Merge pull request #117 from limboinf/master

Encrypt sensitive information.
AutohomeCorp · Sep 16, 2022 · b1cf717 · b1cf717
2 parents c80fe6d + cee2189
commit b1cf717
Show file tree

Hide file tree

Showing 20 changed files with 408 additions and 68 deletions.
diff --git a/...r/src/main/java/com/autohome/frostmourne/monitor/config/properties/EncryptProperties.java b/...r/src/main/java/com/autohome/frostmourne/monitor/config/properties/EncryptProperties.java
@@ -0,0 +1,59 @@
+package com.autohome.frostmourne.monitor.config.properties;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+
+/**
+ * 加密配置类
+ *
+ * @author limbo
+ * @since 2022/9/14 13:48
+ */
+@Configuration
+public class EncryptProperties implements InitializingBean {
+
+    private static EncryptProperties prop = null;
+
+    public static EncryptProperties getInstance () {
+        return prop;
+    }
+
+    @Override
+    public void afterPropertiesSet() throws Exception {
+        prop = this;
+    }
+
+    /**
+     * 密钥
+     */
+    @Value("${encrypt.key:EX31$@*^ac1}")
+    private String key;
+
+    /**
+     * 敏感字段列表
+     *
+     * 默认会对 data_source表 properties字段值进行加密
+     * 对于username, password等配置等敏感字段也要进行加解密操作，避免在前端泄漏
+     */
+    @Value("#{'${encrypt.sensitives:username,password}'.split(',')}")
+    private List<String> sensitiveFields;
+
+    public String getKey() {
+        return key;
+    }
+
+    public void setKey(String key) {
+        this.key = key;
+    }
+
+    public List<String> getSensitiveFields() {
+        return sensitiveFields;
+    }
+
+    public void setSensitiveFields(List<String> sensitiveFields) {
+        this.sensitiveFields = sensitiveFields;
+    }
+}
diff --git a/...ne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AdminController.java b/...ne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AdminController.java
@@ -4,6 +4,7 @@
 
 import com.autohome.frostmourne.monitor.dao.mybatis.frostmourne.domain.generate.Alarm;
 import com.autohome.frostmourne.monitor.model.enums.AlarmStatus;
+import com.autohome.frostmourne.monitor.tool.AESUtils;
 import org.springframework.web.bind.annotation.*;
 
 import com.autohome.frostmourne.common.contract.PagerContract;
@@ -12,6 +13,9 @@
 import com.autohome.frostmourne.monitor.service.admin.IAlarmAdminService;
 import com.autohome.frostmourne.monitor.tool.AuthTool;
 
+import java.util.Map;
+import java.util.Objects;
+
 @RestController
 @RequestMapping(value = {"/admin", "/api/monitor-api/admin"})
 public class AdminController {
@@ -58,6 +62,13 @@ public Protocol<AlarmContract> findById(@RequestParam(value = "alarmId") Long al
         if (alarmContract == null) {
             return new Protocol<>(404, "监控不存在");
         }
+
+        // 敏感信息加密
+        Map<String, String> settings = alarmContract.getMetricContract().getDataSourceContract().getSettings();
+        if (Objects.nonNull(settings)) {
+            AESUtils.encryptMappingSensitive(settings);
+            alarmContract.getMetricContract().getDataSourceContract().setSettings(settings);
+        }
         return new Protocol<>(alarmContract);
     }
 
@@ -66,4 +77,5 @@ public Protocol<PagerContract<Alarm>> list(int pageIndex, int pageSize, Long ala
         PagerContract<Alarm> pagerContract = this.alarmAdminService.find(pageIndex, pageSize, alarmId, name, teamName, status, serviceId);
         return new Protocol<>(pagerContract);
     }
+
 }
diff --git a/...e-monitor/src/main/java/com/autohome/frostmourne/monitor/dao/jdbc/DataSourceJdbcType.java b/...e-monitor/src/main/java/com/autohome/frostmourne/monitor/dao/jdbc/DataSourceJdbcType.java
@@ -1,5 +1,7 @@
 package com.autohome.frostmourne.monitor.dao.jdbc;
 
+import com.autohome.frostmourne.monitor.model.enums.DataSourceType;
+
 public enum DataSourceJdbcType {
 
     /**
@@ -32,4 +34,8 @@ public String getDriverClassName() {
         return driverClassName;
     }
 
+    public static DataSourceJdbcType fromDataSourceType(DataSourceType dataSourceType) {
+        return DataSourceJdbcType.valueOf(dataSourceType.name().toUpperCase());
+    }
+
 }
diff --git a/...r/src/main/java/com/autohome/frostmourne/monitor/dao/jdbc/impl/DataSourceJdbcManager.java b/...r/src/main/java/com/autohome/frostmourne/monitor/dao/jdbc/impl/DataSourceJdbcManager.java
@@ -6,7 +6,6 @@
 
 import javax.sql.DataSource;
 
-import com.autohome.frostmourne.monitor.model.enums.DataSourceType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -97,13 +96,7 @@ private void closeDataSource(DruidDataSource dataSource) {
 
     private DruidDataSource createDataSource(DataSourceContract dataSourceContract) throws SQLException {
         DruidDataSource dataSource = new DruidDataSource();
-        if (DataSourceType.clickhouse.equals(dataSourceContract.getDatasourceType())) {
-            dataSource.setDriverClassName(DataSourceJdbcType.CLICKHOUSE.getDriverClassName());
-        } else if (DataSourceType.mysql.equals(dataSourceContract.getDatasourceType())) {
-            dataSource.setDriverClassName(DataSourceJdbcType.MYSQL.getDriverClassName());
-        } else if (DataSourceType.sqlserver.equals(dataSourceContract.getDatasourceType())) {
-            dataSource.setDriverClassName(DataSourceJdbcType.SQLSERVER.getDriverClassName());
-        }
+        dataSource.setDriverClassName(DataSourceJdbcType.fromDataSourceType(dataSourceContract.getDatasourceType()).getDriverClassName());
         dataSource.setUrl(dataSourceContract.getServiceAddress());
         dataSource.setUsername(dataSourceContract.getSettings().get("username"));
         dataSource.setPassword(dataSourceContract.getSettings().get("password"));

diff --git a/.../com/autohome/frostmourne/monitor/dao/mybatis/frostmourne/domain/generate/DataSource.java b/.../com/autohome/frostmourne/monitor/dao/mybatis/frostmourne/domain/generate/DataSource.java
@@ -167,4 +167,19 @@ public int hashCode() {
         result = prime * result + ((getProperties() == null) ? 0 : getProperties().hashCode());
         return result;
     }
+
+    @Override
+    public String toString() {
+        return "DataSource{" +
+                "id=" + id +
+                ", datasourceName='" + datasourceName + '\'' +
+                ", datasourceType=" + datasourceType +
+                ", serviceAddress='" + serviceAddress + '\'' +
+                ", creator='" + creator + '\'' +
+                ", createAt=" + createAt +
+                ", modifier='" + modifier + '\'' +
+                ", modifyAt=" + modifyAt +
+                ", properties='" + properties + '\'' +
+                '}';
+    }
 }
diff --git a/...e/frostmourne/monitor/dao/mybatis/frostmourne/mapper/dynamic/DataSourceDynamicMapper.java b/...e/frostmourne/monitor/dao/mybatis/frostmourne/mapper/dynamic/DataSourceDynamicMapper.java
@@ -6,6 +6,8 @@
 import com.autohome.frostmourne.monitor.dao.mybatis.frostmourne.domain.generate.DataSource;
 import java.util.List;
 import java.util.Optional;
+
+import com.autohome.frostmourne.monitor.handler.CryptoTypeHandler;
 import org.apache.ibatis.annotations.DeleteProvider;
 import org.apache.ibatis.annotations.InsertProvider;
 import org.apache.ibatis.annotations.Mapper;
@@ -58,7 +60,7 @@ public interface DataSourceDynamicMapper {
         @Result(column="create_at", property="createAt", jdbcType=JdbcType.TIMESTAMP),
         @Result(column="modifier", property="modifier", jdbcType=JdbcType.VARCHAR),
         @Result(column="modify_at", property="modifyAt", jdbcType=JdbcType.TIMESTAMP),
-        @Result(column="properties", property="properties", jdbcType=JdbcType.LONGVARCHAR)
+        @Result(column="properties", property="properties", jdbcType=JdbcType.LONGVARCHAR, typeHandler = CryptoTypeHandler.class)
     })
     List<DataSource> selectMany(SelectStatementProvider selectStatement);
 

diff --git a/...ostmourne/monitor/dao/mybatis/frostmourne/mapper/dynamic/DataSourceDynamicSqlSupport.java b/...ostmourne/monitor/dao/mybatis/frostmourne/mapper/dynamic/DataSourceDynamicSqlSupport.java
@@ -71,7 +71,7 @@ public static final class DataSource extends SqlTable {
 
         public final SqlColumn<Date> modifyAt = column("modify_at", JDBCType.TIMESTAMP);
 
-        public final SqlColumn<String> properties = column("properties", JDBCType.LONGVARCHAR);
+        public final SqlColumn<String> properties = column("properties", JDBCType.LONGVARCHAR, "com.autohome.frostmourne.monitor.handler.CryptoTypeHandler");
 
         public DataSource() {
             super("data_source");

diff --git a/...rne-monitor/src/main/java/com/autohome/frostmourne/monitor/handler/CryptoTypeHandler.java b/...rne-monitor/src/main/java/com/autohome/frostmourne/monitor/handler/CryptoTypeHandler.java
@@ -0,0 +1,58 @@
+package com.autohome.frostmourne.monitor.handler;
+
+import com.autohome.frostmourne.monitor.tool.AESUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.ibatis.type.JdbcType;
+import org.apache.ibatis.type.MappedTypes;
+import org.apache.ibatis.type.TypeHandler;
+
+import java.sql.*;
+import java.util.Objects;
+
+/**
+ * 加解密mybatis TypeHandler
+ *
+ * @author limbo
+ * @since 2022/9/9 15:08
+ */
+@MappedTypes({String.class})
+public class CryptoTypeHandler implements TypeHandler<String> {
+
+    /**
+     * 设置加密
+     */
+    @Override
+    public void setParameter(PreparedStatement preparedStatement, int i, String parameter, JdbcType jdbcType) throws SQLException {
+        if (StringUtils.isNotBlank(parameter)) {
+            preparedStatement.setString(i, AESUtils.encrypt(parameter));
+        } else {
+            preparedStatement.setNull(i, Types.VARCHAR);
+        }
+    }
+
+    /**
+     * 设置解密
+     */
+    @Override
+    public String getResult(ResultSet resultSet, String columnName) throws SQLException {
+        return decrypt(resultSet.getString(columnName));
+    }
+
+    @Override
+    public String getResult(ResultSet resultSet, int columnIndex) throws SQLException {
+        return decrypt(resultSet.getString(columnIndex));
+    }
+
+    @Override
+    public String getResult(CallableStatement callableStatement, int columnIndex) throws SQLException {
+        return decrypt(callableStatement.getString(columnIndex));
+    }
+
+    private String decrypt(String result) {
+        if (StringUtils.isNotBlank(result)) {
+            String decrypt = AESUtils.decrypt(result);
+            return Objects.nonNull(decrypt) ? decrypt : result;
+        }
+        return result;
+    }
+}
diff --git a/...rne-monitor/src/main/java/com/autohome/frostmourne/monitor/model/contract/DataOption.java b/...rne-monitor/src/main/java/com/autohome/frostmourne/monitor/model/contract/DataOption.java
@@ -1,26 +1,13 @@
 package com.autohome.frostmourne.monitor.model.contract;
 
+import lombok.Data;
+
 import java.util.List;
 
+@Data
 public class DataOption {
 
     private String datasourceType;
 
     private List<DataSourceOption> dataSourceOptionList;
-
-    public String getDatasourceType() {
-        return datasourceType;
-    }
-
-    public void setDatasourceType(String datasourceType) {
-        this.datasourceType = datasourceType;
-    }
-
-    public List<DataSourceOption> getDataSourceOptionList() {
-        return dataSourceOptionList;
-    }
-
-    public void setDataSourceOptionList(List<DataSourceOption> dataSourceOptionList) {
-        this.dataSourceOptionList = dataSourceOptionList;
-    }
 }
diff --git a/...tor/src/main/java/com/autohome/frostmourne/monitor/model/contract/DataSourceContract.java b/...tor/src/main/java/com/autohome/frostmourne/monitor/model/contract/DataSourceContract.java
@@ -96,4 +96,19 @@ public Date getModifyAt() {
     public void setModifyAt(Date modifyAt) {
         this.modifyAt = modifyAt;
     }
+
+    @Override
+    public String toString() {
+        return "DataSourceContract{" +
+                "id=" + id +
+                ", datasourceName='" + datasourceName + '\'' +
+                ", datasourceType=" + datasourceType +
+                ", serviceAddress='" + serviceAddress + '\'' +
+                ", settings=" + settings +
+                ", creator='" + creator + '\'' +
+                ", createAt=" + createAt +
+                ", modifier='" + modifier + '\'' +
+                ", modifyAt=" + modifyAt +
+                '}';
+    }
 }
diff --git a/...nitor/src/main/java/com/autohome/frostmourne/monitor/model/contract/DataSourceOption.java b/...nitor/src/main/java/com/autohome/frostmourne/monitor/model/contract/DataSourceOption.java
@@ -3,26 +3,14 @@
 import java.util.List;
 
 import com.autohome.frostmourne.monitor.dao.mybatis.frostmourne.domain.generate.DataSource;
+import com.autohome.frostmourne.monitor.model.vo.DataSourceVO;
+import lombok.Data;
 
+@Data
 public class DataSourceOption {
 
-    private DataSource dataSource;
+    private DataSourceVO dataSourceVO;
 
     private List<DataNameContract> dataNameContractList;
 
-    public DataSource getDataSource() {
-        return dataSource;
-    }
-
-    public void setDataSource(DataSource dataSource) {
-        this.dataSource = dataSource;
-    }
-
-    public List<DataNameContract> getDataNameContractList() {
-        return dataNameContractList;
-    }
-
-    public void setDataNameContractList(List<DataNameContract> dataNameContractList) {
-        this.dataNameContractList = dataNameContractList;
-    }
 }
diff --git a/...tmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/model/vo/DataSourceVO.java b/...tmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/model/vo/DataSourceVO.java
@@ -0,0 +1,32 @@
+package com.autohome.frostmourne.monitor.model.vo;
+
+import com.autohome.frostmourne.monitor.model.enums.DataSourceType;
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * description
+ *
+ * @author limbo
+ * @since 2022/9/14 18:55
+ */
+@Data
+@Builder
+public class DataSourceVO {
+
+    /**
+     * 主键
+     */
+    private Long id;
+
+    /**
+     * 数据源名称
+     */
+    private String datasourceName;
+
+    /**
+     * 数据源类型。(Elasticsearch, Influxdb)
+     */
+    private DataSourceType datasourceType;
+
+}