Merge remote-tracking branch 'origin/2.1.0.RELEASE' into 2.1.0.RELEASE

DataRoom/dataroom-core/src/main/java/com/gccloud/dataroom/core/config/DataRoomConfig.java

@@ -1,5 +1,6 @@
 package com.gccloud.dataroom.core.config;
 
+import com.gccloud.dataroom.core.config.bean.DemoEnv;
 import com.gccloud.dataroom.core.config.bean.FileConfig;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
@@ -23,4 +24,9 @@ public class DataRoomConfig {
      */
     @NestedConfigurationProperty
     private FileConfig file = new FileConfig();
+    /**
+     * 演示环境
+     */
+    @NestedConfigurationProperty
+    private DemoEnv demoEnv = new DemoEnv();
 }

DataRoom/dataroom-core/src/main/java/com/gccloud/dataroom/core/config/bean/DemoEnv.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2023 http://gcpaas.gccloud.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gccloud.dataroom.core.config.bean;
+
+import com.google.common.collect.Sets;
+import lombok.Data;
+
+import java.util.Set;
+
+/**
+ * 演示环境配置
+ *
+ * @author liuchengbiao
+ * @date 2021/7/28 5:34 下午
+ */
+@Data
+public class DemoEnv {
+    /**
+     * 是否是演示环境
+     */
+    private Boolean enable = false;
+    /**
+     * 非法请求警告提示
+     */
+    private String tip = "演示环境,不允许操作";
+    /**
+     * post请求过滤URL
+     */
+    private Set<String> postUrlPassSet = Sets.newHashSet();
+    /**
+     * put请求过滤URL
+     */
+    private Set<String> putUrlPassSet = Sets.newHashSet();
+    /**
+     * delete请求过滤URL
+     */
+    private Set<String> deleteUrlPassSet = Sets.newHashSet();
+    /**
+     * 以该URL开头的都过滤掉
+     */
+    private Set<String> startWithUrlPassSet = Sets.newHashSet();
+}

DataRoom/dataroom-core/src/main/java/com/gccloud/dataroom/core/filter/DemoEnvFilter.java

@@ -0,0 +1,89 @@
+package com.gccloud.dataroom.core.filter;
+
+import com.baomidou.mybatisplus.core.config.GlobalConfig;
+import com.gccloud.common.vo.R;
+import com.gccloud.dataroom.core.config.DataRoomConfig;
+import com.gccloud.dataroom.core.config.bean.DemoEnv;
+import com.google.common.collect.Sets;
+import com.google.gson.Gson;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+
+/**
+ * 演示环境
+ *
+ * @author liuchengbiao
+ * @date 2021年07月28日17:31:33
+ */
+@Order(2)
+@Component
+@Slf4j
+@ConditionalOnProperty(prefix = "gc.starter.demoEnv", name = "enable", havingValue = "true")
+public class DemoEnvFilter implements Filter {
+
+    @Resource
+    private DataRoomConfig dataRoomConfig;
+
+    /**
+     * 系统默认的post请求放行接口
+     */
+    private static final Set<String> POST_URL_PASS_SET = Sets.newHashSet(
+            "/dataroom/design",
+            "/dataroom/file",
+            "/datasource/"
+    );
+
+
+    @PostConstruct
+    public void init() {
+        log.info("启动演示环境过滤器，用于保证演示环境的稳定性，仅允许指定的一些接口请求访问，可通过gc.starter.demoEnv.enable 设置是否禁用");
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        String method = request.getMethod();
+        if (StringUtils.equalsAnyIgnoreCase(RequestMethod.GET.toString(), method)
+                || StringUtils.equalsAnyIgnoreCase(RequestMethod.OPTIONS.toString(), method)) {
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        }
+        String uri = request.getServletPath();
+        DemoEnv demoEnv = dataRoomConfig.getDemoEnv();
+        for (String startWithUrl : demoEnv.getStartWithUrlPassSet()) {
+            if (uri.startsWith(startWithUrl)) {
+                filterChain.doFilter(servletRequest, servletResponse);
+                return;
+            }
+        }
+        if (StringUtils.equalsAnyIgnoreCase(RequestMethod.POST.toString(), method) && (demoEnv.getPostUrlPassSet().contains(uri) || POST_URL_PASS_SET.contains(uri))) {
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        } else if (StringUtils.equalsAnyIgnoreCase(RequestMethod.PUT.toString(), method) && demoEnv.getPutUrlPassSet().contains(uri)) {
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        } else if (StringUtils.equalsAnyIgnoreCase(RequestMethod.DELETE.toString(), method) && (demoEnv.getDeleteUrlPassSet().contains(uri))) {
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        }
+        log.error("演示环境，不允许发送 {} 的 {} 请求", uri, request.getMethod());
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setContentType("application/json;charset=UTF-8");
+        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
+        String json = new Gson().toJson(R.error(500, demoEnv.getTip()));
+        response.getWriter().print(json);
+    }
+}

DataRoom/dataroom-core/src/main/java/com/gccloud/dataroom/core/module/openSource/OpenSourceController.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2023 http://gcpaas.gccloud.com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gccloud.dataroom.core.module.openSource;
+
+import com.gccloud.common.vo.R;
+import com.gccloud.dataroom.core.module.biz.component.controller.BizComponentController;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiSort;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.io.InputStream;
+import java.nio.charset.Charset;
+
+/**
+ * @author liuchengbiao
+ */
+@Slf4j
+@RestController
+@RequestMapping("/dataroom/opensource")
+@Api(tags = "开源")
+@ApiSort(value = 100)
+public class OpenSourceController {
+
+    @GetMapping("/disclaimer")
+    @ApiOperation(value = "免责申明", notes = "免责申明", produces = MediaType.APPLICATION_JSON_VALUE)
+    public R<String> disclaimer() {
+        try (InputStream is = OpenSourceController.class.getClassLoader().getResourceAsStream("disclaimer.html")) {
+            String content = IOUtils.toString(is, "utf-8");
+            return R.success(content);
+        } catch (Exception e) {
+            log.error(ExceptionUtils.getStackTrace(e));
+        }
+        return R.error("免责申明获取失败");
+    }
+}

DataRoom/dataroom-core/src/main/resources/disclaimer.html

@@ -0,0 +1,25 @@
+<meta charset="UTF-8">
+
+<h3>一、产品概述</h3>
+本产品（以下简称“产品”）是基于Apache License 2.0开源许可协议发布的开源软件。用户在使用本产品前，应详细阅读并理解相应的开源许可协议内容。
+
+<h3>二、使用风险</h3>
+<b>1. 风险自担</b>：用户在使用本产品过程中，应自行承担所有风险。开发者（或版权持有者）不对因使用本产品而导致的任何直接、间接、偶然、特殊、惩罚性或后果性损害承担责任，包括但不限于数据丢失、业务中断、利润损失等。<br>
+<b>2. 安全漏洞</b>：尽管开发者会尽力维护产品的安全，但无法保证产品中不存在安全漏洞。用户应自行负责产品的安全配置和更新，以减轻潜在的安全风险。
+
+<h3>三、知识产权</h3>
+<b>1. 版权归属</b>：本产品的版权归原作者或版权持有者所有。用户在使用本产品时，应遵守相应的开源许可协议，尊重并保护版权持有者的合法权益。<br>
+<b>2. 第三方组件</b>：本产品可能包含来自第三方的组件或服务。对于这些第三方组件，开发者不提供任何形式的保证，用户在使用时应自行了解并遵守相应的许可协议和使用条件。
+
+<h3>四、限制与禁止</h3>
+<b>1. 禁止行为</b>：用户在使用本产品时，不得违反任何法律法规、开源许可协议或本免责声明的规定。包括但不限于：未经许可的复制、分发、修改、反编译、反向工程等行为。<br>
+<b>2. 使用限制</b>：用户应仅将本产品用于合法、合规的目的，不得用于任何违法、侵权或损害他人利益的活动。
+
+<h3>五、免责范围</h3>
+<b>1. 不可抗力</b>：因自然灾害、政府行为、黑客攻击、计算机病毒等不可抗力因素导致的服务中断、数据丢失等后果，开发者不承担任何责任。<br/>
+<b>2. 第三方责任</b>：因第三方软件、服务或设备导致的任何问题，开发者不承担任何责任。用户应自行与第三方协商解决相关事宜。<br/>
+<b>3. 演示环境</b>：演示环境目的为促进开源产品的普及、功能展示。不保证数据安全、信息泄露、系统稳定责任，生产使用请自行私有部署。
+
+<h3>六、其他</h3>
+<b>1. 更新与修改</b>：开发者有权随时更新或修改本免责声明，用户应定期查看以了解最新内容。<br/>
+<b>2. 最终解释权</b>：本免责声明的最终解释权归开发者（或版权持有者）所有。