1. remove password type keys from js datasource config

lvhuichao · lvhuichao · commit 14c4ddae70a5 · 2023-01-17T21:24:43.000+08:00
2. make /datasourceTypes public
diff --git a/server/api-service/openblocks-domain/src/main/java/com/openblocks/domain/datasource/service/DatasourceService.java b/server/api-service/openblocks-domain/src/main/java/com/openblocks/domain/datasource/service/DatasourceService.java
@@ -20,8 +20,13 @@ public interface DatasourceService {
 
     Mono<DatasourceTestResult> testDatasource(Datasource datasource);
 
+    /**
+     * before merge, encrypt, decrypt, and removePasswords
+     */
     Mono<Void> processJsDatasourcePlugin(Datasource datasource);
 
+    Mono<Void> removePasswordTypeKeysFromJsDatasourcePluginConfig(Datasource datasource);
+
     Flux<Datasource> getByOrgId(String orgId);
 
     Mono<Long> countByOrganizationId(String orgId);
diff --git a/server/api-service/openblocks-domain/src/main/java/com/openblocks/domain/datasource/service/impl/DatasourceServiceImpl.java b/server/api-service/openblocks-domain/src/main/java/com/openblocks/domain/datasource/service/impl/DatasourceServiceImpl.java
@@ -186,7 +186,7 @@ private Mono<DatasourceTestResult> testDatasourceByNodeJs(Datasource datasource)
     }
 
     /**
-     * before merge, encrypt, decrypt
+     * before merge, encrypt, decrypt, and removePasswords
      */
     @Override
     public Mono<Void> processJsDatasourcePlugin(Datasource datasource) {
@@ -207,6 +207,17 @@ public Mono<Void> processJsDatasourcePlugin(Datasource datasource) {
         });
     }
 
+    @Override
+    public Mono<Void> removePasswordTypeKeysFromJsDatasourcePluginConfig(Datasource datasource) {
+        return processJsDatasourcePlugin(datasource)
+                .doFinally(__ -> {
+                    if (datasourceMetaInfoService.isJsDatasourcePlugin(datasource.getType())
+                            && datasource.getDetailConfig() instanceof JsDatasourceConnectionConfig jsDatasourceConnectionConfig) {
+                        jsDatasourceConnectionConfig.removePasswords();
+                    }
+                });
+    }
+
     @Override
     public Flux<Datasource> getByOrgId(String orgId) {
         return repository.findAllByOrganizationId(orgId);
diff --git a/server/api-service/openblocks-sdk/src/main/java/com/openblocks/sdk/models/JsDatasourceConnectionConfig.java b/server/api-service/openblocks-sdk/src/main/java/com/openblocks/sdk/models/JsDatasourceConnectionConfig.java
@@ -65,6 +65,12 @@ private List<?> getParams() {
         return Collections.emptyList();
     }
 
+    public void removePasswords() {
+        for (String passwordKey : getPasswordTypeKeys()) {
+            this.remove(passwordKey);
+        }
+    }
+
     @Override
     public DatasourceConnectionConfig mergeWithUpdatedConfig(DatasourceConnectionConfig detailConfig) {
         if (!(detailConfig instanceof JsDatasourceConnectionConfig jsDatasourceConnectionConfig)) {
diff --git a/server/api-service/openblocks-server/src/main/java/com/openblocks/api/datasource/DatasourceApiService.java b/server/api-service/openblocks-server/src/main/java/com/openblocks/api/datasource/DatasourceApiService.java
@@ -113,16 +113,18 @@ public Flux<DatasourceView> listOrgDataSources(String orgId) {
                 .cache();
 
         // build view
-        return datasourceFlux.flatMap(datasource ->
-                Mono.zip(datasourceId2MaxPermissionMapMono, userMapMono)
-                        .map(tuple -> {
-                            Map<String, ResourcePermission> datasourceId2MaxPermissionMap = tuple.getT1();
-                            Map<String, User> userMap = tuple.getT2();
-                            User creator = userMap.get(datasource.getCreatedBy());
-                            ResourcePermission maxPermission = datasourceId2MaxPermissionMap.get(datasource.getId());
-                            boolean manage = maxPermission != null && maxPermission.getResourceRole().canDo(MANAGE_DATASOURCES);
-                            return new DatasourceView(datasource, manage, creator == null ? null : creator.getName());
-                        }));
+        return datasourceFlux
+                .delayUntil(datasourceService::removePasswordTypeKeysFromJsDatasourcePluginConfig)
+                .flatMap(datasource ->
+                        Mono.zip(datasourceId2MaxPermissionMapMono, userMapMono)
+                                .map(tuple -> {
+                                    Map<String, ResourcePermission> datasourceId2MaxPermissionMap = tuple.getT1();
+                                    Map<String, User> userMap = tuple.getT2();
+                                    User creator = userMap.get(datasource.getCreatedBy());
+                                    ResourcePermission maxPermission = datasourceId2MaxPermissionMap.get(datasource.getId());
+                                    boolean manage = maxPermission != null && maxPermission.getResourceRole().canDo(MANAGE_DATASOURCES);
+                                    return new DatasourceView(datasource, manage, creator == null ? null : creator.getName());
+                                }));
     }
 
     public Flux<DatasourceView> listAppDataSources(String appId) {
diff --git a/server/api-service/openblocks-server/src/main/java/com/openblocks/api/datasource/DatasourceController.java b/server/api-service/openblocks-server/src/main/java/com/openblocks/api/datasource/DatasourceController.java
@@ -37,6 +37,7 @@
 import com.openblocks.api.permission.view.CommonPermissionView;
 import com.openblocks.api.util.BusinessEventPublisher;
 import com.openblocks.domain.datasource.model.Datasource;
+import com.openblocks.domain.datasource.service.DatasourceService;
 import com.openblocks.domain.datasource.service.DatasourceStructureService;
 import com.openblocks.domain.permission.model.ResourceRole;
 import com.openblocks.infra.constant.NewUrl;
@@ -58,23 +59,28 @@ public class DatasourceController {
     private final DatasourceApiService datasourceApiService;
     private final UpsertDatasourceRequestMapper upsertDatasourceRequestMapper;
     private final BusinessEventPublisher businessEventPublisher;
+    private final DatasourceService datasourceService;
 
     @Autowired
     public DatasourceController(
             DatasourceStructureService datasourceStructureService,
             DatasourceApiService datasourceApiService,
-            UpsertDatasourceRequestMapper upsertDatasourceRequestMapper, BusinessEventPublisher businessEventPublisher) {
+            UpsertDatasourceRequestMapper upsertDatasourceRequestMapper,
+            BusinessEventPublisher businessEventPublisher,
+            DatasourceService datasourceService) {
         this.datasourceStructureService = datasourceStructureService;
         this.datasourceApiService = datasourceApiService;
         this.upsertDatasourceRequestMapper = upsertDatasourceRequestMapper;
         this.businessEventPublisher = businessEventPublisher;
+        this.datasourceService = datasourceService;
     }
 
     @JsonView(JsonViews.Public.class)
     @PostMapping
     @ResponseStatus(HttpStatus.CREATED)
     public Mono<ResponseView<Datasource>> create(@Valid @RequestBody UpsertDatasourceRequest request) {
         return datasourceApiService.create(upsertDatasourceRequestMapper.resolve(request))
+                .delayUntil(datasourceService::removePasswordTypeKeysFromJsDatasourcePluginConfig)
                 .delayUntil(datasource -> businessEventPublisher.publishDatasourceEvent(datasource, DATA_SOURCE_CREATE))
                 .map(ResponseView::success);
     }
@@ -83,6 +89,7 @@ public Mono<ResponseView<Datasource>> create(@Valid @RequestBody UpsertDatasourc
     @GetMapping("/{id}")
     public Mono<ResponseView<Datasource>> getById(@PathVariable String id) {
         return datasourceApiService.findByIdWithPermission(id)
+                .delayUntil(datasourceService::removePasswordTypeKeysFromJsDatasourcePluginConfig)
                 .map(ResponseView::success);
     }
 
@@ -92,6 +99,7 @@ public Mono<ResponseView<Datasource>> update(@PathVariable String id,
             @RequestBody UpsertDatasourceRequest request) {
         Datasource resolvedDatasource = upsertDatasourceRequestMapper.resolve(request);
         return datasourceApiService.update(id, resolvedDatasource)
+                .delayUntil(datasourceService::removePasswordTypeKeysFromJsDatasourcePluginConfig)
                 .delayUntil(datasource -> businessEventPublisher.publishDatasourceEvent(datasource, DATA_SOURCE_UPDATE))
                 .map(ResponseView::success);
     }
diff --git a/server/api-service/openblocks-server/src/main/java/com/openblocks/api/framework/security/SecurityConfig.java b/server/api-service/openblocks-server/src/main/java/com/openblocks/api/framework/security/SecurityConfig.java
@@ -7,6 +7,7 @@
 import static com.openblocks.infra.constant.Url.CUSTOM_AUTH;
 import static com.openblocks.infra.constant.Url.GROUP_URL;
 import static com.openblocks.infra.constant.Url.INVITATION_URL;
+import static com.openblocks.infra.constant.Url.ORGANIZATION_URL;
 import static com.openblocks.infra.constant.Url.QUERY_URL;
 import static com.openblocks.infra.constant.Url.STATE_URL;
 import static com.openblocks.infra.constant.Url.USER_URL;
@@ -90,6 +91,7 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, GROUP_URL + "/list"), // application view
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, QUERY_URL + "/execute"), // application view
+                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, ORGANIZATION_URL + "/*/datasourceTypes"), // datasource types
 
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, GITHUB_STAR),
 
@@ -110,7 +112,8 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.USER_URL + "/currentUser"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.GROUP_URL + "/list"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, NewUrl.QUERY_URL + "/execute"),
-                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.MATERIAL_URL + "/**")
+                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.MATERIAL_URL + "/**"),
+                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.ORGANIZATION_URL + "/*/datasourceTypes") // datasource types
                 )
                 .permitAll()
                 .pathMatchers("/api/**")
@@ -145,12 +148,14 @@ private CorsConfigurationSource buildCorsConfigurationSource() {
         source.registerCorsConfiguration(QUERY_URL + "/execute", skipCheckCorsForAll);
         source.registerCorsConfiguration(APPLICATION_URL + "/*/view", skipCheckCorsForAll);
         source.registerCorsConfiguration(GITHUB_STAR, skipCheckCorsForAll);
+        source.registerCorsConfiguration(ORGANIZATION_URL + "/*/datasourceTypes", skipCheckCorsForAll);
 
         source.registerCorsConfiguration(NewUrl.USER_URL + "/me", skipCheckCorsForAll);
         source.registerCorsConfiguration(NewUrl.CONFIG_URL, skipCheckCorsForAll);
         source.registerCorsConfiguration(NewUrl.GROUP_URL + "/list", skipCheckCorsForAll);
         source.registerCorsConfiguration(NewUrl.QUERY_URL + "/execute", skipCheckCorsForAll);
         source.registerCorsConfiguration(NewUrl.APPLICATION_URL + "/*/view", skipCheckCorsForAll);
+        source.registerCorsConfiguration(NewUrl.ORGANIZATION_URL + "/*/datasourceTypes", skipCheckCorsForAll);
 
         source.registerCorsConfiguration("/**", skipCheckCorsForAllowListDomains);
         return source;
