1、实现操作日志获取userip并发送
2、增加createCommandsTest 为了生成测试指令 3、事件类型增加用户部门、动作校验。在字典表中为每个事件类型增加了支持的部门code和动作
This commit is contained in:
PushM
@@ -103,6 +103,10 @@ public class Task {
|
||||
@Schema(description = "审核用户部门", example = "部门1")
|
||||
private String auditUserDepart;
|
||||
|
||||
@JsonProperty("audit_user_depart_code")
|
||||
@Schema(description = "审核用户部门代码", example = "000010")
|
||||
private String auditUserDepartCode;
|
||||
|
||||
|
||||
/*
|
||||
策略模板(事件类型、防护等级)都移动到任务表中
|
||||
|
||||
@@ -21,6 +21,9 @@ import org.springframework.web.reactive.function.client.WebClient;
|
||||
import org.springframework.web.reactive.function.client.WebClientRequestException;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.Enumeration;
|
||||
|
||||
/**
|
||||
* 修改人: Fulian Li
|
||||
* 功能:执行日志审计
|
||||
@@ -59,17 +62,16 @@ public class AuditAdvice implements ResponseBodyAdvice<ResponseResult> {
|
||||
|
||||
@Override
|
||||
public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
|
||||
return false;
|
||||
// return true;
|
||||
// return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResponseResult beforeBodyWrite(ResponseResult body, MethodParameter returnType, MediaType selectedContentType, Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) {
|
||||
|
||||
// 可以不发送query的请求,数据量太大
|
||||
if (request.getURI().getPath().contains("query")){
|
||||
return body;
|
||||
}
|
||||
|
||||
AuditData auditData = getAuditData(body, request);
|
||||
|
||||
AuditRes auditRes = new AuditRes(auditData);
|
||||
@@ -94,7 +96,15 @@ public class AuditAdvice implements ResponseBodyAdvice<ResponseResult> {
|
||||
|
||||
return body;
|
||||
}
|
||||
|
||||
// 解析 X-Forwarded-For 头中的第一个 IP 地址
|
||||
private static String extractFirstIpAddress(String xForwardedForHeader) {
|
||||
if (xForwardedForHeader != null) {
|
||||
// 根据逗号分隔获取第一个 IP 地址
|
||||
String[] ips = xForwardedForHeader.trim().split("\\s*,\\s*");
|
||||
return ips[0];
|
||||
}
|
||||
return null;
|
||||
}
|
||||
@NotNull
|
||||
private static AuditData getAuditData(ResponseResult body, ServerHttpRequest request) {
|
||||
HttpSession session = ((ServletServerHttpRequest) request).getServletRequest().getSession();
|
||||
@@ -106,7 +116,7 @@ public class AuditAdvice implements ResponseBodyAdvice<ResponseResult> {
|
||||
request.getMethod().toString(),
|
||||
body.getCode()==200?"成功":"失败",
|
||||
body.getData().toString(),
|
||||
"172.16.1.202"
|
||||
extractFirstIpAddress(request.getHeaders().getFirst("X-Forwarded-For"))
|
||||
);
|
||||
}else {
|
||||
UserFull user = (UserFull) session.getAttribute("user");
|
||||
@@ -116,7 +126,7 @@ public class AuditAdvice implements ResponseBodyAdvice<ResponseResult> {
|
||||
request.getMethod().toString(),
|
||||
body.getCode()==200?"成功":"失败",
|
||||
body.getData().toString(),
|
||||
"172.16.1.202"
|
||||
extractFirstIpAddress(request.getHeaders().getFirst("X-Forwarded-For"))
|
||||
);
|
||||
}
|
||||
return auditData;
|
||||
|
||||
@@ -15,6 +15,11 @@ public interface CommandMapper {
|
||||
|
||||
void createCommands(@Param("command_infos") List<TaskCommandInfo> taskCommandInfos);
|
||||
|
||||
void createCommandsTest(@Param("command_infos") List<TaskCommandInfo> taskCommandInfos,
|
||||
@Param("session_num") Integer sessionNum,
|
||||
@Param("byte_num") Integer byteNum);
|
||||
|
||||
|
||||
Boolean stopCommandsByTaskId(@Param("task_id") Long taskId);
|
||||
|
||||
@DS("doris")
|
||||
|
||||
@@ -68,7 +68,11 @@ public class TaskController implements TaskControllerApi {
|
||||
task.setTaskCreateUsername(user.name);
|
||||
task.setTaskCreateUserId(Integer.valueOf(user.uid));
|
||||
task.setTaskCreateDepart(user.getOrgName());
|
||||
task.setAuditUserDepartCode(user.getOrgCode());
|
||||
}
|
||||
//事件类型的用户权限校验、动作逻辑性校验
|
||||
taskService.eventTypeValid(task);
|
||||
|
||||
|
||||
Long taskId = taskService.newTask(task);
|
||||
|
||||
|
||||
@@ -124,4 +124,8 @@ public interface TaskMapper {
|
||||
|
||||
@Update("UPDATE t_task SET task_start_time = NOW() WHERE task_id = #{taskId}")
|
||||
void updateTaskStartTime(Long taskId);
|
||||
|
||||
String queryEventTypeDepartment(String eventType);
|
||||
|
||||
String queryEventTypeAct(String eventType);
|
||||
}
|
||||
|
||||
@@ -589,4 +589,36 @@ public class TaskService {
|
||||
public void updateTaskStartTime(Long taskId) {
|
||||
taskMapper.updateTaskStartTime(taskId);
|
||||
}
|
||||
|
||||
public void eventTypeValid(Task task) {
|
||||
if (task.getAuditUserDepartCode() != null) {
|
||||
|
||||
String departments = taskMapper.queryEventTypeDepartment(task.getEventType());
|
||||
Boolean isOrgCodeValid = false;
|
||||
String[] departmentArray = departments.split(",");
|
||||
for (String department : departmentArray) {
|
||||
if (department.equals(task.getAuditUserDepartCode())) {
|
||||
isOrgCodeValid = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!isOrgCodeValid) {
|
||||
throw new IllegalArgumentException("该用户所属部门不允许新建该事件类型的任务");
|
||||
}
|
||||
}
|
||||
Boolean isActValid = false;
|
||||
String acts = taskMapper.queryEventTypeAct(task.getEventType());
|
||||
String[] actArray = acts.split(",");
|
||||
for (String act : actArray) {
|
||||
if (act.equals(task.getTaskAct())) {
|
||||
isActValid = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!isActValid) {
|
||||
throw new IllegalArgumentException("该事件类型不允许该处置动作");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user