From 48065e720ebb68c330aec45969778242f1331ddc Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Thu, 5 Sep 2024 15:48:31 +0800
Subject: [PATCH] =?UTF-8?q?fix(X-Pack):=20CAS=E7=99=BB=E5=BD=95=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E4=BD=BF=E7=94=A8=E5=AE=9A=E6=97=B6=E6=8A=A5=E5=91=8A?=
 =?UTF-8?q?=E6=97=A0=E6=95=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../dataease/auth/config/cas/CasStrategy.java | 22 +++++++-
 .../java/io/dataease/auth/util/JWTUtils.java  | 12 ++++
 .../strategy/impl/EmailTaskHandler.java       | 10 +++-
 core/frontend/public/link.html                | 55 +++++++++++--------
 4 files changed, 71 insertions(+), 28 deletions(-)

diff --git a/core/backend/src/main/java/io/dataease/auth/config/cas/CasStrategy.java b/core/backend/src/main/java/io/dataease/auth/config/cas/CasStrategy.java
index 82d5187a82..b1b6990dff 100644
--- a/core/backend/src/main/java/io/dataease/auth/config/cas/CasStrategy.java
+++ b/core/backend/src/main/java/io/dataease/auth/config/cas/CasStrategy.java
@@ -1,9 +1,14 @@
 package io.dataease.auth.config.cas;
 
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.Claim;
+import com.auth0.jwt.interfaces.DecodedJWT;
 import io.dataease.auth.service.impl.ShiroServiceImpl;
 import io.dataease.commons.utils.CommonBeanFactory;
+import io.dataease.commons.utils.LogUtil;
 import io.dataease.commons.utils.ServletUtils;
 import io.dataease.service.system.SystemParameterService;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.util.AntPathMatcher;
 import org.jasig.cas.client.authentication.UrlPatternMatcherStrategy;
@@ -38,9 +43,9 @@ public class CasStrategy implements UrlPatternMatcherStrategy {
             s = s.substring(beginIndex + serverName.length());
         }
         if (StringUtils.equals("/", s)) {
-            if (fromLink(serverName)) return true;
-            return false;
+            return fromLink(serverName);
         }
+        if (fromShot()) return true;
         if (StringUtils.equals("/login", s)) return false;
         if (StringUtils.startsWith(s, "/cas/callBack")) return false;
         if (StringUtils.equals("/api/auth/deLogout", s)) return true;
@@ -74,4 +79,17 @@ public class CasStrategy implements UrlPatternMatcherStrategy {
         }
         return false;
     }
+
+    private Boolean fromShot() {
+        String token = ServletUtils.getToken();
+        if (StringUtils.isBlank(token)) return false;
+        try {
+            DecodedJWT jwt = JWT.decode(token);
+            Claim forShot = jwt.getClaim("forShot");
+            return ObjectUtils.isNotEmpty(forShot) && forShot.asBoolean();
+        } catch (Exception e) {
+            LogUtil.error(e.getMessage());
+            return false;
+        }
+    }
 }
diff --git a/core/backend/src/main/java/io/dataease/auth/util/JWTUtils.java b/core/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
index 9817264a00..3a6ef78157 100644
--- a/core/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
+++ b/core/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
@@ -125,6 +125,18 @@ public class JWTUtils {
         return IPUtils.get();
     }
 
+    public static String signShotToken(TokenInfo tokenInfo, String secret) {
+        Long userId = tokenInfo.getUserId();
+        long expireTimeMillis = getExpireTime();
+        Date date = new Date(System.currentTimeMillis() + expireTimeMillis);
+        Algorithm algorithm = Algorithm.HMAC256(secret);
+        Builder builder = JWT.create()
+                .withClaim("username", tokenInfo.getUsername())
+                .withClaim("forShot", true)
+                .withClaim("userId", userId);
+        return builder.withExpiresAt(date).sign(algorithm);
+    }
+
     public static String sign(TokenInfo tokenInfo, String secret, boolean writeOnline) {
 
         Long userId = tokenInfo.getUserId();
diff --git a/core/backend/src/main/java/io/dataease/job/sechedule/strategy/impl/EmailTaskHandler.java b/core/backend/src/main/java/io/dataease/job/sechedule/strategy/impl/EmailTaskHandler.java
index d358691b26..3f673ce971 100644
--- a/core/backend/src/main/java/io/dataease/job/sechedule/strategy/impl/EmailTaskHandler.java
+++ b/core/backend/src/main/java/io/dataease/job/sechedule/strategy/impl/EmailTaskHandler.java
@@ -435,9 +435,7 @@ public class EmailTaskHandler extends TaskHandler implements Job {
 
     private String tokenByUser(SysUserEntity user) {
         TokenInfo tokenInfo = TokenInfo.builder().userId(user.getUserId()).username(user.getUsername()).build();
-        String token = JWTUtils.sign(tokenInfo, user.getPassword(), false);
-
-        return token;
+        return JWTUtils.signShotToken(tokenInfo, user.getPassword());
     }
 
     private String panelUrl(String panelId) {
@@ -445,4 +443,10 @@ public class EmailTaskHandler extends TaskHandler implements Job {
         return domain + "/#/previewScreenShot/" + panelId + "/true";
     }
 
+    public static void main(String[] args) {
+        TokenInfo tokenInfo = TokenInfo.builder().userId(1L).username("admin").build();
+        String contextPath = JWTUtils.signShotToken(tokenInfo, "ae8000252199d4f2aa00e3b99e6f9934");
+        System.out.println(contextPath);
+    }
+
 }
diff --git a/core/frontend/public/link.html b/core/frontend/public/link.html
index 635a6d4f8d..891957b9af 100644
--- a/core/frontend/public/link.html
+++ b/core/frontend/public/link.html
@@ -29,30 +29,39 @@
     }
     return (false)
   }
-  const link = getQueryVariable('link')
-  const user = getQueryVariable('user')
-  const terminal = getQueryVariable('terminal')
-  const attachParams = getQueryVariable('attachParams')
-  const fromLink = getQueryVariable('fromLink')
-  const ticket = getQueryVariable('ticket')
-  const baseUrl = window.location.pathname.replace('link.html', '')
-  let url = baseUrl + "#/delink?link=" + encodeURIComponent(link)
-  if (terminal) {
-    url += '&terminal=' + terminal
+  const shot = getQueryVariable('shot')
+  if (shot) {
+    const panelId = getQueryVariable('panelId')
+    const baseUrl = window.location.pathname.replace('link.html', '')
+    const shoturl = baseUrl + "#/previewScreenShot/" + panelId + "/true"
+    window.location.href = shoturl
+  } else {
+    const link = getQueryVariable('link')
+    const user = getQueryVariable('user')
+    const terminal = getQueryVariable('terminal')
+    const attachParams = getQueryVariable('attachParams')
+    const fromLink = getQueryVariable('fromLink')
+    const ticket = getQueryVariable('ticket')
+    const baseUrl = window.location.pathname.replace('link.html', '')
+    let url = baseUrl + "#/delink?link=" + encodeURIComponent(link)
+    if (terminal) {
+      url += '&terminal=' + terminal
+    }
+    if (user) {
+      url += '&user=' + encodeURIComponent(user)
+    }
+    if (attachParams) {
+      url += '&attachParams=' + encodeURIComponent(attachParams)
+    }
+    if (fromLink) {
+      url += '&fromLink=' + fromLink
+    }
+    if (ticket) {
+      url += '&ticket=' + ticket
+    }
+    window.location.href = url
   }
-  if (user) {
-    url += '&user=' + encodeURIComponent(user)
-  }
-  if (attachParams) {
-    url += '&attachParams=' + encodeURIComponent(attachParams)
-  }
-  if (fromLink) {
-    url += '&fromLink=' + fromLink
-  }
-  if (ticket) {
-    url += '&ticket=' + ticket
-  }
-  window.location.href = url
+  
 </script>
 
 </html>