Encrypt sensitive api data exposed to the webUI.

AutohomeCorp · Sep 16, 2022 · 5cc4df1 · 5cc4df1
1 parent bbbe8d5
commit 5cc4df1
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 11 deletions.
diff --git a/...ne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AdminController.java b/...ne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AdminController.java
@@ -4,6 +4,7 @@
 
 import com.autohome.frostmourne.monitor.dao.mybatis.frostmourne.domain.generate.Alarm;
 import com.autohome.frostmourne.monitor.model.enums.AlarmStatus;
+import com.autohome.frostmourne.monitor.tool.AESUtils;
 import org.springframework.web.bind.annotation.*;
 
 import com.autohome.frostmourne.common.contract.PagerContract;
@@ -12,6 +13,9 @@
 import com.autohome.frostmourne.monitor.service.admin.IAlarmAdminService;
 import com.autohome.frostmourne.monitor.tool.AuthTool;
 
+import java.util.Map;
+import java.util.Objects;
+
 @RestController
 @RequestMapping(value = {"/admin", "/api/monitor-api/admin"})
 public class AdminController {
@@ -58,6 +62,13 @@ public Protocol<AlarmContract> findById(@RequestParam(value = "alarmId") Long al
         if (alarmContract == null) {
             return new Protocol<>(404, "监控不存在");
         }
+
+        // 敏感信息加密
+        Map<String, String> settings = alarmContract.getMetricContract().getDataSourceContract().getSettings();
+        if (Objects.nonNull(settings)) {
+            AESUtils.encryptMappingSensitive(settings);
+            alarmContract.getMetricContract().getDataSourceContract().setSettings(settings);
+        }
         return new Protocol<>(alarmContract);
     }
 
@@ -66,4 +77,5 @@ public Protocol<PagerContract<Alarm>> list(int pageIndex, int pageSize, Long ala
         PagerContract<Alarm> pagerContract = this.alarmAdminService.find(pageIndex, pageSize, alarmId, name, teamName, status, serviceId);
         return new Protocol<>(pagerContract);
     }
+
 }
diff --git a/.../src/main/java/com/autohome/frostmourne/monitor/service/admin/impl/AlarmAdminService.java b/.../src/main/java/com/autohome/frostmourne/monitor/service/admin/impl/AlarmAdminService.java
@@ -146,10 +146,7 @@ public boolean close(Long alarmId) {
     public AlarmContract findById(Long alarmId) {
         AlarmContract alarmContract = new AlarmContract();
         Optional<Alarm> optionalAlarm = alarmRepository.selectByPrimaryKey(alarmId);
-        if (!optionalAlarm.isPresent()) {
-            return null;
-        }
-        Alarm alarm = optionalAlarm.get();
+        Alarm alarm = optionalAlarm.orElseThrow(() -> new ProtocolException(404, String.format("The alarm[id=%s] not exists", alarmId)));
         alarmContract.setId(alarmId);
         alarmContract.setStatus(alarm.getStatus());
         alarmContract.setOwnerKey(alarm.getOwnerKey());

diff --git a/frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/tool/AESUtils.java b/frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/tool/AESUtils.java
@@ -4,13 +4,16 @@
 import org.apache.commons.codec.binary.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.util.CollectionUtils;
 
 import javax.crypto.*;
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.List;
+import java.util.Map;
 
 /**
  * AES utils
@@ -77,4 +80,15 @@ private static String doAES(String data, int mode)
         }
     }
 
+    public static void encryptMappingSensitive(Map<String, String> settings) {
+        try {
+            List<String> sensitiveFields = EncryptProperties.getInstance().getSensitiveFields();
+            if (!CollectionUtils.isEmpty(sensitiveFields)) {
+                sensitiveFields.forEach(field -> settings.computeIfPresent(field, (k, v) -> encrypt(v)));
+            }
+        } catch (Exception e) {
+            LOGGER.error("encryptMappingSensitive error", e);
+        }
+    }
+
 }
diff --git a/...nitor/src/main/java/com/autohome/frostmourne/monitor/transform/DataSourceTransformer.java b/...nitor/src/main/java/com/autohome/frostmourne/monitor/transform/DataSourceTransformer.java
@@ -48,7 +48,7 @@ public static DataSourceContract model2Contract(DataSource dataSource, boolean e
             }
             // 加密敏感字段
             if (encrypt) {
-                handleEncryptSettings(settings);
+                AESUtils.encryptMappingSensitive(settings);
             }
             dataSourceContract.setSettings(settings);
         } else {
@@ -61,10 +61,4 @@ public static DataSourceContract model2Contract(DataSource dataSource, boolean e
         return dataSourceContract;
     }
 
-    private static void handleEncryptSettings(Map<String, String> settings) {
-        List<String> sensitiveFields = EncryptProperties.getInstance().getSensitiveFields();
-        if (!CollectionUtils.isEmpty(sensitiveFields)) {
-            sensitiveFields.forEach(field -> settings.computeIfPresent(field, (k, v) -> AESUtils.encrypt(v)));
-        }
-    }
 }