicationServiceConfigurableController extends AbstractConfigurableController<ApplicationServiceConfiguration> {
     public ApplicationServiceConfigurableController(@Autowired ConfigurableHandler<ApplicationServiceConfiguration> configurableHandler) {
         super(configurableHandler);
     }

diff --git a/...va/com/arextest/web/api/service/controller/config/DynamicClassConfigurableController.java b/...va/com/arextest/web/api/service/controller/config/DynamicClassConfigurableController.java
@@ -20,7 +20,7 @@
  */
 @Controller
 @RequestMapping("/api/config/dynamicClass")
-public final class DynamicClassConfigurableController extends AbstractConfigurableController<DynamicClassConfiguration> {
+public class DynamicClassConfigurableController extends AbstractConfigurableController<DynamicClassConfiguration> {
     public DynamicClassConfigurableController(@Autowired ConfigurableHandler<DynamicClassConfiguration> configurableHandler) {
         super(configurableHandler);
     }

diff --git a/...n/java/com/arextest/web/api/service/controller/config/ScheduleConfigurableController.java b/...n/java/com/arextest/web/api/service/controller/config/ScheduleConfigurableController.java
@@ -12,7 +12,7 @@
  */
 @Controller
 @RequestMapping("/api/config/schedule")
-public final class ScheduleConfigurableController extends AbstractConfigurableController<ScheduleConfiguration> {
+public class ScheduleConfigurableController extends AbstractConfigurableController<ScheduleConfiguration> {
     public ScheduleConfigurableController(@Autowired ConfigurableHandler<ScheduleConfiguration> configurableHandler) {
         super(configurableHandler);
     }

diff --git a/.../com/arextest/web/api/service/controller/config/ServiceCollectConfigurableController.java b/.../com/arextest/web/api/service/controller/config/ServiceCollectConfigurableController.java
@@ -21,7 +21,7 @@
  */
 @Controller
 @RequestMapping("/api/config/serviceCollect")
-public final class ServiceCollectConfigurableController extends AbstractConfigurableController<ServiceCollectConfiguration> {
+public class ServiceCollectConfigurableController extends AbstractConfigurableController<ServiceCollectConfiguration> {
     public ServiceCollectConfigurableController(@Autowired ConfigurableHandler<ServiceCollectConfiguration> configurableHandler) {
         super(configurableHandler);
     }

diff --git a/arex-web-api/src/main/resources/application.properties b/arex-web-api/src/main/resources/application.properties
@@ -29,6 +29,7 @@ arex.api.redis.lease-time=30
 arex.storage.countRecord.url=${arex.storage.service.url}/api/storage/replay/query/countByRange
 arex.storage.listRecord.url=${arex.storage.service.url}/api/storage/replay/query/replayCase
 arex.storage.aggCountRecord.url=${arex.storage.service.url}/api/storage/replay/query/countByOperationName
+arex.storage.viewRecord.url=${arex.storage.service.url}/api/storage/replay/query/viewRecord
 #call schedule
 arex.schedule.stop.url=${arex.schedule.service.url}/api/stopPlan
 arex.oauth.github.clientid=
@@ -41,4 +42,5 @@ arex.oauth.gitlab.secret=
 arex.oauth.gitlab.redirecturi=
 arex.oauth.gitlab.uri=
 arex.prometheus.port=20090
-arex.jwt.secret=arex
+arex.jwt.secret=arex
+arex.app.auth.switch=true