(incubator-streampark) branch dev-2.1.5 updated: [Improve] openapi access bug fixed. (#3938)

benjobs Fri, 02 Aug 2024 17:56:29 -0700

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev-2.1.5
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git



The following commit(s) were added to refs/heads/dev-2.1.5 by this push:
     new 1c718e08e [Improve] openapi access bug fixed. (#3938)
1c718e08e is described below

commit 1c718e08ee4ed19ff2e03b36230b27ef1bc9f79e
Author: benjobs <[email protected]>
AuthorDate: Sat Aug 3 08:56:19 2024 +0800

    [Improve] openapi access bug fixed. (#3938)
    
    * [Improve] openapi access bug fixed.
    
    * [Improve] openapi minor improve
---
 .../streampark/console/base/util/WebUtils.java     | 38 -----------
 .../console/core/controller/OpenAPIController.java |  2 +-
 .../console/core/controller/ProxyController.java   |  8 +--
 .../console/core/service/ProxyService.java         |  8 +--
 .../core/service/impl/ProxyServiceImpl.java        | 14 ++--
 .../console/system/authentication/JWTFilter.java   | 23 ++-----
 .../console/system/authentication/JWTToken.java    |  5 +-
 .../console/system/authentication/JWTUtil.java     | 78 +++++++++++++++-------
 .../console/system/authentication/ShiroRealm.java  | 68 +++++++++++--------
 .../system/controller/AccessTokenController.java   |  7 +-
 .../system/controller/PassportController.java      | 13 +---
 .../console/system/controller/UserController.java  |  3 +-
 .../console/system/entity/AccessToken.java         |  1 -
 .../console/system/runner/StartedUpRunner.java     |  1 +
 .../console/system/service/AccessTokenService.java |  7 +-
 .../console/system/service/UserService.java        |  2 +-
 .../service/impl/AccessTokenServiceImpl.java       | 16 ++---
 .../system/service/impl/UserServiceImpl.java       |  4 +-
 .../core/service/AccessTokenServiceTest.java       |  8 +--
 .../console/system/authentication/JWTTest.java     | 23 ++++---
 20 files changed, 153 insertions(+), 176 deletions(-)

diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/util/WebUtils.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/util/WebUtils.java
index 92fd00291..be1771662 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/util/WebUtils.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/util/WebUtils.java
@@ -33,36 +33,6 @@ public final class WebUtils {
 
   private WebUtils() {}
 
-  /**
-   * token encrypt
-   *
-   * @param token token
-   * @return encrypt token
-   */
-  public static String encryptToken(String token) {
-    try {
-      return EncryptUtils.encrypt(token);
-    } catch (Exception e) {
-      log.info("token encrypt failed: ", e);
-      return null;
-    }
-  }
-
-  /**
-   * token decrypt
-   *
-   * @param encryptToken encryptToken
-   * @return decrypt token
-   */
-  public static String decryptToken(String encryptToken) {
-    try {
-      return EncryptUtils.decrypt(encryptToken);
-    } catch (Exception e) {
-      log.info("token decrypt failed: ", e);
-      return null;
-    }
-  }
-
   /**
    * camel to underscore
    *
@@ -106,15 +76,7 @@ public final class WebUtils {
     return getAppDir("lib");
   }
 
-  public static File getAppPluginsDir() {
-    return getAppDir("plugins");
-  }
-
   public static File getAppClientDir() {
     return getAppDir("client");
   }
-
-  public static File getAppConfDir() {
-    return getAppDir("conf");
-  }
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/OpenAPIController.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/OpenAPIController.java
index 6cf591dcd..6369782aa 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/OpenAPIController.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/OpenAPIController.java
@@ -89,7 +89,7 @@ public class OpenAPIController {
   @RequiresPermissions("app:start")
   public RestResponse flinkStart(Application app) throws Exception {
     applicationService.start(app, false);
-    return RestResponse.success(true);
+    return RestResponse.success();
   }
 
   @OpenAPI(
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ProxyController.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ProxyController.java
index d909ecd6a..49c6a9f32 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ProxyController.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ProxyController.java
@@ -30,8 +30,6 @@ import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.HttpServletRequest;
 
-import java.io.IOException;
-
 @Slf4j
 @Validated
 @RestController
@@ -42,19 +40,19 @@ public class ProxyController {
 
   @GetMapping("flink-ui/{id}/**")
   public ResponseEntity<?> proxyFlinkUI(HttpServletRequest request, 
@PathVariable("id") Long id)
-      throws IOException {
+      throws Exception {
     return proxyService.proxyFlinkUI(request, id);
   }
 
   @GetMapping("job_manager/{id}/**")
   public ResponseEntity<?> proxyJobManager(
-      HttpServletRequest request, @PathVariable("id") Long logId) throws 
IOException {
+      HttpServletRequest request, @PathVariable("id") Long logId) throws 
Exception {
     return proxyService.proxyJobManager(request, logId);
   }
 
   @GetMapping("yarn/{appId}/**")
   public ResponseEntity<?> proxyURL(HttpServletRequest request, 
@PathVariable("appId") String appId)
-      throws IOException {
+      throws Exception {
     return proxyService.proxyYarn(request, appId);
   }
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ProxyService.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ProxyService.java
index 57d66ede6..a008c2b3e 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ProxyService.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ProxyService.java
@@ -21,12 +21,10 @@ import org.springframework.http.ResponseEntity;
 
 import javax.servlet.http.HttpServletRequest;
 
-import java.io.IOException;
-
 public interface ProxyService {
-  ResponseEntity<?> proxyFlinkUI(HttpServletRequest request, Long id) throws 
IOException;
+  ResponseEntity<?> proxyFlinkUI(HttpServletRequest request, Long id) throws 
Exception;
 
-  ResponseEntity<?> proxyYarn(HttpServletRequest request, String url) throws 
IOException;
+  ResponseEntity<?> proxyYarn(HttpServletRequest request, String url) throws 
Exception;
 
-  ResponseEntity<?> proxyJobManager(HttpServletRequest request, Long logId) 
throws IOException;
+  ResponseEntity<?> proxyJobManager(HttpServletRequest request, Long logId) 
throws Exception;
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ProxyServiceImpl.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ProxyServiceImpl.java
index d89ff055e..93a929673 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ProxyServiceImpl.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ProxyServiceImpl.java
@@ -18,7 +18,7 @@
 package org.apache.streampark.console.core.service.impl;
 
 import org.apache.streampark.common.util.YarnUtils;
-import org.apache.streampark.console.base.util.WebUtils;
+import org.apache.streampark.console.base.util.EncryptUtils;
 import org.apache.streampark.console.core.entity.Application;
 import org.apache.streampark.console.core.entity.ApplicationLog;
 import org.apache.streampark.console.core.entity.FlinkCluster;
@@ -51,7 +51,6 @@ import javax.annotation.Nonnull;
 import javax.servlet.http.HttpServletRequest;
 
 import java.io.ByteArrayOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.util.Enumeration;
 
@@ -88,7 +87,7 @@ public class ProxyServiceImpl implements ProxyService {
   }
 
   @Override
-  public ResponseEntity<?> proxyFlinkUI(HttpServletRequest request, Long 
appId) throws IOException {
+  public ResponseEntity<?> proxyFlinkUI(HttpServletRequest request, Long 
appId) throws Exception {
     ResponseEntity.BodyBuilder builder = 
ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE);
     if (appId == null) {
       return builder.body("Invalid operation, appId is null");
@@ -140,7 +139,7 @@ public class ProxyServiceImpl implements ProxyService {
   }
 
   @Override
-  public ResponseEntity<?> proxyYarn(HttpServletRequest request, String appId) 
throws IOException {
+  public ResponseEntity<?> proxyYarn(HttpServletRequest request, String appId) 
throws Exception {
     String yarnURL = YarnUtils.getRMWebAppProxyURL();
     String url = yarnURL + "/proxy/" + appId + "/";
     url += getRequestURL(request).replace("/proxy/yarn/" + appId, "");
@@ -149,15 +148,14 @@ public class ProxyServiceImpl implements ProxyService {
 
   @Override
   public ResponseEntity<?> proxyJobManager(HttpServletRequest request, Long 
logId)
-      throws IOException {
+      throws Exception {
     ApplicationLog log = logService.getById(logId);
     String url = log.getJobManagerUrl();
     url += getRequestURL(request).replace("/proxy/job_manager/" + logId, "");
     return proxyRequest(request, url);
   }
 
-  private ResponseEntity<?> proxyRequest(HttpServletRequest request, String 
url)
-      throws IOException {
+  private ResponseEntity<?> proxyRequest(HttpServletRequest request, String 
url) throws Exception {
     HttpHeaders headers = new HttpHeaders();
     Enumeration<String> headerNames = request.getHeaderNames();
     while (headerNames.hasMoreElements()) {
@@ -167,7 +165,7 @@ public class ProxyServiceImpl implements ProxyService {
 
     String token = serviceHelper.getAuthorization();
     if (token != null) {
-      headers.set("Authorization", WebUtils.encryptToken(token));
+      headers.set("Authorization", EncryptUtils.encrypt(token));
     }
 
     byte[] body = null;
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTFilter.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTFilter.java
index 54f9ecac8..415f5b8a7 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTFilter.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTFilter.java
@@ -17,8 +17,7 @@
 
 package org.apache.streampark.console.system.authentication;
 
-import org.apache.streampark.console.base.util.WebUtils;
-import org.apache.streampark.console.core.enums.AuthenticationType;
+import org.apache.streampark.console.base.util.EncryptUtils;
 
 import org.apache.shiro.authz.UnauthorizedException;
 import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
@@ -58,22 +57,14 @@ public class JWTFilter extends 
BasicHttpAuthenticationFilter {
   protected boolean executeLogin(ServletRequest request, ServletResponse 
response) {
     HttpServletRequest httpServletRequest = (HttpServletRequest) request;
     String token = httpServletRequest.getHeader(TOKEN);
-    AuthenticationType type = 
JWTUtil.getAuthType(WebUtils.decryptToken(token));
-
-    if (type == null) {
+    try {
+      token = EncryptUtils.decrypt(token);
+      JWTToken jwtToken = new JWTToken(token);
+      getSubject(request, response).login(jwtToken);
+      return true;
+    } catch (Exception e) {
       return false;
     }
-
-    if (type == AuthenticationType.OPENAPI) {
-      JWTToken jwtToken = new JWTToken(WebUtils.decryptToken(token));
-      try {
-        getSubject(request, response).login(jwtToken);
-        return true;
-      } catch (Exception e) {
-        return false;
-      }
-    }
-    return true;
   }
 
   /** cross-domain support */
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTToken.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTToken.java
index 2be2039bb..4e00e70ce 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTToken.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTToken.java
@@ -33,16 +33,13 @@ public class JWTToken implements AuthenticationToken {
 
   private String expireAt;
 
-  private int signType;
-
   public JWTToken(String token) {
     this.token = token;
   }
 
-  public JWTToken(String token, String expireAt, int signType) {
+  public JWTToken(String token, String expireAt) {
     this.token = token;
     this.expireAt = expireAt;
-    this.signType = signType;
   }
 
   @Override
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
index 7c6b1302f..9f6d00fb6 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/JWTUtil.java
@@ -17,9 +17,12 @@
 
 package org.apache.streampark.console.system.authentication;
 
+import org.apache.streampark.console.base.util.EncryptUtils;
 import org.apache.streampark.console.core.enums.AuthenticationType;
+import org.apache.streampark.console.system.entity.User;
 
 import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTCreator;
 import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.interfaces.DecodedJWT;
@@ -33,6 +36,11 @@ public class JWTUtil {
 
   private static Long ttlOfSecond;
 
+  private static final String JWT_USERID = "userId";
+  private static final String JWT_USERNAME = "userName";
+  private static final String JWT_TYPE = "type";
+  private static final String JWT_TIMESTAMP = "timestamp";
+
   /**
    * verify token
    *
@@ -42,7 +50,7 @@ public class JWTUtil {
   public static boolean verify(String token, String username, String secret) {
     try {
       Algorithm algorithm = Algorithm.HMAC256(secret);
-      JWTVerifier verifier = JWT.require(algorithm).withClaim("userName", 
username).build();
+      JWTVerifier verifier = JWT.require(algorithm).withClaim(JWT_USERNAME, 
username).build();
       verifier.verify(token);
       return true;
     } catch (Exception ignored) {
@@ -54,7 +62,7 @@ public class JWTUtil {
   public static String getUserName(String token) {
     try {
       DecodedJWT jwt = JWT.decode(token);
-      return jwt.getClaim("userName").asString();
+      return jwt.getClaim(JWT_USERNAME).asString();
     } catch (Exception ignored) {
       return null;
     }
@@ -63,16 +71,33 @@ public class JWTUtil {
   public static Long getUserId(String token) {
     try {
       DecodedJWT jwt = JWT.decode(token);
-      return jwt.getClaim("userId").asLong();
+      return jwt.getClaim(JWT_USERID).asLong();
     } catch (Exception ignored) {
       return null;
     }
   }
 
+  /**
+   * @param token
+   * @return
+   */
+  public static Long getTimestamp(String token) {
+    try {
+      DecodedJWT jwt = JWT.decode(token);
+      return jwt.getClaim(JWT_TIMESTAMP).asLong();
+    } catch (Exception ignored) {
+      return 0L;
+    }
+  }
+
+  /**
+   * @param token
+   * @return
+   */
   public static AuthenticationType getAuthType(String token) {
     try {
       DecodedJWT jwt = JWT.decode(token);
-      int type = jwt.getClaim("type").asInt();
+      int type = jwt.getClaim(JWT_TYPE).asInt();
       return AuthenticationType.of(type);
     } catch (Exception ignored) {
       return null;
@@ -80,37 +105,42 @@ public class JWTUtil {
   }
 
   /**
-   * generate token
-   *
-   * @param userId
-   * @param userName
+   * @param user
+   * @param authType
    * @return
+   * @throws Exception
    */
-  public static String sign(
-      Long userId, String userName, String secret, AuthenticationType 
authType) {
+  public static String sign(User user, AuthenticationType authType) throws 
Exception {
     long second = getTTLOfSecond() * 1000;
     Long ttl = System.currentTimeMillis() + second;
-    return sign(userId, userName, secret, authType, ttl);
+    return sign(user, authType, ttl);
   }
 
   /**
-   * generate token
-   *
-   * @param userId
-   * @param userName
+   * @param user
+   * @param authType
    * @param expireTime
    * @return
+   * @throws Exception
    */
-  public static String sign(
-      Long userId, String userName, String secret, AuthenticationType 
authType, Long expireTime) {
+  public static String sign(User user, AuthenticationType authType, Long 
expireTime)
+      throws Exception {
     Date date = new Date(expireTime);
-    Algorithm algorithm = Algorithm.HMAC256(secret);
-    return JWT.create()
-        .withClaim("userId", userId)
-        .withClaim("userName", userName)
-        .withClaim("type", authType.get())
-        .withExpiresAt(date)
-        .sign(algorithm);
+    Algorithm algorithm = Algorithm.HMAC256(user.getSalt());
+
+    JWTCreator.Builder builder =
+        JWT.create()
+            .withClaim(JWT_USERID, user.getUserId())
+            .withClaim(JWT_USERNAME, user.getUsername())
+            .withClaim(JWT_TYPE, authType.get())
+            .withExpiresAt(date);
+
+    if (authType == AuthenticationType.SIGN) {
+      builder.withClaim(JWT_TIMESTAMP, System.currentTimeMillis());
+    }
+
+    String token = builder.sign(algorithm);
+    return EncryptUtils.encrypt(token);
   }
 
   public static Long getTTLOfSecond() {
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
index 37583ada1..d3c71ca9a 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/authentication/ShiroRealm.java
@@ -17,14 +17,14 @@
 
 package org.apache.streampark.console.system.authentication;
 
-import org.apache.streampark.console.base.util.WebUtils;
+import org.apache.streampark.common.util.SystemPropertyUtils;
+import org.apache.streampark.console.base.util.EncryptUtils;
 import org.apache.streampark.console.core.enums.AuthenticationType;
 import org.apache.streampark.console.system.entity.AccessToken;
 import org.apache.streampark.console.system.entity.User;
 import org.apache.streampark.console.system.service.AccessTokenService;
 import org.apache.streampark.console.system.service.UserService;
 
-import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -82,40 +82,54 @@ public class ShiroRealm extends AuthorizingRealm {
     // The token here is passed from the executeLogin method of JWTFilter and 
has been decrypted
     String credential = (String) authenticationToken.getCredentials();
     String username = JWTUtil.getUserName(credential);
+    Long userId = JWTUtil.getUserId(credential);
+    AuthenticationType authType = JWTUtil.getAuthType(credential);
 
-    if (StringUtils.isBlank(username)) {
+    if (username == null || userId == null || authType == null) {
       throw new AuthenticationException("the authorization token is invalid");
     }
+
+    switch (authType) {
+      case SIGN:
+        Long timestamp = JWTUtil.getTimestamp(credential);
+        Long startTime = 
SystemPropertyUtils.getLong("streampark.start.timestamp", 0);
+        if (timestamp < startTime) {
+          throw new AuthenticationException("the authorization token is 
expired");
+        }
+        break;
+      case OPENAPI:
+        // Check whether the token belongs to the api and whether the 
permission is valid
+        AccessToken accessToken = accessTokenService.getByUserId(userId);
+        try {
+          String encryptToken = EncryptUtils.encrypt(credential);
+          if (accessToken == null || 
!accessToken.getToken().equals(encryptToken)) {
+            throw new AuthenticationException("the openapi authorization token 
is invalid");
+          }
+        } catch (Exception e) {
+          throw new AuthenticationException(e);
+        }
+
+        if (AccessToken.STATUS_DISABLE.equals(accessToken.getStatus())) {
+          throw new AuthenticationException(
+              "the openapi authorization token is disabled, please contact the 
administrator");
+        }
+
+        if (User.STATUS_LOCK.equals(accessToken.getUserStatus())) {
+          throw new AuthenticationException(
+              "the user [" + username + "] has been locked, please contact the 
administrator");
+        }
+        
SecurityUtils.getSubject().getSession().setAttribute(AccessToken.IS_API_TOKEN, 
true);
+        break;
+      default:
+        break;
+    }
+
     // Query user information by username
     User user = userService.findByName(username);
-
     if (user == null || !JWTUtil.verify(credential, username, user.getSalt())) 
{
       throw new AuthenticationException("the authorization token verification 
failed.");
     }
 
-    AuthenticationType authType = JWTUtil.getAuthType(credential);
-    if (authType == AuthenticationType.OPENAPI) {
-      // Check whether the token belongs to the api and whether the permission 
is valid
-      AccessToken accessToken = 
accessTokenService.getByUserId(user.getUserId());
-      if (accessToken == null
-          || 
!accessToken.getToken().equals(WebUtils.encryptToken(credential))) {
-        throw new AuthenticationException("the openapi authorization token is 
invalid");
-      }
-
-      if (AccessToken.STATUS_DISABLE.equals(accessToken.getStatus())) {
-        throw new AuthenticationException(
-            "the openapi authorization token is disabled, please contact the 
administrator");
-      }
-
-      if (User.STATUS_LOCK.equals(accessToken.getUserStatus())) {
-        throw new AuthenticationException(
-            "the user ["
-                + user.getUsername()
-                + "] has been locked, please contact the administrator");
-      }
-      
SecurityUtils.getSubject().getSession().setAttribute(AccessToken.IS_API_TOKEN, 
true);
-    }
-
     return new SimpleAuthenticationInfo(credential, credential, 
"streampark_shiro_realm");
   }
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/AccessTokenController.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/AccessTokenController.java
index 331289e24..1d5226d1c 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/AccessTokenController.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/AccessTokenController.java
@@ -20,7 +20,6 @@ package org.apache.streampark.console.system.controller;
 import org.apache.streampark.common.util.CURLBuilder;
 import org.apache.streampark.console.base.domain.RestRequest;
 import org.apache.streampark.console.base.domain.RestResponse;
-import org.apache.streampark.console.base.exception.InternalException;
 import org.apache.streampark.console.core.annotation.PermissionScope;
 import org.apache.streampark.console.core.enums.AccessTokenState;
 import org.apache.streampark.console.core.service.ServiceHelper;
@@ -55,7 +54,7 @@ public class AccessTokenController {
   public RestResponse createToken(
       @NotBlank(message = "{required}") Long userId,
       @RequestParam(required = false) String description)
-      throws InternalException {
+      throws Exception {
     return accessTokenService.create(userId, description);
   }
 
@@ -86,14 +85,14 @@ public class AccessTokenController {
   @PostMapping("toggle")
   @RequiresPermissions("token:add")
   public RestResponse toggleToken(@NotNull(message = "{required}") Long 
tokenId) {
-    return accessTokenService.toggleToken(tokenId);
+    return accessTokenService.toggle(tokenId);
   }
 
   /** delete token by id */
   @DeleteMapping(value = "delete")
   @RequiresPermissions("token:delete")
   public RestResponse deleteToken(@NotBlank(message = "{required}") Long 
tokenId) {
-    boolean res = accessTokenService.deleteToken(tokenId);
+    boolean res = accessTokenService.delete(tokenId);
     return RestResponse.success(res);
   }
 
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
index d7d98f281..3694b2564 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
@@ -19,7 +19,6 @@ package org.apache.streampark.console.system.controller;
 
 import org.apache.streampark.common.util.DateUtils;
 import org.apache.streampark.console.base.domain.RestResponse;
-import org.apache.streampark.console.base.util.WebUtils;
 import org.apache.streampark.console.core.enums.AuthenticationType;
 import org.apache.streampark.console.system.authentication.JWTToken;
 import org.apache.streampark.console.system.authentication.JWTUtil;
@@ -73,22 +72,16 @@ public class PassportController {
     }
 
     this.userService.updateLoginTime(username);
-    String sign = JWTUtil.sign(user.getUserId(), username, user.getSalt(), 
AuthenticationType.SIGN);
+    String token = JWTUtil.sign(user, AuthenticationType.SIGN);
 
     LocalDateTime expireTime = 
LocalDateTime.now().plusSeconds(JWTUtil.getTTLOfSecond());
     String ttl = DateUtils.formatFullTime(expireTime);
 
-    // shiro login
-    JWTToken loginToken = new JWTToken(sign, ttl, 
AuthenticationType.SIGN.get());
-    SecurityUtils.getSubject().login(loginToken);
-
     // generate UserInfo
-    String token = WebUtils.encryptToken(sign);
-    JWTToken jwtToken = new JWTToken(token, ttl, 
AuthenticationType.SIGN.get());
     String userId = RandomStringUtils.randomAlphanumeric(20);
     user.setId(userId);
-    Map<String, Object> userInfo =
-        userService.generateFrontendUserInfo(user, user.getLastTeamId(), 
jwtToken);
+    JWTToken jwtToken = new JWTToken(token, ttl);
+    Map<String, Object> userInfo = userService.generateFrontendUserInfo(user, 
jwtToken);
 
     return new RestResponse().data(userInfo);
   }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
index 126bd5a66..0ee5c771c 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
@@ -131,8 +131,9 @@ public class UserController {
 
     // 2) get latest userInfo
     user.dataMasking();
+    user.setLastTeamId(teamId);
 
-    Map<String, Object> infoMap = userService.generateFrontendUserInfo(user, 
teamId, null);
+    Map<String, Object> infoMap = userService.generateFrontendUserInfo(user, 
null);
     return new RestResponse().data(infoMap);
   }
 
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/entity/AccessToken.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/entity/AccessToken.java
index 2db73775e..bb571577f 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/entity/AccessToken.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/entity/AccessToken.java
@@ -35,7 +35,6 @@ import java.util.Date;
 public class AccessToken implements Serializable {
 
   private static final long serialVersionUID = 1L;
-  public static final String DEFAULT_EXPIRE_TIME = "9999-01-01 00:00:00";
   public static final String IS_API_TOKEN = "is_api_token";
 
   public static final Integer STATUS_ENABLE = 1;
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/runner/StartedUpRunner.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/runner/StartedUpRunner.java
index 93c0c5490..eba48034a 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/runner/StartedUpRunner.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/runner/StartedUpRunner.java
@@ -53,6 +53,7 @@ public class StartedUpRunner implements ApplicationRunner {
       System.out.println("    Info   :  streampark-console start successful    
                 ");
       System.out.println("    Local  :  http://localhost:"; + port);
       System.out.println("    Time   :  " + LocalDateTime.now() + "\n\n");
+      System.setProperty("streampark.start.timestamp", 
System.currentTimeMillis() + "");
     }
   }
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/AccessTokenService.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/AccessTokenService.java
index 6bd7ed988..2fbecd52a 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/AccessTokenService.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/AccessTokenService.java
@@ -19,7 +19,6 @@ package org.apache.streampark.console.system.service;
 
 import org.apache.streampark.console.base.domain.RestRequest;
 import org.apache.streampark.console.base.domain.RestResponse;
-import org.apache.streampark.console.base.exception.InternalException;
 import org.apache.streampark.console.system.entity.AccessToken;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
@@ -27,13 +26,13 @@ import com.baomidou.mybatisplus.extension.service.IService;
 
 public interface AccessTokenService extends IService<AccessToken> {
 
-  RestResponse create(Long userId, String description) throws 
InternalException;
+  RestResponse create(Long userId, String description) throws Exception;
 
-  boolean deleteToken(Long id);
+  boolean delete(Long id);
 
   IPage<AccessToken> page(AccessToken tokenParam, RestRequest request);
 
-  RestResponse toggleToken(Long tokenId);
+  RestResponse toggle(Long tokenId);
 
   AccessToken getByUserId(Long userId);
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
index 792830eb4..0dbb7042b 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
@@ -113,5 +113,5 @@ public interface UserService extends IService<User> {
 
   List<User> findByAppOwner(Long teamId);
 
-  Map<String, Object> generateFrontendUserInfo(User user, Long teamId, 
JWTToken token);
+  Map<String, Object> generateFrontendUserInfo(User user, JWTToken token);
 }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/AccessTokenServiceImpl.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/AccessTokenServiceImpl.java
index a682881ef..46f77b66a 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/AccessTokenServiceImpl.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/AccessTokenServiceImpl.java
@@ -21,9 +21,7 @@ import org.apache.streampark.console.base.domain.ResponseCode;
 import org.apache.streampark.console.base.domain.RestRequest;
 import org.apache.streampark.console.base.domain.RestResponse;
 import org.apache.streampark.console.base.mybatis.pager.MybatisPager;
-import org.apache.streampark.console.base.util.WebUtils;
 import org.apache.streampark.console.core.enums.AuthenticationType;
-import org.apache.streampark.console.system.authentication.JWTToken;
 import org.apache.streampark.console.system.authentication.JWTUtil;
 import org.apache.streampark.console.system.entity.AccessToken;
 import org.apache.streampark.console.system.entity.User;
@@ -52,19 +50,15 @@ public class AccessTokenServiceImpl extends 
ServiceImpl<AccessTokenMapper, Acces
   @Autowired private UserService userService;
 
   @Override
-  public RestResponse create(Long userId, String description) {
+  public RestResponse create(Long userId, String description) throws Exception 
{
     User user = userService.getById(userId);
     if (user == null) {
       return RestResponse.success().put("code", 0).message("user not 
available");
     }
-    String token =
-        WebUtils.encryptToken(
-            JWTUtil.sign(
-                user.getUserId(), user.getUsername(), user.getSalt(), 
AuthenticationType.OPENAPI));
-    JWTToken jwtToken = new JWTToken(token, AccessToken.DEFAULT_EXPIRE_TIME, 
1);
 
+    String token = JWTUtil.sign(user, AuthenticationType.OPENAPI, 
Long.MAX_VALUE);
     AccessToken accessToken = new AccessToken();
-    accessToken.setToken(jwtToken.getToken());
+    accessToken.setToken(token);
     accessToken.setUserId(user.getUserId());
     accessToken.setDescription(description);
 
@@ -78,7 +72,7 @@ public class AccessTokenServiceImpl extends 
ServiceImpl<AccessTokenMapper, Acces
   }
 
   @Override
-  public boolean deleteToken(Long id) {
+  public boolean delete(Long id) {
     return this.removeById(id);
   }
 
@@ -92,7 +86,7 @@ public class AccessTokenServiceImpl extends 
ServiceImpl<AccessTokenMapper, Acces
   }
 
   @Override
-  public RestResponse toggleToken(Long tokenId) {
+  public RestResponse toggle(Long tokenId) {
     AccessToken tokenInfo = baseMapper.getById(tokenId);
     if (tokenInfo == null) {
       return RestResponse.fail("accessToken could not be found!", 
ResponseCode.CODE_FAIL_ALERT);
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
index 410d8d370..0527d583a 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
@@ -216,7 +216,7 @@ public class UserServiceImpl extends 
ServiceImpl<UserMapper, User> implements Us
    * @return UserInfo
    */
   @Override
-  public Map<String, Object> generateFrontendUserInfo(User user, Long teamId, 
JWTToken token) {
+  public Map<String, Object> generateFrontendUserInfo(User user, JWTToken 
token) {
     Map<String, Object> userInfo = new HashMap<>(8);
 
     // 1) token & expire
@@ -230,7 +230,7 @@ public class UserServiceImpl extends 
ServiceImpl<UserMapper, User> implements Us
     userInfo.put("user", user);
 
     // 3) permissions
-    Set<String> permissions = this.getPermissions(user.getUserId(), teamId);
+    Set<String> permissions = this.getPermissions(user.getUserId(), 
user.getLastTeamId());
     userInfo.put("permissions", permissions);
 
     return userInfo;
diff --git 
a/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java
 
b/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java
index cc23b26ef..f9cb3411e 100644
--- 
a/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java
+++ 
b/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/core/service/AccessTokenServiceTest.java
@@ -20,7 +20,7 @@ package org.apache.streampark.console.core.service;
 import org.apache.streampark.console.SpringTestBase;
 import org.apache.streampark.console.base.domain.RestRequest;
 import org.apache.streampark.console.base.domain.RestResponse;
-import org.apache.streampark.console.base.util.WebUtils;
+import org.apache.streampark.console.base.util.EncryptUtils;
 import org.apache.streampark.console.system.authentication.JWTToken;
 import org.apache.streampark.console.system.authentication.JWTUtil;
 import org.apache.streampark.console.system.entity.AccessToken;
@@ -49,7 +49,7 @@ public class AccessTokenServiceTest extends SpringTestBase {
     // verify
     AccessToken accessToken = (AccessToken) restResponse.get("data");
     LOG.info(accessToken.getToken());
-    JWTToken jwtToken = new 
JWTToken(WebUtils.decryptToken(accessToken.getToken()));
+    JWTToken jwtToken = new 
JWTToken(EncryptUtils.decrypt(accessToken.getToken()));
     LOG.info(jwtToken.getToken());
     String username = JWTUtil.getUserName(jwtToken.getToken());
     Assertions.assertNotNull(username);
@@ -70,7 +70,7 @@ public class AccessTokenServiceTest extends SpringTestBase {
 
     // toggle
     Long tokenId = accessToken.getId();
-    RestResponse toggleTokenResp = accessTokenService.toggleToken(tokenId);
+    RestResponse toggleTokenResp = accessTokenService.toggle(tokenId);
     Assertions.assertNotNull(toggleTokenResp);
     Assertions.assertTrue((Boolean) toggleTokenResp.get("data"));
 
@@ -80,6 +80,6 @@ public class AccessTokenServiceTest extends SpringTestBase {
     Assertions.assertEquals(AccessToken.STATUS_DISABLE, 
afterToggle.getStatus());
 
     // delete
-    Assertions.assertTrue(accessTokenService.deleteToken(tokenId));
+    Assertions.assertTrue(accessTokenService.delete(tokenId));
   }
 }
diff --git 
a/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/system/authentication/JWTTest.java
 
b/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/system/authentication/JWTTest.java
index a1df28c47..984f874e6 100644
--- 
a/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/system/authentication/JWTTest.java
+++ 
b/streampark-console/streampark-console-service/src/test/java/org/apache/streampark/console/system/authentication/JWTTest.java
@@ -19,8 +19,9 @@ package org.apache.streampark.console.system.authentication;
 
 import org.apache.streampark.common.util.DateUtils;
 import org.apache.streampark.console.SpringTestBase;
+import org.apache.streampark.console.base.util.EncryptUtils;
 import org.apache.streampark.console.core.enums.AuthenticationType;
-import org.apache.streampark.console.system.entity.AccessToken;
+import org.apache.streampark.console.system.entity.User;
 
 import com.auth0.jwt.JWT;
 import org.junit.jupiter.api.Assertions;
@@ -32,21 +33,23 @@ import java.util.TimeZone;
 class JWTTest extends SpringTestBase {
 
   @Test
-  void testExpireTime() {
+  void testExpireTime() throws Exception {
     String userName = "black";
-    String expireTime = AccessToken.DEFAULT_EXPIRE_TIME;
+    String ttl = "2022-09-01 00:00:00";
+
+    User user = new User();
+    user.setUserId(10000L);
+    user.setUsername(userName);
+    user.setSalt("streampark");
     String token =
         JWTUtil.sign(
-            10000L,
-            userName,
-            "streampark",
+            user,
             AuthenticationType.SIGN,
-            DateUtils.getTime(expireTime, DateUtils.fullFormat(), 
TimeZone.getDefault()));
-
+            DateUtils.getTime(ttl, DateUtils.fullFormat(), 
TimeZone.getDefault()));
     assert token != null;
-    Date expiresAt = JWT.decode(token).getExpiresAt();
+    Date expiresAt = JWT.decode(EncryptUtils.decrypt(token)).getExpiresAt();
     String decodeExpireTime =
         DateUtils.format(expiresAt, DateUtils.fullFormat(), 
TimeZone.getDefault());
-    Assertions.assertEquals(expireTime, decodeExpireTime);
+    Assertions.assertEquals(ttl, decodeExpireTime);
   }
 }

(incubator-streampark) branch dev-2.1.5 updated: [Improve] openapi access bug fixed. (#3938)

Reply via email to