feat: 统一分享链接token认证 TencentBlueKing#2478

* feat: 修改拉取release分支规则 TencentBlueKing#2479 * feat: 统一分享链接token认证 TencentBlueKing#2478 * feat: 统一分享链接token认证 TencentBlueKing#2478 * feat: 统一分享链接token认证 TencentBlueKing#2478 * feat: 统一分享链接token认证 TencentBlueKing#2478
lannoy0523 · Aug 26, 2024 · 34a29dd · 34a29dd
1 parent 4be6bcb
commit 34a29dd
Show file tree

Hide file tree

Showing 15 changed files with 100 additions and 632 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,8 +18,9 @@ jobs:
         run: |
           version="${GITHUB_REF_NAME#v}"
           branch="${version%%-rc.*}"
-          rc="$(echo $version | grep -o '[0-9]*$')"
-          if [[ "$rc" == "1" ]]; then
+          IFS='.' read -ra ADDR <<< "$branch"
+          patch=${ADDR[2]}
+          if [[ "$patch" == "0" ]]; then
             git checkout -b release-$branch
             git push origin release-$branch
           fi

diff --git a/...eneric/src/main/kotlin/com/tencent/bkrepo/generic/controller/TemporaryAccessController.kt b/...eneric/src/main/kotlin/com/tencent/bkrepo/generic/controller/TemporaryAccessController.kt
@@ -62,6 +62,7 @@ import com.tencent.bkrepo.generic.pojo.TemporaryUrlCreateRequest
 import com.tencent.bkrepo.generic.pojo.UploadTransactionInfo
 import com.tencent.bkrepo.generic.service.TemporaryAccessService
 import com.tencent.bkrepo.generic.service.UploadService
+import io.swagger.annotations.ApiOperation
 import org.springframework.http.HttpMethod
 import org.springframework.web.bind.annotation.CrossOrigin
 import org.springframework.web.bind.annotation.DeleteMapping
@@ -103,6 +104,22 @@ class TemporaryAccessController(
         }
     }
 
+    @ApiOperation("下载分享文件")
+    @Router
+    @CrossOrigin
+    @GetMapping("/share/$GENERIC_MAPPING_URI")
+    fun download(
+        @RequestAttribute userId: String,
+        @RequestParam token: String,
+        @RequestParam("userId") downloadUserId: String?,
+        artifactInfo: GenericArtifactInfo
+    ) {
+        val downloadUser = downloadUserId ?: userId
+        val tokenInfo = temporaryAccessService.validateToken(token, artifactInfo, TokenType.DOWNLOAD)
+        temporaryAccessService.downloadByShare(downloadUser, tokenInfo.createdBy, artifactInfo)
+        temporaryAccessService.decrementPermits(tokenInfo)
+    }
+
     @Router
     @CrossOrigin
     @GetMapping("/download/$GENERIC_MAPPING_URI")

diff --git a/.../biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt b/.../biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt
@@ -36,10 +36,11 @@ import com.tencent.bkrepo.auth.pojo.enums.PermissionAction
 import com.tencent.bkrepo.auth.pojo.token.TemporaryTokenCreateRequest
 import com.tencent.bkrepo.auth.pojo.token.TemporaryTokenInfo
 import com.tencent.bkrepo.auth.pojo.token.TokenType
-import com.tencent.bkrepo.common.api.constant.AUTH_HEADER_UID
 import com.tencent.bkrepo.common.api.constant.HttpStatus
-import com.tencent.bkrepo.common.api.constant.StringPool
 import com.tencent.bkrepo.common.api.constant.USER_KEY
+import com.tencent.bkrepo.common.api.constant.ANONYMOUS_USER
+import com.tencent.bkrepo.common.api.constant.AUTH_HEADER_UID
+import com.tencent.bkrepo.common.api.constant.StringPool
 import com.tencent.bkrepo.common.api.exception.BadRequestException
 import com.tencent.bkrepo.common.api.exception.ErrorCodeException
 import com.tencent.bkrepo.common.api.message.CommonMessageCode
@@ -51,6 +52,7 @@ import com.tencent.bkrepo.common.artifact.api.ArtifactInfo
 import com.tencent.bkrepo.common.artifact.constant.DEFAULT_STORAGE_KEY
 import com.tencent.bkrepo.common.artifact.constant.REPO_KEY
 import com.tencent.bkrepo.common.artifact.event.ChunkArtifactTransferEvent
+import com.tencent.bkrepo.common.artifact.exception.NodeNotFoundException
 import com.tencent.bkrepo.common.artifact.exception.RepoNotFoundException
 import com.tencent.bkrepo.common.artifact.message.ArtifactMessageCode
 import com.tencent.bkrepo.common.artifact.metrics.ChunkArtifactTransferMetrics
@@ -126,6 +128,34 @@ class TemporaryAccessService(
         }
     }
 
+    fun downloadByShare(userId: String, shareBy: String, artifactInfo: ArtifactInfo) {
+        logger.info("share artifact[$artifactInfo] download user: $userId")
+        checkAlphaApkDownloadUser(userId, artifactInfo, shareBy)
+        with(artifactInfo) {
+            val downloadUser = if (userId == ANONYMOUS_USER) shareBy else userId
+            val repo = repositoryClient.getRepoDetail(projectId, repoName).data
+                ?: throw ErrorCodeException(ArtifactMessageCode.REPOSITORY_NOT_FOUND, repoName)
+            val context = ArtifactDownloadContext(repo = repo, userId = downloadUser)
+            context.shareUserId = shareBy
+            val repository = ArtifactContextHolder.getRepository(context.repositoryDetail.category)
+            repository.download(context)
+        }
+    }
+
+    /**
+     * 加固签名的apk包，匿名下载时，使用分享人身份下载
+     */
+    private fun checkAlphaApkDownloadUser(userId: String, artifactInfo: ArtifactInfo, shareUserId: String) {
+        val nodeDetail = ArtifactContextHolder.getNodeDetail(artifactInfo)
+            ?: throw NodeNotFoundException(artifactInfo.getArtifactFullPath())
+        val appStageKey = nodeDetail.metadata.keys.find { it.equals(BK_CI_APP_STAGE_KEY, true) }
+            ?: return
+        val alphaApk = nodeDetail.metadata[appStageKey]?.toString().equals(ALPHA, true)
+        if (alphaApk && userId == ANONYMOUS_USER) {
+            HttpContextHolder.getRequest().setAttribute(USER_KEY, shareUserId)
+        }
+    }
+
     /**
      * 根据[request]创建临时访问url
      * type必须指定具体的类型否则无法确定url
@@ -429,5 +459,7 @@ class TemporaryAccessService(
         private val logger = LoggerFactory.getLogger(TemporaryAccessService::class.java)
         private const val TEMPORARY_DOWNLOAD_ENDPOINT = "/temporary/download"
         private const val TEMPORARY_UPLOAD_ENDPOINT = "/temporary/upload"
+        private const val BK_CI_APP_STAGE_KEY = "BK-CI-APP-STAGE"
+        private const val ALPHA = "Alpha"
     }
 }
diff --git a/.../api-repository/src/main/kotlin/com/tencent/bkrepo/repository/api/TemporaryTokenClient.kt b/.../api-repository/src/main/kotlin/com/tencent/bkrepo/repository/api/TemporaryTokenClient.kt
diff --git a/...ler/service/ClusterNodeShareController.kt → ...ler/cluster/ClusterNodeShareController.kt b/...ler/service/ClusterNodeShareController.kt → ...ler/cluster/ClusterNodeShareController.kt
@@ -25,7 +25,7 @@
  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 
-package com.tencent.bkrepo.repository.controller.service
+package com.tencent.bkrepo.repository.controller.cluster
 
 import com.tencent.bkrepo.common.api.pojo.Response
 import com.tencent.bkrepo.common.artifact.api.ArtifactInfo

diff --git a/.../main/kotlin/com/tencent/bkrepo/repository/controller/service/TemporaryTokenController.kt b/.../main/kotlin/com/tencent/bkrepo/repository/controller/service/TemporaryTokenController.kt
diff --git a/...ory/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/dao/TemporaryTokenDao.kt b/...ory/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/dao/TemporaryTokenDao.kt