pref:研发商店敏感接口签名校验优化 TencentBlueKing#10759

carlyin0801 · Sep 9, 2024 · 8f491be · 8f491be
1 parent 6d8c60d
commit 8f491be
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 22 deletions.
diff --git a/...in/kotlin/com/tencent/devops/artifactory/store/service/impl/ArchiveStorePkgServiceImpl.kt b/...in/kotlin/com/tencent/devops/artifactory/store/service/impl/ArchiveStorePkgServiceImpl.kt
@@ -42,11 +42,9 @@ import com.tencent.devops.common.client.Client
 import com.tencent.devops.common.service.utils.ZipUtil
 import com.tencent.devops.store.api.common.ServiceStoreArchiveResource
 import com.tencent.devops.store.api.common.ServiceStoreResource
-import com.tencent.devops.store.pojo.common.enums.ReleaseTypeEnum
 import com.tencent.devops.store.pojo.common.enums.StoreTypeEnum
 import com.tencent.devops.store.pojo.common.publication.StorePkgEnvInfo
 import com.tencent.devops.store.pojo.common.publication.StorePkgInfoUpdateRequest
-import org.apache.commons.codec.digest.DigestUtils
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition
 import org.jooq.DSLContext
 import org.jooq.impl.DSL
@@ -145,14 +143,6 @@ abstract class ArchiveStorePkgServiceImpl : ArchiveStorePkgService {
             // 清理服务器的解压的临时文件
             clearServerTmpFile(storeType, storeCode, version)
         }
-        val finalStoreId = if (releaseType == ReleaseTypeEnum.NEW ||
-            releaseType == ReleaseTypeEnum.CANCEL_RE_RELEASE
-        ) {
-            archiveStorePkgRequest.storeId
-        } else {
-            // 普通发布类型会重新生成一条版本记录
-            DigestUtils.md5Hex("$storeType-$storeCode-$version")
-        }
         storePkgEnvInfos?.let {
             val storePkgInfoUpdateRequest = StorePkgInfoUpdateRequest(
                 storeType = storeType,
@@ -162,7 +152,6 @@ abstract class ArchiveStorePkgServiceImpl : ArchiveStorePkgService {
             )
             val updateComponentPkgInfoResult = client.get(ServiceStoreArchiveResource::class).updateComponentPkgInfo(
                 userId = userId,
-                storeId = finalStoreId,
                 storePkgInfoUpdateRequest = storePkgInfoUpdateRequest
             )
             if (updateComponentPkgInfoResult.isNotOk()) {

diff --git a/...-store/src/main/kotlin/com/tencent/devops/store/api/common/ServiceStoreArchiveResource.kt b/...-store/src/main/kotlin/com/tencent/devops/store/api/common/ServiceStoreArchiveResource.kt
@@ -104,14 +104,11 @@ interface ServiceStoreArchiveResource {
 
     @Operation(summary = "更新组件执行包相关信息")
     @PUT
-    @Path("/components/{storeId}/pkg/info/update")
+    @Path("/component/pkg/info/update")
     fun updateComponentPkgInfo(
         @Parameter(description = "用户ID", required = true, example = AUTH_HEADER_USER_ID_DEFAULT_VALUE)
         @HeaderParam(AUTH_HEADER_USER_ID)
         userId: String,
-        @Parameter(description = "组件ID", required = true)
-        @PathParam("storeId")
-        storeId: String,
         @Parameter(description = "组件包相关信息修改请求报文体", required = true)
         storePkgInfoUpdateRequest: StorePkgInfoUpdateRequest
     ): Result<Boolean>

diff --git a/.../main/kotlin/com/tencent/devops/store/common/resources/ServiceStoreArchiveResourceImpl.kt b/.../main/kotlin/com/tencent/devops/store/common/resources/ServiceStoreArchiveResourceImpl.kt
@@ -65,11 +65,10 @@ class ServiceStoreArchiveResourceImpl @Autowired constructor(
 
     override fun updateComponentPkgInfo(
         userId: String,
-        storeId: String,
         storePkgInfoUpdateRequest: StorePkgInfoUpdateRequest
     ): Result<Boolean> {
         return Result(
-            storeArchiveService.updateComponentPkgInfo(userId, storeId, storePkgInfoUpdateRequest)
+            storeArchiveService.updateComponentPkgInfo(userId, storePkgInfoUpdateRequest)
         )
     }
 

diff --git a/.../biz-store/src/main/kotlin/com/tencent/devops/store/common/service/StoreArchiveService.kt b/.../biz-store/src/main/kotlin/com/tencent/devops/store/common/service/StoreArchiveService.kt
@@ -53,13 +53,11 @@ interface StoreArchiveService {
     /**
      * 更新组件包信息
      * @param userId 流水线ID
-     * @param storeId 组件ID
      * @param storePkgInfoUpdateRequest 组件包更新信息请求
      * @return 布尔值
      */
     fun updateComponentPkgInfo(
         userId: String,
-        storeId: String,
         storePkgInfoUpdateRequest: StorePkgInfoUpdateRequest
     ): Boolean
 }
diff --git a/...e/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreArchiveServiceImpl.kt b/...e/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreArchiveServiceImpl.kt
@@ -120,9 +120,20 @@ class StoreArchiveServiceImpl @Autowired constructor(
 
     override fun updateComponentPkgInfo(
         userId: String,
-        storeId: String,
         storePkgInfoUpdateRequest: StorePkgInfoUpdateRequest
     ): Boolean {
+        val storeCode = storePkgInfoUpdateRequest.storeCode
+        val version = storePkgInfoUpdateRequest.version
+        val storeType = storePkgInfoUpdateRequest.storeType
+        val storeId = storeBaseQueryDao.getComponentId(
+            dslContext = dslContext,
+            storeCode = storeCode,
+            version = version,
+            storeType = storeType
+        ) ?: throw ErrorCodeException(
+            errorCode = CommonMessageCode.PARAMETER_IS_INVALID,
+            params = arrayOf("$storeType:$storeCode:$version")
+        )
         val storePkgEnvRequests = storePkgInfoUpdateRequest.storePkgEnvInfos
         val storeBaseEnvDataPOs: MutableList<StoreBaseEnvDataPO> = mutableListOf()
         var storeBaseEnvExtDataPOs: MutableList<StoreBaseEnvExtDataPO>? = null

diff --git a/...rc/main/kotlin/com/tencent/devops/store/common/service/impl/StoreBaseCreateServiceImpl.kt b/...rc/main/kotlin/com/tencent/devops/store/common/service/impl/StoreBaseCreateServiceImpl.kt
@@ -32,7 +32,6 @@ import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID_DEFAULT_VALUE
 import com.tencent.devops.common.api.constant.CommonMessageCode
 import com.tencent.devops.common.api.constant.INIT_VERSION
 import com.tencent.devops.common.api.exception.ErrorCodeException
-import com.tencent.devops.common.api.util.UUIDUtil
 import com.tencent.devops.store.common.dao.StoreBaseEnvExtManageDao
 import com.tencent.devops.store.common.dao.StoreBaseEnvManageDao
 import com.tencent.devops.store.common.dao.StoreBaseExtManageDao
@@ -52,6 +51,7 @@ import com.tencent.devops.store.pojo.common.enums.StoreStatusEnum
 import com.tencent.devops.store.pojo.common.enums.StoreTypeEnum
 import com.tencent.devops.store.pojo.common.publication.StoreBaseDataPO
 import com.tencent.devops.store.pojo.common.publication.StoreCreateRequest
+import org.apache.commons.codec.digest.DigestUtils
 import org.jooq.DSLContext
 import org.jooq.impl.DSL
 import org.springframework.beans.factory.annotation.Autowired
@@ -98,10 +98,10 @@ class StoreBaseCreateServiceImpl @Autowired constructor(
     }
 
     override fun doStoreCreateDataPersistent(storeCreateRequest: StoreCreateRequest) {
-        val storeId = UUIDUtil.generate()
         val storeBaseCreateRequest = storeCreateRequest.baseInfo
         val storeType = storeBaseCreateRequest.storeType
         val storeCode = storeBaseCreateRequest.storeCode
+        val storeId = DigestUtils.md5Hex("$storeType-$storeCode-$INIT_VERSION")
         val name = storeBaseCreateRequest.name
         val bkStoreContext = storeCreateRequest.bkStoreContext
         val userId = bkStoreContext[AUTH_HEADER_USER_ID]?.toString() ?: AUTH_HEADER_USER_ID_DEFAULT_VALUE