From 95be7f3ce1e011bfa4fb5ce5e864db82b0b61d3a Mon Sep 17 00:00:00 2001 From: LXW <1264174498@qq.com> Date: Tue, 13 Aug 2024 10:10:52 +0800 Subject: [PATCH] (improvement)(headless) Opt encrypt database password, avoid repeated decryption.(#1326) (#1562) Co-authored-by: lxwcodemonkey --- .../common/util/AESEncryptionUtil.java | 16 ++++++++----- .../headless/core/pojo/Database.java | 2 +- .../headless/core/utils/SqlUtils.java | 3 +-- .../service/impl/DatabaseServiceImpl.java | 23 ------------------- .../server/utils/DatabaseConverter.java | 9 ++++---- .../tencent/supersonic/demo/S2BaseDemo.java | 3 ++- 6 files changed, 19 insertions(+), 37 deletions(-) diff --git a/common/src/main/java/com/tencent/supersonic/common/util/AESEncryptionUtil.java b/common/src/main/java/com/tencent/supersonic/common/util/AESEncryptionUtil.java index 5355f72a5..7a8eda1e0 100644 --- a/common/src/main/java/com/tencent/supersonic/common/util/AESEncryptionUtil.java +++ b/common/src/main/java/com/tencent/supersonic/common/util/AESEncryptionUtil.java @@ -90,12 +90,16 @@ public class AESEncryptionUtil { return Base64.getEncoder().encodeToString(combined); } - public static String aesEncryptECB(String content) throws Exception { - Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); - SecretKeySpec secretKeySpec = new SecretKeySpec(hexStringToByteArray(KEY), "AES"); - cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec); - byte[] encryptEncode = cipher.doFinal(content.getBytes(ENCODE)); - return getStringFromBytes(encryptEncode); + public static String aesEncryptECB(String content) { + try { + Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); + SecretKeySpec secretKeySpec = new SecretKeySpec(hexStringToByteArray(KEY), "AES"); + cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec); + byte[] encryptEncode = cipher.doFinal(content.getBytes(ENCODE)); + return getStringFromBytes(encryptEncode); + } catch (Exception e) { + return content; + } } public static String aesDecryptECB(String encryptStr) { diff --git a/headless/core/src/main/java/com/tencent/supersonic/headless/core/pojo/Database.java b/headless/core/src/main/java/com/tencent/supersonic/headless/core/pojo/Database.java index eb725f15e..70bba222a 100644 --- a/headless/core/src/main/java/com/tencent/supersonic/headless/core/pojo/Database.java +++ b/headless/core/src/main/java/com/tencent/supersonic/headless/core/pojo/Database.java @@ -46,7 +46,7 @@ public class Database extends RecordInfo { private List viewers = Lists.newArrayList(); public String passwordDecrypt() { - return AESEncryptionUtil.aesDecryptCBC(password); + return AESEncryptionUtil.aesDecryptECB(password); } } diff --git a/headless/core/src/main/java/com/tencent/supersonic/headless/core/utils/SqlUtils.java b/headless/core/src/main/java/com/tencent/supersonic/headless/core/utils/SqlUtils.java index 26e6bdafa..9854fac9d 100644 --- a/headless/core/src/main/java/com/tencent/supersonic/headless/core/utils/SqlUtils.java +++ b/headless/core/src/main/java/com/tencent/supersonic/headless/core/utils/SqlUtils.java @@ -65,14 +65,13 @@ public class SqlUtils { } public SqlUtils init(Database database) { - //todo Password decryption return SqlUtilsBuilder .getBuilder() .withName(database.getId() + AT_SYMBOL + database.getName()) .withType(database.getType()) .withJdbcUrl(database.getUrl()) .withUsername(database.getUsername()) - .withPassword(database.passwordDecrypt()) + .withPassword(database.getPassword()) .withJdbcDataSource(this.jdbcDataSource) .withResultLimit(this.resultLimit) .withIsQueryLogEnable(this.isQueryLogEnable) diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java index 1031a0eb8..2fbf78c7b 100644 --- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java +++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java @@ -25,9 +25,6 @@ import com.tencent.supersonic.headless.server.service.DatabaseService; import com.tencent.supersonic.headless.server.service.ModelService; import com.tencent.supersonic.headless.server.utils.DatabaseConverter; import lombok.extern.slf4j.Slf4j; -import net.sf.jsqlparser.parser.CCJSqlParserUtil; -import net.sf.jsqlparser.statement.Statement; -import net.sf.jsqlparser.util.TablesNamesFinder; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Service; @@ -200,26 +197,6 @@ public class DatabaseServiceImpl extends ServiceImpl tableNames = tablesNamesFinder.getTableList(statement); - - // 打印库表名 - for (String tableName : tableNames) { - System.out.println("Table Name: " + tableName); - } - } catch (Exception e) { - e.printStackTrace(); - } - } - private void checkPermission(DatabaseResp databaseResp, User user) { List admins = databaseResp.getAdmins(); List viewers = databaseResp.getViewers(); diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java index fe1601179..ae09d5ad2 100644 --- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java +++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java @@ -67,11 +67,12 @@ public class DatabaseConverter { } public static ConnectInfo getConnectInfo(DatabaseResp databaseResp) { + Database database = convert(databaseResp); ConnectInfo connectInfo = new ConnectInfo(); - connectInfo.setUserName(databaseResp.getUsername()); - connectInfo.setPassword(databaseResp.getPassword()); - connectInfo.setUrl(databaseResp.getUrl()); - connectInfo.setDatabase(databaseResp.getDatabase()); + connectInfo.setUserName(database.getUsername()); + connectInfo.setPassword(database.passwordDecrypt()); + connectInfo.setUrl(database.getUrl()); + connectInfo.setDatabase(database.getDatabase()); return connectInfo; } diff --git a/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2BaseDemo.java b/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2BaseDemo.java index 0eec6415d..7ae1f3d6b 100644 --- a/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2BaseDemo.java +++ b/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2BaseDemo.java @@ -8,6 +8,7 @@ import com.tencent.supersonic.chat.server.service.ChatManageService; import com.tencent.supersonic.chat.server.service.ChatQueryService; import com.tencent.supersonic.chat.server.service.PluginService; import com.tencent.supersonic.common.service.SystemConfigService; +import com.tencent.supersonic.common.util.AESEncryptionUtil; import com.tencent.supersonic.headless.api.pojo.DataSetModelConfig; import com.tencent.supersonic.headless.api.pojo.DrillDownDimension; import com.tencent.supersonic.headless.api.pojo.RelateDimension; @@ -122,7 +123,7 @@ public abstract class S2BaseDemo implements CommandLineRunner { } databaseReq.setUrl(url); databaseReq.setUsername(dataSourceProperties.getUsername()); - databaseReq.setPassword(dataSourceProperties.getPassword()); + databaseReq.setPassword(AESEncryptionUtil.aesEncryptECB(dataSourceProperties.getPassword())); return databaseService.createOrUpdateDatabase(databaseReq, user); }