From 5791ca2dddcc39430df11ec4ad27e8353a5e16d2 Mon Sep 17 00:00:00 2001
From: liuchen864 <23082234@qq.com>
Date: Thu, 20 Feb 2025 15:18:13 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/base/CommandController.java    | 89 +++++++++++++++++++
 .../web/controller/base/ShellController.java  | 88 ++++++++++++++++++
 .../src/main/resources/logback-spring.xml     |  4 +-
 3 files changed, 180 insertions(+), 1 deletion(-)

diff --git a/win-admin/src/main/java/com/win/web/controller/base/CommandController.java b/win-admin/src/main/java/com/win/web/controller/base/CommandController.java
index 25ff018..4b00b70 100644
--- a/win-admin/src/main/java/com/win/web/controller/base/CommandController.java
+++ b/win-admin/src/main/java/com/win/web/controller/base/CommandController.java
@@ -47,9 +47,13 @@ public class CommandController {
     @PostMapping("/api")
     @Log(title = "命令行对接qad", businessType = BusinessType.INSERT, isManager = false)
     public AjaxResult api(HttpServletRequest request, @RequestBody String body) throws IOException {
+        System.out.println("接收到的body：" + body);
         String interfaceName = request.getHeader("interface");
+        System.out.println("接收到的interface：" + interfaceName);
         String sign = request.getHeader("sign");
+        System.out.println("接收到的sign：" + sign);
         String timeStr = request.getHeader("timestamp");
+        System.out.println("接收到的timeStr：" + timeStr);
         if(timeStr == null || timeStr.isEmpty()) {
             return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "时间戳不正确");
         }
@@ -121,4 +125,89 @@ public class CommandController {
         return linuxAccessService.executeCommand(linuxAccess, qadAccess, traceid, inJson, domain);
     }
 
+    /**
+     * 对外提供一个接口，只验证秘钥。
+     *
+     * @param request request
+     * @param body 请求主体
+     * @return 结果
+     */
+    @PostMapping("/apiSecret")
+    @Log(title = "命令行对接qad", businessType = BusinessType.INSERT, isManager = false)
+    public AjaxResult apiSecret(HttpServletRequest request, @RequestBody String body) throws IOException {
+        System.out.println("接收到的body：" + body);
+        String interfaceName = request.getHeader("interface");
+        System.out.println("接收到的interface：" + interfaceName);
+        String timeStr = request.getHeader("timestamp");
+        System.out.println("接收到的timeStr：" + timeStr);
+        String secret = request.getHeader("secret");
+        System.out.println("接收到的secret：" + secret);
+        if(timeStr == null || timeStr.isEmpty()) {
+            return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "时间戳不正确");
+        }
+        long timestamp = 0;
+        try {
+            timestamp = Long.parseLong(timeStr);
+        } catch (NumberFormatException e) {
+            return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "时间戳不正确");
+        }
+        if(secret == null || !secret.equals("Wenyin@2024")) {
+            return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "秘钥不正确");
+        }
+        body = body.replace("\\", "");
+        long tenTimestamp = timestamp + (10 * 60 * 1000); // 计算10分钟后的时间戳
+        long currentTimestamp = System.currentTimeMillis(); // 获取当前时间戳
+        //过期
+        if(tenTimestamp < currentTimestamp) {
+            return AjaxResult.error(HttpStatus.EXPIRE_ERROR, "请求已过期");
+        }
+        //url特殊字符要转换
+        body = body.replace("+", "%2B");
+        body = body.replace("/", "%2F");
+        body = body.replace("?", "%3F");
+        body = body.replace("#", "%23");
+        body = body.replace("&", "%26");
+        body = body.replace("=", "%3D");
+        //处理kettle加密中文有问题
+        body = URLDecoder.decode(body, "UTF-8");
+        JSONObject jsonObject = JSONObject.parseObject(body);
+        String key = "";
+        for(String keyTemp : jsonObject.keySet()) {
+            jsonObject = JSONObject.parseObject(jsonObject.getString(keyTemp));
+            key = keyTemp;
+        }
+        String domain = jsonObject.getString("domain");
+        if(domain == null || domain.isEmpty()) {
+            return AjaxResult.error(HttpStatus.DOMAIN_ERROR, "域不能为空");
+        }
+        String companyCode = jsonObject.getString("company_code");
+        if(companyCode == null || companyCode.isEmpty()) {
+            return AjaxResult.error(HttpStatus.COMPANY_CODE_ERROR, "公司编码不能为空");
+        }
+        QueryWrapper<LinuxAccess> linuxAccessQueryWrapper = new QueryWrapper<>();
+        linuxAccessQueryWrapper.eq("company_code", companyCode);
+        linuxAccessQueryWrapper.eq("uri", interfaceName);
+        linuxAccessQueryWrapper.isNull("delete_time");
+        LinuxAccess linuxAccess = linuxAccessService.getOne(linuxAccessQueryWrapper);
+        if(linuxAccess == null) {
+            return AjaxResult.error(HttpStatus.LINUX_ACCESS_ERROR, "linux访问控制不存在");
+        }
+        QueryWrapper<QadAccess> qadAccessQueryWrapper = new QueryWrapper<>();
+        qadAccessQueryWrapper.eq("company_code", companyCode);
+        qadAccessQueryWrapper.eq("domain", domain);
+        qadAccessQueryWrapper.isNull("delete_time");
+        QadAccess qadAccess = qadAccessService.getOne(qadAccessQueryWrapper);
+        if(qadAccess == null) {
+            return AjaxResult.error(HttpStatus.QAD_ACCESS_ERROR, "QAD_ACCESS_ERROR");
+        }
+        //生成traceid
+        String traceid = jsonObject.getString("traceid");
+        jsonObject.remove("traceid");
+        jsonObject.remove("dataid");
+        jsonObject.remove("company_code");
+        jsonObject.remove("domain");
+        String inJson = "{\"" + key + "\":"+ jsonObject+"}";
+        return linuxAccessService.executeCommand(linuxAccess, qadAccess, traceid, inJson, domain);
+    }
+
 }
diff --git a/win-admin/src/main/java/com/win/web/controller/base/ShellController.java b/win-admin/src/main/java/com/win/web/controller/base/ShellController.java
index 6cd26b3..961bcd1 100644
--- a/win-admin/src/main/java/com/win/web/controller/base/ShellController.java
+++ b/win-admin/src/main/java/com/win/web/controller/base/ShellController.java
@@ -48,9 +48,13 @@ public class ShellController {
     @PostMapping("/api")
     @Log(title = "远程行对接qad", businessType = BusinessType.INSERT, isManager = false)
     public AjaxResult api(HttpServletRequest request, @RequestBody String body) throws IOException, JSchException {
+        System.out.println("接收到的body：" + body);
         String interfaceName = request.getHeader("interface");
+        System.out.println("接收到的interface：" + interfaceName);
         String sign = request.getHeader("sign");
+        System.out.println("接收到的sign：" + sign);
         String timeStr = request.getHeader("timestamp");
+        System.out.println("接收到的timeStr：" + timeStr);
         if(timeStr == null || timeStr.isEmpty()) {
             return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "时间戳不正确");
         }
@@ -122,4 +126,88 @@ public class ShellController {
         return linuxAccessService.executeShell(linuxAccess, qadAccess, traceid, inJson, domain);
     }
 
+    /**
+     * 对外提供一个接口，通过header中的interfaceName反射机制调用方法，方法必须写到这个controller中，并且不用加PostMapping注解。
+     *
+     * @param request request
+     * @param body 请求主体
+     * @return 结果
+     */
+    @PostMapping("/apiSecret")
+    @Log(title = "远程行对接qad", businessType = BusinessType.INSERT, isManager = false)
+    public AjaxResult apiSecret(HttpServletRequest request, @RequestBody String body) throws IOException, JSchException {
+        System.out.println("接收到的body：" + body);
+        String interfaceName = request.getHeader("interface");
+        System.out.println("接收到的interface：" + interfaceName);
+        String timeStr = request.getHeader("timestamp");
+        System.out.println("接收到的timeStr：" + timeStr);
+        String secret = request.getHeader("secret");
+        System.out.println("接收到的secret：" + secret);
+        if(timeStr == null || timeStr.isEmpty()) {
+            return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "时间戳不正确");
+        }
+        long timestamp = 0;
+        try {
+            timestamp = Long.parseLong(timeStr);
+        } catch (NumberFormatException e) {
+            return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "时间戳不正确");
+        }
+        long tenTimestamp = timestamp + (10 * 60 * 1000); // 计算10分钟后的时间戳
+        long currentTimestamp = System.currentTimeMillis(); // 获取当前时间戳
+        //过期
+        if(tenTimestamp < currentTimestamp) {
+            return AjaxResult.error(HttpStatus.EXPIRE_ERROR, "请求已过期");
+        }
+        if(secret == null || !secret.equals("Wenyin@2024")) {
+            return AjaxResult.error(HttpStatus.TIMESTAMP_ERROR, "秘钥不正确");
+        }
+        //url特殊字符要转换
+        body = body.replace("+", "%2B");
+        body = body.replace("/", "%2F");
+        body = body.replace("?", "%3F");
+        body = body.replace("#", "%23");
+        body = body.replace("&", "%26");
+        body = body.replace("=", "%3D");
+        //处理kettle加密中文有问题
+        body = URLDecoder.decode(body, "UTF-8");
+        JSONObject jsonObject = JSONObject.parseObject(body);
+        String key = "";
+        for(String keyTemp : jsonObject.keySet()) {
+            jsonObject = JSONObject.parseObject(jsonObject.getString(keyTemp));
+            key = keyTemp;
+        }
+        String domain = jsonObject.getString("domain");
+        if(domain == null || domain.isEmpty()) {
+            return AjaxResult.error(HttpStatus.DOMAIN_ERROR, "域不能为空");
+        }
+        String companyCode = jsonObject.getString("company_code");
+        if(companyCode == null || companyCode.isEmpty()) {
+            return AjaxResult.error(HttpStatus.COMPANY_CODE_ERROR, "公司编码不能为空");
+        }
+        QueryWrapper<LinuxAccess> linuxAccessQueryWrapper = new QueryWrapper<>();
+        linuxAccessQueryWrapper.eq("company_code", companyCode);
+        linuxAccessQueryWrapper.eq("uri", interfaceName);
+        linuxAccessQueryWrapper.isNull("delete_time");
+        LinuxAccess linuxAccess = linuxAccessService.getOne(linuxAccessQueryWrapper);
+        if(linuxAccess == null) {
+            return AjaxResult.error(HttpStatus.LINUX_ACCESS_ERROR, "linux访问控制不存在");
+        }
+        QueryWrapper<QadAccess> qadAccessQueryWrapper = new QueryWrapper<>();
+        qadAccessQueryWrapper.eq("company_code", companyCode);
+        qadAccessQueryWrapper.eq("domain", domain);
+        qadAccessQueryWrapper.isNull("delete_time");
+        QadAccess qadAccess = qadAccessService.getOne(qadAccessQueryWrapper);
+        if(qadAccess == null) {
+            return AjaxResult.error(HttpStatus.QAD_ACCESS_ERROR, "QAD_ACCESS_ERROR");
+        }
+        //生成traceid
+        String traceid = jsonObject.getString("traceid");
+        jsonObject.remove("traceid");
+        jsonObject.remove("dataid");
+        jsonObject.remove("company_code");
+        jsonObject.remove("domain");
+        String inJson = "{\"" + key + "\":"+ jsonObject+"}";
+        return linuxAccessService.executeShell(linuxAccess, qadAccess, traceid, inJson, domain);
+    }
+
 }
diff --git a/win-admin/src/main/resources/logback-spring.xml b/win-admin/src/main/resources/logback-spring.xml
index 8d6b5c5..22d8573 100644
--- a/win-admin/src/main/resources/logback-spring.xml
+++ b/win-admin/src/main/resources/logback-spring.xml
@@ -130,8 +130,10 @@
     </springProfile>
     <!-- test环境 -->
     <springProfile name="test">
-        <root level="ERROR">
+        <root level="DEBUG">
             <appender-ref ref="console"/>
+            <appender-ref ref="file_debug"/>
+            <appender-ref ref="file_info"/>
             <appender-ref ref="file_warn"/>
             <appender-ref ref="file_error"/>
         </root>